Re: How to disable default servlet?
Narayanaswamy, Mohan wrote: We use shared Apache+Tomcat, We need apache to serve static and tomcat for dynamic, By no way tomcat should provide static resources. Sounds like security-by-obscurity. Either configure apache properly and tomcat will not get any requests for static resources - or remove static resources from tomcat and put them only in apache's context. -- Mikolaj Rydzewski [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: Web Statistics in Tomcat 5.5
Chetan Pandey wrote: I just want to know if there is any Free and Open Source Software for Tomcat 5.5 which will generate all the Web Statistics related to User Interaction with our Web-site. Preferably without requiring installation of Apache httpd. Enable apache-style access logging and then use any log analyzer, i.e. webalizer. http://tomcat.apache.org/tomcat-5.5-doc/config/valve.html http://www.mrunix.net/webalizer/ -- Mikolaj Rydzewski [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: something wrong creating datasource after war deployement
thnaks for all, it's clear for me now. Caldarale, Charles R a écrit : From: Arnaud MERGEY [mailto:[EMAIL PROTECTED] Subject: Re: something wrong creating datasource after war deployement I updated the META-INF/context.xml in the unpacked directory, You need to update the one in conf/Catalina/[host], since that overrides the ones in the .war and the unpacked directory. this is strange because when I update the META-INF/context.xml, I can see newly datasources in the tomcat admin webapps (but with blank driver class and url info). It wouldn't surprise me if Tomcat is doing some merging of the two Context elements, rather than enforcing a complete override. If I update META-INF/context.xml in application without war file in webapps, everything works and I can see newly datasources in the tomcat admin webapps with driver class and url. Tomcat automatically creates the conf/Catalina/[host]/[appname].xml file from META-INF/context.xml only when deploying apps packaged in .war files, regardless of the setting of unpackWARs; it does not create one in the conf directory for apps that are deployed in an unpacked form, although you may place your own in conf/Catalina/[host] to override the one in META-INF. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedding an integration engine in Tomcat
Hello, I'm looking to deploy a very lightweight integration engine into Tomcat. What I need it to do is -Receive messages over http, ftp, web service, jms Or -Retrieve messages from an Oracle database -Transform messages to a proprietary XML format -Send transformed messages out over http Servicemix seems to be a good choice for this as it is deployable to Tomcat. Not sure if it does Oracle integration though. Any views ? Many thanks Andy Mcneill - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Securing Tomcat Article for Review
I've been working on an article about securing tomcat for the Open Web Application Security Project (OWASP). The article details some quick and easy ways to improve the 'out of the box' security of tomcat from the perspective of a sysadmin. It's written with tomcat 5.5 in mind, but almost everything will apply to 6.0 when it is released. A lot of it will also apply to older versions of tomcat, but no specific testing has been done to establish this. Have a read of the article at https://www.owasp.org/index.php/ Securing_tomcat and reply to the list with any comments - good or bad!. Thanks, Darren - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
Who's the target audience? Things like: Change files in CATALINA_HOME/conf to be readonly (400) ... Rename CATALINA_HOME/conf/server.xml to CATALINA_HOME/conf/server-original.xml and rename CATALINA_HOME/conf/server-minimal.xml to CATALINA_HOME/conf/server.xml. The minimal configuration provides the same basic configuration, but without the nested comments is much easier to maintain and understand. Do not delete the original file as the comments make it useful for reference if you ever need to make changes - e.g. enable SSL. won't work for dummies (due to missing rights) if they'll follow the guide step by step. Make sure tomcat user has read/write access to /tmp and write (300 - yes, only write/execute) access to CATALINA_HOME/logs What is the sense of it? I mean if the tomcat user owns this directory why remove read access to it? If you are on a Windows machine you will be able to change the port attribute of the connector within the Catalina service from 8080 to 80. This allows you to use tomcat directly to serve all requests. Depending on your requirements it may not be good enough to serve directly from Tomcat so you may like to consider; * Use IIS / Apache running on port 80 and mod_jk to proxy requests to Tomcat Using IIS in front, are you kidding ?:-)) It's like open your arms and welcome every single intruder on the net :-) Also by using apache in front of tomcat you rather loose security than gain it. At least this is my personal opinion :-) Overall a nice article which I think provides a good quick-start. regards Leon On 1/9/07, Darren [EMAIL PROTECTED] wrote: I've been working on an article about securing tomcat for the Open Web Application Security Project (OWASP). The article details some quick and easy ways to improve the 'out of the box' security of tomcat from the perspective of a sysadmin. It's written with tomcat 5.5 in mind, but almost everything will apply to 6.0 when it is released. A lot of it will also apply to older versions of tomcat, but no specific testing has been done to establish this. Have a read of the article at https://www.owasp.org/index.php/ Securing_tomcat and reply to the list with any comments - good or bad!. Thanks, Darren - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedding an integration engine in Tomcat
Hello, I'm looking to deploy a very lightweight integration engine into Tomcat. What I need it to do is -Receive messages over http, ftp, web service, jms Or -Retrieve messages from an Oracle database -Transform messages to a proprietary XML format -Send transformed messages out over http Servicemix seems to be a good choice for this as it is deployable to Tomcat. Not sure if it does Oracle integration though. Any views ? Many thanks Andy Mcneill - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat 5.5, java 6 and jconsole not working as service
I am running Tomcat 5.5 as a service using Java 6. I try to connect jconsole locally but it can't seem to find tomcat. Anyone know how I can do this? thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can APR use verisign certs ?
Hi all, I'm using apr 1.1.3 with tomcat 5.5.18 and openssl . During my research I noticed that self-signed certs seem to work , but I'm in doubt if pay type $$$ certs from verisign will work. We've submitted our csr to verisign , and if I understand correctly we need to use the crt from versign with apr / tomcat / ssl . Can anyone shed some light on this ? Thanks, Robert - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Cannot create object of class
hi, have a problem with creating a class in the doPost method of a servlet: MyClass mc= new MyClass(); if i do so i get the following error message: HTTP Status 500 - *type* Exception report *message* *description* _The server encountered an internal error () that prevented it from fulfilling this request._ *exception* javax.servlet.ServletException: Servlet execution threw an exception *root cause* java.lang.NoClassDefFoundError: org/apache/catalina/manager/MyClass$1 org.apache.catalina.manager.AgroManagerServlet.doPost(AgroManagerServlet.java:112) javax.servlet.http.HttpServlet.service(HttpServlet.java:709) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) *note* _The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs._ Apache Tomcat/5.5.20 i belive it has something to to with the timer i use in the class: public class MyClass implements Runnable{ public void run(){ final Timer timer = new Timer(); timer.schedule(new TimerTask(){ public void run(){ timer.cancel(); } }, 60*1000); } public void startUpdate(){ try{ System.out.println(do something); Process p = Runtime.getRuntime().exec(TomcatPath.getAbsInstPath()+update/check_for_updates.exe); }catch(Exception e){ } } } dont know what do to since i need the timer task and i need it in a separate thread... --stephan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cannot create object of class
Hi, it seems that catalina was trying to find your MyClass in her manager's classpath java.lang.NoClassDefFoundError: org/apache/catalina/manager/MyClass$1. Make sure your class path is correct. A faster way to test if to write a simple jsp and run your thread inside % ... %. You can need configure your system to give tomcat permission to run process or executable files... On 1/9/07, Stephan Schöffel [EMAIL PROTECTED] wrote: hi, have a problem with creating a class in the doPost method of a servlet: MyClass mc= new MyClass(); if i do so i get the following error message: HTTP Status 500 - *type* Exception report *message* *description* _The server encountered an internal error () that prevented it from fulfilling this request._ *exception* javax.servlet.ServletException: Servlet execution threw an exception *root cause* java.lang.NoClassDefFoundError: org/apache/catalina/manager/MyClass$1 org.apache.catalina.manager.AgroManagerServlet.doPost( AgroManagerServlet.java:112) javax.servlet.http.HttpServlet.service(HttpServlet.java:709) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) *note* _The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs._ Apache Tomcat/5.5.20 i belive it has something to to with the timer i use in the class: public class MyClass implements Runnable{ public void run(){ final Timer timer = new Timer(); timer.schedule(new TimerTask(){ public void run(){ timer.cancel(); } }, 60*1000); } public void startUpdate(){ try{ System.out.println(do something); Process p = Runtime.getRuntime().exec(TomcatPath.getAbsInstPath ()+update/check_for_updates.exe); }catch(Exception e){ } } } dont know what do to since i need the timer task and i need it in a separate thread... --stephan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- When we invent time, we invent death.
Re: Cannot create object of class
MyClass is in the manage lib. if i delete this timer-stuff it works fine... but i need the timer Li wrote: Hi, it seems that catalina was trying to find your MyClass in her manager's classpath java.lang.NoClassDefFoundError: org/apache/catalina/manager/MyClass$1. Make sure your class path is correct. A faster way to test if to write a simple jsp and run your thread inside % ... %. You can need configure your system to give tomcat permission to run process or executable files... On 1/9/07, Stephan Schöffel [EMAIL PROTECTED] wrote: hi, have a problem with creating a class in the doPost method of a servlet: MyClass mc= new MyClass(); if i do so i get the following error message: HTTP Status 500 - *type* Exception report *message* *description* _The server encountered an internal error () that prevented it from fulfilling this request._ *exception* javax.servlet.ServletException: Servlet execution threw an exception *root cause* java.lang.NoClassDefFoundError: org/apache/catalina/manager/MyClass$1 org.apache.catalina.manager.AgroManagerServlet.doPost( AgroManagerServlet.java:112) javax.servlet.http.HttpServlet.service(HttpServlet.java:709) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) *note* _The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs._ Apache Tomcat/5.5.20 i belive it has something to to with the timer i use in the class: public class MyClass implements Runnable{ public void run(){ final Timer timer = new Timer(); timer.schedule(new TimerTask(){ public void run(){ timer.cancel(); } }, 60*1000); } public void startUpdate(){ try{ System.out.println(do something); Process p = Runtime.getRuntime().exec(TomcatPath.getAbsInstPath ()+update/check_for_updates.exe); }catch(Exception e){ } } } dont know what do to since i need the timer task and i need it in a separate thread... --stephan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cannot create object of class
try to call your time in a single jsp file. say test.jsp ... %@ page import=yourtimerpath % % ... I am calling my timer here % See if you can make it work ... On 1/9/07, Stephan Schöffel [EMAIL PROTECTED] wrote: MyClass is in the manage lib. if i delete this timer-stuff it works fine... but i need the timer Li wrote: Hi, it seems that catalina was trying to find your MyClass in her manager's classpath java.lang.NoClassDefFoundError: org/apache/catalina/manager/MyClass$1. Make sure your class path is correct. A faster way to test if to write a simple jsp and run your thread inside % ... %. You can need configure your system to give tomcat permission to run process or executable files... On 1/9/07, Stephan Schöffel [EMAIL PROTECTED] wrote: hi, have a problem with creating a class in the doPost method of a servlet: MyClass mc= new MyClass(); if i do so i get the following error message: HTTP Status 500 - *type* Exception report *message* *description* _The server encountered an internal error () that prevented it from fulfilling this request._ *exception* javax.servlet.ServletException: Servlet execution threw an exception *root cause* java.lang.NoClassDefFoundError: org/apache/catalina/manager/MyClass$1 org.apache.catalina.manager.AgroManagerServlet.doPost( AgroManagerServlet.java:112) javax.servlet.http.HttpServlet.service(HttpServlet.java:709) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) *note* _The full stack trace of the root cause is available in the Apache Tomcat/5.5.20 logs._ Apache Tomcat/5.5.20 i belive it has something to to with the timer i use in the class: public class MyClass implements Runnable{ public void run(){ final Timer timer = new Timer(); timer.schedule(new TimerTask(){ public void run(){ timer.cancel(); } }, 60*1000); } public void startUpdate(){ try{ System.out.println(do something); Process p = Runtime.getRuntime().exec(TomcatPath.getAbsInstPath ()+update/check_for_updates.exe); }catch(Exception e){ } } } dont know what do to since i need the timer task and i need it in a separate thread... --stephan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- When we invent time, we invent death.
Re: Can APR use verisign certs ?
robert lazarski wrote: Hi all, I'm using apr 1.1.3 with tomcat 5.5.18 and openssl . During my research I noticed that self-signed certs seem to work , but I'm in doubt if pay type $$$ certs from verisign will work. We've submitted our csr to verisign , and if I understand correctly we need to use the crt from versign with apr / tomcat / ssl . Can anyone shed some light on this ? The sole distinction between self-signed and verifed certificates is client dependent only. If the server certificate is not signed by the one the web browser trusts it will give you the message box with that notice. So if your self-signed works, the verisign-signed will work as well. Its completely irrelevant to OpenSSL. Regards, Mladen. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5.5 webserver unstable
This looks more like your application(s) is keeping the threads busy. So tomcat is running out of free threads/workers to handle the incoming requests. You are either having a generic problem in your application where your application is not closing the request hence keeping the thread occupied, or simply been under heavy load where actually more than 200 requests had to be handled in a very short time (this could especially happen if you serve complex long loading pages and have high number of concurrent requests in that period). You could - increase the maxthreads for the connector in server.xml - decrease connectionTimeout / maxKeepAliveRequests of the connector in case clients are causing the issue - Try to find the application logic that does not end the request (or keeps hanging in the background doing some external data queries) Cheers +rl On 1/9/07, mocherla14 [EMAIL PROTECTED] wrote: EFFECT: Tomcat server goes down now and then for no reason. The GUI can not be accesed. Problem has been facin even and then DESCRIPTION: This is the line in the Catalina log file: Dec 5, 2006 11:33:07 AM org.apache.tomcat.util.threads.ThreadPool logFull SEVERE: All threads (200) are currently busy, waiting. Increase maxThreads (200) or check the servlet status some soultions i had found but not sure The threadlock is likely in whatever webapp you're running, or less likely a thread issue between your JDK and OS (which I would guess is Linux). As a stopgap, you might try setting the thread timeout parameter (don't know the exact syntax offhand) to something fairly low so Tomcat will destroy any hanging threads after a certain period of time. plz kindly help with more deatiled answers. -- View this message in context: http://www.nabble.com/Tomcat5.5-webserver-unstable-tf2944124.html#a8232585 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Roland Lammel Enjoy your job, make lots of money, work within the law. Choose any two.
Re: web application - student need help Thank You's
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike, Michael Ni wrote: So during login, after a person enters his username and password, it will check to see if the username exists in the person table. If it does exist, it will verify the password and return his permission. That permission is stored in the session, and each jsp page it will check to see if his permission is correct. If a person's permission is wrong, it will redirect you to another page. Although this method works, I dont know if it is very professional. Does anyone have any ideas how to set up a professional style authentication system? Something a business would use where exposing customer information is a liability. There's no reason not to use a pre-built authentication and authorization system. For instance, the J2EE container-managed AA is relatively good, if not very extensible. I manage software development for a healthcare service where information security is a top priority. I recently switched from using container-managed AA to securityfilter (http://securityfilter.sourceforge.net), which is intended to be a drop-in replacement for container-managed AA. The syntax is the same for security-constraint, web-resource-collection, auth-constraint, etc. so you can pretty much just move your existing configuration from web.xml into another config file for use with securityfilter. Since the AA is now outside of the container, you can comfortably extend the classes or replace the authenticator to suit your needs. For instance, I wanted to be able to log failed logins to my database. With the container-managed authentication, that was not possible without extending one of Tomcat's authenticators or resorting to other nasty hacks. With securityfilter, I was able to write my own basic authenticator (i.e. SELECT FROM user WHERE username=? AND password_hash=?) and then log failures to the database using the same db connection. With container-managed AA and projects like securityfilter out there, there's no reason to write your own authentication or authorization code, unless you are really doing something exotic. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFo7tH9CaO5/Lv0PARAmzYAKCSC3YN6TipbVUhki3aOfN62kDYTgCgmfZG VLd3kXoPQjd0nQTAoQDajFQ= =mSO9 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Using the balancer app to redirect. Well, trying to
Hi Sorry if this is a bit of a dumb question, but I just wondered if anyone had any handy hints for the problem below: I'm trying to set up a tomcat 5.0.28 instance (on Debian) to achieve redirecting accesses to site1.company.com through to newsite1.org, using the balancer app. rather than apache webserver and the AJP connectors. The easiest solution would of course be just to set up a DNS level redirect on all port-80 accesses by putting in an A-name record to point at newsite1.org, but the problem is that newsite1.org doesn't have a direct IP, and you can't put the alphanumeric address in the DNS. THe canonical way of doing it appears to be to set up apache webserver as a front-end to tomcat and manage it using webapp connectors like AJP, but apart from being a total pain to organise (and memory-hungry in my setup as well), that introduces the webapp connectors, which have caused problems with the applications I am running in the past. Sooo.. what I have tried to do instead is be sneaky, and set up an instance of the tomcat balancer app on the server (by copying the balancer app instance in tomcat/webapps/ and slightly modifying the rules in the /config subdir) which redirect any access to anything at company.com through to newsite1.org The machine that hosts the tomcat instance is set up in the DNS as the host for site1.company.com (in fact for all of company.com) and has a HOST container in server.xml, viz: Host name=company.com debug=3 appBase=webapps unpackWARs=true autoDeploy=true Valve className=org.apache.catalina.valves.AccessLogValve prefix=company_access_log. suffix=.txt pattern=common/ Aliassite1.company.com/Alias /Host and in tomcat_root/webapps there is an instance of the balancer app in a subdirectory called company.com, with a config file set up to perform the necessary redirection for all accesses to anything at company.com This should work, as far as I can see. however... although accesses to company.com/foobar get successfully redirected to newsite1.org/foobar, this setup doesn't forward at all when the root domain is entered - ie browsing to company.com or site1.company.com (with no antecedents) just results in a blank page. I'm sure this used to work, and I've tried everything I can think of (including fiddling with the vhost definition in server.xml and the context fragment in webapps/company.com/company.com.xml) but I just can't make it respond to the root case. Basically, what I'm trying to achieve is to get the root of the vhost instance defined in server.xml to call up the webapp at webapps/company1.com. Which you wouldn't have thought was that hard - but apparently it is! The REALLY irritating thing is that I've solved this problem once already using pretty much the same setup, but can;t seem to get it to work again! Anyone have any clues or hints or ideas (apart from using apache webserver and the AJP setup)? I'd be very grateful if so! Cheers Jeremy - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat5.5 webserver unstable
From: mocherla14 [mailto:[EMAIL PROTECTED] Subject: Tomcat5.5 webserver unstable Dec 5, 2006 11:33:07 AM org.apache.tomcat.util.threads.ThreadPool logFull SEVERE: All threads (200) are currently busy, waiting. Take a thread dump of the situation and find out where the threads are executing or what they're waiting on. The exact mechanism for doing so depends on the platform you're running on (kill -3 on Linux). Here's one discussion of additional options: http://weblogs.java.net/blog/mandychung/archive/2005/11/thread_dump_and_ 1.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.5, java 6 and jconsole not working as service
I haven't been successful running Tomcat on Java 6. My guess is that Tomcat can't run yet on Java 6. Martin On 1/9/07, teknokrat [EMAIL PROTECTED] wrote: I am running Tomcat 5.5 as a service using Java 6. I try to connect jconsole locally but it can't seem to find tomcat. Anyone know how I can do this? thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, Leon Rosenberg wrote: Also by using apache in front of tomcat you rather loose[sic] security than gain it. At least this is my personal opinion :-) Would you care to defend that argument? Security in layers is typically an advantage. One could argue that more moving parts equals more complexity, and that complexity is an enemy of security (and I agree). However, there must be a balance. If good security requires layers, and each layer adds more complexity, then there is a paradox. I would argue that Apache httpd is quite mature and is trustworthy. Sure, you're not likely to run into a buffer overflow bug in Tomcat, but a bad configuration can open any server to attack. Is a bad Tomcat configuration alone any better than a bad Tomcat configuration sitting behind Apache httpd? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFo8C89CaO5/Lv0PARAnX2AJ0Vs2I9FE00UIjQ6jVCtgO6lvKE4ACgmZzJ nXtOo4PTAvDjtuwNwOHuNbk= =biDW -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.5, java 6 and jconsole not working as service
Tomcat 5.5.20 runs fine with Java 6, though I'm not sure if I tried it as a service. Martin Dubuc wrote: I haven't been successful running Tomcat on Java 6. My guess is that Tomcat can't run yet on Java 6. Martin On 1/9/07, teknokrat [EMAIL PROTECTED] wrote: I am running Tomcat 5.5 as a service using Java 6. I try to connect jconsole locally but it can't seem to find tomcat. Anyone know how I can do this? thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat 5.5, java 6 and jconsole not working as service
From: Martin Dubuc [mailto:[EMAIL PROTECTED] Subject: Re: tomcat 5.5, java 6 and jconsole not working as service I haven't been successful running Tomcat on Java 6. My guess is that Tomcat can't run yet on Java 6. 5.5.20 runs fine for me with JDK 6 on XP, both as a service and from the startup script. No issues at all when installed from the .zip file; haven't tried the .exe with JDK 6. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.5, java 6 and jconsole not working as service
I've had some interesting issues with Maven 2 and Java 6, but Tomcat 5.5.20 has run great on Java 6. --David Martin Dubuc wrote: I haven't been successful running Tomcat on Java 6. My guess is that Tomcat can't run yet on Java 6. Martin On 1/9/07, teknokrat [EMAIL PROTECTED] wrote: I am running Tomcat 5.5 as a service using Java 6. I try to connect jconsole locally but it can't seem to find tomcat. Anyone know how I can do this? thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
On 09/01/2007, at 5:20 PM, Christopher Schultz wrote: Leon Rosenberg wrote: Also by using apache in front of tomcat you rather loose[sic] security than gain it. At least this is my personal opinion :-) Would you care to defend that argument? Security in layers is typically an advantage. One could argue that more moving parts equals more complexity, and that complexity is an enemy of security (and I agree). However, there must be a balance. If good security requires layers, and each layer adds more complexity, then there is a paradox. With Apache HTTPD you have the advantage of being able to do fine grained url/ IP access control. It also brings with it however all the bugs that are in Apache HTTPD. What are your trying to protect by adding in Apache HTTPD? The IP Stack ? - Nope kernel issue - have this problem with both... Tomcats connection handling ? Nope - not protected as mod_proxy and mod_jk blindly forward all traffic towards the backend tomcat. So unless you want protect certain paths, hiding tomcat behind an apache will not bring any security benefits. Regards Andrew - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Securing Tomcat Article for Review
From: Christopher Schultz [mailto:[EMAIL PROTECTED] I would argue that Apache httpd is quite mature and is trustworthy. Sure, you're not likely to run into a buffer overflow bug in Tomcat, but a bad configuration can open any server to attack. Is a bad Tomcat configuration alone any better than a bad Tomcat configuration sitting behind Apache httpd? Depends on the quality of the httpd configuration, which is then another thing for a new administrator (presumably the person this document is aimed at) to get wrong, or at least not completely right. Setting up the httpd-jk-Tomcat link is also somewhat ticklish, and debug steps taken during this process (which may grant wider access than required in order to eliminate security concerns from the list of possibilities) may not always be reversed, leaving holes in the final system. For myself, I'd rather configure a good firewall in front of Tomcat than use httpd solely for the purpose of security. That's using a tool for a purpose for which it was not designed. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
do i need to build form source if i want install tomcat on 64-bit linux machine
Hello all, I would like to install tomcat on 64-bit linux machine. do i need to build it from source or can i directly take the binary files provided in the website. Is there any difference between building it from source and directly taking binaries which are i guess compiled on 32-bit machines. Thanks in advance, cheers vamsee movva
Re: Using the balancer app to redirect. Well, trying to
On 1/9/07, Jeremy [EMAIL PROTECTED] wrote: I'm trying to set up a tomcat 5.0.28 instance (on Debian) to achieve redirecting accesses to site1.company.com through to newsite1.org, using the balancer app. rather than apache webserver and the AJP connectors. The easiest solution would of course be just to set up a DNS level redirect on all port-80 accesses by putting in an A-name record to point at newsite1.org, but the problem is that newsite1.org doesn't have a direct IP, and you can't put the alphanumeric address in the DNS. I'm afraid I don't understand how name-based virtual hosting is *not* the solution to your problem here. It doesn't matter if newsite1.org has an IP shared with other hosts or domains, so why is it not in DNS? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Running Tomcat5.5 as 64 bit application
| From: Jonas Fagerstrom [mailto:[EMAIL PROTECTED] | Sent: Monday, 08 January, 2007 20:17 | | Mladen Turk mladen.turk at jboss.com writes: | | Use 64 bit procrun (tomcat5.exe) from: | http://svn.apache.org/viewvc/tomcat/connectors/trunk/procrun/bin/ | (remove the .amd64 extension of course) | | I tried this 64 bit version, but it didn't work for me. Perhaps due to the | fact | that it was compiled for the AMD64 platform. Curious. The 64-bit extensions (instructions and addressing modes) should be supported on Intel. Unless the compiler was using some proprietary AMD extensions (e.g., SSE), it should have run just fine. How did it 'not work' -- crash burn, or just not work the way you thought it should? - The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: do i need to build form source if i want install tomcat on 64-bit linux machine
From: vamsee movva [mailto:[EMAIL PROTECTED] Hello all, I would like to install tomcat on 64-bit linux machine. do i need to build it from source or can i directly take the binary files provided in the website. You can take the binary files if you want to run the system as a pure Java application. If you want some non-Java support libraries such as APR, you'll want to compile them or grab pre-built 64-bit binaries. Is there any difference between building it from source and directly taking binaries which are i guess compiled on 32-bit machines. 'No' for the Java files (they're bytecoded and then compiled to machine code on the target machine - hence the notion of a virtual machine). 'Yes' for support files such as the Apache Portable Runtime, but none of those support files are required in order to run Tomcat. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: do i need to build form source if i want install tomcat on 64-bit linux machine
Thank you very much , Peter. I used to install each and everything from source, by assuming we should do that. I wasted lot of time in that. Thaks again peter. cheers vamsee movva On 1/9/07, Peter Crowther [EMAIL PROTECTED] wrote: From: vamsee movva [mailto:[EMAIL PROTECTED] Hello all, I would like to install tomcat on 64-bit linux machine. do i need to build it from source or can i directly take the binary files provided in the website. You can take the binary files if you want to run the system as a pure Java application. If you want some non-Java support libraries such as APR, you'll want to compile them or grab pre-built 64-bit binaries. Is there any difference between building it from source and directly taking binaries which are i guess compiled on 32-bit machines. 'No' for the Java files (they're bytecoded and then compiled to machine code on the target machine - hence the notion of a virtual machine). 'Yes' for support files such as the Apache Portable Runtime, but none of those support files are required in order to run Tomcat. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and JSTL 1.2
Hi all, Im trying to use jstl 1.2 with tomcat 5.5.20 and java 1.5.0_05-b05. My webapp deploys ok but when I browse to it I get the following exception. xception org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar: org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar: org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:50) org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:407) org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:179) org.apache.jasper.compiler.TagLibraryInfoImpl.init(TagLibraryInfoImpl.java:181) org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:423) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:492) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1556) org.apache.jasper.compiler.Parser.parse(Parser.java:126) org.apache.jasper.compiler.ParserController.doParse(ParserController.java:211) org.apache.jasper.compiler.ParserController.parse(ParserController.java:100) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:155) org.apache.jasper.compiler.Compiler.compile(Compiler.java:295) org.apache.jasper.compiler.Compiler.compile(Compiler.java:276) org.apache.jasper.compiler.Compiler.compile(Compiler.java:264) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:563) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:305) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) Heres my simple index.jsp.. %@ taglib prefix=c uri=http://java.sun.com/jsp/jstl/core; % c:redirect url=/show.html/ It simple redirects the incomming request to my spring stuff. Has anyone got any ideas. Ben - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
On 1/9/07, Mladen Turk [EMAIL PROTECTED] wrote: robert lazarski wrote: Hi all, I'm using apr 1.1.3 with tomcat 5.5.18 and openssl . During my research I noticed that self-signed certs seem to work , but I'm in doubt if pay type $$$ certs from verisign will work. We've submitted our csr to verisign , and if I understand correctly we need to use the crt from versign with apr / tomcat / ssl . Can anyone shed some light on this ? The sole distinction between self-signed and verifed certificates is client dependent only. If the server certificate is not signed by the one the web browser trusts it will give you the message box with that notice. So if your self-signed works, the verisign-signed will work as well. Its completely irrelevant to OpenSSL. That makes sense. However, on the client side I'm getting a There's a problem with the sites security certificate. That's in IE6 , on firefox I get a similair popup . We have registered the csr with verisign. Is this solely a client side and verisign issue. Any clues ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat 5.5, java 6 and jconsole not working as service
From: news [mailto:[EMAIL PROTECTED] On Behalf Of teknokrat Subject: tomcat 5.5, java 6 and jconsole not working as service I am running Tomcat 5.5 as a service using Java 6. I try to connect jconsole locally but it can't seem to find tomcat. By default, JConsole only connects to local JVMs running under the same userid. Unless you've modified the Log On settings for the Tomcat service, it's running under Local System Account, not your normal userid. Also, you have to add -Dcom.sun.management.jmxremote to the Java Options for the service, using the tomcat5w.exe utility. Once those were done, I was able to connect to the Tomcat service using JConsole running with JDK 6. However, I am now noticing something very strange: most of the apps did not deploy when running as a service. Only ROOT, host-manager, manager, and tomcat-docs show up in the application list. When running with startup.bat, everything's there. More investigation needed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Getting Tomcat5.exe to run with server JVM
Hi, I’m quite new to the whole JAVA stuff so it might happen, that I do not use the right terms ;-) I need to get a Tomcat 5.5.20 to run with -server. It was installed using the available exe-installation file. I found already a previous thread about this topic located at http://mail-archives.apache.org/mod_mbox/tomcat-users/200408.mbox/[EMAIL PROTECTED] but the described solutions here didn’t help. If I add -server to JAVA Options within the tomcat monitor or tomcat5w.exe and try to restart stdout log file reports “unrecognized option -server”. Same happens if I add it to the registry values. Any ideas? Regards, Sascha
Re: Securing Tomcat Article for Review
Christopher Schultz wrote: Leon Rosenberg wrote: Also by using apache in front of tomcat you rather loose[sic] security than gain it. At least this is my personal opinion :-) Would you care to defend that argument? You defend it yourself in the next paragraph you've written. One could argue that more moving parts equals more complexity, and that complexity is an enemy of security (and I agree). However, there must be a balance. If good security requires layers, and each layer adds more complexity, then there is a paradox. Exactly. I would argue that Apache httpd is quite mature and is trustworthy. Sure, you're not likely to run into a buffer overflow bug in Tomcat, but a bad configuration can open any server to attack. Is a bad Tomcat configuration alone any better than a bad Tomcat configuration sitting behind Apache httpd? IMO you're missing the point. If your Tomcat configuration is bad then what I would consider the right measure to be taken is change the Tomcat configuration so that it becomes good. I wouldn't consider it a wise idea to put a httpd in front of a badly configured Tomcat and thereby hope to improve things. httpd may be mature and trustworthy but whether it's secure largely depends on how skillful and careful httpd's configuration is crafted. And if someone isn't able to build a good configuration for Tomcat, I doubt that he'll be able to come up with really, really good configuration for httpd, this way compensating the former with the latter . Anyway: AFAIR (can't reach owasp.org atm) the Article mentions putting httpd in front of Tomcat as one means among others to work around the fact that on Unix-like systems Tomcat alone can't bind to port 80 if running under a restricted account. No question, this is one possible solution. But whether or not it's the right solution to chose is a entirely different question. If someone asks: I've a server running Tomcat. Tomcat is all I need and it's working fine. The only thing that bugs me is: How can I make Tomcat accessible via port 80 without running it as root? In this case answering Easy! Just install httpd, install mod_jk, configure httpd, configure mod_jk, configure Tomcat to accept requests via AJP and voilá, you're set, I would call completely brain-dead. OTOH: in an environment where there's already an httpd installed that can't be replaced by Tomcat, using this httpd as a frontend to Tomcat might be exactly the way to go. Maybe the article could provide some hints on how to decide which of the possible solutions might be the best for a given circumstance. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Java memory profiler
| From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] | lucent.com.au] | Sent: Monday, 08 January, 2007 20:22 | | I would like to profile a Tomcat application on Solaris machine. | [snip] | I would appreciate any suggestions. I can't say enough good things about JProbe (www.quest.com/jprobe). I first used it on a JSE (Java 1.0.7!) project, and it saved me weeks of debugging and instrumenting my code. It's got a 10-day trial, and there's a free version too (not sure what the differences are). I bought it on a Monday, got it on a Wednesday, and I think it paid for itself by Friday... :) - The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and JSTL 1.2
%@ taglib prefix=c uri=http://java.sun.com/jsp/jstl/core; % c:redirect url=/show.html/ Perhaps a missing quote in the url attribute? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ben short Sent: Tuesday, January 09, 2007 12:08 PM To: Tomcat Users List Subject: Tomcat and JSTL 1.2 Hi all, Im trying to use jstl 1.2 with tomcat 5.5.20 and java 1.5.0_05-b05. My webapp deploys ok but when I browse to it I get the following exception. xception org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar : org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServle tWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.ja va:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar : org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHand ler.java:50) org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java :407) org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java :179) org.apache.jasper.compiler.TagLibraryInfoImpl.init(TagLibraryInfoImpl. java:181) org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:423) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:492) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1556) org.apache.jasper.compiler.Parser.parse(Parser.java:126) org.apache.jasper.compiler.ParserController.doParse(ParserController.jav a:211) org.apache.jasper.compiler.ParserController.parse(ParserController.java: 100) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:155) org.apache.jasper.compiler.Compiler.compile(Compiler.java:295) org.apache.jasper.compiler.Compiler.compile(Compiler.java:276) org.apache.jasper.compiler.Compiler.compile(Compiler.java:264) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.ja va:563) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.ja va:305) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) Heres my simple index.jsp.. %@ taglib prefix=c uri=http://java.sun.com/jsp/jstl/core; % c:redirect url=/show.html/ It simple redirects the incomming request to my spring stuff. Has anyone got any ideas. Ben - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and JSTL 1.2
Derrick, Thanks for spoting that, but thats a typo when i typed it into the email On 1/9/07, Derrick Koes [EMAIL PROTECTED] wrote: %@ taglib prefix=c uri=http://java.sun.com/jsp/jstl/core; % c:redirect url=/show.html/ Perhaps a missing quote in the url attribute? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ben short Sent: Tuesday, January 09, 2007 12:08 PM To: Tomcat Users List Subject: Tomcat and JSTL 1.2 Hi all, Im trying to use jstl 1.2 with tomcat 5.5.20 and java 1.5.0_05-b05. My webapp deploys ok but when I browse to it I get the following exception. xception org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar : org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServle tWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.ja va:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar : org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHand ler.java:50) org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java :407) org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java :179) org.apache.jasper.compiler.TagLibraryInfoImpl.init(TagLibraryInfoImpl. java:181) org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:423) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:492) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1556) org.apache.jasper.compiler.Parser.parse(Parser.java:126) org.apache.jasper.compiler.ParserController.doParse(ParserController.jav a:211) org.apache.jasper.compiler.ParserController.parse(ParserController.java: 100) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:155) org.apache.jasper.compiler.Compiler.compile(Compiler.java:295) org.apache.jasper.compiler.Compiler.compile(Compiler.java:276) org.apache.jasper.compiler.Compiler.compile(Compiler.java:264) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.ja va:563) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.ja va:305) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) Heres my simple index.jsp.. %@ taglib prefix=c uri=http://java.sun.com/jsp/jstl/core; % c:redirect url=/show.html/ It simple redirects the incomming request to my spring stuff. Has anyone got any ideas. Ben - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDI example for connecting to a DB2 on OS400
I've read the JNDI docs and can't find an example as to how to configure a connection for a DB2. I need to be able to setup a autoreconnect and a validation query in my server.xml but can't seem to find an example. Anyone able to help direct me in the to right location? Greg
RE: Getting Tomcat5.exe to run with server JVM
From: Sascha Wehnert [mailto:[EMAIL PROTECTED] Subject: Getting Tomcat5.exe to run with server JVM If I add -server to JAVA Options within the tomcat monitor or tomcat5w.exe and try to restart stdout log file reports unrecognized option -server. The -server option is only recognized by the standard Java launcher (java.exe), not by the JVM proper. To get the service to use the server mode JVM, start tomcat5w.exe, select the Java tab, clear the Use default check box, and enter the location of the .dll for the server mode JVM. It will be something like this: C:\jdk1.6.0\jre\bin\server\jvm.dll The exact path depends on which JVM you installed and where you installed it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Can APR use verisign certs ?
From: robert lazarski [mailto:[EMAIL PROTECTED] However, on the client side I'm getting a There's a problem with the sites security certificate. That's in IE6 , on firefox I get a similair popup . We have registered the csr with verisign. Is this solely a client side and verisign issue. Any clues ? Exactly what error is being given? The three parts of the IE6 message are: - The cert isn't signed by a trusted root; - The cert isn't within its date range (too early or too late); - The cert is for a different host than the one the browser thinks it's contacting (this is often due to a typo in the CSR, or due to hosting multiple sites on the same box). Which of these is IE complaining about? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: APR not picking up tcnative-1.dll
On 1/8/07, robert lazarski [EMAIL PROTECTED] wrote: On 1/8/07, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] Subject: Re: APR not picking up tcnative-1.dll 2) Are you using a 64-bit JVM on the Windows box? Nope! We are using the 32bit jvm . Does that matter since the dll is native ? I suspect so, but I'm not positive. Try installing the 32-bit version of the dll and see if that works. Or, go for the gold, and try the 64-bit JVM with the 64-bit dll. - Chuck Its late here but I think I nailed this down the be a 'java service wrapper' issue, ie, java daemon / service third party native libs. When I copied a fresh jboss over and did the same config, apr came up. Looks like I need to configure wrapper to be apr aware. Anyone done that and perhaps can post their wrapper.conf ? OK, just in case someone searches on this ... win32 tcnative on a 32bit jvm worked fine, _after_ adding this to my wrapper.conf : wrapper.java.library.path.2=c:\native where c:\native has the tcnative dll and openssl.exe . Robert - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
On 1/9/07, Peter Crowther [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] However, on the client side I'm getting a There's a problem with the sites security certificate. That's in IE6 , on firefox I get a similair popup . We have registered the csr with verisign. Is this solely a client side and verisign issue. Any clues ? Exactly what error is being given? The three parts of the IE6 message are: - The cert isn't signed by a trusted root; - The cert isn't within its date range (too early or too late); - The cert is for a different host than the one the browser thinks it's contacting (this is often due to a typo in the CSR, or due to hosting multiple sites on the same box). Which of these is IE complaining about? - Peter It says: 1) Cert is from a valid authority (good) 2) The ceritificate has expired or is not yet valid 3) The name on the certificate is invalid or does not match the name of the site. When I clicked to view the cert it says number 2 . Looking at the cert it does say verisign in the expected places. Thanks for asking me that - I gave it a better look. Suppose I need to ask verisign ;-) . Thanks! Robert - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
On 1/9/07, robert lazarski [EMAIL PROTECTED] wrote: On 1/9/07, Peter Crowther [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] However, on the client side I'm getting a There's a problem with the sites security certificate. That's in IE6 , on firefox I get a similair popup . We have registered the csr with verisign. Is this solely a client side and verisign issue. Any clues ? Exactly what error is being given? The three parts of the IE6 message are: - The cert isn't signed by a trusted root; - The cert isn't within its date range (too early or too late); - The cert is for a different host than the one the browser thinks it's contacting (this is often due to a typo in the CSR, or due to hosting multiple sites on the same box). Which of these is IE complaining about? - Peter It says: 1) Cert is from a valid authority (good) 2) The ceritificate has expired or is not yet valid 3) The name on the certificate is invalid or does not match the name of the site. When I clicked to view the cert it says number 2 . Looking at the cert it does say verisign in the expected places. Thanks for asking me that - I gave it a better look. Suppose I need to ask verisign ;-) . Thanks! Robert Actually I just looked further and the valid dates are from Jan 7 2007 to Java 8 2008 . That's really odd . I'm running IE6 via wine / linux , and the date on my machine is ok. Firefox 2.0 seemingly doesn't giver the reason . Any clues before asking verisign ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Can APR use verisign certs ?
From: robert lazarski [mailto:[EMAIL PROTECTED] It says: 1) Cert is from a valid authority (good) OK. 2) The ceritificate has expired or is not yet valid OK. Get the certificate details (which you can do within IE6); you can see the issue date and expiry date. My guess is that it may not yet be valid. 3) The name on the certificate is invalid or does not match the name of the site. Is this happening *as well*, or is it just a date issue? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Can APR use verisign certs ?
From: robert lazarski [mailto:[EMAIL PROTECTED] Any clues before asking verisign ? Can you tell us (or me privately) the address of the site if it's Internet-accessible? I can then connect and have a look at the cert and the surrounding environment. If we can see the problem, we'll be able to help more easily! - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and JSTL 1.2
Looks like you are missing the JSTL jar files whihc need to be in WEB-INF/lib -Tim ben short wrote: Hi all, Im trying to use jstl 1.2 with tomcat 5.5.20 and java 1.5.0_05-b05. My webapp deploys ok but when I browse to it I get the following exception. xception org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar: org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
On 1/9/07, Peter Crowther [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] Any clues before asking verisign ? Can you tell us (or me privately) the address of the site if it's Internet-accessible? I can then connect and have a look at the cert and the surrounding environment. If we can see the problem, we'll be able to help more easily! - Peter Very kool of you to offer! http://alpha-web01.alphatheory.com/atdev/ Robert - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and JSTL 1.2
Tim, Thats what I thought, but I check and double checked and the jstl-1.2.jar file is in the correct location. It also has the c.tld inside it. On 1/9/07, Tim Funk [EMAIL PROTECTED] wrote: Looks like you are missing the JSTL jar files whihc need to be in WEB-INF/lib -Tim ben short wrote: Hi all, Im trying to use jstl 1.2 with tomcat 5.5.20 and java 1.5.0_05-b05. My webapp deploys ok but when I browse to it I get the following exception. xception org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar: org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Cannot create object of class
From: Stephan Schöffel [mailto:[EMAIL PROTECTED] Subject: Cannot create object of class java.lang.NoClassDefFoundError: org/apache/catalina/manager/MyClass$1 It's not MyClass that can't be found, it's a failure to create the anonymous inner class: timer.schedule(new TimerTask(){ public void run(){ timer.cancel(); } }, 60*1000); The TimerTask definition (interface or superclass) must also be available in the manager app's classpath (i.e., WEB-INF/lib or WEB-INF/classes). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
well, putting up apache in front of tomcat usually is not done due to security-reasons. however, doing so won't do any harm if you know what you're doing... ;) the only reason putting up apache in front usually is to serve static content when running a high-load-web-app. besides, you can do quite some tricky stuff regarding url-rewriting and so on which is quite difficult to accomplish when using tomcat only. however, if somebody wants to run tomcat on port 80, on unix, this can easily be achieved with the jsvc-tool (see http://tomcat.apache.org/tomcat-5.5-doc/setup.html), on windows it's not an issue anyway. btw., a word to andrew: and mod_jk blindly forward all traffic towards the backend tomcat. you know about apache httpd and you read and understood the options about how to configure mod_jk (http://tomcat.apache.org/connectors-doc/reference/apache.html)? cheers greg -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Can APR use verisign certs ?
From: robert lazarski [mailto:[EMAIL PROTECTED] http://alpha-web01.alphatheory.com/atdev/ The cert's issued to dpt.alphatheory.com; you're testing connections to alpha-web01.alphatheory.com. Any sensible browser will scream at that difference. If they didn't, crackers would be able to get a cert for www.somesillyname.com, install it on a spare server, poison the DNS for www.amazon.com and the browsers wouldn't scream as they were redirected. You will get errors from every browser with that cert unless/until they connect to https://dpt.alphatheory.com. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and JSTL 1.2
The .tld file itself should tell you the URL you need in the directive to access the file. The .tld file doesn't need to be in web-inf/lib. These can be accessed from the jar, at least that was true with JSTL 1.1. I would check the .tld, perhaps the uri element value changed. Example: .tld snippet: ?xml version=1.0 encoding=UTF-8 ? taglib xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd; version=2.0 descriptionJSTL 1.1 core library/description display-nameJSTL core/display-name tlib-version1.1/tlib-version short-namec/short-name urihttp://java.sun.com/jsp/jstl/core/uri %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c % -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ben short Sent: Tuesday, January 09, 2007 12:45 PM To: Tomcat Users List Subject: Re: Tomcat and JSTL 1.2 Tim, Thats what I thought, but I check and double checked and the jstl-1.2.jar file is in the correct location. It also has the c.tld inside it. On 1/9/07, Tim Funk [EMAIL PROTECTED] wrote: Looks like you are missing the JSTL jar files whihc need to be in WEB-INF/lib -Tim ben short wrote: Hi all, Im trying to use jstl 1.2 with tomcat 5.5.20 and java 1.5.0_05-b05. My webapp deploys ok but when I browse to it I get the following exception. xception org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar : org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspSe rvletWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrappe r.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java: 314) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Is Tomcat still the reference implementation for Servlets and JSP?
Hi all, Does anyone know if Tomcat is still the reference implementation for Servlets and JSP? I thought the Servlets 2.5 spec was finalized in May. Why is it taking so long for a release version of Tomcat that implements Servlets 2.5? Also, I don't understand how Glassfish can support the new specs when it embeds Tomcat. Jon - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
On 1/9/07, Peter Crowther [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] http://alpha-web01.alphatheory.com/atdev/ The cert's issued to dpt.alphatheory.com; you're testing connections to alpha-web01.alphatheory.com. Any sensible browser will scream at that difference. If they didn't, crackers would be able to get a cert for www.somesillyname.com, install it on a spare server, poison the DNS for www.amazon.com and the browsers wouldn't scream as they were redirected. You will get errors from every browser with that cert unless/until they connect to https://dpt.alphatheory.com. - Peter Thanks a bunch for the explanation and your time! Robert - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Creating a custom session manager
Hello Tomcat users, I have a need that I believe Tomcat's pluggable session manager facility can satisfy, but I am having trouble getting it configured. BTW, I have googled and searched the mail archives on this topic and have not found anything useful yet. My application requires a modular architecture in which pluggable modules can be added a removed. We would like to use the web container's ability to deploy, undeploy, and redeploy WAR files as a means to install, uninstall, and upgrade the modules within our system. However, there is also a need to share session state between these modules which is not allowed in the servlet specification. I have researched a few solutions (such as using a Singleton in a common/lib/ package), but these solutions appear to require a non- trivial amount of infrastructure (and configuration of filters and/or session listeners) for every webapp. I would like to avoid all of that explicit infrastructure and hide the complexity by using a custom session manager. Before I proceed with my question, does anyone have any other suggestions for solving the above problem? OK, here is the test case that I am trying. I have created a very simple decorator which implements the org.apache.catalina.Manager interface. It simply delegates all calls to an instance of StandardManager and prints a message to System.out. Attached is the Tomcat config file that I am trying to use to configure my custom session manager. I am trying to use the DefaultContext tag to setup the manager on all webapps. Unfortunately, when I run a simple webapp (after restarting Tomcat, of course) I am not seeing any output in any log file (nor to the console) from my test manager. Is my configuration invalid? What am I missing? Sincere thanks, Bryan -- *StillSecure* Bryan Basham Senior Software Engineer (UI Development) F 303.381.3881 C 303.917.4546 www.stillsecure.com http://www.stillsecure.com /The information transmitted is intended only for the person to whom it is addressed and may contain confidential material. Review or other use of this information by persons other than the intended recipient is prohibited. If you've received this in error, please contact the sender and delete from any computer. / Server port=8005 shutdown=SHUTDOWN GlobalNamingResources !-- Used by Manager webapp -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 / !-- This is here for compatibility only, not required -- Connector port=8009 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase / Host name=localhost appBase=webapps DefaultContext Manager className=com.example.tomcat.TestSessionManager / /DefaultContext /Host /Engine /Service /Server - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat still the reference implementation for Servlets and JSP?
Tomcat isn't used in the RI for 2.5. Glassfish is a fork of tomcat. So you'll notice many things the same. -Tim Jon Miller wrote: Hi all, Does anyone know if Tomcat is still the reference implementation for Servlets and JSP? I thought the Servlets 2.5 spec was finalized in May. Why is it taking so long for a release version of Tomcat that implements Servlets 2.5? Also, I don't understand how Glassfish can support the new specs when it embeds Tomcat. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
robert lazarski wrote: On 1/9/07, Peter Crowther [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] Any clues before asking verisign ? Can you tell us (or me privately) the address of the site if it's Internet-accessible? I can then connect and have a look at the cert and the surrounding environment. If we can see the problem, we'll be able to help more easily! - Peter Very kool of you to offer! http://alpha-web01.alphatheory.com/atdev/ You have signed server certificate for dpt.alphatheory.com not for alpha-web01.alphatheory.com Of course that any browser will issue an warning. Regards, Mladen - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
Things like: Change files in CATALINA_HOME/conf to be readonly (400) ... Rename CATALINA_HOME/conf/server.xml to ... won't work for dummies (due to missing rights) if they'll follow the guide step by step. You're right, the ordering is perhaps a little confusing. The article is not aimed specifically at people who are new to sysadmin work, rather those who are new to (or just in doubt of how to secure) tomcat. I'd hope these people would realise they have to make a file writable before they try to edit it. Anyway: AFAIR (can't reach owasp.org atm) the Article mentions putting httpd in front of Tomcat as one means among others to work around the fact that on Unix-like systems Tomcat alone can't bind to port 80 if running under a restricted account. I think the 'running on port 80' section needs some rewording as I'm not advocating that putting IIS or apache infront of your tomcat installation will make it any more secure. As a sysadmin you may be asked to serve tomcat based pages on port 80 so it is presenting the options without bias towards any of them. Perhaps I need to add some bias, from a security perspective, to prevent misunderstanding ... - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat still the reference implementation for Servlets and JSP?
With regard to Servlet spec 2.5 see: http://tomcat.apache.org/tomcat-6.0-doc/index.html -Bob --- Tim Funk [EMAIL PROTECTED] wrote: Tomcat isn't used in the RI for 2.5. Glassfish is a fork of tomcat. So you'll notice many things the same. -Tim Jon Miller wrote: Hi all, Does anyone know if Tomcat is still the reference implementation for Servlets and JSP? I thought the Servlets 2.5 spec was finalized in May. Why is it taking so long for a release version of Tomcat that implements Servlets 2.5? Also, I don't understand how Glassfish can support the new specs when it embeds Tomcat. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
Did you read the article that is subject to this thread? Gregor Schneider wrote: putting up apache in front of tomcat usually is not done due to security-reasons. however, doing so won't do any harm if you know what you're doing... ;) Whatever you're doing, it's always a good idea to know what you're doing. The question why someone usually puts httpd in front of Tomcat wasn't subject of this sub-thread. the only reason putting up apache in front usually is to serve static content when running a high-load-web-app. besides, you can do quite some tricky stuff regarding url-rewriting and so on which is quite difficult to accomplish when using tomcat only. Usually the only reason? How do you know? As I said before, what answers might be given to the question why wasn't what I was talking about. however, if somebody wants to run tomcat on port 80, on unix, this can easily be achieved with the jsvc-tool (see http://tomcat.apache.org/tomcat-5.5-doc/setup.html), on windows it's not an issue anyway. Which is another among multiple ways the article presents as possibilities to make Tomcat accessible via port 80. Nobody doubted that. I don't think I understand how your post relates to mine. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Creating a custom session manager
From: Bryan Basham [mailto:[EMAIL PROTECTED] Subject: Creating a custom session manager I am trying to use the DefaultContext tag to setup the manager on all webapps. Assuming you're using a current (5.5 or better) level of Tomcat, I don't believe the DefaultContext tag is used anymore (Host doc error). The default context values should be placed inside a Context element in one of these two locations: $CATALINA_HOME/conf/context.xml $CATALINA_HOME/conf/[enginename]/[hostname]/context.xml.default See: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html for details. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
Hi Markus, On 1/9/07, Markus Schönhaber [EMAIL PROTECTED] wrote: Did you read the article that is subject to this thread? yep I don't think I understand how your post relates to mine. My post relates to yours and to some other posts here in that sense that you (and others) stated that putting apache httpd in front of tomcat would decrease security. that's definately not the case. when reading those posts, somebody might think that putting apache in front might even break security. since it's a real-world-scenario having apache httpd in front of tomcat, i'm just saying that nobody should worry about this combination. however, to make it clear: you are right, putting apache in front TO IMPROVE SECURITY doesn't make sense. OTOH, i'd rather have apache in front than running tomcat on port 80 via jsvc or as a service. cheers greg -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem with auto-deploy
I'm having trouble with the auto-deploy of .war files on Tomcat 5.5.20 running on Windows 2003 Server. When I drop a new .war file into the appropriate webapps directory, Tomcat's finding it and trying to deploy it, but it fails. It succeeds in removing the old directory (that a previous auto-deployment created) in the webapps directory, but it fails to complete the deployment with: 2007-01-09 11:21:44,859 (org.apache.catalina.startup.ContextConfig,init(),ERROR) Exception fixing docBase: {0} java.util.zip.ZipException: The process cannot access the file because it is being used by another process and 2007-01-09 11:21:44,875 (org.apache.catalina.core.StandardContext,resourcesStart(),ERROR) Error starting static Resources java.lang.IllegalArgumentException: Invalid or unreadable WAR file : The process cannot access the file because it is being used by another process If I stop the Tomcat service and restart it (without touching the .war file at all), Tomcat comes up fine, discovers the .war file a few seconds later, and deploys it without a problem (thus demonstrating that the .war file itself is fine). Any ideas? I have two machines that are exhibiting this same behavior, and a third that never has this problem (using the same .war file in all cases). The no problem machine is my developmental machine running Windows XP, and the two problematic machines are running Windows 2003 Server. David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Securing Tomcat Article for Review
From: Gregor Schneider [mailto:[EMAIL PROTECTED] Subject: Re: Securing Tomcat Article for Review OTOH, i'd rather have apache in front than running tomcat on port 80 via jsvc or as a service. Why? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problem with auto-deploy
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Problem with auto-deploy 2007-01-09 11:21:44,859 (org.apache.catalina.startup.ContextConfig,init(),ERROR) Exception fixing docBase: {0} java.util.zip.ZipException: The process cannot access the file because it is being used by another process Look at the antiJARLocking and antiResourceLocking attributes of the Context element: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Help with Tomcat 5.5 mod_jk 1.2.20 loadbalancing sticky session issue
Hi, I have installed one instance of apache 2.2.3 with mod_jk 1.2.20, two instances of tomcat 5.5, and Java 1.5.0 I m trying to set up a loadbalancer that supports sticky sessions. However what I m getting when i access the test.jsp via (http://somedomain.com/carlos.jsp) round robin hits on the tomcats setup, with a new session id being created for each access. 1st hit: sessionId: 11EB9613AAE1BD6E1903CAFEAD9469C4.jvm1 2nd hit: sessionId: DAA0ECBF06B2A8C4543BEBF61C2C8787.jvm2 3rd hit: sessionId: 9CF6BCE52886C82E777E1F76917DDCB4.jvm1 and so on Can anyone point out what I m doing wrong? I m trying to setup the system so that the client browser is always sent to the same tomcat instance. I have tried setting the directive worker.loadbalancer.sticky_session=True as worker.loadbalancer.sticky_session=1 but I still get the same result. I even tried adding: worker.jvm1.domain=jvm1 , worker.jvm2.domain=jvm2. as suggested in some of the threads but that didn't help. Thanks. Carlos. TEST JSP % HttpSession session22 = request.getSession(false); if ( session22 != null ) { String id = session22.getId(); out.println(sessionId: + id); } % JAVA VERSION [EMAIL PROTECTED] admin]# java -version java version 1.5.0_10 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_10-b03) Java HotSpot(TM) Server VM (build 1.5.0_10-b03, mixed mode) SOME HTTP DETAILS = [EMAIL PROTECTED] bin]# ./httpd -V Server version: Apache/2.2.3 Server built: Dec 18 2006 10:56:49 Server's Module Magic Number: 20051115:3 Server loaded: APR 1.2.7, APR-Util 1.2.7 Compiled using: APR 1.2.7, APR-Util 1.2.7 Architecture: 32-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT=/usr/httpd -D SUEXEC_BIN=/usr/httpd/bin/suexec -D DEFAULT_PIDLOG=logs/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=logs/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf [EMAIL PROTECTED] bin]# ./httpd -l Compiled in modules: core.c mod_authn_file.c mod_authn_default.c mod_authz_host.c mod_authz_groupfile.c mod_authz_user.c mod_authz_default.c mod_auth_basic.c mod_include.c mod_filter.c mod_log_config.c mod_env.c mod_setenvif.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c HTTPD.CONF == IfDefine mod_jk_module LoadModule jk_module modules/mod_jk.so /IfDefine IfModule mod_jk.c JkWorkersFile /usr/httpd/conf/extra/workers.properties JkLogFile /usr/httpd/logs/mod_jk.log JkLogLevel debug JkMount /*.jsp loadbalancer JkMount /servlet/* loadbalancer JkMount /*.xml loadbalancer JkMount /jkmanager/* jkstatus JkShmFile /usr/httpd/logs/jk.shm AddType text/xml .xml /IfModule WORKERS.PROPERTIES == worker.list=loadbalancer,jkstatus worker.maintain=60 worker.jvm1.port=18007 worker.jvm1.host=localhost worker.jvm1.type=ajp13 worker.jvm1.lbfactor=1 worker.jvm1.socket_timeout=1 worker.jvm1.retries=1 worker.jvm1.domain=jvm1 (I even tried this to see if it would help, but it didn't -- removed) worker.jvm2.port=18009 worker.jvm2.host=localhost worker.jvm2.type=ajp13 worker.jvm2.lbfactor=1 worker.jvm2.socket_timeout=1 worker.jvm2.retries=1 worker.jvm2.domain=jvm2 (I even tried this to see if it would help, but it didn't -- removed) worker.jkstatus.type=status worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=jvm1,jvm2 worker.loadbalancer.sticky_session=True worker.loadbalancer.sticky_session_force=False worker.loadbalancer.method=B TOMCAT1 SERVER.XML (the diff vs the orginal config file) == Connector port=18009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost jvmRoute=jvm1 TOMCAT2 SERVER.XML (the diff vs the orginal config file) == Connector port=18007 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost jvmRoute=jvm2 MOD_JK.LOG === 1st access to jsp (http://domainame.com/carlos.jsp) = sessionId: 11EB9613AAE1BD6E1903CAFEAD9469C4.jvm1 * [Tue Jan 09 09:05:02 2007] [30637:14016] [debug] map_uri_to_worker::jk_uri_worker_map.c (575): Attempting to map URI '/carlos.jsp' from 4 maps [Tue Jan 09 09:05:02 2007] [30637:14016] [debug] map_uri_to_worker::jk_uri_worker_map.c
Re: Securing Tomcat Article for Review
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Andrew Miehs wrote: With Apache HTTPD you have the advantage of being able to do fine grained url/ IP access control. I believe that Tomcat also has that capability. Am I wrong? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFo++Z9CaO5/Lv0PARAn/SAJ9ndaX70Z5AkiN0OegwxoKKM40FSQCgmK8X JD9SROlWMCBBVxmW3YWC2NQ= =Q066 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Markus, Markus Schönhaber wrote: You defend it yourself in the next paragraph you've written. One could argue that more moving parts equals more complexity, and that complexity is an enemy of security (and I agree). However, there must be a balance. If good security requires layers, and each layer adds more complexity, then there is a paradox. Exactly. I believe I raised a question, rather than defending a point. I'm suggesting that things are more complicated than the sound bites that some people like to drop. I would appreciate my FUD to come with a side order of empirical evidence. For instance, if Leon had said I've had bad security experiences with Apache httpd, well, then at least he would have actually been making a statement. As much as I think that MS IIS is a steaming pile of crap, it is not a foregone conclusion that running MS IIS implies that you will be hacked to bits by tomorrow morning. The same is true with Apache httpd, except that I'm guessing that most members on this list are less likely to jump all over Apache httpd than they are to do so with MS IIS. I would just urge posters to the list to post something more than product X sucks or . I hate having wasted my time to read a message that does not move the dialog forward (not that I'm saying that Leon's message was a waste of time). Let's all endeavor to provide proper context and be precise in what message we are trying to communicate. Leon's message says flat out that adding Apache httpd reduces security, and provides no basis for that statement. A more appropriate statement might have been that Apache does not add any appreciable measure of security as Tomcat provides the same kinds of protections against unauthorized access, etc. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFo/KZ9CaO5/Lv0PARAuWEAJ46lQOQ91ln8VgHBTT42z5RM9HP1ACgg4BO vchsGJ0tN6oSIw7CYq/MoVE= =zkQ5 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Darren, Darren wrote: I think the 'running on port 80' section needs some rewording as I'm not advocating that putting IIS or apache infront of your tomcat installation will make it any more secure. As a sysadmin you may be asked to serve tomcat based pages on port 80 so it is presenting the options without bias towards any of them. Perhaps I need to add some bias, from a security perspective, to prevent misunderstanding ... Perhaps you should have a section on related questions. You could include a discussion of the reasons why Tomcat cannot bind to port 80 on many operating systems, and what options are available. It is good for admins to understand that it's not the fault of Tomcat or Java; it's the OS's restriction on user rights. Apache httpd has the exact same restrictions, although it comes with the capability to startup as root and then drop privileges. I don't believe the same is true for Tomcat. If security concerns are something to be raised for a particular option (for instance, use of some well-known bad version of a web server), then you should definitely point those out. One thing that you should mention is that running Tomcat (or any other service for that matter) as root is probably not the best answer. Encourage your readers to consider other options such as jsvc, Apache, IIS or whatever. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFo/P/9CaO5/Lv0PARAo+8AKC2Q7fUU1FWSABZn3FE3ITx/yrurwCgnDXj PiVW+DMYQNWBj3re0VOzk8M= =s9Kj -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Best way to include common html
What is the best approach to get shared HTML files, (such as header and footer files) located outside each appBase, included into an application (.jsp) under Tomcat? SSI filter ? Or some context resource setting ? Thanks for any help. - s.c., university of utah - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Best way to include common html
Possibly a framework for templating. Tiles, SiteMesh they are created for exactly what you are looking for. Of course you can use JSP includes ... but the frameworks do a better job IMOHO. -Original Message- From: Scott Cowley [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 2:14 PM To: Tomcat Users List Subject: Best way to include common html What is the best approach to get shared HTML files, (such as header and footer files) located outside each appBase, included into an application (.jsp) under Tomcat? SSI filter ? Or some context resource setting ? Thanks for any help. - s.c., university of utah - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: downloading JSTL..
so would I just dump all of the .tld files in my WEB-INF sub directory titled tlds? For instance, I've got a directory in my webapps folder, then a WEB-INF directory for it, then inside it I've got a directory titled tlds. Just throw them in there? -Original Message- From: Wendy Smoak [mailto:[EMAIL PROTECTED] Sent: Monday, August 21, 2006 10:34 PM To: Tomcat Users List Subject: Re: downloading JSTL.. Wendy, thank you very much for your help.. I'm using Tomcat 5, so I figured had to use JSTL 1.1.. No. The version of JSTL to use depends on what version of the Servlet spec your webapp is configured to use, not what version of Tomcat they're running in. my Servlet API is 2.4.. so looking on pg you pointed out, put this on top of web.xml: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4 also changed URI for JSTL 1.1 like you said, so now in JSP have: %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c % c:out value=Congratulations, JSTL is working!/ still, get exact same error.. oh brother, I don't get this.. The error you're getting has to do with parsing an XML file, probably web.xml. It's complaining that: SEVERE: Parse Fatal Error at line 3 column 6: The processing instruction target matching [xX][mM][lL] is not allowed. Delete the two lines above, and any spaces before, the ?xml version=1.0? (or similar) which is on line 3. It has to be the very first thing in the file. (actually the guy says in book he's using Tomcat 5.5 (which I know is for java sdk 1.5, I'm using tomcat 5.0.23 or something, and sdk 1.4, but since am on Tomcat 5 figured JSTL 1.1 would be ok..) Yes, it should be fine. (this pg refers to Struts, though.. I'm not using Struts, have never used Struts.. ... which is why I said, Ignore the Struts-related parts. :) -- Wendy - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
On 1/9/07, Peter Crowther [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] http://alpha-web01.alphatheory.com/atdev/ The cert's issued to dpt.alphatheory.com; you're testing connections to alpha-web01.alphatheory.com. Any sensible browser will scream at that difference. If they didn't, crackers would be able to get a cert for www.somesillyname.com, install it on a spare server, poison the DNS for www.amazon.com and the browsers wouldn't scream as they were redirected. You will get errors from every browser with that cert unless/until they connect to https://dpt.alphatheory.com. - Peter Can I please ask for more assitence ? I'm getting a date error on this site in both IE6 and firefox 1.5 - 2.0 that I don't understand: https://dpt.alphatheory.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with Tomcat 5.5 mod_jk 1.2.20 loadbalancing sticky session issue
This one is easy: you've got a twist in the routing config: mod_jk: jvm1=port 18007, jvm2=port 18009 Tomcat: jvm1=port 18009, jvm1=port 18007 Hope this helps, have fun with mod_jk :) Rainer Carlos Campos schrieb: Hi, I have installed one instance of apache 2.2.3 with mod_jk 1.2.20, two instances of tomcat 5.5, and Java 1.5.0 I m trying to set up a loadbalancer that supports sticky sessions. However what I m getting when i access the test.jsp via (http://somedomain.com/carlos.jsp) round robin hits on the tomcats setup, with a new session id being created for each access. 1st hit: sessionId: 11EB9613AAE1BD6E1903CAFEAD9469C4.jvm1 2nd hit: sessionId: DAA0ECBF06B2A8C4543BEBF61C2C8787.jvm2 3rd hit: sessionId: 9CF6BCE52886C82E777E1F76917DDCB4.jvm1 and so on Can anyone point out what I m doing wrong? I m trying to setup the system so that the client browser is always sent to the same tomcat instance. I have tried setting the directive worker.loadbalancer.sticky_session=True as worker.loadbalancer.sticky_session=1 but I still get the same result. I even tried adding: worker.jvm1.domain=jvm1 , worker.jvm2.domain=jvm2. as suggested in some of the threads but that didn't help. Thanks. Carlos. TEST JSP % HttpSession session22 = request.getSession(false); if ( session22 != null ) { String id = session22.getId(); out.println(sessionId: + id); } % JAVA VERSION [EMAIL PROTECTED] admin]# java -version java version 1.5.0_10 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_10-b03) Java HotSpot(TM) Server VM (build 1.5.0_10-b03, mixed mode) SOME HTTP DETAILS = [EMAIL PROTECTED] bin]# ./httpd -V Server version: Apache/2.2.3 Server built: Dec 18 2006 10:56:49 Server's Module Magic Number: 20051115:3 Server loaded: APR 1.2.7, APR-Util 1.2.7 Compiled using: APR 1.2.7, APR-Util 1.2.7 Architecture: 32-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT=/usr/httpd -D SUEXEC_BIN=/usr/httpd/bin/suexec -D DEFAULT_PIDLOG=logs/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=logs/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf [EMAIL PROTECTED] bin]# ./httpd -l Compiled in modules: core.c mod_authn_file.c mod_authn_default.c mod_authz_host.c mod_authz_groupfile.c mod_authz_user.c mod_authz_default.c mod_auth_basic.c mod_include.c mod_filter.c mod_log_config.c mod_env.c mod_setenvif.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c HTTPD.CONF == IfDefine mod_jk_module LoadModule jk_module modules/mod_jk.so /IfDefine IfModule mod_jk.c JkWorkersFile /usr/httpd/conf/extra/workers.properties JkLogFile /usr/httpd/logs/mod_jk.log JkLogLevel debug JkMount /*.jsp loadbalancer JkMount /servlet/* loadbalancer JkMount /*.xml loadbalancer JkMount /jkmanager/* jkstatus JkShmFile /usr/httpd/logs/jk.shm AddType text/xml .xml /IfModule WORKERS.PROPERTIES == worker.list=loadbalancer,jkstatus worker.maintain=60 worker.jvm1.port=18007 worker.jvm1.host=localhost worker.jvm1.type=ajp13 worker.jvm1.lbfactor=1 worker.jvm1.socket_timeout=1 worker.jvm1.retries=1 worker.jvm1.domain=jvm1 (I even tried this to see if it would help, but it didn't -- removed) worker.jvm2.port=18009 worker.jvm2.host=localhost worker.jvm2.type=ajp13 worker.jvm2.lbfactor=1 worker.jvm2.socket_timeout=1 worker.jvm2.retries=1 worker.jvm2.domain=jvm2 (I even tried this to see if it would help, but it didn't -- removed) worker.jkstatus.type=status worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=jvm1,jvm2 worker.loadbalancer.sticky_session=True worker.loadbalancer.sticky_session_force=False worker.loadbalancer.method=B TOMCAT1 SERVER.XML (the diff vs the orginal config file) == Connector port=18009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost jvmRoute=jvm1 TOMCAT2 SERVER.XML (the diff vs the orginal config file) == Connector port=18007 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost jvmRoute=jvm2
Re: Complex Tomcat and IIS configuration
No config, no log: no idea :( Tor Langehaug schrieb: I am running a web server with about 10 different virtually hosted sites. Tomcat is installed and functioning with http://localhost:8084/ (the default port of tomcat is used by another application), however I cannot access tomcat by this address away from the local machine. This is an http URL, so it would not make sense to try to reach this address and port via ipsapi redirector. The redirector uses ajp13 and has to point to an ajp13 connector port of tomcat (default: 8009). I'm not sure, if you've got a problem to reach tomcat directly via http (suggested by the url http://localhost:8004), what relevance localhost has here, or if the problem is, that it doesn't work via isapi redirector (or all of them). The isapi_redirect filter is installed and shows as working with the green arrow and I have a Jakarta virtual directory in the site I want to run my application on. IIS fails to serve the context defined within tomcat when it is requested. My project is supposed to be deployed within the next day or so. Help is greatly appreciated. Thanks, Tor Langehaug Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
On 1/9/07, Christopher Schultz [EMAIL PROTECTED] wrote: Leon's message says flat out that adding Apache httpd reduces security, and provides no basis for that statement. A more appropriate statement might have been that Apache does not add any appreciable measure of security as Tomcat provides the same kinds of protections against unauthorized access, etc. Allow to explain this. As other posters already explained puting a httpd in front of tomcat doesn't increase security. The only way it could increase it, would be if it could handle known security issues and protects the tomcat from the usage of such exploits. Personally I don't know of any, and even I did, I would doubt that putting httpd in front would be the best solution, or that httpd can protect something better than a firewall, which is actually desinged to protect. Httpd is not. Can we agree that httpd doesn't increase security now? Now, moving on, if httpd doesn't increase security, it has a) zero impact or b) decreases it. As for option a) (despite I don't believe it) even if it would have zero effect, there is always a possibility for human factor (mistakenly released configs or something). So even with the option a) the solely presence of httpd wouldn't reduce security, it's presence would give more opportunity for the human to fail, and therefor reduce security indirectly. As for option b): httpd is a lot of code. Any contains bugs. So chances are good that httpd will add own bugs to the existing tomcat bugs without hiding some of them. So the overall bug count will increase therefor increasing the number of possbile security-relevant bugs. Therefore decreased security. q.e.d :-) However, puting a firewall in front of any webserver to protect it the host and the server from attacks he can't deal with, seems a very good idea to me :-) best regards Leon - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
On 1/9/07, robert lazarski [EMAIL PROTECTED] wrote: On 1/9/07, Peter Crowther [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] http://alpha-web01.alphatheory.com/atdev/ The cert's issued to dpt.alphatheory.com; you're testing connections to alpha-web01.alphatheory.com. Any sensible browser will scream at that difference. If they didn't, crackers would be able to get a cert for www.somesillyname.com, install it on a spare server, poison the DNS for www.amazon.com and the browsers wouldn't scream as they were redirected. You will get errors from every browser with that cert unless/until they connect to https://dpt.alphatheory.com. - Peter Can I please ask for more assitence ? I'm getting a date error on this site in both IE6 and firefox 1.5 - 2.0 that I don't understand: https://dpt.alphatheory.com/ On firefox 1.5 I'm getting could not verify the cert because the issuer is unknown . Any ideas ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, robert lazarski wrote: Can I please ask for more assitence ? I'm getting a date error on this site in both IE6 and firefox 1.5 - 2.0 that I don't understand: https://dpt.alphatheory.com/ I receive no warnings or errors of any kind when visiting the above URL. Firefox (2.0.0.1 on winXP) reports a good cert issued and signed by VeriSign with validity dates from 2007-01-07 through 2008-01-09. The encryption being used is AES-256 in my case. MSIE (6.0.2900.2180 on winXP) reports the same information, and says that the status is This certificate is OK in the Certification Path tab of the Certificate dialog. Oddly enough, double-clicking on the lock icon in the status bar of MSIE (or clicking the Certificates button from the page properties dialog) /sometimes/ (but not always) results in a message that the cert has expired or is not yet valid. There were never any warnings that came up at any point in either browser. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpAR39CaO5/Lv0PARAtQQAJ9iPLbzFkONgpiinTk8hZrhvAcJ6wCgwYdI 2KDTXJO1K2skpPdCTLx7Krw= =i8lJ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Can APR use verisign certs ?
From: robert lazarski [mailto:[EMAIL PROTECTED] Subject: Re: Can APR use verisign certs ? Can I please ask for more assitence ? I'm getting a date error on this site in both IE6 and firefox 1.5 - 2.0 that I don't understand: https://dpt.alphatheory.com/ I'm getting somewhat different results than you are. IE6 gets to the JBoss startup page with no problem, as well as the Tomcat status and JMX Console pages. It's only when downloading the JBoss Web Console applet that an invalid certificate warning pops up. The date range is fine; the problem is due to The security certificate was issued by a company that is not trusted. The latter may be because I haven't updated my JDK lately on the machine I'm running the browser on, and it may have an out-of-date trust list. What JRE/JDK level is on the system running the browser? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with Tomcat 5.5 mod_jk 1.2.20 loadbalancing sticky session issue
Thank You for your quick reply!! that was it, it works now Carlos. Original Message Follows From: Rainer Jung [EMAIL PROTECTED] Reply-To: Tomcat Users List users@tomcat.apache.org To: Tomcat Users List users@tomcat.apache.org Subject: Re: Help with Tomcat 5.5 mod_jk 1.2.20 loadbalancing sticky session issue Date: Tue, 09 Jan 2007 21:58:52 +0100 This one is easy: you've got a twist in the routing config: mod_jk: jvm1=port 18007, jvm2=port 18009 Tomcat: jvm1=port 18009, jvm1=port 18007 Hope this helps, have fun with mod_jk :) Rainer Carlos Campos schrieb: Hi, I have installed one instance of apache 2.2.3 with mod_jk 1.2.20, two instances of tomcat 5.5, and Java 1.5.0 I m trying to set up a loadbalancer that supports sticky sessions. However what I m getting when i access the test.jsp via (http://somedomain.com/carlos.jsp) round robin hits on the tomcats setup, with a new session id being created for each access. 1st hit: sessionId: 11EB9613AAE1BD6E1903CAFEAD9469C4.jvm1 2nd hit: sessionId: DAA0ECBF06B2A8C4543BEBF61C2C8787.jvm2 3rd hit: sessionId: 9CF6BCE52886C82E777E1F76917DDCB4.jvm1 and so on Can anyone point out what I m doing wrong? I m trying to setup the system so that the client browser is always sent to the same tomcat instance. I have tried setting the directive worker.loadbalancer.sticky_session=True as worker.loadbalancer.sticky_session=1 but I still get the same result. I even tried adding: worker.jvm1.domain=jvm1 , worker.jvm2.domain=jvm2. as suggested in some of the threads but that didn't help. Thanks. Carlos. TEST JSP % HttpSession session22 = request.getSession(false); if ( session22 != null ) { String id = session22.getId(); out.println(sessionId: + id); } % JAVA VERSION [EMAIL PROTECTED] admin]# java -version java version 1.5.0_10 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_10-b03) Java HotSpot(TM) Server VM (build 1.5.0_10-b03, mixed mode) SOME HTTP DETAILS = [EMAIL PROTECTED] bin]# ./httpd -V Server version: Apache/2.2.3 Server built: Dec 18 2006 10:56:49 Server's Module Magic Number: 20051115:3 Server loaded: APR 1.2.7, APR-Util 1.2.7 Compiled using: APR 1.2.7, APR-Util 1.2.7 Architecture: 32-bit Server MPM: Prefork threaded: no forked: yes (variable process count) Server compiled with -D APACHE_MPM_DIR=server/mpm/prefork -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_SYSVSEM_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=128 -D HTTPD_ROOT=/usr/httpd -D SUEXEC_BIN=/usr/httpd/bin/suexec -D DEFAULT_PIDLOG=logs/httpd.pid -D DEFAULT_SCOREBOARD=logs/apache_runtime_status -D DEFAULT_LOCKFILE=logs/accept.lock -D DEFAULT_ERRORLOG=logs/error_log -D AP_TYPES_CONFIG_FILE=conf/mime.types -D SERVER_CONFIG_FILE=conf/httpd.conf [EMAIL PROTECTED] bin]# ./httpd -l Compiled in modules: core.c mod_authn_file.c mod_authn_default.c mod_authz_host.c mod_authz_groupfile.c mod_authz_user.c mod_authz_default.c mod_auth_basic.c mod_include.c mod_filter.c mod_log_config.c mod_env.c mod_setenvif.c mod_ssl.c prefork.c http_core.c mod_mime.c mod_status.c mod_autoindex.c mod_asis.c mod_cgi.c mod_negotiation.c mod_dir.c mod_actions.c mod_userdir.c mod_alias.c mod_so.c HTTPD.CONF == IfDefine mod_jk_module LoadModule jk_module modules/mod_jk.so /IfDefine IfModule mod_jk.c JkWorkersFile /usr/httpd/conf/extra/workers.properties JkLogFile /usr/httpd/logs/mod_jk.log JkLogLevel debug JkMount /*.jsp loadbalancer JkMount /servlet/* loadbalancer JkMount /*.xml loadbalancer JkMount /jkmanager/* jkstatus JkShmFile /usr/httpd/logs/jk.shm AddType text/xml .xml /IfModule WORKERS.PROPERTIES == worker.list=loadbalancer,jkstatus worker.maintain=60 worker.jvm1.port=18007 worker.jvm1.host=localhost worker.jvm1.type=ajp13 worker.jvm1.lbfactor=1 worker.jvm1.socket_timeout=1 worker.jvm1.retries=1 worker.jvm1.domain=jvm1 (I even tried this to see if it would help, but it didn't -- removed) worker.jvm2.port=18009 worker.jvm2.host=localhost worker.jvm2.type=ajp13 worker.jvm2.lbfactor=1 worker.jvm2.socket_timeout=1 worker.jvm2.retries=1 worker.jvm2.domain=jvm2 (I even tried this to see if it would help, but it didn't -- removed) worker.jkstatus.type=status worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=jvm1,jvm2 worker.loadbalancer.sticky_session=True worker.loadbalancer.sticky_session_force=False worker.loadbalancer.method=B TOMCAT1 SERVER.XML (the diff vs the orginal config file) == Connector port=18009 enableLookups=false
Re: Can APR use verisign certs ?
On 1/9/07, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] Subject: Re: Can APR use verisign certs ? Can I please ask for more assitence ? I'm getting a date error on this site in both IE6 and firefox 1.5 - 2.0 that I don't understand: https://dpt.alphatheory.com/ I'm getting somewhat different results than you are. IE6 gets to the JBoss startup page with no problem, as well as the Tomcat status and JMX Console pages. It's only when downloading the JBoss Web Console applet that an invalid certificate warning pops up. The date range is fine; the problem is due to The security certificate was issued by a company that is not trusted. The latter may be because I haven't updated my JDK lately on the machine I'm running the browser on, and it may have an out-of-date trust list. What JRE/JDK level is on the system running the browser? - Chuck I'm in brazil and with pt_BR which inverts month and day - which I think explains my date errors. The error we both seem to be seeing, The security certificate was issued by a company that is not trusted. seems to be only on firefox 1.5 - with or without java 1.5_08 installed. Can anyone confirm that? If its not Java, any ideas? Another poster seemed to say it worked in IE6 and firefox 2.0 , which is what I'm seeing . - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Best way to include common html
The problem is that I can't reference JSP includes from app code if the included file is outside the app's root. (At least with the default installation of Tomcat). -Original Message- From: Scott Purcell [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 1:24 PM To: Tomcat Users List Subject: RE: Best way to include common html Possibly a framework for templating. Tiles, SiteMesh they are created for exactly what you are looking for. Of course you can use JSP includes ... but the frameworks do a better job IMOHO. -Original Message- From: Scott Cowley [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 2:14 PM To: Tomcat Users List Subject: Best way to include common html What is the best approach to get shared HTML files, (such as header and footer files) located outside each appBase, included into an application (.jsp) under Tomcat? SSI filter ? Or some context resource setting ? Thanks for any help. - s.c., university of utah - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Own logging formatter in webapps
Hello Uwe, Langjahr, Uwe wrote: Hello together, I'm a newbie using Java/Tomcat/JSF-MyFaces all together. Can somebody help me, I have problems with the logging mechanism. - I want to use the JDK logging mechanism in my webapp. - I want to use my own class uxspiweb.log.DebugFormatter for the - The class DebugFormatter is NOT used/found/applied/accessable? - Other classes from the webapps don't have any problem. - BUT I belief, that the UXSPI-WEB/WEB-INF/classes/logging.properties is evaluated, because the following entry org.apache.juli.FileHandler.prefix = UXSPIWEB. is active. If I modify this entry, another logfile is created. - I also have tried things like this: (in the class TreeController) Any ideas? Uwe Environment: JDK 1.5.0_06-b05 Tomcat 5.5.16 Windows XP try to put your formatter on the system classpath, where Tomcat JULI resists... Regards Boris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problems with APR install
I'm trying to get APR 1.2.8 working with tomcat 5.5.17 which comes with tomcat-native 1.1.3. I'm on RHEL4 on a 64-bit AMD system. I compiled APR from source into /usr/local/apr, compiled tomcat-native with /usr/local/apr, no problems. Added /usr/local/apr/lib to /etc/ld.so.conf and ran ldconfig, no problem. Added /usr/local/apr/lib to LD_LIBRARY_PATH in bin/startup.sh In conf/server.xml I have: Listener className=org.apache.catalina.core.AprLifecycleListener / In catalina.out on startup, I get: 14:52:09 INFO [main] org.apache.catalina.core.AprLifecycleListener: The Apache Tomcat Native library which allows optimal performance in production environme nts was not found on the java.library.path: /usr/java/jdk1.5.0_06/jre/lib/i386/server:/usr/java/jdk1.5.0_06/jre/lib/ i386:/usr/java/jdk1.5.0_06/jre/../lib/i38 6:/usr/local/apr/lib I can't find anything I missed. Ldd shows cleans for all so files, seems all libraries are there, don't know what it's looking for. Any help is appreciated. *** APR DIR LISTING *** # ls -lR /usr/local/apr /usr/local/apr: total 16 drwxr-xr-x 2 root root 4096 Jan 9 14:01 bin drwxr-xr-x 2 root root 4096 Jan 9 13:58 build-1 drwxr-xr-x 3 root root 4096 Jan 9 13:58 include drwxr-xr-x 3 root root 4096 Jan 9 14:05 lib /usr/local/apr/bin: total 16 -rwxr-xr-x 1 root root 6936 Jan 9 13:58 apr-1-config -rwxr-xr-x 1 root root 5769 Jan 9 14:01 apu-1-config /usr/local/apr/build-1: total 240 -rw-r--r-- 1 root root 6122 Jan 9 13:58 apr_rules.mk -rwxr-xr-x 1 root root 217294 Jan 9 13:58 libtool -rw-r--r-- 1 root root 2991 Jan 9 13:58 make_exports.awk -rw-r--r-- 1 root root 1023 Jan 9 13:58 make_var_export.awk -rwxr-xr-x 1 root root980 Jan 9 13:58 mkdir.sh /usr/local/apr/include: total 4 drwxr-xr-x 2 root root 4096 Jan 9 14:01 apr-1 /usr/local/apr/include/apr-1: total 700 -rw-r--r-- 1 root root 5334 Jan 9 13:58 apr_allocator.h -rw-r--r-- 1 root root 4903 Jan 9 14:01 apr_anylock.h -rw-r--r-- 1 root root 3766 Jan 9 13:58 apr_atomic.h -rw-r--r-- 1 root root 3615 Jan 9 14:01 apr_base64.h -rw-r--r-- 1 root root 57784 Jan 9 14:01 apr_buckets.h -rw-r--r-- 1 root root 3407 Jan 9 14:01 apr_date.h -rw-r--r-- 1 root root 14323 Jan 9 14:01 apr_dbd.h -rw-r--r-- 1 root root 8205 Jan 9 14:01 apr_dbm.h -rw-r--r-- 1 root root 2700 Jan 9 13:58 apr_dso.h -rw-r--r-- 1 root root 2105 Jan 9 13:58 apr_env.h -rw-r--r-- 1 root root 51421 Jan 9 13:58 apr_errno.h -rw-r--r-- 1 root root 17564 Jan 9 13:58 apr_file_info.h -rw-r--r-- 1 root root 33929 Jan 9 13:58 apr_file_io.h -rw-r--r-- 1 root root 4180 Jan 9 13:58 apr_fnmatch.h -rw-r--r-- 1 root root 7000 Jan 9 13:58 apr_general.h -rw-r--r-- 1 root root 5903 Jan 9 13:58 apr_getopt.h -rw-r--r-- 1 root root 5680 Jan 9 13:58 apr_global_mutex.h -rw-r--r-- 1 root root 11855 Jan 9 13:58 apr.h -rw-r--r-- 1 root root 8087 Jan 9 13:58 apr_hash.h -rw-r--r-- 1 root root 8438 Jan 9 14:01 apr_hooks.h -rw-r--r-- 1 root root 2137 Jan 9 13:58 apr_inherit.h -rw-r--r-- 1 root root 3394 Jan 9 14:01 apr_ldap.h -rw-r--r-- 1 root root 4709 Jan 9 14:01 apr_ldap_init.h -rw-r--r-- 1 root root 7973 Jan 9 14:01 apr_ldap_option.h -rw-r--r-- 1 root root 3625 Jan 9 14:01 apr_ldap_url.h -rw-r--r-- 1 root root 7927 Jan 9 13:58 apr_lib.h -rw-r--r-- 1 root root 4378 Jan 9 14:01 apr_md4.h -rw-r--r-- 1 root root 5426 Jan 9 14:01 apr_md5.h -rw-r--r-- 1 root root 5130 Jan 9 13:58 apr_mmap.h -rw-r--r-- 1 root root 31597 Jan 9 13:58 apr_network_io.h -rw-r--r-- 1 root root 2633 Jan 9 14:01 apr_optional.h -rw-r--r-- 1 root root 3722 Jan 9 14:01 apr_optional_hooks.h -rw-r--r-- 1 root root 7767 Jan 9 13:58 apr_poll.h -rw-r--r-- 1 root root 23956 Jan 9 13:58 apr_pools.h -rw-r--r-- 1 root root 18502 Jan 9 13:58 apr_portable.h -rw-r--r-- 1 root root 6002 Jan 9 13:58 apr_proc_mutex.h -rw-r--r-- 1 root root 3936 Jan 9 14:01 apr_queue.h -rw-r--r-- 1 root root 3267 Jan 9 13:58 apr_random.h -rw-r--r-- 1 root root 5221 Jan 9 14:01 apr_reslist.h -rw-r--r-- 1 root root 17930 Jan 9 13:58 apr_ring.h -rw-r--r-- 1 root root 4631 Jan 9 14:01 apr_rmm.h -rw-r--r-- 1 root root 5925 Jan 9 14:01 apr_sdbm.h -rw-r--r-- 1 root root 3737 Jan 9 14:01 apr_sha1.h -rw-r--r-- 1 root root 5025 Jan 9 13:58 apr_shm.h -rw-r--r-- 1 root root 2756 Jan 9 13:58 apr_signal.h -rw-r--r-- 1 root root 13853 Jan 9 13:58 apr_strings.h -rw-r--r-- 1 root root 2530 Jan 9 14:01 apr_strmatch.h -rw-r--r-- 1 root root 1411 Jan 9 13:58 apr_support.h -rw-r--r-- 1 root root 15698 Jan 9 13:58 apr_tables.h -rw-r--r-- 1 root root 5192 Jan 9 13:58 apr_thread_cond.h -rw-r--r-- 1 root root 3836 Jan 9 13:58 apr_thread_mutex.h -rw-r--r-- 1 root root 33437 Jan 9 13:58 apr_thread_proc.h -rw-r--r-- 1 root root 4766 Jan 9 13:58 apr_thread_rwlock.h -rw-r--r-- 1 root root 7385 Jan 9 13:58 apr_time.h -rw-r--r-- 1 root root 6441 Jan 9 14:01 apr_uri.h -rw-r--r-- 1 root root 5307 Jan 9 13:58
Re: Problems with APR install
I think there was a bug on 5.5.17 and apr . See the 5.5.18 changelog . Something to do with ipv6 even though I was running ipv4 . You'll know its working when you see this line: org.apache.coyote.ajp.AjpAprProtocol] Initializing Coyote AJP/1.3 on ajp-0.0.0.0-8009 I got exceptions on 5.5.17 when I got to that point using opensuse 10.1 . Try putting the libtcnative-* file in tomcat/bin if in doubt. My config is: LD_LIBRARY_PATH=/usr/local/apr/lib:/lib/tls:$LD_LIBRARY_PATH Actually I have no /lib/tls on my sys , must have copied that from somewhere. One other thing: try matching your 32bit jvm with 32bit native libs , or vice versa with 64bits. HTH, Robert On 1/9/07, Anthony J Biacco [EMAIL PROTECTED] wrote: I'm trying to get APR 1.2.8 working with tomcat 5.5.17 which comes with tomcat-native 1.1.3. I'm on RHEL4 on a 64-bit AMD system. I compiled APR from source into /usr/local/apr, compiled tomcat-native with /usr/local/apr, no problems. Added /usr/local/apr/lib to /etc/ld.so.conf and ran ldconfig, no problem. Added /usr/local/apr/lib to LD_LIBRARY_PATH in bin/startup.sh In conf/server.xml I have: Listener className=org.apache.catalina.core.AprLifecycleListener / In catalina.out on startup, I get: 14:52:09 INFO [main] org.apache.catalina.core.AprLifecycleListener: The Apache Tomcat Native library which allows optimal performance in production environme nts was not found on the java.library.path: /usr/java/jdk1.5.0_06/jre/lib/i386/server:/usr/java/jdk1.5.0_06/jre/lib/ i386:/usr/java/jdk1.5.0_06/jre/../lib/i38 6:/usr/local/apr/lib I can't find anything I missed. Ldd shows cleans for all so files, seems all libraries are there, don't know what it's looking for. Any help is appreciated. *** APR DIR LISTING *** # ls -lR /usr/local/apr /usr/local/apr: total 16 drwxr-xr-x 2 root root 4096 Jan 9 14:01 bin drwxr-xr-x 2 root root 4096 Jan 9 13:58 build-1 drwxr-xr-x 3 root root 4096 Jan 9 13:58 include drwxr-xr-x 3 root root 4096 Jan 9 14:05 lib /usr/local/apr/bin: total 16 -rwxr-xr-x 1 root root 6936 Jan 9 13:58 apr-1-config -rwxr-xr-x 1 root root 5769 Jan 9 14:01 apu-1-config /usr/local/apr/build-1: total 240 -rw-r--r-- 1 root root 6122 Jan 9 13:58 apr_rules.mk -rwxr-xr-x 1 root root 217294 Jan 9 13:58 libtool -rw-r--r-- 1 root root 2991 Jan 9 13:58 make_exports.awk -rw-r--r-- 1 root root 1023 Jan 9 13:58 make_var_export.awk -rwxr-xr-x 1 root root980 Jan 9 13:58 mkdir.sh /usr/local/apr/include: total 4 drwxr-xr-x 2 root root 4096 Jan 9 14:01 apr-1 /usr/local/apr/include/apr-1: total 700 -rw-r--r-- 1 root root 5334 Jan 9 13:58 apr_allocator.h -rw-r--r-- 1 root root 4903 Jan 9 14:01 apr_anylock.h -rw-r--r-- 1 root root 3766 Jan 9 13:58 apr_atomic.h -rw-r--r-- 1 root root 3615 Jan 9 14:01 apr_base64.h -rw-r--r-- 1 root root 57784 Jan 9 14:01 apr_buckets.h -rw-r--r-- 1 root root 3407 Jan 9 14:01 apr_date.h -rw-r--r-- 1 root root 14323 Jan 9 14:01 apr_dbd.h -rw-r--r-- 1 root root 8205 Jan 9 14:01 apr_dbm.h -rw-r--r-- 1 root root 2700 Jan 9 13:58 apr_dso.h -rw-r--r-- 1 root root 2105 Jan 9 13:58 apr_env.h -rw-r--r-- 1 root root 51421 Jan 9 13:58 apr_errno.h -rw-r--r-- 1 root root 17564 Jan 9 13:58 apr_file_info.h -rw-r--r-- 1 root root 33929 Jan 9 13:58 apr_file_io.h -rw-r--r-- 1 root root 4180 Jan 9 13:58 apr_fnmatch.h -rw-r--r-- 1 root root 7000 Jan 9 13:58 apr_general.h -rw-r--r-- 1 root root 5903 Jan 9 13:58 apr_getopt.h -rw-r--r-- 1 root root 5680 Jan 9 13:58 apr_global_mutex.h -rw-r--r-- 1 root root 11855 Jan 9 13:58 apr.h -rw-r--r-- 1 root root 8087 Jan 9 13:58 apr_hash.h -rw-r--r-- 1 root root 8438 Jan 9 14:01 apr_hooks.h -rw-r--r-- 1 root root 2137 Jan 9 13:58 apr_inherit.h -rw-r--r-- 1 root root 3394 Jan 9 14:01 apr_ldap.h -rw-r--r-- 1 root root 4709 Jan 9 14:01 apr_ldap_init.h -rw-r--r-- 1 root root 7973 Jan 9 14:01 apr_ldap_option.h -rw-r--r-- 1 root root 3625 Jan 9 14:01 apr_ldap_url.h -rw-r--r-- 1 root root 7927 Jan 9 13:58 apr_lib.h -rw-r--r-- 1 root root 4378 Jan 9 14:01 apr_md4.h -rw-r--r-- 1 root root 5426 Jan 9 14:01 apr_md5.h -rw-r--r-- 1 root root 5130 Jan 9 13:58 apr_mmap.h -rw-r--r-- 1 root root 31597 Jan 9 13:58 apr_network_io.h -rw-r--r-- 1 root root 2633 Jan 9 14:01 apr_optional.h -rw-r--r-- 1 root root 3722 Jan 9 14:01 apr_optional_hooks.h -rw-r--r-- 1 root root 7767 Jan 9 13:58 apr_poll.h -rw-r--r-- 1 root root 23956 Jan 9 13:58 apr_pools.h -rw-r--r-- 1 root root 18502 Jan 9 13:58 apr_portable.h -rw-r--r-- 1 root root 6002 Jan 9 13:58 apr_proc_mutex.h -rw-r--r-- 1 root root 3936 Jan 9 14:01 apr_queue.h -rw-r--r-- 1 root root 3267 Jan 9 13:58 apr_random.h -rw-r--r-- 1 root root 5221 Jan 9 14:01 apr_reslist.h -rw-r--r-- 1 root root 17930 Jan 9 13:58 apr_ring.h -rw-r--r-- 1 root root 4631 Jan 9 14:01 apr_rmm.h -rw-r--r-- 1 root root 5925 Jan 9 14:01 apr_sdbm.h -rw-r--r-- 1 root root 3737 Jan 9 14:01 apr_sha1.h -rw-r--r-- 1 root
Problems with APR install (addendum)
Update using strace.. An strace (using: strace -o /var/log/strace.log -f -vvv -F -p) of tomcat showed it opening the tcnative library Single instance: 30114 readlink(/usr/local/apr/lib/libtcnative-1.so, libtcnative-1.so.0.1.3, 4096) = 22 30114 lstat64(0x9434, 0x834c) = 0 30114 gettimeofday({2427469439440346, 17851169342549393408}, NULL) = 0 30114 open(/usr/local/apr/lib/libtcnative-1.so.0.1.3, O_RDONLY) = 10 30114 read(10, \177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0\0\1\0\0\0P\332\0\0..., 512) = 512 30114 close(10) = 0 All instances of anything referencing 'apr': # grep -i apr /var/log/strace.log 30469 readlink(/usr/local/apr/lib/libtcnative-1.so, libtcnative-1.so.0.1.3, 4096) = 22 30469 open(/usr/local/apr/lib/libtcnative-1.so.0.1.3, O_RDONLY) = 12 30469 open(/usr/local/apr/lib/libtcnative-1.so.0.1.3, O_RDONLY) = 12 30469 open(/usr/local/apr/lib/libtcnative-1.so.0.1.3, O_RDONLY) = 12 30469 open(/usr/local/apr/lib/libtcnative-1.so.0.1.3, O_RDONLY) = 10 -Tony Anthony J. Biacco Senior Systems/Network Administrator Decentrix Inc. 303-899-4000 x303 -Original Message- From: Anthony J Biacco [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 3:19 PM To: users@tomcat.apache.org Subject: Problems with APR install I'm trying to get APR 1.2.8 working with tomcat 5.5.17 which comes with tomcat-native 1.1.3. I'm on RHEL4 on a 64-bit AMD system. I compiled APR from source into /usr/local/apr, compiled tomcat-native with /usr/local/apr, no problems. Added /usr/local/apr/lib to /etc/ld.so.conf and ran ldconfig, no problem. Added /usr/local/apr/lib to LD_LIBRARY_PATH in bin/startup.sh In conf/server.xml I have: Listener className=org.apache.catalina.core.AprLifecycleListener / In catalina.out on startup, I get: 14:52:09 INFO [main] org.apache.catalina.core.AprLifecycleListener: The Apache Tomcat Native library which allows optimal performance in production environme nts was not found on the java.library.path: /usr/java/jdk1.5.0_06/jre/lib/i386/server:/usr/java/jdk1.5.0_06/jre/lib / i386:/usr/java/jdk1.5.0_06/jre/../lib/i38 6:/usr/local/apr/lib I can't find anything I missed. Ldd shows cleans for all so files, seems all libraries are there, don't know what it's looking for. Any help is appreciated. *** APR DIR LISTING *** # ls -lR /usr/local/apr /usr/local/apr: total 16 drwxr-xr-x 2 root root 4096 Jan 9 14:01 bin drwxr-xr-x 2 root root 4096 Jan 9 13:58 build-1 drwxr-xr-x 3 root root 4096 Jan 9 13:58 include drwxr-xr-x 3 root root 4096 Jan 9 14:05 lib /usr/local/apr/bin: total 16 -rwxr-xr-x 1 root root 6936 Jan 9 13:58 apr-1-config -rwxr-xr-x 1 root root 5769 Jan 9 14:01 apu-1-config /usr/local/apr/build-1: total 240 -rw-r--r-- 1 root root 6122 Jan 9 13:58 apr_rules.mk -rwxr-xr-x 1 root root 217294 Jan 9 13:58 libtool -rw-r--r-- 1 root root 2991 Jan 9 13:58 make_exports.awk -rw-r--r-- 1 root root 1023 Jan 9 13:58 make_var_export.awk -rwxr-xr-x 1 root root980 Jan 9 13:58 mkdir.sh /usr/local/apr/include: total 4 drwxr-xr-x 2 root root 4096 Jan 9 14:01 apr-1 /usr/local/apr/include/apr-1: total 700 -rw-r--r-- 1 root root 5334 Jan 9 13:58 apr_allocator.h -rw-r--r-- 1 root root 4903 Jan 9 14:01 apr_anylock.h -rw-r--r-- 1 root root 3766 Jan 9 13:58 apr_atomic.h -rw-r--r-- 1 root root 3615 Jan 9 14:01 apr_base64.h -rw-r--r-- 1 root root 57784 Jan 9 14:01 apr_buckets.h -rw-r--r-- 1 root root 3407 Jan 9 14:01 apr_date.h -rw-r--r-- 1 root root 14323 Jan 9 14:01 apr_dbd.h -rw-r--r-- 1 root root 8205 Jan 9 14:01 apr_dbm.h -rw-r--r-- 1 root root 2700 Jan 9 13:58 apr_dso.h -rw-r--r-- 1 root root 2105 Jan 9 13:58 apr_env.h -rw-r--r-- 1 root root 51421 Jan 9 13:58 apr_errno.h -rw-r--r-- 1 root root 17564 Jan 9 13:58 apr_file_info.h -rw-r--r-- 1 root root 33929 Jan 9 13:58 apr_file_io.h -rw-r--r-- 1 root root 4180 Jan 9 13:58 apr_fnmatch.h -rw-r--r-- 1 root root 7000 Jan 9 13:58 apr_general.h -rw-r--r-- 1 root root 5903 Jan 9 13:58 apr_getopt.h -rw-r--r-- 1 root root 5680 Jan 9 13:58 apr_global_mutex.h -rw-r--r-- 1 root root 11855 Jan 9 13:58 apr.h -rw-r--r-- 1 root root 8087 Jan 9 13:58 apr_hash.h -rw-r--r-- 1 root root 8438 Jan 9 14:01 apr_hooks.h -rw-r--r-- 1 root root 2137 Jan 9 13:58 apr_inherit.h -rw-r--r-- 1 root root 3394 Jan 9 14:01 apr_ldap.h -rw-r--r-- 1 root root 4709 Jan 9 14:01 apr_ldap_init.h -rw-r--r-- 1 root root 7973 Jan 9 14:01 apr_ldap_option.h -rw-r--r-- 1 root root 3625 Jan 9 14:01 apr_ldap_url.h -rw-r--r-- 1 root root 7927 Jan 9 13:58 apr_lib.h -rw-r--r-- 1 root root 4378 Jan 9 14:01 apr_md4.h -rw-r--r-- 1 root root 5426 Jan 9 14:01 apr_md5.h -rw-r--r-- 1 root root 5130 Jan 9 13:58 apr_mmap.h -rw-r--r-- 1 root root 31597 Jan 9 13:58 apr_network_io.h -rw-r--r-- 1 root root 2633 Jan 9 14:01 apr_optional.h -rw-r--r-- 1
RE: Problems with APR install
1. The LD_LIBRARY_PATH add didn't add anything to the end, just a : 2. The copy of the tcnative to bin/ didn't help 3. How can I tell if I'm using a 32-bit or 64-bit jvm? I'm assuming if it's 32-bit I'll have to recompile apr and tcnative as 32-bit, if possible? 4. I'll check the 5.5.18 changelog, thanx. -Tony Anthony J. Biacco Senior Systems/Network Administrator Decentrix Inc. 303-899-4000 x303 -Original Message- From: robert lazarski [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 3:34 PM To: Tomcat Users List Subject: Re: Problems with APR install I think there was a bug on 5.5.17 and apr . See the 5.5.18 changelog . Something to do with ipv6 even though I was running ipv4 . You'll know its working when you see this line: org.apache.coyote.ajp.AjpAprProtocol] Initializing Coyote AJP/1.3 on ajp-0.0.0.0-8009 I got exceptions on 5.5.17 when I got to that point using opensuse 10.1 . Try putting the libtcnative-* file in tomcat/bin if in doubt. My config is: LD_LIBRARY_PATH=/usr/local/apr/lib:/lib/tls:$LD_LIBRARY_PATH Actually I have no /lib/tls on my sys , must have copied that from somewhere. One other thing: try matching your 32bit jvm with 32bit native libs , or vice versa with 64bits. HTH, Robert On 1/9/07, Anthony J Biacco [EMAIL PROTECTED] wrote: I'm trying to get APR 1.2.8 working with tomcat 5.5.17 which comes with tomcat-native 1.1.3. I'm on RHEL4 on a 64-bit AMD system. I compiled APR from source into /usr/local/apr, compiled tomcat- native with /usr/local/apr, no problems. Added /usr/local/apr/lib to /etc/ld.so.conf and ran ldconfig, no problem. Added /usr/local/apr/lib to LD_LIBRARY_PATH in bin/startup.sh In conf/server.xml I have: Listener className=org.apache.catalina.core.AprLifecycleListener / In catalina.out on startup, I get: 14:52:09 INFO [main] org.apache.catalina.core.AprLifecycleListener: The Apache Tomcat Native library which allows optimal performance in production environme nts was not found on the java.library.path: /usr/java/jdk1.5.0_06/jre/lib/i386/server:/usr/java/jdk1.5.0_06/jre/lib / i386:/usr/java/jdk1.5.0_06/jre/../lib/i38 6:/usr/local/apr/lib I can't find anything I missed. Ldd shows cleans for all so files, seems all libraries are there, don't know what it's looking for. Any help is appreciated. *** APR DIR LISTING *** # ls -lR /usr/local/apr /usr/local/apr: total 16 drwxr-xr-x 2 root root 4096 Jan 9 14:01 bin drwxr-xr-x 2 root root 4096 Jan 9 13:58 build-1 drwxr-xr-x 3 root root 4096 Jan 9 13:58 include drwxr-xr-x 3 root root 4096 Jan 9 14:05 lib /usr/local/apr/bin: total 16 -rwxr-xr-x 1 root root 6936 Jan 9 13:58 apr-1-config -rwxr-xr-x 1 root root 5769 Jan 9 14:01 apu-1-config /usr/local/apr/build-1: total 240 -rw-r--r-- 1 root root 6122 Jan 9 13:58 apr_rules.mk -rwxr-xr-x 1 root root 217294 Jan 9 13:58 libtool -rw-r--r-- 1 root root 2991 Jan 9 13:58 make_exports.awk -rw-r--r-- 1 root root 1023 Jan 9 13:58 make_var_export.awk -rwxr-xr-x 1 root root980 Jan 9 13:58 mkdir.sh /usr/local/apr/include: total 4 drwxr-xr-x 2 root root 4096 Jan 9 14:01 apr-1 /usr/local/apr/include/apr-1: total 700 -rw-r--r-- 1 root root 5334 Jan 9 13:58 apr_allocator.h -rw-r--r-- 1 root root 4903 Jan 9 14:01 apr_anylock.h -rw-r--r-- 1 root root 3766 Jan 9 13:58 apr_atomic.h -rw-r--r-- 1 root root 3615 Jan 9 14:01 apr_base64.h -rw-r--r-- 1 root root 57784 Jan 9 14:01 apr_buckets.h -rw-r--r-- 1 root root 3407 Jan 9 14:01 apr_date.h -rw-r--r-- 1 root root 14323 Jan 9 14:01 apr_dbd.h -rw-r--r-- 1 root root 8205 Jan 9 14:01 apr_dbm.h -rw-r--r-- 1 root root 2700 Jan 9 13:58 apr_dso.h -rw-r--r-- 1 root root 2105 Jan 9 13:58 apr_env.h -rw-r--r-- 1 root root 51421 Jan 9 13:58 apr_errno.h -rw-r--r-- 1 root root 17564 Jan 9 13:58 apr_file_info.h -rw-r--r-- 1 root root 33929 Jan 9 13:58 apr_file_io.h -rw-r--r-- 1 root root 4180 Jan 9 13:58 apr_fnmatch.h -rw-r--r-- 1 root root 7000 Jan 9 13:58 apr_general.h -rw-r--r-- 1 root root 5903 Jan 9 13:58 apr_getopt.h -rw-r--r-- 1 root root 5680 Jan 9 13:58 apr_global_mutex.h -rw-r--r-- 1 root root 11855 Jan 9 13:58 apr.h -rw-r--r-- 1 root root 8087 Jan 9 13:58 apr_hash.h -rw-r--r-- 1 root root 8438 Jan 9 14:01 apr_hooks.h -rw-r--r-- 1 root root 2137 Jan 9 13:58 apr_inherit.h -rw-r--r-- 1 root root 3394 Jan 9 14:01 apr_ldap.h -rw-r--r-- 1 root root 4709 Jan 9 14:01 apr_ldap_init.h -rw-r--r-- 1 root root 7973 Jan 9 14:01 apr_ldap_option.h -rw-r--r-- 1 root root 3625 Jan 9 14:01 apr_ldap_url.h -rw-r--r-- 1 root root 7927 Jan 9 13:58 apr_lib.h -rw-r--r-- 1 root root 4378 Jan 9 14:01 apr_md4.h -rw-r--r-- 1 root root 5426 Jan 9 14:01 apr_md5.h -rw-r--r-- 1 root root 5130 Jan 9 13:58 apr_mmap.h
Re: How can we use php with tomcat
Le Phuoc Canh ha scritto: Can we use php with tomcat ? If anybody know about it, please help me. Thanks Best Regard. I have installed on my Tomcat 5.5.20 the PHP 4.0 ... there are 2 ways : 1) using the famous php servlet phpsrvlt.jar that requires external libraries to work 2) using the slow CGI-BIN PHP interpreter The second way is very simple , it requires only to add a few lines on web.xml !-- PHP-CGI Servlet Declaration -- servlet servlet-namephp/servlet-name servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class init-param param-nameexecutable/param-name param-value/var/www/sbin/php4.ELF/param-value /init-param init-param param-namedebug/param-name param-value1/param-value /init-param init-param param-namecgiPathPrefix/param-name param-value./param-value /init-param load-on-startup5/load-on-startup /servlet !-- The mapping for the PHP-CGI servlet -- servlet-mapping servlet-namephp/servlet-name url-pattern*.php/url-pattern /servlet-mapping and install (on Debian) the PHP CLI package (CLI = Command Line Interpreter) . Hope this may help you :-) Gabriele Burattini Le informazioni contenute nella presente e-mail e negli eventuali allegati, devono essere nella disponibilita' del solo destinatario. Se avete ricevuto per errore questa e-mail siete pregati di informarci (rispedendola al mittente) e di provvedere alla sua rimozione. Possono essere presenti informazioni riservate e non corrette (parzialmente o totalmente). Le e-mail in partenza e in arrivo possono essere oggetto di monitoraggio da parte di FaberSoft S.r.l. Del contenuto e' responsabile il mittente della presente. Chiunque venga in possesso non autorizzato di questa e-mail e' vincolato dalla Legge a non leggerne il contenuto, a non copiarla, a non diffonderla e a non usarla. La informiamo che per l'esercizio dei diritti di cui all'art. 7 del D.Lgs. 196/2003 puo' rivolgersi al Titolare del trattamento FaberSoft Srl per posta o per fax, indicando sulla busta o sul foglio la dicitura Inerente alla Privacy, o inviando una e-mail all'indirizzo [EMAIL PROTECTED] .
Re: Best way to include common html
Is there actually any real requirements for those html-code portions to be outside of the webapp? If no - move them into the webapp :-) If no - write a custom tag which caches the files via normal FileSystem read and dumps them out in the jsp buffer (of course its better to have a class that caches the binaries and the tags only gets the data from this class, but you haven't asked for details, right?) regards Leon On 1/9/07, Scott Cowley [EMAIL PROTECTED] wrote: The problem is that I can't reference JSP includes from app code if the included file is outside the app's root. (At least with the default installation of Tomcat). -Original Message- From: Scott Purcell [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 1:24 PM To: Tomcat Users List Subject: RE: Best way to include common html Possibly a framework for templating. Tiles, SiteMesh they are created for exactly what you are looking for. Of course you can use JSP includes ... but the frameworks do a better job IMOHO. -Original Message- From: Scott Cowley [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 2:14 PM To: Tomcat Users List Subject: Best way to include common html What is the best approach to get shared HTML files, (such as header and footer files) located outside each appBase, included into an application (.jsp) under Tomcat? SSI filter ? Or some context resource setting ? Thanks for any help. - s.c., university of utah - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and JSTL 1.2
Ok I think I know what is going on. I use maven as my build system, and it downloaded the jstl-1.2.jar for me. On looking inside the jar its directory structure seemed a bit odd. /META-INF /classes/org/... /javax/... I edited the file and moved the org and javax directories to the root of the jar and it all sprung into life. How odd. Thanks for your help. Ben On 1/9/07, Derrick Koes [EMAIL PROTECTED] wrote: The .tld file itself should tell you the URL you need in the directive to access the file. The .tld file doesn't need to be in web-inf/lib. These can be accessed from the jar, at least that was true with JSTL 1.1. I would check the .tld, perhaps the uri element value changed. Example: .tld snippet: ?xml version=1.0 encoding=UTF-8 ? taglib xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd; version=2.0 descriptionJSTL 1.1 core library/description display-nameJSTL core/display-name tlib-version1.1/tlib-version short-namec/short-name urihttp://java.sun.com/jsp/jstl/core/uri %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c % -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ben short Sent: Tuesday, January 09, 2007 12:45 PM To: Tomcat Users List Subject: Re: Tomcat and JSTL 1.2 Tim, Thats what I thought, but I check and double checked and the jstl-1.2.jar file is in the correct location. It also has the c.tld inside it. On 1/9/07, Tim Funk [EMAIL PROTECTED] wrote: Looks like you are missing the JSTL jar files whihc need to be in WEB-INF/lib -Tim ben short wrote: Hi all, Im trying to use jstl 1.2 with tomcat 5.5.20 and java 1.5.0_05-b05. My webapp deploys ok but when I browse to it I get the following exception. xception org.apache.jasper.JasperException: Unable to read TLD META-INF/c.tld from JAR file file:/opt/apache-tomcat-5.5.20/webapps/basket/WEB-INF/lib/jstl-1.2.jar : org.apache.jasper.JasperException: Failed to load or instantiate TagLibraryValidator class: org.apache.taglibs.standard.tlv.JstlCoreTLV org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspSe rvletWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrappe r.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java: 314) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Securing Tomcat Article for Review
Gregor Schneider wrote: On 1/9/07, Markus Schönhaber [EMAIL PROTECTED] wrote: Did you read the article that is subject to this thread? yep I don't think I understand how your post relates to mine. My post relates to yours and to some other posts here in that sense that you (and others) stated that putting apache httpd in front of tomcat would decrease security. Wrong. I never stated that an httpd in front of Tomcat would *always* decrease security. Please read again what I wrote. Indeed, I do think that putting an httpd in front of Tomcat *without need* is dumb, needlessly adds al level of complexity to the system and potentially decreases the overall security of the system. OTOH there a very good reasons to use a httpd-Tomcat combination. Alas, the only reason there usually is, as you said, I wouldn't count amongst the good reasons. Tomcat serves static content just fine. In combination with APR even finer. I've never seen it necessary to use httpd just because of static content. I've read this claim (httpd is superior for static content) many times, but I've never seen the one making that claim also providing facts that back up it's truth. Of course, YMMV. Top of *my* list of good reasons for using httpd and Tomcat together is a httpd that acts as load-balancer for multiple Tomcat instances. Second comes the httpd that's already there and isn't going away. This one obviously is already part of the system's complexity and therefore won't add to it. that's definately not the case. Definitely? Hm, again such an absolute claim of yours for which you provide no facts to back it up. when reading those posts, somebody might think that putting apache in front might even break security. And he might think right. If you're adding complexity to the system you should be aware that there's the need to add even more sensible care to the system. If you fail to do that, the overall security will very propably be lower. As I see it, the chain of security is just as strong as it's weakest link. Likewise a httpd that is configured perfectly secure won't help if the Tomcat it handles requests to can be bugged into starting a root shell. since it's a real-world-scenario having apache httpd in front of tomcat, i'm just saying that nobody should worry about this combination. My point is: one should worry about every piece of software installed. Even more so if it is accessible from an untrusted network. The more software, the more there is to worry about. however, to make it clear: you are right, putting apache in front TO IMPROVE SECURITY doesn't make sense. OK, at least wrt this point we see things the same way. OTOH, i'd rather have apache in front than running tomcat on port 80 via jsvc or as a service. I'd like to repeat Chuck's question: why? Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
unable to start tomcat from ant target
am using ant 1.6.2 version. I am having problem with ant target used to start tomcat server. Tomcat server is 5.5.20 version. The target is as follows target name=start_tomcat_server description=starts the tomcat server echo message=starting tomcat server / exec dir=${local.dir}/Tomcat/bin/ executable=startup.bat resolveexecutable=true /exec /target I get the the following message , when I run the target [exec] Result -1723061 The tomcat server does not start. Iam running this target from eclipse environment version 3.2. Any ideas as to what could be the reason ?? I googled on this topic , but was not able to find substantial information , to solve this problem. When I use startup.bat(tomcat/bin/startup.bat) , I can start tomcat,without any problem. thanks, Suchitha.
Re: Problems with APR install
One other thing: If you are using 'java service wrapper' or perhaps some other type of dameon on tomcat , you may not pick up the LD_LIBRARY_PATH . In the 'java service wrapper' case you need to add the dir manually in wrapper.conf . On 1/9/07, Anthony J Biacco [EMAIL PROTECTED] wrote: 1. The LD_LIBRARY_PATH add didn't add anything to the end, just a : 2. The copy of the tcnative to bin/ didn't help 3. How can I tell if I'm using a 32-bit or 64-bit jvm? I'm assuming if it's 32-bit I'll have to recompile apr and tcnative as 32-bit, if possible? 4. I'll check the 5.5.18 changelog, thanx. -Tony Anthony J. Biacco Senior Systems/Network Administrator Decentrix Inc. 303-899-4000 x303 -Original Message- From: robert lazarski [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 3:34 PM To: Tomcat Users List Subject: Re: Problems with APR install I think there was a bug on 5.5.17 and apr . See the 5.5.18 changelog . Something to do with ipv6 even though I was running ipv4 . You'll know its working when you see this line: org.apache.coyote.ajp.AjpAprProtocol] Initializing Coyote AJP/1.3 on ajp-0.0.0.0-8009 I got exceptions on 5.5.17 when I got to that point using opensuse 10.1 . Try putting the libtcnative-* file in tomcat/bin if in doubt. My config is: LD_LIBRARY_PATH=/usr/local/apr/lib:/lib/tls:$LD_LIBRARY_PATH Actually I have no /lib/tls on my sys , must have copied that from somewhere. One other thing: try matching your 32bit jvm with 32bit native libs , or vice versa with 64bits. HTH, Robert On 1/9/07, Anthony J Biacco [EMAIL PROTECTED] wrote: I'm trying to get APR 1.2.8 working with tomcat 5.5.17 which comes with tomcat-native 1.1.3. I'm on RHEL4 on a 64-bit AMD system. I compiled APR from source into /usr/local/apr, compiled tomcat- native with /usr/local/apr, no problems. Added /usr/local/apr/lib to /etc/ld.so.conf and ran ldconfig, no problem. Added /usr/local/apr/lib to LD_LIBRARY_PATH in bin/startup.sh In conf/server.xml I have: Listener className=org.apache.catalina.core.AprLifecycleListener / In catalina.out on startup, I get: 14:52:09 INFO [main] org.apache.catalina.core.AprLifecycleListener: The Apache Tomcat Native library which allows optimal performance in production environme nts was not found on the java.library.path: /usr/java/jdk1.5.0_06/jre/lib/i386/server:/usr/java/jdk1.5.0_06/jre/lib / i386:/usr/java/jdk1.5.0_06/jre/../lib/i38 6:/usr/local/apr/lib I can't find anything I missed. Ldd shows cleans for all so files, seems all libraries are there, don't know what it's looking for. Any help is appreciated. *** APR DIR LISTING *** # ls -lR /usr/local/apr /usr/local/apr: total 16 drwxr-xr-x 2 root root 4096 Jan 9 14:01 bin drwxr-xr-x 2 root root 4096 Jan 9 13:58 build-1 drwxr-xr-x 3 root root 4096 Jan 9 13:58 include drwxr-xr-x 3 root root 4096 Jan 9 14:05 lib /usr/local/apr/bin: total 16 -rwxr-xr-x 1 root root 6936 Jan 9 13:58 apr-1-config -rwxr-xr-x 1 root root 5769 Jan 9 14:01 apu-1-config /usr/local/apr/build-1: total 240 -rw-r--r-- 1 root root 6122 Jan 9 13:58 apr_rules.mk -rwxr-xr-x 1 root root 217294 Jan 9 13:58 libtool -rw-r--r-- 1 root root 2991 Jan 9 13:58 make_exports.awk -rw-r--r-- 1 root root 1023 Jan 9 13:58 make_var_export.awk -rwxr-xr-x 1 root root980 Jan 9 13:58 mkdir.sh /usr/local/apr/include: total 4 drwxr-xr-x 2 root root 4096 Jan 9 14:01 apr-1 /usr/local/apr/include/apr-1: total 700 -rw-r--r-- 1 root root 5334 Jan 9 13:58 apr_allocator.h -rw-r--r-- 1 root root 4903 Jan 9 14:01 apr_anylock.h -rw-r--r-- 1 root root 3766 Jan 9 13:58 apr_atomic.h -rw-r--r-- 1 root root 3615 Jan 9 14:01 apr_base64.h -rw-r--r-- 1 root root 57784 Jan 9 14:01 apr_buckets.h -rw-r--r-- 1 root root 3407 Jan 9 14:01 apr_date.h -rw-r--r-- 1 root root 14323 Jan 9 14:01 apr_dbd.h -rw-r--r-- 1 root root 8205 Jan 9 14:01 apr_dbm.h -rw-r--r-- 1 root root 2700 Jan 9 13:58 apr_dso.h -rw-r--r-- 1 root root 2105 Jan 9 13:58 apr_env.h -rw-r--r-- 1 root root 51421 Jan 9 13:58 apr_errno.h -rw-r--r-- 1 root root 17564 Jan 9 13:58 apr_file_info.h -rw-r--r-- 1 root root 33929 Jan 9 13:58 apr_file_io.h -rw-r--r-- 1 root root 4180 Jan 9 13:58 apr_fnmatch.h -rw-r--r-- 1 root root 7000 Jan 9 13:58 apr_general.h -rw-r--r-- 1 root root 5903 Jan 9 13:58 apr_getopt.h -rw-r--r-- 1 root root 5680 Jan 9 13:58 apr_global_mutex.h -rw-r--r-- 1 root root 11855 Jan 9 13:58 apr.h -rw-r--r-- 1 root root 8087 Jan 9 13:58 apr_hash.h -rw-r--r-- 1 root root 8438 Jan 9 14:01 apr_hooks.h -rw-r--r-- 1 root root 2137 Jan 9 13:58 apr_inherit.h -rw-r--r-- 1 root root 3394 Jan 9 14:01 apr_ldap.h -rw-r--r-- 1 root root 4709 Jan 9 14:01 apr_ldap_init.h -rw-r--r-- 1 root root 7973 Jan 9 14:01 apr_ldap_option.h
RE: Problems with APR install
I think the problem is the 32-bit mixed with 64-bit one you mentioned. The jvm is 32-bit. I tried compiling apr as 32-bit which eventually worked, but apr-util wouldn't. Right now I'm just gonna try installing the 64 bit amd java and be done with it. Thanx, -Tony Anthony J. Biacco Senior Systems/Network Administrator Decentrix Inc. 303-899-4000 x303 -Original Message- From: robert lazarski [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 4:37 PM To: Tomcat Users List Subject: Re: Problems with APR install One other thing: If you are using 'java service wrapper' or perhaps some other type of dameon on tomcat , you may not pick up the LD_LIBRARY_PATH . In the 'java service wrapper' case you need to add the dir manually in wrapper.conf . On 1/9/07, Anthony J Biacco [EMAIL PROTECTED] wrote: 1. The LD_LIBRARY_PATH add didn't add anything to the end, just a : 2. The copy of the tcnative to bin/ didn't help 3. How can I tell if I'm using a 32-bit or 64-bit jvm? I'm assuming if it's 32-bit I'll have to recompile apr and tcnative as 32-bit, if possible? 4. I'll check the 5.5.18 changelog, thanx. -Tony Anthony J. Biacco Senior Systems/Network Administrator Decentrix Inc. 303-899-4000 x303 -Original Message- From: robert lazarski [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 3:34 PM To: Tomcat Users List Subject: Re: Problems with APR install I think there was a bug on 5.5.17 and apr . See the 5.5.18 changelog . Something to do with ipv6 even though I was running ipv4 . You'll know its working when you see this line: org.apache.coyote.ajp.AjpAprProtocol] Initializing Coyote AJP/1.3 on ajp-0.0.0.0-8009 I got exceptions on 5.5.17 when I got to that point using opensuse 10.1 . Try putting the libtcnative-* file in tomcat/bin if in doubt. My config is: LD_LIBRARY_PATH=/usr/local/apr/lib:/lib/tls:$LD_LIBRARY_PATH Actually I have no /lib/tls on my sys , must have copied that from somewhere. One other thing: try matching your 32bit jvm with 32bit native libs , or vice versa with 64bits. HTH, Robert On 1/9/07, Anthony J Biacco [EMAIL PROTECTED] wrote: I'm trying to get APR 1.2.8 working with tomcat 5.5.17 which comes with tomcat-native 1.1.3. I'm on RHEL4 on a 64-bit AMD system. I compiled APR from source into /usr/local/apr, compiled tomcat- native with /usr/local/apr, no problems. Added /usr/local/apr/lib to /etc/ld.so.conf and ran ldconfig, no problem. Added /usr/local/apr/lib to LD_LIBRARY_PATH in bin/startup.sh In conf/server.xml I have: Listener className=org.apache.catalina.core.AprLifecycleListener / In catalina.out on startup, I get: 14:52:09 INFO [main] org.apache.catalina.core.AprLifecycleListener: The Apache Tomcat Native library which allows optimal performance in production environme nts was not found on the java.library.path: /usr/java/jdk1.5.0_06/jre/lib/i386/server:/usr/java/jdk1.5.0_06/jre/lib / i386:/usr/java/jdk1.5.0_06/jre/../lib/i38 6:/usr/local/apr/lib I can't find anything I missed. Ldd shows cleans for all so files, seems all libraries are there, don't know what it's looking for. Any help is appreciated. *** APR DIR LISTING *** # ls -lR /usr/local/apr /usr/local/apr: total 16 drwxr-xr-x 2 root root 4096 Jan 9 14:01 bin drwxr-xr-x 2 root root 4096 Jan 9 13:58 build-1 drwxr-xr-x 3 root root 4096 Jan 9 13:58 include drwxr-xr-x 3 root root 4096 Jan 9 14:05 lib /usr/local/apr/bin: total 16 -rwxr-xr-x 1 root root 6936 Jan 9 13:58 apr-1-config -rwxr-xr-x 1 root root 5769 Jan 9 14:01 apu-1-config /usr/local/apr/build-1: total 240 -rw-r--r-- 1 root root 6122 Jan 9 13:58 apr_rules.mk -rwxr-xr-x 1 root root 217294 Jan 9 13:58 libtool -rw-r--r-- 1 root root 2991 Jan 9 13:58 make_exports.awk -rw-r--r-- 1 root root 1023 Jan 9 13:58 make_var_export.awk -rwxr-xr-x 1 root root980 Jan 9 13:58 mkdir.sh /usr/local/apr/include: total 4 drwxr-xr-x 2 root root 4096 Jan 9 14:01 apr-1 /usr/local/apr/include/apr-1: total 700 -rw-r--r-- 1 root root 5334 Jan 9 13:58 apr_allocator.h -rw-r--r-- 1 root root 4903 Jan 9 14:01 apr_anylock.h -rw-r--r-- 1 root root 3766 Jan 9 13:58 apr_atomic.h -rw-r--r-- 1 root root 3615 Jan 9 14:01 apr_base64.h -rw-r--r-- 1 root root 57784 Jan 9 14:01 apr_buckets.h -rw-r--r-- 1 root root 3407 Jan 9 14:01 apr_date.h -rw-r--r-- 1 root root 14323 Jan 9 14:01 apr_dbd.h -rw-r--r-- 1 root root 8205 Jan 9 14:01 apr_dbm.h -rw-r--r-- 1 root root 2700 Jan 9 13:58 apr_dso.h -rw-r--r-- 1 root root 2105 Jan 9 13:58 apr_env.h
Re: Securing Tomcat Article for Review
Christopher Schultz wrote: Markus Schönhaber wrote: You defend it yourself in the next paragraph you've written. One could argue that more moving parts equals more complexity, and that complexity is an enemy of security (and I agree). However, there must be a balance. If good security requires layers, and each layer adds more complexity, then there is a paradox. Exactly. I believe I raised a question, rather than defending a point. Hm. In this case, I obviously missed your point - and I didn't understand your question either. I'm suggesting that things are more complicated than the sound bites that some people like to drop. I would appreciate my FUD to come with a side order of empirical evidence. For instance, if Leon had said I've had bad security experiences with Apache httpd, well, then at least he would have actually been making a statement. OK, we can agree on that. I also consider absolute statements like Don't install httpd! It will always breach the system's security! as useless as statements like You know nothing about httpd? Pah! Just go ahead and install it. There's absolutely nothing to worry about. I would just urge posters to the list to post something more than product X sucks or . I hate having wasted my time to read a message that does not move the dialog forward (not that I'm saying that Leon's message was a waste of time). Let's all endeavor to provide proper context and be precise in what message we are trying to communicate. Agreed. Leon's message says flat out that adding Apache httpd reduces security, and provides no basis for that statement. A more appropriate statement might have been that Apache does not add any appreciable measure of security as Tomcat provides the same kinds of protections against unauthorized access, etc. True. Nevertheless, Leon has elaborated what he meant to say in his answer to your post (the one I'm also replying to atm). And the opinion he expresses there is quite similar to mine. To repeat once again: I'm not bashing httpd, Tomcat, IIS or whatever. I'm simply saying: if there is a good reason to install a particular piece of software, go ahead, install it *and* take care of it. If you don't see this good reason, don't install it. And I consider installing httpd *only* to make Tomcat accessible via port 80 not a good reason. I consider this plain dumb. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problems with APR install
Installing the 64-bit JVM fixed it. Thanx! -Tony Anthony J. Biacco Senior Systems/Network Administrator Decentrix Inc. 303-899-4000 x303 -Original Message- From: Anthony J Biacco [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 4:44 PM To: Tomcat Users List Subject: RE: Problems with APR install I think the problem is the 32-bit mixed with 64-bit one you mentioned. The jvm is 32-bit. I tried compiling apr as 32-bit which eventually worked, but apr-util wouldn't. Right now I'm just gonna try installing the 64 bit amd java and be done with it. Thanx, -Tony Anthony J. Biacco Senior Systems/Network Administrator Decentrix Inc. 303-899-4000 x303 -Original Message- From: robert lazarski [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 4:37 PM To: Tomcat Users List Subject: Re: Problems with APR install One other thing: If you are using 'java service wrapper' or perhaps some other type of dameon on tomcat , you may not pick up the LD_LIBRARY_PATH . In the 'java service wrapper' case you need to add the dir manually in wrapper.conf . On 1/9/07, Anthony J Biacco [EMAIL PROTECTED] wrote: 1. The LD_LIBRARY_PATH add didn't add anything to the end, just a : 2. The copy of the tcnative to bin/ didn't help 3. How can I tell if I'm using a 32-bit or 64-bit jvm? I'm assuming if it's 32-bit I'll have to recompile apr and tcnative as 32-bit, if possible? 4. I'll check the 5.5.18 changelog, thanx. -Tony Anthony J. Biacco Senior Systems/Network Administrator Decentrix Inc. 303-899-4000 x303 -Original Message- From: robert lazarski [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 09, 2007 3:34 PM To: Tomcat Users List Subject: Re: Problems with APR install I think there was a bug on 5.5.17 and apr . See the 5.5.18 changelog . Something to do with ipv6 even though I was running ipv4 . You'll know its working when you see this line: org.apache.coyote.ajp.AjpAprProtocol] Initializing Coyote AJP/1.3 on ajp-0.0.0.0-8009 I got exceptions on 5.5.17 when I got to that point using opensuse 10.1 . Try putting the libtcnative-* file in tomcat/bin if in doubt. My config is: LD_LIBRARY_PATH=/usr/local/apr/lib:/lib/tls:$LD_LIBRARY_PATH Actually I have no /lib/tls on my sys , must have copied that from somewhere. One other thing: try matching your 32bit jvm with 32bit native libs , or vice versa with 64bits. HTH, Robert On 1/9/07, Anthony J Biacco [EMAIL PROTECTED] wrote: I'm trying to get APR 1.2.8 working with tomcat 5.5.17 which comes with tomcat-native 1.1.3. I'm on RHEL4 on a 64-bit AMD system. I compiled APR from source into /usr/local/apr, compiled tomcat- native with /usr/local/apr, no problems. Added /usr/local/apr/lib to /etc/ld.so.conf and ran ldconfig, no problem. Added /usr/local/apr/lib to LD_LIBRARY_PATH in bin/startup.sh In conf/server.xml I have: Listener className=org.apache.catalina.core.AprLifecycleListener / In catalina.out on startup, I get: 14:52:09 INFO [main] org.apache.catalina.core.AprLifecycleListener: The Apache Tomcat Native library which allows optimal performance in production environme nts was not found on the java.library.path: /usr/java/jdk1.5.0_06/jre/lib/i386/server:/usr/java/jdk1.5.0_06/jre/lib / i386:/usr/java/jdk1.5.0_06/jre/../lib/i38 6:/usr/local/apr/lib I can't find anything I missed. Ldd shows cleans for all so files, seems all libraries are there, don't know what it's looking for. Any help is appreciated. *** APR DIR LISTING *** # ls -lR /usr/local/apr /usr/local/apr: total 16 drwxr-xr-x 2 root root 4096 Jan 9 14:01 bin drwxr-xr-x 2 root root 4096 Jan 9 13:58 build-1 drwxr-xr-x 3 root root 4096 Jan 9 13:58 include drwxr-xr-x 3 root root 4096 Jan 9 14:05 lib /usr/local/apr/bin: total 16 -rwxr-xr-x 1 root root 6936 Jan 9 13:58 apr-1-config -rwxr-xr-x 1 root root 5769 Jan 9 14:01 apu-1-config /usr/local/apr/build-1: total 240 -rw-r--r-- 1 root root 6122 Jan 9 13:58 apr_rules.mk -rwxr-xr-x 1 root root 217294 Jan 9 13:58 libtool -rw-r--r-- 1 root root 2991 Jan 9 13:58 make_exports.awk -rw-r--r-- 1 root root 1023 Jan 9 13:58 make_var_export.awk -rwxr-xr-x 1 root root980 Jan 9 13:58 mkdir.sh /usr/local/apr/include: total 4 drwxr-xr-x 2 root root 4096 Jan 9 14:01 apr-1 /usr/local/apr/include/apr-1: total 700 -rw-r--r-- 1 root root 5334 Jan 9 13:58 apr_allocator.h -rw-r--r-- 1
Re: Using the balancer app to redirect. Well, trying to... - SOLVED
Hassan Schroeder wrote: On 1/9/07, Jeremy [EMAIL PROTECTED] wrote: I'm trying to set up a tomcat 5.0.28 instance (on Debian) to achieve redirecting accesses to site1.company.com through to newsite1.org, using the balancer app. rather than apache webserver and the AJP connectors. The easiest solution would of course be just to set up a DNS level redirect on all port-80 accesses by putting in an A-name record to point at newsite1.org, but the problem is that newsite1.org doesn't have a direct IP, and you can't put the alphanumeric address in the DNS. I'm afraid I don't understand how name-based virtual hosting is *not* the solution to your problem here. It doesn't matter if newsite1.org has an IP shared with other hosts or domains, so why is it not in DNS? Hi Hassan/Everyone Thanks for the comment. Obviously newsite1.org has an IP number associated with it (most likely shared), it's just that directly accessing it (as eg http://123.456.789.1) brings up an error page from the hosting server, which obviously matches on alphas. Also, the interface I have to use to modify the ANAME field will only accept IPs , not alphas (with good reason!) Anyway, problem SOLVED! For reference, what I had to do was physically copy the entire webapps definition directory into conf/Catalina, ratehr than just leaving it in tomcat_home/webapps. For some reason (I suspect to do with the priority order that Tomcat looks through the webapps directories) this apparently pointless reconfiguration allows the balancer instance to properly respond to the root call. So there it is: a somewhat cranky but possibly useful workaround to VH redirection without using AJP or apache. Hope it helps others out. Thanks for listening, chaps! Jeremy - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
robert lazarski [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On 1/9/07, Peter Crowther [EMAIL PROTECTED] wrote: From: robert lazarski [mailto:[EMAIL PROTECTED] http://alpha-web01.alphatheory.com/atdev/ The cert's issued to dpt.alphatheory.com; you're testing connections to alpha-web01.alphatheory.com. Any sensible browser will scream at that difference. If they didn't, crackers would be able to get a cert for www.somesillyname.com, install it on a spare server, poison the DNS for www.amazon.com and the browsers wouldn't scream as they were redirected. You will get errors from every browser with that cert unless/until they connect to https://dpt.alphatheory.com. - Peter Can I please ask for more assitence ? I'm getting a date error on this site in both IE6 and firefox 1.5 - 2.0 that I don't understand: https://dpt.alphatheory.com/ You have the expired intermediate cert for Verisign. As a result, the browser can't verify you because it thinks that the cert that signed yours has expired. You need to get the new one from Verisign and import that one instead. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can APR use verisign certs ?
On 1/9/07, Bill Barker [EMAIL PROTECTED] wrote: https://dpt.alphatheory.com/ You have the expired intermediate cert for Verisign. As a result, the browser can't verify you because it thinks that the cert that signed yours has expired. You need to get the new one from Verisign and import that one instead. I had two issues: one for an invalid date (that no one else saw) due to to a locale issue I think - interveting day and month - and another with the error The security certificate was issued by a company that is not trusted only on firefox 1.5 . Which issue are you referring to has expired intermediate cert ? The latter company that is not trusted is unacceptable to us and needs to be solved somehow. Thanks! Robert - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]