RE: Connection Pool and Connections
If I recall correctly close from a datasource (not a SQLConnection) will return the connection to the pool for reuse. In the later this will close the connection to the database. To answer your question I'm pretty sure any statement executed within the connection from the datasource will go to the same database - original message - Subject:Connection Pool and Connections From: lightbulb432 <[EMAIL PROTECTED]> Date: 01/06/2007 19:01 When using the tomcat-dbcp DataSource, when my web application code gets a connection: myConnection = myDataSource.getConnection(); then executes multiple separate statements myStatement1 = myConnection.createStatement(); myStatement1.execute(); myStatement2 = myConnection.createStatement(); myStatement2.execute(); then close the connection myConnection.close(); Is it possible that myStatement1 and myStatement2 would be run using different physical database connections, or are they absolutely guaranteed to be executed using the same connection? Or is connection pooling only for not actually closing the physical database connection on myConnection.close(), instead returning it to the connection pool? A different way of asking this is does connection pooling pool connections within an application connection (myDataSource.getConnection() and myConnection.close()), or between application connections? If this question doesn't make sense, I can clarify. Thanks a lot. -- View this message in context: http://www.nabble.com/Connection-Pool-and-Connections-tf3853952.html#a10918685 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Very Long Full GC after Inactivity
> From: Bill Clarke-Fields [mailto:[EMAIL PROTECTED] > We are running an application on Tomcat 5.0.28 with Java > 1.4.2. The usage > of the application is very cyclical. It is used heavily > during the day, and > lightly at night. During peak daytime hours, a full garbage > collection > takes less than 2 seconds, which is fine. However, after a > long period of > inactivity in the evening, a full garbage collection will be > triggered and > take a very long time. Sometimes over a minute! I suspect the app is being paged out overnight by other jobs. Overnight virus scans will do this on Windows, for example, as the disk cache expands to fill available memory. You could test this by running Performance Monitor (Windows) or your preferred logging tool (UNIX) overnight in log mode and looking for high page-in and disk I/O values around the time of the full GC. For preference, use the Process counters on Windows, as they'll tell you for sure whether it's the Java process that's causing the paging traffic. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] applets in webapps
Folks, slightly OT: can someone provide me with a few good pointers and/or hints how to correctly integrate a Java applet into a JEE based web application? More specifically, my problem is something like that: I do have a .jsp containing code to show an applet. Both applet .class and some other resources (.properties files, images, ...) do live inside a .jar file in the same folder as the .jsp. Unfortunately(?), the .jsp is never called directly but rather forward()ed to from within a servlet mapped to some specific URL. So, the situation is that - while calling the .jsp directly (using http:/file.jsp ), the applet loads and runs the way it's supposed to, but - while having the resource called the way it's supposed to (using http:/ ) the plugin doesn't load but provide me with ClassNotFoundException, obviously not capable to find the applet class. Tried playing around with the applets "archive" / "codebase" parameters made things just slightly better: By now the browser does lock up, the applet class seems to get loaded, but obviously fails to load some resources, and I see strange access attempts in my tomcat log, trying to fetch resources like lang/de_DE.properties (the file originally lives inside the applet.jar in .lang). Is there any sane way of keeping applets inside a JEE web application, regardless on whether they're invoked directly from a .jsp or from a resource forwarded to from within some servlet? Or am I just too stupid? Sorry again for the OT, feel free to contact me off-list in case you feel like providing me with some hints / pointers. Thanks loads and best regards, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 "One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality." (Hundertwasser) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] applets in webapps
Keep in mind the applet is client side code and has to be available to the client. To that end have you thought about a companion servlet that accepts requests and returns applets and other resources? Then jsp code would just reference the mapped servlet in what it offers up to the client. Let's say the servlet serving up your applet and resources is mapped to /appletRes in your webapp. The jsp could then access ${request.contextPath}/appletRes/resources/applet.class or what ever. The client browser would then request the applet/resources separately and the companion servlet would find resources/applet.class in your jar file. The default servlet in tomcat could provide the base for your companion servlet -- just download the tomcat source and copy that code for your use. --David Kristian Rink wrote: Folks, slightly OT: can someone provide me with a few good pointers and/or hints how to correctly integrate a Java applet into a JEE based web application? More specifically, my problem is something like that: I do have a .jsp containing code to show an applet. Both applet .class and some other resources (.properties files, images, ...) do live inside a .jar file in the same folder as the .jsp. Unfortunately(?), the .jsp is never called directly but rather forward()ed to from within a servlet mapped to some specific URL. So, the situation is that - while calling the .jsp directly (using http:/file.jsp ), the applet loads and runs the way it's supposed to, but - while having the resource called the way it's supposed to (using http:/ ) the plugin doesn't load but provide me with ClassNotFoundException, obviously not capable to find the applet class. Tried playing around with the applets "archive" / "codebase" parameters made things just slightly better: By now the browser does lock up, the applet class seems to get loaded, but obviously fails to load some resources, and I see strange access attempts in my tomcat log, trying to fetch resources like lang/de_DE.properties (the file originally lives inside the applet.jar in .lang). Is there any sane way of keeping applets inside a JEE web application, regardless on whether they're invoked directly from a .jsp or from a resource forwarded to from within some servlet? Or am I just too stupid? Sorry again for the OT, feel free to contact me off-list in case you feel like providing me with some hints / pointers. Thanks loads and best regards, Kristian - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.23: caching of css files?
Hi, I have tomcat 5.23 in ubuntu 7.04, if I update the war file and access it thru domain name, the css file is not updated even i clear everything in my browser, if I use the IP to access, the new css file is in effect, does tomcat 5.23 cache those css files? anyway to clear it? Thanks. A.C. -- View this message in context: http://www.nabble.com/Tomcat-5.23%3A-caching-of-css-files--tf4593435.html#a13113192 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] applets in webapps
David; first off, thanks loads for your hints; much appreciated. :) Am Tue, 09 Oct 2007 05:54:16 -0400 schrieb David Smith <[EMAIL PROTECTED]>: > Let's say the servlet serving up your applet and resources is mapped > to /appletRes in your webapp. The jsp could then access > ${request.contextPath}/appletRes/resources/applet.class or what > ever. The client browser would then request the applet/resources > separately and the companion servlet would find > resources/applet.class in your jar file. Thought about something like that already, as well. However I am unsure whether it would work out, given that, in our case and looking at what the applet does, we need to have it digitally signed and packed to a .jar because of that. Won't using a servlet to provide these resources from within the .jar file make this sort of providing a signed applet impossible? Cheers & best regards, Kristian -- Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/ jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771 "One dreaming alone, it will be only a dream; many dreaming together is the beginning of a new reality." (Hundertwasser) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.23: caching of css files?
> From: Angelo Chen [mailto:[EMAIL PROTECTED] > Subject: Tomcat 5.23: caching of css files? > > I have tomcat 5.23 in ubuntu 7.04, if I update the war file > and access it thru domain name, the css file is not updated > even i clear everything in my browser I haven't tried it, but you may have to restart the webapp in order to get the updated .css file loaded; just changing the .war file may not do that. Did you try restarting the app manually? You could provide the name of the .css file as a to do it automatically. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Anonymous access with Tomcat Authentication configured.
Hi, I'm developing servlet using servlet API 2.3 on Tomact application server, now my task is to implement path based authentication (pba) with the following Tomcat configuration: auth-method= BASIC Realm className="org.apache.catalina.realm.MemoryRealm" But behavior I need is: 1. If Tomcat gets request with no user information data (username/password) it should pass it to servlet and then servlet after handling request's URI according to pba config file may send SC_UNAUTHORIZED (if it needs authenticated user) or SC_FORBIDDEN (if any access denied). 2. If Tomcat gets request with username and password it should check them according to conf/tomcat-users.xml and if user authenticated pass it to servlet. After some research I found that there is no way to pass request to servlet at 1clause using configuration I've pointed. So what should I do to get behaviour I need. All thoughts, advice and everything is welcome. Thanks! S. Vadishev.
RE: Tomcat 5.23: caching of css files?
Hi Charles, this is what I did: 1. shut down tomcat 2. delete war and related directory 3. copy new war file 4. start tomcat with all above, I'm still getting pages styled with old css file, it will go away after several hours. kind of strange. A.C. Caldarale, Charles R wrote: > >> From: Angelo Chen [mailto:[EMAIL PROTECTED] >> Subject: Tomcat 5.23: caching of css files? >> >> I have tomcat 5.23 in ubuntu 7.04, if I update the war file >> and access it thru domain name, the css file is not updated >> even i clear everything in my browser > > I haven't tried it, but you may have to restart the webapp in order to > get the updated .css file loaded; just changing the .war file may not do > that. Did you try restarting the app manually? You could provide the > name of the .css file as a to do it automatically. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Tomcat-5.23%3A-caching-of-css-files--tf4593435.html#a13114923 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Where can I find the thread main?
Hello. Yesterday you've told me that all java applications need one thread main. I have one main class - BD.java, where I define all the functions needed by the web application to work. So, I probabily have some problem with the link of my project to that main class, isn't it? How can I define it? Best regards, Jaime Almeida. IPLNet WebMail http://www.net.ipl.pt/mail - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.23: caching of css files?
> From: Angelo Chen [mailto:[EMAIL PROTECTED] > 1. shut down tomcat > 2. delete war and related directory > 3. copy new war file > 4. start tomcat > > with all above, I'm still getting pages styled with old css > file, it will go away after several hours. kind of strange. Is that a browser issue? What happens if you force a full refresh of the page in the browser, or clear the browser's cache and reload? Is it a file timestamp issue? Do you have clock skew or timezone differences between your development and production systems, such that the revised CSS "looks" older than it really is? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.23: caching of css files?
Did you clear your browser cache ? If you access the application via different adresses AFAIK the browser sees identical files as being different due to those different addresses (FQDN versus IP address). I had similar problems that dissapeared after I cleared out the browser cache It's just a thought. On 10/9/07, Angelo Chen <[EMAIL PROTECTED]> wrote: > > Hi Charles, > > this is what I did: > > 1. shut down tomcat > 2. delete war and related directory > 3. copy new war file > 4. start tomcat > > with all above, I'm still getting pages styled with old css file, it will go > away after several hours. kind of strange. > A.C. > > > Caldarale, Charles R wrote: > > > >> From: Angelo Chen [mailto:[EMAIL PROTECTED] > >> Subject: Tomcat 5.23: caching of css files? > >> > >> I have tomcat 5.23 in ubuntu 7.04, if I update the war file > >> and access it thru domain name, the css file is not updated > >> even i clear everything in my browser > > > > I haven't tried it, but you may have to restart the webapp in order to > > get the updated .css file loaded; just changing the .war file may not do > > that. Did you try restarting the app manually? You could provide the > > name of the .css file as a to do it automatically. > > > > - Chuck > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received this in error, please contact the sender and delete the e-mail > > and its attachments from all computers. > > > > - > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > View this message in context: > http://www.nabble.com/Tomcat-5.23%3A-caching-of-css-files--tf4593435.html#a13114923 > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where can I find the thread main?
Hello, If I understand you well, you are looking for a way of telling Tomcat where your main() METHOD is, right? But you don't need it : http://www.stardeveloper.com/articles/display.html?article=2001061901&page=1 HTH, Pierre -- "Deux choses ne se peuvent cacher : l'ivresse et l'amour." (Antiphane)
Question about renaming myapp.war to ROOT.war
Hi All, Renaming myapp.war to ROOT.war (as recommended) in order to make myapp the default application has worked fine. However, I've seen one bit of odd behavior as follows. If request is the incoming HttpServletRequest, then: -- when the app is running from webapps/myapp, one gets request.getContextPath() = "/myapp" -- when the app is running from webapps/ROOT, the value of request.getContextPath() is the empty string. It's almost as if the value of request.getContextPath() is the value of the Context 'path' attribute when the Context was stored under Host in the old way. Is this essentially correct, or am I missing something here? Thanks in advance, Ken Bowen - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] applets in webapps
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kristian, Kristian Rink wrote: > Unfortunately(?), the .jsp > is never called directly but rather forward()ed to from within a > servlet mapped to some specific URL. Are you trying to use relative URLs for your codebase? Try using a fully-qualified URL (starting with a '/') to point to the JAR file instead of a relative URL. Then, it doesn't matter where you include your applet's JSP file, since the URL will always be fully-qualified. > lang/de_DE.properties That's weird. Shouldn't the applet's JAR file contain these properties files? When you say "" you mean the actual context name, not '<' + "context" + '>', right? > (the file originally lives inside the applet.jar in .lang). What is .lang? > Is there any sane way of keeping applets inside a JEE web application, > regardless on whether they're invoked directly from a .jsp or from a > resource forwarded to from within some servlet? As long as you've got everything in your JAR file, you should be okay. Or, are you trying to rely on the browser plugin's ClassLoader to fetch things like properties files off the server? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC4bq9CaO5/Lv0PARAhFJAKC9itbjJVgu9lagd0HJR2MU2NPQzgCfT7TW PjBTxucwSIbxIJVPcEB7xh0= =krGh -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Running webapp not listed in the manager
Hi, I'm using tomcat 6.0.10. I deployed a webapp on a first virtual host using : and the manager on another virtual host using : but the manager doesn't list the foo webapp (yet the foo webapp is actually running and working)... What am I doing wrong? Thanks, Claude - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Running webapp not listed in the manager
On 10/9/07, Claude Brisson <[EMAIL PROTECTED]> wrote: > and the manager on another virtual host ... > but the manager doesn't list the foo webapp > What am I doing wrong? The manager is host-specific; configure one per virtual host. HTH, -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question about renaming myapp.war to ROOT.war
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ken, Ken Bowen wrote: > -- when the app is running from webapps/myapp, one gets > request.getContextPath() = "/myapp" > > -- when the app is running from webapps/ROOT, the value of > request.getContextPath() is the empty string. This is expected behavior. > It's almost as if the value of request.getContextPath() is the value of > the Context 'path' attribute when the Context was stored under Host in > the old way. Yep, pretty much. The idea is that you can do something like: request.getContextPath() + "/bar/baz" and always get an absolute URI. If your context name is "foo", then you get "/foo/bar/baz". If you are running the root web app, you get "/bar/baz", which is expected (rather than, say, "//bar/baz"). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC4sp9CaO5/Lv0PARApsTAJ4zeqq4M8LKMlVjrVj4ktxfxGBHbQCfQ9F2 efwFhRna9vTi/0p6W0e0ED0= =+aYX -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Anonymous access with Tomcat Authentication configured.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: > But behavior I need is: 1. If Tomcat gets request with no user > information data (username/password) it should pass it to servlet and > then servlet after handling request's URI according to pba config > file may send SC_UNAUTHORIZED (if it needs authenticated user) or > SC_FORBIDDEN (if any access denied). 2. If Tomcat gets request with > username and password it should check them according to > conf/tomcat-users.xml and if user authenticated pass it to servlet. You cannot do this with Tomcat's authentication mechanism. You will have to provide an alternative implementation. I recommend looking st securityfilter (http://securityfilter.sourceforge.net). It's implemented as a filter, so it works with any servlet container. It can work with Tomcat's built-in realms or you can write your own. It supports unsolicited logins (i.e. you can use your own login page that submits to j_security_check without having to first request a protected resource). It has configuration similar to that in web.xml, so you don't have to learn a new configuration format. You are free to use securityfilter's authentication mechanisms and completely skip authorization, which is what it looks like you want to do (by implementing it yourself). Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC4mU9CaO5/Lv0PARAm/tAJ4/SAUdOsMlZSugPtOsJaXpFGbRQACfRGov R26GvoQR29oZmVyMcH0EPmc= =N9aS -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where can I find the thread main?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jaime, Jaime Almeida wrote: > Yesterday you've told me that all java applications need one thread main. > I have one main class - BD.java, where I define all the functions needed > by the web application to work. Er, is this a helper class or something? It is a servlet? What do you mean by "main class"? > So, I probably have some problem with the link of my project to that > main class, isn't it? Maybe. Are you experiencing some kind of problem? If so, what is it? > How can I define it? Define a main thread? You don't "define" threads. You create and launch them. The main thread is special because it is created by the JVM and used to begin execution of the program being run (Tomcat in this case, though I'm not entirely convinced at this point). You should not have to worry about defining threads or anything like that. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC4o59CaO5/Lv0PARAhQqAJ4jyEB/pwL6DQY3izE+bO59qEE6OgCfTim3 5u018cQvFVIH3X/7SdBniIM= =weCH -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
IIS6 and Tomcat 5.5
The only thing that I can see missing from my setup is that when I make a request for a URL served by the isapi_redirector, I dont see a corresponding get for /jakarta/isapi_redirector.dll from IIS. I have green lights everywhere, I have the logging turned up on the filter, and I'm seeing that requests are coming through, and isapi_redirector knows they are for him (unless forwarding escaped URI means something else) no other errors on startup, so I am tempted to think that things are looking OK. Here is my uriworkermap.properties file: /jsp-examples/*=patnc1 /portal/*=patnc1 Here is my workers.properties file: worker.list=patnc1 worker.patnc1.type=ajp13 worker.patnc1.host=localhost worker.patnc1.port=8009 Here's the log from the redirector, when I do a request for /jsp-examples/index.html [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1199): Filter started [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1266): Virtual Host redirection of /localhost:88/jsp-examples/index.html [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (597): Attempting to map URI '/localhost:88/jsp-examples/index.html' from 2 maps [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (609): Attempting to map context URI '/jsp-examples/*=patnc1' source 'uriworkermap' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (609): Attempting to map context URI '/portal/*=patnc1' source 'uriworkermap' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1273): Default redirection of /jsp-examples/index.html [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (597): Attempting to map URI '/jsp-examples/index.html' from 2 maps [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (609): Attempting to map context URI '/jsp-examples/*=patnc1' source 'uriworkermap' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (624): Found a wildchar match '/jsp-examples/*=patnc1' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1286): check if [/jsp-examples/index.html] is points to the web-inf directory [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1303): [/jsp-examples/index.html] is a servlet url - should redirect to patnc1 [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1345): fowarding escaped URI [/jsp-examples/index.html] Here's the IIS log for the same request... 2007-10-09 14:35:30 W3SVC1267602825 127.0.0.1 GET /jsp-examples/index.html - 88 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+PATNC,+Inc.+STL+ MO+USA;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 404 2 1260 Can anyone provide a clue as to what I need to do from here? Thanks for any and all assistance with this! David Buttrick Programming Manager Parents As Teachers National Center 2228 Ball Drive St. Louis, MO 63146 314-432-4330 x 282 [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problem with session
Hi Chuck, I tried it out with a maxKeepAliveRequests="-1" in my main connector (the one on port 8080) without any success. I also verified that there is no call to an invalidate() method (only invalidateObject() but not on the session). You mentionned a session listener, can you point me out to a tutorial on how to do it? Are there any generic session listener that I could use out of the box? If you have any other idea, please let me know. Thanks again. Alex Alex79 wrote: > > Thanks Chuck, I'll check out for a call to the invalidate method of the > session. I'll also give a try to the maxKeepAliveRequests, sounds like a > good call to me. I read about it in the doc, it says that if there are > more than 100 (default value as you mentionned) unprocessed queries in the > pipeline, the server closes the connection. Is this for one client or for > the whole server? What impact does it have on one session? > > Here's all the version info: > Tomcat Version | JVM Version | JVM Vendor | OS Name | OS Version | OS > Architecture > Apache Tomcat/5.0.25 | 1.6.0_01-b06 | Sun Microsystems Inc. | Windows XP | > 5.1 | x86 > > I saw some info on max thread also, could it be the cause? One thing I > said in my first post that I did not exagerate, the server does receive a > LOT of requests per second. > > Than you again. > > > Caldarale, Charles R wrote: >> >>> From: Alex79 [mailto:[EMAIL PROTECTED] >>> Subject: RE: Problem with session >>> >>> Java(TM) SE Runtime Environment (build 1.6.0_01-b06) >> >> That's a couple of updates old, but very unlikely to be an issue. >> >>> When the problem occurs, I see a WARN level message that >>> says that there is no header (custom info stored by the >>> webapp) in session (managed by tomcat I guess) >> >> Yes, that does sound like a Tomcat-managed session. Is there any chance >> your webapp is calling the invalidate() method for the session? >> >> You could always define a session listener for your webapp and have it >> log the comings and goings of each session. >> >>> Where can I find the exact tomcat version? >> >> It's usually part of the name of the installation directory. It can be >> found by running the version.bat script, or looking on Tomcat's status >> page (http://:/manager/status). >> >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you >> received this in error, please contact the sender and delete the e-mail >> and its attachments from all computers. >> >> - >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > -- View this message in context: http://www.nabble.com/Problem-with-session-tf4585082.html#a13117059 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
PKI
Does anyone have a war file blank they are willing to share that is correctly setup for PKI on Tomcat 5.5 or 6.0? Ed - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where can I find the thread main?
Very briefly, the Java Main thread for Tomcat is created when Tomcat is launched. Tomcat creates threads that then execute your servlets and associated code. I'm certain that other folks will point you at more complete documentation on the way Tomcat works within the JVM. Thanks, J Jaime Almeida wrote: Hello. Yesterday you've told me that all java applications need one thread main. I have one main class - BD.java, where I define all the functions needed by the web application to work. So, I probabily have some problem with the link of my project to that main class, isn't it? How can I define it? Best regards, Jaime Almeida. IPLNet WebMail http://www.net.ipl.pt/mail - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Joshua J. Fielek Sr. Software Engineer Centric CRM 223 East City Hall Ave., Suite 212 Norfolk, VA 23510 Phone : (757) 627-3002x6656 Mobile : (757) 754-4462 Fax: (757) 627-8773 Email : [EMAIL PROTECTED] http://www.centriccrm.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Where can I find the thread main?
> From: Jaime Almeida [mailto:[EMAIL PROTECTED] > Subject: Where can I find the thread main? > > Yesterday you've told me that all java applications need one > thread main. Not need - have. > I have one main class - BD.java, where I define all the > functions needed by the web application to work. Don't confuse main thread with a main() method, nor the fact that your BD.java happens to be important to your application. Again, you need to get some basic understanding of Java in general before you plunge into servlets and app servers. There are numerous free tutorials available for both Java and servlets - Google is your friend. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.23: caching of css files?
Hi Peter, following your advice, i set the production server to have the same time zone as my development machine, the problem goes away! Thanks. A.C. Peter Crowther wrote: > >> From: Angelo Chen [mailto:[EMAIL PROTECTED] >> 1. shut down tomcat >> 2. delete war and related directory >> 3. copy new war file >> 4. start tomcat >> >> with all above, I'm still getting pages styled with old css >> file, it will go away after several hours. kind of strange. > > Is that a browser issue? What happens if you force a full refresh of > the page in the browser, or clear the browser's cache and reload? > > Is it a file timestamp issue? Do you have clock skew or timezone > differences between your development and production systems, such that > the revised CSS "looks" older than it really is? > > - Peter > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Tomcat-5.23%3A-caching-of-css-files--tf4593435.html#a13117886 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problem with session
> From: Alex79 [mailto:[EMAIL PROTECTED] > Subject: RE: Problem with session > > You mentionned a session listener, can you point me out to a > tutorial on how to do it? See section 10 of the Servlet spec. > Are there any generic session listener that I could use out > of the box? There's one in the 5.5.25 distribution: webapps/servlets-examples/WEB-INF/classes/listeners/SessionListener.java (I don't have 5.0 around anymore, but I would expect it to be in there as well.) Look in: webapps/servlets-examples/WEB-INF/web.xml to see how to configure it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with session
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex, Alex79 wrote: > You mentionned a session listener, can you point me out to a tutorial on how > to do it? Easy: write a class that implements javax.servlet.http.HttpSesionListener and then enable it in your web.xml file like this: package.for.your.Class s are defined after s in your web.xml file. > Are there any generic session listener that I could use out of the > box? Not really, but they're really easy to write: just implement two methods. You're really only interested in the "destroyed" method: public void sessionDestroyed(HttpSessionEvent se) { Session s = se.getSession(); logger.debug("Session " + s.getSessionId() + " is being destroyed", new Throwable()); } This will log a stack trace whenever a session is destroyed. You should be able to see what component is calling session.invalidate originally. Hopefully, you are using a logger that will make a nice stack trace for you. Otherwise, you can use a StringWriter or something along with Throwable.printStackTrace(). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC5709CaO5/Lv0PARAlc8AKDCBdqVq5zh8HMniESsISLz2Dx3bgCfQ+vK EF1H7zOFKcDtU6FtfqPbnxc= =KTvb -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Anonymous access with Tomcat Authentication configured.
Christopher, thanks for reply. 2007/10/9, Christopher Schultz <[EMAIL PROTECTED]>: > > You cannot do this with Tomcat's authentication mechanism. You will have > to provide an alternative implementation. I recommend looking st > securityfilter ( http://securityfilter.sourceforge.net ). Well, securityfilter doesn't satisfy some servlet's requirements, so as you said I will have to provide my own low level authentication mechanism. It will be my first implementation, so any help will be appreciated. Thanks, S. Vadishev.
RE: Very Long Full GC after Inactivity
Peter, Thanks! This is a very good idea. I know that there are some virus scans and other processes running at night. I will do some monitoring to determine if paging is the problem. If it turns out to be so, is there anything I can do to force it to not page out the JVM heap? Thanks again, -Bill Peter Crowther wrote: > >> From: Bill Clarke-Fields [mailto:[EMAIL PROTECTED] >> We are running an application on Tomcat 5.0.28 with Java >> 1.4.2. The usage >> of the application is very cyclical. It is used heavily >> during the day, and >> lightly at night. During peak daytime hours, a full garbage >> collection >> takes less than 2 seconds, which is fine. However, after a >> long period of >> inactivity in the evening, a full garbage collection will be >> triggered and >> take a very long time. Sometimes over a minute! > > I suspect the app is being paged out overnight by other jobs. Overnight > virus scans will do this on Windows, for example, as the disk cache > expands to fill available memory. > > You could test this by running Performance Monitor (Windows) or your > preferred logging tool (UNIX) overnight in log mode and looking for high > page-in and disk I/O values around the time of the full GC. For > preference, use the Process counters on Windows, as they'll tell you for > sure whether it's the Java process that's causing the paging traffic. > > - Peter > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/Very-Long-Full-GC-after-Inactivity-tf4589459.html#a13118297 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Anonymous access with Tomcat Authentication configured.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: > Christopher, thanks for reply. > > 2007/10/9, Christopher Schultz <[EMAIL PROTECTED]>: > >> You cannot do this with Tomcat's authentication mechanism. You will >> have to provide an alternative implementation. I recommend looking >> st securityfilter ( http://securityfilter.sourceforge.net ). > > Well, securityfilter doesn't satisfy some servlet's requirements Like what? > so as you said I will have to provide my own low level authentication > mechanism. You can use Tomcat's built-in Realm as a basis for the authentication -- so, for instance, you don't have to write your own SELECT query, etc. Can I ask why you want your own servlets to do the authorization instead of the container (or securityfilter)? > It will be my first implementation, so any help will be appreciated. First servlet implementation, or first authentication and authorization implementation? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC6to9CaO5/Lv0PARAuLwAJwOxMCxIpHka7S1KPRz56EZcOX6twCfaS1x jWqHtOk9bvkGEtaKH5UiGfE= =QR6J -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS6 and Tomcat 5.5
Hi Dave, A couple things about this post... 1st Read at least the introduction @ the following link http://www.catb.org/~esr/faqs/smart-questions.html 2nd I am assuming you are trying to serve the front end of a Tomcat installation with IIS using the ISAPI redirector. What DLL version are you using? Are you using the Tomcat Native runtime Library? Are you running IIS 6 in IIS 5 isolation mode? 3rd How about a look at your workers properties file and mapping file? 4th Is Tomcat getting the request? (I bet noas it never leaves IIStry isolation mode) 5th Go back and finish reading all the information from the link in item 1. Cheers ~Charlie The significant problems we have cannot be solved at the same level of thinking with which we created them. - Albert Einstein -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 09, 2007 10:42 AM To: users@tomcat.apache.org Subject: IIS6 and Tomcat 5.5 The only thing that I can see missing from my setup is that when I make a request for a URL served by the isapi_redirector, I dont see a corresponding get for /jakarta/isapi_redirector.dll from IIS. I have green lights everywhere, I have the logging turned up on the filter, and I'm seeing that requests are coming through, and isapi_redirector knows they are for him (unless forwarding escaped URI means something else) no other errors on startup, so I am tempted to think that things are looking OK. Here is my uriworkermap.properties file: /jsp-examples/*=patnc1 /portal/*=patnc1 Here is my workers.properties file: worker.list=patnc1 worker.patnc1.type=ajp13 worker.patnc1.host=localhost worker.patnc1.port=8009 Here's the log from the redirector, when I do a request for /jsp-examples/index.html [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1199): Filter started [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1266): Virtual Host redirection of /localhost:88/jsp-examples/index.html [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (597): Attempting to map URI '/localhost:88/jsp-examples/index.html' from 2 maps [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (609): Attempting to map context URI '/jsp-examples/*=patnc1' source 'uriworkermap' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (609): Attempting to map context URI '/portal/*=patnc1' source 'uriworkermap' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1273): Default redirection of /jsp-examples/index.html [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (597): Attempting to map URI '/jsp-examples/index.html' from 2 maps [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (609): Attempting to map context URI '/jsp-examples/*=patnc1' source 'uriworkermap' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (624): Found a wildchar match '/jsp-examples/*=patnc1' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1286): check if [/jsp-examples/index.html] is points to the web-inf directory [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1303): [/jsp-examples/index.html] is a servlet url - should redirect to patnc1 [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1345): fowarding escaped URI [/jsp-examples/index.html] Here's the IIS log for the same request... 2007-10-09 14:35:30 W3SVC1267602825 127.0.0.1 GET /jsp-examples/index.html - 88 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+PATNC,+Inc.+STL+ MO+USA;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 404 2 1260 Can anyone provide a clue as to what I need to do from here? Thanks for any and all assistance with this! David Buttrick Programming Manager Parents As Teachers National Center 2228 Ball Drive St. Louis, MO 63146 314-432-4330 x 282 [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. --- This message is a CONFIDENTIAL communication. If you are not the intended recipient, please do not read, copy, or use it, and do not disclose it to others. Please notify the sender of the delivery error by replying to this message, and then delete it from your system. Thank you. This foo
RE: IIS6 and Tomcat 5.5
My Bad you did put in the workermap and propfiles. Follow the isolation mode in IIS path. ~Charlie The significant problems we have cannot be solved at the same level of thinking with which we created them. - Albert Einstein -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 09, 2007 10:42 AM To: users@tomcat.apache.org Subject: IIS6 and Tomcat 5.5 The only thing that I can see missing from my setup is that when I make a request for a URL served by the isapi_redirector, I dont see a corresponding get for /jakarta/isapi_redirector.dll from IIS. I have green lights everywhere, I have the logging turned up on the filter, and I'm seeing that requests are coming through, and isapi_redirector knows they are for him (unless forwarding escaped URI means something else) no other errors on startup, so I am tempted to think that things are looking OK. Here is my uriworkermap.properties file: /jsp-examples/*=patnc1 /portal/*=patnc1 Here is my workers.properties file: worker.list=patnc1 worker.patnc1.type=ajp13 worker.patnc1.host=localhost worker.patnc1.port=8009 Here's the log from the redirector, when I do a request for /jsp-examples/index.html [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1199): Filter started [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1266): Virtual Host redirection of /localhost:88/jsp-examples/index.html [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (597): Attempting to map URI '/localhost:88/jsp-examples/index.html' from 2 maps [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (609): Attempting to map context URI '/jsp-examples/*=patnc1' source 'uriworkermap' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (609): Attempting to map context URI '/portal/*=patnc1' source 'uriworkermap' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1273): Default redirection of /jsp-examples/index.html [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (597): Attempting to map URI '/jsp-examples/index.html' from 2 maps [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (609): Attempting to map context URI '/jsp-examples/*=patnc1' source 'uriworkermap' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c (624): Found a wildchar match '/jsp-examples/*=patnc1' [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1286): check if [/jsp-examples/index.html] is points to the web-inf directory [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1303): [/jsp-examples/index.html] is a servlet url - should redirect to patnc1 [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c (1345): fowarding escaped URI [/jsp-examples/index.html] Here's the IIS log for the same request... 2007-10-09 14:35:30 W3SVC1267602825 127.0.0.1 GET /jsp-examples/index.html - 88 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+PATNC,+Inc.+STL+ MO+USA;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 404 2 1260 Can anyone provide a clue as to what I need to do from here? Thanks for any and all assistance with this! David Buttrick Programming Manager Parents As Teachers National Center 2228 Ball Drive St. Louis, MO 63146 314-432-4330 x 282 [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. --- This message is a CONFIDENTIAL communication. If you are not the intended recipient, please do not read, copy, or use it, and do not disclose it to others. Please notify the sender of the delivery error by replying to this message, and then delete it from your system. Thank you. This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS6 and Tomcat 5.5
Thanks for the responses. When isapi_redirect says that he's forwarding the request URI - is that not where I'm supposed to see the request for /jakarta/isapi_redirect.dll My understanding is that you see the request itself hits IIS, then it get processed by the filter, then if appropriate, the filter forwards the request by making a request to /jakarta/isapi_redirect.dll. So, I see everything in the logs except for the request to /jakarta/isapi_redirect.dll. It looks like that means that first phase of the request is handled, but the filter never generates the request to tomcat - is that right? Could that be a permissions thing? I looked at permissions on my isapi_redirect, and I allowed execute for the IIS_WPG group. So, I've read the Apache docs on doing this, and I've looked cursorily at the wiki that is linked to the tomcat connector page, that has the extra step about allowing the web service. I even remember reading the document that tells you to put the webserver in isolation mode. Also, where do you find the tomcat native runtime? I was looking at this to do later, as I'm still having trouble making it work! Thanks David > -Original Message- > From: Charlie Wingate [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 09, 2007 11:28 AM > To: Tomcat Users List > Subject: RE: IIS6 and Tomcat 5.5 > > My Bad you did put in the workermap and propfiles. Follow > the isolation mode in IIS path. > > ~Charlie > > > The significant problems we have cannot be solved at the same > level of thinking with which we created them. > - Albert Einstein > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 09, 2007 10:42 AM > To: users@tomcat.apache.org > Subject: IIS6 and Tomcat 5.5 > > The only thing that I can see missing from my setup is that > when I make a request for a URL served by the > isapi_redirector, I dont see a corresponding get for > /jakarta/isapi_redirector.dll from IIS. > > I have green lights everywhere, I have the logging turned up > on the filter, and I'm seeing that requests are coming > through, and isapi_redirector knows they are for him (unless > forwarding escaped URI means something else) no other errors > on startup, so I am tempted to think that things are looking OK. > > Here is my uriworkermap.properties file: > > /jsp-examples/*=patnc1 > /portal/*=patnc1 > > Here is my workers.properties file: > > worker.list=patnc1 > worker.patnc1.type=ajp13 > worker.patnc1.host=localhost > worker.patnc1.port=8009 > > Here's the log from the redirector, when I do a request for > /jsp-examples/index.html > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > (1199): Filter started > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > (1266): Virtual Host redirection of > /localhost:88/jsp-examples/index.html > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (597): Attempting to map URI '/localhost:88/jsp-examples/index.html' > from 2 maps > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (609): Attempting to map context URI '/jsp-examples/*=patnc1' > source 'uriworkermap' > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (609): Attempting to map context URI '/portal/*=patnc1' > source 'uriworkermap' > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > (1273): Default redirection of /jsp-examples/index.html [Tue > Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (597): Attempting to map URI '/jsp-examples/index.html' from > 2 maps [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] > jk_uri_worker_map.c > (609): Attempting to map context URI '/jsp-examples/*=patnc1' > source 'uriworkermap' > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (624): Found a wildchar match '/jsp-examples/*=patnc1' > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > (1286): check if [/jsp-examples/index.html] is points to the > web-inf directory [Tue Oct 09 09:35:30.111 2007] [3084:3124] > [debug] jk_isapi_plugin.c > (1303): [/jsp-examples/index.html] is a servlet url - should > redirect to > patnc1 > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > (1345): fowarding escaped URI [/jsp-examples/index.html] > > Here's the IIS log for the same request... > > 2007-10-09 14:35:30 W3SVC1267602825 127.0.0.1 GET > /jsp-examples/index.html - 88 - 127.0.0.1 > Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+PATNC, > +Inc.+STL+ > MO+USA;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 404 2 1260 > > Can anyone provide a clue as to what I need to do from here? > > Thanks for any and all assistance with this! > > David Buttrick > Programming Manager > Parents As Teachers National Center > 2228 Ball Drive > St. Louis, MO 63146 > 314-432-4330 x 282 > [EMAIL PROTECTED] > > ---
RE: IIS6 and Tomcat 5.5
Hi David, Depending on the Runtime and the Dll version(s) you are using this wont work at all. The Isapi you should be using was released in late july and the latest runtime works with it. The runtime is found in the TC bin and is called tcnative.dll. Essentially, grab the latest version of each. I got this working only after also placing IIS 6 into IIS 5 isolation mode. The isapi filter does not seem to like something about the way IIS 6 handles it; as a result it just does not work. Outside of that it looks like you have things correct. Although the versions are off the following article pretty much covers it well. (JK2 is deprecated) http://www.roktech.net/devblog/enclosures/iis6-Tomcat5-JK2.pdf ~Charlie The significant problems we have cannot be solved at the same level of thinking with which we created them. - Albert Einstein -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 09, 2007 1:19 PM To: users@tomcat.apache.org Subject: RE: IIS6 and Tomcat 5.5 Thanks for the responses. When isapi_redirect says that he's forwarding the request URI - is that not where I'm supposed to see the request for /jakarta/isapi_redirect.dll My understanding is that you see the request itself hits IIS, then it get processed by the filter, then if appropriate, the filter forwards the request by making a request to /jakarta/isapi_redirect.dll. So, I see everything in the logs except for the request to /jakarta/isapi_redirect.dll. It looks like that means that first phase of the request is handled, but the filter never generates the request to tomcat - is that right? Could that be a permissions thing? I looked at permissions on my isapi_redirect, and I allowed execute for the IIS_WPG group. So, I've read the Apache docs on doing this, and I've looked cursorily at the wiki that is linked to the tomcat connector page, that has the extra step about allowing the web service. I even remember reading the document that tells you to put the webserver in isolation mode. Also, where do you find the tomcat native runtime? I was looking at this to do later, as I'm still having trouble making it work! Thanks David > -Original Message- > From: Charlie Wingate [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 09, 2007 11:28 AM > To: Tomcat Users List > Subject: RE: IIS6 and Tomcat 5.5 > > My Bad you did put in the workermap and propfiles. Follow > the isolation mode in IIS path. > > ~Charlie > > > The significant problems we have cannot be solved at the same > level of thinking with which we created them. > - Albert Einstein > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 09, 2007 10:42 AM > To: users@tomcat.apache.org > Subject: IIS6 and Tomcat 5.5 > > The only thing that I can see missing from my setup is that > when I make a request for a URL served by the > isapi_redirector, I dont see a corresponding get for > /jakarta/isapi_redirector.dll from IIS. > > I have green lights everywhere, I have the logging turned up > on the filter, and I'm seeing that requests are coming > through, and isapi_redirector knows they are for him (unless > forwarding escaped URI means something else) no other errors > on startup, so I am tempted to think that things are looking OK. > > Here is my uriworkermap.properties file: > > /jsp-examples/*=patnc1 > /portal/*=patnc1 > > Here is my workers.properties file: > > worker.list=patnc1 > worker.patnc1.type=ajp13 > worker.patnc1.host=localhost > worker.patnc1.port=8009 > > Here's the log from the redirector, when I do a request for > /jsp-examples/index.html > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > (1199): Filter started > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > (1266): Virtual Host redirection of > /localhost:88/jsp-examples/index.html > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (597): Attempting to map URI '/localhost:88/jsp-examples/index.html' > from 2 maps > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (609): Attempting to map context URI '/jsp-examples/*=patnc1' > source 'uriworkermap' > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (609): Attempting to map context URI '/portal/*=patnc1' > source 'uriworkermap' > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > (1273): Default redirection of /jsp-examples/index.html [Tue > Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (597): Attempting to map URI '/jsp-examples/index.html' from > 2 maps [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] > jk_uri_worker_map.c > (609): Attempting to map context URI '/jsp-examples/*=patnc1' > source 'uriworkermap' > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_uri_worker_map.c > (624): Found a wildchar match '/jsp-examples/*=patnc1
Re: OOME crushing tomcat
I had face the same problem, OOME sometimes "kill" tomcat connector. I setup two connectors (HTTP and AJP), while one connector was "dead", the other still "alive", and I could access manager/status from the "live" one to watch the "dead" one's status. I think it is tomcat's bug Leon Rosenberg-3 wrote: > > Hi, > > one of my customers recently increased amount of memory they use, so > OOME are happening more often. Most of them however do no harm, since > just the request is aborted, but the container remains functional and > next request wents well (they have a throughput of >100MB per second > in young generation so chances are good next request will get some > memory again). > > However, this exception killed tomcat completely (no replies anymore): > > Sep 30, 2007 6:56:51 PM > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run > SEVERE: Caught exception (java.lang.OutOfMemoryError: Java heap space) > executing [EMAIL PROTECTED], > terminating thread > > Any opinions, is that a bug in tomcat or is it inescapable after an OOME? > > regards > Leon > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- View this message in context: http://www.nabble.com/OOME-crushing-tomcat-tf4545506.html#a13120810 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Anonymous access with Tomcat Authentication configured.
Christopher, 2007/10/9, Christopher Schultz <[EMAIL PROTECTED]>: > > >> You cannot do this with Tomcat's authentication mechanism. You will > >> have to provide an alternative implementation. I recommend looking > >> st securityfilter ( http://securityfilter.sourceforge.net ). > > > > Well, securityfilter doesn't satisfy some servlet's requirements > > Like what? Sorry if I was wrong, but does security filter supports such auth-methods as BASIC, DIGEST, etc.? It was pointed that "BASIC authentication will be supported in an upcoming 1.1 release" at http://securityfilter.sourceforge.net . But at http://sourceforge.net/projects/securityfilter/ I found some newer release notes, but I found nothing about added support of other auth methods. > so as you said I will have to provide my own low level authentication > > mechanism. > > You can use Tomcat's built-in Realm as a basis for the authentication -- > so, for instance, you don't have to write your own SELECT query, etc. Thanks, I've got it. ...why you want your own servlets to do the authorization instead > of the container (or securityfilter)? This is the main question. Today we decided to do nothing new with authentication and use special "guest" user in the first version of servlet. And only if users will ask for anonymous access I decribed earlier, we'll develop custom mechanism or maybe use security filter. As I understood you represents interests of security filter's developers (sorry if it's mistake) and it will be greate if you' ll look at servlet's code at http://svn.svnkit.com/repos/svnkit/trunk/ (svnkit-dav subdirectory) and give me a response of how to use security filter with our servlet. > It will be my first implementation, so any help will be appreciated. > > First servlet implementation, or first authentication and authorization > implementation? First authentication and authorization implementation. Thanks, S. Vadishev.
Re: Perl Permissions on Tomcat
I'm running Tomcat on Windows XP, and in my Configuration -> Startup menu, the entry for the Arguments text box is "start", with no other string (nothing that says "-security"). Does that mean I'm currently running without SecurityManager? -Original Message- > Date: Mon Oct 08 12:03:37 EDT 2007 > From: "Mark Thomas" <[EMAIL PROTECTED]> > Subject: Re: Perl Permissions on Tomcat > To: "Tomcat Users List" > > Li Ye Chen wrote: > > // Give all permission to servlets-cgi.jar > > grant codeBase "file:${catalina.home}/server/lib/servlets-cgi.jar" { > > permission java.security.AllPermission; > > }; > > Are you running with a security manger? If so, try running without and > get things working that way first. Then we can focus on the permissions. > > Mark > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Dynamic logging configuration updates in Tomcat
Hi- We have a web application in which we'd like to get dynamic logging working. By dynamic logging, I mean live changes to the webapps' logging.properties file are read and applied without having to restart Tomcat. We have all the code written and running but it appears to not work exactly as it should. That is, I can change a logger's logging level once and it works, but if I change it again, it doesn't. If I change the global logger level (.level) the change is picked up but, obviously, that affects ALL the loggers in our webapp. I pulled the code out of tomcat and ran it as a stand-alone Java application and it works perfectly. I then created a very tiny/simple webapp to run this logging code and the problem appears again. I'm at a loss as to what Tomcat can possibly be doing to prevent the properties from being read subsequent times after the first change. We're using the java.util.logging API and have our own LogHandler class. We have a ServletContextListener that starts a background thread when the webapp starts up. This background thread finds the logging.properties file for this webapp and if it has been modified in the last 60 second, creates an InputStream to this file and passes this InputStream to the LogManager.getLogManager().readConfiguration(...) method. We are aware of this bug: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=5035854 in the Java logging API, but we are using the workaround in this bug to reapply the logging levels. If we can't find a solution to this using readConfiguration(...), we have a solution we've not tried which is to read the properties file ourselves, and loop over the loggers applying any levels that have changed - which is exactly what the LogManager is doing - but at least this is our code. Again, we've not tried this brute-force method yet, so I don't know if it will work. Thanks, --adam - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Anonymous access with Tomcat Authentication configured.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: > Christopher, > > 2007/10/9, Christopher Schultz <[EMAIL PROTECTED]>: You cannot do this with Tomcat's authentication mechanism. You will have to provide an alternative implementation. I recommend looking st securityfilter ( http://securityfilter.sourceforge.net ). >>> Well, securityfilter doesn't satisfy some servlet's requirements >> Like what? > > Sorry if I was wrong, but does security filter supports such auth-methods as > BASIC, DIGEST, etc.? It was pointed that "BASIC authentication will be > supported in an upcoming 1.1 release" at > http://securityfilter.sourceforge.net . But at > http://sourceforge.net/projects/securityfilter/ I found some newer release > notes, but I found nothing about added support of other auth methods. Right. The documentation for securityfilter is horrible. Fortunately, there's not much code there, so it's possible to go into it and see if something is implemented and how. I do not believe that securityfilter supports BASIC, DIGEST, or CLIENT-CERT authentication schemes. It might support BASIC, but I don't use that so I don't know. >> ...why you want your own servlets to do the authorization instead >> of the container (or securityfilter)? > > This is the main question. Today we decided to do nothing new with > authentication and use special "guest" user in the first version of servlet. I'm not sure what that means. > And only if users will ask for anonymous access I described earlier, we'll > develop custom mechanism or maybe use security filter. I'm not convinced you need either. You can use the built-in Tomcat authentication to do logins. You can also use the built-in authorization, but it looks like you don't want authorization at all: you want a site that basically lets anyone use it, but also allows logins for other things (but you haven't mentioned any of them). Tomcat can do this: just don't make anything protected except for a single "protected" page that can be used to trigger a login request. > As I understood you > represents interests of security filter's developers (sorry if it's mistake) Not really. I use securityfilter because Tomcat's implementation does not meet my needs (I need to be able to accept unexpected logins instead of first requesting a protected resource), but I am not a contributor. > it will be great if you' ll look at servlet's code I'm not going to read through your code to figure out your requirements. >>> It will be my first implementation, so any help will be appreciated. >> >> First servlet implementation, or first authentication and authorization >> implementation? > > First authentication and authorization implementation. Again, I don't think you need to implement anything yourself, whether you use Tomcat's built-in A&A or if you use securityfilter. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC9599CaO5/Lv0PARAufGAKCrMiD2hgTWGtDcoNaO8uWTZwOmaACginZ9 e2Wo5D5k6CgMMXBfnOH5udE= =MB4n -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Perl Permissions on Tomcat
> From: Li Ye Chen [mailto:[EMAIL PROTECTED] > Subject: Re: Perl Permissions on Tomcat > > I'm running Tomcat on Windows XP, and in my Configuration -> > Startup menu, the entry for the Arguments text box is > "start", with no other string You're looking in the wrong place. Look at the "Java options" under the Java tab for -Djava.security.manager and -Djava.security.policy settings. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Perl Permissions on Tomcat
Okay, I did some searching on the Internet and found that according to current config in my Tomcat, it's not even running SecurityManager (the -Djava...securitymanager argument is not available in the Java tab of the Configuration screen. And it is still not working, so I'm not sure what is going on here... Any help will be appreciated! -Original Message- > Date: Mon Oct 08 12:52:23 EDT 2007 > From: "Mark Thomas" <[EMAIL PROTECTED]> > Subject: Re: Perl Permissions on Tomcat > To: "Tomcat Users List" > > Li Ye Chen wrote: > > Will it pose a security risk if I disable the Security Manager? I am > > running an enterprise firewall on the server... > > That depends on your environment. But you have a separate machine for > development and/or testing - right? > > Right now we need to figure out if it is the security manager causing > the problem or something else. > > Mark > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Using RequestDispatcher.include() outside of Request/Response cycle.
Hi, I have a valve which detects some events in life-cycle of a web application ( like successful login/failed login/logout ) and invokes some configurable JSP page to let it perform some audit auctions ( like putting records in the table which trace access to application ). It works fine, the only problem is auditing session timeouts. I can (and do) add session listener, so it is not a problem to detect that session timed out. The problem is how to invoke my audit JSP page. RequestDispatcher.include() require Request and Response objects which are obviously not accessible inside SessionEvent callback. Should I create some sort of "fake" Request/ Response objects? Can I reuse some Request/Response objects from earlier (like when valve detected creation of the session)? Audit JSP page does NOT produce any output and it does NOT require any information from Request, so this Request/Response objects only need to be able to make RequestDispatcher.include() happy. Your thoughts will be highly appreciated, Andrei Tchijov - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using RequestDispatcher.include() outside of Request/Response cycle.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrei, Andrei Tchijov wrote: > I can (and do) add session listener, so it is not a problem to detect > that session timed out. The problem is how to invoke my audit JSP > page. Why not just do your audits right in the session listener? JSPs are not meant for this type of thing. > Audit JSP page does NOT produce any output and it does NOT require > any information from Request So why is it a JSP? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC+oa9CaO5/Lv0PARAjOkAJ958yvgszMuxPUS+28D65swBjCXoQCfWPC7 KO5B/+kH2xFXPIhgxgAFFSk= =yfpo -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Perl Permissions on Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Li, Li Ye Chen wrote: > Hi, I'm trying to run a Perl script on Tomcat 5.5.8 -- I've managed > to successfully run read-only Perl script, but the script I'm trying > to run connects to the database and needs to write to the local hard > drive. Whenever I try to execute the script, it creates a Perl.exe > thread on my Windows server and just never return the HTML code (so > the browser keeps loading) -- it seems there is a permission problem. Why do you believe there is a permissions problem? If perl.exe is running, then you have permission to run perl.exe. If you don't have permission to read the script file, then you should be getting some kind of error message somewhere. Can you see any error messages anywhere? How are you trying to execute this perl script? Be specific. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC+qa9CaO5/Lv0PARApzZAJsGg5LMZXycPyWTHUpbJ8cyk7mWrgCcDRPo Q+HJ78JMBbf3cDZsnbveV08= =IZrk -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using RequestDispatcher.include() outside of Request/Response cycle.
I would love to let JSP application developers to stay in one language environment (JSP). And as soon as pretty much all but auditing could be done in JSP (especially with JSTL), I feel that it will be nice (and appropriate) to let people to code audit functionality using JSP as well. And besides that one issue, this idea works just fine. On Oct 9, 2007, at 4:52 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrei, Andrei Tchijov wrote: I can (and do) add session listener, so it is not a problem to detect that session timed out. The problem is how to invoke my audit JSP page. Why not just do your audits right in the session listener? JSPs are not meant for this type of thing. Audit JSP page does NOT produce any output and it does NOT require any information from Request So why is it a JSP? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC+oa9CaO5/Lv0PARAjOkAJ958yvgszMuxPUS+28D65swBjCXoQCfWPC7 KO5B/+kH2xFXPIhgxgAFFSk= =yfpo -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Anonymous access with Tomcat Authentication configured.
Christopher, thank you for your great help, 2007/10/10, Christopher Schultz <[EMAIL PROTECTED]>: > >> ...why you want your own servlets to do the authorization instead > >> of the container (or securityfilter)? > > > > This is the main question. Today we decided to do nothing new with > > authentication and use special "guest" user in the first version of > servlet. > > I'm not sure what that means. Well, have you ever configured path based authentication for Subversion Server? Pba config file contains a set of rules and they look like [/path/in/repos] *= user1=r So anonymous user has any read permisions but a user logged on as "user1" may read from /path/in/repos. In our case, configuration above means that user logged on as a "guest" has no permissions and "user1" has read permissions. > And only if users will ask for anonymous access I described earlier, we'll > > develop custom mechanism or maybe use security filter. > > I'm not convinced you need either. You can use the built-in Tomcat > authentication to do logins. It sounds interesting. So if there is no element in web.xml, Tomcat doesn't provide authorization, right? And if web.xmlcontains element and doesn't contain element then servlet gets Principal object anyway (if client sent user/pass then request.getRemoteUser() returns "user" and if not request.getRemoteUser() returns null)? Well at least I will try to configure Tomcat this way. You can also use the built-in > authorization, but it looks like you don't want authorization at all: > you want a site that basically lets anyone use it, but also allows > logins for other things (but you haven't mentioned any of them). There is no site and pages, we have servlet that handles requests via webDAV protocol (an extension of HTTP1.1). There are two types of requests we should handle in servlet: 1. Requests with no authentication data. If such request tries to access /some/path and pba config file contains rule : [/some/path] *=r then we do not send any error, handle request and normally send result , otherwise we send SC_UNAUTHORIZED error. 2. Requests with authentication data, for instance client sends to us usename/password and tries to access /some/path. So we want Tomcat to check if this pair username/password is valid (at this moment Tomcat looks at Realm class as I think), so if it's not valid, Tomcat should send SC_UNAUTHORIZED otherwise servlet checks request using pba and if pba config file has rule: [/some/path] username=r then we do not send any error and handle request normally, otherwise we send SC_FORBIDDEN error. So my question now is: If Tomcat configured to provide built-in authentication and do not provide built-in authorization can we get described behavior? Hope this explanation is more clear. Thanks, S. Vadishev.
Re: Using RequestDispatcher.include() outside of Request/Response cycle.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrei, Andrei Tchijov wrote: > I would love to let JSP application developers to stay in one language > environment (JSP). And as soon as pretty much all but auditing could be > done in JSP (especially with JSTL), I feel that it will be nice (and > appropriate) to let people to code audit functionality using JSP as > well. I don't believe this is an appropriate use of JSP technology; I believe it to be an abuse of it. Are you trying to use JSP's ability to produce textual output, or do you just have regular Java code inside <% and %> tags? If that's the case, then your developers aren't writing JSP: they're writing Java and wrapping it in JSP. > And besides that one issue, this idea works just fine. How do you get request and response objects for other events so that the JSP has access to them? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC/h99CaO5/Lv0PARAsvWAJ9A5ME1qG7mQerIkyK9sshcgSWyvACfcUY8 6/0EMnwlVR6huHi/0agEBn8= =1qrf -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS6 and Tomcat 5.5
Hey, I finally have my environment working. I dont seem to need the 5.0 isolation mode though. Thanks for your help! David Buttrick > -Original Message- > From: Charlie Wingate [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 09, 2007 12:42 PM > To: Tomcat Users List > Subject: RE: IIS6 and Tomcat 5.5 > > Hi David, > Depending on the Runtime and the Dll version(s) you are > using this wont work at all. The Isapi you should be using > was released in late july and the latest runtime works with > it. The runtime is found in the TC bin and is called > tcnative.dll. Essentially, grab the latest version of each. > I got this working only after also placing IIS 6 into IIS 5 > isolation mode. The isapi filter does not seem to like > something about the way IIS 6 handles it; as a result it just > does not work. > Outside of that it looks like you have things correct. > Although the versions are off the following article > pretty much covers it well. (JK2 is deprecated) > > http://www.roktech.net/devblog/enclosures/iis6-Tomcat5-JK2.pdf > > ~Charlie > > > The significant problems we have cannot be solved at the same > level of thinking with which we created them. > - Albert Einstein > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 09, 2007 1:19 PM > To: users@tomcat.apache.org > Subject: RE: IIS6 and Tomcat 5.5 > > Thanks for the responses. > > When isapi_redirect says that he's forwarding the request URI > - is that not where I'm supposed to see the request for > /jakarta/isapi_redirect.dll > > My understanding is that you see the request itself hits IIS, > then it get processed by the filter, then if appropriate, the > filter forwards the request by making a request to > /jakarta/isapi_redirect.dll. > > So, I see everything in the logs except for the request to > /jakarta/isapi_redirect.dll. > It looks like that means that first phase of the request is > handled, but the filter never generates the request to tomcat > - is that right? > > Could that be a permissions thing? I looked at permissions on > my isapi_redirect, and I allowed execute for the IIS_WPG group. > > So, I've read the Apache docs on doing this, and I've looked > cursorily at the wiki that is linked to the tomcat connector > page, that has the extra step about allowing the web service. > I even remember reading the document that tells you to put > the webserver in isolation mode. > > Also, where do you find the tomcat native runtime? I was > looking at this to do later, as I'm still having trouble > making it work! > > Thanks > David > > > > > -Original Message- > > From: Charlie Wingate [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 09, 2007 11:28 AM > > To: Tomcat Users List > > Subject: RE: IIS6 and Tomcat 5.5 > > > > My Bad you did put in the workermap and propfiles. Follow the > > isolation mode in IIS path. > > > > ~Charlie > > > > > > The significant problems we have cannot be solved at the > same level of > > thinking with which we created them. > > - Albert Einstein > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 09, 2007 10:42 AM > > To: users@tomcat.apache.org > > Subject: IIS6 and Tomcat 5.5 > > > > The only thing that I can see missing from my setup is that when I > > make a request for a URL served by the isapi_redirector, I > dont see a > > corresponding get for /jakarta/isapi_redirector.dll from IIS. > > > > I have green lights everywhere, I have the logging turned up on the > > filter, and I'm seeing that requests are coming through, and > > isapi_redirector knows they are for him (unless forwarding > escaped URI > > means something else) no other errors on startup, so I am > tempted to > > think that things are looking OK. > > > > Here is my uriworkermap.properties file: > > > > /jsp-examples/*=patnc1 > > /portal/*=patnc1 > > > > Here is my workers.properties file: > > > > worker.list=patnc1 > > worker.patnc1.type=ajp13 > > worker.patnc1.host=localhost > > worker.patnc1.port=8009 > > > > Here's the log from the redirector, when I do a request for > > /jsp-examples/index.html > > > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > > (1199): Filter started > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > > (1266): Virtual Host redirection of > > /localhost:88/jsp-examples/index.html > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] > jk_uri_worker_map.c > > (597): Attempting to map URI '/localhost:88/jsp-examples/index.html' > > from 2 maps > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] > jk_uri_worker_map.c > > (609): Attempting to map context URI '/jsp-examples/*=patnc1' > > source 'uriworkermap' > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] > jk_uri_worker_map.c > > (609): Attempting to map context URI
Re: Anonymous access with Tomcat Authentication configured.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: > Well, have you ever configured path based authentication for Subversion > Server? Oh, you're using WebDAV. :( > So if there is no element in > web.xml, Tomcat doesn't provide authorization, right? Correct. It will not perform authentication either. I think it's important to understand what's going on here: Tomcat's built-in A&A requires that an unauthenticated user request a protected resource (protected by a ). When this happens, Tomcat intercepts the request internally and issues the appropriate login request (HTTP AUTH, FORM, etc.). Upon successful authentication, Tomcat re-processes the original request. Tomcat authorization is done separately, though probably by the same component (Valve). You can require authentication but not enforce any specific role by using * in your . Unfortunately for you, J2EE does not do user-based authorization; it will only do role-based authorization. I don't think you can use Tomcat's authorization at all. I don't know enough about the WebDAV/svn protocol to know whether it will work for authentication. > And if > web.xmlcontains element and doesn't contain > > element then servlet gets Principal object anyway (if client sent user/pass > then request.getRemoteUser() returns "user" and if not request.getRemoteUser() > returns null)? Well at least I will try to configure Tomcat this way. If you want Tomcat to do authentication and not authorization (which it sounds like is the case), then use * on whatever resource you are protecting and Tomcat will demand that the user authenticate in order to access the resource (but it won't care who the user is). Then, you should be able to get a Principal from the request object during a request. > 1. Requests with no authentication data. I'm pretty sure you're always going to want authentication data. To get Tomcat to work this way, you will need authentication data for pretty much every request. > 2. Requests with authentication data [...] so we want Tomcat to check > if this pair username/password is valid You can't have Tomcat do this kind of thing on demand. You can either use their authentication mechanism (with all the requirements above) or not. > So my question now is: If Tomcat configured to provide built-in > authentication and do not provide built-in authorization can we get > described behavior? You can try using * as described above, but it may not work the way you want it to work. For instance, if you want to allow completely anonymous access (i.e. not even requiring the use of a "guest" username and password), then you'll need to do everything yourself. Don't worry: authentication is really easy. Authorization isn't that bad, either, especially since you will probably only have a single servlet that needs protecting. The problem with these things is usually making sure you didn't miss anything (like leaving a swath of URIs unprotected). Feel free to look at Tomcat's Realm implementations for coding inspiration. > Hope this explanation is more clear. It is, thanks. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC/uy9CaO5/Lv0PARAghHAKCVnSxdBUrmVruDS9rbq6qhKgZ2PgCfQMAU mQuDZdXT7R+mZsiEP8l/GmI= =4bmb -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Anonymous access with Tomcat Authentication configured.
is the bottom line that he (Semen's) wanting certain areas protected by a role, and other areas protected/accessible only by another role? Or is he looking for authentication at every protected juncture? -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 09, 2007 5:08 PM To: Tomcat Users List Subject: Re: Anonymous access with Tomcat Authentication configured. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Semen, Semen Vadishev wrote: > Well, have you ever configured path based authentication for Subversion > Server? Oh, you're using WebDAV. :( > So if there is no element in > web.xml, Tomcat doesn't provide authorization, right? Correct. It will not perform authentication either. I think it's important to understand what's going on here: Tomcat's built-in A&A requires that an unauthenticated user request a protected resource (protected by a ). When this happens, Tomcat intercepts the request internally and issues the appropriate login request (HTTP AUTH, FORM, etc.). Upon successful authentication, Tomcat re-processes the original request. Tomcat authorization is done separately, though probably by the same component (Valve). You can require authentication but not enforce any specific role by using * in your . Unfortunately for you, J2EE does not do user-based authorization; it will only do role-based authorization. I don't think you can use Tomcat's authorization at all. I don't know enough about the WebDAV/svn protocol to know whether it will work for authentication. > And if > web.xmlcontains element and doesn't contain > > element then servlet gets Principal object anyway (if client sent user/pass > then request.getRemoteUser() returns "user" and if not request.getRemoteUser() > returns null)? Well at least I will try to configure Tomcat this way. If you want Tomcat to do authentication and not authorization (which it sounds like is the case), then use * on whatever resource you are protecting and Tomcat will demand that the user authenticate in order to access the resource (but it won't care who the user is). Then, you should be able to get a Principal from the request object during a request. > 1. Requests with no authentication data. I'm pretty sure you're always going to want authentication data. To get Tomcat to work this way, you will need authentication data for pretty much every request. > 2. Requests with authentication data [...] so we want Tomcat to check > if this pair username/password is valid You can't have Tomcat do this kind of thing on demand. You can either use their authentication mechanism (with all the requirements above) or not. > So my question now is: If Tomcat configured to provide built-in > authentication and do not provide built-in authorization can we get > described behavior? You can try using * as described above, but it may not work the way you want it to work. For instance, if you want to allow completely anonymous access (i.e. not even requiring the use of a "guest" username and password), then you'll need to do everything yourself. Don't worry: authentication is really easy. Authorization isn't that bad, either, especially since you will probably only have a single servlet that needs protecting. The problem with these things is usually making sure you didn't miss anything (like leaving a swath of URIs unprotected). Feel free to look at Tomcat's Realm implementations for coding inspiration. > Hope this explanation is more clear. It is, thanks. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC/uy9CaO5/Lv0PARAghHAKCVnSxdBUrmVruDS9rbq6qhKgZ2PgCfQMAU mQuDZdXT7R+mZsiEP8l/GmI= =4bmb -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Perl Permissions on Tomcat
I asked yesterday but didnt hear back..Are you implementing via CGIServlet? M-- - Original Message - From: "Li Ye Chen" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Tuesday, October 09, 2007 4:34 PM Subject: Re: Perl Permissions on Tomcat > Okay, I did some searching on the Internet and found that according to current config in my Tomcat, it's not even running SecurityManager (the -Djava...securitymanager argument is not available in the Java tab of the Configuration screen. And it is still not working, so I'm not sure what is going on here... > > Any help will be appreciated! > > -Original Message- > > > Date: Mon Oct 08 12:52:23 EDT 2007 > > From: "Mark Thomas" <[EMAIL PROTECTED]> > > Subject: Re: Perl Permissions on Tomcat > > To: "Tomcat Users List" > > > > Li Ye Chen wrote: > > > Will it pose a security risk if I disable the Security Manager? I am running an enterprise firewall on the server... > > > > That depends on your environment. But you have a separate machine for > > development and/or testing - right? > > > > Right now we need to figure out if it is the security manager causing > > the problem or something else. > > > > Mark > > > > - > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IIS6 and Tomcat 5.5
Which version tcnative.dll worked for IIS6? Thanks M - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Tuesday, October 09, 2007 6:03 PM Subject: RE: IIS6 and Tomcat 5.5 Hey, I finally have my environment working. I dont seem to need the 5.0 isolation mode though. Thanks for your help! David Buttrick > -Original Message- > From: Charlie Wingate [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 09, 2007 12:42 PM > To: Tomcat Users List > Subject: RE: IIS6 and Tomcat 5.5 > > Hi David, > Depending on the Runtime and the Dll version(s) you are > using this wont work at all. The Isapi you should be using > was released in late july and the latest runtime works with > it. The runtime is found in the TC bin and is called > tcnative.dll. Essentially, grab the latest version of each. > I got this working only after also placing IIS 6 into IIS 5 > isolation mode. The isapi filter does not seem to like > something about the way IIS 6 handles it; as a result it just > does not work. > Outside of that it looks like you have things correct. > Although the versions are off the following article > pretty much covers it well. (JK2 is deprecated) > > http://www.roktech.net/devblog/enclosures/iis6-Tomcat5-JK2.pdf > > ~Charlie > > > The significant problems we have cannot be solved at the same > level of thinking with which we created them. > - Albert Einstein > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 09, 2007 1:19 PM > To: users@tomcat.apache.org > Subject: RE: IIS6 and Tomcat 5.5 > > Thanks for the responses. > > When isapi_redirect says that he's forwarding the request URI > - is that not where I'm supposed to see the request for > /jakarta/isapi_redirect.dll > > My understanding is that you see the request itself hits IIS, > then it get processed by the filter, then if appropriate, the > filter forwards the request by making a request to > /jakarta/isapi_redirect.dll. > > So, I see everything in the logs except for the request to > /jakarta/isapi_redirect.dll. > It looks like that means that first phase of the request is > handled, but the filter never generates the request to tomcat > - is that right? > > Could that be a permissions thing? I looked at permissions on > my isapi_redirect, and I allowed execute for the IIS_WPG group. > > So, I've read the Apache docs on doing this, and I've looked > cursorily at the wiki that is linked to the tomcat connector > page, that has the extra step about allowing the web service. > I even remember reading the document that tells you to put > the webserver in isolation mode. > > Also, where do you find the tomcat native runtime? I was > looking at this to do later, as I'm still having trouble > making it work! > > Thanks > David > > > > > -Original Message- > > From: Charlie Wingate [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 09, 2007 11:28 AM > > To: Tomcat Users List > > Subject: RE: IIS6 and Tomcat 5.5 > > > > My Bad you did put in the workermap and propfiles. Follow the > > isolation mode in IIS path. > > > > ~Charlie > > > > > > The significant problems we have cannot be solved at the > same level of > > thinking with which we created them. > > - Albert Einstein > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, October 09, 2007 10:42 AM > > To: users@tomcat.apache.org > > Subject: IIS6 and Tomcat 5.5 > > > > The only thing that I can see missing from my setup is that when I > > make a request for a URL served by the isapi_redirector, I > dont see a > > corresponding get for /jakarta/isapi_redirector.dll from IIS. > > > > I have green lights everywhere, I have the logging turned up on the > > filter, and I'm seeing that requests are coming through, and > > isapi_redirector knows they are for him (unless forwarding > escaped URI > > means something else) no other errors on startup, so I am > tempted to > > think that things are looking OK. > > > > Here is my uriworkermap.properties file: > > > > /jsp-examples/*=patnc1 > > /portal/*=patnc1 > > > > Here is my workers.properties file: > > > > worker.list=patnc1 > > worker.patnc1.type=ajp13 > > worker.patnc1.host=localhost > > worker.patnc1.port=8009 > > > > Here's the log from the redirector, when I do a request for > > /jsp-examples/index.html > > > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > > (1199): Filter started > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] jk_isapi_plugin.c > > (1266): Virtual Host redirection of > > /localhost:88/jsp-examples/index.html > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] > jk_uri_worker_map.c > > (597): Attempting to map URI '/localhost:88/jsp-examples/index.html' > > from 2 maps > > [Tue Oct 09 09:35:30.111 2007] [3084:3124] [debug] > jk_uri_worker_map.c > > (609): Attempting to map conte
Re: Using RequestDispatcher.include() outside of Request/Response cycle.
There is no any "<% ... %>" in the audit jsp. Below is one simple example of such file: <%@ include file="/common/all.include.jsp" %> "audit" is a hashtable object in session. it has all information needed ( "event" - login|logout| , "userName", "sessionId" ). is a custom tag which does not have any <% ... %> in it either just some tags. This is actually what made me go this way. With ability to define new tags using JSP (taglib) it is truly possible to have "java-less" JSP application. Audit is the only spot which required some java coding, with this JSPAudit valve I can code it once and then delegate all actual audit business logic to JSP writer. On Oct 9, 2007, at 5:54 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrei, Andrei Tchijov wrote: I would love to let JSP application developers to stay in one language environment (JSP). And as soon as pretty much all but auditing could be done in JSP (especially with JSTL), I feel that it will be nice (and appropriate) to let people to code audit functionality using JSP as well. I don't believe this is an appropriate use of JSP technology; I believe it to be an abuse of it. Are you trying to use JSP's ability to produce textual output, or do you just have regular Java code inside <% and %> tags? If that's the case, then your developers aren't writing JSP: they're writing Java and wrapping it in JSP. And besides that one issue, this idea works just fine. How do you get request and response objects for other events so that the JSP has access to them? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHC/h99CaO5/Lv0PARAsvWAJ9A5ME1qG7mQerIkyK9sshcgSWyvACfcUY8 6/0EMnwlVR6huHi/0agEBn8= =1qrf -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Using RequestDispatcher.include() outside of Request/Response cycle.
basic JSTL? -Original Message- From: Andrei Tchijov [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 09, 2007 5:53 PM To: Tomcat Users List Subject: Re: Using RequestDispatcher.include() outside of Request/Response cycle. There is no any "<% ... %>" in the audit jsp. Below is one simple example of such file: <%@ include file="/common/all.include.jsp" %> "audit" is a hashtable object in session. it has all information needed ( "event" - login|logout| , "userName", "sessionId" ). is a custom tag which does not have any <% ... %> in it either just some tags. This is actually what made me go this way. With ability to define new tags using JSP (taglib) it is truly possible to have "java-less" JSP application. Audit is the only spot which required some java coding, with this JSPAudit valve I can code it once and then delegate all actual audit business logic to JSP writer. On Oct 9, 2007, at 5:54 PM, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Andrei, > > Andrei Tchijov wrote: >> I would love to let JSP application developers to stay in one >> language >> environment (JSP). And as soon as pretty much all but auditing >> could be >> done in JSP (especially with JSTL), I feel that it will be nice (and >> appropriate) to let people to code audit functionality using JSP as >> well. > > I don't believe this is an appropriate use of JSP technology; I > believe > it to be an abuse of it. Are you trying to use JSP's ability to > produce > textual output, or do you just have regular Java code inside <% and %> > tags? If that's the case, then your developers aren't writing JSP: > they're writing Java and wrapping it in JSP. > >> And besides that one issue, this idea works just fine. > > How do you get request and response objects for other events so > that the > JSP has access to them? > > - -chris > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.7 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHC/h99CaO5/Lv0PARAsvWAJ9A5ME1qG7mQerIkyK9sshcgSWyvACfcUY8 > 6/0EMnwlVR6huHi/0agEBn8= > =1qrf > -END PGP SIGNATURE- > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Anonymous access with Tomcat Authentication configured.
Christopher, 2007/10/10, Christopher Schultz <[EMAIL PROTECTED]>: > Tomcat's built-in A&A requires that an unauthenticated user request a > protected resource (protected by a ). When this > happens, Tomcat intercepts the request internally and issues the > appropriate login request (HTTP AUTH, FORM, etc.). Upon successful > authentication, Tomcat re-processes the original request. > > Tomcat authorization is done separately, though probably by the same > component (Valve). [...] > > Don't worry: authentication is really easy. Authorization isn't that > bad, either, especially since you will probably only have a single > servlet that needs protecting. The problem with these things is usually > making sure you didn't miss anything (like leaving a swath of URIs > unprotected). > > Feel free to look at Tomcat's Realm implementations for coding > inspiration. So implementing internal server component (probably valve) is the only solution, right? And is this container independent solution? Thanks, S. Vadishev.
Re: Using RequestDispatcher.include() outside of Request/Response cycle.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrei, Andrei Tchijov wrote: > There is no any "<% ... %>" in the audit jsp. Below is one simple > example of such file: > > <%@ include file="/common/all.include.jsp" %> > > > > > > Oh, I get it. You're using JSP to script Java, rather than just using Java. Good luck with that. :( By the way, your JSP generates plenty of output, even if it /is/ just whitespace. > This is actually what made me go this way. With ability to define new > tags using JSP (taglib) it is truly possible to have "java-less" JSP > application. So, by writing tons of taglib code, you can effortlessly script Java. Yup. To answer your original question: I don't believe that there's an easy (or natural) way for you to do what you want to do. Since this is Not Recommended Technique(TM), I'm not going to spend any more time on it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHDB079CaO5/Lv0PARAq9nAJ0Z+9AasT23uorxQAv0SgZwUQ0K5ACfTxyQ twgNiUTwXBeu7tLY3SYfkzM= =I7XT -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using RequestDispatcher.include() outside of Request/Response cycle.
Hello, Consider using either Request / Response Wrappers subclassed and modified so they simply return 0 / null / "" / ignore output, or google for "servlet api mock objects" or something similar. Ages ago I wrote something similar, where specified pages were called on webapp start / stop. Don't ask :/ It was on Tomcat 4.0, but I believe there's nothing in the specs that prohibit such (ab)use, so it should work with any servlet container. Greetings, Lilianne E. Blaze Andrei Tchijov wrote: > Hi, > I have a valve which detects some events in life-cycle of a web > application ( like successful login/failed login/logout ) and invokes > some configurable JSP page to let it perform some audit auctions ( > like putting records in the table which trace access to application > ). It works fine, the only problem is auditing session timeouts. I > can (and do) add session listener, so it is not a problem to detect > that session timed out. The problem is how to invoke my audit JSP > page. RequestDispatcher.include() require Request and Response objects > which are obviously not accessible inside SessionEvent callback. > Should I create some sort of "fake" Request/Response objects? Can I > reuse some Request/Response objects from earlier (like when valve > detected creation of the session)? Audit JSP page does NOT produce > any output and it does NOT require any information from Request, so > this Request/Response objects only need to be able to make > RequestDispatcher.include() happy. > Your thoughts will be highly appreciated, > > Andrei Tchijov > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: PKI
Edward Dowgiallo wrote: > Does anyone have a war file blank they are willing to share that is > correctly setup for PKI on Tomcat 5.5 or 6.0? This is less of a war issue and more of a certificate store and connector configuration issue. Try http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OOME crushing tomcat
Leon Rosenberg wrote: > Any opinions, is that a bug in tomcat or is it inescapable after an OOME? OOME will kill Tomcat. I have seen it struggle on after an OOME but it always dies shortly afterwards. You need to get a profiler (I use YourKit) and find out what is using all the memory. Then: fix the leak if there is one; report a bug in Tomcat it it has a memory leak (fairly unlikely these days); add ram to the machine; or reduce the load on the machine. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OOME crushing tomcat
William Leung wrote: > I had face the same problem, OOME sometimes "kill" tomcat connector. > > I setup two connectors (HTTP and AJP), while one connector was "dead", the > other still "alive", and I could access manager/status from the "live" one > to watch the "dead" one's status. > > I think it is tomcat's bug Almost certainly not. Chances are it is an application bug. A profiler will tell you for sure. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using RequestDispatcher.include() outside of Request/Response cycle.
Thnx for reply! I thought that it should be possible. Was just looking for some pointers about which methods are important and which are not in Request/Response. On Oct 9, 2007, at 10:34 PM, Lilianne E. Blaze wrote: Hello, Consider using either Request / Response Wrappers subclassed and modified so they simply return 0 / null / "" / ignore output, or google for "servlet api mock objects" or something similar. Ages ago I wrote something similar, where specified pages were called on webapp start / stop. Don't ask :/ It was on Tomcat 4.0, but I believe there's nothing in the specs that prohibit such (ab)use, so it should work with any servlet container. Greetings, Lilianne E. Blaze Andrei Tchijov wrote: Hi, I have a valve which detects some events in life-cycle of a web application ( like successful login/failed login/logout ) and invokes some configurable JSP page to let it perform some audit auctions ( like putting records in the table which trace access to application ). It works fine, the only problem is auditing session timeouts. I can (and do) add session listener, so it is not a problem to detect that session timed out. The problem is how to invoke my audit JSP page. RequestDispatcher.include() require Request and Response objects which are obviously not accessible inside SessionEvent callback. Should I create some sort of "fake" Request/Response objects? Can I reuse some Request/Response objects from earlier (like when valve detected creation of the session)? Audit JSP page does NOT produce any output and it does NOT require any information from Request, so this Request/Response objects only need to be able to make RequestDispatcher.include() happy. Your thoughts will be highly appreciated, Andrei Tchijov - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5 and SSL
I'm using Tomcat 5 on a Fedora Linux box. I originally created a self-signed certificate (for testing purposes) without the keystore entry (still new to this) and I have no idea where that file is. I ran a search for anything .keystore from root and nothing shows up. A keytool -list command shows that there is only one keystore entry and it was made days ago (I thought I had made more since but I guess not). When I try to delete the entry I get the following error: "keytool error: java.lang.IllegalStateException: masked envelope" Does anyone know what this means? Thanks in advance. -- View this message in context: http://www.nabble.com/Tomcat-5-and-SSL-tf4598759.html#a13129881 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]