Re: Tomcat Manager Application
Thanks Christopher. The web.xml file was not present in the manager/WEB-INF directory. This is why I couldn't get the manager app to work. Martin On Thu, Aug 25, 2011 at 11:48 AM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Martin, > > On 8/25/2011 11:44 AM, Martin Dubuc wrote: > > I am trying to run the Tomcat Manager application in Tomcat 7 > > (7.0.18). I can't get this to work. If I go to /manager/index.jsp > > on my web server, the web server redirects me to /manager/html > > That is correct behavior. > > > and returns a 404 error. > > That is not correct behavior. > > > Looking inside the manager directory under webapps, there is no > > html directory. Is the manager application broken? > > Look at the servlet mappings. > > Are you fronting Tomcat with httpd? If so, you'll have to make sure you > map more than just *.jsp. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk5WbssACgkQ9CaO5/Lv0PDPbQCeLkwg+TOJoNJpe+QEFPeN4JwD > oQAAn2UstXeLqrLPaaU/9UATQ5h2djIU > =vfl5 > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat Manager Application
I am trying to run the Tomcat Manager application in Tomcat 7 (7.0.18). I can't get this to work. If I go to /manager/index.jsp on my web server, the web server redirects me to /manager/html and returns a 404 error. Looking inside the manager directory under webapps, there is no html directory. Is the manager application broken? Martin
Re: crlFile and SunX509 algorithm in Tomcat 7.0.16
I can confirm that the patch works. We were able to get Tomcat up and running with the crlFile and the SunX509 algorithm configuration and were able to test that the CRL functionality was working as expected in a patched 7.0.16 version. Thanks, Martin On Thu, Jun 23, 2011 at 11:42 AM, Mark Thomas wrote: > On 23/06/2011 16:30, Martin Dubuc wrote: > > Can you confirm that the patches to apply to solve this issue are the > > following ones: r1138550 and r1138555? > > r1138550 is purely cosmetic. r1138555 is the patch that should fix this. > > Mark > > > > > Martin > > > > On Wed, Jun 22, 2011 at 5:16 PM, Mark Thomas wrote: > > > >> On 22/06/2011 20:03, Martin Dubuc wrote: > >>> Mark, > >>> > >>> Thanks for looking into this and working to get the patch in for future > >>> versions. It will allow us to use later versions of Tomcat and not be > >> stuck > >>> on 7.0.10. > >>> > >>> If you would like me to test the patch, I can rebuild from patched > source > >>> and test locally. > >> > >> Please. It would be good to get confirmation that it is now working as > >> intended. > >> > >> Mark > >> > >>> > >>> Martin > >>> > >>> On Wed, Jun 22, 2011 at 12:46 PM, Mark Thomas > wrote: > >>> > >>>> Tomcat 6.0.x looks to be OK. There is a copy/paste problem in 7.0.x > that > >>>> I'll fixed shortly. > >>>> > >>>> If you are willing to build Tomcat 7.0.x from source (not hard) then > it > >>>> will be easy for you to test the patch. > >>>> > >>>> Mark > >>>> > >>>> > >>>> > >>>> - > >>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >>>> For additional commands, e-mail: users-h...@tomcat.apache.org > >>>> > >>>> > >>> > >> > >> > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: crlFile and SunX509 algorithm in Tomcat 7.0.16
Can you confirm that the patches to apply to solve this issue are the following ones: r1138550 and r1138555? Martin On Wed, Jun 22, 2011 at 5:16 PM, Mark Thomas wrote: > On 22/06/2011 20:03, Martin Dubuc wrote: > > Mark, > > > > Thanks for looking into this and working to get the patch in for future > > versions. It will allow us to use later versions of Tomcat and not be > stuck > > on 7.0.10. > > > > If you would like me to test the patch, I can rebuild from patched source > > and test locally. > > Please. It would be good to get confirmation that it is now working as > intended. > > Mark > > > > > Martin > > > > On Wed, Jun 22, 2011 at 12:46 PM, Mark Thomas wrote: > > > >> Tomcat 6.0.x looks to be OK. There is a copy/paste problem in 7.0.x that > >> I'll fixed shortly. > >> > >> If you are willing to build Tomcat 7.0.x from source (not hard) then it > >> will be easy for you to test the patch. > >> > >> Mark > >> > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: crlFile and SunX509 algorithm in Tomcat 7.0.16
Mark, Thanks for looking into this and working to get the patch in for future versions. It will allow us to use later versions of Tomcat and not be stuck on 7.0.10. If you would like me to test the patch, I can rebuild from patched source and test locally. Martin On Wed, Jun 22, 2011 at 12:46 PM, Mark Thomas wrote: > Tomcat 6.0.x looks to be OK. There is a copy/paste problem in 7.0.x that > I'll fixed shortly. > > If you are willing to build Tomcat 7.0.x from source (not hard) then it > will be easy for you to test the patch. > > Mark > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: crlFile and SunX509 algorithm in Tomcat 7.0.16
I have done some more analysis of the problem and the exception started to be thrown in version 7.0.11. Something changed between 7.0.10 and 7.0.11 that affected handling of CRL for SunX509 algorithm. In version 7.0.10, although the code in JSSESocketFactory.java to throw the exception is the same as the 7.0.11 version, the exception is not thrown. I imagine that in 7.0.10, the application never calls JSSESocketFactory's getParameter or that somehow the algo that is passed to this method is replaced with PKIX. Would someone know what changed between version 7.0.10 and version 7.0.11? Martin On Thu, Jun 16, 2011 at 8:59 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Martin Dubuc [mailto:martind1...@gmail.com] > > Subject: crlFile and SunX509 algorithm in Tomcat 7.0.16 > > > Up to Tomcat 7.0.10, I used the crlFile configuration along > > with the SunX509 algorithm in SSL HTTP connector configuration > > > java.io.IOException: CRLs not supported for type: SunX509 > > > I am using JDK 6 update 26. > > Haven't looked at the JRE code yet, but I wonder if the new owners in their > zeal might have changed the internal class to OracleX509? (Just > speculation, and hopefully not correct.) > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: crlFile and SunX509 algorithm in Tomcat 7.0.16
at org.apache.catalina.connector.Connector.initInternal(Connector.java:910) ... 17 more Caused by: java.security.cert.CRLException: CRLs not supported for type: SunX509 at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getParameters(JSSESocketFactory.java:665) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:620) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getTrustManagers(JSSESocketFactory.java:522) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:450) ... 23 more Martin On Thu, Jun 16, 2011 at 9:35 AM, Konstantin Kolinko wrote: > 2011/6/16 Martin Dubuc : > > Up to Tomcat 7.0.10, I used the crlFile configuration along with the > SunX509 > > algorithm in SSL HTTP connector configuration in server.xml. However, > when I > > start Tomcat 7.0.16, I get the following error: > > > > Jun 16, 2011 12:22:22 PM org.apache.coyote.AbstractProtocol init > > SEVERE: Failed to initialize end point associated with ProtocolHandler > > ["http-bio-8443"] > > java.io.IOException: CRLs not supported for type: SunX509 > >at > > > org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:476) > > > > I am using JDK 6 update 26. > > > > Has CRL support been recently removed? > > No, but there were changes in implementation of JSSESocketFactory to > support additional configuration options. It was reviewed when > backporting the change to 6.0, but it is possible that something was > missed. > > > JSSESocketFactory.java:476 wraps an underlying exception with an > IOException. Can you see what the underlying exception is? > > Maybe you can run with a debugger? > > http://wiki.apache.org/tomcat/FAQ/Developing#Debugging > > http://wiki.apache.org/tomcat/HowTo#How_do_I_debug_a_Tomcat_application.3F > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: crlFile and SunX509 algorithm in Tomcat 7.0.16
I would be surprised it would be JRE related since the crlFile configuration works with Tomcat 7.0.10 and the same JDK. Must be something that changed in the Tomcat code. Martin On Thu, Jun 16, 2011 at 8:59 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Martin Dubuc [mailto:martind1...@gmail.com] > > Subject: crlFile and SunX509 algorithm in Tomcat 7.0.16 > > > Up to Tomcat 7.0.10, I used the crlFile configuration along > > with the SunX509 algorithm in SSL HTTP connector configuration > > > java.io.IOException: CRLs not supported for type: SunX509 > > > I am using JDK 6 update 26. > > Haven't looked at the JRE code yet, but I wonder if the new owners in their > zeal might have changed the internal class to OracleX509? (Just > speculation, and hopefully not correct.) > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: crlFile and SunX509 algorithm in Tomcat 7.0.16
I have tried to change the algorithm to Oracle509 to no avail. This value is not recognized. Martin On Thu, Jun 16, 2011 at 8:59 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Martin Dubuc [mailto:martind1...@gmail.com] > > Subject: crlFile and SunX509 algorithm in Tomcat 7.0.16 > > > Up to Tomcat 7.0.10, I used the crlFile configuration along > > with the SunX509 algorithm in SSL HTTP connector configuration > > > java.io.IOException: CRLs not supported for type: SunX509 > > > I am using JDK 6 update 26. > > Haven't looked at the JRE code yet, but I wonder if the new owners in their > zeal might have changed the internal class to OracleX509? (Just > speculation, and hopefully not correct.) > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
crlFile and SunX509 algorithm in Tomcat 7.0.16
Up to Tomcat 7.0.10, I used the crlFile configuration along with the SunX509 algorithm in SSL HTTP connector configuration in server.xml. However, when I start Tomcat 7.0.16, I get the following error: Jun 16, 2011 12:22:22 PM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler ["http-bio-8443"] java.io.IOException: CRLs not supported for type: SunX509 at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:476) I am using JDK 6 update 26. Has CRL support been recently removed? Martin
Re: IPv6 Issue with Tomcat
Thanks for all your response guys. Chuck's recommendation did fix my problem. I also liked the loopback recommendation. Martin On Fri, Feb 11, 2011 at 10:17 AM, Martin Dubuc wrote: > On my Tomcat server (currently running version 6.x), I have set up a > firewall rule to drop all IPv6 traffic. It seems that this is causing some > issue on startup, because the startup delay is noticeable (takes around 3 > minutes) when the IPv6 firewall rule is on. If the IPv6 rule is not on, the > server usually starts in a few seconds. By looking more closely at the > problem, my understanding is that the delay is caused by the server trying > to access the database realm. It is using JDBC to connect to the database. > The driver is likely trying to communicate first using IPv6 and when a > timeout occurs (because all IPv6 packets are dropped by the firewall), the > driver switches back to IPv4 and then the startup is able to complete. To > me, this seems to be a JDBC driver issue, but I am wondering if there is > configuration within Tomcat to force the driver not to use IPv6. > > Martin >
Re: IPv6 Issue with Tomcat
I am using Tomcat 6.0.29 and JDK 6 Update 23. Martin On Fri, Feb 11, 2011 at 10:30 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Martin Dubuc [mailto:martind1...@gmail.com] > > Subject: IPv6 Issue with Tomcat > > > I am wondering if there is configuration within Tomcat > > to force the driver not to use IPv6. > > Not within Tomcat, but possibly for the JVM you're using. Try setting > -Djava.net.preferIPv4Stack=true as a JVM system property parameter. > > Of course, not telling us your actual Tomcat version, the JVM level you're > using, and the platform you're on makes providing advice somewhat of a shot > in the dark. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
IPv6 Issue with Tomcat
On my Tomcat server (currently running version 6.x), I have set up a firewall rule to drop all IPv6 traffic. It seems that this is causing some issue on startup, because the startup delay is noticeable (takes around 3 minutes) when the IPv6 firewall rule is on. If the IPv6 rule is not on, the server usually starts in a few seconds. By looking more closely at the problem, my understanding is that the delay is caused by the server trying to access the database realm. It is using JDBC to connect to the database. The driver is likely trying to communicate first using IPv6 and when a timeout occurs (because all IPv6 packets are dropped by the firewall), the driver switches back to IPv4 and then the startup is able to complete. To me, this seems to be a JDBC driver issue, but I am wondering if there is configuration within Tomcat to force the driver not to use IPv6. Martin
Re: Issues with Tomcat 6.0.26
I am running into same issue on my side using the latest Tomcat 6.0.26 and
JSF. I am using Mojarra 1.2 patch 14 and RichFaces 3.3.2 SR1. I didn't have
any issues with 6.0.24.
Not sure what changed in 6.0.26, but it might have broken JSF 1.2 support.
Hopefully, someone can recommend a workaround.
Martin
On Fri, Mar 12, 2010 at 2:16 PM, Sai Pullabhotla <
sai.pullabho...@jmethods.com> wrote:
> Thanks for the reply, Konstantin.
>
> If I understood your question correctly, you are asking about the
> headers in the taglib for richfaces. I pulled it from the jar file and
> here it is:
>
> http://java.sun.com/xml/ns/javaee
> http://java.sun.com/xml/ns/javaee/web-jsptaglibrary_2_1.xsd";
> xmlns="http://java.sun.com/xml/ns/javaee";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; version="2.1">
>
> which appears to be JSP 2.1.
>
> Just so you know, we do not have these issues running under Tomcat
> 6.0.18. In 6.0.24 we just have one issue which is the bug# 48627.
>
> With 6.0.26, these new issues popped up. Any insight is greatly
> appreciated.
>
>
> Thanks & Regards,
> Sai Pullabhotla
>
>
>
>
>
> On Fri, Mar 12, 2010 at 10:42 AM, Konstantin Kolinko
> wrote:
> > 2010/3/12 Sai Pullabhotla :
> >>
> >> >> styleClass="#{node.selected ? 'SelectedCategoryNode' :
> >> 'CategoryNode'}" actionListener="#{categoryTree.nodeClicked}">
> >>
> >
> > What versions of the said libraries you are using?
> >
> > The TLD files for rich: and h: prefixes -- what JSP specification
> > version they are using?
> > It must be 2.1, not 2.0
> >
> > Best regards,
> > Konstantin Kolinko
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Re: Support for JSF 2.0
I can't find the JSP 2.2 specification, but if you look at JSR-316, you will see that the basis for Java EE 6 is servlet 3.0, JSP 2.2 and JSF 2.0. I am not sure it makes much sense to align JSP 2.1 with servlet 3.0. Martin On Tue, Mar 17, 2009 at 4:34 PM, Mark Thomas wrote: > Martin Dubuc wrote: > > It is my understanding that Java EE 6 will use JSP 2.2, servlet 3.0 and > JSF > > 2.0. I am wondering if Tomcat 7.0 should also support JSP 2.2 in addition > to > > servlet 3.0. > > As far as I am aware, there is no JSP 2.2 spec in the works. If you know > different, a reference would be useful. > > Mark > > > > > I have seen on the Sun's JSF forum a poster claim that JSF 2.0 would work > > with JSP 2.0 and servlet 2.5, so I guess Tomcat 6.0.x would be sufficient > > for Web applications using JSF 2.0. > > > > Martin > > > > On Tue, Mar 17, 2009 at 11:02 AM, Mark Thomas wrote: > > > >> Christopher Schultz wrote: > >>> Martin, > >>> > >>> On 3/9/2009 5:44 PM, Martin Dubuc wrote: > >>>> I am wondering if there are plans to support JSF 2.0 when it is > >> released. I > >>>> assume that support for JSF 2.0 will require support for new > servlet/JSP > >>>> specs (somehting like servlet 3.0/JSP 2.2). Would this be done in > >> version > >>>> 7.0 of Tomcat? > >>> http://wiki.apache.org/tomcat/TomcatVersions says there are "no > specific > >>> plans for Tomcat 7.0". It also links to several "notes" files that > don't > >>> exist :( > >> There are plans for Tomcat 7.0. I'll update that page and fix the links. > >> > >> There is no JSP 2.2 spec that I am aware of. Tomcat 7 will support > servlet > >> 3.0 > >> > >> Mark > >> > >>> I would guess that 7.0 would be a good target for JSF 2.0 support (or > at > >>> least support for those APIs that JSF 2.0 requires) but nobody's > >>> promising anything at this point. > >>> > >>> -chris > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Support for JSF 2.0
It is my understanding that Java EE 6 will use JSP 2.2, servlet 3.0 and JSF 2.0. I am wondering if Tomcat 7.0 should also support JSP 2.2 in addition to servlet 3.0. I have seen on the Sun's JSF forum a poster claim that JSF 2.0 would work with JSP 2.0 and servlet 2.5, so I guess Tomcat 6.0.x would be sufficient for Web applications using JSF 2.0. Martin On Tue, Mar 17, 2009 at 11:02 AM, Mark Thomas wrote: > Christopher Schultz wrote: > > Martin, > > > > On 3/9/2009 5:44 PM, Martin Dubuc wrote: > >> I am wondering if there are plans to support JSF 2.0 when it is > released. I > >> assume that support for JSF 2.0 will require support for new servlet/JSP > >> specs (somehting like servlet 3.0/JSP 2.2). Would this be done in > version > >> 7.0 of Tomcat? > > > > http://wiki.apache.org/tomcat/TomcatVersions says there are "no specific > > plans for Tomcat 7.0". It also links to several "notes" files that don't > > exist :( > > There are plans for Tomcat 7.0. I'll update that page and fix the links. > > There is no JSP 2.2 spec that I am aware of. Tomcat 7 will support servlet > 3.0 > > Mark > > > > > I would guess that 7.0 would be a good target for JSF 2.0 support (or at > > least support for those APIs that JSF 2.0 requires) but nobody's > > promising anything at this point. > > > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Support for JSF 2.0
I am wondering if there are plans to support JSF 2.0 when it is released. I assume that support for JSF 2.0 will require support for new servlet/JSP specs (somehting like servlet 3.0/JSP 2.2). Would this be done in version 7.0 of Tomcat? Martin
Force loading a page on restart
I would like to know if it is possible to force a user to a certain page when Tomcat restarts. In my application, if Tomcat is restarted after the user displays a page, the user is not aware of the restart until he/she clicks on a link or button on that page. Then, Tomcat will automatically redirect to the login page. This is OK so far. However, the problem I have is what happens after the user logs in. I am using RichFaces and after login, there usually is some AJAX response being processed, but this usually leads to a page only being partially updated. I would like to force full reload of a specific page, say the users's home page, if Tomcat is restarted after the user has authenticated. How can i do this? I am using Tomcat 6.0.18 and RichFaces 3.3.0. Martin
Re: j_security_check
Christopher, I will describe the browser interactions with regards to the access logs. At 17:13:06, the user accessed the main.jsf page. The session timeout for the application is 1 minute. The main.jsf page has meta tag that redirectes to sessionTimeout.jsf after 1 minute. The main.jsf page also has a window.onbeforeunload directive. After the meta timeout occurs (after 1 minute), I assume the client automatically tries to redirect to sessionTimeout.jsf. Before the redirection takes place, the onbeforeunload event is serviced and a prompt is presented to the user (Do you want to navigate away from current page). In the recorded session, the user pressed OK at 17:28:04. Note that accesses at 17:13:13 and 17:28:01 to the manager application were done to verify if the session was still alive or not. At 17:28:01, the session was not present anymore in the list of live Tomcat sessions. My assumption is that clicking on OK caused the client to be redirected to sessionTimeout.jsf. I do not understand why, but that redirection seems to cause Tomcat to ask for authentication, altough there is no protected resources used by sessionTimeout.jsf or any other URLs that are listed in the access log after 17:13:06. So to answer some of your question more specifically,: - To get the session timeout to kick in after 1 minute, I had to disable some of my application code that was hard coding all sessions maxInactiveInterval value to 15 minutes on startup (bypassing the web.xml value). - The sessionTimeout.jsf was triggered from JavaScript. - The login page does not access any of the protected resources (it doesn't use the stylesheet, nor any images). - I believe that the session expired at 17:14:06, although I think the client only gets redirected to sessionTimeout.jsf at 17:28:04 after user clicks on OK. - I do not know why any request resulted in the login page to be shown in the first place. None of the a4j/*, favicon.ico should trigger the login page. On Tue, Dec 2, 2008 at 1:29 PM, Christopher Schultz < [EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Martin, > > Martin Dubuc wrote: > > I finally managed to get the sessions to time out after 1 minute. > > What did you have to change? > > > Here is the security-constraint definition: > > > > > > > > Page constraints for users > > > > /index.html > > /main.jsf > > /stylesheet.css > > /images/* > > /logOut.jsf > > > > > > myrole > > > > Does your login page attempt to display any of these files? Perhaps an > image or your stylesheet? If so, this isn't going to work properly and > you'll get a bunch of requests that all get sent to the login page after > a session timeout. > > > Here is the access log: > > Care to point out when the session expires? > > > 192.168.0.110 - admin [02/Dec/2008:17:13:13 +] "POST > > /manager/html/sessions?path=/system HTTP/1.1" 200 5114 > > It looks like you wait for 15 minutes, here, and then there's another > request: > > > 192.168.0.110 - admin [02/Dec/2008:17:28:01 +] "POST > > /manager/html/sessions?path=/system HTTP/1.1" 200 4436 > > 192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET /sessionTimeout.jsf > > HTTP/1.1" 200 2614 > > Was this request for /sessionTimeout.jsf done from your javascript code, > or by you typing something into the URL bar of your browser? > > > 192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET > > > /a4j/s/3_2_2.SR1org/richfaces/renderkit/html/css/basic_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf > > HTTP/1.1" 200 6857 > > 192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET > > > /a4j/s/3_2_2.SR1org/richfaces/renderkit/html/css/extended_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf > > HTTP/1.1" 200 4134 > > 192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET > > /a4j/g/3_2_2.SR1org/richfaces/renderkit/html/scripts/skinning.js.jsf > > HTTP/1.1" 200 1164 > > Are any of the above requests related to the problem you are observing? > > > 192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET /favicon.ico > HTTP/1.1" > > 200 21630 > > 192.168.0.110 - - [02/Dec/2008:17:28:11 +] "POST /j_security_check > > HTTP/1.1" 400 1100 > > This is obviously where you get the 400 response. Which request resulted > in the login page being shown in the first place? > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkk1fmgACgkQ9CaO5/Lv0PCddQCgsXyX7KJ5gOZFn2xNeaPPxY3p > 4Z0AoLbp8FYcs6B+lxx/W/Nl7vKRZTyP > =5oYE > -END PGP SIGNATURE- > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
Re: j_security_check
I finally managed to get the sessions to time out after 1 minute. This makes
it much easier for testing purposes! I style get the exception however.
Here is the security-constraint definition:
Page constraints for users
/index.html
/main.jsf
/stylesheet.css
/images/*
/logOut.jsf
myrole
CONFIDENTIAL
Here is the access log:
192.168.0.110 - admin [02/Dec/2008:17:13:02 +] "GET /images/hidden.gif
HTTP/1.1" 200 1510
192.168.0.110 - admin [02/Dec/2008:17:13:02 +] "GET /favicon.ico
HTTP/1.1" 200 21630
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "POST /main.jsf HTTP/1.1"
200 90018
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/a4j/g/3_2_2.SR1org.ajax4jsf.javascript.AjaxScript.jsf HTTP/1.1" 200 53724
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/a4j/g/3_2_2.SR1org.ajax4jsf.javascript.PrototypeScript.jsf HTTP/1.1" 200
95028
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/a4j/g/3_2_2.SR1org/richfaces/renderkit/html/scripts/utils.js.jsf HTTP/1.1"
200 9094
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/a4j/g/3_2_2.SR1org/ajax4jsf/javascript/scripts/form.js.jsf HTTP/1.1" 200
2098
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/a4j/g/3_2_2.SR1org/richfaces/renderkit/html/scripts/form.js.jsf HTTP/1.1"
200 372
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/a4j/g/3_2_2.SR1org/richfaces/renderkit/html/scripts/panelMenu.js.jsf
HTTP/1.1" 200 10162
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/a4j/s/3_2_2.SR1org/richfaces/renderkit/html/css/panelMenu.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf
HTTP/1.1" 200
1262
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/a4j/g/3_2_2.SR1org/richfaces/renderkit/html/scripts/data-table.js.jsf
HTTP/1.1" 200 5500
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET /a4j/s/3_2_2.SR1c
ss/table.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf HTTP/1.1" 200
2717 192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/a4j/g/3_2_2.SR1org/richfaces/renderkit/html/scripts/skinning.js.jsf
HTTP/1.1" 200 1164
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET /stylesheet.css
HTTP/1.1" 200 8715
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET
/images/hiddenimage.gif HTTP/1.1" 200 68
192.168.0.110 - admin [02/Dec/2008:17:13:06 +] "GET /favicon.ico
HTTP/1.1" 200 21630
192.168.0.110 - admin [02/Dec/2008:17:13:13 +] "POST
/manager/html/sessions?path=/system HTTP/1.1" 200 5114
192.168.0.110 - admin [02/Dec/2008:17:28:01 +] "POST
/manager/html/sessions?path=/system HTTP/1.1" 200 4436
192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET /sessionTimeout.jsf
HTTP/1.1" 200 2614
192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET
/a4j/s/3_2_2.SR1org/richfaces/renderkit/html/css/basic_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf
HTTP/1.1" 200 6857
192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET
/a4j/s/3_2_2.SR1org/richfaces/renderkit/html/css/extended_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf
HTTP/1.1" 200 4134
192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET
/a4j/g/3_2_2.SR1org/richfaces/renderkit/html/scripts/skinning.js.jsf
HTTP/1.1" 200 1164
192.168.0.110 - - [02/Dec/2008:17:28:04 +] "GET /favicon.ico HTTP/1.1"
200 21630
192.168.0.110 - - [02/Dec/2008:17:28:11 +] "POST /j_security_check
HTTP/1.1" 400 1100
192.168.0.110 - - [02/Dec/2008:17:28:11 +] "GET /favicon.ico HTTP/1.1"
200 21630
On Tue, Dec 2, 2008 at 11:28 AM, Christopher Schultz <
[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Martin,
>
> Martin Dubuc wrote:
> > I am not sure I understand exactly why, but it seems to me that, although
> > the sessionTimeout.jsp page is not protected, if the user responds to
> > "Navigate away" prompt after Tomcat removes the session from the session
> > list, then, Tomcat presents the login form instead of the session expiry
> > notification page.
>
> Perhaps Tomcat is reacting to a request for a different resource. Can
> you post your access log for the time period around this request? Also,
> you might want to post your sections from web.xml.
>
> > I would also like to know why ${pageContext.session.maxInactiveInterval}
> > evaluates to 900 even if I set the session-timeout variable to 1 minute
> in
> > the application web.xml configuration file (and even in Tomcat
> conf/web.xml
> > file). I find it odd that looking at the manager application main page,
> the
> > sessions listed on that pa
j_security_check
I would like Tomcat to automatically redirect to a special session expiry
notification page when a user session times out. I am currently using the
meta tag to force redirection as follows:
However, I also have an unload Javascipt directive in some of my pages to
prompt users when they navigate away from these pages. The JavaScirpt code
looks like this:
window.onbeforeunload = confirmUnload();
function confirmUnload() {
return "Navigate away?";
}
I am not sure I understand exactly why, but it seems to me that, although
the sessionTimeout.jsp page is not protected, if the user responds to
"Navigate away" prompt after Tomcat removes the session from the session
list, then, Tomcat presents the login form instead of the session expiry
notification page. Once user submits the login form, Tomcat reports an HTTP
Status 400 - Invalid direct reference to form login page. I am not sure
exactly what happens behind the scens and would like to get some advice to
better troubleshoot or fix this kind of issue.
I would also like to know why ${pageContext.session.maxInactiveInterval}
evaluates to 900 even if I set the session-timeout variable to 1 minute in
the application web.xml configuration file (and even in Tomcat conf/web.xml
file). I find it odd that looking at the manager application main page, the
sessions listed on that page show Expire sessions with idle >= 1 minutes,
but yet, the TTL in the application session page starts at 15 minutes and
session only expires after 15 minutes.
I am using Tomcat 6.0.18.
Martin
Redirection after Tomcat restart
I am running Tomcat 6.0.18. My application uses form based authentication. I am not sure how to handle the case where a user navigates to one of the secure page after logging in and Tomcat is restarted. The problem is that from the secured page, if the user clicks on any of the links after the restart, Tomcat will redirect to the login page (which is expected) and then, after the login, it will execute the code that it would normally execute when the user clicks on the link. The problem that I am facing is that since the application is using a new session, there might be some session based variables that are not initialized. Ultimately, if Tomcat is restarted, I would rather the user be redirected to a predetermined page (some kind of home page), but it seems that instead, and I believe this is as per the servlet spec, Tomcat displays the page information it had stored in its container before restarting. Any advice on how to best handle this? Martin
SingleSignOn and session inactivity
I have turned on SingleSignOn on my Tomcat 6.0.18 Web server. I have two
applications running on the server and I would like that the user only have
to log in once to have access to either applications. I am not sure I fully
understand how SingleSignOn should be used. From a user perspective, I would
like that if a user logs in the first application, he/she could access the
second application without requiring authentication. I have been able to
verify single sign on. However, my main issue right now is that if a user
logs in to the first application, but solely uses the second application,
the session that was created while logging in to the first application will
eventually expire and if the user tries to access the first application,
he/she will be booted out, even if he/she recently accessed the second
application.
I have tried to find a workaround, for instance, forwarding to the second
application every time a page from the first application is accessed. Here
is a blurb of the code I have added to one of the JSP pages in the second
application:
ServletContext ctx = application.getContext("/app1");
RequestDispatcher dispatcher = ctx.getRequestDispatcher("/page");
dispatcher.forward(request, response);
I thought this would prevent the session of the first application to
timeout. However, Tomcat does not reuse the session created upon login when
forwarding. Instead, it creates another session. This is why eventually the
session for the first application will time out. If the user accesses the
first application after the session becomes inactive, Tomcat returns a 403
error.
I am wondering if there is anything I could do to ensure that neither of the
application sessions would expire if a user accesses either of the
applications.
Martin
Re: Anybody using GNU Java
I would not recommend using GNU java with Tomcat.
I remember I struggled with installation of JDK 6 on FC5 or FC6 when
it was first released. I figured eventually that there were some
directories that were supposed to be installed by the jpackage-utils
RPM that JDK was looking for that were not on the system. The
directories in question are /usr/lib/java-1.6.0 and
/usr/share/java-1.6.0. I don't remember the exact details, but I think
that the script that runs javac is trying to access library classes in
these directories, but failing to find the directories, it aborts and
returns some crypting error message. Once I manually fixed my build
server, simply adding the missing directories, things started to work.
The version of the jpackage-utils RPM that was installed on my server
when I noticed the problem was jpackage-utils-1.6.6-1jpp_2rh, but
there are no issues with the version that is currently installed on my
system (jpackage-utils-1.7.3-1jpp.2.fc6).
I also spent some time to find a way to cleanly install Sun's JDK on
Fedora Core system using the alternatives procedure. Here is a script
that can be used to force the system to default to Sun's JDK instead
of GNU java:
#!/bin/sh
JAVA_HOME=/usr/java/jdk1.6.0
alternatives --install /usr/bin/javac javac ${JAVA_HOME}/bin/javac
1440 --slave /usr/bin/jar jar ${JAVA_HOME}/bin/jar --slave
/usr/bin/jarsigner jarsigner ${JAVA_HOME}/bin/jarsigner --slave
/usr/bin/javadoc javadoc ${JAVA_HOME}/bin/javadoc --slave
/usr/bin/javah javah ${JAVA_HOME}/bin/javah --slave /usr/bin/rmic rmic
${JAVA_HOME}/bin/rmic --slave /usr/lib/jvm-exports/java
java_sdk_exports ${JAVA_HOME} --slave /usr/lib/jvm/java java_sdk
${JAVA_HOME}
alternatives --install /usr/bin/java java ${JAVA_HOME}/bin/java 1440
--slave /usr/bin/keytool keytool ${JAVA_HOME}/bin/keytool --slave
/usr/bin/rmiregistry rmiregistry ${JAVA_HOME}/bin/rmiregistry --slave
/usr/lib/jvm-exports/jre jre_exports ${JAVA_HOME}/jre --slave
/usr/lib/jvm/jre jre ${JAVA_HOME}/jre
Martin
On 5/29/07, Leon Rosenberg <[EMAIL PROTECTED]> wrote:
On 5/29/07, Omar Eljumaily <[EMAIL PROTECTED]> wrote:
>
> So anyway, is anybody successfully using GNU Java?
I dont think its possible. It simply doesnt work.
If not, does anybody
> have any tips for installing the proper version of Sun's Java on FC6?
Yes.
Goto
http://java.sun.com/javase/downloads/index.jsp
Select
JDK 6u1
Select your OS version.
Download the binary, run it in a folder of your choice.
set JAVA_HOME.
ready.
Leon
P.S. I usually link /usr/local/java to the download location i.e.
/opt/java/jdk.1.6.0
and set the JAVA_HOME to /usr/local/java, and add $JAVA_HOME/bin/ to $PATH.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Java HotSpot warning when using jsvc
I have started using jsvc to launch Tomcat. I am running Tomcat 6.0.13 on Fedora Core 6. My JDK is 6.0u1. I get a warning on startup. Not sure if this should be cause of concern. Anybody seen this before? Is there an explanation? Will this impact functionality or performance in any way? Is there a way to fix this? Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location - find_vma failed I have seen a bug report (ASF Bugzilla 30052) on this issue (JSVC instability). Is JSVC stable? Martin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Encrypting passwords in the connection pool setup
Chris, I am not sure I buy your argument that because there is somewhere else in an implementation that is as insecure as cleartext password, then there is no point in fixing the cleartext password issue. With this argument, we would never care about fixing any security holes, because one can always find a new security hole to exploit. Plus, well, the assumption that someone is using a password-less key with Apache running with SSL is pretty weak, because there are ways to avoid using password-less key. As far as the UNIX password analogy, tomcat may be seen as a user, not UNIX, but it still performs authentication. So in my mind, it is filling in for both roles (UNIX and user). I have the impression that using MD5/SHA hashing would be a good option, because it would be simple, would not require any additional key, would provide some sense of security. Not the silverlining, but better than cleartext, for sure. Martin On 5/1/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, Martin Dubuc wrote: > But it strikes me that Tomcat > is the only application I know where passwords are stored in clear > text. I'll bet that Tomcat is the only application that needs to know its own passwords. Do you have Apache running with SSL? Where do you store the password for the SSL key? I'll bet that you have a password-less key, which is just about the same as a cleartext password lying around. > Why wouldn't we at least store the MD5 hash of the passwords > instead of the password in clear text, or use a scheme similar to the > Unix /etc/passwd file? Because UNIX password files are used to authenticate a user typing their password. In this analogy, Tomcat isn't UNIX, Tomcat is /the user/. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGN2H+9CaO5/Lv0PARAqqrAKDAc7F2rge4Xl0UaND7rhGicN3DYQCdEi4V c9p5LvXt+HudZAMm/98Y3b4= =FqMz -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Encrypting passwords in the connection pool setup
Mark, I also don't feel quite at ease to see passwords in clear text in the server.xml file. True, if the protection on that file is set up properly, there shouldn't be much issue. But it strikes me that Tomcat is the only application I know where passwords are stored in clear text. Why wouldn't we at least store the MD5 hash of the passwords instead of the password in clear text, or use a scheme similar to the Unix /etc/passwd file? I do agree with Richard that there is more to it than protecting from hackers. Enforcing the responsabilities between different roles is also very important. Martin On 5/1/07, Richard DeGrande <[EMAIL PROTECTED]> wrote: Mark, The ability to store encrypted passwords doesn't necessarily have to be used to protect the system from hackers. This would be a GREAT feature to enforce the responsibilities between different roles in a development environment. Also, The encryption doesn't have to be full proof, it just needs to be a deterrent. For the most part it is the people with shell access that I want to remove the ability to read the passwords from. Sometimes security through obscurity is enough. >>> Mark Thomas <[EMAIL PROTECTED]> 4/30/2007 5:30 PM >>> Kelly J Flowers wrote: > I'm using Tomcat 5.5 to run a web application. I have the connection pools > set up and working in the context.xml but the password is in plain text. > Does anyone know of a way to encrypt the password and username to the > database? This is nearly always pointless. A couple of points to consider: 1. If the password is encrypted, where do you store the decryption key? 2. If an attacker can read the context.xml file they probably have shell access to your box. In this case you have bigger problems. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TomCat 6 on Fedora Core 6
Gotta install Java obviously! Martin ;-) On 3/9/07, Adam Lipscombe <[EMAIL PROTECTED]> wrote: OK thanks. So installation is simply a question of un-tarring the binaries in suitable place? Anything else? TIA - Adam Leon Rosenberg wrote: > just download the binaries from tomcat.apache.org. > done. > > On 3/9/07, Adam Lipscombe <[EMAIL PROTECTED]> wrote: >> Folks >> >> >> >> The standard fedora 6 rpm package are still on TC 5.5.17, and I would >> like some guidance on >> installing TC6. >> >> Has anyone tried to install TC 6 on fedora Core 6? >> How easy or difficult is it? >> >> Any pointers to a set of instructions? >> >> >> >> Thanks -Adam >> >> >> - >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > -- Adam Lipscombe Escalus Software Systems [EMAIL PROTECTED] Tel: 08450 170 850 www.expensys.com This email and any files transmitted with it, including replies and forwarded copies, may contain privileged and confidential information and is intended solely for the person or organisation to whom it is addressed. If you have received this communication in error, please notify us by email ([EMAIL PROTECTED]) or telephone (+44 (0)8450 170 850) and then delete the email and any copies of it. Views or opinions expressed by an individual within this email may not necessarily reflect the views of Escalus Software Systems Ltd. Although most emails and attachments from Escalus Software Systems Ltd are screened, it is the responsibility of the recipient to ensure that they are virus free. Escalus Software Systems Ltd will not accept any liability for damage caused by a virus. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and MySQL sync problems
Not sure if it is the same problem, but we had similar issue and resolved it by increasing value of wait_timeout in /etc/my.cnf: wait_timeout=2147483647 I am not sure if the issue we were seeing was tied wth Tomcat or not though. Martin On 1/29/07, Chris Long <[EMAIL PROTECTED]> wrote: Hello, I'm having a problem where it seems Tomcat and MySQL go out of sync and I am no longer able to connect to the MySQL database. The only way I've found to be able to reconnect to my database is to restart Tomcat. This generally seems to happen some time over the course of the night and I notice the problem when I check on things in the morning, but it doesn't seem to happen every time. Does anyone have any idea what may be causing this and how to fix it? Here is a list of what I'm using: Tomcat 5.5.17 MySQL 14.12 Hibernate 3.2 mysql-connector-java-5.0.4 JAVA 1.5 Windows XP Pro [Jan 29 2007 (Mon)9:30:56 EST] ERROR [http--Processor20]( org.hibernate.util.JDBCExceptionReporter) - No operations allowed after connection closed.Connection was implicitly closed due to underlying exception/error: ** BEGIN NESTED EXCEPTION ** com.mysql.jdbc.CommunicationsException MESSAGE: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION ** java.net.SocketException MESSAGE: Software caused connection abort: socket write error STACKTRACE: java.net.SocketException: Software caused connection abort: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java :65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:2637) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1554) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1665) at com.mysql.jdbc.Connection.execSQL(Connection.java:3176) at com.mysql.jdbc.PreparedStatement.executeInternal( PreparedStatement.java:1153) at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java :1266) at org.hibernate.jdbc.AbstractBatcher.getResultSet(AbstractBatcher.java :186) at org.hibernate.loader.Loader.getResultSet(Loader.java:1778) at org.hibernate.loader.Loader.doQuery(Loader.java:662) at org.hibernate.loader.Loader.doQueryAndInitializeNonLazyCollections( Loader.java:224) at org.hibernate.loader.Loader.doList(Loader.java:2211) at org.hibernate.loader.Loader.listIgnoreQueryCache(Loader.java:2095) at org.hibernate.loader.Loader.list(Loader.java:2090) at org.hibernate.loader.hql.QueryLoader.list(QueryLoader.java:388) at org.hibernate.hql.ast.QueryTranslatorImpl.list( QueryTranslatorImpl.java:338) at org.hibernate.engine.query.HQLQueryPlan.performList(HQLQueryPlan.java :172) at org.hibernate.impl.SessionImpl.list(SessionImpl.java:1121) at org.hibernate.impl.QueryImpl.list(QueryImpl.java:79) at org.hibernate.impl.AbstractQueryImpl.uniqueResult( AbstractQueryImpl.java:804) at com.tne.nres.projectTracker.ProjectTrackerServlet.validateUser(Unknown Source) at com.tne.nres.projectTracker.ProjectTrackerServlet.doPost(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection (Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:684) at java.lang.Thread.run(Thread.java:595) ** END NESTED EXCEPTION ** Last packet sent to the server was 16 ms ago. STACKTRACE: com.mysql.jdbc.CommunicationsException: Communications link failure due to underlying exception: ** BEGIN NESTED EXCEPTION ** java.net.SocketException MESSAGE:
Re: CGIServlet in Tomcat 6
Not sure if this is all that is required, but in the Context section of the webapp context.xml file, you need to add privileged=true property. Martin On 1/23/07, Yannick Haudry <[EMAIL PROTECTED]> wrote: Hi all, I'm using CGI servlet in Tomcat 5 without any problem, but with Tomcat 6 I get this error when deploying my web application: java.lang.SecurityException: Servlet of class org.apache.catalina.servlets.CGIServlet is privileged and cannot be loaded by this web application In Tomcat 6, I noticed that the servlet-cgi.jar is now part of catalina.jar, but that's it. thanks a lot for any advice. Yannick compete error message: java.lang.SecurityException: Servlet of class org.apache.catalina.servlets.CGIServlet is privileged and cannot be loaded by thisweb application at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1134) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4044) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4350) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825) at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022) at org.apache.catalina.core.StandardHost.start(StandardHost.java:719) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:451) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:552) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6.0.8 & JSF 1.2 RI
I am able to use JSF 1.2_03 RI inside Tomcat 6.0.8. Ensure you have
the JSTL 1.2 also loaded.
Martin
On 1/22/07, Zaphod <[EMAIL PROTECTED]> wrote:
I try to use the JSF 1.2_03 RI with Tomcat 6.0.8.
I get a NullPointerException:
Servlet.service() for servlet jsp threw exception
java.lang.NullPointerException
at org.apache.jsp.VDVRequest_jsp._jspInit(VDVRequest_jsp.java:25)
at org.apache.jasper.runtime.HttpJspBase.init(HttpJspBase.java:80)
at
org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:157)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:320)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:228)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:212)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:634)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:445)
at java.lang.Thread.run(Unknown Source)
in VDVRequest_jsp.java:
public void _jspInit() {
_005fjspx_005ftagPool_005ff_005fview =
org.apache.jasper.runtime.TagHandlerPool.getTagHandlerPool(getServletConfig());
_005fjspx_005ftagPool_005fh_005foutputText_005fvalue_005fnobody =
org.apache.jasper.runtime.TagHandlerPool.getTagHandlerPool(getServletConfig());
[here is line no. 25:]
_el_expressionfactory =
JspFactory.getDefaultFactory().getJspApplicationContext(getServletConfig().getServletContext()).getExpressionFactory();
_jsp_annotationprocessor = (org.apache.AnnotationProcessor)
getServletConfig().getServletContext().getAttribute(org.apache.AnnotationProcessor.class.getName());
}
I suppose JspFactory.getDefaultFactory() is null.
But why?
I suppose it is a configuration problem or a tomcat bug.
I have the jsf-api, jsf-impl and jstl JARs in my lib folder and I switched
verfication off.
Is there any workaround to initialize the JspFactory?
--
View this message in context:
http://www.nabble.com/Tomcat-6.0.8---JSF-1.2-RI-tf3059080.html#a8505670
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.5, java 6 and jconsole not working as service
I haven't been successful running Tomcat on Java 6. My guess is that Tomcat can't run yet on Java 6. Martin On 1/9/07, teknokrat <[EMAIL PROTECTED]> wrote: I am running Tomcat 5.5 as a service using Java 6. I try to connect jconsole locally but it can't seem to find tomcat. Anyone know how I can do this? thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Getting the Tomcat Native library to work under Fedora
I guess most of us have wondered at one point or another what this message means: "INFO: The Apache Tomcat native library which allows optimal performance in production environments was not found on java.library.path" in the catalina.out log. Only recently have I spent time trying to figure out the meaning of this message. This message is logged on Tomcat startup if Tomcat cannot find the Native library. Tomcat works fine without this library, but not as optimal. I have spent some time trying to get the Tomcat Native library to work under Fedora. I thought it might be a good thing if I shared my experience in the matter. A tomcat-native.tar.gz archive is packaged in the bin directory of the tomcat binary and I guess it probably is straightforward to install the library from this package, but the deployment model that I am using is such that there is no compiler on the machine where Tomcat is installed. I had to build an RPM in order to install the Tomcat Native library on the machine. As pointed out by Jonas Pasche, the SPEC file that is delivered with version 1.1.7 of Tomcat Native library is broken, and I had to fix it before being able to get the RPM to build. Look at http://jonaspasche.com/patches/tcnative-1.1.7-bugfixes.patch for a description of the required changes. After I installed the APR and the Tomcat Native RPMs, Tomcat was still showing the info message. I found out looking at the list that I needed to point Tomcat to where these libraries where stored. The trick is to set LD_LIBRARY_PATH to point to them, for instance, adding this line to catalina.sh: LD_LIBRARY_PATH=/usr/lib:/lib and ensuring LD_LIBRARY_PATH environement varaible is visible Tomcat. That still didn't fix the problem completely. I figured after running some tests that Tomcat was looking for a libtcnative-1.so file, but the RPM installed libtcnative-1.so.0. After I created a libtcnative-1.so softlink that pointed back to libtcnative-1.so.0, Tomcat loaded the native library. There are some changes to do in the server.xml file (for instance the SSLCertificateFile parameter needs to be configured). See http://tomcat.apache.org/tomcat-6.0-doc/apr.html for details on the parameters. Martin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to set app as default context in Tomcat?
The way I am handling this, and it is probably not very clean, but it works for me, is to define an index.html file in webapps/ROOT with this content: On 12/7/06, kkus <[EMAIL PROTECTED]> wrote: I am using Tomcat 5.5.20 and my app in XP. I need set my app as default context so I will only use url localhost:8080 instead of localhost:8080/app. The way I found is to set a in of server.xml. But this led to my app loaded twice when it started. Meanwhile 5.5.20 has discouraged use of in , which is correct for my app since it has its own context.xml under meta-inf folder. The only line I added in server.xml is as below( only), My context.xml is, Can anyone give me some hints? Thanks! -- View this message in context: http://www.nabble.com/How-to-set-app-as-default-context-in-Tomcat--tf2776569.html#a7745991 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
CGI Servlet in Tomcat 6.0.2
I would like to use the CGI servlet in Tomcat 6.0.2, but I get this error message when enabling it: java.lang.SecurityException: Servlet of class org.apache.catalina.servlets.CGIServlet is privileged and cannot be loaded by this web application I have read the documentation and it looks like there needs to be some policies defined in the catalina.policy file on a web application basis, but I do not know what they should be. I also noticed in the web.xml file that there is mention of $CATALINA_HOME/server/lib/servlets-cgi.renametojar I found the CGIServlet class inside catalina.jar. So, I assume the comment in the web.xml file is remnants from the previous release... Martin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 6.0.2 Deployer
I would like to deploy a web app inside Tomcat 6.0 with the deployer app, but I can't build it. I untared the Tomcat 6.0.2 deployer archive and tried to run ant to build the deployer app. I got the following error: Buildfile: build.xml clean: [delete] Deleting directory /tmp/apache-tomcat-6.0.2-deployer/build compile: BUILD FAILED /tmp/apache-tomcat-6.0.2-deployer/build.xml:39: /tmp/apache-tomcat-6.0.2-deployer/myapp not found. Total time: 1 second If I create myapp in the deployer directory and run ant again, I get the following error: Buildfile: build.xml clean: compile: [copy] Copied 1 empty directory to 1 empty directory under /tmp/apache-tomcat-6.0.2-deployer/build/webapp/myapp BUILD FAILED /tmp/apache-tomcat-6.0.2-deployer/build.xml:47: java.lang.NoClassDefFoundError: org.apache.jasper.compiler.JspRuntimeContext Total time: 2 seconds Version of ant installed on my system is 1.6.5. Martin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 6.0.2 and JSF
I am trying to port my Web app from Tomcat 5.5 to Tomcat 6.0. I would like to perform the migration in two steps, first by upgrading Tomcat, then migrating from JSF 1.1 to JSF 1.2. I currently get some errors in my JSF 1.1 pages. The first time I use a managed bean in one of the expression values, I get the following error: According to TLD or attribute directive in tag file, attribute value does not accept any expressions I have seen a posting that seems to suggest that the same issue exists when running JSF 1.2. I would like to know if someone has been successful running JSF inside Tomcat 6.0.2 and if there are undocumented steps to get this to work. Martin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Servlet filter on j_security_check
I am using form based authentication in my application. I would like to know if it is possible to install a Servlet filter on j_security_check. I have tried to install one, but it never gets invoked. Here is my filter definition in application web.xml: LoginFilter LoginFilter Performs pre-login and post-login operation LoginFilter /j_security_check I have some logs in the doFilter function. It seems like doFilter never gets called. However, if I set the url-pattern property to /*, doFilter gets called while rendering pages, but doesn't seem to be invoked from j_security_check. Comments? Suggestions? Martin - Bring words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail.
Re: Identifying a page with no extension to be a JSP
Yees! I had tried to put the filename as a URL pattern, but without the path Tomcat didn't like it. Now, just adding a slash in front a the filename solves my problem! Thanks! Martin Christian Andersson <[EMAIL PROTECTED]> wrote: if you just want to do it for this file, just add the filename instead of the *, for example jsp /path/file in your web.xml this has worked for me, when I've done it for files in the main path anyway, but I suppose it will work for other parts also.. /Christian Andersson Martin Dubuc wrote: > I have a page that has some JSP directives in it and I would like my Web > server to process it as such, but the filename for this page is fixed and > does not contain an extension. Is there a configuration item I can use in > Tomcat to indicate that this file must be processed by the JSP engine? I have > tried setting a URL pattern of form "path/*" but Tomcat seems to require a > dot in the URL pattern. > > > > - > Bring words and photos together (easily) with > PhotoMail - it's free and works with Yahoo! Mail. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new and used cars.
Identifying a page with no extension to be a JSP
I have a page that has some JSP directives in it and I would like my Web server to process it as such, but the filename for this page is fixed and does not contain an extension. Is there a configuration item I can use in Tomcat to indicate that this file must be processed by the JSP engine? I have tried setting a URL pattern of form "path/*" but Tomcat seems to require a dot in the URL pattern. - Bring words and photos together (easily) with PhotoMail - it's free and works with Yahoo! Mail.
Session timeouts
I am having some problems with session timeouts. I set the session-timeout property to 15 minutes in the Tomcat global web.xml and also in my application web.xml. However, Tomcat is not always timing out when sessions are inactive more than 15 minutes. On some systems, it behaves as I expect. When the session times out (after 15 minutes) and the user requests to display a page, the login page is shown and user needs to log in once again. However, in other situations, and I can't really link this to a specific machine, the session never seems to expire. I can browse any page of the application regardless how much delay there is between accesses. Sometimes, rebooting the machine fixes the problem. Sometimes not. I am wondering if anyone in this list has experienced this problem, if this is a known issue, if there is any plans to fix this (if it is a real issue) and if there is a workaround. Martin - Do you Yahoo!? With a free 1 GB, there's more in store with Yahoo! Mail.
File descriptors vs. CGI execution
I am running Tomcat 5.5.12. I have noticed with lsof that every time a CGI script is executed within Tomcat, the number of file descriptors used by Tomcat increases by 1. Once in a while, the number of file descriptors drops to its initial level. However, I am seeing many instances where the number of file descriptors increases steadily until it reaches a large number (around 1000 files). At that point, when the script executes, the web server generates an HTTP status 500 error page. If I execute the script after the Web server has done some maintenance work and the number of file descriptors is back to an acceptable level, then, the CGI script executes without any issues. I have done some experiments by running some java code as part of an application that runs on the Web server. If I run a system call (unsing Runtime.getRuntime().exec) and grab the input/output/error streams, but do not explicitly close them, the number of file descriptor in use increases and stays to this level for some time. Eventually, it comes back to the original number. I have the impression that there is a link between garbage collection and the recylcing of file descriptors. Anybody has experienced something similar? Is this an issue that should be solved in Tomcat. Are there workarounds? Martin - Yahoo! Photos Got holiday prints? See all the ways to get quality prints in your hands ASAP.
Re: Certificate Revocation Lists in Tomcat 5.5
1) crlFile is a standard parameter for Connector since
Tomcat 5.5.10 if my recollection is right.
2) There are no quirks in using it.
Martin
--- Kennedy Roberts <[EMAIL PROTECTED]> wrote:
> After doing some research, I have found a few
> examples of
> {tomcat.home}/conf/server.xml files online that use
> the "crlFiles" param as
> part of a connector. Is this a standard parameter
> that can be used in the
> server.xml file? I ask because the sites where I
> have found these examples
> are not clear in whether this is some "added"
> functionality. The reason I
> don't try it out myself is because at this point I
> don't have a CRL which
> contains any of the certificates we use in our
> development environment.
>
> To summarize:
>
> 1) Is the crlFiles param a standard
> element?
>
> 2) Has (does) anyone use this param, and are there
> any quirks to using it.
>
> Thanks,
>
> Kennedy
>
>
> - Original Message -
> From: "Martin Dubuc" <[EMAIL PROTECTED]>
> To: "Tomcat Users List"
> Sent: Tuesday, November 29, 2005 3:11 PM
> Subject: RE: Certificate Revocation Lists in Tomcat
> 5.5
>
>
> > CRL support is present in Tomcat 5.5.12.
> >
> > I am not an expert on Tomcat CRL support but what
> I
> > know is the following:
> >
> > - You will need to recompile some of the
> > tomcat-util.jar classes with JDK 1.5 because
> Tomcat
> > 5.5.12 was compiled with JDK 1.4. The classes to
> be
> > recompiled are:
> > org.apache.tomcat.util.net.jsse.JSSE15Factory and
> >
> org.apache.tomcat.util.net.jsse.JSSE15SocketFactory
> > classes.
> > - The crlFile property needs to be added inside
> your
> > SSL Connector in the server.xml file. The value is
> the
> > location of the CRL file on your system.
> >
> > Regards,
> >
> > Martin
> >
> > --- "Duan, Nick" <[EMAIL PROTECTED]>
> wrote:
> >
> >> Tomcat currently doesn't support cert validation
> >> against CRL. You may
> >> want to use Apache's mod_ssl to do the CRL
> checking.
> >> You will have to
> >> use mod_jk to connect Apache web server with
> tomcat.
> >>
> >> SSL is very computational intensive. Use
> Apache's
> >> httpd to do the SSL
> >> work is more efficient than to use Java-based
> >> tomcat.
> >>
> >> ND
> >>
> >> -Original Message-
> >> From: Kennedy Roberts
> [mailto:[EMAIL PROTECTED]
> >> Sent: Tuesday, November 29, 2005 10:55 AM
> >> To: users@tomcat.apache.org
> >> Subject: Certificate Revocation Lists in Tomcat
> 5.5
> >>
> >> Hi all,
> >>
> >> We've recently migrated our (SSL enabled) web
> >> application from
> >> SunOne to
> >> Tomcat 5.5, and I can't find any information on
> >> handling Certificate
> >> Revocation Lists in Tomcat. In SunOne, there was
> a
> >> function in the
> >> administration console that let you import a CRL.
> >> Is there any
> >> equivalent
> >> in Tomcat, or perhaps some other command line
> >> equivalent?
> >>
> >> Thanks for your help.
> >>
> >> -Kennedy
> >>
> >>
> >>
> >
>
-
> >> To unsubscribe, e-mail:
> >> [EMAIL PROTECTED]
> >> For additional commands, e-mail:
> >> [EMAIL PROTECTED]
> >>
> >>
> >>
> >
>
-
> >> To unsubscribe, e-mail:
> >> [EMAIL PROTECTED]
> >> For additional commands, e-mail:
> >> [EMAIL PROTECTED]
> >>
> >>
> >
> >
> >
> >
> >
> > __
> > Yahoo! Mail - PC Magazine Editors' Choice 2005
> > http://mail.yahoo.com
> >
> >
>
-
> > To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> > For additional commands, e-mail:
> [EMAIL PROTECTED]
> >
>
>
>
-
> To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
__
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Certificate Revocation Lists in Tomcat 5.5
CRL support is present in Tomcat 5.5.12. I am not an expert on Tomcat CRL support but what I know is the following: - You will need to recompile some of the tomcat-util.jar classes with JDK 1.5 because Tomcat 5.5.12 was compiled with JDK 1.4. The classes to be recompiled are: org.apache.tomcat.util.net.jsse.JSSE15Factory and org.apache.tomcat.util.net.jsse.JSSE15SocketFactory classes. - The crlFile property needs to be added inside your SSL Connector in the server.xml file. The value is the location of the CRL file on your system. Regards, Martin --- "Duan, Nick" <[EMAIL PROTECTED]> wrote: > Tomcat currently doesn't support cert validation > against CRL. You may > want to use Apache's mod_ssl to do the CRL checking. > You will have to > use mod_jk to connect Apache web server with tomcat. > > SSL is very computational intensive. Use Apache's > httpd to do the SSL > work is more efficient than to use Java-based > tomcat. > > ND > > -Original Message- > From: Kennedy Roberts [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 29, 2005 10:55 AM > To: users@tomcat.apache.org > Subject: Certificate Revocation Lists in Tomcat 5.5 > > Hi all, > > We've recently migrated our (SSL enabled) web > application from > SunOne to > Tomcat 5.5, and I can't find any information on > handling Certificate > Revocation Lists in Tomcat. In SunOne, there was a > function in the > administration console that let you import a CRL. > Is there any > equivalent > in Tomcat, or perhaps some other command line > equivalent? > > Thanks for your help. > > -Kennedy > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDBC Resource Configuration
I am defining a number of JNDI resources in the server.xml file in the GlobalNamingResources section. As part of defining JDBC resources in this section, the username and password attributes are specified. The password is specified as clear text. I am wondering if there are ways to encrypt the passwords used for the JDBC resources or if it is possible not to define at all, but provide it in the Java sources instead. Martin __ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
HTTP Status 403
When a large page is displayed by Tomcat 5.5.12 and the session timeout occurs, if the user clicks a link on the present page to go to another page, because the session has timed out, Tomcat is supposed to present the login page. However, it seems like Tomcat tries to cache the previous page content before jumping to the login page. If the page to cache is very large, Tomcat presents the follwing status report page instead of the login page: HTTP Status 403 - The request body was too large to be cached during the authentication process type Status report message The request body was too large to be cached during the authentication process description Access to the specified resource (The request body was too large to be cached during the authentication process) has been forbidden. Apache Tomcat/5.5.12 I have tried to configure my web.xml to present the login page instead of the Tomcat status report when error 403 takes place. The login page is displayed, but if the user attempts to log in, au authentication timeout status page is displayed instead. Not sure how to handle this kind of error condition. Martin __ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
