Justin Morgan - Logic Sector wrote:
Hi Tomcat users,
Maybe I'm not googling with the right keywords, but I can't seem to find
a simple answer to this...
I have a standard Tomcat 6.0.10 installation (no Apache httpd front end
or anything). All the contents of the webapps directory have bee
Hi Tomcat users,
Maybe I'm not googling with the right keywords, but I can't seem to
find a simple answer to this...
I have a standard Tomcat 6.0.10 installation (no Apache httpd front
end or anything). All the contents of the webapps directory have been
removed, and a single web app has
Hello Again;
I tried the following, did not take effect;
What am I doing wrong here please;
My jkmanager shows this for the Loadbalancer "TEST" and it has only one node
called "NODE1"
NameTypeHostAddrAct State D F M
V Acc Err CE
Thank you. I will.
Regards
mohan
Rainer Jung-3 wrote:
>
> Mladen Turk wrote:
>> Mohan2005 wrote:
>>> On the same front, say we have 50 nodes and one jkmanager.
>>> There would be a management problem to disable/activate nodes.
>>> Is there a way to disable/activate nodes passing URL parameters
On 10 Jun 2008 at 17:20, Christopher Schultz wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Steve,
>
> Steve Ochani wrote:
> | Off topic remark. I hope you don't use [Fedora Core 8] on
> production
> machines. Fedora is not
> | designed for that.
>
> What leads you to that conclus
I need to execute it before an application executes.
I know filters are the way but I need to communicate with an applet and I
think filters and applets can´t have a two-way communication.
Thanks.
Christopher Schultz-2 wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Maux,
>
>
Christopher Schultz wrote:
Mark,
Mark Thomas wrote:
| This attack requires luring a user who is already logged in to a webapp
| running on a vulnerable Tomcat server to a malicious site. With a
| suitably crafted URL, the attacker is able to steal the authentication
| cookie for the user who w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
Mark Thomas wrote:
| This attack requires luring a user who is already logged in to a webapp
| running on a vulnerable Tomcat server to a malicious site. With a
| suitably crafted URL, the attacker is able to steal the authentication
| cookie f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ming,
Yu, Ming wrote:
| 2) After the service is initiated, there are two processes staying
| resident in memory: one is the jsvc controller process and the other is
| the main tomcat process. Everything is fine. The main process is
| detached fr
Christopher Schultz wrote:
André,
André Warnier wrote:
| thank you for the explanations below. And I apologise if I answered
| rather testily before.
It happens. Just remember that Mark happens to be a Tomcat dev, so he's
in a position to know the Truth ;)
Not that that means I am always r
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve,
Steve Ochani wrote:
| Off topic remark. I hope you don't use [Fedora Core 8] on production
machines. Fedora is not
| designed for that.
What leads you to that conclusion?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32
Christopher Schultz wrote:
Mark Thomas wrote:
| The worst case is that the attacker will obtain the ID for the current
| session. With this the attacker has access to the session as the current
| user.
Who is "the current user"? If the attacker already has the session id,
there's no need to hit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yves,
Yves Glodt wrote:
| I need to run now another application on tomcat, and what I think to
do is to
| have another "instance" of tomcat running on another port, isolated
from my
| OpenCms, with a different webapps folder as well.
Yep, you need a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luca,
Luca Bertuccelli wrote:
| I'd like to use some JSP of one context into different contexts without
| copy[ing] them.
Why /not/ copy them?
| Is it possible?
I'm sure it's possible, but Tomcat does not include any configuration
options to actu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arun,
Sudhir, Arun wrote:
| Do you mean to say that every webapp is a separate thread?
No.
| So
| the userid for the Runtime.exec() would be the id of the user starting
| the servlet conatiner (by running startup.sh)?
Yes. Child processes inherit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Zufeng,
Zufeng Huang wrote:
| I post a topic about the performance of apache+mod_jk_tomcat
| yesterday, and just now, I tried apache ab as the tool to do a
| benchmark. But the result is amazing.
[snip]
| 1, According to my configurations, apache(2
David Momper wrote:
In my application, I am trying to upload files to be stored in the
directory [application root]/files. To get the path to write files
to, I am using:
request.getSession().getServletContext().getRealPath("/files");
However, this is returning the directory:
"apache-tomcat-6.0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Nameless,
Nam3l3ss wrote:
| I have a bean on a jsp page (jsp:UseBean) , with application scope,
that uses
| some resources that must be freed when the application is stopped/reset.
|
| I'm currently using a context listener to detect when does the se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
Martin wrote:
| If you're in a secure location that disallows cookies..you can always
| try url-rewrite
Dude. The container does URL rewriting without requiring other tools.
Stop confusing people with this junk.
- -chris
-BEGIN PGP SIG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
Sorry, one more comment:
André Warnier wrote:
| Off-topic : Are you sure that can really happen ? I must admit that I
| have never seen that behaviour before, and it seems to me that it would
| create a host of other problems (such as breakin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
André Warnier wrote:
| thank you for the explanations below. And I apologise if I answered
| rather testily before.
It happens. Just remember that Mark happens to be a Tomcat dev, so he's
in a position to know the Truth ;)
- -chris
-BE
Chris,
Do you mean to say that every webapp is a separate thread? So
the userid for the Runtime.exec() would be the id of the user starting
the servlet conatiner (by running startup.sh)? Is there a place like a
catalina.policy or something where I can say "hey tomcat, this is userid
with wh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Arun,
Don't hijack threads :(
Sudhir, Arun wrote:
| I'm using Tomcat in Linux and when I use Runtime.exec from Tomcat, the
| unix commands run as user "dingo". But I have another user "aruns" and I
| would like ONE AND ONLY ONE of my web application
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
Mark H. Wood wrote:
| Sorry, I didn't fully specify the problem. I do refer to
| URI-(en|de)coding, not to character encoding issues.
If the original URL was "http://server/app?foo=a%20space"; (or even
"http://server/app?foo=a+space";, then c
I'm using Tomcat in Linux and when I use Runtime.exec from Tomcat, the
unix commands run as user "dingo". But I have another user "aruns" and I
would like ONE AND ONLY ONE of my web applications to use Runtime.exec()
to run a perl script as user "aruns" and not as user "Dingo". Is this
possible? If
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Maux,
maux wrote:
| I would like to know if there is something that I can configure to an
| application that force the application to execute that thing before it
| executes. I mean I need something that does more or less the same that a
| filter bu
Christopher Schultz wrote:
Yep. It's part of the servlet specification. Maybe as you move forward,
you could look into using that and reduce the amount of code you have to
maintain. Note that TC container-managed authentication does not allow
drive-by logins (that is, logins that didn't result fr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
BurnInHell wrote:
| Since I want to access the application from "outside" and I have no access
| to the firewall which is only enabeling https I want to access my
| application over https://server.domain/app using:
|
| proxypass /app http://l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill,
Bill Davidson wrote:
| Christopher Schultz wrote:
|> Is there any particular reason you are not using the built-in
|> container-based security mechanism?
|
| I don't know. I didn't design it. Was that container based security
| available in T
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
I have a few questions myself. See inline.
Mark Thomas wrote:
| Annony Mouse wrote:
|> 2.) If (1) is fact, can the exploit expose ALL Session IDs? Is it
|> dumping all of the data in all the sessions, or 'just' the sessionID
|> map?
|
| The w
Christopher Schultz wrote:
Did you change Tomcat code, or your own code?
Our own code. We have an explicit login servlet that handles
checking the login/password against values stored in our Oracle
database.
Okay, so it sounds like you are using your own. Is there any particular
reason you a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill,
Bill Davidson wrote:
| However today, I discovered door #3. Make the login servlet (which is
| https) create and set the cookie as a non-secure cookie instead of letting
| Tomcat create the JSESSIONID itself. This is a minor change to the cod
> From: David Momper [mailto:[EMAIL PROTECTED]
> Subject: getRealPath() returning temp space path
>
> However, this is returning the directory:
> "apache-tomcat-6.0.16/temp/#-Application/files" where #
> is a number 0-9.
> I thought it was supposed to return the path
> "apache-tomcat-6.0.16/webapps
kohanm wrote:
here they are:
[EMAIL PROTECTED] usr]# cd java
[EMAIL PROTECTED] java]# cd jdk*
[EMAIL PROTECTED] jdk1.6.0_02]# cd bin
[EMAIL PROTECTED] bin]# ls -l
...
-rwxr-xr-x 1 root root 135168 Jun 14 2007 java.exe
...
I have no way to find out how you have managed that, but whatever
y
It's possible. Unfortunately it's not really practical to upgrade the JVM on the
machine. As a work around I've found I can manually unzip the war and set the
directory and context path in the html manager.
On Tue 06/10/08 9:43 AM , Filip Hanik - Dev Lists [EMAIL PROTECTED] sent:
> could you be r
In my application, I am trying to upload files to be stored in the
directory [application root]/files. To get the path to write files
to, I am using:
request.getSession().getServletContext().getRealPath("/files");
However, this is returning the directory:
"apache-tomcat-6.0.16/temp/#-Application/
worked fine for me, here are my config files and example JSP files
http://people.apache.org/~fhanik/replicated-context-example.zip
Filip
gangadhar p wrote:
Hi Guys,
The Tomcat 6 documentation
(http://tomcat.apache.org/tomcat-6.0-doc/config/cluster.html) says that the
Context (ServletContext,
Mladen Turk wrote:
Mohan2005 wrote:
On the same front, say we have 50 nodes and one jkmanager.
There would be a management problem to disable/activate nodes.
Is there a way to disable/activate nodes passing URL parameters to
jkmanager
?
No, but that's a good idea to put a wildchar processi
could you be running into
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6280693
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6332094
so an upgrade to the JVM might fix it
Filip
Reid Swanson wrote:
Hi,
I have a web app that includes a large amount of data and I am having trouble
dep
Mohan2005 wrote:
On the same front, say we have 50 nodes and one jkmanager.
There would be a management problem to disable/activate nodes.
Is there a way to disable/activate nodes passing URL parameters to jkmanager
?
No, but that's a good idea to put a wildchar processing
for worker names (s
Charles J Gillan wrote:
If I try to access via my IP address, still on my own PC, that is for example
http://192.168.1.100:8080/MYAPP
I get an error message.
What is the error message?
Mark
-
To start a new topic, e
Black Bourne wrote:
Hi,
When accessing /manager/html remotely I am asked for username and password, but then I get a "401 access denied" error regardless.
However I am able to log in to the manager app locally, e.g.
http://localhost/manager/html works.
Is a remote address valve configured
I appreciate that this question may have been asked before, but I can't track
down an
easy way to move forward on it, so am turning to the list for help.
I downloaded and installed (WinXP) Tomcat 6.0.16 - its working fine and I have
created a small application with JSPs and Servlets and client si
On the same front, say we have 50 nodes and one jkmanager.
There would be a management problem to disable/activate nodes.
Is there a way to disable/activate nodes passing URL parameters to jkmanager
?
Or is the only way to edit the workers.properties file and use the
'activation' keyword.
Exampl
On Tue, Jun 10, 2008 at 4:17 PM, Jörg Fröber <[EMAIL PROTECTED]> wrote:
> An explizit call of response.flushBuffer() seems to have solved the problem.
>
So it could indeed be worth it if you provide a test JSP.
Rémy
-
To start a
Hi,
When accessing /manager/html remotely I am asked for username and password, but
then I get a "401 access denied" error regardless.
However I am able to log in to the manager app locally, e.g.
http://localhost/manager/html works.
I am running a java based website on the same Tomcat serve
Am 10.06.2008, 15:13 Uhr, schrieb Rémy Maucherat
<[EMAIL PROTECTED]>:
On Tue, Jun 10, 2008 at 2:54 PM, Mark Thomas <[EMAIL PROTECTED]> wrote:
Can you provide the source of the simplest JSP that causes the error?
What
we need is a test case we can use to investigate this. The simpler the
te
Hi,
I'm currently attempting to configure IIS+Tomcat via the IIS connector
as per instructions at:
http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
So far I've been having no luck at all, browsing
/examples/jsp/index.html just returns a 404:
IIS Log:
3131-08-08 04:43:02 W3SV
On 9 Jun 2008 at 20:10, Bill Davidson wrote:
.
.
.
> I didn't really do it as a filter though. The login servlet, after
> verifying the
> user's login and password, just creates and sets the cookie in the response
> rather than letting Tomcat create the cookie.
I would make sure to do some t
On Tue, Jun 10, 2008 at 2:54 PM, Mark Thomas <[EMAIL PROTECTED]> wrote:
> Can you provide the source of the simplest JSP that causes the error? What
> we need is a test case we can use to investigate this. The simpler the test
> case the better.
I suppose he should increase the header size, or (be
Jörg Fröber wrote:
I've build tomcat from
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk and there still
occurs an error.
Here is the stacktrace:
Can you provide the source of the simplest JSP that causes the error? What
we need is a test case we can use to investigate this. The simpl
Am 09.06.2008, 19:15 Uhr, schrieb Mark Thomas <[EMAIL PROTECTED]>:
Jörg Fröber wrote:
Hello,
using Tomcat 6.0.12 on one jsp page sometimes the following error
occurs:
java.lang.ArrayIndexOutOfBoundsException: 8192
That looks like a Tomcat bug. Do you see the same problem with the
lat
Sorry, not always easy to keep a thread with the huge traffic on this list.
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Benoit,
Benoit Maisonny wrote:
| Christopher Schultz wrote:
|>
|> Benoit,
|>
|> Benoit Maisonny wrote:
|> | I suspect someone forgot to encode th
Sorry about this, I messed subjects up.
Abraham Marín Pérez <[EMAIL PROTECTED]>
Responsable de I+D
SILVANO CONSULTORES
Tfno.: 93.412.79.12 -- Fax: 93.410.92.90
http://www.silvanoc.com/
[EMAIL PROTECTED]
09/06/2008 17:29
Por favor, responda a "Tomcat Users List"
Para: "Tomcat
Ok, I will check the filter what it does
Thanks for the comments.
On 6/9/08, Len Popp <[EMAIL PROTECTED]> wrote:
>
> Both the Exchange server and the email client (Outlook) can filter
> messages. You'll have to check the filtering settings on both client &
> server to find out exactly why your ema
55 matches
Mail list logo
