Markus,
Stephen Caine wrote:
A simple way to restart Tomcat from a non-root user would be nice.
Interesting wish. A non-root user with the right to control my
system services is approximately the last thing I would want to see.
Well, if you can set a 'user' option for startup, why not s
Hi
This undeploy does not happen during startup. It happens after receiving few
TCP and UDP messages.
Now the app gets un-deployed and does not get re-deployed. No additional
information was provided why the app got un-deployed.
I want to know the root cause of why the app being un-deployed?
th
On 8/20/07, Brian Munroe <[EMAIL PROTECTED]> wrote:
>
> There might be some security settings you may need to tweak. What
> those are, I have no Idea.
>
Or after a Google search, because I was curious, IE7 doesn't like SHA-1:
http://blogs.atlassian.com/developer/2007/06/ie7_on_vista_and_ssl.htm
Hi all,
I've been setting up Tomcat 5.5, with Java 5 on a Debian Etch server
with a lot of success and just one problem - Tomcat seems to take a
long time to load. I think the problem started when I installed APR/
tomcat native and enabled SSL through it but it's hard to pin point
because t
On 8/20/07, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
> autossh, but that would fall under your tunneling category.
> I think those are only options, I can't think of anything else
yep, unfortunately. Thanks anyways.
I will probably just end up using IPSec.
-- brian
-
Matthew Kerle wrote:
> ok, found the following:
> http://issues.apache.org/bugzilla/show_bug.cgi?id=26372
> &
> http://issues.apache.org/bugzilla/show_bug.cgi?id=27371 (depended-on)
>
> is that the one you mean?
This wasn't one of the ones I was thinking of.
> we use commons-logging so we've nev
Brian Munroe wrote:
I am well aware after STW that the 2 best suggestions for securing
traffic between Apache httpd and Tomcat over AJP (either using
mod_jk_proxy or mod_jk), is:
1. Use either IPSec, stunnel, etc.
2. Don't use AJP and proxy https between Tomcat and Apache.
Any other options?
does the undeploy happen during startup? or after running for a while?
if it is during runtime, you can disable the host autoDeploy
Filip
satish viswanatham wrote:
Is there way to log more details about why HostConfig checkResources was
called? On an exception or some other problem?
Aug 20
Milanez, Marcus wrote:
Should I always assume that the resources that my application access
(like a database for example) doesn't need additional security,
because it is hosted in a server, and if this so called server was
attacked them worse things could actually happen?
Generally I would expect w
On 8/20/07, Mark Thomas <[EMAIL PROTECTED]> wrote:
> Looks like time to start looking at the network traffic to figure out
> what is going wrong.
>
Either that, or my guess is Vista is being "helpful" and not allowing
sites with self-signed or untrusted SSL certificates to pass through
to the use
I am well aware after STW that the 2 best suggestions for securing
traffic between Apache httpd and Tomcat over AJP (either using
mod_jk_proxy or mod_jk), is:
1. Use either IPSec, stunnel, etc.
2. Don't use AJP and proxy https between Tomcat and Apache.
Any other options? I'd really like to e
David Roberts wrote:
> Anyone know how I can allow Internet Explorer on Windows Vista to see an SSL
> based webapp, running on Tomcat 5.0.28 with j2sdk1.4.2_06, when using your
> own certificate?
Looks like time to start looking at the network traffic to figure out
what is going wrong.
Mark
--
Stephen Caine wrote:
> A simple way to restart Tomcat from a non-root user would be nice.
Interesting wish.
A non-root user with the right to control my system services is
approximately the last thing I would want to see.
Regards
mks
---
Hi,
If I understand Filip's answer correctly... the difference between the
default tomcat-juli.jar and the output/extras/tomcat-juli.jar is that the
first one is some glue code that hardcodes commons-logging to work only
with java.util.logging and the second supports the "complete"
commons-loggi
Is there way to log more details about why HostConfig checkResources was
called? On an exception or some other problem?
Aug 20, 2007 1:24:54 PM org.apache.catalina.startup.HostConfigcheckResources
> INFO: Undeploying context [/tester]
thanks
Satish
On 8/20/07, satish viswanatham <[EMAIL PROTECT
Tracy,
The JSP does a call to a method in our app -- which if it runs, that means
the app is up and available -- the method does a simple query against the DB
and then returns a status of OK if the method runs through just fine.
In our example from this weekend -- the health.jsp (which is the one
Dan,
True enough, except then those queries would get held as a user session, and
we don't want that -- which is why we have a 'skinny' health.jsp that checks
our app -- and 'should' crash if there are any issues with tomcat or the
application -- but in this case, the main pages were getting out o
Hi Filip,
Thank you for a quick response. I do have reloadable="false" in my context.
I do not see web.xml's time stamp changing.
thanks
Satish
On 8/20/07, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
>
> make sure your turn reloadable="false" for your context,
> and make sure nothing m
Well, since you asked...
... or use jsvc which lets Tomcat drop privileges after binding to
a privileged port and which is distributed with the Tomcat archives.
Did you use it?
did you like it?
We have no reason but the port to give the tomcat-user any
privilege (even if only at booting);
I will be out of the office starting 08/20/2007 and will not return until
08/23/2007.
I will respond to your message when I return, but can be reached at 952 836
4385 (send a txt if possible, since I won't be able to answer many calls)
make sure your turn reloadable="false" for your context,
and make sure nothing modifies the timestamp of WEB-INF/web.xml
Filip
satish viswanatham wrote:
Hi
I have a Servlet- which start TCP and UDP MINA servers. After receiving few
packets on the server - the servlet gets un-deployed. Not java
Hi
I have a Servlet- which start TCP and UDP MINA servers. After receiving few
packets on the server - the servlet gets un-deployed. Not java stack trace
or details were available in the logs. Is there is a way to debug this? The
code runs fine outside Tomcat. I think MINA uses Sl4J and I made su
the easiest way to fix it would be
1. check what name the command `hostname` spits out
2. make sure that /etc/hosts contains that hostname and IP address
or you could go the other way
http://tomcat.apache.org/tomcat-6.0-doc/config/cluster-receiver.html
look for the address attribute
see the http
First, thanks in advance!
I have been playing with the 1.2.23 version of the JK Connector. In
particular, I've been setting up an Apache 2 front end to multiple
Tomcat 6's by using load balancing workers delegating to "real" workers.
For the most part the documentation is quite clear, but somethi
Kim,
You mentiond "fool-proof"... Perhaps a multi-pronged approach is best,
if you have the time and inclination to implement it.
1) Apps can have "issues" for lots of reasons (running out of memory, db
load and/or locks, thread deadlocks, etc, etc.) In lots of cases the
VM/Tomcat are "OK", but
You might need to think about the necessary aspects of your solution
first. Some of those might be:
- Necessity of High Availability, more precisely, amount of availability
needed (planned and unplanned downtimes, allowed planned downtimes, when
and how long and how much in before declared)
Greetings. I have trolled the mailing list archives, but didn't see
anything that helped me, so, I'm hoping that some kind soul can offer some
insight.
I have just upgraded our production servers from Apache 2.0.53, Tomcat
5.5.23, mod_jk 1.2.19 to Apache 2.2.4, Tomcat 6.0.13, mod_jk 1.2.25 in ord
Hi, I'm planing to do load balancing on my 3 apache tomcat server.
Actually they are windows 2003, 5.5.23, ibm jdk 1.5.
I'm planing to put a linux in the front who balances the load for the 3
servers. I read about the issue and there are several solutions. This is
a small farm, maybe up to 10 serve
I configure tomcat to debug remotly from Eclipse:
start "Configure Tomcat". Go to Java tab. add the following 2 lines.
-Xdebug
-Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n
Then go to Startup tab and add the following two lines in the arguments
entry box.
jpda
start
Restarting tom
You guys have no idea how happy I am.
David Hesson wrote:
Opera totally works. I just uploaded a 4.2GB file with it :) Thank
you guys so much. Solution to uploading >2GB files was indeed not a
Tomcat issue. The login page will now contain the following text:
To upload files > 2GB, here ar
Opera totally works. I just uploaded a 4.2GB file with it :) Thank you
guys so much. Solution to uploading >2GB files was indeed not a Tomcat
issue. The login page will now contain the following text:
To upload files > 2GB, here are a list of browsers...
1) Opera
2) ?
:) Cheers and many t
Just like with sendRedirect, you would branch your code so that it
either forwards to your 'denyURI' page or calls doFilter.
On Mon, 2007-08-20 at 12:42, Hehl, Thomas wrote:
> Hmmm. So then for the example cited, the parameter to getRequestDispatcher()
> would be denyURI?
>
> What about the doFi
Thanks, will do.
Len Popp wrote:
Yes, I've seen problems with IE and Firefox uploading files > 2GB (but
I haven't tested the latest versions). The browser either sends a
bogus Content-Length, or it doesn't send a request at all!
David, try your test JSP with the Opera browser. It seems to be ab
Yes, I've seen problems with IE and Firefox uploading files > 2GB (but
I haven't tested the latest versions). The browser either sends a
bogus Content-Length, or it doesn't send a request at all!
David, try your test JSP with the Opera browser. It seems to be able
to send large files.
--
Len
On
Hmmm. So then for the example cited, the parameter to getRequestDispatcher()
would be denyURI?
What about the doFilter()?
-Original Message-
From: Ben Souther [mailto:[EMAIL PROTECTED]
Sent: Monday, August 20, 2007 12:39 PM
To: Tomcat Users List
Subject: Re: FW: Filter
Look at RequestDi
Look at RequestDispatcher.forward.
All of this takes place on the server and doesn't change the URL.
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/RequestDispatcher.html#forward(javax.servlet.ServletRequest,%20javax.servlet.ServletResponse)
On Mon, 2007-08-20 at 11:35, Hehl, Thomas wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Hesson wrote:
> Servlets are never reached in the web application, only the filters are
> hit. Servlet calls seem to be getting skipped.
Your filters are called, but not the servlet? That's odd. Can you post
the code to your filters? Or
a 5.5.25 tag is planned for Friday, includes both of those fixes
Filip
Lanoux, Mark wrote:
Does any know if a fix to Tomcat 5.5 will be done to remediate security
issues CVE-2007-3382 and CVE-2007-3385?
http://securitytracker.com/alerts/2007/Aug/1018556.html
http://securitytracker.com/alerts/
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan,
Dan Armbrust wrote:
A simple cron job that points to a URL using lynx, and greps the
output for what it should see will do the trick...
I would use wget instead of Lynx, but that's just me.
Don't forget that the O
Well I am a new developer (I was still in college when I began helping
with this project) My boss told me the client would like to use .NET,
and I got kind of excited because I haven't worked with .NET/ASP/C# for
quite a bit, and I love the compiler, but he talked the client out of it
(the cli
| From: redminator [mailto:[EMAIL PROTECTED]
| Sent: Monday, 20 August, 2007 02:50
|
| I have some javascript code that creates a slide menu. It works fine
both
| in IE and Mozilla.
|
| But, when I integrate that code in a page which I open from tomcat,
the
| code
| doesn't work anymore when I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Markus,
Markus Schiegl wrote:
> a few days ago i had the same question/problem. i found:
>
> http://www.motobit.com/help/scptutl/pa98.htm
>
> If this is correct (my own limited tests confirmed it) you're effectivly
> limited to 2GB uploads using HTT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan,
Dan Armbrust wrote:
> A simple cron job that points to a URL using lynx, and greps the
> output for what it should see will do the trick...
I would use wget instead of Lynx, but that's just me.
Don't forget that the OP said that his JSPs appear
How is your JSP checking your application? Are you issuing a request to
your app and checking the HTTP status? If so, why isn't it recognizing
the 500? Or is the JSP in your application which is failing?
| -Original Message-
| From: Kim Albee [mailto:[EMAIL PROTECTED]
| Sent: Monday, 20
Hi,
a few days ago i had the same question/problem. i found:
http://www.motobit.com/help/scptutl/pa98.htm
If this is correct (my own limited tests confirmed it) you're effectivly
limited to 2GB uploads using HTTP and it's not tomcat's problem alone -
if at all.
kind regards,
Markus
David He
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Hesson wrote:
> I have installed 6.0.14 now and the same problem persists. I am
> starting to worry about our choice to use Java for this web application
> project now...
I know for a fact that Tomcat 5.5 can accept bigger-than-2GB uplo
A simple cron job that points to a URL using lynx, and greps the
output for what it should see will do the trick...
Dan
On 8/20/07, Kim Albee <[EMAIL PROTECTED]> wrote:
> Hello --
>
> We have a load balanced situation, and we have a JSP that runs and checks
> our application to ensure it's up and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Hesson wrote:
> Hello, thanks for the information received thus far and trying to assist
> me. With regards to the Integer problem:
[snip]
> C:\Documents and Settings\David\Desktop>java test
> -2147483640
>
> It overflows when they are
> From: David Hesson [mailto:[EMAIL PROTECTED]
> Subject: Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
>
> If I were to compile and run all this on a 64 bit,
> do integers use 32 bit still
Recompilation for different platforms is never needed for Java code -
that's one of its advant
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David,
David Delbecq wrote:
> For now, the layout is Filter that check userPrincipal. If user
> principal is not null for the first time, issues that check, mark
> that user got checked for next times, in session, and continue query.
> However, if i
Does any know if a fix to Tomcat 5.5 will be done to remediate security
issues CVE-2007-3382 and CVE-2007-3385?
http://securitytracker.com/alerts/2007/Aug/1018556.html
http://securitytracker.com/alerts/2007/Aug/1018557.html
We would rather not have to upgrade to 6.0.14 at this time
Thanks,
OK, since no one had a suggestion about that, is there ways out of a filter
that won't re-write the URL? Maybe instead of using response.redirect?
Thanks.
_
From: Hehl, Thomas
Sent: Monday, August 20, 2007 8:42 AM
To: 'users@tomcat.apache.org'
Subject: Filter
Our application h
Wow, I wonder if I'm going to have to do some kind of Applet to get this
to work properly? Another solution is forwarding requests to some FTP
app, but they want progress bars. If I were to compile and run all this
on a 64 bit, do integers use 32 bit still or are they knocked up to 64
in Java
> From: David kerber [mailto:[EMAIL PROTECTED]
> Do you know if .NOT will let upload these giant files?
Definitely not on 32-bit (see http://support.microsoft.com/kb/295626).
The address space maxes out at 1 Gbyte, and IIS has to buffer the bytes
in RAM before ASP.NET can process them.
http://as
No clue, I guess that is an assumption on my behalf. If it doesn't, I'd
be delighted to know that. Will do some research shortly.
David kerber wrote:
David Hesson wrote:
I have installed 6.0.14 now and the same problem persists. I am
starting to worry about our choice to use Java for this w
David Hesson wrote:
I have installed 6.0.14 now and the same problem persists. I am
starting to worry about our choice to use Java for this web
application project now... the client insisted that we used .NET
framework or 'Microsoft' products if you will, but limitations arise.
I just won't
Currently, I am posting to another jsp page that just prints out the
method used (should say post if all goes well). I have a Servlet that I
use to write files that works on everything under 2GB, but on large
uploads, the thread is never hit, thus I began posting to a tmp.jsp page
until I figu
Hello --
We have a load balanced situation, and we have a JSP that runs and checks
our application to ensure it's up and returns a string that the monitor app
is looking for if all is well.
Repeatedly, that JSP will work, but the site is down because Tomcat hit an
OutOfMemory exception -- but our
> From: David Hesson [mailto:[EMAIL PROTECTED]
> Subject: Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
>
> I have installed 6.0.14 now and the same problem persists.
Can you post your servlet/JSP code (if it's not excessively large)?
IIRC, you're using Commons FileUpload 1.2; is tha
I have installed 6.0.14 now and the same problem persists. I am
starting to worry about our choice to use Java for this web application
project now... the client insisted that we used .NET framework or
'Microsoft' products if you will, but limitations arise. I just won't
be able to stand the
> From: David Hesson [mailto:[EMAIL PROTECTED]
> Subject: Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
>
> I haven't checked where the content length is pulled from
> a String but if it does cause a crash, then it is handled
> internally
Here's the code of interest:
public int
For all those interested in tightening tomcat security, there are some
interesting advices from OWASP here
http://www.owasp.org/index.php/Securing_tomcat
Yours,
Marcus Milanez
-Mensagem original-
De: Milanez, Marcus [mailto:[EMAIL PROTECTED]
Enviada em: segunda-feira, 20 de agosto de 2
Hello, thanks for the information received thus far and trying to assist
me. With regards to the Integer problem:
public class test
{
public static void main (String []args)
{
int j = 10; int y = 2147483646;
int result = j + y;
System.out.println( result );
}
}
C:\
Mark,
First of all, let me thank you for your detailed response. This list contains
lots of qualified people, and I'm really glad I'm part of it because I'm
learning more and more everyday.
All the reasons you mentioned are reasonable, but there are some pointes that
makes me think a lot (an
Lorenzo Cerini wrote:
> Markus Schönhaber wrote:
>> ... or use jsvc which lets Tomcat drop privileges after binding to a
>> privileged port and which is distributed with the Tomcat archives.
>>
> Did you use it?
> did you like it?
Yes.
Yes.
> We have no reason but the port to give the tomcat
The commons-daemon project (better known on this list as jsvc) will
allow startup as a non-root user and access to ports below 1024. See
http://jakarta.apache.org/commons/daemon for details.
--David
Lorenzo Cerini wrote:
Markus Schönhaber wrote:
Stephen Caine wrote:
We use Tomcat SSL
Markus Schönhaber wrote:
Lorenzo Cerini schrieb:
Markus Schönhaber wrote:
Stephen Caine wrote:
We use Tomcat SSL without Apache and it has been very stable. The
only issue has been the using port 8443 as some firewalls block access.
Why don't you tell Tomca
Stephen Caine schrieb:
> I previously posted a question about port redirection which was
> answered. I was referring to that previous post.
Well, there seems to be something wrong with my crystal ball. I'll have
to get this damned thing checked ;-)
Regards
mks
Lorenzo Cerini schrieb:
> Markus Schönhaber wrote:
>> Stephen Caine wrote:
>>
>>
>>> We use Tomcat SSL without Apache and it has been very stable. The
>>> only issue has been the using port 8443 as some firewalls block access.
>>>
>> Why don't you tell Tomcat to use the port you want it
Markus,
I previously posted a question about port redirection which was
answered. I was referring to that previous post.
Stephen
We use Tomcat SSL without Apache and it has been very stable.
The only issue has been the using port 8443 as some firewalls
block access.
Why don't you t
Berglas, Anthony schrieb:
> Has anyone done any performance analysis of Tomcat's SSL performance,
> especially compared to Apache. It is rumored that Tomcat is unusable
> without Apache in front for SSL, but I wonder if that is true.
And whoever made this claim did surely provide a verifiable
Markus Schönhaber wrote:
Stephen Caine wrote:
We use Tomcat SSL without Apache and it has been very stable. The
only issue has been the using port 8443 as some firewalls block access.
Why don't you tell Tomcat to use the port you want it to use - for
You cannot access port below
Hi, all
we use SSL tomcat for our web applications.
Since i work in the transport branch, where there is a lot of real time,
automatic data exchange, i can say tomcat alone for SSL'ed services is
very stable,
and even easier to manage than the apache-httpd.
About fastness and scalability is a m
Stephen Caine wrote:
> We use Tomcat SSL without Apache and it has been very stable. The
> only issue has been the using port 8443 as some firewalls block access.
Why don't you tell Tomcat to use the port you want it to use - for
example 443?
Regards
mks
---
Anthony,
Has anyone done any performance analysis of Tomcat's SSL
performance, especially compared to Apache. It is rumored that
Tomcat is unusable without Apache in front for SSL, but I wonder if
that is true.
We use Tomcat SSL without Apache and it has been very stable. The
only iss
Our application has a security filter on it that ensures access to all
servlets is from a logged in user. This has worked fine for years.
We are now testing over this new security software that relays requests from
an external webapp to our internal one. The problem is that the security
filter
Another strange one from me,
When starting/restarting Tomcat, it automatically creates a
250MB(Approx) catalina.out file, when viewing the file, it only has
couple of hundred lines showing normal log messages(no errors) however
when opening the file it 'vi' the status line states there are
million
Hi,
I am using Tomcat 5.0.28, and I use SSL for my webapp.
I am using j2sdk1.4.2_06.
I have created my own SSL certificate for our server, using the Java keytool
utility.
Everything works fine when using Internet Explorer on Windows XP. You simply
click Yes when the browser prompts you about
Check your page output -- are the .. tags getting
collapsed to ? If so, try to put a comment in between to see
if that helps prevent the collapse. I remember having problems with
collapsing script tags that load javascript from a separate file.
--David
redminator wrote:
I have some javascr
Hello,
I'm in a situation where i need some operations to be done upon user
login. The idea is, when a user access a secured area, it get's first
promped for http auth (security constraint, that part is working without
trouble), but when the user get authenticated, before giving user his
request r
What java version are you running?
Ronald.
On Fri Aug 17 16:00:41 CEST 2007 Tomcat Users List
wrote:
Hi,
I have installed Tomcat 5.5.23_1 on FreeBSD 6.2. I have used Servlets a
lot in the past but have not used ant. I am now trying to get this
development environment to work. Following the
If your OS allow it, use symbolic links + context->allowLinking=true
En l'instant précis du 20/08/07 07:49, Glenn McCall s'exprimait en ces
termes:
> Hi I have a bulletin board scenarion (i.e. people can download files =
> that others have uploaded).
>
> The easiest solution is to simply save the u
2 possibilities. Either your IE is configured to refuse javascript from
the "internet area" and so you need to check your IE configuration,
Either your java script is playing with the urls and badly handles the
;JESSIONID=xxx that tomcat add to your url if they have been made
using J2EE compli
Has anyone done any performance analysis of Tomcat's SSL performance,
especially compared to Apache. It is rumored that Tomcat is unusable
without Apache in front for SSL, but I wonder if that is true.
Our application will have lots of clients making short connections, so
it is the RSA processi
I have some javascript code that creates a slide menu. It works fine both in
IE and Mozilla.
But, when I integrate that code in a page which I open from tomcat, the code
doesn't work anymore when I use IE. Still works fine with Mozila. I asked
this question on a javascript forum and they suggest
Hi Rainer,
I'm not using any Forward-JkOptions.
Thanks for the information about the session kinds, maybe I can use it
to manipulate the session manually.
--
Cheers,
Benny
Benny Bräuer
C3-Grid Developing @ Computing and Data Centre
Alfred-Wegener-Institute for polar and marine research
27570 Br
86 matches
Mail list logo