Re: ClientAbortException / Broken Pipe?!
Frank; first off, thanks a load for your reply, much appreciated. [Frank W. Zammetti [EMAIL PROTECTED] @ Tue, 14 Aug 2007 11:02:42 -0400 (EDT)] Have you noticed if this affects IE users and Firefox users equally? I ask because there's a known issue (that I've never seen an actual answer to) where IE causes these exceptions frequently with no ill effect to anything (other than the overhead of handling the exception in the VM on the server). I am not sure on that, gonna check that in order to see whether or not you're about to get your box of donuts. ;) However, seriously this is a rather bad thing as I am convinced most of our users to possibly make use of a default web browser on their system, having no idea what a browser is, at all... On the other side, having the file transmission terminated / corrupted surely isn't what I would call no ill effect... ;) Does anyone have a smart idea how to compensate for this issue? Thanks in advance and best regards, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality. (Hundertwasser) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat memory realms tomcat-users.xml
Hi all I'm developing a web service with xFire 1.2.3 / tomcat 5.5.23 / Java 1.6.0_01, and we need to authenticate access by client applications coming in over SOAP. We're looking at using the tomcat-users.xml file to store user/pwd/role data until the customers Single Sign-On service is ready (which will be when pigs fly, if it keeps going as it has). The application will be deployed internally so we don't need any SSL or digest authentication, we're looking at simple HTTP BASIC or SOAP headers for the client to pass through their auth details. The complication is that we want to allow default access as well as authenticated access, and authenticate against the tomcat-users file. eg - un-authenticated clients can still access the web service url, but get a public role, and authenticated clients get a privileged role. I'm thinking we might be able to do part of that with the following tomcat-users.xml config by having an empty user declaration: tomcat-usersc role rolename=privileged/ user name= password= roles=PUBLIC / user name=priv_user1 password=tomcat roles=privileged / /tomcat-users The question is how to authenticate against the tomcat-user database? I've read the tomcat docs on memory realm: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm, and I want to expose the org.apache.catalina.UserDatabase class to the web service context via a ResourceLink I'd like to be able to authenticate users without having to add a security-constraint to my web.xml, so that unauthenticated clients can still connect. Am I on the right track? Or is there a much easier way than what I'm trying to do... thanks! -- * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Problem with Apache/Tomcat/WebDAV/Alfresco
I installed the latest Apache and mod_jk and it works perfectly now. -Ursprüngliche Nachricht- Von: Frank Gerlach [mailto:[EMAIL PROTECTED] Gesendet: Montag, 13. August 2007 13:58 An: users@tomcat.apache.org Betreff: Problem with Apache/Tomcat/WebDAV/Alfresco Hello folks, we have a problem with the following setup: Web Browser -Apache(mod_jk)-Tomcat-Alfresco Explanation: we would like to access the Alfresco content management system (running in Tomcat) using WebDAV and SSL. It works, if we expose Tomcat directly to the network. For security reasons, we would like to reverse proxy with Apache. This does not work for some reason. (does not send the WWW-Authenticate header) We have checked mod_jk documentation without detecting any problems on our side. Can anybody help ? Thanks in advance ! regards Frank Here are the relevant config settings and software version info: Apache: Server version: Apache/2.0.59 Tomcat: Apache Tomcat/5.5.20 jdk 1.5.0_07-b03 Sun Microsystems Inc. Linux 2.6.5-7.252-default i386 mod_jk in Apache: JkMount /* alfresco JkLogFile /var/log/apache2/mod_jk.log JkLogLevel debug JkWorkersFile /usr/share/tomcat/conf/workers.properties +++ /usr/share/tomcat/conf/workers.properties: ps=/ # list the workers by name worker.list=alfresco # # First tomcat server # worker.alfresco.port=8009 worker.alfresco.host=localhost worker.alfresco.type=ajp13 # Specify the size of the open connection cache. #worker.tomcat-worker1.cachesize # # Specifies the load balance factor when used with # a load balancing worker. # Note: # lbfactor must be 0 # Low lbfactor means less work done by the worker. worker.alfresco.lbfactor=100 ++ tomcat server.xml: !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=8443 protocol=AJP/1.3/ Frank Gerlach Software engineer dmc digital media center GmbH Rommelstraße 11 70376 Stuttgart (Germany) Telefon: +49 711 601747-258 Telefax: +49 711 601747-141 eMail:[EMAIL PROTECTED] Internet: www.dmc.de Handelsregister: AG Stuttgart HRB 18974 Geschäftsführer: Andreas Magg, Daniel Rebhorn, Andreas Schwend Frank Gerlach.vcf
Re: ClientAbortException / Broken Pipe?!
ClientAbortException means the user canceled the download (the 'client aborted'). There is nothing you can do about that on the server. Ronald. On Tue Aug 14 15:57:25 CEST 2007 Tomcat Users List users@tomcat.apache.org wrote: Folks; still messing around with an error like this: In our system, we offer customers a service to download files using a servlet. Some weeks ago (more or less when I considered switching to tomcat 6.0), the following error frequently started to show up in my log files: ... java.net.SocketException: Broken pipe at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at org.apache.jk.common.ChannelSocket.send(ChannelSocket.java:537) at org.apache.jk.common.JkInputStream.endMessage(JkInputStream.java:127) at org.apache.jk.core.MsgContext.action(MsgContext.java:302) at org.apache.coyote.Response.action(Response.java:183) at org.apache.coyote.Response.finish(Response.java:305) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:205) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:619) 14.08.2007 15:38:34 org.apache.jk.common.ChannelSocket processConnection WARNUNG: processCallbacks status 2 ... whereas I see a ClientAbortException caught by my applications exception handling mechanism. So far, I haven't been able to track this down, that's why I am kindly asking you for your skilled advice. What did I do so far trying to get hold of this: - Tomcat runs on a machine in the LAN, fronted by an apache2 httpd. - The error does appear both running tomcat 6.0.13 and 5.5.23. - I initially was using mod_jk 1.2.29 and switched to mod_proxy and Proxy/ProxyReverse setup just to make sure, and the error appears no matter whether using mod_jk or mod_proxy. - Right now, I am using apache2 prefork mpm, played around with different mpms just to be sure it's not an error related to apache2 itself, but this also didn't really change anything. - apache2 logging doesn't show any messages whenever such a ClientAbortException is thrown. - Customers, however, reported that whenever such a situation happened, the files downloaded were either 0k sized or corrupted. And I'm whole-heartedly clueless by now :( Is there anything I forgot to double-check? Using the latest JDK, no tcnative, running Ubuntu Linux 6.06.1. Applied pretty much every solution attempt I could come up with using google, including tweaking the HTTP connector setup in server.xml, removing tcnative, using mod_proxy instead of mod_jk - no success. Does anyone around here have any more ideas on how to get hold of this? Thanks loads in advance and bye, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality. (Hundertwasser) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClientAbortException / Broken Pipe?!
Ronald; [Ronald Klop [EMAIL PROTECTED] @ Wed, 15 Aug 2007 09:56:59 +0200 (CEST)] ClientAbortException means the user canceled the download (the 'client aborted'). There is nothing you can do about that on the server. I thought so. However, there are two things: (a) I was unsure whether, in a proxied environment, a ClientAbortException means download canceled by the actual (external) client or by the proxy server (which is directly accessing the backend tomcat). (b) In none of the cases I watched so far, some user consciously / actively stopped a download in progress - all reported that either the download finished but ended up with an empty / small / corrupted file or an error message showed up - or nothing happened at all. :( I am not really sure who's to blame for that... :/ Thanks for your help, nevertheless, and best regards, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality. (Hundertwasser) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClientAbortException / Broken Pipe?!
Kristian Rink wrote: Ronald; [Ronald Klop [EMAIL PROTECTED] @ Wed, 15 Aug 2007 09:56:59 +0200 (CEST)] ClientAbortException means the user canceled the download (the 'client aborted'). There is nothing you can do about that on the server. I thought so. However, there are two things: (a) I was unsure whether, in a proxied environment, a ClientAbortException means download canceled by the actual (external) client or by the proxy server (which is directly accessing the backend tomcat). OK, the proxy in your case is a reverse proxy. The exception in the tomcat logs could theretically come from a communication failure back to the reverse proxy, or from a failure from the reverse proxy back to the client=browser. In the latter case, the reverse proxy would not accept any more traffic from the tomcat and thus indirectly lead to the same exception. When using mod_jk, it will log problems during sending back data to the client=browser. That way you would know, on which part of the net the original problem is located. By logging response times in your Apache access log and redundantly in your Tomcat access log (at least until you solved or understood the cause of the problem), you can also find out, how long the response took from the perspective of Apache and of Tomcat, and if the duration is close to some configured timeout interval. The pattern for response times if %D, which means microseconds with Apache httpd and milliseocond swith Tomcat. From the mod_jk log and the access log duration information you might even be able to determine, which requests had the problem (this is not easy and if you've got high load, it's difficult). I would suggest using mod_jk 1.2.25. It will log millisecond timestamps and has a couple further stability improvements. You wrote about version 1.2.29 which does not exist, upgrading should be no problem. JK has a couple of timeouts additionally to the Apache httpd timeout. They are described at http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html (b) In none of the cases I watched so far, some user consciously / actively stopped a download in progress - all reported that either the download finished but ended up with an empty / small / corrupted file or an error message showed up - or nothing happened at all. :( I am not really sure who's to blame for that... :/ I would really try to look at the response handling times, the URLs for which it is happening, the client IPs and User Agent types to check, if there are any obvious patterns. In case you can finally reproduce the problem with low load, you can switch jk log level to debug or even trace. Then the log file will include full packet and header dumps. This is not a good idea for high traffic production though. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removing the port identifier
You can execute tihs iptables line (if you are using linux) directly in the server where you run tomcat (substitute xxx.xxx.xxx.xxx whith the ip address of your linux box): iptables -t nat -A PREROUTING -d xxx.xxx.xxx.xxx -p tcp -m tcp --dport 443 -j DNAT --to-destination xxx.xxx.xxx.xxx:8443 On 8/14/07, Stephen Caine [EMAIL PROTECTED] wrote: Is there a way to remove the port number from a https request where the original url looks something like this: https://host_name:8443/ The approach to change the server.xml file (where the connector port is changed from 8443 to 443) is not practical for us. When this is done, Tomcat requires the root user to run. We consider this a security risk. We have considered a port forwarder, but we are unclear whether to install this on the Tomcat server or router. In any event, we are not at all sure this is the best approach. Any advice will be appreciated. Our operating system is Mac OS X. Thanks, Stephen - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Nadie es tan joven que no se pueda morir mañana, ni tan viejo que no pueda vivir un día más. – La Celestina (Fernando de Rojas, 1499)
Re: Removing the port identifier
Chris, Thank you for the suggestion. I will investigate. Stephen Tomcat does not require you to run it as root in order to use port 443. There are various techniques, including using a web server such as Apache httpd to front Tomcat, iptables (or similar) tricks to re-route ports, or using jsvc to gain non-root access to port 443 (and others). - -chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removing the port identifier
Hassan, I appreciate the link. Stephen Nope; see the reference to jsvc here: http://tomcat.apache.org/tomcat-6.0-doc/setup.html - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removing the port identifier
Matthew, Thank you for your response. Apart from using iptables (which may or may not work in OS X), the Tomcat setup link, http:// tomcat.apache.org/tomcat-6.0-doc/setup.html, seems to be the best way to go. the only way to get rid of the port number is to have something listening on :443 (that's the way browsers are, sorry), and then hand requests over to tomcat, so to get what you want something will have to bind to :443 at some point, requiring root privs. What you want is something that will bind to the port as a privileged user and subsequently drop priv's to a limited user. the Apache web server is excellent for this kind of thing. The easiest way to do this would be with apache sitting in front of tomcat with either mod_jk2 or forwarding requests with mod_rewrite. It doesn't really matter where the port forwarder sits, but usually you want to align with existing IT infrastructure and use an existing internal/internet web server to redirect requests to your app. If your company already has apache then this is a cinch, otherwise you'll have to figure out how to reverse-proxy with the web server du jour... Is this close to what you're after? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Configuring Webalizer on tomcat
Hi All I'm struggling to configure the webalizer on tomcat.I followed one of the archives written long time back by Dan patton at http://www.mail-archive.com/[EMAIL PROTECTED]/msg69842.html I followed exactly what he has pointed out .I can see files are generating at [tomcathome/logs/access/access*.log].But usage folder in webapp is still empty.so I can see usage.Any help would be appreciated I' m on linux I have installed webalizer and my web site is running on tomcat following are my configuration for webalizer.conf LogFiles where my tomcat logs files are LogFile /logs/access/access.log (logs folder is inside the Tomcat isntallation) # # Sample Webalizer configuration file # Copyright 1997-2000 by Bradford L. Barrett ([EMAIL PROTECTED]) # # Distributed under the GNU General Public License. See the # files Copyright and COPYING provided with the webalizer # distribution for additional information. # # This is a sample configuration file for the Webalizer (ver 2.01) # Lines starting with pound signs '#' are comment lines and are # ignored. Blank lines are skipped as well. Other lines are considered # as configuration lines, and have the form ConfigOption Value where # ConfigOption is a valid configuration keyword, and Value is the value # to assign that configuration option. Invalid keyword/values are # ignored, with appropriate warnings being displayed. There must be # at least one space or tab between the keyword and its value. # # As of version 0.98, The Webalizer will look for a 'default' configuration # file named webalizer.conf in the current directory, and if not found # there, will look for /etc/webalizer.conf. # LogFile defines the web server log file to use. If not specified # here or on on the command line, input will default to STDIN. If # the log filename ends in '.gz' (ie: a gzip compressed file), it will # be decompressed on the fly as it is being read. #LogFile/var/log/httpd/access_log LogFile /logs/access/access.log # LogType defines the log type being processed. Normally, the Webalizer # expects a CLF or Combined web server log as input. Using this option, # you can process ftp logs as well (xferlog as produced by wu-ftp and # others), or Squid native logs. Values can be 'clf', 'ftp' or 'squid', # with 'clf' the default. #LogTypeclf # OutputDir is where you want to put the output files. This should # should be a full path name, however relative ones might work as well. # If no output directory is specified, the current directory will be used. #OutputDir /var/www/usage OutputDir /webapps/ROOT/usage # HistoryName allows you to specify the name of the history file produced # by the Webalizer. The history file keeps the data for up to 12 months # worth of logs, used for generating the main HTML page (index.html). # The default is a file named webalizer.hist, stored in the specified # output directory. If you specify just the filename (without a path), # it will be kept in the specified output directory. Otherwise, the path # is relative to the output directory, unless absolute (leading /). HistoryName/var/lib/webalizer/webalizer.hist # Incremental processing allows multiple partial log files to be used # instead of one huge one. Useful for large sites that have to rotate # their log files more than once a month. The Webalizer will save its # internal state before exiting, and restore it the next time run, in # order to continue processing where it left off. This mode also causes # The Webalizer to scan for and ignore duplicate records (records already # processed by a previous run). See the README file for additional # information. The value may be 'yes' or 'no', with a default of 'no'. # The file 'webalizer.current' is used to store the current state data, # and is located in the output directory of the program (unless changed # with the IncrementalName option below). Please read at least the section # on Incremental processing in the README file before you enable this option. Incrementalyes # IncrementalName allows you to specify the filename for saving the # incremental data in. It is similar to the HistoryName option where the # name is relative to the specified output directory, unless an absolute # filename is specified. The default is a file named webalizer.current # kept in the normal output directory. If you don't specify Incremental # as 'yes' then this option has no meaning. IncrementalName/var/lib/webalizer/webalizer.current # ReportTitle is the text to display as the title. The hostname # (unless blank) is appended to the end of this string (seperated with # a space) to generate the final full title string. # Default is (for english) Usage Statistics for. #ReportTitleUsage Statistics for # HostName defines the hostname for the report. This is used in # the title, and is prepended to the URL table items. This allows # clicking on URL's in the report to go to the proper location in # the event
RE: tomcat memory realms tomcat-users.xml
From: Matthew Kerle [mailto:[EMAIL PROTECTED] Subject: tomcat memory realms tomcat-users.xml I've read the tomcat docs on memory realm: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm, and I want to expose the org.apache.catalina.UserDatabase class to the web service context via a ResourceLink You probably don't want to do that (even if it's possible, which I doubt), since all code in the webapps would then have access to the credentials. I'd like to be able to authenticate users without having to add a security-constraint to my web.xml, so that unauthenticated clients can still connect. URL patterns in the security-constraint allow you to control which portions of the webapp are accessible to unauthenticated users. If you want something with finer granularity, a filter is probably appropriate. Take a look at: http://securityfilter.sourceforge.net/ for a popular one. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Load Balancing Any Experts Out There Please :-)
All We have built a workers.properties file with load balancing capability however would appreciate peoples thoughts on its structure as when we import this and attempt to run the application it knocks the app over. :-( Any help greatly appreciated Regards / Cordialement / Mit freundlichen Grüßen -- Dean Lonsdale Dean Lonsdale/UK/IBM [EMAIL PROTECTED] Systems Architect IBM Systems Technology Group Senior Accredited IT Specialist Tivoli Certified Consultant IBM UK Ltd, Washway Road, Manchester Ext: 07834 252463 Mobex: 264328 +44 (0)1253 731299 View the Systems Group website at http://w3-03.ibm.com/systemstechnology/index.html Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU image/gif- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Load Balancing Any Experts Out There Please :-)
Forgot to add the properties file my apologies Regards / Cordialement / Mit freundlichen Grüßen -- Dean Lonsdale Dean Lonsdale/UK/IBM [EMAIL PROTECTED] Systems Architect IBM Systems Technology Group Senior Accredited IT Specialist Tivoli Certified Consultant IBM UK Ltd, Washway Road, Manchester Ext: 07834 252463 Mobex: 264328 +44 (0)1253 731299 View the Systems Group website at http://w3-03.ibm.com/systemstechnology/index.html Dean Lonsdale/UK/[EMAIL PROTECTED] 15/08/2007 15:04 Please respond to Tomcat Users List users@tomcat.apache.org To Tomcat Users List users@tomcat.apache.org cc Barry k Blackhall/UK/[EMAIL PROTECTED] Subject Load Balancing Any Experts Out There Please :-) All We have built a workers.properties file with load balancing capability however would appreciate peoples thoughts on its structure as when we import this and attempt to run the application it knocks the app over. :-( Any help greatly appreciated Regards / Cordialement / Mit freundlichen Grüßen -- Dean Lonsdale Dean Lonsdale/UK/IBM [EMAIL PROTECTED] Systems Architect IBM Systems Technology Group Senior Accredited IT Specialist Tivoli Certified Consultant IBM UK Ltd, Washway Road, Manchester Ext: 07834 252463 Mobex: 264328 +44 (0)1253 731299 View the Systems Group website at http://w3-03.ibm.com/systemstechnology/index.html Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU image/gifimage/gif- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClientAbortException / Broken Pipe?!
Ronald Klop wrote: ClientAbortException means the user canceled the download (the 'client aborted'). There is nothing you can do about that on the server. Yeah, that's the answer you'll find most frequently if you spend time Googling for that exception, but anecdotally you'll find that more times than not, there's no evidence of the browser being closed or the client aborting (pressing Stop) while a page is loading. There's definitely something else going on in a great many cases, and I'm at least happy to know that I'm not alone in not having found the real answer yet : Frank -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM/Yahoo: fzammetti MSN: [EMAIL PROTECTED] Author of Practical Ajax Projects With Java Technology (2006, Apress, ISBN 1-59059-695-1) and JavaScript, DOM Scripting and Ajax Projects (2007, Apress, ISBN 1-59059-816-4) Java Web Parts - http://javawebparts.sourceforge.net Supplying the wheel, so you don't have to reinvent it! Ronald. On Tue Aug 14 15:57:25 CEST 2007 Tomcat Users List users@tomcat.apache.org wrote: Folks; still messing around with an error like this: In our system, we offer customers a service to download files using a servlet. Some weeks ago (more or less when I considered switching to tomcat 6.0), the following error frequently started to show up in my log files: ... java.net.SocketException: Broken pipe at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at org.apache.jk.common.ChannelSocket.send(ChannelSocket.java:537) at org.apache.jk.common.JkInputStream.endMessage(JkInputStream.java:127) at org.apache.jk.core.MsgContext.action(MsgContext.java:302) at org.apache.coyote.Response.action(Response.java:183) at org.apache.coyote.Response.finish(Response.java:305) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:205) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:619) 14.08.2007 15:38:34 org.apache.jk.common.ChannelSocket processConnection WARNUNG: processCallbacks status 2 ... whereas I see a ClientAbortException caught by my applications exception handling mechanism. So far, I haven't been able to track this down, that's why I am kindly asking you for your skilled advice. What did I do so far trying to get hold of this: - Tomcat runs on a machine in the LAN, fronted by an apache2 httpd. - The error does appear both running tomcat 6.0.13 and 5.5.23. - I initially was using mod_jk 1.2.29 and switched to mod_proxy and Proxy/ProxyReverse setup just to make sure, and the error appears no matter whether using mod_jk or mod_proxy. - Right now, I am using apache2 prefork mpm, played around with different mpms just to be sure it's not an error related to apache2 itself, but this also didn't really change anything. - apache2 logging doesn't show any messages whenever such a ClientAbortException is thrown. - Customers, however, reported that whenever such a situation happened, the files downloaded were either 0k sized or corrupted. And I'm whole-heartedly clueless by now :( Is there anything I forgot to double-check? Using the latest JDK, no tcnative, running Ubuntu Linux 6.06.1. Applied pretty much every solution attempt I could come up with using google, including tweaking the HTTP connector setup in server.xml, removing tcnative, using mod_proxy instead of mod_jk - no success. Does anyone around here have any more ideas on how to get hold of this? Thanks loads in advance and bye, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality. (Hundertwasser) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.476 / Virus Database: 269.11.19/953 - Release Date: 8/14/2007 5:19 PM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClientAbortException / Broken Pipe?!
Kristian Rink wrote: However, seriously this is a rather bad thing as I am convinced most of our users to possibly make use of a default web browser on their system, having no idea what a browser is, at all... On the other side, having the file transmission terminated / corrupted surely isn't what I would call no ill effect... ;) Does anyone have a smart idea how to compensate for this issue? Your right, I must not have read carefully the first time, I didn't realize there was a corrupt download involved here. Thanks in advance and best regards, Kristian Frank -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM/Yahoo: fzammetti MSN: [EMAIL PROTECTED] Author of Practical Ajax Projects With Java Technology (2006, Apress, ISBN 1-59059-695-1) and JavaScript, DOM Scripting and Ajax Projects (2007, Apress, ISBN 1-59059-816-4) Java Web Parts - http://javawebparts.sourceforge.net Supplying the wheel, so you don't have to reinvent it! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClientAbortException / Broken Pipe?!
Just as another tidbit in the pot, I get these errors frequently with Websphere, both with and without a web server in front of it, and also both with and without a proxy involved, so it's definitely not Tomcat-specific, nor is it definitively anything involving a proxy (although both could somehow be contributing factors in this particular case). One thing we did notice is that the problem was more frequent when we started using Dojo... now, I'm not blaming Dojo, but I wonder if maybe its something along the lines of the browser opening a connection to see if a particular JS file is fresh, then determining the local copy is fresh, and instead of properly closing the connection it somehow aborts it incorrectly... that wouldn't in the least surprise me with IE... although you'd expect to see that error all the time, so I don't know, maybe it's the way Dojo's package/import system works. Just an observation though. Frank -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM/Yahoo: fzammetti MSN: [EMAIL PROTECTED] Author of Practical Ajax Projects With Java Technology (2006, Apress, ISBN 1-59059-695-1) and JavaScript, DOM Scripting and Ajax Projects (2007, Apress, ISBN 1-59059-816-4) Java Web Parts - http://javawebparts.sourceforge.net Supplying the wheel, so you don't have to reinvent it! Rainer Jung wrote: Kristian Rink wrote: Ronald; [Ronald Klop [EMAIL PROTECTED] @ Wed, 15 Aug 2007 09:56:59 +0200 (CEST)] ClientAbortException means the user canceled the download (the 'client aborted'). There is nothing you can do about that on the server. I thought so. However, there are two things: (a) I was unsure whether, in a proxied environment, a ClientAbortException means download canceled by the actual (external) client or by the proxy server (which is directly accessing the backend tomcat). OK, the proxy in your case is a reverse proxy. The exception in the tomcat logs could theretically come from a communication failure back to the reverse proxy, or from a failure from the reverse proxy back to the client=browser. In the latter case, the reverse proxy would not accept any more traffic from the tomcat and thus indirectly lead to the same exception. When using mod_jk, it will log problems during sending back data to the client=browser. That way you would know, on which part of the net the original problem is located. By logging response times in your Apache access log and redundantly in your Tomcat access log (at least until you solved or understood the cause of the problem), you can also find out, how long the response took from the perspective of Apache and of Tomcat, and if the duration is close to some configured timeout interval. The pattern for response times if %D, which means microseconds with Apache httpd and milliseocond swith Tomcat. From the mod_jk log and the access log duration information you might even be able to determine, which requests had the problem (this is not easy and if you've got high load, it's difficult). I would suggest using mod_jk 1.2.25. It will log millisecond timestamps and has a couple further stability improvements. You wrote about version 1.2.29 which does not exist, upgrading should be no problem. JK has a couple of timeouts additionally to the Apache httpd timeout. They are described at http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html (b) In none of the cases I watched so far, some user consciously / actively stopped a download in progress - all reported that either the download finished but ended up with an empty / small / corrupted file or an error message showed up - or nothing happened at all. :( I am not really sure who's to blame for that... :/ I would really try to look at the response handling times, the URLs for which it is happening, the client IPs and User Agent types to check, if there are any obvious patterns. In case you can finally reproduce the problem with low load, you can switch jk log level to debug or even trace. Then the log file will include full packet and header dumps. This is not a good idea for high traffic production though. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Load Balancing
Resend of the last mail removing signature attachments, We have built a workers.properties file to incorporate load balancing however when we use this file it would appear that it prevents the application from functioning correctly, please can anyone comment on whether the load balancing parameters are set correctly. Many thanks Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Load Balancing
Hi Dean, Still no luck, the attachement I am seeing contains the following: - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Could you define application functioning correctly what are you expecting to see and what is happening. Regards From: Dean Lonsdale [mailto:[EMAIL PROTECTED] Sent: 15 August 2007 15:29 To: Tomcat Users List Subject: Load Balancing Resend of the last mail removing signature attachments, We have built a workers.properties file to incorporate load balancing however when we use this file it would appear that it prevents the application from functioning correctly, please can anyone comment on whether the load balancing parameters are set correctly. Many thanks Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __
Re: Load Balancing
Hi! Post your workers.properties here. Att, Silvio Cesar L. dos Santos Analista de Redes Pleno DTI - Divisão de Tecnologia da Informação UNIGRANRIO - Universidade do Grande Rio +55 21 2672-7720 [EMAIL PROTECTED] http://www.unigranrio.edu.br Dean Lonsdale escreveu: Resend of the last mail removing signature attachments, We have built a workers.properties file to incorporate load balancing however when we use this file it would appear that it prevents the application from functioning correctly, please can anyone comment on whether the load balancing parameters are set correctly. Many thanks Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Load Balancing
If your workers.properties file contains nothing then it will defiantly prevent the application from functioning correctly. Have you forgotten to paste the workers.properties in to the email? On 8/15/07, Dean Lonsdale [EMAIL PROTECTED] wrote: Resend of the last mail removing signature attachments, We have built a workers.properties file to incorporate load balancing however when we use this file it would appear that it prevents the application from functioning correctly, please can anyone comment on whether the load balancing parameters are set correctly. Many thanks Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Load Balancing
From: Dean Lonsdale [mailto:[EMAIL PROTECTED] Subject: Load Balancing Resend of the last mail removing signature attachments, You need to stop trying to send attachments - just insert the file into the message. Also, it's better if you send e-mails to this list in plain text rather than HTML - makes it easier for archiving, searching, etc. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat performance on static content over SSL/non-SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt, Matthew Kerle wrote: Apart from integration into a larger site or static content, when would you put httpd in front of tomcat? This might count as integrating into a larger site, but I use Apache httpd to front multiple instances of Tomcat through a single port number (by mapping webapps individually through mod_jk). This allows me to start and stop a single webapp, upgrade the JVM and/or Tomcat running it, and then bring it back up again without disturbing the other applications. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGww/r9CaO5/Lv0PARAihDAKCWoVVHxQF0hCTiIsgFLC0bjMrYyACaAvfr sn1AKYvbLyk3Bbap+tyIrsE= =Zlq+ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Load Balancing
Apologies but it seems to be having problems sending the file so have cut and pasted it into the mail instead..thanks for your support Attempting to establish server1 as a load balanced server incidentally # workers.properties - # # This file provides jk derived plugins with the needed information to # connect to the different tomcat workers. Note that the distributed # version of this file requires modification before it is usable by a # plugin. # # As a general note, the characters $( and ) are used internally to define # macros. Do not use them in your own configuration!!! # # Whenever you see a set of lines such as: # x=value # y=$(x)\something # # the final value for y will be value\something # # Normaly all you will need to do is un-comment and modify the first three # properties, i.e. workers.tomcat_home, workers.java_home and ps. # Most of the configuration is derived from these. # # When you are done updating workers.tomcat_home, workers.java_home and ps # you should have 3 workers configured: # # - An ajp12 worker that connects to localhost:8007 # - An ajp13 worker that connects to localhost:8009 # - A jni inprocess worker. # - A load balancer worker # # However by default the plugins will only use the ajp12 worker. To have # the plugins use other workers you should modify the worker.list property. # # # OPTIONS ( very important for jni mode ) # # workers.tomcat_home should point to the location where you # installed tomcat. This is where you have your conf, webapps and lib # directories. # workers.tomcat_home=/usr/local/jakarta-tomcat5.5.9 # # workers.java_home should point to your Java installation. Normally # you should have a bin and lib directories beneath it. # workers.java_home=/usr/java14 # # You should configure your environment slash... ps=\ on NT and / on UNIX # and maybe something different elsewhere. # ps=/ # #-- ADVANCED MODE #- # # #-- DEFAULT worker list -- #- # # # The workers that your plugins should create and work with # # Add 'inprocess' if you want JNI connector worker.list=ajp12, ajp13, imflb, status # worker.list=ajp12, ajp13, status worker.maintain=60 # , inprocess # #-- DEFAULT ajp12 WORKER DEFINITION -- #- # # # Defining a worker named ajp12 and of type ajp12 # Note that the name and the type do not have to match. # worker.ajp12.port=8007 worker.ajp12.host=localhost worker.ajp12.type=ajp12 # # Specifies the load balance factor when used with # a load balancing worker. # Note: # lbfactor must be 0 # Low lbfactor means less work done by the worker. worker.ajp12.lbfactor=1 # #-- DEFAULT ajp13 WORKER DEFINITION -- #- # # # Defining a worker named ajp13 and of type ajp13 # Note that the name and the type do not have to match. # worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 # # Specifies the load balance factor when used with # a load balancing worker. # Note: # lbfactor must be 0 # Low lbfactor means less work done by the worker. worker.ajp13.lbfactor=1 # # Specify the size of the open connection pool. #worker.ajp13.connection_pool_size # #-- DEFAULT LOAD BALANCER WORKER DEFINITION -- #- # # # The loadbalancer (type lb) workers perform wighted round-robin # load balancing with sticky sessions. # Note: # If a worker dies, the load balancer will check its state #once in a while. Until then all work is redirected to peer #workers. worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=ajp12, ajp13 worker.imflb.type=lb worker.imflb.balance_workers=server1 worker.imflb.sticky_sessions=1 # #-- DEFAULT JNI WORKER DEFINITION- #- # # # Defining a worker named inprocess and of type jni # Note that the name and the type do not have to match. # worker.inprocess.type=jni # #-- CLASSPATH DEFINITION - #- # # # Additional class path components. # worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)tomcat.jar # # Setting the command line for tomcat. # Note: The cmd_line string may not contain spaces. # worker.inprocess.cmd_line=start # Not needed, but can be customized. #worker.inprocess.cmd_line=-config #worker.inprocess.cmd_line=$(workers.tomcat_home)$(ps)conf$(ps)server.xml #worker.inprocess.cmd_line=-home
Re: multiple comet requests
hi Peter, there was a recent large change in TC 6.0 to warn about
misconfigured server.xml
The easiest way to try out the fix is actually to build it from source
Here is how you do it
1. Make sure you have JDK 1.5, ANT and Subversion installed
2. svn co http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk
3. cd trunk
4. ant
builds the code out to cd output/build
Filip
Peter Warren wrote:
Filip, thank you for your very prompt response! I replaced the
tomcat-coyote.jar with yours and now get the following exception on
startup. Is there another jar that I need to update?
Thanks,
Peter
Aug 14, 2007 9:02:29 PM org.apache.tomcat.util.digester.Digester startElement
SEVERE: Begin event threw error
java.lang.NoSuchMethodError:
org.apache.tomcat.util.IntrospectionUtils.setProperty(Ljava/lang/Object;Ljava/lang/String;Ljava/lang/String;)V
at
org.apache.catalina.startup.SetAllPropertiesRule.begin(SetAllPropertiesRule.java:66)
at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1358)
at
com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(Unknown
Source)
at
com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(Unknown
Source)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown
Source)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(Unknown
Source)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown
Source)
at
com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown
Source)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown
Source)
at
com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown
Source)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown
Source)
at
com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown
Source)
at
com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown
Source)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1644)
at org.apache.catalina.startup.Catalina.load(Catalina.java:504)
at org.apache.catalina.startup.Catalina.load(Catalina.java:538)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Filip Hanik - Dev Lists wrote:
turns out that if the request is comet, the recycling of the
input/output filter is not happening.
I have fixed this,
you can try the tomcat-coyote.jar from
http://people.apache.org/~fhanik/tomcat/tomcat-coyote.jar
Filip
Filip Hanik - Dev Lists wrote:
hi Peter,
thanks for the example, I am able to reproduce this error, let me take
a look and see why it is happening,
Filip
Peter Warren wrote:
How do you send multiple requests to the same comet servlet?
Sending multiple chunks of a single request is fine. My problem occurs
after the client ends the chunked transaction by sending 0CRLFCRLF to the
server. The comet servlet correctly registers the END event.
But then the client subsequently tries to initiate a new chunked request by
sending new http headers and a new chunk. The comet servlet receives a
BEGIN event, immediately followed by an END event. A READ event is never
generated for the new chunk. No ERROR events are registered either.
Sequence:
1st request
BEGIN
READ
END
2nd request
BEGIN
END - why an END event and not a READ?
Below are my test client and test comet servlet. Any thoughts on what I'm
doing wrong?
(I apologize in advance if this is a lack of understanding of http on my
part. I have looked at the specs and tried to follow the rules but am still
running into problems.)
Thanks,
Peter
-
test servlet
import java.io.IOException;
import java.io.InputStream;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.CometEvent;
import org.apache.catalina.CometProcessor;
public class CometTestServlet extends HttpServlet implements CometProcessor
{
private static final long serialVersionUID = 5472498184127924791L;
public void event(CometEvent cometEvent) throws IOException,
ServletException {
HttpServletRequest request = cometEvent.getHttpServletRequest();
HttpServletResponse response = cometEvent.getHttpServletResponse();
// don't want timeout events
cometEvent.setTimeout(100);
if (cometEvent.getEventType() == CometEvent.EventType.BEGIN) {
log(Begin
Re: Self-Signed Certificate for Tomcat JVM and CAS
Sorry I hadn't seen your message earlier when you posted it. But you should create the keystore with a keystore password. Did you do that? Cheers, Mojo Lisa Tan wrote: After following the docs to generate self-signed pkcs12 key, I failed to import the key/certificate into my application with No password given for keystore, integrity will not be verified. What does the reason cause this error? I read some docs which ask to create an empty Java keystore and convert PEM formatted key to PKCS8 format. Why do I need to create an empty keystore? Thanks, Lisa Original message Date: Fri, 10 Aug 2007 18:25:56 -0700 From: Bill Barker [EMAIL PROTECTED] Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS To: users@tomcat.apache.org Lisa Tan [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I don't know if this is a right list to ask this question. I tried to configure shibboleth which uses Tomcat with CAS authentication. I received an error: Unable to validate ProxyTicketValidator I did google search on this topic and understood the reason causing this problem is Tomcat JVM doesn't trust the SSL cert of the CAS server. Since I am still in the testing stage, I can't get a CA certificate but the self-signed certificate. If my understanding is correct, the self signed certificate via openssl doesn't have jks format but Tomcat JVM only accept jks format certificate. If you had read the friendly manual at http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, you would know that this isn't true :). While it talks about the keystore, the truststore works the same way. So use openssl to create a pkcs12 file, specify this as the truststore, in whatever way you need to do from the CAS docs, and you should be good to go. I am just wondering if any one can give me some instruction how to create a self-signed certificate and private key which can be used or imported to both Tomcat JVM and CAS server. Thanks, Lisa - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Morris Jones Monrovia, CA http://www.whiteoaks.com Old Town Astronomers http://www.otastro.org - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Is jsp:directive.taglib inside JSP allowed ?
Are these lines not equivalent (from my WEB-INF/jsp/another.jsp) ? jsp:directive.taglib prefix=foo uri=http://domain.co.uk/taglibs/foo-0.1/ jsp:directive.include file=/WEB-INF/jspf/somefile.jspf/ %@ taglib prefix=foo uri=http://domain.co.uk/taglibs/foo-0.1% %@ include file=/WEB-INF/jspf/somefile.jspf% I am getting a Jasper (from 5.5.23) error with the first set of lines, but when I convert to the 2nd the error goes away: build.xml:248: org.apache.jasper.JasperException: file:/tmp/dist/WEB-INF/jsp/another.jsp(2,18) lt;jsp:directive.tag directive can only be used in a tag file I thought the XML notation was valid from all contexts, those being from JSP, from .TAG, from .JSPF, etc... I thought the purpose of the XML notation was to allow recursive bindings so a JSP page could be embedded within another XML document ? Your thoughts appreciated. Darryl - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Load Balancing
this example is in use # Begin workers.propertie file # # Insert this entry in /etc/hosts # to name resolution without DNS # 192.168.1.10 tomcatpro1.uni.edu.br tomcatpro1 # 192.168.1.11 tomcatpro2.uni.edu.br tomcatpro2 # 192.168.1.12 tomcatpro3.uni.edu.br tomcatpro3 # definition to tomcatpro1 worker.tomcatpro1.port=8009 worker.tomcatpro1.host=tomcatpro1 worker.tomcatpro1.type=ajp13 worker.tomcatpro1.lbfactor=3 worker.tomcatpro1.local_worker=1 #worker.tomcatpro1.cachesize=10 # definition to tomcatpro2 worker.tomcatpro2.port=8009 worker.tomcatpro2.host=tomcatpro2 worker.tomcatpro2.type=ajp13 worker.tomcatpro2.lbfactor=3 worker.tomcatpro2.local_worker=1 #worker.tomcatpro2.cachesize=10 # definition to tomcatpro3 worker.tomcatpro3.port=8009 worker.tomcatpro3.host=tomcatpro3 worker.tomcatpro3.type=ajp13 worker.tomcatpro3.lbfactor=3 worker.tomcatpro3.local_worker=1 #worker.tomcatpro3.cachesize=10 # definition to loadbalancer to application worker.lbportal.type=lb worker.lbportal.balanced_workers=tomcatpro1,tomcatpro2,tomcatpro3 worker.lbportal.local_worker_only=1 #* definition to workers to JK work worker.list=lbportal # END workers.propertie file --- IN HTTPD.CONF insert in end of file Include conf/mod-jk.conf --- In conf/mod-jk.conf file insert LoadModule jk_module modules/mod_jk.so JkWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLoglevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /you_app_context/* lbportal -- Att, Silvio Cesar L. dos Santos Analista de Redes Pleno DTI - Divisão de Tecnologia da Informação UNIGRANRIO - Universidade do Grande Rio +55 21 2672-7720 [EMAIL PROTECTED] http://www.unigranrio.edu.br - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat performance on static content over SSL/non-SSL
We use httpd to sit in between firewalls and handle all incoming traffic. Static content is served from there and dynamic content is proxied through to the Tomcat server behind another firewall. SSL is only needed from the client to the httpd server. The Tomcat server then handles the database access which passes through another firewall to hit our internal network where the database lives. I'm not a security expert but it seems like a good idea having your database connections far removed from the Internet connection. At the very least it would seem you would have to have multiple layers of server compromised before any data is exposed. Is this not a good reason to use httpd in front of Tomcat? -EJL --- Matt, Matthew Kerle wrote: Apart from integration into a larger site or static content, when would you put httpd in front of tomcat? This might count as integrating into a larger site, but I use Apache httpd to front multiple instances of Tomcat through a single port number (by mapping webapps individually through mod_jk). This allows me to start and stop a single webapp, upgrade the JVM and/or Tomcat running it, and then bring it back up again without disturbing the other applications. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGww/r9CaO5/Lv0PARAihDAKCWoVVHxQF0hCTiIsgFLC0bjMrYyACaAvfr sn1AKYvbLyk3Bbap+tyIrsE= =Zlq+ -END PGP SIGNATURE- IMPORTANT CONFIDENTIALITY NOTICE:This document, and any documents accompanying this transmission, contains confidential, legally protected information and is intended only for the person or entity to which it is addressed. If you are not the intended recipient, any disclosure, copying, distribution or the taking of any action in reliance on the contents of this transmission is strictly prohibited. If you receive this transmission in error, please contact the sender and delete or destroy the material/information. Corporate Headquarters 10340 Evendale Dr. Cincinnati, OH 45241 513.563.1400 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat performance on static content over SSL/non-SSL
security by obscurity, that is. since the httpd just sends all requests further to the tomcat, if there is a security relevant bug in tomcat code, it would be accessed by the remote side either way. Further, are your machines, on which httpd is running, running under different OS than your tomcat machines? Cause if they are the same, the same security issue would be present on both, so the attacker could easily reach the tomcat machine from the httpd machine via the same hole once he's there. It sounds like a good idea to put a firewall between tomcat and a db. But your tomcat machine and your webapp will have to access the db somehow, so why shouldn't the attacker use the same method to access your db, once he's on the tomcat machine? Therefore, your security infrastructure sounds like a good idea, but in fact it doesn't add any security. Just put a decent firewall between the internet and your cluster and that is it. Once its passed your security infrastructure wouldn't prevent the attacker to go on further. just 2 cents. leon P.S. Btw, some (recently fixed) buffer overflows in mod_jk connector (and in httpd itself) will actually reduce your security, since httpd is far less secure than java. On 8/15/07, Lizak, Ed [EMAIL PROTECTED] wrote: We use httpd to sit in between firewalls and handle all incoming traffic. Static content is served from there and dynamic content is proxied through to the Tomcat server behind another firewall. SSL is only needed from the client to the httpd server. The Tomcat server then handles the database access which passes through another firewall to hit our internal network where the database lives. I'm not a security expert but it seems like a good idea having your database connections far removed from the Internet connection. At the very least it would seem you would have to have multiple layers of server compromised before any data is exposed. Is this not a good reason to use httpd in front of Tomcat? -EJL --- Matt, Matthew Kerle wrote: Apart from integration into a larger site or static content, when would you put httpd in front of tomcat? This might count as integrating into a larger site, but I use Apache httpd to front multiple instances of Tomcat through a single port number (by mapping webapps individually through mod_jk). This allows me to start and stop a single webapp, upgrade the JVM and/or Tomcat running it, and then bring it back up again without disturbing the other applications. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGww/r9CaO5/Lv0PARAihDAKCWoVVHxQF0hCTiIsgFLC0bjMrYyACaAvfr sn1AKYvbLyk3Bbap+tyIrsE= =Zlq+ -END PGP SIGNATURE- IMPORTANT CONFIDENTIALITY NOTICE:This document, and any documents accompanying this transmission, contains confidential, legally protected information and is intended only for the person or entity to which it is addressed. If you are not the intended recipient, any disclosure, copying, distribution or the taking of any action in reliance on the contents of this transmission is strictly prohibited. If you receive this transmission in error, please contact the sender and delete or destroy the material/information. Corporate Headquarters 10340 Evendale Dr. Cincinnati, OH 45241 513.563.1400 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.5 Security Enabled
I am a new Tomcat user.
I installed Tomcat 5.5 for use within IBM RAD/Eclipse runtime environment.
My goal is to find out how J2EE container managed (form based) security
works in Tomcat.
I started off by creating a JSF page, PH001, in the WebContect. No
security entry is specified in the web.xml file yet. I was able to run
and display the page.
Then I tried to check the Server Security Enable box and restart Tomcat to
run the same JSF page. I got the following exception:
Caused by: java.security.AccessControlException: Access denied
(java.util.PropertyPermission
org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER read)
at java.security.AccessController.checkPermission(
AccessController.java:104)
at java.lang.SecurityManager.checkPermission(
SecurityManager.java:547)
at java.lang.SecurityManager.checkPropertyAccess(
SecurityManager.java:1300)
at java.lang.System.getProperty(System.java:369)
at org.apache.jasper.runtime.BodyContentImpl.clinit(
BodyContentImpl.java:43)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:177)
... 64 more
The default catalalina.policy file in the server is appended below : What
update do I need in the file to bypass the exception ? Thank you in
advance for any help.
//
// catalina.corepolicy - Security Policy Permissions for Tomcat 5
//
// This file contains a default set of security policies to be enforced
(by the
// JVM) when Catalina is executed with the -security option. In
addition
// to the permissions granted here, the following additional permissions
are
// granted to the codebase specific to each web application:
//
// * Read access to the document root directory
//
// $Id: catalina.policy 393732 2006-04-13 06:32:25Z pero $
//
// == SYSTEM CODE PERMISSIONS
=
// These permissions apply to javac
grant codeBase file:${java.home}/lib/- {
permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions
grant codeBase file:${java.home}/jre/lib/ext/- {
permission java.security.AllPermission;
};
// These permissions apply to javac when ${java.home] points at
$JAVA_HOME/jre
grant codeBase file:${java.home}/../lib/- {
permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions when
// ${java.home} points at $JAVA_HOME/jre
grant codeBase file:${java.home}/lib/ext/- {
permission java.security.AllPermission;
};
// == CATALINA CODE PERMISSIONS
===
// These permissions apply to the launcher code
grant codeBase file:${catalina.home}/bin/commons-launcher.jar {
permission java.security.AllPermission;
};
// These permissions apply to the daemon code
grant codeBase file:${catalina.home}/bin/commons-daemon.jar {
permission java.security.AllPermission;
};
// These permissions apply to the commons-logging API
grant codeBase file:${catalina.home}/bin/commons-logging-api.jar {
permission java.security.AllPermission;
};
// These permissions apply to the server startup code
grant codeBase file:${catalina.home}/bin/bootstrap.jar {
permission java.security.AllPermission;
};
// These permissions apply to the JMX server
grant codeBase file:${catalina.home}/bin/jmx.jar {
permission java.security.AllPermission;
};
// These permissions apply to JULI
grant codeBase file:${catalina.home}/bin/tomcat-juli.jar {
permission java.security.AllPermission;
};
// These permissions apply to the servlet API classes
// and those that are shared across all class loaders
// located in the common directory
grant codeBase file:${catalina.home}/common/- {
permission java.security.AllPermission;
};
// These permissions apply to the container's core code, plus any
additional
// libraries installed in the server directory
grant codeBase file:${catalina.home}/server/- {
permission java.security.AllPermission;
};
// The permissions granted to the balancer WEB-INF/classes and WEB-INF/lib
directory
grant codeBase file:${catalina.home}/webapps/balancer/- {
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.tomcat.util.digester;
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.tomcat.util.digester.*;
};
// == WEB APPLICATION PERMISSIONS
=
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
// Required for JNDI lookup of named JDBC
RE: utf-8 encoding problem
A few things...
First, what type of apostrophe are you using? Are you using a typical ascii
apostrophe (') or are you using the Microsoft slanted apostrophe that comes
out of word documents (#8242;)?
Here are two links that describe the problem:
http://www.cs.tut.fi/~jkorpela/www/windows-chars.html
http://www.cs.tut.fi/~jkorpela/chars.html#win
Now after reading that you're still having issues, then here is what needs
to be done to get utf-8 encoding to work.
If you're using mod_jk make sure that the ajp connector is set up to encode
using utf-8 like so:
Connector port=8009 enableLookups=false redirectPort=8443
protocol=AJP/1.3 URIEncoding=UTF-8 /
Next, make sure that the request AND response have been set to use utf
encoding. The request MUST have its character encoding set BEFORE any
request parameters are requested or the request will default to the machines
character encoding.
public class ContentTypeFilter implements Filter
{
private static org.apache.log4j.Logger log =
org.apache.log4j.Logger.getLogger(tracking);
public void init(FilterConfig config)
{
}
public void destroy()
{
}
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filterChain) throws IOException, ServletException
{
request = (HttpServletRequest)request;
request.setCharacterEncoding(UTF-8);
response.setCharacterEncoding(UTF-8);
response.setContentType(text/html;charset=UTF-8);
filterChain.doFilter(request, response);
}
}
Finally, I would also set the meta header on the jsp page to be utf-8 just
to be complete...
meta http-equiv=Content-Type content=text/html;charset=utf-8
Regards...
Original Message Follows
From: Joseph S [EMAIL PROTECTED]
Reply-To: Tomcat Users List users@tomcat.apache.org
To: Tomcat Users List users@tomcat.apache.org
Subject: utf-8 encoding problem
Date: Tue, 14 Aug 2007 22:24:28 -0400
My problem is this:
One of my pages with an apostrophe was not displaying properly, so I added
to my jsp:
%@ page contentType=text/html; charset=UTF-8%
When I did that my content displayed correctly, but on form submission it
got corrupted.
You can view the problem here:
http://b.tupari.net/
One page displays correctly, but on submit the value gets mangled. The
other page doesn't display correctly, but if you cut and paste into the form
from the first page the apostrophe does come out correctly on submit.
This happens in both firefox and konqueror. So who is to blame here? The
web browsers? Tomcat? Apache?
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
_
Tease your brain--play Clink! Win cool prizes!
http://club.live.com/clink.aspx?icid=clink_hotmailtextlink2
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
IIS redirect to Apache
Hi, Scenario: we purchased a product written in Java to integrate into our reporting tool. Our setup is such that our web application is written in .NET and hosted on a web farm using IIS (5 or 6 depending on the environment). The product we purchased runs under Apache Tomcat/5.5.23 using 1.5.0_12-b04. The product is integrated into our web portal using frames and sending URL requests to Apache. We are running into issues with javascript code from the product generating errors for what I suspect may be related to crossing domains (our web site and the Apache server). I figure I can resolve this by generating a proxy on the IIS server to handle the request to the Apache server. My question is does anyone have any pointers on how to setup this type of proxy? Thanks, Tony - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Self-Signed Certificate for Tomcat JVM and CAS
I wish you would read this email earlier. I thought if I use the default password (changeit), I don't need to have -storepass parameter. This morning I re-read extkeytool example and tried to put the storepass parameter and it works. After I imported my self-signed cert to JVM truststore, CAS client can trust CAS server. Thank all of you for providing me all the valueable links and information. Lisa -Original Message- From: Morris Jones [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 10:48 AM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS Sorry I hadn't seen your message earlier when you posted it. But you should create the keystore with a keystore password. Did you do that? Cheers, Mojo Lisa Tan wrote: After following the docs to generate self-signed pkcs12 key, I failed to import the key/certificate into my application with No password given for keystore, integrity will not be verified. What does the reason cause this error? I read some docs which ask to create an empty Java keystore and convert PEM formatted key to PKCS8 format. Why do I need to create an empty keystore? Thanks, Lisa Original message Date: Fri, 10 Aug 2007 18:25:56 -0700 From: Bill Barker [EMAIL PROTECTED] Subject: Re: Self-Signed Certificate for Tomcat JVM and CAS To: users@tomcat.apache.org Lisa Tan [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I don't know if this is a right list to ask this question. I tried to configure shibboleth which uses Tomcat with CAS authentication. I received an error: Unable to validate ProxyTicketValidator I did google search on this topic and understood the reason causing this problem is Tomcat JVM doesn't trust the SSL cert of the CAS server. Since I am still in the testing stage, I can't get a CA certificate but the self-signed certificate. If my understanding is correct, the self signed certificate via openssl doesn't have jks format but Tomcat JVM only accept jks format certificate. If you had read the friendly manual at http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html, you would know that this isn't true :). While it talks about the keystore, the truststore works the same way. So use openssl to create a pkcs12 file, specify this as the truststore, in whatever way you need to do from the CAS docs, and you should be good to go. I am just wondering if any one can give me some instruction how to create a self-signed certificate and private key which can be used or imported to both Tomcat JVM and CAS server. Thanks, Lisa - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Morris Jones Monrovia, CA http://www.whiteoaks.com Old Town Astronomers http://www.otastro.org - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
I am dealing with a client who needs multi-gigabyte uploads (4GB+, whatever he wants really, and he says it is needed/required by the system.) Anyways, I currently upload a 4GB file to my Tomcat server, and it is set to simply post to a JSP with the file (please note that files 2GB work fine, forms are set up fine), and that JSP page is never reached. It simply looks like Tomcat is invoking the servlets/target of the request or this is because something hasn't been dealt with yet in the request to cause this action. My logs are all clean of errors, however, and the filter chain works fine (to some extent, it loops forever with this request because it is waiting for it to be dealt with). I receive log messages in beforeProcessing, process, and afterProcessing. However, the JSP is never hit, or if I post the file to a servlet, the servlet is never invoked. I have already tried configuring the connector to use maxPostSize=0, as well as setting the maxHttpHeaderSize variable. I am clearly at a loss of what to do. I also tried creating a Request Listener whenever requests are created but the request never gets a contentLength or contentType. The server simply begins looping the filter chain over and over and over and never hits my servlet/upload.jsp page. Any help would be greatly appreciated. David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
Hi, Have a look at the commons-fileupload [1], it should help you out. Ben [1] http://commons.apache.org/fileupload/ On 8/15/07, David Hesson [EMAIL PROTECTED] wrote: I am dealing with a client who needs multi-gigabyte uploads (4GB+, whatever he wants really, and he says it is needed/required by the system.) Anyways, I currently upload a 4GB file to my Tomcat server, and it is set to simply post to a JSP with the file (please note that files 2GB work fine, forms are set up fine), and that JSP page is never reached. It simply looks like Tomcat is invoking the servlets/target of the request or this is because something hasn't been dealt with yet in the request to cause this action. My logs are all clean of errors, however, and the filter chain works fine (to some extent, it loops forever with this request because it is waiting for it to be dealt with). I receive log messages in beforeProcessing, process, and afterProcessing. However, the JSP is never hit, or if I post the file to a servlet, the servlet is never invoked. I have already tried configuring the connector to use maxPostSize=0, as well as setting the maxHttpHeaderSize variable. I am clearly at a loss of what to do. I also tried creating a Request Listener whenever requests are created but the request never gets a contentLength or contentType. The server simply begins looping the filter chain over and over and over and never hits my servlet/upload.jsp page. Any help would be greatly appreciated. David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IIS redirect to Apache
Hi Tony, the Tomcat project has a sub project called Tomcat Connectors or simply JK. It produces web server plugins to connect the most important web servers directly to Tomcat via a special protocol named AJP. Tomcat has an incoming AJP connector built-in. The Tomcat connectors include Apache httpd modules as well as an IIS ISAPI plugin and a Netscape/Sun NSAPI plugin. So you would need to download http://tomcat.apache.org/download-connectors.cgi an appropriate binary of the IIS plugin, configure and include the plugin correctly for your IIS to establish a reverse proxy function for your IIS. The most recent version of the plugin is 1.2.25. The Tomcat connectors website http://tomcat.apache.org/connectors-doc/ contains documentation. The IIS plugin documentation might not be the best part of it, but in case you get stuck, you can post more specific questions to this list. I assume, that by Apache in your post you always meant Tomcat. If you meant Apache HTTPD web server, then I might have not completely understood your actual or planned setup. Regards, Rainer Tony Fountain wrote: Hi, Scenario: we purchased a product written in Java to integrate into our reporting tool. Our setup is such that our web application is written in .NET and hosted on a web farm using IIS (5 or 6 depending on the environment). The product we purchased runs under Apache Tomcat/5.5.23 using 1.5.0_12-b04. The product is integrated into our web portal using frames and sending URL requests to Apache. We are running into issues with javascript code from the product generating errors for what I suspect may be related to crossing domains (our web site and the Apache server). I figure I can resolve this by generating a proxy on the IIS server to handle the request to the Apache server. My question is does anyone have any pointers on how to setup this type of proxy? Thanks, Tony - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
Completely sorry, details follows: System: Windows XP (Home I believe) 32 bit 2GB Memory on my system Web Application Details/ Other Details: JSF Framework (1.1?) Commons File Uploads 1.2 attempted to be used Tomcat 5.5.17 I'm going to say that Sun is my JVM vendor?? JVM is version 1.6 Tomcat is using these settings: -Xms512m -Xmx512m (I am not receiving PermGens/OutOfMemoryExceptions by any means) I'm compiling at a source level of 1.6 for the web application, the JVM vendor is SUN I do have somewhat of a clue as to why the upload itself is not functional when just trying to use the Commons File Upload to stream the file to a temporary location when large uploads are detected. The content-length has a maximum value of 2.x billion, which is right under two gigabytes. A 2.xGB file will result in a negative content length from integer overflow into the final, negative bit position. Other than that, I cannot explain why the servlet/.jsp target of the form post is not being hit and the filter chain calls filters over and over but won't go any further. After pressing submit, the page acts like nothing happened, and no error messages are generated. I'm fresh out of college so my lack of experience/knowing what you meant by JVM level kind of threw me off, I have JRE1.6 and JDK1.6 :( Here is what came out in Command Prompt issuing this command: java -version java version 1.6.0 Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode) Thanks once again - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
From: David Hesson [mailto:[EMAIL PROTECTED] Subject: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads Any help would be greatly appreciated. Should we guess the Tomcat version you're using, or would you like to tell us? It would also be helpful to know the platform you're running on, the OS, and the JVM vendor and level. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
There have been fixes for 2GB size uploads and downloads between June 10 and June 5. If we assume, that those fixes will help, you've got a coupe of options: - try with Tomcat 6.0.14, which already contains the fixes. This is a major update, but since you are already using Java 5+, you shoujld be able to do it in much less than a day. - we plan to tag a new 5.5 release very soon (end of the week or shortly after). If the tag looks good, you can expect a new 5.5 release in around 2-4 weeks. A 5.5.25 tarball will be available earlier (likely first half of next week), so you can already test it, although it will not be officially released at that time. - You can build your own 5.5 from the sources in the publicly available source code management system subversion. Of course we don't know, if there will be more problems related to libs and the platform with the big uploads and downloads, but at least we checked, that Tomcat itself handles the Content-Length headers correctly with the above mentioned fixes. In case you additionally combine Tomcat with Apache HTTPD or IIS via mod_jk/isapi redirector: the same problem (handling large file contents) has been fixed there recently. This is included in release 1.2.24 of this web server plugin. Regards, Rainer David Hesson wrote: Completely sorry, details follows: System: Windows XP (Home I believe) 32 bit 2GB Memory on my system Web Application Details/ Other Details: JSF Framework (1.1?) Commons File Uploads 1.2 attempted to be used Tomcat 5.5.17 I'm going to say that Sun is my JVM vendor?? JVM is version 1.6 Tomcat is using these settings: -Xms512m -Xmx512m (I am not receiving PermGens/OutOfMemoryExceptions by any means) I'm compiling at a source level of 1.6 for the web application, the JVM vendor is SUN I do have somewhat of a clue as to why the upload itself is not functional when just trying to use the Commons File Upload to stream the file to a temporary location when large uploads are detected. The content-length has a maximum value of 2.x billion, which is right under two gigabytes. A 2.xGB file will result in a negative content length from integer overflow into the final, negative bit position. Other than that, I cannot explain why the servlet/.jsp target of the form post is not being hit and the filter chain calls filters over and over but won't go any further. After pressing submit, the page acts like nothing happened, and no error messages are generated. I'm fresh out of college so my lack of experience/knowing what you meant by JVM level kind of threw me off, I have JRE1.6 and JDK1.6 :( Here is what came out in Command Prompt issuing this command: java -version java version 1.6.0 Java(TM) SE Runtime Environment (build 1.6.0-b105) Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode) Thanks once again - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS redirect to Apache
Martin, To clarify our setup, our site receives the initial HTTP request and the application server in question is IIS and the site is written in ASP.NET. Some of the pages that will be served will include a frame that hosts pages from this product hosted by Tomcat on another server. The current configuration is such that the product invokes some javascript on the client and the javascript is generating errors preventing the pages from working properly. The vendor states that this is due to security issues with the javascript executing across domains and the way to fix this is to implement a proxy from IIS that redirects the request (I'm assuming server side but I'm not sure) to the Tomcat webapp. I'm looking to see if anyone else has any experience they could lend in creating a proxy from IIS that redirects a request to a Java webapp hosted by Tomcat on another physical server. My understanding is I will then be able to reference the URL and make it look like it's part of the domain running in IIS instead of formatting another URL in the form of http://servername:port/webapp/repository. Thanks, Tony Fountain Benefit Concepts, Inc. (419) 244-9936 x9010 (office) (419) 249-7221 (fax) -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 4:10 PM To: Tony Fountain Subject: Re: IIS redirect to Apache Kinda O/T here...Which system is front-ending..e.g. which box will be first to get the HTTP requests? M-- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Tony Fountain [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, August 15, 2007 1:39 PM Subject: IIS redirect to Apache Hi, Scenario: we purchased a product written in Java to integrate into our reporting tool. Our setup is such that our web application is written in .NET and hosted on a web farm using IIS (5 or 6 depending on the environment). The product we purchased runs under Apache Tomcat/5.5.23 using 1.5.0_12-b04. The product is integrated into our web portal using frames and sending URL requests to Apache. We are running into issues with javascript code from the product generating errors for what I suspect may be related to crossing domains (our web site and the Apache server). I figure I can resolve this by generating a proxy on the IIS server to handle the request to the Apache server. My question is does anyone have any pointers on how to setup this type of proxy? Thanks, Tony - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This Email has been scanned for all viruses by PAETEC Email Scanning Services, utilizing MessageLabs proprietary SkyScan infrastructure. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.paetec.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS redirect to Apache
Rainer, Thanks for the information. I'll read up on the IIS ISAPI plugin and if I have any more questions, I'll post them. Thanks, Tony Fountain Benefit Concepts, Inc. (419) 244-9936 x9010 (office) (419) 249-7221 (fax) -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 3:55 PM To: Tomcat Users List Subject: Re: IIS redirect to Apache Hi Tony, the Tomcat project has a sub project called Tomcat Connectors or simply JK. It produces web server plugins to connect the most important web servers directly to Tomcat via a special protocol named AJP. Tomcat has an incoming AJP connector built-in. The Tomcat connectors include Apache httpd modules as well as an IIS ISAPI plugin and a Netscape/Sun NSAPI plugin. So you would need to download http://tomcat.apache.org/download-connectors.cgi an appropriate binary of the IIS plugin, configure and include the plugin correctly for your IIS to establish a reverse proxy function for your IIS. The most recent version of the plugin is 1.2.25. The Tomcat connectors website http://tomcat.apache.org/connectors-doc/ contains documentation. The IIS plugin documentation might not be the best part of it, but in case you get stuck, you can post more specific questions to this list. I assume, that by Apache in your post you always meant Tomcat. If you meant Apache HTTPD web server, then I might have not completely understood your actual or planned setup. Regards, Rainer Tony Fountain wrote: Hi, Scenario: we purchased a product written in Java to integrate into our reporting tool. Our setup is such that our web application is written in .NET and hosted on a web farm using IIS (5 or 6 depending on the environment). The product we purchased runs under Apache Tomcat/5.5.23 using 1.5.0_12-b04. The product is integrated into our web portal using frames and sending URL requests to Apache. We are running into issues with javascript code from the product generating errors for what I suspect may be related to crossing domains (our web site and the Apache server). I figure I can resolve this by generating a proxy on the IIS server to handle the request to the Apache server. My question is does anyone have any pointers on how to setup this type of proxy? Thanks, Tony - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This Email has been scanned for all viruses by PAETEC Email Scanning Services, utilizing MessageLabs proprietary SkyScan infrastructure. For more information on a proactive anti-virus service working around the clock, around the globe, visit http://www.paetec.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IIS redirect to Apache
Yes, this will be possible with the plugin. Be careful: a redirect is something else (it sends the browser a new URL, to which it should connect). A reverse proxy send the request forward to another servber and returns the response to the browser in a way, such that the browser will not notice the indirect setup. A necessary precondition is, that you can relatively easily decide, which URLs should be handled by your .NET app, and which ones you will forward. Good criteria would be URL prefixes and similar easy rules. Such rules can be used for the plugin, to configure, which requests the plugin sould handle. The plugin is also able to do very basic replacements in the URLs before forwarding them. Regards, Rainer Tony Fountain wrote: Martin, To clarify our setup, our site receives the initial HTTP request and the application server in question is IIS and the site is written in ASP.NET. Some of the pages that will be served will include a frame that hosts pages from this product hosted by Tomcat on another server. The current configuration is such that the product invokes some javascript on the client and the javascript is generating errors preventing the pages from working properly. The vendor states that this is due to security issues with the javascript executing across domains and the way to fix this is to implement a proxy from IIS that redirects the request (I'm assuming server side but I'm not sure) to the Tomcat webapp. I'm looking to see if anyone else has any experience they could lend in creating a proxy from IIS that redirects a request to a Java webapp hosted by Tomcat on another physical server. My understanding is I will then be able to reference the URL and make it look like it's part of the domain running in IIS instead of formatting another URL in the form of http://servername:port/webapp/repository. Thanks, Tony Fountain Benefit Concepts, Inc. (419) 244-9936 x9010 (office) (419) 249-7221 (fax) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Installing APR on Fedora
Hi, I'm trying to get the APR native capabilities working on Fedora. I first checked that apr and opensll was installed like this: [EMAIL PROTECTED] ~]$ rpm -qa | grep apr apr-util-1.2.8-7 apr-1.2.8-6 [EMAIL PROTECTED] native]# rpm -qa | grep openssl openssl-0.9.8b-12.fc7 openssl-devel-0.9.8b-12.fc7 Then I try to compile like this: [EMAIL PROTECTED] native]# ./configure make make install --with-apr=/usr/lib/ checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking for working mkdir -p... yes Tomcat Native Version: 1.1.10 checking for chosen layout... tcnative checking for APR... no configure: error: APR could not be located. Please use the --with-apr option. [EMAIL PROTECTED] native]# And like this: [EMAIL PROTECTED] native]# ./configure make make install --with-apr=/usr/lib/apr-util-1/ checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking for working mkdir -p... yes Tomcat Native Version: 1.1.10 checking for chosen layout... tcnative checking for APR... no configure: error: APR could not be located. Please use the --with-apr option. [EMAIL PROTECTED] native]# Anyone have any ideas on how to fix this? Thanks, - Ole - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IIS redirect to Apache
Hi Tony- Browser clients by and large are prohibited from doing anything on the clients box except write cookies the exception for client writes is of course is Applets and Flex objects ..assuming you have neither I would concentrate on using your IIS server as the reverse proxy as Rainier mentioned both to get LB and Security provisioning http://en.wikipedia.org/wiki/Reverse_proxy Thankfully someone at MIT actually wrote a reverse proxy http://www.saltypickle.com/Home/16 for IIS Be cognisant that any ReverseProxy will get ALL traffic and unless you have configed for max performance you could be placing excessive load on the IIS box..if you have 1000 connections / day not much load (unless you are doing alot of file/upload/download activity) is being placed but 100,000 connections /day requires performance planning That said Tomcat was never designed to handle static pages (plain html) and thus the reason for Apache HTTPD server to handle those pages The usual scenario is to transmit all requests to Apache HTTPD and then thru mod_rewrite or VirtualHost send the jsp and servlet to Tomcat Here are some sample configurations http://httpd.apache.org/docs/1.3/vhosts/examples.html Forward vs Redirect I would use forward instead of redirect as it causes the request to be bounced back to the client and then up again to the new server (Then again Im sure Rainier has a reason for making that recommendation) I hope this works for you ..it sounds quite challenging! Martin-- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Tony Fountain [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, August 15, 2007 4:47 PM Subject: RE: IIS redirect to Apache Martin, To clarify our setup, our site receives the initial HTTP request and the application server in question is IIS and the site is written in ASP.NET. Some of the pages that will be served will include a frame that hosts pages from this product hosted by Tomcat on another server. The current configuration is such that the product invokes some javascript on the client and the javascript is generating errors preventing the pages from working properly. The vendor states that this is due to security issues with the javascript executing across domains and the way to fix this is to implement a proxy from IIS that redirects the request (I'm assuming server side but I'm not sure) to the Tomcat webapp. I'm looking to see if anyone else has any experience they could lend in creating a proxy from IIS that redirects a request to a Java webapp hosted by Tomcat on another physical server. My understanding is I will then be able to reference the URL and make it look like it's part of the domain running in IIS instead of formatting another URL in the form of http://servername:port/webapp/repository. Thanks, Tony Fountain Benefit Concepts, Inc. (419) 244-9936 x9010 (office) (419) 249-7221 (fax) -Original Message- From: Martin Gainty [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 15, 2007 4:10 PM To: Tony Fountain Subject: Re: IIS redirect to Apache Kinda O/T here...Which system is front-ending..e.g. which box will be first to get the HTTP requests? M-- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Tony Fountain [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, August 15, 2007 1:39 PM Subject: IIS redirect to Apache Hi, Scenario: we purchased a product written in Java to integrate into our reporting tool. Our setup is such that our web application is written in .NET and hosted on a web farm using IIS (5 or 6 depending on the environment). The product we purchased runs under Apache Tomcat/5.5.23 using 1.5.0_12-b04. The product is integrated into our web portal using frames and sending URL requests to Apache. We are running into issues with javascript code from the product generating errors for what I suspect may be related to crossing domains (our web site and the Apache server). I figure I can resolve this by generating a proxy on the IIS server to handle the request to the Apache server. My question is does anyone have any pointers on how to setup this type of proxy? Thanks, Tony - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL
Re: Installing APR on Fedora
On 8/15/07, Ole Ersoy [EMAIL PROTECTED] wrote: Then I try to compile like this: [EMAIL PROTECTED] native]# ./configure make make install --with-apr=/usr/lib/ ? Shouldn't you run ./configure --with-apr=/usr/lib make... Off the top of my head... :-) -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing APR on Fedora
Hi Hassan, I tried that as well: [EMAIL PROTECTED] native]# ./configure --with-apr=/usr/lib checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking for working mkdir -p... yes Tomcat Native Version: 1.1.10 checking for chosen layout... tcnative checking for APR... configure: error: the --with-apr parameter is incorrect. It must specify an install prefix, a build directory, or an apr-config file. I think I liked it better before :-) Thanks tough, - Ole Hassan Schroeder wrote: On 8/15/07, Ole Ersoy [EMAIL PROTECTED] wrote: Then I try to compile like this: [EMAIL PROTECTED] native]# ./configure make make install --with-apr=/usr/lib/ ? Shouldn't you run ./configure --with-apr=/usr/lib make... Off the top of my head... :-) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing APR on Fedora
Hi Ole, I may be wrong but I think the command, based on what you have listed below, should have been: ./configure --with-apr=/usr/lib/ make make install The other problem that I think you have is that given you are compiling, I think it is looking for the source header for apr, hence depending on how your distribution does things you may need the apr-devel packages. The naming conventions that my distribution uses indicates that the apr packages you have indicated are the binary files. Assuming you are compiling Tomcat all that may be necessary is to copy the .so files that provide the apr api's into the appropriate Tomcat lib directory depending on which version of Tomcat you are trying to use. Stephen Morris Security Technician, IT Security Access Management Technology Security Risk, National Australia Bank Level 8, 800 Bourke St, Melbourne VIC 3000 Tel: +61 (0) 3 8634 1755 | Mob: 0438 537 569 Email: [EMAIL PROTECTED] Ole Ersoy [EMAIL PROTECTED] 16/08/2007 08:02 AM Please respond to Tomcat Users List users@tomcat.apache.org To users@tomcat.apache.org cc Subject Installing APR on Fedora Hi, I'm trying to get the APR native capabilities working on Fedora. I first checked that apr and opensll was installed like this: [EMAIL PROTECTED] ~]$ rpm -qa | grep apr apr-util-1.2.8-7 apr-1.2.8-6 [EMAIL PROTECTED] native]# rpm -qa | grep openssl openssl-0.9.8b-12.fc7 openssl-devel-0.9.8b-12.fc7 Then I try to compile like this: [EMAIL PROTECTED] native]# ./configure make make install --with-apr=/usr/lib/ checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking for working mkdir -p... yes Tomcat Native Version: 1.1.10 checking for chosen layout... tcnative checking for APR... no configure: error: APR could not be located. Please use the --with-apr option. [EMAIL PROTECTED] native]# And like this: [EMAIL PROTECTED] native]# ./configure make make install --with-apr=/usr/lib/apr-util-1/ checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking for working mkdir -p... yes Tomcat Native Version: 1.1.10 checking for chosen layout... tcnative checking for APR... no configure: error: APR could not be located. Please use the --with-apr option. [EMAIL PROTECTED] native]# Anyone have any ideas on how to fix this? Thanks, - Ole - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] National Australia Bank Ltd - ABN 12 004 044 937 This email may contain confidential information. If you are not the intended recipient, please immediately notify us at [EMAIL PROTECTED] or by replying to the sender, and then destroy all copies of this email. Except where this email indicates otherwise, views expressed in this email are those of the sender and not of National Australia Bank Ltd. Advice in this email does not take account of your objectives, financial situation, or needs. It is important for you to consider these matters and, if the e-mail refers to a product(s), you should read the relevant Product Disclosure Statement(s)/other disclosure document(s) before making any decisions. If you do not want email marketing from us in future, forward this email with unsubscribe in the subject line to [EMAIL PROTECTED] in order to stop marketing emails from this sender. National Australia Bank Ltd does not represent that this email is free of errors, viruses or interference.
Re: Installing APR on Fedora
On 8/15/07, Ole Ersoy [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] native]# ./configure --with-apr=/usr/lib checking for APR... configure: error: the --with-apr parameter is incorrect. It must specify an install prefix, a build directory, or an apr-config file. I think I liked it better before :-) ? But before, configure wasn't seeing your --with-apr argument at all; now it is, but it's wrong. :-) I just tried it on my local SuSE system where the APR header (.h) files are in /usr/local/httpd-2.2.4/include using --with-apr=/usr/local/httpd-2.2.4 and it cranked right through... FWIW! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DefaultServlet, WebDAV, and Permissions
I sent this out last week and didn't get any responses ... just wanted to make sure it hit the list and didn't get dropped somewhere. Any help is appreciated! I'm using the WebDAV servlet in tomcat 5.5.22 and I'm having some issues that I was hoping I could get sorted out. First of all, I'm seeing reams and reams of these in the logs: Aug 8, 2007 5:15:30 PM org.apache.catalina.core.ApplicationContext log INFO: webdav: DefaultServlet.doPut: couldn't delete temporary file: null They seem to happen on every access ... lists, puts, etc. Ideas? Are they benign and should I just turn down the log level? The second problem is much more involved, so please bear with me. I have started tomcat as myself, say 'jack'. The user 'jack' is a memeber of the group 'hill'. The user 'jill' is also a member of the group 'hill'. In web.xml I have specified a dav folder of /webdav. That folder is owned by 'jack' and group writable by 'hill' (755). Inside of /webdav I have two folders: drwxrwxr-x 2 jack hill 4096 Aug 1 14:01 f1 drwxrwxr-x 2 jill hill 69632 Aug 8 17:15 f2 As user 'jack', on the server, I can create (or touch) a file in both folders 'f1' and 'f2'. If I remotely mount the file system with WebDAV, I can also write to the folder 'f1', but now I can't write to 'f2'. Mounting with Finder on Mac gives me a strange (and incorrect) error (talking about filenames being to long), and using sitecopy I get a 409 (conflict) error. I understand that Java doesn't deal with permissions, but shouldn't it just try to write the file and respond to what the OS tells it can be done? Or is something else going on? Are my two problems related? Is this a problem in DefaultServlet in general? Thanks for taking a look! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Webalizer on tomcat
this may be a silly point, but check your PageType defs, they're
currently only mapping to html's or php's, (granted this is all that
flovv.com seems to contain), but if your actual pages are jsps and
you're rewriting urls somehow, try adding jsp to the PageType defs?
sorry, I've only used webalizer with apache php files, and it always
worked fine, so i'm no expert on webalizer+tomcat...
also, your config file is only looking at access.log, with no wildcard.
maybe try adding a wildcard in the filename to pick any other logs.
can you run webalizer manually and post the logfile it generates?
cheers.
* Matthew Kerle
* * IT Consultant *
* Canberra, Australia*
Mobile: +61404 096 863
Email: Matthew Kerle mailto:[EMAIL PROTECTED]
Web: Matthew Kerle http://threebrightlights.blogspot.com/
Kanchana Welagedara wrote:
Hi All
I'm struggling to configure the webalizer on tomcat.I followed one of the
archives written long time back by Dan patton at
http://www.mail-archive.com/[EMAIL PROTECTED]/msg69842.html
I followed exactly what he has pointed out .I can see files are generating
at [tomcathome/logs/access/access*.log].But usage folder in webapp is still
empty.so I can see usage.Any help would be appreciated
I' m on linux
I have installed webalizer and my web site is running on tomcat
following are my configuration for webalizer.conf
LogFiles where my tomcat logs files are
LogFile /logs/access/access.log (logs folder is inside the Tomcat
isntallation)
LogFile /logs/access/access.log
OutputDir /webapps/ROOT/usage
HistoryName/var/lib/webalizer/webalizer.hist
Incrementalyes
IncrementalName/var/lib/webalizer/webalizer.current
HostName flovv.com
# PageType lets you tell the Webalizer what types of URL's you
# consider a 'page'. Most people consider html and cgi documents
# as pages, while not images and audio files. If no types are
# specified, defaults will be used ('htm*', 'cgi' and HTMLExtension
# if different for web logs, 'txt' for ftp logs).
PageTypehtml
PageTypehtm*
PageTypecgi
PageTypephp
PageTypeshtml
#PageTypephtml
#PageTypephp3
#PageTypepl
# UseHTTPS should be used if the analysis is being run on a
# secure server, and links to urls should use 'https://' instead
# of the default 'http://'. If you need this, set it to 'yes'.
# Default is 'no'. This only changes the behaviour of the 'Top
# URL's' table.
#UseHTTPS no
# DNSCache specifies the DNS cache filename to use for reverse DNS lookups.
# This file must be specified if you wish to perform name lookups on any IP
# addresses found in the log file. If an absolute path is not given as
# part of the filename (ie: starts with a leading '/'), then the name is
# relative to the default output directory. See the DNS.README file for
# additional information.
DNSCache/var/lib/webalizer/dns_cache.db
# DNSChildren allows you to specify how many children processes are
# run to perform DNS lookups to create or update the DNS cache file.
# If a number is specified, the DNS cache file will be created/updated
# each time the Webalizer is run, immediately prior to normal processing,
# by running the specified number of children processes to perform
# DNS lookups. If used, the DNS cache filename MUST be specified as
# well. The default value is zero (0), which disables DNS cache file
# creation/updates at run time. The number of children processes to
# run may be anywhere from 1 to 100, however a large number may effect
# normal system operations. Reasonable values should be between 5 and
# 20. See the DNS.README file for additional information.
DNSChildren10
# HTMLPre defines HTML code to insert at the very beginning of the
# file. Default is the DOCTYPE line shown below. Max line length
# is 80 characters, so use multiple HTMLPre lines if you need more.
#HTMLPre !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
# HTMLHead defines HTML code to insert within the HEAD/HEAD
# block, immediately after the TITLE line. Maximum line length
# is 80 characters, so use multiple lines if needed.
#HTMLHead META NAME=author CONTENT=The Webalizer
# HTMLBody defined the HTML code to be inserted, starting with the
# BODY tag. If not specified, the default is shown below. If
# used, you MUST include your own BODY tag as the first line.
# Maximum line length is 80 char, use multiple lines if needed.
#HTMLBody BODY BGCOLOR=#E8E8E8 TEXT=#00 LINK=#FF
VLINK=#FF
# HTMLPost defines the HTML code to insert immediately before the
# first HR on the document, which is just after the title and
# summary period-Generated on: lines. If anything, this should
# be used to clean up in case an image was inserted with HTMLBody.
# As with HTMLHead, you can define as many of these as you want and
# they will be inserted in the output stream in order of apperance.
# Max string size is 80 characters. Use multiple lines if you need to.
#HTMLPost BR
Re: tomcat performance on static content over SSL/non-SSL
good security is hard. I've seen state governments using the reverse-proxy layered approach described below, and that worked extremely well. I've also seen a federal government with an open database port to the internet (won't say which! lets just say they're not known for prompt security fixes...), but who won't allow a proxied http tunnel inside for security reasons. just crazy, talk about take the log out of your own eye... The only *really* safe option (against internal compromise) I've seen is to replicate databases into the DMZ, and disallow all connections from the DMZ to internal. But then you have problems with replication, and if you database is compromised then you risk data exposure. Which means there is no final solution, but it helps to raise the difficulty for attackers and minimise your risk. then make sure your backups work!!! cheers. * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Leon Rosenberg wrote: security by obscurity, that is. since the httpd just sends all requests further to the tomcat, if there is a security relevant bug in tomcat code, it would be accessed by the remote side either way. Further, are your machines, on which httpd is running, running under different OS than your tomcat machines? Cause if they are the same, the same security issue would be present on both, so the attacker could easily reach the tomcat machine from the httpd machine via the same hole once he's there. It sounds like a good idea to put a firewall between tomcat and a db. But your tomcat machine and your webapp will have to access the db somehow, so why shouldn't the attacker use the same method to access your db, once he's on the tomcat machine? Therefore, your security infrastructure sounds like a good idea, but in fact it doesn't add any security. Just put a decent firewall between the internet and your cluster and that is it. Once its passed your security infrastructure wouldn't prevent the attacker to go on further. just 2 cents. leon P.S. Btw, some (recently fixed) buffer overflows in mod_jk connector (and in httpd itself) will actually reduce your security, since httpd is far less secure than java. On 8/15/07, Lizak, Ed [EMAIL PROTECTED] wrote: We use httpd to sit in between firewalls and handle all incoming traffic. Static content is served from there and dynamic content is proxied through to the Tomcat server behind another firewall. SSL is only needed from the client to the httpd server. The Tomcat server then handles the database access which passes through another firewall to hit our internal network where the database lives. I'm not a security expert but it seems like a good idea having your database connections far removed from the Internet connection. At the very least it would seem you would have to have multiple layers of server compromised before any data is exposed. Is this not a good reason to use httpd in front of Tomcat? -EJL --- Matt, Matthew Kerle wrote: Apart from integration into a larger site or static content, when would you put httpd in front of tomcat? This might count as integrating into a larger site, but I use Apache httpd to front multiple instances of Tomcat through a single port number (by mapping webapps individually through mod_jk). This allows me to start and stop a single webapp, upgrade the JVM and/or Tomcat running it, and then bring it back up again without disturbing the other applications. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGww/r9CaO5/Lv0PARAihDAKCWoVVHxQF0hCTiIsgFLC0bjMrYyACaAvfr sn1AKYvbLyk3Bbap+tyIrsE= =Zlq+ -END PGP SIGNATURE- IMPORTANT CONFIDENTIALITY NOTICE:This document, and any documents accompanying this transmission, contains confidential, legally protected information and is intended only for the person or entity to which it is addressed. If you are not the intended recipient, any disclosure, copying, distribution or the taking of any action in reliance on the contents of this transmission is strictly prohibited. If you receive this transmission in error, please contact the sender and delete or destroy the material/information. Corporate Headquarters 10340 Evendale Dr. Cincinnati, OH 45241 513.563.1400 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: utf-8 encoding problem
Nathan Hook wrote:
A few things...
First, what type of apostrophe are you using? Are you using a typical
ascii apostrophe (') or are you using the Microsoft slanted apostrophe
that comes out of word documents (#8242;)?
It's #8217;
Here are two links that describe the problem:
http://www.cs.tut.fi/~jkorpela/www/windows-chars.html
http://www.cs.tut.fi/~jkorpela/chars.html#win
That basically says that some windows chars doesn't display properly.
That isn't my problem. It displays properly when I set the char
encoding to utf-8. My question is why doesn't it submit properly if the
original page was sent utf-8 but does submit properly if the original
page ISO-8859-1?
If you're using mod_jk make sure that the ajp connector is set up to
encode using utf-8 like so:
Connector port=8009 enableLookups=false redirectPort=8443
protocol=AJP/1.3 URIEncoding=UTF-8 /
Next, make sure that the request AND response have been set to use utf
encoding.
Aren't all requests submitted as application/x-www-form-urlencoded which
is an encoded form of unicode?
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: utf-8 encoding problem
Joseph S wrote: When I did that my content displayed correctly, but on form submission it got corrupted. POST or GET? Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing APR on Fedora
Hi Hassan and Stephen, Thanks for all the tips :-) I have a lot more progress now! I get the following (The only important part is the bottom i think): [EMAIL PROTECTED] native]# ./configure --with-apr=/home/ole/rpmbuild/BUILD/apr-1.2.8/ make make install checking build system type... i686-pc-linux-gnu checking host system type... i686-pc-linux-gnu checking target system type... i686-pc-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking for working mkdir -p... yes Tomcat Native Version: 1.1.10 checking for chosen layout... tcnative checking for APR... yes setting CC to gcc setting CPP to gcc -E checking for a BSD-compatible install... /usr/bin/install -c checking for JDK location (please wait)... /usr/lib/jvm/java from environment checking Java platform... checking Java platform... checking for sablevm... NONE adding -I/usr/lib/jvm/java/include to TCNATIVE_PRIV_INCLUDES checking os_type directory... linux adding -I/usr/lib/jvm/java/include/linux to TCNATIVE_PRIV_INCLUDES checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... no checking whether gcc accepts -g... no checking for gcc option to accept ANSI C... none needed checking for OpenSSL library... using openssl from /usr/lib and /usr/include checking OpenSSL library version... ok checking for OpenSSL DSA support... yes setting TCNATIVE_LDFLAGS to -lssl -lcrypto setting CFLAGS to -DHAVE_OPENSSL setting TCNATIVE_LIBS to setting TCNATIVE_LIBS to /home/ole/rpmbuild/BUILD/apr-1.2.8/libapr-1.la -luuid -lcrypt -lpthread -ldl configure: creating ./config.status config.status: creating tcnative.pc config.status: creating Makefile config.status: executing default commands make[1]: Entering directory `/home/ole/Desktop/tomcat-6.0.14/bin/tomcat-native-1.1.10-src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/home/ole/Desktop/tomcat-6.0.14/bin/tomcat-native-1.1.10-src/jni/native' make[1]: Entering directory `/home/ole/Desktop/tomcat-6.0.14/bin/tomcat-native-1.1.10-src/jni/native' make[1]: Nothing to be done for `local-all'. make[1]: Leaving directory `/home/ole/Desktop/tomcat-6.0.14/bin/tomcat-native-1.1.10-src/jni/native' /home/ole/rpmbuild/BUILD/apr-1.2.8/build/mkdir.sh /usr/local/apr/include/apr-1 /usr/local/apr/lib/pkgconfig \ /usr/local/apr/lib /usr/local/apr/bin /usr/bin/install -c -m 644 tcnative.pc /usr/local/apr/lib/pkgconfig/tcnative-1.pc list=''; for i in $list; do \ ( cd $i ; make DESTDIR= install ); \ done /bin/sh /home/ole/rpmbuild/BUILD/apr-1.2.8/libtool --mode=install /usr/bin/install -c -m 755 libtcnative-1.la /usr/local/apr/lib libtool: install: warning: relinking `libtcnative-1.la' ..I'm chiming in here. I think it's talking about this command at the bottom... (cd /home/ole/Desktop/tomcat-6.0.14/bin/tomcat-native-1.1.10-src/jni/native; /bin/sh /home/ole/rpmbuild/BUILD/apr-1.2.8/libtool --silent --mode=relink gcc -pthread -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -DHAVE_CONFIG_H -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DHAVE_OPENSSL -I/home/ole/Desktop/tomcat-6.0.14/bin/tomcat-native-1.1.10-src/jni/native/include -I/usr/lib/jvm/java/include -I/usr/lib/jvm/java/include/linux -I/home/ole/rpmbuild/BUILD/apr-1.2.8/include -version-info 1:10:1 -o libtcnative-1.la -rpath /usr/local/apr/lib src/user.lo src/sslinfo.lo src/ssl.lo src/stdlib.lo src/os.lo src/file.lo src/thread.lo src/poll.lo src/sslcontext.lo src/ss etwork.lo src/lock.lo src/misc.lo src/shm.lo src/proc.lo src/sslutils.lo src/address.lo src/network.lo src/info.lo src/jnilib.lo src/multicast.lo src/error.lo src/dir.lo src/pool.lo src/mmap.lo os/unix/uxpipe.lo os/unix/system.lo -lssl -lcrypto /home/ole/rpmbuild/BUILD/apr-1.2.8/libapr-1.la -luuid -lcrypt -lpthread -ldl ) /usr/bin/ld: cannot find -lapr-1 collect2: ld returned 1 exit status libtool: install: error: relink `libtcnative-1.la' with the above command before installing it make: *** [install] Error 1 Any idea what this means? I tried running this part again by itself: (cd /home/ole/Desktop/tomcat-6.0.14/bin/tomcat-native-1.1.10-src/jni/native; /bin/sh /home/ole/rpmbuild/BUILD/apr-1.2.8/libtool --silent --mode=relink gcc -pthread -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m32 -march=i386 -mtune=generic -fasynchronous-unwind-tables -DHAVE_CONFIG_H -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -D_LARGEFILE64_SOURCE -DHAVE_OPENSSL -I/home/ole/Desktop/tomcat-6.0.14/bin/tomcat-native-1.1.10-src/jni/native/include -I/usr/lib/jvm/java/include
Re: tomcat performance on static content over SSL/non-SSL
doh! load-balancing of course... I don't know, I'm a stickler for the old do one thing, do it well, tomcat rocks at serving dynamic java, apache rocks at being internet facing serving static CGI. the jk connector is good solid, so I'm happy to keep everything separate and only have tomcat serving dynamic pages. plus that way if you ever run into scalability problems you have the infrastructure to scale right there! * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt, Matthew Kerle wrote: Apart from integration into a larger site or static content, when would you put httpd in front of tomcat? This might count as integrating into a larger site, but I use Apache httpd to front multiple instances of Tomcat through a single port number (by mapping webapps individually through mod_jk). This allows me to start and stop a single webapp, upgrade the JVM and/or Tomcat running it, and then bring it back up again without disturbing the other applications. - -chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removing the port identifier
no worries. I didn't know about jsvc or commons-daemon before (I do now!), so I learnt something too! best of luck with your app. * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Stephen Caine wrote: Matthew, Thank you for your response. Apart from using iptables (which may or may not work in OS X), the Tomcat setup link, http://tomcat.apache.org/tomcat-6.0-doc/setup.html;, seems to be the best way to go. the only way to get rid of the port number is to have something listening on :443 (that's the way browsers are, sorry), and then hand requests over to tomcat, so to get what you want something will have to bind to :443 at some point, requiring root privs. What you want is something that will bind to the port as a privileged user and subsequently drop priv's to a limited user. the Apache web server is excellent for this kind of thing. The easiest way to do this would be with apache sitting in front of tomcat with either mod_jk2 or forwarding requests with mod_rewrite. It doesn't really matter where the port forwarder sits, but usually you want to align with existing IT infrastructure and use an existing internal/internet web server to redirect requests to your app. If your company already has apache then this is a cinch, otherwise you'll have to figure out how to reverse-proxy with the web server du jour... Is this close to what you're after? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat memory realms tomcat-users.xml
Hi Charles, thanks for you help. what if the memory-realm was configured in the context.xml for the application? then it should only be available to that particular app...? I'm currently working on a mock to see if I can get this to work, if something as simple as defining the memoryrealm and the client adding http auth headers will be turned into a principal by tomcat available to my code, then it's all good. but things are never that simple... Does anyone know what circumstances have to be true for tomcat to run the request against the memoryrealm and create a Principle? The access control will all be happening inside my code (well, in database access code more precisely), my dilemma is how to turn HTTP or SOAP headers into role names and where to store all that... thanks for the security filter link, I'll check it out and see if it meets our needs. * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Caldarale, Charles R wrote: From: Matthew Kerle [mailto:[EMAIL PROTECTED] Subject: tomcat memory realms tomcat-users.xml I've read the tomcat docs on memory realm: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm, and I want to expose the org.apache.catalina.UserDatabase class to the web service context via a ResourceLink You probably don't want to do that (even if it's possible, which I doubt), since all code in the webapps would then have access to the credentials. I'd like to be able to authenticate users without having to add a security-constraint to my web.xml, so that unauthenticated clients can still connect. URL patterns in the security-constraint allow you to control which portions of the webapp are accessible to unauthenticated users. If you want something with finer granularity, a filter is probably appropriate. Take a look at: http://securityfilter.sourceforge.net/ for a popular one. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing APR on Fedora
On 8/15/07, Ole Ersoy [EMAIL PROTECTED] wrote: I have a lot more progress now! I get the following (The only important part is the bottom i think): [EMAIL PROTECTED] native]# ./configure --with-apr=/home/ole/rpmbuild/BUILD/apr-1.2.8/ ... libtool: install: error: relink `libtcnative-1.la' with the above command before installing it make: *** [install] Error 1 Any idea what this means? I'd suggest re-running this with a specific prefix to avoid potential conflict with anything currently installed, e.g. ./configure --prefix=/usr/local/apr --with-apr=/home/ole/rpmbuild/BUILD/apr-1.2.8/ FWIW, -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing APR on Fedora
Hi Hassan, I did the following: rm -dfr tomcat-native-1.1.10-src/ tar xvfz tomcat-native.tar.gz cd tomcat-native-1.1.10-src/jni/native ./configure --prefix=/usr/local/apr --with-apr=/home/ole/rpmbuild/BUILD/apr-1.2.8/ make make install And I still get: le/rpmbuild/BUILD/apr-1.2.8/libapr-1.la -luuid -lcrypt -lpthread -ldl ) /usr/bin/ld: cannot find -lapr-1 collect2: ld returned 1 exit status libtool: install: error: relink `libtcnative-1.la' with the above command before installing it make: *** [install] Error 1 Thoughts? Thanks again, - Ole Hassan Schroeder wrote: On 8/15/07, Ole Ersoy [EMAIL PROTECTED] wrote: I have a lot more progress now! I get the following (The only important part is the bottom i think): [EMAIL PROTECTED] native]# ./configure --with-apr=/home/ole/rpmbuild/BUILD/apr-1.2.8/ ... libtool: install: error: relink `libtcnative-1.la' with the above command before installing it make: *** [install] Error 1 Any idea what this means? I'd suggest re-running this with a specific prefix to avoid potential conflict with anything currently installed, e.g. ./configure --prefix=/usr/local/apr --with-apr=/home/ole/rpmbuild/BUILD/apr-1.2.8/ FWIW, - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
catalina error log
I have tomcat 6 and it is getting the jvm.dll from my jre1.6.0_02/bin/client directory. Everytime I start it I get the message below. My server is able to parse file but the message scares me... So how do i fix the this message? Aug 16, 2007 12:32:22 AM org.apache.catalina.core.AprLifecycleListener init INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Tomcat6\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;D:\server\MySQL\MySQL Server 5.0\bin;C:\Program Files\ImageConverter Plus; Thank you, Hoa - Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online.
Re: utf-8 encoding problem
POST Mark Thomas wrote: Joseph S wrote: When I did that my content displayed correctly, but on form submission it got corrupted. POST or GET? Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: catalina error log
you're missing the Apache Portable Runtime library from your PATH variable. this is not a serious problem, but if you don't want to get this error then download the version of the library for your OS and install it to a directory on your PATH (eg - %JAVA_HOME%/bin, or another dir and add it to your path) http://apr.apache.org/download.cgi the apr is a performance enhancer, it basically allows tomcat (or any application) to use the same fast file access (among other functions) as the HTTPD web server. If you don't have it you don't lose anything, but the error message is annoying. hope this helps. Hoa Doan wrote: I have tomcat 6 and it is getting the jvm.dll from my jre1.6.0_02/bin/client directory. Everytime I start it I get the message below. My server is able to parse file but the message scares me... So how do i fix the this message? Aug 16, 2007 12:32:22 AM org.apache.catalina.core.AprLifecycleListener init INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Tomcat6\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;D:\server\MySQL\MySQL Server 5.0\bin;C:\Program Files\ImageConverter Plus; Thank you, Hoa - Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
