RE: Issues upgrading to tomcat 9.0.17
Here is what I have so far for Tomcat 9. 1. FiddlerCap shows that the request is not reaching tomcat and that there is no HTTP status provided; it just hangs 2. Running portqry for Tomcat from my workstation shows LISTENING 3. I can't connect to Tomcat via Telnet from the LPAR Thanks, Kyle Kim JMD Confidentiality Notice: This e-mail, including all attachments, is intended only for the sole use of the intended recipient(s) and may contain privileged and/or confidential information. If you are not the intended recipient(s) of this e-mail, any dissemination, distribution or copying of this e-mail, and any attachment(s) thereto, is strictly prohibited and may violate Federal Law. If you have received this e-mail in error, please immediately notify the sender by e-mail or telephone and permanently delete all copies of this e-mail and any attachment(s). -Original Message- From: Kim, Chang H (JMD) Sent: Wednesday, April 3, 2019 12:37 PM To: users@tomcat.apache.org Subject: RE: Issues upgrading to tomcat 9.0.17 Yes, that's correct. The same browser, hitting the same url since both tomcat 8 and 9 are installed on the same server. Tomcat 8 works, but tomcat 9... blank. Thanks, Kyle Kim JMD Confidentiality Notice: This e-mail, including all attachments, is intended only for the sole use of the intended recipient(s) and may contain privileged and/or confidential information. If you are not the intended recipient(s) of this e-mail, any dissemination, distribution or copying of this e-mail, and any attachment(s) thereto, is strictly prohibited and may violate Federal Law. If you have received this e-mail in error, please immediately notify the sender by e-mail or telephone and permanently delete all copies of this e-mail and any attachment(s). -Original Message- From: André Warnier (tomcat) Sent: Wednesday, April 3, 2019 12:14 PM To: users@tomcat.apache.org Subject: Re: Issues upgrading to tomcat 9.0.17 On 03.04.2019 17:57, Kim, Chang H (JMD) wrote: > Yes, I see "GET" when I use my old tomcat 8.0.35. However, my newly > installed 9.0.17, nothing... Are you using the same browser/client in both cases ? And are the connections to the old and new Tomcats the same also ? (I mean, are they in the same place, and are there the same in-between "pieces" - such as proxies, firewalls,..) > > Thanks, > > Kyle Kim > JMD > > Confidentiality Notice: This e-mail, including all attachments, is intended > only for the sole use of the intended recipient(s) and may contain privileged > and/or confidential information. If you are not the intended recipient(s) of > this e-mail, any dissemination, distribution or copying of this e-mail, and > any attachment(s) thereto, is strictly prohibited and may violate Federal > Law. If you have received this e-mail in error, please immediately notify > the sender by e-mail or telephone and permanently delete all copies of this > e-mail and any attachment(s). > > > -Original Message- > From: André Warnier (tomcat) > Sent: Wednesday, April 3, 2019 11:53 AM > To: users@tomcat.apache.org > Subject: Re: Issues upgrading to tomcat 9.0.17 > > On 03.04.2019 17:45, Kim, Chang H (JMD) wrote: >> I had to remove the ip specific data, but this is what I am seeing in >> localhost_access_log.*.txt when I see "blank screen". >> >> XX.XX.XX.XX - - [03/Apr/2019:11:41:14 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:14 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:18 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:19 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:23 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:24 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:28 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:29 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:33 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:34 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:38 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:39 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:43 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:44 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:48 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:49 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:53 -0400] "HEAD / HTTP/1
RE: Issues upgrading to tomcat 9.0.17
Yes, that's correct. The same browser, hitting the same url since both tomcat 8 and 9 are installed on the same server. Tomcat 8 works, but tomcat 9... blank. Thanks, Kyle Kim JMD Confidentiality Notice: This e-mail, including all attachments, is intended only for the sole use of the intended recipient(s) and may contain privileged and/or confidential information. If you are not the intended recipient(s) of this e-mail, any dissemination, distribution or copying of this e-mail, and any attachment(s) thereto, is strictly prohibited and may violate Federal Law. If you have received this e-mail in error, please immediately notify the sender by e-mail or telephone and permanently delete all copies of this e-mail and any attachment(s). -Original Message- From: André Warnier (tomcat) Sent: Wednesday, April 3, 2019 12:14 PM To: users@tomcat.apache.org Subject: Re: Issues upgrading to tomcat 9.0.17 On 03.04.2019 17:57, Kim, Chang H (JMD) wrote: > Yes, I see "GET" when I use my old tomcat 8.0.35. However, my newly > installed 9.0.17, nothing... Are you using the same browser/client in both cases ? And are the connections to the old and new Tomcats the same also ? (I mean, are they in the same place, and are there the same in-between "pieces" - such as proxies, firewalls,..) > > Thanks, > > Kyle Kim > JMD > > Confidentiality Notice: This e-mail, including all attachments, is intended > only for the sole use of the intended recipient(s) and may contain privileged > and/or confidential information. If you are not the intended recipient(s) of > this e-mail, any dissemination, distribution or copying of this e-mail, and > any attachment(s) thereto, is strictly prohibited and may violate Federal > Law. If you have received this e-mail in error, please immediately notify > the sender by e-mail or telephone and permanently delete all copies of this > e-mail and any attachment(s). > > > -Original Message- > From: André Warnier (tomcat) > Sent: Wednesday, April 3, 2019 11:53 AM > To: users@tomcat.apache.org > Subject: Re: Issues upgrading to tomcat 9.0.17 > > On 03.04.2019 17:45, Kim, Chang H (JMD) wrote: >> I had to remove the ip specific data, but this is what I am seeing in >> localhost_access_log.*.txt when I see "blank screen". >> >> XX.XX.XX.XX - - [03/Apr/2019:11:41:14 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:14 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:18 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:19 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:23 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:24 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:28 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:29 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:33 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:34 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:38 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:39 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:43 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:44 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:48 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:49 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:53 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:54 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:58 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:41:59 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:42:03 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:42:04 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:42:08 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:42:09 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:42:13 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:42:14 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:42:18 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:42:19 -0400] "HEAD / HTTP/1.0" 200 - >> XX.XX.XX.XX - - [03/Apr/2019:11:42:23 -0400] "HEAD / HTTP/1.0" 200 - >
RE: Issues upgrading to tomcat 9.0.17
Yes, I see "GET" when I use my old tomcat 8.0.35. However, my newly installed 9.0.17, nothing... Thanks, Kyle Kim JMD Confidentiality Notice: This e-mail, including all attachments, is intended only for the sole use of the intended recipient(s) and may contain privileged and/or confidential information. If you are not the intended recipient(s) of this e-mail, any dissemination, distribution or copying of this e-mail, and any attachment(s) thereto, is strictly prohibited and may violate Federal Law. If you have received this e-mail in error, please immediately notify the sender by e-mail or telephone and permanently delete all copies of this e-mail and any attachment(s). -Original Message- From: André Warnier (tomcat) Sent: Wednesday, April 3, 2019 11:53 AM To: users@tomcat.apache.org Subject: Re: Issues upgrading to tomcat 9.0.17 On 03.04.2019 17:45, Kim, Chang H (JMD) wrote: > I had to remove the ip specific data, but this is what I am seeing in > localhost_access_log.*.txt when I see "blank screen". > > XX.XX.XX.XX - - [03/Apr/2019:11:41:14 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:14 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:18 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:19 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:23 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:24 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:28 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:29 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:33 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:34 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:38 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:39 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:43 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:44 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:48 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:49 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:53 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:54 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:58 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:41:59 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:03 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:04 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:08 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:09 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:13 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:14 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:18 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:19 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:23 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:24 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:28 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:29 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:33 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:34 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:38 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:39 -0400] "HEAD / HTTP/1.0" 200 - > XX.XX.XX.XX - - [03/Apr/2019:11:42:43 -0400] "HEAD / HTTP/1.0" 200 - > If those are really the requests that Tomcat receives from the browser/client, then it is normal that you would see a blank page. The HTTP response to a HTTP HEAD request does not contain any content, only HTTP headers. That is also why the log messages do not contains the size of the response. Usually, browser-originating HTTP requests are "GET", not "HEAD". What client is sending these requests ? (You can probably tell by the IP that you edited out). > Thanks, > > Kyle Kim > JMD > > Confidentiality Notice: This e-mail, including all attachments, is intended > only for the sole use of the intended recipient(s) and may contain privileged > and/or confidential information. If you are not the intended recipien
RE: Issues upgrading to tomcat 9.0.17
I had to remove the ip specific data, but this is what I am seeing in localhost_access_log.*.txt when I see "blank screen". XX.XX.XX.XX - - [03/Apr/2019:11:41:14 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:14 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:18 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:19 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:23 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:24 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:28 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:29 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:33 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:34 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:38 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:39 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:43 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:44 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:48 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:49 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:53 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:54 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:58 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:41:59 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:03 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:04 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:08 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:09 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:13 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:14 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:18 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:19 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:23 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:24 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:28 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:29 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:33 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:34 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:38 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:39 -0400] "HEAD / HTTP/1.0" 200 - XX.XX.XX.XX - - [03/Apr/2019:11:42:43 -0400] "HEAD / HTTP/1.0" 200 - Thanks, Kyle Kim JMD Confidentiality Notice: This e-mail, including all attachments, is intended only for the sole use of the intended recipient(s) and may contain privileged and/or confidential information. If you are not the intended recipient(s) of this e-mail, any dissemination, distribution or copying of this e-mail, and any attachment(s) thereto, is strictly prohibited and may violate Federal Law. If you have received this e-mail in error, please immediately notify the sender by e-mail or telephone and permanently delete all copies of this e-mail and any attachment(s). -Original Message- From: André Warnier (tomcat) Sent: Wednesday, April 3, 2019 11:37 AM To: users@tomcat.apache.org Subject: Re: Issues upgrading to tomcat 9.0.17 On 03.04.2019 17:30, Kim, Chang H (JMD) wrote: > Out of these log files, which is the log file that will contain the entries > that I need to see? Any one of them that contains something possibly related to your problem. To gain time, I suggest that you do the following : - stop tomcat - start tomcat - request the page you want via the browser - stop tomcat Then have a look at the tomcat log directory, and look at the files which have the latest modification date/time, scrolling back from the end. > > localhost_access_log.2019-04-02.txt > localhost.2019-04-02.log > catalina.out > catalina.2019-04-02.log > > Thanks, > > Kyle Kim > JMD > > Confidentiality Notice: This e-mail, including all attachments, is intended > only for the sole use of the intended recipient(s) and may contain privileged > and/or confidential information. If you are not the intended recipient(s) of > this e-mail, any dissemination, distribution or copying of this e-mail, and > any attachment(s) thereto, is strictly prohibited and may violate Federal > Law. If you have received this e-mail in error, please imme
RE: Issues upgrading to tomcat 9.0.17
Out of these log files, which is the log file that will contain the entries that I need to see? localhost_access_log.2019-04-02.txt localhost.2019-04-02.log catalina.out catalina.2019-04-02.log Thanks, Kyle Kim JMD Confidentiality Notice: This e-mail, including all attachments, is intended only for the sole use of the intended recipient(s) and may contain privileged and/or confidential information. If you are not the intended recipient(s) of this e-mail, any dissemination, distribution or copying of this e-mail, and any attachment(s) thereto, is strictly prohibited and may violate Federal Law. If you have received this e-mail in error, please immediately notify the sender by e-mail or telephone and permanently delete all copies of this e-mail and any attachment(s). -Original Message- From: André Warnier (tomcat) Sent: Wednesday, April 3, 2019 11:27 AM To: users@tomcat.apache.org Subject: Re: Issues upgrading to tomcat 9.0.17 On 03.04.2019 17:18, Kim, Chang H (JMD) wrote: > My OS is AIX 7.2.0.0. I already have tomcat 8.0.35 working. However, I am > in the middle of upgrading it to tomcat 9.0.17. I downloaded the latest > tomcat, and started to get to the default webapp, and only thing displaying > is "white screen". Any help will be greatly appreciated. > Please have a look at the Tomcat logfiles, right after you get that blank page. The reason is usually explicit there. If you still do not understand after that, copy the relevant (?) message of the logfile here, to allow someone to have a look and help you. > Thanks, > > Kyle Kim > JMD > > Confidentiality Notice: This e-mail, including all attachments, is intended > only for the sole use of the intended recipient(s) and may contain privileged > and/or confidential information. If you are not the intended recipient(s) of > this e-mail, any dissemination, distribution or copying of this e-mail, and > any attachment(s) thereto, is strictly prohibited and may violate Federal > Law. If you have received this e-mail in error, please immediately notify > the sender by e-mail or telephone and permanently delete all copies of this > e-mail and any attachment(s). > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Issues upgrading to tomcat 9.0.17
My OS is AIX 7.2.0.0. I already have tomcat 8.0.35 working. However, I am in the middle of upgrading it to tomcat 9.0.17. I downloaded the latest tomcat, and started to get to the default webapp, and only thing displaying is "white screen". Any help will be greatly appreciated. Thanks, Kyle Kim JMD Confidentiality Notice: This e-mail, including all attachments, is intended only for the sole use of the intended recipient(s) and may contain privileged and/or confidential information. If you are not the intended recipient(s) of this e-mail, any dissemination, distribution or copying of this e-mail, and any attachment(s) thereto, is strictly prohibited and may violate Federal Law. If you have received this e-mail in error, please immediately notify the sender by e-mail or telephone and permanently delete all copies of this e-mail and any attachment(s).
Re: Which connector defines "http-nio-auto-1-exec-*" threads?
Thanks for reply. As a matter of fact, right after sending my question, I realized that a bug in the installation code ended up adding another connector with port number zero which wasn't in the original server.xml. Problem resolved. /Jong >>> Rémy Maucherat <r...@apache.org> 11/22/2017 10:15 AM >>> On Wed, Nov 22, 2017 at 3:24 PM, Jong Kim <jong@microfocus.com> wrote: > Tomcat version: 8.0.47 > OS: SUSE Linux Enterprise Server 12 (SP3) > > I have a Tomcat installation where server.xml defines two connectors - > NIO2 connector on port 8443 and AJP connector on port 8009 - The two > connector definitions are shown below. > > keystoreFile="/mycerts/keystore" keystorePass="xxx" maxThreads="150" > port="8443" protocol="org.apache.coyote.http11.Http11Nio2Protocol" > scheme="https" secure="true" sslProtocol="TLS" acceptCount="0" > sslEnabledProtocols="TLSv1.2" ciphers="HIGH:!3DES:!EXP:!aNULL:!MD5"/> > > protocol="AJP/1.3" redirectPort="8443" tomcatAuthentication="false"/> > > We disable non-secure http access on port 8080 by removing the connector > definition. > > However, when we start and run this Tomcat, it creates three protocol > handler rather than expected two (as shown below). > > 17-Nov-2017 19:13:21.790 INFO [main] org.apache.coyote.AbstractProtocol.start > Starting ProtocolHandler ["http-nio-auto-1-46276"] > 17-Nov-2017 19:13:21.796 INFO [main] org.apache.coyote.AbstractProtocol.start > Starting ProtocolHandler ["http-nio2-8443"] > 17-Nov-2017 19:13:21.797 INFO [main] org.apache.coyote.AbstractProtocol.start > Starting ProtocolHandler ["ajp-nio-8009"] > > And then, when I look at the connector thread pool, it creates a set of > threads with this name pattern - "http-nio-auto-1-exec-" - in > addition to the two thread pools used by NIO2 and AJP connectors. > > So, the question - What is this so-called "auto" connector for? And why is > Tomcat creating it when I did NOT configure the system to create a > non-secure http connector? Also, the listening port number used by this > "auto" connector seems random (46276 in this case) and changes from run to > run, so how could it be ever used for anything? > > Thanks in advance for help > The auto port is used for a connector that doesn't specify a port. I am not aware of automatic connector creation except if using embedded, but that doesn't look to be your case here with that server.xml fragment. Any other information ? Rémy > /Jong > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Which connector defines "http-nio-auto-1-exec-*" threads?
Tomcat version: 8.0.47 OS: SUSE Linux Enterprise Server 12 (SP3) I have a Tomcat installation where server.xml defines two connectors - NIO2 connector on port 8443 and AJP connector on port 8009 - The two connector definitions are shown below. We disable non-secure http access on port 8080 by removing the connector definition. However, when we start and run this Tomcat, it creates three protocol handler rather than expected two (as shown below). 17-Nov-2017 19:13:21.790 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-auto-1-46276"] 17-Nov-2017 19:13:21.796 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio2-8443"] 17-Nov-2017 19:13:21.797 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-8009"] And then, when I look at the connector thread pool, it creates a set of threads with this name pattern - "http-nio-auto-1-exec-" - in addition to the two thread pools used by NIO2 and AJP connectors. So, the question - What is this so-called "auto" connector for? And why is Tomcat creating it when I did NOT configure the system to create a non-secure http connector? Also, the listening port number used by this "auto" connector seems random (46276 in this case) and changes from run to run, so how could it be ever used for anything? Thanks in advance for help /Jong - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
You said .. Actually, the better analogy is that there is an application that can tell you whether or not 1+1=2, and you're asking it to explain why the numbers they entered don't total up to 2 when a user account is disabled after exceeded limits retry .. i couldn't display account disabled but rather email / password invalid (due to the issue below) the right analogy is .. 1 (User) +1 (password) = 10 (10 being the incorrect message being displayed due to lack of the needed feature). Sure .. if if i'm the client .. i will ask 1+1 = 10? That's the issue. Date: Tue, 19 May 2015 10:34:48 -0400 From: dcker...@verizon.net To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 5/19/2015 10:26 AM, Kim Ming Yap wrote: Sorry .. you can call me Kim. Yes. I know Mark suggested a custom authenticator .. but how would it help me? The basic thing which i need is simple. In the login module, i need access to session, request objects .. How can having a custom authenticator help me? What i need is a simple API in the login module to get these objects. Think of it this way. There's a callback for username and password. A simple solution is to have a callback for those session, request objects. Now i know that the standard API security doesn't have this. Maybe Tomcat can provide this API .. a callback to get this object. By the way, you mentioned about it's more complicated than that. Sure. But here's the point. The need here is basic and is the most fundamental thing used in any web application to do authentication and is used by all world wide application to do authentication. But what you're asking it to do goes way beyond authentication. All authentication does is tell you if a user should be allowed to access certain resources. Nothing more. Asking it to tell you why they are not allowed to access it is an additional function that can hurt your security. Sure, issue of security etc. But your are forgoing the fundamental on account of that. Think of it this way. You've build some really good math algorithm to solve some advanced issue while all i need is 1+1 = 2 and that is not achievable. Actually, the better analogy is that there is an application that can tell you whether or not 1+1=2, and you're asking it to explain why the numbers they entered don't total up to 2. I would get the fundamental rights first before moving on to more advanced needs like TLS certificate etc. That's why when i started looking at this issue, well lots of complaints on this. Just google it. Just my thoughts. Date: Tue, 19 May 2015 09:10:57 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ming Yap, (Please let me know if I'm using your given name properly... you haven't identified yourself in the body of your messages, so I only have your email address for identification purposes. I wouldn't want to be calling you by the wrong name.) On 5/18/15 6:23 PM, Kim Ming Yap wrote: I think Tomcat should provide interfaces for different scenarios .. that's my opinion. Tomcat can't dictate the JAAS interfaces. It can only implement and/or call them. You are right that Tomcat might be able to provide some convenience items for you, but you'd have to be a bit more specific about what you'd like. So coming back to my web form-based authentication problem, is there a solution to it? Mark suggested a custom Authenticator. I'd start by looking at one of the existing authenticators -- depending upon the authenticator you are currently using (likely FormAuthenticator, based upon your initial post). Note that FormAuthenticator.authenticate is probably much more complicated that you imagined. - -chris Date: Mon, 18 May 2015 18:01:31 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve Ming Yap, On 5/18/15 4:56 PM, Kim Ming Yap wrote: Now here's comes to crucial point and question when comes to JAAS. I know the benefit of JAAS - a pluggable authentication and authorization module. Why and in JavaEE's name have a JAAS realm (eg in Tomcat) where the loginmodule has no access to those most important objects - sessions, request etc? ... because JAAS does not require you to be running within a web context. You can use JAAS in a think client. Or from a command-line client. Or whatever. In those cases, what would you use for the request or session? I did a bit of research .. hence other web container like JBoss, Oracle
RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
Sorry .. you can call me Kim. Yes. I know Mark suggested a custom authenticator .. but how would it help me? The basic thing which i need is simple. In the login module, i need access to session, request objects .. How can having a custom authenticator help me? What i need is a simple API in the login module to get these objects. Think of it this way. There's a callback for username and password. A simple solution is to have a callback for those session, request objects. Now i know that the standard API security doesn't have this. Maybe Tomcat can provide this API .. a callback to get this object. By the way, you mentioned about it's more complicated than that. Sure. But here's the point. The need here is basic and is the most fundamental thing used in any web application to do authentication and is used by all world wide application to do authentication. Sure, issue of security etc. But your are forgoing the fundamental on account of that. Think of it this way. You've build some really good math algorithm to solve some advanced issue while all i need is 1+1 = 2 and that is not achievable. I would get the fundamental rights first before moving on to more advanced needs like TLS certificate etc. That's why when i started looking at this issue, well lots of complaints on this. Just google it. Just my thoughts. Date: Tue, 19 May 2015 09:10:57 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ming Yap, (Please let me know if I'm using your given name properly... you haven't identified yourself in the body of your messages, so I only have your email address for identification purposes. I wouldn't want to be calling you by the wrong name.) On 5/18/15 6:23 PM, Kim Ming Yap wrote: I think Tomcat should provide interfaces for different scenarios .. that's my opinion. Tomcat can't dictate the JAAS interfaces. It can only implement and/or call them. You are right that Tomcat might be able to provide some convenience items for you, but you'd have to be a bit more specific about what you'd like. So coming back to my web form-based authentication problem, is there a solution to it? Mark suggested a custom Authenticator. I'd start by looking at one of the existing authenticators -- depending upon the authenticator you are currently using (likely FormAuthenticator, based upon your initial post). Note that FormAuthenticator.authenticate is probably much more complicated that you imagined. - -chris Date: Mon, 18 May 2015 18:01:31 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve Ming Yap, On 5/18/15 4:56 PM, Kim Ming Yap wrote: Now here's comes to crucial point and question when comes to JAAS. I know the benefit of JAAS - a pluggable authentication and authorization module. Why and in JavaEE's name have a JAAS realm (eg in Tomcat) where the loginmodule has no access to those most important objects - sessions, request etc? ... because JAAS does not require you to be running within a web context. You can use JAAS in a think client. Or from a command-line client. Or whatever. In those cases, what would you use for the request or session? I did a bit of research .. hence other web container like JBoss, Oracle WebLogic has to build an extended version of their authentication module to capture those important objects .. I just don't comprehend this.This is mind boggling. Pluggable authentication and authorization is kind of an unattainable goal when you want it to work across any use case. You just happen to be thinking of the web-based authentication use case, here, and it's not matching up with your expectations. What if you wanted to use some information about a TLS certificate for authentication? Does the JAAS module now need to have access to the X.509 certificate as well? What about a Smart Card? Where does that fit into your web-based view of JAAS? It's just more complicated than you think, unfortunately. I have spent almost 4 weeks on trying to solve this basic problem when comes to form based authentication using JAAS. 1. Valid credential - no issue2. Credential disabled due to gt 3 retry - This message propagate to the error page3. Invalid user id - This message propagate to error page4. Invalid password - This message propagate to error page You should do some reading about user-enumeration vulnerabilities and similar things. You probably don't want to give this kind of information to a user. Hint: the user might be an adversary, and any information you give them them is something they can use to gain access to your
RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
ok. i see the light .. Thanks a zillion! Date: Tue, 19 May 2015 15:56:47 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 19/05/2015 15:51, David kerber wrote: On 5/19/2015 10:46 AM, Kim Ming Yap wrote: You said .. Actually, the better analogy is that there is an application that can tell you whether or not 1+1=2, and you're asking it to explain why the numbers they entered don't total up to 2 when a user account is disabled after exceeded limits retry .. i couldn't display account disabled but rather email / password invalid (due to the issue below) the right analogy is .. 1 (User) +1 (password) = 10 (10 being the incorrect message being displayed due to lack of the needed feature). Sure .. if if i'm the client .. i will ask 1+1 = 10? That's the issue. The point we're making is that if a user's authentication is not valid, you should NOT be telling them why, just tell them it's invalid and maybe tell them to contact the administrator. Giving them any more information is just setting yourself up to be a victim of much quicker brute-force attacks, because you're giving them lots of help. +1. And the chances of any such features making it into Tomcat are slim to none. I for one would veto any such proposal (for the exact reasons David outlines above). It is possible that, if the GSoC project to implement JASPIC succeeds (and that isn't looking very likely right now), a side-effect may be that JASPIC makes it easier to implement custom authenticators but even then if you want to go down the route of detailed explanations for authentication failures you will be on your own. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
Thanks Mark for your suggestion.
I'm still confused over the last part where you mentioned that 'i am confusing
myself between control and data'.
The response object contains output stream (data) to be displayed. Always the
case.
If i enter valid credential .. you'll noticed the flow exactly as indicated on
my email (I've traced is using system.out.println)
request -- valve -- JAAS -- filter -- JSP -- response -- filter -- JAAS
-- valve -- browser
If invalid credential ..
request -- valve -- JAAS -- response -- valve (break point and stop here)
.. yet JSP error page displayed.
So this is really confusing.
The response always contains data to be displayed on the client browser.
How did the JSP error page displayed when on its way back to the client browser
.. i did a break point stop at the valve.
Hm ..
Date: Mon, 18 May 2015 11:14:19 +0100
From: ma...@apache.org
To: users@tomcat.apache.org
Subject: Re: Tomcat valve JAAS : form error page displayed first before
response reaches back to Tomcat valve
On 17/05/2015 23:44, Kim Ming Yap wrote:
Hi,I'm building a website using form based authentication integrating with
JAAS for user based authentication. I don't have issue when a successful
credential is authenticated. Rather I'm having difficulty understanding the
flow of JAAS back to the client should the form based authentication failed.
SOFTWARE:1. Apache Tomee plus 1.7.12. Java 83. Tomcat JAAS Realm
OBJECTIVE:Custom error captured in JAAS login module to propagate to error
page
You are unlikely to get much help from Tomcat with this since
propagating back custom errors is considered poor security practise (an
attacker should not be able to tell why authentication failed).
BASIC UNDERSTANDING:
The Tomcat JAAS layer is not integrated with the web container layer. Hence
the former does not have access to request, session etc.
JAAS is integrated as a Realm - i.e. something that validates
credentials provided by an Authenticator. The Authenticator has full
access to the request and the response. You may want to consider a
custom Authenticator.
SOLUTION:
Using ThreadLocal which capture the custom error message in JAAS layer to
be used when the flow reaches back to the custom valve on the way back to
the browser.
You need to be careful you don't trigger memory leaks when using
ThreadLocals.
PROBELM:Understanding of basic request/response flow involving Tomcat and
JAAS
a. request -- valve -- JAAS -- Filter -- Servlet/JSPb. response --
valve (**) -- JAAS -- Filter -- Servlet/JSP
I suspect that order is wrong.
JAAS is called by the Authenticator (which is a valve). The
Authenticator then calls the Filter (via a few other layers).
You might want to check the ordering of your valve and the Authenticator.
(refer to above clause b)ThreadLocal in the JAAS layer managed to capture
the custom error message and it i managed to print it after the getNext()
method of the custom valve. Thought of adding this custom error as an
attribute in the session object.
However I noticed that the error page is already displayed before i could
add this cusom error (immediately after the getNext method).
The error page will be handled by the webapp or the ErrorReportingValve
- both of whichh may get called before your Valve depending on how the
Valve is configured.
Due to that the ready custom error message cannot be used
SAMPLE CODES:
1. web.xml
login-configauth-methodFORM/auth-method
form-login-config form-login-page/login.jsp/form-login-page
form-error-page/login-redirect-error.jsp?error=true/form-error-page
/form-login-config/login-config
2. Custom valve and defined in META-INF/context.xml
public class SecurityValve extends ValveBase {
public void invoke(Request request, Response response) throws
IOException, ServletException { getNext().invoke(request,
response); system.out.println(after getNext()); -- break point
(BP) }
}
1. Did a break point on SecurityValve (indicated at BP) 2. On forms, i
purposely enter wrong credential and submit 3. Break point stops at
BP 4. login-redirect-error.jsp displayed already5. Since it stop at
break point BP in SecurityValve, the response back to client flow has not
reached the browser. Yet the login-redirect-error.jsp is already displayed
QUESTIONS: How can the login-redirect-error.jsp be displayed on the
browser when the response flowing back to client stop at break point BP?
The flow back to the client is not fully done yet.
You are confusing control and data. The data goes back to the client as
soon as the output is flushed (which can happen in the Servlet/JSP).
I would really appreciate any help.Thanks.
Set a break point in a JSP / Servlet and look at the stack trace to see
which Valves the request/response flow
RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
Wow .. that really confuses me. I've studied the Java EE component and the basic understanding of flow is as follows (if i do not flush the data) client request -- web container (encapsulate request/response) -- filter (contain request/response object) -- Servlet (JSP) -- filter (request / response object here can be modified here for eventual display on browser) -- client browser On the way back the client browser, if i do a break point just immediately after the dofilter() method and stop there, the JSP page is not displayed. So if i get your right: 1. If the above is done without flushing the data .. then yes. That JSP page is not displayed since i stop at the breakpoint. 2. However if i do a flush before the break point, data will be send to the client eventhough my code stops at the break point? I thought the data flow is part of the control flow .. Gee .. i got this wrong all the while Think i'm seeing the light .. Date: Mon, 18 May 2015 13:43:14 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 18/05/2015 13:31, Kim Ming Yap wrote: Thanks Mark for your suggestion. I'm still confused over the last part where you mentioned that 'i am confusing myself between control and data'. The response object contains output stream (data) to be displayed. Always the case. No. The response contains a reference to the output stream. The output stream can be flushed to the client *at any point*. There is no guarantee that it will contain the [data] to be displayed. The (incorrect) sequences you list below describe the control flow. The data flow (when the application reads the request body, when the application writes the request body and when the request body is written to the client) is completely separate. If i enter valid credential .. you'll noticed the flow exactly as indicated on my email (I've traced is using system.out.println) request -- valve -- JAAS -- filter -- JSP -- response -- filter -- JAAS -- valve -- browser Again, no. JAAS does not call the filter. Your valve calls the Authenticator which calls JAAS and then (via some additional objects) the Authenticator calls the filter. Neither the request nor the response are part of the processing chain. They are objects that are passed up and down the chain. If invalid credential .. request -- valve -- JAAS -- response -- valve (break point and stop here) .. yet JSP error page displayed. So this is really confusing. Take a look at the updated diagrams here: https://bz.apache.org/bugzilla/show_bug.cgi?id=57282 The response always contains data to be displayed on the client browser. No it does not. See comment above re control flow vs data flow. How did the JSP error page displayed when on its way back to the client browser .. i did a break point stop at the valve. See point above re control flow vs data flow. Mark Hm .. Date: Mon, 18 May 2015 11:14:19 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 17/05/2015 23:44, Kim Ming Yap wrote: Hi,I'm building a website using form based authentication integrating with JAAS for user based authentication. I don't have issue when a successful credential is authenticated. Rather I'm having difficulty understanding the flow of JAAS back to the client should the form based authentication failed. SOFTWARE:1. Apache Tomee plus 1.7.12. Java 83. Tomcat JAAS Realm OBJECTIVE:Custom error captured in JAAS login module to propagate to error page You are unlikely to get much help from Tomcat with this since propagating back custom errors is considered poor security practise (an attacker should not be able to tell why authentication failed). BASIC UNDERSTANDING: The Tomcat JAAS layer is not integrated with the web container layer. Hence the former does not have access to request, session etc. JAAS is integrated as a Realm - i.e. something that validates credentials provided by an Authenticator. The Authenticator has full access to the request and the response. You may want to consider a custom Authenticator. SOLUTION: Using ThreadLocal which capture the custom error message in JAAS layer to be used when the flow reaches back to the custom valve on the way back to the browser. You need to be careful you don't trigger memory leaks when using ThreadLocals. PROBELM:Understanding of basic request/response flow involving Tomcat and JAAS a. request -- valve -- JAAS -- Filter -- Servlet/JSPb. response -- valve (**) -- JAAS -- Filter -- Servlet/JSP I suspect that order is wrong. JAAS is called by the Authenticator (which is a valve). The Authenticator then calls
RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
You said The error page will be handled by the webapp or the ErrorReportingValve - both of whichh may get called before your Valve depending on how the Valve is configured. How do i ensure that my custom valve is called before the the ErrorReportingValve?Is there some settings i can set? Thanks for your help. From: yapk...@hotmail.com To: users@tomcat.apache.org Subject: RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve Date: Mon, 18 May 2015 11:43:02 -0400 so who control the data flow? Does the data flow has stages just like control flow? Or is it just the http web server? As long as there are output stream going out .. the http web server will server those output stream to the client's browser? Basically no control stages when comes to data flow? Date: Mon, 18 May 2015 14:54:24 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 18/05/2015 13:57, Kim Ming Yap wrote: Wow .. that really confuses me. I've studied the Java EE component and the basic understanding of flow is as follows (if i do not flush the data) client request -- web container (encapsulate request/response) -- filter (contain request/response object) -- Servlet (JSP) -- filter (request / response object here can be modified here for eventual display on browser) -- client browser On the way back the client browser, if i do a break point just immediately after the dofilter() method and stop there, the JSP page is not displayed. So if i get your right: 1. If the above is done without flushing the data .. then yes. That JSP page is not displayed since i stop at the breakpoint. Correct. The entire response is contained in the output buffer at that point. 2. However if i do a flush before the break point, data will be send to the client eventhough my code stops at the break point? Correct. On the first write to the client, the HTTP Response headers will be written. This is the point at which the response is considered to be committed. The first write may also include some/all of the response body. Flushing can be explicit (the application calls it) or implicit (the container calls flush because - for example - there is no more space in the output buffer). I thought the data flow is part of the control flow .. Gee .. i got this wrong all the while Think i'm seeing the light .. Happy to help. Mark Date: Mon, 18 May 2015 13:43:14 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 18/05/2015 13:31, Kim Ming Yap wrote: Thanks Mark for your suggestion. I'm still confused over the last part where you mentioned that 'i am confusing myself between control and data'. The response object contains output stream (data) to be displayed. Always the case. No. The response contains a reference to the output stream. The output stream can be flushed to the client *at any point*. There is no guarantee that it will contain the [data] to be displayed. The (incorrect) sequences you list below describe the control flow. The data flow (when the application reads the request body, when the application writes the request body and when the request body is written to the client) is completely separate. If i enter valid credential .. you'll noticed the flow exactly as indicated on my email (I've traced is using system.out.println) request -- valve -- JAAS -- filter -- JSP -- response -- filter -- JAAS -- valve -- browser Again, no. JAAS does not call the filter. Your valve calls the Authenticator which calls JAAS and then (via some additional objects) the Authenticator calls the filter. Neither the request nor the response are part of the processing chain. They are objects that are passed up and down the chain. If invalid credential .. request -- valve -- JAAS -- response -- valve (break point and stop here) .. yet JSP error page displayed. So this is really confusing. Take a look at the updated diagrams here: https://bz.apache.org/bugzilla/show_bug.cgi?id=57282 The response always contains data to be displayed on the client browser. No it does not. See comment above re control flow vs data flow. How did the JSP error page displayed when on its way back to the client browser .. i did a break point stop at the valve. See point above re control flow vs data flow. Mark Hm .. Date: Mon, 18 May 2015 11:14:19 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error
RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
so who control the data flow? Does the data flow has stages just like control flow? Or is it just the http web server? As long as there are output stream going out .. the http web server will server those output stream to the client's browser? Basically no control stages when comes to data flow? Date: Mon, 18 May 2015 14:54:24 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 18/05/2015 13:57, Kim Ming Yap wrote: Wow .. that really confuses me. I've studied the Java EE component and the basic understanding of flow is as follows (if i do not flush the data) client request -- web container (encapsulate request/response) -- filter (contain request/response object) -- Servlet (JSP) -- filter (request / response object here can be modified here for eventual display on browser) -- client browser On the way back the client browser, if i do a break point just immediately after the dofilter() method and stop there, the JSP page is not displayed. So if i get your right: 1. If the above is done without flushing the data .. then yes. That JSP page is not displayed since i stop at the breakpoint. Correct. The entire response is contained in the output buffer at that point. 2. However if i do a flush before the break point, data will be send to the client eventhough my code stops at the break point? Correct. On the first write to the client, the HTTP Response headers will be written. This is the point at which the response is considered to be committed. The first write may also include some/all of the response body. Flushing can be explicit (the application calls it) or implicit (the container calls flush because - for example - there is no more space in the output buffer). I thought the data flow is part of the control flow .. Gee .. i got this wrong all the while Think i'm seeing the light .. Happy to help. Mark Date: Mon, 18 May 2015 13:43:14 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 18/05/2015 13:31, Kim Ming Yap wrote: Thanks Mark for your suggestion. I'm still confused over the last part where you mentioned that 'i am confusing myself between control and data'. The response object contains output stream (data) to be displayed. Always the case. No. The response contains a reference to the output stream. The output stream can be flushed to the client *at any point*. There is no guarantee that it will contain the [data] to be displayed. The (incorrect) sequences you list below describe the control flow. The data flow (when the application reads the request body, when the application writes the request body and when the request body is written to the client) is completely separate. If i enter valid credential .. you'll noticed the flow exactly as indicated on my email (I've traced is using system.out.println) request -- valve -- JAAS -- filter -- JSP -- response -- filter -- JAAS -- valve -- browser Again, no. JAAS does not call the filter. Your valve calls the Authenticator which calls JAAS and then (via some additional objects) the Authenticator calls the filter. Neither the request nor the response are part of the processing chain. They are objects that are passed up and down the chain. If invalid credential .. request -- valve -- JAAS -- response -- valve (break point and stop here) .. yet JSP error page displayed. So this is really confusing. Take a look at the updated diagrams here: https://bz.apache.org/bugzilla/show_bug.cgi?id=57282 The response always contains data to be displayed on the client browser. No it does not. See comment above re control flow vs data flow. How did the JSP error page displayed when on its way back to the client browser .. i did a break point stop at the valve. See point above re control flow vs data flow. Mark Hm .. Date: Mon, 18 May 2015 11:14:19 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 17/05/2015 23:44, Kim Ming Yap wrote: Hi,I'm building a website using form based authentication integrating with JAAS for user based authentication. I don't have issue when a successful credential is authenticated. Rather I'm having difficulty understanding the flow of JAAS back to the client should the form based authentication failed. SOFTWARE:1. Apache Tomee plus 1.7.12. Java 83. Tomcat JAAS Realm OBJECTIVE:Custom error captured in JAAS login module to propagate to error page You are unlikely to get much help from Tomcat with this since propagating
RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
ok. cool :) i understand better. Now here's comes to crucial point and question when comes to JAAS. I know the benefit of JAAS - a pluggable authentication and authorization module. Why and in JavaEE's name have a JAAS realm (eg in Tomcat) where the loginmodule has no access to those most important objects - sessions, request etc? I did a bit of research .. hence other web container like JBoss, Oracle WebLogic has to build an extended version of their authentication module to capture those important objects .. I just don't comprehend this.This is mind boggling .. I have spent almost 4 weeks on trying to solve this basic problem when comes to form based authentication using JAAS. 1. Valid credential - no issue2. Credential disabled due to gt 3 retry - This message propagate to the error page3. Invalid user id - This message propagate to error page4. Invalid password - This message propagate to error page There's no way to propagate the above error messages to the error page from JAAS login module since this module has no access to those important aforementioned objects. Hence i turn to valve (storing ThreadLocal). But as you can see, the error page gets displayed first even before i can store them in the session object. Without this feature, the only error message i can display is for example: Incorrect email or password. But this is incorrect if the account is disabled. So i'm just flabbergasted that there's a JAAS module but without access to those basic objects used in any web development. This is beyond mind boggling .. Any insights? Date: Mon, 18 May 2015 16:08:41 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ming Yap, On 5/18/15 11:43 AM, Kim Ming Yap wrote: so who control the data flow? The data is really just a data stream. Anyone dumping data into that stream controls the flow. Any component with access to the OutputStream to the client can inject something into it. The method call flow doesn't place any restrictions on what each component is allowed to put into that OutputStream. Does the data flow has stages just like control flow? It's the Wild West: any component can do anything it wants. Or is it just the http web server? As long as there are output stream going out .. the http web server will server those output stream to the client's browser? Exactly. Basically no control stages when comes to data flow? Correct. There are basically two stages: 1. Before the response has been committed 2. After the response has been committed The committment of the response occurs when either of the following things happen: a. The response buffer fills up (container flushes buffer) b. A component explicitly flushes the response buffer Before the response has been committed, you can add/modify/remove response headers, change the response status code (e.g. 200 OK), request the creation of an HttpSession, and a few other things. After the response has been committed, you can do none of those things: only sending bytes to the response stream will work after that. But again, the only things that triggers the commit of the response if the response buffer filling up (or an explicit flush() call). Any component can cause that event to occur, and no other components are notified that it's about to happen. You can check to see if the response has been committed, but you can't do anything effective to stop it. - -chris Date: Mon, 18 May 2015 14:54:24 +0100 From: ma...@apache.org To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve On 18/05/2015 13:57, Kim Ming Yap wrote: Wow .. that really confuses me. I've studied the Java EE component and the basic understanding of flow is as follows (if i do not flush the data) client request -- web container (encapsulate request/response) -- filter (contain request/response object) -- Servlet (JSP) -- filter (request / response object here can be modified here for eventual display on browser) -- client browser On the way back the client browser, if i do a break point just immediately after the dofilter() method and stop there, the JSP page is not displayed. So if i get your right: 1. If the above is done without flushing the data .. then yes. That JSP page is not displayed since i stop at the breakpoint. Correct. The entire response is contained in the output buffer at that point. 2. However if i do a flush before the break point, data will be send to the client eventhough my code stops at the break point? Correct. On the first write to the client, the HTTP Response headers will be written. This is the point at which the response is considered
RE: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
I think Tomcat should provide interfaces for different scenarios .. that's my opinion. So coming back to my web form-based authentication problem, is there a solution to it? I still want to solve my problem Please advice.Thanks. Date: Mon, 18 May 2015 18:01:31 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ming Yap, On 5/18/15 4:56 PM, Kim Ming Yap wrote: Now here's comes to crucial point and question when comes to JAAS. I know the benefit of JAAS - a pluggable authentication and authorization module. Why and in JavaEE's name have a JAAS realm (eg in Tomcat) where the loginmodule has no access to those most important objects - sessions, request etc? ... because JAAS does not require you to be running within a web context. You can use JAAS in a think client. Or from a command-line client. Or whatever. In those cases, what would you use for the request or session? I did a bit of research .. hence other web container like JBoss, Oracle WebLogic has to build an extended version of their authentication module to capture those important objects .. I just don't comprehend this.This is mind boggling. Pluggable authentication and authorization is kind of an unattainable goal when you want it to work across any use case. You just happen to be thinking of the web-based authentication use case, here, and it's not matching up with your expectations. What if you wanted to use some information about a TLS certificate for authentication? Does the JAAS module now need to have access to the X.509 certificate as well? What about a Smart Card? Where does that fit into your web-based view of JAAS? It's just more complicated than you think, unfortunately. I have spent almost 4 weeks on trying to solve this basic problem when comes to form based authentication using JAAS. 1. Valid credential - no issue2. Credential disabled due to gt 3 retry - This message propagate to the error page3. Invalid user id - This message propagate to error page4. Invalid password - This message propagate to error page You should do some reading about user-enumeration vulnerabilities and similar things. You probably don't want to give this kind of information to a user. Hint: the user might be an adversary, and any information you give them them is something they can use to gain access to your system. For example: if I enter ob...@whitehouse.gov as my username and you tell me user does not exist, I can keep trying usernames until I get one that does exist. Great, now I know the user exists and I can keep trying passwords until I get in. If you tell me credentials disabled, then I will know when I've tripped some kind of maximum login-attempt trigger that will (likely) disable the user for a while. So, I'll adjust my attack strategy so that I only try each user 3 times because I know that after that, they will be disabled. If you have a hard business requirement to tell the user why they aren't being permitted to login, you might want to go back to whoever wrote those requirements and ask them to review them from a security perspective. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVWmE7AAoJEBzwKT+lPKRYLHsP/0SjF8xJlXoZUPLRZVKAvJ9U Lf4c5eokEFOjQdbMx4e3vLnTfYK2dWnq0d1Te3n+Zk6fWahy4ijiHHZsdvsQxHCt VDFmXZe6FcBu1bFzcU9JNnr2RqRDEBd3St7wWlReB49LpgQaXh3jvKQgPK67ChR9 K0kBAgzV9BRXzKRLjkEHhC+Q3jFgzmd2J3HerDCgKB6jSFw6dn8NdZJqCfAIAG6R xtbYvryRrQEVaMNs0Z0eDRsRy3iTAZAA1FZOUGSxVfAWapcj12RtnbKfB6tX+wc1 ghy6ZZW3efQSirvZ4BbYqsptBYzsA3oU25zbJG5jdz170okYLphx9vbtbP7wFQFJ CPANIDWLj/aTKCch+SCOMLlOXCBAR69HobDG3Tzi0riaeZAxNuBV61SZjIUhA+Bl tVfihOoLxZQcPk7s4VoR4w1SD7nBqMSkzbwTJujbjM7UKi311lRr6LqO6DvYEsg1 eX4qpKELndniJ035wrZXjbGtMS6JWDRjmeIJkVc0+6XsdMJ7c1bzaImfJg9dv6x9 ZlKpiTbW4n5jC6jrvu5elRuAudf0Me467y9JDZq6ujMmcPVr3BcQQKb4cHXnPRzh BpHqXcn19LZGatyx0wpz8nf5ZjHQiyeaWOgSjLyk8yJXXz6EyA4SZ8Ndi8O5Z/tb kgPkqUPohzH02HWcg6E2 =q5gu -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
Hi,I'm building a website using form based authentication integrating with JAAS
for user based authentication. I don't have issue when a successful credential
is authenticated. Rather I'm having difficulty understanding the flow of JAAS
back to the client should the form based authentication failed.SOFTWARE:1.
Apache Tomee plus 1.7.12. Java 83. Tomcat JAAS RealmOBJECTIVE:Custom error
captured in JAAS login module to propagate to error pageBASIC UNDERSTANDING:The
Tomcat JAAS layer is not integrated with the web container layer. Hence the
former does not have access to request, session etc.SOLUTION:Using ThreadLocal
which capture the custom error message in JAAS layer to be used when the flow
reaches back to the custom valve on the way back to the
browser.PROBELM:Understanding of basic request/response flow involving Tomcat
and JAASa. request -- valve -- JAAS -- Filter -- Servlet/JSPb. response
-- valve (**) -- JAAS -- Filter -- Servlet/JSP(refer to above clause
b)ThreadLocal in the JAAS layer managed to capture the custom error message and
it i managed to print it after the getNext() method of the custom valve.
Thought of adding this custom error as an attribute in the session
object.However I noticed that the error page is already displayed before i
could add this cusom error (immediately after the getNext method).Due to that
the ready custom error message cannot be usedSAMPLE CODES:1. web.xml
login-configauth-methodFORM/auth-methodform-login-config
form-login-page/login.jsp/form-login-page
form-error-page/login-redirect-error.jsp?error=true/form-error-page
/form-login-config/login-config2. Custom valve and defined in
META-INF/context.xmlpublic class SecurityValve extends ValveBase {
public void invoke(Request request, Response response) throws IOException,
ServletException { getNext().invoke(request, response);
system.out.println(after getNext()); -- break point (BP) }}1. Did a
break point on SecurityValve (indicated at BP) 2. On forms, i purposely
enter wrong credential and submit 3. Break point stops at BP 4.
login-redirect-error.jsp displayed already5. Since it stop at break point
BP in SecurityValve, the response back to client flow has not reached the
browser. Yet the login-redirect-error.jsp is already displayedQUESTIONS: How
can the login-redirect-error.jsp be displayed on the browser when the response
flowing back to client stop at break point BP? The flow back to the client is
not fully done yet.I would really appreciate any help.Thanks.
Tomcat valve JAAS : form error page displayed first before response reaches back to Tomcat valve
Hi,I'm building a website using form based authentication integrating with JAAS
for user based authentication. I don't have issue when a successful credential
is authenticated. Rather I'm having difficulty understanding the flow of JAAS
back to the client should the form based authentication failed.
SOFTWARE:1. Apache Tomee plus 1.7.12. Java 83. Tomcat JAAS Realm
OBJECTIVE:Custom error captured in JAAS login module to propagate to error page
BASIC UNDERSTANDING:
The Tomcat JAAS layer is not integrated with the web container layer. Hence the
former does not have access to request, session etc.
SOLUTION:
Using ThreadLocal which capture the custom error message in JAAS layer to be
used when the flow reaches back to the custom valve on the way back to the
browser.
PROBELM:Understanding of basic request/response flow involving Tomcat and JAAS
a. request -- valve -- JAAS -- Filter -- Servlet/JSPb. response --
valve (**) -- JAAS -- Filter -- Servlet/JSP
(refer to above clause b)ThreadLocal in the JAAS layer managed to capture the
custom error message and it i managed to print it after the getNext() method of
the custom valve. Thought of adding this custom error as an attribute in the
session object.
However I noticed that the error page is already displayed before i could add
this cusom error (immediately after the getNext method).
Due to that the ready custom error message cannot be used
SAMPLE CODES:
1. web.xml
login-configauth-methodFORM/auth-methodform-login-config
form-login-page/login.jsp/form-login-page
form-error-page/login-redirect-error.jsp?error=true/form-error-page
/form-login-config/login-config
2. Custom valve and defined in META-INF/context.xml
public class SecurityValve extends ValveBase {
public void invoke(Request request, Response response) throws
IOException, ServletException { getNext().invoke(request, response);
system.out.println(after getNext()); -- break point (BP) }
}
1. Did a break point on SecurityValve (indicated at BP) 2. On forms, i
purposely enter wrong credential and submit 3. Break point stops at BP
4. login-redirect-error.jsp displayed already5. Since it stop at break
point BP in SecurityValve, the response back to client flow has not reached the
browser. Yet the login-redirect-error.jsp is already displayed
QUESTIONS: How can the login-redirect-error.jsp be displayed on the browser
when the response flowing back to client stop at break point BP? The flow back
to the client is not fully done yet.
I would really appreciate any help.Thanks.
Re: restrict per user public_html to serve static files only...
Hi,Andre Thanks for the advice. I do implement a Valve class to capture all the request before forwarding to actual web app. However, I can not know in advance the actual url for the servlet or JSP .. i.e. I can not know from the URI in the Valve class that the resources is static files or servlet ... Regards, Kim 2012/6/27 André Warnier a...@ice-sa.com: Kim wrote: Hi, Dear all I'm using tomcat 6.0.35 on linux CentOS 5.7 using sun jdk jdk1.5.0_11. I need to enable public_html for my user but for security reason, I would like restrict the functions to serve static files only. Can anyone tell me how to do that ? Actually I can build tomcat from src and don't mind modify the code base for this specific feature. Can anyone help me to point out which source file I should modify ... Regards, Kim Modifying the Tomcat code base for this seems to me a heavy, non-portable, non-maintainable, non-upgradable solution. You could this with a very simple (*) Servlet Filter. One may already exist which does that. I'd be surprised if you couldn't do that with, for example, the URLRewrite filter. http://www.tuckey.org/urlrewrite/ Rewrite URLs that do not point to static pages, to some error page URL, et voila. (better : rewrite all /public_html/* URLs to the error page, /except/ if they end in \.(xxx|yyy|zzz)) (*) and light and portable and maintainable and upgradable - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: restrict per user public_html to serve static files only...
Hi,Mikolaj Actually I would like to get rid of apache httpd Regards, Kim 2012/6/27 Mikolaj Rydzewski m...@ceti.pl: On 27.06.2012 06:58, Kim wrote: I'm using tomcat 6.0.35 on linux CentOS 5.7 using sun jdk jdk1.5.0_11. I need to enable public_html for my user but for security reason, I would like restrict the functions to serve static files only. Can anyone tell me how to do that ? IMO apache httpd suits better in this situation. There's built in support for public_html directories. Since all you need is to serve static files I see no point in using tomcat. -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: restrict per user public_html to serve static files only...
Hi, Andre How so ? can you explain ? After all, Tomcat itself has to know if the resource being served is a servlet or jsp page or something else, in order to serve it properly. So how come you cannot do the same ? ans : each user can have his/her own web.xml and can do whatever URL mapping in web.xml to serve his/her serlvet ... That's why I can not know in advance unless I go into the user WEB-INF to do the parsing ... Another question : where is this public_html directory (?) actually located, and what does/can it contain, other than static pages ? ans : I configure tomcat to enable per-user web as follows: Listener className=org.apache.catalina.startup.UserConfig directoryName=public_html homeBase=/share/home userClass=org.apache.catalina.startup.HomesUserDatabase/ Regards, Kim 2012/6/27 André Warnier a...@ice-sa.com: Regarding the style of communications : on this list, it is preferred if posters answer *below* the respective text to which they refer, not on top of the message. It makes it so much easier to follow the flow of the conversation (rather than having to scroll up and down to find the appropriate paragraph). Kim wrote: Hi,Andre Thanks for the advice. I do implement a Valve class to capture all the request before forwarding to actual web app. However, I can not know in advance the actual url for the servlet or JSP .. i.e. I can not know from the URI in the Valve class that the resources is static files or servlet ... How so ? can you explain ? After all, Tomcat itself has to know if the resource being served is a servlet or jsp page or something else, in order to serve it properly. So how come you cannot do the same ? Another question : where is this public_html directory (?) actually located, and what does/can it contain, other than static pages ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: restrict per user public_html to serve static files only...
Hi, Charles Really sorry as I'm new here. ok. here is the ans to your question - You first say users cannot have dynamic content, then state that users can have their own servlets. Both can't be true at the same time. ans : I would like to restrict the per user web application to only serve static files only. But the current implementation of Tomcat would enable web application on a per user basic, i.e. they can deploy a web.xml in WEB-INF and execute servlet or JSP in tomcat. Regards, Kim 2012/6/27 Caldarale, Charles R chuck.caldar...@unisys.com: From: Kim [mailto:k...@aerodrive.com] Subject: Re: restrict per user public_html to serve static files only... Please do not top-post; it's rude and annoying. each user can have his/her own web.xml and can do whatever URL mapping in web.xml to serve his/her servlet ??? You first say users cannot have dynamic content, then state that users can have their own servlets. Both can't be true at the same time. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: restrict per user public_html to serve static files only...
Hi, Kolinko Really thanks. Yes, I have hunt down to UserConfig in the source tree on Tomcat and can modify UserConfig.java to skip those user context if there exists a /WEB-INF/web.xml in their public_html directory. And I can also insert a Valve filter to skip those URL with jsp extension ... But I do think it's very clumsy solution and I'm looking for a more elegant solution in that for a per-user web application the only serlvet that can be invoked is the DefaultServlet that serve static files only.. Regards, Kim For reference, User Web Applications feature is implemented via a Listener, o.a.catalina.startup.UserConfig which enumerates users and deploys their web applications. Documentation is in config/listeners.html and config/host.html. Currently it creates web application for each user when Tomcat starts. Probably it could be improved to perform such deployment once in a while on Lifecycle.PERIODIC_EVENT. First, you need to prevent not only jsps, but servlets as well. I think I would create my own UserConfig listener so that it would skip directories that have WEB-INF and META-INF directories in them. Things to beware are WEB-INF/web.xml, WEB-INF/lib (because of web fragments feature of Servlet 3.0), WEB-INF/classes (unlikely, but just to be sure; maybe it could be used to reconfigure logging). There should not be META-INF/context.xml file. (Though as far as I remember when an application is deployed via UserConfig the context.xml file is ignored). Second, Processing of Jsp files can be enabled though two constructs a) explicit mapping of JspServlet, like it is done in conf/web.xml b) implicitly by using jsp-property-group with url pattern that patches the file. I think that removing JspServlet mappings from global conf/web.xml will disable JSP processing for you. 2012/6/27 André Warnier a...@ice-sa.com: Have a look first at the file (catalina_home)/conf/catalina.policy, section WEB APPLICATION PERMISSIONS. It seems to me that by not granting those permissions (other than to your own webapps), you can greatly restrict what users can do. Note that regardless of contents of conf/catalina.policy every web application is granted permission to load its own classes and write to its own temporary directory. The servlet spec requires it. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: restrict per user public_html to serve static files only...
Hi, Warnier 2012/6/27 André Warnier a...@ice-sa.com: Kim, when we ask to not top-post, here is what we mean. This is a correctly formatted version of your last message : -- start Hi, Charles Really sorry as I'm new here. 2012/6/27 Caldarale, Charles R chuck.caldar...@unisys.com: From: Kim [mailto:k...@aerodrive.com] Subject: Re: restrict per user public_html to serve static files only... Please do not top-post; it's rude and annoying. each user can have his/her own web.xml and can do whatever URL mapping in web.xml to serve his/her servlet ??? You first say users cannot have dynamic content, then state that users can have their own servlets. Both can't be true at the same time. I would like to restrict the per user web application to only serve static files only. But the current implementation of Tomcat would enable web application on a per user basic, i.e. they can deploy a web.xml in WEB-INF and execute servlet or JSP in tomcat. Regards, Kim -- end You see, it's easy to read, in a logical order, thus easy to know which answer relates to which question/remark. And it saves you retyping the question. I got it now. Thanks for the help and really sorry for my mistake. Regards, Kim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
restrict per user public_html to serve static files only...
Hi, Dear all I'm using tomcat 6.0.35 on linux CentOS 5.7 using sun jdk jdk1.5.0_11. I need to enable public_html for my user but for security reason, I would like restrict the functions to serve static files only. Can anyone tell me how to do that ? Actually I can build tomcat from src and don't mind modify the code base for this specific feature. Can anyone help me to point out which source file I should modify ... Regards, Kim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Not able to set up authentication
Hi, I'm trying to set up authentication in tomcat for the application solr. But when doing this, I'm not asked for a username and password, but i get a 403. This is the configuration I'm using: tomcat-users.xml ?xml version='1.0' encoding='utf-8'? tomcat-users ... role rolename=ezkimjohanrole/ user username=ezkimjohan password=password roles=ezkimjohanrole/ /tomcat-users web.xml ... security-constraint web-resource-collection web-resource-nameDefault/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint/ /security-constraint security-constraint web-resource-collection web-resource-name Solr authenticated application /web-resource-name url-pattern/solr/ezkimjohan/*/url-pattern url-pattern/solr/ezkimjohan/admin/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameezkimjohanrole/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameBasic Authentication/realm-name /login-config security-role descriptionezkimjohan/description role-nameezkimjohanrole/role-name /security-role /web-app Copy of access log: ip - - [08/Jun/2010:10:16:22 +0200] GET /solr/ezkimjohan/admin/ HTTP/1.1 403 1108 ip - - [08/Jun/2010:10:37:16 +0200] GET /solr/ezkimjohan/admin/ HTTP/1.1 403 1108 ip - - [08/Jun/2010:10:37:16 +0200] GET /solr/ezkimjohan/admin/ HTTP/1.1 403 1108 Strace: http://pastebin.org/317854 If i remove the default block, i get a 200 respons, and no questions about username and password. Any help is appreciated. Thanks. -- Best regards / Med vennlig hilsen Kim Johansen - WebDeal AS Linux Systems Administrator E-mail: kim.johan...@webdealhosting.com Web: http://www.webdealhosting.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Not able to set up authentication
url-pattern/solr/ezkimjohan/*/url-pattern url-pattern/solr/ezkimjohan/admin/*/url-pattern Assuming the solr webapp is deployed properly, you must remove /solr from the above. The pattern is relative to the webapp, not the server. This was the solution! Thank you very much for helping me out on this. -- Best regards / Med vennlig hilsen Kim Johansen - WebDeal AS Linux Systems Administrator E-mail: kim.johan...@webdealhosting.com Web: http://www.webdealhosting.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
removeAbandonedTime in DBCP DataSource
Hello, In Tomcat documentations, the removeAbandonedTime¡¯ attribute is the number of seconds a dB connection has been idle before it is considered abandoned. Is the idle time calculated since the connection was borrowed from the pool? Or, is it calculated from the last time the connection has been used such as any Sql statement executions? I hope the answer be the latter, but would appreciate if anyone can clarify. Thanks, Jin Kim Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Issue finding Worker using mod_jk ...
Filip, Yep, we're doing that...it's in the Virtual Host directive. Thanks, Kim ;-) On Nov 8, 2007 12:21 PM, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote: you must define the JkMount directive inside your httpd.conf file to map a worker to a URL in this case I believe it would be JkMount / ein1 JkMount /* ein1 Filip Kim Albee wrote: We are having an issue when setting up integration between Apache 2.0.52 and Tomcat 6.0.14... Here are the mod_jk.log entries: [Wed Nov 07 14:31:25 2007] [jk_uri_worker_map.c (445)]: Into jk_uri_worker_map_t::map_uri_to_worker [Wed Nov 07 14:31:25 2007] [jk_uri_worker_map.c (459)]: Attempting to map URI '/' [Wed Nov 07 14:31:25 2007] [jk_uri_worker_map.c (473)]: jk_uri_worker_map_t::map_uri_to_worker, Found an exact match ein1 - / [Wed Nov 07 14:31:25 2007] [mod_jk.c (1689)]: Into handler r-proxyreq=0 r-handler=jakarta-servlet r-notes=158639048 worker=ein1 [Wed Nov 07 14:31:25 2007] [jk_worker.c (90)]: Into wc_get_worker_for_name ein1 [Wed Nov 07 14:31:25 2007] [jk_worker.c (94)]: wc_get_worker_for_name, done did not find a worker The workers.properties file looks like this: workers.tomcat_home=/usr/local/tomcat6 workers.java_home=$JAVA_HOME ps=/ worker.list=ein1 worker.ein1.port=8109 worker.ein1.host=localhost worker.ein1.type=ajp13 worker.ein1.info=Ajp13 forwarding worker.ein1.debug=2 worker.ein1.tomcatId=ein1 We have the jvmRoute set in the Engine parameter for the server.xml in tomcat as well... Any suggestions on how to get this working? thanks, Kim :-) No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.503 / Virus Database: 269.15.25/1118 - Release Date: 11/8/2007 9:29 AM - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Issue finding Worker using mod_jk ...
We are having an issue when setting up integration between Apache 2.0.52 and Tomcat 6.0.14... Here are the mod_jk.log entries: [Wed Nov 07 14:31:25 2007] [jk_uri_worker_map.c (445)]: Into jk_uri_worker_map_t::map_uri_to_worker [Wed Nov 07 14:31:25 2007] [jk_uri_worker_map.c (459)]: Attempting to map URI '/' [Wed Nov 07 14:31:25 2007] [jk_uri_worker_map.c (473)]: jk_uri_worker_map_t::map_uri_to_worker, Found an exact match ein1 - / [Wed Nov 07 14:31:25 2007] [mod_jk.c (1689)]: Into handler r-proxyreq=0 r-handler=jakarta-servlet r-notes=158639048 worker=ein1 [Wed Nov 07 14:31:25 2007] [jk_worker.c (90)]: Into wc_get_worker_for_name ein1 [Wed Nov 07 14:31:25 2007] [jk_worker.c (94)]: wc_get_worker_for_name, done did not find a worker The workers.properties file looks like this: workers.tomcat_home=/usr/local/tomcat6 workers.java_home=$JAVA_HOME ps=/ worker.list=ein1 worker.ein1.port=8109 worker.ein1.host=localhost worker.ein1.type=ajp13 worker.ein1.info=Ajp13 forwarding worker.ein1.debug=2 worker.ein1.tomcatId=ein1 We have the jvmRoute set in the Engine parameter for the server.xml in tomcat as well... Any suggestions on how to get this working? thanks, Kim :-)
HELP -- need to get Basic Authentication working (.htaccess) with Apache/Tomcat 5 to prevent access
I need to figure out a way to 'gate' access in a broad sense to the overall website on a test server. The site is all JSP, using Apache and Tomcat, but .htaccess doesn't work, as it appears that Apache hands off to Tomcat prior to doing the .htaccess check. Does anyone have a solution to this? This is only for a test server, so general access is limited. So I just want users upon first accessing the site to have to enter a username/password as a basic authentication to view the site... I need to get this done quickly, if it's possible. thanks, Kim :-)
Re: HELP -- need to get Basic Authentication working (.htaccess) with Apache/Tomcat 5 to prevent access
M - I'm confused. we don't need SSL at all here... ??? clarification? thanks, Kim :-) On 9/19/00, Martin Gainty [EMAIL PROTECTED] wrote: http://www.apache-ssl.org/ M-- - Original Message - From: Kim Albee [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, September 19, 2007 2:22 PM Subject: HELP -- need to get Basic Authentication working (.htaccess) with Apache/Tomcat 5 to prevent access I need to figure out a way to 'gate' access in a broad sense to the overall website on a test server. The site is all JSP, using Apache and Tomcat, but .htaccess doesn't work, as it appears that Apache hands off to Tomcat prior to doing the .htaccess check. Does anyone have a solution to this? This is only for a test server, so general access is limited. So I just want users upon first accessing the site to have to enter a username/password as a basic authentication to view the site... I need to get this done quickly, if it's possible. thanks, Kim :-) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does anyone have an approach to checking if Tomcat instance is UP?
Everyone -- thanks for all the ideas and feedback. We've attempted to take the approach with our health.jsp to check the major functions in our application -- so if we can do a database request, that checks a bunch of things - and returns without error lets us know that our application is functioning. We figured that since it was running through Tomcat (as a .JSP) that tomcat would have to be up to have the page respond... so we didn't worry about Tomcat itself. Should we? In this instance the health.jsp continued to work and report all was good, while the main index.jsp got an OutOfMemory exception. If I query the runtime memory, will that have caught the exception happening in in the index.jsp? So if I check the available memory or percentage and it's lower than whtever threshhold we establish, then we could return a 'down' condition... would that be a solid way to catch any further memory errors? We use a monitoring tool that has the automated checks for the application JVM and we can set different threshholds there -- but I've got to be able to have the check run by the load balancer know that the system is down -- and it does only a simple check against this JSP page, and then knows to fail over -- so while we are working to establish threshhold alerts with our monitoring application, we also want to ensure the load balancer fails over accurately as well... So all suggestions are welcome. Kim :-) On 8/21/07, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kim, Kim Albee wrote: The JSP does a call to a method in our app -- which if it runs, that means the app is up and available -- the method does a simple query against the DB and then returns a status of OK if the method runs through just fine. In our example from this weekend -- the health.jsp (which is the one that does this check) ran and returned a good result, but the main index.jspreturned the 500 error with the OutOfMemory exception. So that is what is confusing here. Two things are wrong: 1. Your health check is flawed ; otherwise, it would catch the fact that you have a dead server. 2. index.jsp is causing its own OOME, not reporting an existing condition. What does index.jsp do that health.jsp does not? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGyuhJ9CaO5/Lv0PARAoq1AJ45SG2Qa1qF/4BEJAoFoWG7yv4mrACdERCp 6CJVZUI8DlpWojvHP0+HgBM= =sPT9 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 20 Tips for Using Tomcat in Production
In putting #1 into the JAVA_OPTS (which it appears that is the CATALINA_OPTS for our implementation), it doesn't appear to work, as Tomcat doesn't restart. It could be our version -- which is currently 5.0.30. please let me know if there are other steps we need to take here as well. thanks, Kim :-) On 8/21/07, Shane Witbeck [EMAIL PROTECTED] wrote: I thought my latest blog post would be of interest to the people on this list: http://www.digitalsanctum.com/2007/08/18/20-tips-for-using-tomcat-in-production/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Does anyone have an approach to checking if Tomcat instance is UP?
Hello -- We have a load balanced situation, and we have a JSP that runs and checks our application to ensure it's up and returns a string that the monitor app is looking for if all is well. Repeatedly, that JSP will work, but the site is down because Tomcat hit an OutOfMemory exception -- but our JSP (which is very small) still runs through it's process and returns that everything is happy. Our application is up, but the 500 error is an OutOFMemory exception. We need a fool-proof way of knowing that the site is up or not, specifically so the load balancer will know to stop routing traffic to a server when it's down, and we can have people taking a look at what happened and bring the server back online without loss of service from a user perspective. Any suggestions on how to accomplish this? thanks, Kim :-)
Re: Does anyone have an approach to checking if Tomcat instance is UP?
Dan, True enough, except then those queries would get held as a user session, and we don't want that -- which is why we have a 'skinny' health.jsp that checks our app -- and 'should' crash if there are any issues with tomcat or the application -- but in this case, the main pages were getting out of memory exceptions, but the skinny health.jsp was running just fine... which it shouldn't be if there are failures in either Tomcat or the App. We're using Application Monitor to monitor the app and tomcat JVM instances as well as the health.jsp response. But for the load balancer, which only uses health.jsp, that's what needs to pick up the problem and report accordingly so the load balancer will take that server out of the load balanced cluster. Kim :-) On 8/20/07, Dan Armbrust [EMAIL PROTECTED] wrote: A simple cron job that points to a URL using lynx, and greps the output for what it should see will do the trick... Dan On 8/20/07, Kim Albee [EMAIL PROTECTED] wrote: Hello -- We have a load balanced situation, and we have a JSP that runs and checks our application to ensure it's up and returns a string that the monitor app is looking for if all is well. Repeatedly, that JSP will work, but the site is down because Tomcat hit an OutOfMemory exception -- but our JSP (which is very small) still runs through it's process and returns that everything is happy. Our application is up, but the 500 error is an OutOFMemory exception. We need a fool-proof way of knowing that the site is up or not, specifically so the load balancer will know to stop routing traffic to a server when it's down, and we can have people taking a look at what happened and bring the server back online without loss of service from a user perspective. Any suggestions on how to accomplish this? thanks, Kim :-) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does anyone have an approach to checking if Tomcat instance is UP?
Tracy, The JSP does a call to a method in our app -- which if it runs, that means the app is up and available -- the method does a simple query against the DB and then returns a status of OK if the method runs through just fine. In our example from this weekend -- the health.jsp (which is the one that does this check) ran and returned a good result, but the main index.jspreturned the 500 error with the OutOfMemory exception. So that is what is confusing here. thanks, Kim :-) On 8/20/07, Nelson, Tracy M. [EMAIL PROTECTED] wrote: How is your JSP checking your application? Are you issuing a request to your app and checking the HTTP status? If so, why isn't it recognizing the 500? Or is the JSP in your application which is failing? | -Original Message- | From: Kim Albee [mailto:[EMAIL PROTECTED] | Sent: Monday, 20 August, 2007 09:48 | | Repeatedly, that JSP will work, but the site is down because Tomcat hit an | OutOfMemory exception -- but our JSP (which is very small) still runs | through it's process and returns that everything is happy. Our | application | is up, but the 500 error is an OutOFMemory exception. - The information contained in this message is confidential proprietary property of Nelnet, Inc. and its affiliated companies (Nelnet) and is intended for the recipient only. Any reproduction, forwarding, or copying without the express permission of Nelnet is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to this e-mail. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
LDAP authentication
Hi,
I'm getting started with Tomcat's Realm authentication with LDAP. I've
performed the following steps to authenticate users in my web application :
- put ldap.jar in $TOMCAT_HOME/common/lib
- modified $TOMCAT_HOME/conf/server.xml as follows :
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://my_url:389;
userPattern=uid={0},ou=People,o=company
roleBase=ou=People,o=company
roleName=cn
roleSearch=(uniqueMember={0})
/
I've put this Realm configuration within the Host element
- modified the web.xml of my web application to point it to the url.
Then when I try to authenticate I get a 403 error, so it seems like
authentication is ok but I don't have authorization for accessing the
ressources.
Maybe the problem is because of the roles ? Because I couldn't see the
roles on the LDAP server with a LDAP browser, although authentication on
it the browser successful, as well as the queries.
Is there a possibility to authenticate with no roles (I'm not sure what
to put within the role-name in web.xml, is this element mandatory?) ?
Or how can we see the roles in the LDAP browser ?
Note : I'm using Tomcat 5.5.17 and OpenLDAP server.
Did I miss something in my process ?
Any hints or suggestions are welcome.
Thanks.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Importing an existing SSL cert into a newer JDK version
Hello all, I need to upgrade my JDK to a newer version but I have imported a SSL cert on the current JDK version. Does anyone know how to import an existing SSL cert into a newer JDK version? Thanks Will _ i'm making a difference. Make every IM count for the cause of your choice. Join Now. http://clk.atdmt.com/MSN/go/msnnkwme008001msn/direct/01/?href=http://im.live.com/messenger/im/home/?source=hmtagline ---BeginMessage--- Return-Path: <[EMAIL PROTECTED]> Received: (qmail 94051 invoked by uid 99); 19 Mar 2007 00:17:34 - Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Mar 2007 17:17:34 -0700 X-ASF-Spam-Status: No, hits=2.0 required=10.0 tests=HTML_MESSAGE,MIME_HTML_ONLY,MSGID_FROM_MTA_HEADER,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of [EMAIL PROTECTED] designates 65.54.246.110 as permitted sender) Received: from [65.54.246.110] (HELO bay0-omc1-s38.bay0.hotmail.com) (65.54.246.110) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 18 Mar 2007 17:17:25 -0700 Received: from hotmail.com ([65.54.175.37]) by bay0-omc1-s38.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Sun, 18 Mar 2007 17:17:04 -0700 Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Sun, 18 Mar 2007 17:17:04 -0700 Message-ID: <[EMAIL PROTECTED]> Received: from 65.54.175.200 by by104fd.bay104.hotmail.msn.com with HTTP; Mon, 19 Mar 2007 00:17:03 GMT X-Originating-IP: [208.100.204.200] X-Originating-Email: [EMAIL PROTECTED] X-Sender: [EMAIL PROTECTED] From: "Will & Kim Holmes" <[EMAIL PROTECTED]> To: users@tomcat.apache.org Subject: Importing an existing SSL cert into a new version of JDK Date: Sun, 18 Mar 2007 20:17:03 -0400 Mime-Version: 1.0 Content-Type: text/html; format=flowed X-OriginalArrivalTime: 19 Mar 2007 00:17:04.0657 (UTC) FILETIME=[EC3D0010:01C769BB] X-Virus-Checked: Checked by ClamAV on apache.org Hello all, I need to upgrademy JDK to a newer version but I have imported a SSL cert on the current version of JDK.Does anyone know how to import an existing SSL cert into athe new version of JDK? Thanks Will i'm making a difference. Make every IM count for the cause of your choice. Join Now. ---End Message--- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DST Issue
Hello all, Just wondered if anyone has had any problems with the DST change and Tomcat. We are running JDK version 1.4.2.10 and Tomcat version 5.0.28. I ran Sun's tzupdater DST tool, on our test and production servers, and verified that it worked. Our production server is one hour off. I manually removed the DST change and re-ran the tzupdater tool but that didn't make any difference. The weird thing is that our test server app has the correct time running the same version of Tomcat and JDK. If you have any ideas please let me know. P.S. We are running Windows server 2003 and the DST patch was applied to both servers. Thanks in advance! Will _ Watch free concerts with Pink, Rod Stewart, Oasis and more. Visit MSN Presents today. http://music.msn.com/presents?icid=ncmsnpresentstaglineocid=T002MSN03A07001 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Issue with Changing sessionid values -- please help...
Chris, Thanks for the thinking -- I'm aware of the client IP issues with AOL, and we checked that, but it appears that the IP is staying consistent for our testing -- but our sessionid still gets changed... We are not doing URL rewriting with sessionid, it's saving as a cookie... and we can see the cookie too on the user machine we tested with. Not sure how the sessionid is determined ... by Tomcat or Apache -- we have multiple servers and session sharing occurring with Tomcat, so we are appending the server ID (worker.id) to the sessionid variable, which Tomcat manaages, but I'm not sure how Apache and/or Tomcat determine the sessionid... do you know how that happens? thanks, Kim :-) On 1/10/07, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kim, Kim Albee wrote: Client Config: AOL Version 9 web browser. How are you managing sessions? Is the container doing it for you, or are you doing them yourself? Cookies or URL rewriting? Is the server and/or session configuration sensitive to the remote (client) IP address? I notice you are using AOL, which plays games with the remote (client) IP address, so if you are requiring the IP address of the user to stay the same, it's not going to work for AOL users. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpWtn9CaO5/Lv0PARAkF5AJ47hQ9Q19JpEY2nxHwTFzw/DCVA7gCghYzf HbZlVI6Q0H7QHq/RKHEOQTE= =jsKf -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Issue with Changing sessionid values -- please help...
Server Configuration: Linux Fedora Core 3, Apache 2.0, Tomcat 5.0.30 session sharing and load balanced (with session persistence on a server) across two servers (not using tomcat / JK load balancing). Client Config: AOL Version 9 web browser. When users come in to the site and login, then move to a subdirectory at the site, they appear there with a new Sessionid value, and so they lose their logged in status, and have to login again. it occurs over and over, and users are not able to stay logged in to the site. Question: Why is this happening? Is there a way to fix it? Thanks -- any help or suggestions would be much appreciated. Kim :-)
Re: Question with the Apache/Tomcat interface...
Here's what we figured out the issue was, after MUCH research... I'm providing it into the mailing list in case others have issues with Apache and Tomcat connection getting the error: Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=p2 failed errno = 13 As it turns out errno=13 is a permissions error. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161049 was found to be the issue. This could have been induced by an update that was put into effect when the server lost power and rebooted. To resolve, I disabled selinux. Details below: Modified /etc/selinix/config to: SELINUX=permissive From SELINUX=enforced Executed /usr/sbin/setenforce 0 to put this into effect immediately. It will persist across reboots. Thanks for the responses... Kim :-) On 10/27/06, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Kim Albee [mailto:[EMAIL PROTECTED] ] Subject: Re: Question with the Apache/Tomcat interface... Can you connect to the ip and port specified with p2 from your apache machine with telnet? e have telnet disabled on the server, as it is not secure. That's not what he was asking. Can a telnet client on some other machine connect to the IP address and port your've specified? This doesn't require a telnet server on the target system, it just verifies that something is listening for connection requests on that IP/port combination. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question with the Apache/Tomcat interface...
Rainer, What is your platform and what is errno 13 on your platform? ###how would I find out? our platform is Fedora Core 3 for this server. Can you confirm, that tomcat listens on the port your worker p2 is configured for (using netstat -n or a similar tool)? ###when I run netstat, it provides a bunch of results that I'm not sure how to interpret... do you know what I would look for here? Can you connect to the ip and port specified with p2 from your apache machine with telnet? ###we have telnet disabled on the server, as it is not secure. the two processes are running on the same server (apache and tomcat). thanks, Kim :-)
Question with the Apache/Tomcat interface...
We are running Tomcat 5.0.30 and Apache 1.2 using mod_jk, with workers.properties. It's been working just fine, no problems. But our ISP had a power outage, that forced a reboot on the servers. And now, one of the servers Apache/Tomcat link appears to not work, so that server is still offline. Again, we had no config changes, only a reboot forced on the server. The error I get in the logs is: Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=p2 failed errno = 13 But tomcat is starting up per our script as always -- again, nothing has changed... it just seems very wierd. we stop it, stop our app, start our app, and start tomcat -- we get no errors from teh tomcat startup... we have also tried stopping and restarting apache -- nothing seems to get past this issue -- again -- used to work perfectly, and we have made zero config changes. HAs anyone run into this occurring? thanks, Kim :-)
Issue with specifying Session timeout value
Hello -- I set the web.xml to specify a 45 minute time out... but sessions are still timing out at 30 minutes... We are using tomcat 5.0.30, and have tomcat clustering between two servers. The entry that I placed in the web.xml file is: web-app session-config session-timeout45/session-timeout /session-config /web-app Does anyone see anything else that needs to be done, or was this done incorrectly? We have this set for both servers in the web.xml file. But it doesn't appear to be working. thanks, Kim :-)
Re: Issue with specifying Session timeout value
thanks! i think that was it. Kim :-) On 10/11/06, Gregor Schneider [EMAIL PROTECTED] wrote: Hi Kim, You can specify session-timeout either in the deplyment-descriptor of your web-app (web.xml) or in the web.xml of Tomcat itself, which is located at tomcat/conf/web.xml I bet my bottom penny that in there you'll find an entry like session-config session-timeout30/session-timeout /session-config If you want to have the same session-timeout for all your web-apps, specify it here and remove it from your deployment-descriptors. If different web-apps should timeout differently, remove it from conf/web.xml and specify it in your deployment-descriptors only. Cheers Greg -- what's puzzlin' you, is the nature of my game
NEED HELP: WARNING: Internal error flushing the buffer in release()
We are receiving this error in the catalina.out logs. here's the full log message: Aug 24, 2006 4:09:15 PM org.apache.jasper.runtime.PageContextImpl release WARNING: Internal error flushing the buffer in release() We get this error repeatedly. We are running Tomcat 5.0.30. Is there a way to correct this? It doesn't appear to affect the functioning of the site, but these messages fill the logfiles, and it would be great to resolve it if possible. thanks, Kim :-)
Re: Session hijacking with Tomcat/Myfaces - unable to fix it
It's a fundamentally bad security scheme to use the session-ID as the identifier for your users. Might be straight forward, but architecturally a bad choice if you *really* want a secure area. Kim :-) On 8/9/06, Tomas Hulek [EMAIL PROTECTED] wrote: The default Tomcat installation is prone to session hijacking. I would appreciate help how to fix it. The problem is that the session-id generated under HTTP (eg. for any JSF page) is caried over to authenticated confidential pages under HTTPS. Thus the session ID can be easily sniffed under HTTP, then misused after user logs-in under HTTPS. I believe it can be considered as a serious security bug. Scenario: 1) Tomcat and JSF, using Apache MyFaces. 2) A single application (context), using JSF pages 3) Some pages are public, and Faces servlet requests session ID on the first hit 4) Some pages are only accessible under HTTPS after authetication, as defined in web.xml: security-constraint web-resource-collection web-resource-nameSecret part/web-resource-name url-pattern/secret/*/url-pattern /web-resource-collection auth-constraint role-namesecret_role/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint 5) Form-based authentication is used for the login (again, defined in web.xml). 6) The user goes to the public part of the aplication, gets a session ID (under HTTP) 7) The user goes to a confidential URL, logging-in successfully. The same session ID is retained!!! 8) Anyone who knows the session ID generated in step 6 can reach the confidential URL. We have not found any straightforward way of making Tomcat regenerate the session ID once user swichtes to HTTPS. We tried many approaches, and all of them break some part of the JSF application. Thank you for your help, Tomas Hulek - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache not talking to tomcat w/ mod_jk
probably something you've made sure to do, but are you loading mod_jk.so in the httpd.conf? Kim :-) On 7/26/06, Ian Caswell [EMAIL PROTECTED] wrote: I'm an OS guy, so applications are new to me. Any help is appreciated. I'm trying to integrate apache and tomcat w/ mod_jk. Regular html pages show up fine, but jsp pages do not. I don't think apache is talking to tomcat like it should. I'm not sure where the problem lies; netstat -an shows tomcat listening on 8009, but apache isn't connected. Can anyone help me find my issue? Firewall is disabled, and /etc/hosts.allow and .deny are empty. My hunch is an incorrect config file. Note: my real hostname/domain has been replaced by myhost.mydomain to provide security and not confuse where i have localhost.localdomain in the configs. I've looked at following logs, but not found anything suspicious. /opt/tomcat/logs/* /etc/httpd/logs/* /home/tomcat/myhost.mydomain/broomfield/logs/* (irrelevant ports removed) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 :::127.0.0.1:8005 :::*LISTEN tcp 0 0 :::8009 :::*LISTEN tcp 0 0 :::80 :::*LISTEN Setup: RHAS 4 apache 2.0.52-22 (redhat rpm) ibm-java2-i386-sdk-5.0-2.0 (ibm rpm) tomcat 5.5.17 (built from src) mod_jk 1.2.15 (built from src) [EMAIL PROTECTED] conf]# cat /opt/tomcat/conf/server.xml Server port=8005 shutdown=5a7cf4f5bbd68235250d76adf2b836f7 GlobalNamingResources !-- Used by Manager webapp -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase / Host name=localhost appBase=/home/tomcat/webapps / /Engine /Service /Server [EMAIL PROTECTED] conf]# cat /etc/httpd/conf.d/mod_jk.conf JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /etc/httpd/logs/mod_jk.log JkLogLevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] [EMAIL PROTECTED] conf]# cat /etc/httpd/conf/workers.properties # workers.properties - ajp13 workers.tomcat_home=/opt/tomcat workers.java_home=/opt/ibm/java2-i386-50 ps=/ # # List workers worker.list=wrkr # # Define wrkr worker.wrkr.port=8009 worker.wrkr.host=127.0.0.1 worker.wrkr.type=ajp13 worker.wrkr.cachesize=10 worker.wrkr.cache_timeout=600 worker.wrkr.socket_timeout=300 [EMAIL PROTECTED] conf]# cat /etc/hosts 127.0.0.1 localhost.localdomain localhost 192.168.1.10myhost.mydomain myhost ##Relevant entries from /etc/httpd/conf/httpd.conf LoadModule jk_module modules/mod_jk.so Include conf.d/*.conf NameVirtualHost 192.168.1.10:80 VirtualHost 192.168.1.10:80 ServerAdmin [EMAIL PROTECTED] ServerName myhost.mydomain DocumentRoot /home/tomcat/webapps/myhost.mydomain/broomfield ErrorLog /home/tomcat/webapps/myhost.mydomain/logs/error_log CustomLog /home/tomcat/webapps/myhost.mydomain/logs/access_log common JkMount /*.jsp wrkr JkMount /servlet/* wrkr # Deny direct access to WEB-INF LocationMatch .*WEB-INF.* AllowOverride None deny from all /LocationMatch /VirtualHost __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache not talking to tomcat w/ mod_jk
have you looked in the mod_jk.log? is it getting created, and is it saying anything? you can set the debug level to 4 in the workers.properties file and then see what it's saying about connecting to tomcat. Kim :-) On 7/26/06, Ian Caswell [EMAIL PROTECTED] wrote: It's in httpd.conf, and i don't see any errors in the httpd logs about it, but i don't know how to verify it's loaded. Is there a way for apache to show loaded modules? --- Kim Albee [EMAIL PROTECTED] wrote: probably something you've made sure to do, but are you loading mod_jk.so in the httpd.conf? Kim :-) On 7/26/06, Ian Caswell [EMAIL PROTECTED] wrote: ##Relevant entries from /etc/httpd/conf/httpd.conf LoadModule jk_module modules/mod_jk.so Include conf.d/*.conf __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Crashing -- how do I read the resulting hs_err_pid11598.log?
Darryl, Yes I have the PID error file -- I just need to know how to read it. What was put into the catalina.out file is what I included in the original post -- I do have the PID error files also. Do you know how I would read them? Thanks, Kim :-) On 7/20/06, Darryl Miles [EMAIL PROTECTED] wrote: Kim Albee wrote: The box has 4GB of RAM on it, and has experienced a memory failure. We tested the physical RAM on the server, and it failed 2 extended memory tests, so we replaced the RAM. We also saw that the swap space was only at 1.5GB, so we upped that to 6.5 GB. For most real-time client serving applications using any swap space to service any part of those requests is counter productive. It only makes sense if you are using the swap as some form of data backing store, but then you have to ask why not just leave it in a file anyway. The most natural backing store. so my question is: how do I read/interpret the hs_err_pid11598.log file so I can figure out what is happening here? First have you found the file ? Its usualy in the current working directory of the JVM. find / -name hs_err_pid11598.log 2/dev/null Darryl - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Crashing -- how do I read the resulting hs_err_pid11598.log?
Martin -- How do I tell when the memory allocation happens? what do I look for in the logfiles? I sent the output that was put into the catalina.out file with the original post -- there is nothing prior to that as far as errors in processing in the catalina.out file. thanks, Kim :-) On 7/20/06, Martin Gainty [EMAIL PROTECTED] wrote: Good Morning Darryl- make certain your HW is rock solid then I would inquire When does the memory allocation happen (e.g. at Tomcat startup. at webapp init, when processing big and bulky PDF's) check the logs at $TOMCAT_HOME/logs If its tomcat crashing (misconfigured server.xml or JVM bug check jakarta_service_MMDD.log) If its a genuine error (thrown to stderr) look at stderr_MMDD.log If its webapp specific check the stdout_MMDD.log AND/OR catalina.out M- * This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Darryl Miles [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, July 20, 2006 7:31 AM Subject: Re: Tomcat Crashing -- how do I read the resulting hs_err_pid11598.log? Kim Albee wrote: The box has 4GB of RAM on it, and has experienced a memory failure. We tested the physical RAM on the server, and it failed 2 extended memory tests, so we replaced the RAM. We also saw that the swap space was only at 1.5GB, so we upped that to 6.5 GB. For most real-time client serving applications using any swap space to service any part of those requests is counter productive. It only makes sense if you are using the swap as some form of data backing store, but then you have to ask why not just leave it in a file anyway. The most natural backing store. so my question is: how do I read/interpret the hs_err_pid11598.log file so I can figure out what is happening here? First have you found the file ? Its usualy in the current working directory of the JVM. find / -name hs_err_pid11598.log 2/dev/null Darryl - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Crashing -- how do I read the resulting hs_err_pid11598.log?
OS = Fedora Core 3 Linux with all updates from yum. Java version = 1.5.0_03 Tomcat version 5.0.30 ok -- here is the jvm.cfg: # # @(#)jvm.cfg 1.8 04/02/02 # # Copyright 2003 Sun Microsystems, Inc. All rights reserved. # SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. # # # # # List of JVMs that can be used as an option to java, javac, etc. # Order is important -- first in this list is the default JVM. # NOTE that this both this file and its format are UNSUPPORTED and # WILL GO AWAY in a future release. # # You may also select a JVM in an arbitrary location with the # -XXaltjvm=jvm_dir option, but that too is unsupported # and may not be available in a future release. # -client IF_SERVER_CLASS -server -server KNOWN -hotspot ALIASED_TO -client -classic WARN -native ERROR -green ERROR On 7/21/06, Martin Gainty [EMAIL PROTECTED] wrote: the hs_err_pid*.log is reminiscent of the Command and Control buttons on the bridge of the Starship Enterprise In other words you cant tell what the different colored buttons mean unless you read the 1000 page manual beforehand (or in our case can talk to James Gosling!) so here goes.. siginfo: ExceptionCode=0xc005, reading address 0x0004 Registers: /*Generally the AX always has the returned code from the last operation*/ EAX=0x, EBX=0x0764d168, ECX=0x07e04f1c, EDX=0x0849f7cc ESP=0x0849f7d4, EBP=0x0849f838, ESI=0x07e04f1c, EDI=0x EIP=0x6d0e75d9, EFLAGS=0x00010246 /*If you have a bright map showing all the locations of the variables and their respective memory locations you could map the memory to the variable*/ Top of Stack: (sp=0x0849f7d4) 0x0849f7d4: 0764d168 07e04f1c 6d0c7a0d 0x0849f7e4: 20ae4238 20ae4238 07e04e60 0764d168 0x0849f7f4: 0200 008d00a2 0145381a 0x0849f804: 00a2 008d 2386fce0 0x0849f814: 04de5d15 23870238 23870390 0x0849f824: 04d98d4a 0849f7e4 0849fb64 6d0f2eb8 0x0849f834: 0849f850 04e00192 01f7 0x0849f844: 0849f85c 0849f858 2386fc70 0849f878 /*The last address of the last executed operation...*/ Instructions: (pc=0x6d0e75d9) 0x6d0e75c9: 56 8b 0e ff 51 68 85 c0 7d 06 5f 33 c0 5e 59 c3 0x6d0e75d9: 8b 47 04 85 c0 74 15 8b 0d a8 fa 12 6d 8b 16 51 /*Most important is sp which is Stack Pointer*/ Stack: [0x083a,0x084a), sp=0x0849f7d4, free space=1021k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) /*The topmost module indicates the offending Library..I would check that (awt.dll) version correct AND corresponds with java -version */ C [awt.dll+0xe75d9] J sun.awt.windows.WComponentPeer.nativeHandleEvent(Ljava/awt/AWTEvent;)V J sun.awt.windows.WComponentPeer.handleEvent(Ljava/awt/AWTEvent;)V J java.awt.Component.dispatchEventImpl(Ljava/awt/AWTEvent;)V J java.awt.Container.dispatchEventImpl(Ljava/awt/AWTEvent;)V J java.awt.EventQueue.dispatchEvent(Ljava/awt/AWTEvent;)V J java.awt.EventDispatchThread.pumpOneEventForHierarchy (ILjava/awt/Component;)Z J java.awt.EventDispatchThread.pumpEventsForHierarchy (ILjava/awt/Conditional;Ljava/awt/Component;)V v ~RuntimeStub::alignment_frame_return Runtime1 stub j java.awt.EventDispatchThread.pumpEvents(ILjava/awt/Conditional;)V+4 j java.awt.EventDispatchThread.pumpEvents(Ljava/awt/Conditional;)V+3 j java.awt.EventDispatchThread.run()V+9 v ~StubRoutines::call_stub V [jvm.dll+0x8176e] V [jvm.dll+0xd481d] V [jvm.dll+0x8163f] V [jvm.dll+0x8139c] V [jvm.dll+0x9c05c] V [jvm.dll+0xfeece] V [jvm.dll+0xfee9c] C [msvcrt.dll+0x27fb8] /*muck with this at your own peril!*/ C [kernel32.dll+0x1d28e] Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) /*Looks as if a component listener was attempting to handle a native(meaning an OS call) event ..*/ /*That 0x0004 looks suspiciously low..(usually low memory is reserved for System only calls)*/ J sun.awt.windows.WComponentPeer.nativeHandleEvent(Ljava/awt/AWTEvent;)siginfo: ExceptionCode=0xc005, reading address 0x0004 Most of these errors are resolved by clean install on other words version 1.0 Blah works with version 1.0 BlahBlah but Version 1.1 Blah doesnt work with Version 1.0 BlahBlah As you can imagine debugging these scenarios can get very hairy in a hurry so the more information the better..that said can we see your jvm.cfg ??? what version OS are you running? what version Java? what version Tomcat? M- * This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Kim Albee [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org; Martin Gainty [EMAIL PROTECTED] Sent: Friday, July 21, 2006 11:09 AM Subject: Re: Tomcat Crashing -- how
Re: Tomcat Crashing -- how do I read the resulting hs_err_pid11598.log?
Martin, That's all interesting, but we're not running Fedora Core 4 -- we are running Fedora Core 3. Secondly, I've got this identical environment running in production without incident. This environment on this server used to run without incident until we had to replace the memory, and now it crashes -- same config I've got running fine in other places -- which is why I'm trying to figure out what's different. What I know is different is that this server has 4GB of RAM when all of our other servers have 2GB of RAM, so that is a difference. Otherwise, they run the same J2sdk1.5.0_03, all run Tomcat 5.0.30, and all run the same version of our application. That's why I was hoping to gain some insight from the PID file that got thrown to see what might be causing the issues -- do you have any suggestions on how to debug this environment to get at the root cause here? thanks, Kim :-) On 7/21/06, Martin Gainty [EMAIL PROTECTED] wrote: Kim- Did you see this catch this bit of legalese in tiny print Fedora Core 4 users are advised not to use the Java RPM provided by Sun. It contains Provides that conflict with names used in packages provided as part of Fedora Core 4. Because of this, Sun Java might disappear from an installed system during package upgrade operations. Fedora Core 4 users should use either the RPM from jpackage.org or manually install the Sun Java tarball into /opt. Sun Java 1.5+ is recommended for stability purposes. And also this These packages have been modified in Fedora to remove proprietary software dependencies and to make use of GCJ's ahead-of-time compilation feature Apparently there exists some 'dependency' not only on package naming but another depdenency on their ahead-of-time compiler.. Play it safe download from http://www.city-fan.org/tips/JpackageJava and install the JVM from there.. HTH, Martin -- * This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Kim Albee [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org; Martin Gainty [EMAIL PROTECTED] Sent: Friday, July 21, 2006 5:17 PM Subject: Re: Tomcat Crashing -- how do I read the resulting hs_err_pid11598.log? OS = Fedora Core 3 Linux with all updates from yum. Java version = 1.5.0_03 Tomcat version 5.0.30 ok -- here is the jvm.cfg: # # @(#)jvm.cfg 1.8 04/02/02 # # Copyright 2003 Sun Microsystems, Inc. All rights reserved. # SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. # # # # # List of JVMs that can be used as an option to java, javac, etc. # Order is important -- first in this list is the default JVM. # NOTE that this both this file and its format are UNSUPPORTED and # WILL GO AWAY in a future release. # # You may also select a JVM in an arbitrary location with the # -XXaltjvm=jvm_dir option, but that too is unsupported # and may not be available in a future release. # -client IF_SERVER_CLASS -server -server KNOWN -hotspot ALIASED_TO -client -classic WARN -native ERROR -green ERROR On 7/21/06, Martin Gainty [EMAIL PROTECTED] wrote: the hs_err_pid*.log is reminiscent of the Command and Control buttons on the bridge of the Starship Enterprise In other words you cant tell what the different colored buttons mean unless you read the 1000 page manual beforehand (or in our case can talk to James Gosling!) so here goes.. siginfo: ExceptionCode=0xc005, reading address 0x0004 Registers: /*Generally the AX always has the returned code from the last operation*/ EAX=0x, EBX=0x0764d168, ECX=0x07e04f1c, EDX=0x0849f7cc ESP=0x0849f7d4, EBP=0x0849f838, ESI=0x07e04f1c, EDI=0x EIP=0x6d0e75d9, EFLAGS=0x00010246 /*If you have a bright map showing all the locations of the variables and their respective memory locations you could map the memory to the variable*/ Top of Stack: (sp=0x0849f7d4) 0x0849f7d4: 0764d168 07e04f1c 6d0c7a0d 0x0849f7e4: 20ae4238 20ae4238 07e04e60 0764d168 0x0849f7f4: 0200 008d00a2 0145381a 0x0849f804: 00a2 008d 2386fce0 0x0849f814: 04de5d15 23870238 23870390 0x0849f824: 04d98d4a 0849f7e4 0849fb64 6d0f2eb8 0x0849f834: 0849f850 04e00192 01f7 0x0849f844: 0849f85c 0849f858 2386fc70 0849f878 /*The last address of the last executed operation...*/ Instructions: (pc=0x6d0e75d9) 0x6d0e75c9: 56 8b 0e ff 51 68 85 c0 7d 06 5f 33 c0 5e 59 c3 0x6d0e75d9: 8b 47 04 85 c0 74 15 8b 0d a8 fa 12 6d 8b 16 51 /*Most important is sp which is Stack Pointer*/ Stack: [0x083a,0x084a), sp=0x0849f7d4, free space=1021k Native frames: (J=compiled Java code, j
Tomcat Crashing -- how do I read the resulting hs_err_pid11598.log?
I'm running Fedora Core 3, Tomcat 5.0.30, in a two server environment, where we have an F5 load balancer and are doing session sharing at the Tomcat level. The box has 4GB of RAM on it, and has experienced a memory failure. We tested the physical RAM on the server, and it failed 2 extended memory tests, so we replaced the RAM. We also saw that the swap space was only at 1.5GB, so we upped that to 6.5 GB. Prior to this issue with memory, Tomcat ran just fine without error. Now, Tomcat runs for about 30-45 minutes and crashes. The catalina.out file has this: # # An unexpected error has been detected by HotSpot Virtual Machine: # # SIGSEGV (0xb) at pc=0xb79d032a, pid=11598, tid=1886555056 # # Java VM: Java HotSpot(TM) Server VM (1.5.0_03-b07 mixed mode) # Problematic frame: # V [libjvm.so+0x3b532a] # # An error report file with more information is saved as hs_err_pid11598.log # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # so my question is: how do I read/interpret the hs_err_pid11598.log file so I can figure out what is happening here? thanks, Kim :-)
Re: JDBC Realm for several webapp
Hi... you might want to look at SecurityFilters. This make it possible for
each webapp to be given unique realm security, basically the concept is a
webapp containing its own security configuration so that you can deploy your
webapp without additional setup from the appservers.
Hope this helps...
Brian
On 7/4/06, Hassan Schroeder [EMAIL PROTECTED] wrote:
On 7/2/06, Stanislav Komlenac [EMAIL PROTECTED] wrote:
Citiram Stanislav Komlenac [EMAIL PROTECTED]:
I want to have 2 web applications on my web server. Idea si to
makde JDBC Realm unique for each web application.
problem is that i dont understand what should i have in this
{context}.xml files and what should i have in server.xml :-( a
nd where should i put this {context}.xml file?
Where are you defining your contexts now??
--
Hassan Schroeder [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
downloaded JK binaries for Linux - which to use? workers or prefork?
I need some help -- I'm downloading the JK binaries to get my tomcat installation working with Apache, and when I go to download the jk binaries for linux/apache, I see the two files: jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64-prefork.so jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64-worker.so I'm assuming that i change the names of one of these to mod_jk.so and place it into the libexec directory for apache, but which one do I use? what's the difference? the Installation and FAQs don't appear to address this... thanks, Kim :-)
Re: downloaded JK binaries for Linux - which to use? workers or prefork?
yes -- but what is the difference? i'm running Fedora Core 3 on a single processor Linux box, running Apache 2.x what does prefork mean? vs. worker? thanks, Kim :-) On 6/14/06, David Rees [EMAIL PROTECTED] wrote: On 6/14/06, Kim Albee [EMAIL PROTECTED] wrote: I need some help -- I'm downloading the JK binaries to get my tomcat installation working with Apache, and when I go to download the jk binaries for linux/apache, I see the two files: jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64-prefork.so jakarta-tomcat-connectors-jk-1.2.14-linux-sles9-x86_64-worker.so I'm assuming that i change the names of one of these to mod_jk.so and place it into the libexec directory for apache, but which one do I use? what's the difference? the Installation and FAQs don't appear to address this... The name depends on which MPM your Apache is compiled with. Most likely it's the prefork MPM as that is default, but could be the worker MPM. -Dave - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Way to debug ports Tomcat is listening on?
This server's Apache/Tomcat connector used to work just fine. Now it has stopped working and I get this error... I haven't changed anything in the config, but am wondering how I troubleshoot/debug this issue. I continually get this error: [jk_ajp_common.c (720)]: Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong host/port (192.168.0.101:8009). Failed errno = 13 My server.xml file is configured as: Server port=8005 shutdown=SHUTDOWN debug=0 Service name=Catalina Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS / Connector port=8009 enableLookups=false redirectPort=8443 debug=4 protocol=AJP/1.3 / Engine jvmRoute=p1 name=Catalina defaultHost=localhost debug=4 Host name=localhost debug=4 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service /Server My workers.properties file has the following: worker.p1.port=8009 worker.p1.host=w1 worker.p1.type=ajp13 worker.p1.info=Ajp13 forwarding worker.p1.debug=0 worker.p1.tomcatId=p1 And my VirtualHost setting has the JkMount / p1 and JkMount /* p1 My /etc/hosts file has entries for w1 that point to the local private address, as follows: 192.168.0.101 w1 localhost How do I debug this and get it back working? Thanks, Kim :-) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Detect expired server certificate
Thanks Bill, 1. My client doesn't throw an exception if the client and server's cert is identical and both are expired. If only one of them is expired, it thorws exception. I want to detect the expired situation even if both side are expired. 2. WebLogic detects expired cert. So, it means JSSE doesn't do this but does WebLogic have its own code to detect this? Thanks, On 2/22/06, Bill Barker [EMAIL PROTECTED] wrote: Jihwan Kim [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I have this in my server.xml Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=true sslProtocol=TLS keystoreFile=c:/j2sdk1.4.2_09/jre/lib/security/cacerts keystorePass= / cacerts is a self signed certificate. Whewn the certificate is expired, I would like to detect it and send a proper message to a client side user. This happens deep within JSSE, before normally any of your or Tomcat's code gets a chance to do anything. So, 1. how can I detect the expired cert from a Java application client. Unless you configure your own TrustManager, the client will throw an exception when you try to connect. 2. Can I detect the expired cert during the Tomcat startup? Strangely, JSSE doesn't do this. Of course, there is nothing stopping your app from reading the cert from the KeyStore and checking yourself ;-). Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Detect expired server certificate
BTW, we use the Apache Axis to make a connection between our client and server. On 2/23/06, Jihwan Kim [EMAIL PROTECTED] wrote: Thanks Bill, 1. My client doesn't throw an exception if the client and server's cert is identical and both are expired. If only one of them is expired, it thorws exception. I want to detect the expired situation even if both side are expired. 2. WebLogic detects expired cert. So, it means JSSE doesn't do this but does WebLogic have its own code to detect this? Thanks, On 2/22/06, Bill Barker [EMAIL PROTECTED] wrote: Jihwan Kim [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I have this in my server.xml Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=true sslProtocol=TLS keystoreFile=c:/j2sdk1.4.2_09/jre/lib/security/cacerts keystorePass= / cacerts is a self signed certificate. Whewn the certificate is expired, I would like to detect it and send a proper message to a client side user. This happens deep within JSSE, before normally any of your or Tomcat's code gets a chance to do anything. So, 1. how can I detect the expired cert from a Java application client. Unless you configure your own TrustManager, the client will throw an exception when you try to connect. 2. Can I detect the expired cert during the Tomcat startup? Strangely, JSSE doesn't do this. Of course, there is nothing stopping your app from reading the cert from the KeyStore and checking yourself ;-). Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: what is the command to find out whether or not Tomcat is installed on your server
I am not very familiar with Unix OS, Let us say, after i logged in to my unix account, what is the command i should use to find out whether or not TomCat is installed?? If on redhat/fedora core, rpm -qa|grep tomcat will tell you if there's anything that has tomcat in the name. (Since there are many names to tomcat packages) yum search tomcat will also tell you something. If it gets something for you, you can do rpm -ql the package name you got from rpm -qa... will give you the installed location. If you suspect it might be already running, you can also do lsof -i:8080 (you should be root.) links localhost:8080 or just open a browser to http://127.0.0.1:8080; grep tomcat /etc/passwd or do lsof -i | less netstat -an | less ntsysv and see if there are something that looks like tomcat and ask the list again with that. On other distros it can be different so if you tell us what uname -a gives, it will help. My 2 cents. Regards, Ben K. Developer http://benix.tamu.edu - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Image Scaling Code
On Fri, 13 Jan 2006, Wouter Boers wrote:
That was the old way to fix a bug in the JVM I believe. Anyways nowadays you
can pass the following option to the server when starting:
-Djava.awt.headless=true
This page seems to summarize it all ...
http://tomcat.apache.org/faq/unix.html
snip
How do I run without an X server and still get graphics?
You either need to run headless or run an alternate X-server. Some more
information can be found here , here , or here .
Or if your are using a JVM 1.4 or better, you can use the system property
java.awt.headless=true
/snip
That will prevent the errors mentioned below when you don't have a graphical
shell running on your system.
Regards, Wouter
-Original Message-
From: Ben Kim [mailto:[EMAIL PROTECTED]
Sent: Friday, January 13, 2006 7:54 AM
To: Tomcat Users List
Subject: Re: Image Scaling Code
This may or may not be the case with you.
I had a similar error (X11, DISPLAY) with an earlier version of tomcat
included in a 3rd party package, on linux.
After I installed Xvfb (x virtual frame buffer) server rpm, the error went
away. (http://www.xfree86.org/4.0.1/Xvfb.1.html) I think there was a clue in
the error log.
If you're on Fedora, you can just do yum install xorg-x11-Xvfb or do yum
search Xvfb. I don't think I had to run it actually.
Don't know if it will help you, but just in case.
Regards,
Ben Kim
Developer
http://benix.tamu.edu
On 1/12/06, Justin Jaynes [EMAIL PROTECTED] wrote:
Hello all,
I've written a java class to scale jpeg images. But I can't seem to
get it to work. Can anyone point me in the right direction?
Here is my code:
package com.everybuddystree;
import java.awt.*;
import java.awt.image.*;
import java.io.*;
import javax.imageio.*;
public class ImageScaler {
public ImageScaler() {
}
public boolean scaleImageByWidth(String fileName, int newWidth) {
File originalImage = new File(fileName);
try {
BufferedImage workingBufferedImage = ImageIO.read(originalImage);
int width = workingBufferedImage.getWidth();
int height = workingBufferedImage.getHeight();
Image workingImage = workingBufferedImage;
workingImage = (Image)workingImage.getScaledInstance(newWidth,-1,1);
BufferedImage finalImage = (BufferedImage)workingImage;
ImageIO.write(finalImage, jpg, originalImage);
return true;
} catch (IOException ex){
return false;
}
}
}
When I run the pass an image to the class using a jsp I get the
following errors from Tomcat:
HTTP Status 500 -
-
type Exception report
message
description The server encountered an internal error () that prevented
it from fulfilling this request.
exception
javax.servlet.ServletException: Can't connect to X11 window server
using ':0.0' as the value of the DISPLAY variable.
org.apache.jasper.runtime.PageContextImpl.doHandlePageException(
PageContextImpl.java:848)
org.apache.jasper.runtime.PageContextImpl.handlePageException(
PageContextImpl.java:781) org.apache.jsp.image_jsp._jspService(
org.apache.jsp.image_jsp:158)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.
java
:322)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
:314)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root
cause
java.lang.InternalError: Can't connect to X11 window server using ':0.0'
as the value of the DISPLAY variable.
sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
sun.awt.X11GraphicsEnvironment.access$000(X11GraphicsEnvironment.java
:53) sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java
:142) java.security.AccessController.doPrivileged(Native Method)
sun.awt.X11GraphicsEnvironment.clinit(X11GraphicsEnvironment.java:13
1) java.lang.Class.forName0(Native Method) java.lang.Class.forName(
Class.java:164)
java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(
GraphicsEnvironment.java:68)
sun.awt.X11.XToolkit.clinit(XToolkit.java
:96) java.lang.Class.forName0(Native Method)
java.lang.Class.forName(
Class.java:164) java.awt.Toolkit$2.run(Toolkit.java:821)
java.security.AccessController.doPrivileged(Native Method)
java.awt.Toolkit.getDefaultToolkit(Toolkit.java:804)
java.awt.Image.getScaledInstance(Image.java:158)
com.everybuddystree.ImageScaler.scaleImageByWidth(ImageScaler.java:21)
org.apache.jsp.image_jsp._jspService(org.apache.jsp.image_jsp:114)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.
java
:322)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
:314)
org.apache.jasper.servlet.JspServlet.service
Re: Image Scaling Code
This may or may not be the case with you.
I had a similar error (X11, DISPLAY) with an earlier version of tomcat
included in a 3rd party package, on linux.
After I installed Xvfb (x virtual frame buffer) server rpm, the error went
away. (http://www.xfree86.org/4.0.1/Xvfb.1.html) I think there was a clue
in the error log.
If you're on Fedora, you can just do yum install xorg-x11-Xvfb or do
yum search Xvfb. I don't think I had to run it actually.
Don't know if it will help you, but just in case.
Regards,
Ben Kim
Developer
http://benix.tamu.edu
On 1/12/06, Justin Jaynes [EMAIL PROTECTED] wrote:
Hello all,
I've written a java class to scale jpeg images. But I can't seem to get
it to work. Can anyone point me in the right direction?
Here is my code:
package com.everybuddystree;
import java.awt.*;
import java.awt.image.*;
import java.io.*;
import javax.imageio.*;
public class ImageScaler {
public ImageScaler() {
}
public boolean scaleImageByWidth(String fileName, int newWidth) {
File originalImage = new File(fileName);
try {
BufferedImage workingBufferedImage = ImageIO.read(originalImage);
int width = workingBufferedImage.getWidth();
int height = workingBufferedImage.getHeight();
Image workingImage = workingBufferedImage;
workingImage = (Image)workingImage.getScaledInstance(newWidth,-1,1);
BufferedImage finalImage = (BufferedImage)workingImage;
ImageIO.write(finalImage, jpg, originalImage);
return true;
} catch (IOException ex){
return false;
}
}
}
When I run the pass an image to the class using a jsp I get the
following errors from Tomcat:
HTTP Status 500 -
-
type Exception report
message
description The server encountered an internal error () that prevented it
from fulfilling this request.
exception
javax.servlet.ServletException: Can't connect to X11 window server using
':0.0' as the value of the DISPLAY variable.
org.apache.jasper.runtime.PageContextImpl.doHandlePageException(
PageContextImpl.java:848)
org.apache.jasper.runtime.PageContextImpl.handlePageException(
PageContextImpl.java:781) org.apache.jsp.image_jsp._jspService(
org.apache.jsp.image_jsp:158)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java
:322) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause
java.lang.InternalError: Can't connect to X11 window server using ':0.0'
as the value of the DISPLAY variable.
sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
sun.awt.X11GraphicsEnvironment.access$000(X11GraphicsEnvironment.java
:53) sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java
:142) java.security.AccessController.doPrivileged(Native Method)
sun.awt.X11GraphicsEnvironment.clinit(X11GraphicsEnvironment.java:131)
java.lang.Class.forName0(Native Method) java.lang.Class.forName(
Class.java:164) java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(
GraphicsEnvironment.java:68) sun.awt.X11.XToolkit.clinit(XToolkit.java
:96) java.lang.Class.forName0(Native Method) java.lang.Class.forName(
Class.java:164) java.awt.Toolkit$2.run(Toolkit.java:821)
java.security.AccessController.doPrivileged(Native Method)
java.awt.Toolkit.getDefaultToolkit(Toolkit.java:804)
java.awt.Image.getScaledInstance(Image.java:158)
com.everybuddystree.ImageScaler.scaleImageByWidth(ImageScaler.java:21)
org.apache.jsp.image_jsp._jspService(org.apache.jsp.image_jsp:114)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java
:322) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802) note The full
stack trace of the root cause is available in the Apache Tomcat/5.5.12 logs.
-
Apache Tomcat/5.5.12
-
Yahoo! Photos � Showcase holiday pictures in hardcover
Photo Books. You design it and we'll bind it!
--
You can lead a horse to water but you cannot make it float on its back.
~Dakota Jack~
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Image Scaling Code
Sorry, a correction to my post. I checked my server and found that Xvfb is
actually running on display 1.0. These are the processes.
Xvfb :1
bash -c export DISPLAY=:1.0; . /opt//tomcat.sh
I'll have to dig up for the details of tweaking, but googling of tomcat
xvfb turned up a few like this.
http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg159956.html
Regards,
Ben Kim
Developer
http://benix.tamu.edu
-- Forwarded message --
Date: Fri, 13 Jan 2006 00:53:34 -0600 (CST)
From: Ben Kim [EMAIL PROTECTED]
To: Tomcat Users List users@tomcat.apache.org
Subject: Re: Image Scaling Code
This may or may not be the case with you.
I had a similar error (X11, DISPLAY) with an earlier version of tomcat
included in a 3rd party package, on linux.
After I installed Xvfb (x virtual frame buffer) server rpm, the error went
away. (http://www.xfree86.org/4.0.1/Xvfb.1.html) I think there was a clue
in the error log.
If you're on Fedora, you can just do yum install xorg-x11-Xvfb or do
yum search Xvfb. I don't think I had to run it actually.
Don't know if it will help you, but just in case.
Regards,
Ben Kim
Developer
http://benix.tamu.edu
On 1/12/06, Justin Jaynes [EMAIL PROTECTED] wrote:
Hello all,
I've written a java class to scale jpeg images. But I can't seem to get
it to work. Can anyone point me in the right direction?
Here is my code:
package com.everybuddystree;
import java.awt.*;
import java.awt.image.*;
import java.io.*;
import javax.imageio.*;
public class ImageScaler {
public ImageScaler() {
}
public boolean scaleImageByWidth(String fileName, int newWidth) {
File originalImage = new File(fileName);
try {
BufferedImage workingBufferedImage = ImageIO.read(originalImage);
int width = workingBufferedImage.getWidth();
int height = workingBufferedImage.getHeight();
Image workingImage = workingBufferedImage;
workingImage = (Image)workingImage.getScaledInstance(newWidth,-1,1);
BufferedImage finalImage = (BufferedImage)workingImage;
ImageIO.write(finalImage, jpg, originalImage);
return true;
} catch (IOException ex){
return false;
}
}
}
When I run the pass an image to the class using a jsp I get the
following errors from Tomcat:
HTTP Status 500 -
-
type Exception report
message
description The server encountered an internal error () that prevented it
from fulfilling this request.
exception
javax.servlet.ServletException: Can't connect to X11 window server using
':0.0' as the value of the DISPLAY variable.
org.apache.jasper.runtime.PageContextImpl.doHandlePageException(
PageContextImpl.java:848)
org.apache.jasper.runtime.PageContextImpl.handlePageException(
PageContextImpl.java:781) org.apache.jsp.image_jsp._jspService(
org.apache.jsp.image_jsp:158)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java
:322) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause
java.lang.InternalError: Can't connect to X11 window server using ':0.0'
as the value of the DISPLAY variable.
sun.awt.X11GraphicsEnvironment.initDisplay(Native Method)
sun.awt.X11GraphicsEnvironment.access$000(X11GraphicsEnvironment.java
:53) sun.awt.X11GraphicsEnvironment$1.run(X11GraphicsEnvironment.java
:142) java.security.AccessController.doPrivileged(Native Method)
sun.awt.X11GraphicsEnvironment.clinit(X11GraphicsEnvironment.java:131)
java.lang.Class.forName0(Native Method) java.lang.Class.forName(
Class.java:164) java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment(
GraphicsEnvironment.java:68) sun.awt.X11.XToolkit.clinit(XToolkit.java
:96) java.lang.Class.forName0(Native Method) java.lang.Class.forName(
Class.java:164) java.awt.Toolkit$2.run(Toolkit.java:821)
java.security.AccessController.doPrivileged(Native Method)
java.awt.Toolkit.getDefaultToolkit(Toolkit.java:804)
java.awt.Image.getScaledInstance(Image.java:158)
com.everybuddystree.ImageScaler.scaleImageByWidth(ImageScaler.java:21)
org.apache.jsp.image_jsp._jspService(org.apache.jsp.image_jsp:114)
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java
:322) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java
:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802) note The full
stack trace of the root cause is available in the Apache Tomcat/5.5.12 logs.
-
Apache Tomcat/5.5.12
Can anyone give suggestions on Best practices for Farmwardeployer in a tomcat cluster??
I'm just new to HA environments, we were able to do Apache / Tomcat Load Balancing through AJP13. Though there were few concerns on fail overs and session information, so we tried clustering tomcat servers. Everything went well and working as of the moment, I know that clustering is just like playing with fire. Without extensive knowledge could be detrimental overtime. May I ask anybody who's implemented such architecture for a best practices guide for this with the utilization of Farmwardeployer. Small concern on farmwardeployer, if the farmwardeployer server went down and was started up again. It always reloads all the application on the watchedDir path to the entire cluster. Is this normal, or we can do something about this to avoid such delays. Thanks! -- Kim Brianne Go Customer Engineer GBBTech Systems Incorporated Raffles Corporate Center 9/F Emerald Avenue, Pasig City, Philippines Tel. No.: +63 2 9105411 to 16 loc. 104 Fax No.: +63 2 9105418 Cel No.: +63 917 8314366 Email: [EMAIL PROTECTED]
