Re: IP-based virtual hosting with useIPVHosts=true always goes to default host
Hi all, I solved this issue following a parallel discussion on another forum: http://forum.linode.com/viewtopic.php?f=19t=8991 Basically, I had IPTables firewall rules rerouting port 443 traffic to port 8443, and port 80 traffic to port 8080. This is because the tomcat6 user cannot access ports 1024 (only root can). However, this rerouting was always rerouting to my default IP. To solve this, I changed my iptables.conf file from: -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A OUTPUT -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 to: -A PREROUTING -p tcp -m tcp --dst 178.79.152.69 --dport 443 -j DNAT --to-destination 178.79.152.69:8443 -A PREROUTING -p tcp -m tcp --dst 176.58.107.88 --dport 443 -j DNAT --to-destination 176.58.107.88:8443 -A PREROUTING -p tcp -m tcp --dst 178.79.152.69 --dport 80 -j DNAT --to-destination 178.79.152.69:8080 -A PREROUTING -p tcp -m tcp --dst 176.58.107.88 --dport 80 -j DNAT --to-destination 176.58.107.88:8080 -A OUTPUT -p tcp -m tcp --src 178.79.152.69 --dport 443 -j REDIRECT --to-ports 8443 -A OUTPUT -p tcp -m tcp --src 176.58.107.88 --dport 443 -j REDIRECT --to-ports 8443 -A OUTPUT -p tcp -m tcp --src 178.79.152.69 --dport 80 -j REDIRECT --to-ports 8080 -A OUTPUT -p tcp -m tcp --src 176.58.107.88 --dport 80 -j REDIRECT --to-ports 8080 Comment And here's your first problem. You need to specifically state NM_CONTROLLED=no. Also, you need to add ONPARENT=yes to the eth0:0 interface file. I've included copies of the interface files in a previous message Comment Mark - unfortunately the NM_CONTROLLED and ONPARENT options don't exist in Ubuntu, but I've solved this by rewriting my IPTables rules (see above). Thanks for your suggestions time taken to answer in detail. Anyway, I've now got each of my websites serving its own SSL certificate correctly. When you go to: https://www.moyshele.com/test.jsp https://www.joli-ciel.com/test.jsp You can see that the local IP and local name are now correct. Thanks all for your help! Best regards, Assaf
Re: IP-based virtual hosting with useIPVHosts=true always goes to default host
Hi Chris, On 6/8/12 11:12 AM, Assaf Urieli wrote: Ok, this is strange. I created a test.jsp page that prints request.getLocalName(), request.getServerName(), and request.getLocalAddr(). I tried various scenarios in the browser: http://domain1.com, http://www.domain1.com, http:/1.2.3.4, http://domain2.com, http://www.domain2.com, http://5.6.7.8, as well as all of the above with https. What /real/ URLs are you using to hit your server? I dont see a port number anywhere. Sorry, I was trying to keep it generic up to now to see if I was simply doing something stupid, but I'll go ahead and publish my real domains/IPs. So, my test page code is: pJava Version:%= System.getProperty( java.version ) % pLocal name:%= request.getLocalName() % pServer name:%= request.getServerName() % pLocal IP:%= request.getLocalAddr() % So, the addresses to test are: http://www.joli-ciel.com/test.jsp http://www.moyshele.com/test.jsp http://178.79.152.69/test.jsp http://176.58.107.88/test.jsp And exactly the same four, but with HTTPS: https://www.joli-ciel.com/test.jsp https://www.moyshele.com/test.jsp https://178.79.152.69/test.jsp https://176.58.107.88/test.jsp Now, every single one of these gives the exact same values for request.getLocalName() and request.getLocalAddr(). request.getLocalName(): www.joli-ciel.com request.getLocalAddr(): 178.79.152.69 And this is why, even when useIPVHosts=true, I always get the HTTPS Connector corresponding to 178.79.152.69, which gives the wrong SSL certificate for https://www.moyshele.com For info, my /etc/network/interfaces file: auto lo iface lo inet loopback auto eth0 eth0:0 iface eth0 inet static address 178.79.152.69 netmask 255.255.255.0 gateway 178.79.152.1 pre-up iptables-restore /etc/iptables.conf iface eth0:0 inet static address 176.58.107.88 netmask 255.255.255.0 pre-up iptables-restore /etc/iptables.conf Note (in case it's relevent) that /etc/iptables.conf is mapping port 8080 to port 80 and port 8443 to port 443 - relevent portions below: *nat :PREROUTING ACCEPT [11:3512] :POSTROUTING ACCEPT [13:844] :OUTPUT ACCEPT [13:844] -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A OUTPUT -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443 -A OUTPUT -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 COMMIT My /etc/hosts file: 127.0.0.1localhost.localdomain localhost 178.79.152.69www.joli-ciel.com bilbo.joli-ciel.com bilbo.aplikaterm.com www.aplikaterm.com joli-ciel.com bilbo 176.58.107.88www.moyshele.com www.flyingpencil.com moyshele.com flyingpencil.com moyshele ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts The relevent portions of my server.xml file: Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 URIEncoding=UTF-8 redirectPort=8443 / Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true address=178.79.152.69 keystoreFile=/home/tomcat6/.keystore1 keystorePass= maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS URIEncoding=UTF-8 / Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true address=176.58.107.88 keystoreFile=/home/tomcat6/.keystore2 keystorePass= maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS URIEncoding=UTF-8 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Alias178.79.152.69/Alias Aliasaplikaterm.com/Alias Aliaswww.aplikaterm.com/Alias Aliasjoli-ciel.com/Alias Aliaswww.joli-ciel.com/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=/home/tomcat6/logs/joliciel prefix=joliciel_access_log. suffix=.log pattern=%A %h %l %u %t '%r' %s %b resolveHosts=false/ /Host Host name=moyshele.com appBase=/usr/share/moyshele unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Alias176.58.107.88/Alias Aliasmoyshele.com/Alias Aliaswww.moyshele.com/Alias Context path= docBase=./ Valve className
Re: IP-based virtual hosting with useIPVHosts=true always goes to default host
Thanks Mark Konstantin for your replies. I'm still having no luck here. I've tried to apply all of Mark's suggestions to Ubuntu. SAN certificates are not currently an option for me (because of pricing, and also because the two domains do not officially belong to the same legal entity). My question is: * When an HTTP/HTTPS request is made, when and how do request.getLocalName() and request.getLocalAddr() get filled in? Note that in my case, http://1.2.3.4 and http:/5.6.7.8 are directed to the correct server, but they are always getting the following settings: * request.getLocalAddr(): the IP address from the primary interface in /etc/network/interfaces * request.getLocalName(): the name corresponding to the primary interface IP from /etc/hosts Rgds, Assaf PS, regarding Mark's info, I posted my /etc/network/interfaces file in a previous post. The only change I made now is that I removed the gateway from the second interface (see updated file below). All interfaces come up correctly, and I can ping both gateways. My updated interfaces file below: auto lo iface lo inet loopback auto eth0 eth0:0 iface eth0 inet static address 1.2.3.4 netmask 255.255.255.0 gateway 1.2.3.1 pre-up iptables-restore /etc/iptables.conf iface eth0:0 inet static address 5.6.7.8 netmask 255.255.255.0 pre-up iptables-restore /etc/iptables.conf I've also updated server.xml to contain only 3 connectors. Only one for HTTP (name-based virtual hosting) - no address, and useIPVHosts = false: Connector port=8080 protocol=HTTP/1.1 useIPVHosts=false connectionTimeout=2 URIEncoding=UTF-8 redirectPort=8443 / And as before, for HTTPS for address 1.2.3.4: Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true address=1.2.3.4 keystoreFile=/home/tomcat6/. keystore1 keystorePass=xx maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS URIEncoding=UTF-8 useIPVHosts=true / And one for HTTPS for address 5.6.7.8: Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true address=5.6.7.8 keystoreFile=/home/tomcat6/.keystore2 keystorePass=xx maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS URIEncoding=UTF-8 useIPVHosts=true /
Re: IP-based virtual hosting with useIPVHosts=true always goes to default host
Answering my own question to a certain extent: * When an HTTP/HTTPS request is made, when and how do request.getLocalName() and request.getLocalAddr() get filled in? From v6.0.35 source code, org/apache/catalina/connector/CoyoteAdapter.java, line 489: if (connector.getUseIPVHosts()) { serverName = req.localName(); When I dig deeper into the source code to where the request's local name is getting set in the first place, it seems to be getting set from socket.getLocalAddress(), on org/apache/catalina/http11/Http11Processor.java, line 1063. if ((localName == null) (socket != null)) { InetAddress inetAddr = socket.getLocalAddress(); if (inetAddr != null) { localName = inetAddr.getHostName(); } } So my question is now: why would socket.getLocalAddress() always return the default interface, rather than resolving the domain/IP in the request header to the correct interface? As stated before, in my case, http://1.2.3.4 and http:/5.6.7.8 are both directed correctly to my web server, but they are always getting the following settings: * request.getLocalAddr(): the IP address from the primary interface in /etc/network/interfaces = http://1.2.3.4 * request.getLocalName(): the name corresponding to the primary interface IP from /etc/hosts = www.domain1.com Is there any way to troubleshoot this? Rgds, Assaf
IP-based virtual hosting with useIPVHosts=true always goes to default host
Hi all, I'm attempting to set up a multi-host system with a separate SSL certificate per host. According to the documentation, this is problematic using name-based virtual hosting: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#General_Tips_on_Running_SSL Finally, using name-based virtual hosts on a secured connection can be problematic. So, I'm trying to accomplish this via IP-based virtual hosting, using the useIPVHosts=true flag. (Note: I've tried name-based virtual hosting with useIPVHosts=false, and it doesn't work either) I've gone through the full thread discussing this at: http://mail-archives.apache.org/mod_mbox/tomcat-users/201005.mbox/%3c4bfb9c17.20...@cox.net%3E However, I'm still not managing to access the domain2.com host via SSL (4th connector on list below). * Tomcat version: 6.0.24 (standalone) * OS: Ubuntu 10.0.4LTS * JVM: java 1.6.0_22 (Sun distribution) I've setup my server.xml as follows: Service name=Catalina Connector port=8080 protocol=HTTP/1.1 address=1.2.3.4 useIPVHosts=false connectionTimeout=2 URIEncoding=UTF-8 redirectPort=8443 / Connector port=8080 protocol=HTTP/1.1 address=5.6.7.8 useIPVHosts=false connectionTimeout=2 URIEncoding=UTF-8 redirectPort=8443 / Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true address=1.2.3.4 keystoreFile=/home/tomcat6/.keystore1 keystorePass=xx maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS URIEncoding=UTF-8 useIPVHosts=true / Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true address=5.6.7.8 keystoreFile=/home/tomcat6/.keystore2 keystorePass=xx maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS URIEncoding=UTF-8 useIPVHosts=true / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Alias1.2.3.4/Alias Aliasdomain1.com/Alias Aliaswww.domain1.com/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=/home/tomcat6/logs/domain1 prefix=domain1_access_log. suffix=.log pattern=%A %h %l %u %t '%r' %s %b resolveHosts=false/ /Host Host name=domain2.com appBase=/usr/share/domain2 unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Alias5.6.7.8/Alias Aliasdomain2.com/Alias Aliaswww.domain2.com/Alias Context path= docBase=./ Valve className=org.apache.catalina.valves.AccessLogValve directory=/home/tomcat6/logs/domain2 prefix=domain2_access_log. suffix=.log pattern=%A %h %l %u %t '%r' %s %b resolveHosts=false/ /Host /Engine /Service On the Ubuntu OS, I've configured my /etc/hosts file as follows: 127.0.0.1localhost.localdomain localhost 1.2.3.4www.domain1.com domain1.com domain1 5.6.7.8www.domain2.com domain2.com domain2 My DNS settings contain the following A records: for domain1.com [blank] 1.2.3.4 www 1.2.3.4 for domain2.com [blank] 5.6.7.8 www5.6.7.8 When I use HTTP (without SSL), it works fine, as it's using the name-based virtual hosting. When I use HTTPS (with SSL and useIPVHosts=true), I'm always sent to the default host. When I look at the log files generated by the AccessLogValve, I'm always getting IP address 1.2.3.4 for the Local IP address (%A), regardless of how I access the websites on the browser - via HTTP or HTTPs, and via IP address or domain name. Even if I enter the IP address http://5.6.7.8 or https://5.6.7.8 in the browser, the access logs list 1.2.3.4 as the local IP. Any suggestions on how to troubleshoot? Thanks in advance, Assaf
Re: IP-based virtual hosting with useIPVHosts=true always goes to default host
Hello, Looking at the code, the value used for host name in IP-based virtual hosts is ServletRequest.getLocalName(). It is not getLocalAddr() and there is no pattern in AccessLogValve that prints it. You can write simple JSP page that will display its value. Ok, this is strange. I created a test.jsp page that prints request.getLocalName(), request.getServerName(), and request.getLocalAddr(). I tried various scenarios in the browser: http://domain1.com, http://www.domain1.com, http:/1.2.3.4, http://domain2.com, http://www.domain2.com, http://5.6.7.8, as well as all of the above with https. The only parameter that changes in all these scenarios is request.getServerName(). request.getLocalName() = www.domain1.com (always!) request.getLocalAddr() = 1.2.3.4 (always!) request.getServerName() = domain1.com, www.domain1.com, 1.2.3.4, domain2.com, www.domain2.com, 5.6.7.8 Quote: [[[ if (connector.getUseIPVHosts()) { serverName = req.localName(); ]]] Which explains why useIPVHosts changes nothing for me - request.getLocalName() is always giving the same result. What is it that sets request.getLocalName() in the first place? In what scenario would the name be different? Even if I enter the IP address http://5.6.7.8 or https://5.6.7.8 in the browser, the access logs list 1.2.3.4 as the local IP. This is odd. How 5.6.7.8 is configured at OS level? Do you have separate network card for it or it is something else? My /etc/network/interfaces file looks like this: # The loopback interface auto lo iface lo inet loopback # Configuration for eth0 and aliases # This line ensures that the interface will be brought up during boot. auto eth0 eth0:0 #iface eth0 inet dhcp # eth0 - This is the main IP address that will be used for most outbound connections. # The address, netmask and gateway are all necessary iface eth0 inet static address 1.2.3.4 netmask 255.255.255.0 gateway 1.2.3.1 pre-up iptables-restore /etc/iptables.conf # eth0:0 # This is a second public IP address. iface eth0:0 inet static address 5.6.7.8 netmask 255.255.255.0 gateway 5.6.7.1 pre-up iptables-restore /etc/iptables.conf Your connector with address=5.6.7.8 - did it start successfully and did bind to the specified address? Tomcat itself will continue starting even if one of its connectors fails. (There is a system property that changes this behaviour of ignoring an error, though I do not remember whether it works in 6.0.24). How does one find out if a connector starts successfully and binds at a specific address? Is there a log somewhere for this information? Nothing obvious was written to the catalina.-MM-dd.log indicating failure. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Best regards, Assaf
Re: Malicious host is crashing my server
DumpFilter is a good idea. For the time being we have decided to just block the ip address. If it comes again from a different IP, I guess we will need to further examine! Thanks for all the good ideas Assaf - Original Message From: David Fisher dfis...@jmlafferty.com To: Tomcat Users List users@tomcat.apache.org Cc: Tomcat Users List users@tomcat.apache.org Sent: Mon, November 8, 2010 12:00:49 AM Subject: Re: Malicious host is crashing my server You could modify the RequestDumpFilter to only dump the request for that ip address. Regards, Dave Sent from my iPhone On Nov 7, 2010, at 12:28 PM, Assaf ass...@yahoo.com wrote: A filter to block is good. But then I would not be able to see him doing it again and then find out the issue. Assaf - Original Message From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:48:20 PM Subject: RE: Malicious host is crashing my server From: Assaf [mailto:ass...@yahoo.com] Subject: Malicious host is crashing my server what can I do to better protect? As a temporary preventive measure, you can disable access from this particular IP address by configuring the RemoteAddrValve in server.xml: Valve className=org.apache.catalina.valves.RemoteAddrValve deny=79\.177\.23\.102/ That should give you some time to work out the real fix. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Malicious host is crashing my server
Hello, I have a recurring visitor (from a fixed IP address: bzq-79-177-23-102.red.bezeqint.net) who is constantly visiting my site and EACH time causes the server to crash. My server actually gets a JDBC begin failed error for the next http calls. Analyzing the logs, I cannot find out what is wrong. I can see it is a script as he is visiting the same pages in the same order (never downloading images/css/js). The only thing that I have noticed that is different with this user are the http headers he uses: Expand HTTP read ahead 1.0 I could not google anything about those. I am running tomcat 6.0.20 on linux with mysql. Anyone has an idea what this can be? How to find out? Also, what can I do to better protect? Thanks, Assaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
Hi, It might be. But I am not sure how to find out more. Any suggestions? Assaf - Original Message From: Marc Boorshtein mboorsht...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:29:09 PM Subject: Re: Malicious host is crashing my server JDBC? Are you sure its not an attempted SQL Injection attack? On Sun, Nov 7, 2010 at 12:23 PM, Assaf ass...@yahoo.com wrote: Hello, I have a recurring visitor (from a fixed IP address: bzq-79-177-23-102.red.bezeqint.net) who is constantly visiting my site and EACH time causes the server to crash. My server actually gets a JDBC begin failed error for the next http calls. Analyzing the logs, I cannot find out what is wrong. I can see it is a script as he is visiting the same pages in the same order (never downloading images/css/js). The only thing that I have noticed that is different with this user are the http headers he uses: Expand HTTP read ahead 1.0 I could not google anything about those. I am running tomcat 6.0.20 on linux with mysql. Anyone has an idea what this can be? How to find out? Also, what can I do to better protect? Thanks, Assaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
I know what sql injection is. But I cannot find any clues to it. None of the requests have any paramers or posting. Anyone has an idea how to find if this is the case? - Original Message From: Marc Boorshtein mboorsht...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 7:08:01 PM Subject: Re: Malicious host is crashing my server Do a search on SQL injection and you will get plenty of results Sent from my iPad On Nov 7, 2010, at 1:03 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: Malicious host is crashing my server the culprit will change IPs That's why I said it was a temporary workaround. However, given the DNS name in use, it is likely assigned via DHCP by the perp's ISP, so an IP mask could be used to take out a range of IP addresses - at the risk of annoying any legitimate clients using the same ISP. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Malicious host is crashing my server
A filter to block is good. But then I would not be able to see him doing it again and then find out the issue. Assaf - Original Message From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Sun, November 7, 2010 6:48:20 PM Subject: RE: Malicious host is crashing my server From: Assaf [mailto:ass...@yahoo.com] Subject: Malicious host is crashing my server what can I do to better protect? As a temporary preventive measure, you can disable access from this particular IP address by configuring the RemoteAddrValve in server.xml: Valve className=org.apache.catalina.valves.RemoteAddrValve deny=79\.177\.23\.102/ That should give you some time to work out the real fix. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 6 fail to detect a matching certificate and stuck in an infinite loop
Hi I have a .keystore file which doesn't matches the SSL definitions in the server.xml. tomcat 4 handled it well - it was unable to connect to it but the logs showed a friendly messages and the server continue working fine. However in tomcat 6 when I configured the connectors in the server.xml with default settings or as org.apache.coyote.http11.Http11Protocol And I started the service the tomcat get in an infinite loop which holds the CPU in 90% and keep writing to catalina log the following error: 03/08/2008 11:09:37 org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocke tFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:310 ) at java.lang.Thread.run(Thread.java:619) 03/08/2008 11:09:37 org.apache.tomcat.util.net.JIoEndpoint$Acceptor run When I configure the connectors to work with org.apache.coyote.http11.Http11NioProtocol the problem seems to disappear Any ideas? Thanks Assaf Vizner NextNine.LTD 4 Ha-Nechoshet Tel-Aviv 69710 Israel E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Tel: +972(3)7673012 Mobile: +972(528)466746 Fax: +972(3)6497810
Generating Autoindex in Tomcat
Hello I am running tomcat 5.5.17 and i want to generate an auto index for the applications located on my server so i can pick which one i want to work with. basically what i want is like this , in directory foo i have 3 applications , i want the tomcat to present a page listing the applications ( file names) and when i add or remove an application it will know this automatically ( similar to the auto index in apache.) Is there a directive for that in Tomcat ? Assaf - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Troubleshooting load problems with on linux tomcat servers
This error seems to indicate that you XML is faulty and not closed properly on all parameters . If you are running it on Linux - use the xmllint to check the validation of the xml . Assaf Ragnar Moller (MA/EAF) wrote: We have a big Tomcat application with a number of servers. Some of the server have higher than expected loads on some of them. Load average on identical servers is either 5, 2 or 0.05. On the servers which have a hig value it remains high. No of running processes is identical on all servers. On some servers, Tomcat restarts have been seen where the servers signals non matching tags, but I don't know if this is significant. [Fatal Error] :1:239: The element type root-layout must be terminated by the matching end-tag /root-layout. Ideas for troubleshooting and diagnostics would be appreciated. Br, R Moller - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Error in dependencyCheck
Hello I've installed tomcat 5.5.17 - this is the 8th server i install in a row and the first one that displays this error when i start tomcat. I googled it a bit and it refers to TOC of the war file , whoever the same war file has been used on 2 other servers and with no issues . Any one got any ideas what might be generating the problem ? i added the stack output of the catalina.out log file 2006-12-19 18:26:14,239 [main] INFO org.apache.catalina.core.StandardService - Starting service Catalina 2006-12-19 18:26:14,246 [main] INFO org.apache.catalina.core.StandardEngine - Starting Servlet Engine: Apache Tomcat/5.5.17 2006-12-19 18:26:14,258 [main] INFO org.apache.catalina.core.StandardHost - XML validation disabled 2006-12-19 18:26:14,475 [main] ERROR org.apache.catalina.core.StandardContext - Error in dependencyCheck java.util.zip.ZipException: missing entry name at java.util.zip.ZipInputStream.readLOC(ZipInputStream.java:227) at java.util.zip.ZipInputStream.getNextEntry(ZipInputStream.java:73) at java.util.jar.JarInputStream.init(JarInputStream.java:58) at java.util.jar.JarInputStream.init(JarInputStream.java:43) at org.apache.catalina.util.ExtensionValidator.getManifest(ExtensionValidator.java:372) at org.apache.catalina.util.ExtensionValidator.validateApplication(ExtensionValidator.java:183) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4035) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardHost.start(StandardHost.java:718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) 2006-12-19 18:26:14,505 [main] ERROR org.apache.catalina.core.StandardContext - Error getConfigured 2006-12-19 18:26:14,506 [main] ERROR org.apache.catalina.core.StandardContext - Context [] startup failed due to previous errors Thanks Assaf - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ProxyDirContext.lookupCache Error on a new Tomcat install
Hello I've installed a new server , with the tomcat that comes with the mandrake 2007 RPM's . (tomcat 5.5.17) when i load up my application and access the website i get multiple errors like the one below , At first i thought it was due to the fact that some of images are located on the loadbalancer proxy and the fact that the server doesn't see them , but even after redirecting the traffic via the proxy the error appeared. Any one ever encountered this error before ? I've added the error stack trace and the server .xml Thank you Assaf 2006-12-04 19:16:27,255 [main] DEBUG org.apache.commons.modeler.Registry - Found jar:file:/usr/share/java/tomcat5/catalina-5.5.17.jar!/org/apache/catalina/u sers/mbeans-descriptors.xml 2006-12-04 19:16:27,264 [main] DEBUG org.apache.commons.modeler.modules.MbeansDescriptorsDOMSource - Reading descriptors ( dom ) 8 ...skipping... ) for servlet default threw exception java.lang.NoSuchMethodError: org.apache.naming.resources.ProxyDirContext.lookupCache(Ljava/lang/String;)Lorg/apache/naming/resources/CacheEntry; at org.apache.catalina.servlets.DefaultServlet.serveResource(DefaultServlet.java:679) at org.apache.catalina.servlets.DefaultServlet.doGet(DefaultServlet.java:354) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at tap.web.TAPRequestFilter.doFilter(TAPRequestFilter.java:35) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:534) Server.xml looks like this : Server port=8005 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -- Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true/ !-- Note : To use gzip compression you could set the following properties : compression=on compressionMinSize=2048 noCompressionUserAgents=gozilla, traviata compressableMimeType=text/html,text/xml -- Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 / !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=test.foo.com debug=0 Host name=test.foo.com debug=0 appBase=/foo unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false
j_security_check exception
Hello working with Tomcat i am unable to get the replication to preform smoothly , when i start an authentication session (login) i see my application finishing the login procedure correctly but the replication is throwing this exception and the application and tomcat freeze. Any one ever encountered this behavior before ? Thanks Assaf 2006-11-07 14:22:34,951 [http-8443-Processor25] DEBUG org.apache.catalina.cluster.tcp.ReplicationValve - Invoking replication request on /jsp/pages/j_security_check 2006-11-07 14:22:35,086 [http-8443-Processor25] ERROR org.apache.coyote.tomcat5.CoyoteAdapter - An exception or error occurred in the container during the r equest processing java.lang.ClassCastException at org.apache.catalina.cluster.session.DeltaRequest.setPrincipal(DeltaRequest.java:89) at org.apache.catalina.cluster.session.DeltaSession.setPrincipal(DeltaSession.java:567) at org.apache.catalina.cluster.session.DeltaSession.setPrincipal(DeltaSession.java:561) at org.apache.catalina.authenticator.AuthenticatorBase.register(AuthenticatorBase.java:818) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:176) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.java:141) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:534) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: changing the length of the jsessionid
I took the sources of the 5.0.30 tomcat and made the changes, recompiled the RPM and installed it on one of my QC servers . the session id that is generated from the tomcat is indeed 30 chars but now it seems that the jvmroute and the balancer in front of it are not adding the .x to the jsessionid . my balancer config is : ProxyPass / balancer://mycluster/ lbmethod=bytraffic stickysession=jsessionid nofailover=Off Proxy balancer://mycluster BalancerMember ajp://172.31.1.1:8081 ttl=60 route=1 #BalancerMember http://172.31.1.2:8080 ttl=60 route=2 #BalancerMember ajp://172.31.1.3:8080 ttl=60 route=3 Order Allow,Deny Allow from all /Proxy I specifically changed the ajp port to 8081 - it is not an error , the connector on the tomcat is defined : Connector port=8081 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / and the jvmroute is defined : Engine name=Catalina defaultHost=www.foo.com debug=0 jvmroute=1 but the end result is cookie: JSESSIONID=FB5B5218F8A9021652FDE8C270F991 any guess why that is ? Thanks Christopher Schultz wrote: Assaf, Does anyone know how i can shorten the length of the jsessionid from 32 chars to 30 ? In Tomcat 4.1, the class org.apache.catalina.session.ManagerBase creates sessions and assigns ids to them. The source I'm looking at right now uses a message digest algorithm (it's not clear which one, but probably MD5) which returns a fixed-width string. I suppose you could modify this file directly and re-package it with your deployment, or possibly even subclass it and somehow install it without having to modify Tomcat's internals (I don't know how to specify which Manager gets used by Tomcat... someone else will have to answer that). Any particular reason you want to shorten the session id? -chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
replication not working
Hello I have 3 servers with tomcat 5.0.30 , and i want to run them with data replication . I manage to see the servers coming up and i can see in the log the other servers identifying the other members of the cluster , however when starting to test the replication between servers - there is non . Server 1 : 2006-11-06 18:04:44,954 [Cluster-MembershipReceiver] INFO org.apache.catalina.cluster.tcp.SimpleTcpCluster - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://172.31.1.1:4001,172.31.1.1,4001, alive=42788] Server 2: 006-11-06 18:04:46,464 [Cluster-MembershipReceiver] INFO org.apache.catalina.cluster.tcp.SimpleTcpCluster - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://172.31.1.2:4001,172.31.1.2,4001, alive=2] I can not upgrade to tomcat 5.5 so an answer along those lines is not helpful . anyone got an idea as to what can be the cause of this ? Assaf - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: replication not working
my bad i forgot to add the Cluster definitions of my server.xml Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster managerClassName=org.apache.catalina.cluster.session.D expireSessionsOnShutdown=false useDirtyFlag=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=228.0.0.4 mcastPort=45564 mcastFrequency=500 mcastDropTime=3000/ Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=auto tcpListenPort=4001 tcpSelectorTimeout=100 tcpThreadCount=25/ Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled/ Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;. Deployer className=org.apache.catalina.cluster.deploy.FarmWarDeployer tempDir=/tmp/temp/ deployDir=/tmp/deploy/ watchDir=/tmp/listen/ watchEnabled=false/ /Cluster thanks Assaf Assaf Flatto wrote: Hello I have 3 servers with tomcat 5.0.30 , and i want to run them with data replication . I manage to see the servers coming up and i can see in the log the other servers identifying the other members of the cluster , however when starting to test the replication between servers - there is non . Server 1 : 2006-11-06 18:04:44,954 [Cluster-MembershipReceiver] INFO org.apache.catalina.cluster.tcp.SimpleTcpCluster - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://172.31.1.1:4001,172.31.1.1,4001, alive=42788] Server 2: 006-11-06 18:04:46,464 [Cluster-MembershipReceiver] INFO org.apache.catalina.cluster.tcp.SimpleTcpCluster - Replication member added:org.apache.catalina.cluster.mcast.McastMember[tcp://172.31.1.2:4001,172.31.1.2,4001, alive=2] I can not upgrade to tomcat 5.5 so an answer along those lines is not helpful . anyone got an idea as to what can be the cause of this ? Assaf - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
changing the length of the jsessionid
Hello Does anyone know how i can shorten the length of the jsessionid from 32 chars to 30 ? thanks Assaf - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: new tomcat installation failes to start
Martin locate jmx /usr/share/java/mx4j/boa/mx4j-rjmx-boa-3.0.1.jar /usr/share/java/mx4j/mx4j-jmx-3.0.1.jar /usr/share/java/mx4j/mx4j-jmx.jar /usr/share/java/mx4j/mx4j-rjmx-3.0.1.jar /usr/share/java/mx4j/mx4j-rjmx.jar /usr/share/java/tomcat5/catalina-ant-jmx-5.5.17.jar /usr/share/java/tomcat5/catalina-ant-jmx.jar /usr/share/java/jmxri.jar /usr/share/tomcat5/bin/jmxaccessor-tasks.xml /usr/lib/gcj/tomcat5/catalina-ant-jmx-5.5.17.jar.db /usr/lib/gcj/tomcat5/catalina-ant-jmx-5.5.17.jar.so /var/lib/rpm/alternatives/jmxri /var/lib/tomcat5/server/lib/catalina-ant-jmx.jar /var/lib/tomcat5/common/endorsed/jmx.jar /etc/alternatives/jmxri as you can see - the jmx is not the issue in this case . Assaf Martin Gainty wrote: Assaf- you're missing Java Management package jmx.jar..On my box I have it at %TOMCAT_HOME%/bin http://java.sun.com/products/JavaManagement/download.html Martin-- This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents - Original Message - From: Assaf Flatto [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Monday, October 16, 2006 11:27 AM Subject: RE: new tomcat installation failes to start hello found the problem and fixed it , but now i have another issue : when i start it with the minimal server.xml it comes up fine , but wen i add my servr.xml : !-- Example Server Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN !-- Comment these entries out to disable JMX MBeans support used for the administration web application -- Listener className=org.apache.catalina.core.AprLifecycleListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. By default, a non-SSL HTTP/1.1 Connector is established on port 8080. You can also enable an SSL HTTP/1.1 Connector on port 8443 by following the instructions below and uncommenting the second Connector entry. SSL support requires the following steps (see the SSL Config HOWTO in the Tomcat 5 documentation bundle for more detailed instructions): * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or later, and put the JAR files into $JAVA_HOME/jre/lib/ext. * Execute: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) with a password value of changeit for both the certificate and the keystore itself. By default, DNS lookups are enabled when a web application calls request.getRemoteHost(). This can have an adverse impact on performance, so you can disable it by setting the enableLookups attribute to false. When DNS lookups are disabled
Re: new tomcat installation failes to start
David #rpm -qa *sun-compat* java-1.4.2-sun-compat-1.4.2.10-1jpp As you can see the compat rpm is installed. Assaf David Smith wrote: These messages make me think you are trying to run tomcat 5.5 on a 1.4.x JVM. If so, download and install the compat package and install it. It's on the same page as the other tomcat release downloads. --David Assaf Flatto wrote: hello found the problem and fixed it , but now i have another issue : when i start it with the minimal server.xml it comes up fine , but wen i add my servr.xml : !-- Example Server Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN !-- Comment these entries out to disable JMX MBeans support used for the administration web application -- Listener className=org.apache.catalina.core.AprLifecycleListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. By default, a non-SSL HTTP/1.1 Connector is established on port 8080. You can also enable an SSL HTTP/1.1 Connector on port 8443 by following the instructions below and uncommenting the second Connector entry. SSL support requires the following steps (see the SSL Config HOWTO in the Tomcat 5 documentation bundle for more detailed instructions): * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or later, and put the JAR files into $JAVA_HOME/jre/lib/ext. * Execute: %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) with a password value of changeit for both the certificate and the keystore itself. By default, DNS lookups are enabled when a web application calls request.getRemoteHost(). This can have an adverse impact on performance, so you can disable it by setting the enableLookups attribute to false. When DNS lookups are disabled, request.getRemoteHost() will return the String version of the IP address of the remote client. -- !-- Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / !-- Note : To disable connection timeouts, set connectionTimeout value to 0 -- !-- Note : To use gzip compression you could set the following properties : compression=on compressionMinSize=2048 noCompressionUserAgents=gozilla, traviata compressableMimeType=text/html,text/xml -- !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true
org.xml.sax.SAXParseException
Hello list Starting my tomcat (5.5.117) i get the following error, i validated the xml's and the pass , i matched the DTD and the also are defined properly has anyone encountered this behavior before ? thanks Assaf 5863 [main] INFO org.apache.struts.validator.ValidatorPlugIn - Loading validation rules file from '/WEB-INF/validator-rules.xml' 5863 [main] INFO org.apache.struts.validator.ValidatorPlugIn - Loading validation rules file from '/WEB-INF/validation.xml' 6028 [main] ERROR org.apache.commons.digester.Digester - Parse Error at line 49 column 76: Attribute position must be declared for element type arg1. org.xml.sax.SAXParseException: Attribute position must be declared for element type arg1. at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source) at org.apache.xerces.util.ErrorHandlerWrapper.error(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source) at org.apache.xerces.impl.dtd.XMLDTDValidator.addDTDDefaultAttrsAndValidate(Unknown Source) at org.apache.xerces.impl.dtd.XMLDTDValidator.handleStartElement(Unknown Source) at org.apache.xerces.impl.dtd.XMLDTDValidator.emptyElement(Unknown Source) at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source) at org.apache.xerces.parsers.XMLParser.parse(Unknown Source) at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source) at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source) at org.apache.commons.digester.Digester.parse(Digester.java:1666) at org.apache.commons.validator.ValidatorResources.init(ValidatorResources.java:156) at org.apache.struts.validator.ValidatorPlugIn.initResources(ValidatorPlugIn.java:237) at org.apache.struts.validator.ValidatorPlugIn.init(ValidatorPlugIn.java:162) at org.apache.struts.action.ActionServlet.initModulePlugIns(ActionServlet.java:869) at org.apache.struts.action.ActionServlet.init(ActionServlet.java:336) at javax.servlet.GenericServlet.init(GenericServlet.java:211) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1105) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:932) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:3917) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4201) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardHost.start(StandardHost.java:718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
new tomcat installation failes to start
hello i've just installed a tomcat on a clean OS ( MDK 2007) . When i try and start the tomcat service i get the following error Created MBeanServer with ID: 1d05c81:10e51d8bab4:-8000:www01.pjoker.com:1 java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:266) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:431) Caused by: java.lang.NoClassDefFoundError: org/xml/sax/ext/Attributes2 at org.apache.xerces.parsers.AbstractSAXParser.init(Unknown Source) at org.apache.xerces.parsers.SAXParser.init(Unknown Source) at org.apache.xerces.parsers.SAXParser.init(Unknown Source) at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.init(Unknown Source) at org.apache.xerces.jaxp.SAXParserImpl.init(Unknown Source) at org.apache.xerces.jaxp.SAXParserFactoryImpl.newSAXParser(Unknown Source) at org.apache.tomcat.util.digester.Digester.getParser(Digester.java:691) at org.apache.tomcat.util.digester.Digester.getXMLReader(Digester.java:899) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561) at org.apache.catalina.startup.Catalina.load(Catalina.java:489) at org.apache.catalina.startup.Catalina.load(Catalina.java:523) ... 6 more i googled and looked in archives but couldn't find the source of this problem . packages installed are : tomcat5-jasper-5.5.17-3.1.2mdv2007.0 tomcat5-5.5.17-3.1.2mdv2007.0 tomcat5-webapps-5.5.17-3.1.2mdv2007.0 tomcat5-servlet-2.4-api-5.5.17-3.1.2mdv2007.0 tomcat5-jsp-2.0-api-5.5.17-3.1.2mdv2007.0 tomcat5-server-lib-5.5.17-3.1.2mdv2007.0 tomcat5-common-lib-5.5.17-3.1.2mdv2007.0 jakarta-commons-fileupload-1.0-5.1mdv2007.0 jakarta-commons-daemon-1.0.1-4.1mdv2007.0 jakarta-oro-2.0.8-2.3mdv2007.0 jakarta-commons-logging-1.1-3.2mdv2007.0 jakarta-commons-beanutils-1.7.0-4.2mdv2007.0 jakarta-commons-httpclient-3.0.1-1mdv2007.0 jakarta-commons-digester-1.7-4.1mdv2007.0 jakarta-commons-pool-1.3-2.1mdv2007.0 jakarta-commons-modeler-1.1-7.1mdv2007.0 jakarta-commons-launcher-1.1-1.1mdv2007.0 jakarta-taglibs-standard-1.1.2-2mdv2007.0 jakarta-commons-collections-3.2-1.1mdv2007.0 jakarta-commons-discovery-0.3-2.1mdv2007.0 jakarta-commons-el-1.0-6.2mdv2007.0 jakarta-commons-dbcp-1.2.1-5.1mdv2007.0 jakarta-commons-validator-1.3.0-1.1mdv2007.0 the java is pointing to : update-alternatives --display java java - status is auto. link currently points to /usr/lib/jvm/jre-1.4.2-sun/bin/java /usr/lib/jvm/java-1.4.2-jamvm-1.4.2.0/jre/bin/java - priority 1420 slave rmiregistry: /usr/lib/jvm/java-1.4.2-jamvm-1.4.2.0/jre/bin/rmiregistry slave jre_exports: /usr/lib/jvm-exports/jre-1.4.2-jamvm slave jre: /usr/lib/jvm/jre-1.4.2-jamvm /usr/lib/jvm/jre-1.4.2-gcj/bin/java - priority 1420 slave rmiregistry: /usr/lib/jvm/jre-1.4.2-gcj/bin/rmiregistry slave jre_exports: /usr/lib/jvm-exports/jre-1.4.2-gcj slave jre: /usr/lib/jvm/jre-1.4.2-gcj slave keytool: /usr/lib/jvm/jre-1.4.2-gcj/bin/keytool /usr/lib/jvm/jre-1.4.2-sun/bin/java - priority 1423 slave rmiregistry: /usr/lib/jvm/jre-1.4.2-sun/bin/rmiregistry slave jre_exports: /usr/lib/jvm-exports/jre-1.4.2-sun slave jre: /usr/lib/jvm/jre-1.4.2-sun slave keytool: /usr/lib/jvm/jre-1.4.2-sun/bin/keytool slave klist.1: /usr/share/man/man1/klist-java-1.4.2-sun-compat.1 slave policytool.1: /usr/share/man/man1/policytool-java-1.4.2-sun-compat.1 slave rmid: /usr/lib/jvm/jre-1.4.2-sun/bin/rmid slave java.1: /usr/share/man/man1/java-java-1.4.2-sun-compat.1 slave tnameserv.1: /usr/share/man/man1/tnameserv-java-1.4.2-sun-compat.1 slave orbd.1: /usr/share/man/man1/orbd-java-1.4.2-sun-compat.1 slave ktab.1: /usr/share/man/man1/ktab-java-1.4.2-sun-compat.1 slave javaws: /usr/lib/jvm/jre-1.4.2-sun/javaws slave policytool: /usr/lib/jvm/jre-1.4.2-sun/bin/policytool slave orbd: /usr/lib/jvm/jre-1.4.2-sun/bin/orbd slave keytool.1: /usr/share/man/man1/keytool-java-1.4.2-sun-compat.1 slave rmid.1: /usr/share/man/man1/rmid-java-1.4.2-sun-compat.1 slave tnameserv: /usr/lib/jvm/jre-1.4.2-sun/bin/tnameserv slave servertool.1: /usr/share/man/man1/servertool-java-1.4.2-sun-compat.1 slave kinit.1: /usr/share/man/man1/kinit-java-1.4.2-sun-compat.1 slave javaws.1: /usr/share/man/man1/javaws-java-1.4.2-sun-compat.1 slave servertool: /usr/lib/jvm/jre-1.4.2-sun/bin/servertool slave rmiregistry.1: /usr/share/man/man1/rmiregistry-java-1.4.2-sun-compat.1 Current `best' version is /usr/lib/jvm/jre-1.4.2-sun/bin/java. anyone got an idea ? thanks Assaf - To start a new topic, e-mail: users
RE: new tomcat installation failes to start
) at org.apache.catalina.core.StandardHost.start(StandardHost.java:718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Oct 16, 2006 6:20:40 PM org.apache.catalina.mbeans.ServerLifecycleListener propertyChange Any thoughts anyone ? Assaf - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cluste failure to initiate
Hello List i just upgraded my tomcat to 5.5.17 mdk , since we wanted to test the replication mechanism of the tomcat 5.5 . after i added the Cluster definitions in the server.xml i get the following error : 3543 [main] ERROR org.apache.catalina.mbeans.ServerLifecycleListener - Exception handling NamingResources property change javax.management.MBeanException: Cannot load ModelMBean class org.apache.catalina.mbeans.ContextResourceMBean nested exception is java.lang.ClassNotFoundException: org.apache.catalina.mbeans.ContextResourceMBean java.lang.ClassNotFoundException: org.apache.catalina.mbeans.ContextResourceMBean at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1352) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1198) at org.apache.commons.modeler.ManagedBean.createMBean(ManagedBean.java:409) at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:248) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:403) at org.apache.catalina.mbeans.ServerLifecycleListener.processNamingResourcesPropertyChange(ServerLifecycleListener.jav a:1315) i looked and found that the class reported as missing in available and readable: unzip -l /var/lib/tomcat5/server/lib/catalina.jar | grep ContextEnvironmentMBean 1698 07-19-06 10:42 org/apache/catalina/mbeans/ContextEnvironmentMBean.class what appears to be the problem is that the Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / is calling WebappClassLoader which fails to load and work . google and archives didn't help me on this so .. any ideas on how i can make this work ? Thanks Assaf - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]