Re: best practice for resources folder
Rainer Jung-3 wrote: If you want to keep them webapp-private, you might be interested in http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/loader/VirtualWebappLoader.html Thanks, that's exactly what I was looking for. Working dir for Tomcat seems to be bin, so my application conf directory under conf is addressed like virtualClasspath=../conf/myapp The resource Url of my property file is then file:/java/apache-tomcat-6.0.26/conf/myapp/myapp.properties Juergen -- View this message in context: http://old.nabble.com/best-practice-for-resources-folder-tp28584753p28596572.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
best practice for resources folder
Hi, this seems to be a FAQ, but I could not find a solution for Tomcat 6: We want to keep property files out of war files. Where should we put the property files to access them from the web app via Class.getResourceAsStream() ? For JBoss one would simply drop them into the server conf folder, for Geronimo one would use the SharedLib gbean. But for Tomcat? Add a server.loader path to catalina.properties ? Thanks, Juergen -- View this message in context: http://old.nabble.com/best-practice-for-resources-folder-tp28584753p28584753.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JNDIRealm - mapping LDAP group to security role
Geronimo maps roles to security principals: http://cwiki.apache.org/GMOxDOC10/jboss-to-geronimo-security-migration.html Maybe this feature could be ported into tomcat. On Thu, Oct 9, 2008 at 3:18 PM, Kevin Jackson [EMAIL PROTECTED] wrote: I am trying to configure a JNDIRealm to authenticate against an Active Directory. http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm The authentication seems to work but I wonder how to map LDAP groups to security roles. I do not want to add groups in the LDAP server, but to map existing ones to the roles defined in my web application instead. Is it possible ? I did not found any doc / post about this topic. You could write a custom JNDIRealm that does the mapping/authentication. I've seen this done with postgres, but not with an LDAP server (or AD), but it should be a similar process. Then you add it to tomca/lib and configure your context and web.xml to use the custom JNDIRealm instead of the provided realm Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jrockit Vs Sun
Why don't you try and run the DaCapo Benchmarks (http://dacapobench.org/) with JRockit and compare it to a Sun JDK 1.6 ? On Tue, Jun 17, 2008 at 8:22 PM, Peter Lin [EMAIL PROTECTED] wrote: I don't know the internals. From my understanding, the generations setting is configurable. I would suggest looking at the docs for an authorative answer. peter On Tue, Jun 17, 2008 at 2:06 PM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Peter Lin [mailto:[EMAIL PROTECTED] Subject: Re: Jrockit Vs Sun One thing that is different in JRockit is it dynamically resizes the perm generation, so in some cases it's better than SUN jvm. Last time I looked, JRockit didn't actually have a generational allocation/collection mechanism - it was all one big heap. Has that changed? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and parallel security realms
On Fri, Mar 14, 2008 at 7:50 PM, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jürgen, Juergen Weber wrote: | the idea you sketched depends on the constructor being called with a | list of realms. Is that so? Not necessarily. Most objects that represent elements in server.xml have no-arg constructors and then setFoo() methods on them. I would imagine that you could write a setRealm() method on your new realm implementation and allow it to be called multiple times (more of an addRealm, really, but I think setRealm is what you'll likely get). You might have to change the digester rules to allow realm within a realm, though. You mean something like this ? Realm className=MultiRealm Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://localhost:389; userPattern=uid={0},ou=people,dc=mycompany,dc=com roleBase=ou=groups,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) / Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ / I have no idea how to teach that to Digester. | Probably one would have to get the surrounding container with | Realm.getContainer() and browse the whole nested container tree to get | all realms. You could do that, but I'm not sure how you would identify all the realms that should be included (versus those that should not be). OK, that wouldn't work, as only _one_ realm can be defined in each of Engine, Host and Context. So MultiRealm would have to be in Context to have two other realms to call, which is awkward. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and parallel security realms
Christopher, the idea you sketched depends on the constructor being called with a list of realms. Is that so? If you look at http://tomcat.apache.org/tomcat-6.0-doc/api/index.html all realms in org.apache.catalina.realm have only the default constructor. Probably one would have to get the surrounding container with Realm.getContainer() and browse the whole nested container tree to get all realms. So, a delegating realm seems not that easy. Anyway, I think the feature of using several realms should be in the server core. Juergen On Thu, Mar 13, 2008 at 8:14 PM, Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jürgen, Juergen Weber wrote: | So, if user tomcat logs in, JNDI realm should say User unknown and | afterwards memory realm should say fine, user is allowed. | | Unfortunately, Tomcat can only use one active realm. Is that right? Right. | Is there any other way to get the manager user into Tomcat? Write a Realm that wraps two other realms, and use that. Something like this: public class MultiRealm ~extends RealmBase { ~private List _realms; ~public MultiRealm(List realms) ~{ ~_realms = realms; ~} ~public Principal authenticate(String username, String credentials) ~{ ~for(Iterator i=_realms.iterator(); i.hasNext(); ) ~{ ~Principal p = ((Realm)i.next()).authenticare(username, ~ credentials); ~if(null != p) ~return p; ~} ~return null; ~} ~// implement the other methods similarly as pass-through methods } | Setting up OpenLdap as Meta Directory before our LDAP server and | putting the tomcat user into OpenLDAP seems a bit overblown. I would tend to agree. If you were to write a decent implementation of the above, I would imagine that the Tomcat folks would happily accept it as a contribution to the project. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkfZfRkACgkQ9CaO5/Lv0PCbowCghB4vDu2Rg3GUR7hFvKX2zLZt hz4An2jU7GxmtDsNdU/Z41ftVgVV/4Bc =TiR4 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and parallel security realms
Hi, I have Tomcat users in an LDAP directoy. All users have the same rights, there are no groups. I have no influence over the LDAP servers' content. Tomcat uses the JNDI realm. Now, I need an additional, technical, user for Tomcat, that should be allowed to restart/redeploy web apps.Everybody shouldn't be allowed to do this. apache-tomcat-6.0.14\conf\tomcat-users.xml would contain a nice user tomcat in the manager role. So, if user tomcat logs in, JNDI realm should say User unknown and afterwards memory realm should say fine, user is allowed. Unfortunately, Tomcat can only use one active realm. Is that right? Is there any other way to get the manager user into Tomcat? Setting up OpenLdap as Meta Directory before our LDAP server and putting the tomcat user into OpenLDAP seems a bit overblown. Thanks, Juergen - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
using Tomcat as template engine
Hi, can you use Tomcat as a template engine that can be called from a standalone Java program? It would be nice to do something like Writer out = ... request.setAttribute(user, Juergen); callTomcat(out,request,mytemplate.jsp); If not, should I enter an enhancement Bug? Thanks, Juergen __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
HTTP-less GenericServlets - Was: Socket Servlet using Tomcat 5.5.17
I have quite a similar problem as the original poster. I'd like to write a router for CORBA messages that should listen on a socket and forward the messages to JMS. Same as the OP I would like to host the code in Tomcat, to avoid having to handle all the threading and socket issues and still more importantly, to not have an additional process that would have to be monitored. I think, the Servlet API originally was designed to support http-less Servlets, else the separation between GenericServlet HttpServlet would not make sense. From the Servlet API doc: Defines a generic, protocol-independent servlet. To write an HTTP servlet GenericServlet for use on the Web, extend HttpServlet instead. So, the problem is, right now it seems that Tomcat does not support GenericServlet, at least there is no way to call them without a http header line. Or ist there? An easy way were to just define a special non-http connector that listens on a separate port. The option to just add a GET / HTTP/1.0 as was suggested would not work as a CORBA client certainly will not send that line. Supporting http-less GenericServlets would open up Tomcat to another class of applications. Regards Juergen __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat embedded does not show ROOT context
Hi everybody, I made a war from the Tomcat root and manager applications and startet them with the code below. The manager app works and it lists the Root applicatio= n as installed. But when I try to go to http://localhost:6969/ there is only The requested resource (/) is not available. I added welcome-file-list welcome-filemanager-howto.html/welcome-file /welcome-file-list to managers web.xml, but http://localhost:6969/manager/ also gives The requested resource (/) is not available. Any ideas what went wrong or what I did wrong? Thanks, J=FCrgen import java.io.File; import org.apache.catalina.Context; import org.apache.catalina.Engine; import org.apache.catalina.Host; import org.apache.catalina.LifecycleEvent; import org.apache.catalina.LifecycleListener; import org.apache.catalina.Realm; import org.apache.catalina.connector.Connector; import org.apache.catalina.realm.JNDIRealm; import org.apache.catalina.startup.Embedded; public class TomcatServer { public static void main(String[] args) throws Exception { String hostname =3D localhost; int port =3D 6969; System.out.println(Host: + hostname + Port: + port); System.out.println(Java: + System.getProperty(java.vendor) + + System.getProperty(java.version)); Embedded embeddedTomcat =3D new Embedded(); Engine engine =3D embeddedTomcat.createEngine(); engine.setDefaultHost(localhost); Host host =3D embeddedTomcat.createHost(localhost, new File(.) .getAbsolutePath() + /webapps); engine.addChild(host); Realm realm =3D createRealm(); engine.setRealm(realm); File rootwar =3D new File(., /ROOT.war); Context rootCtx =3D embeddedTomcat.createContext(/, rootwar .getAbsolutePath()); rootCtx.setPrivileged(true); host.addChild(rootCtx); System.out.println(ROOT.war added); File mgrwar =3D new File(., /manager.war); Context mgrCtx =3D embeddedTomcat.createContext(/manager, mgrwar .getAbsolutePath()); mgrCtx.setPrivileged(true); host.addChild(mgrCtx); System.out.println(manager warfile added); embeddedTomcat.addEngine(engine); Connector httpConnector =3D embeddedTomcat.createConnector( (java.net.InetAddress) null, port, false); httpConnector.addLifecycleListener(new LifecycleListener() { public void lifecycleEvent(LifecycleEvent event) { System.out.println(lifecycleEvent: + event.getType()); }; }); embeddedTomcat.addConnector(httpConnector); embeddedTomcat.start(); } private static Realm createRealm() { JNDIRealm realm =3D new JNDIRealm(); realm.setConnectionURL(ldap://localhost:389;); realm.setUserPattern(uid=3D{0},ou=3Dpeople,dc=3Djwi,dc=3Dde); realm.setRoleBase(ou=3Droles,dc=3Djwi,dc=3Dde); realm.setRoleName(cn); realm.setRoleSearch((uniqueMember=3D{0})); return realm; } } - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]