tomcat - which version to download
Hi, As of now I am using tomcat apache 5.5.27 with java version 1.6.0_24 on Ubuntu Server 10.04. I happened to visit the url - http://tomcat.apache.org/whichversion.html Bit confused. Not sure which version i need to go for my production purpose to avail latest features and performance improvement. Please suggest/guide. Thanks Kaushal
Re: [OT] Protecting against HTTP response splitting
Op woensdag, 30 maart 2011 22:12 schreef Christopher Schultz ch...@christopherschultz.net: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I was playing around with findbugs today and saw a security warning I've never seen before: HTTP parameter directly written to HTTP header output in [somefile.java]. I read a bit more into it and the warning was correct, I was doing something akin to the following: response.sendRedirect(request.getParameter(returnURL)); Aside from not running the redirect through response.encodeRedirectURL, there's another potential problem, there: the user can specify a return URL that breaks the HTTP response and can do some evil things. I verified that I can break my own response in this way by adding %0d%0a and then more stuff to my returnURL parameter and I magically escaped the Location header of the response. The suggested mitigation is to URL-encode the value before putting it into the header. I was wondering if anyone was doing anything like this and has a suggestion for allowing the UI to control it's own return to URLs in a safe way. We'd like to use returnURL values that allow for query parameters to be passed-back to the target URL so we can't just blindly URL-encode the URL otherwise those parameters will become part of the URL and not the query string. I suppose I could also just look for and replace whitespace, which is not legal in a URL anyway. Any other thoughts of suggestions? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TjpgACgkQ9CaO5/Lv0PDAwQCfa8sSdRzAE7ZNjv0P1s/qD95L FGEAnjA8ZbobU/8s90lE2huLx/+B2smV =vJ6w -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org I would say that some proper input validation solves your problem. Does new URL(redirectURL).toString() give an exception on invalid url's? Ronald.
Re: tomcat - which version to download
On Thu, 31 Mar 2011, Kaushal Shriyan wrote: Hi, As of now I am using tomcat apache 5.5.27 with java version 1.6.0_24 on Ubuntu Server 10.04. I happened to visit the url - http://tomcat.apache.org/whichversion.html Bit confused. Not sure which version i need to go for my production purpose to avail latest features and performance improvement. as a totally new user to tomcat, i'm running ubuntu 10.10 and i just downloaded the tomcat 7.0.11 tarball and dumped it into a personal directory. seems to start and run fine, although i have no existing webapps that force me to worry about backward compatibility. rday -- Robert P. J. Day Waterloo, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat - which version to download
On 31/03/2011 12:12, Robert P. J. Day wrote: On Thu, 31 Mar 2011, Kaushal Shriyan wrote: Hi, As of now I am using tomcat apache 5.5.27 with java version 1.6.0_24 on Ubuntu Server 10.04. I happened to visit the url - http://tomcat.apache.org/whichversion.html Bit confused. Not sure which version i need to go for my production purpose to avail latest features and performance improvement. Latest features - Tomcat 7 Best performance - Latest JDK There are a few performance tweaks in Tomcat 7 but nothing as significant as you'll get from using Java 6 rather than Java 5 (as you already are). as a totally new user to tomcat, i'm running ubuntu 10.10 and i just downloaded the tomcat 7.0.11 tarball and dumped it into a personal directory. seems to start and run fine, although i have no existing webapps that force me to worry about backward compatibility. The specifications are backwards compatible. If a specification compliant application runs on Tomcat 3 it should run on Tomcat 7. If it doesn't, that would be a bug. The catch is specification compliant. Tomcat has become stricter in enforcing the requirements of the specification (usually because of edge case bugs if it doesn't) which does mean that an application that runs on an older Tomcat version may require some fixes and/or Tomcat configuration to disable checks on the latest release. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
explaining server.xml
Hi, Can someone please help me understand about various tag and definition in server.xml ? Thanks Kaushal
Re: tomcat - which version to download
On Thu, Mar 31, 2011 at 4:58 PM, Mark Thomas ma...@apache.org wrote: On 31/03/2011 12:12, Robert P. J. Day wrote: On Thu, 31 Mar 2011, Kaushal Shriyan wrote: Hi, As of now I am using tomcat apache 5.5.27 with java version 1.6.0_24 on Ubuntu Server 10.04. I happened to visit the url - http://tomcat.apache.org/whichversion.html Bit confused. Not sure which version i need to go for my production purpose to avail latest features and performance improvement. Latest features - Tomcat 7 Best performance - Latest JDK There are a few performance tweaks in Tomcat 7 but nothing as significant as you'll get from using Java 6 rather than Java 5 (as you already are). as a totally new user to tomcat, i'm running ubuntu 10.10 and i just downloaded the tomcat 7.0.11 tarball and dumped it into a personal directory. seems to start and run fine, although i have no existing webapps that force me to worry about backward compatibility. The specifications are backwards compatible. If a specification compliant application runs on Tomcat 3 it should run on Tomcat 7. If it doesn't, that would be a bug. The catch is specification compliant. Tomcat has become stricter in enforcing the requirements of the specification (usually because of edge case bugs if it doesn't) which does mean that an application that runs on an older Tomcat version may require some fixes and/or Tomcat configuration to disable checks on the latest release. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi, As per - http://wiki.apache.org/tomcat/TomcatVersions Tomcat 7.0.x Spec versions: Servlet 3.0, JSP 2.2, EL 2.2 Enhancements:Yes Process:CTR Can someone please explain me about EL 2.2, Enhancements and about process CTR. Thanks Kaushal
Re: virtual host for apache/tomcat server
On Thu, 2011-03-31 at 00:57 +0200, Tobias Crefeld wrote: Am Wed, 30 Mar 2011 15:09:12 -0400 schrieb James Pifer j...@obrien-pifer.com: Ok, my httpd.conf is pretty standard. It includes proxy_ajp.conf which has: LoadModule proxy_ajp_module modules/mod_proxy_ajp.so ProxyPass /tomcat/ ajp://localhost:8009/ I only have some experience with Tomcat-6, not Tomcat-5.5, so maybe there are some mistakes in my posting, but AFAIK: - A corresponding ProxyPassReverse is missing. - If you want to redirect requests to http://hostname.domain.tld/ to ROOT then you should simply write / and not /tomcat/. Maybe a chip of our mixed IP- and name-based Apache-vhost-configs gives you an idea of how to setup Apache2 (in this environment hostnames with TLD prod are private IP-adresses for internal access). The setup uses a mix of mod_proxy_http and mod_proxy_ajp. Of course you have to configure tomcat's server.xml to offer ajp-access via Port 8009. Usually mod_proxy_ajp works better (handling of out-buffer, cache ontrol) but in rare cases we had problems with mod_proxy_ajp. Of course httpd.conf of our apache2.2 has got an include-statement for /srv/conf.d/*.conf in order to use this config. ---snip--- [crm@mikesch ~]$ cat /srv/conf.d/crm.conf # # vhost-configuration *.crm.company.* # # Virtual IP-Alias via DNS NameVirtualHost crm.company.prod:80 # # vhost for production # VirtualHost crm.company.prod:80 DocumentRoot /srv/crm/html ServerName crm.company.de ServerAlias crm.company.prod ErrorLog /srv/crm/logs/error_log TransferLog /srv/crm/logs/access_log # Reverse-Proxy for ajp-connector ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy # avoid public access to mgmt-applications ProxyPass/docs ! ProxyPass/probe ! ProxyPass/manager ! # connecting tomcats ROOT via mod_proxy_http and coyote ProxyPass/ http://crm.company.prod:8080/ ProxyPassReverse / http://crm.company.prod:8080/ # alternative: connecting tomcats ROOT via ajp # ProxyPass/ ajp://crm.company.prod:8009/ # ProxyPassReverse / ajp://crm.company.prod:8009/ /VirtualHost # # allow vhost for management only for users in private network # VirtualHost crm.cataneo.prod:80 DocumentRoot /srv/crm/html/mgmt ServerName mgmt.crm.cataneo.prod ErrorLog /srv/crm/logs/error_log TransferLog /srv/crm/logs/access_log # Displaying Apache vhost-statistics under /usage Alias /usage /srv/crm/html/mgmt/usage Location /usage Order deny,allow Deny from all Allow from 127.0.0.1 Allow from ::1 Allow from company.prod /Location # Reverse-Proxy fuer ajp-connector ProxyRequests Off Proxy * Order deny,allow Deny from all Allow from 127.0.0.1 Allow from ::1 Allow from company.prod /Proxy ProxyPass/probe ajp://crm.cataneo.prod:8009/probe ProxyPassReverse /probe ajp://crm.cataneo.prod:8009/probe ProxyPass/manager ajp://crm.cataneo.prod:8009/manager ProxyPassReverse /manager ajp://crm.cataneo.prod:8009/manager ProxyPass/docsajp://crm.cataneo.prod:8009/docs ProxyPassReverse /docsajp://crm.cataneo.prod:8009/docs /VirtualHost ---snip--- Thanks for the reply. Trying to understand this. I can make the tomcat server respond on / rather than /tomcat, but then that's all that responds. Meaning, the stuff on my regular apache http server is not accessible. So I have a web server at: http://server.domain.com that has just static web pages, etc. I have a tomcat jsp that I want to respond to http://myapp.domain.com. I setup a VirtualHost similar to you example, but when I go to http://server.domain.com it loads tomcat, not my static pages. So it seems to me I have to specify an alias for the ProxyPass, then with a VirtualHost somehow make http://myapp.domain.com actually open http://server.domain.com/tomcat , which will automatically load myapp.jsp (somehow configured with tomcat). Sorry if I'm getting this completely hosed! Thanks, James - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: explaining server.xml
On 31/03/2011 12:45, Kaushal Shriyan wrote: Hi, Can someone please help me understand about various tag and definition in server.xml ? Read the documentation. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat - which version to download
On 31/03/2011 12:47, Kaushal Shriyan wrote: Hi, As per - http://wiki.apache.org/tomcat/TomcatVersions Tomcat 7.0.x Spec versions: Servlet 3.0, JSP 2.2, EL 2.2 Enhancements:Yes Process:CTR Can someone please explain me about EL 2.2, Read the EL 2.2 specification. Enhancements It means that Tomcat 7 will have new features added to it. and about process CTR. http://www.apache.org/foundation/glossary.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: explaining server.xml
This is the best place to go for an explanation of all of the elements in server.xml http://tomcat.apache.org/tomcat-7.0-doc/config/index.html On Mar 31, 2011, at 7:45 AM, Kaushal Shriyan wrote: Hi, Can someone please help me understand about various tag and definition in server.xml ? Thanks Kaushal - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat - which version to download
On Thu, Mar 31, 2011 at 5:26 PM, Mark Thomas ma...@apache.org wrote: On 31/03/2011 12:47, Kaushal Shriyan wrote: Hi, As per - http://wiki.apache.org/tomcat/TomcatVersions Tomcat 7.0.x Spec versions: Servlet 3.0, JSP 2.2, EL 2.2 Enhancements:Yes Process:CTR Can someone please explain me about EL 2.2, Read the EL 2.2 specification. Enhancements It means that Tomcat 7 will have new features added to it. Can you please point me about the Release notes about New Features available in Tomcat 7 ? and about process CTR. http://www.apache.org/foundation/glossary.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat - which version to download
On 31/03/2011 12:59, Kaushal Shriyan wrote: On Thu, Mar 31, 2011 at 5:26 PM, Mark Thomas ma...@apache.org wrote: On 31/03/2011 12:47, Kaushal Shriyan wrote: Hi, As per - http://wiki.apache.org/tomcat/TomcatVersions Tomcat 7.0.x Spec versions: Servlet 3.0, JSP 2.2, EL 2.2 Enhancements:Yes Process:CTR Can someone please explain me about EL 2.2, Read the EL 2.2 specification. Enhancements It means that Tomcat 7 will have new features added to it. Can you please point me about the Release notes about New Features available in Tomcat 7 ? http://www.catb.org/~esr/faqs/smart-questions.html and about process CTR. http://www.apache.org/foundation/glossary.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
some documentation in conf/web.xml seems incorrect
again, from a totally newbie point of view, i was perusing conf/web.xml and noticed the snippets: !-- bufferedShould output from this servlet be buffered? -- !-- (0=false, 1=true) [0] -- !-- -- !-- debug Debugging detail level for messages logged -- !-- by this servlet. [0] -- !-- -- !-- expires The number of seconds before a page with SSI -- !-- directives will expire. [No default] -- but just below that init-param param-namebuffered/param-name param-value1/param-value /init-param init-param param-namedebug/param-name param-value0/param-value /init-param init-param param-nameexpires/param-name param-value666/param-value /init-param so the comments don't seem to agree with at least a couple of the parameter default values (certainly the buffered param seems to disagree). rday -- Robert P. J. Day Waterloo, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: some documentation in conf/web.xml seems incorrect
On 31/03/2011 13:06, Robert P. J. Day wrote: again, from a totally newbie point of view, i was perusing conf/web.xml and noticed the snippets: !-- bufferedShould output from this servlet be buffered? -- !-- (0=false, 1=true) [0] -- but just below that init-param param-namebuffered/param-name param-value1/param-value /init-param so the comments don't seem to agree with at least a couple of the parameter default values (certainly the buffered param seems to disagree). The default value is what you get if you don't specify the value. The value is specified so a non-default is used. Arguably, the default should be changed and all init-params removed. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: some documentation in conf/web.xml seems incorrect
On Thu, 31 Mar 2011, Mark Thomas wrote: On 31/03/2011 13:06, Robert P. J. Day wrote: again, from a totally newbie point of view, i was perusing conf/web.xml and noticed the snippets: !-- bufferedShould output from this servlet be buffered? -- !-- (0=false, 1=true) [0] -- but just below that init-param param-namebuffered/param-name param-value1/param-value /init-param so the comments don't seem to agree with at least a couple of the parameter default values (certainly the buffered param seems to disagree). The default value is what you get if you don't specify the value. The value is specified so a non-default is used. Arguably, the default should be changed and all init-params removed. duh. sorry, i should have figured that out. rday -- Robert P. J. Day Waterloo, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Reg.NoClassDefintionFound Error with Tomcat-4.0.1 and jdk1.5.0_02
From: Tirumala Rao Naidu [mailto:tirumala_na...@infosys.com] Subject: Reg.NoClassDefintionFound Error with Tomcat-4.0.1 and jdk1.5.0_02 Server: Tomcat-4.0.1 Almost ten years old, and deprecated for ages. You really, really, really need to move up. JDk: jdk1.5.0_02 Also not supported (but still widely used). Look for jar files in more than one place. Can you reproduce the problem in a supported environment? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
what exactly does it mean to run multiple tomcat instances?
reading the snippet from RUNNING.txt and i think something needs to be clarified. i can see how multiple users could share a common CATALINA_HOME directory, whose only common contents would be the bin/ and lib/ directories. but how would individual users take advantage of that? if i create a personal CATALINA_BASE directory, and someone else has already started tomcat listening on port 8080, then i certainly can't start another one on that same port with the startup.sh script -- i tried that and quite predictably got an error that port 8080 was already in use. and if i change that server port to, say, 8081, i'm just going to run into another conflict on port 8009. so if i want to run an entirely separate tomcat instance, don't i have to modify server.xml, at least to the extent that it doesn't conflict with any other running instances in terms of ports? and if so, shouldn't that be mentioned in RUNNING.txt? (unless it's spelled out in more detail elsewhere.) rday -- Robert P. J. Day Waterloo, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: what exactly does it mean to run multiple tomcat instances?
From: Robert P. J. Day [mailto:rpj...@crashcourse.ca] Subject: what exactly does it mean to run multiple tomcat instances? i can see how multiple users could share a common CATALINA_HOME directory, whose only common contents would be the bin/ and lib/ directories. but how would individual users take advantage of that? This has nothing to do with users, but rather with running multiple Tomcat servers on a single machine. For example, you may want to segregate webapps more than you can inside a single JVM, thus avoiding the potential of one misbehaving webapp taking the whole set down. if i change that server port to, say, 8081, i'm just going to run into another conflict on port 8009. Yes, each ip-address/port combination must be unique for each instance of Tomcat. This is true for any server-like program, not just Tomcat. so if i want to run an entirely separate tomcat instance, don't i have to modify server.xml Yes - each instance must have its own. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: what exactly does it mean to run multiple tomcat instances?
On Thu, 31 Mar 2011, Caldarale, Charles R wrote: From: Robert P. J. Day [mailto:rpj...@crashcourse.ca] Subject: what exactly does it mean to run multiple tomcat instances? i can see how multiple users could share a common CATALINA_HOME directory, whose only common contents would be the bin/ and lib/ directories. but how would individual users take advantage of that? This has nothing to do with users, but rather with running multiple Tomcat servers on a single machine. For example, you may want to segregate webapps more than you can inside a single JVM, thus avoiding the potential of one misbehaving webapp taking the whole set down. if i change that server port to, say, 8081, i'm just going to run into another conflict on port 8009. Yes, each ip-address/port combination must be unique for each instance of Tomcat. This is true for any server-like program, not just Tomcat. so if i want to run an entirely separate tomcat instance, don't i have to modify server.xml Yes - each instance must have its own. i'd eventually deduced most of that. i think it would be useful if that were explained more forcefully in the RUNNING.txt file since it's not immediately obvious. rday -- Robert P. J. Day Waterloo, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Customize URL access
Hello, a have a application and the url is for example http://localhost:8080/myapp/servlet/maiservlet. How i do to access to my application with this url: http://localhost:8080/myapp/maiservlet (without servlet reference) PD: Sorry , my english is not good.
Re: Customize URL access
Read up on web.xml and using Serlvet mappings to define paths that map to the Servlet class itself. It looks like you're currently using direct servlet invocation. --Original Message-- From: Jonatan Aguirre Kobayashi To: users@tomcat.apache.org ReplyTo: Tomcat Users List Subject: Customize URL access Sent: Mar 31, 2011 09:17 Hello, a have a application and the url is for example http://localhost:8080/myapp/servlet/maiservlet. How i do to access to my application with this url: http://localhost:8080/myapp/maiservlet (without servlet reference) PD: Sorry , my english is not good. Sent from my BlackBerry device - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Customize URL access
Hello, You can map the sevlet in this manner in your web.xml servlet servlet-namemaiservlet/servlet-name servlet-classservlet.maiservlet/servlet-class /servlet servlet-mapping servlet-namemaiservlet/servlet-name url-pattern/maiservlet/url-pattern /servlet-mapping Good lack Fahmi 2011/3/31 Justin Randall ran...@hotmail.com Read up on web.xml and using Serlvet mappings to define paths that map to the Servlet class itself. It looks like you're currently using direct servlet invocation. --Original Message-- From: Jonatan Aguirre Kobayashi To: users@tomcat.apache.org ReplyTo: Tomcat Users List Subject: Customize URL access Sent: Mar 31, 2011 09:17 Hello, a have a application and the url is for example http://localhost:8080/myapp/servlet/maiservlet. How i do to access to my application with this url: http://localhost:8080/myapp/maiservlet (without servlet reference) PD: Sorry , my english is not good. Sent from my BlackBerry device - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: virtual host for apache/tomcat server
Am Thu, 31 Mar 2011 07:49:07 -0400 schrieb James Pifer j...@obrien-pifer.com: So I have a web server at: http://server.domain.com that has just static web pages, etc. I have a tomcat jsp that I want to respond to http://myapp.domain.com. I setup a VirtualHost similar to you example, but when I go to http://server.domain.com it loads tomcat, not my static pages. I guess this is an Apache2-issue. It seems that your separation of vhosts doesn't work properly. You could setup an own vhost-config for a named-vhost with server.domain.com or check your config for default to deliver your static, non-tomcat content. Regards, Tobias. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Reg.NoClassDefintionFound Error with Tomcat-4.0.1 and jdk1.5.0_02
I Tried it in the Test Environment almost same as production environment. All the classes inside JAXB is loaded perfectly,but those classes are not exceuting in Test Environment. So tried copying the jars from Application/WEB-INF/lib to tommat/lib.then the application started working. Regards -Tirumala -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Thursday, March 31, 2011 6:14 PM To: Tomcat Users List Subject: RE: Reg.NoClassDefintionFound Error with Tomcat-4.0.1 and jdk1.5.0_02 From: Tirumala Rao Naidu [mailto:tirumala_na...@infosys.com] Subject: Reg.NoClassDefintionFound Error with Tomcat-4.0.1 and jdk1.5.0_02 Server: Tomcat-4.0.1 Almost ten years old, and deprecated for ages. You really, really, really need to move up. JDk: jdk1.5.0_02 Also not supported (but still widely used). Look for jar files in more than one place. Can you reproduce the problem in a supported environment? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS*** - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Protecting against HTTP response splitting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 3/31/2011 7:05 AM, Ronald Klop wrote: Op woensdag, 30 maart 2011 22:12 schreef Christopher Schultz response.sendRedirect(request.getParameter(returnURL)); Aside from not running the redirect through response.encodeRedirectURL, there's another potential problem, there: the user can specify a return URL that breaks the HTTP response and can do some evil things. I verified that I can break my own response in this way by adding %0d%0a and then more stuff to my returnURL parameter and I magically escaped the Location header of the response. I would say that some proper input validation solves your problem. Does new URL(redirectURL).toString() give an exception on invalid url's? I hadn't thought of using the URL class... I'll check that out and let you know. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2UjbsACgkQ9CaO5/Lv0PBE7QCfV77tnlhrugrclpMnbCcgtXXf NkQAmwSVAposD625LWo253f6Au3rxaKr =tOxL -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: what exactly does it mean to run multiple tomcat instances?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, On 3/31/2011 9:07 AM, Robert P. J. Day wrote: i'd eventually deduced most of that. i think it would be useful if that were explained more forcefully in the RUNNING.txt file since it's not immediately obvious. - From RUNNING.txt: When you use $CATALINA_BASE, Tomcat will calculate all relative references for files in the following directories based on the value of $CATALINA_BASE instead of $CATALINA_HOME: * bin - Only setenv.sh (*nix), setenv.bat (windows) and tomcat-juli.jar * conf - Server configuration files (including server.xml) So... it specifically tells you that it will use your own conf/server.xml file. Would you like an additional reinforcing statement? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2Ujr4ACgkQ9CaO5/Lv0PDs4wCgtbzCav3COtmMu09oOoS51HnV cGQAoI8vMd2r0+SUmFLAA4nNbpXfMeZr =HV5y -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat - which version to download
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaushal, On 3/31/2011 7:02 AM, Kaushal Shriyan wrote: As of now I am using tomcat apache 5.5.27 with java version 1.6.0_24 on Ubuntu Server 10.04. I happened to visit the url - http://tomcat.apache.org/whichversion.html Bit confused. Not sure which version i need to go for my production purpose to avail latest features and performance improvement. If you have done all your testing on Tomcat 5.5 and you want to go into production, don't do anything foolish like install Tomcat 6 or Tomcat 7 in production and just cross your fingers. Instead, re-start your testing procedure with the version that you'd like to use in production. I would recommend Tomcat 7.latest. For full disclosure, we only recently upgraded from Tomcat 5.5 to Tomcat 6.0 in production after a lengthy testing process to make sure everything worked. We are going to be moving up to Tomcat 7 in development, soon, and hope to push it our into production withing a few months. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2Uj4AACgkQ9CaO5/Lv0PCzhgCdFywbtqmmgDVNNhKE28VrNQRL Y9QAoINQfXu+yUxAsnhcZXiOH8Fxtd73 =4Aqy -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Customize URL access
Fahmi, when i access to http://localhost:8080/myapp/maiservlet tomcat display this error: java.lang.ClassNotFoundException: servlet.maiservlet I have Tomcat 7.0.8. 2011/3/31 Fahmi Hachicha fahmi.hachi...@gmail.com Hello, You can map the sevlet in this manner in your web.xml servlet servlet-namemaiservlet/servlet-name servlet-classservlet.maiservlet/servlet-class /servlet servlet-mapping servlet-namemaiservlet/servlet-name url-pattern/maiservlet/url-pattern /servlet-mapping Good lack Fahmi 2011/3/31 Justin Randall ran...@hotmail.com Read up on web.xml and using Serlvet mappings to define paths that map to the Servlet class itself. It looks like you're currently using direct servlet invocation. --Original Message-- From: Jonatan Aguirre Kobayashi To: users@tomcat.apache.org ReplyTo: Tomcat Users List Subject: Customize URL access Sent: Mar 31, 2011 09:17 Hello, a have a application and the url is for example http://localhost:8080/myapp/servlet/maiservlet. How i do to access to my application with this url: http://localhost:8080/myapp/maiservlet (without servlet reference) PD: Sorry , my english is not good. Sent from my BlackBerry device - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Customize URL access
this servlet-classservlet.maiservlet/servlet-class means that the class maiservlet.java must be in the package servlet. Otherwise, you indicate the path of the class maiservlet.class in a package manner. Fahmi 2011/3/31 Jonatan Aguirre Kobayashi jona.agui...@gmail.com Fahmi, when i access to http://localhost:8080/myapp/maiservlet tomcat display this error: java.lang.ClassNotFoundException: servlet.maiservlet I have Tomcat 7.0.8. 2011/3/31 Fahmi Hachicha fahmi.hachi...@gmail.com Hello, You can map the sevlet in this manner in your web.xml servlet servlet-namemaiservlet/servlet-name servlet-classservlet.maiservlet/servlet-class /servlet servlet-mapping servlet-namemaiservlet/servlet-name url-pattern/maiservlet/url-pattern /servlet-mapping Good lack Fahmi 2011/3/31 Justin Randall ran...@hotmail.com Read up on web.xml and using Serlvet mappings to define paths that map to the Servlet class itself. It looks like you're currently using direct servlet invocation. --Original Message-- From: Jonatan Aguirre Kobayashi To: users@tomcat.apache.org ReplyTo: Tomcat Users List Subject: Customize URL access Sent: Mar 31, 2011 09:17 Hello, a have a application and the url is for example http://localhost:8080/myapp/servlet/maiservlet. How i do to access to my application with this url: http://localhost:8080/myapp/maiservlet (without servlet reference) PD: Sorry , my english is not good. Sent from my BlackBerry device - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bug Help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Mohit, On 30.03.11 um 13:55, Mohit Anchlia wrote: This seems to be mod_jk bug. I read in some other thread about this bug and look similar to what I am seeing. But what I am really looking for is to see if I have correct settings. We are using mod_jk 1.2.21 and apache 2 Your mod_jk version is more than four years old. Update it to the current version (1.2.31). Have a look at the example configuration in the source download it is very good. Explicitly set connection_pool_timeout and ConnectionTimeout, keep in mind that the mod_jk config is given in seconds and the Tomcat-Connector config is given in milliseconds! A connection timeout of several minutes is a good value to start with. If you have problems, please post relevant lines of your logs. Set the mod_jk log level to INFO. Regards, - -- Thomas Freitag -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2Umu8ACgkQGE5pHr3PKuWangCeJy6FcZHS1sqJvc3D6VwNW0Td xzcAn0o3tDzf2Q4i5uSjvkEB3xlsEZUS =f0Y4 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat - which version to download
On Thu, Mar 31, 2011 at 7:58 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kaushal, On 3/31/2011 7:02 AM, Kaushal Shriyan wrote: As of now I am using tomcat apache 5.5.27 with java version 1.6.0_24 on Ubuntu Server 10.04. I happened to visit the url - http://tomcat.apache.org/whichversion.html Bit confused. Not sure which version i need to go for my production purpose to avail latest features and performance improvement. If you have done all your testing on Tomcat 5.5 and you want to go into production, don't do anything foolish like install Tomcat 6 or Tomcat 7 in production and just cross your fingers. Instead, re-start your testing procedure with the version that you'd like to use in production. I would recommend Tomcat 7.latest. For full disclosure, we only recently upgraded from Tomcat 5.5 to Tomcat 6.0 in production after a lengthy testing process to make sure everything worked. We are going to be moving up to Tomcat 7 in development, soon, and hope to push it our into production withing a few months. - -chris Chris, Thanks for the quick reply. Really appreciated. As of now its 7.0.11, so Should i need to go with 7.0.11 or the lower 7.0... version ? Please suggest Thanks Kaushal
RE: tomcat - which version to download
From: Kaushal Shriyan [mailto:kaushalshri...@gmail.com] Subject: Re: tomcat - which version to download Should i need to go with 7.0.11 or the lower 7.0... version ? Use 7.0.11 - more bug fixes. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging request parameters - Filter vs Servlet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 3/30/2011 3:36 PM, Leo Donahue - PLANDEVX wrote: I'm going this route for now: FacesContext.getCurrentInstance().getExternalContext().log(the string buffer of the parcel listbox); FacesContext.getCurrentInstance().getExternalContext().log(the map URL); Might I suggest that you try to cram all that information onto a single line and replace any CR or LF characters with a space or something? If you want to post-process the log, having each even on a single line will be sooo much easier than writing a script just to piece everything back together again. Also, in high-volume situations, you may get logs from one request interleaved with those of another, like this: Mar 30, 2011 12:02:35 PM org.apache.catalina.core.ApplicationContext log INFO: PARCEL = '125-27-089' Mar 30, 2011 12:02:35 PM org.apache.catalina.core.ApplicationContext log INFO: PARCEL = '456-67-890' Mar 30, 2011 12:02:45 PM org.apache.catalina.core.ApplicationContext log INFO: http://planning.maricopa.gov/agsoutput/_ags_map08eb57df58224e1884e17a3e8a59b555.jpg Mar 30, 2011 12:02:45 PM org.apache.catalina.core.ApplicationContext log INFO: http://planning.maricopa.gov/agsoutput/_ags_map738249178234b78b09213aba07f78923.jpg Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2U2bcACgkQ9CaO5/Lv0PAvAwCfdiGr2HewlXGxzB05uvQwnIj6 8SAAn3IeKzFMBlwmPnDejpOs1buN87tS =QUb7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Reg.NoClassDefintionFound Error with Tomcat-4.0.1 and jdk1.5.0_02
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tirumala, On 3/31/2011 10:15 AM, Tirumala Rao Naidu wrote: I Tried it in the Test Environment almost same as production environment. Your test environment should be identical to your production environment except maybe for IP addresses. :( All the classes inside JAXB is loaded perfectly, but those classes are not exceuting in Test Environment. JAXB is just an API. You also need an implementation. Look in your test environment common/lib, server/lib and shared/lib files for anything JAXB-related. You should bundle all non-JRE-supplied libraries into WEB-INF/lib, with the notable exception of any JDBC driver library for which you need Tomcat to initialize a JNDI DataSource. So tried copying the jars from Application/WEB-INF/lib to tommat/lib.then the application started working. This will make things worse for you: move your webapp-specific libraries into WEB-INF/lib and get them working, there. Then you won't have this problem in the future. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2U2oEACgkQ9CaO5/Lv0PBWDQCgql4pzIHfON3pxzGaUSA41xSp m/wAoJnVPaUA1/4o4r0tVIpjFr/SJ3dY =SoPa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Protecting against HTTP response splitting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 3/31/2011 7:05 AM, Ronald Klop wrote: I would say that some proper input validation solves your problem. Does new URL(redirectURL).toString() give an exception on invalid url's? new URL(String) will throw a MalformedURLException if there are illegal characters in the URL. I suppose that's good enough for my purposes: the only returnURLs that should be generated should be coming from our own application, and if they are broken, it's a bug. If a MalformedURLException is thrown, it should be due to some sort of malicious use and the user is better off getting a nasty error than just about anything else. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2VGn4ACgkQ9CaO5/Lv0PBk5gCdF5DMiC7/BrXTxDHayWzChU9W Dc8AoKq1E+6Y2NVTbTuS0vn1NtMhzo0C =2Kss -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Protecting against HTTP response splitting
On Fri, Apr 1, 2011 at 2:21 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ronald,
On 3/31/2011 7:05 AM, Ronald Klop wrote:
I would say that some proper input validation solves your problem.
Does new URL(redirectURL).toString() give an exception on invalid url's?
new URL(String) will throw a MalformedURLException if there are illegal
characters in the URL.
This will work for 'correct urls', however, you don't necessary need
to send correct urls, and I suppose you don't want to:
Consider this, struts1 like action:
public ActionForward execute(ActionMapping mapping, FormBean bean,
HttpServletRequest req, HttpServletResponse res) throws Exception {
//do something useful
res.sendRedirect(pageResult?page=1);
return null;
}
This is not a syntactically correct url, but it will work in all
browsers and save you a lot of stress in multi-url (i18n) portals.
I would solve your problem by having multiple entry points for the
actions which than can specify the final redirect path.
regards
Leon
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
maxThreads
Hi, What are the implications or issues if maxThreads are increased from the default 150 to 300 threads. Are there any performance issues ? I am using TC 5.5.27 , Ubuntu Linux Server 8.04 , Sun Java 1.6.0 Update 24 Please suggest/guide. Thanks and Regards, Kaushal
