Re: Possible AbstractProtocol.waitingProcessors leak in Tomcat 9.0.75
I met the same problem on Tomcat 9.0.74 these days and I think I have found the answer. Our case is: 1. Open serveral Chrome tabs and each tab establish a websocket connection and a websocket session with Tomcat. To keep the connection and session alive, there is a JS timer who send a STOMP heartbeat message to Tomcat server every 10 seconds. Tomcat will send a STOMP heart beat to Chrome every 10 seconds too. The timeout is 30 seconds on both sides. JS will establish a new websocket connection if the old connection is closed. Open dev tools for each tabs to observe and record the websocket connections. 2. Wait a few minutes and do nothing, we may find that: 1) the AbstractProtocol.waitingProcessors leak probably. 2) the hidden Chrome tab establish serveral websocket connections, only one alive, others are closed by Tomcat server. 3) look at the closed websocket conenctions carefully, we find that the heartbeats from the server are normal, but there is no heartbeat to the server in the last 30 seconds before the connection is closed. 4) many TCP connections are in TIME_WAIT state. The leak may happen when the WsSessions expired on the server side. I think the process is: 1. Chrome's Intensive Throttling will prevent the JS timer to send heartbeat messages on the hidden tabs in 1 Minute. 2. Tomcat check WsSession expiration every second by WsBackgroundThread. The WsSession will expire, and then Tomcat will send a close message to the client/ Chrome, and the client will send a close message as response. 3. In order to fix BZ 66508 dead-locks, https://bz.apache.org/bugzilla/ show_bug.cgi?id=66508, WsRemoteEndpointImplServer will release controll of processor(UpgradeInteralProcessor for websocket) and the socket lock, then re-take controll. The fix may set the socketWrapper.currentProcessor to null when semaphore(messagePartInProgress) contention happens. Now, WsSession is OUTPUT_CLOSED while the socket is not closed. 4. Client send a close message or a normal message to Tomcat, but socketWrapper.currentProcessor is null now instead of a UpgradeInteralProcessor, the AbstractProtocol/Http11NioProtocol will take a Http11Processor to process the websocket message, this causes protocol error which leads to Tocmat close socket immediately. Now, WsSession is OUTPUT_CLOSED and the socket is closed. Normally, processor is released by SocketWrapperBase.close(). SocketWrapperBase will remove its currentProcessor from AbstractProtocol.waitingProcessors. But the currentProcessor is null now and thus cannot be removed. There is no more chance to remove UpgradeInteralProcessor of the expired WsSession. Here is my solution: I think the key point is socketWrapper.currentProcessor should not be set to null when WsSession expires. socketWrapper.currentProcessor is changed by setCurrentProcessor() and takeCurrentProcessor() which both are invoked by client massage processing and protected by socketWrapper.lock. I've create a pr, please reveiw and check it, tks. https://github.com/apache/tomcat/pull/683 Liang - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Weekly restart of Tomcat service
It looks like the version of Java is 1.5.0_11 Brandy Jack I/S Dept Database Management ofc: (918) 615-7743 cel: (918) 527-4027 -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Wednesday, May 06, 2009 4:45 PM To: Tomcat Users List Subject: RE: Weekly restart of Tomcat service > From: Jack, Brandy [mailto:bj...@quiktrip.com] > Subject: RE: Weekly restart of Tomcat service > > The tomcat version seems to be 5.5.26. > It is running on Windows Server 2003 SP2. JVM version? > Can I get a thread dump from the command line on the server? Yes, if you're running on a 1.5 or newer JVM, and have a JDK installed. Use jps to find the process id Tomcat is using, then jstack to take a thread dump. Taking a thread dump in a normally running situation will give you an idea of what things should look like, so you can compare it to what you get when the server becomes unresponsive. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information in this e-mail from QuikTrip Corporation is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying is strictly prohibited. If you receive this e-mail in error, please immediately notify the sender via reply e-mail and delete this communication. QuikTrip Corporation - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Weekly restart of Tomcat service
Sorry, I'm new to this. The tomcat version seems to be 5.5.26. It is running on Windows Server 2003 SP2. Can I get a thread dump from the command line on the server? Brandy Jack I/S Dept Database Management ofc: (918) 615-7743 cel: (918) 527-4027 -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Wednesday, May 06, 2009 4:35 PM To: Tomcat Users List Subject: RE: Weekly restart of Tomcat service > From: Jack, Brandy [mailto:bj...@quiktrip.com] > Subject: RE: Weekly restart of Tomcat service > > If we don't restart, the users cannot access the application. If you can reproduce the problem in a test environment, that would help. Regardless, take a thread dump of Tomcat when the situation occurs; the mechanism to do so varies by platform and JVM (you didn't bother to tell us that, or even the version of Tomcat you're using). On a reasonable recent JVM, the easiest way to get a thread dump is with the jstack tool from the JDK. > But I'm not sure which log files contain the errors I > should be looking for. Any and all of them may contain useful information. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information in this e-mail from QuikTrip Corporation is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying is strictly prohibited. If you receive this e-mail in error, please immediately notify the sender via reply e-mail and delete this communication. QuikTrip Corporation - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Weekly restart of Tomcat service
If we don't restart, the users cannot access the application. It is java based (I think) and they blame it on the SQL server (of course) which is an entirely different server. I am looking in the tomcat log files from days past. But I'm not sure which log files contain the errors I should be looking for. Is it the catalina files or the stderr files? Brandy Jack I/S Dept Database Management ofc: (918) 615-7743 cel: (918) 527-4027 -Original Message- From: Hassan Schroeder [mailto:hassan.schroe...@gmail.com] Sent: Wednesday, May 06, 2009 3:49 PM To: Tomcat Users List Subject: Re: Weekly restart of Tomcat service On Wed, May 6, 2009 at 1:35 PM, Jack, Brandy wrote: > > We currently have a 3rd party application that isn't stable and we have > to restart Tomcat at least once a week to keep the application running. > > We have nagged the 3rd party vendor so much about other application > fixes that asking them to fix this would require some information and > statistics that indicate it is a coding or configuration issue. What happens if you /don't/ restart? Aren't there log messages that would be enough to convince them there's a problem? > Has anyone had any experience in regards to gathering performance stats > for Tomcat Here's one from lambdaprobe running on my production server (on Tomcat 6.0.x) -- "UP for 328 days 19 hours 34 minutes" One example of *not* requiring weekly restarts :-) FWIW, -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information in this e-mail from QuikTrip Corporation is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying is strictly prohibited. If you receive this e-mail in error, please immediately notify the sender via reply e-mail and delete this communication. QuikTrip Corporation - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Weekly restart of Tomcat service
We currently have a 3rd party application that isn't stable and we have to restart Tomcat at least once a week to keep the application running. We have nagged the 3rd party vendor so much about other application fixes that asking them to fix this would require some information and statistics that indicate it is a coding or configuration issue. Has anyone had any experience in regards to gathering performance stats for Tomcat or can you help me determine the best way to get the information I need to give to the vendor? I would appreciate any advice or help I can get. Signed, DBA, not the server admin and the only one willing to dive into the issue to find a solution. Brandy Jack I/S Dept Database Management ofc: (918) 615-7743 cel: (918) 527-4027 The information in this e-mail from QuikTrip Corporation is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying is strictly prohibited. If you receive this e-mail in error, please immediately notify the sender via reply e-mail and delete this communication. QuikTrip Corporation
Where to get the exact source code of tomcat6.exe and tomcat6w.exe
Hi, I see that tomcat6.exe and tomcat6w.exe is precompiled and is presented as is in Tomcat source code tree. Where can I find the exact source code for this two EXE? I'm aware of the Apache Commons procrun project, but I'm not sure whether tomcat6.exe and tomcat6w.exe are created from the latest procrun source code. And modification required? I appreciate if someone can shed some light on this. Thanks! -Jack Cai
Re: Tomcat6+ISAPI+IIS+Integrated Authentication+Large User
Hi I've uploaded a fresh log which shows only an attempted connection from an affected user (DOMAIN\mbn) A subsequent test with a 'normal' user produced a large log showing the successful connection. Thanks Paul Rainer Jung-3 wrote: > > Scrumpy Jack schrieb: >> Hi >> I'm trying to resolve an issue with Integrated Authentication when a user >> with a large Group Membership tries to access a site served by Tomcat via >> IIS ISAPI Redirect. >> >> For all other users, access is fine. For users with 70+ Windows groups, >> they >> are failing to be redirected and are getting a 500 error. Basic >> Authentication works fine. >> Can anyone point me in the direction of settings that increase buffer (?) >> settings related to Integrated Authentication? Any ideas as to where I >> should focus? (i.e. the ISAPI Filter config end, or Tomcat end?) > > If you can easily reproduce on a test system, set log_level to trace and > reproduce with a single request. Then show us your log_file. > > It is possible, that the informagtion gets forwarded via http headers. > The AJP protocol used between the isapi redirector and Tomcat needs to > send all http headers in a single AJP packet. The default maximum size > of the packet is 8KB. Recent versions of the redirector and of Tomcat > are able to use a higher value. But let's first check, if this is > actually the problem you are runnning into. > > Regards, > > Rainer > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > http://www.nabble.com/file/p20242376/Log%2BExcerpt.txt Log+Excerpt.txt http://www.nabble.com/file/p20247837/error_MaryBeth_isapi_redirect.log error_MaryBeth_isapi_redirect.log -- View this message in context: http://www.nabble.com/Tomcat6%2BISAPI%2BIIS%2BIntegrated-Authentication%2BLarge-User-tp20049325p20247837.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat6+ISAPI+IIS+Integrated Authentication+Large User
Hi Unfortunately the log I've uploaded isn't quite what you asked for. We have little access or control over the remote system, so this is just the start of the log. There are too many accesses in between to isolate the point where the failing user tries to connect - other than to say it doesn't even appear to make it to the logs (The access time was recorded by the user, but nothing appears in the ISAPI log at that time) A second site with the same issue is trying to get a clean log with only the failing user entry in it. This may come through in the next few days. It does seem that the 8k http header limit is our most likely culprit. Are you able to share how I increase this as that will be easy for me to have tested? Am happy to test whatever values you recommend that will hopefully confirm this is the right area to focus - I just haven't found a reference to this setting anywhere. Thanks Paul Rainer Jung-3 wrote: > > Scrumpy Jack schrieb: >> Hi >> I'm trying to resolve an issue with Integrated Authentication when a user >> with a large Group Membership tries to access a site served by Tomcat via >> IIS ISAPI Redirect. >> >> For all other users, access is fine. For users with 70+ Windows groups, >> they >> are failing to be redirected and are getting a 500 error. Basic >> Authentication works fine. >> Can anyone point me in the direction of settings that increase buffer (?) >> settings related to Integrated Authentication? Any ideas as to where I >> should focus? (i.e. the ISAPI Filter config end, or Tomcat end?) > > If you can easily reproduce on a test system, set log_level to trace and > reproduce with a single request. Then show us your log_file. > > It is possible, that the informagtion gets forwarded via http headers. > The AJP protocol used between the isapi redirector and Tomcat needs to > send all http headers in a single AJP packet. The default maximum size > of the packet is 8KB. Recent versions of the redirector and of Tomcat > are able to use a higher value. But let's first check, if this is > actually the problem you are runnning into. > > Regards, > > Rainer > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > http://www.nabble.com/file/p20242376/Log%2BExcerpt.txt Log+Excerpt.txt -- View this message in context: http://www.nabble.com/Tomcat6%2BISAPI%2BIIS%2BIntegrated-Authentication%2BLarge-User-tp20049325p20242376.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat6+ISAPI+IIS+Integrated Authentication+Large User
Hi I'm trying to resolve an issue with Integrated Authentication when a user with a large Group Membership tries to access a site served by Tomcat via IIS ISAPI Redirect. For all other users, access is fine. For users with 70+ Windows groups, they are failing to be redirected and are getting a 500 error. Basic Authentication works fine. Tomcat 6 IIS 6.0 on Windows 2003 ISAPI 1.2.26 32 bit Access to IIS for the same users (i.e. with no ISAPI filter) is fine. We have explored various Kerberos package size options in initial troubleshooting, but once we realized that IIS alone worked fine, it now appears that whatever is being passed to the ISAPI filter via IIS as part of the Authentication process is exceeding some buffer. The user is prompted for credentials (but shouldn't be) and will fail to get access regardless of what is typed. IE classifies site as Internet, when it isn't (And doesn't get mistrated for other users - i.e. Shows as Local Intranet and no user prompt appears) Can anyone point me in the direction of settings that increase buffer (?) settings related to Integrated Authentication? Any ideas as to where I should focus? (i.e. the ISAPI Filter config end, or Tomcat end?) Thanks!!! -- View this message in context: http://www.nabble.com/Tomcat6%2BISAPI%2BIIS%2BIntegrated-Authentication%2BLarge-User-tp20049325p20049325.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Why GlassFish
Leon Rosenberg wrote: Still, tomcat is the better implementation, simply because it doesn't have all the ejb stuff :-) I rise to agree with Leon. The reason I'm using Tomcat right now (and pestering the list with build questions, thanks for the help) is that it's simpler. I'm not /interested/ in application servers. I just /need/ one. NetBeans supporting Tomcat closes the loop for me. Thanks to the committers and architects for a manageable piece of open source. -- Jack J. Woehr# "Self-delusion is http://www.well.com/~jax # half the battle!" http://www.softwoehr.com # - Zippy the Pinhead
Re: Trying to build tomcat 6.0.18
Caldarale, Charles R wrote: There has been some recent revision of the Eclipse web site that was making it difficult for a script to retrieve the JDT jar. Thanks, Charles, clean and rebuild worked. -- Jack J. Woehr# "Self-delusion is http://www.well.com/~jax # half the battle!" http://www.softwoehr.com # - Zippy the Pinhead - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Trying to build tomcat 6.0.18
Mark Thomas wrote: Clean out the build area and start again. With a 1.5 JDK it should be as simple as ant download ant Awesome, that works. But in dist.xml is there a target called something like [EMAIL PROTECTED] ? :) -- Jack J. Woehr# "Self-delusion is http://www.well.com/~jax # half the battle!" http://www.softwoehr.com # - Zippy the Pinhead - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Trying to build tomcat 6.0.18
Martin Gainty wrote: Jack- did you take chucks advice and build with JDK 1.5 ? Yes .. now I've got a different problem :) E.g., compile: [javac] Compiling 1047 source files to /usr/local/src/Apache/Tomcat/apache-tomcat-6.0.18-src/output/classes [javac] /usr/local/src/Apache/Tomcat/apache-tomcat-6.0.18-src/java/org/apache/jasper/compiler/JDTCompiler.java:38: package org.eclipse.jdt.core.compiler does not exist [javac] import org.eclipse.jdt.core.compiler.IProblem; ... [javac] /usr/local/src/Apache/Tomcat/apache-tomcat-6.0.18-src/java/org/apache/jasper/compiler/JDTCompiler.java:401: cannot find symbol [javac] symbol : class ICompilationUnit [javac] location: class org.apache.jasper.compiler.JDTCompiler [javac] ICompilationUnit[] compilationUnits = [javac] ^ [javac] /usr/local/src/Apache/Tomcat/apache-tomcat-6.0.18-src/java/org/apache/jasper/compiler/JDTCompiler.java:402: cannot find symbol [javac] symbol : class ICompilationUnit [javac] location: class org.apache.jasper.compiler.JDTCompiler [javac] new ICompilationUnit[classNames.length]; [javac] ^ [javac] /usr/local/src/Apache/Tomcat/apache-tomcat-6.0.18-src/java/org/apache/jasper/compiler/JDTCompiler.java:407: org.apache.jasper.compiler.Compiler is abstract; cannot be instantiated [javac] Compiler compiler = new Compiler(env, [javac] ^ etc. ... Haven't looked yet to verify if: 1. The download target failed to download an artifact 2. There's an option -Dwithout.eclipse=true or somesuch 3. I'm losing my mind in some fashion :) -- Jack J. Woehr# "Self-delusion is http://www.well.com/~jax # half the battle!" http://www.softwoehr.com # - Zippy the Pinhead
Re: Trying to build tomcat 6.0.18
Caldarale, Charles R wrote: You need to build with a 1.5 JDK, Thank you so kindly! -- Jack J. Woehr# "Self-delusion is http://www.well.com/~jax # half the battle!" http://www.softwoehr.com # - Zippy the Pinhead - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Trying to build tomcat 6.0.18
Trying to build tomcat 6.0.18 ... ant -Dbase.dir=/usr/local/work/Java/Tomcat download bombs around here ... tips? : build-tomcat-dbcp: [copy] Copying 63 files to /usr/local/work/Java/Tomcat/tomcat6-deps/dbcp [move] Moving 63 files to /usr/local/work/Java/Tomcat/tomcat6-deps/dbcp/src/java/org/apache/tomcat/dbcp [javac] Compiling 63 source files to /usr/local/work/Java/Tomcat/tomcat6-deps/dbcp/classes [javac] /usr/local/work/Java/Tomcat/tomcat6-deps/dbcp/src/java/org/apache/tomcat/dbcp/dbcp/BasicDataSource.java:44: org.apache.tomcat.dbcp.dbcp.BasicDataSource is not abstract and does not override abstract method createQueryObject(java.lang.Class,javax.sql.DataSource) in javax.sql.DataSource -- Jack J. Woehr# "Self-delusion is http://www.well.com/~jax # half the battle!" http://www.softwoehr.com # - Zippy the Pinhead - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Refresh the cache
We were told by our vendor to clear the cache. That may not be the right term, but the process that they have us do is to remove the folders from the following directory: D:\Tomcat 4.1\work\Standalone\localhost -Original Message- From: David Smith [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 06, 2008 10:28 AM To: Tomcat Users List Subject: Re: Refresh the cache Mark Thomas wrote: > David Smith wrote: >> Could you provide some better detail regarding what you mean? Tomcat >> itself does not have a cache in any of it's versions. > > Not strictly true. Static resources are cached (for a few seconds), > classes are cached in the classloader, expressions are cached in > Jasper, etc. > > All that said, I don't think the OP is referring to any of these. > Equally, I have no idea what he does mean at the minute. > > Mark > True. I was thinking of cached responses. --David. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Refresh the cache
Is there a way to refresh the cache without stopping the service? Jack W. Gordon Jr Server Administrator Information Technology Oklahoma State University Stillwater, Oklahoma 74078 405-744-4540
RE: Re direction in tomcat 5.5
I'm running TomCat 5.5 on a windows server. I am trying to get everything
redirected to the ssl port 8443. I can still get to the site using the port
8080. I haven't found any examples that show how it should be configured.
This is my first TomCat installation and most everything has gone well, just
this one glictch. Should I just disable port 8080 in the system.xml, or is
there a more elegant solution. (for my 8080 connection the redirect is to
8443).
Jack W. Gordon Jr
Server Administrator
Information Technology
Oklahoma State University
Stillwater, Oklahoma 74078
405-744-4540
manager access configuration
Hello: I have problem with enable user to have either manager or admin access privilege. I modified /conf/tomcat-users.xml file to the following: even I change username name to username="jxw002" which is my login id, and password accordingly, I still have trouble with accessing to Status, and Tomcat Manager page at http://localhost:8080/index.html, I get Http 401 error. Thank you very much
Help on setup https on Tomcat in linux
I try to setup tomcat https connection on port 8443 in redhat linux. I followed the instruction and get no error when start tomcat. But I could NOT connect to it from browser by https://:8443/xxx.html . I setup the same tomcat in Window. It works. Could someone help me to sovle it? Thanks, Jack
Re: Is jsp designed for use by large websites
> Good Morning Jack- > As Tomcat is OpenSource (and not proprietary) and > can be installed on any OS (vs just 1) I dont > undertand > What is causing the number of Tomcat users to > attenuate over time? > M Hello, My logic is: 1a. JSP is not supported by many web hosting companies or is only supported in more expensive dedicated server plans. In contrast, open source alternatives such as php is well-supported by web hosting companies. -> Result: most small and medium sized websites/webapps that do not need a dedicated server use php. 1b. JSP has many great features. But php is also very powerful and has some capabilities that jsp doesn't have. -> Result: some heavy-traffic websites/webapps that require dedicated servers use jsp. Some others use php (eg. yahoo [http://news.com.com/2100-1023-963937.html]). -> 2. There are more php users than jsp users. -> 3. More people get involved in the development and support of php, while fewer people get involved in the development and support of jsp/tomcat. -> Result 1: PHP evolves in a faster pace. Some great features that only jsp supports originally may start to be supported by php. -> Result 2: More (open source) tools/programs are built on top of php. For example, open-source software, phpbb, is used to run many heavy traffic forums such as forums.mozillazine.org. -> 4. As php becomes more powerful and there are more php tools/programs, more people switch to it. So, we go back to point 2 and the circulation continues. -> 5. The number of jsp users becomes smaller. -> 6. Fewer people will get involved in the development and support of jsp/tomcat and so the future of jsp/tomcat will become less certain. I point this out because i like jsp and i am concerned about its future. I am not sure if my logic is correct. Correct me if you find any mistakes. ___ YM - 離線訊息 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 http://messenger.yahoo.com.hk - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is jsp designed for use by large websites
Hello all, Anyone know if tomcat's roadmap includes any plans to make tomcat more web hosting friendly? If not, i think the tomcat development team should consider about it, because this problem is seriously constraining the popularity of jsp and it forces web developers who like jsp to consider other server side languages. As the number of jsp users becomes smaller, fewer people will get involved in the development and support of tomcat and so the future of tomcat will become less certain. JSP has many great features and I think it will be a lot more popular if it's better supported by web hosting companies. Jack ___ YM - 離線訊息 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 http://messenger.yahoo.com.hk - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Is jsp designed for use by large websites
Hello all, I am a beginner and I am considering whether to use jsp or php to develop a web application. I prefer jsp since i am familiar with java. But i found that many web hosting companies either do not support jsp or only support jsp in their expensive dedicated server plans. In contrast, php is well-supported by almost all web hosting companies. Is jsp designed for use by large websites that require dedicated servers? Do you think php is a better choice for small and medium sized websites that don't require dedicated servers? Thank you. Jack ___ YM - 離線訊息 就算你沒有上網,你的朋友仍可以留下訊息給你,當你上網時就能立即看到,任何說話都冇走失。 http://messenger.yahoo.com.hk - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Howto Apache LDAP ACL pass to Tomcat ??
Try to pass apache ACL authenticated user credential to Tomcat, but failed. System: FreeBSD 6.1, Apache 2.2.3, SUN jdk 1.4.2, Tomcat 5.5 Apache is setup to authenticate against LDAP server AuthLDAPURL ldap://ldap.jackyu.org/dc=jackyu,dc=org?uid AuthLDAPGroupAttributeIsDN off AuthLDAPGroupAttribute memberUid AuthLDAPBindDN cn=bind,ou=SystemAccounts,dc=jackyu,dc=org AuthLDAPBindPassword ** AuthType basic AuthName "AAA" AuthBasicProvider ldap require ldap-group cn=test,ou=Groups,dc=jackyu,dc=org AllowOverride None Order deny,allow Deny from all AuthzLDAPAuthoritative on Users with LDAP group membership of test can authenticated themselves while accessing the home page in apache, http://jackyu.org/index.html. When apache ACL authenticated users go to http://jackyu.org/xyz/index.jsp, the page will go through mod_jk and parse to tomcat server (on the same host) here is the mod_jk in httpd.conf. # mod_jk.so settings JkWorkersFile "/usr/local/etc/apache22/workers.properties" JkLogFile "/var/log/mod_jk.log" JkLogLevel debug JkMount /xyz abc JkMount /zyx/* abc # end of mod_jk.so settings here is the workers.propertises worker.list=abc worker.abc.port=8009 worker.abc.host=localhost worker.abc.type=ajp13 worker.abc.lbfactor=1 worker.abc.cachesize=10 worker.abc.cache_timeout=600 worker.abc.socket_keepalive=1 worker.abc.recycle_timeout=300 I have also added tomcatAuthentication="false" to the server.xml in tomcat. in the tomcat webapp /xyz, added the following the the web.xml AAA /* HTTP GET POST PUT DELETE test BASIC AAA The role that is required to log in to the AAA test The apache authenticated user credential (with ldap group test) didn't pass to tomcat properly. The log file displayed null for user. Also, if users copy paste the url, http://jackyu.org/xyz/index.jsp, to a new browser, no apache ACL login popup. Anyone knows how to make this work? Thanks Jack Yu [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How is a cipher chosen when the "ciphers" attribute in server.xml is not specified?
Cheers, Mark. On 8/7/06, Mark Thomas <[EMAIL PROTECTED]> wrote: Jack Ashburn wrote: > Hi, > > I'm configuring my Tomcat server so that it uses a "strong" cipher for > SSL. From the docs in both Tomcat 4.1 and 5.0, the "ciphers" attribute > for the "connector" element in server.xml accepts "A comma seperated > [sic] list of the encryption ciphers that may be used. If not > specified, then any available cipher may be used." > > My questions are: > > 1. When the "ciphers" attribute is not specified, how does Tomcat > choose the cipher to use from the "any available cipher[s]"? It doesn't, it takes whatever the default is. This may vary depending on JDK version, vendor etc. Look at the relevant docs to see which it is for your platform. > 2. Why doesn't Tomcat choose the strongest available ciphers from > what's made available to the Java runtime? Because generally the stronger the algorithm, the greater the processing overhead. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How is a cipher chosen when the "ciphers" attribute in server.xml is not specified?
Hi, I'm configuring my Tomcat server so that it uses a "strong" cipher for SSL. From the docs in both Tomcat 4.1 and 5.0, the "ciphers" attribute for the "connector" element in server.xml accepts "A comma seperated [sic] list of the encryption ciphers that may be used. If not specified, then any available cipher may be used." My questions are: 1. When the "ciphers" attribute is not specified, how does Tomcat choose the cipher to use from the "any available cipher[s]"? 2. Why doesn't Tomcat choose the strongest available ciphers from what's made available to the Java runtime? For question #2, I'm guessing (being not as knowledgeable in this area as I'd like to be) it's because a "strong" cipher is only as strong as a user perceives it to be, and therefore what is strongest for one user may not be strongest for another. Also, the ciphers that are available to choose from is dependent on the Java runtime version, the runtime vendor (e.g., IBM JRE may have different ciphers from Sun JRE) as well as the cryptography service providers that are made available via the JRE's java.security file. Is this correct? Thanks in advance! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: BOOBIES!
With the huge number of issue covered in the past and what I consider to be very good documentation, I am surprised by a lot of the questions asked, including this one. In any event, to sympathize is one thing and to sympathize after this antisocial conduct is another. Also, if you think the documentation needs improving, I am sure no one will stop you. On 7/25/06, Alex Turner <[EMAIL PROTECTED]> wrote: Quite frankly, I sympathize with the original poster. This list is very unresponsive quite often, and I would never recommentd tomcat to a commercial company because the mailing list support is terrible. Heck, I've even called commercial support vendors for tomcat who have not returned my phone calls. The tomcat community needs to do a better job of helping users, or they can watch users go over to BEA Weblogic and Websphere. I know I'm considering it as soon as I can afford a BEA or Websphere license. When someone has to put 'BOOBIES' in the subject to get attention that speaks of a wider problem than someone being insensitive. Alex. On 7/25/06, Dakota Jack <[EMAIL PROTECTED]> wrote: > > What can be gained is a measure of civility. I don't think someone who > deliberately does something offensive to achieve their own ends is in a > position to say when their behavior is properly handled. Some people just > have a hard time putting themselves into the position of others, or don't > care whom they offend. You would be, I would think, the very last person > in > the world to adjudicate when this topic is finished. However, you might > have noticed that it was finished before you came back. > > On 7/24/06, Harris, Thomas <[EMAIL PROTECTED]> wrote: > > > > > > I sent the original message, with an appropriate subject, over two weeks > > before the plea for attention follow-up with the very offensive subject. > > The original subject was "Shared code but different pages on different > > virtual hosts?" We're on a really tight schedule, and having waited two > > weeks for any answer was no longer something we could do, so my boss > > actually suggested getting a little attention on the message via this > > silly stunt. > > > > So, I did get some help on the topic in question, and lots more besides, > > It's was quite fun actually, reading some of the silliness that this one > > word has spawned. Someone mentioned the Superbowl of 2004, and I concur. > > > > Let's put this to rest... What can be gained by continuing on and on > > about how horribly offensive this subject line is. > > > > Tom > > > > -Original Message- > > From: Januski, Ken [mailto:[EMAIL PROTECTED] > > Sent: Sunday, July 23, 2006 8:26 AM > > To: Tomcat Users List; Tomcat Users List > > Subject: RE: BOOBIES! > > > > Like many I've resisted this thread because I figured it would be > > STUPID! STUPID, YES I SAID STUPID. Did that get your attention? > > > > Now let me ask: how many people read threads here whose subject is in > > caps followed by an explanation point? And what does that subject > > usually say? Something like HELP, TOMCAT DONT WORK, a type of spam or > > something similar. I almost always skip those messages. Some people have > > more patience than I and so do end up helping someone who has gotten > > desperate. More experienced users know that they're much more likely to > > get an answer to their question by choosing a more informative and less > > excited subject. > > > > So what does someone think when they see BOOBIES! and what did the > > author of that message think that they would think? Well I have little > > doubt that they expected anyone to think of birds and I doubt that that > > was the first reaction of any reader no matter how avid a birder. So I > > have a very hard time believing that the author had any intent other > > than to get a reaction of some sort from readers who saw the subject and > > didn't think bird. I don't think this has anything to do with puritanism > > or political correctness. I can't think of anything I like much less > > than political correctness. But it's very hard to see this as having > > anything to do with political correctness. To me it's just someone > > trying to be clever and then trying to cover their tracks when they find > > out that many uses don't actually find it clever. ENOUGH SAID! > > > > > > > > > > -Original Message- > > From: Robert Koberg [mailto:[EMAIL PROTECTED] > > Sent: Sun 7/23/2006 7:28 AM > > To: Tomcat Users List > > Subject: Re: BOOBIES! > &g
Re: SSL - Self Signed Cert appears to work but doesn't.
I have some instructions for building certs and setting up tomcat config at: http://jack.godau.googlepages.com/jbosscertificatesandopenssl Maybe you will find some useful info there. Cheers Jack... On 24/07/06, Morel, Jeremy <[EMAIL PROTECTED]> wrote: All, I'm sure this is a very basic queston and has been asked many times, but I'm trying to import a self-signed cert. I've followed instructions to do so on the apache site, and also verified with several others who concur I've done the steps correctly. There are no errors indicated in catalina.out, yet I can not access anything via HTTPS. (I have changed the connector port from 8443 to 443, but it's not working either way.) Requests eventually time out. HTTP requests work just fine. Any help is greatly appreciated. Please mail me directly at [EMAIL PROTECTED] -Jeremy Jeremy M. Morel Programmer / Analyst Department of Computing Resources Southern New Hampshire University 2500 North River Road Manchester, NH, USA 03106-1045 Phone: (603) 668-2211 Ext. 2337 Fax: (603) 645-9775 IM: JeremySNHU -- Cheers Jack... The claim "natural" is not synonymous with safe. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: BOOBIES!
What can be gained is a measure of civility. I don't think someone who deliberately does something offensive to achieve their own ends is in a position to say when their behavior is properly handled. Some people just have a hard time putting themselves into the position of others, or don't care whom they offend. You would be, I would think, the very last person in the world to adjudicate when this topic is finished. However, you might have noticed that it was finished before you came back. On 7/24/06, Harris, Thomas <[EMAIL PROTECTED]> wrote: I sent the original message, with an appropriate subject, over two weeks before the plea for attention follow-up with the very offensive subject. The original subject was "Shared code but different pages on different virtual hosts?" We're on a really tight schedule, and having waited two weeks for any answer was no longer something we could do, so my boss actually suggested getting a little attention on the message via this silly stunt. So, I did get some help on the topic in question, and lots more besides, It's was quite fun actually, reading some of the silliness that this one word has spawned. Someone mentioned the Superbowl of 2004, and I concur. Let's put this to rest... What can be gained by continuing on and on about how horribly offensive this subject line is. Tom -Original Message- From: Januski, Ken [mailto:[EMAIL PROTECTED] Sent: Sunday, July 23, 2006 8:26 AM To: Tomcat Users List; Tomcat Users List Subject: RE: BOOBIES! Like many I've resisted this thread because I figured it would be STUPID! STUPID, YES I SAID STUPID. Did that get your attention? Now let me ask: how many people read threads here whose subject is in caps followed by an explanation point? And what does that subject usually say? Something like HELP, TOMCAT DONT WORK, a type of spam or something similar. I almost always skip those messages. Some people have more patience than I and so do end up helping someone who has gotten desperate. More experienced users know that they're much more likely to get an answer to their question by choosing a more informative and less excited subject. So what does someone think when they see BOOBIES! and what did the author of that message think that they would think? Well I have little doubt that they expected anyone to think of birds and I doubt that that was the first reaction of any reader no matter how avid a birder. So I have a very hard time believing that the author had any intent other than to get a reaction of some sort from readers who saw the subject and didn't think bird. I don't think this has anything to do with puritanism or political correctness. I can't think of anything I like much less than political correctness. But it's very hard to see this as having anything to do with political correctness. To me it's just someone trying to be clever and then trying to cover their tracks when they find out that many uses don't actually find it clever. ENOUGH SAID! -Original Message- From: Robert Koberg [mailto:[EMAIL PROTECTED] Sent: Sun 7/23/2006 7:28 AM To: Tomcat Users List Subject: Re: BOOBIES! Wow... how do some people make it through the day without exploding from some terrible insult. I can't believe this thread subject has turned into such a big deal. I deleted the first 5 or so because I thought it was spam. Then I saw names responding which I recognized. I really don't understand how someone can be offended by a word like 'boobies' and can still use the Internet, or real life for that matter. grow up and grow a skin... Dantes Inferno invoked for using the word 'boobies.' The road to hell is paved with... Dakota Jack wrote: > Golly, Charles, > > Maybe you need some training? Maybe you are the one who does not get the > point? If you think I am going to apologize for your taking a serious > topic > that hurts people and covering it with your inane indifference, you > might be > wrong. The worst people are not the haters, although they are bad enough, > the worst people are the indifferent. If you read Dantes Inferno you will > find the colder the heart, the more the indifference, the lower your level > in hell. Understand? > > On 7/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> >> Thank you. I was caught up in a witch hunt and feel undeservedly bashed >> over my attempt to inject some light-hearted jest into an overheated >> atmosphere. Plainly the poster who calls him or herself "Dakota Jack" >> didn't >> view the link. He or she had already made up his or her mind and >> couldn't be >> bothered with facts. >> >> For those of you didn't see the link, it was a photo of a bird (not >> engaged in a sexua
Re: BOOBIES!
Thank you. I can only say "Exactly". On 7/23/06, Januski, Ken <[EMAIL PROTECTED]> wrote: Like many I've resisted this thread because I figured it would be STUPID! STUPID, YES I SAID STUPID. Did that get your attention? Now let me ask: how many people read threads here whose subject is in caps followed by an explanation point? And what does that subject usually say? Something like HELP, TOMCAT DONT WORK, a type of spam or something similar. I almost always skip those messages. Some people have more patience than I and so do end up helping someone who has gotten desperate. More experienced users know that they're much more likely to get an answer to their question by choosing a more informative and less excited subject. So what does someone think when they see BOOBIES! and what did the author of that message think that they would think? Well I have little doubt that they expected anyone to think of birds and I doubt that that was the first reaction of any reader no matter how avid a birder. So I have a very hard time believing that the author had any intent other than to get a reaction of some sort from readers who saw the subject and didn't think bird. I don't think this has anything to do with puritanism or political correctness. I can't think of anything I like much less than political correctness. But it's very hard to see this as having anything to do with political correctness. To me it's just someone trying to be clever and then trying to cover their tracks when they find out that many uses don't actually find it clever. ENOUGH SAID! -Original Message- From: Robert Koberg [mailto:[EMAIL PROTECTED] Sent: Sun 7/23/2006 7:28 AM To: Tomcat Users List Subject: Re: BOOBIES! Wow... how do some people make it through the day without exploding from some terrible insult. I can't believe this thread subject has turned into such a big deal. I deleted the first 5 or so because I thought it was spam. Then I saw names responding which I recognized. I really don't understand how someone can be offended by a word like 'boobies' and can still use the Internet, or real life for that matter. grow up and grow a skin... Dantes Inferno invoked for using the word 'boobies.' The road to hell is paved with... Dakota Jack wrote: > Golly, Charles, > > Maybe you need some training? Maybe you are the one who does not get the > point? If you think I am going to apologize for your taking a serious > topic > that hurts people and covering it with your inane indifference, you > might be > wrong. The worst people are not the haters, although they are bad enough, > the worst people are the indifferent. If you read Dantes Inferno you will > find the colder the heart, the more the indifference, the lower your level > in hell. Understand? > > On 7/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> >> Thank you. I was caught up in a witch hunt and feel undeservedly bashed >> over my attempt to inject some light-hearted jest into an overheated >> atmosphere. Plainly the poster who calls him or herself "Dakota Jack" >> didn't >> view the link. He or she had already made up his or her mind and >> couldn't be >> bothered with facts. >> >> For those of you didn't see the link, it was a photo of a bird (not >> engaged in a sexual or excretory function of patently offensive nature) >> native to the Galapagos Islands. It has blue feet and is commonly >> called a >> "Blue-footed booby". >> >> I await Dakota Jack's apology. >> -- >> Charles Knell >> [EMAIL PROTECTED] - email >> ----- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Re: Re: Re: BOOBIES!
Golly, Charles, Maybe you need some training? Maybe you are the one who does not get the point? If you think I am going to apologize for your taking a serious topic that hurts people and covering it with your inane indifference, you might be wrong. The worst people are not the haters, although they are bad enough, the worst people are the indifferent. If you read Dantes Inferno you will find the colder the heart, the more the indifference, the lower your level in hell. Understand? On 7/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Thank you. I was caught up in a witch hunt and feel undeservedly bashed over my attempt to inject some light-hearted jest into an overheated atmosphere. Plainly the poster who calls him or herself "Dakota Jack" didn't view the link. He or she had already made up his or her mind and couldn't be bothered with facts. For those of you didn't see the link, it was a photo of a bird (not engaged in a sexual or excretory function of patently offensive nature) native to the Galapagos Islands. It has blue feet and is commonly called a "Blue-footed booby". I await Dakota Jack's apology. -- Charles Knell [EMAIL PROTECTED] - email -Original Message- From: Nikola Milutinovic <[EMAIL PROTECTED]> Sent: Sat, 22 Jul 2006 07:10:53 -0700 (PDT) To: Tomcat Users List Subject: Re: Re: BOOBIES! > Two using their work email. These low lifes are so entertaining. > On 7/21/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > > http://www.globaladrenaline.com/hbs/images/QN---Blue-Footed-Boobie-1.jpg > > -- > > Charles Knell > > [EMAIL PROTECTED] - email Why was this one labeled as a "low life"? I thought he exercised excellent state of spirit. And why is using work address in his case considered a minus? For the original poster, I must admit I was totally surprised. I could not imagine anyone intelligent enough to formulate that question stupid, immature or sexist enough to place such a subject. I'm still hoping it is some bizarre mistake. Nix. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Re: Re: Re: BOOBIES!
Gosh, Wally. Maybe I did. On 7/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Gee, Jack. Maybe you didn't follow the link and simply assumed what was on the other end. -- Charles Knell [EMAIL PROTECTED] - email -Original Message- From: Dakota Jack <[EMAIL PROTECTED]> Sent: Fri, 21 Jul 2006 23:45:35 -0700 To: "Tomcat Users List" Subject: Re: Re: BOOBIES! Two using their work email. These low lifes are so entertaining. On 7/21/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > http://www.globaladrenaline.com/hbs/images/QN---Blue-Footed-Boobie-1.jpg > -- > Charles Knell > [EMAIL PROTECTED] - email > > > > -Original Message- > From: Michael Jouravlev <[EMAIL PROTECTED]> > Sent: Fri, 21 Jul 2006 15:41:41 -0700 > To: "Tomcat Users List" > Subject: Re: BOOBIES! > > Right, equality and stuff. Female audience, at least its non-lesbian > part, apparently has not been catered for. This is easy to fix. Will > "COCKS" be good enough? > > Thomas, have you explored CATALINA_HOME and CATALINA_BASE, they may > point to different directories. I haven't tried your setup, but maybe > it would work. I used similar setup, but for a different purpose. > CATALINA_BASE contained Tomcat itself, then I had two directories with > two applications, and I was setting CATALINA_HOME to these respective > homes in the command file when I started Tomcat from these > directories. In my case CATALINA_HOMEs did not contain Tomcat code > itself. > > Maybe you will also have to stick your jars into $CATALINA_BASE/shared/. > > Again, I haven't tried it. > > http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html > > On 7/21/06, Mead, Jennifer L - VSCM <[EMAIL PROTECTED]> wrote: > > Could this person (inject other undesirable word) please consider the > > fact that women are in the user's group also. > > > > Jennifer > > > > -Original Message- > > From: Harris, Thomas [mailto:[EMAIL PROTECTED] > > Sent: Friday, July 21, 2006 10:59 AM > > To: users@tomcat.apache.org > > Subject: BOOBIES! > > > > > > I have been trying to determine how to configure Tomcat 5.5.17 to have a > > shared appBase on multiple webapps, but have a different set of JSPs for > > each web app. I've followed the Wiki's CreateVirtualHosts page to > > configure multiple webapps that use exactly the same WAR file. But, I > > would like to share the Java, but supply a different docBase for each > > site. Is this possible? > > > > Reference: > > http://wiki.apache.org/tomcat/CreateVirtualHosts > > > > Thanks! > > > > Tom Harris > > > > "This communication is intended solely for the addressee and is > > confidential and not for third party unauthorized distribution" > > > > - > > To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, > > e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Re: BOOBIES!
Is this Shane O'Hanlon or David Farrelly? On 7/21/06, Oscar Mechanic <[EMAIL PROTECTED]> wrote: Yes I agree 100% please ensure as we live in the age of equality to use Subject "WILLIES" in your post. On Fri, 2006-07-21 at 14:09 -0400, Mike Wannamaker wrote: > I believe the subject was posted under different subject heading with no > response and he's trying to get people looking at it, which I'm sure he will > now. > > That said, some proper netiquette is appreciated in forums. > > I believe that I'm doing something similar, but using a different approach. > I too want to have some common resources that all webapps use. To do this > I'm installing my own FileDirContext for web apps which I inject what we > call aliases. > > IE: /basefiles = /home/tomcat/basefiles > > Thus when someone in the webapp makes a request for /basefiles/common.css it > looks it up in /home/tomcat/basefiles, which is outside of any web app > context. > > Is this what you want to do? > > Mike Wannamaker > > -Original Message- > From: Mead, Jennifer L - VSCM [mailto:[EMAIL PROTECTED] > Sent: July 21, 2006 2:01 PM > To: Tomcat Users List > Subject: RE: BOOBIES! > > Could this person (inject other undesirable word) please consider the > fact that women are in the user's group also. > > Jennifer > > -Original Message- > From: Harris, Thomas [mailto:[EMAIL PROTECTED] > Sent: Friday, July 21, 2006 10:59 AM > To: users@tomcat.apache.org > Subject: BOOBIES! > > > I have been trying to determine how to configure Tomcat 5.5.17 to have a > shared appBase on multiple webapps, but have a different set of JSPs for > each web app. I've followed the Wiki's CreateVirtualHosts page to > configure multiple webapps that use exactly the same WAR file. But, I > would like to share the Java, but supply a different docBase for each > site. Is this possible? > > Reference: > http://wiki.apache.org/tomcat/CreateVirtualHosts > > Thanks! > > Tom Harris > > "This communication is intended solely for the addressee and is > confidential and not for third party unauthorized distribution" > > - > To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Re: Re: BOOBIES!
Two using their work email. These low lifes are so entertaining. On 7/21/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: http://www.globaladrenaline.com/hbs/images/QN---Blue-Footed-Boobie-1.jpg -- Charles Knell [EMAIL PROTECTED] - email -Original Message- From: Michael Jouravlev <[EMAIL PROTECTED]> Sent: Fri, 21 Jul 2006 15:41:41 -0700 To: "Tomcat Users List" Subject: Re: BOOBIES! Right, equality and stuff. Female audience, at least its non-lesbian part, apparently has not been catered for. This is easy to fix. Will "COCKS" be good enough? Thomas, have you explored CATALINA_HOME and CATALINA_BASE, they may point to different directories. I haven't tried your setup, but maybe it would work. I used similar setup, but for a different purpose. CATALINA_BASE contained Tomcat itself, then I had two directories with two applications, and I was setting CATALINA_HOME to these respective homes in the command file when I started Tomcat from these directories. In my case CATALINA_HOMEs did not contain Tomcat code itself. Maybe you will also have to stick your jars into $CATALINA_BASE/shared/. Again, I haven't tried it. http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html On 7/21/06, Mead, Jennifer L - VSCM <[EMAIL PROTECTED]> wrote: > Could this person (inject other undesirable word) please consider the > fact that women are in the user's group also. > > Jennifer > > -Original Message- > From: Harris, Thomas [mailto:[EMAIL PROTECTED] > Sent: Friday, July 21, 2006 10:59 AM > To: users@tomcat.apache.org > Subject: BOOBIES! > > > I have been trying to determine how to configure Tomcat 5.5.17 to have a > shared appBase on multiple webapps, but have a different set of JSPs for > each web app. I've followed the Wiki's CreateVirtualHosts page to > configure multiple webapps that use exactly the same WAR file. But, I > would like to share the Java, but supply a different docBase for each > site. Is this possible? > > Reference: > http://wiki.apache.org/tomcat/CreateVirtualHosts > > Thanks! > > Tom Harris > > "This communication is intended solely for the addressee and is > confidential and not for third party unauthorized distribution" > > - > To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Re: BOOBIES!
If you are offended enough, ladies, I recommend that you take this misceant to the well. On 7/21/06, Harris, Thomas <[EMAIL PROTECTED]> wrote: I have been trying to determine how to configure Tomcat 5.5.17 to have a shared appBase on multiple webapps, but have a different set of JSPs for each web app. I've followed the Wiki's CreateVirtualHosts page to configure multiple webapps that use exactly the same WAR file. But, I would like to share the Java, but supply a different docBase for each site. Is this possible? Reference: http://wiki.apache.org/tomcat/CreateVirtualHosts Thanks! Tom Harris "This communication is intended solely for the addressee and is confidential and not for third party unauthorized distribution" - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Re: BOOBIES!
The last crude idiot who pulled a stunt like this was also stupid enough to use his work email address and lost his job. Way to go, Tom. Very few lists would support this borish and slovenly behavior. Struts will and will even have committers jump in their with equal depravity. On 7/21/06, Harris, Thomas <[EMAIL PROTECTED]> wrote: I have been trying to determine how to configure Tomcat 5.5.17 to have a shared appBase on multiple webapps, but have a different set of JSPs for each web app. I've followed the Wiki's CreateVirtualHosts page to configure multiple webapps that use exactly the same WAR file. But, I would like to share the Java, but supply a different docBase for each site. Is this possible? Reference: http://wiki.apache.org/tomcat/CreateVirtualHosts Thanks! Tom Harris "This communication is intended solely for the addressee and is confidential and not for third party unauthorized distribution" - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Re: BOOBIES!
You voted him in. Don't you just love him? What a pig! On 7/21/06, Michael Jouravlev <[EMAIL PROTECTED]> wrote: Right, equality and stuff. Female audience, at least its non-lesbian part, apparently has not been catered for. This is easy to fix. Will "COCKS" be good enough? Thomas, have you explored CATALINA_HOME and CATALINA_BASE, they may point to different directories. I haven't tried your setup, but maybe it would work. I used similar setup, but for a different purpose. CATALINA_BASE contained Tomcat itself, then I had two directories with two applications, and I was setting CATALINA_HOME to these respective homes in the command file when I started Tomcat from these directories. In my case CATALINA_HOMEs did not contain Tomcat code itself. Maybe you will also have to stick your jars into $CATALINA_BASE/shared/. Again, I haven't tried it. http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html On 7/21/06, Mead, Jennifer L - VSCM <[EMAIL PROTECTED]> wrote: > Could this person (inject other undesirable word) please consider the > fact that women are in the user's group also. > > Jennifer > > -Original Message- > From: Harris, Thomas [mailto:[EMAIL PROTECTED] > Sent: Friday, July 21, 2006 10:59 AM > To: users@tomcat.apache.org > Subject: BOOBIES! > > > I have been trying to determine how to configure Tomcat 5.5.17 to have a > shared appBase on multiple webapps, but have a different set of JSPs for > each web app. I've followed the Wiki's CreateVirtualHosts page to > configure multiple webapps that use exactly the same WAR file. But, I > would like to share the Java, but supply a different docBase for each > site. Is this possible? > > Reference: > http://wiki.apache.org/tomcat/CreateVirtualHosts > > Thanks! > > Tom Harris > > "This communication is intended solely for the addressee and is > confidential and not for third party unauthorized distribution" > > - > To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Re: How to configure tomcat SSL with pem file
You could turn the key into a certificate and then it would (most likely) work. Have a look at these instructions: http://jack.godau.googlepages.com/jbosscertificatesandopenssl Cheers Jack... On 30/06/06, Sujit Choudhury <[EMAIL PROTECTED]> wrote: I am running tomcat server and would like to have SSL support. I have a key signed by verisign which looks as follows: ./ssl-cert-check -i -c finalfile.pem HostIssuerStatus Expires Days Left --- - --- - FILE:finalfile.pem RSA Data Security ValidSep 16 2006 78 However, I can not use import command as it gives keytool error: java.lang.Exception: Input not an X.509 certificate I presume pem file is not X.509 file. I would be grateful if somebody can let me know how I can configure server.xml file or an alternative way to use the import command. Many thanks -- Sujit Choudhury ISLS University of Westminster Ext 3851 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Cheers Jack... The claim "natural" is not synonymous with safe. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat reject client certificate
I have some instructions at http://jack.godau.googlepages.com/jbosscertificatesandopenssl hopefully they are helpful. Cheers Jack... On 28/06/06, gabriele cicala <[EMAIL PROTECTED]> wrote: Hi to everybody. I have a problem with tomcat 5.5.17 where I try to set the client authentication to true in the server.xml file. I've used the instructions explained in the SSL part of the tomcat manual but I receive only an SSl error code 12271. I.ve tested the same technique in apache with the same client certificate and all function well. Any advice are very appreciated. Best regards. Gabriele Cicala -- Cheers Jack... The claim "natural" is not synonymous with safe. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authenticate Client!
Yes it does there is some work involved. I have some instructions at: http://jack.godau.googlepages.com/jbosscertificatesandopenssl hope it helps Jack... On 05/07/06, ngolehung84 <[EMAIL PROTECTED]> wrote: Hi, I'm using Tomcate 5.5.15. I have just configured SSL successful. Now I want tthat the Server will authenticate the Client by Client Certificate or Username/Password! Does Tomcat support this mode? If yes, how can I do? Thanks, Hung. -- View this message in context: http://www.nabble.com/Authenticate-Client%21-tf1892887.html#a5176581 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Cheers Jack... The claim "natural" is not synonymous with safe. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: job offering for a web application developer in switzerland
Hi, Frank, Do you have to speak German for this position? On 6/23/06, Frank Fischer <[EMAIL PROTECTED]> wrote: Hi all i hope it's not too offtopicthe company i'm working for has a open position for an experienced java web application developer. The working place would be at our main office in Bern, Switzerland. If you are interested, please have a closer look at the detailed job description (german only): http://www.aarenet.com/platform/content/element/184/Stelleninserat%20Web%20A pplication%20Developer.pdf Regards Frank -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Re: Tomcat SSL, how to set up clientAuthenticaton
Have a look at my doco it might help you: http://jack.godau.googlepages.com/jbosscertificatesandopenssl Cheers Jack... On 15/06/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hi, I am setting up a client authentication for Tomcat. I followed the following procedure but failed browsers. It says the issuer not found. Also I found another complete instruction which says 2 files are needed to import into browser's machine. I am trying to name the CN and the OU to match the domain name of the server. If some one know more than on this procedure. Please poste it and we should recommend Tomcat to make it into its documenation. Also I have question about the client authentication. If I go to CAcert.org, and register it. Then I can click client Authentication, and they can give me a certificate for the browser. How can we use that? Is that easier? I tried to import it into Tomcat's key store, it failed. 1 - Setting up the CA - Create /home/lams/openssl to hold the CA keys, server keys and (as we want to use SSL client authentication) the client keys. - Create a private key and certificate request for our CA: #openssl req -new -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key openssl req -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key - Create a CA's self-signed certificate: #openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem openssl x509 -req -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem - Import the CA certificate into the JDK certificate authorities keystore: $JAVA_HOME/bin/keytool -import -keystore £JAVA_JOME/lib/security/cacerts -file ca.pem -alias itcilo_ca - Create a file to hold the CA's serial numbers. This file starts with the number "2": echo "02" > ca.srl #for Windows, echo 02 > ca.srl 2 - Setting the web server - Create /etc/tomcat to contain both the keystore and the truststore files (Truststore is a keystore in which reside all the certificates with which a user can authenticate hisself on the server). - Create a keystore for the tomcat server. $JAVA_HOME/bin/keytool -genkey -alias map-test -keyalg RSA -keysize 1024 -keystore /etc/tomcat/server-keystore2.jks -storetype JKS - Create a certificate request for the web server. $JAVA_HOME/bin/keytool -certreq -keyalg RSA -alias map-test -file map-test.csr -keystore /etc/tomcat/server-keystore2.jks You need to edit the certificate request file slightly. Open it up in a text editor and amend the text which reads "NEW CERTIFICATE REQUEST" to "CERTIFICATE REQUEST" - Have your CA sign your certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in map-test.csr -out map-test.crt -days 365 - Import your CA certificate into your server keystore: This step is necessary because we want to use SSL client authentication. $JAVA_HOME/bin/keytool -import -alias itcilo_ca -keystore /etc/tomcat/server-keystore2.jks -trustcacerts -file ca.pem - Import the signed server certificate into the server keystore: $JAVA_HOME/bin/keytool -import -alias map-test -keystore /etc/tomcat/server-keystore2.jks -trustcacerts -file map-test.crt You should see a message "Certificate reply was installed in keystore". 3 - Setting up the ssl client - Create a client certificate request: #openssl req -new -newkey rsa:512 -nodes -out santiago.req -keyout santiago.key openssl req -newkey rsa:512 -nodes -out santiago.req -keyout santiago - Have the CA sign the client certificate. openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in santiago.req -out santiago.pem -days 365 - Import the CA certificate into the truststore: $JAVA_HOME/bin/keytool -import -alias itcilo_ca -keystore /etc/tomcat/truststore-itcilo2.jks -trustcacerts -file ca.pem - Import the client certificate into the truststore: $JAVA_HOME/bin/keytool -import -alias santiago -keystore /etc/tomcat/truststore-itcilo2.jks -trustcacerts -file santiago.pem - Generate a PKCS12 file containing the client key and certificate: openssl pkcs12 -export -clcerts -in santigao.pem -inkey santiago.key -out santiago.p12 -name "virgilio_certificate" - Import the PKCS12 file into the web browser to use as the client certificate and key (tools - internet options - contents - certificates, verify by clicking in "advanced" that "client authentication" is checked) 4 - Configure tomcat for ssl The following lines must be added to server.xml. The clientAuth parameter must be set to true as we want Tomcat to require all SSL clients to present a client Certificate in order to use this socket. Regards, Gaël Hi all I sorted it out. Thanks for you help. These are the steps I followed. Hope it helps someone. 1) perl CA.pl -newca (create a new CA) 2) perl CA.pl -newreq (new client request) 3) perl CA.pl -sign (s
Re: Not able to setup SSL on tomcat 5.5.17
Hi,
I am not sure how to do the SSL setup in code but to do it via the
config files you can see my instructions here:
http://jack.godau.googlepages.com/jbosscertificatesandopenssl
Cheers
Jack...
On 13/06/06, Raja Shaker Garlapati <[EMAIL PROTECTED]> wrote:
Hi all,
My application is using embedded tomcat 5.0.28 and jdk 1.4 version.
I am in process of migrating to embedded tomcat 5.5.17 and jdk 1.5 version.
I have made some code changes to setup the application. All the context
paths are set. I am able to access the default ROOT files, the /manager
files and other contexts as well from the browser.
In the browser when I type the URL starting with http://localhost:8080/..
(My application context) I am able to debug the request in the Controller
servlet and when i am redirecting it to https://..:8443/ (My application
context) from the Controller servlet the browser shows "The page cannot be
displayed" in IE. Is their any thing wrong with the below code. I have
attached only a part of code that I thought was wrong in setting SSL
settings.
// Assemble and install a default HTTP connector
Connector cConnector =null;
Connector cConnectorSecure = null;
InetAddress address = null;
try {
cConnector = new Connector();
cConnector.setSecure(false);
cConnector.setPort(httpPort); // 8080
address=InetAddress.getLocalHost();
//cConnector=(Connector)embedded.createConnector((java.net.InetAddress)null,
httpPort, false);
//commented the above line as createConnector is broken.
cConnector.setRedirectPort(httpsPort);// 8443
cConnector.setEnableLookups(true);
cConnector.setProperty("address",address.toString());
cConnector.setProperty("minSpareThreads","25");
cConnector.setProperty("maxSpareThreads","75");
cConnector.setProperty("acceptCount","100");
cConnector.setProperty("connectionTimeout","2");
cConnector.setProperty("disableUploadTimeout","true");
cConnectorSecure = new Connector();
cConnectorSecure.setScheme(secureUrl); // https
cConnectorSecure.setPort(httpsPort); //8443
cConnectorSecure.setSecure(true);
cConnectorSecure.setEnableLookups(false);
cConnectorSecure.setProperty("address",address.toString());
cConnectorSecure.setProperty("minSpareThreads","25");
cConnectorSecure.setProperty("maxSpareThreads","75");
cConnectorSecure.setProperty("acceptCount","100");
cConnectorSecure.setProperty("disableUploadTimeout","true");
cConnectorSecure.setProperty("keystoreFile",keystoreFile);
//.keystore file
cConnectorSecure.setProperty("keystorePass",keystorePass);
//keystore password
cConnectorSecure.setProperty("clientAuth",clientAuth); //false
cConnectorSecure.setProperty("sslProtocol",sslProtocolStr);
//TLS
} catch (Exception exp) {
exp.printStackTrace();
}
embedded.addConnector(cConnector);
embedded.addConnector(cConnectorSecure);
try{
embedded.start();
}catch(Exception e){}
Thanks & Regards,
Raj.
--
Cheers
Jack...
The claim "natural" is not synonymous with safe.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Setup
You can download the strong encryption mechanisms here: http://java.sun.com/j2se/1.4.2/download.html (Right at the bottom of the page) Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 1.4.2 On 06/06/06, Roch <[EMAIL PROTECTED]> wrote: How do I check to see if I have the strong encrytion algorithms in the JDK? -- View this message in context: http://www.nabble.com/SSL-Setup-t1710991.html#a4733795 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Cheers Jack... The claim "natural" is not synonymous with safe. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Setup
Do you have the strong encryption algorithms installed in the JDK you are using? On 02/06/06, Roch <[EMAIL PROTECTED]> wrote: I'm getting the error that says "cannot communicate securely because they have no common encryption algorithms. -- View this message in context: http://www.nabble.com/SSL-Setup-t1710991.html#a4680316 Sent from the Tomcat - User forum at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Cheers Jack... The claim "natural" is not synonymous with safe. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Setup
You can have a look here and see if you find any useful tips - this explains how I got SSL to work on Tomcat: http://jack.godau.googlepages.com/jbosscertificatesandopenssl Cheers Jack... On 31/05/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Hello. I'm setting up SSL. I have Tomcat 5.5.16. The error that I'm getting is that it can't locate my keystore file. I have using the keystorefile attribute but its still not working. Can anyone help? Ro - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat ssl not working
You can have a look here and see if you find any useful tips - this explains how I got SSL to work on Tomcat: http://jack.godau.googlepages.com/jbosscertificatesandopenssl Cheers Jack... On 01/06/06, Mike Sabroff <[EMAIL PROTECTED]> wrote: I am running 5.5.9 and have no problems with it (except that it is expired) but it still works if I accept it. Mike AJ Jonen wrote: > My tomcat server is not responding when I type in https://localhost:8443. > oddly enough it does work when I type in http://localhost:8443 > > I'm having a bit of an issue getting Tomcat to work on the secure port > 8443. What happens is I type https://localhost:8443 and the page > never loads. I get no errors (page cannot be found, page cannot be > displayed etc). My browser simply looks like it's loading the page, > it eventually says that it's done, but my browser home page is still > displayed. > > - The unsecure port (port 8090 in my case, because port 8080 was > already in use) works fine. > - I generated my keystore file, presumably correctly (I was prompted > to enter my name, organization, location, etc), and it is in the > correct location (C:\Program Files\Apache Software Foundation\Tomcat > 5.5\conf). > - Kathy O. looked at my server.xml page and says that everything looks > correct. Everything looks right to me too. > - I am using Tomcat 5.5 and I am using the correct java version (1.5, > not 1.4). > > Any ideas on what might be preventing the page from loading correctly > on the secure port? > > Rebecca > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- Mike Sabroff Web Services Developer [EMAIL PROTECTED] 920-568-8379 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Cheers Jack... The claim "natural" is not synonymous with safe. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with installing and configuring SSL support on Tomcat 5
Not sure exactly what the problem is you are having from the description. You can try and have a look at this link to see if you find anything useful there: http://jack.godau.googlepages.com/jbosscertificatesandopenssl Cheers Jack... On 29/05/06, Negar Taheri <[EMAIL PROTECTED]> wrote: Hello I have a problem with installing and configuring SSL support on Tomcat 5; I did all the things written in tomcat docs step by step in both tomcat 5.5.9and 5.5.17 on different computers, the keystore was created successfully but when I restart tomcat, seems that there where no changes and I'm not able to access any web application supported by Tomcat via SSL. For example when I try https://localhost:8443, the result is "The page cannot be displayed"! Please help me Regards Negar - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Client certificate
A trusted certificate is one signed by a CA. You might need to be storing the entire certifcate chain? Jack... On 16/05/06, Srikanth Madarapu <[EMAIL PROTECTED]> wrote: I am sorry forgot to mention the error message, the error I get is java.rmi.RemoteException: ; nested exception is: HTTP transport error: javax.xml.soap.SOAPException: java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Message send failed: sun.security.validator.ValidatorException: No trusted certificate found Thanks -Original Message- From: Srikanth Madarapu Sent: Tuesday, May 16, 2006 11:34 AM To: users@tomcat.apache.org Subject: Client certificate Hi I am new to tomcat. I have a jsp that connects to a web service available on a secure server. I need to have the client certificate so I have set the following system properties. System.setProperty( "javax.net.ssl.trustStore", "C:/Tomcat 5.5/webapps/SSO/client.keystore" ); System.setProperty( "javax.net.ssl.trustStorePassword", "changeit"); But it doesn't work, can somebody help how to achieve this. Thanks Srikanth - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Cheers Jack... The claim "natural" is not synonymous with safe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem in Tomcat
I have a page that has some config info about SSL with Client Authentication turned on. You could have a look there and see if you find any of it useful. http://jack.godau.googlepages.com/jbosscertificatesandopenssl Cheers Jack... On 11/05/06, Gavin Alexander <[EMAIL PROTECTED]> wrote: Hi, I am having a problem getting Tomcat to work properly with SSL. My server.xml file contains the lines shown below, which appear fine to me. Tomcat works fine with html pages, JSPs and servlets until such time as they require SSL, and then I get the following message: Unable to connect Firefox can't establish a connection to the server at localhost:8443. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. or, in IE: The page cannot be displayed The page you are looking for is currently unavailable. The Web site might be experiencing technical difficulties, or you may need to adjust your browser settings. Please try the following: ... If I enter https://localhost:8443 into the address bar of my browser (Firefox) I don't get the Tomcat splash page, as described in http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat%20Configuration%20File. If anyone can suggest any other configuration details, or tests that I can use to figure out the problem, I would be grateful. Thankyou, Gavin Alexander -- Cheers Jack... The claim "natural" is not synonymous with safe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and CRL(s) Certification Revocation Lists
Hi Jeff, you have the keystore type set as PKCS12 even though the CRL is a PEM format file (and hence not PKCS12 format). PKCS12 contains the private key as well as the cert and public key - which is not applicable for the CRL file so this might be why it is getting confused. You could try removing the keystoreType field and building the keystores as described on my page (as the method described there definitely works). http://jack.godau.googlepages.com/jbosscertificatesandopenssl On 10/05/06, Jeff Krug <[EMAIL PROTECTED]> wrote: Fri, May 05, at 04:31:PM : Jack has proclaimed: > I have already gotten Tomcat to work with a (single) CRL, and as it > was a bit of a struggle have placed some info for those trying to do > this at [1]. The document is far from perfect, and any comments are > welcome. > > [1] http://jack.godau.googlepages.com/jbosscertificatesandopenssl Thanks for this page. I am not using JBoss, but it has been useful. I have client certificate authentication working correctly, but I cannot seem to get CRLs to work. I built my CRL by executing: $openssl ca -batch -gencrl -crldays 30 -out crl.pem This way every user certificate I revoke can be packaged in a single CRL. Is this type of CRL legitimate for use in Tomcat? If it is a standard format CRL I would think so. Is there a way to turn on sufficient debugging within Tomcat so that I can try and figure out what is failing. I don't see any error messages in my tomcat.log file at all. I don't know if it is even trying to parse the crlFile, failing to parse the file, or if it is failing later to recognize the certificate is revoked. Again not sure on this point. I went with the prolonged trial and error method :( Cheers Jack... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
easiest way to schedule an automatic restart of tomcat?
Hi, What is an easy way to schedule an automatic restart of Tomcat - say every day at 3am? -- Cheers Jack... The claim "natural" is not synonymous with safe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL enabled and trying to open the port 8443 wit h the browser and nothing happend
Are you connecting to the Tomcat host using: https://localhost:8443 Not just http://localhost:8443 On 05/05/06, josemanuel lopez <[EMAIL PROTECTED]> wrote: Hi I enable SSL in Tomcat, creating a key creaded with keytool and I updated my server.xml removing the comments on the port 8443 to enable it's access. But when I call in my browser "localhost:8443" the browser receives a file and gives me option t save it or open it with ...??? But any Secure Session is created... Any one can help me.. I'm using: Tomcat 5.5.17 and jdk 1.5 the same happends with all browsers... __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Cheers Jack... The claim "natural" is not synonymous with safe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and CRL(s) Certification Revocation Lists
Hi, I have already gotten Tomcat to work with a (single) CRL, and as it was a bit of a struggle have placed some info for those trying to do this at [1]. The document is far from perfect, and any comments are welcome. Now to the questions: 1. Is it possible to swap out the CRL (ie overwrite it with a newer one) and have the changes picked up without a restart? 1.a. if a restart is needed is it enough to restart Tomcat or jboss be restarted? 2. Is it possible to use multiple CRLs (by pointing at a directory for example)? 2.a. if so would changes to this directory be dynamically read? 2.b. if not where is a good place (for me) to start looking at how to implement this? I would like to somehow have dynamic CRL loading (so something that can do this without restarting either jboss or tomcat). I am not picky as to it being a single CRL or a directory of same. -- Cheers Jack... The claim "natural" is not synonymous with safe. [1] http://jack.godau.googlepages.com/jbosscertificatesandopenssl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.5.17 500 error
I hava a web app running well in tomcat 5.5.16 yesterday, but when I copy the app in another machine, I met following error. "org.apache.jasper.JasperException: File "/webwork" not found" when I use webwork in jsp. "org.apache.jasper.JasperException: /index.jsp(22,4) File "/common/cn/myMenu.jsp" not found" when I use <%@ include ...%> tag in jsp. This is the error message -- HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: File "/webwork" not found org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:375) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jasper.JasperException: File "/webwork" not found org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:50) org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:407) org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:114) org.apache.jasper.compiler.TagLibraryInfoImpl.(TagLibraryInfoImpl.java:159) org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:423) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:492) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1552) org.apache.jasper.compiler.Parser.parse(Parser.java:126) org.apache.jasper.compiler.ParserController.doParse(ParserController.java:211) org.apache.jasper.compiler.ParserController.parse(ParserController.java:100) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:155) org.apache.jasper.compiler.Compiler.compile(Compiler.java:295) org.apache.jasper.compiler.Compiler.compile(Compiler.java:276) org.apache.jasper.compiler.Compiler.compile(Compiler.java:264) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:563) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:303) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) note The full stack trace of the root cause is available in the Apache Tomcat/5.5.17 logs. Apache Tomcat/5.5.17 And this is web.xml -- http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"; version="2.4"> Newsystem application wj 2005-2006 (Spring WebWork Hibernate App) contextConfigLocation /WEB-INF/classes/com/exbizex/applicationContext/applicationContext.xml, /WEB-INF/classes/com/exbizex/applicationContext/applicationTestContext.xml, /WEB-INF/classes/com/exbizex/applicationContext/standardJspApplicationContext.xml, /WEB-INF/classes/com/exbizex/applicationContext/applicationValueListContext.xml log4jConfigLocation /WEB-INF/classes/log4j.properties webAppRootKey centerApplication org.springframework.web.context.ContextLoaderListener com.atlassian.xwork.ext.ResolverSetupServletContextListener org.apache.axis.transport.http.AxisHTTPSessionListener cEncoding com.exbizex.center.filter.SetCharacterEncodingFilter encoding GBK jEncoding com.exbizex.center.filter.SetCharacterEncodingFilter encoding shift_jis centerAdminFilter com.exbizex.center.filter.CenterAdminFilter OpenSessionInViewFilter org.springframework.orm.hibernate3.support.OpenSessionInViewFilter jstlfilter com.exbizex.center.filter.JSTLFilter jstlfilter *.jsp jstlfilter *.action OpenSessionInViewFilter /* centerAdminFilter /centerAdmin/cn/index.htm centerAdminFilter /cente
Re: mod_jk PUT request-method returns 405 Error
I do not have any Location directives and I am not using auto aliasing. My httpd.conf has a simple VirtualHost directive. Even so, I tried moving the JSP outside of the WEB-INF, but still no luck. The request doesn't seem to be getting to mod_jk at all. In the Apache access_log I can see the 405 error message, but in the mod_jk log (with debug turned on), I see nothing about that request. Apache seems to be stopping the PUT in its tracks. Is there some way to tell mod_jk to handle the PUT request (like you would for a cgi script)? Script PUT /cgi-bin/put.cgi Then you must have some config value that forbids PUTs. See if you have some Location directive that contains a path prefix of JkMount. Also try to put your .jsp files outside WEB-INF. mod_jk explicitly denies the access to WEB-INF and META-INF locations (if you are using auto aliasing). Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk PUT request-method returns 405 Error
Apache. BTW, is 405 issued by Apache or Tomcat? Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk PUT request-method returns 405 Error
Thanks for the response Mladen. My config file has the following: JKMount /accounts/account/* wrkr Where "/accounts/account/*" is setup as a sevlet mapping to a JSP in WEB-INF/jsp If the documentRoot in Apache doesn't allow the PUT method, what about other paths? I know you can set up a PUT request in Apache with a cgi script, but I was hoping that mod_jk could handle this without cgi. Mladen Turk wrote: Jack J. Coleman wrote: Any help would be appreciated. It's hard to tell without your config files but I bet you've done something like: JkMount /* worker Since by default the DocumentRoot in Apache does not allow PUT methods, you are receiving 405. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk PUT request-method returns 405 Error
I was using Tomcat standalone and I could send files to the server with the PUT request-method with no problems (in a REST Web Service). Now that I have Apache hooked into Tomcat with mod_jk, the PUT request gives me a 405 error (method not allowed). Does anyone know how to set this up so that the PUT request gets forwarded from Apache to a servlet or a JSP (through mod_jk)? Does mod_jk even support the forwarding of PUT requests? I am running Apache 2.0.50, Tomcat 5.5 and mod_jk 1.2.15 all on RedHat Linux. Any help would be appreciated. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
MySQL's XA problem
I hava done a test to use the MySQL XADataSource. For MySQL has no
MYSQLXADataSourceFactory
class, so I coded one to produce MysqlXADataSource. MysqlXADataSource is
configured in tomcat 5.5
server.xml. I can get the MysqlXADataSource instance xaDs by which I can get
XAConnection and
XAResource. I also configured a UserTransaction which was produced by
org.objectweb.jotm.UserTransactionFactory. The following is the action's code
in a test web
application. This action runs correctly the first time, but in the second time,
it runs very slow,
then reports "Lock wait timeout exceeded; try restarting transaction" error.
The first question is that it seems the action did not update the table
testdata's data. Did the
UserTransaction ut have some error not participate in the database transaction?
The second question is that I have searched this error, but don't know how to
solve it. Please
give me some tips. Must I not use MySQL's XA in Kandula ? Thanks.
The java code (JOTM example):
UserTransaction ut = null;
try{
Context ctx = new InitialContext();
MysqlXADataSource xaDs =
(MysqlXADataSource)ctx.lookup("java:comp/env/jdbc/myXADB");
ut = (UserTransaction)ctx.lookup("java:comp/env/UserTransaction");
XAConnection xCon = xaDs.getXAConnection();
java.sql.Connection conn = xCon.getConnection();
System.out.println("<<< beginning the transaction >>> xa con = " + conn);
ut.begin();
// JDBC statements
Statement stmt = conn.createStatement();
ResultSet rst = stmt.executeQuery("select id, foo from testdata");
if(rst.next()) {
foo=rst.getInt(2);
}
System.out.println("foo = "+ foo +" (before completion)");
String sql = "update testdata set foo=" + (++foo) + " where id=1";
stmt.executeUpdate(sql);// <=== The program will wait here, and then report
the error message
!
ut.commit();
System.out.println("<<< committing the transaction >>>");
conn.close();
System.out.println("<<< done >>>");
}catch(Exception e) {
System.out.print("DBTest >> ");
e.printStackTrace();
System.out.println("<<< rolling back the transaction >>>");
try {
ut.rollback();
System.out.println("rollback ok.");
}catch(Exception e1){
System.out.println("rollback Error " + e1);
}
System.out.println("rollback end");
}
}
The error message:
==> xaDataSource = [EMAIL PROTECTED] <==
<<< beginning the transaction >>> xa con = [EMAIL PROTECTED]
foo = 29 (before completion)
<<< committing the transaction >>>
<<< done >>>
<<< beginning the transaction >>> xa con = [EMAIL PROTECTED]
foo = 29 (before completion)
- set rollback only (tx=bb14:38:0:01777d30dfc9556034...986c02:)
DBTest >> java.sql.SQLException: Lock wait timeout exceeded; try restarting
transaction
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:946)
at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:2822)
at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1536)
at
com.mysql.jdbc.ServerPreparedStatement.serverExecute(ServerPreparedStatement.java:1159)
at
com.mysql.jdbc.ServerPreparedStatement.executeInternal(ServerPreparedStatement.java:684)
at
com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1184)
at
com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1101)
at
com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:1086)
at
com.mysql.jdbc.jdbc2.optional.PreparedStatementWrapper.executeUpdate(PreparedStatementWrapper.java:840)
at foo.XADBTest.init(XADBTest.java:92)
at
org.apache.jsp.testJotm_jsp._jspService(org.apache.jsp.testJotm_jsp:55)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
or
Null XADataSource of Mysql from InitialContext in Tomcat
I have send this mail to another mail list, but have no reply yet. I have
wasted much time in
this problem, please help.
Does MySQL5.0.18 suport XA in Tomcat 5.5 ? I do a XA test in tomcat with only
one jsp file and
necessary jars. The jsp is as:
-
<%
Context ctx = new InitialContext();
com.mysql.jdbc.jdbc2.optional.MysqlXADataSource xads = new
com.mysql.jdbc.jdbc2.optional.MysqlXADataSource();
xads.setServerName("localhost");
xads.setDatabaseName("test");
xads.setPortNumber(3306);
XAConnection xcon = xads.getXAConnection("root","password");
Connection con = xcon.getConnection();
System.out.println("I get the correct xads and the con=" + con);
System.out.println("Bind xads to InitialContext");
ctx.bind("myXADB", xads);
MysqlXADataSource mysqlXADataSource = (MysqlXADataSource)ctx.lookup("myXADB");
System.out.println("Get the null MysqlXADataSource from ctx xads=" +
mysqlXADataSource );
%>
-
Why I can only get a null mysqlXADataSource from the InitialContext ?
Is this why I can not configure the XADataSource in tomcat ?
Thanks.
Wang Jun
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Related to msg "unprotected data transfer on ssl port"
I forgot at that time, what I did to tomcat. but it was true. >SSL connector is defined on 8443 for my tomcat 5.5.12. >https://localhost:8443/ >no response for long time, >however, http://localhost:8443/ >I got everything, same as http://localhost/ It seems that at that time, I still don't know the native code for windows causes the no response for long time problem. After i delete native.dll. it becomes normal. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
hopefully?
"Bill Barker" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >> After a request & response, on the keep alive connection. >> The web server starts to negotiate an SSL support by sending a Hello >> request. > It won't, since it has no reason to renegotiate. > They will (hopefully) close the connection to port 80, and open a new > connection to port 443. > No, simply that practically no browser supports RFC2817 > http://www.ietf.org/rfc/rfc2817.txt. Great! Thanks a lot. I got it. People have already work on this. RFC2817 is pretty comprehensive. It seems you didn't get my point, let me put in this way. Over a normal http connection (port 80), after the first request & response, the server sends "hello request". Is it easy for the broswer & tomcat turn the normal connection into ssl connection (still on port 80)? Thank you for your time. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Thank you for your response. Please read this.
Hi, Mr. Barker, Thank you for your response. Your message is valuable. > No we don't. It's a new connection from Tomcat's point of view, totally > indisigushable from any other new connection. Yes. You are right, For most browsers, do you have an idea about what is going to happen for this? After a request & response, on the keep alive connection. The web server starts to negotiate an SSL support by sending a Hello request. If web browsers can process it correctly, then in such cases, it is possible to use the web-app certificate. Mr. Barker mentioned: >, but practically no browser supports the protocol extension that >allows this, so it's currently not worth the effort of trying to support >it. Do you mean web browsers will just ignore the received Hello request? At present, RealmBase.hasUserDataPermission just redirect the request to https port. It doesn't do it in the way mentioned above. I am looking forward to your opinion. Thanks. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
My solutions to it, please read it.
"Bill Barker" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> Pretty much a pipe-dream, since the SSL protocol requires that the server
> send it's cert before it even knows the Host, much less the webapp :).
> There is pretty much no other place it can go other than with the
> Connector.
It works.
> Not strictly true, but practically no browser supports the protocol
> extension that allows this, so it's currently not worth the effort of
> trying to support it.
It should has nothing to do with browsers.
Furthermore, I have report a bug on January 20, 2006. The KeyManager does
not always return "tomcat".
The bug is here:
In the getKeyManagers of org.apache.tomcat.util.net.jsse.JSSE14SocketFactory
kms = kmf.getKeyManagers();
jacklog("return "+kms.length+" KeyManagers.");
if (keyAlias != null)
{ if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType))
{ keyAlias = keyAlias.toLowerCase();
}
for(int i=0; i
The bug seems come from here
In the getKeyManagers of org.apache.tomcat.util.net.jsse.JSSE14SocketFactory
we can see the following code:
kms = kmf.getKeyManagers();
jacklog("return "+kms.length+" KeyManagers.");
if (keyAlias != null) {
if (JSSESocketFactory.defaultKeystoreType.equals(keystoreType))
{
keyAlias = keyAlias.toLowerCase();
}
for(int i=0; i
Thank you for reply.
Paul Singleton wrote: >Unless you specify the key with (works >with 5.5.9 and later, dunno about older versions) >then it seems to pick an arbitrary one (the newest?) Thank you for your effort to reply me. I didn't specify the keyAlias. I was using 5.5.12. I didn't spend time on that. I just delete the newest key. then everything is fine. I check its sha1 & md5 digest, and I am 100% sure it just picked the newest key. I don't know the reason. I don't want to put time on it. I just want to let other people know it. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Please consider this.
I have read your reply. It is valuable to me. Thanks. May I suggest this idea: >> Server certificate: >> The certificate for the engine with alias "tomcat" >> The certificate for a specific host >> The certificate for a specific web-app >> If a web-app doesn't have a certificate, it can be configured to use the >> certificate of the host. Similarly, if a host doesn't have a certificate, >> it can be configured to use the certificate of the engine. However, when >> a web-app has a certificate, then this one should be used rather than >> always using "tomcat". > Pretty much a pipe-dream, since the SSL protocol requires that the server > send it's cert before it even knows the Host, much less the webapp :). > There is pretty much no other place it can go other than with the > Connector. SSL component is a resource. The engine, virtual hosts, and web-apps are its users. The resource could ask a certificate from its current user. The engine is a subject, so it has a certificate in its own user context (EngineUserConext). Each host is a subject, too. They all have their respective certificates in their user contexts (HostUserConext). If a host doesn't have a certificate, the engine certificate could be used. Any web-app is a subject, too. Every web-app has its own certificate in WebAppUserContext. If a web-app doesn't have a certificate, it could use that of its host. Accessing all the information about a user/entity/subject/program should be done with UserManager which in turn will access the right UserContext. UserContext will access KeyManager & TrustManager. The SSL component should deal with UserManager to get information about its users (Engine/Host/Web-app), and authenticate web clients. I have post another thread suggesting to add the UserManager component. Thank you for consideration! [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
There must be a bug in SSL support
my ssl is ok, then I just add a new key to .keystore, then my ssl doesn't work. the client get the new key from the tomcat server. after I delete the new key, everything starts to work again. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Server certificates for tomcat
Server certificate: The certificate for the engine with alias "tomcat" The certificate for a specific host The certificate for a specific web-app If a web-app doesn't have a certificate, it can be configured to use the certificate of the host. Similarly, if a host doesn't have a certificate, it can be configured to use the certificate of the engine. However, when a web-app has a certificate, then this one should be used rather than always using "tomcat". clientAuth of https connector is not relevant, at this level (engine), ask for a client's certificate, what is it for? It should be like this: If the client is requesting a server resource that requires client authentication, the server requests the client's certificate. If we don't ask for certificate, then truststore config is irrelevant. "clientAuth" should be a property of a web-app. Since web.xml doesn't specify it, it can be include into the web-app context, context.xml. At the host level, we have the same question, too. At the web-app level, it is reasonable. This web-app asks for a client certificate. And the UserManager will consult the usercontext of this web-app for keystore & truststore information. At present, what component does the verification of a client's certificate? The connector/sslsupport should call the UserManager to do so. Here, I don't know the reason why many people say the design of SSL doesn't allow several domain name based certificates on the single IP. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Authorization in tomcat & JAAS
Where to specify the authorization In JAAS, the authorization is specified in granting entries in the policy file, and it is implemented by java.security.ProtectionDomain. A granting entry grants rights to sourcecodes or principals/usernames. The action of authorization is done by java.lang.SecurityManager. In tomcat, the authorization is specified in web-resource-collection & user-data-constraint elements in web-app (web.xml), and it is implemented by SecurityConstraint. (This is the Realm should be. At present, the Realm mixup usermanagement, authorization, authentication). In web.xml, the security-constraint element authorizes rights to roles. The action of authorization is done by Realm (hasResourcePermission, hasUserDataPermission. I suggest to let Realm continue to act as a securityManager since we have SecurityContraint act as Realm already. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
User management Module in tomcat
The users of tomcat server The users of a specific web-app The users of a virtual host The users of a specific web-app are also the users of the host. The users of the host might not be the users of a specific web-app. The users of this host might be shared with other virtual host. Furthermore, the users of tomcat server should be independent from the users of hosts. At present, they are all mixed up. I hope that we could implemented a UserManager/UserModule for tomcat. In the UserManager/UserModule, a subject doesn't have to have a username. When it uses a certificate, we could map the certificate to a role directly. We might have a specific map to map all certificate to a lowest level role. When a subject doesn't use a certificate, it will be assigned a username, a password, and the roles it can act as. At present, the context management in the admin tool includes Resources, Context Properties, Loader Properties, Session Manager Properties. It doesn't access web.xml at all. I hope it access web.xml, and it includes a more advanced UserManager too. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Realm in tomcat
In tomcat, "Realm" has such a definition: A Realm is a "database" of usernames and passwords that identify valid users of a web application (or set of web applications), plus an enumeration of the list of roles associated with each valid user. This is exactly a UserManager should do. I guess the reason why we use "Realm" here is that at the beginning of the web, Realm is used to contain authorization & authentication together just like the MemoryRealm in Tomcat. With time, other things were removed from Realm gradually. Actuall, realm should be a group of resources & the action can be performed on it. Users will be prompted by such information: In order to allow you to access the realm: x, please provide us your identity. User can choose to provide certificate or username & password pair whatever is right. At the beginning of web, only username & password is used. Apache is still using the "Realm" in its right meaning: Realms: Areas of Controlled Access In terms of voluntary control mechanisms on the Web, each protected area, whether it be a single document or an entire server, is called a realm. When a server challenges a client for credentials, it provides the name of the realm so the client can figure out which credentials to send. Realm should return to its true meaning: a group of resources, like SecurityConstraint in tomcat. We need to seperate UserManager from Realm. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with tomcat and SSL
I have post the solution for this, its title: "solution for ssl on tomcat" dated 2005.12.30 You should have found it if you spent a little bit effor to search the answer. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Image Scaling Code
"headless" I think the command is.
On 1/12/06, Dakota Jack <[EMAIL PROTECTED]> wrote:
>
> You need to set a java command option so that your code won't search for a
> display. Apparently you are using this with a server that has no monitor?
> I forget the option but look them up under the java command and it will be
> obviously. It ends in "less" as I recall.
>
> On 1/12/06, Justin Jaynes <[EMAIL PROTECTED]> wrote:
> >
> > Hello all,
> >
> > I've written a java class to scale jpeg images. But I can't seem to get
> > it to work. Can anyone point me in the right direction?
> >
> > Here is my code:
> >
> >
> > package com.everybuddystree;
> >
> > import java.awt.*;
> > import java.awt.image.*;
> > import java.io.*;
> > import javax.imageio.*;
> >
> > public class ImageScaler {
> >
> > public ImageScaler() {
> > }
> >
> > public boolean scaleImageByWidth(String fileName, int newWidth) {
> >
> > File originalImage = new File(fileName);
> > try {
> >BufferedImage workingBufferedImage = ImageIO.read(originalImage);
> >int width = workingBufferedImage.getWidth();
> >int height = workingBufferedImage.getHeight();
> >Image workingImage = workingBufferedImage;
> >workingImage = (Image)workingImage.getScaledInstance(newWidth,-1,1);
> >BufferedImage finalImage = (BufferedImage)workingImage;
> >ImageIO.write(finalImage, "jpg", originalImage);
> >
> >return true;
> >
> > } catch (IOException ex){
> >
> >return false;
> >
> > }
> >
> > }
> >
> > }
> >
> > When I run the pass an image to the class using a jsp I get the
> > following errors from Tomcat:
> >
> >
> > HTTP Status 500 -
> > -
> > type Exception report
> > message
> > description The server encountered an internal error () that prevented
> > it from fulfilling this request.
> > exception
> > javax.servlet.ServletException: Can't connect to X11 window server using
> > ':0.0' as the value of the DISPLAY variable.
> > org.apache.jasper.runtime.PageContextImpl.doHandlePageException(
> > PageContextImpl.java:848)
> > org.apache.jasper.runtime.PageContextImpl.handlePageException(
> > PageContextImpl.java:781) org.apache.jsp.image_jsp._jspService (
> > org.apache.jsp.image_jsp:158)
> > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> > org.apache.jasper.servlet.JspServletWrapper.service(
> > JspServletWrapper.java :322)
> > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
> > :314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java
> > :264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root
> > cause
> > java.lang.InternalError: Can't connect to X11 window server using ':0.0'
> > as the value of the DISPLAY variable.
> > sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
> > sun.awt.X11GraphicsEnvironment.access$000(X11GraphicsEnvironment.java
> > :53) sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java
> > :142) java.security.AccessController.doPrivileged (Native Method)
> > sun.awt.X11GraphicsEnvironment.(X11GraphicsEnvironment.java
> > :131) java.lang.Class.forName0(Native Method) java.lang.Class.forName(
> > Class.java:164)
> > java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(
> > GraphicsEnvironment.java:68) sun.awt.X11.XToolkit.(
> > XToolkit.java:96) java.lang.Class.forName0(Native Method)
> > java.lang.Class.forName(Class.java:164) java.awt.Toolkit$2.run(
> > Toolkit.java:821) java.security.AccessController.doPrivileged(Native
> > Method) java.awt.Toolkit.getDefaultToolkit(Toolkit.java:804)
> > java.awt.Image.getScaledInstance (Image.java:158)
> > com.everybuddystree.ImageScaler.scaleImageByWidth(ImageScaler.java:21)
> > org.apache.jsp.image_jsp._jspService(org.apache.jsp.image_jsp:114)
> > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java :97)
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> > org.apache.jasper.servlet.JspServletWrapper.service(
> > JspServletWrapper.java:322)
> > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314)
> > org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
> > javax.servlet.http.HttpServlet.service(HttpServlet.java:802) note The
> > full stack trace of the root cause is available in the Apache Tomcat/5.5.12
> > logs.
> >
> > -
> > Apache Tomcat/5.5.12
> >
> >
> >
> >
> >
> >
> > -
> > Yahoo! Photos – Showcase holiday pictures in hardcover
> > Photo Books. You design it and we'll bind it!
> >
>
>
>
> --
> "You can lead a horse to water but you cannot make it float on its back."
> ~Dakota Jack~
>
--
"You can lead a horse to water but you cannot make it float on its back."
~Dakota Jack~
Re: Image Scaling Code
You need to set a java command option so that your code won't search for a
display. Apparently you are using this with a server that has no monitor?
I forget the option but look them up under the java command and it will be
obviously. It ends in "less" as I recall.
On 1/12/06, Justin Jaynes <[EMAIL PROTECTED]> wrote:
>
> Hello all,
>
> I've written a java class to scale jpeg images. But I can't seem to get
> it to work. Can anyone point me in the right direction?
>
> Here is my code:
>
>
> package com.everybuddystree;
>
> import java.awt.*;
> import java.awt.image.*;
> import java.io.*;
> import javax.imageio.*;
>
> public class ImageScaler {
>
> public ImageScaler() {
> }
>
> public boolean scaleImageByWidth(String fileName, int newWidth) {
>
> File originalImage = new File(fileName);
> try {
>BufferedImage workingBufferedImage = ImageIO.read(originalImage);
>int width = workingBufferedImage.getWidth();
>int height = workingBufferedImage.getHeight();
>Image workingImage = workingBufferedImage;
>workingImage = (Image)workingImage.getScaledInstance(newWidth,-1,1);
>BufferedImage finalImage = (BufferedImage)workingImage;
>ImageIO.write(finalImage, "jpg", originalImage);
>
>return true;
>
> } catch (IOException ex){
>
>return false;
>
> }
>
> }
>
> }
>
> When I run the pass an image to the class using a jsp I get the
> following errors from Tomcat:
>
>
> HTTP Status 500 -
> -
> type Exception report
> message
> description The server encountered an internal error () that prevented it
> from fulfilling this request.
> exception
> javax.servlet.ServletException: Can't connect to X11 window server using
> ':0.0' as the value of the DISPLAY variable.
> org.apache.jasper.runtime.PageContextImpl.doHandlePageException(
> PageContextImpl.java:848)
> org.apache.jasper.runtime.PageContextImpl.handlePageException(
> PageContextImpl.java:781) org.apache.jsp.image_jsp._jspService(
> org.apache.jsp.image_jsp:158)
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java
> :322) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
> :314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause
> java.lang.InternalError: Can't connect to X11 window server using ':0.0'
> as the value of the DISPLAY variable.
> sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
> sun.awt.X11GraphicsEnvironment.access$000(X11GraphicsEnvironment.java
> :53) sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java
> :142) java.security.AccessController.doPrivileged(Native Method)
> sun.awt.X11GraphicsEnvironment.(X11GraphicsEnvironment.java:131)
> java.lang.Class.forName0(Native Method) java.lang.Class.forName(
> Class.java:164) java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(
> GraphicsEnvironment.java:68) sun.awt.X11.XToolkit.(XToolkit.java
> :96) java.lang.Class.forName0(Native Method) java.lang.Class.forName(
> Class.java:164) java.awt.Toolkit$2.run(Toolkit.java:821)
> java.security.AccessController.doPrivileged(Native Method)
> java.awt.Toolkit.getDefaultToolkit(Toolkit.java:804)
> java.awt.Image.getScaledInstance(Image.java:158)
> com.everybuddystree.ImageScaler.scaleImageByWidth(ImageScaler.java:21)
> org.apache.jsp.image_jsp._jspService(org.apache.jsp.image_jsp:114)
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java
> :322) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
> :314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
> javax.servlet.http.HttpServlet.service(HttpServlet.java:802) note The full
> stack trace of the root cause is available in the Apache Tomcat/5.5.12 logs.
>
> -
> Apache Tomcat/5.5.12
>
>
>
>
>
>
> -
> Yahoo! Photos – Showcase holiday pictures in hardcover
> Photo Books. You design it and we'll bind it!
>
--
"You can lead a horse to water but you cannot make it float on its back."
~Dakota Jack~
Re: Single Thread is deprecated?
: [EMAIL PROTECTED] > >> > >> > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- "You can lead a horse to water but you cannot make it float on its back." ~Dakota Jack~
Suggestion for SSL
Hi, buddy, Please don't hate me too much. I don't know how to organize messages into a thread for a mail list. So you must have seen many related messages not organized from me. I have a suggestion. Somebody really understand Tomcat, please write an article about SSL on tomcat discussing the following components. SSL in general SSL with coycot connector SSL with APR connector SSL with native code. SSL vs. Tomcat installation (native choice or not). [EMAIL PROTECTED] _ Scan and help eliminate destructive viruses from your inbound and outbound e-mail and attachments. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Solution for SSL on tomcat
The problem result from native code. For windows: delete tcnative_1.dll under bin. Then you will see much log information. so you have to indicate the keystoreFile. After that, everything is OK. On http://issues.apache.org/ with url: http://issues.apache.org/bugzilla/show_bug.cgi?id=37455 This question has been discussed long time ago. However, when I searched information for the first time, I just didn't find it. Now, I put the information here, I hope that it will be easier for the followers to find this information. _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ssl on tomcat
Hi, buddy, Sorry to bother you. You said that you can use ssl on tomcat. However, for me, it doesn't work. I set http on 80 or 8080, doesn't matter. then I uncommented the ssl connector, and i generate the self-signed certificate in default keystore with keytool. then https://localhost/ no connection. https://localhost:8443/ yes, get connected, but for long time no response. use openssl test it, I found that no handshake. http://localhost:8443/ returns the result same as http://localhost/ What did you do to make it work? Thank you for your time to read this & trying to help me! [EMAIL PROTECTED] _ MSN® Calendar keeps you organized and takes the effort out of scheduling get-togethers. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
unprotected data transfer on SSL port
Hi, everyone, SSL connector is defined on 8443 for my tomcat 5.5.12. https://localhost:8443/ no response for long time, however, http://localhost:8443/ I got everything, same as http://localhost/ [EMAIL PROTECTED] _ Don't just Search. Find! http://search.sympatico.msn.ca/default.aspx The new MSN Search! Check it out! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL causes Exception
Thank you for reading this and trying to help me. This morning, I checked log again, I found one, the only one: in stdout_20051228.log Exception in thread "http-8443-2" java.lang.IllegalMonitorStateException: current thread not owner at java.lang.Object.notifyAll(Native Method) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1216) at java.lang.Thread.run(Unknown Source) It seems that Tomcat SSL doesn't work well. I just set http on 80, and uncommented the ssl connector, & generated self-signed certificate with keytool. [EMAIL PROTECTED] _ MSN® Calendar keeps you organized and takes the effort out of scheduling get-togethers. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL problem on 5.5.12
e:s3_pkt.c <<< TLS 1.0 Handshake [length 0010], Finished 14 00 00 0c 8e 0d d4 c6 9f c9 c2 2a 9d a1 a1 43 SSL_connect:SSLv3 read finished A --- Certificate chain 0 s:/C=CA/ST=Ontario/L=Toronto/O=Canadian Imperial Bank of Commerce/OU=s150/CN= www.cibc.com i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority -BEGIN CERTIFICATE- MIIDyzCCAzigAwIBAgIQBCREaGZJQHnVjRYNrISZITANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDUxMTE4MDAwMDAwWhcNMDYxMTE4MjM1OTU5WjCBhDELMAkGA1UEBhMCQ0Ex EDAOBgNVBAgTB09udGFyaW8xEDAOBgNVBAcUB1Rvcm9udG8xKzApBgNVBAoUIkNh bmFkaWFuIEltcGVyaWFsIEJhbmsgb2YgQ29tbWVyY2UxDTALBgNVBAsUBHMxNTAx FTATBgNVBAMUDHd3dy5jaWJjLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC gYEAnPonu8UV2/n/IiO/S76VtYTKq9h5NCgGSOV2jAxtJAvx7LX5mj4+Xa7nbfTg +Dv8QFMgwMlpBCuc6+Q/CpW8hmWC4Go/KvoxMWJaeLDcn9HW3PMFYx1mMsC9KERC RyJMnKk/QgzwjOkTb7O64/x9UEeSzp0y3RUBvTIpeMu4BUECAwEAAaOCAWQwggFg MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6 Ly9jcmwudmVyaXNpZ24uY29tL1JTQVNlY3VyZVNlcnZlci5jcmwwRAYDVR0gBD0w OzA5BgtghkgBhvhFAQcXAzAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJp c2lnbi5jb20vcnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA0Bggr BgEFBQcBAQQoMCYwJAYIKwYBBQUHMAh0dHA6Ly9vY3NwLnZlcmlzaWduLmNv bTBtBggrBgEFBQcBDARhMF+hXaBbMFkwVzBVFglpbWFnZS9naWYwITAfMAcGBSsO AwIaBBSP5dMahqyNjmvDz4Bq1EgYLHsZLjAlFiNodHRwOi8vbG9nby52ZXJpc2ln bi5jb20vdnNsb2dvLmdpZjANBgkqhkiG9w0BAQUFAAN+AHQ4OCUXcyYg40uEpqKV 4jP1dyvs0IiFeqkZrFZAMayQa1F7ppg+9Vkh2OVqo8sp1vlFlb+B2O9Qb0FPlv1Q Pa+KprnW+Ipr5TJfFGDNcHWIoDQ3ZLeKVpuWFJHHDieFLpdIkMr3K5ezyg3SlUbx V9jU0QvIRHwg0NKVoKhh -END CERTIFICATE- 1 s:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority -BEGIN CERTIFICATE- MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0 MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII 0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3 YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc 1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA== -END CERTIFICATE- --- Server certificate subject=/C=CA/ST=Ontario/L=Toronto/O=Canadian Imperial Bank of Commerce/OU=s150/ CN=www.cibc.com issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- No client certificate CA names sent --- SSL handshake has read 1682 bytes and written 282 bytes --- New, TLSv1/SSLv3, Cipher is RC4-MD5 Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: RC4-MD5 Session-ID: 0B86AA74E0BB2A4168B63CF1BC60490C149A97CDC291092071006D468C1B Session-ID-ctx: Master-Key: A5951B581E9EA39BC178655DF12D6C4AA52EE68420890EC291E7734BD05C075E 00A99C56AABA945D6EBAB0E91A1DE389 Key-Arg : None Start Time: 1135902433 Timeout : 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- Jack @ [EMAIL PROTECTED] _ Take charge with a pop-up guard built on patented Microsoft® SmartScreen Technology http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
2 mistakes in 5.5.12 document
1. http://192.168.1.99/tomcat-docs/config/realm.html at the end of the file, when it is talking about users definition file. the attribute names: name password roles The "name" should be changed to "username". 2. http://192.168.1.99/tomcat-docs/realm-howto.html Under MemoryRealm section, there is an example, the attribute name "name" should be changed to "username". 3. http://192.168.1.99/tomcat-docs/appdev/deployment.html There is a "TODO:hyperlink" mark. The link could be: "http://192.168.1.99/tomcat-docs/manager-howto.html"; "../manager-howto.html" _ Take advantage of powerful junk e-mail filters built on patented Microsoft® SmartScreen Technology. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connection refused
You need to give the details of your code. The issues are not related to
Tomcat.
On 12/27/05, mukesh <[EMAIL PROTECTED]> wrote:
>
> Hi pulkit,
> 1) Well I can access http:///axis/ page
> 2) well I am connection using stubs generated by AXIS
> (WSDL2Java)
> 3) ??
>
> 4) I am getting "nested exception is: java.net.ConnectException:
> Connection refused"
>
> Regards,
> Mukesh
>
>
>
> -Original Message-
> From: Pulkit Singhal [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, December 27, 2005 2:52 AM
> To: Tomcat Users List
> Subject: Re: Connection refused
>
> Hi Mukesh,
>
> 1) Do you have any way of making sure that whatever it is that you are
> trying to connect to is actually up and running and accepting connections?
> 2) If so, then are you sure that the details you use to make the actual
> connection...are correct?
> 3) After your second post, I feel that maybe, this is more of a
> development
> related question and not really a Tomcat question. Am I right? Or am I
> missing your issue with Tomcat here?
> 4) Also, keep the details coming :)
>
> Cheers,
> - Pulkit
>
> On 12/26/05, mukesh <[EMAIL PROTECTED]> wrote:
> >
> > Hi friends,
> > I have found the cause of the error, in fact function is never
> > gets
> > called. Its throwing an error "nested exception is:
> > java.net.ConnectException: Connection refused"
> >
> >
> > Code is like this
> >
> > Try
> > {
> > //calling function here
> > }catch(Exception e)
> > {
> > out.println(e.getMessage());
> > }
> >
> > In fact I have connected tomcat 5.5.12 to apache2.0 via mod_jk.
> >
> > Outpus is "nested exception is: java.net.ConnectException: Connection
> > refused"
> >
> > Please suugest the solution.
> >
> > Kind regards
> > Mukesh Kumar
> >
> >
> > -Original Message-
> > From: mukesh [mailto:[EMAIL PROTECTED]
> > Sent: Monday, December 26, 2005 5:29 PM
> > To: 'Tomcat Users List'
> > Subject: Method returning null
> >
> > Hi all,
> >
> >
> >
> > I have deployed a web service on my tomcat 5.5.12 running on
> > linux7.0. I am using axis 1.3.
> >
> >
> >
> > I am trying to call a function which returns an integer but
> I
> > am
> > getting "null" always.
> >
> >
> >
> > Why so? Please advice what could be the problem?
> >
> >
> >
> > Regards,
> >
> > Mukesh Kumar
> >
> >
> >
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
"You can lead a horse to water but you cannot make it float on its back."
~Dakota Jack~
Re: ~ mod_jk Random Errors
OKey, I updated my configs and now I still have the same problem. The only other thing I can think of is trying to compile mod_jk on the Apache machine directly. Workers.properties worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=eofapps.usitc.gov worker.ajp13.type=ajp13 worker.ajp13.connection_pool_size=30 worker.ajp13.cache_timeout=600 worker.ajp13.socket_timeout 300 worker.ajp13.socket_buffer=8192 worker.ajp13.socket_keepalive=1 worker.ajp13.recycle_timeout=1000 worker.ajp13.connect_timeout=1000 worker.ajp13.reply_timeout=1000 worker.ajp13.prepost_timeout=100 worker.ajp13.recovery_options=0 httpd.conf # SETUP FOR TOMCAT # # Where to find workers.properties JkWorkersFile /etc/httpd/conf/workers.properties # Where to put jk logs JkLogFile /var/log/httpd/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel debug # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat "%w %V %T %U%q" # Send everything for context /edis-efile to worker named worker1 (ajp13) JkMount /edis-efile/app* ajp13 Server.xml Any other ideas? Thanks, ~Jack
Re: ~ mod_jk Random Errors
> Which version of mod_jk are you using? 1.2.14 Current Version What is errno 113 on your platform? Linux Error :113 No route to host Each tcp connection from apache to tomcat blocks a thread inside tomcats > jk connector thread pool, that exclusively services requests coming over > that connection. So what are your MPM settings inside apache httpd.conf, > your workers.properties settings and your ajp 13 connectors settings in > server.xml? httpd.conf # SETUP FOR TOMCAT # # Where to find workers.properties JkWorkersFile /etc/httpd/conf/workers.properties # Where to put jk logs JkLogFile /var/log/httpd/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel debug # Select the log format JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat "%w %V %T %U%q" # Send everything for context /edis-efile to worker named worker1 (ajp13) JkMount /edis-efile/app* ajp13 Workers.properties worker.list=ajp13 worker.ajp13.port=8009 worker.ajp13.host=eofapps.usitc.gov worker.ajp13.type=ajp13 server.xml Any firewalls or other network specialities between apache and tomcat? Nope, both systems reside on the same subnet and have no firewalls between them. Thanks Again! ~Jack
~ mod_jk Random Errors
I have installed Apache 2.0.52 on a seperate machine along with mod_jk connector 1.2.14 to connect to another machine running Tomcat 5.5.9. I have had some success on getting mod_jk to work but during times of load mod_jk errors saying it does not have a connection to the tomcat server. After mod_jk retries 1-2 times the response comes back after 924 ms. I don't understand why mod_jk works most of the time, but seems to fail randomly for a fraction of the time. Here are the mod_jk errors: [Thu Oct 20 17:25:59 2005] [18056:30400] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (961): Can't receive the response message from tomcat, network problems or tomcat is down ( 192.168.4.17:8009 <http://192.168.4.17:8009>), err=-113 [Thu Oct 20 17:25:59 2005] [18056:30400] [error] ajp_get_reply::jk_ajp_common.c (1503): Tomcat is down or refused connection. No response has been sent to the client (yet) [Thu Oct 20 17:25:59 2005] [18056:30400] [info] ajp_service::jk_ajp_common.c (1721): Receiving from tomcat failed, recoverable operation attempt=0 [Thu Oct 20 17:25:59 2005] [18056:30400] [info] ajp_service::jk_ajp_common.c (1749): Sending request to tomcat failed, recoverable operation attempt=1 Any help would be appreciated, ~Jack
