Re: Moving from a very old Tomcat to a new Tomcat.
André Warnier wrote: Pid wrote: Tomcat Wiki? However, in the upper left corner appears the legend Immutable page, and I don't seem to find any button, link or whatever allowing me to edit the page in question, add an item, whatever. Am I using the wrong page ? You are in the right place. You need to login / create an account before you can edit the wiki but anyone is free to create an account. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Farm War Deployer / Deploment Strategies
- Original Message - From: Theparanoidone Theparanoidone [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Thursday, June 12, 2008 9:14 PM Subject: Farm War Deployer / Deploment Strategies Hola~ I'm looking for an efficient way to deploy a tomcat project to 2 or more tomcat servers simultaneously. Changes to are tomcat project may affect the way it communicates with a database, and therefore we'd like to make sure the deployment takes place swiftly. What are some of the better ways to deploy a project to multiple servers??? With JK, the right way is from JKStatus, stop the servers. Change dB Then deploy new war... Then bring them back one by one If its not JK, then I guess you have to stop them from the manager/html If that dB change, is huge and needs translating/restructuring... thats the big down time. dB's are always a mission, you end up wrting a lot of script, or little util programs to make the change go as fast as possible. When its just a content change, we just drop the wars in and let each tomcat wake itself up and do the change when its ready. Not sure if we doing it right, but have had no problems. Have fun... --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
WEB application with JNI Object for LB
Hi Using the APACHE HTTP 2.X server + Modjk + TOMCAT6.1.14 ( 2 nos) + JDK1.6 + HP UNIX11 i Question : Would this work for LB / Sticky Session across Tomcats in cluster ? Have a web application with JNI Object ( Java to c++ by Os HP-Unix ) on Socket ( Tcp/ Ip ) for accessing some Data for validation over the WEB. with regards KARTHIK - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Dynamic ResourceBundle clearCache()
We are trying to build functionality into our website so a website administrator can update the properties file which contains the webpage display strings without stopping the website. He would do this through an administrative webpage. The code (excerpted below) works fine when we step through the code when running Tomcat (5.5, Java 6) under Eclipse. However, if we put it in a war file and run it in Tomcat, the clearCache() appears to have no effect. We think it should have caused jstl to re-read the properties file. We can see that the properties file is getting re-written. However the string value displayed on the page doesn't change. If we restart Tomcat, then the new string value takes effect, but that obviously doesn't work in the long run. There is a comment that it clears the properties files for any properties files that have been read in with the current ClassLoader. But we aren't sure what ClassLoader to specify if it's not the current one. Does anyone have any idea why this might not work or an alternative suggestion on how to do what we want to do? File propertiesFile = new File(myproperty.properties); Properties p = new Properties(); FileReader fr = new FileReader(propertiesFile); p.load(fr); fr.close(); p.setProperty(my.key, the string); FileWriter fw = new FileWriter(propertiesFile); p.store(fw, ); fw.flush(); fw.close(); ResourceBundle.clearCache(); PropertyResourceBundle rb = (PropertyResourceBundle) ResourceBundle.getBundle(myproperty); PropertyResourceBundle.clearCache(); Config.set(ses.getServletContext(), Config.FMT_LOCALIZATION_CONTEXT, new LocalizationContext(rb));
Re: Tomcat 5.5 caseSensitive=false and work dir problem
I have implemented the all lowercase filter solution, which does the job nicely. However, there is still one issue.. jsp:forwards don't go through the filter chain, so when the forward page contains uppercase characters, a file is created in the work dir with the uppercase character(s) in it. Then, when a normal request via the browser is done to the same forward page, Tomcat throws a NoClassDefFound exception because of a wrong name of the temp file. As an example, we have two jsp's: - pageA.jsp (with a jsp:forward to pageB.jsp) - pageB.jsp Now, when we do this: - request pageA.jsp in the browser (two temp files are created in the work dir, pagea_jsp.class (lowercase 'a' because of the filter) and pageB_jsp.class) - request pageB.jsp in the browser - NoClassDefFound exception because Tomcat is looking for pageb_jsp.class I think Leon's suggested mapper solution would solve this problem for the most part, but a mapper which is actually a complete file system tree seems rather disk/cpu intensive to me. Can anyone think of another solution for the jsp:forward problem in this case? Leon Rosenberg-3 wrote: On Mon, May 26, 2008 at 3:59 PM, Jesse Klaasse [EMAIL PROTECTED] wrote: Only thing I can think of now is to write a servlet filter which converts all request URLs to lowercase.. But I am kind of hoping for a more elegant solution. Personally I find your solution elegant :-) It would be maybe even more 'elegant' if you map your lowercase url via some mapping to the real name of the jsp internally, like: request EcHoSesSion - Filter = echosession - Mapper = EchoSession.jsp Of course the mapper has to be configured (or browse the file system) to determine the jsps real name. Alternatively you could rename all your jsps to lowercase and forget about the mapper. The advantage of the mapper (or the internal case-sensitivity) is that you webapp remains working on non-windows platforms... just in case, remember: write once, run anywhere :-) -- View this message in context: http://www.nabble.com/Tomcat-5.5-caseSensitive%3Dfalse-and-work-dir-problem-tp17472465p17816552.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL/HTTPS forwarding under Apache + mod_jk + tomcat
Hi List. (Indirect ref : previous thread Moving from a very old Tomcat to a new Tomcat.) Ref : http://tomcat.apache.org/connectors-doc/reference/apache.html Item : JkExtractSSL Do I understand this right that this parameter JkExtractSSL (default On) controls whether Tomcat receives of not the information, through mod_jk, that the original request to Apache was made via HTTPS ? Or, in other words, that if one wanted Tomcat not to know and handle the current session as a normal non-secure HTTP connection, one could just set this parameter to Off ? And, again in other words, if this parameter was set to Off, and Tomcat generated a new session and a JSESSIONID session cookie for this session, that the cookie would thus not be marked secure ? maybe separately The above refers generally to the following kind of scenario. It is also generally speaking a question to the specialists here. My purpose is to make sure I understand this whole thing correctly. Scenario : For whatever good reason, Apache is used as the front-end HTTP/HTTPS server and (possibly) serving some portion of the content itself, while some (or all) requests are being forwarded, through mod_jk, to a background Tomcat for content generation. For whatever good reason also, the connection between the client (browser) and Apache is a HTTPS (encrypted) connection. The connection between the front-end Apache and the back-end Tomcat through mod_jk is never secure (the AJP protocol does not support encryption). In this scenario, it does not matter because this connection is deemed secure for other reasons (e.g. both are running on the same host, and Tomcat is set up so that it accepts only connections through Apache). The unencrypted content, as generated and delivered by Tomcat back to Apache via mod_jk, will be forwarded back to the browser by Apache over the HTTPS connection, thus encrypted by Apache (generally speaking; in reality probably this happens in an underlying SSL connection layer). It is possible, but not mandatory, to let Tomcat know about the HTTPS nature of the original HTTPS nature of the browser/Apache connection. This might be necessary/helpful in some scenarios (such as ?) To let Tomcat know that the original connection is HTTPS, one uses the JkExtractSSL On mod_jk directive. (On is the default value.) To prevent Tomcat from knowing, one uses JkExtractSSL Off. If JkExtractSSL On is used, then one may/must also pass additional HTTPS-related information from Apache to Tomcat via the JkHTTPSIndicator, JkCERTSIndicator, et al. directives. This is useful/required for (?) The general gist is that if for some reason, it is necessary to have Apache handle HTTPS connections anayway, and the connection between Apache and Tomcat is inherently secure, then there might be no reasons to propagate the HTTPS overhead to Tomcat, and one might as well handle it all at the Apache level. Or am I missing something ? Thanks, André - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Simon, Simon Papillon wrote: | when there are | several all servicing requests in a load balanced context, it doesn't | work, because the session ids from different domains may be directed | to different tomcat instances / containers, which then breaks the | assumption that the SSO mechanism relies upon (that all sessions being | held in a single container). | | The tomcat instances aren't in a distributed cluster and I'd like to | keep it that way. Isn't this what sticky sessions are for? You get randomly assigned to a server for your first request, and each subsequent request goes to that same server (unless it goes down, in which case you have to switch). This does not require distributable sessions. Does that not solve your SSO requirement? I would think so too. I don't see any speciality w.r.t. SSO. - you give each backend a different jvmRoute in server.xml - you give the loab balancer member workers the same names as the jvmRoute of the backend they point to - you activate sticky sessions in the load balancer That should be it. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: GlobalRequestProcessor get Response time?
ubekhet wrote: Hi folks, Sorry for insisting this question, but I want to know how I can monitoring the Response Time for all requests coming for specific port. I used GlobalRequestProcessor and RequestProcessor for getting prcessingTime, but I not sure what's the differents between both. Which one I have to use for getting what I want? GlobalRequestProcessor: one per Konnektor (=ThreadPool) It contains the sums of request counters for all threads in this thread pool (how many requests, errors, sum of response times in milliseconds etc.) Usually those are what you want. RequestProcessor: In theory one per thread. Counters are the same, but contain sum for requests handled by the respective thread. Those are not very useful, because they vanish, if threads get removed and the conection between them and threads changes when new threads get created. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
Simon Papillon wrote: Forgive me if I'm overlooking something, but as far as I understand it, the sticky session mechanism is driven off the JSESSIONID that is assigned by the tomcat container when a client first makes a request that instigates a session creation, if no JSESSIONID cookie was sent as part of the request the node is chosen according to the worker.loadbalancer.method (Request, Session, Traffic, Busyness i think Request is the default) . Once a JSESSIONID has been set by a container the load balancer will then attach the JVMRoute onto the end which will then be used by the jk load balancer in future requests to determine the node to use to service the request. e.g. if I have three nodes (tomcatA, tomcatB, tomcatC) I could have the following scenario... child.first-domain.com : JSESSIONID = D75AA77AC6FBF43F2C2DDC195DDA6D44.tomcatC doctor.second-domain.com : JSESSIONID = 5D211C177DFB064DEF731832CF07D693.tomcatA nurse.third-domain.co.uk : JSESSIONID = E1EC672CAAA3F2F8348C2A23991DF46B.tomcatB Where my browser has made three seperate requests for three seperate resources, all serviced by the same group of tomcat containers through vhosting, behind the load balancer, in which case my SSO mechanism won't work as future requests on child.first-domain.com, doctor.second-domain.com and nurse.third-domain.co.uk will behandled by tomcatC, tomcatA and tomcatB respectively. As the SSO mechanism is based on the assumption that all requests from the same browser are handled by the same container, this will break the SSO, Let me know if I'm misunderstanding some fundermental way in which the jk load balancer works, or if I'm not explaing myself well, Cheers Simon Sorry for my first premature post. I overlooked the followup posts. So the problem here is, that when you switch from one context to another there isn't yet a session on the second context, so the load balancer might send you to a new container. At the moment I see no way of doing such a thing with mod_jk. It could be, that you can use mod_proxy_balancer in this case, because for mod_proxy_balancer the name of the cookie, which helps in the load balancing discussion, is configurable. Sou you could set a SSO-Cookie in the first context with a path of /. It''s something we should think about. Actually I think about adding JkSubWorkerIndicator, which would work analogous to JkWorkerIndicator. So you could set an environment variable in httpd which would contain the name of the balanvcer member, you want to choose. Environment variable in httpd can be set by mod_setenvif and mod_rewrite, which are both able to check various request properties. For instance mod_rewrite can check the Cookie header, so you could extract the name of the chosen backend via a regexp from the value of your own SSO cookie. But it's not yet implemented. Check mod_proxy_balancer. In general it has less features than mod_jk, but in your case it seems there is an advantage in mod_proxy_balancer. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL/HTTPS forwarding under Apache + mod_jk + tomcat
André Warnier wrote: Hi List. (Indirect ref : previous thread Moving from a very old Tomcat to a new Tomcat.) Ref : http://tomcat.apache.org/connectors-doc/reference/apache.html Item : JkExtractSSL Do I understand this right that this parameter JkExtractSSL (default On) controls whether Tomcat receives of not the information, through mod_jk, that the original request to Apache was made via HTTPS ? Yes. It controls this plus if info about certificate, ssl session id, key length etc. gets forwarded. Or, in other words, that if one wanted Tomcat not to know and handle the current session as a normal non-secure HTTP connection, one could just set this parameter to Off ? Yes. And, again in other words, if this parameter was set to Off, and Tomcat generated a new session and a JSESSIONID session cookie for this session, that the cookie would thus not be marked secure ? Didn't try this. What does your tests say? Additional info: If your own knowledge about secure / non secure differs from the one of httpd (e.g. you use an ssl accelerator in front of httpd) and you want to present your own idea of secure / non secure via mod_jk to Tomcat, you can set JkHTTPSIndicator to the name of some httpd environment variable, and then set the environment variable depending on details of the request via mod_setenvif or mod_rewrite. But if you simply want to drop all ssl info, setting JkExtractSSL to off is right. maybe separately It is possible, but not mandatory, to let Tomcat know about the HTTPS nature of the original HTTPS nature of the browser/Apache connection. This might be necessary/helpful in some scenarios (such as ?) To be able to enforce security constraints. If JkExtractSSL On is used, then one may/must also pass additional HTTPS-related information from Apache to Tomcat via the JkHTTPSIndicator, JkCERTSIndicator, et al. directives. This is useful/required for (?) First of all I think it's required by the servlet spec, so if we want to present the developer a consistent environment either if using with standalone Tomcat or mod_jk/Tomcat we need to forward the info to Tomcat. The general gist is that if for some reason, it is necessary to have Apache handle HTTPS connections anayway, and the connection between Apache and Tomcat is inherently secure, then there might be no reasons to propagate the HTTPS overhead to Tomcat, and one might as well handle it all at the Apache level. Or am I missing something ? Be aware, that there might be other ways into your app, like the default Tomcat http connector. If you are sure, you don't need the info and you don't need to double check the security of the connection, you can really disable using JkExtractSSL. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat will not create session cookie
Hello,
I'm new to the forum. I have a strange problem with my tomcat installation.
I'm using tomcat5.5.26 and struts for my web projekt.
I configured the projekt in a context file, like this :
Context path= docBase=C:\webprojekt debug=1 reloadable=true
crossContext=true cookies=true
I set the attribute cookies to 'true' because I want to have session
cookies.
Furthermore I added the following lines to the index.jsp to display the
cookies :
out.println(hCookies : /h);
Cookie[] cookies=request.getCookies();
if(cookies==null) {
out.println(No cookies);
} else {
Cookie MyCookie;
for(int i=0;icookies.length;i++) {
MyCookie=cookies[i];
out.println(MyCookie.getName() + =+MyCookie.getValue());
}
}
My problem is now when I open the webapp with the url http://localhost
everythink is fine. The session cookie wil be created and the output of the
script above is like :
Cookies : JSESSIONID=05E932958950B69BE03874B8FCE26C3E
But when I open the webapp over the internet with an URL like
www.myprojekt.com tomcat will not create an session cookie. Tomcat adds the
jsessionid to the URL's and teh output of the script above is :
Cookies : No cookies
What is the problem ? Why can't tomcat create session cookie for
www.myprojekt.com ?
Thanks,
Mario
--
View this message in context:
http://www.nabble.com/Tomcat-will-not-create-session-cookie-tp17819920p17819920.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat will not create session cookie
Hello,
I'm new to the forum. I have a strange problem with my tomcat installation.
I'm using tomcat5.5.26 and struts for my web projekt.
I configured the projekt in a context file, like this :
Context path= docBase=C:\webprojekt debug=1 reloadable=true
crossContext=true cookies=true
I set the attribute cookies to 'true' because I want to have session
cookies.
Furthermore I added the following lines to the index.jsp to display the
cookies :
out.println(hCookies : /h);
Cookie[] cookies=request.getCookies();
if(cookies==null) {
out.println(No cookies);
} else {
Cookie MyCookie;
for(int i=0;icookies.length;i++) {
MyCookie=cookies[i];
out.println(MyCookie.getName() + =+MyCookie.getValue());
}
}
My problem is now when I open the webapp with the url http://localhost
http://localhost everythink is fine. The session cookie wil be created and
the output of the script above is like :
Cookies : JSESSIONID=05E932958950B69BE03874B8FCE26C3E
But when I open the webapp over the internet with an URL like
www.myprojekt.com tomcat will not create an session cookie. Tomcat adds the
jsessionid to the URL's and teh output of the script above is :
Cookies : No cookies
What is the problem ? Why can't tomcat create session cookie for
www.myprojekt.com ?
Thanks,
Mario
Re: GlobalRequestProcessor get Response time?
Rainer Jung escribió: ubekhet wrote: Hi folks, Sorry for insisting this question, but I want to know how I can monitoring the Response Time for all requests coming for specific port. I used GlobalRequestProcessor and RequestProcessor for getting prcessingTime, but I not sure what's the differents between both. Which one I have to use for getting what I want? GlobalRequestProcessor: one per Konnektor (=ThreadPool) It contains the sums of request counters for all threads in this thread pool (how many requests, errors, sum of response times in milliseconds etc.) Usually those are what you want. when you said the sums of request, each X time the processing time it's the accumulated of the previuos or not? RequestProcessor: In theory one per thread. Counters are the same, but contain sum for requests handled by the respective thread. Those are not very useful, because they vanish, if threads get removed and the conection between them and threads changes when new threads get created. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: GlobalRequestProcessor get Response time?
Liang Xiao Zhu wrote: Rainer Jung escribió: ubekhet wrote: Hi folks, Sorry for insisting this question, but I want to know how I can monitoring the Response Time for all requests coming for specific port. I used GlobalRequestProcessor and RequestProcessor for getting prcessingTime, but I not sure what's the differents between both. Which one I have to use for getting what I want? GlobalRequestProcessor: one per Konnektor (=ThreadPool) It contains the sums of request counters for all threads in this thread pool (how many requests, errors, sum of response times in milliseconds etc.) Usually those are what you want. when you said the sums of request, each X time the processing time it's the accumulated of the previuos or not? requestCount: total number of requests maxTime: longest request processing time in milliseconds processingTime: sum of request processing time in milliseconds (accumulated over all requests, which were handled by this connector) RequestProcessor: In theory one per thread. Counters are the same, but contain sum for requests handled by the respective thread. Those are not very useful, because they vanish, if threads get removed and the conection between them and threads changes when new threads get created. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run several applications on different ports, isolated from each other
Hello Christopher and List, thank you very much for your detailed description! I am currently evaluating all the possibilities to run my 2 applications side- by-side. Another idea I came up with is: Use only one instance of Tomcat, but create 2 connectors, which each hold one host, and these hosts have different appBase-folders. Then my apps would been isolated, and I would connect to them via mod_proxy on their respective ports. Does this sound good? Regards, Yves p.s. This way I would not need to touch the config from the debian packages (which I really would like to avoid) On Tuesday 10 June 2008, Christopher Schultz wrote: Yves, Yves Glodt wrote: | I need to run now another application on tomcat, and what I think to do is to | have another instance of tomcat running on another port, isolated from my | OpenCms, with a different webapps folder as well. Yep, you need another instance of Tomcat. Conceptually, it's very simple: 1. Create a new directory which will hold your new instance. This ~ is called CATALINA_BASE, and you'll need to set this environment ~ variable accordingly. ~ This directory should contain the following directories: ~ conf/ ~ logs/ (optional, if you have no logging going here) ~ temp/ (optional, as TC should create this) ~ webapps/ (optional, if you have no auto-deployed webapps) ~ work/ (optional, as TC should create this) ~ The conf directory needs server.xml and web.xml. Make sure ~ that your Connectors in server.xml have unique port numbers ~ (i.e. default HTTP port is 8080, so check that, and the default ~ AJP port is 8009, so check that, too... these must be unique ~ across all TC instances). ~ Stick your webapps in 'webapps', obviously, unless you are ~ going to be declaring separate XML deployment descriptors ~ (ignore this if you have no idea what I'm talking about). 2. Run CATALINA_HOME/bin/startup.sh with the correct CATALINA_BASE ~ environment variable set. Note that CATALINA_HOME points to ~ the /actual/ TC install -- where the bin directory is -- and ~ CATALINA_BASE points to your instance as defined above. | tomcat-instance 1: port 8001 webapps-folder: /var/lib/tomcat5.5/webapps | tomcat-instance 2: port 8002 webapps-folder: /home/tomcat/webapps No problem: $ export CATALINA_BASE=/home/tomcat $ /var/lib/tomcat5.5/bin/startup.sh Just make sure that /home/tomcat is set up as indicated above. | Also, I would prefer not to touch the debian startup scripts, nor modify any | other distributed files. All config should be done in the tomcat config-files. That's going to be a problem, because I'm sure those scripts assume only a single instance of TC in the default location. If you want to start up multiple TC instances, you'll have to either: 1. Copy /etc/init.d/tomcat.sh (or whatever) to /etc/init.d/tomcat2.sh ~ and modify it accordingly (like setting CATALINA_BASE) 2. Write a different /etc/init.d/tomcat.sh script that somehow ~ identifies all TC instances and starts them separately | Can someone explain how to achieve this configuration, or maybe provide | example-files? The documentation is available in the RUNNING.txt file that should be packaged with Tomcat. If you can't find that file, as the Debian folks why they removed it. -chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
give error in upload a image in tomcat 6 but works well in tomcat 4
-- View this message in context: http://www.nabble.com/give-error-in-upload-a-image-in-tomcat-6-but-works-well-in-tomcat-4-tp17822410p17822410.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
give error in upload a image in tomcat 6 but works well in tomcat 4
I am using tomcat 4 and write jsp page to upload a image in server it works
with tomcat 4 but it gives error in upload image in tomcat 6 with the same
jsp page .It gives some java.lang.IndexOutOfBoundsException
at
--
org.apache.jasper.JasperException: An exception occurred processing JSP page
/Jsp/BOG/upload_scan.jsp at line 154
151:
152:// creating a new file with the same name and writing the
content in
new file
153:FileOutputStream fileOut = new FileOutputStream(save_File);
154:fileOut.write(dataBytes, startPos, (endPos - startPos));
155:fileOut.flush();
156:fileOut.close();
157:
the code snippets is given below
if ((contentType != null) (contentType.indexOf(multipart/form-data) =
0)) {
DataInputStream in = new
DataInputStream(request.getInputStream());
//we are taking the length of Content type data
int formDataLength = request.getContentLength();
byte dataBytes[] = new byte[formDataLength];
int byteRead = 0;
int totalBytesRead = 0;
//this loop converting the uploaded file into byte code
while (totalBytesRead formDataLength) {
byteRead = in.read(dataBytes,
totalBytesRead,formDataLength);
totalBytesRead += byteRead;
}
String file = new String(dataBytes);
//for saving the file name
saveFile = file.substring(file.indexOf(filename=\) + 10);
saveFile = saveFile.substring(0, saveFile.indexOf(\n));
saveFile = saveFile.substring(saveFile.lastIndexOf(\\) +
1,saveFile.indexOf(\));
String extension = saveFile.substring(saveFile.lastIndexOf(.));
int count=0;
String sql = select count(table_id) from bog_table where met_key=' +
key+' and item_id='+item+';
ResultSet rt=null;
//out.println(sql);
rt = am.fetchRecordSet(sql);
String table_id=;
String table_ref=;
if(rt.next()){
count=rt.getInt(1)+1;
table_id=TableId- + count;
table_ref= key+-+item+-+table_id+-TableRef-
+count;
}
saveFile = table_ref + extension;
save_File =/data2/opt/jakarta-tomcat-4.1.24/webapps/Oa/BOG/ +
saveFile;
int lastIndex = contentType.lastIndexOf(=);
String boundary = contentType.substring(lastIndex +
1,contentType.length());
int pos;
//extracting the index of file
pos = file.indexOf(filename=\);
pos = file.indexOf(\n, pos) + 1;
pos = file.indexOf(\n, pos) + 1;
pos = file.indexOf(\n, pos) + 1;
int boundaryLocation = file.indexOf(boundary, pos) - 4;
int startPos = ((file.substring(0, pos)).getBytes()).length;
int endPos = ((file.substring(0,
boundaryLocation)).getBytes()).length;
// creating a new file with the same name and writing the
content in new
file
FileOutputStream fileOut = new FileOutputStream(save_File);
fileOut.write(dataBytes, startPos, (endPos - startPos));
fileOut.flush();
fileOut.close();
||
please give me the solution
--
View this message in context:
http://www.nabble.com/give-error-in-upload-a-image-in-tomcat-6-but-works-well-in-tomcat-4-tp17822463p17822463.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Validation
I saw that in the server.xml web.xml validation is disabled. And with the comment: Note: XML Schema validation will not work with Xerces 2.2 The thing is, I can't see any xerces library inside tomcat. I have xerces 2.4 on my app, but I believe it doesn't matter my webapp lib. Even in examples webapp it fails 13-Jun-2008 14:06:05 org.apache.catalina.core.StandardContext start SEVERE: Context [/examples] startup failed due to previous errors java.lang.NullPointerException at org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl.getBuiltInDV(Unknown Source) I'm using java 1.5.0_06-b05, on salaris. Thanks Emerson - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: GlobalRequestProcessor get Response time?
Liang Xiao Zhu wrote: Rainer Jung escribió: Liang Xiao Zhu wrote: Rainer Jung escribió: ubekhet wrote: Hi folks, Sorry for insisting this question, but I want to know how I can monitoring the Response Time for all requests coming for specific port. I used GlobalRequestProcessor and RequestProcessor for getting prcessingTime, but I not sure what's the differents between both. Which one I have to use for getting what I want? GlobalRequestProcessor: one per Konnektor (=ThreadPool) It contains the sums of request counters for all threads in this thread pool (how many requests, errors, sum of response times in milliseconds etc.) Usually those are what you want. when you said the sums of request, each X time the processing time it's the accumulated of the previuos or not? requestCount: total number of requests maxTime: longest request processing time in milliseconds processingTime: sum of request processing time in milliseconds (accumulated over all requests, which were handled by this connector) Thanks for your answer, but if I want only the processingTime at the moment I monitoring, which variable I have to get? RequestProcessor? for each thread? is there another alternative? What do you mean by processingTime at the moment you monitor? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mapping tomcat to ip address behind router
Maybe your router doesn't recognize the IP address you are using. IP numbers usually are 0-255 and the end number in your IP address is 456? -Original Message- From: Johnny Kewl [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2008 11:08 PM To: Tomcat Users List Subject: Re: mapping tomcat to ip address behind router - Original Message - From: illusion [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Thursday, June 12, 2008 11:14 PM Subject: mapping tomcat to ip address behind router Hey, I want to set-up tomcat to serve http requests from behind a router. When there is a direct internet connection and no router, and the address property is added and port number is changed in server.xml as below in example 1, tomcat serves requests fine for http://99.153.32.456. When I set it up to run behind a router as show in example 2, with the router forwarding requests to 192.168.0.54 which is the computer behind the router with tomcat, it does not work for the url http://99.153.32.456. What is the correct way to set it tomcat behind a router? thanks in advance for your assistance Example 1 - no router - works Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 address=99.153.32.456 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=80 protocol=HTTP/1.1 address=99.153.32.456 connectionTimeout=2 redirectPort=8443 / -- Example 2 - behind router - does not work Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 address=192.168.0.54 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=80 protocol=HTTP/1.1 address=192.168.0.54 connectionTimeout=2 redirectPort=8443 / -- illusion, you have now probably screwed up the TC config... Reload the the standard TC config, and just change the 8080, to 80, dont touch other stuff for now. Then google, I think you have one of those ADSL Nat Router things Heres an article with someone else struggling along http://sanzon.wordpress.com/2008/04/04/setting-up-web-server-behind-rout er-wrt54g2/ Whats probably screwing you up is even though you have it forwarding, the IP's internally are being dynamicly assigned, you have to give the server a fixed IP, typically this is not the ISP IP, its the machine IP, and then you need to check the machine and make sure its using your router as the gateway. Its not really a TC thing, best thing is to look at the router name and google for it and web server. These little box's now a days have some amazing functionality, so you need to find the manual for the thing. You need to check the Dynamip DNS is not on, DHCP is not assinged to the server, the DNS discovery is set or on auto, the network masks are right etc. If your SP supplied the router, they should know how to set the thing up, dont mention tomcat, its got nothing to do with it, just tell em its a web server on a machine if that works, TC will work. And then learn to do things like ping a machine etc. Have fun --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mapping tomcat to ip address behind router
From: Walter Thompson [mailto:[EMAIL PROTECTED] Subject: RE: mapping tomcat to ip address behind router IP numbers usually are 0-255 and the end number in your IP address is 456? Sometimes we miss the obvious. Not just usually 0-255, they must be 0-255, since it's an octet. Thanks for pointing out what Steve, Chris, Johnny, and I missed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problems with deploying an application on Tomcat 5.5.28
Hello! I'm having problems with deploying an application on Tomcat 5.5.28. I cannot see it on the list of applications (http://127.0.0.1:8080/manager/html/) after copying it to webapps/ and restarting tomcat. That usually works fine, but this time it seems like there is something wrong. Any ideas? Thanks in advance! _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE
RE: Problems with deploying an application on Tomcat 5.5.28
My bad... The version is: 5.0.28. From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Problems with deploying an application on Tomcat 5.5.28 Date: Fri, 13 Jun 2008 14:04:06 + Hello! I'm having problems with deploying an application on Tomcat 5.5.28. I cannot see it on the list of applications (http://127.0.0.1:8080/manager/html/) after copying it to webapps/ and restarting tomcat. That usually works fine, but this time it seems like there is something wrong. Any ideas? Thanks in advance! _ Explore the seven wonders of the world http://search.msn.com/results.aspx?q=7+wonders+worldmkt=en-USform=QBRE _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline
Re: Problems with deploying an application on Tomcat 5.5.28
On Fri, Jun 13, 2008 at 7:04 AM, voodoo doctor [EMAIL PROTECTED] wrote: cannot see it on the list of applications (http://127.0.0.1:8080/manager/html/) after copying it to webapps/ and restarting tomcat. That usually works fine, but this time it seems like there is something wrong. Seems. Any ideas? Look in your logs. -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problems with deploying an application on Tomcat 5.5.28
From: voodoo doctor [mailto:[EMAIL PROTECTED] Subject: Problems with deploying an application on Tomcat 5.5.28 I'm having problems with deploying an application on Tomcat 5.5.28. Platform? JDK version? I cannot see it on the list of applications What's in the logs? What does the Context element look like (if you have one)? Where is the Context element (if you have one)? What's in the webapp's web.xml (if you have one)? Mind readers we're not. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problems with deploying an application on Tomcat 5.5.28
From: voodoo doctor [mailto:[EMAIL PROTECTED] Subject: RE: Problems with deploying an application on Tomcat 5.5.28 My bad... The version is: 5.0.28. Note that 5.0.28 is no longer supported. Please move up to a level that is. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
On Fri, 2008-06-13 at 10:54 +0200, Rainer Jung wrote: Environment variable in httpd can be set by mod_setenvif and mod_rewrite, which are both able to check various request properties. For instance mod_rewrite can check the Cookie header, so you could extract the name of the chosen backend via a regexp from the value of your own SSO cookie. But it's not yet implemented. Check mod_proxy_balancer. In general it has less features than mod_jk, but in your case it seems there is an advantage in mod_proxy_balancer. Or just use mod_rewrite to check the request properties, and based on these, rewrite the URL in such a way that it maps to a different JkMount attribute, sending the request to a specific worker. Cheers, Ben - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run several applications on different ports, isolated from each other
On Fri, 2008-06-13 at 14:35 +0200, Yves Glodt wrote: Hello Christopher and List, thank you very much for your detailed description! I am currently evaluating all the possibilities to run my 2 applications side- by-side. Another idea I came up with is: Use only one instance of Tomcat, but create 2 connectors, which each hold one host, and these hosts have different appBase-folders. Then my apps would been isolated, and I would connect to them via mod_proxy on their respective ports. Hi Yves, I tried both methods, and preferred running two tomcat instances. It does require modifications to the packaging (I did this under RedHat), but gives the most flexibility. The decider for me was the ability to run each tomcat instance as a different user id, and to be able to completely stop and restart each tomcat without affecting the other. Cheers, Ben - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
Ben Stringer wrote: On Fri, 2008-06-13 at 10:54 +0200, Rainer Jung wrote: Environment variable in httpd can be set by mod_setenvif and mod_rewrite, which are both able to check various request properties. For instance mod_rewrite can check the Cookie header, so you could extract the name of the chosen backend via a regexp from the value of your own SSO cookie. But it's not yet implemented. Check mod_proxy_balancer. In general it has less features than mod_jk, but in your case it seems there is an advantage in mod_proxy_balancer. Or just use mod_rewrite to check the request properties, and based on these, rewrite the URL in such a way that it maps to a different JkMount attribute, sending the request to a specific worker. You are right: if he sets e.g. an SSO cookie with the name of the correct node in it and uses mod_rewrite to detect, which is the right node (named NODEX), he can redirect to ORIGINALURL;jsessionid=.NODEX The LB will then send the new request to NODEX, which generates a new session with a correct session id and jvmRoute suffix. Cheers, Ben Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat producing (near) duplicate Catalina logs
Recently we've discovered that our Tomcat server is producing near
duplicate Catalina logs. I say near because sometimes the logs are
exactly the same, then other times one version will have more
information than the other (not constantly one having more than the
other). We can't seem to figure out where they are being produced from
or why they would be different.
Here's a smattering of the logs so you can see what I'm talking about.
The logs use both . and _, they're produced at the exact same times.
-rw-r--r-- 1 tomcat6 nogroup 12675 2008-02-24 17:30
catalina_2008-02-24.log
-rw-r--r-- 1 tomcat6 nogroup 15027 2008-02-24 17:30
catalina.2008-02-24.log
-rw-r--r-- 1 tomcat6 nogroup9937 2008-03-04 15:46
catalina_2008-03-04.log
-rw-r--r-- 1 tomcat6 nogroup9734 2008-03-04 15:46
catalina.2008-03-04.log
-rw-r--r-- 1 tomcat6 nogroup1160 2008-03-05 15:08
catalina_2008-03-05.log
-rw-r--r-- 1 tomcat6 nogroup1160 2008-03-05 15:08
catalina.2008-03-05.log
-rw-r--r-- 1 tomcat6 nogroup7509 2008-03-06 17:36
catalina_2008-03-06.log
-rw-r--r-- 1 tomcat6 nogroup7509 2008-03-06 17:36
catalina.2008-03-06.log
-rw-r--r-- 1 tomcat6 nogroup5219 2008-06-12 10:50
catalina_2008-06-12.log
-rw-r--r-- 1 tomcat6 nogroup5016 2008-06-12 10:50
catalina.2008-06-12.log
All the information I was able to find seemed to be pointing at the
log4j.properties file as far as logging settings. But none of the
information in it seemed to be of any use, I'll post it here because it
may be of more use to someone who knows what really might be going on.
#
# Enables debug output for Probe classes.
#
#log4j.logger.org.jstripe=DEBUG
log4j.logger.org.springframework.web.context.support=ERROR
log4j.logger.org.springframework.beans.factory.support=ERROR
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=${catalina.base}/logs/probe.log
log4j.appender.R.MaxFileSize=5036KB
log4j.appender.R.MaxBackupIndex=4
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%d{dd MMM HH:mm:ss} [%t]
%-5p %c %x - %m%n
I've searched and searched, but I seems as though no one has run into
the problem that I'm having right now. If anyone has any idea why this
would be occurring, or where it is being produced from it would be
greatly appreciated.
Thanks,
Lucas
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat producing (near) duplicate Catalina logs
I approve of, applaud, second this request, and together beg for help.
I asked the same kind of thing a few days ago, but was told to install
an official Tomcat distribution, with all files in the official
places, and not one of these desperately mangled Linux distributions,
because the files are all in the wrong places and it makes it difficult
to provide support. It all made a lot of sense.
Then one of the Linux mangling distribution authors intervened to
explain why they were mangling and re-arranging things, and it all made
a lot of sense too.
But in the meantime I still have the same problem below and no help to
figure out where it comes from.
Lucas Campbell wrote:
Recently we've discovered that our Tomcat server is producing near
duplicate Catalina logs. I say near because sometimes the logs are
exactly the same, then other times one version will have more
information than the other (not constantly one having more than the
other). We can't seem to figure out where they are being produced from
or why they would be different.
Here's a smattering of the logs so you can see what I'm talking about.
The logs use both . and _, they're produced at the exact same times.
-rw-r--r-- 1 tomcat6 nogroup 12675 2008-02-24 17:30
catalina_2008-02-24.log
-rw-r--r-- 1 tomcat6 nogroup 15027 2008-02-24 17:30
catalina.2008-02-24.log
-rw-r--r-- 1 tomcat6 nogroup9937 2008-03-04 15:46
catalina_2008-03-04.log
-rw-r--r-- 1 tomcat6 nogroup9734 2008-03-04 15:46
catalina.2008-03-04.log
-rw-r--r-- 1 tomcat6 nogroup1160 2008-03-05 15:08
catalina_2008-03-05.log
-rw-r--r-- 1 tomcat6 nogroup1160 2008-03-05 15:08
catalina.2008-03-05.log
-rw-r--r-- 1 tomcat6 nogroup7509 2008-03-06 17:36
catalina_2008-03-06.log
-rw-r--r-- 1 tomcat6 nogroup7509 2008-03-06 17:36
catalina.2008-03-06.log
-rw-r--r-- 1 tomcat6 nogroup5219 2008-06-12 10:50
catalina_2008-06-12.log
-rw-r--r-- 1 tomcat6 nogroup5016 2008-06-12 10:50
catalina.2008-06-12.log
All the information I was able to find seemed to be pointing at the
log4j.properties file as far as logging settings. But none of the
information in it seemed to be of any use, I'll post it here because it
may be of more use to someone who knows what really might be going on.
#
# Enables debug output for Probe classes.
#
#log4j.logger.org.jstripe=DEBUG
log4j.logger.org.springframework.web.context.support=ERROR
log4j.logger.org.springframework.beans.factory.support=ERROR
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=${catalina.base}/logs/probe.log
log4j.appender.R.MaxFileSize=5036KB
log4j.appender.R.MaxBackupIndex=4
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%d{dd MMM HH:mm:ss} [%t]
%-5p %c %x - %m%n
I've searched and searched, but I seems as though no one has run into
the problem that I'm having right now. If anyone has any idea why this
would be occurring, or where it is being produced from it would be
greatly appreciated.
Thanks,
Lucas
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat producing (near) duplicate Catalina logs
From: André Warnier [mailto:[EMAIL PROTECTED] Subject: Re: Tomcat producing (near) duplicate Catalina logs Then one of the Linux mangling distribution authors intervened to explain why they were mangling and re-arranging things, and it all made a lot of sense too. Then get them to support the mess they create. Seriously, throw away the 3rd-party junk and install a real Tomcat. The mangled distributions are simply not reliable, regardless of how well-founded the intentions are. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
Hi Chris, So just to follow up on your post, So, really, it's not that you want to load balance based upon IP address... you really want to predictably choose a member of the server farm based upon some knowledge of the client such that, regardless of the domain name used, the initial request (and therefore all the rest) go to a particular member. That's exactly it. I want all requests from the same client to be channeled through to the same tomcat instance, regardless of the domain. Sorry for the confusion. You may be able to do this, but you'll certainly have to hack mod_jk in order to do it. I believe there is a method in mod_jk that chooses the jvmRoute for the first (JSESSIONID-less) request. If you were to modify that algorithm, you could achieve your goal, here. I'm a little worried that you might implement a fragile algorithm, though, and end up with an unbalanced load balancer. I'll check this out, I think you could be right, it will probably lead to a lumpy load profile accross the tomcat servers, but I might give it a go. Do you have options other than using SSO? Come to think of it... how does SSO work when you switch domains with even a single server -- that is, without load balancing in the mix? I would expect that, since you are switching domains, your browser would not send a JSESSIONID cookie to the server, and thus you would not be recognized as having an existing session. ??! I set a tracking gif on each page pointing to a single domain e.g. tracker.first-domain.com this is served up by the same container as an query string argument I pass in the jsessionid for whichever domain the request is made to. For example if the domains have sessions as follows http://child.first-domain.com : JSESSIONID=1234 http://doctor.second-domain.com : JSESSIONID=ABCD http://nurse.third-domain.co.uk : JSESSIONID=wxyz a.jsp on child.first-domain.com html . a href=http://tracker.first-domain.com/track.gif?sid=1234 . /html a.jsp on doctor.second-domain.com html . a href=http://tracker.first-domain.com/track.gif?sid=ABCD . /html etc for nurse.third-domain.co.uk the servlet handling the tracker.first-domain.com/track.gif registers the different domain specific session ids with its own session id and thus ties them altogether, thus when one of the session ids logs on, its associated with a tracker session id which can then propogate the information to the other user sessions. Its a bit rough and ready, but seems to work, I think the tracker gif thing ist the most common way that the web analytics tools work. If you want more info on this I'll happily send you the code its a couple of java files about 400 lines in total. Thanks for your reply, All the best Simon - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Hiding JSP Pages
I am trying to hide the JSP so they can only be accessed via a forward. I have been able to put them in a subdirectory of WEB-INF using other containers but have not been able to do that with Tomcat 5.5. We are not using Struts but it is the same approach where our business logic is servlet/action based and we only use JSP for presentation. A common practice would be to put the JSP page in the root directory of the WAR like following: /HelloWorld.jsp /WEB-INF/web.xml /WEB-INF/classes/HelloWorld.class This would allow the user to access the JSP page through the servlet with http://localhost:8080/app/HelloWorld or directly with http://localhost:8080/app/HelloWorld.jsp. I want to use to only be able to access the JSP page through the servlet and the directory of the WAR would like the following: /WEB-INF/web.xml /WEB-INF/classes/HelloWorld.class /WEB-INF/jsp/HelloWorld.jsp The HelloWorld servlet would use the JSP for presentation by forwarding to it using code like the fllowing: RequestDispatcher dispatcher = request.getRequestDispatcher( /WEB-INF/jsp/HelloWorld.jsp); I get the following errors: 09:22:57,253 [[/app].log 636] INFO - Marking servlet org.apache.catalina.INVOKER.WEB-INF as unavailable 09:22:57,269 [[/app].log 665] ERROR - Error loading WebappClassLoader delegate: false repositories: /WEB-INF/classes/ -- Parent Classloader: [EMAIL PROTECTED] WEB-INF java.lang.ClassNotFoundException: WEB-INF at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1332) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1181) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1027) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:750) at org.apache.catalina.servlets.InvokerServlet.serveRequest(InvokerServlet.java:369) at org.apache.catalina.servlets.InvokerServlet.doGet(InvokerServlet.java:133) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301) 09:22:57,269 [[/app].log 665] ERROR - invoker: Cannot allocate servlet instance for path /app/WEB-INF/jsp/HelloWorld.jsp javax.servlet.ServletException: Wrapper cannot find servlet class WEB-INF or a class it depends on at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1035) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:750) at org.apache.catalina.servlets.InvokerServlet.serveRequest(InvokerServlet.java:369) at org.apache.catalina.servlets.InvokerServlet.doGet(InvokerServlet.java:133) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301) ... Most of the discussions I have read are either old or pertaining to securing them via authentication/authorization but I do not want a user to be able to enter a URL containing a JSP page under any conditions. Any suggestions on how I can hide my JSP pages? Thanks, Wes.
Re: jk load balancing based upon ip address rather than session id
Ben, Rainer, That is an excellent idea, and would seem to be a very elegant solution, I'll give it a shot. Thank you both very much. I really appreciate it. Cheers Simon - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Multiple Java processes when using Tomcat
We've installed quite a few instances of Tomcat on clients sites, both on Windows and Linux, but we've never had a problem quite like this. The system has been installed since the end of 2006, on Red Hat EL 3, Tomcat 5.5.20 and JVM 1.5_09, but they have only just noticed this problem (so it may have been there from the start or just started happening) When they go into 'top' and sort it on memory usage, they get this; 15:46:49 up 30 days, 4:30, 4 users, load average: 0.07, 0.03, 0.01 713 processes: 712 sleeping, 1 running, 0 zombie, 0 stopped CPU states: cpuusernice systemirq softirq iowaitidle total0.1%0.0%0.2% 0.0% 0.0%0.0% 99.5% cpu000.5%0.0%0.1% 0.0% 0.0%0.0% 99.2% cpu010.0%0.0%0.0% 0.0% 0.0%0.0% 100.0% cpu020.0%0.0%0.1% 0.0% 0.0%0.0% 99.8% cpu030.1%0.0%0.5% 0.0% 0.0%0.1% 99.0% Mem: 4095372k av, 4062760k used, 32612k free, 0k shrd, 62392k buff 2131520k actv, 971988k in_d, 81820k in_c Swap: 4192880k av, 0k used, 4192880k free 1776472k cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND 6750 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:10 2 java 6751 tomcat15 0 468M 468M 16424 S 0.0 11.7 7:04 2 java 6752 tomcat15 0 468M 468M 16424 S 0.0 11.7 7:05 3 java 6753 tomcat15 0 468M 468M 16424 S 0.0 11.7 7:04 1 java 6754 tomcat15 0 468M 468M 16424 S 0.0 11.7 7:05 2 java 6755 tomcat15 0 468M 468M 16424 S 0.0 11.7 2:39 0 java 6756 tomcat15 0 468M 468M 16424 S 0.0 11.7 0:19 2 java 6757 tomcat15 0 468M 468M 16424 S 0.0 11.7 0:32 2 java 6758 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6759 tomcat15 0 468M 468M 16424 S 0.0 11.7 0:00 1 java 6760 tomcat15 0 468M 468M 16424 S 0.0 11.7 0:52 3 java 6761 tomcat16 0 468M 468M 16424 S 0.0 11.7 1:02 3 java 6762 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6763 tomcat15 0 468M 468M 16424 S 0.0 11.7 13:55 1 java 6806 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 2 java 6818 tomcat16 0 468M 468M 16424 S 0.0 11.7 1:04 0 java 6819 tomcat15 0 468M 468M 16424 S 0.0 11.7 120:59 1 java 6838 tomcat17 0 468M 468M 16424 S 0.0 11.7 1:03 2 java 6840 tomcat15 0 468M 468M 16424 S 0.0 11.7 119:56 0 java 6855 tomcat15 0 468M 468M 16424 S 0.0 11.7 23:39 3 java 6856 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6857 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6858 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6859 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6860 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6866 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6867 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6868 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6869 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6872 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6873 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6874 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6875 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6876 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6877 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6893 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6894 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6895 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6896 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6897 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java 6898 tomcat25 0 468M 468M 16424 S 0.0 11.7 0:00 0 java Normally, I only expect to see 2,3,4 or 5 java processes associated with the Tomcat user, not all of the above! Has anyone seen this before? It surely doesn't look normal... Does it point to the JVM, Tomcat or something else? Is it something to do with the fact that's running on a SMP system? I'm really stuck, which is why I'm wondering if anyone on the list can point me in the right direction for a solution. Thanks in advance. John - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5 caseSensitive=false and work dir problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jesse, Jesse Klaasse wrote: | I have implemented the all lowercase filter solution, which does the job | nicely. However, there is still one issue.. jsp:forwards don't go through | the filter chain, so when the forward page contains uppercase characters, a | file is created in the work dir with the uppercase character(s) in it. They do go through the filter chain if you configure them properly. Section 6.2.5 of the servlet specification states: SRV.6.2.5 Filters and the RequestDispatcher New since version 2.4 of the Java Servlet specification is the ability to configure filters to be invoked under request dispatcher forward() and include() calls. By using the new dispatcher element in the deployment descriptor, the developer can indicate for a filter-mapping whether he would like the filter to be applied to requests when: 1. The request comes directly from the client. This is indicated by a dispatcher element with value REQUEST, or by the absence of any dispatcher elements. 2. The request is being processed under a request dispatcher representing the Web component matching the url-pattern or servlet-name using a forward() call. This is indicated by a dispatcher element with value FORWARD. 3. The request is being processed under a request dispatcher representing the Web component matching the url-pattern or servlet-name using an include() call. This is indicated by a dispatcher element with value INCLUDE. 4. The request is being processed with the error page mechanism specified in “Error Handling” on page 69 to an error resource matching the url-pattern. This is indicated by a dispatcher element with the value ERROR. 5. Or any combination of 1, 2, 3, or 4 above. Note that dispatcher elements are children of the filter-mapping element, and you can specify multiple dispatchers like this: filter-mapping ~ filter-namemyFilter/filter-name ~ url-pattern/*/url-pattern ~ dispatcherREQUEST/dispatcher ~ dispatcherINCLUDE/dispatcher ~ dispatcherFORWARD/dispatcher /filter-mapping Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhSlC4ACgkQ9CaO5/Lv0PBMGwCdFUIF4WUDMCcFmmLR3+cD9Dtw UX4AnA+t2sSNxXZKRl/ALtK+eM1Q0Fd3 =YbQX -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run several applications on different ports, isolated from each other
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yves, | Another idea I came up with is: | | Use only one instance of Tomcat, but create 2 connectors, which each hold one | host, and these hosts have different appBase-folders. Then my apps would been | isolated, and I would connect to them via mod_proxy on their respective ports. You can certainly use this, but it depends on your notion of isolation of your webapps. Commonly-loaded classes can still communicate between applications even if they are in different Hosts in Tomcat. If that's okay, then you can certainly run them in the same Tomcat instance. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhSlKMACgkQ9CaO5/Lv0PC4GACgpRNdIN1k803uhtljthDcmGNM jSUAni6bXjXmRe4oxypftZnoEydPG2fv =YODU -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
- Original Message - From: Simon Papillon [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Thursday, June 12, 2008 7:11 PM Subject: jk load balancing based upon ip address rather than session id Hello, I'm using jk 1.2.25 with tomcat 5.5.25 and apache 2.0 on one debian box - 2.4.27-2-386 i686 GNU/Linux I've set up 3 tomcat instances that receive requests from the jk load balancer worker I've implemented in the web application, a simple cross domain single sign on (SSO) mechanism. This mechanism ties the different session ids in any single container together, regardless if they've originated from different domains, for example: sub1.mydomain.com sub2.yourdomain.com sub3.hisdomain.co.uk No... thats where you going wrong, SSO means a million different things on the web, and some systems do mean that, but on tomcat it means SAME domain, different web apps in same tomcat. When the domain changes, the browser forget the cookie... thats it. The way the load balancer works is that is round robins on the domain... and it maps on context not domain. ie if you call Domain1/Webapp1 Then it will round robin Domain1/Webapp1 (machine1) Domain1/Webapp1 (machine2) Domain1/Webapp1 (machine3) And its the same for other domains ie it round robins between the virtual hosts you have set. If you set STICKY SESSIONS... it still round robins... UNLESS the servlet sets a cookie. As soon as a session comes into play, the client (on that domain) continues to hit the same machine... thus that machine remembers the client state. TC's security uses full domain temp cookies... and the problem is that the security comes before everything else, its no intercept-able. ie that security will prompt before anything else gets at it... or you can get at it. If users never cross a domain... ie a nurse.hospital.com is always in her domain the load balancing will work and so will TC's SSO, if they move between webapps, in that domain. But as soon as nurse.hospital.com links to doctor.hospital.com the browser will not send the cookie and TC will challenge the browser. And then it will round robin in that domain... unless a cookie is set then it sticks. The way some of these other SSO (cross domain systems work)... is they set partial domains... ie .HOSPITAL.COM (with a dot in front) Then that cookie returns across all those domains and they put a JSPECIAL_SESSION_ID in that. Simple... except that you will not get past TC's default security to be able to check it thus the cross domain security systems effectively rebuild all the security. If TC allowed... or a class could be overriden to set a partial cookie it would be cross domain SSO... I'm not sure it can be done easily. And the problem is that if you mess with valves... the custom code may not work in later TC's There are systems out there that do it... but I forget the products... it does mean not using TC's default security. So... If the doctor want to check out the nurse... he has to log on... ;) An interesting thought... if Apache could map... All_Staff.hospital.com/doctor/webapp/ - could be remapped to - doctor.hospital.com/webapp/ All_Staff.hospital.com/nurse/webapp/ - could be remapped to - nurse.hospital.com/webapp/ I wonder if browser and virtual hosting would be happy... ha ha Of course if nurse was a the end of your domain... all your problems (crossing domains) would go away. Nice brain bender... ;) Note that TC actually does it right, because there are all sorts of security considerations when cookies start going cross domain. The other problem is that dotSubDomains... dont work on localhost, so the TC guys probably dont do it because they want to stay sane. Good luck... the problem is only thereif you cross domains... otherwise it works I think. --- Anything said above could be in error --- --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat producing (near) duplicate Catalina logs
Check your server.xml config file for valves-logs settings.
-Original Message-
From: Lucas Campbell [mailto:[EMAIL PROTECTED]
Sent: Friday, June 13, 2008 9:33 AM
To: users@tomcat.apache.org
Subject: Tomcat producing (near) duplicate Catalina logs
Recently we've discovered that our Tomcat server is producing near
duplicate Catalina logs. I say near because sometimes the logs are
exactly the same, then other times one version will have more
information than the other (not constantly one having more than the
other). We can't seem to figure out where they are being produced from
or why they would be different.
Here's a smattering of the logs so you can see what I'm talking about.
The logs use both . and _, they're produced at the exact same times.
-rw-r--r-- 1 tomcat6 nogroup 12675 2008-02-24 17:30
catalina_2008-02-24.log
-rw-r--r-- 1 tomcat6 nogroup 15027 2008-02-24 17:30
catalina.2008-02-24.log
-rw-r--r-- 1 tomcat6 nogroup9937 2008-03-04 15:46
catalina_2008-03-04.log
-rw-r--r-- 1 tomcat6 nogroup9734 2008-03-04 15:46
catalina.2008-03-04.log
-rw-r--r-- 1 tomcat6 nogroup1160 2008-03-05 15:08
catalina_2008-03-05.log
-rw-r--r-- 1 tomcat6 nogroup1160 2008-03-05 15:08
catalina.2008-03-05.log
-rw-r--r-- 1 tomcat6 nogroup7509 2008-03-06 17:36
catalina_2008-03-06.log
-rw-r--r-- 1 tomcat6 nogroup7509 2008-03-06 17:36
catalina.2008-03-06.log
-rw-r--r-- 1 tomcat6 nogroup5219 2008-06-12 10:50
catalina_2008-06-12.log
-rw-r--r-- 1 tomcat6 nogroup5016 2008-06-12 10:50
catalina.2008-06-12.log
All the information I was able to find seemed to be pointing at the
log4j.properties file as far as logging settings. But none of the
information in it seemed to be of any use, I'll post it here because it
may be of more use to someone who knows what really might be going on.
#
# Enables debug output for Probe classes.
#
#log4j.logger.org.jstripe=DEBUG
log4j.logger.org.springframework.web.context.support=ERROR
log4j.logger.org.springframework.beans.factory.support=ERROR
log4j.appender.R=org.apache.log4j.RollingFileAppender
log4j.appender.R.File=${catalina.base}/logs/probe.log
log4j.appender.R.MaxFileSize=5036KB
log4j.appender.R.MaxBackupIndex=4
log4j.appender.R.layout=org.apache.log4j.PatternLayout
log4j.appender.R.layout.ConversionPattern=%d{dd MMM HH:mm:ss} [%t]
%-5p %c %x - %m%n
I've searched and searched, but I seems as though no one has run into
the problem that I'm having right now. If anyone has any idea why this
would be occurring, or where it is being produced from it would be
greatly appreciated.
Thanks,
Lucas
-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.0.28 memory usage - garbage collection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tootbatoot, tootbatoot wrote: | Hi Thanks. the two applications run on their own and don't share jvm so I can | use different versions - but the webapp I have deployed in tomcat server | requires it to be either on 5.0.28 or 5.5.17 (but using j2sdk1.4.2_12) - - we | are using 5.0.28. Okay. That doesn't seem to be a problem. | thanks for clarifying the behavior of memory - do you see any performance | gains if I switch to 5.5.17 from 5.0.28. My understanding is that TC 5.5 has a better architecture, which I assume means that certain performance characteristics will be better, but the #1 reason to move from TC 5.0 to TC 5.5 is that TC 5.0 is no longer supported. Not even security patches. You should upgrade so that you will be running a version of TC supported by the developers /and/ the community. | the only problem I have on my end | i that I have to use plugin for 5.5.17 for backward compatibility to | j2sdk1.4.2_12. That's not a problem. The compatibility package was developed just for that reason. again... why are you bound to a 1.4 JVM? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhSlZEACgkQ9CaO5/Lv0PCE0QCeJq6vTUHvz5xgmUIZGM5QZCIW MlwAoKf1sUEZmjLKuJA8OMAO6Ic6d3HY =F75G -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat producing (near) duplicate Catalina logs
Caldarale, Charles R wrote: From: André Warnier [mailto:[EMAIL PROTECTED] Subject: Re: Tomcat producing (near) duplicate Catalina logs Then one of the Linux mangling distribution authors intervened to explain why they were mangling and re-arranging things, and it all made a lot of sense too. Then get them to support the mess they create. Seriously, throw away the 3rd-party junk and install a real Tomcat. The mangled distributions are simply not reliable, regardless of how well-founded the intentions are. Ok. Maybe if we phrased the question differently then : Hi guys, To Tomcat developers and/or members of the real Tomcat fraternity : under which circumstances /would/ Tomcat 5.5 under Linux create two almost-identical-but-not-quite logfiles, - one named catalina.2008-06-12.log - one named catalina_2008-06-12.log .. just theoretically ? And thanks for your benevolent help. To Linux Debian Tomcat 5.5 packagers (and manglers) : why does Tomcat 5.5 under Debian Linux Etch create two almost-identical-but-not-quite logfiles, - one named catalina.2008-06-12.log - one named catalina_2008-06-12.log huh, why ? and where did you put the configuration snippet that tells it to do that ? And thanks for your benevolent help. André - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run several applications on different ports, isolated from each other
Ben Stringer wrote: On Fri, 2008-06-13 at 14:35 +0200, Yves Glodt wrote: Hello Christopher and List, thank you very much for your detailed description! I am currently evaluating all the possibilities to run my 2 applications side- by-side. Another idea I came up with is: Use only one instance of Tomcat, but create 2 connectors, which each hold one host, and these hosts have different appBase-folders. Then my apps would been isolated, and I would connect to them via mod_proxy on their respective ports. Hi Yves, I tried both methods, and preferred running two tomcat instances. It does require modifications to the packaging (I did this under RedHat), but gives the most flexibility. The decider for me was the ability to run each tomcat instance as a different user id, and to be able to completely stop and restart each tomcat without affecting the other. That last reason is why I use separate tomcat instances: my different apps have very different usage profiles; one app's busy time is the other one's dead time, so I can do maintenance on each of them without affecting the other one. D - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Simon, Simon Papillon wrote: | I'll check this out, I think you could be right, it will probably lead | to a lumpy load profile accross the tomcat servers, but I might give | it a go. Yeah, but a lumpy load profile that works properly is better than a flat load profile that doesn't. ;) | I set a tracking gif on each page pointing to a single domain e.g. | tracker.first-domain.com this is served up by the same container | as an query string argument I pass in the jsessionid for whichever | domain the request is made to. [snip] | the servlet handling the tracker.first-domain.com/track.gif registers | the different domain specific session ids with its own session id and | thus ties them altogether, thus when one of the session ids logs on, | its associated with a tracker session id which can then propogate the | information to the other user sessions. Wow, does that really work? That's a tremendously cool hack, if so! TC should not be respecting the JSESSIONID passed-in if it is invalid. Perhaps I'm misunderstanding you, though. Do you have a registry of session ids cross-linked in the session of each web application? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhSlpUACgkQ9CaO5/Lv0PD5TgCgn9+hn8fghSynKnzJQ4c68mxi ufsAn1MM1S3nI+R4e4baKlBqN/MhtgyC =codo -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat to syslog
Hi all, Have a vanilla tomcat coherence instance logging to local files-- CATALINA_BASE/logs and CACHE/logs. I am implementing a central logserver and want to get these into the syslog. I tried: tail -f [file log] | logger -p local#.info but this resulted in each wrapped line occurring as a new syslog message. The tomcat and coherence events are rather long and can include stack traces. I want to keep the entirety of their events as a single message event in syslog. Has anyone got tomcat logging to syslog correctly? Thanks in advance. Chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.0.28 memory usage - garbage collection
thanks Chris - the reason we are tied to j2sdk 1.4.2_12 is because it is recommended by the the packaged webapp - we are customiznig it and we have experienced major minor version issues when we try to deploy our customized code with the packaged webapp. in short package s/w is done using j2sdk1.4.2_12 our custom layer ontop of it has to stick to that thank Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tootbatoot, tootbatoot wrote: | Hi Thanks. the two applications run on their own and don't share jvm so I can | use different versions - but the webapp I have deployed in tomcat server | requires it to be either on 5.0.28 or 5.5.17 (but using j2sdk1.4.2_12) - - we | are using 5.0.28. Okay. That doesn't seem to be a problem. | thanks for clarifying the behavior of memory - do you see any performance | gains if I switch to 5.5.17 from 5.0.28. My understanding is that TC 5.5 has a better architecture, which I assume means that certain performance characteristics will be better, but the #1 reason to move from TC 5.0 to TC 5.5 is that TC 5.0 is no longer supported. Not even security patches. You should upgrade so that you will be running a version of TC supported by the developers /and/ the community. | the only problem I have on my end | i that I have to use plugin for 5.5.17 for backward compatibility to | j2sdk1.4.2_12. That's not a problem. The compatibility package was developed just for that reason. again... why are you bound to a 1.4 JVM? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhSlZEACgkQ9CaO5/Lv0PCE0QCeJq6vTUHvz5xgmUIZGM5QZCIW MlwAoKf1sUEZmjLKuJA8OMAO6Ic6d3HY =F75G -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Tomcat-5.0.28-memory-usage---garbage-collection-tp17800619p17826655.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL/HTTPS forwarding under Apache + mod_jk + tomcat
Rainer Jung wrote: André Warnier wrote: And, again in other words, if this parameter was set to Off, and Tomcat generated a new session and a JSESSIONID session cookie for this session, that the cookie would thus not be marked secure ? Didn't try this. What does your tests say? Oooh! I may want to try this. I may not have needed to change my app at all. If your own knowledge about secure / non secure differs from the one of httpd (e.g. you use an ssl accelerator in front of httpd) and you want to present your own idea of secure / non secure via mod_jk to Tomcat, you can set JkHTTPSIndicator to the name of some httpd environment variable, and then set the environment variable depending on details of the request via mod_setenvif or mod_rewrite. But if you simply want to drop all ssl info, setting JkExtractSSL to off is right. Interesting. I'm wondering if my old Apache 1.3.34+ssl Tomcat 3.2.4 combination involved any knowledge by Tomcat of Apache doing SSL? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat producing (near) duplicate Catalina logs
André Warnier wrote: Caldarale, Charles R wrote: From: André Warnier [mailto:[EMAIL PROTECTED] Subject: Re: Tomcat producing (near) duplicate Catalina logs Then one of the Linux mangling distribution authors intervened to explain why they were mangling and re-arranging things, and it all made a lot of sense too. Then get them to support the mess they create. Seriously, throw away the 3rd-party junk and install a real Tomcat. The mangled distributions are simply not reliable, regardless of how well-founded the intentions are. Ok. Maybe if we phrased the question differently then : Hi guys, To Tomcat developers and/or members of the real Tomcat fraternity : under which circumstances /would/ Tomcat 5.5 under Linux create two almost-identical-but-not-quite logfiles, - one named catalina.2008-06-12.log - one named catalina_2008-06-12.log ... just theoretically ? Just a shot in the dark: One of them coming from Tomcat-Logging, the other might be a redirected STDOUT written via a service wrapper. In many log configuration, appenders are configured in a way, that log messages go to STDOUT and a log file in parallel. In Tomcat without a service wrapper STDOUT gets redirected to catalina.out (no rotation by default), with a service wrapper it might go to the duplicate log file. Didn't verify that though. What's the difference between the two almost identical log files (I mean difference in contents)? And thanks for your benevolent help. To Linux Debian Tomcat 5.5 packagers (and manglers) : why does Tomcat 5.5 under Debian Linux Etch create two almost-identical-but-not-quite logfiles, - one named catalina.2008-06-12.log - one named catalina_2008-06-12.log huh, why ? and where did you put the configuration snippet that tells it to do that ? And thanks for your benevolent help. André Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Multiple Java processes when using Tomcat
-Original Message- From: John Gardner [mailto:[EMAIL PROTECTED] Subject: Multiple Java processes when using Tomcat Normally, I only expect to see 2,3,4 or 5 java processes associated with the Tomcat user, not all of the above! http://wiki.apache.org/tomcat/FAQ/Linux_Unix#Q1 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
Hi. Sorry to butt in, but just by curiosity from a Tomcat rookie, do you absolutely need to keep handling the same client IP with the same Tomcat instance ? (Do not feel obliged to comment at length, if it would not work, just tell me so and I'll get back to my Apache/Tomcat studies.) My possibly naïve and wrong understanding is as follows : You have a front-end Apache and access the Tomcats via mod_jk and a load balancer. You could do the authentication and SSO handling at the Apache level, and set some partial domain cookie at that level, with some cross-domain identifier (as long as the domains have a common part of course). The browser will later send this cookie back with each request addressed to any of the servers that match the partial domain. The user authentication could be passed to Tomcat via mod_jk (I think it will do that if you ask nicely). Separately, the cross-domain cookie will be passed automatically to Tomcat in the HTTP request headers, which mod_jk also forwards. Then at the Tomcat level (whichever instance), you could retrieve this cookie and the identifier it contains, and use that as a key to some user session storage (not in the Tomcat session object, but e.g. in a database common to all Tomcat instances) ? The separate Tomcats will still each create their separate sessions (and JSESSIONID cookies) for this user session, but does it matter ? And they would be nicely balanced. No ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL/HTTPS forwarding under Apache + mod_jk + tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill, Bill Davidson wrote: | Rainer Jung wrote: | André Warnier wrote: | And, again in other words, if this parameter was set to Off, and | Tomcat generated a new session and a JSESSIONID session cookie for | this session, that the cookie would thus not be marked secure ? | | Didn't try this. What does your tests say? | | Oooh! I may want to try this. I may not have needed to change my app | at all. Just remember that any transport-guarantee that requires SSL will break if you do this. | Interesting. I'm wondering if my old Apache 1.3.34+ssl Tomcat 3.2.4 | combination involved any knowledge by Tomcat of Apache doing SSL? I'm sure it did. I think the difference, as Bill Barker (IIRC) pointed out, is that TC 4.0 and later now actually set the secure flag on Cookie objects while earlier versions did not. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEUEARECAAYFAkhSpe0ACgkQ9CaO5/Lv0PDargCXU2TvcCzod3EFnPmzI8oMJ00m oQCeOoRWS9HHF2vS8BIi4VN0DRoZ3oc= =4mhQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat will not create session cookie
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mario, mkweb wrote: | Hello, | I'm new to the forum. I have a strange problem with my tomcat installation. | I'm using tomcat5.5.26 and struts for my web projekt. | | I configured the project in a context file, like this : | Context path= docBase=C:\webprojekt debug=1 reloadable=true | crossContext=true cookies=true Remove the path and docbase attributes, then try again and let us know if you are still having problems. Where does your context.xml file live? | I set the attribute cookies to 'true' because I want to have session | cookies. cookies=true is the default, but it doesn't hurt to specify it. | My problem is now when I open the webapp with the url | http://localhost everything is fine. The session cookie wil be | created and the output of the script above is like : | Cookies : JSESSIONID=05E932958950B69BE03874B8FCE26C3E That doesn't sound like a problem. | But when I open the webapp over the internet with an URL like | www.myprojekt.com tomcat will not create an session cookie. Tomcat adds the | jsessionid to the URL's and teh output of the script above is : | Cookies : No cookies Are you operating over a proxy or firewall that strips cookies from requests and responses? Try using a tool like LiveHTTPHeaders (for Firefox) or a similar tool for whatever browser you are using to see what the client requests and server responses look like. | What is the problem ? Why can't tomcat create session cookie for | www.myprojekt.com ? Is your code ever actually creating a cookie? Or, are you expecting to see the JSESSIONID cookie only? If so, are you sure you have a session? You mentioned that your URL contains ;jsessionid=[the session id], so I would guess that's the case. Is the session working and consistent? If so, then the implication is that the cookie itself is being suppressed somewhere -- probably /not/ in Tomcat's code. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhSp2sACgkQ9CaO5/Lv0PBUTACeKMzbgAZLZPiOrPe+vICX6YAi Qk4AnRdHn8sKhu3uaqPlzfh4kS8LEJjc =/Iw+ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: give error in upload a image in tomcat 6 but works well in tomcat 4
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sur, sur_1805 wrote: | I am using tomcat 4 and write jsp page to upload a image in server it works | with tomcat 4 but it gives error in upload image in tomcat 6 with the same | jsp page .It gives some java.lang.IndexOutOfBoundsException Care to post the stack trace? Specific Tomcat version? | org.apache.jasper.JasperException: An exception occurred processing JSP page | /Jsp/BOG/upload_scan.jsp at line 154 | | 151: | 152: // creating a new file with the same name and writing the content in | new file | 153: FileOutputStream fileOut = new FileOutputStream(save_File); | 154: fileOut.write(dataBytes, startPos, (endPos - startPos)); | 155: fileOut.flush(); | 156: fileOut.close(); | 157: This looks like a JSP compiler error, not a stack trace. What is that up there? | the code snippets is given below [snip] | int lastIndex = contentType.lastIndexOf(=); | String boundary = contentType.substring(lastIndex + | 1,contentType.length()); | int pos; | //extracting the index of file | pos = file.indexOf(filename=\); | pos = file.indexOf(\n, pos) + 1; | | pos = file.indexOf(\n, pos) + 1; | pos = file.indexOf(\n, pos) + 1; | | int boundaryLocation = file.indexOf(boundary, pos) - 4; | int startPos = ((file.substring(0, pos)).getBytes()).length; | int endPos = ((file.substring(0, boundaryLocation)).getBytes()).length; | | // creating a new file with the same name and writing the content in new | file | FileOutputStream fileOut = new FileOutputStream(save_File); | fileOut.write(dataBytes, startPos, (endPos - startPos)); | fileOut.flush(); | fileOut.close(); dataBytes, startPos, and endPos appear to have no relationship to each other. dataBytes is presumably the content of the file being posted, and startPos and endPos are clearly indexes into the 'file' string. It seems more natural to loop over the input and dump it into the output, instead of reading the entire file into memory and then writing to the output file. Perhaps you have some requirements I do not understand. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhSqRQACgkQ9CaO5/Lv0PDEvACgidQDejpRuxM/8TjPfkVPlwzP QyUAoJhhcF/wL9buI5+m2RAW/mGu1gtr =QTcH -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL/HTTPS forwarding under Apache + mod_jk + tomcat
Bill Davidson wrote: Rainer Jung wrote: André Warnier wrote: And, again in other words, if this parameter was set to Off, and Tomcat generated a new session and a JSESSIONID session cookie for this session, that the cookie would thus not be marked secure ? Didn't try this. What does your tests say? Oooh! I may want to try this. I may not have needed to change my app at all. Yep, I thought you might be interested. But had this come up sooner, it would have deprived us of a lot of interesting information. By the way, the reason why I can't try it right now is that I just don't have the application to try it with. So whatever I mentioned before (but which apprently so far seems ok) was purely by attempting to understand the documentation. Beware. And by the way, I do not know who's in charge of that, but should this all turn out to be true, I think that a small addendum in the JkExtractSSL item of the page http://tomcat.apache.org/connectors-doc/reference/apache.html; might avoid a lot of soul-searching in the future. Like the phrase : If you set this parameter to Off, then Tomcat will not know that the browser-Apache connection took place under HTTPS, and will treat it as a simple HTTP connection. See ... for more details. André - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: jk load balancing based upon ip address rather than session id
From: André Warnier [mailto:[EMAIL PROTECTED] Subject: Re: jk load balancing based upon ip address rather than session id Then at the Tomcat level (whichever instance), you could retrieve this cookie and the identifier it contains, and use that as a key to some user session storage (not in the Tomcat session object, but e.g. in a database common to all Tomcat instances) ? Yes, that kind of thing can be done, but it adds a good bit of complexity and overhead to what is normally just updating a local object. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
Hi André, You could do the authentication and SSO handling at the Apache level, and set some partial domain cookie at that level, with some cross-domain identifier (as long as the domains have a common part of course). The browser will later send this cookie back with each request addressed to any of the servers that match the partial domain. Your understanding of it, as far as my understanding is concerned, is spot on, but like you say in your post ... as long as the domains have a common part of course Unfortunately in my case that doesn't hold true, its an international site, and we've got the same domain names for different tlds e.g.: mydomain.com mydomain.com.ar So right at the top level (com vs / .com.ar), I'm a bit hamstrung other than that you're completely correct. I read a few other posts about trying to ensure that the JSESSIONID cookie sent by TC applies to the domain name and not the subdomain through TC (rather than doing it through apache) - this one might be of interest to you: http://www.nabble.com/Share-session-cookie-across-subdomains-td16787390.html but regardless in my case this doesn't help me because I'm essentially using two distinct domains. Cheers for the comment though Simon - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Hiding JSP Pages
On Fri, Jun 13, 2008 at 8:06 AM, W Strater [EMAIL PROTECTED] wrote: I am trying to hide the JSP so they can only be accessed via a forward. I have been able to put them in a subdirectory of WEB-INF using other containers but have not been able to do that with Tomcat 5.5. That /is/ the correct approach. /WEB-INF/classes/HelloWorld.class If that's literal, it's wrong -- your classes need to be in a package. I get the following errors: 09:22:57,253 [[/app].log 636] INFO - Marking servlet org.apache.catalina.INVOKER.WEB-INF as unavailable Are you trying to use the invoker servlet? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL and flash in tomcat
I try to force https for every request in my web application but the flash movies don't get displayed in ie. I get the exception below. Any clues? security-constraint display-namessl-test/display-name web-resource-collection web-resource-nameHairless/web-resource-name description/ url-pattern/*/url-pattern http-methodPOST/http-method http-methodGET/http-method http-methodHEAD/http-method http-methodPUT/http-method http-methodOPTIONS/http-method http-methodTRACE/http-method http-methodDELETE/http-method /web-resource-collection user-data-constraint descriptionssl mode/description transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Has anyone experienced this? Error message from tomcat Caused by: java.net.SocketException: Connection reset by peer: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(Unknown Source) at java.net.SocketOutputStream.write(Unknown Source) at com.sun.net.ssl.internal.ssl.OutputRecord.writeBuffer(Unknown Source) at com.sun.net.ssl.internal.ssl.OutputRecord.write(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source) at org.apache.coyote.http11.InternalOutputBuffer.realWriteBytes(InternalOutputBuffer.java:737) at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:434) at org.apache.coyote.http11.InternalOutputBuffer.flush(InternalOutputBuffer.java:299) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:963) at org.apache.coyote.Response.action(Response.java:183) at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314) ... 25 more -- View this message in context: http://www.nabble.com/SSL-and-flash-in-tomcat-tp17828970p17828970.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
Hi Chris, Wow, does that really work? That's a tremendously cool hack, if so! It seems to, although it's not yet been tested in anger and there is scope for dependancy issues if you navigate from one domain directly to the another expecting a continous session experience. What I mean is that you need to have one request for a resource on each domain to ensure that that session id is tied to the tracking id. Although I can think of several simple ways to overcome this, although in my case I don't need to due to the structure business domain / use cases that the web app models. TC should not be respecting the JSESSIONID passed-in if it is invalid. Perhaps I'm misunderstanding you, though. Do you have a registry of session ids cross-linked in the session of each web application? If I understand you correctly, yes. I use the session ids as a convenient session unique ids in my own registry of user login sessions and a tracking id which happens to be a JSESSIONID. Cheers Simon - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL and flash in tomcat
-Original Message- From: Mathias P.W Nilsson [mailto:[EMAIL PROTECTED] Subject: SSL and flash in tomcat I try to force https for every request in my web application but the flash movies don't get displayed in ie. Seach the archives; you'll find this, among many other references to this IE feature: http://marc.info/?l=tomcat-userm=121156687313957w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk load balancing based upon ip address rather than session id
Simon Papillon wrote: as long as the domains have a common part of course Unfortunately in my case that doesn't hold true, its an international site, and we've got the same domain names for different tlds e.g.: mydomain.com mydomain.com.ar I am not really a specialist of Tomcat, so I'll stick to try at the Apache level for now. Maybe it will provide an idea of how to do it at the Tomcat level anyway. I imagine that there is a single Apache host, with 3 virtual servers www.mycompany.com www.mycompany.co.uk www.mycompany.ar and the problem is that a browser will not send a cookie to a server whose domain name does not at least partially match. We can also not just set always 3 cookies, because the browser would probably reject a cookie that the host www.mycompany.com would want to set for the domain mycompany.co.uk. On the other hand, there must be a way by which you can tell that it is the same user that just switched from www.mycompany.com to www.mycompany.co.uk. You were talking previously of some scheme based on IP address. That seems a bit dangerous to me, because all requests from behind a router doing NAT will appear to be from the same IP address (but not the same port). Let's imagine thus that when you get a request, you obtain the IP address and port it is made from, and use this combination as a key. Your 3 servers use a common database of user sessions, where each session is identified by such a key. Whenever a server gets a request, it checks the database, and if it finds a matching key, retrieves the info stored under that key, and sets a cookie (with its own domain) which it sends back to the browser. Now the browser, for this new server, will re-send the cookie, and it happens to contain the same information that was set previously by the first server (the one who did the initial authentication and created the initial database entry). Are we getting somewhere ? No, we are not. Because when the browser switches from one server to the other, it might also start another TCP session, to which the router would give another origin port. But wait, it might still work, because the 3 virtual servers share in fact the same IP address, and the router would not know that this is a new session, because it works on the base of IP addresses, and does not look at the Host: HTTP headers. I have no idea how fragile this is, but maybe it gives you some additional ideas ? (It probably is quite fragile, because it depends on the browser and server maintaining the same TCP session throughout.) But now wait again. Do you know about OpenID ? That may be what you are looking for, and avoid all the stuff above. In your case, you would run your own OpenID server, and it would authenticate users no matter on which server they start, and keep this authentication available for the other (registered) servers. Go to http://openid.net; André - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Installing the deployer on windows server 2003
I have tomcat 5.5 java 1.5 on window server 2003. Does the windows installer come with the Deployer bundled? I basically just want to deploy my webapps from netbeans remotely. If I need to install the Deployer separately , do I just uncompress it in the same installation folder as tomcat_home ? -- The future is here. It's just not widely distributed yet. -William Gibson
RE: SSL and flash in tomcat
Thanks for the response. I have this configuration in my server.xml and no context since I'm deploying in Root.war. Any pointers on how to configure this Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Aliaswww.mysite.com/Alias /Host -- View this message in context: http://www.nabble.com/SSL-and-flash-in-tomcat-tp17828970p17830485.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat producing (near) duplicate Catalina logs
Rainer Jung wrote: André Warnier wrote: Caldarale, Charles R wrote: [...] Guys, I hate to admit it, but it very much looks like I will have to eat my words and be humble and deferential in the future to the real Tomcat school of thought. In just found this in the /etc/init.d/tomcat5.5 script of my Debian Linux system : su -p -s /bin/sh $TOMCAT5_USER \ -c $ROTATELOGS \$CATALINA_BASE/logs/catalina_%F.log\ 86400 \ $CATALINA_BASE/logs/catalina.out su -p -s /bin/sh $TOMCAT5_USER \ -c \$DAEMON\ start $STARTUP_OPTS \ $CATALINA_BASE/logs/catalina.out 21 Might that maybe be the reason for finding similar-but-not-quite-the-same logfiles for Tomcat ? - one named catalina.2008-06-12.log - one named catalina_2008-06-12.log The above would explain why we find catalina_2008-06-12.log like files in the /var/log/tomcatxx directory. It seems to me (but I'm not quite sure before I check the rotatelogs doc) - that it tells rotatelogs to take catalina.out on a daily base and archive it to e.g. catalina_-mm-dd.log - and then starts Tomcat, re-directing STDOUT and STDERR to catalina.out On the other hand, Tomcat itself creates another daily logfile, in the form of catalina.-mm-dd.log. Now, as a separate follow-up question, to the real Tomcat gurus (to which I humbly tip my hat and genuflect in shame) : Is it possible to change this so that Tomcat5.5 would produce a single logfile e.g. per month (catalina.-mm.log), instead of one per day ? And if yes, where ? And, by the same token, for the files host-manager.-mm-dd.log and manager.-mm-dd-log and localhost.-mm-dd.log, which are created everyday and often remain quite small ? Or is there a better way to manage this proliferation of logfiles ? (and please, if possible, do not tell me that I have to read and understand the log4j documentation for this, as I am a mere Tomcat user.) And, as a second question : do we really need the STDOUT/STDERR of Tomcat when it is running as a daemon ? Can I just replace some of the above to redirect Tomcat's STDOUT/STDERR /dev/null ? Or would we then lose some essential information ? Thank you in advance, André (And I am for now not even speaking to the wicked wicked Debian Linux Tomcat packagers anymore) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL and flash in tomcat
From: Mathias P.W Nilsson [mailto:[EMAIL PROTECTED] Subject: RE: SSL and flash in tomcat I have this configuration in my server.xml and no context since I'm deploying in Root.war. (I hope the above is ROOT.war, not Root.war, or you're in a world of hurt.) You do have a context, just not an explicit one. Create a Context element inside your .war file, in META-INF/context.xml; do not include path or docBase attributes - just the appropriate Valve will suffice. You can probably also put the Valve declaration in Tomcat's conf/context.xml, since that's shared by all webapps, but I haven't tried it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
allow access without auth to app from several ip ranges , but leave auth from any other hosts
HI ALL . I have basic authentication for my tomcat application . Now I want , allow access without authentication to this app from several ip ranges , but leave auth from any other hosts . I did not find any solution in google Is it possible ? tomcat version is 6.0.16 Thanks in advance . - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Installing the deployer on windows server 2003
Ok, looking further into the docs I see the deployer can be downloaded anywhere. I also see that also has to have the admin app runnning. What was the reason for taking this out again? Setting up the deployer has become a lot more cumbersome. On Fri, Jun 13, 2008 at 2:37 PM, Vinny [EMAIL PROTECTED] wrote: I have tomcat 5.5 java 1.5 on window server 2003. Does the windows installer come with the Deployer bundled? I basically just want to deploy my webapps from netbeans remotely. If I need to install the Deployer separately , do I just uncompress it in the same installation folder as tomcat_home ? -- The future is here. It's just not widely distributed yet. -William Gibson -- The future is here. It's just not widely distributed yet. -William Gibson
Re: URL is null and HTTP 404 error when using FROM authentication
Hi Thanks for the feedback Chuck. I've done the changes you've suggested and I still experience the same problem. The after I login I am brought back to the login page. Basiclly this indicated that the login failed, since my error and login pages are the same - index.jsp. I get the following in the access log: 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] GET /hamula/ HTTP/1.1 200 2250 http://127.0.0.1:8080/manager/html/start?path=/hamula; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] GET /hamula/images/kubrickbgcolor.jpg HTTP/1.1 404 1051 http://127.0.0.1:8080/hamula/style.css; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] POST /hamula/j_security_check HTTP/1.1 200 2250 http://127.0.0.1:8080/hamula/; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] GET /hamula/images/kubrickbgcolor.jpg HTTP/1.1 404 1051 http://127.0.0.1:8080/hamula/style.css; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] POST /hamula/j_security_check HTTP/1.1 200 2250 http://127.0.0.1:8080/hamula/j_security_check; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] GET /hamula/images/kubrickbgcolor.jpg HTTP/1.1 404 1051 http://127.0.0.1:8080/hamula/style.css; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] GET /hamula/home.jsp HTTP/1.1 200 2250 null Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] GET /hamula/images/kubrickbgcolor.jpg HTTP/1.1 404 1051 http://127.0.0.1:8080/hamula/style.css; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:18 -0400] POST /hamula/j_security_check HTTP/1.1 200 2250 http://127.0.0.1:8080/hamula/home.jsp; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:18 -0400] GET /hamula/images/kubrickbgcolor.jpg HTTP/1.1 404 1051 http://127.0.0.1:8080/hamula/style.css; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 The kubrik.jpg was actually removed so I can understand tomcat compaining with error 404 about it. this is what I currently have: myapps/WEB-INF/web.xml: ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameHamula/display-name distributable/ welcome-file-list welcome-file home.jsp /welcome-file /welcome-file-list resource-ref descriptionDB Connection/description res-ref-namejdbc/hamula/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref security-constraint web-resource-collection web-resource-nameHamula/web-resource-name descriptionPages accessible by registered users/description !-- PAGES ACCESIBLE ONLY BY REGISTERED USERS SHOULD BE ADDED HERE -- url-pattern/home.jsp/url-pattern url-pattern/events.jsp/url-pattern url-pattern/profile.jsp/url-pattern url-pattern/community.jsp/url-pattern !-- THIS IS AN EXAMPLE OF A PATTERN TO MATCH MANY PAGES url-pattern/protected/*.jsp/url-pattern -- !-- = -- http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nameadmin/role-name role-namemanager/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/index.jsp/form-login-page form-error-page/index.jsp/form-error-page /form-login-config /login-config security-role description The role that is required to access registered user functions and pages /description role-nameadmin/role-name role-namemanager/role-name /security-role /web-app myapp/META-INF/context.xml: ?xml version=1.0 encoding=UTF-8? Context reloadable=true crossContext=true debug=99 Realm className=org.apache.catalina.realm.MemoryRealm/ /Context $CATALINA_HOME/conf/server.xml: ?xml version='1.0'
Re: Tomcat problems with large number of contexts in webapps
if you use a more recent JDK, then the OutOfMemoryError should have an additional message, depending on what this message is, you'll need to apply different tuning parameters. so if you share the message with us, we can maybe help you, if your OOME doesn't have a message, upgrade your JDK and try again Filip mopont wrote: Hello everyone! I use tomcat since version 4, and in all of this time I always used to work with small number of contexts in the webapps. Nowadays I'm in working with a e-learning application, so we customize the same version of our application to our clients. The fact is that the increasing number of clients requests for the product made the number of contexts in our tomcat raise to a limit, at this moment we have around 38 contexts (6.000 files each). While we were using 4...5 contexts everything was fine, but now all that we go is a bunch of OutofMemory errors even with a single .class deployment. We use IIS as the front end + ISAPI FILTER + Tomcat. In a first moment we tought that a version upgrade would give us a solution, and afted doing that unhapply the same occurs again and again we gave to tomcat -Xms 512m -Xmx1024m of memory, but we have a OutofMemory even before reaching that limit. We setted the configuration for the JK connector for 450 connections and even before that the same occurs!! Now we are thinking about clustering tomcat, but we fear that even a cluster won't give us a solution. Has anyone here experienced a similar problem before? We already thinking in moving to SunAppServer... can someone here help me with this ? thanks in advance!!! No virus found in this incoming message. Checked by AVG. Version: 7.5.524 / Virus Database: 270.2.0/1495 - Release Date: 6/10/2008 5:11 PM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat to syslog
you already posted this once Chris Pratt wrote: Hi all, Have a vanilla tomcat coherence instance logging to local files-- CATALINA_BASE/logs and CACHE/logs. I am implementing a central logserver and want to get these into the syslog. I tried: tail -f [file log] | logger -p local#.info but this resulted in each wrapped line occurring as a new syslog message. The tomcat and coherence events are rather long and can include stack traces. I want to keep the entirety of their events as a single message event in syslog. Has anyone got tomcat logging to syslog correctly? Thanks in advance. Chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Any users with centralized logging?
it would probably be easier to write a custom logger for the tomcat logger, that sends the entire message, as it is to where you want it Filip Chris Pratt wrote: Hi all, Have a vanilla tomcat coherence instance logging to local files-- CATALINA_BASE/logs and CACHE/logs. I am implementing a central logserver and want to get these into the syslog. I tried tail -f [file log] | logger -p local#.info but this resulted in each wrapped line occurring as a new syslog message. The tomcat and coherence events are rather long and can include stack traces. I want to keep the entirety of their events as a single message event in syslog. Has anyone faced and conquered a similar issue? Thanks in advance. Chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: allow access without auth to app from several ip ranges , but leave auth from any other hosts
hi Alex, that is an interesting use case. I don't think there is away to do this without doing some customization to the tomcat code base, such as implementing your own realm Filip Alex Mestiashvili wrote: HI ALL . I have basic authentication for my tomcat application . Now I want , allow access without authentication to this app from several ip ranges , but leave auth from any other hosts . I did not find any solution in google Is it possible ? tomcat version is 6.0.16 Thanks in advance . - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL and flash in tomcat
Thanks alot! That solved it. -- View this message in context: http://www.nabble.com/SSL-and-flash-in-tomcat-tp17828970p17831601.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: allow access without auth to app from several ip ranges , but leaveauth from any other hosts
From: Alex Mestiashvili [mailto:[EMAIL PROTECTED] Subject: allow access without auth to app from several ip ranges , but leaveauth from any other hosts I have basic authentication for my tomcat application . Now I want , allow access without authentication to this app from several ip ranges , but leave auth from any other hosts . Not sure if this will do it yet, but take a look at this package: http://sourceforge.net/projects/securityfilter/ Despite the last release date of 2004, it is now under active development again. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: allow access without auth to app from several ip ranges , but leave auth from any other hosts
Alex Mestiashvili wrote: HI ALL . I have basic authentication for my tomcat application . Now I want , allow access without authentication to this app from several ip ranges , but leave auth from any other hosts . I did not find any solution in google Is it possible ? Not with Tomcat out of the box. Take a look at http://securityfilter.sourceforge.net/ If it can't do it out of the box (I haven't checked) then it is probably only a small amount of code. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat producing (near) duplicate Catalina logs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, André Warnier wrote: | Is it possible to change this so that Tomcat5.5 would produce a single | logfile e.g. per month (catalina.-mm.log), instead of one per day ? IIRC, Tomcat does not do any log rolling of any kind on its own. Tomcat uses commons-logging for just about everything, and commons-logging can be configured to work with a particular logging system (juli, log4j, etc.). Those other logging systems typically have rolling capabilities and are not covered by Tomcat's documentation (because that configuration is covered by the documentation of whatever logging package you are using). For instance, log4j can be configured to roll once per month by specifying this in the configuration: log4j.appender.A1=org.apache.log4j.DailyRollingFileAppender log4j.appender.A1.file = @app-log-dir@/log4j.log # Roll-over the log once a day log4j.appender.A1.DatePattern='.'-MM Contrary to its class name, DailyRollingFileAppender rolls whenever it makes sense given the DatePattern that you set it up to use. See the log4j javadoc for this class for detailed information on configuring this appender (which is what log4j calls classes that actually write to log files). If you allow your logging package to roll your log files for you, you don't have to run cron jobs like Debian is apparently configured to do. Also, all the configuration goes with the application (or the server), instead of spread around the filesystem in the Debian case. | Or is there a better way to manage this proliferation of logfiles ? | (and please, if possible, do not tell me that I have to read and | understand the log4j documentation for this, as I am a mere Tomcat user.) Heh. Sorry. If you want to use log4j, you're gonna have to read the log4j documentation. Unless, of course, you're okay with everything going to catalina.out and having shell script roll your logfiles in unpredictable ways. I'm disappointed in your unwillingness to read documentation for libraries that you use. You wouldn't call General Electric to ask them how to cool a steak just because you keep it cold in a GE freezer. By the same token, don't expect anyone in the Tomcat community to give you a primer on how to configure log4j when the documentation is just begging to be read over at logging.apache.org. :( | And, as a second question : do we really need the STDOUT/STDERR of | Tomcat when it is running as a daemon ? Can I just replace some of the | above to redirect Tomcat's STDOUT/STDERR /dev/null ? You could, but I wouldn't recommend it. | Or would we then lose some essential information ? What happens if your logging configuration is broken? In that case, you'd get /no/ output whatsoever, and you'd never know why. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhS3gkACgkQ9CaO5/Lv0PDBfACeNlmYSCC3fdNBhCyPXddkJTZ4 E/EAn3rEqQklAMqjSszNt/bdI9qUNoTM =9uC3 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: allow access without auth to app from several ip ranges , but leaveauth from any other hosts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: | From: Alex Mestiashvili | [mailto:[EMAIL PROTECTED] | Subject: allow access without auth to app from several ip | ranges , but leaveauth from any other hosts | | I have basic authentication for my tomcat application . | Now I want , allow access without authentication to this app from | several ip ranges , but leave auth from any other hosts . | | Not sure if this will do it yet, but take a look at this package: | http://sourceforge.net/projects/securityfilter/ Nope, we don't support that -- at least not directly. Of course, as Filip suggests, you could always write your own realm (for either sf or TC). | Despite the last release date of 2004, it is now under active development again. The 2004 code is also still just as good as it was in 2004. Not much has changed in the servlet spec. ;) My suggestion would be to deploy the application multiple times, and use a RemoteAddressValve for those IP addresses which do not require authentication (and, of course, remove the appropriate configuration from web.xml for those copies of the application). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhS4AIACgkQ9CaO5/Lv0PA3XQCfWjWwqG4lDl77DewufS9m2xBB NcgAoKbaXZhOIGV7GKt5lHPuNmlNswhJ =hIW+ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
disable directory indexing in tomcat?
Group, I'm a Unix admin working on a Solaris 8 server running Tomcat 6.0.16. No other apps run on the server, for example, there is no Apache httpd running. I have been tasked with disabling directory indexing based on a security scan that provided this infomation: Vulnerability Identified: Directory Indexing on Web Server Severity: Low Description: Verizon Business identified that a web server allows its directory contents to be displayed, including any documents that were not intended to be hyperlinked from other pages. Impact: Attackers could discover potentially sensitive documents that were not intended to be found. These documents may assist attackers in crafting future attacks against the web server or any applications hosted on it. Recommendation: Verizon Business recommends disabling directory indexing by modifying the web servers configuration. For the IBM HTTP server and Apache, directory indexing can be disabled by removing the following line for the directory configuration: Options Indexes In Microsoft IIS, directory indexing can be disabled by deselecting the Directory Browsing option for the affected directory. Does this request make sense? I ask because I can't find any information on directory indexing for Tomcat, although disabling it in Apache is easy enough. Thanks for any guidance! David unixhound at gmail.com
Re: disable directory indexing in tomcat?
Dave Girardin wrote: Does this request make sense? I ask because I can't find any information on directory indexing for Tomcat, although disabling it in Apache is easy enough. The request makes sense if directory listings are enabled, but they are disabled by default. You need to look for the default servlet configuration (should be in conf/web.xml but I would check every web.xml to be sure). There should be something like: servlet servlet-namedefault/servlet-name servlet-classorg.apache.catalina.servlets.DefaultServlet/servlet-class init-param param-namedebug/param-name param-value0/param-value /init-param init-param param-namelistings/param-name param-valuefalse/param-value /init-param load-on-startup1/load-on-startup /servlet The listings = false bit is what diables diretory listings. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: allow access without auth to app from several ip ranges , but leave auth from any other hosts
If it may help : I have implemented a mechanism as described below, in Apache using mod_perl. I don't know how to do it under Tomcat, or if it is even possible without rewriting some basic Tomcat code, but maybe the following gives someone an idea. (Of course, if you are running Tomcat with an Apache front-end and mod_jk, you could do it in Apache, and pass the user-id to Tomcat. That's in fact what I am doing.). In Apache/mod_perl, it relies on the fact that there are three consecutive phases in request processing, with possible mod_perl hooks, and they run in this order : - an access control phase This phase is supposed to grant or deny access based on some request characteristic other than the user-id (e.g. the time of day, or the IP range the request is coming from). In standard Apache config, this is the equivalent of an Allow from ..(IP range).. directive. In Tomcat, it would probably be an Access-control Valve. There is an example somewhere in the Tomcat on-line documentation. - an authentication phase where the request is authenticated (gets a user-id if it doesn't have one yet) - an authorisation phase where the request is allowed or not to proceed, depending on whether or not it has a user-id, and this user-id is supposed to be able to access this resource. Basically, I hijack the access-control phase, to compare the origin IP of the request with a table containing IP addresses and corresponding group user-id's. If the origin IP matches one of the table entries, it gets the associated user-id. Otherwise it does not get a user-id. Anyway, the request is allowed to proceed. In the authentication phase, it is checked whether the request is already authenticated. If yes (for example it got a user-id during the access-control phase), it is allowed to proceed. If not, it gets a login page. And finally in the authorisation phase, the request is rejected if it does not have a user-id. Now the questions are, in Tomcat, 1) if an Access-control Valve runs before an application (webapp) is invoked. I believe it should, since it is (can be) defined at a higher level than a webapp. 2) if one could, within such a Valve, attribute a user-id to the session. That I really don't know, because I have never actually seen a method allowing to /set/ a user-id. (But I was probably looking in the wrong places). 3) how one could write a custom Valve, and how difficult that would be. Considering that Tomcat is open-source, one could always take the standard IP-based Valve and modify it for the purpose. Alternatively, maybe it is possible to do this IP-based authentication in a servlet filter wrapped around the webapp. But I have a feeling that under Tomcat the authentication/authorization phase runs before even a servlet filter runs, and in that case it might not work. I am interested also to learn if the above kind of thing is possible, and if that would be a good way of doing this under Tomcat. Filip Hanik - Dev Lists wrote: hi Alex, that is an interesting use case. I don't think there is away to do this without doing some customization to the tomcat code base, such as implementing your own realm Filip Alex Mestiashvili wrote: HI ALL . I have basic authentication for my tomcat application . Now I want , allow access without authentication to this app from several ip ranges , but leave auth from any other hosts . I did not find any solution in google Is it possible ? tomcat version is 6.0.16 Thanks in advance . - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: disable directory indexing in tomcat?
Thanks so much Mark. As you suspected it was disabled so I suspect the security scan is in error. I'll check the web page to be sure though. David On 6/13/08, Mark Thomas [EMAIL PROTECTED] wrote: Dave Girardin wrote: Does this request make sense? I ask because I can't find any information on directory indexing for Tomcat, although disabling it in Apache is easy enough. The request makes sense if directory listings are enabled, but they are disabled by default. You need to look for the default servlet configuration (should be in conf/web.xml but I would check every web.xml to be sure). There should be something like: servlet servlet-namedefault/servlet-name servlet-classorg.apache.catalina.servlets.DefaultServlet/servlet-class init-param param-namedebug/param-name param-value0/param-value /init-param init-param param-namelistings/param-name param-valuefalse/param-value /init-param load-on-startup1/load-on-startup /servlet The listings = false bit is what diables diretory listings. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat producing (near) duplicate Catalina logs
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, I'm disappointed in your unwillingness to read documentation for libraries that you use. You wouldn't call General Electric to ask them how to cool a steak just because you keep it cold in a GE freezer. By the same token, don't expect anyone in the Tomcat community to give you a primer on how to configure log4j when the documentation is just begging to be read over at logging.apache.org. :( I like the above analogy, but it begs for another one : I don't own a GE fridge, but I (occasionally) drive a BMW car. It is quite sophisticated, and most of the driver controls (lights, window wipers, radio, etc..) are made by Bosch or some other car-equipment supplier. Yet, when I want to know how to turn on the window-wipers, BMW doesn't tell me to go read and understand the Bosch technical documentation for ditto. Instead they provide a nice BMW User's Guide who tells me exactly which button to press, even though they don't make the window-wipers themselves. Granted, the BMW costs quite a bit more than a Tomcat instance (at least as far as the up-front cost is concerned; maintenance is a more contentious issue). But then, both need users in order to survive, and not all users are engineers. So BMW bites the bullet and makes a nice and readable User's Guide, which helps in making their cars popular to the masses. What I am saying, is that I understand what you're saying, and I agree that one can't do everything, and that people who develop Tomcat and log4j, and make it available for free, deserve credit, a lot of it. But for a mere user who would just like to use Tomcat, the documentation of log4j (and commons-logging) is obscure to say the least, and an absolute overkill when it comes to find out how to merely change the name of a logfile. Would'nt you think so ? ;-) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat producing (near) duplicate Catalina logs
Apart from the GE/BMW stuff, many thanks for your answers and time anyway. Not that you'd think me ungrateful. Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, André Warnier wrote: | Is it possible to change this so that Tomcat5.5 would produce a single | logfile e.g. per month (catalina.-mm.log), instead of one per day ? IIRC, Tomcat does not do any log rolling of any kind on its own. Tomcat uses commons-logging for just about everything, and commons-logging can be configured to work with a particular logging system (juli, log4j, etc.). [...] Ok, then where about in my Tomcat configuration would I find which logging system it uses, or a pointer to something that tells me which system is used ? Starting, say, from Tomcat's server.xml ? And thanks for the detailed info that was included below here. I store it away for later use, just in case that's what I've got. André - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL is null and HTTP 404 error when using FROM authentication
Ok i decided to dump this hell and start fresh. So here I am with stock configurations, it is Tomcat 6.0 + MySQL 5.0. I login to manager app using MemoryRealm and everything is fine. I change the global settings in server.xml to use mysql driver and boom can't login to manager anymore So i guess the problem is somewhere between tomcat and mysql. MySQL logs indicate the the connector has connected to the database and quering the right table + fields: 080613 19:40:29 96 Connect [EMAIL PROTECTED] on 96 Query select @@version_comment limit 1 080613 19:40:37 96 Quit 97 Connect [EMAIL PROTECTED] on hamula 080613 19:40:53 97 Query select uid, password, role from users 080613 19:41:05 94 Query SELECT password FROM users WHERE uid = '[EMAIL PROTECTED]' 94 Query commit 080613 19:41:07 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit 080613 19:43:17 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit 080613 19:44:30 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit 080613 19:44:34 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit 080613 19:46:12 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit So, clearly seen the connector established a session under root and the history of all it's queries is from there on. My server.xml is stock except for the Real part, so here is what I have: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/hamula?user=rootamp;password=skywalker digest=MD5 userTable=users userNameCol=uid userCredCol=password userRoleTable=users roleNameCol=role/ Which is located inside of the Engine tag. My databe looks as follows: mysql select uid, password, role from users; ++-+---+ | uid | password | role | ++-+---+ | [EMAIL PROTECTED] | test | admin | | test | 033bd94b1168d7e4f0d644c3c95e35bf | manager | ++--+---+ 2 rows in set (0.00 sec) What's wrong here?? How can I get more details on why and what part of the authentication is failing?? Thanks -Assaf On Fri, Jun 13, 2008 at 4:26 PM, exkor [EMAIL PROTECTED] wrote: Hi Thanks for the feedback Chuck. I've done the changes you've suggested and I still experience the same problem. The after I login I am brought back to the login page. Basiclly this indicated that the login failed, since my error and login pages are the same - index.jsp. I get the following in the access log: 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] GET /hamula/ HTTP/1.1 200 2250 http://127.0.0.1:8080/manager/html/start?path=/hamula; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] GET /hamula/images/kubrickbgcolor.jpg HTTP/1.1 404 1051 http://127.0.0.1:8080/hamula/style.css; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] POST /hamula/j_security_check HTTP/1.1 200 2250 http://127.0.0.1:8080/hamula/; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] GET /hamula/images/kubrickbgcolor.jpg HTTP/1.1 404 1051 http://127.0.0.1:8080/hamula/style.css; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] POST /hamula/j_security_check HTTP/1.1 200 2250 http://127.0.0.1:8080/hamula/j_security_check; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] GET /hamula/images/kubrickbgcolor.jpg HTTP/1.1 404 1051 http://127.0.0.1:8080/hamula/style.css; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] GET /hamula/home.jsp HTTP/1.1 200 2250 null Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] GET /hamula/images/kubrickbgcolor.jpg HTTP/1.1 404 1051 http://127.0.0.1:8080/hamula/style.css; Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14 127.0.0.1 - -
Re: Tomcat producing (near) duplicate Catalina logs
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, [...] By the same token, don't expect anyone in the Tomcat community to give you a primer on how to configure log4j when the documentation is just begging to be read over at logging.apache.org. :( I took you at your word, and just made another try at http://logging.apache.org. I'm not saying it's your fault, but you've got to be kidding. No wonder it's begging to be read. I bet it isn't getting rich at it either. Remember, I'm a Tomcat user, just looking for how to get a monthly logfile instead of daily ones. One of the Tomcat gurus tells me that Tomcat gurus don't do logging, and that I should look at the commons-logging documentation at http://logging.apache.org., so I do. There is no mention of anything else (juli ?) than log4j and derivatives on the Welcome page. So I started with the log4j menu item, basically because it seems to be the only one mentioned there with relevance to Tomcat. Logically (I thought), I started with the 2.0 version. Wrong choice. I downgraded my choice to 1.3. Wrong choice also apparently. 1.2 is the thing, I guess. Nice starting page. Then I chose Documentation...Introduction in the menu at the left. Nice general introduction. Scrolling down and reading however, it gets into material that I believe might be appropriate to a Java programmer wanting to know how to insert logging statements in his code, but not exactly useful for someone looking for where log4j would hold the configuration smippets that tell one if it is going to create a monthly or daily logfile. It continues with a couple of examples of logger hierarchies, and then it seems to stop rather abruptly. Strange. Usually, Introduction means introduction to something else. But there doesn't seem to be anything here after the Introduction. The JavaDoc item does not seem particularly useful in my case either. No problem, I switched to the FAQ. I read all titles (1 to 31). There does not seem to be anything there talking about where the configuration files are, or how this relates to Tomcat logging. So I started reading sequentially. Here is a snippet of about where I almost gave up : The DOMConfigurator.configure(String filename) method and its variants require a JAXP compatible XML parser, for example Xerces or Sun's parser. Compiling the DOMConfigurator requires the presence of a JAXP parser in the classpath. Uhu. Scrolling down a bit more, I get a list of the following thrilling features : - Logging behavior can be set at runtime using a configuration file. Configuration files can be property files or in XML format. - log4j is designed to handle Java Exceptions from the start. - log4j can direct its output to a file, the console, an java.io.OutputStream, java.io.Writer, a remote server using TCP, a remote Unix Syslog daemon, to a remote listener using JMS, to the NT EventLog or even send e-mail. - log4j uses 5 levels, namely DEBUG, INFO, WARN, ERROR and FATAL. - The format of the log output can be easily changed by extending the Layout class. - The target of the log output as well as the writing strategy can be altered by implementations of the Appender interface. - log4j supports multiple output appenders per logger. - log4j supports internationalization. Great stuff all of that probably, and it seems to say that you can do a lot of stuff in the configuration, but where /is/ the configuration file for Tomcat ? That, it doesn't seem to say. So after an hour, I'm pretty much back to square 1. I am a Tomcat user, not a Tomcat developer. I find Tomcat nice, I have a lot of respect for the people who develop it, and I am grateful to the people who answer rookie questions like mine on lists like this one. I have no doubt that there are similar people in the log4j area. But basically, I just want to install Tomcat, and run nice applications within it, with a minimum of trouble. In this case, I would just like to know how to configure Tomcat or whatever, so that instead of having umpteen daily catalina.-mm-dd.log logfiles, I get only upmteen divided by 30 monthly catalina.-mm.log logfiles. Maybe even umpteen divided by 365 yearly catalina..log logfiles. But for that, it seems that the first step is to find the Tomcat configuration file that would tell me if log4j is being used, or finding the log4j configuration file that shows something that looks like catalina..log. I tried, but I'm not finding it. Am I the only one in that situation ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat producing (near) duplicate Catalina logs
Hi Andre, I tried, but I'm not finding it. Am I the only one in that situation ? No, I've tried to read both the log4j docs and the tomcat logging docs. Nowhere is there a good working example that describes some real world situations. My trouble is different from yours, but I believe we are both looking for the same thing, an effective guide to tomcat logging. The tomcat documentation for JULI talks about using both at the same time etcetera and somewhere in the muddle switches between. Sorry, I don't think this is a hijack, it is my frustration. Here is my situation which is complex and I KNOW is too complicated to ask for advise on the totality - I've been on the list to absorb relevant info, and maybe I'm ready. When we went to 5.5.25 we lost all the really nice SIMPLE logging w/o bulletproof instructions on how to replace it. It would be nice to have a cookbook that directly translates the one config to the other showing how to do it with JULI, with log4j and with both happily co- existing. This last, for me has been the key part. My trouble involves my rather weird configuration that grew from tomcat 3.3 to 4.1 to 5.5. I recently added Roller 4.0 and had to do a weirder config due its 16MB per context permgen space requirements for 4000 classes moving many of its jars to tomcat/shared/lib ended my OOM. All my contexts logs are hijacked by Roller, and that is a roller question that I can't ask due to my weird configuration. But if I understood better how logging and tomcat interact I could understand. Watching this list I am confident that I could reconfigure with apache in front of tomcats w/my webapp and other tomcats w/Roller. This would be ideal, and different logging mechanisms could be used in each tomcat. And my problem would stop, ... And it is what will be done. I prefer it for many reasons which many on this list have graciously provided. I would still like to have someone help me guide through the logging configuration in some simple scenarios. If this is done then I promise the people on this wonderful group that I'll try to distill it into a reasonable FAQ. I'm on Solaris 8, w/Java 5. My host context on Tomcat 4.1.31 looks like: Host name=my.url.com appBase=webapps-url Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=my_url_access. suffix=.log pattern=common/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=my_url_logger. suffix=.log timestamp=true/ /Host In Tomcat 5.5.26: Host name=my.url.com appBase=webapps-unity Valve className=org.apache.catalina.valves.FastCommonAccessLogValve directory=logs prefix=my_url_access. suffix=.log pattern=common/ /Host How do I translate my 4.1.31 Logger to log4j in Tomcat 5.5.25? How do I do the same for JULI logging? How do I combine the two? How does the classloader come into play? I know it has some affect because there is mention in the docs of tomcat/common/ vs. tomcat/ shared/? Do the answers differ for Tomcat 6? Now do you see why we simple users who must spend time programming their apps, are confused? Especially when you go from having a VERY SIMPLE interface to options you don't care about but are forced to make. Like which health care plan? This is critical to me, I ought to go to Tomcat 6 and Java 6 as I go to Apache / Tomcat (for load balancing, SSL front end and splitting parts of webapps between differently configured tomcats, I certainly don't want to waste time with logging configuration, Regards, Dave - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat producing (near) duplicate Catalina logs
On Sat, 2008-06-14 at 02:31 +0200, André Warnier wrote: [...snip...] I tried, but I'm not finding it. Am I the only one in that situation ? Hi André, Check out cronolog - it is a useful tool to manage tomcat logs in the way you wish. This post may point you in the right direction: http://mail-archives.apache.org/mod_mbox/tomcat-users/200407.mbox/% [EMAIL PROTECTED] Cheers, Ben - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
