The Verisign Tomcat instructions have some serious problems... but I understand that
they are working on fixing them.
I have not tried this, but I was told that the following should work:
- You don't really use a chain/intermediate certificate with the Verisign Test certs.
What you use is the
It seems that obtaining and installing SSL certificates from different Certificate
Authorities is not consistent. Even within the same CA, the procedure for real and
test certificates is not necessarily the same. To make matters worse there appear to
be differences in the operation of the Java
I assume you mean web application, not applet.
An alternative is for the webapp to read the file from "somewhere on the classpath".
I have not tried it and don't know the exact technique, but you should be able to find
how to do it. Then you could put your file in web-inf/classes in your .wa
If you are using log4j in your app, make sure you place commons-logging.jar and the
log4j jar file in Tomcat's common/lib and place a log4j properties file in
common/classes. This was in a previous thread - look for a posting in the archives
using the error message as search text.
Also, if you
DOCUMENTATION MAINTAINERS: Please read. Contact me if you have questions.
Mark:
Thanks, your comments were key to figuring things out the problem. Apparently the
docs are out of date and incompatible with current the JDK/Tomcat5 behavior. I still
don't know why keytool refuses the .p7b keys
Has anyone had success using a test certificate from Verisign or other Certificate
Authority using JDK 1.4.2_03 and Tomcat 5?
Sun changed defaults in the JDK in the recent past (like using X.509 certs instead of
PKCS#7, and apparently the list of default ciphers) and now Tomcat chokes on Verisig
keytool in JDK 1.4.2_03 no longer seems to accept PKCS#7 certificates by default and I
have not found a parameter to tell it to use them.
When I do as you suggested (or download a Thawte pkcs#7 certificate) I get "keytool
error: java.lang.Exception: Input not an X.509 certificate".
Also, k
I would suggest you let the database do the enforcing. If you are using individual
user IDs, define database groups with those access rights and place the users on them.
If you are using an application ID and doing user authentication in a different way,
you can define an application ID for
I encountered this problem 3-4 years ago. According to Sun this is by design.
ObjectOutputStream keeps the handles of all objects until you execute a reset() or
close the stream.
Unfortunately, if you don't do one of these things you end up with a memory leak
because the objects are never g
This is probably not the only way to accomplish what you want, but a simple one to
code for.
1)Define your DataSource resource in of conf/server.xml.
2)Add a to the DataSource in the application context file in
conf/Catalina//.xml
This way the only applications that are able to access the dat
I assume you found this mailing list in jakarta.apache.org/tomcat. There is extensive
documentation in the site to help you get started - not perfect, but very good.
Support is through this mailing list (I have seen a few names repeat often, and I
would not be surprised if they were part of t
I thought I had all my Tomcat issues resolved and was ready to go from the self-signed
cert to one issued by a CA. So I followed all the steps, generated a CSR, got the
root cert and test cert, installed them into the keytool, and restarted the server.
An exception is thrown saying:
No avail
One more note that may (or may not) be relevant: I am running Tomcat with a dedicated
solaris user ID, not as root.
-Original Message-
From: ext Shapira, Yoav [mailto:[EMAIL PROTECTED]
Sent: Friday, January 16, 2004 11:39 AM
To: Tomcat Users List
Subject: RE: NoClassDefFoundError: Digest
That is very strange. I untarred from the posted binary
"jakarta-tomcat-5.0.16.tar.gz" to the target directory, then modified server.xml. The
error happened until I copied those two files to common.
Could it be that we used different install sources or approaches?
bruno
-Original Messa
This could be a bug on the latest distribution of Tomcat 5.0.16 for Solaris. I just
did a standard install from scratch, modified the Connector ports to new numbers (to
avoid conflicts with previous install), renamed localhost to the real machine name in
and in , and nothing else. I had the s
Then try a servlet filter (this is what I normally do). That should save you from
having code on each JSP page. Search the web for a good tutorial.
But you still have to decide what action you want to take when a user is not logged,
since your URL is being hit and some response is required.
b
SUMMARY OF PROBLEM - for future people scanning the archives:
Needed to disable session persistence for an application.
SOLUTION:
To turn off session persistence for an application, include a Manager clause (similar
to this one) in the application context file:
It does no
A trivial solution is to store something (anything) in the user session during login,
and then retrieve it in the JSP. If the retrieved value is not null, then the user is
logged in. If the user is not logged in, you can redirect him to the login or an
error page.
Of course, this is only one
We might have just fixed each other's problem.
I have the exact opposite problem (with Tomcat5) - I need to drop the sessions when I
redeploy, since new versions might carry different objects and one of my objects is
not serializable yet. And I don't need to preserve the sessions across vanilla
I had already done this, but as soon as I start the sessions go active again. My
guess is that I am interpreting the docs incorrectly... I wish they had some examples
included in the docs... it would make misinterpretations far less likely and cut down
on dumb questions like mine.
The followin
Disabling session persistence was my first choice. But I have been unable to find any
clear information as to how to accomplish it.
I imagine there is something that I can put on server.xml (or if I am lucky, in the
application context's .xml)... if so, my questions are "what" and "where".
-
Stopping an application in Tomcat manager (either through browser or http call) stops
the app but does not terminate the associated sessions.
How can you kill the sessions after stopping an application?
Bruno Melloni
eBusiness Application Center, Americas
Nokia, Inc
6000 Connection Drive, Mailst
Thanks for all the help. I was not able to discover the exact cause of the problem,
but I tracked the issue down to a problem with misconfigured DNS and Proxy servers. I
was able to consistently avoid it by not using the proxy for this server (since it is
in the intranet) and using a fully qua
The default install of Tomcat 5 tries to persist the session across application
deploys and server restarts. I need Tomcat to issue new sessions after each deploy
and server restart. How do I do this?
I saw a posting that suggested adding to the
application context, but it had no effect.
Th
The following should either be added to the documentation (as something admins should
do) or fixed as a bug.
ISSUE: Tomcat 5 does not come with log4j, but appears to be aware of it and attempts
to use it for the server if log4j is included in a webapp. As a consequence some of
the commons com
BTW, I when this failed to produce debug messages I tried to verify that there are
classes with the org.apache.tomcat.net package in Tomcat 5. Maybe I missed it, but I
did not see it on any of the jar files.
b.
-Original Message-
From: Melloni Bruno (Nokia-BI/Dallas)
Sent: Tuesday, Ja
Mixed results:
- I got no debug messages when it failed even after setting
log4j.logger.org.apache.tomcat.net=DEBUG.
- By experimenting (afterwards) and placing the files in common/lib and common/classes
instead of server/lib and server/classes and adding
log4j.logger.org.apache.catalina.sessi
Yes, pretty annoying isn't it? I hope an admin (if there is such a person) will
remove this user from the list.
-Original Message-
From: ext Altankov Peter [mailto:[EMAIL PROTECTED]
Sent: Tuesday, January 13, 2004 8:37 AM
To: Tomcat Users List
Subject: [EMAIL PROTECTED] - no such user he
This might be a dumb comment, but you do know that Tomcat's HTTPS port is 8443 by
default, defined in server.xml, right? And that is only *after* you uncomment that
part of the server.xml and do all the other Tomcat SSL setup tasks. I hope this helps.
-Original Message-
From: ext Omkar
If you are running tomcat at a normal high port (like the default 8080) there is
nothing special to do... just install the JDK in the user home directory, modify your
.profile so that you have the right paths and environment variables available, and
then install tomcat normally.
If you are tr
There are many theories out there. From personal experience, the simplest/cleanest
way to do it is with Struts + the sslext plugin. But even then, don't expect it to be
trivial. Run some Google searches to find components, tutorials, articles, etc.
Those things should make your life a little
I found very good instructions in both the Documentation section of the Tomcat site,
and in the server.xml file itself. Look there. Make sure you use JDK 1.4.2_03 or
higher (problem with expired CA certificate in previous versions).
-Original Message-
From: ext Brian Boyle [mailto:[EMA
This is the log4j.properties file that I created and that should do what you
recommended, unless I missed something. Does Tomcat 5 have any special requirements
for log4j?
log4j.logger.org.apache.tomcat.net=DEBUG
log4j.rootLogger=INFO, RollFile
log4j.appender.RollFile=org.apache.log4j.RollingFi
I have it in both places (common/lib and WEB-INF/lib), and (for other -unrelated-
reasons) also in the JDK's lib/ext folder. I did know the driver would not be visible
to the connection pool unless it is in common/lib. I could remove the extra copy of
the driver from WEB-INF/lib without ill-ef
Bill,
Where do I find the place to set the debug level for 'org.apache.tomcat.net'?
I apologize for bugging you with this. I already searched the Tomcat docs, the whole
Tomcat 5.0 deployed tree, and the contents of the whole conf directory (including
server.xml) but could not find where Tomcat
I am using JDK1.4.2_03, and the oracle drivers ojdbc14.jar. No problems.
-Original Message-
From: ext Jeremy Martinez [mailto:[EMAIL PROTECTED]
Sent: Monday, January 12, 2004 10:29 AM
To: [EMAIL PROTECTED]
Subject: tomcat 5 and oracle 8i
I am running tomcat 5 and java 1.4. I am attempt
Wouldn't you just have a URL link to the actual files in your HTML? The browser
should be smart enough to open up the appropriate application and display it, since it
will recognize its extension/mime-type.
bruno
-Original Message-
From: ext Vitor Buitoni [mailto:[EMAIL PROTECTED]
Sent
Yes, that sounds about right. A manual restart of the server seems to be required,
which is what I meant by autodeployment not working. As a matter of fact, although I
have not tried it yet, I would not be surprised that a manual deploy to Tomcat would
also require a server restart.
>From e
I am using 5.0, so that should not be a problem.
But are you sure the bug is fixed in 5.x? Before this I had the DataSource defined at
the application context level, and I had noticed that the application would crash if I
redeployed without "shutting down, deleting the deployed application di
Bingo!!! That was it.
It might be a good idea to add a paragraph to the JDBC DataSources section of the
documentation that mentions:
(a) That global datasources are defined in of server.xml
(b) The need for the in the application context .xml file
I had the mistaken impression that anything
Yoav,
This was detected both before and after applying the "fix" snippet to web.xml, by both
the security analysis tool and by typing "TRACE / HTTP/1.0" and hitting return twice
on a telnet session.
I am not familiar with the analysis tool used by our security team, but I know it is
supposed t
There does not appear to be any place in Tomcat to disable the HTTP TRACE. This is a
well known vulnerability that affects most servers and is consistently used by hackers
to gather information useful for their attacks.
Is there a formal URL for reporting Tomcat bugs?
In the past I have detect
I have an Oracle JDBC datasource that I defined in the Tomcat5 context for an
application (conf/Catalina/localhost/nwg.xml). Works fine, context file listed below.
But when I tried to move the datasource to the section of
server.xml so that it would be accessible to all apps it gets recogni
Problem:
- Making any https call fails with the message "Forbidden. You were denied access
because: Access denied by access control list.".
- The failure happens even accessing https://:8443/tomcat-docs, while a regular
http call succeeds.
- The failure happens with some browsers (i.e.: Mozilla
44 matches
Mail list logo
