| ... Another method is to use SetUID scripts (assuming you have the capability) to do this. Here's how I do it. Create a file called foo.c with this content (replace "/path/startupscript" with the tomcat startup script):
![]() Code Block |
|
|
#include <unistd.h>
#include <stdlib.h>
|
...
![]() Wiki Markup |
int main( int argc, char \*argv\[\] ) \{
if ( setuid( 0 ) != 0 ) {
perror( "setuid() error" );
return 1;
}
printf( "Starting ${APPLICATION}\n" );
execl( "/bin/sh", "sh", "/path/startupscript", 0 );
return
|
...
...
Run the following as root (replacing tmp with whatever you want the startup script to be and replacing XXXXX with whatever group you want to be able to start and stop tomcat:
![]() Code Block |
gcc tmp.c -o tmp
chown root:XXXXX tmp
chmod ugo-rwx tmp
chmod u+rwxs,g+rx tmp
|
Now members of the tomcat group should be able to start and stop tomcat. One caveat though, you need to ensure that that your tomcat startup script is not writable by anyone other than root, otherwise your users will be able to insert commands into the script and have them run as root (very big security hole). ... An other way is to use Iptables to redirect Port 80 and 443 to user ports (>1024)
![]() Code Block |
/sbin/iptables -A FORWARD -p tcp --destination-port 443 -j ACCEPT
|
...
/sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 443 --to-ports 8443
|
...
/sbin/iptables -A FORWARD -p tcp --destination-port 80 -j ACCEPT
|
...
/sbin/iptables -t nat -A PREROUTING -j REDIRECT -p tcp --destination-port 80 --to-ports 8080
|
...
/sbin/iptables-save or /etc/init.d/iptables save
|
If you'd like "localhost:443" to also redirect to "localhost:8443", you'll need this command as well:
![]() Code Block |
/sbin/iptables -t nat -A OUTPUT -p tcp -o lo -destination-port 443 -j REDIRECT --to-ports 8443
|
Also note that if you have existing rules defined in your chains, you will need to make sure that the rules above are not ruled-out by another rule when using -A to add the above rules. For example, if you have an existing FORWARD rule that says "-j REJECT" than adding the FORWARD rule after it will have no effect. ... BSD-based Unix systems such as Mac OS X use a tool similar to iptables, called ipfw (for Internet Protocol Fire Wall). This tool is similar in that it watches all network packets go by, and can apply rules to affect those packets, such as "port-forwarding" from port 80 to some other port such as Tomcat's default 8080. The syntax of the rules is different than iptables, but the same idea. For more info, google and read the man page. Here is one possible rule to do the port-forwarding:
![]() No Formatcode |
sudo ipfw add 100 fwd 127.0.0.1,8080 tcp from any to any 80 in
|
... Yet another way is to use authbind package (part of Debian- and CentOS based distributions) which allows a program that would normally require superuser privileges to access privileged network services to run as a non-privileged user. The article at http://java-notes.com/index.php/installing-tomcat-with-http-port-80-on-linux discusses how to install and configure the authbind package with Tomcat 6.0 on Linux. How to create native launchers for Tomcat ... Honestly, the first question is "why are you rotating catalina.out"? Tomcat logs very little to catalina.out so the usual culprit is web applications that stupidly send output to System.out or System.err. If that's the case, what you ought to do is set swallowOutput="true" on the application's <Context> configuration. That will send the output to a file configured (default) by conf/logging.properties. Once you've done that, get the application fixed to use a real logger, or at least use ServletContext.log(). If you've decided that you still absolutely positively need to rotate catalina.out, there is something that you have to understand: catalina.out is created by your shell's output redirection, just like when you type "ls -l > dir_listing.txt". So rotating the file needs to be done carefully. ... For other parameters, look at the following pages:
If you are running Tomcat as a Windows service, then environment variables and setenv.bat script have no effect. The relevant settings for the service wrapper application are stored in the Windows registry. They can be edited via Configuration application (tomcat<N>w.exe). See "Java" tab in the configuration dialog. The{{-Xms}} and -Xmx options are configured in fields named "Initial memory pool" and "Maximum memory pool". Other options can be added to "Java Options" field as if they were specified on the command line of java executable. ... Warning: The above recipe on how to obtain a Context for a web application is a bit obsolete and does not work in Tomcat 7 and later (as Server is no longer a singleton). There are other ways to achieve that. An easy one is to add a Valve or Listener to a context, as those classes have access to Tomcat internals. There may be other ways mentioned in the archives of the users mailing list. How do I redirect System.out and System.err to my web page? ... This is simply telling, that the items "jms/MyQCF", and "jms/MyQ" exist, and are instances of QueueConnectionFactory, and Queue, respectively. The actual configuration is in context.xml: ... Basically, you just have to enter your values for <myqserver> (the WebSphere MQ servers host name), <mychannel> (the channel name), <myqueuemanager> (the queue manager name), and <myqueue> (the queue name). Both these values, the associated names (HOST, PORT, CHAN, ...), and their collection is truly MQ specific. For example, with ActiveMQ, you typically have a broker URL, and a broker name, rather than HOST, PORT, CHAN, ... The main thing to know (and the reason why I am writing this, because it took me some hours to find out): How do I know the property names, their meaning, and possible values? Well, there is an excellent manual, called "WebSphere MQ Using Java". It should be easy to find by entering the title into Google. The manual contains a section, called "Administering JMS objects", which describes the objects being configured in JNDI. But the most important part is the subsection on "Properties", which contains all the required details. How do I use DataSources with Tomcat? See UsingDataSources ... See TomcatHibernate How do I use DataSourceRealms for authentication and authorization? ...
- Use your IDE to connect to Tomcat through port 1044
See also: FAQ/Developing How do I debug a Tomcat application when Tomcat is run as a Windows service ? ... For IntelliJ IDEA you choose a remote debug target and set transport to "socket" and mode to "attach" , then you specify the host (127.0.0.1) and port (1044) See also: FAQ/Developing How do I check whether Tomcat is UP or DOWN? There is no status command ... If you are running on Microsoft Windows You can try to use SendSignal, developed specifically for this purpose. Make sure you read the comments for certain sitautions (e.g. running as a service, RDP connections, etc.). http://www.latenighthacking.com/projects/2003/sendSignal/ ... In this implementation, firstly notice the ObjectName representing the MBean (in the constructor): name = new ObjectName("Application:Name=Server,Type=Server"); Do not hesitate to change the domain name (the first parameter) by your own to easily find your MBean reference in the http://localhost:8080/manager/jmxproxy page.
Secondly, take a look at your MBean constructor: ... Then, you have to modify your WEB-INF/web.xml file to make Tomcat execute your ContextListener.
![]() No Format |
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<display-name>My Web Application</display-name>
'''''bla bla bla...'''''
<listener>
<listener-class>org.bonitasoft.context.ContextListener</listener-class>
</listener>
</web-app>
|
... Do not hesitate to check the ManagementFactory class javadoc. ... CategoryFAQ |
