RE: Multiple Tomcat Instances with Multiple IPs
> From: Vickie Troy-McKoy [mailto:vtmc...@hotmail.com] > Subject: RE: Multiple Tomcat Instances with Multiple IPs > When I put in the DNS name or the IP address of the newly defined > interface with the correct port in the browser, I get "page can not > be displayed". Use netstat -ap to make sure Tomcat is listening on the IP:port you think it should be. If it is, then you might have a firewall blocking that port. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Multiple Tomcat Instances with Multiple IPs
It definitely started up clean; and I see why. The existing instance is using port 9005 on the shutdown connector. So, everything is coming up clean--no errors in the logs. The only change I made was adding the address element to the Connectors. I am using port 8005 in the 2nd instance because the 1st instance is using 9005. When I put in the DNS name or the IP address of the newly defined interface with the correct port in the browser, I get "page can not be displayed". ___ Regards, > From: chuck.caldar...@unisys.com > To: users@tomcat.apache.org > Date: Fri, 19 Aug 2011 15:22:44 -0500 > Subject: RE: Multiple Tomcat Instances with Multiple IPs > > > From: Vickie Troy-McKoy [mailto:vtmc...@hotmail.com] > > Subject: RE: Multiple Tomcat Instances with Multiple IPs > > > the very 1st time I ONLY changed ALL of the Connector ports > > to add address="xxx.xx.x.xx". > > Since you didn't change the shutdown port on the second Tomcat instance, it > would not have started properly; you should be able to see that in the logs. > Also, since you have configured Tomcat to use a specific IP address, you must > use that IP address (or its DNS equivalent) from any client you want to > access that Tomcat - even if the client is on the same machine as Tomcat. > > > /etc/hosts has the new IP address, but it has a typo for the fqn. > > That shouldn't matter, unless your client is running on the machine with the > incorrect /etc/hosts *and* you use the what the DNS name should be. Tomcat > itself doesn't care what's in /etc/hosts, only DNS lookup does. > > > Also for the shutdown port, should I use a different port # > > --since I have 2 tomcat instances installed and it only > > listens on the 127.0.0.1.? > > Not should, must. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
RE: Multiple Tomcat Instances with Multiple IPs
> From: Vickie Troy-McKoy [mailto:vtmc...@hotmail.com] > Subject: RE: Multiple Tomcat Instances with Multiple IPs > the very 1st time I ONLY changed ALL of the Connector ports > to add address="xxx.xx.x.xx". Since you didn't change the shutdown port on the second Tomcat instance, it would not have started properly; you should be able to see that in the logs. Also, since you have configured Tomcat to use a specific IP address, you must use that IP address (or its DNS equivalent) from any client you want to access that Tomcat - even if the client is on the same machine as Tomcat. > /etc/hosts has the new IP address, but it has a typo for the fqn. That shouldn't matter, unless your client is running on the machine with the incorrect /etc/hosts *and* you use the what the DNS name should be. Tomcat itself doesn't care what's in /etc/hosts, only DNS lookup does. > Also for the shutdown port, should I use a different port # > --since I have 2 tomcat instances installed and it only > listens on the 127.0.0.1.? Not should, must. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Multiple Tomcat Instances with Multiple IPs
Thanks for your input; however, the very 1st time I ONLY changed ALL of the Connector ports to add address="xxx.xx.x.xx". However, when I tried to access the url, the page could not be displayed. I tried accessing it by the IP and the fqn. Only then, did I start playing with the Host name and the Server elements. I am running Tomcat 7.0.14 I did see one inconsistency; /etc/hosts has the new IP address, but it has a typo for the fqn. When I did an nslookup, the IP address is there but the name is one letter off. Since I am not the Unix sys admin, I do not have access to correct that small change and have put in a ticket to have that done--separation of duties. Could that possibly be the reason why I am getting the page could not be displayed--even though I'm trying to access it by the IP address--when the fqn did not work. Also for the shutdown port, should I use a different port #--since I have 2 tomcat instances installed and it only listens on the 127.0.0.1.? Thank you, ___ Regards, > From: chuck.caldar...@unisys.com > To: users@tomcat.apache.org > Date: Fri, 19 Aug 2011 14:43:33 -0500 > Subject: RE: Multiple Tomcat Instances with Multiple IPs > > > From: Vickie Troy-McKoy [mailto:vtmc...@hotmail.com] > > Subject: Multiple Tomcat Instances with Multiple IPs > > > Instead of running it on different ports, we decided to run it > > on a different IP address. > > Each Tomcat must still have a unique shutdown port configured in its > element. > > > In server.xml, I added the "address=xxx.xx.x.xx" parameter for all the > > ports. > > That's not correct; the address attribute can only be used on > elements, not the element. Also, it it had better be > address="xxx.xx.x.xx", not "address=xxx.xx.x.xx". > > > I played with the "Host name" parameter-putting in the fqn DNS > > name and tried the IP address there. > > Incorrect and unnecessary - put it back the way it was. > > > I tried adding "address=xxx.xx.x.xx" for the Server shutdown port. > > See above; there is no address attribute for (it's listening only on > 127.0.0.1 for the shutdown command). > > > WARNING: Unknown default host [localhost] for connector > > [Connector[HTTP/1.1-8080]] > > WARNING: Unknown default host [localhost] for connector > > [Connector[AJP/1.3-8009]] > > That's because you broke your configuration; again, put it back the > way it was. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
RE: Multiple Tomcat Instances with Multiple IPs
> From: Vickie Troy-McKoy [mailto:vtmc...@hotmail.com] > Subject: Multiple Tomcat Instances with Multiple IPs > Instead of running it on different ports, we decided to run it > on a different IP address. Each Tomcat must still have a unique shutdown port configured in its element. > In server.xml, I added the "address=xxx.xx.x.xx" parameter for all the ports. That's not correct; the address attribute can only be used on elements, not the element. Also, it it had better be address="xxx.xx.x.xx", not "address=xxx.xx.x.xx". > I played with the "Host name" parameter-putting in the fqn DNS > name and tried the IP address there. Incorrect and unnecessary - put it back the way it was. > I tried adding "address=xxx.xx.x.xx" for the Server shutdown port. See above; there is no address attribute for (it's listening only on 127.0.0.1 for the shutdown command). > WARNING: Unknown default host [localhost] for connector > [Connector[HTTP/1.1-8080]] > WARNING: Unknown default host [localhost] for connector > [Connector[AJP/1.3-8009]] That's because you broke your configuration; again, put it back the way it was. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Multiple Tomcat Instances with Multiple IPs
Hi, I installed a 2nd tomcat instance. Instead of running it on different ports, we decided to run it on a different IP address. The IP address has been defined to the server and I made changes to server.xml; however, the page is not being displayed when I attempt to access the new tomcat server url. In server.xml, I added the “address=xxx.xx.x.xx” parameter for all the ports. Also, I played with the “Host name” parameter—putting in the fqn DNS name and tried the IP address there. Also, I tried adding “address=xxx.xx.x.xx” for the Server shutdown port. Tomcat comes up; but, I do see 2 warning messages for ports 8080 and 8009: WARNING: Unknown default host [localhost] for connector [Connector[HTTP/1.1-8080]] WARNING: Unknown default host [localhost] for connector [Connector[AJP/1.3-8009]] I changed the "Host name" to point to the fully-qualified DNS name; I received the same message but in place of [localhost], the IP address was there. Do anyone know what else needs to be changed in order to successfully access a 2nd tomcat instance running on a 2nd IP address? Thank you, ___ Regards,
Re: Custom Realm - Tomcat 5.5 to Tomcat 7 Migration
2011/8/19 Steve Ratay : > I have a custom realm that is quite complex and uses a variety of third party > libraries, including Spring. In Tomcat 5.5, I placed the Realm and all of > the JARs it depended upon in the server/lib directory. This kept these > classes in the Catalina class loader, which was not visible to any web > applications. This was the perfect solution since I do not want to > automatically include all of these JARs in the classloading hierarchy of my > web applications. > > > > Now I am trying to migrate to Tomcat 7, and having a hard time figuring out a > way to create the same configuration. I see that there is no longer a > Catalina classloader or any classloader that won't be visible to the web > applications. It is possible to reenable classloader hierarchy of Tomcat 5.5 by editing Tomcat 7's catalina.properties file, but I heard that there is a catch that usually you cannot just place your files into server classloader - there is some dependency between components and some jars have to be moved into this classloader as well. YMMV. > Is that accurate or is there some way to isolate certain JAR files and >prevent them from being visible to my web applications? Just random thought - maybe you can create your own instance of UrlClassLoader (it is easy) and load your classes through it? Though I do not know why the same wouldn't go with the server classloader discussed above. > Also, I'm thinking that another option could be to have a separate web >application for authentication. Would I be able to do this and still >integrate with the Realm concept in Tomcat? Web applications are not guaranteed to start in any certain order. A Web application can be restarted at any time (and its classloader is stopped and disposed when a web application stops). Web applications are isolated and do not see each other's ckassloaders. Those are main problems if you want to deploy a shared component as a "web application". > > As a side note, I'm working in a portal environment so I use the SSO valve > and basically want a single point of authentication for all web applications > (i.e. portlets) deployed in the servlet container. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connector Connection Timeout
Patrick Flaherty wrote: Hi, I see that the default connection timeout for the Tomcat connector by default is set to 2 (20 sec). This has been the shipping default for 5.x, 6.x and 7.x (in the server.xml) The documentation describes the default timeout to be 6 (60 sec). Is the default value of 2 in the server.xml for for 5.x, 6.x and 7.x set to 2 for a reason instead of the documented 6 default ? The default values indicated in the Connector documentation mean : the default value in case you do *not* specify this attribute. If the default server.xml explicitly specifies a value for these attributes, then of course it overrides whatever default value this setting would have if the server.xml did not specify it. Otherwise said : the server.xml shipped with Tomcat is an *example*, using reasonably standard values. If this is not clear, someone else have a try, please. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Custom Realm - Tomcat 5.5 to Tomcat 7 Migration
I have a custom realm that is quite complex and uses a variety of third party libraries, including Spring. In Tomcat 5.5, I placed the Realm and all of the JARs it depended upon in the server/lib directory. This kept these classes in the Catalina class loader, which was not visible to any web applications. This was the perfect solution since I do not want to automatically include all of these JARs in the classloading hierarchy of my web applications. Now I am trying to migrate to Tomcat 7, and having a hard time figuring out a way to create the same configuration. I see that there is no longer a Catalina classloader or any classloader that won't be visible to the web applications. Is that accurate or is there some way to isolate certain JAR files and prevent them from being visible to my web applications? Also, I'm thinking that another option could be to have a separate web application for authentication. Would I be able to do this and still integrate with the Realm concept in Tomcat? As a side note, I'm working in a portal environment so I use the SSO valve and basically want a single point of authentication for all web applications (i.e. portlets) deployed in the servlet container. Thanks, Steve
Connector Connection Timeout
Hi, I see that the default connection timeout for the Tomcat connector by default is set to 2 (20 sec). This has been the shipping default for 5.x, 6.x and 7.x (in the server.xml) The documentation describes the default timeout to be 6 (60 sec). Is the default value of 2 in the server.xml for for 5.x, 6.x and 7.x set to 2 for a reason instead of the documented 6 default ? Thanks -Pat - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to handle the AWT-Windows thread?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan and Pid,
On 8/18/2011 6:05 PM, Pid wrote:
> On 18/08/2011 22:22, Dan Armbrust wrote:
>> Toolkit.getDefaultToolkit().createImage(new byte[]{});
>>
>> which avoids "Headless" issues, but still kicks off the
>> AWT-Windows thread.
>
> Doesn't the leak prevention listener do this?
Fixed in 7.0.x trunk, proposed for 6.0.x. Not suer how 8.0.x is
working right now...
https://issues.apache.org/bugzilla/show_bug.cgi?id=51688
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5OjzkACgkQ9CaO5/Lv0PB+MQCfQFyz728h4lKFA7/zf6WXz/+H
kGAAn1khstTA+WYDeWCVNT/FJ6UPwnS5
=NLRF
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to start tomcat5 with -security
2011/8/19 Petr Hracek : > I am using tomcat 5.5.29 (I now that it is pretty old) > but I would like to start them so that -security will be turn off. > > I am starting them over /usr/share/tomcat5/bin/catalina.sh start -security > Could not load Logmanager "org.apache.juli.ClassLoaderLogManager" > java.security.AccessControlException: access denied > (java.lang.RuntimePermission setContextClassLoader) > at java.security.AccessControlContext.checkPermission(Unknown Source) Good news: it works. Bad news: your policy file (conf/catalina.policy) does not grant all necessary permissions for the logging library that you are using. It might be that it was a bug in 5.5.29, or that your configuration does not match what defaults are. (E.g. there surely are no permissions for log4j libs in the default configuration). Whatever it is it can be solved by editing that policy file. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Migration Tomcat 5x to 7.0.8
2011/8/19 Kumar, Kiran P
>
> Team,
> We are migrating form tomcat 5x to 7.0.8
> In Tomcat 5.0 we are defining the url below
> url =
> "/APReports/servlet/com.nielsenmedia.umi.ap.hwsw.QuerySWServlet"; and
> sending the request using the ajax
> Like o.open("POST", url , true);
> So I am not getting any problem in Tomcat 5
> In Tomcat7, I am getting below error
>
> What are the changes required to do in Tomcat 7.0.8.
>
Do not use invoker servlet. It is broken by design. You have to
provide mappings for all your servlets explicitly, e.g.:
QuerySWServlet
com.nielsenmedia.umi.ap.hwsw.QuerySWServlet
QuerySWServlet
/servlet/com.nielsenmedia.umi.ap.hwsw.QuerySWServlet
(servlet name can be arbitrary but must be the same between
and ).
See here for longer story, and it is also mentioned in the FAQ:
http://www.coderanch.com/how-to/java/InvokerServlet
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Migration Tomcat 5x to 7.0.8
Team,
We are migrating form tomcat 5x to 7.0.8
In Tomcat 5.0 we are defining the url below
url =
"/APReports/servlet/com.nielsenmedia.umi.ap.hwsw.QuerySWServlet";
and sending the request using the ajax
Like o.open("POST", url , true);
So I am not getting any problem in Tomcat 5
In Tomcat7, I am getting below error
<>
What are the changes required to do in Tomcat 7.0.8.
Thanks
KiranKumar P
<>
Re: How to handle the AWT-Windows thread?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan,
On 8/18/2011 5:22 PM, Dan Armbrust wrote:
> Toolkit.getDefaultToolkit().createImage(new byte[]{});
Simply calling getDefaultToolkit will do the trick: you don't have to
waste time creating an image.
I'll implement this in the JreLeakPreventionListener, but it will be
/disabled/ by default because it creates an extra thread.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5Odv0ACgkQ9CaO5/Lv0PCcgQCgmJSbaZfi44FrJNsZRrKzUjO7
P8sAni966fu3A/UyixaIysxI8UNBXtXS
=XUTK
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to handle the AWT-Windows thread?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pid,
On 8/18/2011 6:05 PM, Pid wrote:
> On 18/08/2011 22:22, Dan Armbrust wrote:
>> Toolkit.getDefaultToolkit().createImage(new byte[]{});
>>
>> which avoids "Headless" issues, but still kicks off the
>> AWT-Windows thread.
>>
>> And since it is no longer tied to the context class loader,
>> Tomcat doesn't detect any issues on shutdown.
>
> Doesn't the leak prevention listener do this?
No, JLPL protects against pinning of the CCL when using
sun.awt.AppContext.getAppContext().
I think this might be a decent option to implement, disabled by
default (because nobody wants an extra thread around for no reason).
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk5Oc5kACgkQ9CaO5/Lv0PCW0ACfWxDDEmkYIgW29ZHYYqVsnWAF
yFcAoJSK44YKlovB8xoYbCX9o1kNow5R
=FYWg
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6 getting error when trying to specify keystore
Hi Chris, Yes... the individual keys have their own password different from the keystore password. David Diep IBM Z Series Network Architect Office of the Chief Technology Officer Phone: 202.727.1475 | Fax: 202.727.3880 Email: david.d...@dc.gov | Website: www.octo.dc.gov 3919 Benning Road NE | Washington DC, 20019 “One City Summer Fun … Something for Everyone” Mayor Gray’s comprehensive summer program with fun activities, events and services for residents of all ages For more information visit www.onecitysummer.dc.gov or call 311 -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, August 19, 2011 10:28 AM To: Tomcat Users List Subject: Re: Tomcat 6 getting error when trying to specify keystore -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 8/18/2011 9:03 PM, Diep, David (OCTO-Contractor) wrote: > Thanks everyone. > > There were two problems... the first being that: > > 1. Use the full path > > 2. The keystore password and the key password needs to be the > same! I used the following command to change it: > > keytool -keypasswd -alias tomcat -keystore ssl-keystore Do individual keys in a keystore have their own passwords? I didn't think so, but I haven't done a great deal of work with JKS. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5OctsACgkQ9CaO5/Lv0PCxqQCfS9HL/qLVxCaLAi0wwnMdRohL LpUAnR5a73w5OKWHyYE1d/Uu59gFN0G8 =U3br -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6 getting error when trying to specify keystore
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 8/18/2011 9:03 PM, Diep, David (OCTO-Contractor) wrote: > Thanks everyone. > > There were two problems... the first being that: > > 1. Use the full path > > 2. The keystore password and the key password needs to be the > same! I used the following command to change it: > > keytool -keypasswd -alias tomcat -keystore ssl-keystore Do individual keys in a keystore have their own passwords? I didn't think so, but I haven't done a great deal of work with JKS. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5OctsACgkQ9CaO5/Lv0PCxqQCfS9HL/qLVxCaLAi0wwnMdRohL LpUAnR5a73w5OKWHyYE1d/Uu59gFN0G8 =U3br -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to start tomcat5 with -security
Petr Hracek wrote: Dear user, I am using tomcat 5.5.29 (I now that it is pretty old) but I would like to start them so that -security will be turn off. I think that by default it is turned off. I am starting them over /usr/share/tomcat5/bin/catalina.sh start -security Could not load Logmanager "org.apache.juli.ClassLoaderLogManager" java.security.AccessControlException: access denied ... Have you tried "/usr/share/tomcat5/bin/catalina.sh start" ? Note that the "security on/off" means the *Java JVM's* security manager on/off. It's not a Tomcat thing, it's a Java thing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Manian, On 8/19/2011 9:49 AM, Arunachalam, Manian wrote: > We are migrating form tomcat 5x to 7.0.8 Why not 7.0.20? > In Tomcat 5.0 we have the url pattern as below Here Path is user > defined location. url = "//.QuerySWServlet"; What we > need to give for tomcat 7.0.8 version to use the same url pattern. Probably the same one. Most of the changes in Tomcat in the intervening versions have been to add new features defined by the servlet-spec. Where is this URL pattern used? If it's in web.xml to define the url-pattern of a servlet (or filter), then the rules have not changed in a very long time, and you should be fine. Have you tried it? Are you having an actual problem, or are you just scared to upgrade? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk5ObtwACgkQ9CaO5/Lv0PDUDACgq329hKUTe8VP45gZxMBFOSQs gSUAni+TKL+uVJkU37r+7auQO9hwBQei =EO+j -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to start tomcat5 with -security
Dear user, I am using tomcat 5.5.29 (I now that it is pretty old) but I would like to start them so that -security will be turn off. I am starting them over /usr/share/tomcat5/bin/catalina.sh start -security Could not load Logmanager "org.apache.juli.ClassLoaderLogManager" java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.Thread.setContextClassLoader(Unknown Source) at java.util.logging.LogManager$Cleaner.(Unknown Source) at java.util.logging.LogManager$Cleaner.(Unknown Source) at java.util.logging.LogManager.(Unknown Source) at org.apache.juli.ClassLoaderLogManager.(ClassLoaderLogManager.java:44) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) at java.lang.reflect.Constructor.newInstance(Unknown Source) at java.lang.Class.newInstance0(Unknown Source) at java.lang.Class.newInstance(Unknown Source) at java.util.logging.LogManager$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.util.logging.LogManager.(Unknown Source) at java.util.logging.Logger.getLogger(Unknown Source) at com.sun.jmx.remote.util.ClassLogger.(Unknown Source) at javax.management.NotificationBroadcasterSupport.(Unknown Source) at javax.management.MBeanServerDelegate.(Unknown Source) at com.sun.jmx.mbeanserver.MBeanServerDelegateImpl.(Unknown Source) at com.sun.jmx.mbeanserver.JmxMBeanServer.newMBeanServerDelegate(Unknown Source) at javax.management.MBeanServerBuilder.newMBeanServerDelegate(Unknown Source) at javax.management.MBeanServerFactory.newMBeanServer(Unknown Source) at javax.management.MBeanServerFactory.createMBeanServer(Unknown Source) at javax.management.MBeanServerFactory.createMBeanServer(Unknown Source) at org.apache.catalina.startup.Bootstrap.createClassLoader(Bootstrap.java:189) at org.apache.catalina.startup.Bootstrap.initClassLoaders(Bootstrap.java:98) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:213) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:410) Can't load log handler "1catalina.org.apache.juli.FileHandler" java.lang.ClassNotFoundException: 1catalina.org.apache.juli.FileHandler java.lang.ClassNotFoundException: 1catalina.org.apache.juli.FileHandler at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) log4j:WARN No appenders could be found for logger (org.apache.catalina.startup.Embedded). log4j:WARN Please initialize the log4j system properly. java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) Can't load log handler "5host-manager.org.apache.juli.FileHandler" java.lang.ClassNotFoundException: 5host-manager.org.apache.juli.FileHandler java.lang.ClassNotFoundException: 5host-manager.org.apache.juli.FileHandler at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.util.logging.LogManager$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.util.logging.LogManager.loadLoggerHandlers(Unknown Source) at java.util.logging.LogManager.initializeGlobalHandlers(Unknown Source) at java.util.logging.LogManager.access$900(Unknown Source) at java.util.logging.LogManager$RootLogger.addHandler(Unknown Source) at java.util.logging.LogManager$3.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.util.logging.LogManager.loadLoggerHandlers(Unknown Source) at java.util.logging.LogManager.addLogger(Unknown Source) at java.util.logging.LogManager$1.run(Unknown Source) at java.security.AccessController.doPrivileged(
RE: HTTP Header requests for siteminder are not passing through ISAPI filter to Tomcat to Webfocus application.
Thanks Rainer, We tried using both sm_user and sm-user and no luck with either one. In both cases neither one is being passed in the header. Chris -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Wednesday, August 17, 2011 4:41 AM To: users@tomcat.apache.org Subject: Re: HTTP Header requests for siteminder are not passing through ISAPI filter to Tomcat to Webfocus application. On 16.08.2011 22:00, Lui, Christopher wrote: > Hi - I'm trying to migrate my IBI Web Focus application to new servers with > an upgraded OS and the web focus application is not receiving the sitminder > HTTP Header request through the ISAPI filter through to Tomcat. > > Our server is setup with the following: > > * Windows 2003 > > * IIS 6 > > * Tomcat 6.0 > > * isapi_redirect.dll version 1.2.31 > > * IBI Webfocus 7.6.2 > > What is suppose to happen: > The browser sends the request with its HTTP Request headers, the SiteMinder > agent receives this, processes the request and adds its HTTP Request header > (sm-user). From here and then its sent to the ISAPI filter, and from there to > Tomcat and the WebFOCUS Client. > > Current Issue: > HTTP headers are making it to IIS. However, the headers are getting lost > from IIS to Tomcat through the Jakarta redirector. > The ISAPI filter traces do not show any of these sm_user headers. > > We have looked at logs, reinstalled IIS, Web focus, Isapi filters, disabled > siteminder and even tried on another server but still the headers are not > passed through the Isapi filter. > We have been on support with IBI (Web focus), my SAs, Siteminder support, > company IIS support, and even Microsoft and no luck. > > Any advice would be > My support group wanted to know an additional question for Tomcat: > > > * Does Tomcat ISAPI redirector just redirect the "jsp" requests to > Tomcat server or would it actually pick up all the Headers (all the input > parameters ) as part of the incoming requests? > > * Is there any tracing available that can be configured on this > redirector which would provide us with details like input parameters sent by > Siteminder and so on ? Before 1.2.31 there was some old CGI compat code, that forces all HTTP headers t get converted to lower case and replaces underscores by dashes in header names. The latter would change the header name "sm_user" to "sm-user". You had both variants in your problem description, so I don't know which one you actually use and expect to be forwarded. Starting with 1.2.31 the default behavior should be to pass along the headers unchanged. See https://issues.apache.org/bugzilla/show_bug.cgi?id=38895 (revision r920119). Another restiction is on size: the original request including any rqeeust header sbut excluding a possible request body needs to fit into a single AJP packet, which is 8KB minus a few bytes by default. There was a bug around header forwarding fixed in https://issues.apache.org/bugzilla/show_bug.cgi?id=47679 (revision r1090965 which is part of version 1.2.32. Additionally 1.2.32 fixed a bug in debug logging the forwarded headers. Any header forwarded should be output on log level "debug" like Forwarding request header NAME : VALUE Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7.0.8
Team, > We are migrating form tomcat 5x to 7.0.8 > > In Tomcat 5.0 we have the url pattern as below > Here Path is user defined location. > url = "//.QuerySWServlet"; > What we need to give for tomcat 7.0.8 version to use the same url > pattern. > > Regards > Manian > >
How to cancel upload?
Hi
Short question: How can I prevent tomcat to receive the complete post data?
Long question:
I have a servlet that uses apache commons fileupload to process incoming
uploads using the streaming api.
Short version of the code:
InputStream inputStream;
try {
ServletFileUpload upload = new ServletFileUpload();
iterator = upload.getItemIterator( request );
if ( ! iterator.hasNext() )
return;
FileItemStream item = iterator.next();
if ( item.isFormField() || ! "file".equals( item.getFieldName() ) )
return;
inputStream = item.openStream();
use( inputStream )
} finally {
try {
inputStream.close();
} catch ( Throwable ignored ) {
// just ignore
}
}
Now, the method use(InputStream) may decide that this file is not wanted and
may NOT read the inputstream fully. Or there may be more field, that I am
not interested in. I want to abort reading the request, as there may be
several hundred megabytes of data coming.
However inputStream.close() in FileItemStream seams to read everything that
follows. So I tried not to close that steam. Still some component read
everything, I suspect tomcat did so - to allow keepalive connections. Then I
tried to throw an IOException, but no change.
So my question is: How can I prevent tomcat to receive the complete post
data?
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
