RE: [tomcat-users] Re: getting web application version string?

[Jason Pyeron]

> -Original Message-
> From: Michael Osipov
> Sent: Sunday, August 16, 2020 1:27 PM
> 
> Am 2020-08-16 um 18:16 schrieb Jason Pyeron:
> > Is there a better way than this?
> >
> > Specifically - detect running Tomcat, then if under Tomcat (today only 
> > interested in v7 and v9)
> obtain the version string as described [1] and shown on the Manager web 
> application.
> 
> At least for the version, you can use my listener, it will expose all
> all context-related information via JNDI. Give it a try:
> http://mo-tomcat-ext.sourceforge.net/user-guide.html#ContextNamingInfoListener

Cute. I like how you use org.apache.catalina.LifecycleListener to have 
legitimate access to the org.apache.catalina.Context.

The only gotcha I have is it requires advanced knowledge that you are on 
Tomcat. Specifically, it requires Operations to configure the context.xml for 
the web application.

v/r,

Jason




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

getting web application version string?

[Jason Pyeron]

Is there a better way than this?

Specifically - detect running Tomcat, then if under Tomcat (today only 
interested in v7 and v9) obtain the version string as described [1] and shown 
on the Manager web application.

import org.apache.catalina.core.*;
//...
public void init(ServletConfig config) throws ServletException
{
//java.util.logging...
log.log(Level.INFO, "config={0}", config);
ServletContext sc = config.getServletContext();
log.log(Level.INFO, "ServletContext={0}", sc);
if (sc instanceof ApplicationContextFacade)
{
try
{
ApplicationContextFacade acf = (ApplicationContextFacade) sc;
Field applicationContextField = 
ApplicationContextFacade.class.getDeclaredField("context");
applicationContextField.setAccessible(true);
ApplicationContext applicationContext = (ApplicationContext) 
applicationContextField.get(acf);
Field standardContextField = 
ApplicationContext.class.getDeclaredField("context");
standardContextField.setAccessible(true);
StandardContext standardContext = (StandardContext) 
standardContextField.get(applicationContext);
log.log(Level.INFO, "version={0}", 
standardContext.getWebappVersion());
}
catch (RuntimeException | NoSuchFieldException | 
IllegalAccessException e)
{
log.log(Level.WARNING, "unable", e);
}
}
}

1: https://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Naming

--
Jason Pyeron  | Architect
PD Inc|
10 w 24th St  |
Baltimore, MD |
 
.mil: jason.j.pyeron@mail.mil
.com: jpye...@pdinc.us
tel : 202-741-9397




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 to 8.5.5

[Jason Pyeron]

If you deploy your application against a fresh extract of 
https://archive.apache.org/dist/tomcat/tomcat-6/v6.0.35/bin/apache-tomcat-6.0.35.tar.gz,
 without ANY customizations you do not get the problem?

 

If you have to make customizations to get it to run, what are they? (e.g. 
context.xml changes, lib/ JARs, startup parameters, etc)

 

Based on the limited information you have provided (e.g. no test case I can 
run) I do not see any relevant issues in the following guides.

 

https://tomcat.apache.org/migration-7.html

http://tomcat.apache.org/migration-8.html

http://tomcat.apache.org/migration-85.html

 

Since the JVM (indicated) and WAR (implied) is the same version in your two 
installs, then it is a configuration issue.

 

CLASSPATH ?

System properties?

 

Please provide details to reproduce here.

 

-Jason 

 

 

From: Lavitesh Verma  
Sent: Monday, June 15, 2020 11:14 AM
To: Tomcat Users List 
Cc: 'RUBIN, JACOB' ; lsrv...@list.att.com; Vasudev Wadhawan 

Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

HI Jason,

 

Below are the details for the Tomcat 6 version, that we used before, 

Server version: Apache Tomcat/6.0.35

Server number:  6.0.35.0

OS Name:SunOS

OS Version: 5.10

Architecture:   sparcv9

JVM Version:1.8.0_101-b13

JVM Vendor: Oracle Corporation

 

We don’t face any issue on the other test environment that we are facing on 
updating to 8.5.5.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

From: Jason Pyeron mailto:jpye...@pdinc.us> > 
Sent: Monday, June 15, 2020 7:33 PM
To: 'Tomcat Users List' mailto:users@tomcat.apache.org> >
Cc: 'RUBIN, JACOB' mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

What I see here is that there is a bit of custom code that is “causing” the 
issue.

 

at 
com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)

at javax.xml.ws.Service.(Service.java:77)

Above here are JARs / runtime in the classpath

at com.att.lsrv.preorder.PreOrderService.(Unknown Source)

at porequest.control.LviCsClient.getLviCsClientProxy(Unknown Source)

at porequest.control.LviCsClient.getCSRResponse(Unknown Source)

at porequest.control.MainControllerServlet.CsrqResponse(Unknown Source)

at porequest.control.MainControllerServlet.doPost(Unknown Source)

Below here is tomcat..

at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)

 

You indicate that this was on Tomcat 6.0.35, but you did not confirm the JVM it 
was running on. I am skeptical since the Tomcat version you indicated was 
released before Java 8 (2012 vs 2014) – but I am more skeptical that 6.0.35 was 
not customized. Have you deployed the application to an “out of the box” 6.0.35 
on the same JVM as 8.5.5?

 

Have you reached out to your developer of the com.att.lsrv and 
porequest.control code? You should have a test case to prove the issue out.

 

-Jason

 

From: Lavitesh Verma  
Sent: Monday, June 15, 2020 9:29 AM
To: Jason Pyeron mailto:jpye...@pdinc.us> >; 'Tomcat Users 
List' mailto:users@tomcat.apache.org> >
Cc: 'RUBIN, JACOB' mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

Hi Jason,

 

We have updated the xercesImpl from version 2.6.2 to 2.12.0 for the migration 
and no new jars were added for the new environment.

 

We didn’t use Woodstox StAX jar with tomcat 6.0.35 and did not face any such 
issue.

 

PFA the complete Stack Trace for the Issue.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

From: Jason Pyeron mailto:jpye...@pdinc.us> > 
Sent: Monday, June 15, 2020 6:15 PM
To: 'Tomcat Users List' mailto:users@tomcat.apache.org> >
Cc: 'RUBIN, JACOB' mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

Sounds like you have added Jars to the old environment that are not in the new 
environment.

 

What is the offending code that causes the error?

 

What were your customizations against the 6.0.35 environment?

 

Is the Woodstox StAX jar in the web application or Tomcat lib directory? Where 
was it previously?

 

Did you tes

RE: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 to 8.5.5

[Jason Pyeron]

A quick brief on etiquette.

 

1.   Please do not harvest emails and send linked in requests

2.   Do not mark questions as urgent and do provide sufficient details to 
reproduce the problem

 

What I see here is that there is a bit of custom code that is “causing” the 
issue.

 

at 
com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)

at javax.xml.ws.Service.(Service.java:77)

Above here are JARs / runtime in the classpath

at com.att.lsrv.preorder.PreOrderService.(Unknown Source)

at porequest.control.LviCsClient.getLviCsClientProxy(Unknown Source)

at porequest.control.LviCsClient.getCSRResponse(Unknown Source)

at porequest.control.MainControllerServlet.CsrqResponse(Unknown Source)

at porequest.control.MainControllerServlet.doPost(Unknown Source)

Below here is tomcat..

at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)

 

You indicate that this was on Tomcat 6.0.35, but you did not confirm the JVM it 
was running on. I am skeptical since the Tomcat version you indicated was 
released before Java 8 (2012 vs 2014) – but I am more skeptical that 6.0.35 was 
not customized. Have you deployed the application to an “out of the box” 6.0.35 
on the same JVM as 8.5.5?

 

Have you reached out to your developer of the com.att.lsrv and 
porequest.control code? You should have a test case to prove the issue out.

 

-Jason

 

From: Lavitesh Verma  
Sent: Monday, June 15, 2020 9:29 AM
To: Jason Pyeron ; 'Tomcat Users List' 

Cc: 'RUBIN, JACOB' ; lsrv...@list.att.com; Vasudev Wadhawan 

Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

Hi Jason,

 

We have updated the xercesImpl from version 2.6.2 to 2.12.0 for the migration 
and no new jars were added for the new environment.

 

We didn’t use Woodstox StAX jar with tomcat 6.0.35 and did not face any such 
issue.

 

PFA the complete Stack Trace for the Issue.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

From: Jason Pyeron mailto:jpye...@pdinc.us> > 
Sent: Monday, June 15, 2020 6:15 PM
To: 'Tomcat Users List' mailto:users@tomcat.apache.org> >
Cc: 'RUBIN, JACOB' mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

Sounds like you have added Jars to the old environment that are not in the new 
environment.

 

What is the offending code that causes the error?

 

What were your customizations against the 6.0.35 environment?

 

Is the Woodstox StAX jar in the web application or Tomcat lib directory? Where 
was it previously?

 

Did you test this before you migrated causing this “urgent” issue? What is 
different between your test and this urgent outage’s configuration.

 

-Jason

 

From: Lavitesh Verma [mailto:lavitesh.ve...@amdocs.com] 
Sent: Monday, June 15, 2020 8:16 AM
To: users@tomcat.apache.org <mailto:users@tomcat.apache.org> 
Cc: RUBIN, JACOB mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 
to 8.5.5
Importance: High

 

Hi Team,

 

Below are the details of the system and tomcat version 

Old tomcat version: Apache Tomcat/6.0.35

New tomcat version: Apache Tomcat/8.5.5

Operating System: SunOS 

OS Version: 5.10 

Architecture: sparcv9

JVM Version: 1.8.0_101-b13

Vendor: Oracle Corporation

 

We are trying to migrate Apache Tomcat version 6.0.35 to 8.5.5.

 

We found the issue javax.xml.stream.FactoryConfigurationError: Provider 
com.ctc.wstx.stax.WstxInputFactory not found in localhost logs.

 



 

Could you please assist on how we could resolve the issue.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

This email and the information contained herein is proprietary and confidential 
and subject to the Amdocs Email Terms of Service, which you may review at 
https://www.amdocs.com/about/email-terms-of-service

This email and the information contained herein is proprietary and confidential 
and subject to the Amdocs Email Terms of Service, which you may review at  
<https://www.amdocs.com/about/email-terms-of-service> 
https://www.amdocs.com/about/email-terms-of-service

RE: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 to 8.5.5

[Jason Pyeron]

Sounds like you have added Jars to the old environment that are not in the new 
environment.

 

What is the offending code that causes the error?

 

What were your customizations against the 6.0.35 environment?

 

Is the Woodstox StAX jar in the web application or Tomcat lib directory? Where 
was it previously?

 

Did you test this before you migrated causing this “urgent” issue? What is 
different between your test and this urgent outage’s configuration.

 

-Jason

 

From: Lavitesh Verma [mailto:lavitesh.ve...@amdocs.com] 
Sent: Monday, June 15, 2020 8:16 AM
To: users@tomcat.apache.org
Cc: RUBIN, JACOB ; lsrv...@list.att.com; Vasudev Wadhawan 

Subject: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 
to 8.5.5
Importance: High

 

Hi Team,

 

Below are the details of the system and tomcat version 

Old tomcat version: Apache Tomcat/6.0.35

New tomcat version: Apache Tomcat/8.5.5

Operating System: SunOS 

OS Version: 5.10 

Architecture: sparcv9

JVM Version: 1.8.0_101-b13

Vendor: Oracle Corporation

 

We are trying to migrate Apache Tomcat version 6.0.35 to 8.5.5.

 

We found the issue javax.xml.stream.FactoryConfigurationError: Provider 
com.ctc.wstx.stax.WstxInputFactory not found in localhost logs.

 



 

Could you please assist on how we could resolve the issue.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

This email and the information contained herein is proprietary and confidential 
and subject to the Amdocs Email Terms of Service, which you may review at  
 
https://www.amdocs.com/about/email-terms-of-service

RE: [tomcat-users] Password encryption in Tomcat 8.5.35

[Jason Pyeron]

While there is no real value in doing so - you can provide your own datasource 
factory class.

This class should extend the provided datasource, and would use a "method" to 
decrypt the password field.

Keep in mind as you have described, the decryption mechanism(s) would be just 
as available to the attacker as the context.xml. We frequently have to reverse 
engineer such passwords for our customers.

Now, if the decryption method obtains information from a "password oracle 
source", you could end up with your implied security goals. We strive to obtain 
such keys from TPMs, Smart Cards, networked sources, etc.

v/r,

Jason Pyeron

> -Original Message-
> From: Mohan T 
> Sent: Monday, September 16, 2019 12:05 AM
> To: users@tomcat.apache.org
> Subject: [tomcat-users] Password encryption in Tomcat 8.5.35
> 
> Hi,
> 
> We are using tomcat 8.5.35, on Red Hat Enterprise Linux Server release 7.4.
> 
> Is it possible to encrypt or mask passwords that is being used in the 
> datasource for connecting to
> database. I am mentioning the credentials in server.xml
> 
> Thanks
> 
> Mohan
> DISCLAIMER: This communication contains information which is confidential and 
> the copyright of Ramco
> Systems Ltd, its subsidiaries or a third party ("Ramco"). This email may also 
> contain legally
> privileged information. Confidentiality and legal privilege attached to this 
> communication are not
> waived or lost by reason of mistaken delivery to you.This email is intended 
> to be read or used by the
> addressee only. If you are not the intended recipient, any use, distribution, 
> disclosure or copying of
> this email is strictly prohibited without the express written approval of 
> Ramco. Please delete and
> destroy all copies and email Ramco at le...@ramco.com immediately. Any views 
> expressed in this
> communication are those of the individual sender, except where the sender 
> specifically states them to
> be the views of Ramco. Except as required by law, Ramco does not represent, 
> warrant and/or guarantee
> that the integrity of this communication has been maintained nor that the 
> communication is free of
> errors, virus, interception or interference. If you do not wish to receive 
> such communications, please
> forward this communication to market...@ramco.com and express your wish not 
> to receive such
> communications henceforth.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [tomcat-users] Re: SSLVerifyClient="optionalNoCA" stops working in tomcat 8.0.32?

[Jason Pyeron]

> -Original Message-
> From: Mark Thomas 
> Sent: Thursday, June 16, 2016 14:39
> To: Tomcat Users List
> Subject: [tomcat-users] Re: SSLVerifyClient="optionalNoCA" 
> stops working in tomcat 8.0.32?
> 
> On 16/06/2016 11:29, Florian Kleedorfer wrote:
> > Hi!
> > 
> > There was no response to my request on this list, so I filed a bug:
> > 
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=59616
> > 
> > However, this bug does not seem to get handled by the dev team.
> 
> If you want a guaranteed response time, you'll need to pay the going
> rate for commercial support.
> 
> > My problem is that our application stopped working with more recent
> > tomcat versions. We can deal with it for now, but we need a 
> solution at
> > some point.
> > 
> > What is the recommended course of action in this case?
> 

1. Disable native io first, try again.
2. make a reproducible test case.

-Jason


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [tomcat-users] How to force Tomcat to use the system clock?

[Jason Pyeron]

> -Original Message-
> From: Salisbury, Richard W DLA CTR INFORMATION OPERATIONS 
> Sent: Friday, March 06, 2015 16:29
> 
> Greetings,
> 
> We have found a need to stop and start Tomcat once in a while to allow

How long is a "while"?

> Tomcat to connect via HTTPS with some other servers.  We think the
> restart may be synchronizing the time Tomcat uses with the server OS
> system time, and we are looking for ways to prevent having to 
> stop/start
> Tomcat.

I want to start with, I am very skeptical to your observations. 

> 
> Details:
> Our instance of Tomcat 6.0.36 runs on HP-UX B11.31 ia64 with 
> JVM Version

JVM vendor?

> 1.7.0.08.  It hosts a custom servlet which, when invoked, 
> connects with
> a remote server via HTTPS to retrieve some data.  However, 

The webapp make an outbound HTTPS connection or a client makes a HTTPS 
connection to the webapp?

> after about a
> month the timestamp Tomcat sends in the SSL handshake appears to drift
> enough for the remote server's time to start rejecting 
> requests because
> the timestamp is too far off (according to our partner's remote
> application logs).  

How far off?

> 
> We have confirmed that our server clock is set correctly and 
> synced with
> NTP, and matches the system clock on the remote server, which 
> also uses
> NTP.  So one thing we thought might be happening is that 

What are the NTP stats? In otherwords, how stable is the system clock.

> Tomcat (or the
> Java that Tomcat runs on) may be keeping an internal clock, perhaps

It all boils down to: 

public static native long currentTimeMillis();

Even new java.util.Date() ->

public Date() {
this(System.currentTimeMillis());
}

That means all the "time" source in Java, and Tomcat come from the OS.

> using a separate thread as a way to speed up the retrieval of time so
> that it does not have to go to the OS system clock every time it needs
> the current time.  And maybe this internal clock is not 
> synced with the
> server time until Tomcat (or the JVM) is restarted.
>   
> If this is the case, would anyone have an idea of how to force Tomcat
> (or Java) to use the server's system clock every time instead of using
> its own internal clock?   We do not care about the performance hit on
> this because this is a low-volume application.  Or, if we are
> misunderstanding Tomcat and it actually uses the system clock 
> every time
> it needs to get the current time, is there something else we should be
> looking at?

Lets start withm can you add a simple JSP to your web app?

<%=System.currentTimeMillis()%>

Then periodically:

date && date -d "@$(curl -s http://127.0.0.1:8080/date.jsp)" && date

>   
> We have researched on the web, checked the Apache mail archives, read
> the Tomcat configuration guide, looked up the Java system options, but
> have not studied the Tomcat source code yet.  We did find 
> that there is
> a Java Wrapper product out there by Tanuki Software that provides an
> option to use system time or a background thread, which is what caused
> us to wonder if Tomcat might be doing something similar.
> 
> For more information on what the Tanuki wrapper does, here is 
> an excerpt
> we found on their website
> http://wrapper.tanukisoftware.com/doc/english/prop-use-system-
> time.html:
> "As of Wrapper version 3.1.0, a new timer mechanism was added to the
> Wrapper. This new timer was made the default in Wrapper version 3.2.0.
> Rather than keeping time by querying the system clock, the Wrapper
> creates a background thread which enters a light weight loop and
> increments an internal "tick" counter.  Internally all timekeeping has
> been modified to be based on these "ticks". (If the system 
> time is being
> used, then the tick count at any particular moment is calculated from
> the system time rather than from the counter.) "
> 
> Thanks in advance for any ideas that are shared. 
> Richard

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00. 


smime.p7s
Description: S/MIME cryptographic signature

RE: [tomcat-users] DISA compliance tomcat 7.0.53

[Jason Pyeron]

> -Original Message-
> From: Jason Ricles 
> Sent: Thursday, July 10, 2014 15:28
> 
> Where can I find a checklist so that I may make my tomcat server DISA
> compliant?

I think the term you are looking for is STIG compliant.

Please let us know more about the context, can you view the IASE
(http://iase.disa.mil/( site?

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Is there a method to submit a useful tidbit of knowledge?

[Jason Pyeron]

Well documented.

http://wiki.apache.org/tomcat/FAQ/Linux_Unix

IPv6 and the "-Djava.net.preferIPv4Stack=true" into JAVA_OPTS is a solution to a
common problem, even outside of the Tomcat world.

> -Original Message-
> From: Bill Miller [mailto:millebi.subscripti...@gmail.com] 
> Sent: Thursday, May 12, 2011 17:22
> To: 'Tomcat Users List'
> Subject: RE: Is there a method to submit a useful tidbit of knowledge?
> 
> Thanks Chuck! Update now in FAQ under Linux/Unix.
> 
> Bill
> -Original Message-
> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
> Sent: May 12, 2011 2:24 PM
> To: Tomcat Users List
> Subject: RE: Is there a method to submit a useful tidbit of knowledge?
> 
> > From: Bill Miller [mailto:millebi.subscripti...@gmail.com]
> > Subject: Is there a method to submit a useful tidbit of knowledge?
> 
> > Is there a Wiki/FAQ submission method where I could submit 
> the problem 
> > and the solution?
> 
> It's all DIY:
> 
> http://wiki.apache.org/tomcat/FAQ
> 
> Just register and have at it.
> 
>  - Chuck

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat6 still deleting XML files from Catalina/localhost when the system is booted [OT]

[Jason Pyeron]

> -Original Message-
> From: Jeffrey Janner 
> Sent: Thursday, March 24, 2011 17:56
> To: 'Tomcat Users List'
> Subject: RE: tomcat6 still deleting XML files from 
> Catalina/localhost when the system is booted
> 
> > -Original Message-
> > From: Robinson, Eric [mailto:eric.robin...@psmnv.com] The idea of 
> > having a loop in the script that waits for the directory to 
> be mounted 
> > sounds problematic to me. We have 75 instances of tomcat, so
> > 75 startup scripts. Even though they all start with S96, I 
> assume the 
> > system picks one to start with, so that's the one that would spin 
> > waiting for the NFS mount. Then the others would run quickly after 
> > that.
> 
> Init will run the S96 scripts in alphabetical order, if 
> that helps you pick which one script to modify.
> 
> Q: What happens to those 75 instances when the NFS directory 
> goes off-line during production?

It triggers a stock option liquidation script.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat6 still deleting XML files from Catalina/localhost when the system is booted

[Jason Pyeron]

> -Original Message-
> From: Robinson, Eric [mailto:eric.robin...@psmnv.com] 
> Sent: Tuesday, March 22, 2011 13:30
> To: Tomcat Users List
> Subject: RE: tomcat6 still deleting XML files from 
> Catalina/localhost when the system is booted
> 
> 
> > --
> > > On 22/03/2011 17:04, Robinson, Eric wrote:
> > > >  > > >  debug="1" reloadable="false">
> > > > 
> > >
> > > So are nfs mounts being used? If so, my guess is that the
> > mount isn't
> > > available when Tomcat starts which triggers the undeploy.
> > >
> > > Mark
> > >
> > 
> > That certainly seems to make sense. Would undeploy actually 
> delete the 
> > XML file? And would that happen even if autoDeploy="false"?
> > 
> 
> [Nick]
> 
> > Yes, for sure, to deleting the .XML file. I'm reasonably confident 
> > autoDeploy="false" doesn't affect undeploys. Even if it does, 
> > autoDeploy="false" only matters when the server is already 
> running. It 
> > does NOT matter when the server is started (i.e., even with 
> > autoDeploy="false", a WAR file would get auto-deployed when 
> the server 
> > was started, just not if it was added when the server was already 
> > running).
> > 
> > N
> > 
> 
> Good grief, thanks Mark and Nick. I am confident that we 
> found our culprit! Now I just need to figure out how to make 
> sure the tomcat scripts don't run until after the NFS mount 
> is available. I can't wait to implement these changes. Thanks again!

#!/bin/bash
#
# httpdStartup script for the Apache HTTP Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server.  It is used to serve \
#  HTML files and CGI.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd.pid

See the line with chkconfig - S## E##?

Put those in your config before doing a chkconfig add, and it will cause them to
start in that order. Make sure they start after nfs and die before nfs and you
should be golden.


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Populating Oracle v$session.program from Tomcat Context.xml

[Jason Pyeron]

> -Original Message-
> From: chris derham
> Sent: Wednesday, March 16, 2011 15:41
> To: Tomcat Users List
> Subject: Re: Populating Oracle v$session.program from Tomcat 
> Context.xml
> 
> > We'd like to be able to tell apart database sessions from 
> the 15 or so 
> > tomcat applications we have running on our web-servers. 
> Most of them 
> > use similar logins, so we can't query the username from 
> gv$session. We 
> > were hoping to instead query to program field to tell them apart.
> >
> > We were able to make this functionality work with the thin 
> client, but 
> > we'd rather use the OCI client because it allows our web-apps to 
> > reconnect to the database service after a loss of connectivity (say 
> > during a cluster node reboot).
> >
> > You seem to be restating the original question. Did you try 
> using dbcp
> connection pool, and executing a Oracle command as the 
> connection is created to specify some context parameter? 
> Without any feedback, its kind of hard to help further. I 
> assume that it didn't work as you have seem to have asked the 
> original question again. So what problems did you encounter?


The problem he appears to be encountering is that he is unable to customize the
value in v$session.program. The reason for the problem is that he does not know
how to do it either when using the OCI jdbc driver (it is likely not possible).


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Populating Oracle v$session.program from Tomcat Context.xml

[Jason Pyeron]

 

> -Original Message-
> From: Dan
> Sent: Wednesday, March 16, 2011 14:34
> To: Tomcat Users List
> Subject: Re: Populating Oracle v$session.program from Tomcat 
> Context.xml
> 
> We'd like to be able to tell apart database sessions from the 
> 15 or so tomcat applications we have running on our 
> web-servers. Most of them use similar logins, so we can't 
> query the username from gv$session. We were hoping to instead 
> query to program field to tell them apart.
> 
> We were able to make this functionality work with the thin 
> client, but we'd rather use the OCI client because it allows 
> our web-apps to reconnect to the database service after a 
> loss of connectivity (say during a cluster node reboot).

I want to put a fram of reference on this.

Remember the OCI client uses OS resources to connect, as such it is going to
pull the process name from the OS and java applications are not OS level
precesses, you do not see them in the output of /bin/ps or taskmgr.exe.

> 
> So far though we've had no luck in getting it to work with 
> OCI. Most of the suggestions and info out on the web imply 
> that the best way to do it with OCI is programmatically from 
> the java app. That's the dilemma. Do we have to take the time 
> to change our apps to populate the program field, or can we 
> do it from the context.xml file from our app?
> 
> On Tue, Mar 15, 2011 at 8:23 PM, Jorge Medina 
>  wrote:
> > What is the problem that you are trying to solve?
> >
> > On Mon, Mar 14, 2011 at 4:25 PM, Dan  wrote:
> >> On Mon, Mar 14, 2011 at 11:25 AM, Dan 
>  wrote:
> >>> On Mon, Mar 14, 2011 at 10:57 AM, chris derham 
>  wrote:
> >>>>> We have some working tomcat 6 instances that we'd like 
> to identify
> >>>>
> >>>>
> >>>> Can you use the combination of machine and schema name 
> to identify 
> >>>> the instance? You didn't detail your environment, but if 
> you have a 
> >>>> cluster, then the machine name would uniquely identify the 
> >>>> instance. If you have multiple different instances on the same 
> >>>> machine, then surely the schema name would allow you to identify 
> >>>> which user it is? This covers all possibilities unless you have 
> >>>> different apps on the same machine in different tomcat 
> instances talking to the same schema.
> >>>>
> >>>> Chris
> >>>>
> >>>
> >>> We are running all of our web-applications from two machines, and 
> >>> they all use the same schema/username, so unfortunately I 
> need the 
> >>> program, client_info, module, etc field to identify them.
> >>>
> >>> We are running a RAC, and I'm querying gv$session which 
> should get 
> >>> me all cluster member connections.
> >>>
> >>> As David said, this does work with the thin driver, but I 
> need the 
> >>> service/load balancing functionality from OCI. Any more 
> suggestions 
> >>> are welcome!
> >>>
> >>
> >> Does anyone else have any additional thoughts on this? I'd sure 
> >> appreciate more input.
> >>
> >> TIA,
> >>
> >> Dan

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
> Sent: Wednesday, February 23, 2011 10:38
> To: Tomcat Users List
> Subject: Re: Secure AJP over ssl
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Mark,
> 
> On 2/23/2011 10:36 AM, Mark Thomas wrote:
> > On 23/02/2011 15:32, Christopher Schultz wrote:
> >> Mladen,
> >>
> >> On 2/23/2011 3:00 AM, Mladen Turk wrote:
> >>> What do you think happens when encrypted data from client 
> comes in 
> >>> and is encrypted again and send to the client?
> >>> It's unencrypted in the memory and anyone with access to 
> the box can 
> >>> just inspect the content of the httpd process in the same 
> way it can 
> >>> read the data on the socket.
> >>> So since persons which are authorized to login to the Apache and 
> >>> Tomcat box have the option to view the data, your entire 
> security is 
> >>> still human based.
> >>
> >> I think he's talking about network sniffing (like another 
> node on the 
> >> network operating in promiscuous mode), not an untrusted 
> box administrator.
> >>
> >>> That's why I see no point of encrypting the data transfer between 
> >>> those boxes cause you can just as well make sure the 
> proper persons 
> >>> have the network access.
> >>
> >> I certainly agree with this.
> >>
> >> Anyhow, to answer the OP's question, there are really 
> three options:
> >>
> >> 1. SSH tunnel

I think I am going to use stunnel in xinetd.

> >>
> >> 2. Encrypted VPN (OpenVPN is quite good and will auto-reconnect if
> >>necessary while ssh generally won't).
> >>
> >> 3. Switch to mod_proxy_http and use an https:// URL with Mark's
> >>indicated settings.

I am glad to have this cleared up.

> >>
> >> These options are roughly in order of performance from 
> best to worst:
> >> setting up an HTTPS connection is expensive and I'm not 
> entirely sure 
> >> how mod_proxy_http does connections, but I suspect it creates and 
> >> tears-down for each request (i.e. no keepalives, or at 
> least limited ones).
> >>
> >> Encrypted VPNs are simply more complicated than an SSH tunnel and 
> >> require slightly more overhead. An SSH tunnel is dead 
> simple and only 
> >> negotiates a symmetric key once at connect time (okay, and then 
> >> re-negotiates at intervals) but lacks the robustness of a VPN.
> > 
> > I disagree with that assessment. mod_proxy_http is by far 
> the simplest 
> > way to go and it does use keep-alive.
> 
> Good to know that mod_proxy_http uses keepalive. I was 
> recommending the others since the OP seems wedded to AJP. 
> Also, if there is any other traffic to encrypt (JDBC, etc.) 
> the VPN would handle that, too.

It is not that I am wedded to any particular implementation, it is just each
change requires board approval.

A change for reconfiguring the enabled modules in apache. [we can skip this if
we stay with mod_proxy_ajp, as it was already approved]
A change for opening up a port on the apache box








--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

> -Original Message-
> From: Mladen Turk [mailto:mt...@apache.org] 
> Sent: Wednesday, February 23, 2011 3:01
> To: users@tomcat.apache.org
> Subject: Re: Secure AJP over ssl
> 
> On 02/22/2011 11:23 PM, Jason Pyeron wrote:
> >> -Original Message-
> >
> > That is a naive view. [Please forgive the wording.]
> >
> 
> None taken.
> 
> > Given:
> >
> > 1) The Apache box is secure and login is restricted to the 
> minimum set 
> > of persons with a kneed to know.
> > 2) The Tomcat box is secure and login is restricted to the 
> minimum set 
> > of persons with a kneed to know.
> >
> > There is no reason to allow the set of persons capable (and 
> sometimes
> > authorized) to inspect the data on a network (network 
> operations) to 
> > be able to inspect the unsecured contents of the data stream. That 
> > would be a briech of security and law.
> >
> 
> I just waited you mention that :)
> What do you think happens when encrypted data from client 
> comes in and is encrypted again and send to the client?
> It's unencrypted in the memory and anyone with access to the 
> box can just inspect the content of the httpd process in the 
> same way it can read the data on the socket.
> So since persons which are authorized to login to the Apache 
> and Tomcat box have the option to view the data, your entire 
> security is still human based. That's why I see no point of 

Yes, the list includes 4 people.

> encrypting the data transfer between those boxes cause you 
> can just as well make sure the proper persons have the network access.
> 

That list includes 78 people.

> However I can live with the 'law' reason, but that doesn't 
> mean it's a secure just because the 'law' says it is.

I see it as there is no excuse not to encrypt it when it crosses security domain
boundaries.



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

> -Original Message-
> From: Mladen Turk [mailto:mt...@apache.org] 
> Sent: Tuesday, February 22, 2011 1:20
> To: users@tomcat.apache.org
> Subject: Re: Secure AJP over ssl
> 
> On 02/21/2011 10:31 PM, Jason Pyeron wrote:
> > Does (or could) tomcat 5.5 support encrypted AJP? The 
> frontend apache 
> > will be on a different host than the tomcat server. It is required 
> > that the communications are encrypted.
> >
> 
> I would suggest you reconsider your security requirements.

Cordially, no.

> Unless your frontend and backend are on different continents 
> the best way to fight wire tapping (only reason why would you 

Yes. You hit the nail on the head, besides being required by law.

> secure the communication at the first place) is much better 
> done with securing your infrastructure.

That is a naive view. [Please forgive the wording.]

Given:

1) The Apache box is secure and login is restricted to the minimum set of
persons with a kneed to know. 
2) The Tomcat box is secure and login is restricted to the minimum set of
persons with a kneed to know. 

There is no reason to allow the set of persons capable (and sometimes
authorized) to inspect the data on a network (network operations) to be able to
inspect the unsecured contents of the data stream. That would be a briech of
security and law.

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

 

> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org] 
> Sent: Monday, February 21, 2011 17:26
> To: Tomcat Users List
> Subject: Re: Secure AJP over ssl
> 
> On 21/02/2011 22:19, Jason Pyeron wrote:
> >> -Original Message-
> >> From: Mark Thomas
> >> Sent: Monday, February 21, 2011 17:15
> >> To: Tomcat Users List
> >> Subject: Re: Secure AJP over ssl
> >>
> >> On 21/02/2011 21:31, Jason Pyeron wrote:
> >>> Does (or could) tomcat 5.5 support encrypted AJP?
> >>
> >> No.
> >>
> >>> Would I be best off using stunnel?
> >>
> >> Also, no.
> >>
> >> Use mod_proxy_http and proxy over https.
> > 
> > Then we would loose the is_secure handling of AJP, as well as the 
> > client certificates of the web application clients. That is the 
> > purpose of mod_proxy_ajp, among others.
> 
> No you wouldn't. That all works (with a little more 
> configuration) with mod_proxy_http.
> 

Where are the docs for certificate chaining with mod_proxy? I have not found
any.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

> -Original Message-
> From: Mark Thomas 
> Sent: Monday, February 21, 2011 17:15
> To: Tomcat Users List
> Subject: Re: Secure AJP over ssl
> 
> On 21/02/2011 21:31, Jason Pyeron wrote:
> > Does (or could) tomcat 5.5 support encrypted AJP?
> 
> No.
> 
> > Would I be best off using stunnel?
> 
> Also, no.
> 
> Use mod_proxy_http and proxy over https.

Then we would loose the is_secure handling of AJP, as well as the client
certificates of the web application clients. That is the purpose of
mod_proxy_ajp, among others.



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Secure AJP over ssl

[Jason Pyeron]

Does (or could) tomcat 5.5 support encrypted AJP? The frontend apache will be on
a different host than the tomcat server. It is required that the communications
are encrypted.

Would I be best off using stunnel?

My googleing has led me astray to
http://download.oracle.com/docs/cd/E13789_01/bh.100/e13791/ajp.htm 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat in CentOS 5.5

[Jason Pyeron]

> -Original Message-
> From: Christian Garling 
> Sent: Monday, January 31, 2011 10:37
> To: Tomcat Users List
> Subject: Tomcat in CentOS 5.5
> 
> Hi there,
> 
> I am new on this list, so first I want to say hello to you. 
> But now to my problem.
> 
> We develop software for the touristical branch which runs 
> mainly under CentOS. Our customers are big companies. Of 
> course they have SLAs with their server providers, so they 
> cant use any software version they want. 

Centos 5.5 is not covered by an SLA, you should use RHEL 5 (and I belive the
current patch version is 5.6)

> CentOS 5.5 ships Tomcat 6.0.18, so this version is available 
> at customers site. The developer who writes the java parts of 
> our application told me, that we cant use the Tomcat version 
> shipped with CentOS, because it has too many bugs. But if we 
> use another one, we break with customers SLAs. I might be 
> true, that there are bugs in Tomcat 6.0.18, but CentOS is an 
> enterprise operating system. I can not believe that these 

Yes the upsream provider Red Hat may provide fixes, you should look at the
src.rpm files for tomcat to see.

> bugs are not fixed with patches there. Can somebody shed some 
> light into this?
> 

In you situation we would install a version of Tomcat suited to the
Customer/Task in /var/opt/apache/tomcat/version and create a SysV init script
and plug it into the vendors mod_ajp facility.

> Best regards, Christian
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Setup Advice Needed: dev vs. test vs. production

[Jason Pyeron]

> -Original Message-
> From: Susan G. Conger 
> Sent: Friday, January 21, 2011 13:30
> To: 'Tomcat Users List'
> Subject: RE: Setup Advice Needed: dev vs. test vs. production
> 
> I hear you.  But in our environment it just isn't feasible to 
> install three different tomcats on the customer's system.  So 

You are telling all there is about your situation, how about you explain your
constraints, and why they are so.

> I was trying to come up with a way to do this without having 
> to rename a bunch of stuff.  If it was running on a different 
> virtual host for each environment or different ports.

I am not sure I am following you on this statement.

> Can Tomcat be setup so 3 VM instances are ran under one 
> tomcat installation?

Do you mean one TOMCAT_HOME?

> With the constraint that only one tomcat can be installed on 
> the system what is the best way to run 3 separate environments?

The answer is don't. If you cannot have more than 1 tomcat in the enterprise,
then you should schedule downtime for the production system, to do your testing.
Undeploy the prod.war and deploy the test.war or dev.war. When done, undeploy
then deploy the prod.war.

> 
> Thanks,
> Susan
> 
> -Original Message-
> From: Caldarale, Charles R 
> Sent: Friday, January 21, 2011 1:15 PM
> To: Tomcat Users List
> Subject: RE: Setup Advice Needed: dev vs. test vs. production
> 
> > From: Susan G. Conger [mailto:cong...@yoeric.com]
> > Subject: Setup Advice Needed: dev vs. test vs. production
> 
> > I don't want to install 3 instances of tomcat on the 
> customers machine 
> > for running the different environments.
> 
> I strongly suggest you rethink that, and use at least three 
> separate Tomcat instances.  Trying to run everything in one 
> instance puts production at a severe risk of failure should 
> anything in the dev or test environment have a problem (e.g., 
> infinite loop, heap overflow).  Given the extremely low cost 
> of hardware (or VMs) these days, I'd have the test and prod 
> systems on different boxes or VMs, and let each developer run 
> their own Tomcat instance on their own workstation.
> 


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Request Line Truncated and Caused 501

[Jason Pyeron]

> -Original Message-
> From: Yuesong Wang 
> Sent: Thursday, January 20, 2011 10:41
> To: Tomcat Users List
> Subject: Re: Request Line Truncated and Caused 501
> 
> Thanks. I tried 6.0.30, but under heavy load in our 
> production environment, its memory usage shot up in a matter 
> of minutes and we had to bring it down. We did not see that in 6.0.29.

The patch should easily back port.

> On Jan 19, 2011, at 5:59 PM, Mark Thomas wrote:
> 

> > 
> > Known issue. Fixed in 6.0.30.
> > http://issues.apache.org/bugzilla/show_bug.cgi?id=50072
> > 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Request Line Truncated and Caused 501

[Jason Pyeron]

> -Original Message-
> From: Mark Thomas [mailto:ma...@apache.org] 
> Sent: Wednesday, January 19, 2011 17:59
> To: Tomcat Users List
> Subject: Re: Request Line Truncated and Caused 501
> 
> On 19/01/2011 19:54, Yuesong Wang wrote:
> > Hi,
> > 
> > I have tomcat 6.0.29 configured using the NIO connector 
> running on linux. My access log shows strange 501 errors like this:
> 
> Known issue. Fixed in 6.0.30.
> http://issues.apache.org/bugzilla/show_bug.cgi?id=50072

Very nice, good memory on the bug, just read the patch.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Request Line Truncated and Caused 501

[Jason Pyeron]

> -Original Message-
> From: Christopher Schultz 
> Sent: Wednesday, January 19, 2011 17:50
> To: Tomcat Users List
> Subject: Re: Request Line Truncated and Caused 501
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> Jason,
> 
> On 1/19/2011 3:05 PM, Jason Pyeron wrote:
> >> -Original Message-
> >> From: Yuesong Wang > Sent: Wednesday, January 19, 2011 14:55
> >> To: users@tomcat.apache.org
> >> Subject: Request Line Truncated and Caused 501
> >>
> >> Hi,
> >>
> >> I have tomcat 6.0.29 configured using the NIO connector running on 
> >> linux. My access log shows strange 501 errors like this:
> >>
> > 
> > Does the NIO think it is on windows?
> 
> Why would that matter?

Seen problems like this in perl, oracle, and may other things written for
windows run on non-windows.

> 
> >> 86.24.156.114 - - [19/Jan/2011:14:41:28 -0500] "eferer: 
> >> /static/r07/sh30.html " 501 1235 "-" "-"
> >> 41.203.64.251 - - [19/Jan/2011:14:39:18 -0500] "ET  >> url> HTTP/1.1" 501 1220 "" "Mozilla/4.0
> >> (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.6; 
> >> SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; 
> >> Media Center PC 6.0; CPNTDF; .NET4.0C)"
> >>
> > 
> > If chomping off the 0x0A when there is none, you could get this.
> 
> HTTP protocol says lines end with CR LF.
> 

Then is the client not sending it and the tomcat code skipping... (I did see the
no leading CRLF below)

> Perhaps the client is broken? It says MSIE, so it probably is. :)
> 
> The first line of the request shouldn't contain a leading CR 
> or LF and should start with an HTTP verb (like GET). It looks 
> like "GET" is being truncated to "ET" at some point.

Good point.

> 
> >> I
> >> thought it had to do with the maxHttpHeaderSize being too 
> small, and 
> >> tried to reproduce it but couldn't. I suspect the http 
> request itself 
> >> is malformed, but can't be sure because I can't get to the raw 
> >> request (RequestDumperValve happens after the raw request 
> is parsed I 
> >> think).
> >>
> >> Any idea what the problem may be or how to go about investigating 
> >> this?
> 
> Can you search your access log for requests that don't start 
> with valid HTTP verbs? That might help you narrow down what 
> conditions cause the requests to get mangled. Maybe there 
> really is some broken client out there.
> 
> What % of requests does this represent? What opportunities do 
> you have to reconfigure the server and continue to collect data?
> 

And can this be reproduced?


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Request Line Truncated and Caused 501

[Jason Pyeron]

> -Original Message-
> From: Yuesong Wang > Sent: Wednesday, January 19, 2011 14:55
> To: users@tomcat.apache.org
> Subject: Request Line Truncated and Caused 501
> 
> Hi,
> 
> I have tomcat 6.0.29 configured using the NIO connector 
> running on linux. My access log shows strange 501 errors like this:
> 

Does the NIO think it is on windows?

> 86.24.156.114 - - [19/Jan/2011:14:41:28 -0500] "eferer: 
> /static/r07/sh30.html " 501 1235 "-" "-"
> 41.203.64.251 - - [19/Jan/2011:14:39:18 -0500] "ET  url> HTTP/1.1" 501 1220 "" "Mozilla/4.0 
> (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; 
> GTB6.6; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET 
> CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)"
> 

If chomping off the 0x0A when there is none, you could get this.

> It seems something went wrong while reading the request, and 
> a rather random chunk is treated as the request uri. I 
> thought it had to do with the maxHttpHeaderSize being too 
> small, and tried to reproduce it but couldn't. I suspect the 
> http request itself is malformed, but can't be sure because I 
> can't get to the raw request (RequestDumperValve happens 
> after the raw request is parsed I think).
> 
> Any idea what the problem may be or how to go about 
> investigating this?

Try using a low level tool like curl to reproduce problems.





--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Intercept Tomcat log [OT]

[Jason Pyeron]

> -Original Message-
> From: André Warnier
> Sent: Friday, December 31, 2010 11:03
> To: Tomcat Users List
> Subject: Re: Intercept Tomcat log
> 
> ;-)
> 
> I agree. But then why did you start bottom-posting after the 
> previous person top-posted ? 
> That was confusing too.
> 
>  > Yes they do, when they start top-posting after someone 
> else bottom-posted, it gets confusing.
> 
> Nobody forces you to.
> 
>  > But I don't.
> 
> Yes, but some people prefer it this way.
> 
>  > Because it ruins the logical flow of the conversation.
> 
> Why not ?
> 
> Jason Pyeron wrote:
> > 
> > Please do not top post.
> > 

I am dizzy.


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Intercept Tomcat log

[Jason Pyeron]

> -Original Message-
> From: Igor Simões [mailto:igor.americ...@gmail.com] 
> Sent: Friday, December 31, 2010 4:51
> To: Tomcat Users List
> Subject: Re: Intercept Tomcat log
> 
> The offline processing of tomcat log files is the first 
> option, but we were looking for something that could allow us 
> to do on-line processing, or processing with short delay time.
> 
> Unhappily the corporation I work don't have pearl on the list 
> of languages with official production environment setup.
> 

Please do not top post.

> Thanks!
> 
> 2010/12/30 André Warnier 
> 
> > Mikolaj Rydzewski wrote:
> >
> >>
> >> On Thu, 30 Dec 2010 13:28:02 -0200, Igor Simões 
> >> 
> >> wrote:
> >>
> >>  Is there any way to intercept log entries?
> >>>

I am going to answer this with a java.util.logging point of view.

You can install multiple handlers
(http://download.oracle.com/javase/6/docs/api/java/util/logging/Handler.html),
even dynamically.

You can attach this to the root logger "" or a specific level "com.ice-sa" etc.

Following a pattern like the MemoryHandler you can even report back logs upon a
triggering condition.

-Jason 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Issues on startup for tomcat 5.5 on RHEL 5.5

[Jason Pyeron]

> -Original Message-
> From: Konstantin Kolinko 
> Sent: Wednesday, December 08, 2010 9:35
> To: Tomcat Users List
> Subject: Re: Issues on startup for tomcat 5.5 on RHEL 5.5
> 
> 2010/12/8 Jason Pyeron :
> >> > java.io.IOException: IOException writing to 
> >> > /usr/share/tomcat5/conf/tomcat-users.xml.new
> >>
> >> What you do not understand in the above message?
> >> Tomcat saves the file to a new name, then renames it.
> >>
> >
> > I understand the message, it says tomcat cannot write that 
> file. What 
> > I do not understand is how it cannot write that file.
> >
> 
> Try to create that file. Maybe that'd give you some additional clue.
> Maybe the file is already there, or maybe Tomcat runs not 
> under the user that you are expecting (or that user is non a 
> member of the "tomcat" group).

Maybe I forgot to mention in my original post, that the tomcat user can create
and modify files in that directory, further that I checked the selinux log file
while the error was happening and there was no relevant output. 

> 
> Anyway, I certainly recommend you to set readonly="true". [1]
> 

It is set to readonly now. But there was some change on the system, which caused
it to stop working in readwrite mode. Tomcat had been installed and functioning
every week for many months now.

> >> BTW, it is possible to set readonly="true" on the 
> UserDatabase entry 
> >> in server.xml and Tomcat won't try to write that file. (In 
> Tomcat 6+ 
> >> readonly flag is "true" by default).
> >>
> 
> [1] 
> http://tomcat.apache.org/tomcat-5.5-doc/jndi-resources-howto.h
tml#UserDatabase_Resources

I do not have any use for built in user authentication. I will eventually try to
disable it entirely.


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Issues on startup for tomcat 5.5 on RHEL 5.5

[Jason Pyeron]

> -Original Message-
> From: Konstantin Kolinko 
> Sent: Wednesday, December 08, 2010 0:29
> To: Tomcat Users List
> Subject: Re: Issues on startup for tomcat 5.5 on RHEL 5.5
> 
> 2010/12/7 Jason Pyeron :
> >
> > The permissions on /usr/share/tomcat5/conf/ are 775 and 
> owned by root.tomcat.
> 
> It is a bad idea to have the configuration files world-readable.
> 
> Especially tomcat-uses.xml and server.xml.
> 
> 

That is a valid point but not the issue at hand.

> > java.io.IOException: IOException writing to 
> > /usr/share/tomcat5/conf/tomcat-users.xml.new
> 
> What you do not understand in the above message?
> Tomcat saves the file to a new name, then renames it.
> 

I understand the message, it says tomcat cannot write that file. What I do not
understand is how it cannot write that file.

> BTW, it is possible to set readonly="true" on the 
> UserDatabase entry in server.xml and Tomcat won't try to 
> write that file. (In Tomcat 6+ readonly flag is "true" by default).
> 
> > cat /etc/tomcat5/tomcat-users.xml
> 
> This file is not in "/usr/share/tomcat5/conf/"
> 

Right, that is a symlink to /etc/tomcat5, which has all the properties as
decribed for /usr/share/tomcat5/conf/ (if I had tested /usr/share/tomcat5/conf
then the information provided would have been for the symlink and not the
target)


So the question remains, what could have changed on the RHEL 5.5 system between
last week and present to make tomcat complain. Unfortunatly the backups of the
system were only on /usr/local and /home so theyt were of no help and the rpm
log only indicates a kerbos update.

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Issues on startup for tomcat 5.5 on RHEL 5.5

[Jason Pyeron]

I am not sure what happened but something changed in the last week and now
tomcat does not want to start up. All my googling points to a selinux or
permission problem. I have reviewed audit.log and verified that the tomcat user
can write, modify and delete file in the directoy. Any suggestion would be
appreciated.

The permissions on /usr/share/tomcat5/conf/ are 775 and owned by root.tomcat.

cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)

cat /var/log/tomcat5/catalina.out
Using CATALINA_BASE:   /usr/share/tomcat5
Using CATALINA_HOME:   /usr/share/tomcat5
Using CATALINA_TMPDIR: /usr/share/tomcat5/temp Using JRE_HOME:
Dec 7, 2010 10:13:35 AM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in
production environments was not found on the java.library.path:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm
/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-openjdk
-1.6.0.0.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:
/lib:/usr/lib
Dec 7, 2010 10:13:35 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080 Dec 7, 2010 10:13:35 AM
org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 502 ms Dec 7, 2010 10:13:35 AM
org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.io.IOException: IOException writing to
/usr/share/tomcat5/conf/tomcat-users.xml.new
at
org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:554)
at
org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUser
DatabaseFactory.java:104)
at
org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java
:140)
at
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
at org.apache.naming.NamingContext.lookup(NamingContext.java:793)
at org.apache.naming.NamingContext.lookup(NamingContext.java:140)
at
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(NamingCon
textBindingsEnumeration.java:113)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnu
meration.java:71)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:137)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:109)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(Globa
lResourcesLifecycleListener.java:81)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.ja
va:120)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:693)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Dec 7, 2010 10:13:35 AM
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener createMBeans
SEVERE: Exception processing Global JNDI Resources
javax.naming.NamingException: IOException writing to
/usr/share/tomcat5/conf/tomcat-users.xml.new
at org.apache.naming.NamingContext.lookup(NamingContext.java:805)
at org.apache.naming.NamingContext.lookup(NamingContext.java:140)
at
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(NamingCon
textBindingsEnumeration.java:113)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnu
meration.java:71)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:137)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:109)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(Globa
lResourcesLifecycleListener.java:81)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.ja
va:120)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:693)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43)
at java.lang.re

RE: Modifying logging levels logged in catalina.out at runtime

[Jason Pyeron]

 

> -Original Message-
> From: Mark Eggers [mailto:its_toas...@yahoo.com] 
> Sent: Wednesday, December 01, 2010 15:20
> To: Tomcat Users List
> Subject: Re: Modifying logging levels logged in catalina.out 
> at runtime
> 
> Hopefully you're not creating custom logging levels. Creating 

Nope, plain jane.

> custom logging levels is the classic way to create 
> classloader leaks. See the following as an
> example:
> 
> http://blogs.sun.com/fkieviet/entry/classloader_leaks_the_dreaded_java
> 
> You can create a logging.properties file and place it in 
> WEB-INF/classes. You can then change this file, rebuild your 
> application, and redeploy it without taking down Tomcat.

Good idea, whould still like to do it without taking down the webapp (that was
the intention behind not restarting tomcat)

> 
> You could also add a WatchedResource element to your Context 
> and point it at WEB-INF/classes/logging.properties. When that 
> file is changed, Tomcat will reload the application.
> 
> See: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
> 
> I'm not really sure you want to do the WatchedResource 
> configuration in a production environment though . . .
> 
> . . . . just my two cents.

Our new applications are putting in a management console to adjust the logging
setting, but legacy applications sometimes need to be debugged with out
restarting them. Think about leaks where the problem shows up only after 3
months of running.

> - Original Message 
> From: Jason Pyeron 
> To: Tomcat Users List 
> Sent: Wed, December 1, 2010 11:59:28 AM
> Subject: Modifying logging levels logged in catalina.out at runtime
> 
> This may be slightly off-topic.
> 
> I'll start off with I know how to do this from inside the 
> webapp's code and how to do it by modifing properties files 
> on the system at tomcat startup. But how can it be done from 
> outside the webapp with out restarting tomcat?
> 
> We are using java.util.logging on tomcat 5.5.23 using jdk 1.6.0_17.



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Modifying logging levels logged in catalina.out at runtime

[Jason Pyeron]

This may be slightly off-topic.

I'll start off with I know how to do this from inside the webapp's code and how
to do it by modifing properties files on the system at tomcat startup. But how
can it be done from outside the webapp with out restarting tomcat?

We are using java.util.logging on tomcat 5.5.23 using jdk 1.6.0_17.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How to source jobs/talent was RE: Tomcat Consultant

[Jason Pyeron]

> -Original Message-
> From: André Warnier [mailto:a...@ice-sa.com] 
> Sent: Friday, November 19, 2010 2:37
> To: Tomcat Users List
> Subject: Re: How to source jobs/talent was RE: Tomcat Consultant
> 
> Jason Pyeron wrote:
> ...
> > 
> > Disclaimer: We perform many types J2EE consulting.
> > 
> proofreading ?

It should have read: Disclaimer: We perform many types of J2EE consulting.

Touché. One should not write emails while eating dinner. But I think the message
was clearly constructive. 

I did notice that the FAQ (http://wiki.apache.org/tomcat/FAQ) does not mention
how to request consulting services or post jobs. But there is a page
(http://www.apache.org/info/support.cgi) dedicated to commercial support of
Apache products. 

I have always liked the way Bugzilla organizes their site, so any user looking
for the mailing list (http://www.bugzilla.org/support/) also found the link to
the consulting registry (http://www.bugzilla.org/support/consulting.html).

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

How to source jobs/talent was RE: Tomcat Consultant

[Jason Pyeron]

There are going to be a lot of nit picks in this message.

> -Original Message-
> From: tdelesio [mailto:tdele...@gmail.com] 

Use a company email, this just looks unprofessional. I would never reply to it
to negotiate a contract or ask for a job.

> Sent: Friday, September 24, 2010 13:25
> To: users@tomcat.apache.org
> Subject: Tomcat Consultant
> 
> 
> My fortune 500 company is testing a pilot for switching over 

Again don't be anonymous.

> a J2EE web app over from Web Sphere application server to 

What WS specific APIs are used in the application?

> Tomcat and we are looking for a consultant to setup a crusted 

Proof read your postings.

> production instance of tomcat.  Does anyone have any 

What area of the world? What size is the project? Timeframe?

> recommendations for a top notch consulting firm that could 
> provide these services?

Did you do a google search for tomcat consultants?

-Jason Pyeron

Disclaimer: We perform many types J2EE consulting.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Ya gotta love it... [OT]

[Jason Pyeron]

> -Original Message-
> From: David kerber [mailto:dcker...@verizon.net] 
> Sent: Friday, October 01, 2010 14:32
> To: Tomcat Users List
> Subject: Ya gotta love it...
> 
> When you can fix a long standing bug simply by deleting 60 or 
> 80 lines of code and modifying 6 other lines.

?

> 
> Of course, it's kind of embarrassing that I allowed that bug 
> to creep in in the first place...

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Calling a CGI script from Servlet

[Jason Pyeron]

 

> -Original Message-
> From: troylparr...@aol.com [mailto:troylparr...@aol.com] 
> Sent: Sunday, August 01, 2010 8:19
> To: users@tomcat.apache.org
> Subject: Re: Calling a CGI script from Servlet
> 
> 
> 
> 
> Mark,
> 
> Thanks for the reply. I am using Tomcat 6.0.20.  The script 
> is located in WEB-INF/cgi and in the call I am using an absolute path:
> 
> //System Call
> String[cmd] = {"python", 
> 'home/troy/NetBeansProjects/GSMFilter/web/WEB-INF/cgi/helloWor

Do you mean /home?

> ld.py", "-c"}; Runtime rt = Runtime.getRuntime(); Process proc = >
rt.exec(cmd); int exitVal = proc.waitFor();
> 
> //Write exit value to file - Get value of zero 
> toFile.write("" + exitVal);
> 
> MY ORIGINAL POST: 
> 
> I am new to configuring tomcat (I have run it for a few years 
> as it is packaged with Netbeans) and new to linux and I am 
> stuck on a particular problem.
> 
> I have a project in which I am trying to call a python code 
> from a servlet.  I am using tomcat6 on Ubuntu 10.04.  I have 
> used both Runtime.exec() as well as ProcessBuilder to make 
> the call.  I have completely copied the code from the 
> JavaWorld article When Runtime.exec() won't 
> (http://www.javaworld.com/javaworld/jw-12-2000/jw-1229-traps.h
tml). ; I have granted full permissions on all the files (read, > write and
execute).  When I get an exit value on the 
> execution of the script I get a value of 0 (zero).  I am able 
> to execute the script from a simple java program in this 
> environment (tomcat and Ubuntu) using the same syntax but not 
> in the servlet.  I am able to execute the script from the 
> servlet in Ubuntu 10.04 from glassfish and I am able to 
> execute the script from the servlet in tomcat6 in a windows 
> environment.  However, when I try to execute the script from 
> the servlet in tomcat6 and Ubuntu 10.04 - nothing - even 
> though I get the exit value of zero, I get the zero value 
> returned but no action from the script (all it does is open 
> the default browser).
> 
> I have made the following changes in my tomcat installation:
> 
> Uncommented the following in the web.xml:
> 
>  
> cgi
> 
> org.apache.catalina.servlets.CGIServlet
> 
>   debug
>   0
> 
> 
>   cgiPathPrefix
>   WEB-INF/cgi
> 
>  5
> 
> 
> 
> cgi
> /cgi-bin/*
> 
> 
> My tomcat-users:
> 
> 
> 
>   
>   
>   
>   
>   
>   
> 
> 
> 
> 
> Change made in context.xml:
> 
> 
> Added to system.policy:
> // Grant WebApps All Permission
> grant codeBase "file:/var/lib/tomcat6/webapps/-" {
> permission java.security.AllPermission; };
> 
> Added to catalina.policy:
> grant codeBase "file:${catalina.home}/webapps/GSMFilter/-"  {
> java.io.FilePermission 
> "/var/libs/tomcat6/webapps/GSMFilter/WEB-INF/storage/< FILES>>", "read,write,execute,delete"; };
> 
> grant codeBase "file:${catalina.home}/webapps/GSMFilter/-"{
>     permission java.security.AllPermission; };
> 
> grant codeBase "file:${catalina.home}/webapps/GSMFilter/-"{
>  permission java.lang.RuntimePermission 
> "/home/troy/NetBeansProjects/GSMFilter/web/WEB-INF/storage/<>", "read,write,execute,delete";
> 
>  


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: how to return a zipped file so that the browser will unzip it ? [OT]

[Jason Pyeron]

Read the HTTP rfc, more details inline...

> -Original Message-
> From: André Warnier
> Sent: Thursday, May 20, 2010 16:04
> Subject: how to return a zipped file so that the browser will 
> unzip it ?
> 
> Hi.
> This is not really a Tomcat question, rather something one 
> should be able to do with Tomcat, but I-don't-know-how kind of thing.
> It was inspired by this servlet :
> http://www.javaside.com/u_zipservlet.html
> 
> The question is :
> Suppose that to gain space on my Tomcat server and to speed 
> up content delivery, I have a whole bunch of files in one of 
> my Tomcat contexts, which have been pre-zipped.
> That is, I have for example a.txt, b.txt, c.txt etc... but 
> all these huge text files have already been pre-zipped, and 
> they are really on my server as (catalina_base)/webapps/mywebapp/
>   a.txt.zip
>   b.txt.zip
>   c.txt.zip
>   etc...

First of all I don’t think zip is a supported HTTP transport encoding, I could
be wrong.

> 
> Now I would like the user to be able to request the URL 
> http://hostname/mywebapp/a.txt and obtain this file, as a 
> text, displayed in the browser window.
> Of course I do not want Tomcat to retrieve the file a.zip, 
> unzip it, and send it back unzipped as a.txt. I want it to 
> remain zipped during transmission, to use less bandwidth.
> And I also do not want to leave my files on disk as a.txt, 
> b.txt, etc.. 

Using an http compression method compress your files.

> and ask Tomcat to compress them on-the-fly just before 
> sending them to the browser. The files are already 

When the browser says it accepts the same compression method as you used, send
the file indicating that is is compressed per http rfc.

> compressed, so that would be a waste of CPU cycles.

Otherwise you will have to decompress it and send it per the browsers requested
transmission method.

> 
> Thus I want my Tomcat webapp to
> - receive a request for /a.txt
> - see that there is aready, on disk, a file a.txt.zip
> - consequently, read a.txt.zip, and send this "as is" back to 
> the browser, but telling the browser that this has only be 
> zipped for transmission, but that it is really a.txt, and ask 
> the browser to unzip it and display it as text.
> (If it makes it easier to conceive the difference or benefit, 
> you can also think that instead of text files, these are 
> originally very large PDF files (say a.pdf), which have been 
> zipped (as a.pdf.zip), but which I want to display as PDF in 
> the browser (as a.pdf))
> 
> How would you do that ?
> 
> I can think of creating a special servlet that would do that, 
> by playing with the Content-transfer-encoding header.
> But considering that the default servlet must be already 
> doing more than that (when it actually compresses content 
> before returning it), and is probably much better written and 
> optimised than what I could come up with myself, isn't there 
> a smarter way to do this without writing a special servlet to do it ?
> 
> You see, we perl programmers are lazy; and you Java/Tomcat 
> guys are smart.  There should be some synergy there.
> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat NTLM authentication

[Jason Pyeron]

> -Original Message-
> From: dB. 
> Sent: Thursday, May 20, 2010 8:42
> Subject: Tomcat NTLM authentication
> 
> Forgive me for shameless advertising. This should be useful 
> to lots of people.
> 
> We've published a free Tomcat 6 Negotiate authenticator based 

Apache License?


> on JNA  that supports the Negotiate protocol, including 
> Kerberos and the much requested NTLM. This is equivalent to 
> checking the Integrated Authentication box in IIS, enabling 
> single sign-on for windows servers that are both joined or 
> not to an Active Directory domain. The authenticator is part 
> of project Waffle.
> 
> Tutorial: http://code.dblock.org/ShowPost.aspx?id=103
> Download Waffle: http://waffle.codeplex.com/
> 
> Hope this helps, your feedback is much appreciated,
> 
> -dB.
> dB. @ dblock.org<http://www.dblock.org/>
> Moscow|Geneva|Seattle|New York
> 
> 
> 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: please hwlp with hibernate strategy

[Jason Pyeron]

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 

> -Original Message-
> From: Yucca Nel [mailto:yucca...@live.co.za] 
> Sent: Saturday, May 01, 2010 13:38
> To: Tomcat Users List
> Subject: please hwlp with hibernate strategy
> 
> I am planning on using hibernate (1st time) in tomcat webapp. 
> It would appear that it is common to use hibernate util class 
> to load the session factory but I have yet to see this done 
> using Servlet ContextListener. I have also only seen very bad 

We load a helper class, which is the sessions factory with the webapp.

>From web.xml:

us.pdinc.client.mil.navy.servlet.support.RequestScopeH
ibernateSession


public class RequestScopeHibernateSession implements ServletRequestListener 
{
public static final String PREFIX;
public final String KEY;
/** This method will fetch a hibernate session from request scope,
stored under KEY **/
public static Session getSession(ServletRequest request);
/** This method will close the session and execute the needed rollback
if there is a dirty transaction **/
public void requestDestroyed(ServletRequestEvent arg0);
/** This method will register this object into the request scope, under
KEY. **/
public void requestInitialized(ServletRequestEvent arg0);
}

> example where someone used hibernate directly in their model 
> instead of using it as part of a DAO  façade. The following 

While what you saw may indeed be very bad, DAO is not always an answer either.

> example is half finished from netbeans 
> too:http://netbeans.org/kb/docs/web/hibernate-webapp.html Can 
> someon point met to full MVC example with hibernate. I am 

Its not full, but it might get the point across.
http://stackoverflow.com/questions/786840/annotation-support-in-struts-2/791164#
791164

> only interested in seeing the bsckend examples really and 
> would any of you recommend using hibernate directly in a 
> model business class?
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Client cert authentication

[Jason Pyeron]

 

> -Original Message-
> From: acastanheira2001
> Sent: Monday, April 26, 2010 8:35
> Subject: Re: Client cert authentication
> 
> 
> Thanks again Mark,
> 
> I think it will be difficult to move to Tomcat 6 soon. If I 
> change mod_proxy to mod_jk, does mod_jk passes the client 
> cert to Tomcat 5.5?

mod_proxy_ajp works perfectly. It will set request.isSecure() and fills in all
the certs in the chain not "trusted" by apache httpd.

> 
> Thank you,
> Andre
>  
> 
> 
> Mark Thomas wrote:
> > 
> > On 22/04/2010 20:00, acastanheira2001 wrote:
> >> 
> >> Thanks Mark,
> >> 
> >> I use mod_proxy (ProxyPass and ProxyReverse) to connect Apache 
> >> (2.2.3) to Tomcat(5.5)/Jboss (4.2). Can mod_proxy pass 
> client cert to Tomcat?
> > 
> > With 5.5.x, not with out some custom code. With 6.0.x, yes.
> > 
> > You'd need to port this to Tomcat 5:
> > 
> http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/cata
> > lina/valves/SSLValve.java?view=annotate
> > 
> > Mark
> > 
> > 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Multiple SSL certificates on same server

[Jason Pyeron]

 

> -Original Message-
> From: Richard Huntrods [mailto:huntr...@nucleus.com] 
> Sent: Monday, March 08, 2010 18:46
> To: users@tomcat.apache.org
> Subject: Multiple SSL certificates on same server
> 
> Does anyone know if it is possible, or has anyone done this:
> 
> I have two applications running on a single server. The 
> applications use different domains and URLs, so the single 
> Tomcat instance can easily tell them apart. (Note: this part 
> is currently working just fine).
> 
> https://domain1/application1
> https://domain2/application2

No. 

The certificate is sent and SSL negotiated prior to the server receiving the
Host header.

> 
> Again, both domains point to the same static IP, and yes, it 
> is possible for someone to access either application from 
> either domain. Normally, that is not an issue with the clients.
> 
> However, I currently have only one SSL certificate on the 
> server - this is for domain1. So if you use domain1 to access 
> application1, it's all fine. The security cert comes up green 
> and all that.
> 
> BUT - if you try and access application2 via domain2, you get 
> the red security cert (wrong domain / server name). I would 
> like to purchase a second certificate for the second domain, 
> and am wondering if this can be done, and how one would tell 
> Tomcat (in server.xml) to acknowledge the second certificate.
> 
> Currently the stuff in server.xml looks like this:
> 
>maxThreads="150" enableLookups="false" scheme="https" 
> secure="true"
>keystoreFile="./keys/.keystore" 
> keystorePass="myPassword"
>clientAuth="false" sslProtocol="TLS" />
> 
> 
> I have a bad feeling it's not possible, but wanted to ask anyway.
> 
> Thanks in advance.
> 
> -R
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Moving the webapps context root or adding a prefix

[Jason Pyeron]

 

> -Original Message-
> From: Jason Pyeron 
> Sent: Monday, November 23, 2009 9:09
> To: 'Tomcat Users List'
> Subject: RE: Moving the webapps context root or adding a prefix
> 
> 
> > -Original Message-
> > From: Mark Thomas
> > Sent: Monday, November 23, 2009 8:41
> > To: Tomcat Users List
> > Subject: Re: Moving the webapps context root or adding a prefix
> > 
> > Jason Pyeron wrote:
> > >  
> > > 
> > >> -Original Message-
> > >> From: David Smith > >> Sent: Monday, November 23, 2009 7:51
> > >> To: Tomcat Users List
> > >> Subject: Re: Moving the webapps context root or adding a prefix
> > >>
> > >> The super simple answer is deploy your 'ROOT' webapp as 'prefix' 
> > >> instead.
> > > 
> > > But that won't deploy each new war file in webapps under 
> > > prefix/context
> > 
> > So name then prefix#manager, prefix#examples etc. as per 
> the docs for 
> > multi-level contexts (assuming you are using 6.0.20)
> > 
> 
> Nice, I like it. Is there any methods to do this in Tomcat 5.5?
> 

Yes, is the answer to my own question.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Moving the webapps context root or adding a prefix

[Jason Pyeron]

> -Original Message-
> From: Mark Thomas 
> Sent: Monday, November 23, 2009 8:41
> To: Tomcat Users List
> Subject: Re: Moving the webapps context root or adding a prefix
> 
> Jason Pyeron wrote:
> >  
> > 
> >> -Original Message-
> >> From: David Smith > >> Sent: Monday, November 23, 2009 7:51
> >> To: Tomcat Users List
> >> Subject: Re: Moving the webapps context root or adding a prefix
> >>
> >> The super simple answer is deploy your 'ROOT' webapp as 'prefix' 
> >> instead.
> > 
> > But that won't deploy each new war file in webapps under 
> > prefix/context
> 
> So name then prefix#manager, prefix#examples etc. as per the 
> docs for multi-level contexts (assuming you are using 6.0.20)
> 

Nice, I like it. Is there any methods to do this in Tomcat 5.5?



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Moving the webapps context root or adding a prefix

[Jason Pyeron]

 

> -Original Message-
> From: David Smith [mailto:d...@cornell.edu] 
> Sent: Monday, November 23, 2009 7:51
> To: Tomcat Users List
> Subject: Re: Moving the webapps context root or adding a prefix
> 
> The super simple answer is deploy your 'ROOT' webapp as 
> 'prefix' instead.

But that won't deploy each new war file in webapps under prefix/context

> 
> --David
> 
> Jason Pyeron wrote:
> > We are installing TC behind a proxy. The proxy will map all 
> requests 
> > of form
> > http(s)://host/prefix/* to tomcat.
> >
> > Is there a config option to change the context root?
> >
> > i.e.:
> >
> > webapps/ROOT => http://localhost/prefix/ webapps/manager => 
> > http://localhost/prefix/manager/ webapps/examples => 
> > http://localhost/prefix/examples/
> >

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Moving the webapps context root or adding a prefix

[Jason Pyeron]

We are installing TC behind a proxy. The proxy will map all requests of form
http(s)://host/prefix/* to tomcat.

Is there a config option to change the context root?

i.e.:

webapps/ROOT => http://localhost/prefix/
webapps/manager => http://localhost/prefix/manager/
webapps/examples => http://localhost/prefix/examples/

Sorry, my choice of keywords have not resulted any fruitful searches.

-Jason Pyeron

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: clent authentication using a smard card

[Jason Pyeron]

> -Original Message-
> From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] 
> > -Messaggio originale-----
> > Da: Jason Pyeron [mailto:jpye...@pdinc.us]
> > > -Original Message-
> > > From: Marcello Marangio [mailto:m.maran...@innova.puglia.it]
> > > > Da: Jason Pyeron [mailto:jpye...@pdinc.us]
> > > > > From: Marcello Marangio [mailto:m.maran...@innova.puglia.it]
> > > > > > Da: Jason Pyeron [mailto:jpye...@pdinc.us]
> > > > >
> > > > > Ok.
> > > > > I made the same thing with IE and in the debug it says "null 
> > > > > cert chain"
> > > > > during the client authentication handshake.
> > > > > Now I am confused...
> > > > >
> > > >
> > > > Lets step back and look.
> > > >
> > > > Can you provide the smart card and server certificate chain
> > > (no keys
> > > > please)?
> > >
> > > Hang on a second...
> > > The server certificate is an self signed certificate I made with 
> > > keytool.
> > > The smart card certificate, instead, is a real one, I use 
> to legally 
> > > sign electronic documents; the issuer is an Italian CA.
> > >
> > > Do you expect the issuer of the smart card certificate to be the 
> > > same as the server one?
> > 
> > Not always.
> > 
> > Lets take for example:
> > 
> > 
> > https://mail.pdinc.us <-PD Inc Public CA<-PD Inc Root CA
> > 
> >  and
> > 
> > MySmartCard <- DOD EMAIL CA-15 <- DoD Root CA-2
> > 
> > The smime cert used on this email
> > 
> > I can use my smart card to auth againstthe server. But the 
> server must 
> > know about DoD Root CA-2.
> > 
> 
> 
> Ok. In my case:
> 
> 
> https://localhost <- self signed certificate
> and
> Mysmartcard <- my certificate <- infocamere root CA
> 
> And in my trusted certificates keystore there is infocamere root CA.


As a point of note, we always avoid using self signed certs for any purpose
other than a CA.

Lets take 1st few steps on making this more proper.

1. Create a self signed CA cert.
2. Create your web server cert and sign it with the CA.
3. install it (and the chain) in the web server.
4. install the CA into your browser 
4a. for IE, it would be the Trusted Root Certification Authorities, 
4b. you can do this by browsing to the web server, 
4c. ignoring the errors, 
4d. viewing the certs (click on the padlock)
4e. look at the chain, (there is a heiarchy right?)
4f. Select and open the root ot the heiarchy
4g. Install cert
4g1. select where to place
4g2. select Trusted Root Certification Authorities (if for all users select all
users physical store for TRCA)
5. exit browser (all of the windows, verify iexplore.exe is not running), and
revisit server, confirming no security prompts.

Let me know if/where you get stuck.

> 
> Please find in attachment a signed text file you can read my 
> cert info from.
> 
> Thanks
> Marcello
> 



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: clent authentication using a smard card

[Jason Pyeron]

> -Original Message-
> From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] 
> > Da: Jason Pyeron [mailto:jpye...@pdinc.us]
> > > From: Marcello Marangio [mailto:m.maran...@innova.puglia.it]
> > > > Da: Jason Pyeron [mailto:jpye...@pdinc.us]
> > >
> > > Ok.
> > > I made the same thing with IE and in the debug it says "null cert 
> > > chain"
> > > during the client authentication handshake.
> > > Now I am confused...
> > >
> > 
> > Lets step back and look.
> > 
> > Can you provide the smart card and server certificate chain 
> (no keys 
> > please)?
> 
> Hang on a second...
> The server certificate is an self signed certificate I made 
> with keytool.
> The smart card certificate, instead, is a real one, I use to 
> legally sign electronic documents; the issuer is an Italian CA.
> 
> Do you expect the issuer of the smart card certificate to be 
> the same as the server one?

Not always.

Lets take for example:


https://mail.pdinc.us <-PD Inc Public CA<-PD Inc Root CA

 and 

MySmartCard <- DOD EMAIL CA-15 <- DoD Root CA-2

The smime cert used on this email

I can use my smart card to auth againstthe server. But the server must know
about DoD Root CA-2.

> 
> How can I print out the certificate chain?
> Thanks again
> M



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


mail.pdinc.us.cer
Description: application/x509-ca-cert


PDIncPublicCA.cer
Description: application/x509-ca-cert


PDIncRoot.cer
Description: application/x509-ca-cert


smartcard.cer
Description: application/x509-ca-cert


dodemailca-15.cer
Description: application/x509-ca-cert


DoDRootCA-2.cer
Description: application/x509-ca-cert


smime.p7s
Description: S/MIME cryptographic signature

RE: clent authentication using a smard card

[Jason Pyeron]

 

> -Original Message-
> From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] 
> Sent: Tuesday, October 20, 2009 5:10
> To: 'Tomcat Users List'
> Subject: R: clent authentication using a smard card
> 
> 
> 
> > -----Messaggio originale-
> > Da: Jason Pyeron [mailto:jpye...@pdinc.us]
> > Inviato: lunedì 19 ottobre 2009 20.21
> > A: 'Tomcat Users List'
> > Oggetto: RE: clent authentication using a smard card
> > 
> 
> > >
> > >
> > 
> > Do you have access to IE on windows for this? If you do, it will be 
> > much quicker, and easier.
> > 
> > I am just trying to get a baseline established, so I can 
> plow throught 
> > with my ten steps.
> > 
> 
> Ok.
> I made the same thing with IE and in the debug it says "null 
> cert chain"
> during the client authentication handshake.
> Now I am confused...
> 

Lets step back and look.

Can you provide the smart card and server certificate chain (no keys please)?

> M
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: clent authentication using a smard card

[Jason Pyeron]

> -Original Message-
> From: Marcello Marangio 

> 
> It seems that firefox behaves: if the smartcard is in firefox 
> asks the PIN of the smartcard. 
> I am pretty sure it can read my smartcard, because I can use 
> mod_ssl with Apache 2.2 

Apache 2.x can be forgiving about the chain, and may be presenting different
information.

> and I can read the certificate's 
> information with a perl routine.
> 
> Furthermore, from the debug logs it is clear that there is an 
> ssl handshaking going on.

Can you verify that the browser knows the servers chain? And can you verify that
the server is providing an acceptible chain for the cert that firefox knows
about?

> Any clue?
> Thanks
> M
> 
> 

Do you have access to IE on windows for this? If you do, it will be much
quicker, and easier.

I am just trying to get a baseline established, so I can plow throught with my
ten steps.

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: clent authentication using a smard card

[Jason Pyeron]

> -Original Message-
> From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] 
> Sent: Monday, October 19, 2009 8:30
> To: users@tomcat.apache.org
> Subject: clent authentication using a smard card
> 
> Hi all
> 
> This is my very first message in the list.
> 
> I am trying to use the ssl and client authentication feature 
> in tomcat 6, using a pkcs11 compliant smart card reader and a 
> real authentication smart card (Italian CNS). 
> 
> In the browser (firefox) I obtain a 

First, make sure your browser knows about the certificate and smart card reader.
We have been having with recent firefox releases on this. The debuging steps I
would take are 1) Use Windows / IE, if the server requires or requests a client
cert it will pop up a selection window even if IE does not know how to fulfil
the request. Thi will indicate if Tomcat is or is not requesting client certs.
2) Verify IE know about the smart card cert, user the certmgr.msc to see if the
smartcard certificate is installed, as well as the trust chain.
3) Verify IE prompts for the smartcard cert in the client cert popup selection
dialog.
4) Verify Tomcat <-> IE talk over SSL.


> ssl_error_certificate_unknown_alert or a 
> ssl_error_bad_certificate_alert.
> 
>  
> 
> SSL without client authentication works perfectly.
> 
>  
> 
> This is my server configuration:
> 
>  
> 
>  
>maxThreads="150" scheme="https" secure="true"
> 
>clientAuth="true" sslProtocol="TLS" 
> 
>
> keystoreFile="C:\apache-tomcat-6.0.20\conf\tomcat.keystore"
> 
> keystorePass="tomcat" keyAlias="tomcat" 
> 
> truststoreFile ="C:\apache-tomcat-6.0.20\conf\cacerts"
> 
> truststorePass="changeit"/>
> 
>  
> 
> tomcat.keystore contains the self signed x509 certificate I 
> use to perform the server ssl handshake.
> 
> cacerts contains the root certificate of my signature and non 
> repudiation certificate contained in my smartcard.
> 
>  
> 
> >From tomcat's log I obtained setting up
> JAVA_OPTS=-Djavax.net.debug=ssl,handshake I am sure that:
> 
> 1)   the root certificate is trusted (imported In cacerts 
> with keytool
> -import -trustcacert .)
> 
>  
> 
> adding as trusted cert:
> 
>   Subject: CN=InfoCamere Firma Qualificata, OU=Certificatore 
> Accreditato del Sistema Camerale, SERIALNUMBER=02313821007,
> 
>  O=InfoCamere SCpA, C=IT
> 
>   Issuer:  CN=InfoCamere Firma Qualificata, OU=Certificatore 
> Accreditato del Sistema Camerale, SERIALNUMBER=02313821007,
> 
>  O=InfoCamere SCpA, C=IT
> 
>   Algorithm: RSA; Serial number: 0x1
> 
>   Valid from Wed Mar 24 16:48:50 CET 2004 until Thu Mar 24 
> 16:47:52 CET 2016
> 
>  
> 
> 2)   The client certificate is taken from the smartcard 
> and It's given
> to the server; furthermore, the issuer is exactly tue trusted one:
> 
>  
> 
> *** Certificate chain
> 
> chain [0] = [
> 
> [
> 
>   Version: V3
> 
>   Subject: CN=Marcello Marangio, DNQ=20071112354269, 
> SERIALNUMBER=IT:MRNMCL70C21A662D, GIVENNAME=MARCELLO, SURNAME=MARAN
> 
> GIO, O=NON PRESENTE, C=IT
> 
>   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
> 
>   Validity: [From: Wed Nov 21 12:11:08 CET 2007,
> 
>To: Sun Nov 21 01:00:00 CET 2010]
> 
>   Issuer: CN=InfoCamere Firma Qualificata, OU=Certificatore 
> Accreditato del Sistema Camerale, SERIALNUMBER=02313821007,
> 
> O=InfoCamere SCpA, C=IT
> 
>   SerialNumber: [131b58]
> 
>  
> 
> 3)   the browser (firefox) picks up the correct non repudiation
> certificate from the smartcard and sends it to the server:
> 
>  
> 
> [9]: ObjectId: 2.5.29.15 Criticality=true
> 
> KeyUsage [
> 
>   Non_repudiation
> 
> ]
> 
>
> 
>  
> 
> The problem seems to be that tomcat is looking for the 
> digital signature certificate and not the non_repudiation one.
> 
>  
> 
> http-8443-1, SEND TLSv1 ALERT:  fatal, description = 
> certificate_unknown
> 
> http-8443-1, WRITE: TLSv1 Alert, length = 2
> 
> http-8443-1, called closeSocket()
> 
> http-8443-1, handling exception: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: KeyUsage does not 
> allow digital signatures
> 
>  
> 
> Is tomcat's behavoir correct or is it a bug?
> 

The above steps will allow a more quickly diagnosis.

>  
> 
> Thanks a million
> 
> Marcello
> 
>  
> 
> 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

RE: Using multiple DataSource's for fail-over.

[Jason Pyeron]

> -Original Message-
> From: Bill Davidson [mailto:bill...@gmail.com] 
> Sent: Tuesday, September 01, 2009 20:18
> To: 'Tomcat Users List'
> Subject: Using multiple DataSource's for fail-over.
> 
> Tomcat 6.0.20 using DBCP DataSource
> Java 1.6.0_16
> Oracle 10g with RAC.
> 
> I've got two Oracle RAC nodes, mirroring each other.  My 
> current fail-over method if the primary node fails is to shut 
> down the web servers, reconfigure them to use the secondary 
> node and restart the web servers.  Not pleasant.
> 
> I'm thinking I can make a "FailOverDataSource" that 
> implements DataSource and wraps around DataSource's for each 
> of the two nodes.  Its
> getConnection()
> method would try to use the getConnection() from the primary 
> node, and if that fails, it would try the secondary node.  
> Repeat logic for other DataSource methods.  Instant automagic 
> fail-over.  I've actually written it, and it seems to get a 
> hold of both DataSource's fine.  I can't kill the primary on 
> an active busy system to do a "real" test though.

Try a software firewall like iptables (linux) or the windows firewall. This way
you can simulate an in communication break, just like swithcing off the server. 

> 
> I'm thinking I can't be the first person to think of this.  
> Are there any obvious problems with this idea?
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Custom 404 page when webapp stopped

[Jason Pyeron]

 

> -Original Message-
> From: Serge Fonville [mailto:serge.fonvi...@gmail.com] 
> Sent: Thursday, August 20, 2009 9:35
> To: Tomcat Users List
> Subject: Re: Custom 404 page when webapp stopped
> 
> Hi,
> 
> Likely someone has a better idea...
> 
> You could create a general error page that redirect 
> (transparently) to a page of the webapp when available, if 
> not, display another If this is the default page for all 
> webapps, it should be solved.
> You will probably need to create a valve of some sort.
> Don't ask me for details I honestly don't know.
> 
> Hopefully someone else can be more helpful, it's just a suggestion
> 
> HTH
> 
> Regards,
> 
> Serge Fonville
> 
> On Thu, Aug 20, 2009 at 3:25 PM, llg wrote:
> > Hi,
> >
> >  I have a webapp that needs to be down if we are doing some 
> > maintenance. I use the manager to make the application 
> unavailable but 
> > in this case the 404 customized error-page is not displayed.
> >
> > I modified the default web.xml (in conf/) to add the 
> error-page 404,  
> > but it doesn't seems to be resolved when the context is stopped.
> >
> > If I type an URL that doesn't exists, that doesn't map to 
> any context, 
> > I get the right error page. But if it match a context path 
> of a webapp 
> > that is stopped, I have the Tomcat default error page. Is 
> there a way to fix this?

We avoid all of this by replacing the webapp with a maintenance app. The app
indicates the period of downtime, who to call, etc for all urls. When we are
done, we deploy the application back. Also as prt of this all of our
applications use a common login/header facility which ckecks to see if a
maintenance event is near to 1. warn users to save and log out, 2. prevent new
logins, 3. disable the app until event is over (or replaced by maintenance app).

> >
> > Thanks
> >
> > Tomcat 6.0.20
> >
> >
> > 
> -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: running servlets as fileowner

[Jason Pyeron]

 

> -Original Message-
> From: Jan-Florian Hilgenberg 
> Sent: Thursday, July 16, 2009 12:10
> Subject: running servlets as fileowner
> 
> hi mailinglist,
> 
> is there a way to run servlets as the fileowner of the 
> servlet - like suphp on lamp environments.
> thank you for your help

The first issue you are going to run into is that Java does not support setting
the uid/gid, and you would have to modify the jvm to support uid/gid per thread.
Now apache/php works differently: apache launches a child process (php) each
process can have different uid/gid.

To do this you would have to do a RMI type thing, have a master service running
as root, accepting connections, then launching subordinate processes as the
desired uid/gid to execute the code (of course this is all happening in a
different JVM)

-Jason



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [OT] Ignore or Trust any certificate

[Jason Pyeron]

d that
> >it doesn't always work that way. You might have to modify the
> >keystore for the JRE itself, which is usually located in
> >$JAVA_HOME/jre/lib/security/cacerts.
> > 
> >You might want to save a backup copy of the cacerts file before
> >you start messing with it.
> > 
> > Steps 1 and 2 can be replaced with a single openssl 
> invocation if you 
> > have access to the server's private key:
> > 
> >$ openssl x509 -pubkey -in [server cert] -out [public cert] 
> > -outform DER
> > 
> > Use the resulting file ([public cert]) in step #3. Openssl 
> will also 
> > dump a public key to standard output, which can be ignored.
> > 
> > 
> > Disable Certification Validation, Avoiding the Problem 
> > 
> > 
> > Note that this will disable certificate checking for all SSL 
> > connections, and not just those for which validation should 
> be skipped.
> > Actually, you can modify this technique for use on a per-connection 
> > basis if you have access to the HttpURLConnection object 
> used for the 
> > connection itself.
> > 
> > This code was written and tested on JDK 1.4.2_09.
> > 
> > You need to execute this code before you attempt to make an SSL 
> > connection.
> > 
> > import java.security.KeyManagementException;
> > import java.security.NoSuchAlgorithmException;
> > import javax.net.ssl.SSLContext;
> > import javax.net.ssl.TrustManager;
> > import javax.net.ssl.X509TrustManager;
> > import javax.net.ssl.HttpsURLConnection;
> > 
> > public static void disableSSLCertificateChecking()
> > {
> > TrustManager[] trustAllCerts = new TrustManager[] {
> > new X509TrustManager() {
> > public X509Certificate[] getAcceptedIssuers() {
> > return null;
> > }
> > public void 
> checkClientTrusted(X509Certificate[] certs,
> >String authType) {
> > }
> > public void 
> checkServerTrusted(X509Certificate[] certs,
> >String authType) {
> > }
> > }
> > };
> > 
> > try
> > {
> > SSLContext sc = SSLContext.getInstance("SSL");
> > 
> > sc.init(null, trustAllCerts, new 
> > java.security.SecureRandom());
> > 
> > 
> > 
> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> > }
> > catch (KeyManagementException kme)
> > {
> > kme.printStackTrace();
> > }
> > catch (NoSuchAlgorithmException nsae)
> > {
> > nsae.printStackTrace();
> > }
> > }
> > 
> > 
> > If you have access to the individial HttpURLConnection objects that 
> > will be used to make SSL connections, you can disable them on a 
> > per-instance basis by using 
> > HttpURLConnection.setSocketFactory(sc.getSocketFactory())
> > instead of using HttpURLConnection.setDefaultSSLSocketFactory and 
> > changing the socket factory globally.
> > -BEGIN PGP SIGNATURE-
> > Version: GnuPG v1.4.9 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> > 
> > iEYEARECAAYFAkpY8aIACgkQ9CaO5/Lv0PBmpQCePjKef1z15yIKnKvO+1L6KEAK
> > WZoAn10b6D3/+tBS7tGGGPK45rvAT5XM
> > =HLH5
> > -END PGP SIGNATURE-
> > 
> > 
> -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> > 
> > 
> > 
> 
> --
> View this message in context: 
> http://www.nabble.com/Ignore--or-Trust-any-certificate-tp24432
691p2084.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Ignore or Trust any certificate

[Jason Pyeron]

 

> -Original Message-
> From: kareem_s_m 
> Sent: Friday, July 10, 2009 14:47
> 
> 
> Hi There,
> 
> Is there a way in tomcat to ignore or trust any SSL 
> certificate when connecting to a site through https? I know 
> there is some JAVA code for it.
> But can we do it through tomcat or JVM settings too?

Are you talking about client or server certs?  From the user's browser or by the
user's browser?

> 
> Regards,
> Kareem
> --
> View this message in context: 
>
http://www.nabble.com/Ignore--or-Trust-any-certificate-tp24432691p24432691.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
> 
> 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat startup as service on CentOS 5.3

[Jason Pyeron]

> -Original Message-
> From: tomcatastrophe 
> Sent: Thursday, June 25, 2009 9:47
> Subject: Tomcat startup as service on CentOS 5.3
> 
> 
> I have found and tried some startup scripts online and added 
> them to /etc/init.d as tomcat, so /etc/init.d/tomcat
> 
> I ran chmod a+x tomcat on the script and then chkconfig --add tomcat
> 
> chkconfig --list shows tomcat in the list
> 
> I have modified the script to have the proper location for my 
> tomcat installation.
> 
> When I try to run /etc/init.d/tomcat restart or /sbin/service 
> tomcat restart (or stop or start) I get this error:
> 
> -bash: /etc/init.d/tomcat: /bin/bash^M: bad interpreter: No 
> such file or directory

Edit in nano

Then save / write output

When it asks for the name esc-d I think to save as unix line ending.


> 
> Any help would be great! I just need this to start as a service.
> 
> Here is the script I've been trying:
> 
> #!/bin/bash
> #
> # Init file for SixSigns Tomcat server
> #
> # chkconfig: 2345 55 25
> # description: SixSigns Tomcat server
> #
> 
> # Source function library.
> . /etc/init.d/functions
> 
> RUN_AS_USER=root # Adjust run user here
> CATALINA_HOME=/work/tomcat/apache-tomcat-6.0.20
> 
> start() {
> echo "Starting Tomcat: "
> if [ "x$USER" != "x$RUN_AS_USER" ]; then
>   su - $RUN_AS_USER -c "$CATALINA_HOME/bin/startup.sh"
> else
>   $CATALINA_HOME/bin/startup.sh
> fi
> echo "done."
> }
> stop() {
> echo "Shutting down Tomcat: "
> if [ "x$USER" != "x$RUN_AS_USER" ]; then
>   su - $RUN_AS_USER -c "$CATALINA_HOME/bin/shutdown.sh"
> else
>   $CATALINA_HOME/bin/shutdown.sh
> fi
> echo "done."
> }
> 
> case "$1" in
>   start)
> start
> ;;
>   stop)
> stop
> ;;
>   restart)
> stop
> sleep 10
> #echo "Hard killing any remaining threads.."
> #kill -9 `cat $CATALINA_HOME/work/catalina.pid`
> start
> ;;
>   *)
> echo "Usage: $0 {start|stop|restart}"
> esac
> 
> exit 0
> --
> View this message in context: 
> http://www.nabble.com/Tomcat-startup-as-service-on-CentOS-5.3-
> tp24203574p24203574.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Hibernate

[Jason Pyeron]

Mail the hibernate users list, and I will help there.

https://lists.jboss.org/mailman/listinfo/hibernate-users

 

> -Original Message-
> From: Chris Lenart [mailto:clen...@comcast.net] 
> Sent: Friday, June 05, 2009 14:13
> To: users@tomcat.apache.org
> Subject: Hibernate
> 
> I am learning Hibernate and doing examples from a book. I 
> have all of  the jars the book has, but can't import 
> perstistence.*. It will HSQL too. Which jar ha S  this?
> 
>  
> 
> Thanks
> 
> Chris Lenart
> 
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

very off topic marketing question

[Jason Pyeron]

I have a client that is confused why we are giving them a J2EE product and they
are concerned with performance and scalability.

(IE/Tomcat 5.5/struts 2.1/hibernate 3.x/oracle 10g)

Note the system will never see more than 50 users/sessions with 7500 hits per
day on a lan. As such we don't see any relevance as to the performance and
scalability issues for either PHP or J2EE.

They have quoted to us:

"PHP by itself is very fast. Much faster than ASP or JSP running on the same
type of server. This is because it has very little overhead compared to its
competitors and it pre-compiles all of its code before it runs each script"

How would others respond to this?

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat support for RedHat Linux 5.0

[Jason Pyeron]

RHEL 5 or Very, Very, Very old RH 5 (circa 1990's) ?

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you 
is prohibited. 

> -Original Message-
> From: Jandhyam, Venugopal [mailto:[EMAIL PROTECTED] 
> Sent: Tuesday, July 01, 2008 8:56 AM
> To: Tomcat Users List
> Subject: Tomcat support for RedHat Linux 5.0
> 
> Hi All,
> 
> Can you please let me know which version of the Tomcat 
> support RedHat Linux 5.0??
> 
> Thanks for your time,
> -Venugopal
> 
> -
> To start a new topic, e-mail: users@tomcat.apache.org To 
> unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Support and development of versions

[Jason Pyeron]

 

> -Original Message-
> From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] 
> Sent: Thursday, February 28, 2008 16:12
> To: Tomcat Users List
> Subject: RE: Support and development of versions
> 
> > From: Stephen Nelson-Smith [mailto:[EMAIL PROTECTED] 
> > Subject: Re: Support and development of versions
> > 
> > Could someone help me  understand the differences between 
> the servlet
> > and JSP versions?
> 
> The servlet and JSP specs are the place to look.  Each 
> document includes
> a section on what's changed from earlier versions.
> http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html
> http://jcp.org/aboutJava/communityprocess/final/jsr245/index.html
> 
> > Do the numbers imply no backward and/or forward
> > compatibility?
> 
> Newer versions of Tomcat should run webapps based on older
> specifications without any real difficulty.  Problems arise 
> when webapps
> do something container specific, such as depend on bugs fixed in later
> versions.  Tomcat configuration has changed significantly, as might be
> expected, so don't just blindly copy over your old server.xml and
>  elements when moving up.  Read the Tomcat docs, and 
> modify the
> various .xml files that come with the version of Tomcat you're moving
> to.
> 
> > I've been told it needs a specific Java version (1.4.2_11)
> 
> The above is highly likely to be pure BS.  

It might not be, but it should not be.

http://java.sun.com/j2se/1.5.0/compatibility.html
and
http://java.sun.com/javase/6/webnotes/compatibility.html




-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Support and development of versions

[Jason Pyeron]

 

> -Original Message-
> From: Mark Thomas [mailto:[EMAIL PROTECTED] 
> 
> Current status is available from:
> 
> http://wiki.apache.org/tomcat/TomcatVersions
> 


What does RTC, for the process field stand for?


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Session expiration and AJAX issues

[Jason Pyeron]

 

> -Original Message-
> From: Adam Gordon [mailto:[EMAIL PROTECTED] 
> Sent: Monday, February 25, 2008 13:11
> To: Tomcat Users List
> Subject: Re: Session expiration and AJAX issues
> 
> Martin-
> 
> We are using Struts, however, version 1.2.9.  But, after 
> looking at the 
> link, I'm not sure this will help as it doesn't really address the 
> problem.  Storing the date/time a user logs in on the session is 
> probably useful, but our problem is that we want to 
> forcefully log the 
> user out if there's no human present at the computer and the 
> AJAX tasks 
> keep a user's session active indefinitely, whether or not 
> they mean it to.





Can url patterns be excluded from session prolonging magic?





> 
> Additionally, assuming we didn't have the AJAX tasks, we'd 
> have to check 
> the logged in time from the session on every request and 
> that's just not 
> realistic when you have hundreds of Struts actions, even with 
> a unique 
> parent Action class.  That said, I'm beginning to suspect 
> that this may 
> be the only way to go, i.e., have  base Action for Struts actions and 
> base action for AJAX actions.  My only issue with this is 
> that then the 
> onus is on the developer to use the right Action and if they don't, a 
> session could inadvertently be left open which is a security risk.
> 
> Alternatively, we could simply force the logout on the user after 12 
> hours period...which would kind of suck for the user if they 
> were in the 
> middle of something and so I can almost guarantee that our product 
> management team wouldn't go for it since it's not really creating a 
> positive user experience.
> 
> --adam
> 
> Martin Gainty wrote:
> > Hi Adam-
> >
> > You can try this with Struts..
> > http://struts.apache.org/2.x/docs/simplelogin-with-session.html
> > insert the starting-date-time intio Session variable
> > and then in the logoutAction.execute method do some quick 
> math on the
> > time-delta to determine if you want to quiesce the session
> >
> > HTH
> > M-
> >
> > - Original Message -
> > From: "Adam Gordon" <[EMAIL PROTECTED]>
> > To: "Tomcat Users List" 
> > Sent: Monday, February 25, 2008 11:04 AM
> > Subject: Session expiration and AJAX issues
> >
> >
> >   
> >> A couple of issues:
> >>
> >> We've set our session expiration to 12 hours (I know it's long) and
> >> we're seeing behavior where certain browsers (namely IE) apparently
> >> can't count that high (we set the meta Refresh header but the page
> >> doesn't reload after the allotted time, session expiration 
> time + 20
> >> minutes).
> >>
> >> Since this issue was discovered, we've added background 
> AJAX timers on
> >> some of our web pages that refresh (authenticated) 
> content.  While this
> >> happily works, unfortunately, if the user chooses to 
> remain on one of
> >> these pages, and then goes on vacation, the session stays 
> active because
> >> the AJAX calls keep the session alive.
> >>
> >> Our first attempt at a solution was to have a JavaScript 
> counter that,
> >> after every 20 minutes, incremented a counter and if that 
> counter ever
> >> got to 37, we knew that the user hadn't changed web pages 
> and we could
> >> log them out (window.location = .  The problem 
> is that this
> >> doesn't appear to work either and additionally, it relies 
> on JavaScript
> >> bypassing Tomcat's built-in features.  User's cannot log 
> in w/o having
> >> JavaScript enabled, so it's not a matter of a user 
> potentially disabling
> >> it, rather it puts the onus on the browser to inform the 
> server that the
> >> user's session needs to be expired.
> >>
> >> Does anyone have experience in this area and if so, how 
> have you solved
> >> this problem?  I know Google uses AJAX with their Gmail 
> webapp, but they
> >> don't seem to care about not expiring the user's session.  Any help
> >> would be appreciated.
> >>
> >> Thanks,
> >>
> >> --adam
> >>
> >> 
> -
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >&g

RE: Is Tomcat FIPS compliant

[Jason Pyeron]

Martin,

I am including my reply on list to help others too.

When our customers request a compliance with (insert any term or misuse of
term), they are requesting that their web applications are to authenticate
against an established Public Key Infrastructure (PKI). It is typically a
client certificate on a smart card, in the DoD the Common Access Card (CAC).
These smart cards are to comply with HSPD-12. To properly use the client
certificate the system must check it revocation status too. Further the
server too needs a certificate, and the authentication must be reliable,
(don't use a cookie as the authorization).

Please if you would like any information, please email us. If you are
looking for non-consulting advice and help email on list, if you are looking
for professional consulting services email off list.

We are glad to help, FOSS, 501(c)3, .GOV, and .com.

Jason Pyeron


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 

 

> -Original Message-
> From: Martin Gainty [mailto:[EMAIL PROTECTED] 
> Sent: Monday, January 14, 2008 11:33
> To: [EMAIL PROTECTED]
> Subject: Re: Is Tomcat FIPS compliant
> 
> Hi Jason
> 
> If I can ask a Dumb question as I am unfamiliar with the acronyms
> How does cac make any system FIPS compliant?
> Is there any documentation specifying a CAC will enable an 
> entire or some
> part of a system to be FIPS compliant?
> 
> Thanks
> Martin
> - Original Message -
> From: "Jason Pyeron" <[EMAIL PROTECTED]>
> To: "'Tomcat Users List'" 
> Sent: Monday, January 14, 2008 10:33 AM
> Subject: RE: Is Tomcat FIPS compliant
> 
> 
> > Under proper configuration and installation, yes it can be 
> compliant, we
> > routinely set it up to handle CAC.
> >
> > > -Original Message-
> > > From: Mark H. Wood,UL 0115A,+1 317 274 0749,
> > > [mailto:[EMAIL PROTECTED] On Behalf Of Mark H. Wood
> > > Sent: Monday, January 14, 2008 10:00
> > > To: users@tomcat.apache.org
> > > Subject: Re: Is Tomcat FIPS compliant
> > >
> > > That probably depends on which FIPS you mean.  There are 
> at least 201
> > > different U.S. Federal Information Processing Standards.
> > >
> > > --
> > > Mark H. Wood, Lead System Programmer   [EMAIL PROTECTED]
> > > Typically when a software vendor says that a product is 
> "intuitive" he
> > > means the exact opposite.
> > >
> > >
> >
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> > -   -
> > - Jason Pyeron  PD Inc. http://www.pdinc.us -
> > - Sr. Consultant10 West 24th Street #100-
> > - +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
> > -   -
> > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> >
> > This message is for the designated recipient only and may contain
> > privileged, proprietary, or otherwise private information. If you
> > have received it in error, purge the message from your system and
> > notify the sender immediately.  Any other use of the email by you
> > is prohibited.
> >
> >
> >
> > 
> -
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> 



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Is Tomcat FIPS compliant

[Jason Pyeron]

Under proper configuration and installation, yes it can be compliant, we
routinely set it up to handle CAC.

> -Original Message-
> From: Mark H. Wood,UL 0115A,+1 317 274 0749, 
> [mailto:[EMAIL PROTECTED] On Behalf Of Mark H. Wood
> Sent: Monday, January 14, 2008 10:00
> To: users@tomcat.apache.org
> Subject: Re: Is Tomcat FIPS compliant
> 
> That probably depends on which FIPS you mean.  There are at least 201
> different U.S. Federal Information Processing Standards.
> 
> -- 
> Mark H. Wood, Lead System Programmer   [EMAIL PROTECTED]
> Typically when a software vendor says that a product is "intuitive" he
> means the exact opposite.
> 
> 



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-       -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Anyone know of an up-to-date packager?

[Jason Pyeron]

We do this inhouse for our own applications.

Here is how we did it:

Google a bit on yum repositories, 
Looked at how the centos repository was laid out.

Pointed yum at our repository based on our examination of others.




-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: gb1071nx [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 22, 2007 15:42
To: Tomcat Users List
Subject: Anyone know of an up-to-date packager?

So, 

We (the developers) have been in control of the servers. We download
exactly what we want, install it where we need it, and life is good. 

But our ops guy is making noise about wanting to manage everything
through something called "yum". 

Noodling around just a little bit, I see that our yum only has up to TC
5.5.17 available. 

As I understand it, you can tell yum to get these packages from some
other sites, so I guess I'll ask tomcat-user if anyone knows of a
super-up-to-date package site?  

Or... What community would it be better to ask this in?  

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[OT] RE: Found a product for running Tomcat off CDROM -have anybody tried it?

[Jason Pyeron]

But it could be a useful spam. As I read it and said to myself, "oh, maybe
we could use that here" and then discovered that it does not allow use to
use MySQL w/JDK and did not mention which version of tomcat it was.

Then the costs, we don't mind paying costs, but not 3/4k$ to a fly by night.

Oh well, but it was good spam.

-Jason


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Souness
Sent: Tuesday, February 20, 2007 15:33
To: users@tomcat.apache.org
Subject: Re: Found a product for running Tomcat off CDROM -have anybody
tried it?

Interesting that the Stunnix website appears to make no mention of who 
is actually behind it the product.

Also interesting that you have posted a very similar message to a python 
mailing list, subject: "Found a product for running Python-based 
websites off CDROM -have anybody tried it?"

--
Stephen


David Wishnie wrote:
> Hello,
> 
> I've found a product on freshmeat.net that allows to run tomcat-based
> websites off cdrom, allowing to produce
> CDs that work on Windows, MacOS X and Linux at the same time (also it
seems
> to support perl,
> python, php & mysql). Apache is used for serving static content, and it
has
> a nice support
> for stopping everything and releasing the media.
> 
>http://www.stunnix.com/prod/aws/overview.shtml
> 
> Have anybody tried it?
> 
> Seems useful..
> 
> Thanks for your input!
>  David
> 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: PermGen space [ot]

[Jason Pyeron]

So how should one write their singleton? 


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: Leon Rosenberg [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 16, 2007 11:33
To: Tomcat Users List
Subject: Re: PermGen space

something like this:

public class ASingletonImpl{
   private static ASingletonImpl instance;
   public synchronized AsingletonImpl getInstance(){
  if (instance==null){
 instance = new ASingletonImpl();
  }
  return instance;
   }

   ///real code here
}

The problem is the cyclic dependence between the Class object, the
ASingletonImpl object and the according ClassLoader. This way nothing
can be freed by the gc.

regards
Leon


On 2/16/07, Jiang, Peiyun <[EMAIL PROTECTED]> wrote:
> Just curious, can you elaborate on badly programmed singletons?
>
> Thanks.
>
> Peiyun
>
> -Original Message-
> From: Leon Rosenberg [mailto:[EMAIL PROTECTED]
> Sent: February 16, 2007 11:08 AM
> To: Tomcat Users List
> Subject: Re: PermGen space
>
>
> The typical problem here are badly programmed singletons. Do you have any?
>
> regards
> Leon
>
> On 2/16/07, Davide Romanini <[EMAIL PROTECTED]> wrote:
> > I'm too have this problem, it arises because for some reason the Tomcat
> > WebAppClassloader cannot be garbage collected after undeploy. I made a
> > lot of tests and didn't find any solution, also very simple and small
> > webapps, when loaded/unloaded frequently, caused the problem... :-(
> >
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat load up error, w/ Oracle

[Jason Pyeron]

The I would suggest you contact you NOC/NOG to get your connectivity
resolved, as it did/does not look like a Java/Tomcat based issue. 

If I was abetting type, I would say that there is a faulty switch on the
net.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: Propes, Barry L [GCG-NAOT] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 13, 2007 12:44
To: Tomcat Users List
Subject: RE: Tomcat load up error, w/ Oracle

only periodically.


-Original Message-
From: Jason Pyeron [mailto:[EMAIL PROTECTED]
Sent: Monday, February 12, 2007 1:35 PM
To: 'Tomcat Users List'
Subject: RE: Tomcat load up error, w/ Oracle


Are you able to connect to the Oracle box using sqlplus from the tomcat box?



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: Propes, Barry L [GCG-NAOT] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 13, 2007 11:43
To: Tomcat Users List
Subject: Tomcat load up error, w/ Oracle

Hi folks, I've been having some issues anyway with Oracle in my Java app the
last week or so.
Originally, I thought it was due to some references where I was using the
old sun.jdbc.odbc.JdbcOdbcDriver rather than the thin Oracle driver.

So in any reference I had this, I've switched it to the Oracle thin like so:

Class.forName("oracle.jdbc.driver.OracleDriver");
   String dbURL = "jdbc:oracle:thin:@192.xxx.xx.xxx:1521:SID";

My error is listed below. I guess my question is, do any of you think this
is mainly with Oracle, or perhaps the driver in the Tomcat lib directory got
corrupt? Or is this a Tomcat issue at all even? I'm inclined to think the
driver (jar file) might have gotten corrupt possibly, but that would be
unlikely and that it's more of an issue with Oracle.

I welcome any feedback.

Thanks,

Barry



Catalina.start: LifecycleException:  Exception opening database connection:
jav
a.sql.SQLException: Io exception: The Network Adapter could not establish
the co
nnection
LifecycleException:  Exception opening database connection:
java.sql.SQLExcepti
on: Io exception: The Network Adapter could not establish the connection
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:615)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1108)

at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307
)
at
org.apache.catalina.core.StandardService.start(StandardService.java:3
88)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:505
)
at org.apache.catalina.startup.Catalina.start(Catalina.java:776)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
- Root Cause -
java.sql.SQLException: Io exception: The Network Adapter could not establish
the
 connection
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:334)
at
oracle.jdbc.driver.Oracle

RE: Tomcat load up error, w/ Oracle

[Jason Pyeron]

Are you able to connect to the Oracle box using sqlplus from the tomcat box?



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: Propes, Barry L [GCG-NAOT] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 13, 2007 11:43
To: Tomcat Users List
Subject: Tomcat load up error, w/ Oracle

Hi folks, I've been having some issues anyway with Oracle in my Java app the
last week or so.
Originally, I thought it was due to some references where I was using the
old sun.jdbc.odbc.JdbcOdbcDriver rather than the thin Oracle driver.

So in any reference I had this, I've switched it to the Oracle thin like so:

Class.forName("oracle.jdbc.driver.OracleDriver");
   String dbURL = "jdbc:oracle:thin:@192.xxx.xx.xxx:1521:SID";

My error is listed below. I guess my question is, do any of you think this
is mainly with Oracle, or perhaps the driver in the Tomcat lib directory got
corrupt? Or is this a Tomcat issue at all even? I'm inclined to think the
driver (jar file) might have gotten corrupt possibly, but that would be
unlikely and that it's more of an issue with Oracle.

I welcome any feedback.

Thanks,

Barry



Catalina.start: LifecycleException:  Exception opening database connection:
jav
a.sql.SQLException: Io exception: The Network Adapter could not establish
the co
nnection
LifecycleException:  Exception opening database connection:
java.sql.SQLExcepti
on: Io exception: The Network Adapter could not establish the connection
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:615)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1108)

at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307
)
at
org.apache.catalina.core.StandardService.start(StandardService.java:3
88)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:505
)
at org.apache.catalina.startup.Catalina.start(Catalina.java:776)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
- Root Cause -
java.sql.SQLException: Io exception: The Network Adapter could not establish
the
 connection
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:334)
at
oracle.jdbc.driver.OracleConnection.(OracleConnection.java:418)

at
oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.ja
va:521)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:325)

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Apache module to accept encrypted query string.

[Jason Pyeron]

Explain encrpyted query string please?

And why are you not using post w/ ssl? 


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited.
-Original Message-
From: Shekar Tippur [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, January 30, 2007 15:31
To: Tomcat Users List
Subject: Apache module to accept encrypted query string.

Hi Folks,

I was wondering if there is any module in Apache that will accept an
encrypted query string.

I appreciate any inputs.Thanks,

Shekar


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Oracle OHS and Tomcat

[Jason Pyeron]

Too many acronyms in my life. OHS? 

-Original Message-
From: BATCHELOR, SCOTT (CONTRACTOR) [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, January 23, 2007 14:52
To: users@tomcat.apache.org
Subject: Oracle OHS and Tomcat

Just curious if anyone is fronting Tomcat with the standalone OHS
product.  And if this is even viable.

Thanks

SB




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]