Re: Fw: Problems with LDAP authentication
> André Warnier > 14.02.2012 16:00 > > Please respond to > "Tomcat Users List" > > To > > Tomcat Users List > > cc > > Subject > > Re: Fw: Problems with LDAP authentication > > Lev A KARATUN wrote: > > Good morning everyone! > > > > Well, I've got no idea what happened (providing nobody is configuring > > tomcat except me), but I've just opened catalina.out and have seen that > > the error message changed to > > "Exception opening directory server connection: javax > > .naming.CommunicationException: raiffeisen.ru:389 [Root exception is > > java.net.SocketTimeoutException: connect timed out]" > > > > so Tomcat is at least trying to connect to the proper host now. > > > Lev, I don't think that you can be sure of that yet. > I cannot comment on your Realm configuration (because I don't know > how it works), but to > me the kind of problem you are having makes me suspect that > something is wrong in your > network setup. > The "connect timed out" for example suggest that Java/Tomcat may be > connecting to a host > that has port 389 open, and maybe the connect itself is working, but > the response to the > connect (a packet from that host "raiffeisen.ru") never comes back > to your Tomcat host. > > Perhaps the LDAP host "raiffeisen.ru" is in a different network > segment than your Tomcat host, You're right, it is. Thanks for paying my attention on it. > and Tomcat can send packets to "raiffeisen.ru", but > "raiffeisen.ru" cannot send > packets back to the Tomcat host ? (some firewall or router in-between ?) > > Can you run a command-line session on the host "raiffeisen.ru", Unfortunately, not. I've got no access there (and doubt that I can get it without joining different department) ) > and check if from there > you can at least ping your Tomcat host ? I tried it vice versa - when trying to ping raiffeisen.ru from my Tomcat host I get no answer. > Or use a traceroute (tracert under Windows) from your Tomcat host to > the "raiffeisen.ru" > host (and look at the IP's) ? Well, I suppose, my first goal is to be able to telnet my AD host by port 389, right? If you don't mind I'll write you again when I'm done with it ) --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
Re: Fw: Problems with LDAP authentication
Good morning everyone!
Well, I've got no idea what happened (providing nobody is configuring
tomcat except me), but I've just opened catalina.out and have seen that
the error message changed to
"Exception opening directory server connection: javax
.naming.CommunicationException: raiffeisen.ru:389 [Root exception is
java.net.SocketTimeoutException: connect timed out]"
so Tomcat is at least trying to connect to the proper host now.
As far as I understand I've entered something wrong in the JNDI Realm
properties. Am I right?
Here's my present realm config. Can you take a look please?
ldap://raiffeisen.ru:389";
alternateURL="ldap://raiffeisen.ru:389";
connectionName="cn=mylogin,dc=raiffeisen,dc=ru"
connectionPassword="mypassword" (unencrypted (for
development purposes) - is it correct?)
referrals="follow"
userBase="OU=_Users,DC=raiffeisen,DC=ru"
userSearch="(sAMAccountName={0})"
userSubtree="true"
userPattern="uid={0},ou=_Users,dc=raiffeisen,dc=ru"
roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})"
adCompat="true"/>
Thanks in advance.
Best Regards,
Karatun Lev,
Felix Schumacher wrote on 10.02.2012
21:51:25:
> Felix Schumacher
> 10.02.2012 21:52
>
> Please respond to
> "Tomcat Users List"
>
> To
>
> users@tomcat.apache.org
>
> cc
>
> Subject
>
> Re: Fw: Problems with LDAP authentication
>
> Am Freitag, den 10.02.2012, 16:54 +0400 schrieb Lev A KARATUN:
> > Felix Schumacher wrote on
10.02.2012
> > 15:31:43:
> >
> > > Felix Schumacher
> > > 10.02.2012 15:32
> > >
> >
>
> > > >
> > > > Hi again.
> > > >
> > > > So, my boss told me that it's insecure to give anyone the password
to
> > > > view
> > > > tomcat's logs and that should be an authentication based on Active
> > > > Directory.
> > > >
> > > > I've been reading the manuals for some time, and configured my
Tomcat
> > > > the
> > > > following way:
> > > >
> > > > $CATALINA_BASE/conf/Catalina/localhost/myapp.xml
> > > >
> > > > > > > docBase="$CATALINA_BASE/logs" reloadable="true">
> > > >
> > > > > > > connectionURL="ldap://raiffeisen.ru:389";
> > > > connectionName="myacco...@raiffeisen.ru" (I also tried
the
> > > > format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it
> > > > matter
> > > > what format do I use?)
> > > For normal ldap servers it would be the latter one, eg. a fully
> > > qualified dn. ADS might accept the mail adress of the user, but I
> > > frankly don't know.
> >
> > Anyway, I tried both variants - the server refuses to accept the
> > connection
> No wonder, since your error message below tells us, that tomcat is
> talking to localhost instead of raiffeisen.ru :)
>
> >
> > >
> > > > connectionPassword="mypassword"
> > > > referrals="follow"
> > > > userBase="OU=_Users,DC=raiffeisen,DC=ru"
> > > > userSearch="(sAMAccountName={0})"
> > > > userSubtree="true"
> > > > roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
> > > > roleName="cn"
> > > > roleSubtree="true"
> > > > roleSearch="(member={0})"
> > > For ADS you might want to add adCompat="true" (look at
> > > http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html for
further
> > > infos).
> > >
> >
> > OK, added, but nothing changed =\
> Again, no wonder.
>
> >
> > >
> > > > />
> > > >
> > > >
> > > >
> > > > WEB-INF/web.xml
> > > >
> > > >
> > > >
> > > >Administrative
Area
> > > >/*
> > > >
> > > >
> > > >ADGroupName
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > The role that is requir
Re: Fw: Problems with LDAP authentication
> André Warnier > 10.02.2012 18:02 > > Please respond to > "Tomcat Users List" > > To > > Tomcat Users List > > cc > > Subject > > Re: Fw: Problems with LDAP authentication > > Lev A KARATUN wrote: > ... > > >>>>> > >>>>> I've been reading the manuals for some time, and configured my > > Tomcat > >>>>> the > >>>>> following way: > >>>>> > >>>>> $CATALINA_BASE/conf/Catalina/localhost/myapp.xml > >>>>> > >>>>> >>>>> docBase="$CATALINA_BASE/logs" reloadable="true"> > >>>>> > ... > > >> That's why Felix said that he thought that this config wasn't the one > >> being used. > >> > >> What is the name of the Context xml file in > > tomcat/conf/Catalina/localhost? > >> Is it "logs.xml" or "myapp.xml" or something else? > >> > > > > It is logs.xml > > > > > Huh ? Is it just me, or does something not fit ? > (or was this another edit before posting ?) The name of the file has always been "logs.xml". When I was writing the 1st message about my problem, I used "myapp.xml" just as an example (because it really doesn't matter what the name of the app is, right?). When Pid asked me about the actual name of the app's context file, I answered him - "logs.xml" > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
Re: Fw: Problems with LDAP authentication
> Pid
> 10.02.2012 17:35
>
> Please respond to
> "Tomcat Users List"
>
> To
>
> Tomcat Users List
>
> cc
>
> Subject
>
> Re: Fw: Problems with LDAP authentication
>
> On 10/02/2012 12:54, Lev A KARATUN wrote:
> > Please see my answers below.
> >
> > Best Regards,
> > Karatun Lev,
> >
> >
> > Felix Schumacher wrote on
10.02.2012
> > 15:31:43:
> >
> >> Felix Schumacher
> >> 10.02.2012 15:32
> >>
> >> Please respond to
> >> "Tomcat Users List"
> >>
> >> To
> >>
> >> Tomcat Users List
> >>
> >> cc
> >>
> >> Subject
> >>
> >> Re: Fw: Problems with LDAP authentication
> >>
> >> Am 10.02.2012 11:43, schrieb Lev A KARATUN:
> >>> Does anybody have an idea?..
> >>>
> >>>
> >>>
> >>
> >
>
> >>>
> >>> Hi again.
> >>>
> >>> So, my boss told me that it's insecure to give anyone the password
to
> >>> view
> >>> tomcat's logs and that should be an authentication based on Active
> >>> Directory.
> >>>
> >>> I've been reading the manuals for some time, and configured my
Tomcat
> >>> the
> >>> following way:
> >>>
> >>> $CATALINA_BASE/conf/Catalina/localhost/myapp.xml
> >>>
> >>> >>> docBase="$CATALINA_BASE/logs" reloadable="true">
> >>>
> >>> >>> connectionURL="ldap://raiffeisen.ru:389";
> >>> connectionName="myacco...@raiffeisen.ru" (I also tried the
> >>> format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it
> >>> matter
> >>> what format do I use?)
> >> For normal ldap servers it would be the latter one, eg. a fully
> >> qualified dn. ADS might accept the mail adress of the user, but I
> >> frankly don't know.
> >
> > Anyway, I tried both variants - the server refuses to accept the
> > connection
> >
> >>
> >>> connectionPassword="mypassword"
> >>> referrals="follow"
> >>> userBase="OU=_Users,DC=raiffeisen,DC=ru"
> >>> userSearch="(sAMAccountName={0})"
> >>> userSubtree="true"
> >>> roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
> >>> roleName="cn"
> >>> roleSubtree="true"
> >>> roleSearch="(member={0})"
> >> For ADS you might want to add adCompat="true" (look at
> >> http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html for further
> >> infos).
> >>
> >
> > OK, added, but nothing changed =\
> >
> >>
> >>> />
> >>>
> >>>
> >>>
> >>> WEB-INF/web.xml
> >>>
> >>>
> >>>
> >>>Administrative
Area
> >>>/*
> >>>
> >>>
> >>>ADGroupName
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> The role that is required to view logs
> >>>
> >>> ADGroupName
> >>>
> >>>
> >>>
> >>> I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for
> >>> I
> >>> guess a hundred times, but every time I'm getting a message in
> >>> catalina.out:
> >>>
> >>> Throwable occurred: LifecycleException: Exception opening directory
> >>> server connection: javax.naming.CommunicationException:
> >>> localhost:389
> >>> [Root exception is java.net.ConnectException: A remote host refused
> >>> an
> >>> attempted connect operation.]
> >> Since localhost is another server, than what you told us you had
> >> configured, I think your context file is not being used. Search for
> >> other context files, where you either have configured localhost or
> >> misspelled connectionURL.
> >
> > But the 389th port is only mentioned in myapp's config file and
nowhere
&g
Re: Fw: Problems with LDAP authentication
Please see my answers below.
Best Regards,
Karatun Lev,
Felix Schumacher wrote on 10.02.2012
15:31:43:
> Felix Schumacher
> 10.02.2012 15:32
>
> Please respond to
> "Tomcat Users List"
>
> To
>
> Tomcat Users List
>
> cc
>
> Subject
>
> Re: Fw: Problems with LDAP authentication
>
> Am 10.02.2012 11:43, schrieb Lev A KARATUN:
> > Does anybody have an idea?..
> >
> >
> >
>
> >
> > Hi again.
> >
> > So, my boss told me that it's insecure to give anyone the password to
> > view
> > tomcat's logs and that should be an authentication based on Active
> > Directory.
> >
> > I've been reading the manuals for some time, and configured my Tomcat
> > the
> > following way:
> >
> > $CATALINA_BASE/conf/Catalina/localhost/myapp.xml
> >
> > > docBase="$CATALINA_BASE/logs" reloadable="true">
> >
> > > connectionURL="ldap://raiffeisen.ru:389";
> > connectionName="myacco...@raiffeisen.ru" (I also tried the
> > format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it
> > matter
> > what format do I use?)
> For normal ldap servers it would be the latter one, eg. a fully
> qualified dn. ADS might accept the mail adress of the user, but I
> frankly don't know.
Anyway, I tried both variants - the server refuses to accept the
connection
>
> > connectionPassword="mypassword"
> > referrals="follow"
> > userBase="OU=_Users,DC=raiffeisen,DC=ru"
> > userSearch="(sAMAccountName={0})"
> > userSubtree="true"
> > roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
> > roleName="cn"
> > roleSubtree="true"
> > roleSearch="(member={0})"
> For ADS you might want to add adCompat="true" (look at
> http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html for further
> infos).
>
OK, added, but nothing changed =\
>
> > />
> >
> >
> >
> > WEB-INF/web.xml
> >
> >
> >
> >Administrative Area
> >/*
> >
> >
> >ADGroupName
> >
> >
> >
> >
> >
> > The role that is required to view logs
> >
> > ADGroupName
> >
> >
> >
> > I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for
> > I
> > guess a hundred times, but every time I'm getting a message in
> > catalina.out:
> >
> > Throwable occurred: LifecycleException: Exception opening directory
> > server connection: javax.naming.CommunicationException:
> > localhost:389
> > [Root exception is java.net.ConnectException: A remote host refused
> > an
> > attempted connect operation.]
> Since localhost is another server, than what you told us you had
> configured, I think your context file is not being used. Search for
> other context files, where you either have configured localhost or
> misspelled connectionURL.
But the 389th port is only mentioned in myapp's config file and nowhere
else. So I assume that Tomcat tries to use myapp.xml, but fails for some
reason..
The other apps' context files are default - like this:
>
> >
> > and
> >
> > SEVERE: Error deploying configuration descriptor myapp.xml
> > Throwable occurred: java.lang.IllegalStateException:
> > ContainerBase.addChild: start: LifecycleException: Exception opening
> > directory server connection: javax.naming.CommunicationException:
> > localhost:389 [Root exception is java.net.ConnectException: A remote
> > host
> > refused an attempted connect operation.]
> >
> >
> > I tried to telnet raiffeisen.ru by port 389 and got connected.
> > I installed JXplorer, entered hostname, port, my credentials and got
> > connected.
> telnet localhost 389 and see if you get any errors :)
bash-3.00$ telnet localhost 389
Trying...
telnet: connect: A remote host refused an attempted connect operation.
...but WHY is Tomcat trying to connect to localhost? It's clearly written
in the realm - connectionURL="ldap://raiffeisen.ru:389";
=(
>
> Regards
> Felix
>
> > I start Tomcat and get errors.
> >
> > Can you please give me an idea about what am I doing wrong?
> >
> >
Re: Fw: Problems with LDAP authentication
Pid,
sorry, my english is not very good. What do you mean by "raised that
particular issue too"?
>> That variable should be "${catalina.base}".
Actually, there is no variable in the config file, and it works pretty
fine.. I just did not want to insert the full path from / to the logs
folder into my letter and so I wrote just $CATALINA_BASE.
Best Regards,
Karatun Lev,
Pid
10.02.2012 15:33
Please respond to
"Tomcat Users List"
To
Tomcat Users List
cc
Subject
Re: Fw: Problems with LDAP authentication
On 10/02/2012 10:43, Lev A KARATUN wrote:
> Does anybody have an idea?..
>
>
>
> Hi again.
>
> So, my boss told me that it's insecure to give anyone the password to
view
> tomcat's logs and that should be an authentication based on Active
> Directory.
I think we raised that particular issue too.
> I've been reading the manuals for some time, and configured my Tomcat
the
> following way:
>
> $CATALINA_BASE/conf/Catalina/localhost/myapp.xml
>
> docBase="$CATALINA_BASE/logs" reloadable="true">
That variable should be "${catalina.base}".
p
> connectionURL="ldap://raiffeisen.ru:389";
> connectionName="myacco...@raiffeisen.ru" (I also tried the
> format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it
matter
> what format do I use?)
> connectionPassword="mypassword"
> referrals="follow"
> userBase="OU=_Users,DC=raiffeisen,DC=ru"
> userSearch="(sAMAccountName={0})"
> userSubtree="true"
> roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
> roleName="cn"
> roleSubtree="true"
> roleSearch="(member={0})"
> />
>
>
>
> WEB-INF/web.xml
>
>
>
>Administrative Area
>/*
>
>
>ADGroupName
>
>
>
>
>
> The role that is required to view logs
>
> ADGroupName
>
>
>
> I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
> guess a hundred times, but every time I'm getting a message in
> catalina.out:
>
> Throwable occurred: LifecycleException: Exception opening directory
> server connection: javax.naming.CommunicationException: localhost:389
> [Root exception is java.net.ConnectException: A remote host refused an
> attempted connect operation.]
>
> and
>
> SEVERE: Error deploying configuration descriptor myapp.xml
> Throwable occurred: java.lang.IllegalStateException:
> ContainerBase.addChild: start: LifecycleException: Exception opening
> directory server connection: javax.naming.CommunicationException:
> localhost:389 [Root exception is java.net.ConnectException: A remote
host
> refused an attempted connect operation.]
>
>
> I tried to telnet raiffeisen.ru by port 389 and got connected.
> I installed JXplorer, entered hostname, port, my credentials and got
> connected.
> I start Tomcat and get errors.
>
> Can you please give me an idea about what am I doing wrong?
>
> Thanks in advance.
>
> Best Regards,
> Karatun Lev.
>
>
> ---
> This message and any attachment are confidential and may be privileged
or otherwise protected from disclosure. If you are not the intended
recipient any use, distribution, copying or disclosure is strictly
prohibited. If you have received this message in error, please notify the
sender immediately either by telephone or by e-mail and delete this
message and any attachment from your system. Correspondence via e-mail is
for information purposes only. ZAO Raiffeisenbank neither makes nor
accepts legally binding statements by e-mail unless otherwise agreed.
> ---
--
[key:62590808]
[attachment "signature.asc" deleted by Lev A KARATUN/MSK/RBA-MOSCOW/RU]
---
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient any
use, distribution, copying or disclosure is strictly prohibited. If you have
received this message in error, please notify the sender immediately either by
telephone or by e-mail and delete this message and any attachment from your
system. Correspondence via e-mail is for information purposes only. ZAO
Raiffeisenbank neither makes nor accepts legally binding statements by e-mail
unless otherwise agreed.
---
Fw: Problems with LDAP authentication
Does anybody have an idea?..
Hi again.
So, my boss told me that it's insecure to give anyone the password to view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my Tomcat the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
ldap://raiffeisen.ru:389";
connectionName="myacco...@raiffeisen.ru" (I also tried the
format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it matter
what format do I use?)
connectionPassword="mypassword"
referrals="follow"
userBase="OU=_Users,DC=raiffeisen,DC=ru"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})"
/>
WEB-INF/web.xml
Administrative Area
/*
ADGroupName
The role that is required to view logs
ADGroupName
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException: localhost:389
[Root exception is java.net.ConnectException: A remote host refused an
attempted connect operation.]
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
---
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient any
use, distribution, copying or disclosure is strictly prohibited. If you have
received this message in error, please notify the sender immediately either by
telephone or by e-mail and delete this message and any attachment from your
system. Correspondence via e-mail is for information purposes only. ZAO
Raiffeisenbank neither makes nor accepts legally binding statements by e-mail
unless otherwise agreed.
---
Problems with LDAP authentication
Hi again.
So, my boss told me that it's insecure to give anyone the password to view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my Tomcat the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
ldap://raiffeisen.ru:389";
connectionName="myacco...@raiffeisen.ru" (I also tried the
format connectionName="cn=myaccount,dc=raiffeisen,dc=ru" - does it matter
what format do I use?)
connectionPassword="mypassword"
referrals="follow"
userBase="OU=_Users,DC=raiffeisen,DC=ru"
userSearch="(sAMAccountName={0})"
userSubtree="true"
roleBase="OU=_Groups,DC=raiffeisen,DC=ru"
roleName="cn"
roleSubtree="true"
roleSearch="(member={0})"
/>
WEB-INF/web.xml
Administrative Area
/*
ADGroupName
The role that is required to view logs
ADGroupName
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException: localhost:389
[Root exception is java.net.ConnectException: A remote host refused an
attempted connect operation.]
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
---
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient any
use, distribution, copying or disclosure is strictly prohibited. If you have
received this message in error, please notify the sender immediately either by
telephone or by e-mail and delete this message and any attachment from your
system. Correspondence via e-mail is for information purposes only. ZAO
Raiffeisenbank neither makes nor accepts legally binding statements by e-mail
unless otherwise agreed.
---
RE: How can I access tomcat's logs using my jsp?
Charles, I made the adjustments and it works now. Thank you! Best Regards, Karatun Lev, "Caldarale, Charles R" wrote on 06.02.2012 18:41:18: > "Caldarale, Charles R" > 06.02.2012 18:42 > > Please respond to > "Tomcat Users List" > > To > > Tomcat Users List > > cc > > Subject > > RE: How can I access tomcat's logs using my jsp? > > > From: Lev A KARATUN [mailto:lev.kara...@raiffeisen.ru] > > Subject: RE: How can I access tomcat's logs using my jsp? > > > when I'm copypasting the default servlet block to > > $CATALINA_BASE/logs/WEB-INF/web.xml, the application > > no longer works. > > There's an additional step required for Tomcat 6 that's not > necessary for Tomcat 7. So either upgrade, or do the following: > > Change the name of the DefaultServlet in logs/WEB-INF/web.xml to > logsdefault (or some other unique label): > > logsdefault > > and add a for it: > > > logsdefault > / > > > Tomcat 6 does not allow you to override the settings > in the global conf/web.xml, but Tomcat 7 does. > > > And one more question - if myapp's docBase is set to $CATALINA_BASE/logs , > > does it matter what is in the webapps/myapp folder? > > Assuming the "myapp" you're referring to is the one for accessing > Tomcat's logs, you should not risk problems by also having a > webapps/myapp. It shouldn't hurt, but... > > And, as usual, ignore Martin G's irrelevant ramblings. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY MATERIAL and is thus for use only by the intended > recipient. If you received this in error, please contact the sender > and delete the e-mail and its attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
RE: How can I access tomcat's logs using my jsp?
Charles, thank for your explanation. Now everything (exept one thing) seems to work fine. The only problem left is - when I'm copypasting the default servlet block to $CATALINA_BASE/logs/WEB-INF/web.xml , the application no longer works. Without it everything works fine (but I can't disable the directory listings general setting because I need it swithed on for the /logs dir). The block that I copy is : default org.apache.catalina.servlets.DefaultServlet debug 0 listings true 1 (I place it inside the section) And one more question - if myapp's docBase is set to $CATALINA_BASE/logs , does it matter what is in the webapps/myapp folder? Thanks in advance. "Caldarale, Charles R" wrote on 04.02.2012 01:44:08: > "Caldarale, Charles R" > 04.02.2012 01:45 > > Please respond to > "Tomcat Users List" > > To > > Tomcat Users List > > cc > > Subject > > RE: How can I access tomcat's logs using my jsp? > > > From: André Warnier [mailto:a...@ice-sa.com] > > Subject: Re: How can I access tomcat's logs using my jsp? > > > - you can create a webapp named "tomcat-logs" (or whatever), just by > > creating a new directory "tomcat-logs" (or whatever) under webapps. > > Nope. > > > - to protect access to it, you'll need a WEB-INF/web.xml, with some > > security/auth constraints, just like any other protected application. > > That is needed. However, this WEB-INF directory and consequently > the WEB-INF/web.xml file must be placed in Tomcat's log directory. > > > - you will need a META-INF/context.xml, specifying as docBase, the > > directory where the logs really are. > > Nope, that won't work; docBase is not allowed when the webapp is > inside the appBase directory. The element must be > placed in conf/Catalina/[hostName]/[appName].xml, with the docBase > pointing to the location of the logs directory. > > > - and you will need to specify somewhere, that for this directory, > > Tomcat is allowed to generate a page with an index to the files. > > That's done by enabling the listings parameter for the > DefaultServlet. The OP will need to copy the tag and its > sub-tags for the DefaultServlet from conf/web.xml to the log > webapp's WEB-INF/web.xml and set the listings parameter to true. > You do not want to enable the listings parameter in the global conf/ > web.xml for what should be obvious reasons. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE > PROPRIETARY MATERIAL and is thus for use only by the intended > recipient. If you received this in error, please contact the sender > and delete the e-mail and its attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
Re: How can I access tomcat's logs using my jsp?
John, unfortunately, I can't neither open symlinks via my browser (404) nor see them in the file list. John Renne wrote on 03.02.2012 18:54:37: > John Renne > 03.02.2012 18:55 > > Please respond to > "Tomcat Users List" > > To > > "Tomcat Users List" > > cc > > Subject > > Re: How can I access tomcat's logs using my jsp? > > I've done this before but always used the apache in front of tomcat > to serve the logfiles. > > If you're sure you want to let tomcat do the fileserving, I'ld > suggest making a symlink in one of the application folders to the > logsdirectory. That should do the trick. > > John > > On Feb 3, 2012, at 2:53 PM, Lev A KARATUN wrote: > > > Hello! > > > > I'm administering an application running on Tomcat 6.0.0.29. OS is AIX > > 5.3. > > > > I'm trying to write a simple jsp to make some superusers able to download > > tomcat logs via browser after entering a password. (In my organization > > it's not permitted to give anyone the "manager" role) > > I've already managed to get a list log-files' names (just copied someone's > > part of code and made some adjustments), but when I'm trying to make > > download links, I don't know how can I specify the path to > > /$CATALINA_BASE/logs via my web-browser. As far as I can see, I can reach > > only folders like /$CATALINA_BASE/webapps/myapp upon entering the link > > http://myhost:port/myapp. > > > > So, the question is - how can I access tomcat's logs using my jsp? > > > > > > Thanks in advance. > > > > Best Regards, > > Karatun Lev > > > > > > --- > > This message and any attachment are confidential and may be > privileged or otherwise protected from disclosure. If you are not > the intended recipient any use, distribution, copying or disclosure > is strictly prohibited. If you have received this message in error, > please notify the sender immediately either by telephone or by e- > mail and delete this message and any attachment from your system. > Correspondence via e-mail is for information purposes only. ZAO > Raiffeisenbank neither makes nor accepts legally binding statements > by e-mail unless otherwise agreed. > > --- > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
Re: How can I access tomcat's logs using my jsp?
Andre, thanks for precaution, I'll check the docs. Best Regards, Karatun Lev, RBRU IT Application Support , (495) 5464 André Warnier 06.02.2012 12:04 Please respond to "Tomcat Users List" To Tomcat Users List cc Subject Re: How can I access tomcat's logs using my jsp? Lev A KARATUN wrote: > Andre, > > but if a symbolic link is deleted, its target remains unaffected. Are you > sure that undeployment can damage my logs somehow? > I'd have to dig through the documentation (which you can also do). But I am pretty sure that up to some version, Tomcat by default first deleted the *content* of whatever was pointed to by the symbolic link (in this case, the log directory), then the symbolic link itself. As I recall, this behaviour was changed at some point, but maybe only when some parameter is specified. The "Deployment" section of the Tomcat on-line documentation would be the place to start. Anyway, the way (or a way) to go to do this properly has been indicated in a previous message by Chuck (the one where he rectified my own sloppy scenario). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
Re: How can I access tomcat's logs using my jsp?
Christopher, actually, I'm new to configuring tomcat and writing .jsp's. All that I managed to do up to the moment is - to set up authentication rules and to get a jsp that gives me a list of files that I need (in the /$catalina_base/my_instance/logs directory). So, I can't give you a sample of my code because it doesn't exist yet =) Thanks for mentioning PsiProbe, I'll try to use it. Best Regards, Karatun Lev, RBRU IT Application Support , (495) 5464 Christopher Schultz 03.02.2012 20:32 Please respond to "Tomcat Users List" To Tomcat Users List cc Subject Re: How can I access tomcat's logs using my jsp? -BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Lev, On 2/3/12 8:53 AM, Lev A KARATUN wrote: > I'm trying to write a simple jsp to make some superusers able to > download tomcat logs via browser after entering a password. (In my > organization it's not permitted to give anyone the "manager" role) You could bail-out and use a separate utility like PsiProbe which, I believe, has this kind of thing built right-in. > I've already managed to get a list log-files' names (just copied > someone's part of code and made some adjustments), but when I'm > trying to make download links, I don't know how can I specify the > path to /$CATALINA_BASE/logs via my web-browser. As far as I can > see, I can reach only folders like /$CATALINA_BASE/webapps/myapp > upon entering the link http://myhost:port/myapp. > > So, the question is - how can I access tomcat's logs using my jsp? Can you give us a sample of how you are trying to serve the file? Are you performing a and trying to let the DefaultServlet serve the log, or are you reading the file yourself and streaming it back to the client? I believe only the latter will be possible without significant alternative configuration. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8sC9cACgkQ9CaO5/Lv0PCKbwCeLt3cUDYf0DjYsF76F9cLVD3s migAnRHjThUJTyJ0Z2WiiFodz2Zq7GSx =jWbS -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
Re: How can I access tomcat's logs using my jsp?
Andre, but if a symbolic link is deleted, its target remains unaffected. Are you sure that undeployment can damage my logs somehow? Best Regards, Karatun Lev, RBRU IT Application Support , (495) 5464 André Warnier 03.02.2012 20:00 Please respond to "Tomcat Users List" To Tomcat Users List cc Subject Re: How can I access tomcat's logs using my jsp? John Renne wrote: > I've done this before but always used the apache in front of tomcat to serve the logfiles. > > If you're sure you want to let tomcat do the fileserving, I'ld suggest making a symlink in one of the application folders to the logsdirectory. That should do the trick. > I would not do that without being very very careful. Undeploying the application may just delete all your logs. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
How can I access tomcat's logs using my jsp?
Hello! I'm administering an application running on Tomcat 6.0.0.29. OS is AIX 5.3. I'm trying to write a simple jsp to make some superusers able to download tomcat logs via browser after entering a password. (In my organization it's not permitted to give anyone the "manager" role) I've already managed to get a list log-files' names (just copied someone's part of code and made some adjustments), but when I'm trying to make download links, I don't know how can I specify the path to /$CATALINA_BASE/logs via my web-browser. As far as I can see, I can reach only folders like /$CATALINA_BASE/webapps/myapp upon entering the link http://myhost:port/myapp. So, the question is - how can I access tomcat's logs using my jsp? Thanks in advance. Best Regards, Karatun Lev --- This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient any use, distribution, copying or disclosure is strictly prohibited. If you have received this message in error, please notify the sender immediately either by telephone or by e-mail and delete this message and any attachment from your system. Correspondence via e-mail is for information purposes only. ZAO Raiffeisenbank neither makes nor accepts legally binding statements by e-mail unless otherwise agreed. ---
