XSS vulnerability in Tomcat Host Header

2009-07-22 Thread pankaj jairath

Hello,

I am using Tomcat 6.0.18 and have hit XSS issue, where in tweaked Host 
header containing XSS is processed by the server.  I suppose some 
validation check should be done on the Host value to prevent such an attack.


Appreciate any inputs are to whether this issue has been fixed ?.

regards
Pankaj


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



implement dynamic filter

2009-07-22 Thread lanxiazhi
hello,
I have a web app in tomcat ,where exists some .jsp,.vm files,
these files are saved using different encoding(I think).when requested,some
of them display urgly,garbled.
so I think maybe I can implement such a filter:first read the content of the
file,and* *decide which charset it's saved,and set the ServletResponse's
character encoding accordingly.
Is that possible ? If possible ,how to decide the charset quickly ,without
slowing down the server?
thanks
lanxiazhi


Tomcat6 CentOS runlevel startup issue

2009-07-22 Thread Peter Lokus
Hi list,

I'm running an fresh tomcat 6.0.20 from tomcat.apache.org under /opt/tomcat.
Currently, I'm firing up tomcat with the supplied [startup|shutdown].sh
scripts manually.

Now, tomcat shall start automatically. For this purpose I created a
small script under /etc/init.d/tomcat5:

#!/bin/bash
#
# tomcat5  This shell script takes care of starting and stopping #Tomcat
#

function start() {
echo -n Starting ${TOMCAT_PROG}: 
/opt/tomcat/bin/startup.sh
return $?
}

function stop() {
echo -n Stopping $TOMCAT_PROG: 
/opt/tomcat/bin/shutdown.sh
}

# See how we were called.
case $1 in
start)
start
;;
stop)
stop
;;
restart)
stop
sleep 2
start
;;
*)
echo Usage: $TOMCAT_PROG {start|stop|restart}
exit 1
esac

Symlink'd it to
[r...@int01 init.d]# ln -s /etc/init.d/tomcat5 /etc/rc3.d/S99tomcat5
[r...@int01 init.d]# ln -s /etc/init.d/tomcat5 /etc/rc3.d/K99tomcat5
[r...@int01 init.d]# ln -s /etc/init.d/tomcat5 /etc/rc6.d/K99tomcat5

My script runs with service tomcat5 [start|stop] perfectly.
However, after a reboot tomcat is not reachable through HTTP.


Here is the machine state after a reboot:

[r...@int01 ~]# lsof -i:8080
COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
java2139 root   34u  IPv6   6215   TCP *:webcache (LISTEN)

(I should considering not to run tomcat under root)

[r...@int01 ~]# ps waux | grep 2139
root  2139  1.0  4.5 222744 46860 ?Sl   10:11   0:05
/usr/bin/java
-Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Dappserver.home=/opt/tomcat -Dappserver.base=/opt/tomcat
-Djava.endorsed.dirs=/opt/tomcat/endorsed -classpath
:/opt/tomcat/bin/bootstrap.jar -Dcatalina.base=/opt/tomcat
-Dcatalina.home=/opt/tomcat -Djava.io.tmpdir=/opt/tomcat/temp
org.apache.catalina.startup.Bootstrap start

[r...@int01 ~]# service tomcat5 stop
Stopping : Using CATALINA_BASE:   /opt/tomcat
Using CATALINA_HOME:   /opt/tomcat
Using CATALINA_TMPDIR: /opt/tomcat/temp
Using JRE_HOME:   /usr
Jul 22, 2009 10:20:14 AM org.apache.catalina.startup.Catalina stopServer
SEVERE: Catalina.stop:
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
at
java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
at java.net.Socket.connect(Socket.java:519)
at java.net.Socket.connect(Socket.java:469)
at java.net.Socket.init(Socket.java:366)
at java.net.Socket.init(Socket.java:180)
at
org.apache.catalina.startup.Catalina.stopServer(Catalina.java:422)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:337)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:415)

[r...@int01 ~]# java -version
java version 1.6.0_06
Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
Java HotSpot(TM) Client VM (build 10.0-b22, mixed mode, sharing)


After a kill -9 pid and a service tomcat5 start tomcat is running
as usual.


Something went wrong. Do I need some additional environment variables
for tomcat in my script? Or is it something else?

Thanks in advance.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Can a Realm communicate with a web application?

2009-07-22 Thread Pid

On 21/7/09 23:23, Mitch Claborn wrote:

I am toying with the idea of writing my own Realm for authentication.
Much of the code and structures that I need are already present in the
web application.  Is there any way for the Realm to access Java objects
from the web application?  They don't appear to share the same class loader.

As an alternative is there a mechanism for providing the functionality
of a Realm, but within the web application structure?


You can define the Realm in your context.xml, (which of course you'll be 
configuring in the META-INF dir of your web-app, hint hint).


I think this will load classes from your web-app classloader.


N.B. Check out the localDataSource attribute, if you're also using a 
web-app specific DataSource.


http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#DataSourceRealm

p



Mitch


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Fwd: Is it not possible to install apache-tomcat-6.0.20 with a J2SE 5 JRE: A new development

2009-07-22 Thread Pid

On 22/7/09 04:37, Varuna Seneviratna wrote:

Please read the whole story behind and reply without bulling.I am trying to
figure out what is the cause for not being able to install Tomcat as a
service  when JRun can be .My guess was is Kaspersky blocking Tomcat setup
since Kaspersky prompted for user's approval after clicking Retry several
times, that too was only for a single step as depicted in the installation
progress bar.I stopped Kaspersky and tried to install But that too was
failed.

Thanks for your Help!


Are multiple explanation marks in the README.please-don't?

p



Varuna




2009/7/22 André Warniera...@ice-sa.com


Varuna Seneviratna wrote:
...


Can it be because of Kaspersky setting that I am unable to install Tomcat
service?

  Let me paraphrase this :

During the Tomcat installation, I repeatedly hit my head to the desk. Can
this be the reason that I have a headache ?

Come on, as they say in Minnesota...

:-)




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Wrong SessionID

2009-07-22 Thread Ron McNulty

Hi Uwe

I've seen something very similar when a SAP server was incorrectly 
configured to produce a JSESSIONID cookie that was global to the 
organisation, rather than scoped to the server that produced it. The 
(J2EE13679500) and End parts of the session ID look suspiciously like 
what I saw.


The only fix was to correctly configure the offending server - there is 
nothing Tomcat can do. When a browser has two cookies with the same name in 
scope, the outcome is indeterminate. We found that the wider scoped cookie 
took precedence. I've often thought the name of the JSESSIONID cookie should 
be configurable, but to my knowledge it is hard-coded.


If this is the problem, then it is your client's problem (unless you are 
seeing it from inside your intranet).


Regards

Ron

- Original Message - 
From: Poehner, Uwe uwe.poeh...@siemens.com

To: users@tomcat.apache.org
Sent: Wednesday, July 22, 2009 3:26 AM
Subject: Wrong SessionID


Hello,

our tomcat servers seem to produce very sporadically a wrong JsessionID - 
instead of 58EB1F9C39278DBB72528A13EF026EFB.bsp01
we get (J2EE13679500)ID0574993050DB11991779031281660559End (without a 
dot-jvmroute) so we lose stickyness and our session.


Our environment (Hardware Loadbalancer - 2 Apache Servers - 2 Tomcat 
Servers):

Solaris 10 8/07
Apache/2.2.6 with mod_proxy_ajp, mod_proxy_balancer, ...
Tomcat 5.5.23 with JDK 1.5.0_12-b04

Does anybody have an idea?


Thanks and Regards
 Uwe
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Fwd: Is it not possible to install apache-tomcat-6.0.20 with a J2SE 5 JRE: A new development

2009-07-22 Thread Varuna Seneviratna
Are multiple explanation marks in the README.please-don't?

I don't understand can you please explain

Varuna
2009/7/22 Pid p...@pidster.com

 On 22/7/09 04:37, Varuna Seneviratna wrote:

 Please read the whole story behind and reply without bulling.I am trying
 to
 figure out what is the cause for not being able to install Tomcat as a
 service  when JRun can be .My guess was is Kaspersky blocking Tomcat setup
 since Kaspersky prompted for user's approval after clicking Retry several
 times, that too was only for a single step as depicted in the installation
 progress bar.I stopped Kaspersky and tried to install But that too was
 failed.

 Thanks for your Help!


 Are multiple explanation marks in the README.please-don't?


 p


  Varuna




 2009/7/22 André Warniera...@ice-sa.com

  Varuna Seneviratna wrote:
 ...

  Can it be because of Kaspersky setting that I am unable to install
 Tomcat
 service?

  Let me paraphrase this :

 During the Tomcat installation, I repeatedly hit my head to the desk.
 Can
 this be the reason that I have a headache ?

 Come on, as they say in Minnesota...

 :-)




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org






 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
Kind Regards Varuna

Varuna Seneviratna
No 514 Udumulla Road
Battaramulla
Sri Lanka
Tel : 011-2888620
Mobile:0715617141


Re: Configuring worker MPM for Tomcat

2009-07-22 Thread KK CHN
MPM  multi processing modules are features of   apache webserver not of
Apache-Tomcat.

 There are differnent  MPM modules  default  Prefork in Linux/unix,  but for
more simultaneous connectionsyou need to recompile apache webserver with
Worker MPM  its not a feature of Tomcat .


On Tue, Jul 21, 2009 at 3:15 PM, Anand Kumar Prabhakar
anand2...@gmail.comwrote:


 I'm trying to configure worker MPM for the first time. So i need the steps
 to
 configure them. Can't we implement worker MPM in tomcat server?

 --
 View this message in context:
 http://www.nabble.com/Configuring-worker-MPM-for-Tomcat-tp24582105p24584637.html
 Sent from the Tomcat - User mailing list archive at Nabble.com.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Application Period for Travel Assistance to ApacheCon US 2009 Opens Soon

2009-07-22 Thread Mark Thomas
The Travel Assistance Committee is taking in applications for those wanting
to attend ApacheCon US 2009 (Oakland) which takes place between the 2nd and
6th November 2009.

The Travel Assistance Committee is looking for people who would like to be
able to attend ApacheCon US 2009 who may need some financial support in
order to get there. There are limited places available, and all applications
will be scored on their individual merit. Applications are open to all open
source developers who feel that their attendance would benefit themselves,
their project(s), the ASF and open source in general.

Financial assistance is available for flights, accommodation, subsistence
and Conference fees either in full or in part, depending on circumstances.
It is intended that all our ApacheCon events are covered, so it may be
prudent for those in Europe and/or Asia to wait until an event closer to
them comes up - you are all welcome to apply for ApacheCon US of course, but
there should be compelling reasons for you to attend an event further away
that your home location for your application to be considered above those
closer to the event location.

More information can be found on the main Apache website at
http://www.apache.org/travel/index.html - where you will also find a link to
the online application and details for submitting.

Applications for applying for travel assistance will open on 27th July 2009
and close of the 17th August 2009.

Good luck to all those that will apply.

Regards,

The Travel Assistance Committee

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



tomcat process not closing from operating system level

2009-07-22 Thread santosh.singh
Hi
 
The problem is that when tomcat starts this process exists but after
shutting down the tomcat still this process is existing at operating
system level and in this way after many times tomcat startup and
shutdown many processes as same below showing and due to that JDBC
sessions from Oracle database level is not closing. Manually when we use
to kill those sessions, immediately JDBC sessions closed.
 
 
tomcat   24453 1  2 16:11 pts/400:00:23
/opt/java1.5/jdk1.5.0_10/bin/java
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.endorsed.dirs=/opt/jakarta-tomcat-5.5.9/common/endorsed
-classpath
:/opt/jakarta-tomcat-5.5.9/bin/bootstrap.jar:/opt/jakarta-tomcat-5.5.9/b
in/commons-logging-api.jar -Dcatalina.base=/opt/jakarta-tomcat-5.5.9
-Dcatalina.home=/opt/jakarta-tomcat-5.5.9
-Djava.io.tmpdir=/opt/jakarta-tomcat-5.5.9/temp
org.apache.catalina.startup.Bootstrap start
 
tomcat   24454 1  0 16:11 pts/400:00:00 /usr/local/sbin/cronolog
/opt/jakarta-tomcat-5.5.9/logs/catalina.out.%Y-%m-%d
 
Operating System   --- RHEL 4
Default web server with OS  ---  jakarta-tomcat-5.5.9
Default Java--- JAVA 1.5
Database--- Oracle 10.2.0.4.0

 
Regards
Santosh
**
This message and any attachments are solely for the intended recipient and may 
contain Birlasoft confidential or privileged information. If you are not the 
intended recipient,any disclosure,copying, use, or distribution of the 
information included in this message and any attachments is 
prohibited. If you have received this communication in error, please notify us 
by reply e-mail(administra...@birlasoft.com) immediately and permanently delete 
this message and any attachments. Thank you.
**


Editing startup.sh - help

2009-07-22 Thread alee amin
I am trying to add the following option for tomcat startup in startup.sh
file
JAVA_OPTS=$JAVA_OPTS:
-Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false

It's added at line # 36 of startup.sh and then i run the tomcat from
terminal by issuing ./startup.sh command. and it gives me error
-Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false Command not
found


The same thing i did in startup.bat under windows environment and it worked
fine. Is there any other way to edit startup.sh file? or what i am doing
wrong?

Thanks
..alee
http://techboard.wordpress.com


some processes are not closing from operating system level even after shutting down the tomcat.

2009-07-22 Thread santosh.singh
Hi

tomcat   24453 1  2 16:11 pts/400:00:23
/opt/java1.5/jdk1.5.0_10/bin/java
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.endorsed.dirs=/opt/jakarta-tomcat-5.5.9/common/endorsed
-classpath
:/opt/jakarta-tomcat-5.5.9/bin/bootstrap.jar:/opt/jakarta-tomcat-5.5.9/b
in/commons-logging-api.jar -Dcatalina.base=/opt/jakarta-tomcat-5.5.9
-Dcatalina.home=/opt/jakarta-tomcat-5.5.9
-Djava.io.tmpdir=/opt/jakarta-tomcat-5.5.9/temp
org.apache.catalina.startup.Bootstrap start


tomcat   24454 1  0 16:11 pts/400:00:00 /usr/local/sbin/cronolog
/opt/jakarta-tomcat-5.5.9/logs/catalina.out.%Y-%m-%d

 
Above 2 processes are not closing from operating system level even after
shutting down the tomcat.

Operating System --- RHEL 4

Default web server with OS --- jakarta-tomcat-5.5.9

Default Java --- JAVA 1.5

Database --- Oracle 10.2.0.4.0

Regards

Santosh

**
This message and any attachments are solely for the intended recipient and may 
contain Birlasoft confidential or privileged information. If you are not the 
intended recipient,any disclosure,copying, use, or distribution of the 
information included in this message and any attachments is 
prohibited. If you have received this communication in error, please notify us 
by reply e-mail(administra...@birlasoft.com) immediately and permanently delete 
this message and any attachments. Thank you.
**


RE: Configuring worker MPM for Tomcat

2009-07-22 Thread Martin Gainty

if your long range goal is to use a performant multi-thread based configuration 
with the proviso that once set on the path you need to ensure all of Apache 
modules and binaries use multi-threaded libraries 
assuming you have apache-2.2.11 the --with-mpm=worker will deliver the worker 
based apache binaries you seek
./configure --enable-mods-shared=all --prefix=$HOME/webapps/(Application 
Name)/apache2 --with-mpm=worker
make
make install
a good tutorial is located here
http://forum.webfaction.com/viewtopic.php?id=1113

Martin Gainty 
__ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
 
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.




 Date: Wed, 22 Jul 2009 15:41:10 +0530
 Subject: Re: Configuring worker MPM for Tomcat
 From: kkchn...@gmail.com
 To: users@tomcat.apache.org
 
 MPM  multi processing modules are features of   apache webserver not of
 Apache-Tomcat.
 
  There are differnent  MPM modules  default  Prefork in Linux/unix,  but for
 more simultaneous connectionsyou need to recompile apache webserver with
 Worker MPM  its not a feature of Tomcat .
 
 
 On Tue, Jul 21, 2009 at 3:15 PM, Anand Kumar Prabhakar
 anand2...@gmail.comwrote:
 
 
  I'm trying to configure worker MPM for the first time. So i need the steps
  to
  configure them. Can't we implement worker MPM in tomcat server?
 
  --
  View this message in context:
  http://www.nabble.com/Configuring-worker-MPM-for-Tomcat-tp24582105p24584637.html
  Sent from the Tomcat - User mailing list archive at Nabble.com.
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

_
Windows Live™ SkyDrive™: Store, access, and share your photos. See how.
http://windowslive.com/Online/SkyDrive?ocid=TXT_TAGLM_WL_CS_SD_photos_072009

Re: some processes are not closing from operating system level even after shutting down the tomcat.

2009-07-22 Thread David Smith
The default answer is to check your webapps for non-daemon threads not
properly closed by the webapp.  Some webapp has created it's own
non-daemon threads without a ServletContextListener to close them down. 
Let ups know if that's not the case.

--David

santosh.si...@birlasoft.com wrote:
 Hi

 tomcat   24453 1  2 16:11 pts/400:00:23
 /opt/java1.5/jdk1.5.0_10/bin/java
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
 -Djava.endorsed.dirs=/opt/jakarta-tomcat-5.5.9/common/endorsed
 -classpath
 :/opt/jakarta-tomcat-5.5.9/bin/bootstrap.jar:/opt/jakarta-tomcat-5.5.9/b
 in/commons-logging-api.jar -Dcatalina.base=/opt/jakarta-tomcat-5.5.9
 -Dcatalina.home=/opt/jakarta-tomcat-5.5.9
 -Djava.io.tmpdir=/opt/jakarta-tomcat-5.5.9/temp
 org.apache.catalina.startup.Bootstrap start


 tomcat   24454 1  0 16:11 pts/400:00:00 /usr/local/sbin/cronolog
 /opt/jakarta-tomcat-5.5.9/logs/catalina.out.%Y-%m-%d

  
 Above 2 processes are not closing from operating system level even after
 shutting down the tomcat.

 Operating System --- RHEL 4

 Default web server with OS --- jakarta-tomcat-5.5.9

 Default Java --- JAVA 1.5

 Database --- Oracle 10.2.0.4.0

 Regards

 Santosh

   


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Fwd: Is it not possible to install apache-tomcat-6.0.20 with a J2SE 5 JRE: A new development

2009-07-22 Thread André Warnier

Varuna,

I am not trying to bully you or anything of the kind.
I have been watching this thread as a spectator, and I was just trying 
to convey to you the following :

There are people here trying to help you, for free.
To be able to do that, they need, at least :
- that you provide all relevant information
- that when they ask a question, you answer the question
This anti-virus thing was valuable information, and it may be at the 
bottom of your problems.  But it took about 10 posts before you 
mentioned these messages, thus leading several would-be helpers into 
probably bad directions.
Similarly, it looks a bit like every item of information has to be 
pulled out of you bit by bit.

In other words, much of your pain looks self-inflicted.

That was the sense of my comment.  Which, I admit, was made in a rather 
sarcastic way, for which I apologise if it shocked you.


Now, to redeem myself, here are my suggestions :

- turn off any anti-virus or similar software that might be running
- de-install whatever Tomcat software you have installed, using the 
installer/deinstaller package
- verify that you do not have any remainders anywhere of these 
installations (in the Windows Services display, in the disk directory 
where you installed Tomcat, and in the Start.. Settings.. System 
..Software dialog).


When everything is clean :

- download the zip version of Tomcat for Windows, from the Tomcat website.
- unzip it in a directory.  I suggest a sensible directory name, without 
spaces in the name, like c:\tomcat6.
This is now your CATALINA_HOME directory (and also, by default, your 
CATALINA_BASE directory). Remember this, it is important.
- in the directory CATALINA_HOME/bin, you will then find a script called 
startup.bat.  Open a command window, navigate to that directory, and 
run that script.

This should start Tomcat, interactively, in that command window.
This is only to verify that nothing else is wrong on your system to run 
Tomcat (like available ports, etc..).
- you should now be able to access Tomcat with a browser, at 
http://localhost:8080;

- to stop Tomcat, type CTRL-C in the command window.

Once you have done the above, then you can try to install Tomcat as a 
service.

For that, run the script CATALINA_HOME/bin/service.bat install
(you can also edit this script, to see what it is doing)

When you have run this script, you will have essentially done the same 
as what the exe installer package for Tomcat is doing.  But you will 
have much more control and understanding of what is going on, and where 
things may get stuck.


You should now be able to start and stop Tomcat using the commands
net start tomcat6
net stop tomcat6
(the name tomcat6 above to be replaced by the correct Windows Service 
name for Tomcat)

or by using My Computer..Manage..Services and Applications)

If you want, you can then remove the Tomcat service again, by running 
service.bat remove, and try again to install the whole thing from the 
exe installer version.


Additional information, harder to find in the on-line documentation :

- the tomcat6.exe program that comes with the Windows version of 
Tomcat, is a Windows Service wrapper for Tomcat.  It is there because 
the JVM, on its own, does not handle very well the requirements of 
Windows Services.
So, when later you run Tomcat, you are really running tomcat6.exe, 
which in turn starts the JVM, which in turn runs Tomcat.
This tomcat6.exe wrapper, in order to know which JVM to use with which 
parameters, takes these parameters from the Windows Registry.

How do they get there ? that is the next section.

- There is another program in the CATALINA_HOME/bin directory, named 
tomcat6w.exe (the same name as before, with a w at the end).
The tomcat6w.exe is a GUI setup program, whose role is to set up the 
appropriate parameters in the Windows Registry, so that tomcat6.exe 
can later find them.  You can run tomcat6w.exe by clicking on it, and 
you will get a window that shows you how to proceed.


Basically, the service.bat script, invokes this tomcat6w.exe in 
command-line mode, and tells it what to do.





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Editing startup.sh - help

2009-07-22 Thread David Smith
Probably there needed to be a \ line continuation above the line you
added.  Additionally I believe this stuff should find it's way into a
separate setenv.sh file instead of editing startup.sh.

--David

alee amin wrote:
 I am trying to add the following option for tomcat startup in startup.sh
 file
 JAVA_OPTS=$JAVA_OPTS:
 -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false

 It's added at line # 36 of startup.sh and then i run the tomcat from
 terminal by issuing ./startup.sh command. and it gives me error
 -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false Command not
 found


 The same thing i did in startup.bat under windows environment and it worked
 fine. Is there any other way to edit startup.sh file? or what i am doing
 wrong?

 Thanks
 ..alee
 http://techboard.wordpress.com

   


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: implement dynamic filter

2009-07-22 Thread Caldarale, Charles R
 From: lanxiazhi [mailto:lanxia...@gmail.com]
 Subject: implement dynamic filter
 
 I have a web app in tomcat ,where exists some .jsp,.vm files,
 these files are saved using different encoding(I think).

Why don't you simply fix the encoding the files are stored in?  Use UTF-8 to 
avoid never-ending problems.  Your idea of using a filter at run-time to 
correct sloppy deployments is akin to the kludges in Internet Explorer - a 
continual source of trouble.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.



Re: Tomcat6 CentOS runlevel startup issue

2009-07-22 Thread Mark Shifman
You need to add lines like this to the init script.
http://www.linuxjournal.com/article/4445
# chkconfig: 345 80 20
# description: Tomcat 6.0
so it knows to start on reboot.

You also may want to use jsvc to start and stop tomcat instead of
 [startup|shutdown].sh
http://tomcat.apache.org/tomcat-6.0-doc/setup.html
this allows you to run tomcat as another user.
Example scripts are included in TOMCAT_HOME/bin/jsvc.tar.gz
mas
Peter Lokus wrote:
 Hi list,
 
 I'm running an fresh tomcat 6.0.20 from tomcat.apache.org under /opt/tomcat.
 Currently, I'm firing up tomcat with the supplied [startup|shutdown].sh
 scripts manually.
 
 Now, tomcat shall start automatically. For this purpose I created a
 small script under /etc/init.d/tomcat5:
 
 #!/bin/bash
 #
 # tomcat5  This shell script takes care of starting and stopping #Tomcat
 #
 
 function start() {
 echo -n Starting ${TOMCAT_PROG}: 
 /opt/tomcat/bin/startup.sh
 return $?
 }
 
 function stop() {
 echo -n Stopping $TOMCAT_PROG: 
 /opt/tomcat/bin/shutdown.sh
 }
 
 # See how we were called.
 case $1 in
 start)
 start
 ;;
 stop)
 stop
 ;;
 restart)
 stop
 sleep 2
 start
 ;;
 *)
 echo Usage: $TOMCAT_PROG {start|stop|restart}
 exit 1
 esac
 
 Symlink'd it to
 [r...@int01 init.d]# ln -s /etc/init.d/tomcat5 /etc/rc3.d/S99tomcat5
 [r...@int01 init.d]# ln -s /etc/init.d/tomcat5 /etc/rc3.d/K99tomcat5
 [r...@int01 init.d]# ln -s /etc/init.d/tomcat5 /etc/rc6.d/K99tomcat5
 
 My script runs with service tomcat5 [start|stop] perfectly.
 However, after a reboot tomcat is not reachable through HTTP.
 
 
 Here is the machine state after a reboot:
 
 [r...@int01 ~]# lsof -i:8080
 COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
 java2139 root   34u  IPv6   6215   TCP *:webcache (LISTEN)
 
 (I should considering not to run tomcat under root)
 
 [r...@int01 ~]# ps waux | grep 2139
 root  2139  1.0  4.5 222744 46860 ?Sl   10:11   0:05
 /usr/bin/java
 -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
 -Dappserver.home=/opt/tomcat -Dappserver.base=/opt/tomcat
 -Djava.endorsed.dirs=/opt/tomcat/endorsed -classpath
 :/opt/tomcat/bin/bootstrap.jar -Dcatalina.base=/opt/tomcat
 -Dcatalina.home=/opt/tomcat -Djava.io.tmpdir=/opt/tomcat/temp
 org.apache.catalina.startup.Bootstrap start
 
 [r...@int01 ~]# service tomcat5 stop
 Stopping : Using CATALINA_BASE:   /opt/tomcat
 Using CATALINA_HOME:   /opt/tomcat
 Using CATALINA_TMPDIR: /opt/tomcat/temp
 Using JRE_HOME:   /usr
 Jul 22, 2009 10:20:14 AM org.apache.catalina.startup.Catalina stopServer
 SEVERE: Catalina.stop:
 java.net.ConnectException: Connection refused
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
 at
 java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
 at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
 at java.net.Socket.connect(Socket.java:519)
 at java.net.Socket.connect(Socket.java:469)
 at java.net.Socket.init(Socket.java:366)
 at java.net.Socket.init(Socket.java:180)
 at
 org.apache.catalina.startup.Catalina.stopServer(Catalina.java:422)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at
 org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:337)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:415)
 
 [r...@int01 ~]# java -version
 java version 1.6.0_06
 Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
 Java HotSpot(TM) Client VM (build 10.0-b22, mixed mode, sharing)
 
 
 After a kill -9 pid and a service tomcat5 start tomcat is running
 as usual.
 
 
 Something went wrong. Do I need some additional environment variables
 for tomcat in my script? Or is it something else?
 
 Thanks in advance.
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 

-- 
 Mark Shifman MD. Ph.D.
 Yale Center for Medical Informatics
 Phone (203)737-5219
 mark.shif...@yale.edu

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat6 CentOS runlevel startup issue

2009-07-22 Thread David Smith
My first thought is it's starting too early but that doesn't make a lot
of sense when it's symlinked to S99tomcat5, making it one of the last
services to start.  What's in tomcat's logs/catalina.out from the
attempted start?

--David

Peter Lokus wrote:
 Hi list,

 I'm running an fresh tomcat 6.0.20 from tomcat.apache.org under /opt/tomcat.
 Currently, I'm firing up tomcat with the supplied [startup|shutdown].sh
 scripts manually.

 Now, tomcat shall start automatically. For this purpose I created a
 small script under /etc/init.d/tomcat5:

 #!/bin/bash
 #
 # tomcat5  This shell script takes care of starting and stopping #Tomcat
 #

 function start() {
 echo -n Starting ${TOMCAT_PROG}: 
 /opt/tomcat/bin/startup.sh
 return $?
 }

 function stop() {
 echo -n Stopping $TOMCAT_PROG: 
 /opt/tomcat/bin/shutdown.sh
 }

 # See how we were called.
 case $1 in
 start)
 start
 ;;
 stop)
 stop
 ;;
 restart)
 stop
 sleep 2
 start
 ;;
 *)
 echo Usage: $TOMCAT_PROG {start|stop|restart}
 exit 1
 esac

 Symlink'd it to
 [r...@int01 init.d]# ln -s /etc/init.d/tomcat5 /etc/rc3.d/S99tomcat5
 [r...@int01 init.d]# ln -s /etc/init.d/tomcat5 /etc/rc3.d/K99tomcat5
 [r...@int01 init.d]# ln -s /etc/init.d/tomcat5 /etc/rc6.d/K99tomcat5

 My script runs with service tomcat5 [start|stop] perfectly.
 However, after a reboot tomcat is not reachable through HTTP.


 Here is the machine state after a reboot:

 [r...@int01 ~]# lsof -i:8080
 COMMAND  PID USER   FD   TYPE DEVICE SIZE NODE NAME
 java2139 root   34u  IPv6   6215   TCP *:webcache (LISTEN)

 (I should considering not to run tomcat under root)

 [r...@int01 ~]# ps waux | grep 2139
 root  2139  1.0  4.5 222744 46860 ?Sl   10:11   0:05
 /usr/bin/java
 -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties
 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
 -Dappserver.home=/opt/tomcat -Dappserver.base=/opt/tomcat
 -Djava.endorsed.dirs=/opt/tomcat/endorsed -classpath
 :/opt/tomcat/bin/bootstrap.jar -Dcatalina.base=/opt/tomcat
 -Dcatalina.home=/opt/tomcat -Djava.io.tmpdir=/opt/tomcat/temp
 org.apache.catalina.startup.Bootstrap start

 [r...@int01 ~]# service tomcat5 stop
 Stopping : Using CATALINA_BASE:   /opt/tomcat
 Using CATALINA_HOME:   /opt/tomcat
 Using CATALINA_TMPDIR: /opt/tomcat/temp
 Using JRE_HOME:   /usr
 Jul 22, 2009 10:20:14 AM org.apache.catalina.startup.Catalina stopServer
 SEVERE: Catalina.stop:
 java.net.ConnectException: Connection refused
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
 at
 java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195)
 at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182)
 at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366)
 at java.net.Socket.connect(Socket.java:519)
 at java.net.Socket.connect(Socket.java:469)
 at java.net.Socket.init(Socket.java:366)
 at java.net.Socket.init(Socket.java:180)
 at
 org.apache.catalina.startup.Catalina.stopServer(Catalina.java:422)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at
 org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:337)
 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:415)

 [r...@int01 ~]# java -version
 java version 1.6.0_06
 Java(TM) SE Runtime Environment (build 1.6.0_06-b02)
 Java HotSpot(TM) Client VM (build 10.0-b22, mixed mode, sharing)


 After a kill -9 pid and a service tomcat5 start tomcat is running
 as usual.


 Something went wrong. Do I need some additional environment variables
 for tomcat in my script? Or is it something else?

 Thanks in advance.

   


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: XSS vulnerability in Tomcat Host Header

2009-07-22 Thread Mark Thomas
pankaj jairath wrote:
 Hello,
 
 I am using Tomcat 6.0.18 and have hit XSS issue, where in tweaked Host
 header containing XSS is processed by the server.  I suppose some
 validation check should be done on the Host value to prevent such an
 attack.
 
 Appreciate any inputs are to whether this issue has been fixed ?.

You'll need to provide more details. Nothing stands out from the security pages.

Please provide step by step instructions to reproduce from a clean Tomcat
installation.

Please also note that potential security vulnerabilities should be reported
privately (see http://tomcat.apache.org/security.html), rather than to a public
list. Since you have posted to a public list, there is no point continuing in
private.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Fwd: Is it not possible to install apache-tomcat-6.0.20 with a J2SE 5 JRE: A new development

2009-07-22 Thread David kerber

André Warnier wrote:

...


Now, to redeem myself, here are my suggestions :

- turn off any anti-virus or similar software that might be running
- de-install whatever Tomcat software you have installed, using the 
installer/deinstaller package
- verify that you do not have any remainders anywhere of these 
installations (in the Windows Services display, in the disk 
directory where you installed Tomcat, and in the Start.. Settings.. 
System ..Software dialog).


When everything is clean :

- download the zip version of Tomcat for Windows, from the Tomcat 
website.
- unzip it in a directory.  I suggest a sensible directory name, 
without spaces in the name, like c:\tomcat6.
This is now your CATALINA_HOME directory (and also, by default, your 
CATALINA_BASE directory). Remember this, it is important.
- in the directory CATALINA_HOME/bin, you will then find a script 
called startup.bat.  Open a command window, navigate to that 
directory, and run that script.

This should start Tomcat, interactively, in that command window.
This is only to verify that nothing else is wrong on your system to 
run Tomcat (like available ports, etc..).
- you should now be able to access Tomcat with a browser, at 
http://localhost:8080;

- to stop Tomcat, type CTRL-C in the command window.

Once you have done the above, then you can try to install Tomcat as a 
service.

For that, run the script CATALINA_HOME/bin/service.bat install
(you can also edit this script, to see what it is doing)

When you have run this script, you will have essentially done the same 
as what the exe installer package for Tomcat is doing.  But you will 
have much more control and understanding of what is going on, and 
where things may get stuck.


You should now be able to start and stop Tomcat using the commands
net start tomcat6
net stop tomcat6
(the name tomcat6 above to be replaced by the correct Windows 
Service name for Tomcat)

or by using My Computer..Manage..Services and Applications)

If you want, you can then remove the Tomcat service again, by running 
service.bat remove, and try again to install the whole thing from 
the exe installer version.


Additional information, harder to find in the on-line documentation :

- the tomcat6.exe program that comes with the Windows version of 
Tomcat, is a Windows Service wrapper for Tomcat.  It is there 
because the JVM, on its own, does not handle very well the 
requirements of Windows Services.
So, when later you run Tomcat, you are really running tomcat6.exe, 
which in turn starts the JVM, which in turn runs Tomcat.
This tomcat6.exe wrapper, in order to know which JVM to use with 
which parameters, takes these parameters from the Windows Registry.

How do they get there ? that is the next section.

- There is another program in the CATALINA_HOME/bin directory, named 
tomcat6w.exe (the same name as before, with a w at the end).
The tomcat6w.exe is a GUI setup program, whose role is to set up the 
appropriate parameters in the Windows Registry, so that tomcat6.exe 
can later find them.  You can run tomcat6w.exe by clicking on it, 
and you will get a window that shows you how to proceed.


Basically, the service.bat script, invokes this tomcat6w.exe in 
command-line mode, and tells it what to do.
And that, friends, is the best quick start summary for setting up 
tomcat I've ever seen.  It took me weeks to put together in my mind all 
the pieces that Andre' just presented to you on a platter!!  How about 
putting it into the docs or some other very visible location...


D



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: implement dynamic filter

2009-07-22 Thread André Warnier

lanxiazhi wrote:

hello,
I have a web app in tomcat ,where exists some .jsp,.vm files,
these files are saved using different encoding(I think).when requested,some
of them display urgly,garbled.
so I think maybe I can implement such a filter:first read the content of the
file,and* *decide which charset it's saved,and set the ServletResponse's
character encoding accordingly.
Is that possible ? If possible ,how to decide the charset quickly ,without
slowing down the server?
thanks
lanxiazhi



Answering your last question first : that is close to impossible.
It is not even the question of slowing down the server, it is really 
that detecting the charset is not possible in a number of cases.

Very shortly :
- it is is usually possible to detect if a given file is valid UTF-8 or not.
- but it is not possible to decide if a file encoded in an 8-bit 
alphabet (such as iso-8859-1) is iso-8859-1 or iso-8859-2 or any other 
8-bit character set (because they all use bytes with a value between 
\x00 and \xFF, so how can you decide ?).


Given this, your best bet is to correct the problem at the source :
Any text file, in any original encoding, can be converted to 
UTF-8/Unicode.  So clean up the original files, and always send them 
back as UTF-8.  All reasonably recent browsers support that.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: XSS vulnerability in Tomcat Host Header

2009-07-22 Thread Rémy Maucherat
On Wed, Jul 22, 2009 at 2:37 PM, Mark Thomasma...@apache.org wrote:
 You'll need to provide more details. Nothing stands out from the security 
 pages.

 Please provide step by step instructions to reproduce from a clean Tomcat
 installation.

 Please also note that potential security vulnerabilities should be reported
 privately (see http://tomcat.apache.org/security.html), rather than to a 
 public
 list. Since you have posted to a public list, there is no point continuing in
 private.

I don't think the host is used in HTML generated by Tomcat. OTOH, like
the other strings returned by the API, ServletRequest.getServerName is
not XSS filtered.

Rémy

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Editing startup.sh - help

2009-07-22 Thread Konstantin Kolinko
I agree with what David writes below, and in addition
1. There should be no : after $JAVA_OPTS.  It is not a classpath.
2. The preferred way is create a setenv.sh file, either in
$CATALINA_BASE\bin or in $CATALINA_HOME\bin
3. For setting these properties there is an easier way: add the following line
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false
to the catalina.properties file


Best regards,
Konstantin Kolinko

2009/7/22 David Smith d...@cornell.edu:
 Probably there needed to be a \ line continuation above the line you
 added.  Additionally I believe this stuff should find it's way into a
 separate setenv.sh file instead of editing startup.sh.

 --David

 alee amin wrote:
 I am trying to add the following option for tomcat startup in startup.sh
 file
 JAVA_OPTS=$JAVA_OPTS:
 -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false

 It's added at line # 36 of startup.sh and then i run the tomcat from
 terminal by issuing ./startup.sh command. and it gives me error
 -Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false Command not
 found


 The same thing i did in startup.bat under windows environment and it worked
 fine. Is there any other way to edit startup.sh file? or what i am doing
 wrong?

 Thanks
 ..alee
 http://techboard.wordpress.com




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Editing startup.sh - help

2009-07-22 Thread alee amin
thanks guys. it worked like charm :)
..alee
http://techboard.wordpress.com



On Wed, Jul 22, 2009 at 6:53 PM, Konstantin Kolinko
knst.koli...@gmail.comwrote:

 org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false



Application Context (and/or) SERVICE element load orders when starting Tomcat 5/6.

2009-07-22 Thread JeanNiBee

Hi

I have two application contexts, /RAM and /UO.

OU needs to have RAM running before it can do anything as I have startup
code (Fired during init of my servlet) in UO that needs to access RAM.

The problem I have is that when I do startup the Tomcat container, the
minute my 'init code' get's executed in UO, it locks the whole container
mainly because it's using HTTP calls to RAM to access it's information
(which hasn't started up yet).

Classic (as I see it) chicken and the egg scenario, UO can't start because
RAM isn't started and the whole container is locking HTTP connections
because all the app contexts aren't started.

Is there any way that I can have these two application contexts exist
peacefully without causing this condition? Can I force the load order of app
contexts (though using multiple service setups in the server.xml?

Or am I looking at having (and due to business reasons this is 'almost' not
a solution) two installations of tomcat each managing one of the apps.

Note: 
I have tried the following.

1. Ping servlet in UO that pings RAM And sleeps for X seconds until RAM is
running. After 5 tries and 2 mintues (10x more than RAM needs in a normal
situation to start) I call destroy on the servlet and kill the startup
process. Running on the same container / servlet actually causes the LOCK on
the very first HTTP ping to RAM and a subsequent stopping of Tomcat load
altogether (system.exit call)
2. Two Service configuration elements in the server.xml each managing it's
own resources. This option worked better as UO would ping / sleep
successfully for its' configured iterations, but RAM would never be started
until UO was finished it's tries. If I left the 'die' code in UO then of
course nothing loaded (as mentioned abovein point #1), but if I took out the
die code, RAM loaded AFTER UO no problem. I would LOVE UO to be last if
possible.

It seems I can never get RAM to load before UO. (or at least let it keep
loading while UO sleeps on it's ping requests.

Thanks.

-- 
View this message in context: 
http://www.nabble.com/Application-Context-%28and-or%29-%3CSERVICE%3E-element-load-orders-when-starting-Tomcat-5-6.-tp24606540p24606540.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Wrong SessionID

2009-07-22 Thread Mark Thomas
Ron McNulty wrote:
 The only fix was to correctly configure the offending server - there is
 nothing Tomcat can do. When a browser has two cookies with the same name
 in scope, the outcome is indeterminate. We found that the wider scoped
 cookie took precedence. I've often thought the name of the JSESSIONID
 cookie should be configurable, but to my knowledge it is hard-coded.

As of 6.0.19 it is configurable.

http://tomcat.apache.org/tomcat-6.0-doc/config/systemprops.html

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Fwd: Is it not possible to install apache-tomcat-6.0.20 with a J2SE 5 JRE: A new development

2009-07-22 Thread Mark Thomas
David kerber wrote:

 And that, friends, is the best quick start summary for setting up
 tomcat I've ever seen.  It took me weeks to put together in my mind all
 the pieces that Andre' just presented to you on a platter!!  How about
 putting it into the docs or some other very visible location...

Patches to the docs are always welcome. There is also the wiki that anyone can 
edit.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: XSS vulnerability in Tomcat Host Header

2009-07-22 Thread Konstantin Kolinko
2009/7/22 Rémy Maucherat remy.mauche...@gmail.com:
 On Wed, Jul 22, 2009 at 2:37 PM, Mark Thomasma...@apache.org wrote:
 You'll need to provide more details. Nothing stands out from the security 
 pages.

 Please provide step by step instructions to reproduce from a clean Tomcat
 installation.

 Please also note that potential security vulnerabilities should be reported
 privately (see http://tomcat.apache.org/security.html), rather than to a 
 public
 list. Since you have posted to a public list, there is no point continuing in
 private.

 I don't think the host is used in HTML generated by Tomcat. OTOH, like
 the other strings returned by the API, ServletRequest.getServerName is
 not XSS filtered.


At least, if there are concerns about that, there is a workaround:

you can specify proxyName  attribute on a Connector element in server.xml

In that case the one that is in request will be ignored.

Documentation is here:
http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
http://tomcat.apache.org/tomcat-6.0-doc/config/ajp.html

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Application Context (and/or) SERVICE element load orders when starting Tomcat 5/6.

2009-07-22 Thread Mark Thomas
JeanNiBee wrote:
 Hi
 
 I have two application contexts, /RAM and /UO.

Context initialization is serial. If you try starting in the wrong order you
will be out of luck.

Tomcat won't start serving requests until all the contexts have started.

You can't control the order the apps start in. It will be arbitrary.

You could try the following:

Add a filter to OU that is mapped to /*. It checks for RAM, it RAM isn't running
the requests are blocked. Once RAM is running it lets requests through and then
your Servlet inits. You could write your filter such that once it detects RAM is
running, it doesn't check RAM again.

Mark


 
 OU needs to have RAM running before it can do anything as I have startup
 code (Fired during init of my servlet) in UO that needs to access RAM.
 
 The problem I have is that when I do startup the Tomcat container, the
 minute my 'init code' get's executed in UO, it locks the whole container
 mainly because it's using HTTP calls to RAM to access it's information
 (which hasn't started up yet).
 
 Classic (as I see it) chicken and the egg scenario, UO can't start because
 RAM isn't started and the whole container is locking HTTP connections
 because all the app contexts aren't started.
 
 Is there any way that I can have these two application contexts exist
 peacefully without causing this condition? Can I force the load order of app
 contexts (though using multiple service setups in the server.xml?
 
 Or am I looking at having (and due to business reasons this is 'almost' not
 a solution) two installations of tomcat each managing one of the apps.
 
 Note: 
 I have tried the following.
 
 1. Ping servlet in UO that pings RAM And sleeps for X seconds until RAM is
 running. After 5 tries and 2 mintues (10x more than RAM needs in a normal
 situation to start) I call destroy on the servlet and kill the startup
 process. Running on the same container / servlet actually causes the LOCK on
 the very first HTTP ping to RAM and a subsequent stopping of Tomcat load
 altogether (system.exit call)
 2. Two Service configuration elements in the server.xml each managing it's
 own resources. This option worked better as UO would ping / sleep
 successfully for its' configured iterations, but RAM would never be started
 until UO was finished it's tries. If I left the 'die' code in UO then of
 course nothing loaded (as mentioned abovein point #1), but if I took out the
 die code, RAM loaded AFTER UO no problem. I would LOVE UO to be last if
 possible.
 
 It seems I can never get RAM to load before UO. (or at least let it keep
 loading while UO sleeps on it's ping requests.
 
 Thanks.
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Wrong SessionID

2009-07-22 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ron,

On 7/22/2009 5:09 AM, Ron McNulty wrote:
 The only fix was to correctly configure the offending server - there is
 nothing Tomcat can do. When a browser has two cookies with the same name
 in scope, the outcome is indeterminate. We found that the wider scoped
 cookie took precedence. I've often thought the name of the JSESSIONID
 cookie should be configurable, but to my knowledge it is hard-coded.

As Mark points out, this is configurable in 6.0.19.

When multiple JSESSIONID cookies exist, Tomcat will try them, one at a
time, until it finds one that matches a valid session in the container,
so multiple JSESSIONID cookies shouldn't be a problem.

If you call request.getRequestedSessionId() and it did not produce a
valid session, then the session id will appear to be wonky. It would be
better to call request.getSession().getId() to be sure you're really
using the right session id.

Uwe, are you seeing this strange JSESSIONID in the request headers (via
an HTTP sniffer) or are you accessing this id through the API? I'm
wondering if you are drawing an improper conclusion. You weren't
specific about the circumstances so it's tough to diagnose.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkpnHbgACgkQ9CaO5/Lv0PCHCgCggHT5n24kbfwJ9hQyWFu577j6
eTMAoKefxgqhEWaLl08+yfvFxZrGXz4p
=BsM8
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Application Context (and/or) SERVICE element load orders when starting Tomcat 5/6.

2009-07-22 Thread JeanNiBee

So in effect I'm deferring all interaction w/ RAM to be at request time and
not startup time correct?

I guess I could even take it one step further (and easier to implement I
think) where I build some static singleton initializer that manages an am I
loaded properly flag and if not, loads its data (This is the RAM
interaction) otherwise just handle the request normally.

It adds an extra check but checking if( ApplicationStatus.IS_LOADED ) isn't
such a big deal in the long run.

That is unless we're not talking the same thing here.  :)





markt-2 wrote:
 
 JeanNiBee wrote:
 Hi
 
 I have two application contexts, /RAM and /UO.
 
 Context initialization is serial. If you try starting in the wrong order
 you
 will be out of luck.
 
 Tomcat won't start serving requests until all the contexts have started.
 
 You can't control the order the apps start in. It will be arbitrary.
 
 You could try the following:
 
 Add a filter to OU that is mapped to /*. It checks for RAM, it RAM isn't
 running
 the requests are blocked. Once RAM is running it lets requests through and
 then
 your Servlet inits. You could write your filter such that once it detects
 RAM is
 running, it doesn't check RAM again.
 
 Mark
 
 

-- 
View this message in context: 
http://www.nabble.com/Application-Context-%28and-or%29-%3CSERVICE%3E-element-load-orders-when-starting-Tomcat-5-6.-tp24606540p24607746.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Monitoring Tomcat

2009-07-22 Thread dori

Hello everyone. 

What would be the best way or a good way to monitor topcat, so i could see
when and where any errors are originating from, say if 10 people an hour are
getting a certain http error code then I can work out why and enable me to
see how much load tomcat is under and how it's performing?

I found Lambaprobe but it dosent seem to have been updated in 3 years and im
not sure about it supporting tomcat 6.

To paraphrase, how do you know when it's time (or nearly time) to upgrade
your Tomcat set up (vertical, horizontal, whatever)

Thanks for any (much needed) advice...

Dori
-- 
View this message in context: 
http://www.nabble.com/Monitoring-Tomcat-tp24609118p24609118.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Monitoring Tomcat

2009-07-22 Thread El Tonno

dori wrote:
Hello everyone. 


What would be the best way or a good way to monitor topcat, so i could see
when and where any errors are originating from, say if 10 people an hour are
getting a certain http error code then I can work out why and enable me to
see how much load tomcat is under and how it's performing?

I found Lambaprobe but it dosent seem to have been updated in 3 years and im
not sure about it supporting tomcat 6.

To paraphrase, how do you know when it's time (or nearly time) to upgrade
your Tomcat set up (vertical, horizontal, whatever)

Thanks for any (much needed) advice...

Dori
  


Tomcat monitoring for the Poor Man...

Here's my approach:

The Tomcat application generates counter/gauge information about the JVM 
state as well about business values, possibly using a separate thread.
These are written to the database or exported through a servlet which 
can be queried by HTTP.


I then use a homemade script to fetch and preprocess and RRDtool to 
graph the state of the JVM or the other values of interest.


This involves some tedious setup work, but can give results of interest 
(e.g. I see when it is time to restart Tomcat because of a memory leak etc)






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



AW: Wrong SessionID

2009-07-22 Thread Poehner, Uwe
Hi Ron,

thanks a lot! I'm pretty sure that's our problem and I already found some SAP
J2EE Application Servers on our intranet with such a JSESSIONID 
(J2EE...)ID...End
and (Cookie) Domain instead of Host configured (still right configured). 
So I will continue to search for the evil one ...


Best Regards
Uwe



 -Ursprüngliche Nachricht-
 Von: Ron McNulty [mailto:rmcnu...@xtra.co.nz] 
 Gesendet: Mittwoch, 22. Juli 2009 11:09
 An: Tomcat Users List
 Betreff: Re: Wrong SessionID
 
 Hi Uwe
 
 I've seen something very similar when a SAP server was incorrectly 
 configured to produce a JSESSIONID cookie that was global to the 
 organisation, rather than scoped to the server that produced it. The 
 (J2EE13679500) and End parts of the session ID look 
 suspiciously like 
 what I saw.
 
 The only fix was to correctly configure the offending server 
 - there is 
 nothing Tomcat can do. When a browser has two cookies with 
 the same name in 
 scope, the outcome is indeterminate. We found that the wider 
 scoped cookie 
 took precedence. I've often thought the name of the 
 JSESSIONID cookie should 
 be configurable, but to my knowledge it is hard-coded.
 
 If this is the problem, then it is your client's problem 
 (unless you are 
 seeing it from inside your intranet).
 
 Regards
 
 Ron
 
 - Original Message - 
 From: Poehner, Uwe uwe.poeh...@siemens.com
 To: users@tomcat.apache.org
 Sent: Wednesday, July 22, 2009 3:26 AM
 Subject: Wrong SessionID
 
 
 Hello,
 
 our tomcat servers seem to produce very sporadically a wrong 
 JsessionID - 
 instead of 58EB1F9C39278DBB72528A13EF026EFB.bsp01
 we get (J2EE13679500)ID0574993050DB11991779031281660559End (without a 
 dot-jvmroute) so we lose stickyness and our session.
 
 Our environment (Hardware Loadbalancer - 2 Apache Servers - 
 2 Tomcat 
 Servers):
 Solaris 10 8/07
 Apache/2.2.6 with mod_proxy_ajp, mod_proxy_balancer, ...
 Tomcat 5.5.23 with JDK 1.5.0_12-b04
 
 Does anybody have an idea?
 
 
 Thanks and Regards
   Uwe
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Monitoring Tomcat

2009-07-22 Thread dori

thanks for the reply. Does this also give you information about how many
errors users may have received, and posiible the time and load (at the time
of) of those errors?


dori wrote:
 
 Hello everyone. 
 
 What would be the best way or a good way to monitor topcat, so i could see
 when and where any errors are originating from, say if 10 people an hour
 are getting a certain http error code then I can work out why and enable
 me to see how much load tomcat is under and how it's performing?
 
 I found Lambaprobe but it dosent seem to have been updated in 3 years and
 im not sure about it supporting tomcat 6.
 
 To paraphrase, how do you know when it's time (or nearly time) to upgrade
 your Tomcat set up (vertical, horizontal, whatever)
 
 Thanks for any (much needed) advice...
 
 Dori
 

-- 
View this message in context: 
http://www.nabble.com/Monitoring-Tomcat-tp24609118p24609611.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Monitoring Tomcat

2009-07-22 Thread Hassan Schroeder
On Wed, Jul 22, 2009 at 8:51 AM, doridorian.cus...@googlemail.com wrote:

 I found Lambaprobe but it dosent seem to have been updated in 3 years and im
 not sure about it supporting tomcat 6.

It works fine with Tomcat 6.0.x. Try it.

-- 
Hassan Schroeder  hassan.schroe...@gmail.com
twitter: @hassan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Monitoring Tomcat

2009-07-22 Thread dori

 
thanks, will do.


Hassan Schroeder-2 wrote:
 
 On Wed, Jul 22, 2009 at 8:51 AM, doridorian.cus...@googlemail.com wrote:
 
 I found Lambaprobe but it dosent seem to have been updated in 3 years and
 im
 not sure about it supporting tomcat 6.
 
 It works fine with Tomcat 6.0.x. Try it.
 
 -- 
 Hassan Schroeder  hassan.schroe...@gmail.com
 twitter: @hassan
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

-- 
View this message in context: 
http://www.nabble.com/Monitoring-Tomcat-tp24609118p24609818.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Monitoring Tomcat

2009-07-22 Thread El Tonno

dori wrote:

thanks for the reply. Does this also give you information about how many
errors users may have received, and posiible the time and load (at the time
of) of those errors?
  

Hi,

If you can identify that an error occurred, yes. For example, if an 
Exception is thrown,
you would catch it at the top servlet, then update a counter value 
accordingly. This value can then
be graphed. The Tomcat load would be the number of servlets currently 
running, also a

graphable gauge etc.

But it's all manual work, nothing general. Plus, RRDtool has its nasty 
quirks and I had to embed it into lots of
Perl to automate tasks. If you are interested, I can upload it, but it 
does not exactly have the smoothness of

an RPM installation.

Still, the results can be nice: 
http://public.m-plify.net/examples/RRDTOOL.png


I haven't looked at Lambda Probe though. As I am being pushed to JBoss 
now, this might be a

good occasion.

Best regards,

-- David












-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Can a Realm communicate with a web application?

2009-07-22 Thread Mitch Claborn
Pid wrote:
 On 21/7/09 23:23, Mitch Claborn wrote:
 I am toying with the idea of writing my own Realm for authentication.
 Much of the code and structures that I need are already present in the
 web application.  Is there any way for the Realm to access Java objects
 from the web application?  They don't appear to share the same class
 loader.

 As an alternative is there a mechanism for providing the functionality
 of a Realm, but within the web application structure?

 You can define the Realm in your context.xml, (which of course you'll
 be configuring in the META-INF dir of your web-app, hint hint).

 I think this will load classes from your web-app classloader.


 N.B. Check out the localDataSource attribute, if you're also using a
 web-app specific DataSource.

 http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#DataSourceRealm

 p

I found that I can define the Realm in the conext.xml in my WEB-INF, but
it is not being located - getting java.lang.ClassNotFoundException when
the web app deploys/starts.  I've triple checked that the class files
are there in WEB-INF/classes.  I also tried putting in a jar in
WEB-INF/ilb.  I'm guessing that the Realm is still being loaded in a
different class loader.  I would guess the Realm is loaded in the
common class loader, as defined at
http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html. 

Any other ideas?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Can a Realm communicate with a web application?

2009-07-22 Thread Caldarale, Charles R
 From: Mitch Claborn [mailto:mi...@claborn.net]
 Subject: Re: Can a Realm communicate with a web application?
 
 I found that I can define the Realm in the conext.xml in my WEB-INF,

The context.xml file (not conext.xml) goes into META-INF, not WEB-INF.  Start 
again.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.



Re: Monitoring Tomcat

2009-07-22 Thread Leon Rosenberg
On Wed, Jul 22, 2009 at 6:15 PM, El Tonnoel.to...@m-plify.net wrote:

 Tomcat monitoring for the Poor Man...

 Here's my approach:

 The Tomcat application generates counter/gauge information about the JVM
 state as well about business values, possibly using a separate thread.
 These are written to the database or exported through a servlet which can be
 queried by HTTP.

 I then use a homemade script to fetch and preprocess and RRDtool to graph
 the state of the JVM or the other values of interest.


and here's the version for the rich man:

http://moskito.anotheria.net/moskitodemo/mui/mskShowAllProducers

:-)
regards
Leon

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Can a Realm communicate with a web application?

2009-07-22 Thread Mitch Claborn
Caldarale, Charles R wrote:
 From: Mitch Claborn [mailto:mi...@claborn.net]
 Subject: Re: Can a Realm communicate with a web application?

 I found that I can define the Realm in the conext.xml in my WEB-INF,
 

 The context.xml file (not conext.xml) goes into META-INF, not WEB-INF.  Start 
 again.

  - Chuck

   
My typos.  I have/had context.xml in META-INF.  Fingers faster than
brain today.

mitch


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Trouble setting up virtual host

2009-07-22 Thread Lisa D Beggs/AC/VCU
I am hoping you can help me.  I am trying to get a DNS entry that we set 
up www.websitename.edu (alias websitename.edu) to point to another page on 
our Crystal Reports Server (Infoview). 

We are running Tomcat 5.5.20.  I was told I need to set up a virtual host, 
I need to point the DNS entries to the logon.jsp page that is located in 
the Tomcat55\webapps\InfoViewApp\ directory. 

When I type in the above website from the server however, I get the 
default Tomcat home page.  So essentially I need to set it up so that the 
URL to the logon page is redirected to http://websitename.edu/logon.jsp or 
http://www.websitename.edu/logon.jsp and not the current - 
http://myserver:/InfoViewApp/logon.jsp.

Any suggestions, this is all new to me.

THANKS!



Server port=8005 shutdown=SHUTDOWN

  GlobalNamingResources
!-- Used by Manager webapp --
Resource name=UserDatabase auth=Container
  type=org.apache.catalina.UserDatabase
   description=User database that can be updated and saved
   factory=org.apache.catalina.users.MemoryUserDatabaseFactory
  pathname=conf/tomcat-users.xml /
  /GlobalNamingResources

  Service name=Catalina
Connector port=80 /

Connector URIEncoding=UTF-8 acceptCount=100 
connectionTimeout=2 disableUploadTimeout=true 
enableLookups=false maxHttpHeaderSize=8192 maxSpareThreads=75 
maxThreads=150 minSpareThreads=25 port=8080 redirectPort=8443/

!-- This is here for compatibility only, not required --
Connector port=8009 protocol=AJP/1.3 /

Engine name=Catalina defaultHost=localhost
  Realm className=org.apache.catalina.realm.UserDatabaseRealm
 resourceName=UserDatabase / Host name=localhost 
appBase=webapps /
/Engine
 
Host name=www.websitename.edu 
appBase=\webapps\InfoViewApp\logon.jsp unpackWARs=false 
autoDeploy=true xmlValidation=false xmlNamespaceAware=false
Context path= docBase=./
Aliaswebsitename.edu/Alias
  /Host

/Service

  /Server





_
Change is the essence of life. Be willing to surrender what you are, for 
what you could become. 

Lisa D. Beggs 
Information Technology Specialist
Business Application Services
Phone:  804 828-2098
Fax:   804 828-0322

Don't be a phishing victim - VCU and other reputable organizations will 
never use email to request that you reply with your password, social 
security number or confidential personal information.  For more details 
visit http://infosecurity.vcu.edu/phishing.html 






Re: Monitoring Tomcat

2009-07-22 Thread El Tonno

Leon Rosenberg wrote:

On Wed, Jul 22, 2009 at 6:15 PM, El Tonnoel.to...@m-plify.net wrote:
  

Tomcat monitoring for the Poor Man...




and here's the version for the rich man:

http://moskito.anotheria.net/moskitodemo/mui/mskShowAllProducers

:-)
regards
Leon
  


Hah, nice! I got to ask my boss for a sabattical to check that.


Re: Trouble setting up virtual host

2009-07-22 Thread Hassan Schroeder
On Wed, Jul 22, 2009 at 12:10 PM, Lisa D Beggs/AC/VCUldbe...@vcu.edu wrote:
 I am hoping you can help me.  I am trying to get a DNS entry that we set
 up www.websitename.edu (alias websitename.edu) to point to another page on
 our Crystal Reports Server (Infoview).

DNS entries associate host (and domain) names with IP addresses.
They do not point to pages.

 When I type in the above website from the server however, I get the
 default Tomcat home page.  So essentially I need to set it up so that the
 URL to the logon page is redirected to http://websitename.edu/logon.jsp or
 http://www.websitename.edu/logon.jsp and not the current -
 http://myserver:/InfoViewApp/logon.jsp.

Then you could replace the default home page with one that will
forward or redirect requests to / to your own app.
~or~
You can make your own app the default Context by removing the
existing ROOT Context and renaming yours to ROOT, and define
login.jsp as a welcome page (see the default welcome pages and
explanatory note in the global $CATALINA_HOME/conf/web.xml).

HTH,
-- 
Hassan Schroeder  hassan.schroe...@gmail.com
twitter: @hassan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Trouble setting up virtual host

2009-07-22 Thread Lisa D Beggs/AC/VCU
The default Tomcat page is what I get if I try to enter that on the server 
hosting Tomcat  Crystal Reports Server.so my configuration in the 
server.xml file must be incorrect.

If I try to type in the webpage from another computer it can not find the 
page.


_
Change is the essence of life. Be willing to surrender what you are, for 
what you could become. 

Lisa D. Beggs 
Information Technology Specialist
Business Application Services
Phone:  804 828-2098
Fax:   804 828-0322

Don't be a phishing victim - VCU and other reputable organizations will 
never use email to request that you reply with your password, social 
security number or confidential personal information.  For more details 
visit http://infosecurity.vcu.edu/phishing.html 








From:
Hassan Schroeder hassan.schroe...@gmail.com
To:
Tomcat Users List users@tomcat.apache.org
Date:
07/22/2009 03:42 PM
Subject:
Re: Trouble setting up virtual host



On Wed, Jul 22, 2009 at 12:10 PM, Lisa D Beggs/AC/VCUldbe...@vcu.edu 
wrote:
 I am hoping you can help me.  I am trying to get a DNS entry that we set
 up www.websitename.edu (alias websitename.edu) to point to another page 
on
 our Crystal Reports Server (Infoview).

DNS entries associate host (and domain) names with IP addresses.
They do not point to pages.

 When I type in the above website from the server however, I get the
 default Tomcat home page.  So essentially I need to set it up so that 
the
 URL to the logon page is redirected to http://websitename.edu/logon.jsp 
or
 http://www.websitename.edu/logon.jsp and not the current -
 http://myserver:/InfoViewApp/logon.jsp.

Then you could replace the default home page with one that will
forward or redirect requests to / to your own app.
~or~
You can make your own app the default Context by removing the
existing ROOT Context and renaming yours to ROOT, and define
login.jsp as a welcome page (see the default welcome pages and
explanatory note in the global $CATALINA_HOME/conf/web.xml).

HTH,
-- 
Hassan Schroeder  hassan.schroe...@gmail.com
twitter: @hassan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




tomcat manager menu, problems

2009-07-22 Thread cokecc

I am in a LAN installed with tomcat 6 with an ip 192.168.20.20

The problem I have is that this departure is the ip address next
http://sitio.pagina.com/misitio/

my question is that the entire menu on the left side (and any), fails to
take / mysite /.

for example.

to enter the menu

Administration
Status -
Tomcat Manager

This gives me

http://sitio.mipagina.com/manager/html

and should appear

http://sitio.pagina.com/misitio/manager/html

Thank you.
-- 
View this message in context: 
http://www.nabble.com/tomcat-manager-menu%2C-problems-tp24613858p24613858.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat manager menu, problems

2009-07-22 Thread Caldarale, Charles R
 From: cokecc [mailto:coke.contre...@gmail.com]
 Subject: tomcat manager menu, problems
 
 The problem I have is that this departure is the ip address next
 http://sitio.pagina.com/misitio/

You are mistaken; DNS names do not include slashes, so it's sitio.pagina.com 
that resolves to the IP address 192.168.20.20.

 This gives me
 http://sitio.mipagina.com/manager/html
 and should appear
 http://sitio.pagina.com/misitio/manager/html

No, it shouldn't.  What you're seeing is correct behavior.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Trouble setting up virtual host

2009-07-22 Thread Hassan Schroeder
On Wed, Jul 22, 2009 at 12:10 PM, Lisa D Beggs/AC/VCUldbe...@vcu.edu wrote:

Sorry, didn't even look at this before:

        Host name=www.websitename.edu
 appBase=\webapps\InfoViewApp\logon.jsp

Totally wrong -- change to  appBase=/webapps

        Context path= docBase=./

Remove the Context element totally from server.xml.

Then remove the existing ROOT context and rename yours to ROOT
(or ROOT.war, depending on how you're deploying).

-- 
Hassan Schroeder  hassan.schroe...@gmail.com
twitter: @hassan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat manager menu, problems

2009-07-22 Thread Hassan Schroeder
On Wed, Jul 22, 2009 at 1:19 PM, cokecccoke.contre...@gmail.com wrote:

 This gives me

 http://sitio.mipagina.com/manager/html

 and should appear

 http://sitio.pagina.com/misitio/manager/html

No it shouldn't; the behavior you see is correct (the manager app is
associated with the host, not the context).

-- 
Hassan Schroeder  hassan.schroe...@gmail.com
twitter: @hassan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat manager menu, problems

2009-07-22 Thread cokecc


thanks for your reply now
How do I configure tomcat? to work under the context / mysite /,

http://sitio.pagina.com/misitio/manager/html 



Hassan Schroeder-2 wrote:
 
 On Wed, Jul 22, 2009 at 1:19 PM, cokecccoke.contre...@gmail.com wrote:
 
 This gives me

 http://sitio.mipagina.com/manager/html

 and should appear

 http://sitio.pagina.com/misitio/manager/html
 
 No it shouldn't; the behavior you see is correct (the manager app is
 associated with the host, not the context).
 
 -- 
 Hassan Schroeder  hassan.schroe...@gmail.com
 twitter: @hassan
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

-- 
View this message in context: 
http://www.nabble.com/tomcat-manager-menu%2C-problems-tp24613858p24614613.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat manager menu, problems

2009-07-22 Thread Hassan Schroeder
On Wed, Jul 22, 2009 at 2:05 PM, cokecccoke.contre...@gmail.com wrote:

 thanks for your reply now
 How do I configure tomcat? to work under the context / mysite /,

Again, the manager app will work fine, but it is associated with the
host, not the context.

You can certainly use the context /mysite/ at the same time, though.

And if that's not the answer, restate your question :-)

-- 
Hassan Schroeder  hassan.schroe...@gmail.com
twitter: @hassan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Tomcat 5.5.28

2009-07-22 Thread Szczotka, Michael T
Hi, 
I was wondering when Tomcat 5.5.28 will be released?
We would like to upgrade to address vulnerability documented in
CVE-2009-0580.
Thanks for great product! 


Re: tomcat manager menu, problems

2009-07-22 Thread cokecc


ok, I understand. but how can I do to when you click on those links, the
context appears / mysite /

For example:
Administration
Status
Tomcat Manager ---

http://sitio.pagina.com/misitio/manager/html

Is this possible? 


Hassan Schroeder-2 wrote:
 
 On Wed, Jul 22, 2009 at 2:05 PM, cokecccoke.contre...@gmail.com wrote:

 thanks for your reply now
 How do I configure tomcat? to work under the context / mysite /,
 
 Again, the manager app will work fine, but it is associated with the
 host, not the context.
 
 You can certainly use the context /mysite/ at the same time, though.
 
 And if that's not the answer, restate your question :-)
 
 -- 
 Hassan Schroeder  hassan.schroe...@gmail.com
 twitter: @hassan
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

-- 
View this message in context: 
http://www.nabble.com/tomcat-manager-menu%2C-problems-tp24613858p24614928.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Force recompile of JSP in Tomcat 6

2009-07-22 Thread David Wall
In a production environment in which JSPs do not change frequently, I'd 
like to reduce the overhead of checking for JSP recompiles, assuming 
that such checks are in fact costly, and instruct Tomcat to recompile a 
given JSP should it change.  In our environment, the JSP is written out 
by our web app.


I noted the page.jsp?jsp_precompile=true type of option, but this seems 
to have no effect if Tomcat's web.xml sets the JspServlet param 
development=false.


Thanks,
David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat manager menu, problems

2009-07-22 Thread Hassan Schroeder
On Wed, Jul 22, 2009 at 2:25 PM, cokecccoke.contre...@gmail.com wrote:

 ok, I understand.

Uh, well, then.

 Tomcat Manager ---

 http://sitio.pagina.com/misitio/manager/html

 Is this possible?

No. Unless you absolutely must have it and are willing to put httpd
with mod_rewrite (or equiv) in front, and even then I wouldn't 100%
bet it would work.

-- 
Hassan Schroeder  hassan.schroe...@gmail.com
twitter: @hassan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Digested passwords stored in tomcat-users.xml by admin application?

2009-07-22 Thread Kurt Heberlein
Hi all,
  I know this is probably a common question, but i can't find an answer
that is satisfactory.   If i configure tomcat to use digested passwords
in server.xml, is there a way to make the admin application write them
digested in the event a password is changed or a new user is created??

Each new user created gets put in the file with a cleartext password.

Thanks


This email and any attachments thereto may contain private, confidential, and 
privileged material for the sole use of the intended recipient. Any review, 
copying, or distribution of this email (or any attachments) by others is 
strictly prohibited. If you are not the intended recipient, please contact the 
sender immediately and permanently delete the original and any copies of this 
email and any attachments thereto.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: tomcat manager menu, problems

2009-07-22 Thread Caldarale, Charles R
 From: cokecc [mailto:coke.contre...@gmail.com]
 Subject: Re: tomcat manager menu, problems
 
 ok, I understand.

Apparently not.

 but how can I do to when you click on those links,
 the context appears / mysite /

You can't.

 http://sitio.pagina.com/misitio/manager/html
 Is this possible?

No.  The site is sitio.pagina.com; misitio is *not* the site, it is simply a 
URL reference under the site.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Digested passwords stored in tomcat-users.xml by admin application?

2009-07-22 Thread Caldarale, Charles R
 From: Kurt Heberlein [mailto:ku...@3pardata.com]
 Subject: Digested passwords stored in tomcat-users.xml by admin
 application?
 
 is there a way to make the admin application 

If you're referring to the admin application that comes with older versions of 
Tomcat, that's a dead end.  (Note that you didn't bother to tell us what 
version of Tomcat you're using.)

 Each new user created gets put in the file with a 
 cleartext password.

What file?  If you're referring to conf/tomcat-users.xml, you should not be 
using that in production.  Better to configure a proper Realm with some sort 
of database or LDAP server behind it:
http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Programmatically reload webapp in Tomcat 6

2009-07-22 Thread David Wall
Manually, the Tomcat Manager web app allows me to easily restart a web 
app.  So, assuming I have the tomcat manager username and password, I 
can make a program invoke the same URL that probably would cause the web 
app to reload, using something like:


https://myhost.com/manager/html/reload?path=/THISONE

Is there a programmatic way to do this directly instead to make it 
easier to detect any errors or the like?  I basically would like a web 
app to be able to reload itself, without stopping Tomcat itself, such as 
after an automated download that installed some new versions of JARs and 
JSPs for the web app (allowing the web app to download upgrades, install 
them, then restart the web app so it's put into use).


Thanks,
David

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Digested passwords stored in tomcat-users.xml by admin application?

2009-07-22 Thread Kurt Heberlein
Thanks Chuck -

  Sorry - yes v5.5, and i am referring to the admin webapp that came
with it.  I have to allow for end-users that don't want to use LDAP, nor
another DB (I know it is stupid).  So i was hoping there was a way to
make the admin app write the passwords in digest form.

Thanks -Kurt

On Wed, 2009-07-22 at 15:05 -0700, Caldarale, Charles R wrote:
  From: Kurt Heberlein [mailto:ku...@3pardata.com]
  Subject: Digested passwords stored in tomcat-users.xml by admin
  application?
 
  is there a way to make the admin application

 If you're referring to the admin application that comes with older
 versions of Tomcat, that's a dead end.  (Note that you didn't bother
 to tell us what version of Tomcat you're using.)

  Each new user created gets put in the file with a
  cleartext password.

 What file?  If you're referring to conf/tomcat-users.xml, you should
 not be using that in production.  Better to configure a proper Realm
 with some sort of database or LDAP server behind it:
 http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
 PROPRIETARY MATERIAL and is thus for use only by the intended
 recipient. If you received this in error, please contact the sender
 and delete the e-mail and its attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





This email and any attachments thereto may contain private, confidential, and 
privileged material for the sole use of the intended recipient. Any review, 
copying, or distribution of this email (or any attachments) by others is 
strictly prohibited. If you are not the intended recipient, please contact the 
sender immediately and permanently delete the original and any copies of this 
email and any attachments thereto.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat manager menu, problems

2009-07-22 Thread André Warnier

Caldarale, Charles R wrote:

From: cokecc [mailto:coke.contre...@gmail.com]
Subject: Re: tomcat manager menu, problems

ok, I understand.


Apparently not.


Ah good ! I thought it was only me..

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Trouble setting up virtual host

2009-07-22 Thread André Warnier

Lisa D Beggs/AC/VCU wrote:
The default Tomcat page is what I get if I try to enter that on the server 
hosting Tomcat  Crystal Reports Server.so my configuration in the 
server.xml file must be incorrect.


If I try to type in the webpage from another computer it can not find the 
page.



...
Mmm.
Ok, Lisa, we're here to serve, no matter what comes...

Can you tell us first under what kind of host this Tomcat is running ? 
Is it a Unix system, a Linux system, a Windows system ?

And if it is a Unix or Linux system, which kind ?
(if you don't know, either ask around or enter uname -a in a console 
window on the server and tell us the result).


Second :
I am going to ask some pretty basic questions.  Can you answer them, 
even if you think that they are stupid, or that you have already 
answered them ?  That will give us some insight into the situation, to 
help you quicker.


Q1 : I presume that this, until now, is a working server. Yes/No ?

Q2: If yes, how do the users access it now ? What exact URL do they type 
in the browser location bar, to access the homepage of this server ?


Q3: Still if yes, does that same URL work from all workstations, and do 
they all get the same page for the same URL ? And which page is that ?


Q4: Have you ever configured a webserver before (Tomcat or other) ?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Preventing access to directories?

2009-07-22 Thread Andre-John Mas

Hi,

If I create a folder in the base of my web application, for example:

  webapp/mydir

can I prevent access to it?

What I am wanting to do it create modules within my web application  
that contain the associated components:


  webapp/
 module/
   js/
   css/
   jsp/
   img/

The JSPs will be accessed via struts2, so I want to ensure that  
someone typing:


   http://../webapp/module/jsp/abc.jsp

won't be able to access the resource. I know I could put the JSPs in  
WEB-INF (it is what I do now), though I am wanting to explore another  
way of organising and grouping related resource, for easier management.


André-John
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: Preventing access to directories?

2009-07-22 Thread Caldarale, Charles R
 From: Andre-John Mas [mailto:andrejohn@gmail.com]
 Subject: Preventing access to directories?
 
 I know I could put the JSPs in WEB-INF (it is what I do now),
 though I am wanting to explore another way of organising and
 grouping related resource, for easier management.

Since protection from direct access is one of the spec-defined uses of WEB-INF, 
why do you want to reinvent this already very round wheel?

You could try writing a filter that traps direct access.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Preventing access to directories?

2009-07-22 Thread Hassan Schroeder
On Wed, Jul 22, 2009 at 5:23 PM, Andre-John Masandrejohn@gmail.com wrote:

  I want to ensure that someone typing:

   http://../webapp/module/jsp/abc.jsp

 won't be able to access the resource. I know I could put the JSPs in WEB-INF
 (it is what I do now), though I am wanting to explore another way of
 organising and grouping related resource, for easier management.

Uh, say what? It's easier to manage put stuff in directory A versus
put stuff in directory B?

Why not make your life easy and leave it in WEB-INF???

-- 
Hassan Schroeder  hassan.schroe...@gmail.com
twitter: @hassan

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Preventing access to directories?

2009-07-22 Thread Andre-John Mas


On 22-Jul-2009, at 22:36, Hassan Schroeder wrote:

On Wed, Jul 22, 2009 at 5:23 PM, Andre-John Masandrejohn@gmail.com 
 wrote:



 I want to ensure that someone typing:

  http://../webapp/module/jsp/abc.jsp

won't be able to access the resource. I know I could put the JSPs  
in WEB-INF

(it is what I do now), though I am wanting to explore another way of
organising and grouping related resource, for easier management.


Uh, say what? It's easier to manage put stuff in directory A versus
put stuff in directory B?

Why not make your life easy and leave it in WEB-INF???


I probably will, though I was wanting to examine the alternatives.

Andre

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Preventing access to directories?

2009-07-22 Thread lanxiazhi
Here is one alternative:
use a servlet that will handle all the illegal accessed files by define
corresponding servlet-mapping in web.xml.
eg.mapping ErrorServlet to /code dir,and return error code SC_FORBIDDEN
(403).

2009/7/23 Andre-John Mas aj...@sympatico.ca


 On 22-Jul-2009, at 22:36, Hassan Schroeder wrote:

  On Wed, Jul 22, 2009 at 5:23 PM, Andre-John Masandrejohn@gmail.com
 wrote:

   I want to ensure that someone typing:

  http://../webapp/module/jsp/abc.jsp

 won't be able to access the resource. I know I could put the JSPs in
 WEB-INF
 (it is what I do now), though I am wanting to explore another way of
 organising and grouping related resource, for easier management.


 Uh, say what? It's easier to manage put stuff in directory A versus
 put stuff in directory B?

 Why not make your life easy and leave it in WEB-INF???


 I probably will, though I was wanting to examine the alternatives.

 Andre


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




Re: Preventing access to directories?

2009-07-22 Thread Andre-John Mas


On 22-Jul-2009, at 20:23, Andre-John Mas wrote:


Hi,

If I create a folder in the base of my web application, for example:

 webapp/mydir

can I prevent access to it?

What I am wanting to do it create modules within my web application  
that contain the associated components:


 webapp/
module/
  js/
  css/
  jsp/
  img/

The JSPs will be accessed via struts2, so I want to ensure that  
someone typing:


  http://../webapp/module/jsp/abc.jsp

won't be able to access the resource. I know I could put the JSPs in  
WEB-INF (it is what I do now), though I am wanting to explore  
another way of organising and grouping related resource, for easier  
management.




Turns out I can do the following:

   security-constraint
 web-resource-collection
web-resource-nameJSP/web-resource-name
descriptionPrevents access to .jsp files/description
url-pattern*.jsp/url-pattern
  /web-resource-collection
  auth-constraint/
   /security-constraint

One other source suggested a filter. I have an answer to my question,  
now to see if it solves anything.


André
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: is there any difference?

2009-07-22 Thread David Smith
I'm fairly sure there is no difference between the two.  The browser
contacts www.google.com on the default port 80 and then sends a GET /
request regardless of whether the last '/' is in the address bar.  Take
a look at one of the many browser plugins like Firebug for Firefox to
see it for your self.

Now if you mean URLs like http://www.my.page.com/mydir becoming
http://www.my.page.com/mydir/, that's a different story.  I suspect the
first request get's a 30x redirect to the second one.

--David

lanxiazhi wrote:
 I discovered that when I made a request to www.google.com
 the browser will change the address to www.google.com/  (add a slash)
 what's the mechanism under this?
 and what is tomcat approach on this?
 thanks.

   


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



RE: is there any difference?

2009-07-22 Thread Caldarale, Charles R
 From: David Smith [mailto:d...@cornell.edu]
 Subject: Re: is there any difference?
 
 I'm fairly sure there is no difference between the two.

There's no effective difference, but the HTTP RFC requires the trailing slash 
when a specific resource is not in the URL.  That's why the browser adds the 
slash automatically to the host name URL, and the server sends a 302 back when 
the URL does not target a specific resource.

As you might expect, Tomcat does follow the HTTP RFC.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.



missing content-length header for HEAD request in mod_jk 1.2.28 with tomcat 6.0.18

2009-07-22 Thread Sameer Naik
Hi,

We observed that content-length header is missing in response headers for a 
HEAD request when used along with Apache 2.0.53, mod_jk 1.2.28 and tomcat 
6.0.18.

The header appears correctly when only mod_jk is rolled back to version 1.2.21 
(the previous production version for us).
Is this a known issue? Any work-around/solution for this?

Thanks,
Sameer



  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Fwd: Is it not possible to install apache-tomcat-6.0.20 with a J2SE 5 JRE: A new development

2009-07-22 Thread Varuna Seneviratna
Andre,
  I am sorry if I got your remark from the wrong end and apologies if it
did heart you.I posted things on to the list as they unfolded.This anti
virus issue did not happen until a moment ago I made the post.From the
beginning of this issue I have not kept back any information that was
relevant to the issue and I thought relevant.

Well I did as you have instructed me


   1. *Stopped the Anti virus
   *
   2. *Downloaded apache-tomcat-6.0.20.zip (core)*
   3. *Unzipped it to the directory apache-tomcat-6.0.20*
   4. *Opened a console window*
   5. *Went to the directory c:\apache-tomcat-6.0.20\bin*
   6. *typed the command startup.bat, it started tomcat below is what
   appeared on the console window*

C:\apache-tomcat-6.0.20\binstartup.bat
Using CATALINA_BASE:   C:\apache-tomcat-6.0.20
Using CATALINA_HOME:   C:\apache-tomcat-6.0.20
Using CATALINA_TMPDIR: C:\apache-tomcat-6.0.20\temp
Using JRE_HOME:C:\Program Files\Java\jdk1.6.0_14

 7* Then typed shutdown.bat, it did stop tomcat*

C:\apache-tomcat-6.0.20\binshutdown.bat
Using CATALINA_BASE:   C:\apache-tomcat-6.0.20
Using CATALINA_HOME:   C:\apache-tomcat-6.0.20
Using CATALINA_TMPDIR: C:\apache-tomcat-6.0.20\temp
Using JRE_HOME:C:\Program Files\Java\jdk1.6.0_14

*8 Issued the command service.bat install, the display in the console window
was*

C:\apache-tomcat-6.0.20\binservice.bat install
Installing the service 'Tomcat6' ...
Using CATALINA_HOME:C:\apache-tomcat-6.0.20
Using CATALINA_BASE:C:\apache-tomcat-6.0.20
Using JAVA_HOME:C:\Program Files\Java\jdk1.6.0_14
Using JVM:  C:\Program
Files\Java\jdk1.6.0_14\jre\bin\server\jvm.dll

Failed installing 'Tomcat6' service


*As always the service installation stops when using the JVM


*Varuna*

*2009/7/22 André Warnier a...@ice-sa.com

 Varuna,

 I am not trying to bully you or anything of the kind.
 I have been watching this thread as a spectator, and I was just trying to
 convey to you the following :
 There are people here trying to help you, for free.
 To be able to do that, they need, at least :
 - that you provide all relevant information
 - that when they ask a question, you answer the question
 This anti-virus thing was valuable information, and it may be at the bottom
 of your problems.  But it took about 10 posts before you mentioned these
 messages, thus leading several would-be helpers into probably bad
 directions.
 Similarly, it looks a bit like every item of information has to be pulled
 out of you bit by bit.
 In other words, much of your pain looks self-inflicted.

 That was the sense of my comment.  Which, I admit, was made in a rather
 sarcastic way, for which I apologise if it shocked you.

 Now, to redeem myself, here are my suggestions :

 - turn off any anti-virus or similar software that might be running
 - de-install whatever Tomcat software you have installed, using the
 installer/deinstaller package
 - verify that you do not have any remainders anywhere of these
 installations (in the Windows Services display, in the disk directory
 where you installed Tomcat, and in the Start.. Settings.. System
 ..Software dialog).

 When everything is clean :

 - download the zip version of Tomcat for Windows, from the Tomcat
 website.
 - unzip it in a directory.  I suggest a sensible directory name, without
 spaces in the name, like c:\tomcat6.
 This is now your CATALINA_HOME directory (and also, by default, your
 CATALINA_BASE directory). Remember this, it is important.
 - in the directory CATALINA_HOME/bin, you will then find a script called
 startup.bat.  Open a command window, navigate to that directory, and run
 that script.
 This should start Tomcat, interactively, in that command window.
 This is only to verify that nothing else is wrong on your system to run
 Tomcat (like available ports, etc..).
 - you should now be able to access Tomcat with a browser, at 
 http://localhost:8080;
 - to stop Tomcat, type CTRL-C in the command window.

 Once you have done the above, then you can try to install Tomcat as a
 service.
 For that, run the script CATALINA_HOME/bin/service.bat install
 (you can also edit this script, to see what it is doing)

 When you have run this script, you will have essentially done the same as
 what the exe installer package for Tomcat is doing.  But you will have
 much more control and understanding of what is going on, and where things
 may get stuck.

 You should now be able to start and stop Tomcat using the commands
 net start tomcat6
 net stop tomcat6
 (the name tomcat6 above to be replaced by the correct Windows Service
 name for Tomcat)
 or by using My Computer..Manage..Services and Applications)

 If you want, you can then remove the Tomcat service again, by running
 service.bat remove, and try again to install the whole thing from the
 exe installer version.

 Additional information, harder to find in the on-line documentation :

 - the tomcat6.exe program that comes with the Windows version of Tomcat,
 

Re: TC 5.5.27 upgrade JSP tag attribute quoting

2009-07-22 Thread LS86

In the file Tomcat 5.5\conf\catalina.properties I simply added this line:

org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false

To get rid of the jasper double quotes error.

Thanks for the link Mark.It was useful.

-LS
-- 
View this message in context: 
http://www.nabble.com/TC-5.5.27-upgrade-JSP-tag-attribute-quoting-tp19986031p24619281.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: is there any difference?

2009-07-22 Thread lanxiazhi
hello,I found this in the servlet specification:

• The deployment descriptor lists the following welcome files.
welcome-file-list
welcome-fileindex.html/welcome-file
welcome-filedefault.jsp/welcome-file
/welcome-file-list
• The static content in the WAR is as follows
/foo/index.html
/foo/default.jsp
/foo/orderform.html
/foo/home.gif
/catalog/default.jsp
/catalog/products/shop.jsp
/catalog/products/register.jsp
• A request URI of /foo will be redirected to a URI of /foo/.
• A request URI of /foo/ will be returned as /foo/index.html.
• A request URI of /catalog will be redirected to a URI of /catalog/.

which matches what David said.

2009/7/23 Caldarale, Charles R chuck.caldar...@unisys.com

  From: David Smith [mailto:d...@cornell.edu]
  Subject: Re: is there any difference?
 
  I'm fairly sure there is no difference between the two.

 There's no effective difference, but the HTTP RFC requires the trailing
 slash when a specific resource is not in the URL.  That's why the browser
 adds the slash automatically to the host name URL, and the server sends a
 302 back when the URL does not target a specific resource.

 As you might expect, Tomcat does follow the HTTP RFC.

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you received
 this in error, please contact the sender and delete the e-mail and its
 attachments from all computers.




RE: Fwd: Is it not possible to install apache-tomcat-6.0.20 with a J2SE 5 JRE: A new development

2009-07-22 Thread Caldarale, Charles R
 From: Varuna Seneviratna [mailto:varunasenevira...@gmail.com]
 Subject: Re: Fwd: Is it not possible to install apache-tomcat-6.0.20
 with a J2SE 5 JRE: A new development
 
 Using JAVA_HOME:C:\Program Files\Java\jdk1.6.0_14
 Using JVM:  C:\Program 
 Files\Java\jdk1.6.0_14\jre\bin\server\jvm.dll
 
 *As always the service installation stops when using the JVM

No, your previous posting showed Failed setting process executable - which is 
tomcat6.exe.  Interesting that your subject line says J2SE 5 JRE, when the 
registered JVM is a JDK 6...

I don't think there's any attempt during *installation* of the service to use 
the JVM.  However, the installer might well be verifying that the registered 
JVM exists and is accessible - along with a myriad of other things.

1) Verify that the above .dll location does exist and is accessible to the 
Local System account.
 
2) Verify that the above JVM does work by entering the following at a command 
prompt (quotes required):
C:\Program Files\Java\jdk1.6.0_14\bin\java -server -version

3) Verify that the Local System account has access to the Tomcat installation 
directory.

4) Double check that there is no Tomcat service of any kind under any name 
already installed.

5) If you can find another Windows machine that has not been under the 
influence of Kaspersky, try a Tomcat installation there.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.