You were totally right Mark, thanks for your help
I found that there were two xml configuration files used by liferay in my
application with this line in the header
http://jakarta.apache.org/commons/dtds/validator_1_1_3.dtd";>
This was provoking the connections, and after removing this line, the
Hello all,
As per Christopher response.
1. Upgrade to the latest version of 4.1.x, which is 4.1.40. This will
provide the least headache because you will be staying on your
current Tomcat version, just improving your patch level.
Plan to upgrade to a newer release of Tomcat in the future.
Hello all,
A slight change. After discussions , the production team in SIngapore wants us
to go for upgrade to 4.1.40
Comments from tomcat forum responses:
1. Upgrade to the latest version of 4.1.x, which is 4.1.40. This will
provide the least headache because you will be staying on your
cur
Hello,
I have a server running Tomcat 5.5.20 with Java 1.6.0.7 on SunOS
5.10
I'm receiving an SSLHandshakeException when I to connect to an https
authentication source on another server. The server is being accessed
through another server acting as a proxy. I've added both servers
https ce
The session data is stored on the server, so if the JSESSIONID lasted
longer
than the session on the server, it would simply map to an expired
session.
What would happen in this case is the server would have no session
mapping
to that ID and simply allocate a new session, with a new JSESSION
can you display your web.xml so we can piece thru the valves,filters,listeners
and servlets
?
thanks,
Martin Gainty
__
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitt
The answer is: yes, there are times when the response is already
committed, so the valve is not a foolproof solution.
mitch
Mitch Claborn wrote:
> I was able to get the cookie permanent with a simple valve, code below.
>
> Question: the new cookie will be ignored if the response has already
>
I was able to get the cookie permanent with a simple valve, code below.
Question: the new cookie will be ignored if the response has already
been "committed" (isCommitted()). In my brief testing, the new cookie
is being set, so the response must not be committed. Is it possible
that there might
Hello, The connections that liferay/tomcat is doing are the followings:
localhost -> 140.211.11.130 (jakarta.apache.org = eso.apache.org)
GET /dtds/validator_1_1_3.dtd HTTP/1.1
User-Agent: Java/1.6.0_15
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
apache --
Thanks for the reply Juha. I've gotten some suggestions from a previous
responder, but I will also give this a shot on RHEL5.3 and see if I can
reproduce it. I will report the result to the list.
Thanks!
-Original Message-
From: Juha Laiho [mailto:juha.la...@iki.fi]
Sent: Wednesday, Au
"Filip Hanik - Dev Lists" wrote in message
news:4a831a14.6040...@hanik.com...
> On 08/12/2009 10:05 AM, Eric B. wrote:
>> Hi,
>>
>> Is there any reason why there aren't any precompiled binaries available
>> for
>> APR for Linux/Tomcat? I have the apr package installed (that provides
>> the
>>
Dan Denton wrote:
> Hello all.
>
> I'm running an RHEL 4 server on a VMware VM hosting tomcat 6, using JDK
> 6.0_15. When I attempt to shutdown any tomcat instance, the entire server
> (VM) hangs and has to be rebooted. Even out of the box tomcat installations
> cause this.
>
> When I use JDK
On 08/12/2009 10:05 AM, Eric B. wrote:
Hi,
Is there any reason why there aren't any precompiled binaries available for
APR for Linux/Tomcat? I have the apr package installed (that provides the
libapr), but it seems as though I need to manually compile libtcnative
library. Does that lib exist p
It comes up all the time. The solution is typically to use a separate
cookie and *not* tie the persistent data to the browser session, since
the browser session is transient.
--
Len
On Wed, Aug 12, 2009 at 14:54, Mitch Claborn wrote:
>
> If I can't find a another way that's what I'll have to do.
If I can't find a another way that's what I'll have to do. I would be
surprised that this need doesn't come up more frequently.
Mitch
David Smith wrote:
> Your best bet is to assign your own cookie. Then on new session
> creation, look for the cookie and repopulate the new session with
> shoppi
I don't have any problem with the session contents (on the tomcat
server). I'm in a tomcat cluster and the sessions are replicated
between members of the cluster. As long as at least one member of the
cluster is running, then the sessions survive. I don't mind if the
sessions on the server expir
Your best bet is to assign your own cookie. Then on new session
creation, look for the cookie and repopulate the new session with
shopping cart data.
--David
Mitch Claborn wrote:
> My usage is: I store the key to the user's shopping cart in the
> session. I'd like the user to be able to come b
On Wed, Aug 12, 2009 at 11:35 AM, Mitch Claborn wrote:
> My usage is: I store the key to the user's shopping cart in the
> session.
If I understand you correctly, then you would need to serialize the
session when it ended, to be able to resurrect it and retrieve that
key, or have never-expiring s
My usage is: I store the key to the user's shopping cart in the
session. I'd like the user to be able to come back a few days from now
and still find the items they have placed in their shopping cart. (This
is mostly for anonymous users who don't sign in until checkout.)
Mitch
Martin Gainty w
anyone know if there is a use-case for sessionId surviving end-of-session?
Martin Gainty
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein,
Is there a way to make the JSESSIONID cookie issued by Tomcat permanent,
or at least significantly longer life than "end of session" ?
Mitch
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands,
> From: Konstantin Kolinko [mailto:knst.koli...@gmail.com]
> Subject: Re: Setting Context Path in Tomcat
>
> Chuck, that feature has already been ported to 5.5. It is mentioned as
> "44021, 43013: Add support for # to signify multi-level contexts for
> directories and wars."
Thanks for pointing t
2009/8/12 Caldarale, Charles R :
>> From: carbotex [mailto:carbo...@gmail.com]
>> Subject: RE: Setting Context Path in Tomcat
>>
>> I'm running Tomcat 5.5.27.
>
> For that level, it's a bit more complicated.
Chuck, that feature has already been ported to 5.5. It is mentioned as
"44021, 43013: Add
> From: Lin Chun [mailto:franks1...@gmail.com]
> Subject: Re: Why myApps classpath is tomcat/common
>
> this.getClass().getClassLoader().getResource()
> Thread.currentThread().getClassContext().getResource()
>
> they were all pointed to tomcat/common
How did you determine that they were all poin
> From: carbotex [mailto:carbo...@gmail.com]
> Subject: RE: Setting Context Path in Tomcat
>
> I'm running Tomcat 5.5.27.
For that level, it's a bit more complicated. Instead of just renaming the .war
files, you have to deploy them somewhere *outside* of the appBase
directory, and create a el
hi chris
I've turned to
this.getClass().getClassLoader().getResource()
Thread.currentThread().getClassContext().getResource()
they were all pointed to tomcat/common
finally I uncompressed the jar to /myApps/WEB-INF/classes, that solved the
problem.
i follow the doc of tomcat, the jars under /WEB
Hi,
Is there any reason why there aren't any precompiled binaries available for
APR for Linux/Tomcat? I have the apr package installed (that provides the
libapr), but it seems as though I need to manually compile libtcnative
library. Does that lib exist precompiled anywhere? Is there a parti
Sorry, I got too excited. I'm running Tomcat 5.5.27. Thank you Charles for
you quick response.
Caldarale, Charles R wrote:
>
>> From: carbotex [mailto:carbo...@gmail.com]
>> Subject: Setting Context Path in Tomcat
>
>> How do one go about setting tomcat in this kind of environment?
>
> First
Chris -
(I just did a reply in Outlook and this is how it got packaged. Didn't look
that way to me, but got it that way on the send-back. Either Exchange or my
email filter - which adds the confidentialiy footer - did this.)
I figured it was only with the regular. Just wanted a clarification i
Jeff-
the first patch (for WEB-INF) was supposed to be fixed for 6.0.20
http://svn.apache.org/viewvc?view=rev&revision=734734
after re-implementing your webapps to TC 6.0.20
please let us know if you have a corner case which is able to bypass this patch
as this is an important patch feel free to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff,
(Strange... to me, your message looked like an attachment to the
security notice that would typically be put at the end of a message.
When I tried to reply to that, all the characters got all wonky. At
least coy-paste still works :)
On 8/12/200
"Mark Thomas" wrote in message
news:4a7c9110.50...@apache.org...
> Eric B. wrote:
>> Is there a workaround for this, or just one of those things that you have
>> to
>> learn to live with?
>
> In catalina.properties, modify the following entry as shown:
> common.loader=${catalina.base}/lib,${cata
>
> I need to create a alias for host in tomcat, lot of alias need to create.
> We have more than 500 users are using the web application. Each user should
> have saparate url but all r going to use same application. I thought i can
> use alias but how to create alias like' *.xyz.com'. In the place
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: Why myApps classpath is tomcat/common
>
> Note that this uses the "system" ClassLoader to locate resources. I
> suspect the CLASSPATH for that loader is something like
> /opt/sun-jdk-x-y-z/lib/rt.jar plus a few other
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lin,
On 8/12/2009 9:43 AM, Lin Chun wrote:
> I have a java class packaged in a jar in /myApp/WEB-INF/lib
> In this class I have to get a resouce ,
>
> ClassLoader.getSystemResource(CONFIG_FILE_NAME).toURI())
Note that this uses the "system" ClassLo
"Caldarale, Charles R" wrote in message
news:0aae5ab84b013e45a7b61cb66943c17229b6492...@usea-exch7.na.uis.unisys.com...
>> I don't understand why when using Juli anything that webapp's log4j
>> logs to Stdout gets logged to a file, however, when using log4j with
>> tomcat this behaviour isn't repl
*** NOTICE *
This message is intended for the use of the individual or entity to which
it is addressed and may contain information that is privileged,
confidential, and exempt from disclosure under applicable law. If the
reader of this
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sunil,
On 8/12/2009 3:12 AM, sunil chandran wrote:
> The issue is SSL vulnerability. from the responses, i understood that
> i need to upgrade to tomcat latest version. As per the team, it is
> recommended to go for Tomcat 5 in our environment.
With
> From: Ossi [mailto:los...@gmail.com]
> Subject: Tomcat 6 clustering and engine's defaulthost
>
> Looks like if configuring a Tomcat 6 cluster Engine's and host's
> default host must be "localhost", ie.
>
> If having something else than localhost, an error is logged:
> 2009-04-03 12:48:15,492 W
Joaquín Rodriguez-Guerra Urcelay wrote:
> Thanks Mark. Since the connection is never established with eos.apache.org,
> we can not know the urls that liferay is requesting, right? So, if tomcat is
> not the responsible for those connections, I guess there isn't any way to
> configure tomcat to a
Chuck,
I will not start a discussion about security ...
It's only an additional simple "trick" to hide it to some curious people in the
inner ring, like students and so on.
The Tomcat itself is by it's port 8080 not accessible from outside.
;-)
-Ursprüngliche Nachricht-
Von: Caldarale,
> From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in]
> Subject: Re: avoiding ssl vulnerabilities in tomcat
>
> As per the team, it is recommended to go for Tomcat 5
> in our environment.
Why would you waste your time with Tomcat 5? If you're going to upgrade from
4, move to the version th
Thanks Mark. Since the connection is never established with eos.apache.org, we
can not know the urls that liferay is requesting, right? So, if tomcat is not
the responsible for those connections, I guess there isn't any way to configure
tomcat to avoid them, right? Thanks for your help.
-Me
> From: Jörg Spilling [mailto:spill...@equicon.de]
> Subject: AW: change the default JSP index.jsp for ROOT context in
> Tomcat 6
>
> (and it's not odd: it's a "security" hint - simply hide it!)
If you think that constitutes security, you're fooling yourself. Security by
obscurity is an invitat
Chuck,
that's it - but only, if the compiled index*.java/*.class files are removed
from the work directory ;-(
(and it's not odd: it's a "security" hint - simply hide it!)
Cheers,
Joerg
-Ursprüngliche Nachricht-
Von: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Gesendet:
> From: Jörg Spilling [mailto:spill...@equicon.de]
> Subject: AW: change the default JSP index.jsp for ROOT context in
> Tomcat 6
>
> I want no own ROOT application. I will disable the access to the
> manager application by using http://localhost:8080/. On Tomcat 5, I
> have disabled the mapping o
Hi,
I have a java class packaged in a jar in /myApp/WEB-INF/lib
In this class I have to get a resouce ,
ClassLoader.getSystemResource(CONFIG_FILE_NAME).toURI())
I get null of this, when I trace the pb I find that the current path of
class was "tomcat/common" but not myApp/WEB-INF/lib
regard,
I want no own ROOT application. I will disable the access to the manager
application by using http://localhost:8080/. On Tomcat 5, I have disabled the
mapping of index_jsp, I have renamed the index.jsp in ROOT/ to
access_manager.jsp and I have created a new index.jsp which doesn't contain a
lin
On 12/08/2009 14:26, Jörg Spilling wrote:
I'm running Tomcat 6 on Linux and I want change the index.jsp of the ROOT
context which is displayed by http://localhost:8080/.
For Tomcat 5 I could comment out the index_jsp mapping in web.xml for ROOT. The
web.xml for the ROOT in Tomcat 6 doesn't cont
I'm running Tomcat 6 on Linux and I want change the index.jsp of the ROOT
context which is displayed by http://localhost:8080/.
For Tomcat 5 I could comment out the index_jsp mapping in web.xml for ROOT. The
web.xml for the ROOT in Tomcat 6 doesn't contain such a mapping. So how could I
remove t
hi!
Looks like if configuring a Tomcat 6 cluster Engine's and host's default
host must be "localhost", ie.
If having something else than localhost, an error is logged:
2009-04-03 12:48:15,492 WARN [pool-2-thread-1]
(org.apache.catalina.ha.ClusterListener) Context manager doesn't
exist:priv
2009/8/12 support_hockey :
>
> i will delete this after i test how to create a message here...
> --
> View this message in context:
> http://www.nabble.com/test-tp24934739p24934739.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> ---
Joaquín Rodriguez-Guerra Urcelay wrote:
> Hello all, I am using tomcat with liferay, and when uploading applications it
> is taking too much time. After using a sniffer to see the outgoing
> connections we found out that liferay was trying to access
> file-01.liferay.com to obtain files, but the
i will delete this after i test how to create a message here...
--
View this message in context:
http://www.nabble.com/test-tp24934738p24934738.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To
i will delete this after i test how to create a message here...
--
View this message in context:
http://www.nabble.com/test-tp24934739p24934739.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To
Hello all, I am using tomcat with liferay, and when uploading applications it
is taking too much time. After using a sniffer to see the outgoing connections
we found out that liferay was trying to access file-01.liferay.com to obtain
files, but the firewall was not allowing the connections, whic
TomazM wrote:
> 1) Linux problem
> Env:
> OS: Linux version 2.6.18-128.1.16.el5PAE
> java: 1.5
> Tomcat: 6.0.18
>
> I'm sign mail with javamail-crypto and bouncycastle-smime, I put
> $JAVA_HOME/jre/lib/ext/bcprov-jdk15-143.jar and in java.securety I add new
> provider.
>
> When I'm runing appli
Hi,
I'd like to configure my webapp to log into a separate file. (Actually,
I'd like to have two files, one with only the SEVERE messages and one
with all messages, but let's start with an easy example here.)
This is a Debian 5.0 server.
The webapp is installed in
/var/lib/tomcat5.5/webapps
Mark Thomas wrote:
> Tk, Pramod (NSN - IN/Bangalore) wrote:
>> Hello,
>>
>> I have configured apache-tomcat-6.0.20 for PKCS11 to use the keystore
>> present on HSM(Hardware security Module) which is SCA6000 in my case.
>
> I think you have found a bug but confirming this and then fixing it is
> go
This script is the catalina.sh officially packaged with tomcat.
jgroups wrote:
>
> Red hat linux:
>
> Here is the script:
>
> #!/bin/sh
>
> # Licensed to the Apache Software Foundation (ASF) under one or more
> # contributor license agreements. See the NOTICE file distributed with
> # this
Tk, Pramod (NSN - IN/Bangalore) wrote:
> Hello,
>
> I have configured apache-tomcat-6.0.20 for PKCS11 to use the keystore
> present on HSM(Hardware security Module) which is SCA6000 in my case.
I think you have found a bug but confirming this and then fixing it is
going to be somewhat complicated
Anisha Parveen -X (anparvee - Infosys at Cisco) wrote:
> Hi all,
>
> I am trying to start tomcat 4.1.3 on Solaris. ps -ef | grep tomcat
> returns nothing.
4.1.3 is extremely old and the 4.1.x release is no longer supported.
I'd suggest starting again with 6.6.20
Mark
---
sunil chandran wrote:
> Hello Sir,
> I wish to confirm one more thing.
> The issue is SSL vulnerability. from the responses, i understood that i need
> to upgrade to tomcat latest version. As per the team, it is recommended to go
> for Tomcat 5 in our environment.
> my quesiton is:
> Is this vule
Anisha Parveen -X (anparvee - Infosys at Cisco) wrote:
From the log messages it seems Tomcat is not loading the contexts
provided in server.xml.
Out of the contexts provided in server.xml , only one of it getting
loaded and no log messages for the rest.
Could you post the log messgages? Say,
Hello Sir,
I wish to confirm one more thing.
The issue is SSL vulnerability. from the responses, i understood that i need to
upgrade to tomcat latest version. As per the team, it is recommended to go for
Tomcat 5 in our environment.
my quesiton is:
Is this vulernability solved in tomcat 5 version
65 matches
Mail list logo
