Hello,
I'm a newbie with Batik and xmlgraphics.
I just succeed downloading source code for batik 1.7 beta.
Compilation OK
Squiggle OK.
Run with http://localhost:8080/jsp-examples/jsp2/jspx/textRotate.jspx?
name=JSPX
OK
But how to recompile textRotate.java as there is no such file.
I miss some
Thanks for the reply.
After mulling this over, I've thought of another way to do it
(apologies if I'm not using the correct terminology here). Have the
static content in a single directory on my development machine, then
use my Ant build script to have the contents included in the .war
file. Th
dimitryous r. schrieb:
> I'm a newbie with Batik and xmlgraphics.
> I just succeed downloading source code for batik 1.7 beta.
> Compilation OK
> Squiggle OK.
> Run with http://localhost:8080/jsp-examples/jsp2/jspx/textRotate.jspx?
> name=JSPX
> OK
>
> But how to recompile textRotate.java as the
Hi,
I have an application which needs to start an embedded Tomcat en share
an object instance with a servlet which will run in the embedded tomcat
servlet container. One solution is to use a static field of a class, but
I prefer a direct way to do this, without using static fields.
Currently
I commented on this in the following article - http://www.owasp.org/
index.php/Securing_tomcat#Cleartext_Passwords_in_CATALINA_HOME.2Fconf.
2Fserver.xml
In short, no.
There was also some further discussion on one of the OWASP list
recently - https://lists.owasp.org/pipermail/java-project/200
Mark,
The ability to store encrypted passwords doesn't necessarily have to be used to
protect the system from hackers. This would be a GREAT feature to enforce the
responsibilities between different roles in a development environment. Also,
The encryption doesn't have to be full proof, it ju
Hi,
Thanks for the tip Sebastian, but it doesn't work for me. I added your
class, wrapped all the output streams and synchronized close events but the
result is the same.
Exception in thread "MessageSender[]" java.lang.NullPointerException
at org.apache.coyote.http11.InternalNioOutputBuff
Mark,
I also don't feel quite at ease to see passwords in clear text in the
server.xml file. True, if the protection on that file is set up
properly, there shouldn't be much issue. But it strikes me that Tomcat
is the only application I know where passwords are stored in clear
text. Why wouldn't
Mark, I've heard that argument before, and it has never made sense to
me. If an attacker has read access to one box, that box had better not
have passwords for all the other servers in plain text files!
Security isn't all-or-nothing. There are levels of security, and you
want to get as much secur
Why wouldn't we at least store the MD5 hash of the passwords
instead of the password in clear text, or use a scheme similar to the
Unix /etc/passwd file?
You've not thought this through. Tomcat needs to decrypt or somehow
have the credentials in cleartext so it can pass them to the database
Hello:
I just installed Tomcat v6.0 on a Windows 2003 server. I stopped IIS and
tried to run the batch file, startup.bat and the Command windows closed. I
see the following errors in the log file:
May 1, 2007 10:20:25 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The Apach
Hi Martin,
On 5/1/07, Martin Jones <[EMAIL PROTECTED]> wrote:
Thanks for the reply.
After mulling this over, I've thought of another way to do it
(apologies if I'm not using the correct terminology here). Have the
static content in a single directory on my development machine, then
use my Ant
Hi,
If you want to do something like that you can then extend
"org.apache.commons.dbcp.BasicDataSourceFactory" to
encrypt/decrypt
the password...
And put it in a package jar and put it in common lib and setup
the
datasource as described in JNDI datas
> From: Venkat Venkataramanan [mailto:[EMAIL PROTECTED]
[...]
> java.net.BindException: Address already in use: JVM_Bind:8080
[...]
> 3. What does the exception on the last line mean?
Port 8080 is already in use by some other application. As I recall,
Process Explorer (from www.sysinternal
Good Morning Ven-
the message indicates The Address is already bound to Port 8080
you'll have to properly shutdown the Tomcat service (and free the port) e.g.
C:>net stop Tomcat5
or
reboot the machine
With Warm Regards
M--
This email message and any files transmitted with it contain confidential
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Richard,
Richard DeGrande wrote:
> The ability to store encrypted passwords doesn't necessarily have to
> be used to protect the system from hackers. This would be a GREAT
> feature to enforce the responsibilities between different roles in a
> devel
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
Martin Dubuc wrote:
> But it strikes me that Tomcat
> is the only application I know where passwords are stored in clear
> text.
I'll bet that Tomcat is the only application that needs to know its own
passwords. Do you have Apache running wit
Peter Crowther wrote:
From: Venkat Venkataramanan [mailto:[EMAIL PROTECTED]
[...]
java.net.BindException: Address already in use: JVM_Bind:8080
[...]
3. What does the exception on the last line mean?
Port 8080 is already in use by some other application. As I rec
> From: Venkat Venkataramanan [mailto:[EMAIL PROTECTED]
> Subject: Problem starting Tomcat on Windows 2003
>
> 1. Where is the path for java.library.path getting set to?
>From the PATH environment variable for the process. This is the default
value for a Sun JVM running on Windows.
> 2.
if i redeploy my webapp and try to access a protected page, it will show
the login
screen but after clicking login it just reloads the login page instead
of sending me to the protected page. if i reload the login page it will
give me access
to the page i wanted. if i fill in user/pass and hit lo
Hi,
Did you synchronize the event.close() with same lock you use to write to
the output stream (the SynchronizedOuputStream instance)?
I saw exactly the same stack trace you are getting due to (incorrect)
concurrent access to the CoyoteOutputStream. The NullPointerException
suggest that the
Just to add to this discussion ...
First, let me say I don't think encrypting the password would in any way
add significantly to tomcat's security or the security of the database.
What I'm offering is just a possibility from a purely academic
standpoint. Two solutions that can be taken separ
I've done some searching through the archives but couldn't find any
concrete information on this issue. We use a third party library in one
of our servlets within tomcat that access some C code through using jni.
This particular library does some intensive math related operations that
can potentia
Chris,
I am not sure I buy your argument that because there is somewhere else
in an implementation that is as insecure as cleartext password, then
there is no point in fixing the cleartext password issue. With this
argument, we would never care about fixing any security holes, because
one can alw
Martin,
All encryption systems need a way to boot themselves. This either means
you store the password somewhere so the program can self-boot itself, or
you need user intervention, such as typing in the password (or inserting
a dongle or other security hardware device).
Once the system has
I realized that there was another software package that was running as a
service and using Tomcat.
Thanks for all your help.
-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 01, 2007 12:05 PM
To: Tomcat Users List
Subject: RE: Problem starting To
Hi, I'm relatively new to the tomcat server and I'm having a problem with
configuring tomcat for a particular behavior that I need. I've scoured the
internet for several days and haven't been able to find anything on this
topic.
I'm trying to build a website with several SSL-protected pages and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Martin,
Martin Dubuc wrote:
> I am not sure I buy your argument that because there is somewhere
> else in an implementation that is as insecure as cleartext password,
> then there is no point in fixing the cleartext password issue. With
> this argumen
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
Joe A wrote:
> if i redeploy my webapp and try to access a protected page, it will show
> the login
> screen but after clicking login it just reloads the login page instead
> of sending me to the protected page.
That's weird. Are you sure someth
Hi,
I'm facing some performance issues with Tomcat. I've deployed a very simple
Web service on Tomcat, and when I call an operation of this Web service, the
HTTP response is fragmented into many TCP segments. This sounds normal,
since the HTTP response is transmitted with the "chunked" transfer c
Hi ,
We are using Apache 2.2 and Tomcat 5.5 on Red Hat Enterprise Linux AS
release 4. We use APJ connector.
We are streaming a huge file >100MB back to browser . On IE we are
getting a CLient connection Abort Exception.
Looks like apache is closing connection.
Is there any configuartion on apa
Hi,
This is the first time I've worked with Tomcat as a stand-alone server
(i.e., not in conjunction with Apache). My problem is that I want to
forcibly (but transparently) redirect all connections on port 80 to port
443 for SSL. My problem is that I only know how to do that in Apache.
I have a
Hello,
I'm having problems getting the form-based authentication example that
ships with Tomcat 6 to work properly.
I have followed all the instructions at
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html
to make the form authentication example using MemoryRealm to work for
http://m
> From: Rob Tanner [mailto:[EMAIL PROTECTED]
> Subject: How do I force redirects from http: to https:
>
> I have a redirectPort="443" argument in the port 80 connector
> description in server.xml, but that doesn't seem to be doing anything.
It won't until you specify a security constraint for th
Hi Robert,
On 4/30/07, Robert Segal <[EMAIL PROTECTED]> wrote:
I have Cruise Control setup to run my machine and am able to access it
through Tomcat using...
http://localhost:8080/cruisecontrol/
I would like to be able to access this same URL using the format...
http://localhost:8080/standa
However, from the subject of your e-mail it appears that you want to
do a Redirect from http://localhost:8080/standard/ to
http://localhost:8080/cruisecontrol/
which is easy to accomplish.
within a JSP Scriptlet:
<%response.sendRedirect("/cruisecontrol/"); %>
with JSP/JSTL
c:redirect tag
withi
Hello:
We plan to use Tomcat 5 cluster and want to replicate session using
shared Database. The article
http://tomcat.apache.org/tomcat-5.0-doc/cluster-howto.html does not
describe how to replicate session using a shared database (JDBCManager).
Can anybody tell me how to do that? Example server.xm
Chuck,
Thanks! Redirects are now working.
-- Rob
Caldarale, Charles R said the following on 05/01/2007 10:44 AM:
>> From: Rob Tanner [mailto:[EMAIL PROTECTED]
>> Subject: How do I force redirects from http: to https:
>>
>> I have a redirectPort="443" argument in the port 80 connector
>> desc
I'm suspecting you either link to /j_security_check or manually forward
there from your pages. Pages in your web project shouldn't ever link to
it except the login form and even then only in the action attribute of
the form tag. Tomcat will take control when it sees a client trying to
access
I created some utility classes that read proeprties files (e.g.
com.mvp.utils.ExtProperties). In the method where I try to load the properties
file I have
package com.mvp.utils;
class ExtProperties {
private static PropertyResourceBundle loadProperties(String propsFile) {
Your could put the properties file in WEB-INF/classes which is
equivalent to storing it in the jar file. Otherwise we'll need to know
more about where you are storing your properties file to help.
-- David
Mike Peremsky wrote:
I created some utility classes that read proeprties files (e.g.
Oh helps to read all the message:)
jars in common/lib can't read files in your webapp. You could use
common/classes
--David
David Smith wrote:
Your could put the properties file in WEB-INF/classes which is
equivalent to storing it in the jar file. Otherwise we'll need to
know more abou
The system.properties file is already located in the WEB-INF classes directory.
Sorry I am new to this stuff, not sure what other information you need.
%CATALINA_HOME%/common/lib/mvp.jar<- contains ExtProperties.class
%CATALINA_HOME%/webapps/fs/WEB-INF/classes/system.properties
%
Hi Mike,
On 5/1/07, Mike Peremsky <[EMAIL PROTECTED]> wrote:
What do I need to do to get the class in the jar file to find the properties
files external to it?
To access a properties file that is external to the JAR file , add the
full path of the Properties file's folder to the CLASSPATH.
actually the issue was happening whenever i closed down jboss and restarted
it and tried to access a protected page. i determined the issue was because
there was a cached copy of one of the pages, so i set the headers on all my
jsp's (including the login jsp) to not allow caching and now the erro
Ug. Moving the jar file to %CATALINA_HOME/common/classes now causes my servlet
to fail to load, as the base class is in the jar file that was just moved to
common/classes.
David Smith <[EMAIL PROTECTED]> wrote: Oh helps to read all the message:)
jars in common/lib can't read files in your
How do I limit the amount of messages I receive?
I'd like to be able to "turn on and off" the reception of messages of the
mailing list without having to unsubscribe. Unfortunately the mailing list
FAQ email is empty.
Thanks a lot :)
I am trying to install apache-tomcat-5.5.23.exe or
apache-tomcat-6.0.10.exeand it just blocks in the installation step:
"Using Jvm: C:\Arquivos de
programas\Java\jre1.6.0_01\bin\client\jvm.dll"
What can I do?
Rashmi,
I just tried this and it does not work either. It is still not finding the
property file. I have verified that the class file in the jar is located at
\com\mvp\utils.
I also tried keeping the jar file in both classes and lib, but I did not
expect that to work, which it didn't
Ah, I got it. I put the .jar file in the common\classes directory. But putting
thproperties files in the common\classes direcotry works. I'm a dunce, missed
that in the email below.
Mike Peremsky <[EMAIL PROTECTED]> wrote: Rashmi,
I just tried this and it does not work either. It is still not
Try setting up a rule to filter mail in your client or on your mail
server. Then you can browse the emails at your leisure.
Quoting orn amental <[EMAIL PROTECTED]>:
How do I limit the amount of messages I receive?
I'd like to be able to "turn on and off" the reception of messages of t
Hi Fabio,
On 5/1/07, Fabio Daitx <[EMAIL PROTECTED]> wrote:
I am trying to install apache-tomcat-5.5.23.exe or
apache-tomcat-6.0.10.exe and it just blocks in the installation step:
In case you already know there's also a ZIP installation available.
With the ZIP installer, there's no possibili
Mike, I see your issue is solved. For the sake of the archives I feel
the need to respond to the suggestion of modifying the classpath.
Please DO NOT modify the classpath. Best practice is to work with the
existing classloader structure and put files in the proper places.
Modifying the clas
Hi David,
On 5/1/07, David Smith <[EMAIL PROTECTED]> wrote:
Mike, I see your issue is solved. For the sake of the archives I feel
the need to respond to the suggestion of modifying the classpath.
Please DO NOT modify the classpath. Best practice is to work with the
existing classloader struct
I've found in the $CATALINA_HOME/server/webapps directory these two
apps:
manager (know what this is)
host-manager (don't know what this is)
I've searched the contents of
http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html
but can't find a reference to the TC 5.5 deployed app "host-
this is the process detail:
/usr/lib/jvm/java-6-sun/bin/java -Xms32M -Xmx32M -verbose:gc
-XX:+PrintGCTimeStamps -XX:+PrintGCDetails -XX:+HeapDumpOnOutOfMemoryError
-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=7019
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.managem
On 5/1/07, gb1071nx <[EMAIL PROTECTED]> wrote:
I've found in the $CATALINA_HOME/server/webapps directory these two
apps:
manager (know what this is)
host-manager (don't know what this is)
After some searching in Tomcat's docs, I couldn't find documentation
on Host Manager, but here are a few
-Djava.rmi.server.hostname=192.168.0.5 was needed to connect since i'm under
NAT.
maybe it's usefull for anybody else
bye
> this is the process detail:
>
> /usr/lib/jvm/java-6-sun/bin/java -Xms32M -Xmx32M -verbose:gc
> -XX:+PrintGCTimeStamps -XX:+PrintGCDetails -XX:+HeapDumpOnOutOfMemoryError
I'm a newbie at tomcat server I just upload my war file now how do I reboot the
tomcat server ?
Hi Martin,
First off, thanks for taking the time to respond.
If you look at my original post, you'll notice that I quoted the same part
of the documentation. The problem was that although the doc asserts that
Tomcat does cache Basic Auth credentials, we tested this by viewing LDAP
logs and we o
I agree there may be an exceptionally rare occasion where modifying
classpath might be necessary. But such advice should be reserved for
expert use only and only if they fully understand the consequences.
--David
Rashmi Rubdi wrote:
Hi David,
On 5/1/07, David Smith <[EMAIL PROTECTED]> wrote
I'm a newbie. After I upload my war file how do I shutdown and restart
tomcat 5.5 ?
On 5/1/07, David Smith <[EMAIL PROTECTED]> wrote:
I agree there may be an exceptionally rare occasion where modifying
classpath might be necessary. But such advice should be reserved for
expert use only and only if they fully understand the consequences.
Yup, had I known earlier when Mike made
> From: Bill Higgins [mailto:[EMAIL PROTECTED]
> Subject: Re: caching principals within Tomcat using Basic
> Auth and LDAP
>
> It's possible that we had a Tomcat configuration error
> but we couldn't find any additional information on Basic
> Auth caching other than the doc section both you and
Depends on your Operating System and how you installed it on that OS.
Windows ZIP --- startup.bat and shutdown.bat
Unix/Linux--- startup.sh and shutdown.sh
Windows Service Installer I don't know , I guess from
Administrative Console --- Services
or simply right click on the icon
The
last few days I have been evaluating using CometProcessor to work like an
Async Servlet for me. I pick up the CometEvent object on BEGIN event and
process the whole request asynchronously. When I am done, I close the I/O
stream.
I
would like to know what the Tomcat developers and t
Praveen Balaji wrote:
The
last few days I have been evaluating using CometProcessor to work like an
Async Servlet for me. I pick up the CometEvent object on BEGIN event and
process the whole request asynchronously. When I am done, I close the I/O
stream.
I
would like to know what the Tomcat
Also, if the OS is Unix/Linux based, you most likely should grant
execute permissions for startup.sh and shutdown.sh - before trying to
execute them the first time.
-Regards
Rashmi
-
To start a new topic, e-mail: users@tomcat.a
68 matches
Mail list logo
