Re: how to connect to datasource

2011-11-08 Thread Pid
On 09/11/2011 07:00, spike@12 wrote:
> 
> Hi,
> 
> I have setup my application using with tomcat and it is working fine. But
> when I have restarted my DB machine, my application is not working. If I
> have restart my tomcat server then it is working fine.
> may I  know, how to connect to datasource automatically if my DB machine is
> restarted?? Is it having any specific parameter to connect datasource
> automatically??
> 
> Please let me know. Thanks in advance.

It's better to tell us precise details about your Tomcat, Java and OS
version when asking a question.  I'll assume 7.0.

A validation query may help.  Note: restarting a DB while the
application server is up is often prone to problems.

Read:

 http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html

Pay attention to the paragraph which refers to the 'validationQuery'
attribute.


p



-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature


RE: SSL connect to APR fails - "bad version"

2011-11-08 Thread Adamus, Steven J.
Hi Kobe; 
 
I can see why it looks like the server is sending the message, but I think 
there's some reference that's being missed.  The SSL debug should show Client 
messages and Server messages. 
 
One thing that's certain, the SSLv2 ClientHello is a client message sent by the 
client.  This message is never sent by the server. 
 
On a separate note, the APR is very strict about enforcing TLSv1.  When it's 
configured for TLSv1, it immediately terminates the connection if it receives 
any SSLv2 ClientHello or SSLv3 Client Hello.  If you have a server with an 
active APR that's accepting the SSLv2 (or SSLv3) ClientHello, then the value of 
SSLProtocol is "all' (default), "SSLv2", "SSLv3", or "SSLv2+SSLv3". 
 
Regards, 
Steve



From: users-return-229208-STEVEN.J.ADAMUS=saic@tomcat.apache.org on behalf 
of Kobe
Sent: Tue 11/8/2011 10:20 PM
To: users@tomcat.apache.org
Subject: Re: SSL connect to APR fails - "bad version"




thank you Chris. I know the server (APR) is sending SSLv2 ClientHello because
ssl debugs show it:


 // from ${CATALINA_HOME}/bin/setenv.sh:
 export JAVA_OPTS="... -Djavax.net.debug=ssl"
 //...

   # sh ${CATALINA_HOME}/bin/startup.sh

   // from client
$ openssl s_client -connect server.xxx.net:443 -debug -ssl3

   // from ${CATALINA_HOME}/logs/catalina.out
   ...
   sending SSLv2 ClientHello   <<   server issues only SSLv2
ClientHello


But same openssl version (FIPS) connects with SSLv3 on another machien.
so I am thinking there is openssl misconfig on this server.

many tahnks.

/Kobe


Christopher Schultz-2 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Kobe,
>
> On 11/8/11 2:01 PM, Kobe wrote:
>> thank for your help. here is more info on my setup: tomcat version
>> 6.0.29. And tomcat is startin clean; no ererors while loading.
>>
>> if I use tls1, I get same error as before ("bad version").
>>
>> when i test with openssl s_client, I check line 293 of s3_pkt.c. it
>> say -->
>>
>>
>> if ((version>>8) != SSL3_VERSION_MAJOR) {
>>
>> SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto
>> err; }
>>
>>
>>
>> so client is wanting ssl version 3. But i have same error with
>> browser. i donot/cannot find what version browser wants - i Think
>> it is 3.
>
> Your web browser likely has SSL 2.0 disabled entirely. You should
> check which types of SSL/TLS are enabled.
>
>> So I am thinking, there is misconfigure on this server. i would
>> like to find why this server respond with SSLv2 ClientHello instead
>> of SSLv3 ClientHello.
>
> Why do you think you are getting an SSLv2 reply?
>
>> how do i find this misconfigurn?
>
> Are you using the same version of openssl as the "client" as you are
> using withing Tomcat? I wonder if the FIPS mode is tripping you up.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org  
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk65274ACgkQ9CaO5/Lv0PAcfwCeI/nP0CP5Y8Jj1q/1Im/9ef9Y
> tZQAnial2UmsG5FSBSkSclenImxf5YR+
> =vgDW
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>

--
View this message in context: 
http://old.nabble.com/SSL-connect-to-APR-fails---%22bad-version%22-tp32788669p32808893.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





how to connect to datasource

2011-11-08 Thread spike@12

Hi,

I have setup my application using with tomcat and it is working fine. But
when I have restarted my DB machine, my application is not working. If I
have restart my tomcat server then it is working fine.
may I  know, how to connect to datasource automatically if my DB machine is
restarted?? Is it having any specific parameter to connect datasource
automatically??

Please let me know. Thanks in advance.
-- 
View this message in context: 
http://old.nabble.com/how-to-connect-to-datasource-tp32809000p32809000.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat doesnt want to start

2011-11-08 Thread Brian Burch

On 09/11/11 15:46, Daniel Baktiar wrote:

Probably you should instead do this:

$ cat /var/log/tomcat6

(I suspect it's the log file, not a tomcat6 folder).


No, it is because of permissions on the /var/log/tomcat6 directory...
you cannot cd to that directory as an ordinary user.

so these will work:

sudo ls -l /var/log/tomcat6
sudo less /var/log/tomcat6/catalina.out

etc..



---
daniel baktiar




On Wed, Nov 9, 2011 at 07:08, Christian Röttger<
chris.roett...@uni-muenster.de>  wrote:


Hello list,

i updated my ubuntu server to tomcat 6.0.24. (a kernel update was also
included) After a reboot tomcat doesn't want to start.
The status is not running and when i want to start it, it always says:
/etc/init.d/tomcat6 start
  * Starting Tomcat servlet engine tomcat6   [fail]
the same with force-reload

when i try to look at the logs in /var/log/tomcat i don't get access
sudo cat /var/log$ cd tomcat6/
-bash: cd: tomcat6/: Keine Berechtigung

Where should i look?
Can anyone provide some help how to get it running again?

thanks,
christian







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: SSL connect to APR fails - "bad version"

2011-11-08 Thread Kobe

thank you Chris. I know the server (APR) is sending SSLv2 ClientHello because
ssl debugs show it:


 // from ${CATALINA_HOME}/bin/setenv.sh:
 export JAVA_OPTS="... -Djavax.net.debug=ssl"
 //...

   # sh ${CATALINA_HOME}/bin/startup.sh

   // from client
$ openssl s_client -connect server.xxx.net:443 -debug -ssl3

   // from ${CATALINA_HOME}/logs/catalina.out
   ...
   sending SSLv2 ClientHello   <<   server issues only SSLv2
ClientHello


But same openssl version (FIPS) connects with SSLv3 on another machien.
so I am thinking there is openssl misconfig on this server.

many tahnks.

/Kobe


Christopher Schultz-2 wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Kobe,
> 
> On 11/8/11 2:01 PM, Kobe wrote:
>> thank for your help. here is more info on my setup: tomcat version
>> 6.0.29. And tomcat is startin clean; no ererors while loading.
>> 
>> if I use tls1, I get same error as before ("bad version").
>> 
>> when i test with openssl s_client, I check line 293 of s3_pkt.c. it
>> say -->
>> 
>> 
>> if ((version>>8) != SSL3_VERSION_MAJOR) {
>> 
>> SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto
>> err; }
>> 
>> 
>> 
>> so client is wanting ssl version 3. But i have same error with
>> browser. i donot/cannot find what version browser wants - i Think
>> it is 3.
> 
> Your web browser likely has SSL 2.0 disabled entirely. You should
> check which types of SSL/TLS are enabled.
> 
>> So I am thinking, there is misconfigure on this server. i would
>> like to find why this server respond with SSLv2 ClientHello instead
>> of SSLv3 ClientHello.
> 
> Why do you think you are getting an SSLv2 reply?
> 
>> how do i find this misconfigurn?
> 
> Are you using the same version of openssl as the "client" as you are
> using withing Tomcat? I wonder if the FIPS mode is tripping you up.
> 
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iEYEARECAAYFAk65274ACgkQ9CaO5/Lv0PAcfwCeI/nP0CP5Y8Jj1q/1Im/9ef9Y
> tZQAnial2UmsG5FSBSkSclenImxf5YR+
> =vgDW
> -END PGP SIGNATURE-
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/SSL-connect-to-APR-fails---%22bad-version%22-tp32788669p32808893.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: tomcat doesnt want to start

2011-11-08 Thread Daniel Baktiar
Probably you should instead do this:

$ cat /var/log/tomcat6

(I suspect it's the log file, not a tomcat6 folder).

---
daniel baktiar




On Wed, Nov 9, 2011 at 07:08, Christian Röttger <
chris.roett...@uni-muenster.de> wrote:

> Hello list,
>
> i updated my ubuntu server to tomcat 6.0.24. (a kernel update was also
> included) After a reboot tomcat doesn't want to start.
> The status is not running and when i want to start it, it always says:
> /etc/init.d/tomcat6 start
>  * Starting Tomcat servlet engine tomcat6   [fail]
> the same with force-reload
>
> when i try to look at the logs in /var/log/tomcat i don't get access
> sudo cat /var/log$ cd tomcat6/
> -bash: cd: tomcat6/: Keine Berechtigung
>
> Where should i look?
> Can anyone provide some help how to get it running again?
>
> thanks,
> christian
>
>


RE: tomcat doesnt want to start

2011-11-08 Thread Caldarale, Charles R
> From: Christian Röttger [mailto:chris.roett...@uni-muenster.de] 
> Subject: tomcat doesnt want to start

> i updated my ubuntu server to tomcat 6.0.24. (a kernel update was also 
> included) After a reboot tomcat doesn't want to start.

> Can anyone provide some help how to get it running again?

Unfortunately, what you've got is a 3rd-party repackaged version of Tomcat, 
with a very different file structure and component set than that of a standard 
Tomcat download.  You really need someone familiar with Ubuntu, rather than 
Tomcat.

If you can install a real Tomcat from tomcat.apache.org, then we can help you 
with that.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Trouble running TC8 trunk

2011-11-08 Thread Konstantin Kolinko
2011/11/9 Christopher Schultz :
\>
> With current trunk HEAD and a fresh:
>
> $ ant clean clean-depend download-compile deploy
>
> When I attempt to start Tomcat, I get this error (this is 100% of my
> catalina.out):
>
> java.lang.NoClassDefFoundError:
> org/apache/catalina/startup/SetParentClassLoaderRule
>        at java.lang.Class.getDeclaredConstructors0(Native Method)
>        at java.lang.Class.privateGetDeclaredConstructors(Class.java:2389)
>        at java.lang.Class.getConstructor0(Class.java:2699)
>        at java.lang.Class.newInstance0(Class.java:326)
>        at java.lang.Class.newInstance(Class.java:308)
>        at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:239)
>        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
> Caused by: java.lang.ClassNotFoundException:
> org.apache.catalina.startup.SetParentClassLoaderRule
>        at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
>        at java.security.AccessController.doPrivileged(Native Method)
>        at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
>        at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
>        ... 7 more
>
> That line in Bootstrap.java is creating a new startup.Catalina object
> which needs it's own inner class SetParentClassLoaderRule. It looks
> like the JVM is attempting to load the wrong class: it should be
> loading startup.Catalina$SetParentClassLoaderRule but instead it's
> trying to load startup.SetParentClassLoaderRule.
>
> I'm at a loss, here.
>
> JVM info:
>
> $ java -version
> java version "1.6.0_26"
> Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
> Java HotSpot(TM) Server VM (build 20.1-b02, mixed mode)
>
> Any ideas?
>

How do you start it?
Are you in output/build/bin when you are trying to start it?

Are CATALINA_HOME and CATALINA_BASE have none or valid values when you
are running the startup scripts?
(catalina.sh should print their values when starting).

Maybe try good old "rm -rf output" instead of Ant clean?

Last time I cleanly recompiled it was yesterday (to confirm brokenness
in the manager webapp - see elsethread), and all was fine.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Trouble running TC8 trunk

2011-11-08 Thread Mark Eggers
- Original Message -

> From: Christopher Schultz 
> To: Tomcat Users List 
> Cc: 
> Sent: Tuesday, November 8, 2011 5:37 PM
> Subject: Trouble running TC8 trunk
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> All,
> 
> With current trunk HEAD and a fresh:
> 
> $ ant clean clean-depend download-compile deploy
> 
> When I attempt to start Tomcat, I get this error (this is 100% of my
> catalina.out):
> 
> java.lang.NoClassDefFoundError:
> org/apache/catalina/startup/SetParentClassLoaderRule
>         at java.lang.Class.getDeclaredConstructors0(Native Method)
>         at java.lang.Class.privateGetDeclaredConstructors(Class.java:2389)
>         at java.lang.Class.getConstructor0(Class.java:2699)
>         at java.lang.Class.newInstance0(Class.java:326)
>         at java.lang.Class.newInstance(Class.java:308)
>         at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:239)
>         at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
> Caused by: java.lang.ClassNotFoundException:
> org.apache.catalina.startup.SetParentClassLoaderRule
>         at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
>         at java.security.AccessController.doPrivileged(Native Method)
>         at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
>         at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
>         at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
>         ... 7 more
> 
> That line in Bootstrap.java is creating a new startup.Catalina object
> which needs it's own inner class SetParentClassLoaderRule. It looks
> like the JVM is attempting to load the wrong class: it should be
> loading startup.Catalina$SetParentClassLoaderRule but instead it's
> trying to load startup.SetParentClassLoaderRule.
> 
> I'm at a loss, here.
> 
> JVM info:
> 
> $ java -version
> java version "1.6.0_26"
> Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
> Java HotSpot(TM) Server VM (build 20.1-b02, mixed mode)
> 
> Any ideas?
> 
> Thanks,
> - -chris


Chris,

This is likely not to be very helpful . . .

Revision: 1199595


java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Java HotSpot(TM) Client VM (build 20.4-b02, mixed mode, sharing)

Apache Ant(TM) version 1.8.2 compiled on December 20 2010


Fedora 15, latest patches

Modified build.properties from build.properties.default

base.path=/home/mdeggers/src/tomcat-src/trunk-repo

# skipping windows installer
skip.installer=true

Commands:

ant clean
ant release

Copied

output/release/v8.0.0-dev/bin/apache-tomcat-8.0.0-dev.tar.gz

someplace and unpacked it.

It started up fine, and I was able to run a few of the test applications. I 
enabled the GUI manager and that worked as well.

I tried

ant clean
ant deploy

and then ran the resulting output/build/bin/startup.sh from output/build/bin. 
That ran as well. I also ran it successfully as output/build/bin/startup.sh.

The only java-related environment variables I have are the following:

JRE_HOME=/usr/jre
JAVA_HOME=/usr/java
ANT_HOME=/usr/local/Apache/ant
M2_HOME=/usr/local/Apache/maven
MAVEN_OPTS=-Xms128m -Xmx256m

I know, a "works for me" post isn't very helpful.

Sorry 'bout that.

. . . just my two cents.
/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: SSL connect to APR fails - "bad version"

2011-11-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Kobe,

On 11/8/11 2:01 PM, Kobe wrote:
> thank for your help. here is more info on my setup: tomcat version
> 6.0.29. And tomcat is startin clean; no ererors while loading.
> 
> if I use tls1, I get same error as before ("bad version").
> 
> when i test with openssl s_client, I check line 293 of s3_pkt.c. it
> say -->
> 
> 
> if ((version>>8) != SSL3_VERSION_MAJOR) {
> 
> SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER); goto
> err; }
> 
> 
> 
> so client is wanting ssl version 3. But i have same error with
> browser. i donot/cannot find what version browser wants - i Think
> it is 3.

Your web browser likely has SSL 2.0 disabled entirely. You should
check which types of SSL/TLS are enabled.

> So I am thinking, there is misconfigure on this server. i would
> like to find why this server respond with SSLv2 ClientHello instead
> of SSLv3 ClientHello.

Why do you think you are getting an SSLv2 reply?

> how do i find this misconfigurn?

Are you using the same version of openssl as the "client" as you are
using withing Tomcat? I wonder if the FIPS mode is tripping you up.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk65274ACgkQ9CaO5/Lv0PAcfwCeI/nP0CP5Y8Jj1q/1Im/9ef9Y
tZQAnial2UmsG5FSBSkSclenImxf5YR+
=vgDW
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 7, Servlet 3.0, and Non-Blocking

2011-11-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Matthew,

On 11/8/11 4:43 PM, Matthew Tyson wrote:
> So if I want to use Servlet 3.0 async (eg, a call to
> request.startAsync), and have it be handled without blocking IO, I
> need to use the NIO connector?

To repeat Mark's reply:

> On Tue, Nov 8, 2011 at 12:27 PM, Mark Thomas 
> wrote: If you want to use Comet you'll need to use HTTP NIO or HTTP
> APR/native.
> 
> Servlet 3.0 async works with any connector.

Note that last sentence.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk652ckACgkQ9CaO5/Lv0PB+9wCdGzcXsivGczZZ5Dv7GKZTb/gJ
Ha8AoI3MPm/kaU9IP1v5V2VvxH2EmEsh
=8tM/
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Trouble running TC8 trunk

2011-11-08 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

All,

With current trunk HEAD and a fresh:

$ ant clean clean-depend download-compile deploy

When I attempt to start Tomcat, I get this error (this is 100% of my
catalina.out):

java.lang.NoClassDefFoundError:
org/apache/catalina/startup/SetParentClassLoaderRule
at java.lang.Class.getDeclaredConstructors0(Native Method)
at java.lang.Class.privateGetDeclaredConstructors(Class.java:2389)
at java.lang.Class.getConstructor0(Class.java:2699)
at java.lang.Class.newInstance0(Class.java:326)
at java.lang.Class.newInstance(Class.java:308)
at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:239)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425)
Caused by: java.lang.ClassNotFoundException:
org.apache.catalina.startup.SetParentClassLoaderRule
at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
... 7 more

That line in Bootstrap.java is creating a new startup.Catalina object
which needs it's own inner class SetParentClassLoaderRule. It looks
like the JVM is attempting to load the wrong class: it should be
loading startup.Catalina$SetParentClassLoaderRule but instead it's
trying to load startup.SetParentClassLoaderRule.

I'm at a loss, here.

JVM info:

$ java -version
java version "1.6.0_26"
Java(TM) SE Runtime Environment (build 1.6.0_26-b03)
Java HotSpot(TM) Server VM (build 20.1-b02, mixed mode)

Any ideas?

Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk652TwACgkQ9CaO5/Lv0PC1LgCeOePAnmx3PjNbTaqqHSvy/ATW
Ng0AmgLhQQcd4sECYLnz+4EJ8z5PEHkf
=epiQ
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: o Tomcat alter the page encoding for JSP file created via Netbeans 7.01

2011-11-08 Thread Kiran Badi

Got it Pid.Thanks.

On 11/8/2011 8:53 PM, Pid wrote:

On 05/11/2011 17:57, Kiran Badi wrote:

Hi All,
I am aware this  might be offtopic but being a silent member to this
list, I think this list can give me  better suggestion than doing a
google.So posting here.


Unfortunately it was on someone else's topic.  In future please don't
just edit a reply's subject line&  body (which is called
thread-hijacking).  Start an entirely new email.


p







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 7, Servlet 3.0, and Non-Blocking

2011-11-08 Thread Matthew Tyson
I guess what I'm asking is if I just start using the Servlet 3.0 support
for suspending requests out of the box, will it be a thread blocking
implementation I'm using?

HTTP APR/native is blocking as well, correct?

So if I want to use Servlet 3.0 async (eg, a call to request.startAsync),
and have it be handled without blocking IO, I need to use the NIO connector?

Thanks,

Matt

On Tue, Nov 8, 2011 at 12:27 PM, Mark Thomas  wrote:

> On 08/11/2011 20:15, Matthew Tyson wrote:
> > Hey Guys,
> >
> > It has been my assumption that Tomcat 7's comet implementation (ie,
> > asyncSupported=true), will automatically use NIO processing.
>
> Comet != Servlet 3.0 async
>
> > Is that not true?
>
> Yes, that is not true.
>
> >  Do I need to set the connector to be
> > org.apache.coyote.http11.Http11NioProtocol explicitly?
>
> If you want to use Comet you'll need to use HTTP NIO or HTTP APR/native.
>
> Servlet 3.0 async works with any connector.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


Re: HTTP Status 404 - /manager/html

2011-11-08 Thread Kaushal Shriyan
On Tue, Nov 8, 2011 at 10:29 AM, Caldarale, Charles R
 wrote:
>> From: Kaushal Shriyan [mailto:kaushalshri...@gmail.com]
>> Subject: Re: HTTP Status 404 - /manager/html
>
>> I did downloaded it from
>> http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.19/bin/
>
> Good.  For curiosity's sake, why didn't you use the most recent release?
>
>> i do have manager webapps
>
> So noted.
>
> Are you sure you're accessing that Tomcat?
>
> Have you changed anything in conf/server.xml (e.g., disabling 
> deployOnStartup)?
>
> Look in the Tomcat logs to see if there are any errors regarding deployment 
> of or access to the manager webapp.
>
>  - Chuck
>

Thanks Chuck for the hint,Fixed it after peeking at catalina.out log file.

INFO: Deploying configuration descriptor manager.xml from
/opt/tomcat0/conf/Catalina/localhost
java.lang.IllegalArgumentException: Document base
/opt/tomcat0/server/webapps/manager does not exist or is not a
readable directory
SEVERE: Context [/manager] startup failed due to previous errors
INFO: Deploying web application directory host-manager

So going through the logs,if we look at
/opt/tomcat0/conf/Catalina/localhost/manager.xml docBase was set to a
different path
I have corrected it and it worked fine.

Regards,

Kaushal

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



tomcat doesnt want to start

2011-11-08 Thread Christian Röttger

Hello list,

i updated my ubuntu server to tomcat 6.0.24. (a kernel update was also 
included) After a reboot tomcat doesn't want to start.

The status is not running and when i want to start it, it always says:
/etc/init.d/tomcat6 start
 * Starting Tomcat servlet engine tomcat6   [fail]
the same with force-reload

when i try to look at the logs in /var/log/tomcat i don't get access
sudo cat /var/log$ cd tomcat6/
-bash: cd: tomcat6/: Keine Berechtigung

Where should i look?
Can anyone provide some help how to get it running again?

thanks,
christian



smime.p7s
Description: S/MIME Cryptographic Signature


Re: SSL connect to APR fails - "bad version"

2011-11-08 Thread Kobe

many thanks again for your time and help.

Problem is: same openssl version working on another server
and successfuly setup SSLv3 connections with same client.
So I am thinking, there is misconfigure on this server. i would like
to find why this server respond with SSLv2 ClientHello instead of 
SSLv3 ClientHello.

how do i find this misconfigurn?

/Kobe


Marvin Addison wrote:
> 
> The following works as expected on my config (6.0.26) using the
> default protocols and cipher suite as in your config:
> 
> $ openssl s_client -connect eiger:443 -debug -ssl3
> CONNECTED(0003)
> ...
> 
> Something in your SSL version jumped out at me:
> 
> OpenSSL 0.9.8e-fips-rhel5
> 
> Looks like you're running OpenSSL with the FIPS compliance features
> enabled, which may impose additional requirements on SSL negotiation.
> I can't provide any further insight, but hopefully it might point to
> an area for further investigation.
> 
> M
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/SSL-connect-to-APR-fails---%22bad-version%22-tp32788669p32805994.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: SSL connect to APR fails - "bad version"

2011-11-08 Thread Kobe

thank for your help. here is more info on my setup: tomcat version 6.0.29.
And tomcat is startin clean; no ererors while loading.

if I use tls1, I get same error as before ("bad version").

when i test with openssl s_client, I check line 293 of s3_pkt.c. it say -->


if ((version>>8) != SSL3_VERSION_MAJOR)
{
   
SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
goto err;
}



so client is wanting ssl version 3. But i have same error with browser. i
donot/cannot find what
version browser wants - i Think it is 3.


Konstantin Kolinko wrote:
> 
> 2011/11/6 Kobe :
>>
>> I build tcnative and apr from src with exist ver of openssl (means
>> openssl
>> not
>> build my me). I load apr connector in tomcat as below.
>>
>> when my client connect, I cannot connect: i get "bad version".
>> please explain what I do wrong?
>>
>>
>> server# ./apr-1-config  --version
>> 1.4.5
>> server#
>> server# openssl version
>> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>> server#
>>
>>  /// APR Connector Configuration in Tomcat6
>>  >    protocol="org.apache.coyote.http11.Http11AprProtocol"
>>    enableLookups="false" disableUploadTimeout="true"
>>    acceptCount="100" scheme="https" secure="true"
>>    SSLCertificateFile="server_certificate.pem"
>>    SSLCertificateChainFile="cachain.pem"
>>    SSLCertificateKeyFile="server.key"
>>  />
>>
>>
>> $ openssl s_client -connect server.xxx.net:443 -debug -ssl3
> 
>> 44414:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
>> number:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s3_pkt.c:293:
> 
> And what happens with
> $ openssl s_client -connect server.xxx.net:443 -debug -tls1
> ?
> 
> What is on line 293 in s3_pkt.c in the version of openssl the client
> side of the connection is using?
> 
> I quick guess that client&server cannot negotiate protocol version.
> There are some options on  that might be used to configure
> protocols & ciphers that are supported.
> 
> Note that
> - There were several security fixes in OpenSSL since that version that
> you are using.
> - You may try googling for your error message. It is mentioned a lot of
> times.
> - You are not mentioning what version of Tomcat x.y.z you are using.
> - There might be some messages in Tomcat log files. Does Tomcat start
> up cleanly?
> 
> Re: Andre's question:
> That is openssl in command-line client mode, as a test whether it can
> connect to the server.
> 
> Best regards,
> Konstantin Kolinko
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/SSL-connect-to-APR-fails---%22bad-version%22-tp32788669p32805993.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: SSL connect to APR fails - "bad version"

2011-11-08 Thread Kobe

Actually, whether it be webaccess or webservice access, i not follow
your confusion. pleas explain why this is wrong.

/Kobe

Kobe wrote:
> 
> Tomcat is also a servlet container and may be used to host web services.
> That is the case here. the web service client is hosted in a BEA weblogic
> server
> and attempts to connect to the web service over SSL.
> 
> /Kobe
> 
> 
> awarnier wrote:
>> 
>> Kobe wrote:
>>> I build tcnative and apr from src with exist ver of openssl (means
>>> openssl
>>> not
>>> build my me). I load apr connector in tomcat as below.
>>> 
>>> when my client connect, I cannot connect: i get "bad version". 
>>> please explain what I do wrong?
>>> 
>>> 
>>> server# ./apr-1-config  --version
>>> 1.4.5
>>> server#
>>> server# openssl version
>>> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>>> server#
>>> 
>>> 
>>> 
>>>   /// APR Connector Configuration in Tomcat6
>>>  >> protocol="org.apache.coyote.http11.Http11AprProtocol"
>>> enableLookups="false" disableUploadTimeout="true"
>>> acceptCount="100" scheme="https" secure="true"
>>> SSLCertificateFile="server_certificate.pem"
>>> SSLCertificateChainFile="cachain.pem"
>>> SSLCertificateKeyFile="server.key"
>>>   />
>>> 
>>> 
>>> 
>>> 
>>> $ openssl s_client -connect server.xxx.net:443 -debug -ssl3
>>> CONNECTED(0003)
>>> write to 0x100119470 [0x100815e00] (95 bytes => 95 (0x5F))
>>>  - 16 03 00 00 5a 01 00 00-56 03 00 4e b5 d4 3e 2d  
>>> Z...V..N..>-
>>> 0010 - 57 eb 94 3c f8 0f a0 55-76 75 21 7c b3 f1 37 6f  
>>> W..<...Uvu!|..7o
>>> 0020 - 99 2b 68 7c 65 b7 c9 2c-f6 1f dd 00 00 2e 00 39  
>>> .+h|e..,...9
>>> 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f  
>>> .8.5...3.2./
>>> 0040 - 00 9a 00 99 00 96 00 05-00 04 00 15 00 12 00 09  
>>> 
>>> 0050 - 00 14 00 11 00 08 00 06-00 03 00 ff 02 01 ..
>>> 005f - 
>>> read from 0x100119470 [0x100811400] (5 bytes => 5 (0x5))
>>>  - 48 54 54 50 2fHTTP/
>>> write to 0x100119470 [0x10081b800] (7 bytes => 7 (0x7))
>>>  - 15 03 00 00 02 02 28  ..(
>>> 44414:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
>>> number:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s3_pkt.c:293:
>>> $ 
>>> 
>> Hi.
>> I don't know if other members of this list will be as puzzled as I am,
>> but it is not clear 
>> to me what you are trying to achieve.
>> I mean that Tomcat is in principle a web server, normally answering web
>> browser requests 
>> (via HTTP or HTTPS).  What are you trying to do when you access it with
>> the above type of 
>> client, and what are you sending to Tomcat, and why ?
>> 
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
>> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/SSL-connect-to-APR-fails---%22bad-version%22-tp32788669p32805704.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Tomcat 7, Servlet 3.0, and Non-Blocking

2011-11-08 Thread Mark Thomas
On 08/11/2011 20:15, Matthew Tyson wrote:
> Hey Guys,
> 
> It has been my assumption that Tomcat 7's comet implementation (ie,
> asyncSupported=true), will automatically use NIO processing.

Comet != Servlet 3.0 async

> Is that not true?

Yes, that is not true.

>  Do I need to set the connector to be
> org.apache.coyote.http11.Http11NioProtocol explicitly?

If you want to use Comet you'll need to use HTTP NIO or HTTP APR/native.

Servlet 3.0 async works with any connector.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: SSL connect to APR fails - "bad version"

2011-11-08 Thread Kobe

Tomcat is also a servlet container and may be used to host web services.
That is the case here. the web service client is hosted in a BEA weblogic
server
and attempts to connect to the web service over SSL.

/Kobe


awarnier wrote:
> 
> Kobe wrote:
>> I build tcnative and apr from src with exist ver of openssl (means
>> openssl
>> not
>> build my me). I load apr connector in tomcat as below.
>> 
>> when my client connect, I cannot connect: i get "bad version". 
>> please explain what I do wrong?
>> 
>> 
>> server# ./apr-1-config  --version
>> 1.4.5
>> server#
>> server# openssl version
>> OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
>> server#
>> 
>> 
>> 
>>   /// APR Connector Configuration in Tomcat6
>>  > protocol="org.apache.coyote.http11.Http11AprProtocol"
>> enableLookups="false" disableUploadTimeout="true"
>> acceptCount="100" scheme="https" secure="true"
>> SSLCertificateFile="server_certificate.pem"
>> SSLCertificateChainFile="cachain.pem"
>> SSLCertificateKeyFile="server.key"
>>   />
>> 
>> 
>> 
>> 
>> $ openssl s_client -connect server.xxx.net:443 -debug -ssl3
>> CONNECTED(0003)
>> write to 0x100119470 [0x100815e00] (95 bytes => 95 (0x5F))
>>  - 16 03 00 00 5a 01 00 00-56 03 00 4e b5 d4 3e 2d   Z...V..N..>-
>> 0010 - 57 eb 94 3c f8 0f a0 55-76 75 21 7c b3 f1 37 6f   W..<...Uvu!|..7o
>> 0020 - 99 2b 68 7c 65 b7 c9 2c-f6 1f dd 00 00 2e 00 39   .+h|e..,...9
>> 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f   .8.5...3.2./
>> 0040 - 00 9a 00 99 00 96 00 05-00 04 00 15 00 12 00 09   
>> 0050 - 00 14 00 11 00 08 00 06-00 03 00 ff 02 01 ..
>> 005f - 
>> read from 0x100119470 [0x100811400] (5 bytes => 5 (0x5))
>>  - 48 54 54 50 2fHTTP/
>> write to 0x100119470 [0x10081b800] (7 bytes => 7 (0x7))
>>  - 15 03 00 00 02 02 28  ..(
>> 44414:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
>> number:/SourceCache/OpenSSL098/OpenSSL098-35.1/src/ssl/s3_pkt.c:293:
>> $ 
>> 
> Hi.
> I don't know if other members of this list will be as puzzled as I am, but
> it is not clear 
> to me what you are trying to achieve.
> I mean that Tomcat is in principle a web server, normally answering web
> browser requests 
> (via HTTP or HTTPS).  What are you trying to do when you access it with
> the above type of 
> client, and what are you sending to Tomcat, and why ?
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: 
http://old.nabble.com/SSL-connect-to-APR-fails---%22bad-version%22-tp32788669p32805690.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Tomcat 7, Servlet 3.0, and Non-Blocking

2011-11-08 Thread Matthew Tyson
Hey Guys,

It has been my assumption that Tomcat 7's comet implementation (ie,
asyncSupported=true), will automatically use NIO processing.

Is that not true?  Do I need to set the connector to be
org.apache.coyote.http11.Http11NioProtocol explicitly?

Thanks,

Matt


Re: making security constraints configureable

2011-11-08 Thread Terence M. Bandoian

 On 1:59 PM, André Warnier wrote:

Terence M. Bandoian wrote:

 On 1:59 PM, Konstantin Kolinko wrote:

2011/11/3 Leon Rosenberg:

I have a situation where an application is accessable from outside in
staging and production environment, but shouldn't be open for public
in staging environment.

Put it behind Apache HTTPD (or any other proxy) and let HTTPD handle
authentication&  authorization instead of Tomcat.

I'd advise against using BASIC auth in public internet, unless the
channel is protected with HTTPS.


What we did so far was, that we excluded everyone via web.xml:


You can automate the above. If you pack your war file using Ant, you
can use  task.

Best regards,
Konstantin Kolinko


I'm not sure what "open for public" means above.

What about using a system property (e.g. 
myorg.myapp.isStagingEnv=true) in a filter or valve to accept or 
reject requests?


If I (belatedly) understand the requirements properly, Leon does not 
not want to reject /all/ requests (that, he could do by undeploying 
the application).  It is more something like this :


- requests originating from a range of IP addresses (e.g. the internal 
LAN) should be accepted, without authentication
- requests originating from anywhere else should be submitted to 
authentication.


Practical case : the application is in a testing state, and should not 
be available to the public at large, only to inside testers. The 
inside testers should not have to login for that.
However, occasionally, someone may be sitting in an Internet Cafe and 
want to do a demo for a customer from there. He should be able to 
access the application, but only after logging in.


Leon, if the above is not the right description, please correct it.  
In such matters, the devil is in the details.




The system property that indicates whether or not the application is in 
a staging or test environment would be used in conjunction with a test 
against, for example, request.getRemoteUser() or request.isUserInRole() 
or request.getRemoteAddr().


-Terence Bandoian


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: Session expiration - browser -Web application

2011-11-08 Thread Léa Massiot

@Terence :
Thank you for your answer.
Actually, I extracted the Java code from the JSP and put it in a TLD so that
the code is cleaner and more manageable.
Best regards,
--
Léa
-- 
View this message in context: 
http://old.nabble.com/Session-expiration---browser--Web-application-tp32780678p32804141.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



[SECURITY] CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app

2011-11-08 Thread Mark Thomas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

CVE-2011-3376 Apache Tomcat - Privilege Escalation via Manager app

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
- - Tomcat 7.0.0 to 7.0.21

Description:
This issue only affects environments running web applications that are
not trusted (e.g. shared hosting environments). The Servlets that
implement the functionality of the Manager application that ships with
Apache Tomcat should only be available to Contexts (web applications)
that are marked as privileged. However, this check was not being made.
This allowed an untrusted web application to use the functionality of
the Manager application. This could be used to obtain information on
running web applications as well as deploying additional web applications.

Mitigation:
Users of Tomcat 7.0.x should upgrade to 7.0.22 or later

Credit:
This issue was identified by Ate Douma

References:
http://tomcat.apache.org/security.html
http://tomcat.apache.org/security-7.html

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJOuWxPAAoJEBDAHFovYFnng3oP/jkYsplqxz9hjWi6uztQK3Gv
BlS1IlbyqW5HW8rqr/pyfLWDDiJZUc+FmWRbyT96r/V4z0w4oGglGi289owLr1Lx
bsGlauWQhZh7k5nWKboMVEk6CjGOXVQ9zMJJwhEkrXn6/HNV5O65F/0nnLoHgStM
DNyKKpYDtc6XCI7+Pcutv3fqkk9niF3KSF3rePKlpUstVbuLx9HlX+0fbj7+X4w/
PyE5R9tVfr3Toiwn546QQR73VkOSmAGt0IEE9P06oY50ruW3/Z6wJjVHrlJUsoQ3
txupoC+FCZ5ph8DfoeVzav6Y3W9dImXz6rzxm3YnUKCDZuWnGVNzDE4IUyKdRM5t
W/Smquaat8VxsxMbU34bSJHYA1m2nos4qPrQvJl2w0wKWrPFRnu4f8RImvg1BIPH
gZ17raqPjdoBuE3H4ivgF0DSasVdYM/Ge977B+6nD9jzwE6FEFAFCCRpbYvD/6SA
//QbqSlcULb6CKZ6D/rNbLSQ3e0QD6GYaz3HjJcCtJkqo2FoLGY88AxtoF4es5SB
thYJf7r51J9W8g7nvw+b7Y0+eG3IczsBA0spIoyzIKr1RxSEFE2220idPdotpjAf
aticEwF9U5przWmwNab7lKUd91bo32ZVtvIprPGL/NfHrL3KC891gjYqkQtrcJC5
SkiQ74ix/uGZTB6HHCWm
=wak3
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: AW: mod_jk - Browser displays HTML Sourcecode

2011-11-08 Thread André Warnier

Pid wrote:

On 08/11/2011 15:54, André Warnier wrote:

But obviously it isn't, so there's something wrong with this JkMount.


Jumping ahead, that bit comes next when the OP's sorted their layout
out... ;)


Ok, had a second look at the Tomcat config, and I think you're right.
there's some work to do there..


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: AW: mod_jk - Browser displays HTML Sourcecode

2011-11-08 Thread André Warnier

Pid wrote:

On 08/11/2011 15:54, André Warnier wrote:

But obviously it isn't, so there's something wrong with this JkMount.


Jumping ahead, that bit comes next when the OP's sorted their layout
out... ;)



Jumping back, the misdirected DocumentRoot issue should not be an immediate 
security
problem if the
JkMount /* loadbalancer
worked.
No ?
:-)

@Alexander :
change the VirtualHost's DocumentRoot to point anywhere else that is not part 
of the
Tomcat directories.
Then put a simple "index.html" document there, saying "wrong place".
(and make all of that readable by the user under which Apache httpd runs (like 
www-data
probably)).
Reload the Apache config.

After that, apart from the top-level "/" URL, everything else should return a 404 
"not
found", until the JkMount works.

Then, in this :

ServerAdmin xxx@yyy
DocumentRoot "D:/www/apps/app1/ROOT"

Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

...


I don't see a JkMount.  Where is it ?




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: AW: mod_jk - Browser displays HTML Sourcecode

2011-11-08 Thread Pid
On 08/11/2011 15:54, André Warnier wrote:
> 
> But obviously it isn't, so there's something wrong with this JkMount.

Jumping ahead, that bit comes next when the OP's sorted their layout
out... ;)


p

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature


Re: AW: mod_jk - Browser displays HTML Sourcecode

2011-11-08 Thread André Warnier

Hi.

Pid wrote:

On 08/11/2011 15:12, Alexander Diedler wrote:

Hello


That most probably means that the URL mappings for mod_jk are not correct,

and that Apache httpd is serving that content directly.

Look at (or show here) the JkMount lines that should be somewhere in your

Apache configuration.

Was attached in the post:
JkMount /* loadbalancer
So everything would be served by tomcat.



But obviously it isn't, so there's something wrong with this JkMount.

Somewhere else you are talking of VirtualHost.
Are you sure that the above line is inside the  configuration ?
If it is in the "main" Apache config, it is not automatically "inherited" by the 
VirtualHost's.  Check the JkMountCopy directive for details.



At a second level, it also means that you are doing something that is

really not recommended : allow Apache httpd access to the Tomcat application
directories.


+1  I'd go further: *never* publish a Tomcat application docBase as an
HTTPD DocumentRoot.



That bypasses any security that you may have in Tomcat.
Your current problem is a perfect example : Apache now shows the source

code of your JSP pages.  Hopefully there is no secret password in there.


Test : (http://www.test.de/xyz)/WEB-INF/web.xml

Yes you are right, I can read the web.xml from the browser. How we can avoid
it?


Don't publish a Tomcat application docBase as an HTTPD DocumentRoot.
Simples.



To say that in another way :
Suppose that your Tomcat webapps directory is /var/lib/tomcatx/webapps.
Then DO NOT define in Apache
DocumentRoot /var/lib/tomcatx/webapps
(or any other overlap between these two, or subdirectories of ditto).

Apache httpd and Tomcat "don't know eachother", they are independent 
applications.
Each one has its own security system, based on different principles.

For example, Tomcat will /never/ allow a client to retrieve a file from inside a webapp's 
WEB-INF subdirectory.
But Apache httpd doesn't know that a WEB-INF sub-directory is something special, so it 
will happily serve its content, if the URL maps there for Apache.
Similarly, Apache doesn't know that a JSP file is something special (that must be compiled 
to a java servlet etc..). So if the URL which Apache handles points to something like 
that, Apache will happily serve it as a text file.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



AW: AW: mod_jk - Browser displays HTML Sourcecode

2011-11-08 Thread Alexander Diedler
Ok, But would be the better way (of life) for this?
HTTPD vhost.conf:

ServerAdmin xxx@yyy
DocumentRoot "D:/www/apps/app1/ROOT"

Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all

...


Server.xml:
   
  



ROOT.xml in /conf/





Greetings
Alexander


-Ursprüngliche Nachricht-
Von: Pid [mailto:p...@pidster.com] 
Gesendet: Dienstag, 8. November 2011 16:21
An: Tomcat Users List
Betreff: Re: AW: mod_jk - Browser displays HTML Sourcecode

On 08/11/2011 15:12, Alexander Diedler wrote:
> Hello
> 
>> That most probably means that the URL mappings for mod_jk are not 
>> correct,
> and that Apache httpd is serving that content directly.
>> Look at (or show here) the JkMount lines that should be somewhere in 
>> your
> Apache configuration.
> 
> Was attached in the post:
> JkMount /* loadbalancer
> So everything would be served by tomcat.
> 
>> At a second level, it also means that you are doing something that is
> really not recommended : allow Apache httpd access to the Tomcat 
> application directories.

+1  I'd go further: *never* publish a Tomcat application docBase as an
HTTPD DocumentRoot.


>> That bypasses any security that you may have in Tomcat.
>> Your current problem is a perfect example : Apache now shows the 
>> source
> code of your JSP pages.  Hopefully there is no secret password in there.
> 
>> Test : (http://www.test.de/xyz)/WEB-INF/web.xml
> Yes you are right, I can read the web.xml from the browser. How we can 
> avoid it?

Don't publish a Tomcat application docBase as an HTTPD DocumentRoot.
Simples.


p



> Greetings
> Alexander
> 
> 
> 
>>
>>  
>>
>> In the Apache access log:
>>
>> xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] "GET / HTTP/1.1" 200
>> 23281 ##OK
>>
>> xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] "GET
>> /go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1" 200 88572##Not ok,
>> sorcecode displayed.
>>
>>  
>>
>> In the virtual-host.conf:
>>
>> ## Tomcatanbindung
>>
>> JkMount /* loadbalancer
>>
>> JkOptions +ForwardURICompatUnparsed
>>
>> AllowEncodedSlashes On
>>
>>  
>>
>>  
>>
>> Greetings
>>
>> Alexander
>>
>>  
>>
>>
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-- 

[key:62590808]



smime.p7s
Description: S/MIME cryptographic signature


Re: o Tomcat alter the page encoding for JSP file created via Netbeans 7.01

2011-11-08 Thread Pid
On 05/11/2011 17:57, Kiran Badi wrote:
> Hi All,

> I am aware this  might be offtopic but being a silent member to this
> list, I think this list can give me  better suggestion than doing a
> google.So posting here.


Unfortunately it was on someone else's topic.  In future please don't
just edit a reply's subject line & body (which is called
thread-hijacking).  Start an entirely new email.


p




-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature


Re: AW: mod_jk - Browser displays HTML Sourcecode

2011-11-08 Thread Pid
On 08/11/2011 15:12, Alexander Diedler wrote:
> Hello
> 
>> That most probably means that the URL mappings for mod_jk are not correct,
> and that Apache httpd is serving that content directly.
>> Look at (or show here) the JkMount lines that should be somewhere in your
> Apache configuration.
> 
> Was attached in the post:
> JkMount /* loadbalancer
> So everything would be served by tomcat.
> 
>> At a second level, it also means that you are doing something that is
> really not recommended : allow Apache httpd access to the Tomcat application
> directories.

+1  I'd go further: *never* publish a Tomcat application docBase as an
HTTPD DocumentRoot.


>> That bypasses any security that you may have in Tomcat.
>> Your current problem is a perfect example : Apache now shows the source
> code of your JSP pages.  Hopefully there is no secret password in there.
> 
>> Test : (http://www.test.de/xyz)/WEB-INF/web.xml
> Yes you are right, I can read the web.xml from the browser. How we can avoid
> it?

Don't publish a Tomcat application docBase as an HTTPD DocumentRoot.
Simples.


p



> Greetings
> Alexander
> 
> 
> 
>>
>>  
>>
>> In the Apache access log:
>>
>> xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] "GET / HTTP/1.1" 200 
>> 23281 ##OK
>>
>> xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] "GET
>> /go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1" 200 88572##Not ok,
>> sorcecode displayed.
>>
>>  
>>
>> In the virtual-host.conf:
>>
>> ## Tomcatanbindung
>>
>> JkMount /* loadbalancer
>>
>> JkOptions +ForwardURICompatUnparsed
>>
>> AllowEncodedSlashes On
>>
>>  
>>
>>  
>>
>> Greetings
>>
>> Alexander
>>
>>  
>>
>>
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature


AW: mod_jk - Browser displays HTML Sourcecode

2011-11-08 Thread Alexander Diedler
Hello

>That most probably means that the URL mappings for mod_jk are not correct,
and that Apache httpd is serving that content directly.
>Look at (or show here) the JkMount lines that should be somewhere in your
Apache configuration.

Was attached in the post:
JkMount /* loadbalancer
So everything would be served by tomcat.

>At a second level, it also means that you are doing something that is
really not recommended : allow Apache httpd access to the Tomcat application
directories.
>That bypasses any security that you may have in Tomcat.
>Your current problem is a perfect example : Apache now shows the source
code of your JSP pages.  Hopefully there is no secret password in there.

>Test : (http://www.test.de/xyz)/WEB-INF/web.xml
Yes you are right, I can read the web.xml from the browser. How we can avoid
it?

Greetings
Alexander



> 
>  
> 
> In the Apache access log:
> 
> xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] "GET / HTTP/1.1" 200 
> 23281 ##OK
> 
> xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] "GET
> /go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1" 200 88572##Not ok,
> sorcecode displayed.
> 
>  
> 
> In the virtual-host.conf:
> 
> ## Tomcatanbindung
> 
> JkMount /* loadbalancer
> 
> JkOptions +ForwardURICompatUnparsed
> 
> AllowEncodedSlashes On
> 
>  
> 
>  
> 
> Greetings
> 
> Alexander
> 
>  
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



smime.p7s
Description: S/MIME cryptographic signature


Re: mod_jk - Browser displays HTML Sourcecode

2011-11-08 Thread André Warnier

Alexander Diedler wrote:

Hello,

Something goes wrong. I have a Apache 2.2.1 with mod_jk and a Tomcat 6.0.32.
So if I connect to the website http://www.test.de/ everything is ok, site
was displayed. If I try to access http://www.test.de/xyz i get the source
code from the site it should be displayed, but it was not rendered by the
browser. If I connect to the tomcat directly with port 8080, the sites will
be delivered fine to the browser.


That most probably means that the URL mappings for mod_jk are not correct, and that Apache 
httpd is serving that content directly.
Look at (or show here) the JkMount lines that should be somewhere in your Apache 
configuration.


At a second level, it also means that you are doing something that is really not 
recommended : allow Apache httpd access to the Tomcat application directories.

That bypasses any security that you may have in Tomcat.
Your current problem is a perfect example : Apache now shows the source code of your JSP 
pages.  Hopefully there is no secret password in there.


Test : (http://www.test.de/xyz)/WEB-INF/web.xml




 


In the Apache access log:

xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] "GET / HTTP/1.1" 200 23281
##OK

xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] "GET
/go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1" 200 88572##Not ok,
sorcecode displayed.

 


In the virtual-host.conf:

## Tomcatanbindung

JkMount /* loadbalancer

JkOptions +ForwardURICompatUnparsed

AllowEncodedSlashes On

 

 


Greetings

Alexander

 






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



mod_jk - Browser displays HTML Sourcecode

2011-11-08 Thread Alexander Diedler
Hello,

Something goes wrong. I have a Apache 2.2.1 with mod_jk and a Tomcat 6.0.32.
So if I connect to the website http://www.test.de/ everything is ok, site
was displayed. If I try to access http://www.test.de/xyz i get the source
code from the site it should be displayed, but it was not rendered by the
browser. If I connect to the tomcat directly with port 8080, the sites will
be delivered fine to the browser.

 

In the Apache access log:

xxx.xxx.214.145 - - [08/Nov/2011:14:44:08 +0100] "GET / HTTP/1.1" 200 23281
##OK

xxx.xxx.214.145 - - [08/Nov/2011:14:44:11 +0100] "GET
/go/VV4QB69WO9F01A9KGBSYVGNVGHY6T95J HTTP/1.1" 200 88572##Not ok,
sorcecode displayed.

 

In the virtual-host.conf:

## Tomcatanbindung

JkMount /* loadbalancer

JkOptions +ForwardURICompatUnparsed

AllowEncodedSlashes On

 

 

Greetings

Alexander

 



smime.p7s
Description: S/MIME cryptographic signature


Re: Catalina.policy file for security option

2011-11-08 Thread Petr Hracek
When I have set CATALINA_OPTS to:
linux:/var/log/tomcat5/base # echo $CATALINA_OPTS
-Djava.security.debug=all
linux:/var/log/tomcat5/base #

in log I see:
domain 1 ProtectionDomain
CodeSource=CodeSource, url=file:/usr/share/tomcat5/bin/bootstrap.jar,

ClassLoader=sun.misc.Launcher$AppClassLoader@8e208e2

Permissions:
static: java.security.Permissions@8930893 (
 (java.io.FilePermission /usr/share/tomcat5/bin/bootstrap.jar read)
 (java.lang.RuntimePermission exitVM)
)


Dne 8. listopadu 2011 13:51 Petr Hracek  napsal(a):
> Yes the tomcat should be run as a back-end server (AJP) with apache2-2.2.21.
> I have add to the catalina.policy following permission:
>        permission javax.management.MBeanServerPermission "createMBeanServer";
>        permission javax.management.MBeamPermission
> "com.javamonitor.mbeans.*","*";
>        permission javax.management.MBeanTrustPermission "register";
>        permission javax.management.MBeanServerPermission "findMBeanServer";
>        permission java.net.SocketPermission "java-monitor.com:80", "connect";
>        permission java.net.SocketPermission "java-monitor.com:80", "resolve";
>
> In the log of catalina.out I see:
> log4j:WARN No appenders could be found for logger
> (org.apache.catalina.startup.Embedded).
> log4j:WARN Please initialize the log4j system properly.
>
> But as in ps -ef | grep java and lsof -i | grep java I did not see any
> 8009 and 8005 port or even that tomcat5 is not starting.
>
> Where could be a problem?
>
> Dne 7. listopadu 2011 12:29 André Warnier  napsal(a):
>> Petr Hracek wrote:
>>>
>>> Dear tomcat users,
>>>
>>> I have try to configure my really old tomcat5 configuration (for using
>>> -security).
>>> but tomcat is not running.
>>
>> Petr,
>> can you be a bit more specific ? what is not running ? does it start ? does
>> it crash after starting ? is it just not answering requests ? are there
>> error messages anywhere ?
>>
>> On my system tomcat5 is run only as servlet
>>>
>>> engine and not as web server.
>>>
>> Do you mean for example that it runs as a back-end server (through AJP
>> e.g.), with a front-end webserver serving all static content ?
>>
>>
>>
>>> Do you have any example catalina.policy file?
>>> My catalina.policy file is:
>>> // == SYSTEM CODE PERMISSIONS
>>> =
>>>
>>>
>>> // These permissions apply to javac
>>> grant codeBase "file:${java.home}/lib/-" {
>>>        permission java.security.AllPermission;
>>> };
>>>
>>> // These permissions apply to all shared system extensions
>>> grant codeBase "file:${java.home}/jre/lib/ext/-" {
>>>        permission java.security.AllPermission;
>>> };
>>>
>>> // These permissions apply to javac when ${java.home] points at
>>> $JAVA_HOME/jre
>>> grant codeBase "file:${java.home}/../lib/-" {
>>>        permission java.security.AllPermission;
>>> };
>>>
>>> // These permissions apply to all shared system extensions when
>>> // ${java.home} points at $JAVA_HOME/jre
>>> grant codeBase "file:${java.home}/lib/ext/-" {
>>>        permission java.security.AllPermission;
>>> };
>>> // == CATALINA CODE PERMISSIONS
>>> ===
>>>
>>>
>>> // These permissions apply to the launcher code
>>> grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" {
>>>        permission java.security.AllPermission;
>>> };
>>>
>>> // These permissions apply to the daemon code
>>> grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
>>>        permission java.security.AllPermission;
>>> };
>>>
>>> // These permissions apply to the commons-logging API
>>> grant codeBase "file:${catalina.home}/bin/commons-logging-api-1.1.1.jar" {
>>>        permission java.security.AllPermission;
>>> };
>>>
>>> // These permissions apply to the server startup code
>>> grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
>>>        permission java.security.AllPermission;
>>> };
>>>
>>> // These permissions apply to the JMX server
>>> grant codeBase "file:${catalina.home}/bin/jmx.jar" {
>>>        permission java.security.AllPermission;
>>> };
>>>
>>> // These permissions apply to JULI
>>> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
>>>        permission java.util.PropertyPermission
>>> "java.util.logging.config.class", "read";
>>>        permission java.util.PropertyPermission
>>> "java.util.logging.config.file", "read";
>>>        permission java.io.FilePermission
>>> "${java.home}${file.separator}lib${file.separator}logging.properties",
>>> "read";
>>>        permission java.lang.RuntimePermission "shutdownHooks";
>>>        permission java.io.FilePermission
>>>
>>> "${catalina.base}${file.separator}conf${file.separator}logging.properties",
>>> "read";
>>>        permission java.util.PropertyPermission "catalina.base", "read";
>>>        permission java.util.logging.LoggingPermission "control";
>>>        permission java.io.FilePermission
>>> "${catalina.base}${file.separator}logs", "read, write"

Re: Catalina.policy file for security option

2011-11-08 Thread Petr Hracek
Yes the tomcat should be run as a back-end server (AJP) with apache2-2.2.21.
I have add to the catalina.policy following permission:
permission javax.management.MBeanServerPermission "createMBeanServer";
permission javax.management.MBeamPermission
"com.javamonitor.mbeans.*","*";
permission javax.management.MBeanTrustPermission "register";
permission javax.management.MBeanServerPermission "findMBeanServer";
permission java.net.SocketPermission "java-monitor.com:80", "connect";
permission java.net.SocketPermission "java-monitor.com:80", "resolve";

In the log of catalina.out I see:
log4j:WARN No appenders could be found for logger
(org.apache.catalina.startup.Embedded).
log4j:WARN Please initialize the log4j system properly.

But as in ps -ef | grep java and lsof -i | grep java I did not see any
8009 and 8005 port or even that tomcat5 is not starting.

Where could be a problem?

Dne 7. listopadu 2011 12:29 André Warnier  napsal(a):
> Petr Hracek wrote:
>>
>> Dear tomcat users,
>>
>> I have try to configure my really old tomcat5 configuration (for using
>> -security).
>> but tomcat is not running.
>
> Petr,
> can you be a bit more specific ? what is not running ? does it start ? does
> it crash after starting ? is it just not answering requests ? are there
> error messages anywhere ?
>
> On my system tomcat5 is run only as servlet
>>
>> engine and not as web server.
>>
> Do you mean for example that it runs as a back-end server (through AJP
> e.g.), with a front-end webserver serving all static content ?
>
>
>
>> Do you have any example catalina.policy file?
>> My catalina.policy file is:
>> // == SYSTEM CODE PERMISSIONS
>> =
>>
>>
>> // These permissions apply to javac
>> grant codeBase "file:${java.home}/lib/-" {
>>        permission java.security.AllPermission;
>> };
>>
>> // These permissions apply to all shared system extensions
>> grant codeBase "file:${java.home}/jre/lib/ext/-" {
>>        permission java.security.AllPermission;
>> };
>>
>> // These permissions apply to javac when ${java.home] points at
>> $JAVA_HOME/jre
>> grant codeBase "file:${java.home}/../lib/-" {
>>        permission java.security.AllPermission;
>> };
>>
>> // These permissions apply to all shared system extensions when
>> // ${java.home} points at $JAVA_HOME/jre
>> grant codeBase "file:${java.home}/lib/ext/-" {
>>        permission java.security.AllPermission;
>> };
>> // == CATALINA CODE PERMISSIONS
>> ===
>>
>>
>> // These permissions apply to the launcher code
>> grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" {
>>        permission java.security.AllPermission;
>> };
>>
>> // These permissions apply to the daemon code
>> grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" {
>>        permission java.security.AllPermission;
>> };
>>
>> // These permissions apply to the commons-logging API
>> grant codeBase "file:${catalina.home}/bin/commons-logging-api-1.1.1.jar" {
>>        permission java.security.AllPermission;
>> };
>>
>> // These permissions apply to the server startup code
>> grant codeBase "file:${catalina.home}/bin/bootstrap.jar" {
>>        permission java.security.AllPermission;
>> };
>>
>> // These permissions apply to the JMX server
>> grant codeBase "file:${catalina.home}/bin/jmx.jar" {
>>        permission java.security.AllPermission;
>> };
>>
>> // These permissions apply to JULI
>> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
>>        permission java.util.PropertyPermission
>> "java.util.logging.config.class", "read";
>>        permission java.util.PropertyPermission
>> "java.util.logging.config.file", "read";
>>        permission java.io.FilePermission
>> "${java.home}${file.separator}lib${file.separator}logging.properties",
>> "read";
>>        permission java.lang.RuntimePermission "shutdownHooks";
>>        permission java.io.FilePermission
>>
>> "${catalina.base}${file.separator}conf${file.separator}logging.properties",
>> "read";
>>        permission java.util.PropertyPermission "catalina.base", "read";
>>        permission java.util.logging.LoggingPermission "control";
>>        permission java.io.FilePermission
>> "${catalina.base}${file.separator}logs", "read, write";
>>        permission java.io.FilePermission
>> "${catalina.base}${file.separator}logs${file.separator}*", "read,
>> write";
>>        permission java.lang.RuntimePermission "getClassLoader";
>>        // To enable per context logging configuration, permit read
>> access to the appropriate file.
>>        // Be sure that the logging configuration is secure before
>> enabling such access
>>        // eg for the examples web application:
>>        // permission java.io.FilePermission
>>
>> "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties",
>> "read";
>> };
>>
>> 

Re: problem with loading Bouncy Castle

2011-11-08 Thread Marvin Addison
Crypto providers need to be installed into the JRE extension directory
(e.g. $JRE_HOME/lib/ext) and an entry must be added to
$JRE_HOME/lib/security/java.security to install the provider.  For
example:

security.provider.5=org.bouncycastle.jce.provider.BouncyCastleProvider

Note the 5 above; each provider needs a unique number and the ordering
determines which provider is used for a given crypto primitive
obtained by code like the following:

Cipher c1 = Cipher.getInstance("DES");

If BC is before the Sun provider, you'll use the BC DES
implementation.  Put it last if in doubt.  (Although it's arguably
better than Sun in many cases.)

M

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Re: problem with loading Bouncy Castle

2011-11-08 Thread Pid
On 08/11/2011 08:47, Jan Vávra wrote:
> Hello,
>  I have a problem  with loading bouncy castle.
>  My code snippet is:
> 
> int position = Security.addProvider(new BouncyCastleProvider());
> KeyStore store = KeyStore.getInstance("PKCS12", "BC");
> 
> In the application log I have message that BouncyCastleProvider is
> already loaded (position== -1).
> But call of getInstance(.) failed with exception:
>  java.security.KeyStoreException: PKCS12 not found
> Caused by: java.security.KeyStoreException: PKCS12 not found
> Caused by: java.security.NoSuchAlgorithmException: class configured for
> KeyStore(provider: BC)cannot be found
> Caused by: java.lang.ClassNotFoundException:
> org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore
> 
> class JDKPKCS12KeyStore$BCPKCS12KeyStore is contained in
> webapps/appX/WEB-INF/lib/bcprov-ext-jdk16-146.jar
> 
> In the catalina log  there is a message:
> Nov 8, 2011 8:34:22 AM org.apache.catalina.loader.WebappClassLoader
> loadClass
> INFO: Illegal access: this web application instance has been stopped
> already.  Could not load
> org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore.  The
> eventual following stack trace is caused by an error thrown for
> debugging purposes as well as to attempt to terminate the thread which
> caused the illegal access, and has no functional impact.
> java.lang.IllegalStateException
> 
> On the tomcat I have 2 more applications that use the same version of
> bcprov-ext. Each has it in own WEB-INF/lib directory.
> 
> Could anybody give me an advice?
> Why tomcat does complaint about "Illegal access"?
> Is there any way how to debug work of
> org.apache.catalina.loader.WebappClassLoader?
> 
> My tomcat version is:
> Apache Tomcat/6.0.29 1.6.0_22-b04 Sun Microsystems Inc.
> Linux 2.6.32.36-0.5-default amd64

Try putting the jar in tomcat/lib instead of in each webapp.


p




-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature


problem with loading Bouncy Castle

2011-11-08 Thread Jan Vávra

Hello,
 I have a problem  with loading bouncy castle.
 My code snippet is:

int position = Security.addProvider(new BouncyCastleProvider());
KeyStore store = KeyStore.getInstance("PKCS12", "BC");

In the application log I have message that BouncyCastleProvider is 
already loaded (position== -1).

But call of getInstance(.) failed with exception:
 java.security.KeyStoreException: PKCS12 not found
Caused by: java.security.KeyStoreException: PKCS12 not found
Caused by: java.security.NoSuchAlgorithmException: class configured for 
KeyStore(provider: BC)cannot be found
Caused by: java.lang.ClassNotFoundException: 
org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore


class JDKPKCS12KeyStore$BCPKCS12KeyStore is contained in 
webapps/appX/WEB-INF/lib/bcprov-ext-jdk16-146.jar


In the catalina log  there is a message:
Nov 8, 2011 8:34:22 AM org.apache.catalina.loader.WebappClassLoader 
loadClass
INFO: Illegal access: this web application instance has been stopped 
already.  Could not load 
org.bouncycastle.jce.provider.JDKPKCS12KeyStore$BCPKCS12KeyStore.  The 
eventual following stack trace is caused by an error thrown for 
debugging purposes as well as to attempt to terminate the thread which 
caused the illegal access, and has no functional impact.

java.lang.IllegalStateException

On the tomcat I have 2 more applications that use the same version of 
bcprov-ext. Each has it in own WEB-INF/lib directory.


Could anybody give me an advice?
Why tomcat does complaint about "Illegal access"?
Is there any way how to debug work of 
org.apache.catalina.loader.WebappClassLoader?


My tomcat version is:
Apache Tomcat/6.0.29 	1.6.0_22-b04 	Sun Microsystems Inc. 	Linux 
2.6.32.36-0.5-default 	amd64



Thanks.

Jan



Re: Clustering and session persistence across restarts?

2011-11-08 Thread Pid *
On 7 Nov 2011, at 22:23, Al DiVenuti  wrote:

> Hello,
>
> I am currently configuring a sandbox development environment with two
> clustered Tomcat 6.0.32 instances running on the same Windows XP SP3
> (32-bit) hosts.
>
> I have a question regarding whether or not the "Manager"
> implementations available for a Tomcat 6 Cluster (i.e. the "Delta Manager"
> or the "Backup Manager") supports "Restart Persistence" for sessions that
> enables the web application's session data to be serialized prior to
> shutdown or application reload and then restored when the web application
> is restarted as a result of the Tomcat restart or reloading of the web
> application.
>
> The availability of this behavior for the "Standard Manager" is documented
> quite clearly at http://tomcat.apache.org/tomcat-6.0-doc/config/manager.html
> .
>
> This is a very useful feature.  My review of the Tomcat documentation at
> http://tomcat.apache.org/tomcat-6.0-doc/config/cluster-manager.html makes
> no mention of that behavior being available for the "Delta Manager" or the
> "Backup Manager" - but I want to be certain whether or not it is available.

Serialisation to file is not available in the cluster session managers.


p


> I am happy to provide additional information if my question is not clear.
>
> Many thanks!
>
> -Al

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org