Re: MVC or Model2 with Tomcat
On 8 Dec 2011, at 06:08, Blaxton wrote: > > > > > > From: Blaxton > To: Tomcat Users List > Sent: Tuesday, December 6, 2011 9:19:00 PM > Subject: Re: MVC or Model2 with Tomcat > > > > > > > > From: Pid * > To: Tomcat Users List > Sent: Tuesday, December 6, 2011 8:12:40 PM > Subject: Re: MVC or Model2 with Tomcat > > > > On 6 Dec 2011, at 15:52, Blaxton wrote: >> >> I have added the host directive to > server.xml and moved appexmp1 contents to ROOT directory >> and now I can access www.mydomain.com/index.jsp with no problem, >> however now the servlets are not working. >> I can access jsp files, but no servlets, I get "The requested resource is >> not available" message. >> >> as with following direction: >> http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html#context.xml_-_approach__1 >> >> I have created /Catalina_BASE/appexmp1/ROOT/META-INF/context.xml > > Ok, please remove the comments from your server.xml and post it inline, here. > > >> I have placed a HelloWorld.class file in >> /Catalina_BASE/appname/ROOT/WEB-INF/classes/com/mydomain >> but can't access the class through mydomain.com/app1/HelloWorld > > How have you defined the Servlet in > ROOT/WEB-INF/web.xml? > > >> tried following context file variations but didn't work: >> >> > crossContext="true"> >> > > Never do the above. > > >> > crossContext="true"> >> > > Or that. > > The 'path' attribute is not applicable here - in any case it's wrong. > > Remove the path and docBase attributes from the ROOT.xml file. > > > p > >> it seems to me , context file is not being read after adding the host >> directive to server.xml >> either when it is in /Catalina_BASE/conf/Catalina/local host or now that it >> is in >> /Catalina_BASE/appexmp1/ROOT/META-INF/context.xml >> >> thanks for help > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > OK, my mistake, I had JkMount /*.jsp and /app1/* rather than JkMount /* in > httpd-vhost.com > changed it as you mentioned to JkMount /* and servlets works now. > > Also removed path and docbase from context.xml > so we can't have default application in ROOT and path in context file ? > > haven't tried it , but I think we could achieve the same thing with > JkAutoAlias > which one is recommended ? JkAutoAlias or adding host directive in server.xml > ? > > Thank you very much for help > I achieved what i was looking for. > > > > > > Sorry but there is one more problem. > > now that I have JkMount /* in vhost1_httpd.conf > every thing will be forwarded to tomcat other than *.html because there is > a JkUnMount /*.html line in vhost1_httpd.conf but still when I browse > mydomain.com/ I get the tomcat error > "The requested resource() is not available". > why is that ? Some mod_jk config voodoo is bubbling up into my memory. I can't see it in the docs, but try: JKMount /|* worker Which version of mod_jk are you using? > I have added welcome directive to web.xml as follow: > > index.html > This tells Tomcat to look for index.html in its own resource location. Is it there or are you expecting HTTPD to do that for you? I think you probably want to put index.jsp instead. > and following is DirectoryIndex in vhost1_httpd.conf file: > DirectoryIndex index.jsp index.html index.php > I can access mydomain.com/index.html > but getting error when accessing mydomain.com/ Check the access logs to see which server is sending the file. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: "VerifyError: ... Illegal constant pool index" when jspx invokes a tagx on Tomcat 7.0.16
On 07/12/2011 17:32, Robert Winch wrote: > We have a web application that was consistently getting a VerifyError > whenever a jsp invoked a custom tagx. The jsp is a SiteMesh decorator that > uses a custom tagx to display a Spring Security Authentication object. The > issue was resolved by restarting the war using the Tomcat Manager, but I am > concerned the issue may happen again. Does anyone know what might have > caused this to happen and/or how to prevent it from happening again? I have > included a full stacktrace [1] and details about our environment [2] below. > Any feedback would be greatly appreciated. > > Additional Information: > > 1) Since restarting the war the VerifyError cannot be reproduced. Note that > only the war was restarted; the Tomcat instance was NOT restarted. > > 2) I have tried searching for answers on the forums/Internet. Most of the > results I have seen stated that their problem was that the wrong version of > Java was used or some sort of byte-code manipulation was being done. > > a. Since the problem was fixed by cycling the war (and not the JVM) I doubt > using the wrong JVM was our problem. > b. We are using spring-aop, but only with interface based proxies (not > aspjectj compilation). Additionally I do not think this should impact the > compiled jsp's byte code validity. > c. We use hibernate which is using javasist to create proxies of our domain > objects at load time, but again I do not think this should impact the > compiled jsp's byte code validity. > > 3) I have looked for any jars included in the war that might contain the > wrong JspTag or PageContext. I tried to do an open type in Eclipse on both > classes and found jsp-api and servlet-api both contain these classes. You are saying your servlet-api.jar contains the JSP API classes too? I would be concerned about two versions of a class being in the same classloader - but you say below that they are not packaged in the WAR. Can you upgrade to 7.0.21? There have been a few beneficial changes to the JSP components. You say below that the compiled tags & JSP don't appear to have been recompiled - either upgrade, or clear the work directory to ensure that they have been. p > However, these jars are provided maven dependencies. I also validated that > they were not packaged in the war's WEB-INF/lib/ directory. > > 4) The code was compiled and is ran using a Sun 1.6 JDK > > 5) Unfortunately at the time I did not think to save the generated java or > class for the JSP page or the tag lib. > > 6) The last modified date on the jsp and the jsp tag java/class files in > Tomcat's work directory both have a time stamp that is much (over two > weeks) older than when the war was restarted to resolve the issue. This > seems to imply that neither were recompiled. > > 7) I have included a full stack trace of the error [1], and details about > the environment [2] below. > > [1] > > java.lang.VerifyError: (class: > org/apache/jsp/WEB_002dINF/decorators/main_jsp, method: > _jspx_meth_tags_005fusername_005f0 signature: > (Ljavax/servlet/jsp/tagext/JspTag;Ljavax/servlet/jsp/PageContext;)Z) > Illegal constant pool index > at java.lang.Class.getDeclaredConstructors0(Native Method) > at java.lang.Class.privateGetDeclaredConstructors(Unknown Source) > at java.lang.Class.getConstructor0(Unknown Source) > at java.lang.Class.newInstance0(Unknown Source) > at java.lang.Class.newInstance(Unknown Source) > at > org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:125) > at > org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:162) > at > org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:356) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:389) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:333) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:59) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) > at > org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684) > at > org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:593) > at > org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:530) > at > com.opensymphony.sitemesh.compatability.OldDecorator2NewDecorator.render(OldDecorator2NewDecorator.java:46) > at > com.opensymphony.sitemesh.webapp.decorator.BaseWebAppDecorator.render(Base
Re: MVC or Model2 with Tomcat
From: Pid * To: Tomcat Users List Sent: Thursday, December 8, 2011 12:25:35 PM Subject: Re: MVC or Model2 with Tomcat On 8 Dec 2011, at 06:08, Blaxton wrote: > > > > > > From: Blaxton > To: Tomcat Users List > Sent: Tuesday, December 6, 2011 9:19:00 PM > Subject: Re: MVC or Model2 with Tomcat > > > > > > > > From: Pid * > To: Tomcat Users List > Sent: Tuesday, December 6, 2011 8:12:40 PM > Subject: Re: MVC or Model2 with Tomcat > > > > On 6 Dec 2011, at 15:52, Blaxton wrote: >> >> I have added the host directive to > server.xml and moved appexmp1 contents to ROOT directory >> and now I can access www.mydomain.com/index.jsp with no problem, >> however now the servlets are not working. >> I can access jsp files, but no servlets, I get "The requested resource is >> not available" message. >> >> as with following direction: >> http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html#context.xml_-_approach__1 >> >> I have created /Catalina_BASE/appexmp1/ROOT/META-INF/context.xml > > Ok, please remove the comments from your server.xml and post it inline, here. > > >> I have placed a HelloWorld.class file in >> /Catalina_BASE/appname/ROOT/WEB-INF/classes/com/mydomain >> but can't access the class through mydomain.com/app1/HelloWorld > > How have you defined the Servlet in > ROOT/WEB-INF/web.xml? > > >> tried following context file variations but didn't work: >> >> > crossContext="true"> >> > > Never do the above. > > >> > crossContext="true"> >> > > Or that. > > The 'path' attribute is not applicable here - in any case it's wrong. > > Remove the path and docBase attributes from the ROOT.xml file. > > > p > >> it seems to me , context file is not being read after adding the host >> directive to server.xml >> either when it is in /Catalina_BASE/conf/Catalina/local host or now that it >> is in >> /Catalina_BASE/appexmp1/ROOT/META-INF/context.xml >> >> thanks for help > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > OK, my mistake, I had JkMount /*.jsp and /app1/* rather than JkMount /* in > httpd-vhost.com > changed it as you mentioned to JkMount /* and servlets works now. > > Also removed path and docbase from context.xml > so we can't have default application in ROOT and path in context file ? > > haven't tried it , but I think we could achieve the same thing with > JkAutoAlias > which one is recommended ? JkAutoAlias or adding host directive in server.xml > ? > > Thank you very much for help > I achieved what i was looking for. > > > > > > Sorry but there is one more problem. > > now that I have JkMount /* in vhost1_httpd.conf > every thing will be forwarded to tomcat other than *.html because there is > a JkUnMount /*.html line in vhost1_httpd.conf but still when I browse > mydomain.com/ I get the tomcat error > "The requested resource() is not available". > why is that ? Some mod_jk config voodoo is bubbling up into my memory. I can't see it in the docs, but try: JKMount /|* worker Which version of mod_jk are you using? > I have added welcome directive to web.xml as follow: > > index.html > This tells Tomcat to look for index.html in its own resource location. Is it there or are you expecting HTTPD to do that for you? I think you probably want to put index.jsp instead. > and following is DirectoryIndex in vhost1_httpd.conf file: > DirectoryIndex index.jsp index.html index.php > I can access mydomain.com/index.html > but getting error when accessing mydomain.com/ Check the access logs to see which server is sending the file. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Ok, thanks I have added JkUnMount / appexmp1worker and with following directive: DirectoryIndex index.html I can access mydomain.com/ and the default index.html will be displayed. however, with DirectoryIndex index.jsp because of JkMount /* all requests , including .jsp files would be forwarded to tomcat and I should place index.jsp file where we defined the appbase. Thanks again
Tomcat JMX/RMI: How server interface is choosen?
I enable JMX server and JMX Registry in tomcat using Client connects to 10001 and tomcat returns its address and port 10002, right? But if I have several addresses on the interface tomcat returns the first one. Is it tomcat or RMI issue? How can I set interface and/or ip address to be returned to the client? Is it possible to use JMX directly over the one TCP port with out of all that RMI stuff? Ilya Kazakevich, Developer JetBrains Inc http://www.jetbrains.com "Develop with pleasure!" - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to forward all kind of request from ROOT to another subdirectory?
Hello, I need to forward all kind of request from the ROOT, i.e http://localhost:8080/ to http://localhost:8080/myRoot Is it possible, do I need to create a redirect servlet? However, I think tomcat can be configured to behave that way? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to forward all kind of request from ROOT to another subdirectory?
Simplest would be to set up an index.html in the root path that redirects to whatever you wish. You can find 500 hits on google about how to do an HTML redirect. -Original Message- From: Xybrek [mailto:xyb...@gmail.com] Sent: Thursday, December 08, 2011 3:07 AM To: users@tomcat.apache.org Subject: How to forward all kind of request from ROOT to another subdirectory? Hello, I need to forward all kind of request from the ROOT, i.e http://localhost:8080/ to http://localhost:8080/myRoot Is it possible, do I need to create a redirect servlet? However, I think tomcat can be configured to behave that way? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Enable https for all application hosted in tomcat
Hi I wonder if anyone have configured HTTPS on all their application in the /webapps. Please share if you have any information pertaining to HTTPS in tomcat Thanks Michael - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to forward all kind of request from ROOT to another subdirectory?
On 12/8/2011 8:52 PM, Thom Hehl wrote: Simplest would be to set up an index.html in the root path that redirects to whatever you wish. You can find 500 hits on google about how to do an HTML redirect. -Original Message- From: Xybrek [mailto:xyb...@gmail.com] Sent: Thursday, December 08, 2011 3:07 AM To: users@tomcat.apache.org Subject: How to forward all kind of request from ROOT to another subdirectory? Hello, I need to forward all kind of request from the ROOT, i.e http://localhost:8080/ to http://localhost:8080/myRoot Is it possible, do I need to create a redirect servlet? However, I think tomcat can be configured to behave that way? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi, I am using UrlRedirectFilter. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to forward all kind of request from ROOT to another subdirectory?
On 12/8/2011 9:19 PM, Xybrek wrote: On 12/8/2011 8:52 PM, Thom Hehl wrote: Simplest would be to set up an index.html in the root path that redirects to whatever you wish. You can find 500 hits on google about how to do an HTML redirect. -Original Message- From: Xybrek [mailto:xyb...@gmail.com] Sent: Thursday, December 08, 2011 3:07 AM To: users@tomcat.apache.org Subject: How to forward all kind of request from ROOT to another subdirectory? Hello, I need to forward all kind of request from the ROOT, i.e http://localhost:8080/ to http://localhost:8080/myRoot Is it possible, do I need to create a redirect servlet? However, I think tomcat can be configured to behave that way? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi, I am using UrlRedirectFilter. Also, I am able to redirect with UrlRedirectFilter from http://localhost:8080 to http://localhost:8080/myRoot However my problem now is that I want to keep the URL in the browser relative to the original ROOT, i.e. right now when I request for http://localhost:8080/index.html it will show http://localhost:8080/myRoot/index.html but I want to keep it like http://localhost:8080/index.html and for all other request. Maybe I need to do something with the rules in the urlrewrite.xml Any ideas? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to forward all kind of request from ROOT to another subdirectory?
Xybrek wrote: On 12/8/2011 9:19 PM, Xybrek wrote: On 12/8/2011 8:52 PM, Thom Hehl wrote: Simplest would be to set up an index.html in the root path that redirects to whatever you wish. You can find 500 hits on google about how to do an HTML redirect. -Original Message- From: Xybrek [mailto:xyb...@gmail.com] Sent: Thursday, December 08, 2011 3:07 AM To: users@tomcat.apache.org Subject: How to forward all kind of request from ROOT to another subdirectory? Hello, I need to forward all kind of request from the ROOT, i.e http://localhost:8080/ to http://localhost:8080/myRoot Is it possible, do I need to create a redirect servlet? However, I think tomcat can be configured to behave that way? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi, I am using UrlRedirectFilter. Also, I am able to redirect with UrlRedirectFilter from http://localhost:8080 to http://localhost:8080/myRoot However my problem now is that I want to keep the URL in the browser relative to the original ROOT, i.e. right now when I request for http://localhost:8080/index.html it will show http://localhost:8080/myRoot/index.html but I want to keep it like http://localhost:8080/index.html and for all other request. Maybe I need to do something with the rules in the urlrewrite.xml Any ideas? Why do you not just rename "myRoot" to "ROOT", making this the default application ? http://wiki.apache.org/tomcat/HowTo#How_do_I_make_my_web_application_be_the_Tomcat_default_application.3F - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: "VerifyError: ... Illegal constant pool index" when jspx invokes a tagx on Tomcat 7.0.16
On Thu, Dec 8, 2011 at 4:29 AM, Pid wrote: > On 07/12/2011 17:32, Robert Winch wrote: > > > 3) I have looked for any jars included in the war that might contain the > > wrong JspTag or PageContext. I tried to do an open type in Eclipse on > both > > classes and found jsp-api and servlet-api both contain these classes. > > You are saying your servlet-api.jar contains the JSP API classes too? > > I would be concerned about two versions of a class being in the same > classloader - but you say below that they are not packaged in the WAR. > Despite the jars not being included in the war I thought this was a point worth investigating. I need to apologise for providing a bit of misinformation. The servlet-api-2.3, which had the duplicate classes, was actually part of another project within my Eclipse workspace. Looking more closely these classes are not duplicated in the project that had the VerifyError since it had a different servlet-api jar on its classpath. I also reconfirmed that neither jars are not packaged in the war's WEB-INF/lib directory. > > Can you upgrade to 7.0.21? There have been a few beneficial changes to > the JSP components. > That is good information to know. We plan on updating to 7.0.23 within the next few weeks. > > > You say below that the compiled tags & JSP don't appear to have been > recompiled - either upgrade, or clear the work directory to ensure that > they have been. > I'm not sure I understand. Is there a reason we would want them to be recompiled? The reason I had mentioned this was not because I thought it was a problem but because I thought it helped rule out a problem with how the jsp's were compiled. I'm not certain if my logic is sound, but I thought since it was not working, later did work, and the time stamp had not been updated there was likely something other than the compilation of the jsp's at fault. > > > p > Thanks for your response, Rob
Re: "VerifyError: ... Illegal constant pool index" when jspx invokes a tagx on Tomcat 7.0.16
On 08/12/2011 14:19, Robert Winch wrote: > On Thu, Dec 8, 2011 at 4:29 AM, Pid wrote: >> You say below that the compiled tags & JSP don't appear to have been >> recompiled - either upgrade, or clear the work directory to ensure that >> they have been. >> > > I'm not sure I understand. Is there a reason we would want them to be > recompiled? The reason I had mentioned this was not because I thought it > was a problem but because I thought it helped rule out a problem with how > the jsp's were compiled. I'm not certain if my logic is sound, but I > thought since it was not working, later did work, and the time stamp had > not been updated there was likely something other than the compilation of > the jsp's at fault. Very occasionally between minor versions we make changes to the code that converts JSPs to Java and correct operation *requires* that the JSPs are recompiled. We don't do it very often but it does happen. We try and do things in such a way that Tomcat handles this automatically e.g. look in the changelog for bug 33453. That said, I *always* clean out the work directory when doing any Tomcat upgrade. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.23 won't start
> Add a Realm definition or wait until 7.0.24. There's a bug in 7.0.23. I am waiting for 7.0.24. > I'm wincing as I ask: is there a particular reason that you're defining > the Context in server.xml - it's been strongly recommended to not do > that for quite a while. Okay, I will byte. Practical: This was my sandbox config file. I switch between 6 different applications. I do this by switching server.xml files when I switch projects. This keeps things minimal (not starting up 6 connection pools), its easier to switch one file, and it makes restarts faster. Opinion: I hate over decomposition and I preferred the days when tomcat was only configured with server.xml. Tomcat's configuration is not that complicated, do we really need a bunch of configuration files. Its bad when one thing becomes two, and hence good when two things become one. I bet your also in the micro kernel camp. I know lots of people clamored for being able to configure the connection pool in there war file. I don't know why anyone would do this, our WAR file runs in any environment where the jndi name is present. They have to build separate WAR files for each environment. Basicly I think the context.xml is stupid. If it matters so much change the document definition. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Enable https for all application hosted in tomcat
Greetings, On Thu, Dec 8, 2011 at 8:05 AM, RenuKumar wrote: > I wonder if anyone have configured HTTPS on all their application in the > /webapps. Please share if you have any information pertaining to HTTPS in > tomcat http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html -Jesse -- There are 10 types of people in this world, those that can read binary and those that can not. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL configuration on apache tomcat 6 - Oracle EL5
After the re-installation of the whole Apache Tomcat Native Library, I still get: Dec 8, 2011 12:25:28 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.16. Dec 8, 2011 12:25:28 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Dec 8, 2011 12:25:28 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Failed to initialize the SSLEngine. Dec 8, 2011 12:25:28 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Dec 8, 2011 12:25:28 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 Dec 8, 2011 12:25:28 PM org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 Dec 8, 2011 12:25:28 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 534 ms Dec 8, 2011 12:25:28 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Dec 8, 2011 12:25:28 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.20 Dec 8, 2011 12:25:29 PM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive swt-web.war Dec 8, 2011 12:25:30 PM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Dec 8, 2011 12:25:30 PM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-8443 Dec 8, 2011 12:25:30 PM org.apache.coyote.ajp.AjpAprProtocol start INFO: Starting Coyote AJP/1.3 on ajp-8009 Dec 8, 2011 12:25:30 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 1411 ms Do I need to do the rest of configuration using http server virtual host: 443 ? When I implemented SSL last on Redhat 4, all i did was to configure ssl.conf and use proxy reverse to instruct http server to service any service from my web application. Please assist to remind me on what to do. Regards, Moshood On Tue, Dec 6, 2011 at 6:38 AM, Daniel Mikusa wrote: > On Tue, 2011-12-06 at 01:10 -0800, Oladapo Moshood wrote: > > I think yes because I specified the library path. Or how can I confirm > your > > question on my server. see below what I have in the path > > > > [root@opt01 apr-httpd]# ll > > total 16 > > drwxr-xr-x 2 root root 4096 Dec 2 12:27 bin > > drwxr-xr-x 2 root root 4096 Dec 2 12:27 build-1 > > drwxr-xr-x 3 root root 4096 Dec 2 12:27 include > > drwxr-xr-x 3 root root 4096 Dec 5 04:02 lib > > > > [root@opt01 apr-httpd]# cd lib > > [root@opt01 lib]# ll > > total 2932 > > -rw-r--r-- 1 root root 8351 Dec 2 12:27 apr.exp > > -rw-r--r-- 1 root root 873264 Dec 2 12:27 libapr-1.a > > -rwxr-xr-x 1 root root831 Dec 2 12:27 libapr-1.la > > lrwxrwxrwx 1 root root 17 Dec 2 12:27 libapr-1.so -> > libapr-1.so.0.4.5 > > lrwxrwxrwx 1 root root 17 Dec 2 12:27 libapr-1.so.0 -> > > libapr-1.so.0.4.5 > > -rwxr-xr-x 1 root root 594639 Dec 2 12:27 libapr-1.so.0.4.5 > > -rw-r--r-- 1 root root 879016 Dec 5 04:02 libtcnative-1.a > > -rwxr-xr-x 1 root root899 Dec 5 04:02 libtcnative-1.la > > lrwxrwxrwx 1 root root 23 Dec 5 04:02 libtcnative-1.so -> > > libtcnative-1.so.0.1.16 > > lrwxrwxrwx 1 root root 23 Dec 5 04:02 libtcnative-1.so.0 -> > > libtcnative-1.so.0.1.16 > > -rwxr-xr-x 1 root root 604439 Dec 5 04:02 libtcnative-1.so.0.1.16 > > drwxr-xr-x 2 root root 4096 Dec 5 04:02 pkgconfig > > > > I also have the native library in /usr/lib: > > > > [root@opt01 lib]# pwd > > /usr/lib > > [root@opt01 lib]# ls -l libtc* > > -rwxr-xr-x 1 root root 785200 Jan 10 2007 libtcl8.4.so > > lrwxrwxrwx 1 root root 23 Dec 5 04:07 libtcnative-1.so -> > > libtcnative-1.so.0.1.16 > > -rwxr-xr-x 1 root root 604439 Dec 5 04:06 libtcnative-1.so.0.1.16 > > [root@opt01 lib]# > > > > > > > > My tomcat startup variables are: > > > > Using CATALINA_BASE: /home/oracle/apache-tomcat-6.0.20 > > Using CATALINA_HOME: /home/oracle/apache-tomcat-6.0.20 > > Using CATALINA_TMPDIR: /home/oracle/apache-tomcat-6.0.20/temp > > Using JRE_HOME: /usr/java/jre1.6.0_17 > > > > THa > > > > On Tue, Dec 6, 2011 at 12:12 AM, Pid * wrote: > > > > > On 6 Dec 2011, at 07:51, Oladapo Moshood wrote: > > > > > > > Dan, > > > > > > > > This is what I actually have in my Oracle EL5. The other information > I > > > sent > > > > on apache-tomcat-7 was done on my redhat 6 to see if the error i'm > > > getting > > > > is a bug in apache-tomcat-6, but got the same error. > > > > > > > > Here is how i installed it on Oracle EL5: > > > > I have the native libraries in > > > > > /usr/share/apache-tomcat-6.0.20/bin/tomcat-native-1.1.22-src/jni/native > > > to > > > > install tomcat native. > > > > > > > > I Installed with "./configure --with-apr=/usr/local/apr-httpd/ > > > > > > And is that location in the library path that Tomcat is looking in? > > This is an important question, w
Re: SSL configuration on apache tomcat 6 - Oracle EL5
On Thu, 2011-12-08 at 08:22 -0800, Oladapo Moshood wrote: > After the re-installation of the whole Apache Tomcat Native Library, I > still get: > Ok, take a step back for a second... 1.) What were the results of "./configure ..."? If you could paste them in here, that would be helpful. 2.) After you run "make" and it completes successfully, what do you see if you run "ldd .libs/libtcnative-1.so"? Dan PS. You're top posting and it is making it very difficult to follow this post. > > Dec 8, 2011 12:25:28 PM org.apache.catalina.core.AprLifecycleListener init > INFO: Loaded APR based Apache Tomcat Native library 1.1.16. > Dec 8, 2011 12:25:28 PM org.apache.catalina.core.AprLifecycleListener init > INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters > [false], random [true]. > Dec 8, 2011 12:25:28 PM org.apache.catalina.core.AprLifecycleListener > lifecycleEvent > INFO: Failed to initialize the SSLEngine. > Dec 8, 2011 12:25:28 PM org.apache.coyote.http11.Http11AprProtocol init > INFO: Initializing Coyote HTTP/1.1 on http-8080 > Dec 8, 2011 12:25:28 PM org.apache.coyote.http11.Http11AprProtocol init > INFO: Initializing Coyote HTTP/1.1 on http-8443 > Dec 8, 2011 12:25:28 PM org.apache.coyote.ajp.AjpAprProtocol init > INFO: Initializing Coyote AJP/1.3 on ajp-8009 > Dec 8, 2011 12:25:28 PM org.apache.catalina.startup.Catalina load > INFO: Initialization processed in 534 ms > Dec 8, 2011 12:25:28 PM org.apache.catalina.core.StandardService start > INFO: Starting service Catalina > Dec 8, 2011 12:25:28 PM org.apache.catalina.core.StandardEngine start > INFO: Starting Servlet Engine: Apache Tomcat/6.0.20 > Dec 8, 2011 12:25:29 PM org.apache.catalina.startup.HostConfig deployWAR > INFO: Deploying web application archive swt-web.war > Dec 8, 2011 12:25:30 PM org.apache.coyote.http11.Http11AprProtocol start > INFO: Starting Coyote HTTP/1.1 on http-8080 > Dec 8, 2011 12:25:30 PM org.apache.coyote.http11.Http11AprProtocol start > INFO: Starting Coyote HTTP/1.1 on http-8443 > Dec 8, 2011 12:25:30 PM org.apache.coyote.ajp.AjpAprProtocol start > INFO: Starting Coyote AJP/1.3 on ajp-8009 > Dec 8, 2011 12:25:30 PM org.apache.catalina.startup.Catalina start > INFO: Server startup in 1411 ms > > Do I need to do the rest of configuration using http server virtual host: > 443 ? > > When I implemented SSL last on Redhat 4, all i did was to configure > ssl.conf and use proxy reverse to instruct http server to service any > service from my web application. > > Please assist to remind me on what to do. > > > Regards, > > Moshood > > On Tue, Dec 6, 2011 at 6:38 AM, Daniel Mikusa wrote: > > > On Tue, 2011-12-06 at 01:10 -0800, Oladapo Moshood wrote: > > > I think yes because I specified the library path. Or how can I confirm > > your > > > question on my server. see below what I have in the path > > > > > > [root@opt01 apr-httpd]# ll > > > total 16 > > > drwxr-xr-x 2 root root 4096 Dec 2 12:27 bin > > > drwxr-xr-x 2 root root 4096 Dec 2 12:27 build-1 > > > drwxr-xr-x 3 root root 4096 Dec 2 12:27 include > > > drwxr-xr-x 3 root root 4096 Dec 5 04:02 lib > > > > > > [root@opt01 apr-httpd]# cd lib > > > [root@opt01 lib]# ll > > > total 2932 > > > -rw-r--r-- 1 root root 8351 Dec 2 12:27 apr.exp > > > -rw-r--r-- 1 root root 873264 Dec 2 12:27 libapr-1.a > > > -rwxr-xr-x 1 root root831 Dec 2 12:27 libapr-1.la > > > lrwxrwxrwx 1 root root 17 Dec 2 12:27 libapr-1.so -> > > libapr-1.so.0.4.5 > > > lrwxrwxrwx 1 root root 17 Dec 2 12:27 libapr-1.so.0 -> > > > libapr-1.so.0.4.5 > > > -rwxr-xr-x 1 root root 594639 Dec 2 12:27 libapr-1.so.0.4.5 > > > -rw-r--r-- 1 root root 879016 Dec 5 04:02 libtcnative-1.a > > > -rwxr-xr-x 1 root root899 Dec 5 04:02 libtcnative-1.la > > > lrwxrwxrwx 1 root root 23 Dec 5 04:02 libtcnative-1.so -> > > > libtcnative-1.so.0.1.16 > > > lrwxrwxrwx 1 root root 23 Dec 5 04:02 libtcnative-1.so.0 -> > > > libtcnative-1.so.0.1.16 > > > -rwxr-xr-x 1 root root 604439 Dec 5 04:02 libtcnative-1.so.0.1.16 > > > drwxr-xr-x 2 root root 4096 Dec 5 04:02 pkgconfig > > > > > > I also have the native library in /usr/lib: > > > > > > [root@opt01 lib]# pwd > > > /usr/lib > > > [root@opt01 lib]# ls -l libtc* > > > -rwxr-xr-x 1 root root 785200 Jan 10 2007 libtcl8.4.so > > > lrwxrwxrwx 1 root root 23 Dec 5 04:07 libtcnative-1.so -> > > > libtcnative-1.so.0.1.16 > > > -rwxr-xr-x 1 root root 604439 Dec 5 04:06 libtcnative-1.so.0.1.16 > > > [root@opt01 lib]# > > > > > > > > > > > > My tomcat startup variables are: > > > > > > Using CATALINA_BASE: /home/oracle/apache-tomcat-6.0.20 > > > Using CATALINA_HOME: /home/oracle/apache-tomcat-6.0.20 > > > Using CATALINA_TMPDIR: /home/oracle/apache-tomcat-6.0.20/temp > > > Using JRE_HOME: /usr/java/jre1.6.0_17 > > > > > > THa > > > > > > On Tue, Dec 6, 2011 at 12:12 AM, Pid * wrote: > > > > > > > On 6 Dec 2011, at 07:51, Oladapo Moshood wrote: > > > > > > > > > Dan, > > > > > > > > > > This is what I actu
Securing only a single web application on Tomcat
Hi, I have multiple applications hosted on my tomcat server which includes web services, web applications etc. To secure the web services, we made changes to server.xml ->connector element and defined roles in tomcat-users.xml. In the web services, we made changes in the web.xml to add the security-constraint, security-role etc. However, the problem we are facing is that all the web application hosted on the Tomcat are prompting for certificate while accessing them. Is there any way to restrict the security only to a single web component on the Tomcat server rather than the entire server or all applications on the server. Thanks, Savitha
Re: How to forward all kind of request from ROOT to another subdirectory?
On Thursday, 08 December, 2011 09:37 PM, André Warnier wrote: Xybrek wrote: On 12/8/2011 9:19 PM, Xybrek wrote: On 12/8/2011 8:52 PM, Thom Hehl wrote: Simplest would be to set up an index.html in the root path that redirects to whatever you wish. You can find 500 hits on google about how to do an HTML redirect. -Original Message- From: Xybrek [mailto:xyb...@gmail.com] Sent: Thursday, December 08, 2011 3:07 AM To: users@tomcat.apache.org Subject: How to forward all kind of request from ROOT to another subdirectory? Hello, I need to forward all kind of request from the ROOT, i.e http://localhost:8080/ to http://localhost:8080/myRoot Is it possible, do I need to create a redirect servlet? However, I think tomcat can be configured to behave that way? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi, I am using UrlRedirectFilter. Also, I am able to redirect with UrlRedirectFilter from http://localhost:8080 to http://localhost:8080/myRoot However my problem now is that I want to keep the URL in the browser relative to the original ROOT, i.e. right now when I request for http://localhost:8080/index.html it will show http://localhost:8080/myRoot/index.html but I want to keep it like http://localhost:8080/index.html and for all other request. Maybe I need to do something with the rules in the urlrewrite.xml Any ideas? Why do you not just rename "myRoot" to "ROOT", making this the default application ? http://wiki.apache.org/tomcat/HowTo#How_do_I_make_my_web_application_be_the_Tomcat_default_application.3F Hi Andre, Thanks. I know about placing the web app (like myRoot) under the ROOT and it will work. However, there is another issue I that comes when I do this, an issue with my GWT (http://code.google.com/webtoolkit/) web app, where the the client-side code cannot access the services (servlets). My gwt application works just fine in the myRoot folder of the tomcat webapps folder. So my idea, is just forward every access to the ROOT to myRoot. But then again, if there's a better solution I am may want to try it. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: "VerifyError: ... Illegal constant pool index" when jspx invokes a tagx on Tomcat 7.0.16
On Thu, Dec 8, 2011 at 9:02 AM, Mark Thomas wrote: > On 08/12/2011 14:19, Robert Winch wrote: > > On Thu, Dec 8, 2011 at 4:29 AM, Pid wrote: > >> You say below that the compiled tags & JSP don't appear to have been > >> recompiled - either upgrade, or clear the work directory to ensure that > >> they have been. > >> > > > > I'm not sure I understand. Is there a reason we would want them to be > > recompiled? The reason I had mentioned this was not because I thought it > > was a problem but because I thought it helped rule out a problem with how > > the jsp's were compiled. I'm not certain if my logic is sound, but I > > thought since it was not working, later did work, and the time stamp had > > not been updated there was likely something other than the compilation of > > the jsp's at fault. > > Very occasionally between minor versions we make changes to the code > that converts JSPs to Java and correct operation *requires* that the > JSPs are recompiled. We don't do it very often but it does happen. We > try and do things in such a way that Tomcat handles this automatically > e.g. look in the changelog for bug 33453. That said, I *always* clean > out the work directory when doing any Tomcat upgrade. > > Mark > Thanks for clarifying. I wasn't sure if this was related to my issue or if it was advice for when we update Tomcat. Since we have not made any updates to Tomcat I do not think this is related to this issue. However, this is definitely good information to have for when we do the upgrade. Thanks again. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: How to forward all kind of request from ROOT to another subdirectory?
Xybrek wrote: On Thursday, 08 December, 2011 09:37 PM, André Warnier wrote: Xybrek wrote: On 12/8/2011 9:19 PM, Xybrek wrote: On 12/8/2011 8:52 PM, Thom Hehl wrote: Simplest would be to set up an index.html in the root path that redirects to whatever you wish. You can find 500 hits on google about how to do an HTML redirect. -Original Message- From: Xybrek [mailto:xyb...@gmail.com] Sent: Thursday, December 08, 2011 3:07 AM To: users@tomcat.apache.org Subject: How to forward all kind of request from ROOT to another subdirectory? Hello, I need to forward all kind of request from the ROOT, i.e http://localhost:8080/ to http://localhost:8080/myRoot Is it possible, do I need to create a redirect servlet? However, I think tomcat can be configured to behave that way? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi, I am using UrlRedirectFilter. Also, I am able to redirect with UrlRedirectFilter from http://localhost:8080 to http://localhost:8080/myRoot However my problem now is that I want to keep the URL in the browser relative to the original ROOT, i.e. right now when I request for http://localhost:8080/index.html it will show http://localhost:8080/myRoot/index.html but I want to keep it like http://localhost:8080/index.html and for all other request. Maybe I need to do something with the rules in the urlrewrite.xml Any ideas? Why do you not just rename "myRoot" to "ROOT", making this the default application ? http://wiki.apache.org/tomcat/HowTo#How_do_I_make_my_web_application_be_the_Tomcat_default_application.3F Hi Andre, Thanks. I know about placing the web app (like myRoot) under the ROOT and it will work. However, there is another issue I that comes when I do this, an issue with my GWT (http://code.google.com/webtoolkit/) web app, where the the client-side code cannot access the services (servlets). My gwt application works just fine in the myRoot folder of the tomcat webapps folder. So my idea, is just forward every access to the ROOT to myRoot. But then again, if there's a better solution I am may want to try it. I don't think that I really understand the problem. Let me re-phrase it, and you tell us if that is what you want : I want that when a browser accesses the URLs : "http://myhost:8080"; or "http://myhost:8080/"; (and only for those 2 specific URLs), it is redirected to "http://myhost:8080/myapp/";. And I want that for all URLs which start with : http://myhost:8080/myapp they stay where they are (in "/myapp") And I want that if they ask for http://myhost:8080/something-else they really get "/something-else" from within the webapps/ROOT/something-else directory. Is that what you want ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to forward all kind of request from ROOT to another subdirectory?
On Friday, 09 December, 2011 01:18 AM, André Warnier wrote: Xybrek wrote: On Thursday, 08 December, 2011 09:37 PM, André Warnier wrote: Xybrek wrote: On 12/8/2011 9:19 PM, Xybrek wrote: On 12/8/2011 8:52 PM, Thom Hehl wrote: Simplest would be to set up an index.html in the root path that redirects to whatever you wish. You can find 500 hits on google about how to do an HTML redirect. -Original Message- From: Xybrek [mailto:xyb...@gmail.com] Sent: Thursday, December 08, 2011 3:07 AM To: users@tomcat.apache.org Subject: How to forward all kind of request from ROOT to another subdirectory? Hello, I need to forward all kind of request from the ROOT, i.e http://localhost:8080/ to http://localhost:8080/myRoot Is it possible, do I need to create a redirect servlet? However, I think tomcat can be configured to behave that way? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi, I am using UrlRedirectFilter. Also, I am able to redirect with UrlRedirectFilter from http://localhost:8080 to http://localhost:8080/myRoot However my problem now is that I want to keep the URL in the browser relative to the original ROOT, i.e. right now when I request for http://localhost:8080/index.html it will show http://localhost:8080/myRoot/index.html but I want to keep it like http://localhost:8080/index.html and for all other request. Maybe I need to do something with the rules in the urlrewrite.xml Any ideas? Why do you not just rename "myRoot" to "ROOT", making this the default application ? http://wiki.apache.org/tomcat/HowTo#How_do_I_make_my_web_application_be_the_Tomcat_default_application.3F Hi Andre, Thanks. I know about placing the web app (like myRoot) under the ROOT and it will work. However, there is another issue I that comes when I do this, an issue with my GWT (http://code.google.com/webtoolkit/) web app, where the the client-side code cannot access the services (servlets). My gwt application works just fine in the myRoot folder of the tomcat webapps folder. So my idea, is just forward every access to the ROOT to myRoot. But then again, if there's a better solution I am may want to try it. I don't think that I really understand the problem. Let me re-phrase it, and you tell us if that is what you want : I want that when a browser accesses the URLs : "http://myhost:8080"; or "http://myhost:8080/"; (and only for those 2 specific URLs), it is redirected to "http://myhost:8080/myapp/";. And I want that for all URLs which start with : http://myhost:8080/myapp they stay where they are (in "/myapp") And I want that if they ask for http://myhost:8080/something-else they really get "/something-else" from within the webapps/ROOT/something-else directory. Is that what you want ? Hi Andre, For "/somethingelse" yah that's what I mean. Every access to "http://myhost:8080"; will be "forwarded" to http://myhost:8080/myapp Like if request is: http://myhost:8080/something.html, it will forward it to http://myhost:8080/myapp/something.html Or request like: http://myhost:8080/?q=test will be forwarded to http://myhost:8080/myapp/?q=test Is it possible? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing only a single web application on Tomcat
On Thu, 2011-12-08 at 08:49 -0800, Savitha Akella wrote: > Hi, > > I have multiple applications hosted on my tomcat server which includes web > services, web applications etc. > > To secure the web services, we made changes to server.xml ->connector What specifically did you change in server.xml? Please also list your connector configuration and what version of Tomcat you are using. Dan > element and defined roles in tomcat-users.xml. > In the web services, we made changes in the web.xml to add the > security-constraint, security-role etc. > > However, the problem we are facing is that all the web application hosted > on the Tomcat are prompting for certificate while accessing them. > > Is there any way to restrict the security only to a single web component on > the Tomcat server rather than the entire server or all applications on the > server. > > Thanks, > Savitha
Re: AJP connection timeout setting/Tomcat 6 vs. 7 questions
On Dec 6, 2011, at 2:25 PM, André Warnier wrote: > Kari Scott wrote: >> We are running Tomcat 6. 0.32 with jdk1.6.0_26 on Solaris 10, mod_ajp 1.3 >> and Apache 2.2.21 on all but one production server which is the same except >> for it's running Tomcat 7.0.21. >> I have some questions regarding connection timeout settings. Occasionally, >> when the site is busier we see jumps in the number of connections to 8009 >> and then that number stays high for about 30 minutes before settling back >> down into our average range. A thread dump shows that these connections >> correspond to these socket threads: >> "TP-Processor222" daemon prio=3 tid=0x00c76400 nid=0x5669 runnable >> [0x8cf7f000] >> java.lang.Thread.State: RUNNABLE >>at java.net.SocketInputStream.socketRead0(Native Method) >>at java.net.SocketInputStream.read(SocketInputStream.java:129) >>at java.io.BufferedInputStream.fill(BufferedInputStream.java:218) >>at java.io.BufferedInputStream.read1(BufferedInputStream.java:258) >>at java.io.BufferedInputStream.read(BufferedInputStream.java:317) >>- locked <0xcb2a0eb0> (a java.io.BufferedInputStream) >>at org.apache.jk.common.ChannelSocket.read(ChannelSocket.java:628) >>at org.apache.jk.common.ChannelSocket.receive(ChannelSocket.java:566) >>at >> org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:693) >>at >> org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:898) >>at >> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) >>at java.lang.Thread.run(Thread.java:662) >> The problem isn't so much that they stick around, but when these first start >> increasing, there is a noticeable hit in performance and evidence that >> threads are waiting for resources. Oddly, the one trial Tomcat 7 server with >> the same connector, load and code never experiences this problem. We >> currently don't have a connectionTimeout specified for our connector so my >> plan is to try the following: >> > redirectPort="8443" /> >> Here are my questions: >> *Do I also need to set the connection_pool_timeout in the worker? Or is that >> the one I should be changing instead of connectionTimeout? >> *Is there a different time out setting I should be looking at? >> *Is there an easy explanation as to why Tomcat 7 never experiences this >> issue? I'm just wondering (o.k. hoping) that there is some magic Tomcat 7 >> default setting some place that we can add to our Tomcat 6 environments that >> can help us out until we've upgraded everything. > Just a question, to add to your excellent summary above : in your front-end > server configuration, what are the settings related to keep-alive ? > All the servers have the following Apache settings: KeepAlive On MaxKeepAliveRequests 200 KeepAliveTimeout 15 > And maybe, can you provide an example of the server.xml (comments and > sensitive info removed) for both a server which experiences the issue, and > for the 7.0 server which doesn't ? (paste them inside the message, the list > strips most attachments). > I sure can. I also removed some of the entries that were exactly the same so it's easier to see the differences: * Tomcat 7 server.xml: Tomcat 6 server.xml: * So the big difference is the presence of the JaMON Valve we're using on Tomcat 6 and but accidentally forgot to put on Tomcat 7. Maybe this was a fortuitous mistake. I'll try removing it from one of our Tomcat 6 servers to see if that's the culprit. We don't need that access logging valve enabled on Tomcat 7 either, so this was a really good exercise to go through. Thanks! -kari _ Kari Scott Senior Programmer kari.sc...@cdw.com CDW 5520 Research Park Drive Madison, WI 53711 Office: 608 298 1223 Fax: 608 288 3007 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing only a single web application on Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Savitha, On 12/8/11 11:49 AM, Savitha Akella wrote: > I have multiple applications hosted on my tomcat server which > includes web services, web applications etc. > > To secure the web services, we made changes to server.xml > ->connector element and defined roles in tomcat-users.xml. The only change you can make to your connector to "secure" it would be to make it into HTTPS. That doesn't really secure anything other than the data that gets exchanged during the HTTP conversation. > In the web services, we made changes in the web.xml to add the > security-constraint, security-role etc. > > However, the problem we are facing is that all the web application > hosted on the Tomcat are prompting for certificate while accessing > them. Which web.xml did you change? The one for your webapp in WEB-INF/web.xml or the site-wide Tomcat default one in conf/web.xml? > Is there any way to restrict the security only to a single web > component on the Tomcat server rather than the entire server or all > applications on the server. Use WEB-INF/web.xml for your security-constraints, where they belong. It appears you have modified the site-wide constraints which is why they are applying to all webapps. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7hALMACgkQ9CaO5/Lv0PBAHQCgjNPTJ46bkCyMFULiYtsVcmar RVYAoKq/i/0HZZu+/PWyEKsOx4DlCmsm =Xph9 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: "VerifyError: ... Illegal constant pool index" when jspx invokes a tagx on Tomcat 7.0.16
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, On 12/8/11 9:19 AM, Robert Winch wrote: > That is good information to know. We plan on updating to 7.0.23 > within the next few weeks. Be aware that there is a bug in 7.0.23 that causes a hang-on-startup if a webapp does not have a defined. You can either define a dummy Realm or use 7.0.22 instead. - -charis -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7hAW0ACgkQ9CaO5/Lv0PBGEACfTAqq2b907vq4Su1LucH/jeUA zskAn1tI5UsXIO0ZnJxynnllvAVg11lg =AEwZ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.23 won't start
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jacob, On 12/8/11 10:04 AM, Jacob Champlin wrote: > Practical: This was my sandbox config file. I switch between 6 > different applications. I do this by switching server.xml files > when I switch projects. This keeps things minimal (not starting up > 6 connection pools), its easier to switch one file, and it makes > restarts faster. You could do this in other ways. One way I like to do this is with different CATALINA_BASE structures. This makes upgrading easier (for me), too. Another way is to move deployment descriptors in-to or out-of the conf/Catalina/localhost directory. Likewise, you could choose to include (or not) foo.war in the webapps/ auto-deployment directory. > Opinion: I hate over-decomposition and I preferred the days when > tomcat was only configured with server.xml. Fair enough. > Tomcat's configuration is not that complicated, do we really need > a bunch of configuration [files?] Modifying server.xml requires a Tomcat restart to re-read the config file. The other methods offer greater flexibility and are, IMHO, easier to do, anyway. Also, it's tougher to disable a Tomcat instance with a broken META-INF/context.xml than it is to disable one with a broken server.xml. > Its bad when one thing becomes two, and hence good when two things > become one. I'd argue a negative premise on that one. Dying is bad, but un-dying is *way* worse. ... brains . > bet your also in the micro kernel camp. Flame bait ignored. > I know lots of people clamored for being able to configure the > connection pool in there war file. I'm not sure that would have been a good idea, as it's generally a service offered by "the system" and not configured by the webapp. Maybe you meant the TC deployment descriptor (context.xml) which can be totally controlled by the sys admin and need not be in the WAR file itself. > I don't know why anyone would do this, our WAR file runs in any > environment where the jndi name is present. Yes, that's the point. You're using Recommended Technique(TM). > They have to build separate WAR files for each environment. Just because it's Recommended Technique doesn't mean that it's best and/or appropriate for your (or anyone's) environment. There are always some good (and usually lots of bad) reasons to deviate from that. > Basically I think the context.xml is stupid. If it matters so > much change the document definition. Sounds like your webapp doesn't need a context.xml. How's that for simplicity and ease of configuration? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7hBRoACgkQ9CaO5/Lv0PDc9QCgjzbhMoRZU9o1LpeVpz08ZWh7 l78AoJbprumlDEBNGcDOT2Mhx9t1hXrQ =q49c -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to forward all kind of request from ROOT to another subdirectory?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Xybrek, On 12/8/11 11:58 AM, Xybrek wrote: > Thanks. I know about placing the web app (like myRoot) under the > ROOT and it will work. However, there is another issue I that comes > when I do this, an issue with my GWT > (http://code.google.com/webtoolkit/) web app, where the the > client-side code cannot access the services (servlets). That sounds like a problem either with GWT (unlikely) or with your webapp. Have you perchance been hard-coding your context paths? Maybe we can help you fix your webapp so that you can re-home it without these ugly hacks like semi-conditional redirection. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7hBiUACgkQ9CaO5/Lv0PDilgCdHIy/DWrAirNLKDw6L2zZZL8/ C+EAnAvxN1Y7ePPn0EVLfOXe+vQjZGQi =letZ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing only a single web application on Tomcat
Hi, We are using tomcat version 7.0.11 Here are the changes we made in server.xml: here is my tomcat-users.xml I have changed the web.xml of my web services to refer to the role configured in the tomcat-users.xml. Here is the web.xml: ClientCertificateRequired MyWebService /* webservice CONFIDENTIAL CLIENT-CERT tomcat-users webservice In other web applications, I didnt make any changes in the web.xml of those apps. Regards, Savitha On Thu, Dec 8, 2011 at 9:43 AM, Daniel Mikusa wrote: > On Thu, 2011-12-08 at 08:49 -0800, Savitha Akella wrote: > > Hi, > > > > I have multiple applications hosted on my tomcat server which includes > web > > services, web applications etc. > > > > To secure the web services, we made changes to server.xml ->connector > > What specifically did you change in server.xml? > > Please also list your connector configuration and what version of Tomcat > you are using. > > Dan > > > element and defined roles in tomcat-users.xml. > > In the web services, we made changes in the web.xml to add the > > security-constraint, security-role etc. > > > > However, the problem we are facing is that all the web application hosted > > on the Tomcat are prompting for certificate while accessing them. > > > > Is there any way to restrict the security only to a single web component > on > > the Tomcat server rather than the entire server or all applications on > the > > server. > > > > Thanks, > > Savitha >
RemoteIpFilter not working
Hi, I have set up the RemoteIpFilter (Tomcat 7.0.8) in the webapps web.xml like this: RemoteIpFilter org.apache.catalina.filters.RemoteIpFilter RemoteIpFilter /* REQUEST The mapping is the first in the filter chain. But when I call request.getRemoteAddr() in a plain jsp in the root of the webapp I get the IP from the proxy not from the client. The proxy sends x-forwared-for correctly. What can be the problem? Thank you - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RemoteIpFilter not working
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 12/8/11 3:52 PM, spr...@gmx.eu wrote: > I have set up the RemoteIpFilter (Tomcat 7.0.8) It's time to upgrade: 7.0.23 is available and includes significant improvements including security-related bug fixes. > in the webapps web.xml like this: > > RemoteIpFilter > > org.apache.catalina.filters.RemoteIpFilter > > > > RemoteIpFilter > /* REQUEST > > > The mapping is the first in the filter chain. > > But when I call request.getRemoteAddr() in a plain jsp in the root > of the webapp I get the IP from the proxy not from the client. The > proxy sends x-forwared-for correctly. > > What can be the problem? Can you send a dump of the HTTP headers received by the webapp and the return value of the various request.getXXX methods? That would be very helpful, here. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7hJg4ACgkQ9CaO5/Lv0PAs9ACfUqBt4W0+tTMPbDEZkL1G0p8K rnYAoLkczJErlaf0uoUZ6oHAai48m61K =MLUe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re: Tomcat 7.0.23 won't start
Chris, > Flame bait ignored. Your a better man than me :) I couldn't ignore the attack on my server.xml when I was working a bug. Jacob - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing only a single web application on Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Savitha, On 12/8/11 3:01 PM, Savitha Akella wrote: > We are using tomcat version 7.0.11 You should upgrade if you have the chance. 7.0.23 is available and there have been many improvements including fixes for security-related bugs. > Here are the changes we made in server.xml: > > keyPass="xyz" keystoreFile="C:/Users/keystorepath/key.keystore" > maxThreads="150" port="8443" > protocol="org.apache.coyote.http11.Http11Protocol" scheme="https" > secure="true" sslProtocol="TLS" trustMaxCertLength="10" > truststoreFile="C:/Users/trustorepath/truststore.keystore" > truststorePass="abc"/> This is what you have now. I have no idea what you had before. If the above connector is the only one you have, then everyone must connect using HTTPS. Is that what you wanted? Also, all clients must present a certificate because you have clientAuth="true" which requires a certificate to connect. If you want other webapps to allow non-HTTPS traffic, you'll need a separate, non-secure HTTP connector. If you want one webapp to be able to receive a Client SSL certificates but the others not demand them, then you need to set clientAuth="want" instead of clientAuth="true".. http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7hJxAACgkQ9CaO5/Lv0PATwACguhTb7rOatNr3Nlgkm8+OSyvG 3TUAn3zxOB69eDMmgycDMrvNCp4+kTVq =cs9i -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session replication fails with "Member send is failing"
On 12/7/2011 9:04 AM, Jürgen Link wrote:
Caused by: org.apache.catalina.tribes.RemoteProcessException: Received a
failedack:org.apache.catalina.tribes.transport.Constants.FAIL_ACK_DATA
sure thing, this is actually telling the "sender" that an exception happened on the
"receiver" end.
Take a look at the logs for tcp://{10, 1, 3, 181}:5000 and it should contain
the information in there
Filip
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing only a single web application on Tomcat
On 8 Dec 2011, at 16:50, Savitha Amelia wrote: > Hi, > > I have multiple applications hosted on my tomcat server which includes web > services, web applications etc. > > To secure the web services, we made changes to server.xml ->connector > element and defined roles in tomcat-users.xml. > In the web services, we made changes in the web.xml to add the > security-constraint, security-role etc. > > However, the problem we are facing is that all the web application hosted > on the Tomcat are prompting for certificate while accessing them. > > Is there any way to restrict the security only to a single web component on > the Tomcat server rather than the entire server or all applications on the > server. Yes. Depends on what your requirement is and what you've done so far. Maybe you could tell exactly? p > > Thanks, > Savitha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Securing only a single web application on Tomcat
On 8 Dec 2011, at 23:41, Pid * wrote: > On 8 Dec 2011, at 16:50, Savitha Amelia wrote: > >> Hi, >> >> I have multiple applications hosted on my tomcat server which includes web >> services, web applications etc. >> >> To secure the web services, we made changes to server.xml ->connector >> element and defined roles in tomcat-users.xml. >> In the web services, we made changes in the web.xml to add the >> security-constraint, security-role etc. >> >> However, the problem we are facing is that all the web application hosted >> on the Tomcat are prompting for certificate while accessing them. >> >> Is there any way to restrict the security only to a single web component on >> the Tomcat server rather than the entire server or all applications on the >> server. > > Yes. Depends on what your requirement is and what you've done so far. > Maybe you could tell exactly? Ah, the perils of replying before all mail has downloaded... p > > > p > > > >> >> Thanks, >> Savitha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat user roles
Thanks to all for the explanation. I have a new question regarding the admin role. With default setup, if I login as admin, I can start,stop, undeploy and deploy the application. Now, because the admin password has been shared by team, and I can't not share it with team. So I plan to disable undeploy and deploy function from the web admin URL for the admin account. If anyone need deploy new version, they have to login the Unix box to do it manually. With that I can trace and have records easily. So I edit the file webapps/manager/WEB-INF/web.xml, and remove all the xml sessions for remove, install, undeploy, deploy and save. But after I restart the tomcat server, *I still can deploy and undeploy*. Something I missed? part of tomcat-users.xml Below are the lines I remove from the web.xml file. Manager /install Manager /remove Manager /deploy Manager /undeploy /remove /deploy /undeploy /reload I don't find the admin part in web.xml. Regards, Bill On Wed, Nov 30, 2011 at 5:25 AM, Mark Thomas wrote: > On 29/11/2011 17:05, Christopher Schultz wrote: > > Mark, > > > > On 11/29/11 11:15 AM, ma...@apache.org wrote: > >> Christopher Schultz wrote: > > > >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > >>> > >>> Bill, > >>> > >>> On 11/28/11 7:08 PM, Bill Wang wrote: > Here I have the last question, what's the reload option, is > it same as stop/start? > >>> > >>> According to markt (who is known to be occasionally > >>> trustworthy): > >>> > >>> reload = stop + start > > > >> I'm pretty sure I didn't say that. > > > > Sorry, you said: > > > > On 11/25/11 12:47 PM, Mark Thomas wrote: > >> There is no such command as restart. You'll need: > >> /html/stop > >> /html/start > > > > I drew my own (perhaps incorrect) conclusion from that. > > In short: > reload != restart > > Fuller explanation below. There is a subtle but important difference. > > Mark > > >> Reload keeps the same Context object (and doesn't reread the > >> Context config) but does re-read web.xml and allows Jars to be > >> updated. > > > >> Stop/start creates a new Context object (as well as re-reading > >> web.xml) and is therefore is a full restart of the context. > >> Reload is sort of half a restart. There is no single command > >> equivalent to stop/start. > > > > Gotcha. > > > > -chris > > > > - > > > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Custom realm.authenticate() that would work with any realm - possible?
Hi, This is a followup to an earlier thread, "Do any of the Tomcat LDAP-type realms support "no password" authentication?". As I mentioned in that earlier thread, I'm still new to Tomcat, and still trying to find my way around, and understand (somewhat) its security design, so apologies in advance if my terminology is incorrect. Ok. I've been experimenting with writing what I think is called a custom realm, that would have a "no password" authenticate() method. What I think that I've been able to do is to implement a new realm where all I do in my code is override the uthenticate(Context, string, string) method. For my initial attempt, I'm just extending the JNDIRealm, and just overriding that one method, and I think that this works. However, ideally, I really want to be able to do this (override the authenticate() method with any of the default realms that come with Tomcat, whereas with the approach that I'm currently working (extending the JNDIRealm), in order to do this for all the different realm types, I'd have to implement something similar, with a custom realm corresponding to each of the out-of-box Tomcat realm types. That might be ok, but I was wondering if there might, perhaps, be another way to do what I'm trying to do (basically have an realm.authenticate() method that doesn't require a password, but that would work with any realm? Thanks, Jim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Custom realm.authenticate() that would work with any realm - possible?
> From: oh...@cox.net [mailto:oh...@cox.net] > Subject: Custom realm.authenticate() that would work with any realm - > possible? > I was wondering if there might, perhaps, be another way to do what > I'm trying to do (basically have an realm.authenticate() method that > doesn't require a password, but that would work with any realm? Look at the CombinedRealm; you might be able to use your no-password realm in conjunction with one of the others, since the doc says "Authentication against any Realm will be sufficient to authenticate the user." I don't know if that will get you the necessary roles established. http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#CombinedRealm - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
upgrading from 6.0.20 to 6.0.35
hi, how easy is to upgrade? can i use the server.xml in 6.0.20 without changes in 6.0.35? thanks, angelo -- View this message in context: http://old.nabble.com/upgrading-from-6.0.20-to-6.0.35-tp32938729p32938729.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: upgrading from 6.0.20 to 6.0.35
On 9 Dec 2011, at 06:28, AngeloChen wrote: > hi, > how easy is to upgrade? can i use the server.xml in 6.0.20 without changes > in 6.0.35? thanks, Yes, but we still usually recommend starting afresh each time. It should relatively simple, just make a backup copy of each file you edit, first. NB it's often easier to remove all of the XML comments once you're in production, so you can see the doc content more clearly. p > angelo > -- > View this message in context: > http://old.nabble.com/upgrading-from-6.0.20-to-6.0.35-tp32938729p32938729.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
