RE: Tomcat on Solaris 2.9
I used Tomcat 4.1.18 on Solaris 9 (Tomcat Manager app says: Apache Tomcat/4.1.18 1.4.0_00-b05 Sun Microsystems Inc. SunOS 5.9 sparc) Had some problems with Tomcat hanging in connection with https/ssl. Maybe also combined with some logging problem. At least that's what I found out from my log files. Since I read the bug fixes list of Tomcat 4.1.24 about ssl, i just finished migration. I guess I'll see in short, if the update solved my problems. mech -Original Message- From: David Godfrey [mailto:[EMAIL PROTECTED] Sent: Dienstag, 1. April 2003 11:04 To: 'Tomcat Users List' Subject: RE: Tomcat on Solaris 2.9 I use Tomcat 4.1.18 on Solaris 9, running j2sdk1.4.1, with the system fully patched with no problems Rgds D -Original Message- From: Steve Gums [mailto:[EMAIL PROTECTED] Sent: 31 March 2003 23:28 To: Tcat Users Subject: Tomcat on Solaris 2.9 Is anyone out there running tomcat 4.1.24 or 4.1.18 on Solaris 2.9? If you are have you seen any issues with tomcat locking up? Steve Gums - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Security Question
Only the communication between browser and apache server is ssl encrypted. Both the communications between apache and tomcat and tomcat and database are not. At least not without further action. So make sure that your server does not open the ajp13 connector (mod_jk or whatever) port and db server port to the outside world. Secure your servers, intranet, ports, use firewalls or secure the communications, etc. Securing the system from outside can be done mostly by closing unnecessary ports. If you cannot trust your internal network however it might be more effort because you might consider to encrypt the communications yourself. Michael -Original Message- From: Lars Nielsen Lind [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 5. Mrz 2003 10:45 To: Tomcat Users List Subject: Security Question I have a server with Apache 2.0.44 and Jakarta-Tomcat 4.1.18. I am using OpenSSL 0.9.7a with Apache. Question: If the user activates a jsp page with a javabean component with access to a PostgreSQL database server (communicates with port 5432) from the secure area (https) - is it then possible to 'sniff' the communication between the component and the database server or is this communication encrypted by apache with ssl? If it is possible to 'sniff' the communication - how do I best prevent this? Best regards, Lars Nielsen Lind - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Mysql connector/j
Actually you have to put mysql-connector-java-2.0.14-bin.jar (or whatever version you have) into /common/lib of Tomcat. Renaming is not necessary. There's more information in the Tomcat Documenation for JDBC Realms, JNDI Datasources etc. If you unpack the driver's jar file, you'll also find a useful readme file for more information. Michael -Original Message- From: Adam Denenberg [mailto:[EMAIL PROTECTED] Sent: Dienstag, 4. Mrz 2003 18:15 To: Tomcat Users List Subject: Mysql connector/j Anyone have instructions for installing and configuring the mysql connector/j jar file on tomcat 4.1.18 unix machine? I have the jar but not sure how to configure tomcat to use the jar file.. Do I need to rename the jar file to something specific? thanks Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated
Hi, I'm using Tomcats build in form-based auth mechanism and a JDBCRealm with usernames and roles from my DB. It can happen that a user does a login and later due to some workflow he either obtains or looses a role. I can do the insert/delete of those roles without a problem in my DB. Unfortunately as long as the user stays logged on the webapp Tomcat seems to cache the role information as it was when the user previously performed his login. Means in detail that my DB is up-to-date but every request.isUserInRole() is not and gives me either true, although the role is already deleted or false, although I provided that role already. Is there any better way to update Tomcats security system to use the current roles and not to force a logoff and relogin? I have no idea at the moment where Tomcat stores the role info after login so that I could somehow update this info at the same time I update my DB. I hope someone can provide my a hint if and how this can be done. I hoped there would be some opposite feature of request.isUserInRole() like response.setUserRole() or something... Thx. Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated
Thanks, but I think I don't have a problem with lost roles objects, because I deliberately delete/update the roles table that JDBCRealm uses. The issue is that Tomcat obviously does not re-query the database every time you call request.isUserInRole(). I believe it just reads out the roles at the point of time you perform a login and every later request.isUserInRole() works on that cached Collection instead of doing a query on the database to get the most-up-to-date values every time. The roles objects of the form-based auth you mentioned... Where can I find these objects, is it possible to retrieve it (and if yes,how?) from the request or is it maybe part of the session context or something? I believe if it's not some kind of tomcat internal collection I should be able to update it manually at the same time I update the db. The only thing I don't want to do from the usability point of view is to force the user to logoff and re-login just to be able to make use of his new/updated role rights. I still hope there's a better way to let Tomcat know of the role updates. Michael -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 18. Februar 2003 18:57 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated I believe there is a problem in Tomcat Form-based authentication mechanism which some times request.isUserInRole() does not work becuase the Actionmapping lost roles object somehow. There are 2 approaches you can go: 1. Plug in your own authentication/authorization schema into Tomcat 2. modifyTomcat Form-Based authentication mechanism On Tue, 18 Feb 2003, mech wrote: Importance: Normal X-Mailscanner-Spamcheck: not spam, SpamAssassin (Wertung=0.8, benötigt 5, SPAM_PHRASE_00_01) Message-Id: 01c2d751$22671920$0101a8c0@meduron700 List-Help: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] From: mech [EMAIL PROTECTED] X-Priority: 3 (Normal) X-Mailer: Microsoft Outlook, Build 10.0.2627 Reply-To: Tomcat Users List [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] List-Id: Tomcat Users List tomcat-user.jakarta.apache.org X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600. Date: Tue, 18 Feb 2003 14:24:53 +0100 Received: (cpmta 20792 invoked from network); 18 Feb 2003 05:24:56 -0800 Received: (cpmta 20783 invoked from network); 18 Feb 2003 05:24:56 -0800 Received: from 208.185.179.12 (HELO apache.org) by smtp.c014.snv.cp.net (209.228.35.96) with SMTP; 18 Feb 2003 05:24:56 -0800 Received: (qmail 90104 invoked by uid 500); 18 Feb 2003 13:24:41 - Received: (qmail 90092 invoked from network); 18 Feb 2003 13:24:41 - Received: from av2.rz.fh-augsburg.de (HELO FH-Augsburg.DE) (141.82.16.242) by daedalus.apache.org with SMTP; 18 Feb 2003 13:24:41 - Received: from meduron700 (dial19-220.RZ.FH-Augsburg.DE [141.82.19.220]) by FH-Augsburg.DE (8.12.6/8.12.6) with ESMTP id h1IDQ087011192 for [EMAIL PROTECTED]; Tue, 18 Feb 2003 14:26:00 +0100 (MET) Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm X-Msmail-Priority: Normal Content-Type: text/plain; charset=Windows-1252 X-Received: 18 Feb 2003 13:24:56 GMT List-Post: mailto:[EMAIL PROTECTED] Subject: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N List-Subscribe: mailto:[EMAIL PROTECTED] Precedence: bulk Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: [EMAIL PROTECTED] X-Mailscanner: Found to be clean Hi, I'm using Tomcats build in form-based auth mechanism and a JDBCRealm with usernames and roles from my DB. It can happen that a user does a login and later due to some workflow he either obtains or looses a role. I can do the insert/delete of those roles without a problem in my DB. Unfortunately as long as the user stays logged on the webapp Tomcat seems to cache the role information as it was when the user previously performed his login. Means in detail that my DB is up-to-date but every request.isUserInRole() is not and gives me either true, although the role is already deleted or false, although I provided that role already. Is there any better way to update Tomcats security system to use the current roles and not to force a logoff and relogin? I have no idea at the moment where Tomcat stores the role info after login so that I could somehow update this info at the same time I update my DB. I hope someone can provide my a hint if and how this can be done. I
RE: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated
I guess I found the answer to my question in the documentation (again ;-)) Once a user has been authenticated, the user (and his or her associated roles) are cached within Tomcat for the duration of the user's login. ... . Any changes to the database information for an already authenticated user will not be reflected until the next time that user logs on again. Unfortunately that destroyed my hope that I could work with an updated role set without logoff/relogin. ;-( If not anyone has a workaround that doesn't mean changing Tomcat sources or stop using form-auth. I guess the cache increases performance, but would be nice to have a least a chance to trigger an update in a servlet... Michael -Original Message- From: mech [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 18. Februar 2003 20:04 To: 'Tomcat Users List' Subject: RE: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated Thanks, but I think I don't have a problem with lost roles objects, because I deliberately delete/update the roles table that JDBCRealm uses. The issue is that Tomcat obviously does not re-query the database every time you call request.isUserInRole(). I believe it just reads out the roles at the point of time you perform a login and every later request.isUserInRole() works on that cached Collection instead of doing a query on the database to get the most-up-to-date values every time. The roles objects of the form-based auth you mentioned... Where can I find these objects, is it possible to retrieve it (and if yes,how?) from the request or is it maybe part of the session context or something? I believe if it's not some kind of tomcat internal collection I should be able to update it manually at the same time I update the db. The only thing I don't want to do from the usability point of view is to force the user to logoff and re-login just to be able to make use of his new/updated role rights. I still hope there's a better way to let Tomcat know of the role updates. Michael -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 18. Februar 2003 18:57 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated I believe there is a problem in Tomcat Form-based authentication mechanism which some times request.isUserInRole() does not work becuase the Actionmapping lost roles object somehow. There are 2 approaches you can go: 1. Plug in your own authentication/authorization schema into Tomcat 2. modifyTomcat Form-Based authentication mechanism On Tue, 18 Feb 2003, mech wrote: Importance: Normal X-Mailscanner-Spamcheck: not spam, SpamAssassin (Wertung=0.8, benötigt 5, SPAM_PHRASE_00_01) Message-Id: 01c2d751$22671920$0101a8c0@meduron700 List-Help: mailto:[EMAIL PROTECTED] List-Unsubscribe: mailto:[EMAIL PROTECTED] From: mech [EMAIL PROTECTED] X-Priority: 3 (Normal) X-Mailer: Microsoft Outlook, Build 10.0.2627 Reply-To: Tomcat Users List [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] List-Id: Tomcat Users List tomcat-user.jakarta.apache.org X-Mimeole: Produced By Microsoft MimeOLE V6.00.2600. Date: Tue, 18 Feb 2003 14:24:53 +0100 Received: (cpmta 20792 invoked from network); 18 Feb 2003 05:24:56 -0800 Received: (cpmta 20783 invoked from network); 18 Feb 2003 05:24:56 -0800 Received: from 208.185.179.12 (HELO apache.org) by smtp.c014.snv.cp.net (209.228.35.96) with SMTP; 18 Feb 2003 05:24:56 -0800 Received: (qmail 90104 invoked by uid 500); 18 Feb 2003 13:24:41 - Received: (qmail 90092 invoked from network); 18 Feb 2003 13:24:41 - Received: from av2.rz.fh-augsburg.de (HELO FH-Augsburg.DE) (141.82.16.242) by daedalus.apache.org with SMTP; 18 Feb 2003 13:24:41 - Received: from meduron700 (dial19-220.RZ.FH-Augsburg.DE [141.82.19.220]) by FH-Augsburg.DE (8.12.6/8.12.6) with ESMTP id h1IDQ087011192 for [EMAIL PROTECTED]; Tue, 18 Feb 2003 14:26:00 +0100 (MET) Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm X-Msmail-Priority: Normal Content-Type: text/plain; charset=Windows-1252 X-Received: 18 Feb 2003 13:24:56 GMT List-Post: mailto:[EMAIL PROTECTED] Subject: Tomcat 4.1.18 container-specific security mechanism+JDBCRealm+How to update user roles without logoff/relogin when DB updated X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N List-Subscribe: mailto:[EMAIL PROTECTED] Precedence: bulk Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: mailing list [EMAIL PROTECTED] Return-Path: [EMAIL PROTECTED] Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: [EMAIL PROTECTED
RE: TOMCAT - uninstall
I don't know for Red Hat, but for Solaris and Windows I can tell you: Simply delete the folder of your unzipped the archive. Believe it or not... That's the trick. Ooohh mighty tomcat developers... please provide us a least one uninstall shell script for that purpose ;-) Preferably a Swing-GUI, of course... Otherwise the Are you sure?-button is too difficult to implement... Michael -Original Message- From: Alberto A C A S Magalhães [mailto:[EMAIL PROTECTED]] Sent: Donnerstag, 13. Februar 2003 11:05 To: Tomcat Users List Subject: TOMCAT - uninstall ** Este email assim como os ficheiros que possa ter em anexo são confidenciais e para uso exclusivo da pessoa ou organização para o qual foi enviado. Se recebeu este email por engano por favor notifique [EMAIL PROTECTED] Esta nota confirma que esta mensagem foi verificada pelo MIMEsweeper não tendo sido encontrados virus. www.mimesweeper.com *** Hi, I install tomcat 4.1.18, using gunzip of Red Hat Linux, now i want to uninstall it, what I have to do? Thanks Alberto Magalhães - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Handling non-Latin chars in servlet, jdbc
-Original Message- From: Joe Tomcat [mailto:[EMAIL PROTECTED]] Sent: Sonntag, 9. Februar 2003 12:47 To: Tomcat Users List Subject: Handling non-Latin chars in servlet, jdbc Hello fellow Tomcatists, It is time for my web app to move beyond the confines of the A-B-Cs. This app takes user input from web forms, stores it in various fields in a database, and then displays it back in various ways. The goal is to have it so that a user can enter Japanese or other Asian language chars into the form in his browser, the web app stores the form input in the db, and later on, displays it back to the browser and the chars show up the right way. It seems like this should be easy. Java is designed for multibyte, and I think Postgres can also store multibyte chars, but I'm running into a block. My friend in Japan entered some chars into a form, and hit submit, and what was stored in the db were html entities. Then, when he displayed it back to his browser, it was a problem because my output code automatically escapes html entities, so what he saw was 48832; or something, instead of the ji he was expecting. Does anyone have some tips on this, or pointers to articles or books I should be reading about how to do this? First: Make sure that your generated html page has a content header that tells the browser what content encoding you want. Otherwise your browser might imply Latin for parsing even if you want Unicode. Things like: %@ page contentType=text/html; charset=xyz % or meta http-equiv=content-type content=text/html; charset=xyz might help. Second (from own bad experience ;-)): I use MySQL which also support Unicode. But you have to set the encoding you want MySQL to use. Otherwise it tries to find the encoding by checking the systems default. Ran into trouble because my development server had a German installation whereas my productive machine has an English setup. So I had Latin vs. Latin-1. I wondered what happend to my German special characters, but actually the problem was that my JDBC driver talked the wrong encoding to the database and the problem was already located in my data access classes, not the jsp or html processing. After telling MySQL in the connection url to use Latin-1 encoding my problem was gone. So you should also check that your problem is not located on the database/driver side and your characters get garbled already there. Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: compression filter problem
I'm using the compression filter that comes bundled with Tomcats webapps/example. Works for me, so i didn't programm anything myself. Just don't map anything else than *.jsp with the filter because my old fellow Netscape 4.7x accepts gzip - in theory - ...but... if you compress images you won't see them. ;-) Other browsers, no problem at all. -Original Message- From: Varley, Roger [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 11. Februar 2003 13:50 To: 'Tomcat Users List' Subject: RE: compression filter problem I am Developing Web application using tomcat. I want to Comopress my all jsp pages in web application, for that i have make some java filter classes and make changes in web.xml. but I am facing two problems 1. in jsp i have to put header content encoding is gzip, without that brower display zip data 2. browser keep showing that page is comeing and showing progress bar in status bar even data is display completely. Jason Hunter has an article on Servlet Filters at http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters. html http://www.javaworld.com/javaworld/jw-06-2001/jw-0622-filters.html Page Three of the article talks specifically about Compression Filters. Regards Roger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: exception after several hours idle
-Original Message- From: Vladimir Kirillov [mailto:[EMAIL PROTECTED]] Sent: Sonntag, 9. Februar 2003 18:58 To: [EMAIL PROTECTED] Subject: exception after several hours idle Hi, all Could anyone tell me what to change in default Tomcat 4.1.18 configuration to avoid exception after several hours (night) of running idle? My web application uses database connection, but database driver connection timeout is set to Integer.MAX, so it should not be the reason. Even if you set the timeout to Integer.MAX, maybe try to set autoReconnect=true in your connection url. I had problems with my webapp when idle overnight because my MySQL J/Connector cut the connections of my connection pool after 8 hours inactivity by default. I guess using autoReconnect and related parameters couldn't hurt, although i didn't yet try to avoid disconnecting by increasing the timeout. I would prefer a reconnect over a high timeout because you never know for sure if something else is killing your connection and with autoreconnect you should be on the safe side for every possibility of a (temporarily) dead connection. Here is the sample of exception: I can't figure out so much from this exception... FileIO? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Need help w. another jsp!
Java teacher says: As far as I can see, you forgot to wrap your cases into brackets... Try the following: % switch (day) { % % case '1': { % FONT COLOR=blue SIZE=+1Sunday/FONT % break; } % % case '2': { % FONT COLOR=blue SIZE=+1Monday/FONT % break; } % % case '3': { % FONT COLOR=blue SIZE=+1Tuesday/FONT % break; } % % case '4': { % FONT COLOR=blue SIZE=+1Wednesday/FONT % break; } % % case '5': { % FONT COLOR=blue SIZE=+1Thursday/FONT % break; } % % case '6': { % FONT COLOR=blue SIZE=+1Friday/FONT % break; } % % case '7': { % FONT COLOR=blue SIZE=+1Saturday/FONT % break; } % % default: { % FONT COLOR=blue SIZE=+1Error! Bad day!/FONT % break; } % % } % Guess that should work. Remember what Jasper does with your html tags while generating a servlet from your jsp file! The generated servlet must contain valid Java. For every html tag you'll basically have something like an: out.write(something); Means you have not just a single statement, you'll most likely get a block of statements that you have to wrap into brackets {} in order to make it work and get valid Java code. By the way: Looking in the generated .java helps to locate such simple problems. Understanding the way of jsp-servlet processing helps even more. And I don't even start about using error messages... And the following code can't work either: Since you didn't import java.util.Calender you should, of course, also use the fully qualified class name then for Calendar.getInstance() like you did for java.util.Random. ;-) That's why you get cannot resolve symbol. Try java.util.Calendar.getInstance()... Or why not use %@ page import=java.util.* % instead? Well, forgot... that requires having read at least the introductory pages of a jsp book or docu before installing Tomcat... % // A calendar object is created to get an integer value // of the current day of the week java.util.Calendar thisCal = Calendar.getInstance(); int day = thisCal.get(thisCal.DAY_OF_WEEK); // Two arrays are created for demonstrating examples String[] wordArray = {The, quick, brown, fox, . . .}; String[] colorArray = {red, green, blue, orange, black}; // Here a random number between 0 and 1 is selected java.util.Random rand = new java.util.Random(); int randomNumber = rand.nextInt(2); % Let's see if that all reduces your error messages... Good luck. Michael P.S. I guess whenever your project is finished you should write (c) by [EMAIL PROTECTED] below ;-) SCNR -Original Message- From: Steve Burrus [mailto:[EMAIL PROTECTED]] Sent: Montag, 10. Februar 2003 01:02 To: Tomcat Users List Subject: Re: Need help w. another jsp! SUCCESS gentlemen with the calendar.jsp!!! I got it to execute in the Tomcat app. server--probably my very 1st jsp/servlet to successfully run!!! All that I had to do was to correct a variable name (it had a - in it mistakenly) and then lo and behold it ran! I am, however, having a problem now with another jsp called ControlFlow.jsp. Here is the 505 server error page: HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: 49 in the jsp file: /ControlFlow.jsp Generated servlet error: [javac] Compiling 1 source file C:\jakarta-tomcat-4.1.18\work\Standalone\localhost\_\ControlFlow_jsp.jav a:103: 'case', 'default' or '}' expected out.write(\r\n); ^ An error occurred at line: 49 in the jsp file: /ControlFlow.jsp Generated servlet error: C:\jakarta-tomcat-4.1.18\work\Standalone\localhost\_\ControlFlow_jsp.jav a:103: 'case', 'default' or '}' expected out.write(\r\n); ^ An error occurred at line: 50 in the jsp file: /ControlFlow.jsp Generated servlet error: C:\jakarta-tomcat-4.1.18\work\Standalone\localhost\_\ControlFlow_jsp.jav a:105: 'case', 'default' or '}' expected out.write(\r\n ); ^ An error occurred at line: 50 in the jsp file: /ControlFlow.jsp Generated servlet error: C:\jakarta-tomcat-4.1.18\work\Standalone\localhost\_\ControlFlow_jsp.jav a:106: 'case', 'default' or '}' expected out.write(Sunday); ^ An error occurred at line: 51 in the jsp file: /ControlFlow.jsp Generated servlet error: C:\jakarta-tomcat-4.1.18\work\Standalone\localhost\_\ControlFlow_jsp.jav a:107: 'case', 'default' or '}' expected out.write(\r\n ); ^ An error occurred at line: 51 in the jsp file: /ControlFlow.jsp Generated servlet error: C:\jakarta-tomcat-4.1.18\work\Standalone\localhost\_\ControlFlow_jsp.jav a:108: 'case', 'default' or '}' expected break; ^
form based auth problem when disallowing cookies
Hi, I'm using Tomcat 4.1.18 with a form based auth method. My login.jsp is in a directory context/login/ and for that directory I've also set a security contraint which switches to https for logon (and stays in https, of course) I have no problem when I use cookies, but I see a bit strange behaviour if I don't use cookies: 1. Surf around the webapp. sessionid is generated and attached to url via url rewriting 2. Click login link and load login.jsp. Simultaniously switching to https. 3. Still same sessionid in the url as before. login form screen prompts 4. I use correct username/password to login. I see no error, but the sessionid got changed in the url and the login form is prompted again and i'm not yet in! 5. If I login again, I keep the new sessionid and can continue as normal and finally login is sucessful. Step 4 is different to what I have with cookies. I don't need to login twice. And the sessionid that is in the cookie also stays the same before and after. So actually my previous session also gets destroyed after logon and I couldn't take my session beans (for example a shopping cart) into https while using url rewriting for session tracking. If I use cookies, that's possible. Any ideas what I do wrong, is this a bug (if yes, in my webapp or Tomcat) or is it a wanted security thing that you can't grab someone's session id from the url, for example to manipulate the session from a second http browser window after a https logon was done in another window?! Thx Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: bug in java api? (ot)
Indeed 2000 was a leap year with 29th of Feb. Every year that can be divided by four is a leap year, except it can be divided by 100 than it's not. But if it can be divided by 400 then it is a leap year again. ;-) So because of the last rule, 2000 was a leap year and the API is correct... -Original Message- From: Daniel Brown [mailto:[EMAIL PROTECTED]] Sent: Donnerstag, 6. Februar 2003 13:03 To: Tomcat Users List Subject: RE: bug in java api? (ot) But 2000 *was* a leap year...? http://world.std.com/~dpbsmith/leapyearfaq.txt -Original Message- From: Felipe Schnack [mailto:[EMAIL PROTECTED]] Sent: 06 February 2003 11:50 To: Tomcat Users List Subject: bug in java api? (ot) Take a look at the following code GregorianCalendar cal = (GregorianCalendar)Calendar.getInstance(); cal.set(2000, Calendar.FEBRUARY, 1); System.out.println(cal.isLeapYear(2000)); Shouldn't false be printed on the screen? I see true here in my machine :-) -- Felipe Schnack Analista de Sistemas [EMAIL PROTECTED] Cel.: (51)91287530 Linux Counter #281893 Centro Universitário Ritter dos Reis http://www.ritterdosreis.br [EMAIL PROTECTED] Fone/Fax.: (51)32303341 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: jsp:useBean error
SCNR (just for my humor): http://java.sun.com/docs/books/tutorial/getStarted/cupojava/index.html org.burrus.[name of file] means that you have a directory structure like: org +-burrus in that subdirectory you have your class files [name of file] So in case you have a class named MyFirstCupOfJava that you save under: [wherever your workspace is]/org/burrus/MyFirstCupOfJava.java you could import this file with: import org.burrus.MyFirstCupOfJava in any of your other projects java files. Oversimplified: package == directory ;-) Michael P.S. Although I really tried to explain, I doubt I could do it better than any book author or the author of Sun's Java Tutorial... -Original Message- From: Steve Burrus [mailto:[EMAIL PROTECTED]] Sent: Montag, 3. Februar 2003 22:14 To: Tomcat Users List Subject: RE: jsp:useBean error Hi Filip, I just now read yer little email msg. to me, and I understand that there should be little or even nothing that I need to do special to get the jsp/servlet to work in JBuilder!! However, I have no experience at all in packaging up a .java file! Would u please humor me and explain the process to me?! I have been told that I need to create something like org.burrus.[name of file] or something similiar. I know that you possess a massive amount of knowledge about Tomcat, so please give a newbie like me just a little piece of that knowledge. :) I thank you very much. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Admin user and passwd
The Tomcat homepage gives hints: NOTE: For security reasons, using the administration webapp is restricted to users with role admin. The manager webapp is restricted to users with role manager. Users are defined in $CATALINA_HOME/conf/tomcat-users.xml. More can be found in the documentation: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/manager-howto.html Michael -Original Message- From: Liquid [mailto:[EMAIL PROTECTED]] Sent: Sonntag, 2. Februar 2003 13:04 To: [EMAIL PROTECTED] Subject: Admin user and passwd Hi, what is the default user and password for web admin interface od Tomcat? Thanks. Liquid - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 4.1.18/19 - How to activate gzip support?
What parameter did you set? Nobody seems to know how to activate gzip support for 4.1.19... (Hope you didn't try enableGZIP=true *g*) Actually that's the question... How to activate this gzip feature? The release-notes say that the coyote connector would support gzip now, but nowhere i found how to enable it. Obviously nobody (except hopefully the developer) know how to use it. Or is it still that alpha quality that it's a secret. Anyhow, could we get a hint from development side how to activate this compression feature? Or maybe it intended as a chrismas gift? ;-) Michael -Original Message- From: Marco Baiguera [mailto:[EMAIL PROTECTED]] Sent: Donnerstag, 30. Januar 2003 11:38 To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: Tomcat 4.1.18/19 - How to activate gzip support? in 4.1.19 coyote connector tag i tried the compressione parameter but seen no results haw can i check if my page is being compressed (client-side)? thanx - Original Message - From: mech [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Saturday, January 25, 2003 12:33 AM Subject: Tomcat 4.1.18/19 - How to activate gzip support? Hi, I'm currently using Tomcat 4.1.18 for my webapp quite successfully. Unfortunately one db output page is almost 60KB large (1/3 of it is only spaces and tabs) so I was thinking about trying Tomcat 4.1.19's new HTTP 1.1 gzip support. I installed 4.1.19 and my webapp is running again, but how to enable gzip support? My Mozilla supports gzip according to header infos. But how do I find out if my pages really got compressed? Mozilla's page info still says encoding=ISO... (although I'm not sure if this is because of the page content). Sorry, but I didn't see/feel any difference yet ;-) Did I forget something? Anyhow I wonder how to activate gzip for the connector? Shouldn't there be some kind of attribute in server.xml to set for Connector className=org.apache.coyote.tomcat4.CoyoteConnector... ? But I saw nothing in the documentation like enableGZIP=true. I also read that there was (is?) a filter servlet available somewhere to be used for on-the-fly gzip compression. Where can I get some more info how to obtain it and set it up, if I wouldn't use the http connector support? Any ideas about this. Michael -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 4.1.18/19 - How to activate gzip support?
I just downloaded the connectors source... (i never thought i would do that...) After having a glimpse at the code I can tell the following: you can set an attribute compression to either on, off or force I don't know what the class FakeOutputStream in the GZipOutputFilter.java might be by now... Anyway... Let's try brute force... Maybe something happens. ;-) Although somewhere in the code it says that force was just for testing purposes... and seems to be not 100% anyway yet... Guess that's why it's alpha. Michael -Original Message- From: Marco Baiguera [mailto:[EMAIL PROTECTED]] Sent: Donnerstag, 30. Januar 2003 15:57 To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: Tomcat 4.1.18/19 - How to activate gzip support? from 4.1.19 LE (windows) default server.xml Connector className=org.apache.coyote.tomcat4.CoyoteConnector acceptCount=100 bufferSize=2048 compression=off connectionTimeout=2 debug=0 disableUploadTimeout=true enableLookups=true maxKeepAliveRequests=100 maxProcessors=75 minProcessors=5 port=8080 protocolHandlerClassName=org.apache.coyote.http11.Http11Proto col proxyPort=0 redirectPort=8443 scheme=http secure=false tcpNoDelay=true useURIValidationHack=false i guess the compression parameter could enable gzip compression. setting to on has no effect. later i'll try compression=gzip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Possible too switch off tcp/ip server shutdown?
I have a question because my tomcat is running on a solaris machine. I'm not the admin. I know it's easily possible to connect to that server pc for lot's of people. So I tried to use rlogin myself, telnet localhost 8005, say SHUTDOWN and down was the server. Unfortunately anyone else could have done it, too. Except changing the SHUTDOWN command to something more secret and preventing server.xml from reading, i have no idea how to prevent shutdown, because I don't think it'll be possible to prevent other users from rlogin to this server machine. My questions (maybe not all are equally reasonable, but at least I want to get an idea about several options): 1. Is it possible to disable the listener at port 8005 completely? 2. Except the file permissions and changing the SHUTDOWN command, is there any other way on solaris to prohibid telnet localhost 8005 in any way for users (a bit unix specific, i know) 3. If I change the SHUTDOWN command to something else, will I still be able to use shutdown.sh? I mean what mechanismn does the shutdown.sh use? Is it mainly doing tcp/ip and sending this command, then I suggest I would have to change the shutdown.sh to use the new secret word. If yes, how to do it? Thanks Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem in starting tomcat apache webserver
Given that small amount of information, i make the following assumptions: 1. You use Win9x/ME. (i guess from typical closing window effect you mentioned) 2. You didn't increase the space for environment variables in the properties of startup.bat/shutdown.bat as recommended in the readme file of Tomcat for Win9x systems. (btw readme files and docs are your friends, use them!) 3. Tomcat cannot create environment variables for JAVA_HOME etc. and fails to load If not, check the log files because you won't see the error messages otherwise on Win9x systems because of the closing window and provide more information. hope it helped to lead you on track again... Michael -Original Message- From: vaishali [mailto:[EMAIL PROTECTED]] Sent: Montag, 27. Januar 2003 11:58 To: [EMAIL PROTECTED] Subject: problem in starting tomcat apache webserver i have downloaded and configured apache jakarta tomacat 1.4 but it is not starting. while i click on startup it opens one window with start and as soon as other ms-dos opens it shows it is finished. means web server is not starting only. please give me proper guidence as soon as possible. thanking you] vaishali - Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: java.sql.SQLException: DBCP could not obtain an idle connection, pool exhausted
Just a guess, but maybe this occurs while filling the connection pool with connections at the very beginning. Assume your connection pool manager was set up to open at least 100 connections. In case your SQL server at work doesn't allow that much connection or some other clients are using some already you might receive this error. Maybe check with your admin at work how many simultanious connection that sql db can serve. Maybe it's simply limited. You could also try to open a few connections manually to find out when your db says no more. -Original Message- From: Barclay A. Dunn [mailto:[EMAIL PROTECTED]] Sent: Montag, 27. Januar 2003 19:21 To: [EMAIL PROTECTED] Subject: java.sql.SQLException: DBCP could not obtain an idle connection, pool exhausted i have set up Tomcat 4.1(.12, i think) with DBCP native, connecting to Sql Server 2000 on a remote machine. with the same configuration at home i get connected just fine. at work, i get this error: java.sql.SQLException: DBCP could not obtain an idle connection, pool exhausted i'm getting this error upon first use of the database, so i do not think it's a problem with not closing connections previously in use. the only difference in configurations, now that i think about it, is i have apache running in front of tomcat on my box at work, but not at home. could that be it? does anybody know how to solve this? thanks barclay -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session Timeout - Who has the final decision?
IMHO: Your web app web.xml overrides Tomcat's web.xml. Your application code overrides both. I've checked the Tomcat-User and Struts-User archives for an answer to this, but am still not sure of the answer. Given that I can set a session timeout interval in Tomcat's configuration file (web.xml), the web application itself (web.xml), and also by setting 'session.setMaxInactiveInterval(#secs)', who wins? In other words, if I have the following: Tomcat timeout is 30 minutes Web Appl. timeout is 45 minutes session.setMaxInactiveInterval 3600 seconds (or 60 minutes) does the users session 'live' for the full 60 minutes? Or does one of the other settings take precedence? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.1.18/19 - How to activate gzip support?
Maybe let's go back to the more interesting original question, although it might be possible to use a filter for gzip,too. That was how to enable gzip for Tomcat 4.1.19 Release notes say: [4.1.19] CoyoteConnector: Add HTTP/1.1 GZIP compression support. http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.1.19-alph a/RELEASE-NOTES So great to hear, but which button to push to activate this secret feature? Didn't find a hint in the 4.1.19 documentation. Michael -Original Message- From: Reynir Hübner [mailto:[EMAIL PROTECTED]] Sent: Sonntag, 26. Januar 2003 12:15 To: Tomcat Users List Subject: RE: Tomcat 4.1.18/19 - How to activate gzip support? No I was not telling you to use orion server, just to use the Tutorial, and it's code examples to implement the GZIP filter. I think that should be allright.. you should not have any license problems. -r -Original Message- From: Madhava Reddy [mailto:[EMAIL PROTECTED]] Sent: 25. janúar 2003 17:48 To: 'Tomcat Users List' Subject: RE: Tomcat 4.1.18/19 - How to activate gzip support? Reynir, It looks Orion is not open sourse and free.. What about license issues, if we want to use for commertial purpose? Madhav -Original Message- From: Reynir Hübner [mailto:[EMAIL PROTECTED]] Sent: Saturday, January 25, 2003 3:28 PM To: Tomcat Users List Subject: RE: Tomcat 4.1.18/19 - How to activate gzip support? You could install a filter in your webapplication to do this. Check out the filter tutorials at www.orionserver.com Specifically this one : http://www.orionserver.com/tutorials/filters/5.html Hope it helps -reynir -Original Message- From: mech [mailto:[EMAIL PROTECTED]] Sent: 24. janúar 2003 23:33 To: 'Tomcat Users List' Subject: Tomcat 4.1.18/19 - How to activate gzip support? Hi, I'm currently using Tomcat 4.1.18 for my webapp quite successfully. Unfortunately one db output page is almost 60KB large (1/3 of it is only spaces and tabs) so I was thinking about trying Tomcat 4.1.19's new HTTP 1.1 gzip support. I installed 4.1.19 and my webapp is running again, but how to enable gzip support? My Mozilla supports gzip according to header infos. But how do I find out if my pages really got compressed? Mozilla's page info still says encoding=ISO... (although I'm not sure if this is because of the page content). Sorry, but I didn't see/feel any difference yet ;-) Did I forget something? Anyhow I wonder how to activate gzip for the connector? Shouldn't there be some kind of attribute in server.xml to set for Connector className=org.apache.coyote.tomcat4.CoyoteConnector... ? But I saw nothing in the documentation like enableGZIP=true. I also read that there was (is?) a filter servlet available somewhere to be used for on-the-fly gzip compression. Where can I get some more info how to obtain it and set it up, if I wouldn't use the http connector support? Any ideas about this. Michael -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat 4.1.18/19 - How to activate gzip support?
Hi, I'm currently using Tomcat 4.1.18 for my webapp quite successfully. Unfortunately one db output page is almost 60KB large (1/3 of it is only spaces and tabs) so I was thinking about trying Tomcat 4.1.19's new HTTP 1.1 gzip support. I installed 4.1.19 and my webapp is running again, but how to enable gzip support? My Mozilla supports gzip according to header infos. But how do I find out if my pages really got compressed? Mozilla's page info still says encoding=ISO... (although I'm not sure if this is because of the page content). Sorry, but I didn't see/feel any difference yet ;-) Did I forget something? Anyhow I wonder how to activate gzip for the connector? Shouldn't there be some kind of attribute in server.xml to set for Connector className=org.apache.coyote.tomcat4.CoyoteConnector... ? But I saw nothing in the documentation like enableGZIP=true. I also read that there was (is?) a filter servlet available somewhere to be used for on-the-fly gzip compression. Where can I get some more info how to obtain it and set it up, if I wouldn't use the http connector support? Any ideas about this. Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Some advice on getting webapp-root and reading/writing
What you need is here: 1. In javax.servlet.HttpServletRequest you'll find getContextPath() 2. In javax.servlet.ServletContext there's a method getResourceAsStream() Michael -Original Message- From: joe udder [mailto:[EMAIL PROTECTED]] Sent: Sonntag, 19. Januar 2003 12:38 To: [EMAIL PROTECTED] Subject: Some advice on getting webapp-root and reading/writing Hello. Does anyone have some advice to give me on the following ideas? My first problem is to find the correct path to my files. Is there a method to get the document-root of my webapp, so I only need to append Images/jpg and WEB-INF/settings to the path? I suppose using URL's is the most platform independent method? Example: My webapp is located in /var/www/waTest/WEB-INF/, and the JPG's are in /var/www/waTest/Images/jpg/. Finally the XML's are located in /var/www/waTest/WEB-INF/settings/. The second problem is how to read/write the files, should I use FileReader or is there a better solution for webapps? TIA /ju _ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
JDBCRealm problem with MySQL after adding password and changing user account
Hi, I have a problem with my Tomcat 4.1.18 JDBCRealm setup on Solaris in server.xml Previously I had this in my context definition in server.xml and it works fine: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3307/praksis?user=root userTable=benutzer userNameCol=email userCredCol=passwort userRoleTable=rollen roleNameCol=rollenname digest=SHA-1/ Then I added a new user in MySQL named praksis to replace the root access and tried to change to this setup: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3307/praksis?user=praksispassword =siskarp userTable=benutzer userNameCol=email userCredCol=passwort userRoleTable=rollen roleNameCol=rollenname digest=SHA-1/ Now I only get weird error messages from the xml parser: org.xml.sax.SAXParseException: The reference to entity password must end with the ';' delimiter. Thus I tried jdbc:mysql://localhost:3307/praksis?user=praksispassword=siskarp; but this didn't do the trick... Does it mean anything else? I use mysql-connector-java-2.0.14.jar in common/lib (for tomcat) and webapps/praksis/WEB-INF/libs (for struts) But I believe the connectionURL is correct because I looked it up in the tomcat doc under jdbc realms. The MySQL setup/user setup should be okay aswell, because my Struts connection pool works with: data-sources data-source set-property property=driverClass value=com.mysql.jdbc.Driver/ set-property property=url value=jdbc:mysql://localhost:3307/praksis/ set-property property=maxCount value=25/ set-property property=minCount value=5/ set-property property=user value=praksis/ set-property property=password value=siskarp/ /data-source /data-sources So right now, I'm using a root access without password for my JDBC Realm, because the different JDBC Realm prohibits Tomcat from starting up. But my webapp itself can utilize the struts connection pool with above user account setup without any problems. Actually I don't know what I did wrong and was hoping for help that I can use the praksis user for both purposes. Thanks! Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: JDBCRealm problem with MySQL after adding password and changing user account (bug, unclear tomcat documentation or my stupidity?)
Sorry, for the post... Solved it myself. The trick was that you should NOT put your password into the connectionURL instead one can use: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3307/praksis connectionName=praksis connectionPassword=siskarp userTable=benutzer userNameCol=email userCredCol=passwort userRoleTable=rollen roleNameCol=rollenname digest=SHA-1/ Although I have no idea why the tomcat documentation offers an example for exactly the case where you put username and password into the connectionURL. For some reason it works unless you only specify a user in the URL, but for more one has to split the data into connectionURL, connectionName and connectionPassword Did anybody have similar experiences? Is this a bug while parsing the server.xml? At least it doesn't seem to be very consistent, if connectionURL works with jdbc:mysql://localhost:3307/praksis?user=root but not with jdbc:mysql://localhost:3307/praksis?user=rootpassword=test So I start using ONLY connectionName and connectionPassword as I might get gray hairs soon enough anyway... ;-) Michael -Original Message- From: mech [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 14. Januar 2003 14:06 To: [EMAIL PROTECTED] Subject: JDBCRealm problem with MySQL after adding password and changing user account Hi, I have a problem with my Tomcat 4.1.18 JDBCRealm setup on Solaris in server.xml Previously I had this in my context definition in server.xml and it works fine: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3307/praksis?user=root userTable=benutzer userNameCol=email userCredCol=passwort userRoleTable=rollen roleNameCol=rollenname digest=SHA-1/ Then I added a new user in MySQL named praksis to replace the root access and tried to change to this setup: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost:3307/praksis?user=praksi spassword =siskarp userTable=benutzer userNameCol=email userCredCol=passwort userRoleTable=rollen roleNameCol=rollenname digest=SHA-1/ Now I only get weird error messages from the xml parser: org.xml.sax.SAXParseException: The reference to entity password must end with the ';' delimiter. Thus I tried jdbc:mysql://localhost:3307/praksis?user=praksispassword=sis karp; but this didn't do the trick... Does it mean anything else? I use mysql-connector-java-2.0.14.jar in common/lib (for tomcat) and webapps/praksis/WEB-INF/libs (for struts) But I believe the connectionURL is correct because I looked it up in the tomcat doc under jdbc realms. The MySQL setup/user setup should be okay aswell, because my Struts connection pool works with: data-sources data-source set-property property=driverClass value=com.mysql.jdbc.Driver/ set-property property=url value=jdbc:mysql://localhost:3307/praksis/ set-property property=maxCount value=25/ set-property property=minCount value=5/ set-property property=user value=praksis/ set-property property=password value=siskarp/ /data-source /data-sources So right now, I'm using a root access without password for my JDBC Realm, because the different JDBC Realm prohibits Tomcat from starting up. But my webapp itself can utilize the struts connection pool with above user account setup without any problems. Actually I don't know what I did wrong and was hoping for help that I can use the praksis user for both purposes. Thanks! Michael -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: JDBCRealm problem with MySQL after adding password and changing user account
Strange, I found this non-;-separated example in: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JDBCRea lm Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/authority?user=dbuserpassword=dbp ass userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ Your note for the in xml is true, but shouldn't matter in a quoted string, or do I mix something up now? Anyway... Using the connectionName, connectionPassword attributes and you are on the safe side... Michael -Original Message- From: Ralph Einfeldt [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 14. Januar 2003 14:25 To: Tomcat Users List; [EMAIL PROTECTED] Subject: RE: JDBCRealm problem with MySQL after adding password and changing user account If you want to use inside xml you have to encode it. ?user=praksispassword=foo should be changed to ?user=praksisamp;password=foo BTW: In the JDBCRealm-howto they use ; to seperate the password from the user. ?user=praksis;password=foo As I'm not using mysql I'm not shure if that is correct. -Original Message- From: mech [mailto:[EMAIL PROTECTED]] Sent: Tuesday, January 14, 2003 2:06 PM To: [EMAIL PROTECTED] Subject: JDBCRealm problem with MySQL after adding password and changing user account connectionURL=jdbc:mysql://localhost:3307/praksis?user=praksi spassword =siskarp userTable=benutzer userNameCol=email userCredCol=passwort userRoleTable=rollen roleNameCol=rollenname digest=SHA-1/ Now I only get weird error messages from the xml parser: org.xml.sax.SAXParseException: The reference to entity password must end with the ';' delimiter. -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: servlet with Tomcat
Are you a newbie to tomcat or a newbie to manners, Steve? Maybe start working on something else... I guess you'll find it difficult to get any help from anyone on this list after insulting posters. -Original Message- From: Steve R Burrus [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 14. Januar 2003 21:57 To: Tomcat Users List Subject: RE: servlet with Tomcat Nicole, that's really fine and good that you bothered to send me a web page that purportedly offers me some free advice on how the hell I go about seeing/viewing a compiled servlet, BUT I really thought that you could, if you would please, directly give some help on editing that web.xml file! __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: mod_jk error 404 with Apache 1.3.27, Tomcat 4.1.18
Well actually *.jsp without leading / works for me, too. And I've seen it also in some tutorials ;-) By the way, it might by useful to add JkMount /examples ajp13 I experienced that http://localhost/examples was not transfered (only http://localhost/examples/ )to the corresponding examples/index.jsp until I added above JkMount. But IMHO this small issue might depend also on Apache's config with respect to trailing slashes. Could be worth a try in case, but might not be necessary... mech -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Montag, 13. Januar 2003 13:57 To: 'Tomcat Users List' Subject: RE: mod_jk error 404 with Apache 1.3.27, Tomcat 4.1.18 The error message in this case is correct, as was the previous post. The correct lines would be: JkMount /*.jsp ajp13 JkMount /examples/* ajp13 Note the leading / in the first line that was missing previously. Also, in the original post, the error message specifically said done without a match on /webapps/examples/jsp which was also true based on your original config files. There was no JkMount that matched that URL. John -Original Message- From: Randall Perry [mailto:[EMAIL PROTECTED]] Sent: Sunday, January 12, 2003 8:08 PM To: [EMAIL PROTECTED] Subject: Re: mod_jk error 404 with Apache 1.3.27, Tomcat 4.1.18 I discovered that the URL I was using to access the pages was wrong. Never mind. It's working fine. :) That's not it. I get the following error from 'apachectl configtest' : Context should start with / Use: JkMount *.jsp ajp13 JkMount /examples/* ajp13 -- Randall Perry sysTame Xserve Web Hosting/Co-location Website Development/Promotion Mac Consulting/Sales http://www.systame.com/ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: mod_jk error 404 with Apache 1.3.27, Tomcat 4.1.18
Use: JkMount *.jsp ajp13 JkMount /examples/* ajp13 -Original Message- From: Randall Perry [mailto:[EMAIL PROTECTED]] Sent: Sonntag, 12. Januar 2003 19:52 To: [EMAIL PROTECTED] Subject: mod_jk error 404 with Apache 1.3.27, Tomcat 4.1.18 Successfully installed tomcat 4.1.18 and can access it on port 8080. Jsp servlets run ok. Installed mod_jk.so v1.2.2, configured apache and get no errors on startup. But, though I can access the directory pointed to by JKMount, and can load static .html, no .jsp or servlet examples will run. My machine is a Mac Xserve running OS 10.2.3 server. Relevant configs appear below. Any help is appreciated. workers.properties # Setup for Mac OS X workers.tomcat_home=/usr/local/jakarta-tomcat-4.1.18 workers.java_home=/System/Library/Frameworks/JavaVM.framework/Home worker.list=ajp13 #Definition for Ajp13 worker worker.ajp13.port=8009 worker.ajp13.host=127.0.0.1 worker.ajp13.type=ajp13 httpd.conf LoadModule jk_module/usr/libexec/httpd/mod_jk.so AddModule mod_jk.c VirtualHost 127.0.0.1 DocumentRoot /usr/local/jakarta-tomcat-4.1.18 JKMount /*.jsp ajp13 JKMount /webapps/examples/servlet/* ajp13 /VirtualHost JkWorkersFile /usr/local/jakarta-tomcat-4.1.18/conf/jk/workers.properties JkLogFile /usr/local/jakarta-tomcat-4.1.18/logs/mod_jk.log JkLogLevel debug mod_jk.log [Sun Jan 12 13:36:49 2003] [jk_ajp13_worker.c (108)]: Into ajp13_worker_factory [Sun Jan 12 13:36:49 2003] [jk_worker.c (171)]: wc_create_worker, about to validate and init ajp13 [Sun Jan 12 13:36:49 2003] [jk_ajp_common.c (1219)]: Into jk_worker_t::validate [Sun Jan 12 13:36:49 2003] [jk_ajp_common.c (1239)]: In jk_worker_t::validate for worker ajp13 contact is 127.0.0.1:8009 [Sun Jan 12 13:36:49 2003] [jk_ajp_common.c (1267)]: Into jk_worker_t::init [Sun Jan 12 13:36:49 2003] [jk_ajp_common.c (1287)]: In jk_worker_t::init, setting socket timeout to 0 [Sun Jan 12 13:36:49 2003] [jk_worker.c (187)]: wc_create_worker, done [Sun Jan 12 13:36:49 2003] [jk_worker.c (238)]: build_worker_map, removing old ajp13 worker [Sun Jan 12 13:36:49 2003] [jk_worker.c (250)]: build_worker_map, done [Sun Jan 12 13:36:49 2003] [jk_worker.c (111)]: wc_open, done 1 [Sun Jan 12 13:36:59 2003] [jk_uri_worker_map.c (460)]: Into jk_uri_worker_map_t::map_uri_to_worker [Sun Jan 12 13:36:59 2003] [jk_uri_worker_map.c (477)]: Attempting to map URI '/webapps/examples/jsp' [Sun Jan 12 13:36:59 2003] [jk_uri_worker_map.c (599)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Sun Jan 12 13:37:00 2003] [jk_uri_worker_map.c (460)]: Into jk_uri_worker_map_t::map_uri_to_worker [Sun Jan 12 13:37:00 2003] [jk_uri_worker_map.c (477)]: Attempting to map URI '/webapps/examples/jsp/' [Sun Jan 12 13:37:00 2003] [jk_uri_worker_map.c (599)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Sun Jan 12 13:37:00 2003] [jk_uri_worker_map.c (460)]: Into jk_uri_worker_map_t::map_uri_to_worker [Sun Jan 12 13:37:00 2003] [jk_uri_worker_map.c (477)]: Attempting to map URI '/webapps/examples/jsp/index.html' [Sun Jan 12 13:37:00 2003] [jk_uri_worker_map.c (599)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Sun Jan 12 13:37:00 2003] [jk_uri_worker_map.c (460)]: Into jk_uri_worker_map_t::map_uri_to_worker [Sun Jan 12 13:37:00 2003] [jk_uri_worker_map.c (477)]: Attempting to map URI '/webapps/examples/jsp/index.html' [Sun Jan 12 13:37:00 2003] [jk_uri_worker_map.c (599)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Sun Jan 12 13:37:07 2003] [jk_uri_worker_map.c (460)]: Into jk_uri_worker_map_t::map_uri_to_worker [Sun Jan 12 13:37:07 2003] [jk_uri_worker_map.c (477)]: Attempting to map URI '/webapps/examples/jsp/num/numguess.jsp' [Sun Jan 12 13:37:07 2003] [jk_uri_worker_map.c (558)]: jk_uri_worker_map_t::map_uri_to_worker, Found a suffix match ajp13 - *.jsp [Sun Jan 12 13:37:07 2003] [jk_worker.c (132)]: Into wc_get_worker_for_name ajp13 [Sun Jan 12 13:37:07 2003] [jk_worker.c (136)]: wc_get_worker_for_name, done found a worker [Sun Jan 12 13:37:07 2003] [jk_ajp_common.c (1404)]: Into jk_worker_t::get_endpoint [Sun Jan 12 13:37:07 2003] [jk_ajp_common.c (1116)]: Into jk_endpoint_t::service [Sun Jan 12 13:37:07 2003] [jk_ajp_common.c (295)]: Into ajp_marshal_into_msgb [Sun Jan 12 13:37:07 2003] [jk_ajp_common.c (432)]: ajp_marshal_into_msgb - Done [Sun Jan 12 13:37:07 2003] [jk_connect.c (158)]: Into jk_open_socket [Sun Jan 12 13:37:07 2003] [jk_connect.c (165)]: jk_open_socket, try to connect socket = 6 [Sun Jan 12 13:37:07 2003] [jk_connect.c (174)]: jk_open_socket, after connect ret = 0 [Sun Jan 12 13:37:07 2003]
RE: reducing tomcat jasper memory footprint
One question with regard to using jsp files as included content: I'm having a requirement to include files with more or less simple html content. That's in order to make editing easier for other users. I currently keep some html content in files which I reference by a database id. So a view jsp file is taking some content directly from the database and some by including a file with a name like content[ID].jsp But because I need session tracking and the possibility exists that i have url links in the included content from time to time, I decided to have jsp include files instead of html. Otherwise I couldn't use encodeURL to add session ids for browsers that disallow cookies. Actually it's unlikely that I'd use more Java than this encodeURL() so I would consider using some other technique to do it, if I knew another way. The only thing I could think of would be a filter servlet to encode the urls of those include html files on-the-fly. Any better or easier ideas? Michael -Original Message- From: Justin L. Spies [mailto:[EMAIL PROTECTED]] Sent: Montag, 30. Dezember 2002 21:34 To: 'Tomcat Users List'; [EMAIL PROTECTED] Subject: RE: reducing tomcat jasper memory footprint Julian, I would have to agree that creating a JSP per article is a bit much. How did you or your group arrive at using this solution? The other possible solutions I have seen would include a single JSP that pulls the data from a database or creating XML files that are formatted with XSLT instead of JSP's Is the system doing some processing that requires one page or article or requires JSP -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: SSL hangs on Tomcat 4.1.18
I was just trying around with minProcessors=1 and maxProcessors=2 Although I get this warnings quite easily (just 2 or 3 browser windows are enough), after one request (really slow) is completed the next request is processed. So obviously the threads must have been reused. If I set acceptCount=1 the browser comes up with page not found if all threads are in use. Maybe play around with the acceptCount setting. Even If your load is low, some nervous user might keep clicking on https links, if the page is not loading quickly enough. I wonder not to see an connectionTimeout attribut? I set to 2 for http and https (default should be 6 according to documentation). Maybe that makes a difference, too? By the way I encountered the following exception, if I stress test too much: --- Caught exception executing org.apache.tomcat.util.net.TcpWorkerThread@c62080, terminating thread org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Jdk14Logger does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImp l.java:555) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImp l.java:289) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:409) at org.apache.tomcat.util.log.CommonLogHandler.log(CommonLogHandler.java:97 ) at org.apache.tomcat.util.log.Log.log(Log.java:198) at org.apache.tomcat.util.log.Log.log(Log.java:192) at org.apache.tomcat.util.net.PoolTcpEndpoint.log(PoolTcpEndpoint.java:427) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:51 0) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:530) at java.lang.Thread.run(Thread.java:536) Caused by: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Jdk14Logger does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor(LogFact oryImpl.java:420) at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImp l.java:548) ... 9 more Caused by: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Jdk14Logger does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor(LogFact oryImpl.java:416) ... 10 more --- Class org.apache.commons.loggin.impl.Jdk14Logger does not implement Log ??? BTW why doesn't it implement Log, guess it should, shouldn't it? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: SSL hangs on Tomcat 4.1.18
That's my Tomcat 4.1.18 server.xml used for testing. Running on Win98, JDK 1.4.1b21 Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=1 maxProcessors=2 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true connectionTimeout=2 useURIValidationHack=false Tried it again, after a while of wild and crazy clicking in my Mozilla and IE simultaniously and loading/waiting for https resources to be loaded on my localhost (sometimes the request stall because of to much load): Caught exception executing org.apache.tomcat.util.net.TcpWorkerThread@497062, terminating thread org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Jdk14Logger does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImp l.java:555) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImp l.java:289) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:409) at org.apache.tomcat.util.log.CommonLogHandler.log(CommonLogHandler.java:97 ) at org.apache.tomcat.util.log.Log.log(Log.java:198) at org.apache.tomcat.util.log.Log.log(Log.java:192) at org.apache.tomcat.util.net.PoolTcpEndpoint.log(PoolTcpEndpoint.java:427) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:51 0) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:530) at java.lang.Thread.run(Thread.java:536) Caused by: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Jdk14Logger does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor(LogFact oryImpl.java:420) at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImp l.java:548) ... 9 more Caused by: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Jdk14Logger does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor(LogFact oryImpl.java:416) ... 10 more I don't know why you get that exception, but if you actually get it, then the root cause should be that something went bad during the socket accept. I think I saw some error about sockets, too. But couldn't reproduce it now. Maybe mixed it up. The only thing I can definitely reproduce as often as I try is the above setting leading to those exceptions. Standard socket processing is obviously better tested than SSL sockets, so I doubt this happens; could you debug this further, and give more details ? Stopping service Tomcat-Standalone 29.12.2002 18:08:12 org.apache.tomcat.util.log.CommonLogHandler log SCHWERWIEGEND: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThread@497062, terminating thread java.lang.IllegalStateException at org.apache.tomcat.util.threads.ThreadPool.runIt(ThreadPool.java:245) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:50 3) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:530) at java.lang.Thread.run(Thread.java:536) It would be a good idea to test stability with PureTLS or the newest JSSE (that might help if the problems come from JSSE from JDK 1.4). Actually this all was just a simple test myself. I didn't experience problems with ssl under normal setting. This thing with processors 1-2 was just a test I wouldn't do in real life. My advice: Simply don't try those stupid settings. I wouldn't even know where to start debugging more. I'm happy if everything works with the default setup ;-) Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security constraint problem with v4.1.18
Hi Peter, I think we need more info to help. Your web.xml update looks okay to me. Double check with \tomcat\webapps\examples\WEB-INF\web.xml as it also uses a protected area. What authorization scheme do you use: form-based, basic auth ? If form-based send the corresponding parts of your web.xml and info about the directory structure of your login components What browser do you use? IE? I'm asking because of a weird problem: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 (if you can confirm this, subscribe, vote, I'm trying to find a workaround for this problem, although I won't start patching... I think this problem is somehow connected to requiring roles, without that confidential seems to work... Strange... I'll keep an eye on that) What ports is Tomcat running on? 8080/8443 or 80/443? What does not work mean? Error messages, what happens, what doesn't happen, what should happen? Michael -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Freitag, 27. Dezember 2002 21:22 To: [EMAIL PROTECTED] Subject: RE: Security constraint problem with v4.1.18 On 25 Dec 2002 at 13:30, mech wrote: I cannot tell if there's a difference between 4.1.12 and 4.1.18 as I'm still using 4.1.15. I would first change the url pattern to url-pattern/protected/*/url-pattern So, I changed it. Second add security-rolerole-namemyrole/role-name/security-role Tags under the document root for all roles you use. As far as I know your auth-constaintrole-names reference to these security-roles. I never tried what happens if you don't specify these, too. I also added security-rolerole-namemyrole/role-name/security-role under the web-app tag in my web.xml file Is this the correct file? It still didn't work. Thanks Mech P.S. Merry Christmas! -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 25. Dezember 2002 00:01 To: [EMAIL PROTECTED] Subject: Security constraint problem with v4.1.18 I upgraded from 4.1.12 to 4.1.18, but I got some problems with security constraints. I have applied a security constraint on a particular url pattern. Only certain users with a special rolename can access that link. It used to work but now the page does not load with v4.1.18. Is SSL implemented differently after v4.1.12 that prevents my application fromworking? Is there any documentation on tomcat v4.1.18 SSL security stuff? Here is my security constraint in web.xml: security-constraint web-resource-collection web-resource-nameSSLResource/web-resource-name url-pattern/protected/url-pattern /web-resource-collection auth-constraint role-namemyrole/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
How to really seal/secure directories or files with Tomcat?
Hi, I was wondering about a behaviour of Tomcat that allows to include content that is in a directory I have set an security constraint for. Finally I had to understand that this weird thing is even servlet spec 2.3/2.4 conform: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=4374 So actually declarative security is a bit like obscurity in my eyes! If I can simply place a jsp file outside any security constraint and put jsp:include page=/protected/secret_content.html/ inside, I can bypass any container managed security for this webcontext and this is even fine according the servlet spec 2.4 (SRV.12.2)! For static html files you couldn't even use programmatic security, if you decided to secure everything manually :-( Does anyone have a idea how to seal a directory with Tomcat in the way of Apache's .htaccess files where secure means secure and not secure, until you grab the content with forward and include? At least you can't jump out of your webapp with include/forward, thus not possible to bypass all security settings of other people's webapps if you use e.g. a shared Tomcat server. ( had to try this before I could sleep again ;-) ...what if cross-context=true?) Thanks for any ideas! Michael -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security constraint problem with v4.1.18
I cannot tell if there's a difference between 4.1.12 and 4.1.18 as I'm still using 4.1.15. I would first change the url pattern to url-pattern/protected/*/url-pattern Second add security-rolerole-namemyrole/role-name/security-role Tags under the document root for all roles you use. As far as I know your auth-constaintrole-names reference to these security-roles. I never tried what happens if you don't specify these, too. Mech P.S. Merry Christmas! -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 25. Dezember 2002 00:01 To: [EMAIL PROTECTED] Subject: Security constraint problem with v4.1.18 I upgraded from 4.1.12 to 4.1.18, but I got some problems with security constraints. I have applied a security constraint on a particular url pattern. Only certain users with a special rolename can access that link. It used to work but now the page does not load with v4.1.18. Is SSL implemented differently after v4.1.12 that prevents my application fromworking? Is there any documentation on tomcat v4.1.18 SSL security stuff? Here is my security constraint in web.xml: security-constraint web-resource-collection web-resource-nameSSLResource/web-resource-name url-pattern/protected/url-pattern /web-resource-collection auth-constraint role-namemyrole/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Workaround for login page direct reference
Some more ideas... In my application I never have a direct link to the login.jsp. Try to link either to any file that will be accessed after login (e.g. content.jsp) or link only to the secure directory that you mapped and let the welcome-file redirect link to index.jsp or whatever. Doesn't solve the back button issue (check tomcat bug list), doesn't prohibit users to bookmark the login.jsp, but improves usability at least a bit by avoiding some opportunities to get errors. For your intermediate page thing I would suggest looking into using filters. Unfortunately nothing can prohibit the anyone from using the browser back button and try to relog again because in that back button case the login.jsp isn't even loaded again; so you can't even check for that error by any means. Michael -Original Message- From: Ben Jessel [mailto:[EMAIL PROTECTED]] Sent: Dienstag, 17. Dezember 2002 13:43 To: Tomcat Users List Subject: Re: Workaround for login page direct reference Thanks Mike, I guess, another workaround is that you could just invalidate their session if they go to the login page Now, I still don't see how all this is going help that direct reference to login pageas it seems that I get this error if I go to login.jsp and then enter in my details. - Say the user goes to /login.jsp directly - If we've protecteed that page Tomcat goes, no - that's a protected resource, and forwards to /login.jsp Otherwise, tomcat just goes to the login page. - You enter the user details, and then tomcat tries to forward to the page you came from ( i.e login.jsp ), but detects this is invalid ( presumably by comparing against login-page in the web.xml, and displays an error - direct reference to login page What I'd really, really, like, is some way of having an intermediate page where I can check the requestURI to find out what page tomcat is going to redirect me *after* login, so tomcat would give me login.jsp?page_to_forward_to=blah.jsp... but alas, I don't think I can... - Original Message - From: Mike W-M [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, December 17, 2002 11:28 AM Subject: Re: Workaround for login page direct reference I'm going to have to sort this myself in the near future, but I don't quite see how the fact that you can forward to the protected resource is going to help? Isn't Tomcat going to automatically redirect (not forward - the distinction is important since redirecting will result in the login page's URL showing up in the browser's address bar) to the login page you've configured? Actually... since redirecting causes the browser to initiate a new request (for your WEB-INF/login page in this case), won't you get a 404-type error? Someone posted in a similar thread the other day that they intended to check a couple of things in the login page: 1. request.getRequestedSessionId() is *NULL* and 2. There is *NO* cookie named JSESSIONID I think the theory was that these would both be true on the first occasion the login page was accessed, but that if the user was already authenticated then the conditions wouldn't hold so the page should redirect to the index page. It's not nice to be relying on a cookie name (what if they change it between versions, or if cookies are turned off (though I'm not sure the authentication works then anyway!)?) but I'm inclined to move in that direction when it's my turn Mike. - Original Message - From: Ben Jessel [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; Brett M. Bergquist [EMAIL PROTECTED] Sent: Tuesday, December 17, 2002 10:55 AM Subject: Re: Workaround for login page direct reference I'll give that a go. Thanks Ben - Original Message - From: Brett M. Bergquist [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; Ben Jessel [EMAIL PROTECTED] Sent: Monday, December 16, 2002 8:54 PM Subject: Re: Workaround for login page direct reference Ben, I'm not sure but I believe that I've seen mention that you can forward to a page that is not accessible to the outside. That is, put the Login.jsp page within WEB-INF of your web app and it will not be available to the outside world but you can forward to it from inside the web app. I don't know if this will work because I have not tried it but it might. Brett .. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: SSL Exceptions
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 Upgrade to 4.1.14+ -Original Message- From: Aleksandr Shneyderman [mailto:[EMAIL PROTECTED]] Sent: Freitag, 6. Dezember 2002 19:20 To: [EMAIL PROTECTED] Subject: SSL Exceptions I have configured the tomcat (4.1.12) as a standalone server with SSL connector. whenever the client request comes in I get the following exception in my log javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at ... [WARN] Http11Processor - -Exception getting SSL attributes javax.net.ssl.SSLPeerUnverifiedExc eption: peer not authenticated Even though requests are getting served but I am just curious why this messages gets logged and how I would go about suppressing/fixing it. Thanks, Alex. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: tomcat + eclipse
You should try to look here: http://eclipse-plugins.2y.net/eclipse/index.jsp Actually I'm using the Lomboz-Plugin. It can even be used for EJB-Container integration, too. But, of course, if Lomboz let's you use Tomcat/JBoss you can also only use it to utilize only Tomcat as webcontainer like I did. With the help of a wizard you can create J2EE projects, deploy a Tomcat webapp (or even a ear), start/stop the server, create web.xml etc. The plugin is not yet 100% (version 0.95) perfect, but as closer to it then anything else I found so far. Try it, installation might be tricky and you'll get more then you need for Tomcat. mech -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 4. Dezember 2002 11:27 To: [EMAIL PROTECTED] Subject: tomcat + eclipse Hi I'm using Eclipse as my IDE is there a way to integrate Tomcat with Eclipse? thanx -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Found no binaries for Tomcat connectors
Why do you need the WARP-connector? It's decapriated, try mod_jk or mod_jk2. There you'll find binaries, too. -Original Message- From: Raimund Kammering [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 4. Dezember 2002 14:25 To: [EMAIL PROTECTED] Subject: Found no binaries for Tomcat connectors Hello everybody, I am new to this list and hope my question isn't totally off topic. I am currently evaluating the Tomcat 4.1.12 release in connection with a Apache 2.0.43 web server on a Sun Blade 1000. Setting up Apache 2.0.43 has been no problem and also the Tomcat 4.1.12 seems to be quite fine - but I need a connector to connect Apache and Tomcat. All documentation suggests that one should download a binary of the warp connector from: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/web app/release/v1.2.0/bin/solaris8 (since I am running a Solaris version 8) but this directory is empty - the same is true for all other connector directories. I also tried to build the connector from source but this causes some problems due to a mismatch in the autoconf or m4 version installed on the system. So if anyone got an idea how to proceed - or knows a place where I can download a binary version of a Tomcat warp connect for Apache 2.x, I would be very thankful. Greetings, Raimund -- DESY -MVP- Notkestrasse 85 D-22603 Hamburg Tel.: +49 40 8998 -4903 e-mail: [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: SSLPeerUnverifiedException?
Check: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 Upgrade to 4.1.14+ -Original Message- From: Randy Secrist [mailto:[EMAIL PROTECTED]] Sent: Sonntag, 1. Dezember 2002 08:06 To: Tomcat Users List Subject: SSLPeerUnverifiedException? I am getting a whole lot of these warnings in my stderr.log each time a client connects via SSL. I have been using SSL since tomcat 3.x - and have never had any problems. Since I recently switched to 4.1.12 - I am assuming this is a coyote related Http11Processor bug? I have noticed that it does even after following the SSL config howto. If the following is a meaningless error, it would be nice to shut it off so stderr.log doesn't grow so huge. WARNING: Exception getting SSL attributes javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificate Chain(DashoA6275) at org.apache.tomcat.util.net.JSSESupport.getPeerCertificateChain (JSSESupport.java:118) at org.apache.coyote.http11.Http11Processor.action(Http11Processo r.java:543) at org.apache.coyote.Response.action(Response.java:216) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(Coyot eAdapter.java:314) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter. java:221) at org.apache.coyote.http11.Http11Processor.process(Http11Process or.java:405) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandle r.processConnection(Http11Protocol.java:380) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoi nt.java:508) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:533) at java.lang.Thread.run(Thread.java:536) Randy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: SSL problem
Could it be a firewall problem in the network? Port 8443 is not too common. Some admins might block it. Try to change port to 443 to find out if it's a protocol or a port problem. -Original Message- From: Gabriel Enriquez Perez [mailto:[EMAIL PROTECTED]] Sent: Freitag, 29. November 2002 17:53 To: '[EMAIL PROTECTED]' Subject: SSL problem I have created my certificate using keytool... After it, i uncommented the lines in the server.xml and all that stuff. When i tried using 127.0.0.1 (https://127.0.0.1:8443/) it functions okay... The problem is that... as soon as i am in a network, if i use the ip address of my computer... if i try to use it... it doesn't appear anything. There's anything on the browser... actually it appears the lock (in IE 5.5 in the bottom-rigth corner)... but immediately. just as a blink! afterwards, anything happends. If i use the ip address and as a non-SSL (http://127.0.0.1:8080/),, it functions properly. Could anyone help me??? i have no idea what this is happening. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to add a servlet to a new Webapp
This problem is new with 4.1.12. For security reasons the invoker servlet had been disabled in the global /conf/web.xml file. This invoker servlet usually loads user servlets that are not mapped correctly as far as i understand. This is done by using a default mapping /servlet/*. In productive systems this should not be done, instead correct mapping is required. In the /examples webapp the invoker servlet had been enabled again with the local web.xml. That's why it's working in examples and not in study. Because in your study web.xml you won't have it enabled manually and thus the default from /conf/web.xml ist used where this feature is disabled. Thus the mapping /servlet/... to servlets is just Tomcat specifically done via the invoker servlet which is now (4.1.12+) disabled by default. But actually you should not need /servlet/ at all, if your mapping is correct. Try http://localhost:8080/study/com.wrox.projsp.ch03.Testservlet or make a shorter mapping to /study/Testservlet in your web.xml mech -Original Message- From: Curley, Thomas [mailto:[EMAIL PROTECTED]] Sent: Donnerstag, 28. November 2002 14:06 To: Tomcat Users List Subject: RE: How to add a servlet to a new Webapp Well I also tried http://localhost:8080/study/servlet/com.wrox.projsp.ch03.TestServlet but the same whereas http://localhost:8080/examples/servlet/com.wrox.projsp.ch03.Te stServlet works ?? Thomas -Original Message- From: Collins, Jim [mailto:[EMAIL PROTECTED]] Sent: 28 November 2002 13:04 To: 'Tomcat Users List' Subject: RE: How to add a servlet to a new Webapp I believe that servlet has been disabled by default in 4.1.12 for security reasons. That is probably why you can't use: http://localhost:8080/study/servlet/TestServlet Jim -Original Message- From: Curley, Thomas [mailto:[EMAIL PROTECTED]] Sent: 28 November 2002 12:58 To: [EMAIL PROTECTED] Subject: How to add a servlet to a new Webapp Hi All, Using Tomcat 4.1.12 on Win 2K I am getting a 404 error when I try to create a new webapp and add a very basic servlet. The servlet works if I create the package structure within the examples WEB-INF/classes. Here are the steps: 1. created webapps/study 2. created .../study/WEB-INF/classes/com/wrox/projsp/ch03/TestServlet.jav a and compiled [ok] 3. added the following line to server.xml after the examples /Context Context path=/study docBase=study debug=0 /Context 4. just copied the examples web.xml to study/WEB-INF and added the following lines servlet servlet-name TestServlet /servlet-name servlet-class com.wrox.projsp.ch03.TestServlet /servlet-class /servlet servlet-mapping servlet-nameTestServlet/servlet-name url-pattern/TestServlet/url-pattern /servlet-mapping 5. restart tomcat RESULT - The requested resource (/study/servlet/TestServlet) is not available. Can anyone see what I am missing ? thanks Thomas -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] PLEASE READ: The information contained in this email is confidential and intended for the named recipient(s) only. If you are not an intended recipient of this email you must not copy, distribute or take any further action in reliance on it and you should delete it and notify the sender immediately. Email is not a secure method of communication and Nomura International plc cannot accept responsibility for the accuracy or completeness of this message or any attachment(s). Please examine this email for virus infection, for which Nomura International plc accepts no responsibility. If verification of this email is sought then please request a hard copy. Unless otherwise stated any views or opinions presented are solely those of the author and do not represent those of Nomura International plc. This email is intended for informational purposes only and is not a solicitation or offer to buy or sell securities or related financial instruments. Nomura International plc is regulated by the Financial Services Authority and is a member of the London Stock Exchange. -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Over-aged Newbie needs some help
Have a look for this book (bought it from Amazon, 65 or $60): Professional JSP, 2nd Edition (Simon Brown others), Wrox Press, August 2002 ISBN 1-861004-95-8 Of course it's a little bit huge with 1200 pages, but definitely the last book you'll buy about JSP and servlets... Until next JSP and servlet specs, I guess ;-) mech -Original Message- From: Steve R Burrus [mailto:[EMAIL PROTECTED]] Sent: Sonntag, 24. November 2002 01:05 To: [EMAIL PROTECTED] Subject: Over-aged Newbie needs some help Hi, I need some degree of help/assistance from someone re. just how exactly you go about starting to build or create JSP's or Servlets in the Tomcat container!!! Do you first establish a context or something??! And, then if that's the case, where do you go from there anyway? Incidentally, I am still basking in the afterglow of just being able to install Tomcat!!! __ Do you Yahoo!? Yahoo! Mail Plus Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: SSL, redirectPort, and transport-guarantee, oh my!
Welcome to the land of Internet Explorer. I bet you use Internet Explorer, don't you? Try Mozilla/Opera and you will see that I works fine. Some people didn't trust me yet that this problem you describe is a bug... Follow these links to find out more: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg74000.html http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg74194.html http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73632.html Your after-timeout url with https:/host:8080 confirms me in my opinion that IE only changes the protocol from http to https instead of changing the port numbers, too. Don't know if it has something to do with the sessionids, too. That's the reason why the workaround works. If you change Tomcat to protocol standard ports 80/443 you will see that your problem disappears because the port numbers won't matter when changing the url for the ssl redirection. You may consider adding your experiences to the bug database. Maybe something could be done from Tomcat side, too: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 (Especially the issue after timing out is new and confirms the IE problem, but it might have something to do with the session, too...) mech -Original Message- From: Shatzer, Larry [mailto:[EMAIL PROTECTED]] Sent: Freitag, 22. November 2002 02:51 To: '[EMAIL PROTECTED]' Subject: SSL, redirectPort, and transport-guarantee, oh my! I'm trying to set up redirection to SSL. Below are the appropriate sections of web.xml and server.xml When I go to https://localhost:8443/app, I get directed to my login page, with the addition of a jsessionid to the url. If I go to http://localhost:8080/app, it warns me I am going to a secure page (I have this turned on to know when I am going in and out of ssl). I then get the security alert about the SSL certificate, I click YES to proceed, it sits there for a while. In my status bar, I see it's trying to connect to 127.0.0.1, which is no big deal, since it's localhost. When it eventually times out, my url is now https://localhost:8080/app/security/login/jsp/login.jsp;jesssi onid=sessionid here Now, if I change it back to http in the url, and leave the rest, (mainly the jsessionid), it will redirect fine. I am running Tomcat 4.0.6. Also, ran across this in the archives: http://archives.apache.org/eyebrowse/ReadMsg?listName=tomcat-u [EMAIL PROTECTED] ache.orgmsgId=285554 which had no answer that I could find. His situation seems close to mine, expect the fact, if I remove auth-constraint, it breaks the application. Any thoughts or help on this would be appreciated. web.xml section: security-constraint web-resource-collection web-resource-nameAll Struts Actions/web-resource-name url-pattern*.do/url-pattern url-pattern*.jsp/url-pattern /web-resource-collection auth-constraint descriptionMust at least have access to the USER role to gain access/description role-nameUser/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint !-- Use a custom form for web container authentication -- login-config auth-methodFORM/auth-method form-login-config form-login-page/security/logon/jsp/logon.jsp/form-login-page form-error-page/security/logon/jsp/logonFailed.jsp/form-error-page /form-login-config /login-config server.xml section: Connector className = org.apache.catalina.connector.http.HttpConnector port = 8080 scheme= http secure= false minProcessors = 5 maxProcessors = 75 enableLookups = true acceptCount = 10 debug = 0 connectionTimeout = 6 redirectPort = 8443 / Connector className = org.apache.catalina.connector.http.HttpConnector port = 8443 scheme= https secure= true minProcessors = 5 maxProcessors = 75 enableLookups = true acceptCount = 10 debug = 0 connectionTimeout = 6 Factory className= org.apache.catalina.net.SSLServerSocketFactory clientAuth = false protocol = TLS keystoreFile = keystore.jks keystorePass = password / /Connector -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: HTTP and SSL Connector port problems
Another good reason to change to 80/443 is the following issue: http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73342.html http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13861 If you use a security-constraint confidential to force ssl you might have a problem with IE when using 8080/8443. Actually confidential should force the browser to reload a resource if you accessed it with http instead https. For Mozilla/Opera this works fine for me, with Internet Explorer the reload stalls and the browser stops loading. According to other posting you can fix it when using 80/443. I guess this is due to a url rewriting problem with IE. Maybe IE just changes the protocol from http to https instead of taking the port numbers into account aswell which can't work with non-standard ports...? The problem with IE only occurs when using non-standard ports such as 8080/8443 for http/https. If you use 80/443 you can avoid this IE bug in connection with the confidential settings. Then you don't need to hardcode absolute links. Don't know if you need that, but keep it in mind, if you use security constraints. The same problem occurs when using Apache in front of Tomcat. Tested both. IE will behave the same, so run Apache or Tomcat on 80/443 and don't forget to the the redirect ports in either the http1/1 connector and/or the Ajp-Connector. Mech P.S. Don't use Tomat 4.1.12 with SSL, upgrade to 4.1.14. Minor? ssl warning bug: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 -Original Message- From: Peter Lee [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 20. November 2002 12:04 To: Tomcat Users List Subject: HTTP and SSL Connector port problems Is there any particular good reason to change HTTP port from 8080 to 80 and the SSL connector port from 8443 to 443? They causing problems for me. Some people are suggesting that we should change the ports. I changed the HTTP Connector port from 8080 to 80 Then I uncommented the SSL Connector section and changed the SSL port from 8443 to 443 These are supposed to be well-known ports. But how come after I made the changes, Tomcat just refused to start? I am on the Win2000 platform. !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false / !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className= org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Who can help ???
Think that won't work because Apache sends the request to Tomcat without checking any access file from Apache side. Checkout the examples webapp from Tomcat and have a look at the /jsp/security/ directory. Have a look into the examples webapp's web.xml file for the realm setup (also see tomcat documentation for realm howto). You can set users, roles and passwords within tomcat-user.xml in /conf/ directory. Hope that gives you some hint where to look for. mech -Original Message- From: Manavendra Gupta [mailto:[EMAIL PROTECTED]] Sent: Montag, 18. November 2002 16:34 To: Tomcat Users List Subject: Re: Who can help ??? Did you try using the '.htaccess' from apache? Manav. - Original Message - From: Jean-Luc BEAUDET [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; tomcat-user [EMAIL PROTECTED] Sent: Monday, November 18, 2002 8:52 PM Subject: Who can help ??? Hi all, Runnin' Tomcat 4.0.2 and Apache 1.3.26 on SOLARIS 8 in Production. I'd like to get /webapp-info/ secured by login/password - even BASIC - when asked by http://my.sever.com/webapp-info/ Any help welcome. Jean-Luc B :O) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Problem using Https connection on tomcat 4 jdk 1.4
I'm not sure if it has something to do with servlets or with the JDK version. Did not try it. In case you encounter a problem as mentioned here: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14164 (anyway) I would suggest upgrading to Tomcat 4.1.14. Because actually Tomcat 4.1.12 has a SSL bug. Maybe it's related to your problem, maybe not. mech -Original Message- From: Ritu Kumar [mailto:[EMAIL PROTECTED]] Sent: Montag, 18. November 2002 19:25 To: '[EMAIL PROTECTED]' Subject: Problem using Https connection on tomcat 4 jdk 1.4 Hi, I am using tomcat 4.1.12 jdk 1.4. I am having problem using HTTPS as a protocol to connect to another servlet. ( No problem if I use HTTP protocol) I do not get any errors, but the code seems to hang. If I use tomcat 4.1.12 jdk 1.3 , the same code works fine. Any idea why this could be happining ? Ritu Kumar 703-464-5379 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Strange behaviour of webapps/examples/jsp/security with SSL transport guarantee and best practice for SSL logins?!
I was trying to use the webapps/exmaples/jsp/security/protected example with SSL but experienced strange effects with different browsers. I did the following with Tomcat 4.1.12LE (Jboss bundle, but shouldn't matter as tomcat was started standalone): I successfully enabled SSL by uncommenting and modifying server.xml like this: Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=C:/jboss/tomcat-4.1.x/bin/jboss.keystore keystorePass=* / /Connector I changed the web.xml of the examples application by adding into security-constraint: user-data-constraint transport-guaranteeCONFIDENTAL/transport-guarantee /user-data-constraint When opening the url: http://localhost:8080/examples/jsp/security/protected I expected an automatic redirect to https://localhost:8443/examples/jsp/security/protected/login.jsp to obey the transport guarantee as specified above. When I try with Mozilla it works like expected. When using IE, I get a popup (because I just use a SSL test certificate) - so far so good, but the redirect fails and IE stalls while loading. If I manually use https://localhost:8443 everything is fine. Obviously only the redirection does not work with IE. Any idea what could be wrong? Did I setup anything wrong or can anyone confirm this problem? Anyhow, also with both Mozilla and Opera I get http errors sometimes: https://localhost:8443/examples/jsp/security/protected/j_security_check pops up a status 400 message: Invalid direct reference to form login page and The requested resource (/examples/jsp/security/protected/j_security_check) is not available. or a status 404 message: /examples/jsp/security/protected/j_security_check and The requested resource (/examples/jsp/security/protected/j_security_check) is not available. These problems occur when hitting the back button (instead in my browser after having successfully logged on user tomcat. So I logon using login.jsp with a valid user view the index.jsp and hit back. When I try to submit again I get those errors. What can be done to avoid these problems? I would like to be able to hit back and either get to the error.jsp or index.jsp when i try to logon repeatedly instead of that j_security_check resource. One more question: Tomcat can handle the automatic redirection with these security constrains, but actually I only need SSL for login purposes. So after automatic SSL login, I'm stuck to https on port 8443 if I don't manually load a http-URL later. But this would require to specify http://host:port somewhere instead of using relative links what I prefer not to make the webapp need to know the server names etc. What is a good practice for SSL-login in general? Also in case I want to use Struts for let's say a E-Commerce like site where you just have to log on or need SSL-security for one single login page. Later I'd like to use http again and would prefer not to hard code host:port into any page. Is it a good idea to let Tomcat do this login stuff with all above issues or should one better code oneself? Thanks! mech -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Problem with transport-guaranteeCONFIDENTIAL/transport-guarantee
I'm using Tomcat 4.1.12LE (Jboss bundle, but Tomcat run standalone). In my server.xml I enabled SSL. In my web.xml I set the following: security-constraint display-nameTest/display-name web-resource-collection web-resource-nameProtected/web-resource-name url-pattern/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee !-- Same true for SSL using INTEGRAL transport-guaranteeINTEGRAL/transport-guarantee -- /user-data-constraint /security-constraint So actually every access to the webapp should automatically switch to SSL connection. For Mozilla and Opera this works fine, but Internet Explorer just pops up the SSL certificate warning (because of test cert) and stalls while sending the request. I wonder if that's a bug because I can manually request the pages by using https://localhost:8443/examples/ without any problem with IE. Can anybody give me a hint on this? I have set redirectPort for http connections in server.xml... Another problem I have also related to the transport guarantee. I always get an error log that the peer authentification was not successful. It seems to be a similar problem like mentioned here: http://www.mail-archive.com/tomcat-dev;jakarta.apache.org/msg36284.html Obviously Tomcat tries to authentificate the web client, although the SSL connection in my server.xml is set to clientAuth=false http://www.mail-archive.com/tomcat-dev;jakarta.apache.org/msg36391.html Is there any way to get ...??? a) also IE working to reload confidential or integral pages automatically with SSL, too instead of stopping to load anything? b) how to avoid the exception while getting SSL attributes and peer not authenticated debug messages? (Actually there is no need at all to check the client for simple login purposes. Somehow transport-guarantee overrides the SSL connections clientAuth=false.) Thanks mech -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Apache 1.3 + mod_ssl + mod_jk or mod_jk2 with EAPI under Windows
Hello, I'm trying hard to set up an Apache 1.3.27 with SSL that can use mod_jk to connect to a servlet container via AJP13. I managed to set up everything with mod_jk v.1.2.0 already, but because mod_ssl requires EAPI and all downloadable mod_jk DLLs for Windows have not been compiled for an ssl-enabled Apache, I always get a warning message when starting the server that the mod_jk module might crash and I should recompile with -DEAPI. I wonder if anyone can tell me how or where I could obtain an EAPI-compiled mod_jk without compiling myself that works with SSL, too. I already tried to use mod_jk2 v.2.0.1 because I found an EAPI-compiled DLL for Windows. Unfortunately, I couldn't load this module successfully, although I'm almost sure that the configuration is correct, because the non-EAPI v.2.0.1 works fine for me, except the annoying EAPI warning again. Does anyone use the EAPI mod_jk2 v.2.0.1 DLL for Windows successfully and could give me a hint on this? Actually I don't care, whether I have to use mod_jk or mod_jk2 as long as it is an EAPI-DLL because of mod_ssl. From previous postings I see that I'm not the only one who would like to use a Win/Apache/SSL/mod_jk? configuration, but there seems to be no solution yet (except compiling manually with VC++)... I hope anybody did the trick already and could help me out. Thx. k already and could help me out. Thx. -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org