Install Tomcat 5.5 Tomcat 6.0 in the same machine
Hi! I'm Triying install two differens versions of Tomcat in the same machine. It's necessay for two projects that I'm developing. I've installed successfully the Tomcat 5.5 with Java 1.5.0_14, but when I'm try install Tomcat 6.0, the Windows Installer give me an error related with the JVM. The message says: Failed to install Tomcat6 service. Check your settings permissions But I'm the administrator, cos this isn't a permission problem. Could it be related with the JVM directly? Thanks
Install Tomcat 5.5 Tomcat 6.0 in the same machine
Hi! I'm Triying install two differens versions of Tomcat in the same machine. It's necessay for two projects that I'm developing. I've installed successfully the Tomcat 5.5 with Java 1.5.0_14, but when I'm try install Tomcat 6.0, the Windows Installer give me an error related with the JVM. The message says: Failed to install Tomcat6 service. Check your settings permissions But I'm the administrator, cos this isn't a permission problem. Could it be related with the JVM directly? Thanks
Re: Tomcat Freez
When it freezes, get a stack trace of all Thread in tomcat, by analysing those stacks, you can get an idea where it freeze and why. Getting Threaddump on windows requires you, if i remember well, to type ctrl-z in the tomcat console. En l'instant précis du 06/02/08 05:18, Suren s'exprimait en ces termes: Hi, I am using Tomcat 6.0.14 in Windows Environment 2003 R2. Using DBCP for connection pooling, after 6-8Hrs of usage Tomcat hanges. It's connecting to Oracle 10g R2 Database. The Application logic is everytime user comes with a request that entire request is served using a single connection. ( when a request received at Servlet side, it takes takes one connection the same is used till the process is getting completed before the response the connection is closed) is it causing the problem ??. I am really in trouble. Please help me out on this. Thanks G.Shajikumar -- http://www.devlog.be (a belgian developer's logs) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Facing problem in integration of PHP and tomcat
Hi Barry, Thanks a lot for the reply ! I am getting the following error: Fatal error: Call to undefined function mb_language() in /usr/oki_software/tomcat/apache-tomcat-6.0.14/config.php on line 403 Could you please tell me from where I can get the shared objects? I need the follwoing Shared objects for PHP 5.2.5 on Linux version 4: 1. mbstring.so 2. mcrypt.so 3. mysql.so Please help me in the same ! Thanks, Yogesh Goldstein, Barry A wrote: In Linux you need to put the directory containing these shared libraries in your LD_LIBRARY_PATH environment variable and export the variable. These are the directories that the loader searches to dynamically load modules at runtime. Thank you, Barry -Original Message- From: puneetjain [mailto:[EMAIL PROTECTED] Sent: Monday, February 04, 2008 11:57 PM To: users@tomcat.apache.org Subject: Facing problem in integration of PHP and tomcat Hi, I am trying to integrate PHP with tomcat server i.e. trying to running PHP in servlet container. Environment: = Operating System: RedHat Enterprize Linux 3 Tomcat Version: 6 PHP version: 5.2.5 Java: 1.5 Steps Performed: 1. Install the tomcat. 2. Install the php 3. Create a web project. 4. Place the php5servlet.jar in the WEB_INF/lib directory. 5. Add the below entry in my web.xml. ?xml version=1.0 encoding=ISO-8859-1? web-app xmlns=http://java.sun.com/xml/ns/j2ee; version=2.3 xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http:/java.sun.com/dtd/web-app_2_3.dtd servlet servlet-namephp/servlet-name servlet-classnet.php.servlet/servlet-class /servlet servlet servlet-namephp-formatter/servlet-name servlet-classnet.php.formatter/servlet-class /servlet servlet-mapping servlet-namephp/servlet-name url-pattern*.php/url-pattern /servlet-mapping servlet-mapping servlet-namephp-formatter/servlet-name url-pattern*.phps/url-pattern /servlet-mapping /web-app 6. Create a war file and deployed on the tomcat. Exception: === When I tried to deploy this war file it says that the libphp5servlet.so and libphp5.so libraries are missing. I have tried these steps on Windows XP and used php5servlet.dll. PHP is working on tomcat in windows. I am unable to find the procedure to create/get the libphp5servlet.so and libphp5.so library to run PHP in Tomcat container in Linux Environment. Please help me to resolve this problem. Thanks, Puneet -- View this message in context: http://www.nabble.com/Facing-problem-in-integration-of-PHP-and-tomcat-tp 15283840p15283840.html Sent from the Tomcat - User mailing list archive at Nabble.com. *** The information contained in this message may be privileged and/or confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. Note that any views or opinions presented in this message are solely those of the author and do not necessarily represent those of Ameren. All emails are subject to monitoring and archival. Finally, the recipient should check this message and any attachments for the presence of viruses. Ameren accepts no liability for any damage caused by any virus transmitted by this email. If you have received this in error, please notify the sender immediately by replying to the message and deleting the material from any computer. Ameren Corporation *** - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Facing-problem-in-integration-of-PHP-and-tomcat-tp15283840p15306343.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Servlet Openning as file download
From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Date: Wed, 6 Feb 2008 10:00:53 + HiI am running tomcat 5.5 on windows XP; I am attempting to run a servletas a html form action:form method=POST action=BeerSelectinput type=SUBMIT/formWhen I click on the submit button a file download box appears where Ican 'save' the file BeerSelect as opposed to routing to the html page I createwithin the servlet class. I've used tomcat before have neverencountered this problem before it does not seem to appear on anyforumMy web.xml contains the following:web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4servletservlet-nameCh3Beer/servlet-name servlet-classcom.example.web.BeerSelect/servlet-class/servletservlet-mapping servlet-nameCh3Beer/servlet-name url-pattern/BeerSelect/url-pattern/servlet-mapping/web-appAny light anyone could shed on this would be much appreciated.Natasha Wright
RE: Install Tomcat 5.5 Tomcat 6.0 in the same machine
From: Juan Jesús Cremades Monserrat [mailto:[EMAIL PROTECTED] Hi! I'm Triying install two differens versions of Tomcat in the same machine. It's necessay for two projects that I'm developing. I've installed successfully the Tomcat 5.5 with Java 1.5.0_14, but when I'm try install Tomcat 6.0, the Windows Installer give me an error related with the JVM. The message says: Failed to install Tomcat6 service. Check your settings permissions But I'm the administrator, cos this isn't a permission problem. Could it be related with the JVM directly? Thanks More likely it's related to trying to install two Windows services with the same name, and the second one failing to install because the first one's taken the service name. Do they *have* to be Windows services, or could you use the standalone Tomcat package (the zip file) for one or both? I routinely develop on Windows with multiple Tomcat versions. I never install as a service on my development; I always install using the zip file and start Tomcat using the .bat file, as it's far easier to debug! - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to avoid session fixation?
Dear all, I'm currently trying to find a way to fight Session Fixation (http://www.owasp.org/index.php/Session_Fixation) in tomcat when using the built -in mechanisms to authenticate users of a servlet. In the environment in question, an own realm implementation is in place and we use the SingleSignOn feature as well. I've asked google and also looked through this list, but I couldn't find anything on the subject. So, my question is: Has anyone out there successfully solved this problem and has a solution that integrates neatly with the standard authentication mechanisms tomcat provides? Or is it in fact not a problem at all? A common solution to fix the problem is to renew the session (or at least it's id) right before/after the user is authenticated (i.e. in the same request). I came up with a custom valve that kind of does the job, but I'm really not sure whether this is the way to go or if I'm messing too much with tomcat internals. Thanks for any help. Kind regards, Christoph - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Out of Memory Errors when upgrading from 5.0.27 to 6.0.14
hai dan, If I am not wrong, try to close all the connection string and make the user defined variables as null. (Eg) 1) (Statement object)--à st.close(); 2) (String)às=null; Hope it will solve your problem to some extend, even then if your problem is not solved. Then you have to change the heap size in the tomcat server (that may be relative to RAM size of the machine where the tomcat is running). -- with Regards S.Prakash
URL rewriting and mod_jk
Hi, when I use the following: Options +FollowSymLinks RewriteEngine on RewriteRule ^/news/([0-9]+)$ /news/$1/ [R] RewriteRule ^/news/([0-9]+)/$ /news.jsp?id=$1 and I use this URL: http://localhost/news/1 apache-tomcat displays the jsp-page - with source code (html and jsp code). I am using apache-2.2.8 and apache-tomcat-6.0.14 and mod_jk. JkAutoAlias/opt/apache-tomcat-6.0.14/webapps/domainname JkMount/*.jsp default JkMount/*.* default JkMount/servlet/* default As mentioned on several web sites I have loaded mod_jk before mod_rewrite. What is wrong? Thanks, Lars
RE: Tomcat Freez
From: David Delbecq [mailto:[EMAIL PROTECTED] Subject: Re: Tomcat Freez Getting Threaddump on windows requires you, if i remember well, to type ctrl-z in the tomcat console. It's ctrl-break, not ctrl-z. Also, you can use the JDK jstack utility to get a thread dump of any JVM running on the same box, once you know the PID number. On Windows, use Task Manager or netstat -ao to find that. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet Openning as file download
Natasha Wright wrote: From: [EMAIL PROTECTED]: [EMAIL PROTECTED]: Date: Wed, 6 Feb 2008 10:00:53 + HiI am running tomcat 5.5 on windows XP; I am attempting to run a servletas a html form action:form method=POST action=BeerSelectinput type=SUBMIT/formWhen I click on the submit button a file download box appears where Ican 'save' the file BeerSelect as opposed to routing to the html page I createwithin the servlet class. I've used tomcat before have neverencountered this problem before it does not seem to appear on anyforumMy web.xml contains the following:web-app xmlns=http://java.sun.com/xml/ns/j2ee;xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;xsi:schemaLocation=http://java.sun.com/xml/ns/j2eehttp://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4servletservlet-nameCh3Beer/servlet-nameservlet-classcom.example.web.BeerSelect/servlet-class/servletservlet-mapping servlet-nameCh3Beer/servlet-nameurl-pattern/BeerSelect/url-pattern/servlet-mapping/web-appA ny light anyone could shed on this would be much appreciated.Natasha Wright Mm.. whatever you're using as your mail software is removing all line breaks form your message, making it rather hard to read. Anyway, as to your problem; most possibly it is that the BeerSelect servlet (from Ch3Beer class) is setting some strange content type for the response document (default content type is text/html, which should be displayed just fine with the browser). The other possible solution could be that even though your servlet is setting text/html, it is outputting some non-html content, and because of this your browser is deciding to rather offer to save the content as opposed to displaying it directly. You could also let your browser save the content and take a look at the saved file to find out what your servlet actually did send as the response to submitting the form. -- ..Juha - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting and mod_jk
Hi Lars, most liekly you need to set the pass through flag PT for the rewrite rules. See also pass through in http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html Also: if you are using VirtualHosts, you need to put the JkMount into the VirtualHosts. Let us know, if that works. Regards, Rainer [EMAIL PROTECTED] wrote: Hi, when I use the following: Options +FollowSymLinks RewriteEngine on RewriteRule ^/news/([0-9]+)$ /news/$1/ [R] RewriteRule ^/news/([0-9]+)/$ /news.jsp?id=$1 and I use this URL: http://localhost/news/1 apache-tomcat displays the jsp-page - with source code (html and jsp code). I am using apache-2.2.8 and apache-tomcat-6.0.14 and mod_jk. JkAutoAlias/opt/apache-tomcat-6.0.14/webapps/domainname JkMount/*.jsp default JkMount/*.* default JkMount/servlet/* default As mentioned on several web sites I have loaded mod_jk before mod_rewrite. What is wrong? Thanks, Lars - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
servlet spec, taglibs, java sdk - which ones?
Looking here: http://tomcat.apache.org/whichversion.html - no problems, except we run Tomcat 5.0.28 and reading below in the site it says quote Apache Tomcat 5.5.x. It supports the same Servlet and JSP Specification versions as Apache Tomcat 5.0.x, /quote Which is what servlet spec version? I've figured out the taglib question: http://jakarta.apache.org/taglibs/doc/standard-doc/intro.html Standard 1.1 is at least servlet 2.4 and Standard 1.0 is servlet 2.3 I downloaded the Standard 1.1 taglibs from here: http://jakarta.apache.org/site/downloads/downloads_taglibs-standard.cgi I'm reading the text from Oreily Java Server Pages and I'm trying to produce a jsp page using standard jsp:set/get actions, but I get an error message which I'm sure means I have the wrong taglib downloaded, or does it mean something else? javax.servlet.ServletException: Employee (Unsupported major.minor version 50.0) Leo Donahue
Re: servlet spec, taglibs, java sdk - which ones?
There's a very nice table right on the home page for tomcat letting you know what tomcat version supports what spec -- http://tomcat.apache.org/ --David Leo Donahue - PLANDEVX wrote: Looking here: http://tomcat.apache.org/whichversion.html - no problems, except we run Tomcat 5.0.28 and reading below in the site it says quote Apache Tomcat 5.5.x. It supports the same Servlet and JSP Specification versions as Apache Tomcat 5.0.x, /quote Which is what servlet spec version? I've figured out the taglib question: http://jakarta.apache.org/taglibs/doc/standard-doc/intro.html Standard 1.1 is at least servlet 2.4 and Standard 1.0 is servlet 2.3 I downloaded the Standard 1.1 taglibs from here: http://jakarta.apache.org/site/downloads/downloads_taglibs-standard.cgi I'm reading the text from Oreily Java Server Pages and I'm trying to produce a jsp page using standard jsp:set/get actions, but I get an error message which I'm sure means I have the wrong taglib downloaded, or does it mean something else? javax.servlet.ServletException: Employee (Unsupported major.minor version 50.0) Leo Donahue - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: servlet spec, taglibs, java sdk - which ones?
From: Leo Donahue - PLANDEVX [mailto:[EMAIL PROTECTED] Subject: servlet spec, taglibs, java sdk - which ones? quote Apache Tomcat 5.5.x. It supports the same Servlet and JSP Specification versions as Apache Tomcat 5.0.x, /quote Which is what servlet spec version? The one boldly displayed in the table on the Tomcat main page: http://tomcat.apache.org/ javax.servlet.ServletException: Employee (Unsupported major.minor version 50.0) You're trying to use a .class file built with a 1.6 JDK on a 1.5 JVM. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: servlet spec, taglibs, java sdk - which ones?
Yes I saw that, and like I mentioned in my email, I don't run Tomcat 5.5.x, I'm stuck using Tomcat 5.0.28 That table doesn't mention what spec Tomcat 5.0.x uses. Does it mean any version from 4.1.36 to 5.5.25 uses servlet spec 2.3 ? Leo Donahue -Original Message- From: David Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 06, 2008 9:08 AM To: Tomcat Users List Subject: Re: servlet spec, taglibs, java sdk - which ones? There's a very nice table right on the home page for tomcat letting you know what tomcat version supports what spec -- http://tomcat.apache.org/ --David Leo Donahue - PLANDEVX wrote: Looking here: http://tomcat.apache.org/whichversion.html - no problems, except we run Tomcat 5.0.28 and reading below in the site it says quote Apache Tomcat 5.5.x. It supports the same Servlet and JSP Specification versions as Apache Tomcat 5.0.x, /quote Which is what servlet spec version? I've figured out the taglib question: http://jakarta.apache.org/taglibs/doc/standard-doc/intro.html Standard 1.1 is at least servlet 2.4 and Standard 1.0 is servlet 2.3 I downloaded the Standard 1.1 taglibs from here: http://jakarta.apache.org/site/downloads/downloads_taglibs-standard.cgi I'm reading the text from Oreily Java Server Pages and I'm trying to produce a jsp page using standard jsp:set/get actions, but I get an error message which I'm sure means I have the wrong taglib downloaded, or does it mean something else? javax.servlet.ServletException: Employee (Unsupported major.minor version 50.0) Leo Donahue - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL rewriting and mod_jk
Hi Rainer, and thanks for your reply. The [PT] at the end of the line seems to be the 'trick'. I have another question: If the user enters: http://www.domainname.dk/news/news.jsp?id=5, is there then any way to force the url to change to: http://www.domainname.dk/news/news/5/ ? thanks, Lars Rainer Jung skrev: Hi Lars, most liekly you need to set the pass through flag PT for the rewrite rules. See also pass through in http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html Also: if you are using VirtualHosts, you need to put the JkMount into the VirtualHosts. Let us know, if that works. Regards, Rainer [EMAIL PROTECTED] wrote: Hi, when I use the following: Options +FollowSymLinks RewriteEngine on RewriteRule ^/news/([0-9]+)$ /news/$1/ [R] RewriteRule ^/news/([0-9]+)/$ /news.jsp?id=$1 and I use this URL: http://localhost/news/1 apache-tomcat displays the jsp-page - with source code (html and jsp code). I am using apache-2.2.8 and apache-tomcat-6.0.14 and mod_jk. JkAutoAlias/opt/apache-tomcat-6.0.14/webapps/domainname JkMount/*.jsp default JkMount/*.* default JkMount/servlet/* default As mentioned on several web sites I have loaded mod_jk before mod_rewrite. What is wrong? Thanks, Lars - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Inter-context communication
why don't you just create a singleton object, and stuff it in common/lib(5.5) or lib(6.0) and any web app can access it Filip Klaus Reimer wrote: Hello, For a special application setup I need fast inter-context communication. This means in web context A I need to call methods in web context B and I must be able to retrieve objects from there and send objects to it. It could be done using a remoting protocol like the Spring HttpInvoker stuff but isn't there an easier and faster solution which doesn't serialize and unserialize the whole communication? Both contexts always run inside the same tomcat installation so I have no need for real remote calls. I thought of the following solution: Define interfaces for the whole communication between the two web contexts and then define something like a service factory and put all this into the lib directory of tomcat so it's present in the common class-loader which is shared between both web contexts. Context A registers services using the global service factory and context B can get a reference to this registered service and then call methods on it. In detail I have three JAR/WAR files with the following example content: interface.jar (Goes into tomcats lib dir): ServiceFactory (Singleton which provides a setTestService and getTestService) TestService (Interface which defines the test service) contextA.war: TestServiceImpl (An implementation of TestService) contextB.war: TestServlet When contextA.war starts up it instantiates a TestServiceImpl and passes it to ServiceFactory.setTestService(). When TestServlet in contextB.war is called then it retrieves an instance of the TestService interface through the ServiceFactory.getTestService() method and then works with it. I tested this already and it seems to work fine but I just want to ask if this violates some classpath/security stuff in Java or Tomcat and may break in future versions. It should be noted that contextB NEVER works with classes which are defined in contextA (This wouldn't work because of the different classloaders). It ALWAYS works with interfaces defined in the global interface.jar. But the problematic part of the solution may be that contextA works with OBJECTS which were created in contextB. Or is there a better solution which doesn't mean using EJB or JMS or remoting protocols or any other stuff which requires serializing and deserializing data? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Inter-context communication
Filip Hanik - Dev Lists wrote: why don't you just create a singleton object, and stuff it in common/lib(5.5) or lib(6.0) and any web app can access it That's fine if it's just a connector-like object (as I've described in my mail). But having the WHOLE stuff which is going to be in contextA in a single JAR which must be manually copied to the lib dir is not a nice solution because hot deployment with Eclispe doesn't work then (As far as I know it can only hot deploy web archives into tomcat). -- Bye, K http://www.ailis.de/~k/ [A735 47EC D87B 1F15 C1E9 53D3 AA03 6173 A723 E391] (Finger [EMAIL PROTECTED] to get public key) signature.asc Description: OpenPGP digital signature
[OT] Re: URL rewriting and mod_jk
Hi lars, you can match against QUERY_STRING in RewriteCond and then use the match via %N in the replacement part of the RewriteRule. See QUERY_STRING and %N in the docs page of mod_rewrite. For more special mod_rewrite questions not directly related to mod_jk or Tomcat interoperability, the httpd user list would be a better place. Regards, Rainer Lars Nielsen Lind wrote: Hi Rainer, and thanks for your reply. The [PT] at the end of the line seems to be the 'trick'. I have another question: If the user enters: http://www.domainname.dk/news/news.jsp?id=5, is there then any way to force the url to change to: http://www.domainname.dk/news/news/5/ ? thanks, Lars Rainer Jung skrev: Hi Lars, most liekly you need to set the pass through flag PT for the rewrite rules. See also pass through in http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html Also: if you are using VirtualHosts, you need to put the JkMount into the VirtualHosts. Let us know, if that works. Regards, Rainer [EMAIL PROTECTED] wrote: Hi, when I use the following: Options +FollowSymLinks RewriteEngine on RewriteRule ^/news/([0-9]+)$ /news/$1/ [R] RewriteRule ^/news/([0-9]+)/$ /news.jsp?id=$1 and I use this URL: http://localhost/news/1 apache-tomcat displays the jsp-page - with source code (html and jsp code). I am using apache-2.2.8 and apache-tomcat-6.0.14 and mod_jk. JkAutoAlias/opt/apache-tomcat-6.0.14/webapps/domainname JkMount/*.jsp default JkMount/*.* default JkMount/servlet/* default As mentioned on several web sites I have loaded mod_jk before mod_rewrite. What is wrong? Thanks, Lars - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Performace problem when invoking RMI call from Tomcat Servlet
Hello all, I'm running a Servlet under Tomcat 5.5.23 (CentOS 5), reside on host H1. This servlet invokes a RMI method ( f() ) on an object found on remote host (H2). The duration of f() when running on H1 is about 5 ms. Somehow, the duration of the invocation in the servlet is about 30ms. Invoking the remote method by Junit from the same machine the servlet resides on (H1), gave result of about 10ms, which I guess include the latency of the network itself. Can someone help me please with any direction how can I track down the problem? Any configuration issue I missed? Thanks, Barak.
Re: Inter-context communication
Klaus Reimer wrote: Filip Hanik - Dev Lists wrote: why don't you just create a singleton object, and stuff it in common/lib(5.5) or lib(6.0) and any web app can access it That's fine if it's just a connector-like object (as I've described in my mail). But having the WHOLE stuff which is going to be in contextA in a single JAR which must be manually copied to the lib dir is not a nice solution because hot deployment with Eclispe doesn't work then (As far as I know it can only hot deploy web archives into tomcat). not sure why you would need to go down the route of putting everything into a single jar and copy it to lib. as you have it is just fine, except one would question why TestServiceImpl is not in the lib as well, do you need to hot deploy test service impl? Filip - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Freez
once you know the PID number. On Windows, use Task Manager or netstat -ao to find that. Another handy way to get it is to run JAVA_HOME/bin/jps - which prints out the PID's of all java procs running on the machine (Tomcat's will be the one that says Bootstrap next to it) Chris -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 06, 2008 7:10 AM To: Tomcat Users List Subject: RE: Tomcat Freez From: David Delbecq [mailto:[EMAIL PROTECTED] Subject: Re: Tomcat Freez Getting Threaddump on windows requires you, if i remember well, to type ctrl-z in the tomcat console. It's ctrl-break, not ctrl-z. Also, you can use the JDK jstack utility to get a thread dump of any JVM running on the same box, once you know the PID number. On Windows, use Task Manager or netstat -ao to find that. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Status report
I am new to tomcat and would like to know a thing. am having tomcat 6. it has a status manager that gives reports on the inbuilt examples within tomcat when executed. for example when i execute helloworld the processingtime,threadcount and things like these are shown. will these be written to an log file -- View this message in context: http://www.nabble.com/Status-report-tp15309794p15309794.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Inter-context communication
Filip Hanik - Dev Lists wrote: not sure why you would need to go down the route of putting everything into a single jar and copy it to lib. as you have it is just fine, except one would question why TestServiceImpl is not in the lib as well, do you need to hot deploy test service impl? Yes. And a lot more service implementations. The example setup described in my mail is just a simple example (With just a simple test service). The whole picture would be a complex backend project which handles business logic and persistence and multiple lightweight frontend webs using this backend. Putting all the backend stuff into a JAR and placing it in the lib directory would definitely work but isn't nice for development because it does not allow hot deployment. Having just the interfaces and a service factory in the lib directory would be better because then changes to the backend implementation stuff could be hot-deployed. Interface changes still need a redeployment of the interface JAR file and a tomcat restart but hopefully the interfaces will not change often. (A solution which works without a global interface library would be even nicer though...) -- Bye, K http://www.ailis.de/~k/ [A735 47EC D87B 1F15 C1E9 53D3 AA03 6173 A723 E391] (Finger [EMAIL PROTECTED] to get public key) signature.asc Description: OpenPGP digital signature
RE: Status report
From: Raghavan_sat [mailto:[EMAIL PROTECTED] Subject: Status report for example when i execute helloworld the processingtime, threadcount and things like these are shown. will these be written to an log file I'm not aware of anything to do that within Tomcat itself, but this should do it: http://moskito.anotheria.net/ If you want to roll your own, look here: http://localhost:8080/docs/manager-howto.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and Apache mod_jk For Failover
I am trying to set up a cluster of Tomcat servers where they replicate session btwn the tomcat servers. My questions are: 1) For failover, if I am using apache/mod_jk as a load balancer, will it automatically detect if one of the members in the cluster is down and not route requests to it? 2) Are there any issues assoicated with SSL and apache as the load balancer? 3) Are there performance gains by using Apache/mod_jk as the load balancer, or should I just use another Tomcat instance and the balancer web app? Thanks,Jim
Re: Inter-context communication
Klaus Reimer wrote: Filip Hanik - Dev Lists wrote: not sure why you would need to go down the route of putting everything into a single jar and copy it to lib. as you have it is just fine, except one would question why TestServiceImpl is not in the lib as well, do you need to hot deploy test service impl? Yes. And a lot more service implementations. The example setup described in my mail is just a simple example (With just a simple test service). The whole picture would be a complex backend project which handles business logic and persistence and multiple lightweight frontend webs using this backend. it's all doable, but you need to know your way around class loaders. this might just be overkill in terms of complexity, more likely, you are creating more problems and bugs for yourself. Putting all the backend stuff into a JAR and placing it in the lib directory would definitely work but isn't nice for development because it does not allow hot deployment. Having just the interfaces and a service factory in the lib directory would be better because then changes to the backend implementation stuff could be hot-deployed. Interface changes still need a redeployment of the interface JAR file and a tomcat restart but hopefully the interfaces will not change often. (A solution which works without a global interface library would be even nicer though...) Just plug in JMS. That would be the easiest, most implementations, like ActiveMQ, optimize it by using in-VM transport, removing the overhead of serialization. plugging in an external framework would definitely be my personal recommendation. Filip - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performace problem when invoking RMI call from Tomcat Servlet
could be either a DNS lookup timeout, or some other network latency. Filip Barak Yaish wrote: Hello all, I'm running a Servlet under Tomcat 5.5.23 (CentOS 5), reside on host H1. This servlet invokes a RMI method ( f() ) on an object found on remote host (H2). The duration of f() when running on H1 is about 5 ms. Somehow, the duration of the invocation in the servlet is about 30ms. Invoking the remote method by Junit from the same machine the servlet resides on (H1), gave result of about 10ms, which I guess include the latency of the network itself. Can someone help me please with any direction how can I track down the problem? Any configuration issue I missed? Thanks, Barak. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.20/1262 - Release Date: 2/6/2008 9:13 AM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performace problem when invoking RMI call from Tomcat Servlet
is it only the first request that lasts longer, or each request? regards leon On Feb 6, 2008 7:01 PM, Barak Yaish [EMAIL PROTECTED] wrote: Hello all, I'm running a Servlet under Tomcat 5.5.23 (CentOS 5), reside on host H1. This servlet invokes a RMI method ( f() ) on an object found on remote host (H2). The duration of f() when running on H1 is about 5 ms. Somehow, the duration of the invocation in the servlet is about 30ms. Invoking the remote method by Junit from the same machine the servlet resides on (H1), gave result of about 10ms, which I guess include the latency of the network itself. Can someone help me please with any direction how can I track down the problem? Any configuration issue I missed? Thanks, Barak. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Performace problem when invoking RMI call from Tomcat Servlet
So why there is a difference in the latency when invoking the method from Junit and from the servlet? -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 06, 2008 9:08 PM To: Tomcat Users List Subject: Re: Performace problem when invoking RMI call from Tomcat Servlet could be either a DNS lookup timeout, or some other network latency. Filip Barak Yaish wrote: Hello all, I'm running a Servlet under Tomcat 5.5.23 (CentOS 5), reside on host H1. This servlet invokes a RMI method ( f() ) on an object found on remote host (H2). The duration of f() when running on H1 is about 5 ms. Somehow, the duration of the invocation in the servlet is about 30ms. Invoking the remote method by Junit from the same machine the servlet resides on (H1), gave result of about 10ms, which I guess include the latency of the network itself. Can someone help me please with any direction how can I track down the problem? Any configuration issue I missed? Thanks, Barak. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.20/1262 - Release Date: 2/6/2008 9:13 AM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Performace problem when invoking RMI call from Tomcat Servlet
The first request takes much longer (~100 ms) the than the other requests (~25-30 ms), but still, the duration of the method running on H2 is only 5 ms. Again, invoking the method remotely by junit gives 10 ms. Is there something I'm doing wrong? In addition, when accessing the servlet more than one concurrent request, the times of invocation getting worse, while the duration of the method its keeps being ~5 ms... -Original Message- From: Leon Rosenberg [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 06, 2008 9:25 PM To: Tomcat Users List Subject: Re: Performace problem when invoking RMI call from Tomcat Servlet is it only the first request that lasts longer, or each request? regards leon On Feb 6, 2008 7:01 PM, Barak Yaish [EMAIL PROTECTED] wrote: Hello all, I'm running a Servlet under Tomcat 5.5.23 (CentOS 5), reside on host H1. This servlet invokes a RMI method ( f() ) on an object found on remote host (H2). The duration of f() when running on H1 is about 5 ms. Somehow, the duration of the invocation in the servlet is about 30ms. Invoking the remote method by Junit from the same machine the servlet resides on (H1), gave result of about 10ms, which I guess include the latency of the network itself. Can someone help me please with any direction how can I track down the problem? Any configuration issue I missed? Thanks, Barak. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disable low grade encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, Max Sevenfold wrote: | compression=on | compressionMinSize=2048 | noCompressionUserAgents=gozilla, traviata | compressableMimeType=text/html,text/xml,text/javascript,text/css,text/javascript,text/plain Try removing this compression stuff while you get your cipher working. | ciphers=TLS_RSA_WITH_AES_256_CBC_SHA |keystoreFile=conf/keystore You should definitely use a full path to your keystore. | JAVA_OPTS=$JAVA_OPTS -Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA Have you checked that SSLSocket.getEnabledCipherSuites returns this particular cipher suite? From the javadoc, setting the cipher suite arbitrarily could fail: http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String[]) For instance, when I run this simple program from my command line: import java.util.Arrays; import javax.net.ssl.SSLSocketFactory; public class CipherSuites { ~public static void main(String[] args) ~{ ~SSLSocketFactory sslsf = (SSLSocketFactory)SSLSocketFactory.getDefault(); ~String[] ciphers = sslsf.getDefaultCipherSuites(); ~Arrays.sort(ciphers); ~for(int i=0; iciphers.length; ++i) ~System.out.println(ciphers[i]); ~} } ...it emits the following output: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA Since your desired cipher does not appear in the list of ciphers, it is unavailable and your preferences will be ignored. You may have a different set of cipher suites available (mine comes from ~ the Linux build of Sun's 1.5.0_13 JRE), but I think you have to pick something you actually have. It's also possible that Tomcat comes with additional cipher suites. I don't know enough about Tomcat to know where those libraries are or how to configure them such that this small demo program could pick them up. You could always run this thing in a JSP and see what it gives you. Then you'll know what your options are for use with Tomcat. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkeqE/4ACgkQ9CaO5/Lv0PD5AwCfcnlb//GcKGAJtphFTjbmR73a XUMAnAmtNkqc+Clc42q1yz+lhZh99yIB =0eAv -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to avoid session fixation?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christoph, Christoph Lenggenhager wrote: | I'm currently trying to find a way to fight Session Fixation | (http://www.owasp.org/index.php/Session_Fixation) in tomcat when using | the built -in mechanisms to authenticate users of a servlet. I don't believe that Tomcat suffers from this problem. Without trying it, I would imagine that a user cannot authenticate twice using the built-in mechanism. When a remote user requests a protected resource, Tomcat checks to see if the user has authenticated already. If she has, Tomcat checks for authorization. If the user is not authorized, the request is rejected. If the user was not authenticated, the user is challenged for authentication and the process picks up after authentication. If a login request comes in without Tomcat expecting it, the request is rejected. Ergo, there's no way to login once and then expect someone to login afterward. If you are using your own authenticator, then this could be a problem. | In the | environment in question, an own realm implementation is in place and | we use the SingleSignOn feature as well. Have you demonstrated this problem in your own environment? If so, how did you do it? | Or is it in fact not a problem at all? See above. | A common solution to fix the problem is to renew the session (or at | least it's id) right before/after the user is authenticated (i.e. in | the same request). I came up with a custom valve that kind of does the | job, but I'm really not sure whether this is the way to go or if I'm | messing too much with tomcat internals. I would make sure it's a problem first, and then fix it. This is interesting for the securityfilter project, which DOES allow drive-by logins. Hmm. I'll have to think about this one. Thanks! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkeqFawACgkQ9CaO5/Lv0PDMIQCfdE5LNfTtW1ZifQmW9us9QkuB qFEAnRkWyeRSII8qJ4noef5uzzQ6u6tl =YRiq -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disable low grade encryption
Chris, Thank You. I just got solution from colleague. I was going to post it here. Installing unlimited strength cryptography policy fixed the problem. Cipher I posted is from Java6. I think all Tomcats with SSL must be running with such policy now. May be it is good to post it to tomcats ssl docs. Thanks All, Max Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, Max Sevenfold wrote: | compression=on | compressionMinSize=2048 | noCompressionUserAgents=gozilla, traviata | compressableMimeType=text/html,text/xml,text/javascript,text/css,text/javascript,text/plain Try removing this compression stuff while you get your cipher working. | ciphers=TLS_RSA_WITH_AES_256_CBC_SHA |keystoreFile=conf/keystore You should definitely use a full path to your keystore. | JAVA_OPTS=$JAVA_OPTS -Dhttps.cipherSuites=TLS_RSA_WITH_AES_256_CBC_SHA Have you checked that SSLSocket.getEnabledCipherSuites returns this particular cipher suite? From the javadoc, setting the cipher suite arbitrarily could fail: http://java.sun.com/j2se/1.5.0/docs/api/javax/net/ssl/SSLSocket.html#setEnabledCipherSuites(java.lang.String[]) For instance, when I run this simple program from my command line: import java.util.Arrays; import javax.net.ssl.SSLSocketFactory; public class CipherSuites { ~public static void main(String[] args) ~{ ~SSLSocketFactory sslsf = (SSLSocketFactory)SSLSocketFactory.getDefault(); ~String[] ciphers = sslsf.getDefaultCipherSuites(); ~Arrays.sort(ciphers); ~for(int i=0; iciphers.length; ++i) ~System.out.println(ciphers[i]); ~} } ...it emits the following output: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA Since your desired cipher does not appear in the list of ciphers, it is unavailable and your preferences will be ignored. You may have a different set of cipher suites available (mine comes from ~ the Linux build of Sun's 1.5.0_13 JRE), but I think you have to pick something you actually have. It's also possible that Tomcat comes with additional cipher suites. I don't know enough about Tomcat to know where those libraries are or how to configure them such that this small demo program could pick them up. You could always run this thing in a JSP and see what it gives you. Then you'll know what your options are for use with Tomcat. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkeqE/4ACgkQ9CaO5/Lv0PD5AwCfcnlb//GcKGAJtphFTjbmR73a XUMAnAmtNkqc+Clc42q1yz+lhZh99yIB =0eAv -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disable low grade encryption
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, Max Sevenfold wrote: | Chris, | | Thank You. I just got solution from colleague. I was going to post it here. Yes, please post your solution, including complete instructions. Post it under a new thread so folks who haven't been reading this one will see it. Also, specifically suggest that this information be added to the SSL Howto. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkeqHj8ACgkQ9CaO5/Lv0PD6TgCcC+0nBSy8uk1m/AK2MeQbfvVK 8+kAnjqyqJccZLGF+nT3AOCrx6GWsZ/n =Toiz -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disable low grade encryption
Chris, I already posted solution. I had to set unlimited strength cryptography policy. Unlimited strength JCE is available from Sun on same download page as JDK. There are 2 jar files that must be copied in $JDK_HOME/jre/lib/secuirty It so simple. Regards, Max Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Max, Max Sevenfold wrote: | Chris, | | Thank You. I just got solution from colleague. I was going to post it here. Yes, please post your solution, including complete instructions. Post it under a new thread so folks who haven't been reading this one will see it. Also, specifically suggest that this information be added to the SSL Howto. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkeqHj8ACgkQ9CaO5/Lv0PD6TgCcC+0nBSy8uk1m/AK2MeQbfvVK 8+kAnjqyqJccZLGF+nT3AOCrx6GWsZ/n =Toiz -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Apache mod_jk For Failover
Hi James, James Ellis schrieb: I am trying to set up a cluster of Tomcat servers where they replicate session btwn the tomcat servers. My questions are: 1) For failover, if I am using apache/mod_jk as a load balancer, will it automatically detect if one of the members in the cluster is down and not route requests to it? Yes, if the problem is formally detectable, e.g. network problems, no responses etc. What problems get detected depends much on configuration. Have a look at http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html and for a complete list of attributes at http://tomcat.apache.org/connectors-doc/reference/workers.html You should configure a status worker, such that you can inspect your load balancer status via a HTML GUI. See http://tomcat.apache.org/connectors-doc/reference/status.html 2) Are there any issues assoicated with SSL and apache as the load balancer? Not that I'm aware of, but maybe I don't get the point. Usually you terminate SSL on httpd and then simply use AJP13 as a protocol between mod_jk and Tomcat. More or less it's the only protocol mod_jk speaks. The module then automatically tells Tomcat, if the original request was coming in via http or https. 3) Are there performance gains by using Apache/mod_jk as the load balancer, or should I just use another Tomcat instance and the balancer web app? More often performance is not the key decision criterion. I assume the balancer webapp is not really production grade, but others might correct me here. To choose the right load balancing solution, you have to decide which people should administer and troubleshoot it, and which technology best fits their skills (network appliances, Apache web server with mod_jk, ...). Also: if you do clustering, you might be concerned about availability. The load balancer itself is a single point of failure, unless you implement some redunfdancy in that layer to. Thanks,Jim Regaqrds, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Custom 404 for non-existant contexts?
Is there a way to create a custom 404 error page for Tomcat for non-existant context paths? I know how to create a custom 404 error page within my application, but am running into an issue while I am redeploying my application. The users are able to access Tomcat, but since my application/context isn't yet deployed they are getting Tomcat's standard 404 error page and freak out. Is there anything I can do to customize it and make it a little more user friendly? Thanks, Eric - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and Apache mod_jk For Failover
Rainer, Thanks for your feedback: Also: if you do clustering, you might be concerned about availability. The load balancer itself is a single point of failure, unless you implement some redunfdancy in that layer to. That's another concern I have. I was thinking of Linux HA - although I have never used it so I'm hoping its not that difficult to setup/administer. Date: Wed, 6 Feb 2008 22:33:39 +0100 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: Tomcat and Apache mod_jk For Failover Hi James, James Ellis schrieb: I am trying to set up a cluster of Tomcat servers where they replicate session btwn the tomcat servers. My questions are:1) For failover, if I am using apache/mod_jk as a load balancer, will it automatically detect if one of the members in the cluster is down and not route requests to it? Yes, if the problem is formally detectable, e.g. network problems, no responses etc. What problems get detected depends much on configuration. Have a look at http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html and for a complete list of attributes at http://tomcat.apache.org/connectors-doc/reference/workers.html You should configure a status worker, such that you can inspect your load balancer status via a HTML GUI. See http://tomcat.apache.org/connectors-doc/reference/status.html 2) Are there any issues assoicated with SSL and apache as the load balancer? Not that I'm aware of, but maybe I don't get the point. Usually you terminate SSL on httpd and then simply use AJP13 as a protocol between mod_jk and Tomcat. More or less it's the only protocol mod_jk speaks. The module then automatically tells Tomcat, if the original request was coming in via http or https. 3) Are there performance gains by using Apache/mod_jk as the load balancer, or should I just use another Tomcat instance and the balancer web app? More often performance is not the key decision criterion. I assume the balancer webapp is not really production grade, but others might correct me here. To choose the right load balancing solution, you have to decide which people should administer and troubleshoot it, and which technology best fits their skills (network appliances, Apache web server with mod_jk, ...). Also: if you do clustering, you might be concerned about availability. The load balancer itself is a single point of failure, unless you implement some redunfdancy in that layer to. Thanks,Jim Regaqrds, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and Apache mod_jk For Failover
Hello, webmin has the HA monitor module that helps with setup and config on Linux boxes. James Ellis wrote .. Rainer, Thanks for your feedback: Also: if you do clustering, you might be concerned about availability. The load balancer itself is a single point of failure, unless you implement some redunfdancy in that layer to. That's another concern I have. I was thinking of Linux HA - although I have never used it so I'm hoping its not that difficult to setup/administer. Date: Wed, 6 Feb 2008 22:33:39 +0100 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: Tomcat and Apache mod_jk For Failover Hi James, James Ellis schrieb: I am trying to set up a cluster of Tomcat servers where they replicate session btwn the tomcat servers. My questions are:1) For failover, if I am using apache/mod_jk as a load balancer, will it automatically detect if one of the members in the cluster is down and not route requests to it? Yes, if the problem is formally detectable, e.g. network problems, no responses etc. What problems get detected depends much on configuration. Have a look at http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html and for a complete list of attributes at http://tomcat.apache.org/connectors-doc/reference/workers.html You should configure a status worker, such that you can inspect your load balancer status via a HTML GUI. See http://tomcat.apache.org/connectors-doc/reference/status.html 2) Are there any issues assoicated with SSL and apache as the load balancer? Not that I'm aware of, but maybe I don't get the point. Usually you terminate SSL on httpd and then simply use AJP13 as a protocol between mod_jk and Tomcat. More or less it's the only protocol mod_jk speaks. The module then automatically tells Tomcat, if the original request was coming in via http or https. 3) Are there performance gains by using Apache/mod_jk as the load balancer, or should I just use another Tomcat instance and the balancer web app? More often performance is not the key decision criterion. I assume the balancer webapp is not really production grade, but others might correct me here. To choose the right load balancing solution, you have to decide which people should administer and troubleshoot it, and which technology best fits their skills (network appliances, Apache web server with mod_jk, ...). Also: if you do clustering, you might be concerned about availability. The load balancer itself is a single point of failure, unless you implement some redunfdancy in that layer to. Thanks,Jim Regaqrds, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Custom 404 for non-existant contexts?
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Eric B. Subject: Custom 404 for non-existant contexts? Is there a way to create a custom 404 error page for Tomcat for non-existant context paths? What happens if you declare a custom error page for the ROOT (default) webapp? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to avoid session fixation?
Sorry Christopher, but i tried at work, it's very easy to force a user to use a specific sessionid, and later use yourself that session id to gain that user's credential, and for the whole session there is only one login, the one from the user you attempt to hijack. As such, tomcat is vulnerable to session fixation issues. Tomcat does not check where the session originates from (IP of requester is not associated with session). By passing a ;jssessionid= to a url and asking someone to check something on that url, you can, after that user logged in, use yourself the same url to gain that user's credential. Note: we use tomcat 5.5.7, maybe this has been fixed in later versions Christopher Schultz a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christoph, Christoph Lenggenhager wrote: | I'm currently trying to find a way to fight Session Fixation | (http://www.owasp.org/index.php/Session_Fixation) in tomcat when using | the built -in mechanisms to authenticate users of a servlet. I don't believe that Tomcat suffers from this problem. Without trying it, I would imagine that a user cannot authenticate twice using the built-in mechanism. When a remote user requests a protected resource, Tomcat checks to see if the user has authenticated already. If she has, Tomcat checks for authorization. If the user is not authorized, the request is rejected. If the user was not authenticated, the user is challenged for authentication and the process picks up after authentication. If a login request comes in without Tomcat expecting it, the request is rejected. Ergo, there's no way to login once and then expect someone to login afterward. If you are using your own authenticator, then this could be a problem. | In the | environment in question, an own realm implementation is in place and | we use the SingleSignOn feature as well. Have you demonstrated this problem in your own environment? If so, how did you do it? | Or is it in fact not a problem at all? See above. | A common solution to fix the problem is to renew the session (or at | least it's id) right before/after the user is authenticated (i.e. in | the same request). I came up with a custom valve that kind of does the | job, but I'm really not sure whether this is the way to go or if I'm | messing too much with tomcat internals. I would make sure it's a problem first, and then fix it. This is interesting for the securityfilter project, which DOES allow drive-by logins. Hmm. I'll have to think about this one. Thanks! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkeqFawACgkQ9CaO5/Lv0PDMIQCfdE5LNfTtW1ZifQmW9us9QkuB qFEAnRkWyeRSII8qJ4noef5uzzQ6u6tl =YRiq -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to avoid session fixation?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, david delbecq wrote: | Sorry Christopher, but i tried at work, it's very easy to force a user | to use a specific sessionid, and later use yourself that session id to | gain that user's credential, and for the whole session there is only one | login, the one from the user you attempt to hijack. Right, I knew that Tomcat was vulnerable to session hijacking. | As such, tomcat is | vulnerable to session fixation issues. Tomcat does not check where the | session originates from (IP of requester is not associated with | session). By passing a ;jssessionid= to a url and asking someone to | check something on that url, you can, after that user logged in, use | yourself the same url to gain that user's credential. Perhaps I misread the Session Fixation idea. I thought it was: 1. Login as a low-privileged user 2. Return that browser to the login page without logging-out 3. Convince a higher-privileged user to login using the same session 4. Hijack the session in another browser I believe this scenario is not possible in Tomcat due to the restrictions I outlined in my previous message. On the other hand, skipping #1 and /not/ logging-in as a a lowly user first /will/ allow session hijacking. I believe the only way to prevent Session Fixation is to switch-up sessions at authentication time. I suppose a container-based implementation could change the id of the session and keep the physical session in-tact. Non-container strategies would have to move any relevant data from the untrusted session to the newly created session. That might have odd consequences for objects that implement SessionBindingListener and expect that removal from a session is the end of the session. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEUEARECAAYFAkeqOkAACgkQ9CaO5/Lv0PDDFACeJKbBCBe5Wu762rofwzJ5GyYJ 1q0AmN3QOhYEFasvmKFaVa+SiBo= =4j+K -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to avoid session fixation? [securityfilter-specific response]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Christopher Schultz wrote: | This is interesting for the securityfilter project, which DOES allow | drive-by logins. Hmm. I'll have to think about this one. Thanks! I checked, and a login attempt on an existing authenticated session results in securityfilter destroying the existing session and creating a new one for the new login. Existing sessions with NO authentication information are preserved, which means that securityfilter is also vulnerable to Session Fixation (which is essentially informed-session-hijacking). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkeqOz8ACgkQ9CaO5/Lv0PDDWwCfcBx1ICpXnE15Wjb+H/H8l/qm HN0An2Reti6iy5ryEqRaIY1gbb6Vc3Gt =hjZf -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom 404 for non-existant contexts?
Caldarale, Charles R [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Subject: Custom 404 for non-existant contexts? Is there a way to create a custom 404 error page for Tomcat for non-existant context paths? What happens if you declare a custom error page for the ROOT (default) webapp? Yeah - that's pretty much the only thing I managed to figure out. I updated the conf/web.xml file to include error-page error-code503/error-code location/error/maintenance.html/location /error-page and put the /error/maintenance.html in the ROOT directory. Of course, the ugly part about this is that a) /error/maintenance.html is now accessible through my root app (unless otherwise protected), and I need to have a separate ROOT/error/maintenance.html for each individual Tomcat instance. I was hoping to be able to centralize the error msgs (as in httpd), but didn't have any success. I tried using a symlink to point my error/ folder to a central location, but Tomcat didn't follow the link. Not the prettiest soln, but functional. Would be nice if I could make it nicer tho. Thanks, Eric - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom 404 for non-existant contexts?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric, Eric B. wrote: | Caldarale, Charles R [EMAIL PROTECTED] wrote in message | news:[EMAIL PROTECTED] | Subject: Custom 404 for non-existant contexts? | | Is there a way to create a custom 404 error page for Tomcat | for non-existant context paths? | | What happens if you declare a custom error page for the ROOT (default) | webapp? | | Yeah - that's pretty much the only thing I managed to figure out. I updated | the conf/web.xml file to include |error-page | error-code503/error-code | location/error/maintenance.html/location | /error-page Note that you have modified the default web.xml for all webapps, and not the ROOT webapp. This may have unintended consequences for other web applications. | and put the /error/maintenance.html in the ROOT directory. If you have a ROOT directory, why not use ROOT/WEB-INF/web.xml instead of hacking the site-wide defaults? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkeqP4kACgkQ9CaO5/Lv0PDiegCfd31lEnt3hmfoV2oxBAgKAOPv idMAn1MpbGilhVIDY86VC2dszx36ncvQ =kjW0 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: proxy trouble
It is browser configuration issue. You should add 172.168.0.15 or 172.168.0.* to the list of not-proxied servers in your browser. In Internet Explorer look where the proxy is configured (on the Connections tab), and there is Advanced... button. Click it to open advanced proxies configuration dialog. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
QUESTION: How do I change JSESSIONID to something else?
thanks, greg - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performace problem when invoking RMI call from Tomcat Servlet
check with pathping FQDNOrIPAddressOfServer HTH Martin - Original Message - From: Filip Hanik - Dev Lists [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, February 06, 2008 2:08 PM Subject: Re: Performace problem when invoking RMI call from Tomcat Servlet could be either a DNS lookup timeout, or some other network latency. Filip Barak Yaish wrote: Hello all, I'm running a Servlet under Tomcat 5.5.23 (CentOS 5), reside on host H1. This servlet invokes a RMI method ( f() ) on an object found on remote host (H2). The duration of f() when running on H1 is about 5 ms. Somehow, the duration of the invocation in the servlet is about 30ms. Invoking the remote method by Junit from the same machine the servlet resides on (H1), gave result of about 10ms, which I guess include the latency of the network itself. Can someone help me please with any direction how can I track down the problem? Any configuration issue I missed? Thanks, Barak. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.20/1262 - Release Date: 2/6/2008 9:13 AM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performace problem when invoking RMI call from Tomcat Servlet
cause you probably start the JVM running junit with different start up params than the one running the servlet container filip Barak Yaish wrote: So why there is a difference in the latency when invoking the method from Junit and from the servlet? -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 06, 2008 9:08 PM To: Tomcat Users List Subject: Re: Performace problem when invoking RMI call from Tomcat Servlet could be either a DNS lookup timeout, or some other network latency. Filip Barak Yaish wrote: Hello all, I'm running a Servlet under Tomcat 5.5.23 (CentOS 5), reside on host H1. This servlet invokes a RMI method ( f() ) on an object found on remote host (H2). The duration of f() when running on H1 is about 5 ms. Somehow, the duration of the invocation in the servlet is about 30ms. Invoking the remote method by Junit from the same machine the servlet resides on (H1), gave result of about 10ms, which I guess include the latency of the network itself. Can someone help me please with any direction how can I track down the problem? Any configuration issue I missed? Thanks, Barak. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.19.20/1262 - Release Date: 2/6/2008 9:13 AM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom 404 for non-existant contexts?
you;d have to custom do it http://people.apache.org/~fhanik/covalent-error-report-valve.jar Filip Eric B. wrote: Is there a way to create a custom 404 error page for Tomcat for non-existant context paths? I know how to create a custom 404 error page within my application, but am running into an issue while I am redeploying my application. The users are able to access Tomcat, but since my application/context isn't yet deployed they are getting Tomcat's standard 404 error page and freak out. Is there anything I can do to customize it and make it a little more user friendly? Thanks, Eric - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: QUESTION: How do I change JSESSIONID to something else?
I'm not sure whether you mean the cookie or the URL parameter, but the answer is the same in both cases: Change the constant in the code and re-compile Tomcat. There's no other way that I can see. -- Len On Feb 6, 2008 10:15 PM, Gregory Gerard [EMAIL PROTECTED] wrote: thanks, greg - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom 404 for non-existant contexts?
| | Is there a way to create a custom 404 error page for Tomcat | for non-existant context paths? | | What happens if you declare a custom error page for the ROOT (default) | webapp? | | Yeah - that's pretty much the only thing I managed to figure out. I updated | the conf/web.xml file to include |error-page | error-code503/error-code | location/error/maintenance.html/location | /error-page Note that you have modified the default web.xml for all webapps, and not the ROOT webapp. This may have unintended consequences for other web applications. | and put the /error/maintenance.html in the ROOT directory. If you have a ROOT directory, why not use ROOT/WEB-INF/web.xml instead of hacking the site-wide defaults? Hmmm - good question. Don't know why I didn't think of that. Would just modifying the ROOT/WEB-INF/web.xml work? I expected that I needed to modify the entire site's defaults since I didn't think that the root would suffice, but now that I think about it, your suggestion does sound much more logical. FYI, I did run a couple of tests to see if the site-wide would conflict with an individual application, but it seems that the individual application's settings will override it - however, only if specified. If not specified, then I can indeed forsee additional confusion occuring. Will take another look at that tomorrow. Thanks, Eric - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Custom 404 for non-existant contexts?
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Eric B. Subject: Re: Custom 404 for non-existant contexts? Would just modifying the ROOT/WEB-INF/web.xml work? It should, since any unmatched context paths are given to the default app for processing (and usually a 404). This is different than creating a customized error page for a context that fails to deploy properly, which is what Filip's valve takes care of in addition to the non-existant context. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: proxy trouble
Konstantin Kolinko wrote: It is browser configuration issue. You should add 172.168.0.15 or 172.168.0.* to the list of not-proxied servers in your browser. In Internet Explorer look where the proxy is configured (on the Connections tab), and there is Advanced... button. Click it to open advanced proxies configuration dialog. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] thanx for your time but it did not work adding tomcat server address (172.168.0.15) to non proxified server stop the tomcat services but my internet is running well on the main proxy 172.168.0.1 172.168.0.* didn't work either -- View this message in context: http://www.nabble.com/proxy-trouble-tp15306005p15327824.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
catalina.out is not reloading
Hi, whenever I restart the tomcat in linux, the file ' catalina.out ' is not automatically reloading just like the file ' std.out ' does in windows. ' catalina.out ' file containing all the 'System.out ' statements printed from the day tomcat was installed in my linux system. Please tell me a solution so that the file ' catalina.out ' gets reloaded for each and every time I made change in WEB UI. -Persistence
Re: QUESTION: How do I change JSESSIONID to something else?
that fits with what I saw as well. A follow up question for 100: why does the spec define this at all and why does Tomcat not let me work around it when it happily lets me violate other parts of the spec? greg Len Popp wrote: I'm not sure whether you mean the cookie or the URL parameter, but the answer is the same in both cases: Change the constant in the code and re-compile Tomcat. There's no other way that I can see. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]