Hi Uwe
Great news - it took us days to find this on our intranet. It wasn't helped
by the fact that only one of our call centre operators had the problem, and
she worked in a centre 400km away. It turned out that her desktop always had
a particular SAP application open plus one of ours.
I s
> From: Varuna Seneviratna [mailto:varunasenevira...@gmail.com]
> Subject: Re: Fwd: Is it not possible to install apache-tomcat-6.0.20
> with a J2SE 5 JRE: A new development
>
> Using JAVA_HOME:C:\Program Files\Java\jdk1.6.0_14
> Using JVM: C:\Program
> Files\Java\jdk1.6.0_14
hello,I found this in the servlet specification:
"
• The deployment descriptor lists the following welcome files.
index.html
default.jsp
• The static content in the WAR is as follows
/foo/index.html
/foo/default.jsp
/foo/orderform.html
/foo/home.gif
/catalog/default.jsp
/catalog/products/shop.jsp
In the file Tomcat 5.5\conf\catalina.properties I simply added this line:
org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false
To get rid of the jasper double quotes error.
Thanks for the link Mark.It was useful.
-LS
--
View this message in context:
http://www.nabble.com/TC-5.5.27-u
Andre,
I am sorry if I got your remark from the wrong end and apologies if it
did heart you.I posted things on to the list as they unfolded.This anti
virus issue did not happen until a moment ago I made the post.From the
beginning of this issue I have not kept back any information that was
re
Hi,
We observed that content-length header is missing in response headers for a
HEAD request when used along with Apache 2.0.53, mod_jk 1.2.28 and tomcat
6.0.18.
The header appears correctly when only mod_jk is rolled back to version 1.2.21
(the previous production version for us).
Is this a k
> From: David Smith [mailto:d...@cornell.edu]
> Subject: Re: is there any difference?
>
> I'm fairly sure there is no difference between the two.
There's no effective difference, but the HTTP RFC requires the trailing slash
when a specific resource is not in the URL. That's why the browser adds
I'm fairly sure there is no difference between the two. The browser
contacts www.google.com on the default port 80 and then sends a GET /
request regardless of whether the last '/' is in the address bar. Take
a look at one of the many browser plugins like Firebug for Firefox to
see it for your se
On 22-Jul-2009, at 20:23, Andre-John Mas wrote:
Hi,
If I create a folder in the base of my web application, for example:
webapp/mydir
can I prevent access to it?
What I am wanting to do it create modules within my web application
that contain the associated components:
webapp/
mod
Here is one alternative:
use a servlet that will handle all the illegal accessed files by define
corresponding servlet-mapping in web.xml.
eg.mapping ErrorServlet to /code dir,and return error code SC_FORBIDDEN
(403).
2009/7/23 Andre-John Mas
>
> On 22-Jul-2009, at 22:36, Hassan Schroeder wrote:
On 22-Jul-2009, at 22:36, Hassan Schroeder wrote:
On Wed, Jul 22, 2009 at 5:23 PM, Andre-John Mas> wrote:
I want to ensure that someone typing:
http://../webapp/module/jsp/abc.jsp
won't be able to access the resource. I know I could put the JSPs
in WEB-INF
(it is what I do now), t
On Wed, Jul 22, 2009 at 5:23 PM, Andre-John Mas wrote:
> I want to ensure that someone typing:
>
> http://../webapp/module/jsp/abc.jsp
>
> won't be able to access the resource. I know I could put the JSPs in WEB-INF
> (it is what I do now), though I am wanting to explore another way of
> or
> From: Andre-John Mas [mailto:andrejohn@gmail.com]
> Subject: Preventing access to directories?
>
> I know I could put the JSPs in WEB-INF (it is what I do now),
> though I am wanting to explore another way of organising and
> grouping related resource, for easier management.
Since protectio
Hi,
If I create a folder in the base of my web application, for example:
webapp/mydir
can I prevent access to it?
What I am wanting to do it create modules within my web application
that contain the associated components:
webapp/
module/
js/
css/
jsp/
i
Lisa D Beggs/AC/VCU wrote:
The default Tomcat page is what I get if I try to enter that on the server
hosting Tomcat & Crystal Reports Server.so my configuration in the
server.xml file must be incorrect.
If I try to type in the webpage from another computer it can not find the
page.
..
Caldarale, Charles R wrote:
From: cokecc [mailto:coke.contre...@gmail.com]
Subject: Re: tomcat manager menu, problems
ok, I understand.
Apparently not.
Ah good ! I thought it was only me..
-
To unsubscribe, e-mail: users-un
Thanks Chuck -
Sorry - yes v5.5, and i am referring to the admin webapp that came
with it. I have to allow for end-users that don't want to use LDAP, nor
another DB (I know it is stupid). So i was hoping there was a way to
make the admin app write the passwords in digest form.
Thanks -Kurt
O
Manually, the Tomcat Manager web app allows me to easily restart a web
app. So, assuming I have the tomcat manager username and password, I
can make a program invoke the same URL that probably would cause the web
app to reload, using something like:
https://myhost.com/manager/html/reload?path
> From: Kurt Heberlein [mailto:ku...@3pardata.com]
> Subject: Digested passwords stored in tomcat-users.xml by admin
> application?
>
> is there a way to make the admin application
If you're referring to the admin application that comes with older versions of
Tomcat, that's a dead end. (Note t
> From: cokecc [mailto:coke.contre...@gmail.com]
> Subject: Re: tomcat manager menu, problems
>
> ok, I understand.
Apparently not.
> but how can I do to when you click on those links,
> the context appears / mysite /
You can't.
> http://sitio.pagina.com/misitio/manager/html
> Is this possible
Hi all,
I know this is probably a common question, but i can't find an answer
that is satisfactory. If i configure tomcat to use digested passwords
in server.xml, is there a way to make the admin application write them
digested in the event a password is changed or a new user is created??
Each
On Wed, Jul 22, 2009 at 2:25 PM, cokecc wrote:
> ok, I understand.
Uh, well, then.
> Tomcat Manager <---
>
> http://sitio.pagina.com/misitio/manager/html
>
> Is this possible?
No. Unless you absolutely must have it and are willing to put httpd
with mod_rewrite (or equiv) in front, and even
In a production environment in which JSPs do not change frequently, I'd
like to reduce the overhead of checking for JSP recompiles, assuming
that such checks are in fact costly, and instruct Tomcat to recompile a
given JSP should it change. In our environment, the JSP is written out
by our web
ok, I understand. but how can I do to when you click on those links, the
context appears / mysite /
For example:
Administration
Status
Tomcat Manager <---
http://sitio.pagina.com/misitio/manager/html
Is this possible?
Hassan Schroeder-2 wrote:
>
> On Wed, Jul 22, 2009 at 2:05 PM, c
Hi,
I was wondering when Tomcat 5.5.28 will be released?
We would like to upgrade to address vulnerability documented in
CVE-2009-0580.
Thanks for great product!
On Wed, Jul 22, 2009 at 2:05 PM, cokecc wrote:
>
> thanks for your reply now
> How do I configure tomcat? to work under the context / mysite /,
Again, the manager app will work fine, but it is associated with the
host, not the context.
You can certainly use the context /mysite/ at the same time,
thanks for your reply now
How do I configure tomcat? to work under the context / mysite /,
http://sitio.pagina.com/misitio/manager/html
Hassan Schroeder-2 wrote:
>
> On Wed, Jul 22, 2009 at 1:19 PM, cokecc wrote:
>
>> This gives me
>>
>> http://sitio.mipagina.com/manager/html
>>
>>
On Wed, Jul 22, 2009 at 1:19 PM, cokecc wrote:
> This gives me
>
> http://sitio.mipagina.com/manager/html
>
> and should appear
>
> http://sitio.pagina.com/misitio/manager/html
No it shouldn't; the behavior you see is correct (the manager app is
associated with the host, not the context).
--
Ha
On Wed, Jul 22, 2009 at 12:10 PM, Lisa D Beggs/AC/VCU wrote:
Sorry, didn't even look at this before:
> appBase="\webapps\InfoViewApp\logon.jsp"
Totally wrong -- change to appBase="/webapps"
>
Remove the Context element totally from server.xml.
Then remove the existing ROOT co
> From: cokecc [mailto:coke.contre...@gmail.com]
> Subject: tomcat manager menu, problems
>
> The problem I have is that this departure is the ip address next
> http://sitio.pagina.com/misitio/
You are mistaken; DNS names do not include slashes, so it's sitio.pagina.com
that resolves to the IP a
I am in a LAN installed with tomcat 6 with an ip 192.168.20.20
The problem I have is that this departure is the ip address next
http://sitio.pagina.com/misitio/
my question is that the entire menu on the left side (and any), fails to
take / mysite /.
for example.
to enter the menu
Administrat
The default Tomcat page is what I get if I try to enter that on the server
hosting Tomcat & Crystal Reports Server.so my configuration in the
server.xml file must be incorrect.
If I try to type in the webpage from another computer it can not find the
page.
On Wed, Jul 22, 2009 at 12:10 PM, Lisa D Beggs/AC/VCU wrote:
> I am hoping you can help me. I am trying to get a DNS entry that we set
> up www.websitename.edu (alias websitename.edu) to point to another page on
> our Crystal Reports Server (Infoview).
DNS entries associate host (and domain) name
Leon Rosenberg wrote:
On Wed, Jul 22, 2009 at 6:15 PM, El Tonno wrote:
Tomcat monitoring for the Poor Man...
and here's the version for the rich man:
http://moskito.anotheria.net/moskitodemo/mui/mskShowAllProducers
:-)
regards
Leon
Hah, nice! I got to ask my boss for a sabattic
I am hoping you can help me. I am trying to get a DNS entry that we set
up www.websitename.edu (alias websitename.edu) to point to another page on
our Crystal Reports Server (Infoview).
We are running Tomcat 5.5.20. I was told I need to set up a virtual host,
I need to point the DNS entries
Caldarale, Charles R wrote:
>> From: Mitch Claborn [mailto:mi...@claborn.net]
>> Subject: Re: Can a Realm communicate with a web application?
>>
>> I found that I can define the Realm in the conext.xml in my WEB-INF,
>>
>
> The context.xml file (not conext.xml) goes into META-INF, not WEB-INF.
On Wed, Jul 22, 2009 at 6:15 PM, El Tonno wrote:
>
> Tomcat monitoring for the Poor Man...
>
> Here's my approach:
>
> The Tomcat application generates counter/gauge information about the JVM
> state as well about "business" values, possibly using a separate thread.
> These are written to the datab
> From: Mitch Claborn [mailto:mi...@claborn.net]
> Subject: Re: Can a Realm communicate with a web application?
>
> I found that I can define the Realm in the conext.xml in my WEB-INF,
The context.xml file (not conext.xml) goes into META-INF, not WEB-INF. Start
again.
- Chuck
THIS COMMUNICA
Pid wrote:
> On 21/7/09 23:23, Mitch Claborn wrote:
>> I am toying with the idea of writing my own Realm for authentication.
>> Much of the code and structures that I need are already present in the
>> web application. Is there any way for the Realm to access Java objects
>> from the web applicati
dori wrote:
thanks for the reply. Does this also give you information about how many
errors users may have received, and posiible the time and load (at the time
of) of those errors?
Hi,
If you can identify that an error occurred, yes. For example, if an
Exception is thrown,
you would catch
thanks, will do.
Hassan Schroeder-2 wrote:
>
> On Wed, Jul 22, 2009 at 8:51 AM, dori wrote:
>
>> I found Lambaprobe but it dosent seem to have been updated in 3 years and
>> im
>> not sure about it supporting tomcat 6.
>
> It works fine with Tomcat 6.0.x. Try it.
>
> --
> Hassan Schroeder
On Wed, Jul 22, 2009 at 8:51 AM, dori wrote:
> I found Lambaprobe but it dosent seem to have been updated in 3 years and im
> not sure about it supporting tomcat 6.
It works fine with Tomcat 6.0.x. Try it.
--
Hassan Schroeder hassan.schroe...@gmail.com
twitter: @hassan
thanks for the reply. Does this also give you information about how many
errors users may have received, and posiible the time and load (at the time
of) of those errors?
dori wrote:
>
> Hello everyone.
>
> What would be the best way or a good way to monitor topcat, so i could see
> when and w
Hi Ron,
thanks a lot! I'm pretty sure that's our problem and I already found some SAP
J2EE Application Servers on our intranet with such a JSESSIONID
"(J2EE...)ID...End"
and (Cookie) Domain instead of Host configured (still right configured).
So I will continue to search for the evil one ...
B
dori wrote:
Hello everyone.
What would be the best way or a good way to monitor topcat, so i could see
when and where any errors are originating from, say if 10 people an hour are
getting a certain http error code then I can work out why and enable me to
see how much load tomcat is under and ho
Hello everyone.
What would be the best way or a good way to monitor topcat, so i could see
when and where any errors are originating from, say if 10 people an hour are
getting a certain http error code then I can work out why and enable me to
see how much load tomcat is under and how it's perfor
So in effect I'm deferring all interaction w/ RAM to be at request time and
not startup time correct?
I guess I could even take it one step further (and easier to implement I
think) where I build some static singleton initializer that manages an "am I
loaded properly" flag and if not, loads its d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ron,
On 7/22/2009 5:09 AM, Ron McNulty wrote:
> The only fix was to correctly configure the offending server - there is
> nothing Tomcat can do. When a browser has two cookies with the same name
> in scope, the outcome is indeterminate. We found that
JeanNiBee wrote:
> Hi
>
> I have two application contexts, /RAM and /UO.
Context initialization is serial. If you try starting in the wrong order you
will be out of luck.
Tomcat won't start serving requests until all the contexts have started.
You can't control the order the apps start in. It w
2009/7/22 Rémy Maucherat :
> On Wed, Jul 22, 2009 at 2:37 PM, Mark Thomas wrote:
>> You'll need to provide more details. Nothing stands out from the security
>> pages.
>>
>> Please provide step by step instructions to reproduce from a clean Tomcat
>> installation.
>>
>> Please also note that poten
David kerber wrote:
> And that, friends, is the best "quick start" summary for setting up
> tomcat I've ever seen. It took me weeks to put together in my mind all
> the pieces that Andre' just presented to you on a platter!! How about
> putting it into the docs or some other very visible locatio
Ron McNulty wrote:
> The only fix was to correctly configure the offending server - there is
> nothing Tomcat can do. When a browser has two cookies with the same name
> in scope, the outcome is indeterminate. We found that the wider scoped
> cookie took precedence. I've often thought the name of t
Hi
I have two application contexts, /RAM and /UO.
OU needs to have RAM running before it can do anything as I have startup
code (Fired during init of my servlet) in UO that needs to access RAM.
The problem I have is that when I do startup the Tomcat container, the
minute my 'init code' get's ex
thanks guys. it worked like charm :)
..alee
http://techboard.wordpress.com
On Wed, Jul 22, 2009 at 6:53 PM, Konstantin Kolinko
wrote:
> org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false
>
I agree with what David writes below, and in addition
1. There should be no ":" after $JAVA_OPTS. It is not a classpath.
2. The preferred way is create a setenv.sh file, either in
$CATALINA_BASE\bin or in $CATALINA_HOME\bin
3. For setting these properties there is an easier way: add the following
On Wed, Jul 22, 2009 at 2:37 PM, Mark Thomas wrote:
> You'll need to provide more details. Nothing stands out from the security
> pages.
>
> Please provide step by step instructions to reproduce from a clean Tomcat
> installation.
>
> Please also note that potential security vulnerabilities should
lanxiazhi wrote:
hello,
I have a web app in tomcat ,where exists some .jsp,.vm files,
these files are saved using different encoding(I think).when requested,some
of them display urgly,garbled.
so I think maybe I can implement such a filter:first read the content of the
file,and* *decide which cha
André Warnier wrote:
...
Now, to redeem myself, here are my suggestions :
- turn off any anti-virus or similar software that might be running
- de-install whatever Tomcat software you have installed, using the
installer/deinstaller package
- verify that you do not have any "remainders" anywhe
pankaj jairath wrote:
> Hello,
>
> I am using Tomcat 6.0.18 and have hit XSS issue, where in tweaked Host
> header containing XSS is processed by the server. I suppose some
> validation check should be done on the Host value to prevent such an
> attack.
>
> Appreciate any inputs are to whether t
My first thought is it's starting too early but that doesn't make a lot
of sense when it's symlinked to S99tomcat5, making it one of the last
services to start. What's in tomcat's logs/catalina.out from the
attempted start?
--David
Peter Lokus wrote:
> Hi list,
>
> I'm running an fresh tomcat 6.
You need to add lines like this to the init script.
http://www.linuxjournal.com/article/4445
# chkconfig: 345 80 20
# description: Tomcat 6.0
so it knows to start on reboot.
You also may want to use jsvc to start and stop tomcat instead of
[startup|shutdown].sh
http://tomcat.apache.org/tomcat-6.0
> From: lanxiazhi [mailto:lanxia...@gmail.com]
> Subject: implement dynamic filter
>
> I have a web app in tomcat ,where exists some .jsp,.vm files,
> these files are saved using different encoding(I think).
Why don't you simply fix the encoding the files are stored in? Use UTF-8 to
avoid never
Probably there needed to be a \ line continuation above the line you
added. Additionally I believe this stuff should find it's way into a
separate setenv.sh file instead of editing startup.sh.
--David
alee amin wrote:
> I am trying to add the following option for tomcat startup in startup.sh
> f
Varuna,
I am not trying to "bully" you or anything of the kind.
I have been watching this thread as a spectator, and I was just trying
to convey to you the following :
There are people here trying to help you, for free.
To be able to do that, they need, at least :
- that you provide all relevan
The default answer is to check your webapps for non-daemon threads not
properly closed by the webapp. Some webapp has created it's own
non-daemon threads without a ServletContextListener to close them down.
Let ups know if that's not the case.
--David
santosh.si...@birlasoft.com wrote:
> Hi
>
>
if your long range goal is to use a performant multi-thread based configuration
with the proviso that once set on the path you need to ensure all of Apache
modules and binaries use multi-threaded libraries
assuming you have apache-2.2.11 the --with-mpm=worker will deliver the worker
based apac
Hi
tomcat 24453 1 2 16:11 pts/400:00:23
/opt/java1.5/jdk1.5.0_10/bin/java
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.endorsed.dirs=/opt/jakarta-tomcat-5.5.9/common/endorsed
-classpath
:/opt/jakarta-tomcat-5.5.9/bin/bootstrap.jar:/opt/jakarta-tomcat-5.5.9/b
I am trying to add the following option for tomcat startup in startup.sh
file
JAVA_OPTS=$JAVA_OPTS:
-Dorg.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING=false
It's added at line # 36 of startup.sh and then i run the tomcat from
terminal by issuing ./startup.sh command. and it gives me error
-
Hi
The problem is that when tomcat starts this process exists but after
shutting down the tomcat still this process is existing at operating
system level and in this way after many times tomcat startup and
shutdown many processes as same below showing and due to that JDBC
sessions from Oracle dat
The Travel Assistance Committee is taking in applications for those wanting
to attend ApacheCon US 2009 (Oakland) which takes place between the 2nd and
6th November 2009.
The Travel Assistance Committee is looking for people who would like to be
able to attend ApacheCon US 2009 who may need some f
MPM multi processing modules are features of apache webserver not of
Apache-Tomcat.
There are differnent MPM modules default Prefork in Linux/unix, but for
more simultaneous connectionsyou need to recompile apache webserver with
Worker MPM its not a feature of Tomcat .
On Tue, Jul 2
Are multiple explanation marks in the README.please-don't?
I don't understand can you please explain
Varuna
2009/7/22 Pid
> On 22/7/09 04:37, Varuna Seneviratna wrote:
>
>> Please read the whole story behind and reply without bulling.I am trying
>> to
>> figure out what is the cause for not bei
Hi Uwe
I've seen something very similar when a SAP server was incorrectly
configured to produce a JSESSIONID cookie that was global to the
organisation, rather than scoped to the server that produced it. The
"(J2EE13679500)" and "End" parts of the session ID look suspiciously like
what I saw.
On 22/7/09 04:37, Varuna Seneviratna wrote:
Please read the whole story behind and reply without bulling.I am trying to
figure out what is the cause for not being able to install Tomcat as a
service when JRun can be .My guess was is Kaspersky blocking Tomcat setup
since Kaspersky prompted for us
On 21/7/09 23:23, Mitch Claborn wrote:
I am toying with the idea of writing my own Realm for authentication.
Much of the code and structures that I need are already present in the
web application. Is there any way for the Realm to access Java objects
from the web application? They don't appear
Hi list,
I'm running an fresh tomcat 6.0.20 from tomcat.apache.org under /opt/tomcat.
Currently, I'm firing up tomcat with the supplied [startup|shutdown].sh
scripts manually.
Now, tomcat shall start automatically. For this purpose I created a
small script under /etc/init.d/tomcat5:
#!/bin/bash
hello,
I have a web app in tomcat ,where exists some .jsp,.vm files,
these files are saved using different encoding(I think).when requested,some
of them display urgly,garbled.
so I think maybe I can implement such a filter:first read the content of the
file,and* *decide which charset it's saved,and
Hello,
I am using Tomcat 6.0.18 and have hit XSS issue, where in tweaked Host
header containing XSS is processed by the server. I suppose some
validation check should be done on the Host value to prevent such an attack.
Appreciate any inputs are to whether this issue has been fixed ?.
regar
78 matches
Mail list logo
