On 23.06.2010 01:12, David Fisher wrote:
Hi All,
I've got myself in a situation where I need a stopgap quick fix - until we can
respond correctly.
I have the following workers file:
# define the worker list
worker.list=LoadBalancer
# Define the LB worker
worker.LoadBalancer.type=lb
worker.Lo
On 22.06.2010 21:59, Marc Boorshtein wrote:
Unless you are going to authenticate via one of Tomcat's authentication
methods; BASIC, FORM, etc, then getRemoteUser() is going to return null.
You'll need to add a security constraint, login-config and security-role to
your web.xml to test getRemo
Yes, that's true. You can also use the GUI.
Personally, I like the script, because it can be committed to
repository(SVN, etc), and its easier to replicate and maintain.
AB
On Tue, Jun 22, 2010 at 11:28 PM, Caldarale, Charles R
wrote:
>> From: Andrew Bruno [mailto:andrew.br...@gmail.com]
>> Su
>From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
>Subject: OT RE: Still having problem retrieving user value from ISAPI
>Filter for authentication
>>
>Doesn't the url mapping in the uriworkermap.properties file interrupt
>IIS from passing authentication to Tomcat?
>
>If you restr
Hi All,
I've got myself in a situation where I need a stopgap quick fix - until we can
respond correctly.
I have the following workers file:
# define the worker list
worker.list=LoadBalancer
# Define the LB worker
worker.LoadBalancer.type=lb
worker.LoadBalancer.balance_workers=webprod1,webprod
> From: Aaron Clark [mailto:acl...@intellicominc.com]
> Subject: Apache Tomcat 6.0.18 on Windows Server 2008 R2 Changes RDP
> Port
>
> We have a customer that is running Tomcat Server 6.0.18 under
> Windows 2008 R2. On this server the Remote Desktop Port (3389)
> is being changed to port 80 after
>From: Marc Boorshtein [mailto:mboorsht...@gmail.com]
>Subject: Re: Still having problem retrieving user value from ISAPI
>Filter for authentication
>
>>
>> Unless you are going to authenticate via one of Tomcat's
>authentication methods; BASIC, FORM, etc, then getRemoteUser() is going
>to return n
Hello,
We have a customer that is running Tomcat Server 6.0.18 under Windows 2008 R2.
On this server the Remote Desktop Port (3389) is being changed to port 80 after
X (usually ~3) number of days. If we disable the Apache Tomcat Server and stop
the service, this problem goes away. We opened a c
Hi
There were two cookies created by Tomcat 6.0.26. One is for SSO, and the
other is for regular session between client and tomcat. JSESSIONID is
working fine : it means session replication and failover, but not
JSESSIONIDSSO. JSESSIONIDSSO is updated with new value upon relogin.
yasushi
JSE
have an application I am trying to move to Tomcat 6.0 from Tomcat 5.5. This
is a VXML Voice Browser application.
In this app, the general flow is:
1. Voice Browser makes http request to jsp
2. jsp might call Service Object
3. Service Object creates new Thread to call external Webservice
Are you using a "jvmRoute" setting on your BalancerMember definition in
mod_proxy config and on the element in server.xml? Your cookie would
have the jvmRoute property added to the end of it (e.g. ALONGMD5HASH.server1)
if so.
From the Almighty Google: http://community.jboss.org/wiki/usingmodpr
> Has anyone ever placed an application and its content on a redundant
> DFS solution?
> So as when one DFS server fails, another takes over.
> Does anyone see possible problems with this setup?
> ie. when dfs server fails does tomcat loose connection to the app or
> is the failover fast enough
> From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
> Subject: RE: Showing Tomcat Memory Utilization with 'top'
>
> 'top' shows 30-40MB in the 'SHR' column for each java
> process. Is that what you're referring to?
That could be any memory (eg, file pages) that's being used in more than one
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: Showing Tomcat Memory Utilization with 'top'
>
> Also, I believe VIRT includes memory shared with other processes
Doesn't RES also include shared pages - anything that's in the memory map of
the process? (I can't r
On 22 June 2010 16:10, M.H.G. Emmerig wrote:
>
>
> Has anyone ever placed an application and its content on a redundant DFS
> solution?
> So as when one DFS server fails, another takes over.
> Does anyone see possible problems with this setup?
> ie. when dfs server fails does tomcat loose connect
Hi
I downloaded apache apache v2.2.15 and compiled and installed, but the
result was the same.
Session sso replication looked like failed. Upon shutting down the
node, it kicked me out of password protected area and needed to re-loin
on the second node.
On apache, I installed/enabled all module
On 22 June 2010 17:55, Robinson, Eric wrote:
> Sorry, I wasn't referring specifically your comments. Over the years
> I've heard the same thing a few times from different sources. It seems
> to be the conventional wisdom on the subject.
>
>
> Fifteen years ago, it was right. Memory management an
> Also, I believe VIRT includes memory shared with other
> processes, so if you have 50MiB of Java system classes
> loaded and a modern JVM which shares them among running JVMs,
> then you'll see that 50MiB included in every process's VIRT
> that is sharing it, which is somewhat misleading.
E
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
On 6/22/2010 12:07 PM, Gregor Schneider wrote:
> 2010/6/18 Mikolaj Rydzewski :
>> Luca Gervasi wrote:
>>>
>>> i can read my /etc/passwd from a malicious jsp.
>>> Where can i find infos on limiting filesystem access / visibility ?
>>>
>>
>
> 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 6/22/2010 3:22 PM, Caldarale, Charles R wrote:
>> From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
>> Subject: Showing Tomcat Memory Utilization with 'top'
>>
>> 1. Top shows 0k of swap usage, so the system is not swapping. In that
>> c
Sorry, Marc. I'm have no idea what a wireshark packet capture is? I've only
worked with the Fiddler Http Proxy Debugger tool to view what is coming over on
the browser.
Thanks.
-Original Message-
From: Marc Boorshtein [mailto:mboorsht...@gmail.com]
Sent: Tuesday, June 22, 2010 3:00 P
>
> Unless you are going to authenticate via one of Tomcat's authentication
> methods; BASIC, FORM, etc, then getRemoteUser() is going to return null.
>
> You'll need to add a security constraint, login-config and security-role to
> your web.xml to test getRemoteUser(); in just Tomcat.
>
This sh
> From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
> Subject: RE: Showing Tomcat Memory Utilization with 'top'
>
> For example, I have a tomcat configured to use 96MB of heap (export
> JAVA_OPTS="-ms96M -mx96M"). Top shows VIRT=336396, RES=227264. I'm
> guessing that the 96MB of heap is burie
>From: Savoy, Melinda [mailto:melindasa...@texashealth.org]
>Subject: RE: Still having problem retrieving user value from ISAPI
>Filter for authentication
>
>What I did was comment out the filter from the web.xml and I went
>straight from the IE browser (http://localhost/index.jsp) to the
>index.js
Ranier,
Please see the requested info below and thanks for taking time to look at the
log and for your reply.
Web.xml (1 & 2 were deleted because they had to do with my filters just in case
you were wondering why 3 was there):
http://www.w3.org/2001/XMLSchema-instance";
>> 2. Where does the 64MB of java heap show up?
> Buried inside the VIRT number.
For example, I have a tomcat configured to use 96MB of heap (export
JAVA_OPTS="-ms96M -mx96M"). Top shows VIRT=336396, RES=227264. I'm
guessing that the 96MB of heap is buried in BOTH the VIRT and RES
numbers?
--
E
On 22.06.2010 21:29, Savoy, Melinda wrote:
That is definitely the preferred method and the reason for going to the Tomcat
Connector for this authentication process. However, even with the most simple
implementation of my index.jsp and web.xml file I cannot get the
getRemoteUser() to work.
I
That is definitely the preferred method and the reason for going to the Tomcat
Connector for this authentication process. However, even with the most simple
implementation of my index.jsp and web.xml file I cannot get the
getRemoteUser() to work.
I am hoping that Ranier is able to look at th
Hi, Melinda-
I'm not sure it's going to be that easy. From what I've read, the NTLM
authorization header includes structured data that is encoded using a
server nonce and/or the password. However, AUTH_USER, REMOTE_USER and
LOGON_USER variables should be available to ISAPI applications with
> From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
> Subject: Showing Tomcat Memory Utilization with 'top'
>
> 1. Top shows 0k of swap usage, so the system is not swapping. In that
> case, why is there a difference between the VIRT and RES numbers?
Linux always allocates more virtual space t
In top, my java processes all show an average VIRT size of about 250MB
and an average RES size of about 150MB. Most of them were started with a
64MB heap size. I have two questions:
1. Top shows 0k of swap usage, so the system is not swapping. In that
case, why is there a difference between the VI
Ranier,
Thanks for your reply.
What I did was comment out the filter from the web.xml and I went straight from
the IE browser (http://localhost/index.jsp) to the index.jsp page that was
comprised of only the following:
<%...@page language="java" contentType="text/html; charset=ISO-8859
Question. As my code is currently blowing up when I setup the Base64Decoder in
my constructor I'm getting an error immediately, at any rate I'm working thru
that, but will this DECODE method show me the USERID that I'm looking for?
That is what I'm needing. Thank you.
-Original Message---
Hi, Melinda-
As Pid suggested, the first part of that string after NTLM in the
authorization header decodes in base64 to 'NTLMSSP'.
-Terence Bandoian
Savoy, Melinda wrote:
Thanks Pid, I did do that as well, but I did not see the user value there either.
Here is what I got when I did issu
On 22.06.2010 16:18, Savoy, Melinda wrote:
Thanks Pid. That is what I'm working on right now. I am in the middle of the
Decoder part of the code again.
My apologies to this list as I understood I could get that directly from the
ISAPI filter as it would decrypt it for me, which it does per t
>> Some people say this approach will lead to increased CPU
> utilization
> If you're referring to what I said, note the numerous caveats I
> included.
Sorry, I wasn't referring specifically your comments. Over the years
I've heard the same thing a few times from different sources. It seems
t
> From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
> Subject: Does GC Really Matter (Is This Situation)?
>
> Some people say this approach will lead to increased CPU
> utilization from frequent GC
If you're referring to what I said, note the numerous caveats I included. Only
if you happen
This is a similar question to one already being discussed in the list
with the subject "Setting the Right Amount of Memory".
We have 160 instances of tomcat on the same server, with most instances
configured to use 64-96MB of RAM. We carefully watch the logs for OOMEs.
If we see any, we increase t
http://moshah-linux.corp.walmart.com/ip/2668255 test
--
View this message in context:
http://old.nabble.com/testing-tp28962091p28962091.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe, e-m
2010/6/18 Mikolaj Rydzewski :
> Luca Gervasi wrote:
>>
>> i can read my /etc/passwd from a malicious jsp.
>> Where can i find infos on limiting filesystem access / visibility ?
>>
>
1st thing to do:
run tomcat as user "tomcat" (or whatever username u like) with
limited rights - that should at le
Ok
I will try to install the latest apache httpd and test again.
Thanks,
yasushi
-Original Message-
From: Pid [mailto:p...@pidster.com]
Sent: Tuesday, June 22, 2010 8:04 AM
To: Tomcat Users List
Subject: Re: question for sso session replication in tomcat 6.0.26
On 22/06/2010 15:56, Oku
Has anyone ever placed an application and its content on a redundant DFS
solution?
So as when one DFS server fails, another takes over.
Does anyone see possible problems with this setup?
ie. when dfs server fails does tomcat loose connection to the app or is the
failover fast enough.
regards
M
Sorry I should clarify few things:
In case of no failover, SSO works for all web applications on the same node,
not host. Then, session replication upon failover works for non-password
protected area only.
-Original Message-
From: Okubo, Yasushi (TSD) [mailto:yasushi.ok...@takedasd.co
On 22/06/2010 15:56, Okubo, Yasushi (TSD) wrote:
> Hi Andrew
>
> In case of no failover, SSO works for all web applications on the same host.
> Upon failover [shutting down one node], a user is routed to the other node,
> and TC is asking for a user to re-login when he/she tried to access passw
Hi Andrew
In case of no failover, SSO works for all web applications on the same host.
Upon failover [shutting down one node], a user is routed to the other node, and
TC is asking for a user to re-login when he/she tried to access password
protected area.
I have checked many times on server
> From: melindasa...@texashealth.org
> To: users@tomcat.apache.org; p...@pidster.com
> Date: Tue, 22 Jun 2010 08:45:18 -0500
> Subject: RE: Still having problem retrieving user value from ISAPI Filter for
> authentication
>
> We had been working with JCIFS and chose the Tomcat Connector for IIS
Thanks Pid. That is what I'm working on right now. I am in the middle of the
Decoder part of the code again.
My apologies to this list as I understood I could get that directly from the
ISAPI filter as it would decrypt it for me, which it does per the ISAPI log,
and then pass it on to me vi
On 22/06/2010 14:45, Savoy, Melinda wrote:
> We had been working with JCIFS and chose the Tomcat Connector for IIS because
> we're primarily a MS shop and already had IIS in place here. The team lead
> who had written this custom code is no longer with the company and I've had
> to try and figu
Hi,
I'm using Tomcat 6.0.26. I notice that when I define an error page for my
JSPs
<%@ page errorPage="/error-pages/500.jsp" %>
The error page gets called properly, but the stack trace of the error is no
longer written to my localhost log file, where it used to be output before I
inserted the
I'm currently running three 6.0.26 tomcat instances on multiple servers to
establish a redundant, HA Tomcat cluster.
Every second in each of the Tomcat instances the following error message is
logged:
org.apache.catalina.ha.tcp.SimpleTcpCluster sendSEVERE: Unable to send message
through
We had been working with JCIFS and chose the Tomcat Connector for IIS because
we're primarily a MS shop and already had IIS in place here. The team lead who
had written this custom code is no longer with the company and I've had to try
and figure out what all he did and then try to implement th
On 22/06/2010 14:10, Savoy, Melinda wrote:
> Question. I never setup a custom Tomcat REALM and wondered if that is
> required by this ISAPI filter as another user at JavaRanch explained the
> following to me:
>
> You'd have to provide the user principals and roles via a Tomcat Realm in
> order
> From: Andrew Bruno [mailto:andrew.br...@gmail.com]
> Subject: Re: Tomcat 6 64 bits, Java 6 64 bits and -Djava.library.path
>
> Everything can be set up via service.bat
>
> You should modify this file only.
I'd strongly recommend using the tomcat6w.exe program to set any necessary
options and
Actually, what I finally got working was getting IIS to talk to Tomcat and
therefore seeing the request get to the ISAPI filter which after working with a
MS IIS engineer 2 weeks ago I was able to get up and running. I have not to
date been able to get the getRemoteUser() to extract the user va
On 22/06/2010 13:59, Savoy, Melinda wrote:
> We have a custom filter that we're using because after we get the request and
> response info then I need to use the user value info and get the user also
> authenticated against a legacy system.
>
> But right now I have that commented out in my web.x
On 22.06.2010 14:16, Savoy, Melinda wrote:
Thanks Marc. I actually have that setting in my server.xml file as well.
Actually I did follow your post last week thinking that would help me but the
ISAPI filter is working properly as indicated in my log and IIS has
authenticated the info otherwis
Question. I never setup a custom Tomcat REALM and wondered if that is required
by this ISAPI filter as another user at JavaRanch explained the following to me:
You'd have to provide the user principals and roles via a Tomcat Realm in order
for getRemoteUser to work. Filters, IIS authenthicators
Thanks Pid for your time and answers. Clearly that is not an option for
me...I'll wait for Tomcat 7 then :)
Thanks!
From: Pid
To: Tomcat Users List
Sent: Tue, June 22, 2010 3:41:02 PM
Subject: Re: HTTP Status 408!
On 22/06/2010 13:25, neo21 zerro
We have a custom filter that we're using because after we get the request and
response info then I need to use the user value info and get the user also
authenticated against a legacy system.
But right now I have that commented out in my web.xml so that I can go directly
to a test index.jsp pag
On 22/06/2010 13:36, Savoy, Melinda wrote:
> Thanks Pid, I did do that as well, but I did not see the user value there
> either.
>
> Here is what I got when I did issue the getHeaderNames() and as you can see
> the authorization shows the encrypted NTLM value but it is not decrypted and
> I c
On 22/06/2010 13:36, Savoy, Melinda wrote:
> Thanks Pid, I did do that as well, but I did not see the user value there
> either.
>
> Here is what I got when I did issue the getHeaderNames() and as you can see
> the authorization shows the encrypted NTLM value but it is not decrypted and
> I c
On 22/06/2010 13:25, neo21 zerro wrote:
> Can you provide a hint on how to perform automatic login using BASIC
> authentication?
Did you look at the link I sent?
> Or can I somehow modify the class FormAuthenticator? and tell Tomcat to
> use my custom class
FormAuthenticator is a Valve, it i
Thanks Pid, I did do that as well, but I did not see the user value there
either.
Here is what I got when I did issue the getHeaderNames() and as you can see the
authorization shows the encrypted NTLM value but it is not decrypted and I
cannot get to the info though the ISAPI log shows the de
Can you provide a hint on how to perform automatic login using BASIC
authentication?
Or can I somehow modify the class FormAuthenticator? and tell Tomcat to use my
custom class
Thanks!
From: Pid
To: Tomcat Users List
Sent: Mon, June 21, 2010 7:52
On Tue, Jun 22, 2010 at 8:16 AM, Savoy, Melinda
wrote:
> Thanks Marc. I actually have that setting in my server.xml file as well.
>
Hmm, I've only gotten the ISAPI filter working once and not in this
context. Unless there are other ways to do this Pid's idea is
probably the best.
Marc
---
Thanks Marc. I actually have that setting in my server.xml file as well.
Actually I did follow your post last week thinking that would help me but the
ISAPI filter is working properly as indicated in my log and IIS has
authenticated the info otherwise, at least it is my understanding and my
On 22/06/2010 13:05, Marc Boorshtein wrote:
> I haven't tried this with IIS, but we had quite the discussion on this
> last week with Apache & tomcat with JK. In your server.xml file add
> tomcatAuthentication="false" to the AJP connector object. If you look
> in the archives of this list for JK_
I haven't tried this with IIS, but we had quite the discussion on this
last week with Apache & tomcat with JK. In your server.xml file add
tomcatAuthentication="false" to the AJP connector object. If you look
in the archives of this list for JK_REMOTE_USER there is a very
interesting discussion o
My apologies. Let me try to ask my question in a more specific manner to see
if I can get a response from someone on this list.
Per the ISAPI log, I am getting to my index.jsp page successfully and I also am
able to see the request info that is sent to the ISAPI filter from IIS.
But when I try
This all sounds very unnecessarily complicated.
Maybe you want to look at authentication at the Tomcat level alone? Writing an
authenticator is rather simple (and there're plenty of examples) provided that
ClearTrust has an API, which I am sure it does.
dB. @ dblock.org
Moscow|Geneva|Seattle|
On 22/06/2010 07:55, yucca...@live.co.za wrote:
> tomcats!, clearly it is time to move onbecause there is a workaround to
> this issue by having hibernate manage it's own connection pool. I am not
> going to recheck my iurls again and jndi names because they are correct
> and my hosting provider h
On 22/06/2010 06:09, Andrew Bruno wrote:
> Oh sorry, I re-read your answer. Not sure why SSO is not working, be
> interested to find out though..
You were right to ask about configuration.
We can't really begin to analyze the problem until we've seen the
cluster config and know the usual OS, JVM
Everything can be set up via service.bat
You should modify this file only. This way when you install the
service or remove the service, it works gracefully, and all libs,
memory requirements, etc. are recorded in the registry.
On Fri, Jun 18, 2010 at 12:44 AM, Katt wrote:
> Hi all,
>
> I have
tomcats!, clearly it is time to move onbecause there is a workaround to
this issue by having hibernate manage it's own connection pool. I am not
going to recheck my iurls again and jndi names because they are correct and
my hosting provider has assisted me in checking and found no wrong. for
Hi Martin
could you briefly explain the need for 2 apache webservers?
I wish I could :) We currently have our secure web apps fronted by an IBM
product, which seems to be a munged version of Apache. This has the
Cleartrust pluin in place and working fine. In the DMZ we have various web
ser
75 matches
Mail list logo
