Re: deploying a war file and starting the application
binLmJ2Fr2lkQ.bin Description: PGP/MIME version identification
Re: deploying a war file and starting the application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, On 1/28/2011 4:24 PM, robert.jen...@surecomp.com wrote: > webapps > allMATCHWeb > documents > images > lib > logs > META-INFO Is that application-specific? The standard metadata directory for JAR and WAR files is META-INF, not META-INFO. It shouldn't affect anything, here, unless you are trying to use a META-INF/context.xml file to configure your webapp (which obviously won't work if it's META-INFO/context.xml because that's not the right path). > This is the content of the web.xml web.xml looks good to me. A request to http://host/allMATCHWeb/ should be redirected (or at least internally forwarded) to http://host/allMATCHWeb/login.html (due to your welcome-file-list setting). > The log files produced by Tomcat contain the following > > catalina.2011-01-28.log contains > > [snip] > > INFO: Deploying web application archive allMATCHWeb.war > > [snip] > > INFO: Server startup in 18243 ms Good. This indicates that the server did start, and your webapp did deploy. If you've set the swallowOutput="true" in your , your stdout log messages will go to a different logger. Are those all the log files created in the logs/ directory? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1FurcACgkQ9CaO5/Lv0PCkOgCfYlrMpitans7w7QL81s/Pt80T ZQEAoKBBZa4wPtdbkJMTJzlzjfWKgbYd =4RoJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: deploying a war file and starting the application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, On 1/28/2011 6:05 PM, robert.jen...@surecomp.com wrote: > Well after playing with web.xml I got my app up and partly working in Tomcat > 7. Good that it's working... sorry only partly. > When I go to http://localhost:7080/allMATCHWeb the default page is > loaded. My properties file is loaded and language based webpages > generated, etc. Good. What about your log statements? Where did you eventually find them? Also, what did you have to do to get your InitServlet to run? > Now my issue seems to be with web services. Again the web.xml > contains the following for each webservice. > > > MessageServiceServlethttp > > com.surecomp.allMATCH.client.webservices.MessageService > 0 Note that 0 is the default, so you don't actually need that. > > > > MessageServiceServlethttp > MessageService URL patterns are required to start with "/". Didn't we cover this? > > > Now, these work for webshpere and weblogic, so I am assuming (bad > thing I know) that the same would work for Tomcat. Anything that is written and deployed to specification should work in all containers. If you are having a problem with a spec-compliant webapp I assure you it will be fixed ASAP. > The log file is producing the following when deploying the services. > > INFO: Marking servlet MessageServiceServlethttp as unavailable > Jan 28, 2011 5:59:40 PM org.apache.catalina.core.StandardContext loadOnStartup > SEVERE: Servlet /allMATCHWeb threw load() exception > java.lang.ClassCastException: > com.surecomp.allMATCH.client.webservices.MessageService cannot be cast to > javax.servlet.Servlet I'll bet you have all kinds of inappropriate libraries deployed in various places. What libraries have you added to CATALINA_BASE/lib? What changes (if any) have you made to CATALINA_BASE/catalina.properties What libraries do you have in WEB-INF/lib? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1FvAUACgkQ9CaO5/Lv0PDJ4ACeJTgnaCkk3Sw6OVUGgJiDHsyA R6EAni/4kB4tAxa7/PAPHSCX+65u3bJd =cOMp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Pid OpenSSO request for Tomcat Form Authentication that requires no password for third party SSO
On 28 Jan 2011, at 18:53, "beau.hutche...@thomsonreuters.com" wrote: > @Pid: The SSo third party app knows the SSO entry point into my Tomcat app. I > am supplied an encrypted token which contains the username and my tomcat app > has the libraries to unencrypt that token and unveil the username If you're using Tomcat 6 the only safe* way to do this is to implement JAAS. It's a bit of a hassle but the result will be worth it. p *IMHO > @Andre: Ideally it would seem most convenient to access j_security_check with > a valid j_username and a j_password with a blank value, so then the tomcat > container would generate the proper principal and roles information. > I want to be able to use request.getRemoteUser() and > request.isUserInRole(String role). > > It would seem that I can extend AuthenticatorBase and mimic everything that > FormAuthenticator does except for the password query part. > > Or I can use a hack for the DataSourceRealm and use my "UserName" column for > both the userCredCol and userNameCol values. Therefore no password to check > for. > > Beau > > -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Friday, January 28, 2011 6:36 AM > To: Tomcat Users List > Subject: Re: Pid OpenSSO request for Tomcat Form Authentication that requires > no password for third party SSO > > Pid wrote: >> On 1/27/11 3:57 PM, beau.hutche...@thomsonreuters.com wrote: >>> Chris: >>> Thanks for your reply. >>> Currently I am using Tomcat 6.0.29 >>> >>> @Pid: Would you have any ideas on how to set something up like this? >> >> What details are you providing to Tomcat? >> >> If I read the thread correctly you've got a single parameter - how are >> you validating that to stop say, me, guessing at logins? >> > > That's easy, as long as Tomcat accepts only connections from a source known > to go through > the aforementioned SSO. > > I have a similar setup at one of my customers. This is only an example : > All users use a session on a specific Windows Terminal Server. In that > session, they open > a browser, which allows them to connect to Tomcat (*). > Tomcat accepts only connections from the IP's of the Terminal Server. > On the Terminal Server runs that nifty SSO mechanism which I mentioned in > another message > here. Somehow, that SSO "detects" the login page which the Tomcat > authentication is > sending back to the browser, fills-in the userid (**), and re-posts the login > form to the > server. > The user is now logged-in and gets the application page. > The user does not see anything. > > I know that it sounds a bit strange when one explains it like that, but it > works. > > (**) the user-id being sent is the user's Windows Domain user-id, which has > already been > authenticated/verified, so it can be "trusted". There is thus no need to > verify it again > in Tomcat. > > (*) Ok, I'm cheating : in my case, it is not Tomcat directly, but it is an > Apache httpd > front-ending for Tomcat, and connecting to it via mod_jk. mod_jk will pass > on the > httpd-level user-id, and Tomcat (with the 'tomcatAuthentication="false" > attribute on the > AJP Connector), will accept that user-id as its own. > At the Tomcat level, you would still have to do the "isUserInRole" part > though. > > Now the question is : assuming that there is no httpd front-end and no > mod_jk, can a > similar mechanism work with Tomcat directly ? > In other words, can the standard Tomcat form-based authentication work, if > the login form > is sent back with a non-blank userid, but with a blank password ? > And could this authentication code be easily "tweaked" to bypass any > verification of the > received user-id ? > > And, to the original poster : apologies for somewhat hijacking your thread, > but I am just > trying to help finding the best method for you. > > I have a feeling that for this case, having to create a brand-new > Authenticator is a bit > heavy as a solution. It seems that it should be possible to at least crate > some "null > Realm" which always accepts any user-id and always returns OK. > Or use whatever mechanism mod_jk is using to the same basic effect. > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java-process blocks cpu core to 100%
On 28 Jan 2011, at 14:32, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Chris, > > On 1/28/2011 9:16 AM, Christoph Balthaus wrote: >> Sorry, not possible - it's running on a remote machine where I can just use >> the ibm package and in theirs JDK jstack is not included. >> Are there any other ways to get it via network? > > You could use JConsole remotely, but you need to have remote JMX > configured for the JVM which would probably require a JVM restart. Does this JRE support the Attach API? if so it's possible to enable JMX for remote access dynamically. p > You > can also send the process the SIGQUIT and it will emit a thread dump to > stdout. If you don't have shell access, that might be difficult, too. > > This might be a good time to start testing a new Tomcat release for your > environment: 6.0.18 is more than 2 years old and many performance and > security fixes have gone into Tomcat since then. Warning: the NIO > connector appears to be broken in 6.0.30 and looks like it will be in > 6.0.31. Consider using 6.0.29 or waiting for 6.0.32 if you are using the > NIO connector. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk1C01wACgkQ9CaO5/Lv0PDSNgCgwGMWTsJWrnY8KKeupYK6aif2 > adQAoK4e+Vj1hscTXP8Xt2jewD/bLr2p > =/PRp > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: deploying a war file and starting the application
On 30 Jan 2011, at 19:29, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Robert, > > On 1/28/2011 6:05 PM, robert.jen...@surecomp.com wrote: >> Well after playing with web.xml I got my app up and partly working in Tomcat >> 7. > > Good that it's working... sorry only partly. > >> When I go to http://localhost:7080/allMATCHWeb the default page is >> loaded. My properties file is loaded and language based webpages >> generated, etc. > > Good. What about your log statements? Where did you eventually find > them? Also, what did you have to do to get your InitServlet to run? > >> Now my issue seems to be with web services. Again the web.xml >> contains the following for each webservice. >> >> >>MessageServiceServlethttp >> >> com.surecomp.allMATCH.client.webservices.MessageService >>0 > > Note that 0 is the default, so you > don't actually need that. > >> >> >> >>MessageServiceServlethttp >>MessageService > > URL patterns are required to start with "/". Didn't we cover this? > >> >> >> Now, these work for webshpere and weblogic, so I am assuming (bad >> thing I know) that the same would work for Tomcat. > > Anything that is written and deployed to specification should work in > all containers. If you are having a problem with a spec-compliant webapp > I assure you it will be fixed ASAP. > >> The log file is producing the following when deploying the services. >> >> INFO: Marking servlet MessageServiceServlethttp as unavailable >> Jan 28, 2011 5:59:40 PM org.apache.catalina.core.StandardContext >> loadOnStartup >> SEVERE: Servlet /allMATCHWeb threw load() exception >> java.lang.ClassCastException: >> com.surecomp.allMATCH.client.webservices.MessageService cannot be cast to >> javax.servlet.Servlet > > I'll bet you have all kinds of inappropriate libraries deployed in > various places. > > What libraries have you added to CATALINA_BASE/lib? > What changes (if any) have you made to CATALINA_BASE/catalina.properties > What libraries do you have in WEB-INF/lib? Also, there was talk of a ServletContextListener - which won't work unless defined as such in web.xml. Unless I've missed this? p > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk1FvAUACgkQ9CaO5/Lv0PDJ4ACeJTgnaCkk3Sw6OVUGgJiDHsyA > R6EAni/4kB4tAxa7/PAPHSCX+65u3bJd > =cOMp > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Pid OpenSSO request for Tomcat Form Authentication that requires no password for third party SSO
It is more curiosity now on my part, but I have a couple of questions : Where does this SSO third-party app actually "live" ? Is it on another webserver which acts as a proxy to your Tomcat ? Or inside of Tomcat itself ? And you mention that you are supplied a token; how ? Is it in the form of a HTTP header added to the request ? or does the third-party app actually fill-in the login form ? Or does it add a query-string parameter with this token ? Pid * wrote: On 28 Jan 2011, at 18:53, "beau.hutche...@thomsonreuters.com" wrote: @Pid: The SSo third party app knows the SSO entry point into my Tomcat app. I am supplied an encrypted token which contains the username and my tomcat app has the libraries to unencrypt that token and unveil the username If you're using Tomcat 6 the only safe* way to do this is to implement JAAS. It's a bit of a hassle but the result will be worth it. p *IMHO @Andre: Ideally it would seem most convenient to access j_security_check with a valid j_username and a j_password with a blank value, so then the tomcat container would generate the proper principal and roles information. I want to be able to use request.getRemoteUser() and request.isUserInRole(String role). It would seem that I can extend AuthenticatorBase and mimic everything that FormAuthenticator does except for the password query part. Or I can use a hack for the DataSourceRealm and use my "UserName" column for both the userCredCol and userNameCol values. Therefore no password to check for. Beau -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Friday, January 28, 2011 6:36 AM To: Tomcat Users List Subject: Re: Pid OpenSSO request for Tomcat Form Authentication that requires no password for third party SSO Pid wrote: On 1/27/11 3:57 PM, beau.hutche...@thomsonreuters.com wrote: Chris: Thanks for your reply. Currently I am using Tomcat 6.0.29 @Pid: Would you have any ideas on how to set something up like this? What details are you providing to Tomcat? If I read the thread correctly you've got a single parameter - how are you validating that to stop say, me, guessing at logins? That's easy, as long as Tomcat accepts only connections from a source known to go through the aforementioned SSO. I have a similar setup at one of my customers. This is only an example : All users use a session on a specific Windows Terminal Server. In that session, they open a browser, which allows them to connect to Tomcat (*). Tomcat accepts only connections from the IP's of the Terminal Server. On the Terminal Server runs that nifty SSO mechanism which I mentioned in another message here. Somehow, that SSO "detects" the login page which the Tomcat authentication is sending back to the browser, fills-in the userid (**), and re-posts the login form to the server. The user is now logged-in and gets the application page. The user does not see anything. I know that it sounds a bit strange when one explains it like that, but it works. (**) the user-id being sent is the user's Windows Domain user-id, which has already been authenticated/verified, so it can be "trusted". There is thus no need to verify it again in Tomcat. (*) Ok, I'm cheating : in my case, it is not Tomcat directly, but it is an Apache httpd front-ending for Tomcat, and connecting to it via mod_jk. mod_jk will pass on the httpd-level user-id, and Tomcat (with the 'tomcatAuthentication="false" attribute on the AJP Connector), will accept that user-id as its own. At the Tomcat level, you would still have to do the "isUserInRole" part though. Now the question is : assuming that there is no httpd front-end and no mod_jk, can a similar mechanism work with Tomcat directly ? In other words, can the standard Tomcat form-based authentication work, if the login form is sent back with a non-blank userid, but with a blank password ? And could this authentication code be easily "tweaked" to bypass any verification of the received user-id ? And, to the original poster : apologies for somewhat hijacking your thread, but I am just trying to help finding the best method for you. I have a feeling that for this case, having to create a brand-new Authenticator is a bit heavy as a solution. It seems that it should be possible to at least crate some "null Realm" which always accepts any user-id and always returns OK. Or use whatever mechanism mod_jk is using to the same basic effect. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For addit
custom class as resource
Hello, if i need to share a custom class (that instantiate other clases) within my webapp, where multiple threads need to access this class to read and write (via synchronized methods), how can achieve this? thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: custom class as resource
Hi, On 31 January 2011 00:37, alexis wrote: > Hello, if i need to share a custom class (that instantiate other clases) > within my webapp, where multiple threads need to access this class to read > and write (via synchronized methods), how can achieve this? It sounds like your class is representative of a factory pattern, albeit with some synchronisation. Is this correct? If so, you could: (a) Use a ServletContextListener to instantiate the class. It will need to be defined in your web.xml appropriately. This is an appropriate place to 'shutdown' the factory as well. or (b) Use one of the many frameworks that instantiate stuff for you. e.g. Spring Framework. Spring will do this in a webapp, standalone or testing context with no change to your actual class. To the best of my knowledge, most inversion-of-control frameworks (like Spring) use the ServletContextListener approach for instantiation in a web application. If you go for option (b) you should consider whether simply to use the framework only and drop your factory class (if that's possible). > > thanks > -- Best Regards, Brett - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: custom class as resource
actually im already using a class extending servletcontextlistener, this class is the responsible to start all other threads on processing. Some threads stores results on a DB, some threads should store results in an object to be accesed by a servlet and presented via web. If i use the a) approach and i use it as Listener, how can i access this class from other threads/classes on my webapp? thanks again On Jan 30, 2011, at 10:32 PM, Brett Delle Grazie wrote: > Hi, > > On 31 January 2011 00:37, alexis wrote: >> Hello, if i need to share a custom class (that instantiate other clases) >> within my webapp, where multiple threads need to access this class to read >> and write (via synchronized methods), how can achieve this? > > It sounds like your class is representative of a factory pattern, > albeit with some synchronisation. Is this correct? > > If so, you could: > (a) Use a ServletContextListener to instantiate the class. It will > need to be defined in your web.xml appropriately. > This is an appropriate place to 'shutdown' the factory as well. > or > (b) Use one of the many frameworks that instantiate stuff for you. > e.g. Spring Framework. Spring will do this > in a webapp, standalone or testing context with no change to your > actual class. To the best of my > knowledge, most inversion-of-control frameworks (like Spring) use the > ServletContextListener approach for > instantiation in a web application. > > If you go for option (b) you should consider whether simply to use the > framework only and drop your factory > class (if that's possible). > >> >> thanks >> > > -- > Best Regards, > > Brett > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Problem with standard taglibs after precompiling a web app with TCD in 7.0.6 & no support for "addWebXmlMappings" in jasper
Hi, last week, I was having fun with trivial examples accessing a datasource with the standard taglibs with success. Since everything was working perfectly in jsp form and morale was high, I decided to precompile my web app with TCD and deploy it again in tomcat 7.0.6 I installed ant, fetched dependencies, installed TCD set up the project's properties and fired "ant compile" away. 2 questions: A small problem appeared with addWebXmlMappings="true". apparently ant reported: \build.xml:67: jasper doesn't support the "addWebXmlMappings" attribute Apparently ant 1.8.2 with all dependencies fetched *today* isn't enough? Bypassing this problem by manually merging the servlet mappings from generated_web.xml to web.xml and deploying, I get an exception when accessing my page: java.lang.NullPointerException at org.apache.jasper.runtime. TagHandlerPool.get(TagHandlerPool.java:106) at index_jsp._jspx_meth_sql_query_0(Unknown Source) at index_jsp._jspService(Unknown Source) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:306) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:550) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:380) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:284) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:322) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1684) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) I'm using: apache-ant-1.8.2 jakarta-taglibs-standard-1.1.2 apache-tomcat-7.0.6-deployer apache-tomcat-7.0.6 2 libs for the tags: in \WEB-INF\lib jstl.jar standard.jar my toned down index.jsp is very simple: <%@ taglib uri="http://java.sun.com/jsp/jstl/sql"; prefix="sql" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/core"; prefix="c"%> Zend page. <%="Zend"%> select * from zend_users; the web.xml is pretty spartan as well: datasource fun datasource fun index_jsp index_jsp index_jsp /index.jsp postgreSQL Datasource fun jdbc/postgres javax.sql.DataSource Container so what's going on here? any pointers? looks like google is my enemy on this one :( Your input and help is much appreciated, John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
