Hello again,
Sorry for another question, I'm fighting issues on multiple fronts.
For Tomcat 8.0.24 and jre 1.8.0_60.
I need a little insight on what is happening inside Tomcat so I can
hopefully understand how I am occasionally getting thread deadlocks.
This is thread #1, the code is trying to
Hello,
For Tomcat 8.0.24 and jre 1.8.0_60.
I have seen this stack trace in catalina.out and I have not found
anything using google search to discover the cause. The error is
intermittent and only shows up after pretty significant load:
17-Sep-2015 13:04:54.941 INFO [http-apr-8443-exec-3082]
org.
A side question: why are you doing this IIS + Tomcat integration?
Thx
dB.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: sbpdvlpr [mailto:shubh...@yahoo.com]
Sent: Wednesday, November 03, 2010 9:39 AM
To: users@tomcat.apache.org
Subject: IIS-Tomcat
ender it's custom 401 page, but
I might be speculating.
I'd appreciate if someone shed some light on which way the code below should be
implemented (setStatus/sendError/something else?) in various versions of Tomcat.
Thx
dB.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-
response.flushBuffer();
This is executed for sure (put a logging statement in front of it) but has no
effect, the response looks like a boilerplate 401.
Where did my WWW-Authenticate headers and "Connection: close" go? (Maybe it
helps, it does work in 6.x).
Thx
dB.
PS: you&
o headers added by the valve.
Any suggestions? Is this supposed to work with tc5.5 at all?
Thx
dB.
dB. @ dblock.org<http://www.dblock.org/>
Moscow|Geneva|Seattle|New York
);
ctx.setPipeline(pipeline);
_authenticator.setContainer(ctx);
_authenticator.start();
It would be nice if Tomcat's code was a bit more defensive in terms of nulls.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Me
don't understand how I am supposed to setup container (and
possible its parent(s)) to not get this exception.
What am I missing? Any help is appreciated,
Thx
dB.
dB. @ dblock.org<http://www.dblock.org/>
Moscow|Geneva|Seattle|New York
Jump :) Waffle is windows-only and it seems like this is a Solaris
implementation. I have some good news though. Someone just uploaded a big patch
for a windows authentication provider that uses JCIFs (which does Kerberos and
more), which works on top of Samba on *nix.
dB. @ dblock.org
Moscow
= new W32ServiceManager();
W32Service service = serviceManager.openService("tomcat",
Winsvc.SERVICE_ALL_ACCESS);
service.stopService();
service.close();
-dB.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: André Wa
I don't think you can with JNDIRealm. If you're on Windows, you might want to
try http://waffle.codeplex.com and then use regular security constraints for
groups.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Manish Kashikar -X (mkashika - Zensa
If the only reason you're using IIS is authentication, take a look at Waffle:
http://waffle.codeplex.com.
dB. @ dblock.org<http://www.dblock.org/>
Moscow|Geneva|Seattle|New York
From: Hansel, Jason T CTR SPAWARSYSCEN-ATLANTIC, 55E00
[mailto:jason.t.hansel@navy.mil]
Sent: Monday
in it.
Since you're running on Windows, you might as well get rid of IIS and replace
it with a Waffle filter - http://waffle.codeplex.com.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Yun Feng Chua [mailto:yf_c...@hotmail.com]
Sent: Wednesday, July 21,
Just curious, what are you using this setup for besides authentication?
Thx
dB.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Rumpa Giri [mailto:rg...@healthfusion.com]
Sent: Monday, June 28, 2010 5:24 PM
To: users@tomcat.apache.org
Subject: connector
This all sounds very unnecessarily complicated.
Maybe you want to look at authentication at the Tomcat level alone? Writing an
authenticator is rather simple (and there're plenty of examples) provided that
ClearTrust has an API, which I am sure it does.
dB. @ dblock.org
Moscow|Geneva|Se
don't have to deal with configuring LDAP at all and
get correct results (supports domain trusts, nested groups, etc.).
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Manish Kumar [mailto:man...@oakdeneindia.com]
Sent: Monday, June 21, 2010 10:52 AM
To: &#
And can I do this for an application I don't know anything about? I mean all I
really want is
log4j.appender.R.File=${catalina.base}/logs/${APPLICATION.NAME}.log
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Gurkan Erdogdu [mailto:gurkanerdo...@yaho
than leave logging to their discretion. So I want the centralized log4j
configuration that can insert the web app name into the file name that belongs
to the tomcat installation.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Erik Bertelsen [mailto:b
f the webapp, so
that we can get one file per web application.
* Is anyone doing that?
* Is there a way without writing a custom appender?
* If I write a custom appender, how can I fetch the name of the webapp?
Thx
dB.
dB. @ dblock.org<http://www.dblock.org/>
Mo
, it's a drop-in solution that just works.
dB. @ dblock.org<http://www.dblock.org/>
Moscow|Geneva|Seattle|New York
From: Jill Han [mailto:jill@alverno.edu]
Sent: Tuesday, June 15, 2010 9:26 AM
To: users@tomcat.apache.org
Subject: Active Directory authentication
Hi,
I tried to c
I think your conclusion may be a little too quick. You should post the complete
HTTP trace from this session.
PS: If you're on Windows and are using Apache for NTLM only, you may want to
take a look at http://waffle.codeplex.com.
dB. @ dblock.org
Moscow|Geneva|Seattle|New
ng(messageBytes));
System.out.println(NtlmMessage.getMessageType(messageBytes));
NTLMSSP ... (this is an NTLM message)
1 (type 1)
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Friday, June 04, 2010 3:07 PM
To: To
ication mode
(Windows Auth, Anonymous disabled) and make sure I can browse successfully to
that page, first.
Melinda, I think you should hire some external help to fix this problem for
you. There're a lot of moving parts. Maybe someone on this list could offer you
to resolve this prob
Yes. You can (and should) have a list of roles - everything the user that just
logged in has access to / every role he has.
cheers
dB.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: geofrey rainey [mailto:geofr...@gmail.com]
Sent: Tuesday, June 01, 2010
n Windows and your goal is single sign-on, you may want to
try http://waffle.codeplex.com. There're several options, including a login
filter and a JAAS authenticator. All use SSPI to login (will do Kerberos and
NTLM) and will return not just the user identity, but the user local and domai
enario and if it's worth
it/interesting enough, I'd be glad to prototype something for Waffle
(http://waffle.codeplex.com).
cheers
dB.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Timothy Taylor [mailto:securityaddi...@hotmail.com]
Sent: Wedne
u have any production-type examples?
Thx
dB.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, May 25, 2010 4:10 PM
To: Tomcat Users List
Subject: Re: Question on workers.properties file
dB. wrote:
> IMHO the II
I'll allow myself to theorize that Jakarta redirector was a stop gap solution
because people didn't want a Windows-only valve to do NTLM or because they
couldn't write one.
If you end up using waffle, please do let me know. Good luck.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
I am curious whether you're using IIS for anything other than single sign-on /
authentication?
If you're not, check out http://waffle.codeplex.com - there's a new Negotiate
(Kerberos + NTLM) authenticator. This could remove IIS from your entire picture.
dB. @ dblock.org
Moscow
Thanks. The problem was between the computer and the chair. I forgot to remove
a security filter I was testing earlier that had an unfortunate side effect of
eating an error.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org
forbidden.
Any ideas?
Thx
dB.
dB. @ dblock.org<http://www.dblock.org/>
Moscow|Geneva|Seattle|New York
1. Yes. It will support whatever your Windows box supports since it calls the
native Windows API. Smartcards, retinal scans, etc.
2. They are not, your code should be fine.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Savoy, Melinda [mailto:melindasa
You have my explicit +1 to take this code and use/include it in Tomcat.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Thursday, May 20, 2010 9:29 AM
To: Tomcat Users List
Subject: Re: Tomcat NTLM authentication
ms like a suboptimal way to go, to say the least. Waffle theoretically
should resolve this, but your specific application is what really matters.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Savoy, Melinda [mailto:melindasa...@texashealth.org]
Sent: Thursday,
with all kinds of information that Windows provides (such
as SID).
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Savoy, Melinda [mailto:melindasa...@texashealth.org]
Sent: Thursday, May 20, 2010 8:45 AM
To: 'users@tomcat.apache.org'
Subject: Que
Eclipse Public License
http://waffle.codeplex.com/license
I am happy to attach another license to this if there're any real issues with
it.
dB. @ dblock.org
Moscow|Geneva|Seattle|New York
-Original Message-
From: Jason Pyeron [mailto:jpye...@pdinc.us]
Sent: Thursday, May 20, 2
ck is much appreciated,
-dB.
dB. @ dblock.org<http://www.dblock.org/>
Moscow|Geneva|Seattle|New York
37 matches
Mail list logo
