Tomcat configuration on IIS 7
Hello, We've just installed tomcat on our IIS 7 servers. Is there a way to configure (like enable/disable) Tomcat for certain sites? Like in a hosting environment? Or tomcat will e enabled for all sites on the server? Thanks -- View this message in context: http://www.nabble.com/Tomcat-configuration-on-IIS-7-tp21662975p21662975.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: 403 on https connection but not http
Christopher, For some reason, after several filter rebuilds to add in extra logging, the filters are now working across https:// which makes me suspect that it was an issue between the browser and filters not giving out the cookie properly. Essentially this part of the application relies on a remember me cookie for authentication and authorization and if it isn't present, redirects the user to a login page on another part of the site, otherwise the user is just forwarded into the application. Iain -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 23 January 2009 19:16 To: Tomcat Users List Subject: Re: 403 on https connection but not http -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Iain, Emsley, I (Iain) wrote: I'm trying to get https:// working on an application running on Tomcat 5.5.23 on Windows Server 2003. When I ran the application on port 8080, it logged me in fine using our login filters, however when I moved to https://, the application returns 403 without any messages being written to stdout or logging messages that I've put in the filters to try and debug them if needs be. Hmm. Your configuration looks okay. Can you do an HTTP capture of the conversation between the client and the server? Do you ever get a login screen, or are you refused immediately upon the first request? Do your filters redirect (as opposed to forwarding) the user to the login screen? If so, are your login pages protected by yoru security-constraints? I wonder if you may have set up auth semantics like this: 1. All pages require a valid login 2. Login page is /login.jsp 3. Per rule #1, /login.jsp requires a login ? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl6F38ACgkQ9CaO5/Lv0PDcMACeISFOCEHd/PZ3bmx2+0f8V//o f10An1bZE2vXccP/sanipzyexBtScl7i =jNjP -END PGP SIGNATURE-
Tomcat and OpenSSL 9.8.0j ?
Hi all, I need a Tomcat version with Open SSL 9.8.0j (came out beginning of January 2009). Does anyone know when this version of OpenSSL will be integrated in a Tomcat distribution? I haven't found any information on this issue on the Tomcat-Site. Thanks in advance for your help! Franziska Sicherheitshinweis: Dieses E-Mail von PostFinance ist signiert. Weitere Informationen finden Sie unter: https://www.postfinance.ch/e-signature. Geben Sie Ihre Sicherheitselemente niemals Dritten bekannt. smime.p7s Description: S/MIME Cryptographic Signature
Re: Tomcat configuration on IIS 7
Hi Raffee, You should read http://tomcat.apache.org/connectors-doc-archive/jk2/jk/iishowto.html on how to setup the connection between IIS and tomcat. As you will see you have to configure the connection per website in IIS. Cheers, Kees de Kooter http://www.boplicity.net On Mon, Jan 26, 2009 at 11:06, Raffee Parseghian raffee.parsegh...@c-o.com wrote: Hello, We've just installed tomcat on our IIS 7 servers. Is there a way to configure (like enable/disable) Tomcat for certain sites? Like in a hosting environment? Or tomcat will e enabled for all sites on the server? Thanks -- View this message in context: http://www.nabble.com/Tomcat-configuration-on-IIS-7-tp21662975p21662975.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat configuration on IIS 7
Thanks, your post and the link were very helpful. Regards, Raffee Kees de Kooter wrote: Hi Raffee, You should read http://tomcat.apache.org/connectors-doc-archive/jk2/jk/iishowto.html on how to setup the connection between IIS and tomcat. As you will see you have to configure the connection per website in IIS. Cheers, Kees de Kooter http://www.boplicity.net On Mon, Jan 26, 2009 at 11:06, Raffee Parseghian raffee.parsegh...@c-o.com wrote: Hello, We've just installed tomcat on our IIS 7 servers. Is there a way to configure (like enable/disable) Tomcat for certain sites? Like in a hosting environment? Or tomcat will e enabled for all sites on the server? Thanks -- View this message in context: http://www.nabble.com/Tomcat-configuration-on-IIS-7-tp21662975p21662975.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Tomcat-configuration-on-IIS-7-tp21662975p21664505.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
{Solved}: Configuring alternate host and port on Tomcat server - newbie question
Chuck, Thanks for your help. This was exactly what I need. Thanks, Shyam --- On Thu, 1/22/09, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Caldarale, Charles R chuck.caldar...@unisys.com Subject: RE: Configuring alternate host and port on Tomcat server - newbie question To: Tomcat Users List Date: Thursday, January 22, 2009, 5:13 PM From: Shyam Anand [mailto:struts_new...@yahoo.com] Subject: Configuring alternate host and port on Tomcat server - newbie question I would like to configure the second instance to work with a secondary IP/alternate host and port 443 on the same machine. By default, Tomcat listens on IP address 0.0.0.0, meaning every IP address configured for the TCP/IP stack on the system. You'll need to set the address attribute of all Connector elements for each Tomcat to use the specific IP address you want for each one. http://tomcat.apache.org/tomcat-5.5-doc/config/http.html#Standard%20Implementation - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Thread dump analysis
Hi all. I've been investigating why one of our applications (running in Tomcat 5.5.7) suddenly freezes after a variable amount of time (sometimes 10min, sometimes 2 hours). Disclaimer: I'm not the developer of the application, nor do I know the exact details of how stuff is implemented. I know..it sucks. Memory usage looks healthy, but CPU usage goes sky high (mainly caused by the Java Tomcat process). So I made a thread dump and the first thing I noticed was the large amount of TP-ProcessorXX threads, most of them in WAITING state. A small snippet of the thread dump (it's very very big). TP-Processor290 daemon prio=1 tid=0x2aaab47acd30 nid=0x6486 in Object.wait() [0x56ae4000..0x56ae6e10] at java.lang.Object.wait(Native Method) - waiting on 0x2aabadaabff8 (a org.apache.commons.pool.impl.GenericObjectPool) at java.lang.Object.wait(Object.java:474) at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:810) - locked 0x2aabadaabff8 (a org.apache.commons.pool.impl.GenericObjectPool) at org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:96) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880) at org.springframework.orm.hibernate3.LocalDataSourceConnectionProvider.getConnection(LocalDataSourceConnectionProvider.java:81) at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423) at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144) at org.hibernate.jdbc.AbstractBatcher.prepareQueryStatement(AbstractBatcher.java:139) at org.hibernate.loader.Loader.prepareQueryStatement(Loader.java:1547) at org.hibernate.loader.Loader.doQuery(Loader.java:673) My first question is, what is a TP-Processor exactly? Is each client connection to Tomcat being assigned a TP-Processor or am I wrong? Anyway, back to the thread dump itself. There are a lot (read: +100) of those TP-Processor threads in waiting state which mention org.hibernate.blablabla. So my guess is that the freeze is being caused by a database connection pool that is out of open connections, and thus the application those threads are waiting until there is a free one. But for some kind of reason, there is never a free one available, and the application just won't work until Tomcat is restarted. In the assumption that this is the reason for the application to hang, my thread dump decoding knowledge is too limited to be sure what is causing this situation. Is the thread pool just too small, is the application not closing it's connections, and thus running out of connections. I have no idea. Therefor, my second question. TP-Processor290 daemon prio=1 tid=0x2aaab47acd30 nid=0x6486 in Object.wait() [0x56ae4000..0x56ae6e10] at java.lang.Object.wait(Native Method) - waiting on 0x2aabadaabff8 (a org.apache.commons.pool.impl.GenericObjectPool) at java.lang.Object.wait(Object.java:474) at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:810) - locked 0x2aabadaabff8 (a org.apache.commons.pool.impl.GenericObjectPool) Note the line locked 0x2aabadaabff8 and waiting on 0x2aabadaabff8 later on. So first it's locking that thing and then it's waiting on that thing. This same number is coming back in each TP-Processor that is in waiting state. That seems rather weird to me. So I was wondering: a. Is that normal behavior? b. Is there any way to know what the 0x2aabadaabff8 means? My scientific calculator says it's rather an insane number when trying to convert it to decimal. Maybe it's just as easy as it reads: Waiting on 0x0002aabadwhich is a GenericObjectPool. Any help to confirm my supposition will be kindly appreciated. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Thread dump analysis
We spent weeks looking at similar bizarre thread stack dumps. Eventually it turned out to be a GC problem. The JVM will all of a sudden decide to stop large numbers of threads from running (or perhaps it stops one, but that thread happens to be holding a heavily contended lock --- database connection pool and log4j are common candidates). Anyway, take a detailed look at your GC stats. I bet that you will find that the hangups coincide with full GC cycles. It appears based on my experience that the thread dumps you get during one of these episodes are not believable -- they show wacky things like threads waiting on a lock they already hold, multiple threads holding the same lock, and threads waiting on mysterious 'monitors' that appear nowhere else in the stack dump (these I concluded are internal JVM monitors that are used by GC to block threads). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Thread dump analysis
Have you found any java.lang.Thread.State: RUNNABLE threads? They are usually more interesting if it comes to a high cpu :-) Also, as David posted, what is the HEAP usage? it's usually at the end of the dump. regards Leon On Mon, Jan 26, 2009 at 5:37 PM, Pieter Temmerman ptemmerman@sadiel.es wrote: Hi all. I've been investigating why one of our applications (running in Tomcat 5.5.7) suddenly freezes after a variable amount of time (sometimes 10min, sometimes 2 hours). Disclaimer: I'm not the developer of the application, nor do I know the exact details of how stuff is implemented. I know..it sucks. Memory usage looks healthy, but CPU usage goes sky high (mainly caused by the Java Tomcat process). So I made a thread dump and the first thing I noticed was the large amount of TP-ProcessorXX threads, most of them in WAITING state. A small snippet of the thread dump (it's very very big). TP-Processor290 daemon prio=1 tid=0x2aaab47acd30 nid=0x6486 in Object.wait() [0x56ae4000..0x56ae6e10] at java.lang.Object.wait(Native Method) - waiting on 0x2aabadaabff8 (a org.apache.commons.pool.impl.GenericObjectPool) at java.lang.Object.wait(Object.java:474) at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:810) - locked 0x2aabadaabff8 (a org.apache.commons.pool.impl.GenericObjectPool) at org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:96) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880) at org.springframework.orm.hibernate3.LocalDataSourceConnectionProvider.getConnection(LocalDataSourceConnectionProvider.java:81) at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423) at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144) at org.hibernate.jdbc.AbstractBatcher.prepareQueryStatement(AbstractBatcher.java:139) at org.hibernate.loader.Loader.prepareQueryStatement(Loader.java:1547) at org.hibernate.loader.Loader.doQuery(Loader.java:673) My first question is, what is a TP-Processor exactly? Is each client connection to Tomcat being assigned a TP-Processor or am I wrong? Anyway, back to the thread dump itself. There are a lot (read: +100) of those TP-Processor threads in waiting state which mention org.hibernate.blablabla. So my guess is that the freeze is being caused by a database connection pool that is out of open connections, and thus the application those threads are waiting until there is a free one. But for some kind of reason, there is never a free one available, and the application just won't work until Tomcat is restarted. In the assumption that this is the reason for the application to hang, my thread dump decoding knowledge is too limited to be sure what is causing this situation. Is the thread pool just too small, is the application not closing it's connections, and thus running out of connections. I have no idea. Therefor, my second question. TP-Processor290 daemon prio=1 tid=0x2aaab47acd30 nid=0x6486 in Object.wait() [0x56ae4000..0x56ae6e10] at java.lang.Object.wait(Native Method) - waiting on 0x2aabadaabff8 (a org.apache.commons.pool.impl.GenericObjectPool) at java.lang.Object.wait(Object.java:474) at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:810) - locked 0x2aabadaabff8 (a org.apache.commons.pool.impl.GenericObjectPool) Note the line locked 0x2aabadaabff8 and waiting on 0x2aabadaabff8 later on. So first it's locking that thing and then it's waiting on that thing. This same number is coming back in each TP-Processor that is in waiting state. That seems rather weird to me. So I was wondering: a. Is that normal behavior? b. Is there any way to know what the 0x2aabadaabff8 means? My scientific calculator says it's rather an insane number when trying to convert it to decimal. Maybe it's just as easy as it reads: Waiting on 0x0002aabadwhich is a GenericObjectPool. Any help to confirm my supposition will be kindly appreciated. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SECURITY breach in Tomcat
Seems like the infection was related to the loose (default) password of the manager app. I suppose changing that fixed the problem. On Thu, Jan 22, 2009 at 4:26 PM, Toby Kurien tobyis7...@gmail.com wrote: thanks. I only need ROOT and myApp (which is my application). I am the developer, admin, everything. And yes, we moved between physical server racks that actually host Virtual environments. On Thu, Jan 22, 2009 at 3:15 PM, Gregor Schneider rc4...@googlemail.com wrote: Moving servers mean we moved it physically from one box to another. IP and DNS stays the same when we move. Btw: Can I take off all the apps from webapps, except ROOT and myApp? Hacker or virus is probably exploiting some vulnerability in them. As of now, tomcat is running after restarting the whole box, but I am afraid if it will shutdown or crash. box == server-rack? Since I got no idea of your application's structure, I can't give you any advice of what to remove and what to keep. Just that much: ROOT.war ist the default application when you call your server i.e. at www.yourserver.com. Provided myApp.war is a known application, *theoretically* it might be possible that it needs additional apps, if it uses servlet-chaing etc.. It might be helpful if you could post the result of cd [Tomcat-Installation-Directory] dir -s The best method actually would be if you contact the developer of the application(s) hosted, ask them about what they expect within their application-directories and remove the rest. Toby, I'm afraid I'll have to call it a day now, however, since the guys from the US should be about to wake up after yesterday's inauguration-party, I'm pretty sure they will help you to get your feet back on the ground. I'll check the list tomorrow anyways. Good luck! Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Thread dump analysis
From: Pieter Temmerman [mailto:ptemmerman@sadiel.es] Subject: Thread dump analysis Memory usage looks healthy, but CPU usage goes sky high (mainly caused by the Java Tomcat process). If you're truly out of memory, the GC thread(s) may be running almost continuously. However, with modern JVMs (you didn't bother to tell us what JVM you're using, nor what platform you're on), that's a pretty rare occurrence; it's more likely an application thread that's looping. As Leon suggested, look for threads in the runnable state and check the state of the heap. org.apache.commons.dbcp.PoolingDataSource.getConnection(Poolin gDataSource.java:96) This shows that indeed the thread is waiting for a DB connection. Note that the connection pool here is managed by the webapp, not Tomcat; the class names are different for Tomcat. My first question is, what is a TP-Processor exactly? Is each client connection to Tomcat being assigned a TP-Processor or am I wrong? You're not wrong; each request (not client) is handled by a TP-Processor thread. When processing for that request completes, the thread goes back to the thread pool to wait for another request from any client. So my guess is that the freeze is being caused by a database connection pool that is out of open connections You seem to have two symptoms: high CPU usage, and running out of DB connections. It is quite likely the two are related, perhaps the webapp gets in an infinite loop and therefore never releases DB connections back to the pool. Note the line locked 0x2aabadaabff8 and waiting on 0x2aabadaabff8 later on. So first it's locking that thing and then it's waiting on that thing. That thing is just a plain java.lang.Object, which is here serving the purpose of being a synchronization point. Java synchronization semantics require that an object be locked before it can be waited on; the wait() releases the lock until someone other thread calls notify() on that object. Is that normal behavior? Yes. Is there any way to know what the 0x2aabadaabff8 means? It's the virtual address of the object being waited on. Not terribly useful other than as an identifier for the object at a given point in time. The object can move during a garbage collection. You really should move up to something a bit newer than 5.5.7; it's over four years old and lots of bug fixes have gone into the 5.5 line since then. 5.5.27 is the current level for that leg. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat and jsecurity help
Im trying to make tomcat work with my jsecurity setup but Im having some problems. My jsp's are in different folders to make them more organized in sake of security. So I have a main folder called JSP with 3 subfolders in it. So I have 3 security-constraint tags setup depending on the folder I want to access so I have something like: security-constraint web-resource-collection web-resource-nameComun/web-resource-name description accessible by authenticated users of the DB role/description url-pattern/JSP/Comun/*/url-pattern http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint descriptionEste rol tiene accesso limitado/description role-namemanager/role-name role-nameAdministracion/role-name role-nameGerencia/role-name role-nameMedico/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint security-constraint web-resource-collection web-resource-nameAdmin/web-resource-name description accessible by authenticated users of the DB role/description url-pattern/JSP/Admin/*/url-pattern http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint descriptionEste rol tiene accesso limitado/description role-nameAdministracion/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint But this dosent seem to work, first of all the login page is not displayed and everyone seems to have access to the whole app. The if I try security-constraint web-resource-collection web-resource-nameMedPro/web-resource-name description accessible by authenticated users of the DB role/description url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint descriptionEste rol tiene accesso ilimitado/description role-namemanager/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Then I get the login page but only the manager can access, and the rest cant. How can I make it work? Thanks. I have attached a file in case you want to see it more clearly. http://www.nabble.com/file/p21671743/sample.xml sample.xml -- View this message in context: http://www.nabble.com/Tomcat-and-jsecurity-help-tp21671743p21671743.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question abut CometProcessor EventSubType.TIMEOUT semantics
Filip Hanik - Dev Lists wrote: are you able to submit a simple example, and we shall get it taken care of Yes...but only in the parallel universe where I have loads of spare time ;) Realistically it'd be quicker for me to debug the problem in situ and fix it than to create an isolate reproduction case (since that involves creating a client too). One more question before I dive in : what's the 'correct' way for the application to terminate a live Comet request ? That is, suppose the client connects, sends an http request, which we process, then the client does exactly nothing, forever. Unless the server closes the TCP connection, this connection will stay open until the end of time (and that's what I observe practically). How should the application force the closure of the connection ? (possibly the answer is 'send a response to the client which causes it to close', but given the fact that Tomcat never sends anything to the client, that doesn't work). I've tried calling event.close(), and close() on the response stream. Neither seems to have the desired effect. It'd be useful to know the intended behavior of the CometProcessor interface, so I can determine if it's behaving as intended. Right now I don't have a clear definition in my mind of either the intended interface behavior, nor the actual implementation behavior, nor if the two are the same or different. Thanks again for your help. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible for error page from one webapp to direct to another?
removeps-gro...@yahoo.com wrote: Is it possible for error page from one webapp to direct to another? What I'm thinking is: In mywebservice/WEB-INF/web.xml error-page error-code404/error-code location/errors/404.html/location /error-page But I want the error page to be ROOT/errors/404.html Can't have that; error pages are internal to the application. It's this way because there are ways to provide data internally (within Tomcat) from the application to the error page, and this couldn't be guaranteed with an external error page. You might get what you're looking for by placing a JavaScript page-reload kludge on the actual error page, which would then instruct the browser to load the new error page from some other location. It might even be possible to change the error page into a proper HTTP redirect (code 3xx) page, which would make the redirect in a cleaner fashion. -- ..Juha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat and jsecurity help
juanmanuelsanchez wrote: Im trying to make tomcat work with my jsecurity setup but Im having some problems. My jsp's are in different folders to make them more organized in sake of security. So I have a main folder called JSP with 3 subfolders in it. So I have 3 security-constraint tags setup depending on the folder I want to access so I have something like: security-constraint web-resource-collection web-resource-nameComun/web-resource-name description accessible by authenticated users of the DB role/description url-pattern/JSP/Comun/*/url-pattern http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint descriptionEste rol tiene accesso limitado/description role-namemanager/role-name role-nameAdministracion/role-name role-nameGerencia/role-name role-nameMedico/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint security-constraint web-resource-collection web-resource-nameAdmin/web-resource-name description accessible by authenticated users of the DB role/description url-pattern/JSP/Admin/*/url-pattern http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint descriptionEste rol tiene accesso limitado/description role-nameAdministracion/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint But this dosent seem to work, first of all the login page is not displayed and everyone seems to have access to the whole app. The if I try security-constraint web-resource-collection web-resource-nameMedPro/web-resource-name description accessible by authenticated users of the DB role/description url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint descriptionEste rol tiene accesso ilimitado/description role-namemanager/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Then I get the login page but only the manager can access, and the rest cant. So the login page is inside part of the app that has an auth constraint? Not sure if that'll mess things up, but you could try putting it in: /WEB-INF/login/login.jsp /WEB-INF/login/login-error.jsp ... where they'll be safe from prying eyes, but available to the application. What is your Realm config (don't forget to obscure any real passwords)? p How can I make it work? Thanks. I have attached a file in case you want to see it more clearly. http://www.nabble.com/file/p21671743/sample.xml sample.xml - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Unexpected redirect from https to http
I'm working on an application that does redirects to itself. The application is intended to run under https for all pages. However, when the redirect is requested, the resulting URL shown in the browser is http://secureServer/correctDomain/correctPage.jsp This request times out because there is no http listener at secureServer. However, requests directly to a jsp file in that application via https do not get changed to http and work just fine. So the issue only happens during internal redirects. Could this be cert related? Apache or Tomcat config issue? Our setup is as follows... JDK 1.6.06 Tomcat 5.5.15 AJP1.3 Big IP is providing https with a certificate supplied by Verisign Host file on the tomcat server that points all calls to secureServer to the IP Address for Big IP. Big IP is configured to point back to tomcat on port 80 ### AJP Configuration # !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / ### workers.properties configuration # worker.worker_aat.type=ajp13 worker.worker_aat.host=localhost worker.worker_aat.port=8009 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question abut CometProcessor EventSubType.TIMEOUT semantics
David Boreham wrote: Filip Hanik - Dev Lists wrote: are you able to submit a simple example, and we shall get it taken care of Yes...but only in the parallel universe where I have loads of spare time ;) 0.18 like the people helping you for free on the mailing lists? :) Realistically it'd be quicker for me to debug the problem in situ and fix it than to create an isolate reproduction case (since that involves creating a client too). One more question before I dive in : what's the 'correct' way for the application to terminate a live Comet request ? That is, suppose the client connects, sends an http request, which we process, then the client does exactly nothing, forever. Unless the server closes the TCP connection, this connection will stay open until the end of time (and that's what I observe practically). How should the application force the closure of the connection ? (possibly the answer is 'send a response to the client which causes it to close', but given the fact that Tomcat never sends anything to the client, that doesn't work). I've tried calling event.close(), and close() on the response stream. Neither seems to have the desired effect. event.close() during an event is the correct way, that will terminate it. In 6.0.19 you will also be able to call event.close() asynchronously, on a non worker thread It'd be useful to know the intended behavior of the CometProcessor interface, so I can determine if it's behaving as intended. Right now I don't have a clear definition in my mind of either the intended interface behavior, nor the actual implementation behavior, nor if the two are the same or different. before you debug 6.0.18, there are fixes in 6.0.x/trunk that you may want to try out before you dig into the older code base Filip Thanks again for your help. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question abut CometProcessor EventSubType.TIMEOUT semantics
Filip Hanik - Dev Lists wrote: David Boreham wrote: Filip Hanik - Dev Lists wrote: are you able to submit a simple example, and we shall get it taken care of Yes...but only in the parallel universe where I have loads of spare time ;) 0.18 like the people helping you for free on the mailing lists? :) Pretty much. But as I said, I'm willing to debug and fix the code myself. If I wasn't familiar with this kind of code I'd consider making a repro case, but since I am, It's more efficient overall to just fix it in place. event.close() during an event is the correct way, that will terminate it. In 6.0.19 you will also be able to call event.close() asynchronously, on a non worker thread Hmm...I didn't appreciate there were rules about which thread could do what. Obviously I don't have an event, so I'm not in a worker thread. before you debug 6.0.18, there are fixes in 6.0.x/trunk that you may want to try out before you dig into the older code base Ok I'll do that. JBoss folk seem to have made some fixes in this area. Did they fork the code, or are their fixes in the trunk, I wonder ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Running while logged off of Windows WITHOUT using the .exe version of tomcat...
Is there a way to get the OS-neutral zip-file version of tomcat to run under Windows when you are logged off - and stay running if you log in and log off again? I'm not able to run the tomcat5.exe version of tomcat with the Sun Access Manager Agent because I get: ClassNotFoundException: com.sun.identity.agents.tomcat.v55.AmTomcatRealm I googled that and found a link to the erratta saying that the Sun Access Manager Agent won't work with the .exe version of Tomcat: http://docs.sun.com/app/docs/doc/819-2796/gbtgv?a=view So I installed the OS-neutral tomcat zip file and got things working perfectly... until I log off. I set up a scheduled task with login information supplied (as me), it still pops up a window when tomcat starts and Windows still shuts it down when I log out. I tried various combinations of START /B and passing run instead of start as the command to kick off tomcat from startup.bat, but no luck. When I googled tomcat windows service I just seem to get information on the .exe version of tomcat. Any help would be appreciated. I'm using the latest JDK 1.6, Windows 2003 server and Sun Policy Agent 2.2. I've asked the collorary to this question on the SAM Agent forum: is there any way to make the agent work with tomcat5.exe? Hopefully one of these tactics will pan out. -TrombaMarina - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Running while logged off of Windows WITHOUT using the .exe version of tomcat...
From: Glen Peterson [mailto:g...@organicdesign.org] Subject: Running while logged off of Windows WITHOUT using the .exe version of tomcat... Is there a way to get the OS-neutral zip-file version of tomcat to run under Windows when you are logged off - and stay running if you log in and log off again? Don't mess with the SAM Agent - just use the service.bat script in Tomcat's bin directory to install Tomcat as a service. After installation, you can set the service for automatic start, as with any other service. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
HTTP status 404 - Context config
Hi, I'm having trouble setting up a context with jdbc.postgresql (noob). As far as I know the context is fine, but when I have it enabled all pages are returning HTTP Status 404 - *The requested resource () is not available. *My context: Context path=/path docBase=path debug=5 reloadable=true crossContext=true Resource name=jdbc/path auth=Container type=javax.sql.DataSource maxActive=100 maxIdle=10 maxWait=1 username=user password=password driverClassName=org.postgresql.Driver url=jdbc:postgresql:// 123.123.123.123:5432/databasePRODUCTION/ /Context I have placed postgresql-8.3-604.jdbc4.jar in $tomcat/lib/. Tried setting up log4j to help better diagnose the problem, but it's not producing anything useful in the logs. I'm using the log4j example from this page: http://tomcat.apache.org/tomcat-6.0-doc/logging.html Please help! -- Best Regards, Stephen
tomcat 6, ubuntu, mysql connection
Hi all, An external developper sent me a war file to be put in webapps/. Ok, the war was extracted and so on. But that application has toconnect to mysql. My system is Ubuntu 8.10 64-bit, packages only. I have installed (some might be useless) openjdk-6 tomcat-6 What should I put in the server.xml file in order to have the application connection to mySQL? I have all the rights on the mySQL DB server, I know the database to be used. It's my first time with tomcat and I'm not so used with Java (but it's coming... ;)). -- Chef de projet chez Vectoris http://www.google.com/search?q=mihamina+rakotomandimby - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
