Re: Write custom valve?
- Original Message - From: "Doug Black" <[EMAIL PROTECTED]> To: Sent: Wednesday, July 25, 2007 9:58 PM Subject: Re: Write custom valve? Filip Hanik - Dev Lists hanik.com> writes: take the source code of the RemoteAddrValve and start there. Basically, in the valve is request.getPrincipal returns null, then redirect them to a URL that is protected by your web.xml and requires a login. remember to not trigger the valve on the "protected" urls Johnny Kewl kewlstuff.co.za> writes: Doug, I have never tried this, so as usual, I guessing here. I dont think you are going to come right with the standard valves, nor do I think you should try make a custom valve. Rather look at filters, they not much more difficult to make than a normal servlet, and you will find tons of stuff on the web, maybe the very thing you looking for. If you use netbeans, there is a standard project wizard that will get you going with a filter. The concept is interesting, and I'm thinking that you cant really protect the web pages with standard security, because if you do, I think that will kick in even before the filter gets a chance to look at it. Maybe other guys can think of another way, but I think that the pages will have to be protected by the filter, not by standard Web.xml configuration. So... luv this guessing stuff ;) I think you effectively have to make one web page as your realm log on page, only this page you protect with the standard realm web.xml stuff. The rest are unprotected. Then your filter logic is something like this If the IP or Host name is allowed let it through If its not allowed check the username because if the user is authenticated, there will be one if username let it through else if user name is null, redirect to logon page. Filters are a really nice things to learn, and I dont think its too difficult but I just wanted to warn you, that the filter will not be able to intercept realm security, rather it has to take over that function. So if the access is simple like if they can get into that login page, then they can go anywhere its easy, but if you have a site where some people can go some places and not others, then you going to find yourself rebuilding tomcats realm security roles... a lot of work... or doing something like setting a session variable that a pages has to check ie A,B and C users are allowed in here... ie if you need to filter pages on roles, the fun really starts. So think about it, because I think the devil is in the details, and in the end it may be easier to just make everyone log on. From a philosophical point of view... I dont think one should use ip filters to allow access... its not good security. So if you have a lazy boss that doesn't want to type in a password, and his IP must go thru, tell him he's a security risk, on the other hand if its a customer that wants that, with a big wallet... its probably ok;) I think everyone should log on, and that getting too far away from the standard security could get very tricky I think those valves are more intended to simply ban people that have become a pain in the behind, never to let the privileged through. Have fun From: "Doug Black" westrockvisions.com> > How can I best pass ips allowed by a valve to pass through to my > application > while forcing ips that are denied to log in through a realm? The only > possible > behavior I can detect of either RemoteAddrValve or RemoteHostValve is > to > force > requests through the IP or host filter and also through the user realm > for > the > context. Do I have to write a custom valve java class? How hard is this > for an > intermediate Java writer? Any tips on how to do this? > > I apologize that I submitted essentially the same question a couple > days > ago, > but I got no responses so I thought I'd try with a less verbose > phrasing. > > Thanks, Doug > > > - > To start a new topic, e-mail: users tomcat.apache.org > To unsubscribe, e-mail: users-unsubscribe tomcat.apache.org > For additional commands, e-mail: users-help tomcat.apache.org > > - To start a new topic, e-mail: users tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe tomcat.apache.org For additional commands, e-mail: users-help tomcat.apache.org Thanks Fillip and Johnny. First two follow up questions and then some description of my plans and responses to some of Johnny's philosophical points. If I understand both Fillip and Johnny correctly, 1) with the custom valve approach I'm going to need three contexts but 2) with the jsp filter approach I will need only one context but I can not use any Tomcat basic security checking on that context (with the caveat that I can have checking of known violators, spoofers, etc. at the context level if I don't already have it at the host engine or still higher le
Re: Something other than localhost on OS X
Thanks Hassan - just couldn't get it working - figure there must be some reason that 8080 isn't accessible - the firewall is off though in system preferences. I'm sure it is something extremely simple, but i got sick of trying to find out what it was, so I followed these instructions (roughly) and did what I said I wasn't going to do :) http://www.jboss.org/wiki/Wiki.jsp?page=UsingMod_jk1.2WithJBoss port 80 is no problem, so I can access everything as required. Still can't get to port 8080, but this config gets me where I want too be. cheers, Colin On 7/25/07, Hassan Schroeder <[EMAIL PROTECTED]> wrote: On 7/24/07, Colin H <[EMAIL PROTECTED]> wrote: > On OS X, hosts in the local subnet can be accessed as .local mmm, didn't know that, but... >So the scenario is that I have tomcat deployed and working on > host2 port 8080, and want to access it from host1. > http://hostname/' -- here's the exact entry from server.xml: If you can `ping host2` from host1, it should just work. FWIW, -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat with 8 GB memory
If you have a gigantic server with something like 8 GB of memory, what would be the best way to run Tomcat 6 on it? One instance, multiple instances, or divide it up into two or more virtualized servers each with one instance? Is Tomcat meant to run as one instance with that much memory, or is it optimized for a different amount of memory? I realize with the options I mentioned above there are implications regarding high-availability and performance, but I'm not sure exactly what they'd be. Perhaps someone with more knowledge of this kind of stuff could comment. Thanks. -- View this message in context: http://www.nabble.com/Tomcat-with-8-GB-memory-tf4149367.html#a11804198 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Comet example at Tomcat 6
Hi! I just run the chat example ,but ,it seems did not work ; the code seems can't reach the line begin(event, request, response) please help me fix that,thanks; john
RE: Tomcat5.0.28 character encodingg problem
thanks chris, our client doesn't want to upgrade to tomecat 5.5 - that's our problem. Aleksey From: Christopher Schultz [EMAIL PROTECTED] Sent: Wednesday, July 25, 2007 5:55 PM To: Tomcat Users List Subject: Re: Tomcat5.0.28 character encodingg problem -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aleksey, Aleksey Dayen wrote: > Right now we using TomCat 4.1 with JDK 1.1. Wow, really? I would think that JDK 1.2 would be the bare minimum for Tomcat 4.1. > Would our TomCat version work if we update to J2SDK 5.0 with Update 6? Maybe. IIRC, Tomcat 4.1 has issues with a 1.5 (5.0) JDK due to the XML parsers. You might want to search the archives for tomcat 4.1 and java 1.5. I would recommend that you upgrade to at least Tomcat 5.5 if you have the time to test (which you should, since you will be changing Java versions). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp8bL9CaO5/Lv0PARAkKkAKCEuH1E8mAuUi8G1pDwPXQi0lHeNgCgvad3 TKlhSKWK/YdDsq2RiZUe4Vc= =rbh3 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
kerberos,JAAS, and container managed security
Hi, I would like to use kerberos in conjunction with container managed security. I have configured a JAASRealm with Sun's kerberos LoginModule and a basic scenario works fine. I.e, if a user accesses a protected URL, he is challenged with a login screen. The user/password he enters is validated against the kerberos system correctly. We now have a requirement to honor kerberos password policies, for example the "mandatory-password-change" flag. When set, the user gets a valid ticket but all he can do is change his password. I tried doing this via my standard configuration and the kerberos LoginModule throws an exception indicating the user must change his password but the tomcat form authentication logic seems to treat this as an invalid login and just redirects the user to the error page with no way for the application to differentiate this situation. Is it possible to honor kerberos password policies using JAAS and container managed security? I have looked through the source and the answer appears no. JAASRealm seems to catch various exceptions (e.g. AccountExpiredException) but in the end just returns null to FormAuthenticator as the authenticate() signature does not allow any checked exceptions to be thrown and the FormAuthenticator implementation doesn't seem to anticipate any runtime exceptions from this method. I would much prefer to use container managed security for the usual reasons but also to get (clustered) SSO support. Does anyone see something I missed or have any ideas? Can I use the standard SSO valve with application managed security somehow? Seems doubtful. Thanks. Kireet <[EMAIL PROTECTED]>
Re: mod_jk error detection
One obvious thing that confuses me and could be changed is the "Advanced worker directives" table. It includes directives that are applicable to both load balancer workers and real workers and only distinguishes which directives are used for which worker when it is to be used for a load balancer worker. Does that mean the others are usable directives for both real workers and load balancer workers or just real workers or in some cases both. I believe I know the answer to that but it somewhat misleading. You are right, this needs a little forward before the table. At the moment we note "Only used for load balancer workers.", "Only used for a member worker of a load balancer." or "This attribute can be used for normal workers and for load balancer workers.". In fact we would need to mark, if an attribute is useful LB) for an lb worker N) for a non lb worker (normal worker, mostly synonymous with ajp13) M) for an lb member worker X) for a worker in the worker list (worker.list) An attribute might apply to some "or" combinations of LB) to M) and an optional "and" with X. I also think, that our "advanced" category is more historically motivated, so we should check, if some attributes should change their group. Have fun using mod_jk! Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5.0.28 character encodingg problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aleksey, Aleksey Dayen wrote: > Right now we using TomCat 4.1 with JDK 1.1. Wow, really? I would think that JDK 1.2 would be the bare minimum for Tomcat 4.1. > Would our TomCat version work if we update to J2SDK 5.0 with Update 6? Maybe. IIRC, Tomcat 4.1 has issues with a 1.5 (5.0) JDK due to the XML parsers. You might want to search the archives for tomcat 4.1 and java 1.5. I would recommend that you upgrade to at least Tomcat 5.5 if you have the time to test (which you should, since you will be changing Java versions). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp8bL9CaO5/Lv0PARAkKkAKCEuH1E8mAuUi8G1pDwPXQi0lHeNgCgvad3 TKlhSKWK/YdDsq2RiZUe4Vc= =rbh3 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat4.1
On 7/25/07, Aleksey Dayen <[EMAIL PROTECTED]> wrote: Right now we using TomCat 4.1 with JDK 1.1. Would our TomCat version work if we update to J2SDK 5.0 with Update 6? 1. Hijacking threads, especially without even removing the previous content, is rude. 2. Why ask about "Update 6" when that release is on Update 12? And a whole release behind, to boot? 3. How freakin' tough is it to *just try it*?? No matter what anyone on this list says, you're going to have to test. Personally I'd be a lot more concerned about apps breaking than Tomcat, but whatever -- /you/ have to do the testing. FWIW, -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk error detection
On Wed, 2007-07-25 at 22:40 +0200, Rainer Jung wrote: > Scott McClanahan wrote: > > Thanks, so much! I'd like to continue this thread a bit more because of > > helpful I think it will be for everyone using mod_jk. > > > >> That one, reply_timeout, is not really meant for high speed detection. > >> Usually you've got an ap, that every now and then needs 10 or 20 seconds > >> for an answer and you don't like to disable a worker automatically > >> because of those rare events. So normally one sets reply_timeout to 1, 2 > >> or 3 minutes. > > > > I don't understand what besides a timed out CPING/CPONG message would > > render a backend tomcat disabled, especially in a default config since > > reply_timeout is 0. > > Default config: no CPing/CPong. But: after some time the TCP stack will > give up, when there is a network problem, or the backend is no longer > listening. So this case will even be handled in a default config, but > depending on the exact network situation, the error detection might take > a long time. > > n case your backend simply eats your requests, but doesn't produce > answers, you will very fast eat up all connections and threads and the > whole system will hang - without configured timeouts. I see your point. I was thinking only within the context of mod_jk. Meaning what in mod_jk other than CPING/CPONG message failures would cause a worker to go into error state. You answered that. > > BTW: there is also a non-default config to make a worker fail on several > received HTTP status codes, "fail_on_status". > > >> We have to strongly make a difference between retries of a non-lb worker > >> and of a load balancer worker. A normal worker has a simple retry > >> procedure, independant of the fact, if it is used directly or as part of > >> an lb. If it detects an error it uses another pool connection and by > >> default tries once more. > > > > If that happens does the real worker officially change to an error state > > which would subsequently kick off the retry logic of the load balancer > > worker? > > Without an lb a worker does not have an error state. It will be > continuously reused. Only an lb uses error states and temporarily > disables a failed worker. Even an lb will continuously reuse a worker, > if there is no other worker to failover. I understand this bit now finally too. It was a really good idea to have the CPING/CPONG message timeout checks before individual requests get forwarded to avoid several different problem scenarios here. Good thinking. > > >> The maintenance uses a real request and handles it as if the backend > >> wouldn't have failed. If you enabled CPing/CPong this means, that it > >> would detect a still broken backend early and transparently send the > >> request to another member. Because no part of the request (the CPing > >> doesn't count) already has been send, the failover to another member > >> happens independently of recovery_options (i.e. even with > >> recovery_options 3). > > > > Is the request used to test the health of the backend tomcat whichever > > one comes first after a global maintenance run even if it has been > > previously serviced by another healthy tomcat? Is this request attempt > > to a once errant worker only to test its healthiness and not to actually > > have it fulfill the request? I would hope it is only to test the health > > of the backend tomcat and even if it is now willing to accept > > connections, the request goes to whatever tomcat has been previously and > > successfully responding to the session. > > No, the first new request accepted by the web server and mapped to the > lb will be used (at least if it is free to be routed to any worker. If > the request belongs to a session located on another backend and the > default config with sticky sessions is active, it will of course be send > to its correct backend). It is a real user request. If the backend > works, OK. If it doesn't accept the request, we can still send it to > some other worker. If the backend accepts the requests, but processing > fails, depending on recovery_options the user gets an error. Sounds great too. > > >> If you like to improve the page about load balancing or the timeouts > >> page, or you want to add some parts about retries and recovery: > >> contributions are welcome. > > > > After, we are done discussing I might have some recommendations. Again, > > you've been great. > > Thanks. At least we improve the knowledge inside the mailing list archive. One obvious thing that confuses me and could be changed is the "Advanced worker directives" table. It includes directives that are applicable to both load balancer workers and real workers and only distinguishes which directives are used for which worker when it is to be used for a load balancer worker. Does that mean the others are usable directives for both real workers and load balancer workers or just real workers or in some cases both.
RE: Tomcat5.0.28 character encodingg problem
Right now we using TomCat 4.1 with JDK 1.1.
Would our TomCat version work if we update to J2SDK 5.0 with Update 6?
Please help!!!
Many thanks
-Original Message-
From: Nathan Hook [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 25, 2007 4:55 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat5.0.28 character encodingg problem
I think my statement of "most browsers will ignore this value" might have
been a tad bit on the excessive side upon further reading and i was hoping
to have that read as don't only rely on using the meta tag.
>From my understanding there are broswers where they can set their own
content type no matter what comes down in the response. Even if the content
type is set in the header or with a meta tag. I'm not saying this is a good
thing. I'm just saying that I read this somewhere in passing when we were
trying to figure out how to character encoding. Some browsers just won't do
what you're ask them to.
However, setting the content type in both the header and in the meta tag
isn't a bad thing. It can only really help you. Its much like when you're
asking the client and all the intermediary servers not to cache any of your
pages.
Setting a few of the cache-control values should work, but its best to send
all the values you can to make sure that you're communicating to everyone
you can.
httpResponse.addHeader("Cache-Control", "no-chache, no-store,
must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0,
post-check=0, private");
Even in the case above. If a intermediary server wants to cache your
data... its going to cache your data.
I guess what I'm really trying to say is if there are many ways of telling a
browser how to handle something, implement everyone of those ways. Because
you aren't guaranteed that any specific was is going to work on all
browsers.
Warm Regards.
Original Message Follows
From: Christopher Schultz <[EMAIL PROTECTED]>
To: Tomcat Users List
Nathan,
Nathan Hook wrote:
> - Set the meta type in each and every jsp to be utf-8. Now, most
> browsers will ignore this value from my understanding, but it shouldn't
> hurt to add it.
Really? The HTTP header should override any META tag, but the META tag
should be used if, for some reason, there is no Content-Type header.
- -chris
_
http://im.live.com/messenger/im/home/?source=hmtextlinkjuly07
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat4.1
Right now we using TomCat 4.1 with JDK 1.1.
Would our TomCat version work if we update to J2SDK 5.0 with Update 6?
Please help!!!
Many thanks
-Original Message-
From: Nathan Hook [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 25, 2007 4:55 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat5.0.28 character encodingg problem
I think my statement of "most browsers will ignore this value" might have
been a tad bit on the excessive side upon further reading and i was hoping
to have that read as don't only rely on using the meta tag.
>From my understanding there are broswers where they can set their own
content type no matter what comes down in the response. Even if the content
type is set in the header or with a meta tag. I'm not saying this is a good
thing. I'm just saying that I read this somewhere in passing when we were
trying to figure out how to character encoding. Some browsers just won't do
what you're ask them to.
However, setting the content type in both the header and in the meta tag
isn't a bad thing. It can only really help you. Its much like when you're
asking the client and all the intermediary servers not to cache any of your
pages.
Setting a few of the cache-control values should work, but its best to send
all the values you can to make sure that you're communicating to everyone
you can.
httpResponse.addHeader("Cache-Control", "no-chache, no-store,
must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0,
post-check=0, private");
Even in the case above. If a intermediary server wants to cache your
data... its going to cache your data.
I guess what I'm really trying to say is if there are many ways of telling a
browser how to handle something, implement everyone of those ways. Because
you aren't guaranteed that any specific was is going to work on all
browsers.
Warm Regards.
Original Message Follows
From: Christopher Schultz <[EMAIL PROTECTED]>
To: Tomcat Users List
Nathan,
Nathan Hook wrote:
> - Set the meta type in each and every jsp to be utf-8. Now, most
> browsers will ignore this value from my understanding, but it shouldn't
> hurt to add it.
Really? The HTTP header should override any META tag, but the META tag
should be used if, for some reason, there is no Content-Type header.
- -chris
_
http://im.live.com/messenger/im/home/?source=hmtextlinkjuly07
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5.0.28 character encodingg problem
I think my statement of "most browsers will ignore this value" might have
been a tad bit on the excessive side upon further reading and i was hoping
to have that read as don't only rely on using the meta tag.
From my understanding there are broswers where they can set their own
content type no matter what comes down in the response. Even if the content
type is set in the header or with a meta tag. I'm not saying this is a good
thing. I'm just saying that I read this somewhere in passing when we were
trying to figure out how to character encoding. Some browsers just won't do
what you're ask them to.
However, setting the content type in both the header and in the meta tag
isn't a bad thing. It can only really help you. Its much like when you're
asking the client and all the intermediary servers not to cache any of your
pages.
Setting a few of the cache-control values should work, but its best to send
all the values you can to make sure that you're communicating to everyone
you can.
httpResponse.addHeader("Cache-Control", "no-chache, no-store,
must-revalidate, max-age=0, proxy-revalidate, no-transform, pre-check=0,
post-check=0, private");
Even in the case above. If a intermediary server wants to cache your
data... its going to cache your data.
I guess what I'm really trying to say is if there are many ways of telling a
browser how to handle something, implement everyone of those ways. Because
you aren't guaranteed that any specific was is going to work on all
browsers.
Warm Regards.
Original Message Follows
From: Christopher Schultz <[EMAIL PROTECTED]>
To: Tomcat Users List
Nathan,
Nathan Hook wrote:
> - Set the meta type in each and every jsp to be utf-8. Now, most
> browsers will ignore this value from my understanding, but it shouldn't
> hurt to add it.
Really? The HTTP header should override any META tag, but the META tag
should be used if, for some reason, there is no Content-Type header.
- -chris
_
http://im.live.com/messenger/im/home/?source=hmtextlinkjuly07
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk error detection
Scott McClanahan wrote: Thanks, so much! I'd like to continue this thread a bit more because of helpful I think it will be for everyone using mod_jk. That one, reply_timeout, is not really meant for high speed detection. Usually you've got an ap, that every now and then needs 10 or 20 seconds for an answer and you don't like to disable a worker automatically because of those rare events. So normally one sets reply_timeout to 1, 2 or 3 minutes. I don't understand what besides a timed out CPING/CPONG message would render a backend tomcat disabled, especially in a default config since reply_timeout is 0. Default config: no CPing/CPong. But: after some time the TCP stack will give up, when there is a network problem, or the backend is no longer listening. So this case will even be handled in a default config, but depending on the exact network situation, the error detection might take a long time. n case your backend simply eats your requests, but doesn't produce answers, you will very fast eat up all connections and threads and the whole system will hang - without configured timeouts. BTW: there is also a non-default config to make a worker fail on several received HTTP status codes, "fail_on_status". We have to strongly make a difference between retries of a non-lb worker and of a load balancer worker. A normal worker has a simple retry procedure, independant of the fact, if it is used directly or as part of an lb. If it detects an error it uses another pool connection and by default tries once more. If that happens does the real worker officially change to an error state which would subsequently kick off the retry logic of the load balancer worker? Without an lb a worker does not have an error state. It will be continuously reused. Only an lb uses error states and temporarily disables a failed worker. Even an lb will continuously reuse a worker, if there is no other worker to failover. The maintenance uses a real request and handles it as if the backend wouldn't have failed. If you enabled CPing/CPong this means, that it would detect a still broken backend early and transparently send the request to another member. Because no part of the request (the CPing doesn't count) already has been send, the failover to another member happens independently of recovery_options (i.e. even with recovery_options 3). Is the request used to test the health of the backend tomcat whichever one comes first after a global maintenance run even if it has been previously serviced by another healthy tomcat? Is this request attempt to a once errant worker only to test its healthiness and not to actually have it fulfill the request? I would hope it is only to test the health of the backend tomcat and even if it is now willing to accept connections, the request goes to whatever tomcat has been previously and successfully responding to the session. No, the first new request accepted by the web server and mapped to the lb will be used (at least if it is free to be routed to any worker. If the request belongs to a session located on another backend and the default config with sticky sessions is active, it will of course be send to its correct backend). It is a real user request. If the backend works, OK. If it doesn't accept the request, we can still send it to some other worker. If the backend accepts the requests, but processing fails, depending on recovery_options the user gets an error. If you like to improve the page about load balancing or the timeouts page, or you want to add some parts about retries and recovery: contributions are welcome. After, we are done discussing I might have some recommendations. Again, you've been great. Thanks. At least we improve the knowledge inside the mailing list archive. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logging all data sent to client
One other note: since you were using a compression filter as an example, I can see why they didn't do the whole "writer" thing. A compressed stream cannot use a Writer since the output must be binary. A writer primarily handles line-ending conversion which would break any compression output generated. Ah I hadnt thought of that :) Yep it works ands not ment for production as the logging will have a massive overhead. On 7/25/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben, ben short wrote: > I ripped and altered the code of the Compression Filter servlet > example from tomcat 5.5.23. One other note: since you were using a compression filter as an example, I can see why they didn't do the whole "writer" thing. A compressed stream cannot use a Writer since the output must be binary. A writer primarily handles line-ending conversion which would break any compression output generated. Since you are not bound by the requirement that an OutputStream be used, I would recommend handling the Writer separately. But, hey, if it works, it works, right? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp7L/9CaO5/Lv0PARAsWZAJ42RaxekZB/uH8iCHoJu0aPclnpwgCeLHXl /DG3WHjOB4Z8Kb1AXifKLqE= =VpkL -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logging all data sent to client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben, ben short wrote: > I ripped and altered the code of the Compression Filter servlet > example from tomcat 5.5.23. One other note: since you were using a compression filter as an example, I can see why they didn't do the whole "writer" thing. A compressed stream cannot use a Writer since the output must be binary. A writer primarily handles line-ending conversion which would break any compression output generated. Since you are not bound by the requirement that an OutputStream be used, I would recommend handling the Writer separately. But, hey, if it works, it works, right? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp7L/9CaO5/Lv0PARAsWZAJ42RaxekZB/uH8iCHoJu0aPclnpwgCeLHXl /DG3WHjOB4Z8Kb1AXifKLqE= =VpkL -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: debug
On Wed, 2007-07-25 at 22:19 +0200, Rainer Jung wrote:
> Hi Scott,
>
> your post subject is a little generic :)
>
> The code shows, that the various realm classes only log additional
> things for the following debug values:
>
> DataSourceRealm.java: debug >= 2
>
> JAASMemoryLoginModule.java: debug>0
>
> JDBCRealm.java: debug >= 2
>
> JNDIRealm.java: debug 1, 2, 3, 4
>
> UserDatabaseRealm.java: debug >= 2
>
> For the JNDIRalm possible log statements (without the surrounding
> context) are (no guarantees):
>
> debug >= 1
>
> "Closing directory context"
>
> "Connecting to URL " + connectionURL
>
> "Connecting to URL " + alternateURL
>
> debug >= 2
>
> "lookupUser(" + username + ")"
>
> sm.getString("jndiRealm.authenticateSuccess",
> user.username)
> sm.getString("jndiRealm.authenticateFailure",
> user.username)
>
> " getRoles(" + dn + ")"
>
> " Returning " + list.size() + " roles"
> " Found role " + list.get(i)
> " getRoles about to return null "
>
> debug >= 3
>
> " dn=" + dn
>
> " username not found"
>
> " entry found for " + username + " with dn " + dn
>
> " validating credentials"
>
> " validating credentials by binding as the user"
>
> " binding as " + dn
>
> " bind attempt failed"
>
> " Searching role base '" + roleBase + "' for attribute '" +
> roleName + "'"
> " With filter expression '" + filter + "'"
>
> " retrieving attribute " + attrId
>
> " retrieving values for attribute " + attrId
>
>
> debug > 3
>
> " Searching for " + username
> " base: " + userBase + " filter: " + filter
>
> HTH. TC 5.0 now is only under security maintenance. No real chance to
> get the logging in better shape. If you want to have a look at the
> class, it is
>
> container/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
>
> in a download, resp.
>
> http://svn.apache.org/repos/asf/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
>
> in the subversion code repository.
>
> Regards,
>
> Rainer
>
> Scott McClanahan wrote:
> > I've inherited a tomcat 5.0.28 server setup to use ldap as an
> > authentication realm. In the server.xml I see this:
> >
> > >
> > What are valid values for debug within a realm? Currently a massive
> > amount of ldap lookup and connection details are being logged and I
> > don't think it is necessary. Thanks.
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
Thanks. You're the man! I'll remember your advice about the subject
line in the future.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logging all data sent to client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ben, ben short wrote: > I ripped and altered the code of the Compression Filter servlet > example from tomcat 5.5.23. Okay. I haven't seen that example; I was just commenting on your post. > There is no LoggingServletWriter, if you look in the original > getWriter method the ServletOutputStream is wrapped by a PrintWriter. Right. I was suggesting that you use whatever super.getWriter gives you, instead of avoiding the upstream code. > So your proposed change of the getWriter method to the following would > result in the ServletOutputStream not being used if the client of the > LoggingHttpServletResponse called the getWriter method and thus no > logging of the response. Well... if you wrap both (separately) the ServletOutputStream and Writer, then you will get your logging. > So saying that the finishResponse method change is not valid also. As > the writer flush method should be called if a writer was created, > which in turn will call the stream it has wrapped flush method. Flushing should occur regardless of whether the user used a stream or a writer. But, it's not up to you to call flush()... it's up to the servlet code to do that. The code you posted (granted, as an adaptation of an example found online) was less of a wrapper and more of a blocker. It replaced functionality supplied in the superclass instead of filtering it. I would have the same criticism of the example. Perhaps I'll post what I believe to be a superior example and see if the documentation powers-that-be agree. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp7H99CaO5/Lv0PARAmMoAJ9YgQVQc9oYXY/8WPSKdVmy4RXcrgCgluj7 2ShArNw0TujAheDYN4IVUzw= =J3px -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk error detection
Thanks, so much! I'd like to continue this thread a bit more because of helpful I think it will be for everyone using mod_jk. On Wed, 2007-07-25 at 22:00 +0200, Rainer Jung wrote: > Hi Scott, > > > I thoroughly enjoyed the updated docs. It is just what I needed. I > > just want to mention a few inferences I have now from reading it. > > Thanks. > > > In a load balanced setup using connect_timeout and prepost_timeout, this > > will protect me from sending either newly established connections (rare > > event due to persistence) as well as each and every individual request > > from being sent to a failed tomcat node based on CPING/CPONG messages. > > These messages only detect whether or not the container (I'm using > > tomcat) is healthy enough to respond to such a message but not > > necessarily anything more, correct? Basically, its ajp listener is > > responsive. Plus, if I need more high speed error detection I can use > > That's correct. > > > reply_timeout. Sound correct? > > That one, reply_timeout, is not really meant for high speed detection. > Usually you've got an ap, that every now and then needs 10 or 20 seconds > for an answer and you don't like to disable a worker automatically > because of those rare events. So normally one sets reply_timeout to 1, 2 > or 3 minutes. I don't understand what besides a timed out CPING/CPONG message would render a backend tomcat disabled, especially in a default config since reply_timeout is 0. > > Now with the new max_reply_timeouts one can experiment with lower > values. It's new, so not enough experience for good suggestions. > > > I get confused on the recovery_options section. How does it work in a > > load balanced environment? If tomcat receives a request and processes > > some of it followed by a catastrophic failure before completing the > > response, what exactly does a repeated request from the client do? > > Assuming recovery_options is set to 0. > > Value "0" means, if you don't get any part of the answer and an error > occurs (network, reply_timeout, ...) then send the same request again to > another member of the load balancer (if a working member is remaining). > > That's why you usualy really want to not use value "0" in case your app > has data changing use cases. Most apps have. > > If you use REST principles and HEAD and GET is always idempotent for > your app, the new (version 1.2.24) bits 8 and 16 are your friend! > > > Also, I get confused with the section describing the retries directive. > > In a load balanced environment, would the connector retry no matter the > > state (tcp state here) of the connection whether it be established > > already? Would it retry against the same backend tomcat server? The > > reason I ask is because the docs say "If the load balancer can not get a > > free connection for a member worker from the pool, it will try again a > > number of times given by retries." I highlighted the words that confuse > > me. > > We have to strongly make a difference between retries of a non-lb worker > and of a load balancer worker. A normal worker has a simple retry > procedure, independant of the fact, if it is used directly or as part of > an lb. If it detects an error it uses another pool connection and by > default tries once more. If that happens does the real worker officially change to an error state which would subsequently kick off the retry logic of the load balancer worker? > > An lb has another idea of retries. It uses retries if all connections to > a backend are busy. For Apache with default config, this should never > happen, because we allow as many connections as threads per process. So > any request should be able to get a connection without waiting (maybe it > needs to start a new one). For the other web servers we don't have a > good way to detect the "correct" pool size. In some cases even for > Apache it might be interesting to use a smaler pool size, in case the > backend is only used occasionally and/or you want to prevent it from > getting flodded in case of congestion. Then you might run out of > available connections and requests will have to wait. LB retries > configure this waiting. > > > Every 60 seconds would we expect the connector to attempt to send a > > valid request to a backend tomcat and fail or once a worker goes into > > error state do we only check with CPING/CPONG requests during the > > maintenance cycle? > > The maintenance uses a real request and handles it as if the backend > wouldn't have failed. If you enabled CPing/CPong this means, that it > would detect a still broken backend early and transparently send the > request to another member. Because no part of the request (the CPing > doesn't count) already has been send, the failover to another member > happens independently of recovery_options (i.e. even with > recovery_options 3). Is the request used to test the health of the backend tomcat whichever one comes first after
Re: Logging all data sent to client
Hi Christopher,
I ripped and altered the code of the Compression Filter servlet
example from tomcat 5.5.23.
There is no LoggingServletWriter, if you look in the original
getWriter method the ServletOutputStream is wrapped by a PrintWriter.
So your proposed change of the getWriter method to the following would
result in the ServletOutputStream not being used if the client of the
LoggingHttpServletResponse called the getWriter method and thus no
logging of the response.
public PrintWriter getWriter() throws IOException
{
if(null == mWriter)
mWriter = new LoggingServletWriter(super.getWriter());
return mWriter;
}
So saying that the finishResponse method change is not valid also. As
the writer flush method should be called if a writer was created,
which in turn will call the stream it has wrapped flush method.
I agree that the check to see if the logger is enabled in the close
method is not needed, and well spotted about the NPE.
Regards
Ben
On 7/25/07, Christopher Schultz <[EMAIL PROTECTED]> wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ben,
I might change your LoggingHttpServletResponse slightly. I think it's
more complicated than necessary.
ben short wrote:
> LoggingHttpServletResponse.java
>
> class LoggingHttpServletResponse extends HttpServletResponseWrapper
>{
>private Logger mLogger =
> Logger.getLogger(LoggingHttpServletResponse.class);
>
>public LoggingHttpServletResponse(HttpServletResponse
> httpServletResponse)
>{
>super(httpServletResponse);
>mWrappedResponse = httpServletResponse;
// I would remove the mWrappedResponse. You can always call
super.getResponse to get the wrapped response.
>}
[snip]
>// - Public
> Methods
>
>/**
> * Create and return a ServletOutputStream to write the content
> * associated with this Response.
> *
> * @throws IOException if an input/output error occurs
> */
>public ServletOutputStream createOutputStream() throws IOException
>{
>mLogger.debug("Creating new LoggingOutputStream");
>
>return new LoggingServletOutputStream(mWrappedResponse, mLogger);
>}
Is this method useful? The constructor for LSOS ought to be enough.
>/**
> * Finish a response.
> */
>public void finishResponse()
>{
>try
>{
>if (mWriter != null)
>{
>mWriter.close();
>}
>else
>{
>if (mStream != null)
>mStream.close();
>}
>}
>catch (IOException e)
>{
>}
>}
Same here. You should not need a finishResponse method. You ought to
allow the 'close' method to do its job. Remove this method.
>/**
> * Flush the buffer and commit this response.
> *
> * @throws IOException if an input/output error occurs
> */
>public void flushBuffer() throws IOException
>{
>mStream.flush();
>}
How about:
public void flushBuffer()
throws IOException
{
if(null != mStream)
mStream.flush();
else if(null != mWriter)
mWriter.flush();
}
>public ServletOutputStream getOutputStream() throws IOException
>{
>if (mWriter != null)
>throw new IllegalStateException("getWriter() has already
> been called for this response");
>
>if (mStream == null)
>mStream = createOutputStream();
>
>mLogger.debug("mStream is set to " + mStream + " in
> getOutputStream");
>
>return (mStream);
>}
This method should be:
public ServletOutputStream getOutputStream()
{
if(null == mStream)
mStream = new LoggingServletOutputStream(super.getOutputStream));
return mStream;
}
>public PrintWriter getWriter() throws IOException
>{
>if (mWriter != null)
>return (mWriter);
>
>if (mStream != null)
>throw new IllegalStateException("getOutputStream() has
> already been called for this response");
>
>mStream = createOutputStream();
>
>mLogger.debug("mStream is set to " + mStream + " in
> getOutputStream");
>
>// HttpServletResponse.getCharacterEncoding() shouldn't return null
>// according the spec, so feel free to remove that "if"
>mWriter = new PrintWriter(mStream);
>
>return (mWriter);
>}
>}
Similarly:
public PrintWriter getWriter()
throws IOException
{
if(null == mWriter)
mWriter = new LoggingServletWriter(super.getWriter());
return mWriter;
}
> LoggingServletOutputStream.java
>
> class LoggingServletOutputStream extends ServletOutputStream
>{
>private Logger mLogger;
>private HttpServletResponse mResponse;
The response is not necessary. Remove this.
>private OutputStream mOutputStream;
>private ByteArrayOutputStream mBy
Re: Images in ROOT/images are not found
David, I relookedat the webapps directory and I was mistaken. There is a images directory. I removed it and everything is now working. Thanks for getting me pointed in the write direction. Ed On Jul 25, 2007, at 3:01 PM, David Smith wrote: Do you happen to have a webapp named images? If so, that's probably receiving your request instead. --David Edward Mckee wrote: When I try to load images in ROOT/images I get a "requested resource (/images/submit.jpg) is not available." error If I move this image to ROOT/image it works. The the file is in the images directory webapps directory is webapps/ ROOT/images/submit.jpg The file is in the images and image directory. ROOT/images/submit.jpg ROOT/image/submit.jpg (Does Not Works) http://76.79.2.227:8080/images/submit.jpg (Works) http://76.79.2.227:8080/image/submit.jpg I've verified that the images file works in other application directories. i.e. http://76.79.2.227:8080/admin/images/submit.jpg. I looked in the web.xml files to see if there was any mapping related to /images but couldn't find anything. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: debug
Hi Scott,
your post subject is a little generic :)
The code shows, that the various realm classes only log additional
things for the following debug values:
DataSourceRealm.java: debug >= 2
JAASMemoryLoginModule.java: debug>0
JDBCRealm.java: debug >= 2
JNDIRealm.java: debug 1, 2, 3, 4
UserDatabaseRealm.java: debug >= 2
For the JNDIRalm possible log statements (without the surrounding
context) are (no guarantees):
debug >= 1
"Closing directory context"
"Connecting to URL " + connectionURL
"Connecting to URL " + alternateURL
debug >= 2
"lookupUser(" + username + ")"
sm.getString("jndiRealm.authenticateSuccess",
user.username)
sm.getString("jndiRealm.authenticateFailure",
user.username)
" getRoles(" + dn + ")"
" Returning " + list.size() + " roles"
" Found role " + list.get(i)
" getRoles about to return null "
debug >= 3
" dn=" + dn
" username not found"
" entry found for " + username + " with dn " + dn
" validating credentials"
" validating credentials by binding as the user"
" binding as " + dn
" bind attempt failed"
" Searching role base '" + roleBase + "' for attribute '" +
roleName + "'"
" With filter expression '" + filter + "'"
" retrieving attribute " + attrId
" retrieving values for attribute " + attrId
debug > 3
" Searching for " + username
" base: " + userBase + " filter: " + filter
HTH. TC 5.0 now is only under security maintenance. No real chance to
get the logging in better shape. If you want to have a look at the
class, it is
container/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
in a download, resp.
http://svn.apache.org/repos/asf/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java
in the subversion code repository.
Regards,
Rainer
Scott McClanahan wrote:
I've inherited a tomcat 5.0.28 server setup to use ldap as an
authentication realm. In the server.xml I see this:
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Images in ROOT/images are not found
That's a good idea but it doesn't look like it. Here are all of my images directories under tomcat. ./server/webapps/host-manager/images ./server/webapps/manager/images ./webapps/admin/images ./webapps/balancer/images ./webapps/jsp-examples/images ./webapps/ROOT/archived/images ./webapps/ROOT/images ./webapps/servlets-examples/images ./webapps/team/images ./webapps/tomcat-docs/appdev/sample/web/images ./webapps/tomcat-docs/images On Jul 25, 2007, at 3:01 PM, David Smith wrote: Do you happen to have a webapp named images? If so, that's probably receiving your request instead. --David Edward Mckee wrote: When I try to load images in ROOT/images I get a "requested resource (/images/submit.jpg) is not available." error If I move this image to ROOT/image it works. The the file is in the images directory webapps directory is webapps/ ROOT/images/submit.jpg The file is in the images and image directory. ROOT/images/submit.jpg ROOT/image/submit.jpg (Does Not Works) http://76.79.2.227:8080/images/submit.jpg (Works) http://76.79.2.227:8080/image/submit.jpg I've verified that the images file works in other application directories. i.e. http://76.79.2.227:8080/admin/images/submit.jpg. I looked in the web.xml files to see if there was any mapping related to /images but couldn't find anything. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Images in ROOT/images are not found
Do you happen to have a webapp named images? If so, that's probably receiving your request instead. --David Edward Mckee wrote: When I try to load images in ROOT/images I get a "requested resource (/images/submit.jpg) is not available." error If I move this image to ROOT/image it works. The the file is in the images directory webapps directory is webapps/ ROOT/images/submit.jpg The file is in the images and image directory. ROOT/images/submit.jpg ROOT/image/submit.jpg (Does Not Works) http://76.79.2.227:8080/images/submit.jpg (Works) http://76.79.2.227:8080/image/submit.jpg I've verified that the images file works in other application directories. i.e. http://76.79.2.227:8080/admin/images/submit.jpg. I looked in the web.xml files to see if there was any mapping related to /images but couldn't find anything. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk error detection
Hi Scott, I thoroughly enjoyed the updated docs. It is just what I needed. I just want to mention a few inferences I have now from reading it. Thanks. In a load balanced setup using connect_timeout and prepost_timeout, this will protect me from sending either newly established connections (rare event due to persistence) as well as each and every individual request from being sent to a failed tomcat node based on CPING/CPONG messages. These messages only detect whether or not the container (I'm using tomcat) is healthy enough to respond to such a message but not necessarily anything more, correct? Basically, its ajp listener is responsive. Plus, if I need more high speed error detection I can use That's correct. reply_timeout. Sound correct? That one, reply_timeout, is not really meant for high speed detection. Usually you've got an ap, that every now and then needs 10 or 20 seconds for an answer and you don't like to disable a worker automatically because of those rare events. So normally one sets reply_timeout to 1, 2 or 3 minutes. Now with the new max_reply_timeouts one can experiment with lower values. It's new, so not enough experience for good suggestions. I get confused on the recovery_options section. How does it work in a load balanced environment? If tomcat receives a request and processes some of it followed by a catastrophic failure before completing the response, what exactly does a repeated request from the client do? Assuming recovery_options is set to 0. Value "0" means, if you don't get any part of the answer and an error occurs (network, reply_timeout, ...) then send the same request again to another member of the load balancer (if a working member is remaining). That's why you usualy really want to not use value "0" in case your app has data changing use cases. Most apps have. If you use REST principles and HEAD and GET is always idempotent for your app, the new (version 1.2.24) bits 8 and 16 are your friend! Also, I get confused with the section describing the retries directive. In a load balanced environment, would the connector retry no matter the state (tcp state here) of the connection whether it be established already? Would it retry against the same backend tomcat server? The reason I ask is because the docs say "If the load balancer can not get a free connection for a member worker from the pool, it will try again a number of times given by retries." I highlighted the words that confuse me. We have to strongly make a difference between retries of a non-lb worker and of a load balancer worker. A normal worker has a simple retry procedure, independant of the fact, if it is used directly or as part of an lb. If it detects an error it uses another pool connection and by default tries once more. An lb has another idea of retries. It uses retries if all connections to a backend are busy. For Apache with default config, this should never happen, because we allow as many connections as threads per process. So any request should be able to get a connection without waiting (maybe it needs to start a new one). For the other web servers we don't have a good way to detect the "correct" pool size. In some cases even for Apache it might be interesting to use a smaler pool size, in case the backend is only used occasionally and/or you want to prevent it from getting flodded in case of congestion. Then you might run out of available connections and requests will have to wait. LB retries configure this waiting. Every 60 seconds would we expect the connector to attempt to send a valid request to a backend tomcat and fail or once a worker goes into error state do we only check with CPING/CPONG requests during the maintenance cycle? The maintenance uses a real request and handles it as if the backend wouldn't have failed. If you enabled CPing/CPong this means, that it would detect a still broken backend early and transparently send the request to another member. Because no part of the request (the CPing doesn't count) already has been send, the failover to another member happens independently of recovery_options (i.e. even with recovery_options 3). If you like to improve the page about load balancing or the timeouts page, or you want to add some parts about retries and recovery: contributions are welcome. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write custom valve?
Filip Hanik - Dev Lists hanik.com> writes: > take the source code of the RemoteAddrValve and start there. > Basically, in the valve is request.getPrincipal returns null, then > redirect them to a URL that is protected by your web.xml and requires a > login. > > remember to not trigger the valve on the "protected" urls Johnny Kewl kewlstuff.co.za> writes: > > Doug, I have never tried this, so as usual, I guessing here. > > I dont think you are going to come right with the standard valves, nor do I > think you should try make a custom valve. > Rather look at filters, they not much more difficult to make than a normal > servlet, and you will find tons of stuff on the web, maybe the very thing > you looking for. > If you use netbeans, there is a standard project wizard that will get you > going with a filter. > > The concept is interesting, and I'm thinking that you cant really protect > the web pages with standard security, because if you do, I think that will > kick in even before the filter gets a chance to look at it. Maybe other guys > can think of another way, but I think that the pages will have to be > protected by the filter, not by standard Web.xml configuration. > > So... luv this guessing stuff ;) I think you effectively have to make > one web page as your realm log on page, only this page you protect with the > standard realm web.xml stuff. The rest are unprotected. Then your filter > logic is something like this > > If the IP or Host name is allowed let it through > If its not allowed check the username because if the user is > authenticated, there will be one if username let it through else if > user name is null, redirect to logon page. > > Filters are a really nice things to learn, and I dont think its too > difficult but I just wanted to warn you, that the filter will not be > able to intercept realm security, rather it has to take over that function. > So if the access is simple like if they can get into that login page, > then they can go anywhere its easy, but if you have a site where some > people can go some places and not others, then you going to find yourself > rebuilding tomcats realm security roles... a lot of work... or doing > something like setting a session variable that a pages has to check ie > A,B and C users are allowed in here... ie if you need to filter pages on > roles, the fun really starts. > > So think about it, because I think the devil is in the details, and in the > end it may be easier to just make everyone log on. > > From a philosophical point of view... I dont think one should use ip filters > to allow access... its not good security. So if you have a lazy boss that > doesn't want to type in a password, and his IP must go thru, tell him he's a > security risk, on the other hand if its a customer that wants that, with a > big wallet... its probably ok;) > I think everyone should log on, and that getting too far away from the > standard security could get very tricky I think those valves are more > intended to simply ban people that have become a pain in the behind, never > to let the privileged through. > > Have fun > > From: "Doug Black" westrockvisions.com> > > > How can I best pass ips allowed by a valve to pass through to my > > application > > while forcing ips that are denied to log in through a realm? The only > > possible > > behavior I can detect of either RemoteAddrValve or RemoteHostValve is to > > force > > requests through the IP or host filter and also through the user realm for > > the > > context. Do I have to write a custom valve java class? How hard is this > > for an > > intermediate Java writer? Any tips on how to do this? > > > > I apologize that I submitted essentially the same question a couple days > > ago, > > but I got no responses so I thought I'd try with a less verbose phrasing. > > > > Thanks, Doug > > > > > > - > > To start a new topic, e-mail: users tomcat.apache.org > > To unsubscribe, e-mail: users-unsubscribe tomcat.apache.org > > For additional commands, e-mail: users-help tomcat.apache.org > > > > > > - > To start a new topic, e-mail: users tomcat.apache.org > To unsubscribe, e-mail: users-unsubscribe tomcat.apache.org > For additional commands, e-mail: users-help tomcat.apache.org > > Thanks Fillip and Johnny. First two follow up questions and then some description of my plans and responses to some of Johnny's philosophical points. If I understand both Fillip and Johnny correctly, 1) with the custom valve approach I'm going to need three contexts but 2) with the jsp filter approach I will need only one context but I can not use any Tomcat basic security checking on that context (with the caveat that I can have checking of known violators, spoofers, etc. at the context level if I don't already have it at the host e
debug
I've inherited a tomcat 5.0.28 server setup to use ldap as an authentication realm. In the server.xml I see this:
Re: Tomcat5.0.28 character encodingg problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nathan, Nathan Hook wrote: > - Set the meta type in each and every jsp to be utf-8. Now, most > browsers will ignore this value from my understanding, but it shouldn't > hurt to add it. Really? The HTTP header should override any META tag, but the META tag should be used if, for some reason, there is no Content-Type header. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp6l89CaO5/Lv0PARAlEoAJ9Zmnrjir6nE7ikDJWKYcVXdSlbPgCfauaV 9yDlECmoja1DIz1Pkgsc+kY= =lJh4 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Images in ROOT/images are not found
When I try to load images in ROOT/images I get a "requested resource (/images/submit.jpg) is not available." error If I move this image to ROOT/image it works. The the file is in the images directory webapps directory is webapps/ ROOT/images/submit.jpg The file is in the images and image directory. ROOT/images/submit.jpg ROOT/image/submit.jpg (Does Not Works) http://76.79.2.227:8080/images/submit.jpg (Works) http://76.79.2.227:8080/image/submit.jpg I've verified that the images file works in other application directories. i.e. http://76.79.2.227:8080/admin/images/submit.jpg. I looked in the web.xml files to see if there was any mapping related to /images but couldn't find anything.
Re: Performance problem on HTTP PUT of large binary data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: >> From: Christopher Schultz [mailto:[EMAIL PROTECTED] >> Subject: Re: Performance problem on HTTP PUT of large binary data >> >> - From java.io.InputStream javadoc: >> "Reads some number of bytes from the input stream and stores >> them into the buffer array b. The number of bytes actually >> read is returned as an integer. This method blocks until >> input data is available, end of file is detected, or an >> exception is thrown." >> >> To me, that's a little vague. > > That's because InputStream is an abstract class; the actual behavior is > dependent on whatever concrete class is instantiated behind the method > definition. Of course. What I was trying to point out was that simply using a 32k byte array doesn't mean that each call to InputStream.read(byte[]) would return a full buffer. ServletOutputStream doesn't add anything to the Java API's documentation, so you can make no further assumptions. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFGp6gm9CaO5/Lv0PARAhi2AJ0Y0aMAt/mkVHc8GNaneq0CY9g5YwCYoQTJ 0u19McjqofHkq/s24T+2bQ== =FFF9 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat5.0.28 character encodingg problem
I want to thank Chris, Tim, and Nathan for your advice. I will try the
suggestions and use it to come up with a solution hopefully.
Thanks again.
Joe
-Original Message-
From: Nathan Hook [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 25, 2007 2:13 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat5.0.28 character encodingg problem
Both Chris and Tim are giving great advice. We're actually just trying
to
internationalize our application for our next major release.
Here are the things we've learned.
- You have to change the URIEncoding on your Tomcat Connector in your
server.xml (as Tim pointed out).
We are using mod_jk and had to change our entry in the server.xml to the
following:
- On every request that comes into your tomcat server you have to check
the
character encoding of your request and your response BEFORE any work is
actually done.
So like Chris mentioned you want to look up a character encoding filter.
I
would recommend placing that as the very first filter that gets called
in
your application. To do make this filter first in the filter chain is
simple. When adding your filter to your applications web.xml file, make
sure is the first one listed in the filter mappings section.
Here is the Filter we are currently using for testing.
public class ContentTypeFilter implements Filter {
public void init(FilterConfig config) {}
public void destroy() {}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException
{
// I've seen some other classes that check to see if the character
encoding is null and then set
// the character encoding to utf-8. I'm not sure which is best at
this
time. My guess is doing
// the null checks because from my understanding the client can
change
the page encoding on
// each and every request even though the server sets the page up
to be
utf-8.
request = (HttpServletRequest)request;
request.setCharacterEncoding("UTF-8");
// Make sure to set the character encoding on the response early
because once something is
// sent back to the client (like a jsp), then the character
encoding is
already set to the default
// of the server.
response.setCharacterEncoding("UTF-8");
// Set the content type in the header of the response.
response.setContentType("text/html;charset=UTF-8");
filterChain.doFilter(request, response);
}
}
- Set the meta type in each and every jsp to be utf-8. Now, most
browsers
will ignore this value from my understanding, but it shouldn't hurt to
add
it.
test title
- Finally for database storage... Again from my understanding you will
need
to set all your tables to utf-8 and then inform your JDBC Driver that
you
want to pass everything back and forth using utf-8.
In mysql you add the following to your jdbc url connection string:
useUnicode=true
characterEncoding=UTF-8
I hope all that information helps.
Original Message Follows
From: Tim Funk <[EMAIL PROTECTED]>
Reply-To: "Tomcat Users List"
To: Tomcat Users List
Subject: Re: Tomcat5.0.28 character encodingg problem
Date: Wed, 25 Jul 2007 12:09:07 -0400
http://tomcat.apache.org/faq/misc.html#utf8
And you should first start with in server.xml:
-Tim
Joe Russo wrote:
>I am getting the following error in the display of the JSP. To give a
>little history, this application I am supporting, at the time the
>developers thought they needed to encode the characters to UTF-8 into
>our Oracle DB. The developers were unaware they could have allowed the
>DB Driver convert it for us. Therefore, we double encode going into
and
>out of the database. Really stupid in hindsight. Trying to clean the
>database up is another project we face.
>
>I am in the process of converting from using JRUN to Tomcat and I have
>ran into the problem where these funky symbols are displaying. I can
>not find any stack traces that would explain or possibly clue into a
>solution.
>
>My questions are: Does Tomcat have problems with any types of
encoding?
> What type of characters are being displayed below and any advice in
>troubleshooting or solving this would be gratefully appreciated.
>
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
_
http://newlivehotmail.com
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PRO
Re: mod_jk error detection
On Wed, 2007-07-25 at 17:00 +0200, Rainer Jung wrote: > Hi, > > good questions. First of all: I just today wrote a new docs page about > timeouts. We are soon releasing 1.2.24 which contains this page. You can > already look at it under > > http://people.apache.org/~rjung/mod_jk-dev/docs/ > > (The new page is named "Timeouts" and part of the group Generic Howtos. > > Also the new docs contain a better explanation, what retries means, > especially the huge difference between retries for an lb worker and a > usual worker. This info is on the updated workers.properties page in the > reference guide. > > > With these settings how could I expect the connector to behave if: > > > > 1. Tomcat dies and the port is no longer listening resulting in an > > immediate icmp response. > > I would expect, that any attempt to use an existing connection or to > open a new one immediately returns with an error, because the remote > machine rejects the communication. Further JK behaviour is now depending > if you are using a load balancer or not. Se retries etc. in the updated > docs. > > > 2. The box hosting tomcat dies or the tcp stack for whatever reason > > tanks resulting in no immediate icmp response. > > As long as your local system or the last router still has an arp entry > for the died machine, you will run into very long TCP timeouts. We > recommend CPing/CPong, see the new Timeouts page. > > > 3. The connector does make a successful connection to the backend > > tomcat worker only to have that worker become slow and almost > > unresponsive. > > You should use CPing/CPong and reply timeouts. See again the new > Timeouts page. If you don't use an lb, the best you can do is throwing > an error early, such that the rest of the infrastructure doesnt get > congested. > > > Are there more directives I should be concerned with? Currently, I have > > no intentions on monitoring the http response status codes to detect > > errors. > > Look at the new page and look at the workers.properties page of the > reference guide. Use a load balancing worker, set recovery_options etc. > > HTH. > > Regards, > > Rainer > > P.S.: If you have suggestions how to improve the new page: it's not > public yet. If you are fast enough, we can include those changes. > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > I thoroughly enjoyed the updated docs. It is just what I needed. I just want to mention a few inferences I have now from reading it. In a load balanced setup using connect_timeout and prepost_timeout, this will protect me from sending either newly established connections (rare event due to persistence) as well as each and every individual request from being sent to a failed tomcat node based on CPING/CPONG messages. These messages only detect whether or not the container (I'm using tomcat) is healthy enough to respond to such a message but not necessarily anything more, correct? Basically, its ajp listener is responsive. Plus, if I need more high speed error detection I can use reply_timeout. Sound correct? I get confused on the recovery_options section. How does it work in a load balanced environment? If tomcat receives a request and processes some of it followed by a catastrophic failure before completing the response, what exactly does a repeated request from the client do? Assuming recovery_options is set to 0. Also, I get confused with the section describing the retries directive. In a load balanced environment, would the connector retry no matter the state (tcp state here) of the connection whether it be established already? Would it retry against the same backend tomcat server? The reason I ask is because the docs say "If the load balancer can not get a free connection for a member worker from the pool, it will try again a number of times given by retries." I highlighted the words that confuse me. Every 60 seconds would we expect the connector to attempt to send a valid request to a backend tomcat and fail or once a worker goes into error state do we only check with CPING/CPONG requests during the maintenance cycle?
RE: [Apache2.2.4/modjk/Tomcat6.0.13] redirect url problem
The reason was I had my rewrite directives in httpd.conf, when they should have been nested under the virtual host in httpd-ssl.conf. Guess I forgot to mention/remember I am using ssl. So I've got it working, thank you for your help, but it's still unclear why we can't point two different paths at the same context/webapp. Suppose I wanted a solution that only involved Tomcat? It wouldn't be possible. Thanks again. Dan -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 24, 2007 5:48 PM To: Tomcat Users List Subject: Re: [Apache2.2.4/modjk/Tomcat6.0.13] redirect url problem Since you want to do an internal URL rewriting, it doesn't make much sense to me, to use a full URL including protocol and host. I would try the line, you commented out, instead. I guess, that you already tried that. You should definitely see log entries in the rewrite log, if the module is doing anything. Maybe there's a problem with the spaces in the path? Mske sure, the Apache user can write to the file, so it wasn't created during a test run by a user with other privileges. Why is your JkOption gone? Regards, Rainer Dan Beaulieu wrote: > Yes, that's what I have been playing around with. This is the very bottom of > my httpd.conf: > > JkWorkersFile "C:/Program Files/Apache2/conf/workers.properties" > JkShmFile "C:/Program Files/Apache2/logs/mod_jk.shm" > JkLogFile "C:/Program Files/Apache2/logs/mod_jk.log" > JkLogLeveldebug > JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " > jkMount /myApp/* worker1 > > > RewriteEngine on > RewriteLog "C:\Program Files\Apache2\logs\rewrite.txt" > RewriteLogLevel 9 > RewriteRule ^/demo/(.*)$ https://localhost/$1 [PT,NE,NC] > #RewriteRule ^/demo/(.*)$ /$1 [PT,NE,NC] > > > I've tried both those rewrite rules, and with the R flag included, no go. > Nothing is getting written to the rewrite.txt log either, it DOES exist > though. Only thing I am getting is "client denied by server configuration: > C:/Program Files/Apache2/htdocs/demo" when I try to visit > "https://localhost/demo/myApp/login.html"; in my error_log. I have no idea > how htdocs is getting used as I've modified my DocumentRoot to point > elsewhere...(Not that that's what I want to use anyway) > > I am also loading mod_jk before mod_rewrite, as I've seen that the load > order has caused problems for some people. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5.0.28 character encodingg problem
Both Chris and Tim are giving great advice. We're actually just trying to
internationalize our application for our next major release.
Here are the things we've learned.
- You have to change the URIEncoding on your Tomcat Connector in your
server.xml (as Tim pointed out).
We are using mod_jk and had to change our entry in the server.xml to the
following:
enableLookups="false" redirectPort="8443" protocol="AJP/1.3"
URIEncoding="UTF-8" />
- On every request that comes into your tomcat server you have to check the
character encoding of your request and your response BEFORE any work is
actually done.
So like Chris mentioned you want to look up a character encoding filter. I
would recommend placing that as the very first filter that gets called in
your application. To do make this filter first in the filter chain is
simple. When adding your filter to your applications web.xml file, make
sure is the first one listed in the filter mappings section.
Here is the Filter we are currently using for testing.
public class ContentTypeFilter implements Filter {
public void init(FilterConfig config) {}
public void destroy() {}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException
{
// I've seen some other classes that check to see if the character
encoding is null and then set
// the character encoding to utf-8. I'm not sure which is best at this
time. My guess is doing
// the null checks because from my understanding the client can change
the page encoding on
// each and every request even though the server sets the page up to be
utf-8.
request = (HttpServletRequest)request;
request.setCharacterEncoding("UTF-8");
// Make sure to set the character encoding on the response early
because once something is
// sent back to the client (like a jsp), then the character encoding is
already set to the default
// of the server.
response.setCharacterEncoding("UTF-8");
// Set the content type in the header of the response.
response.setContentType("text/html;charset=UTF-8");
filterChain.doFilter(request, response);
}
}
- Set the meta type in each and every jsp to be utf-8. Now, most browsers
will ignore this value from my understanding, but it shouldn't hurt to add
it.
test title
- Finally for database storage... Again from my understanding you will need
to set all your tables to utf-8 and then inform your JDBC Driver that you
want to pass everything back and forth using utf-8.
In mysql you add the following to your jdbc url connection string:
useUnicode=true
characterEncoding=UTF-8
I hope all that information helps.
Original Message Follows
From: Tim Funk <[EMAIL PROTECTED]>
Reply-To: "Tomcat Users List"
To: Tomcat Users List
Subject: Re: Tomcat5.0.28 character encodingg problem
Date: Wed, 25 Jul 2007 12:09:07 -0400
http://tomcat.apache.org/faq/misc.html#utf8
And you should first start with in server.xml:
-Tim
Joe Russo wrote:
I am getting the following error in the display of the JSP. To give a
little history, this application I am supporting, at the time the
developers thought they needed to encode the characters to UTF-8 into
our Oracle DB. The developers were unaware they could have allowed the
DB Driver convert it for us. Therefore, we double encode going into and
out of the database. Really stupid in hindsight. Trying to clean the
database up is another project we face.
I am in the process of converting from using JRUN to Tomcat and I have
ran into the problem where these funky symbols are displaying. I can
not find any stack traces that would explain or possibly clue into a
solution.
My questions are: Does Tomcat have problems with any types of encoding?
What type of characters are being displayed below and any advice in
troubleshooting or solving this would be gratefully appreciated.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
_
http://newlivehotmail.com
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Performance problem on HTTP PUT of large binary data
> From: Christopher Schultz [mailto:[EMAIL PROTECTED] > Subject: Re: Performance problem on HTTP PUT of large binary data > > - From java.io.InputStream javadoc: > "Reads some number of bytes from the input stream and stores > them into the buffer array b. The number of bytes actually > read is returned as an integer. This method blocks until > input data is available, end of file is detected, or an > exception is thrown." > > To me, that's a little vague. That's because InputStream is an abstract class; the actual behavior is dependent on whatever concrete class is instantiated behind the method definition. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Server Security
On 25 Jul 2007 at 11:48, Michael McQuade wrote: > U, also, can Tomcat be run on Port 80? Yes you can but be aware that a lot of ISPs (for home use anyways) block incoming connections on port 80. > > > - Original Message - > From: "Michael McQuade" <[EMAIL PROTECTED]> > To: "Tomcat Users List" > Sent: Wednesday, July 25, 2007 11:38 AM > Subject: Server Security > > > Hi folks, hope someone can offer me a little bit of advice. Im > running Tomcat 5.0.28 on a home server I want to allow people to > look at a product I'm developing over the web But I am worried > about my server being hacked Can anyone offer me some tips on how > to protect it. I'm not very network saavy. Thank-You in > advance > > Mike > > > - > To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, > e-mail: [EMAIL PROTECTED] For additional commands, > e-mail: [EMAIL PROTECTED] > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Server Security
Yes, you can run Tomcat on port 80. Some OS's (Linux, UNIX) require the process to have root privs to use port 80. Most important is to keep your OS and Tomcat up to date and use a firewall - standard advice for connecting any computer to the internet. The fortunate thing that I've noticed is that there are very few attempts to exploit security holes in Tomcat or the Apache web server. The exploits I've seen in my web logs are targeted at IIS, PHP and other things. There are security holes in Tomcat and Apache (obviously, because they keep releasing patches for them) but no-one seems to bother trying to exploit them. And it's unlikely that the bad guys will even notice your custom web app (although you should still eliminate any vulnerabilities that you can of course). -- Len On 7/25/07, Michael McQuade <[EMAIL PROTECTED]> wrote: U, also, can Tomcat be run on Port 80? - Original Message - From: "Michael McQuade" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Wednesday, July 25, 2007 11:38 AM Subject: Server Security Hi folks, hope someone can offer me a little bit of advice. Im running Tomcat 5.0.28 on a home server I want to allow people to look at a product I'm developing over the web But I am worried about my server being hacked Can anyone offer me some tips on how to protect it. I'm not very network saavy. Thank-You in advance Mike - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performance problem on HTTP PUT of large binary data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, Daniel Hagen wrote: > I am currently developing an application that handles uploads of big > files using HTTP PUT. > The client is a Java client writing 32K blocks to the server using > chunked streaming mode with 32K chunk size. > > On performance tests I noticed the CPU load of the server going up to > 100% and remaining there during the complete upload. I did some > further profiling and finally got one (in my eyes) very propable > candidate: The read(byte[]) methods of the (Coyote)InputStream return > only blocks of ~1000 to ~7500 bytes resulting in an excessive amount > of calls to the aforementioned methods in the process. I wonder if this is due to the IP and ethernet chunking of data. Ethernet (and IP) packets /can/ get really big, but are often something small like 1500 bytes or so. Your OS (or OSs) might be getting lazy and just returning each packet in its own block. It looks like you are using non-buffered streams. Have you tried using BufferedInputStream? That might allow more bytes to pile up before the bytes are actually returned. Simply using a 32k byte array doesn't really set any chunking size when reading. The InputStream class will just give you what's available, not block to fill your buffer entirely. - From java.io.InputStream javadoc: "Reads some number of bytes from the input stream and stores them into the buffer array b. The number of bytes actually read is returned as an integer. This method blocks until input data is available, end of file is detected, or an exception is thrown." To me, that's a little vague. It only says that it will block until data is available... it doesn't say how much is required for a successful return. I suspect that it will return immediately when any amount of data is available. > I also noticed a funny pattern in the number of bytes read, there > seems to be a fixed maximum of ~7000 bytes (windows) and a similar > but not equal number (~7700) on linux. Sounds like a buffering issue. Try BufferedInputStream and re-test. > Do you have any idea what could cause the described behavior and > prevent the server from returning larger buffers? Any parameters I > could check/tweek to overcome that problem? I suspect that your server is fast enough to be able to steal small amounts of data from the TCP stack each time, rather than actually getting 32k all at once. Since you aren't buffering your input, you are getting small bytes (ha!) of data instead of large ones. Give buffering a try and let us know how it goes. If that doesn't so it, you might want to look into Comet which features non-blocking IO capability, though I'm not entirely sure how that would help you, here ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp4l19CaO5/Lv0PARAtSSAKCRcDk/TKgC/2Lh9/ajF4caiI8DmQCgitrn zLSzld/lfDLKjfCsqSmGWxM= =WokQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-4.1 & kaffe; IllegalArgumentException: Attribute must be readable or writable
Caldarale, Charles R wrote: From: Craig Skinner [mailto:[EMAIL PROTECTED] Subject: Re: tomcat-4.1 & kaffe; IllegalArgumentException: Attribute must be readable or writable If you can upgrade to Tomcat 5.5, you only need a JRE, not a JDK, Oh? That's a new one on me. I thought that JSP's are complied at run time. They are, but TC 5.5 and above come with Jasper built in, and thus do not need a JDK. That sounds a bit misleading to me. Instead I'd phrase that: TC 5.5 and above are shipped with the Eclipse JDT Java compiler, and thus do not need a JDK. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Performance problem on HTTP PUT of large binary data
Dear All,
I am currently developing an application that handles uploads of big files
using HTTP PUT.
The I/O part of the server application can be broken down to (not literally
spoken, just to make the working clear):
public void doPut(HttpServletRequest request, HttpServletResponse response)
{
InputStream in = request.getInputStream();
OutputStream out = new FileOutputStream("some_file");
[Transfer data between streams using a 32K buffer]
}
The client is a Java client writing 32K blocks to the server using chunked
streaming mode with 32K chunk size.
On performance tests I noticed the CPU load of the server going up to 100% and
remaining there during the complete upload.
I did some further profiling and finally got one (in my eyes) very propable
candidate:
The read(byte[]) methods of the (Coyote)InputStream return only blocks of ~1000
to ~7500 bytes resulting in an excessive amount of calls to the aforementioned
methods in the process.
(Windows & Linux alike, same behavior when accessing localhost or on access
over network, c++ libcurl client produces the same pattern).
The delay between the calls also does not seem to matter since the blocks to
not get larger even with a 1 second or larger delay between the calls to
InputStream.read(byte[]).
I also noticed a funny pattern in the number of bytes read, there seems to be a
fixed maximum of ~7000 bytes (windows) and a similar but not equal number
(~7700) on linux.
I tested with Tomcat 6.0.13 accessing the Tomcat HTTP connector directly, the
connector was configured with:
[...]
socket.appReadBufSize="32678"
socket.appWriteBufferSize="32768"
socket.rxBufSize="32678"
(BTW, Tomcat 5.5 behavior is the same)
So finally my question:
Do you have any idea what could cause the described behavior and prevent the
server from returning larger buffers?
Any parameters I could check/tweek to overcome that problem?
Thank you!
Daniel
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk error detection
On Wed, 2007-07-25 at 17:00 +0200, Rainer Jung wrote: > Hi, > > good questions. First of all: I just today wrote a new docs page about > timeouts. We are soon releasing 1.2.24 which contains this page. You can > already look at it under > > http://people.apache.org/~rjung/mod_jk-dev/docs/ > > (The new page is named "Timeouts" and part of the group Generic Howtos. > > Also the new docs contain a better explanation, what retries means, > especially the huge difference between retries for an lb worker and a > usual worker. This info is on the updated workers.properties page in the > reference guide. > > > With these settings how could I expect the connector to behave if: > > > > 1. Tomcat dies and the port is no longer listening resulting in an > > immediate icmp response. > > I would expect, that any attempt to use an existing connection or to > open a new one immediately returns with an error, because the remote > machine rejects the communication. Further JK behaviour is now depending > if you are using a load balancer or not. Se retries etc. in the updated > docs. > > > 2. The box hosting tomcat dies or the tcp stack for whatever reason > > tanks resulting in no immediate icmp response. > > As long as your local system or the last router still has an arp entry > for the died machine, you will run into very long TCP timeouts. We > recommend CPing/CPong, see the new Timeouts page. > > > 3. The connector does make a successful connection to the backend > > tomcat worker only to have that worker become slow and almost > > unresponsive. > > You should use CPing/CPong and reply timeouts. See again the new > Timeouts page. If you don't use an lb, the best you can do is throwing > an error early, such that the rest of the infrastructure doesnt get > congested. > > > Are there more directives I should be concerned with? Currently, I have > > no intentions on monitoring the http response status codes to detect > > errors. > > Look at the new page and look at the workers.properties page of the > reference guide. Use a load balancing worker, set recovery_options etc. > > HTH. > > Regards, > > Rainer > > P.S.: If you have suggestions how to improve the new page: it's not > public yet. If you are fast enough, we can include those changes. > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Thanks I'll be reading up this afternoon and posting comments. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logging all data sent to client
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ben,
I might change your LoggingHttpServletResponse slightly. I think it's
more complicated than necessary.
ben short wrote:
> LoggingHttpServletResponse.java
>
> class LoggingHttpServletResponse extends HttpServletResponseWrapper
>{
>private Logger mLogger =
> Logger.getLogger(LoggingHttpServletResponse.class);
>
>public LoggingHttpServletResponse(HttpServletResponse
> httpServletResponse)
>{
>super(httpServletResponse);
>mWrappedResponse = httpServletResponse;
// I would remove the mWrappedResponse. You can always call
super.getResponse to get the wrapped response.
>}
[snip]
>// - Public
> Methods
>
>/**
> * Create and return a ServletOutputStream to write the content
> * associated with this Response.
> *
> * @throws IOException if an input/output error occurs
> */
>public ServletOutputStream createOutputStream() throws IOException
>{
>mLogger.debug("Creating new LoggingOutputStream");
>
>return new LoggingServletOutputStream(mWrappedResponse, mLogger);
>}
Is this method useful? The constructor for LSOS ought to be enough.
>/**
> * Finish a response.
> */
>public void finishResponse()
>{
>try
>{
>if (mWriter != null)
>{
>mWriter.close();
>}
>else
>{
>if (mStream != null)
>mStream.close();
>}
>}
>catch (IOException e)
>{
>}
>}
Same here. You should not need a finishResponse method. You ought to
allow the 'close' method to do its job. Remove this method.
>/**
> * Flush the buffer and commit this response.
> *
> * @throws IOException if an input/output error occurs
> */
>public void flushBuffer() throws IOException
>{
>mStream.flush();
>}
How about:
public void flushBuffer()
throws IOException
{
if(null != mStream)
mStream.flush();
else if(null != mWriter)
mWriter.flush();
}
>public ServletOutputStream getOutputStream() throws IOException
>{
>if (mWriter != null)
>throw new IllegalStateException("getWriter() has already
> been called for this response");
>
>if (mStream == null)
>mStream = createOutputStream();
>
>mLogger.debug("mStream is set to " + mStream + " in
> getOutputStream");
>
>return (mStream);
>}
This method should be:
public ServletOutputStream getOutputStream()
{
if(null == mStream)
mStream = new LoggingServletOutputStream(super.getOutputStream));
return mStream;
}
>public PrintWriter getWriter() throws IOException
>{
>if (mWriter != null)
>return (mWriter);
>
>if (mStream != null)
>throw new IllegalStateException("getOutputStream() has
> already been called for this response");
>
>mStream = createOutputStream();
>
>mLogger.debug("mStream is set to " + mStream + " in
> getOutputStream");
>
>// HttpServletResponse.getCharacterEncoding() shouldn't return null
>// according the spec, so feel free to remove that "if"
>mWriter = new PrintWriter(mStream);
>
>return (mWriter);
>}
>}
Similarly:
public PrintWriter getWriter()
throws IOException
{
if(null == mWriter)
mWriter = new LoggingServletWriter(super.getWriter());
return mWriter;
}
> LoggingServletOutputStream.java
>
> class LoggingServletOutputStream extends ServletOutputStream
>{
>private Logger mLogger;
>private HttpServletResponse mResponse;
The response is not necessary. Remove this.
>private OutputStream mOutputStream;
>private ByteArrayOutputStream mByteArrayOutputStream = new
> ByteArrayOutputStream();
Good.
>public LoggingServletOutputStream(HttpServletResponse response,
> Logger logger) throws IOException
>{
>mResponse = response;
>mOutputStream = mResponse.getOutputStream();
>mLogger = logger;
>}
Remove the response object, and replace it with the output stream directly.
>public void write(int b) throws IOException
>{
>mByteArrayOutputStream.write(b);
>mOutputStream.write(b);
>}
>
>@Override
>public void write(byte b[]) throws IOException
>{
>mByteArrayOutputStream.write(b);
>mOutputStream.write(b);
>}
>
>@Override
>public void write(byte b[], int off, int len) throws IOException
>{
>mByteArrayOutputStream.write(b, off, len);
>mOutputStream.write(b, off, len);
>}
Good.
>@Override
>public void close() throws IOException
>{
>if ( mLogger.isDebugEnabled() )
You p
Re: Tomcat consuming entire CPU.
Thanks very much all for the advice, I've managed to get my thread dumps nicely formatted side by side in HTML using TDAN (Thread Dump Analyzer) I'll work out how to then get thread ID's using 'ps' and then should be in business. I'm also going to speak with DBA about limiting Oracles(Database) memory, and get Tomcat moved from was into RAM, I think this will help general performance, but isn't the root cause. Thanks again, Mark. On 25/07/07, Juha Laiho <[EMAIL PROTECTED]> wrote: Mark Stevens wrote: > I don't think we are using sendfile, to be honest, I've had no > involvement in development of the code, I'm just requested to look > after the server. > > I'm going to try and work out how to read thread dumps, hopefully this > will help, I'm finding my X11 connection too slow for J-Profiler to be > usable. Ok, some more details on what to look for (pretty much already said by Charles in an earlier message). When you encounter the CPU hogging situation, run (several times, if needed) such form of "ps" command that shows data on the individual threads. This'll give you the thread ID of the CPU-hungry thread (most possibly there is just one thread in this state), when you look at the CPU time used by thread - one is incrementing, others are not. Then run "kill -QUIT " to get the thread dump in catalina.out logfile. When you have the thread dump, you'll at least get a name of the thread and the Java method name being executed in the thread which is eating your CPU. This gives, if nothing else, a possibility to see whether the thread is looping in Java library code, application code, or Tomcat server code. A caveat on the data formats; at least on Linux platforms the thread ids from "ps" are in decimal, whereas in Java thread dump they are in hexadecimal, so you'll need to do a dec->hex conversion to the thread id from ps before searching in the thread dump. > Something else I noticed in my Live envrionment is that Oracle is > hogging all the memory and tomcat is being forced into swap. Oracle as in database - or application server? If database, then you'll need to get your DBA people to re-tune Oracle to leave some memory for others as well. If you're the DBA as well, see Oracle documentation on tuning SGA and db buffer cache sizes. -- ..Juha - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logging all data sent to client
Thanks Ben!
> Heres what I have put together, use at your own risk. any comments
> welcome.
>
> HttpServletResponseLoggingFilter.java
>
> public class HttpServletResponseLoggingFilter implements Filter
> {
> private Logger mLogger =
> Logger.getLogger(HttpServletResponseLoggingFilter.class);
>
> public void doFilter(ServletRequest servletRequest,
> ServletResponse servletResponse, FilterChain filterChain) throws
> IOException, ServletException
> {
> if ( mLogger.isDebugEnabled() && servletResponse instanceof
> HttpServletResponse &&
> isNonStaticResource((HttpServletRequest)servletRequest) )
> {
> final LoggingHttpServletResponse
> loggingHttpServletResponse = new
> LoggingHttpServletResponse((HttpServletResponse)servletResponse);
>
> try
> {
> mLogger.debug("Filtering request : " +
> getFullRequestUrl((HttpServletRequest)servletRequest));
>
> filterChain.doFilter(servletRequest,
> loggingHttpServletResponse);
> }
> finally
> {
> loggingHttpServletResponse.finishResponse();
> }
> }
> else
> {
> filterChain.doFilter(servletRequest, servletResponse);
> }
> }
>
> private boolean isNonStaticResource(HttpServletRequest request)
> {
> return !request.getRequestURI().contains("resources");
> }
>
> // http://hostname.com/mywebapp/servlet/MyServlet/a/b;c=123?d=789
> private String getFullRequestUrl(HttpServletRequest request)
> {
> String reqUrl = request.getRequestURL().toString();
> String queryString = request.getQueryString(); // d=789
> if (queryString != null)
> {
> reqUrl += "?"+queryString;
> }
> return reqUrl;
> }
>
> public void init(FilterConfig filterConfig) throws ServletException
> {
> }
>
> public void destroy()
> {
> }
>
> }
>
> LoggingHttpServletResponse.java
>
> class LoggingHttpServletResponse extends HttpServletResponseWrapper
> {
> private Logger mLogger =
> Logger.getLogger(LoggingHttpServletResponse.class);
>
> public LoggingHttpServletResponse(HttpServletResponse
> httpServletResponse)
> {
> super(httpServletResponse);
> mWrappedResponse = httpServletResponse;
> }
>
> // - Instance
> Variables
>
> /**
> * Original response
> */
>
> protected HttpServletResponse mWrappedResponse = null;
>
> /**
> * The ServletOutputStream that has been returned by
> * getOutputStream(), if any.
> */
>
> protected ServletOutputStream mStream = null;
>
>
> /**
> * The PrintWriter that has been returned by
> * getWriter(), if any.
> */
>
> protected PrintWriter mWriter = null;
>
> // - Public
> Methods
>
> /**
> * Create and return a ServletOutputStream to write the content
> * associated with this Response.
> *
> * @throws IOException if an input/output error occurs
> */
> public ServletOutputStream createOutputStream() throws IOException
> {
> mLogger.debug("Creating new LoggingOutputStream");
>
> return new LoggingServletOutputStream(mWrappedResponse, mLogger);
> }
>
>
> /**
> * Finish a response.
> */
> public void finishResponse()
> {
> try
> {
> if (mWriter != null)
> {
> mWriter.close();
> }
> else
> {
> if (mStream != null)
> mStream.close();
> }
> }
> catch (IOException e)
> {
> }
> }
>
> // ServletResponse
> Methods
>
>
> /**
> * Flush the buffer and commit this response.
> *
> * @throws IOException if an input/output error occurs
> */
> public void flushBuffer() throws IOException
> {
> mStream.flush();
> }
>
> /**
> * Return the servlet output mStream associated with this Response.
> *
> * @throws IllegalStateException if getWriter has
> * already been called for this response
> * @throws IOException if an input/output error occurs
> */
> public ServletOutputStream getOutputStream() throws IOException
> {
> if (mWriter != null)
> throw new IllegalStateException("getWriter() has already
> been called for this response");
>
> if (mStream == null)
> mStream = createOutputStream();
>
> mLogger.debug("mStream is set to " + mStream + " in
> get
Re: Tomcat5.0.28 character encodingg problem
http://tomcat.apache.org/faq/misc.html#utf8 And you should first start with in server.xml: -Tim Joe Russo wrote: I am getting the following error in the display of the JSP. To give a little history, this application I am supporting, at the time the developers thought they needed to encode the characters to UTF-8 into our Oracle DB. The developers were unaware they could have allowed the DB Driver convert it for us. Therefore, we double encode going into and out of the database. Really stupid in hindsight. Trying to clean the database up is another project we face. I am in the process of converting from using JRUN to Tomcat and I have ran into the problem where these funky symbols are displaying. I can not find any stack traces that would explain or possibly clue into a solution. My questions are: Does Tomcat have problems with any types of encoding? What type of characters are being displayed below and any advice in troubleshooting or solving this would be gratefully appreciated. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5.0.28 character encodingg problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe, Joe Russo wrote: > I am in the process of converting from using JRUN to Tomcat Good for you! Welcome to the community. > I have > ran into the problem where these funky symbols are displaying. I can > not find any stack traces that would explain or possibly clue into a > solution. Right. These things (encoding problems) hardly ever generate errors; they just exhibit unexpected behavior. > My questions are: > Does Tomcat have problems with any types of encoding? Yes and no. Tomcat behaves exactly as the HTTP specification mandates. That is, it interprets all incoming data using the ISO-8859-1 character encoding unless the request states otherwise (in the Content-Type header). Some browsers don't send the encoding along with the Content-Type, so the behavior gets confused. Some browsers only send an encoding when there is POST data, since the Content-Type only really makes sense when where is request content (the POST data). Unfortunately, the browser usually uses (what would have been) the Content-Type of a request to encode the URL in the request. So, if a browser uses UTF-8 to encode the URL (which is typical these days), but doesn't send a Content-Type header (or leaves out the encoding), then Tomcat interprets it incorrectly as ISO-8859-1, and you get funny characters. It's not Tomcat's fault. It's actually not the browser's fault, either. It's actually the HTTP spec's fault, since the character encoding used in URLs isn't explicitly laid out. :( > What type of characters are being displayed below and any advice in > troubleshooting or solving this would be gratefully appreciated. The presence of the 'â' character looks to me like a UTF-8 URL being interpreted as an ISO-8859-1 URL. Try searching google for CharacterEncodingFilter and take a look at that. It tries to recover from requests that don't include a character encoding. You should also look at the "URIEncoding" attribute of the element. You can set the encoding to something other than the default (ISO-8859-1). For more information, see: http://tomcat.apache.org/faq/misc.html#tomcat5CharEncoding http://tomcat.apache.org/faq/connectors.html#utf8 http://tomcat.apache.org/tomcat-5.0-doc/config/ajp.html (if you use JK) http://tomcat.apache.org/tomcat-5.0-doc/config/http.html (if you don't) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp3Wi9CaO5/Lv0PARAm9kAJ0Sb2P15mo+x5IUQZBiP1laJKCI3gCdFcO3 W0t6lz0jMzyvRsPK3BTBaXE= =uAOC -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[SOLVED] Re: COMET with Tomcat 6.0.13 causes 405 Error
It was like Sebastiaan assumed: I had the catalina.jar included in my webapp after building. After removing it, the error was gone. - Thanks for the fast help.. Regards, felix Sebastiaan van Erk wrote: > > Check to make sure that it's really running the Http11NioProtocol, it > should say so in the logs when tomcat starts. > > Furthermore, what kind of environment are your running in? Make sure > that the CometProcessor class is not in your classpath twice, This can > be caused by build tools which use your project classpath for your > webapp; your webapp depends on catalina.jar (which contains > CometProcessor), however if it's included in your webapp then tomcat's > instanceof CometProcessor check fails, causing this error. (If using > mvn, set your dependency scope of the tomcat jars to provided). > > Regards, > Sebastiaan > > FelixG wrote: >> Hi everyone, >> >> I am trying to get the Adv. IO feature of Tomcat 6.0.13 (running on a >> sparc >> sun solaris 8 with JDK6) >> working. After searching the mailing-lists I changed the connector in >> server.xml to use the NioProtocol: >> >> > protocol="org.apache.coyote.http11.Http11NioProtocol" >> maxThreads="150" connectionTimeout="2" redirectPort="8443" /> >> >> But I kept on getting the "HTTP method GET is not supported by this URL" >> error message. After logging I >> saw that only init() from the servlet (I tried also several examples from >> the net) is executed but nothing >> else. Are there other adjustments I could make to get event() invoked? >> >> Best Regards, >> felix > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/COMET-with-Tomcat-6.0.13-causes-405-Error-tf4141233.html#a11785700 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Server Security
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike, Michael McQuade wrote: > Im > running Tomcat 5.0.28 on a home server I want to allow people to > look at a product I'm developing over the web But I am worried > about my server being hacked Can anyone offer me some tips on > how to protect it. I'm not very network saavy. Thank-You in > advance Is your server connected directly to your Internet connection, or are you using a router? If you are using a router, there's good news and bad news. The good news is that nobody can hit your server directly from the Internet, so you are relatively protected. The bad news is that you will have to set up a port forwarding rule on your router so that people from the Internet can get to your server. Since a port forwarding rule can be limited to a single port, you don't have to worry about anyone hacking /other/ services that might be running on your server -- at least not directly. Now, you just need to make sure that Tomcat is up-to-date and that your application doesn't offer any juicy places to attack (like allowing a remote user to submit code to be executed, etc.). As always, never run Tomcat as an administrative user. Instead, run it as a regular user with access only to files owned by the "tomcat" user (or whatever). If you're really paranoid, you could run Tomcat using chroot (if you're using anything UNIX-like) and/or run Tomcat with a SecurityManager locking-down everything. Turning on a SecurityManager usually results in you having to take a while to figure out everything that your application needs and specifically granting access to it. (It's kind of a headache). Everything comes down to this: 1. Make sure your OS and app server are up-to-date with security patches. 2. Limit access to only what you need (forward only the one port). 3. Never run a service as root or administrator. 4. Make sure your application doesn't do anything stupid. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp3HE9CaO5/Lv0PARAqCYAJ4v7W7XUDmv4K65c5uyDl89Vtzh7ACgjga6 +aA51gv8ZFrQdPB1LJ13qxg= =nlpd -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Server Security
U, also, can Tomcat be run on Port 80? - Original Message - From: "Michael McQuade" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Wednesday, July 25, 2007 11:38 AM Subject: Server Security Hi folks, hope someone can offer me a little bit of advice. Im running Tomcat 5.0.28 on a home server I want to allow people to look at a product I'm developing over the web But I am worried about my server being hacked Can anyone offer me some tips on how to protect it. I'm not very network saavy. Thank-You in advance Mike - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat5.0.28 character encodingg problem
I am getting the following error in the display of the JSP. To give a little history, this application I am supporting, at the time the developers thought they needed to encode the characters to UTF-8 into our Oracle DB. The developers were unaware they could have allowed the DB Driver convert it for us. Therefore, we double encode going into and out of the database. Really stupid in hindsight. Trying to clean the database up is another project we face. I am in the process of converting from using JRUN to Tomcat and I have ran into the problem where these funky symbols are displaying. I can not find any stack traces that would explain or possibly clue into a solution. My questions are: Does Tomcat have problems with any types of encoding? What type of characters are being displayed below and any advice in troubleshooting or solving this would be gratefully appreciated. comments to our revised manuscript entitled âInterleukin-4 Cytotoxin Therapy Synergizes with Gemcitabine in a Mouse Model of Pancreatic Ductal Adenocarcinomaâ. We agree with th Joe - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-4.1 & kaffe; IllegalArgumentException: Attribute must be readable or writable
On Wed, Jul 25, 2007 at 10:31:19AM -0500, Caldarale, Charles R wrote: > > > If you can upgrade to Tomcat 5.5, you only need a JRE, not a JDK, > > > > Oh? That's a new one on me. I thought that JSP's are complied > > at run time. > > They are, but TC 5.5 and above come with Jasper built in, and thus do > not need a JDK. Ahh. 5.5 package for OpenBSD 4.1, the box is due an upgrade. > Looks like there's a Linux emulator package available for OpenBSD; don't > know how well it performs. > Not for Java, used to be employed in the build process though. OK. Still, I did have kaffe, jikes and tomcat working on Debian, so I'm not convinced that there is a problem with the apps, just in the config of them. Unless there are no other takers, thanks for the help. -- Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAAS logout
helloo, My quation is about how to remove jaas Principal from the Subject.??. I try to let user to sign out the application..I redirect to the jsp that includes: session.invalidate() but when a try to relogin a have an error (j_security_check not found), I still have access on application ressources.. thanks.. -- View this message in context: http://www.nabble.com/JAAS-logout-tf4142986.html#a11785246 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problem in Apache Tomcat server due to Oracle 10g XE
Chris, I think in this case it did, because he was getting a message about Oracle already running at port 8080, and his Tomcat install previously ran at the same port. So therefore, after his Oracle install, he couldn't run TC any longer. I assume Oracle XE was running on startup, and he started TC manually. -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 25, 2007 10:45 AM To: Tomcat Users List Subject: Re: Problem in Apache Tomcat server due to Oracle 10g XE -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Senthil, senthil gugan wrote: > Hi all, I have this problem, I am using Apache Tomcat server and the Oracle > XE Database in my linux suse OS. > Before installing the Oracle XE, my apache tomcat server works well. But > after the installation of the Oracle XE, I had the following error. > > Catalina.stop: java.net.ConnectException: Connection refused > java.net.ConnectException: Connection refused You posted the same question the other day. This probably has nothing to do with Oracle. Make sure that you are always using the same server.xml file, and that the "shutdown port" has been properly set on your element. Also, make sure that Tomcat is actually running. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp2/q9CaO5/Lv0PARAgvQAJ48jFuUqOzOyP43atVXVGIlVAzcUACdEmHH cRln2x0CQKr2Zb6F/Y17SOc= =xkkl -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem in Apache Tomcat server due to Oracle 10g XE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Senthil, senthil gugan wrote: > Hi all, I have this problem, I am using Apache Tomcat server and the Oracle > XE Database in my linux suse OS. > Before installing the Oracle XE, my apache tomcat server works well. But > after the installation of the Oracle XE, I had the following error. > > Catalina.stop: java.net.ConnectException: Connection refused > java.net.ConnectException: Connection refused You posted the same question the other day. This probably has nothing to do with Oracle. Make sure that you are always using the same server.xml file, and that the "shutdown port" has been properly set on your element. Also, make sure that Tomcat is actually running. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp2/q9CaO5/Lv0PARAgvQAJ48jFuUqOzOyP43atVXVGIlVAzcUACdEmHH cRln2x0CQKr2Zb6F/Y17SOc= =xkkl -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Server Security
Hi folks, hope someone can offer me a little bit of advice. Im running Tomcat 5.0.28 on a home server I want to allow people to look at a product I'm developing over the web But I am worried about my server being hacked Can anyone offer me some tips on how to protect it. I'm not very network saavy. Thank-You in advance Mike
RE: Problem in Apache Tomcat server due to Oracle 10g XE
ok, good luck. -Original Message- From: senthil gugan [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 25, 2007 10:28 AM To: Tomcat Users List Subject: RE: Problem in Apache Tomcat server due to Oracle 10g XE Hi Barry L, Thanks for your reply, I will try this and get back to you. Thanks, Senthil. "Propes, Barry L " <[EMAIL PROTECTED]> wrote: yes, sentil, I was right. By default, it does install on port 8080. But supposedly that can be altered. http://forums.oracle.com/forums/thread.jspa?threadID=337610&start=0&tstart=0 -Original Message- From: senthil gugan [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 25, 2007 10:06 AM To: users@tomcat.apache.org Subject: Problem in Apache Tomcat server due to Oracle 10g XE Hi all, I have this problem, I am using Apache Tomcat server and the Oracle XE Database in my linux suse OS. Before installing the Oracle XE, my apache tomcat server works well. But after the installation of the Oracle XE, I had the following error. This is how I start the tomcat: manickam:~ # $CATALINA_HOME/bin/startup.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Error during shut down the tomcat server: manickam:~ # $CATALINA_HOME/bin/shutdown.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Catalina.stop: java.net.ConnectException: Connection refused java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at java.net.Socket.connect(Socket.java:464) at java.net.Socket.connect(Socket.java:414) at java.net.Socket.(Socket.java:310) at java.net.Socket.(Socket.java:125) at org.apache.catalina.startup.Catalina.stop(Catalina.java:527) at org.apache.catalina.startup.Catalina.execute(Catalina.java:347) at org.apache.catalina.startup.Catalina.process(Catalina.java:129) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:150) manickam:~ # Also I was not able to browse the Apache tomcat page using the url "http://localhost:8080/";. It brings the Oracle Page. Any ideas how I can resolve the problem Thanks in advance, Senthil. - Did you know? You can CHAT without downloading messenger. Click here - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Unlimited freedom, unlimited storage. Get it now - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat-4.1 & kaffe; IllegalArgumentException: Attribute must be readable or writable
> From: Craig Skinner [mailto:[EMAIL PROTECTED] > Subject: Re: tomcat-4.1 & kaffe; IllegalArgumentException: > Attribute must be readable or writable > > > If you can upgrade to Tomcat 5.5, you only need a JRE, not a JDK, > > Oh? That's a new one on me. I thought that JSP's are complied > at run time. They are, but TC 5.5 and above come with Jasper built in, and thus do not need a JDK. > Linux is not BSD compatible Looks like there's a Linux emulator package available for OpenBSD; don't know how well it performs. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problem in Apache Tomcat server due to Oracle 10g XE
Hi Barry L, Thanks for your reply, I will try this and get back to you. Thanks, Senthil. "Propes, Barry L " <[EMAIL PROTECTED]> wrote: yes, sentil, I was right. By default, it does install on port 8080. But supposedly that can be altered. http://forums.oracle.com/forums/thread.jspa?threadID=337610&start=0&tstart=0 -Original Message- From: senthil gugan [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 25, 2007 10:06 AM To: users@tomcat.apache.org Subject: Problem in Apache Tomcat server due to Oracle 10g XE Hi all, I have this problem, I am using Apache Tomcat server and the Oracle XE Database in my linux suse OS. Before installing the Oracle XE, my apache tomcat server works well. But after the installation of the Oracle XE, I had the following error. This is how I start the tomcat: manickam:~ # $CATALINA_HOME/bin/startup.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Error during shut down the tomcat server: manickam:~ # $CATALINA_HOME/bin/shutdown.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Catalina.stop: java.net.ConnectException: Connection refused java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at java.net.Socket.connect(Socket.java:464) at java.net.Socket.connect(Socket.java:414) at java.net.Socket.(Socket.java:310) at java.net.Socket.(Socket.java:125) at org.apache.catalina.startup.Catalina.stop(Catalina.java:527) at org.apache.catalina.startup.Catalina.execute(Catalina.java:347) at org.apache.catalina.startup.Catalina.process(Catalina.java:129) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:150) manickam:~ # Also I was not able to browse the Apache tomcat page using the url "http://localhost:8080/";. It brings the Oracle Page. Any ideas how I can resolve the problem Thanks in advance, Senthil. - Did you know? You can CHAT without downloading messenger. Click here - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Unlimited freedom, unlimited storage. Get it now
RE: Problem in Apache Tomcat server due to Oracle 10g XE
yes, sentil, I was right. By default, it does install on port 8080. But supposedly that can be altered. http://forums.oracle.com/forums/thread.jspa?threadID=337610&start=0&tstart=0 -Original Message- From: senthil gugan [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 25, 2007 10:06 AM To: users@tomcat.apache.org Subject: Problem in Apache Tomcat server due to Oracle 10g XE Hi all, I have this problem, I am using Apache Tomcat server and the Oracle XE Database in my linux suse OS. Before installing the Oracle XE, my apache tomcat server works well. But after the installation of the Oracle XE, I had the following error. This is how I start the tomcat: manickam:~ # $CATALINA_HOME/bin/startup.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Error during shut down the tomcat server: manickam:~ # $CATALINA_HOME/bin/shutdown.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Catalina.stop: java.net.ConnectException: Connection refused java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at java.net.Socket.connect(Socket.java:464) at java.net.Socket.connect(Socket.java:414) at java.net.Socket.(Socket.java:310) at java.net.Socket.(Socket.java:125) at org.apache.catalina.startup.Catalina.stop(Catalina.java:527) at org.apache.catalina.startup.Catalina.execute(Catalina.java:347) at org.apache.catalina.startup.Catalina.process(Catalina.java:129) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:150) manickam:~ # Also I was not able to browse the Apache tomcat page using the url "http://localhost:8080/";. It brings the Oracle Page. Any ideas how I can resolve the problem Thanks in advance, Senthil. - Did you know? You can CHAT without downloading messenger. Click here - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problem in Apache Tomcat server due to Oracle 10g XE
I think XE by default ( I think I recall reading this on the Oracle forum, and I'll search for it to verify) uses port 8080 on installation! -Original Message- From: senthil gugan [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 25, 2007 10:06 AM To: users@tomcat.apache.org Subject: Problem in Apache Tomcat server due to Oracle 10g XE Hi all, I have this problem, I am using Apache Tomcat server and the Oracle XE Database in my linux suse OS. Before installing the Oracle XE, my apache tomcat server works well. But after the installation of the Oracle XE, I had the following error. This is how I start the tomcat: manickam:~ # $CATALINA_HOME/bin/startup.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Error during shut down the tomcat server: manickam:~ # $CATALINA_HOME/bin/shutdown.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Catalina.stop: java.net.ConnectException: Connection refused java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at java.net.Socket.connect(Socket.java:464) at java.net.Socket.connect(Socket.java:414) at java.net.Socket.(Socket.java:310) at java.net.Socket.(Socket.java:125) at org.apache.catalina.startup.Catalina.stop(Catalina.java:527) at org.apache.catalina.startup.Catalina.execute(Catalina.java:347) at org.apache.catalina.startup.Catalina.process(Catalina.java:129) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:150) manickam:~ # Also I was not able to browse the Apache tomcat page using the url "http://localhost:8080/";. It brings the Oracle Page. Any ideas how I can resolve the problem Thanks in advance, Senthil. - Did you know? You can CHAT without downloading messenger. Click here - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MySql Connector
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammed, Mohammed Zabin wrote: > I did this, but i think that there is an option to enable logging, do u > know it? Logs should go to catalina.out, or to the console if you're using windows and startup.bat instead of a service. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFGp2oo9CaO5/Lv0PARAjg+AJjbycd41PSmCMnHIGJp1/jpN/L+AJ9IJNG5 tPRRLlrf/eySyIoS7vBw0A== =B4XC -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-4.1 & kaffe; IllegalArgumentException: Attribute must be readable or writable
On Wed, Jul 25, 2007 at 09:37:21AM -0500, Caldarale, Charles R wrote: > > Not an option: Sun does not release a JKD for BSD. > > If you can upgrade to Tomcat 5.5, you only need a JRE, not a JDK, Oh? That's a new one on me. I thought that JSP's are complied at run time. I have jikes installed. > and there are Linux-compatible JREs downloadable from Sun. > > Not an option: Sun does not release a JKD for BSD. Linux is not BSD compatible, in the same way that Solaris SPARC binaries will not run on i386 Linux. > Actually, even > with Tomcat 4.1, the only part of the JDK that's needed for Tomcat is > the javac classes from tools.jar, which are all pure Java and can be > used independently of the rest of the JDK. > I don't think that there is a problem with the complier, else I would not be getting this: $ ls -lh /var/tomcat/work/Standalone/localhost/_/ total 36 -rw-r--r-- 1 _tomcat _tomcat81B Jul 21 13:06 SESSIONS.ser -rw-r--r-- 1 _tomcat _tomcat 14.6K Jul 21 13:05 index_jsp.java I think there is some silly mis-config, or file system permission error as: javax.management.RuntimeOperationsException: nested exception is java.lang.IllegalArgumentException: Attribute must be readable or writable java.lang.IllegalArgumentException: Attribute must be readable or writable at javax.management.MBeanAttributeInfo. (MBeanAttributeInfo.java:60) I searched for this exception and did not get anything relevant. Any other ideas? Thanks. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MySql Connector
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammed, Mohammed Zabin wrote: > I have the following error: > > org.apache.jasper.JasperException: Unable to compile class for JSP: Uhh... you have a syntax error in your JSP code. Fix that, then we'll get back to configuration issues. You didn't give enough information to help with the JSP syntax error. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGp2lm9CaO5/Lv0PARAvlRAJ45KuixS2Fy75ssMLQLwUYhA+DjOACgtiTN nZhKt8DoIGh8UFwV+Ri6qWI= =syvt -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem in Apache Tomcat server due to Oracle 10g XE
Hi all, I have this problem, I am using Apache Tomcat server and the Oracle XE Database in my linux suse OS. Before installing the Oracle XE, my apache tomcat server works well. But after the installation of the Oracle XE, I had the following error. This is how I start the tomcat: manickam:~ # $CATALINA_HOME/bin/startup.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Error during shut down the tomcat server: manickam:~ # $CATALINA_HOME/bin/shutdown.sh Using CATALINA_BASE: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_HOME: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14 Using CATALINA_TMPDIR: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/temp Using CATALINA_OUT: /root/Tomcat/apache-tomcat-4.1.34-LE-jdk14/logs/catalina.out Using JAVA_HOME: /usr/java/j2sdk1.4.2_14 Catalina.stop: java.net.ConnectException: Connection refused java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at java.net.Socket.connect(Socket.java:464) at java.net.Socket.connect(Socket.java:414) at java.net.Socket.(Socket.java:310) at java.net.Socket.(Socket.java:125) at org.apache.catalina.startup.Catalina.stop(Catalina.java:527) at org.apache.catalina.startup.Catalina.execute(Catalina.java:347) at org.apache.catalina.startup.Catalina.process(Catalina.java:129) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:150) manickam:~ # Also I was not able to browse the Apache tomcat page using the url "http://localhost:8080/";. It brings the Oracle Page. Any ideas how I can resolve the problem Thanks in advance, Senthil. - Did you know? You can CHAT without downloading messenger. Click here
Re: mod_jk error detection
Hi, good questions. First of all: I just today wrote a new docs page about timeouts. We are soon releasing 1.2.24 which contains this page. You can already look at it under http://people.apache.org/~rjung/mod_jk-dev/docs/ (The new page is named "Timeouts" and part of the group Generic Howtos. Also the new docs contain a better explanation, what retries means, especially the huge difference between retries for an lb worker and a usual worker. This info is on the updated workers.properties page in the reference guide. With these settings how could I expect the connector to behave if: 1. Tomcat dies and the port is no longer listening resulting in an immediate icmp response. I would expect, that any attempt to use an existing connection or to open a new one immediately returns with an error, because the remote machine rejects the communication. Further JK behaviour is now depending if you are using a load balancer or not. Se retries etc. in the updated docs. 2. The box hosting tomcat dies or the tcp stack for whatever reason tanks resulting in no immediate icmp response. As long as your local system or the last router still has an arp entry for the died machine, you will run into very long TCP timeouts. We recommend CPing/CPong, see the new Timeouts page. 3. The connector does make a successful connection to the backend tomcat worker only to have that worker become slow and almost unresponsive. You should use CPing/CPong and reply timeouts. See again the new Timeouts page. If you don't use an lb, the best you can do is throwing an error early, such that the rest of the infrastructure doesnt get congested. Are there more directives I should be concerned with? Currently, I have no intentions on monitoring the http response status codes to detect errors. Look at the new page and look at the workers.properties page of the reference guide. Use a load balancing worker, set recovery_options etc. HTH. Regards, Rainer P.S.: If you have suggestions how to improve the new page: it's not public yet. If you are fast enough, we can include those changes. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat-4.1 & kaffe; IllegalArgumentException: Attribute must be readable or writable
> From: Craig Skinner [mailto:[EMAIL PROTECTED] > Subject: Re: tomcat-4.1 & kaffe; IllegalArgumentException: > Attribute must be readable or writable > > Not an option: Sun does not release a JKD for BSD. If you can upgrade to Tomcat 5.5, you only need a JRE, not a JDK, and there are Linux-compatible JREs downloadable from Sun. Actually, even with Tomcat 4.1, the only part of the JDK that's needed for Tomcat is the javac classes from tools.jar, which are all pure Java and can be used independently of the rest of the JDK. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-4.1 & kaffe; IllegalArgumentException: Attribute must be readable or writable
On Wed, Jul 25, 2007 at 09:06:39AM -0500, Caldarale, Charles R wrote: > > From: Craig Skinner [mailto:[EMAIL PROTECTED] > > Subject: tomcat-4.1 & kaffe; IllegalArgumentException: > > Attribute must be readable or writable > > > > I have a bog standard tomcat-4.1 & kaffe install on OpenBSD 4.0 i386. > > What happens when you use a real JVM? > Not an option: Sun does not release a JKD for BSD. It is possible to build one (after much patching) on a much more powerfull box than I have :-( About a year ago I had Debian, Sun 1.5 JDK & Tomcat 5 on this box; JSPs took a few seconds to compile, but then they flew out the NIC faster than PHPs. So, I don't think that the hardware is too puny to run the app, just not man enough to build a JKD. I'm hoping that Sun does eventually open its JDK so that binary install is possible, & hence tomcat 5. Any other ideas? Need my /etc/tomcat/catalina.policy file? It is a bog standard install, no web apps yet. Thanks. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: COMET with Tomcat 6.0.13 causes 405 Error
your servlet must implement the CometProcessor interface Filip FelixG wrote: Hi everyone, I am trying to get the Adv. IO feature of Tomcat 6.0.13 (running on a sparc sun solaris 8 with JDK6) working. After searching the mailing-lists I changed the connector in server.xml to use the NioProtocol: But I kept on getting the "HTTP method GET is not supported by this URL" error message. After logging I saw that only init() from the servlet (I tried also several examples from the net) is executed but nothing else. Are there other adjustments I could make to get event() invoked? Best Regards, felix - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat "virtuelle server"
> From: Kristian Rink [mailto:[EMAIL PROTECTED] > Subject: Re: Tomcat "virtuelle server" > > [Natursprung <[EMAIL PROTECTED]> @ Wed, 25 Jul 2007 11:14:16 > +0200] > ... > > i want redirect 2 different DNS-names to one Tomcat on one > server. The > > DNS-names has 2 different destinations inside the webapps-directory. > > We can´t not insert the whole path in the dns, so i need a other > > sulution for my problem. > ... > > I'd go for using apache2 for doing the virtual host stuff and mod_jk > for linking it to your tomcat installation, this should make your > desired setup rather straightforward. There's no reason to add the complexity of httpd to do this. All you need is two elements in Tomcat's conf/server.xml, one for each registered DNS name. Each element should have a unique value for its appBase attribute, pointing to separate web application directories for each. Name the default application ROOT for each and you're done. No extra components to install, configure, and maintain. Look here for the full doc: http://tomcat.apache.org/tomcat-5.5-doc/config/host.html http://tomcat.apache.org/tomcat-6.0-doc/config/host.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat-4.1 & kaffe; IllegalArgumentException: Attribute must be readable or writable
> From: Craig Skinner [mailto:[EMAIL PROTECTED] > Subject: tomcat-4.1 & kaffe; IllegalArgumentException: > Attribute must be readable or writable > > I have a bog standard tomcat-4.1 & kaffe install on OpenBSD 4.0 i386. What happens when you use a real JVM? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Bean and Servlet
> From: Mohammed Zabin [mailto:[EMAIL PROTECTED] > Subject: Re: Bean and Servlet > > I will tell you the procedure; At each time the user clickes > the first page in the site, a random numbers will be generated > and stored in the session. You're missing the point. The user may click multiple times before the first request is even received by the webapp, or the browser may simply fire off multiple parallel requests, or the user may open multiple tabs for the same web site. All of the above will result in multiple concurrent requests occurring for the same session. Does your logic handle that properly? The code snippet you posted does not. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk error detection
I am installing mod_jk 1.2.23 in a load balancing configuration between apache 2.0.52 and tomcat 5.0.28. I am trying to understand how the mod_jk error detection actually works. In the documentation "socket_timeout" directive defaults to zero (infinite waiting) but the "retries" directive defaults to two. With these settings how could I expect the connector to behave if: 1. Tomcat dies and the port is no longer listening resulting in an immediate icmp response. 2. The box hosting tomcat dies or the tcp stack for whatever reason tanks resulting in no immediate icmp response. 3. The connector does make a successful connection to the backend tomcat worker only to have that worker become slow and almost unresponsive. Are there more directives I should be concerned with? Currently, I have no intentions on monitoring the http response status codes to detect errors. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: change context path with mod_jk
If you are using Apache httpd as the web server, have a look at mod_rewrite. Regards, Rainer Christian Schleif wrote: Hi, I'm searching for a solution to mount a web app e.g. example.org:8080/webapp to webapp.example.org I know how to mount it like example.org/webapp or webapp.example.org/webap, but how can I change the contextpath for this domain. Just changing the context path of webapp will not fit the problem, because I have more than one app, which schould be reachable over a sub domain. regards, christian - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Half rendered pages with mod_jk and libtcnative
On 7/25/07, Rainer Jung <[EMAIL PROTECTED]> wrote: Concerning tc-native: you might try version 1.1.10, which is available as a separate download. Are there aditional log messages in the jk log? There were no additional logs and in most cases was failing silently. I've just tried out 1.1.10 and it seems to have fixed the problem. Many thanks for pointing out that a separate release exists. Regards, Tom Tom wrote: > Hello, > > We've been having problems where half complete pages are being returned > from > an Apache2-->mod_jk-->Tomcat setup when the native Apache Tomcat libraries > are used. > > The problem is easily reproducible with large pages where the content is > stopped at random points. Sometimes mod_jk detects a problem a reports: > > [Wed Jul 25 11:18:38 2007] [21823:56208] [error] > ajp_get_reply::jk_ajp_common.c (1618): (worker1) Tomcat is down or network > problems. Part of the response has already been sent to the client > > In this situation we end up with a page within a page as mod_jk retries the > request. More often than not though there are no problems logged. > > The Tomcat and Apache2 servers are both running on the same machine. I've > recreated an environment with pretty much out-of-the-box settings using: > > Apache (mpm-worker) 2.2.4 > mod_jk 1.2.23 > libapr 1.2.7 > Tomcat 5.5.23 (libtcnative compiled from same archive) > Java 1.5.0_09 > > Making a request directly to the http connector with native libraries > works. > Disabling the native libraries is our current workaround. > > I'm not sure how I might debug this issue further so would welcome any > help. > > Tom - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jasper Gobbling exceptions
On 11/07/07, Berglas, Anthony <[EMAIL PROTECTED]> wrote: When I call a JSP directly via web.xml exceptions provide a number of "root cause" stack traces the second or third of which indicates what the exception actually was and, with some deciphering, which .tag file generated it. The trace is shown on both the form and Tomcat standard output, which is handy. However when I call the JSP from a Servlet only the first, useless, JasperException is displayed. On has to go to the Tomcat log to see the real exception. This happens regardless of whether .forward or .include is used. Is it possible to invoke the JSP via the servelet and still get the underlying exception? (Would be handy during development.) Could you set an error page on the JSP? This could then output the full exception chain. Rob - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
change context path with mod_jk
Hi, I'm searching for a solution to mount a web app e.g. example.org:8080/webapp to webapp.example.org I know how to mount it like example.org/webapp or webapp.example.org/webap, but how can I change the contextpath for this domain. Just changing the context path of webapp will not fit the problem, because I have more than one app, which schould be reachable over a sub domain. regards, christian - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: COMET with Tomcat 6.0.13 causes 405 Error
Check to make sure that it's really running the Http11NioProtocol, it should say so in the logs when tomcat starts. Furthermore, what kind of environment are your running in? Make sure that the CometProcessor class is not in your classpath twice, This can be caused by build tools which use your project classpath for your webapp; your webapp depends on catalina.jar (which contains CometProcessor), however if it's included in your webapp then tomcat's instanceof CometProcessor check fails, causing this error. (If using mvn, set your dependency scope of the tomcat jars to provided). Regards, Sebastiaan FelixG wrote: Hi everyone, I am trying to get the Adv. IO feature of Tomcat 6.0.13 (running on a sparc sun solaris 8 with JDK6) working. After searching the mailing-lists I changed the connector in server.xml to use the NioProtocol: But I kept on getting the "HTTP method GET is not supported by this URL" error message. After logging I saw that only init() from the servlet (I tried also several examples from the net) is executed but nothing else. Are there other adjustments I could make to get event() invoked? Best Regards, felix - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MySql Connector
Not sure ... you could take a look at
http://tomcat.apache.org/tomcat-5.5-doc/logging.html. Tomcat's always
provided a complete stack and cited the code in error for me without any
changes in logging config.
You could also post the complete jsp you are using for a test. See if
the error stands out to one of us on the list.
--David
Mohammed Zabin wrote:
I did this, but i think that there is an option to enable logging, do
u know
it?
On 7/25/07, David Smith <[EMAIL PROTECTED]> wrote:
I'm starting to think there's something really funny (ie broken) with
your tomcat install. Could you clean install another instance of tomcat
(preferably downloaded from the tomcat website) and check the code
there?
--David
Mohammed Zabin wrote:
> This is all the exception message, I looked inside logs folder, i
> found an
> empty file, it continas nothing :~
>
> On 7/25/07, David Smith <[EMAIL PROTECTED]> wrote:
>>
>> Your stack trace appears to be incomplete. Could you post more? It
>> appears to be a compile error and should cite the code in question.
>>
>> --David
>>
>> Mohammed Zabin wrote:
>> > For test purposes, i have wrote the following code as a java
program
>> > and it
>> > worked fine, but when I tried it in a jsp page i got the following
>> error:
>> >
>> > Class.forName("com.mysql.jdbc.Driver");
>> > String url = "jdbc:mysql://localhost:3306/exam";
>> > Connection con = DriverManager.getConnection(url,"root", "exam");
>> > Statement stmt = con.createStatement();
>> > ResultSet rs = stmt.executeQuery("Select type from questions");
>> >
>> > while( rs.next() ) {
>> > System.out.println( rs.getString("type") );
>> > }
>> >
>> >
>> > org.apache.jasper.JasperException: Unable to compile class for JSP:
>> >
>> >
>> >
>> > Stacktrace:
>> > org.apache.jasper.compiler.DefaultErrorHandler.javacError(
>> DefaultErrorHandler.java:85)
>> >
>> > org.apache.jasper.compiler.ErrorDispatcher.javacError(
>> ErrorDispatcher.java:330)
>> >
>> > org.apache.jasper.compiler.JDTCompiler.generateClass(
>> JDTCompiler.java:415)
>> >
>> > org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
>> > org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
>> > org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
>> > org.apache.jasper.JspCompilationContext.compile(
>> JspCompilationContext.java:566)
>> >
>> > org.apache.jasper.servlet.JspServletWrapper.service(
>> JspServletWrapper.java:308)
>> >
>> >
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
>> :320)
>> >
>> >
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
>> > javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >
>> >
>> >
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Half rendered pages with mod_jk and libtcnative
Concerning the nested pages: have a look at the worker attribute recovery_options on http://tomcat.apache.org/connectors-doc/reference/workers.html You might like to set this to "3" or "7". Concerning tc-native: you might try version 1.1.10, which is available as a separate download. Are there aditional log messages in the jk log? Regards, Rainer Tom wrote: Hello, We've been having problems where half complete pages are being returned from an Apache2-->mod_jk-->Tomcat setup when the native Apache Tomcat libraries are used. The problem is easily reproducible with large pages where the content is stopped at random points. Sometimes mod_jk detects a problem a reports: [Wed Jul 25 11:18:38 2007] [21823:56208] [error] ajp_get_reply::jk_ajp_common.c (1618): (worker1) Tomcat is down or network problems. Part of the response has already been sent to the client In this situation we end up with a page within a page as mod_jk retries the request. More often than not though there are no problems logged. The Tomcat and Apache2 servers are both running on the same machine. I've recreated an environment with pretty much out-of-the-box settings using: Apache (mpm-worker) 2.2.4 mod_jk 1.2.23 libapr 1.2.7 Tomcat 5.5.23 (libtcnative compiled from same archive) Java 1.5.0_09 Making a request directly to the http connector with native libraries works. Disabling the native libraries is our current workaround. I'm not sure how I might debug this issue further so would welcome any help. Tom - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write custom valve?
Doug, I have never tried this, so as usual, I guessing here. I dont think you are going to come right with the standard valves, nor do I think you should try make a custom valve. Rather look at filters, they not much more difficult to make than a normal servlet, and you will find tons of stuff on the web, maybe the very thing you looking for. If you use netbeans, there is a standard project wizard that will get you going with a filter. The concept is interesting, and I'm thinking that you cant really protect the web pages with standard security, because if you do, I think that will kick in even before the filter gets a chance to look at it. Maybe other guys can think of another way, but I think that the pages will have to be protected by the filter, not by standard Web.xml configuration. So... luv this guessing stuff ;) I think you effectively have to make one web page as your realm log on page, only this page you protect with the standard realm web.xml stuff. The rest are unprotected. Then your filter logic is something like this If the IP or Host name is allowed let it through If its not allowed check the username because if the user is authenticated, there will be one if username let it through else if user name is null, redirect to logon page. Filters are a really nice things to learn, and I dont think its too difficult but I just wanted to warn you, that the filter will not be able to intercept realm security, rather it has to take over that function. So if the access is simple like if they can get into that login page, then they can go anywhere its easy, but if you have a site where some people can go some places and not others, then you going to find yourself rebuilding tomcats realm security roles... a lot of work... or doing something like setting a session variable that a pages has to check ie A,B and C users are allowed in here... ie if you need to filter pages on roles, the fun really starts. So think about it, because I think the devil is in the details, and in the end it may be easier to just make everyone log on. From a philosophical point of view... I dont think one should use ip filters to allow access... its not good security. So if you have a lazy boss that doesn't want to type in a password, and his IP must go thru, tell him he's a security risk, on the other hand if its a customer that wants that, with a big wallet... its probably ok;) I think everyone should log on, and that getting too far away from the standard security could get very tricky I think those valves are more intended to simply ban people that have become a pain in the behind, never to let the privileged through. Have fun From: "Doug Black" <[EMAIL PROTECTED]> How can I best pass ips allowed by a valve to pass through to my application while forcing ips that are denied to log in through a realm? The only possible behavior I can detect of either RemoteAddrValve or RemoteHostValve is to force requests through the IP or host filter and also through the user realm for the context. Do I have to write a custom valve java class? How hard is this for an intermediate Java writer? Any tips on how to do this? I apologize that I submitted essentially the same question a couple days ago, but I got no responses so I thought I'd try with a less verbose phrasing. Thanks, Doug - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: WebDav - mapping question?
Hi Johnny, As far as i know, tomcat/webdav is just a simple webdav implementation that allow access to local file system. Slide webdav is file server that provide a webdav interface. It does not store the submitted file as plain file on server, but on stores (typically a database) that includes documents binding, access control, revisions, metadatas. It also provides a quite undocumented api to access documents from within your java code and a webdav client API. Johnny Kewl a écrit : > David, just wondering I see you Jakarta, Slide is probably your > project... > I had a quick look, looks like a webdav, come file server. > Tomcat is Jakarta right? so I'm just wondering why you guys dont > talk about a common webdav module ie a tomact user adds a few more > modules and gets slide, and webdav seems to be very much your thing, > ie you up on the specs, so I'm thinking, why have two development > efforts? ... just wondering > > - Original Message - From: "David Delbecq" <[EMAIL PROTECTED]> > To: "Tomcat Users List" > Sent: Tuesday, July 24, 2007 1:06 PM > Subject: Re: WebDav - mapping question? > > >> That's strange that MS doesn't handle it. As i said, i have a slide >> webdav servlet mapped to /DAV/* and MS webfolder can access it >> throught all our company without much troubles, even without a trailing >> slash. (there are slight troubles that are unrelated) >> Mark Thomas a écrit : >>> David Delbecq wrote: >>> Tomcat should not refuse webapp/webdav if you have a mapping to /webdav/*. It should at least dispatch to servlet mapped on /webdav/*. >>> >>> Tomcat doesn't reject requests of this type . For any directory >>> resource without a trailing '/' it will do a 302 redirect and add '/'. >>> The MS client doesn't seem to be able to handle the redirect. This is >>> probably the cause of the problem. I tried raising this with MS and >>> got nowhere. >>> >>> Because of where Tomcat does this redirect, I can't immediately see a >>> way around this. I'll have a think over the next few days. >>> >>> Mark >>> >>> >>> - >>> To start a new topic, e-mail: users@tomcat.apache.org >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >> >> - >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Half rendered pages with mod_jk and libtcnative
Hello, We've been having problems where half complete pages are being returned from an Apache2-->mod_jk-->Tomcat setup when the native Apache Tomcat libraries are used. The problem is easily reproducible with large pages where the content is stopped at random points. Sometimes mod_jk detects a problem a reports: [Wed Jul 25 11:18:38 2007] [21823:56208] [error] ajp_get_reply::jk_ajp_common.c (1618): (worker1) Tomcat is down or network problems. Part of the response has already been sent to the client In this situation we end up with a page within a page as mod_jk retries the request. More often than not though there are no problems logged. The Tomcat and Apache2 servers are both running on the same machine. I've recreated an environment with pretty much out-of-the-box settings using: Apache (mpm-worker) 2.2.4 mod_jk 1.2.23 libapr 1.2.7 Tomcat 5.5.23 (libtcnative compiled from same archive) Java 1.5.0_09 Making a request directly to the http connector with native libraries works. Disabling the native libraries is our current workaround. I'm not sure how I might debug this issue further so would welcome any help. Tom
Re: Tomcat "virtuelle server"
Hi there; [Natursprung <[EMAIL PROTECTED]> @ Wed, 25 Jul 2007 11:14:16 +0200] ... > i want redirect 2 different DNS-names to one Tomcat on one server. The > DNS-names has 2 different destinations inside the webapps-directory. > We can´t not insert the whole path in the dns, so i need a other > sulution for my problem. ... I'd go for using apache2 for doing the virtual host stuff and mod_jk for linking it to your tomcat installation, this should make your desired setup rather straightforward. In example, see here http://www.howtoforge.com/apache2_tomcat5_mod_jk for more. :) Cheers, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 "One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality." (Hundertwasser) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
COMET with Tomcat 6.0.13 causes 405 Error
Hi everyone, I am trying to get the Adv. IO feature of Tomcat 6.0.13 (running on a sparc sun solaris 8 with JDK6) working. After searching the mailing-lists I changed the connector in server.xml to use the NioProtocol: But I kept on getting the "HTTP method GET is not supported by this URL" error message. After logging I saw that only init() from the servlet (I tried also several examples from the net) is executed but nothing else. Are there other adjustments I could make to get event() invoked? Best Regards, felix -- View this message in context: http://www.nabble.com/COMET-with-Tomcat-6.0.13-causes-405-Error-tf4141233.html#a11779836 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MySql Connector
I did this, but i think that there is an option to enable logging, do u know
it?
On 7/25/07, David Smith <[EMAIL PROTECTED]> wrote:
I'm starting to think there's something really funny (ie broken) with
your tomcat install. Could you clean install another instance of tomcat
(preferably downloaded from the tomcat website) and check the code there?
--David
Mohammed Zabin wrote:
> This is all the exception message, I looked inside logs folder, i
> found an
> empty file, it continas nothing :~
>
> On 7/25/07, David Smith <[EMAIL PROTECTED]> wrote:
>>
>> Your stack trace appears to be incomplete. Could you post more? It
>> appears to be a compile error and should cite the code in question.
>>
>> --David
>>
>> Mohammed Zabin wrote:
>> > For test purposes, i have wrote the following code as a java program
>> > and it
>> > worked fine, but when I tried it in a jsp page i got the following
>> error:
>> >
>> > Class.forName("com.mysql.jdbc.Driver");
>> > String url = "jdbc:mysql://localhost:3306/exam";
>> > Connection con = DriverManager.getConnection(url,"root", "exam");
>> > Statement stmt = con.createStatement();
>> > ResultSet rs = stmt.executeQuery("Select type from questions");
>> >
>> > while( rs.next() ) {
>> > System.out.println( rs.getString("type") );
>> > }
>> >
>> >
>> > org.apache.jasper.JasperException: Unable to compile class for JSP:
>> >
>> >
>> >
>> > Stacktrace:
>> > org.apache.jasper.compiler.DefaultErrorHandler.javacError(
>> DefaultErrorHandler.java:85)
>> >
>> > org.apache.jasper.compiler.ErrorDispatcher.javacError(
>> ErrorDispatcher.java:330)
>> >
>> > org.apache.jasper.compiler.JDTCompiler.generateClass(
>> JDTCompiler.java:415)
>> >
>> > org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
>> > org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
>> > org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
>> > org.apache.jasper.JspCompilationContext.compile(
>> JspCompilationContext.java:566)
>> >
>> > org.apache.jasper.servlet.JspServletWrapper.service(
>> JspServletWrapper.java:308)
>> >
>> >
>> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
>> :320)
>> >
>> > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
>> > javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>> >
>> >
>> >
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: MySql Connector
I'm starting to think there's something really funny (ie broken) with
your tomcat install. Could you clean install another instance of tomcat
(preferably downloaded from the tomcat website) and check the code there?
--David
Mohammed Zabin wrote:
This is all the exception message, I looked inside logs folder, i
found an
empty file, it continas nothing :~
On 7/25/07, David Smith <[EMAIL PROTECTED]> wrote:
Your stack trace appears to be incomplete. Could you post more? It
appears to be a compile error and should cite the code in question.
--David
Mohammed Zabin wrote:
> For test purposes, i have wrote the following code as a java program
> and it
> worked fine, but when I tried it in a jsp page i got the following
error:
>
> Class.forName("com.mysql.jdbc.Driver");
> String url = "jdbc:mysql://localhost:3306/exam";
> Connection con = DriverManager.getConnection(url,"root", "exam");
> Statement stmt = con.createStatement();
> ResultSet rs = stmt.executeQuery("Select type from questions");
>
> while( rs.next() ) {
> System.out.println( rs.getString("type") );
> }
>
>
> org.apache.jasper.JasperException: Unable to compile class for JSP:
>
>
>
> Stacktrace:
> org.apache.jasper.compiler.DefaultErrorHandler.javacError(
DefaultErrorHandler.java:85)
>
> org.apache.jasper.compiler.ErrorDispatcher.javacError(
ErrorDispatcher.java:330)
>
> org.apache.jasper.compiler.JDTCompiler.generateClass(
JDTCompiler.java:415)
>
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
> org.apache.jasper.JspCompilationContext.compile(
JspCompilationContext.java:566)
>
> org.apache.jasper.servlet.JspServletWrapper.service(
JspServletWrapper.java:308)
>
>
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
:320)
>
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>
>
>
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: MySql Connector
This is all the exception message, I looked inside logs folder, i found an
empty file, it continas nothing :~
On 7/25/07, David Smith <[EMAIL PROTECTED]> wrote:
Your stack trace appears to be incomplete. Could you post more? It
appears to be a compile error and should cite the code in question.
--David
Mohammed Zabin wrote:
> For test purposes, i have wrote the following code as a java program
> and it
> worked fine, but when I tried it in a jsp page i got the following
error:
>
> Class.forName("com.mysql.jdbc.Driver");
> String url = "jdbc:mysql://localhost:3306/exam";
> Connection con = DriverManager.getConnection(url,"root", "exam");
> Statement stmt = con.createStatement();
> ResultSet rs = stmt.executeQuery("Select type from questions");
>
> while( rs.next() ) {
> System.out.println( rs.getString("type") );
> }
>
>
> org.apache.jasper.JasperException: Unable to compile class for JSP:
>
>
>
> Stacktrace:
> org.apache.jasper.compiler.DefaultErrorHandler.javacError(
DefaultErrorHandler.java:85)
>
> org.apache.jasper.compiler.ErrorDispatcher.javacError(
ErrorDispatcher.java:330)
>
> org.apache.jasper.compiler.JDTCompiler.generateClass(
JDTCompiler.java:415)
>
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
> org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
> org.apache.jasper.JspCompilationContext.compile(
JspCompilationContext.java:566)
>
> org.apache.jasper.servlet.JspServletWrapper.service(
JspServletWrapper.java:308)
>
> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
:320)
>
> org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
>
>
>
> On 7/25/07, Mohammed Zabin <[EMAIL PROTECTED]> wrote:
>>
>> In cotrast, i have installed Oracle and worked very well, but MySql
>> didn't
>> work with me. I am using Connecter/J from MySql website, the beta
>> version, I
>> put the jar file in the CATALINA_HOME/lib, and i add it to the
>> CLASSPATH.
>> and I followed the instructions provided in Tomcat documentation,
>> exactly,
>> Didn't work :(
>>
>> On 7/24/07, David Smith <[EMAIL PROTECTED]> wrote:
>> >
>> > I've never dealt with Oracle but have done a lot of MySQL installs
>> > without a single failure. Your config outside of the web.xml doesn't
>> > look wrong in any way.
>> >
>> > You might want to put the block in your web.xml as
>> > described in the how-to's. It doesn't hurt and is part of the
servlet
>> > spec.
>> >
>> > --David
>> >
>> >
>> > Mohammed Zabin wrote:
>> >
>> > > No, the same error, You know what David?? I put nothing in
>> web.xml, I
>> > am
>> > > confused about this issue, when to use web.xml, and it might be the
>> > > reason
>> > > behind the unsuccessfull MySql Connection, I follow the same
>> procedure
>> > I
>> > > followed to configure Oracle DBCP, I think it must work for MySql,
>> > right?
>> > >
>> > > On 7/24/07, David Smith <[EMAIL PROTECTED]> wrote:
>> > >
>> > >>
>> > >> Try this variant of your code:
>> > >>
>> > >> Context initContext = new InitialContext();
>> > >> DataSource ds =
>> > >> (DataSource)initContext.lookup("java:comp/env/jdbc/TestMySql");
>> > >> Connection conn = ds.getConnection ();
>> > >>
>> > >> out.println("Connection Established");
>> > >>
>> > >> Essentially when you lookup java:comp/env/jdbc/TestMySql, that's
>> the
>> > >> full JNDI path to the DataSource and returns a DataSource type
>> > object,
>> > >> not a Context type object.
>> > >>
>> > >> --David
>> > >>
>> > >> Mohammed Zabin wrote:
>> > >>
>> > >> > Ok thank you, I did the following as you have stated:
>> > >> >
>> > >> > 1. in server.xml:
>> > >> > > > >> > type="javax.sql.DataSource"
>> > >> > maxActive="100" maxIdle="30" maxWait="1"
>> > >> > username="root" password="exam"
>> driverClassName="
>> > >> > com.mysql.jdbc.Driver"
>> > >> > url="jdbc:mysql://localhost:3306/exam"/>
>> > >> > 2. in context.xml
>> > >> > > type="
>> > >> > javax.sql.DataSource"/>
>> > >> >
>> > >> > 3. in my test page:
>> > >> > Context initContext = new InitialContext();
>> > >> > Context envContext =
>> > >> > (Context)initContext.lookup("java:comp/env/jdbc/TestMySql");
>> > >> > DataSource ds =
(DataSource)envContext.lookup("jdbc/TestMySql");
>> > >> > Connection conn = ds.getConnection();
>> > >> >
>> > >> > out.println("Connection Established");
>> > >> > And i put nothing in web.xml, I have the following error:
>> > >> >
>> > >> > org.apache.jasper.JasperException: Unable to compile class for
>> JSP:
>> > >> >
>> > >> >
>> > >> >
>> > >> > Stacktrace:
>> > >> > org.apache.jasper.compiler.DefaultErrorHandler.javacError (
>> > >> DefaultErrorHandler.java:85)
>> > >> >
>> > >> > org.apache.jasper.compiler.ErrorDispatcher.javacError(
>> > >> ErrorDispatcher.java:330)
>> > >> >
>> > >> > o
Re: FW: unsubscribe
David Smith wrote: Matt Hanger wrote: please remove this address - I've had no success with the blank email to [EMAIL PROTECTED] Please post this request to user-owner (at) tomcat.apache.org. One of the list owners will be happy to take care of this for you. Ooops... it should be users-owner (at) tomcat.apache.org. ---David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: FW: unsubscribe
Matt Hanger wrote: please remove this address - I've had no success with the blank email to [EMAIL PROTECTED] Please post this request to user-owner (at) tomcat.apache.org. One of the list owners will be happy to take care of this for you. --David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MySql Connector
Your stack trace appears to be incomplete. Could you post more? It
appears to be a compile error and should cite the code in question.
--David
Mohammed Zabin wrote:
For test purposes, i have wrote the following code as a java program
and it
worked fine, but when I tried it in a jsp page i got the following error:
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/exam";
Connection con = DriverManager.getConnection(url,"root", "exam");
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("Select type from questions");
while( rs.next() ) {
System.out.println( rs.getString("type") );
}
org.apache.jasper.JasperException: Unable to compile class for JSP:
Stacktrace:
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:85)
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330)
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:415)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:566)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:308)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
On 7/25/07, Mohammed Zabin <[EMAIL PROTECTED]> wrote:
In cotrast, i have installed Oracle and worked very well, but MySql
didn't
work with me. I am using Connecter/J from MySql website, the beta
version, I
put the jar file in the CATALINA_HOME/lib, and i add it to the
CLASSPATH.
and I followed the instructions provided in Tomcat documentation,
exactly,
Didn't work :(
On 7/24/07, David Smith <[EMAIL PROTECTED]> wrote:
>
> I've never dealt with Oracle but have done a lot of MySQL installs
> without a single failure. Your config outside of the web.xml doesn't
> look wrong in any way.
>
> You might want to put the block in your web.xml as
> described in the how-to's. It doesn't hurt and is part of the servlet
> spec.
>
> --David
>
>
> Mohammed Zabin wrote:
>
> > No, the same error, You know what David?? I put nothing in
web.xml, I
> am
> > confused about this issue, when to use web.xml, and it might be the
> > reason
> > behind the unsuccessfull MySql Connection, I follow the same
procedure
> I
> > followed to configure Oracle DBCP, I think it must work for MySql,
> right?
> >
> > On 7/24/07, David Smith <[EMAIL PROTECTED]> wrote:
> >
> >>
> >> Try this variant of your code:
> >>
> >> Context initContext = new InitialContext();
> >> DataSource ds =
> >> (DataSource)initContext.lookup("java:comp/env/jdbc/TestMySql");
> >> Connection conn = ds.getConnection ();
> >>
> >> out.println("Connection Established");
> >>
> >> Essentially when you lookup java:comp/env/jdbc/TestMySql, that's
the
> >> full JNDI path to the DataSource and returns a DataSource type
> object,
> >> not a Context type object.
> >>
> >> --David
> >>
> >> Mohammed Zabin wrote:
> >>
> >> > Ok thank you, I did the following as you have stated:
> >> >
> >> > 1. in server.xml:
> >> > >> > type="javax.sql.DataSource"
> >> > maxActive="100" maxIdle="30" maxWait="1"
> >> > username="root" password="exam"
driverClassName="
> >> > com.mysql.jdbc.Driver"
> >> > url="jdbc:mysql://localhost:3306/exam"/>
> >> > 2. in context.xml
> >> > type="
> >> > javax.sql.DataSource"/>
> >> >
> >> > 3. in my test page:
> >> > Context initContext = new InitialContext();
> >> > Context envContext =
> >> > (Context)initContext.lookup("java:comp/env/jdbc/TestMySql");
> >> > DataSource ds = (DataSource)envContext.lookup("jdbc/TestMySql");
> >> > Connection conn = ds.getConnection();
> >> >
> >> > out.println("Connection Established");
> >> > And i put nothing in web.xml, I have the following error:
> >> >
> >> > org.apache.jasper.JasperException: Unable to compile class for
JSP:
> >> >
> >> >
> >> >
> >> > Stacktrace:
> >> > org.apache.jasper.compiler.DefaultErrorHandler.javacError (
> >> DefaultErrorHandler.java:85)
> >> >
> >> > org.apache.jasper.compiler.ErrorDispatcher.javacError(
> >> ErrorDispatcher.java:330)
> >> >
> >> > org.apache.jasper.compiler.JDTCompiler.generateClass (
> >> JDTCompiler.java:415)
> >> >
> >> >
org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
> >> >
org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
> >> >
org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
> >> > org.apache.jasper.JspCompilationContext.compile(
> >> JspCompilationContext.java:566)
> >> >
> >> > org.apache.jasper.servlet.JspServletWrapper.service(
> >> JspServle
Tomcat "virtuelle server"
Hi there, i have a problem with a "virtuall Server" on Tomcat i want redirect 2 different DNS-names to one Tomcat on one server. The DNS-names has 2 different destinations inside the webapps-directory. We can´t not insert the whole path in the dns, so i need a other sulution for my problem. thx for your help Andi
Re: KLUDGE: WebDav - mapping question?
Guys I like this so much, I couldnt wait for a patch, or possible fix. The problem with the above KLUDGE is that the fix is internal to TC, and if you try incorporate it, you will find you have to pull in half of Tomcats jars to make it work. Its never a good idea to include those jars directly in a web-app. So I created an independent library (only 40kb) with the microsoft campatibilty fix. You can get it at http://coolese.100free.com/ Download Webdav Placebo So... now the TC guys can test it quickly, and if you would like to use Microsofts built in Webdav clients with Tomcat this is great! Have fun - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MySql Connector
For test purposes, i have wrote the following code as a java program and it
worked fine, but when I tried it in a jsp page i got the following error:
Class.forName("com.mysql.jdbc.Driver");
String url = "jdbc:mysql://localhost:3306/exam";
Connection con = DriverManager.getConnection(url,"root", "exam");
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("Select type from questions");
while( rs.next() ) {
System.out.println( rs.getString("type") );
}
org.apache.jasper.JasperException: Unable to compile class for JSP:
Stacktrace:
org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandler.java:85)
org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:330)
org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:415)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:566)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:308)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
On 7/25/07, Mohammed Zabin <[EMAIL PROTECTED]> wrote:
In cotrast, i have installed Oracle and worked very well, but MySql didn't
work with me. I am using Connecter/J from MySql website, the beta version, I
put the jar file in the CATALINA_HOME/lib, and i add it to the CLASSPATH.
and I followed the instructions provided in Tomcat documentation, exactly,
Didn't work :(
On 7/24/07, David Smith <[EMAIL PROTECTED]> wrote:
>
> I've never dealt with Oracle but have done a lot of MySQL installs
> without a single failure. Your config outside of the web.xml doesn't
> look wrong in any way.
>
> You might want to put the block in your web.xml as
> described in the how-to's. It doesn't hurt and is part of the servlet
> spec.
>
> --David
>
>
> Mohammed Zabin wrote:
>
> > No, the same error, You know what David?? I put nothing in web.xml, I
> am
> > confused about this issue, when to use web.xml, and it might be the
> > reason
> > behind the unsuccessfull MySql Connection, I follow the same procedure
> I
> > followed to configure Oracle DBCP, I think it must work for MySql,
> right?
> >
> > On 7/24/07, David Smith <[EMAIL PROTECTED]> wrote:
> >
> >>
> >> Try this variant of your code:
> >>
> >> Context initContext = new InitialContext();
> >> DataSource ds =
> >> (DataSource)initContext.lookup("java:comp/env/jdbc/TestMySql");
> >> Connection conn = ds.getConnection ();
> >>
> >> out.println("Connection Established");
> >>
> >> Essentially when you lookup java:comp/env/jdbc/TestMySql, that's the
> >> full JNDI path to the DataSource and returns a DataSource type
> object,
> >> not a Context type object.
> >>
> >> --David
> >>
> >> Mohammed Zabin wrote:
> >>
> >> > Ok thank you, I did the following as you have stated:
> >> >
> >> > 1. in server.xml:
> >> > >> > type="javax.sql.DataSource"
> >> > maxActive="100" maxIdle="30" maxWait="1"
> >> > username="root" password="exam" driverClassName="
> >> > com.mysql.jdbc.Driver"
> >> > url="jdbc:mysql://localhost:3306/exam"/>
> >> > 2. in context.xml
> >> >
> >> >
> >> > 3. in my test page:
> >> > Context initContext = new InitialContext();
> >> > Context envContext =
> >> > (Context)initContext.lookup("java:comp/env/jdbc/TestMySql");
> >> > DataSource ds = (DataSource)envContext.lookup("jdbc/TestMySql");
> >> > Connection conn = ds.getConnection();
> >> >
> >> > out.println("Connection Established");
> >> > And i put nothing in web.xml, I have the following error:
> >> >
> >> > org.apache.jasper.JasperException: Unable to compile class for JSP:
> >> >
> >> >
> >> >
> >> > Stacktrace:
> >> > org.apache.jasper.compiler.DefaultErrorHandler.javacError (
> >> DefaultErrorHandler.java:85)
> >> >
> >> > org.apache.jasper.compiler.ErrorDispatcher.javacError(
> >> ErrorDispatcher.java:330)
> >> >
> >> > org.apache.jasper.compiler.JDTCompiler.generateClass (
> >> JDTCompiler.java:415)
> >> >
> >> > org.apache.jasper.compiler.Compiler.compile(Compiler.java:308)
> >> > org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
> >> > org.apache.jasper.compiler.Compiler.compile(Compiler.java:273)
> >> > org.apache.jasper.JspCompilationContext.compile(
> >> JspCompilationContext.java:566)
> >> >
> >> > org.apache.jasper.servlet.JspServletWrapper.service(
> >> JspServletWrapper.java:308)
> >> >
> >> >
> >> org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
> >> :320)
> >> >
> >> > org.apache.jasper.servlet.JspServlet.service(JspServlet.jav
tomcat-4.1 & kaffe; IllegalArgumentException: Attribute must be readable or writable
I have a bog standard tomcat-4.1 & kaffe install on OpenBSD 4.0 i386. dmesg head shows that the box has little memory, JAVA_OPTS tuned to suit. Getting this exception (no search engine hits) as below, then tomcat bails out, any pointers? (I fiddled about in catalina.policy with attributes, but no joy): $ more catalina.out 2007 7 21 12:56:20 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 ServerLifecycleListener: createMBeans: Throwable javax.management.RuntimeOperationsException: nested exception is java.lang.IllegalArgumentException: Attribute must be readable or writable java.lang.IllegalArgumentException: Attribute must be readable or writable at javax.management.MBeanAttributeInfo. (MBeanAttributeInfo.java:60) at javax.management.modelmbean.ModelMBeanAttributeInfo. (ModelMBeanAttributeInfo.java:50) at javax.management.modelmbean.ModelMBeanAttributeInfo. (ModelMBeanAttributeInfo.java:45) at org.apache.commons.modeler.AttributeInfo.createAttributeInfo (AttributeInfo.java:283) at org.apache.commons.modeler.ManagedBean.createMBeanInfo (ManagedBean.java:464) at org.apache.commons.modeler.ManagedBean.createMBean (ManagedBean.java:424) at org.apache.catalina.mbeans.MBeanUtils.createMBean (MBeanUtils.java:657) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans (ServerLifecycleListener.java:759) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans (ServerLifecycleListener.java:325) at org.apache.catalina.mbeans.ServerLifecycleListener.lifecycleEvent (ServerLifecycleListener.java:179) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent (LifecycleSupport.java:119) at org.apache.catalina.core.StandardServer.start (StandardServer.java:2136) at org.apache.catalina.startup.Catalina.start (Catalina.java:463) at org.apache.catalina.startup.Catalina.execute (Catalina.java:350) at org.apache.catalina.startup.Catalina.process (Catalina.java:129) at java.lang.reflect.Method.invoke0 (Method.java) at java.lang.reflect.Method.invoke (Method.java:255) at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:156) GlobalResourcesLifecycleListener: Exception creating UserDatabase MBeans for UserDatabase javax.management.RuntimeOperationsException: nested exception is java.lang.IllegalArgumentException: Attribute must be readable or writable java.lang.IllegalArgumentException: Attribute must be readable or writable at javax.management.MBeanAttributeInfo. (MBeanAttributeInfo.java:60) at javax.management.modelmbean.ModelMBeanAttributeInfo. (ModelMBeanAttributeInfo.java:50) at javax.management.modelmbean.ModelMBeanAttributeInfo. (ModelMBeanAttributeInfo.java:45) at org.apache.commons.modeler.AttributeInfo.createAttributeInfo (AttributeInfo.java:283) at org.apache.commons.modeler.ManagedBean.createMBeanInfo (ManagedBean.java:464) at org.apache.commons.modeler.ManagedBean.createMBean (ManagedBean.java:424) at org.apache.catalina.mbeans.MBeanUtils.createMBean (MBeanUtils.java:741) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans (GlobalResourcesLifecycleListener.java:214) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans (GlobalResourcesLifecycleListener.java:176) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans (GlobalResourcesLifecycleListener.java:134) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent (GlobalResourcesLifecycleListener.java:102) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent (LifecycleSupport.java:119) at org.apache.catalina.core.StandardServer.start (StandardServer.java:2136) at org.apache.catalina.startup.Catalina.start (Catalina.java:463) at org.apache.catalina.startup.Catalina.execute (Catalina.java:350) at org.apache.catalina.startup.Catalina.process (Catalina.java:129) at java.lang.reflect.Method.invoke0 (Method.java) at java.lang.reflect.Method.invoke (Method.java:255) at org.apache.catalina.startup.Bootstrap.main (Bootstrap.java:156) Starting service Tomcat-Standalone Apache Tomcat/4.1.31 Catalina.start: LifecycleException: Context startup failed due to previous errors LifecycleException: Context startup failed due to previous errors at org.apache.catalina.core.StandardContext.start (StandardContext.java:3578) at org.apache.catalina.core.ContainerBase.start (ContainerBase.java:1141) at org.apache.catalina.core.StandardHost.start (StandardHost.java:707) at org.apache.catalina.core.ContainerBase.start (ContainerBase.java:1141) at org.apache.catalina.core.StandardEngine.start (StandardEngine.java:316) at org.apache.catalina.core.StandardService.start (StandardService.java:450) at org.apache.catalina.core.StandardServer.start (StandardServer.java:2143) at org.apache.catalina.startup.Catalina.start (Catalina.java:463) at org.apache.catalin
