archive-cr.com » CR » L » LLOBET.CO.CR

Total: 247

Choose link from "Titles, links and description words view":

Or switch to "Titles and links view".
  • Apache Tomcat 8 (8.0.24) - Security Manager HOW-TO
    permissions apply to all shared system extensions when java home points at JAVA HOME jre grant codeBase file java home lib ext permission java security AllPermission CATALINA CODE PERMISSIONS These permissions apply to the daemon code grant codeBase file catalina home bin commons daemon jar permission java security AllPermission These permissions apply to the logging API Note If tomcat juli jar is in catalina base and not in catalina home update this section accordingly grant codeBase file catalina base bin tomcat juli jar grant codeBase file catalina home bin tomcat juli jar permission java io FilePermission java home file separator lib file separator logging properties read permission java io FilePermission catalina base file separator conf file separator logging properties read permission java io FilePermission catalina base file separator logs read write permission java io FilePermission catalina base file separator logs file separator read write permission java lang RuntimePermission shutdownHooks permission java lang RuntimePermission getClassLoader permission java lang RuntimePermission setContextClassLoader permission java lang management ManagementPermission monitor permission java util logging LoggingPermission control permission java util PropertyPermission java util logging config class read permission java util PropertyPermission java util logging config file read permission java util PropertyPermission org apache juli AsyncLoggerPollInterval read permission java util PropertyPermission org apache juli AsyncMaxRecordCount read permission java util PropertyPermission org apache juli AsyncOverflowDropType read permission java util PropertyPermission org apache juli ClassLoaderLogManager debug read permission java util PropertyPermission catalina base read Note To enable per context logging configuration permit read access to the appropriate file Be sure that the logging configuration is secure before enabling such access E g for the examples web application uncomment and unwrap the following to be on a single line permission java io FilePermission catalina base file separator webapps file separator examples file separator WEB INF file separator classes file separator logging properties read These permissions apply to the server startup code grant codeBase file catalina home bin bootstrap jar permission java security AllPermission These permissions apply to the servlet API classes and those that are shared across all class loaders located in the lib directory grant codeBase file catalina home lib permission java security AllPermission If using a per instance lib directory i e catalina base lib then the following permission will need to be uncommented grant codeBase file catalina base lib permission java security AllPermission WEB APPLICATION PERMISSIONS These permissions are granted by default to all web applications In addition a web application will be given a read FilePermission for all files and directories in its document root grant Required for JNDI lookup of named JDBC DataSource s and javamail named MimePart DataSource used to send mail permission java util PropertyPermission java home read permission java util PropertyPermission java naming read permission java util PropertyPermission javax sql read OS Specific properties to allow read access permission java util PropertyPermission os name read permission java util PropertyPermission os version read permission java util PropertyPermission os arch read permission java util PropertyPermission file separator read permission java util PropertyPermission path separator

    Original URL path: http://www.llobet.co.cr/docs/security-manager-howto.html (2015-10-31)
    Open archived version from archive


  • Apache Tomcat 8 (8.0.24) - JNDI Resources HOW-TO
    be used to create objects of any Java class that conforms to standard JavaBeans naming conventions i e it has a zero arguments constructor and has property setters that conform to the setFoo naming pattern The resource factory will only create a new instance of the appropriate bean class every time a lookup for this entry is made if the singleton attribute of the factory is set to false The steps required to use this facility are described below 1 Create Your JavaBean Class Create the JavaBean class which will be instantiated each time that the resource factory is looked up For this example assume you create a class com mycompany MyBean which looks like this package com mycompany public class MyBean private String foo Default Foo public String getFoo return this foo public void setFoo String foo this foo foo private int bar 0 public int getBar return this bar public void setBar int bar this bar bar 2 Declare Your Resource Requirements Next modify your web application deployment descriptor WEB INF web xml to declare the JNDI name under which you will request new instances of this bean The simplest approach is to use a resource env ref element like this resource env ref description Object factory for MyBean instances description resource env ref name bean MyBeanFactory resource env ref name resource env ref type com mycompany MyBean resource env ref type resource env ref WARNING Be sure you respect the element ordering that is required by the DTD for web application deployment descriptors See the Servlet Specification for details 3 Code Your Application s Use Of This Resource A typical use of this resource environment reference might look like this Context initCtx new InitialContext Context envCtx Context initCtx lookup java comp env MyBean bean MyBean envCtx lookup bean MyBeanFactory writer println foo bean getFoo bar bean getBar 4 Configure Tomcat s Resource Factory To configure Tomcat s resource factory add an element like this to the Context element for this web application Context Resource name bean MyBeanFactory auth Container type com mycompany MyBean factory org apache naming factory BeanFactory bar 23 Context Note that the resource name here bean MyBeanFactory must match the value specified in the web application deployment descriptor We are also initializing the value of the bar property which will cause setBar 23 to be called before the new bean is returned Because we are not initializing the foo property although we could have the bean will contain whatever default value is set up by its constructor Some beans have properties with types that can not automatically be converted from a string value Setting such properties using the Tomcat BeanFactory will fail with a NamingException In cases were those beans provide methods to set the properties from a string value the Tomcat BeanFactory can be configured to use these methods The configuration is done with the forceString attribute Assume our bean looks like this package com mycompany import java net InetAddress import java net UnknownHostException public class MyBean2 private InetAddress local null public InetAddress getLocal return local public void setLocal InetAddress ip local ip public void setLocal String localHost try local InetAddress getByName localHost catch UnknownHostException ex private InetAddress remote null public InetAddress getRemote return remote public void setRemote InetAddress ip remote ip public void host String remoteHost try remote InetAddress getByName remoteHost catch UnknownHostException ex The bean has two properties both are of type InetAddress The first property local has an additional setter taking a string argument By default the Tomcat BeanFactory would try to use the automatically detected setter with the same argument type as the property type and then throw a NamingException because it is not prepared to convert the given string attribute value to InetAddress We can tell the Tomcat BeanFactory to use the other setter like that Context Resource name bean MyBeanFactory auth Container type com mycompany MyBean2 factory org apache naming factory BeanFactory forceString local local localhost Context The bean property remote can also be set from a string but one has to use the non standard method name host To set local and remote use the following configuration Context Resource name bean MyBeanFactory auth Container type com mycompany MyBean2 factory org apache naming factory BeanFactory forceString local remote host local localhost remote tomcat apache org Context Multiple property descriptions can be combined in forceString by concatenation with comma as a separator Each property description consists of either only the property name in which case the BeanFactory calls the setter method Or it consist of name method in which case the property named name is set by calling method method For properties of types String or of primitive type or of their associated primitive wrapper classes using forceString is not needed The correct setter will be automatically detected and argument conversion will be applied UserDatabase Resources 0 Introduction UserDatabase resources are typically configured as global resources for use by a UserDatabase realm Tomcat includes a UserDatabaseFactoory that creates UserDatabase resources backed by an XML file usually tomcat users xml The steps required to set up a global UserDatabase resource are described below 1 Create edit the XML file The XML file is typically located at CATALINA BASE conf tomcat users xml however you are free to locate the file anywhere on the file system It is recommended that the XML files are placed in CATALINA BASE conf A typical XML would look like xml version 1 0 encoding utf 8 tomcat users role rolename tomcat role rolename role1 user username tomcat password tomcat roles tomcat user username both password tomcat roles tomcat role1 user username role1 password tomcat roles role1 tomcat users 2 Declare Your Resource Next modify CATALINA BASE conf server xml to create the UserDatabase resource based on your XML file It should look something like this Resource name UserDatabase auth Container type org apache catalina UserDatabase description User database that can be updated and saved factory org apache catalina users MemoryUserDatabaseFactory pathname conf tomcat users xml readonly false The pathname attribute can be absolute or relative If relative it is relative to CATALINA BASE The readonly attribute is optional and defaults to true if not supplied If the XML is writeable then it will be written to when Tomcat starts WARNING When the file is written it will inherit the default file permissions for the user Tomcat is running as Ensure that these are appropriate to maintain the security of your installation 3 Configure the Realm Configure a UserDatabase Realm to use this resource as described in the Realm configuration documentation JavaMail Sessions 0 Introduction In many web applications sending electronic mail messages is a required part of the system s functionality The Java Mail API makes this process relatively straightforward but requires many configuration details that the client application must be aware of including the name of the SMTP host to be used for message sending Tomcat includes a standard resource factory that will create javax mail Session session instances for you already configured to connect to an SMTP server In this way the application is totally insulated from changes in the email server configuration environment it simply asks for and receives a preconfigured session whenever needed The steps required for this are outlined below 1 Declare Your Resource Requirements The first thing you should do is modify the web application deployment descriptor WEB INF web xml to declare the JNDI name under which you will look up preconfigured sessions By convention all such names should resolve to the mail subcontext relative to the standard java comp env naming context that is the root of all provided resource factories A typical web xml entry might look like this resource ref description Resource reference to a factory for javax mail Session instances that may be used for sending electronic mail messages preconfigured to connect to the appropriate SMTP server description res ref name mail Session res ref name res type javax mail Session res type res auth Container res auth resource ref WARNING Be sure you respect the element ordering that is required by the DTD for web application deployment descriptors See the Servlet Specification for details 2 Code Your Application s Use Of This Resource A typical use of this resource reference might look like this Context initCtx new InitialContext Context envCtx Context initCtx lookup java comp env Session session Session envCtx lookup mail Session Message message new MimeMessage session message setFrom new InternetAddress request getParameter from InternetAddress to new InternetAddress 1 to 0 new InternetAddress request getParameter to message setRecipients Message RecipientType TO to message setSubject request getParameter subject message setContent request getParameter content text plain Transport send message Note that the application uses the same resource reference name that was declared in the web application deployment descriptor This is matched up against the resource factory that is configured in the Context element for the web application as described below 3 Configure Tomcat s Resource Factory To configure Tomcat s resource factory add an elements like this to the Context element for this web application Context Resource name mail Session auth Container type javax mail Session mail smtp host localhost Context Note that the resource name here mail Session must match the value specified in the web application deployment descriptor Customize the value of the mail smtp host parameter to point at the server that provides SMTP service for your network Additional resource attributes and values will be converted to properties and values and passed to javax mail Session getInstance java util Properties as part of the java util Properties collection In addition to the properties defined in Annex A of the JavaMail specification individual providers may also support additional properties If the resource is configured with a password attribute and either a mail smtp user or mail user attribute then Tomcat s resource factory will configure and add a javax mail Authenticator to the mail session 4 Install the JavaMail libraries Download the JavaMail API Unpackage the distribution and place mail jar into CATALINA HOME lib so that it is available to Tomcat during the initialization of the mail Session Resource Note placing this jar in both CATALINA HOME lib and a web application s lib folder will cause an error so ensure you have it in the CATALINA HOME lib location only 5 Restart Tomcat For the additional JAR to be visible to Tomcat it is necessary for the Tomcat instance to be restarted Example Application The examples application included with Tomcat contains an example of utilizing this resource factory It is accessed via the JSP Examples link The source code for the servlet that actually sends the mail message is in WEB INF classes SendMailServlet java WARNING The default configuration assumes that there is an SMTP server listing on port 25 on localhost If this is not the case edit the Context element for this web application and modify the parameter value for the mail smtp host parameter to be the host name of an SMTP server on your network JDBC Data Sources 0 Introduction Many web applications need to access a database via a JDBC driver to support the functionality required by that application The Java EE Platform Specification requires Java EE Application Servers to make available a DataSource implementation that is a connection pool for JDBC connections for this purpose Tomcat offers exactly the same support so that database based applications you develop on Tomcat using this service will run unchanged on any Java EE server For information about JDBC you should consult the following http www oracle com technetwork java javase jdbc index html Home page for information about Java Database Connectivity http java sun com j2se 1 3 docs guide jdbc spec2 jdbc2 1 frame html The JDBC 2 1 API Specification http java sun com products jdbc jdbc20 stdext pdf The JDBC 2 0 Standard Extension API including the javax sql DataSource API This package is now known as the JDBC Optional Package http www oracle com technetwork java javaee overview index htm The Java EE Platform Specification covers the JDBC facilities that all Java EE platforms must provide to applications NOTE The default data source support in Tomcat is based on the DBCP connection pool from the Commons project However it is possible to use any other connection pool that implements javax sql DataSource by writing your own custom resource factory as described below 1 Install Your JDBC Driver Use of the JDBC Data Sources JNDI Resource Factory requires that you make an appropriate JDBC driver available to both Tomcat internal classes and to your web application This is most easily accomplished by installing the driver s JAR file s into the CATALINA HOME lib directory which makes the driver available both to the resource factory and to your application 2 Declare Your Resource Requirements Next modify the web application deployment descriptor WEB INF web xml to declare the JNDI name under which you will look up preconfigured data source By convention all such names should resolve to the jdbc subcontext relative to the standard java comp env naming context that is the root of all provided resource factories A typical web xml entry might look like this resource ref description Resource reference to a factory for java sql Connection instances that may be used for talking to a particular database that is configured in the Context configurartion for the web application description res ref name jdbc EmployeeDB res ref name res type javax sql DataSource res type res auth Container res auth resource ref WARNING Be sure you respect the element ordering that is required by the DTD for web application deployment descriptors See the Servlet Specification for details 3 Code Your Application s Use Of This Resource A typical use of this resource reference might look like this Context initCtx new InitialContext Context envCtx Context initCtx lookup java comp env DataSource ds DataSource envCtx lookup jdbc EmployeeDB Connection conn ds getConnection use this connection to access the database conn close Note that the application uses the same resource reference name that was declared in the web application deployment descriptor This is matched up against the resource factory that is configured in the Context element for the web application as described below 4 Configure Tomcat s Resource Factory To configure Tomcat s resource factory add an element like this to the Context element for the web application Context Resource name jdbc EmployeeDB auth Container type javax sql DataSource username dbusername password dbpassword driverClassName org hsql jdbcDriver url jdbc HypersonicSQL database maxTotal 8 maxIdle 4 Context Note that the resource name here jdbc EmployeeDB must match the value specified in the web application deployment descriptor This example assumes that you are using the HypersonicSQL database JDBC driver Customize the driverClassName and driverName parameters to match your actual database s JDBC driver and connection URL The configuration properties for Tomcat s standard data source resource factory org apache tomcat dbcp dbcp2 BasicDataSourceFactory are as follows driverClassName Fully qualified Java class name of the JDBC driver to be used username Database username to be passed to our JDBC driver password Database password to be passed to our JDBC driver url Connection URL to be passed to our JDBC driver For backwards compatibility the property driverName is also recognized initialSize The initial number of connections that will be created in the pool during pool initialization Default 0 maxTotal The maximum number of connections that can be allocated from this pool at the same time Default 8 minIdle The minimum number of connections that will sit idle in this pool at the same time Default 0 maxIdle The maximum number of connections that can sit idle in this pool at the same time Default 8 maxWaitMillis The maximum number of milliseconds that the pool will wait when there are no available connections for a connection to be returned before throwing an exception Default 1 infinite Some additional properties handle connection validation validationQuery SQL query that can be used by the pool to validate connections before they are returned to the application If specified this query MUST be an SQL SELECT statement that returns at least one row validationQueryTimeout Timeout in seconds for the validation query to return Default 1 infinite testOnBorrow true or false whether a connection should be validated using the validation query each time it is borrowed from the pool Default true testOnReturn true or false whether a connection should be validated using the validation query each time it is returned to the pool Default false The optional evictor thread is responsible for shrinking the pool by removing any conections which are idle for a long time The evictor does not respect minIdle Note that you do not need to activate the evictor thread if you only want the pool to shrink according to the configured maxIdle property The evictor is disabled by default and can be configured using the following properties timeBetweenEvictionRunsMillis The number of milliseconds between consecutive runs of the evictor Default 1 disabled numTestsPerEvictionRun The number of connections that will be checked for idleness by the evitor during each run of the evictor Default 3 minEvictableIdleTimeMillis The idle time in milliseconds after which a connection can be removed from the pool by the evictor Default 30 60 1000 30 minutes testWhileIdle true or false whether a connection should be validated by the evictor thread using the validation query while sitting idle in the pool Default false Another optional feature is the removal of abandoned connections A connection is called abandoned if the application does not return it to the pool for a long time The pool can close such connections automatically and remove them from the pool This is a workaround for applications leaking connections The abandoning feature is disabled by default and can be configured using the following properties removeAbandoned true or false whether to remove abandoned connections from the pool Default false removeAbandonedTimeout The number of seconds after which a borrowed

    Original URL path: http://www.llobet.co.cr/docs/jndi-resources-howto.html (2015-10-31)
    Open archived version from archive

  • Apache Tomcat 8 (8.0.24) - Class Loader HOW-TO
    and the class loader implementation classes it depends on CATALINA BASE bin tomcat juli jar or CATALINA HOME bin tomcat juli jar Logging implementation classes These include enhancement classes to java util logging API known as Tomcat JULI and a package renamed copy of Apache Commons Logging library used internally by Tomcat See logging documentation for more details If tomcat juli jar is present in CATALINA BASE bin it is used instead of the one in CATALINA HOME bin It is useful in certain logging configurations CATALINA HOME bin commons daemon jar The classes from Apache Commons Daemon project This JAR file is not present in the CLASSPATH built by catalina bat sh scripts but is referenced from the manifest file of bootstrap jar Common This class loader contains additional classes that are made visible to both Tomcat internal classes and to all web applications Normally application classes should NOT be placed here The locations searched by this class loader are defined by the common loader property in CATALINA BASE conf catalina properties The default setting will search the following locations in the order they are listed unpacked classes and resources in CATALINA BASE lib JAR files in CATALINA BASE lib unpacked classes and resources in CATALINA HOME lib JAR files in CATALINA HOME lib By default this includes the following annotations api jar JavaEE annotations classes catalina jar Implementation of the Catalina servlet container portion of Tomcat catalina ant jar Tomcat Catalina Ant tasks catalina ha jar High availability package catalina storeconfig jar Generation of XML configuration files from current state catalina tribes jar Group communication package ecj jar Eclipse JDT Java compiler el api jar EL 3 0 API jasper jar Tomcat Jasper JSP Compiler and Runtime jasper el jar Tomcat Jasper EL implementation jsp api jar JSP 2 3 API servlet api jar Servlet 3 1 API tomcat api jar Several interfaces defined by Tomcat tomcat coyote jar Tomcat connectors and utility classes tomcat dbcp jar Database connection pool implementation based on package renamed copy of Apache Commons Pool and Apache Commons DBCP tomcat i18n jar Optional JARs containing resource bundles for other languages As default bundles are also included in each individual JAR they can be safely removed if no internationalization of messages is needed tomcat jdbc jar An alternative database connection pool implementation known as Tomcat JDBC pool See documentation for more details tomcat util jar Common classes used by various components of Apache Tomcat tomcat websocket jar WebSocket 1 1 implementation websocket api jar WebSocket 1 1 API WebappX A class loader is created for each web application that is deployed in a single Tomcat instance All unpacked classes and resources in the WEB INF classes directory of your web application plus classes and resources in JAR files under the WEB INF lib directory of your web application are made visible to this web application but not to other ones As mentioned above the web application class loader diverges from the default Java delegation

    Original URL path: http://www.llobet.co.cr/docs/class-loader-howto.html (2015-10-31)
    Open archived version from archive

  • Apache Tomcat 8 (8.0.24) - Jasper 2 JSP Engine How To
    044E 11D1 B3E9 00805F499D93 javaEncoding Java file encoding to use for generating java source files Default UTF8 keepgenerated Should we keep the generated Java source code for each page instead of deleting it true or false default true mappedfile Should we generate static content with one print statement per input line to ease debugging true or false default true maxLoadedJsps The maximum number of JSPs that will be loaded for a web application If more than this number of JSPs are loaded the least recently used JSPs will be unloaded so that the number of JSPs loaded at any one time does not exceed this limit A value of zero or less indicates no limit Default 1 jspIdleTimeout The amount of time in seconds a JSP can be idle before it is unloaded A value of zero or less indicates never unload Default 1 modificationTestInterval Causes a JSP and its dependent files to not be checked for modification during the specified time interval in seconds from the last time the JSP was checked for modification A value of 0 will cause the JSP to be checked on every access Used in development mode only Default is 4 seconds recompileOnFail If a JSP compilation fails should the modificationTestInterval be ignored and the next access trigger a re compilation attempt Used in development mode only and is disabled by default as compilation may be expensive and could lead to excessive resource usage scratchdir What scratch directory should we use when compiling JSP pages Default is the work directory for the current web application suppressSmap Should the generation of SMAP info for JSR45 debugging be suppressed true or false default false trimSpaces Should white spaces in template text between actions or directives be trimmed default false xpoweredBy Determines whether X Powered By response header is added by generated servlet true or false default false The Java compiler from Eclipse JDT in included as the default compiler It is an advanced Java compiler which will load all dependencies from the Tomcat class loader which will help tremendously when compiling on large installations with tens of JARs On fast servers this will allow sub second recompilation cycles for even large JSP pages Apache Ant which was used in previous Tomcat releases can be used instead of the new compiler by configuring the compiler attribute as explained above Known issues As described in bug 39089 a known JVM issue bug 6294277 may cause a java lang InternalError name is too long to represent exception when compiling very large JSPs If this is observed then it may be worked around by using one of the following reduce the size of the JSP disable SMAP generation and JSR 045 support by setting suppressSmap to true Production Configuration The main JSP optimization which can be done is precompilation of JSPs However this might not be possible for example when using the jsp property group feature or practical in which case the configuration of the Jasper servlet becomes critical When

    Original URL path: http://www.llobet.co.cr/docs/jasper-howto.html (2015-10-31)
    Open archived version from archive

  • Apache Tomcat 8 (8.0.24) - SSL/TLS Configuration HOW-TO
    related to the case sensitivity of aliases it is not recommended to use aliases that differ only in case To import an existing certificate into a JKS keystore please read the documentation in your JDK documentation package about keytool Note that OpenSSL often adds readable comments before the key but keytool does not support that So if your certificate has comments before the key data remove them before importing the certificate with keytool To import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL you would execute a command like openssl pkcs12 export in mycert crt inkey mykey key out mycert p12 name tomcat CAfile myCA crt caname root chain For more advanced cases consult the OpenSSL documentation To create a new JKS keystore from scratch containing a single self signed Certificate execute the following from a terminal command line Windows JAVA HOME bin keytool genkey alias tomcat keyalg RSA Unix JAVA HOME bin keytool genkey alias tomcat keyalg RSA The RSA algorithm should be preferred as a secure algorithm and this also ensures general compatibility with other servers and components This command will create a new file in the home directory of the user under which you run it named keystore To specify a different location or filename add the keystore parameter followed by the complete pathname to your keystore file to the keytool command shown above You will also need to reflect this new location in the server xml configuration file as described later For example Windows JAVA HOME bin keytool genkey alias tomcat keyalg RSA keystore path to my keystore Unix JAVA HOME bin keytool genkey alias tomcat keyalg RSA keystore path to my keystore After executing this command you will first be prompted for the keystore password The default password used by Tomcat is changeit all lower case although you can specify a custom password if you like You will also need to specify the custom password in the server xml configuration file as described later Next you will be prompted for general information about this Certificate such as company contact name and so on This information will be displayed to users who attempt to access a secure page in your application so make sure that the information provided here matches what they will expect Finally you will be prompted for the key password which is the password specifically for this Certificate as opposed to any other Certificates stored in the same keystore file The keytool prompt will tell you that pressing the ENTER key automatically uses the same password for the key as the keystore You are free to use the same password or to select a custom one If you select a different password to the keystore password you will also need to specify the custom password in the server xml configuration file If everything was successful you now have a keystore file with a Certificate that can be used by your server Edit the Tomcat Configuration File Tomcat can use two different implementations of SSL the JSSE implementation provided as part of the Java runtime since 1 4 the APR implementation which uses the OpenSSL engine by default The exact configuration details depend on which implementation is being used If you configured Connector by specifying generic protocol HTTP 1 1 then the implementation used by Tomcat is chosen automatically If the installation uses APR i e you have installed the Tomcat native library then it will use the APR SSL implementation otherwise it will use the Java JSSE implementation As configuration attributes for SSL support significally differ between APR vs JSSE implementations it is recommended to avoid auto selection of implementation It is done by specifying a classname in the protocol attribute of the Connector To define a Java JSSE connector regardless of whether the APR library is loaded or not use one of the following Define a HTTP 1 1 Connector on port 8443 JSSE NIO implementation Connector protocol org apache coyote http11 Http11NioProtocol port 8443 Define a HTTP 1 1 Connector on port 8443 JSSE NIO2 implementation Connector protocol org apache coyote http11 Http11Nio2Protocol port 8443 Define a HTTP 1 1 Connector on port 8443 JSSE BIO implementation Connector protocol org apache coyote http11 Http11Protocol port 8443 Alternatively to specify an APR connector the APR library must be available use Define a HTTP 1 1 Connector on port 8443 APR implementation Connector protocol org apache coyote http11 Http11AprProtocol port 8443 If you are using APR you have the option of configuring an alternative engine to OpenSSL Listener className org apache catalina core AprLifecycleListener SSLEngine someengine SSLRandomSeed somedevice The default value is Listener className org apache catalina core AprLifecycleListener SSLEngine on SSLRandomSeed builtin So to use SSL under APR make sure the SSLEngine attribute is set to something other than off The default value is on and if you specify another value it has to be a valid engine name SSLRandomSeed allows to specify a source of entropy Productive system needs a reliable source of entropy but entropy may need a lot of time to be collected therefore test systems could use no blocking entropy sources like dev urandom that will allow quicker starts of Tomcat The final step is to configure the Connector in the CATALINA BASE conf server xml file where CATALINA BASE represents the base directory for the Tomcat instance An example Connector element for an SSL connector is included in the default server xml file installed with Tomcat To configure an SSL connector that uses JSSE you will need to remove the comments and edit it so it looks something like this Define a SSL Coyote HTTP 1 1 Connector on port 8443 Connector protocol org apache coyote http11 Http11NioProtocol port 8443 maxThreads 200 scheme https secure true SSLEnabled true keystoreFile user home keystore keystorePass changeit clientAuth false sslProtocol TLS The APR connector uses different attributes for many SSL settings particularly keys and certificates An example of an APR configuration is Define a

    Original URL path: http://www.llobet.co.cr/docs/ssl-howto.html (2015-10-31)
    Open archived version from archive

  • Apache Tomcat 8 (8.0.24) - SSI How To
    which can be used to configure the behaviour of the SSI servlet buffered Should output from this servlet be buffered 0 false 1 true Default 0 false debug Debugging detail level for messages logged by this servlet Default 0 expires The number of seconds before a page with SSI directives will expire Default behaviour is for all SSI directives to be evaluated for every request isVirtualWebappRelative Should virtual SSI directive paths be interpreted as relative to the context root instead of the server root Default false inputEncoding The encoding to be assumed for SSI resources if one cannot be determined from the resource itself Default is the default platform encoding outputEncoding The encoding to be used for the result of the SSI processing Default is UTF 8 allowExec Is the exec command enabled Default is false Filter Configuration There are several filter init parameters which can be used to configure the behaviour of the SSI filter contentType A regex pattern that must be matched before SSI processing is applied When crafting your own pattern don t forget that a mime content type may be followed by an optional character set in the form mime type charset set that you must take into account Default is text x server parsed html debug Debugging detail level for messages logged by this servlet Default 0 expires The number of seconds before a page with SSI directives will expire Default behaviour is for all SSI directives to be evaluated for every request isVirtualWebappRelative Should virtual SSI directive paths be interpreted as relative to the context root instead of the server root Default false allowExec Is the exec command enabled Default is false Directives Server Side Includes are invoked by embedding SSI directives in an HTML document whose type will be processed by the SSI servlet The directives take the form of an HTML comment The directive is replaced by the results of interpreting it before sending the page to the client The general form of a directive is directive parm value The directives are config config timefmt B Y Used to set the format of dates and other items processed by SSI echo echo var VARIABLE NAME will be replaced by the value of the variable exec Used to run commands on the host system include include virtual file name inserts the contents flastmod flastmod file filename shtml Returns the time that a file was lost modified fsize fsize file filename shtml Returns the size of a file printenv printenv Returns the list of all the defined variables set set var foo value Bar is used to assign a value to a user defind variable if elif endif else Used to create conditional sections For example config timefmt A if expr DATE LOCAL Monday p Meeting at 10 00 on Mondays p elif expr DATE LOCAL Friday p Turn in your time card p else p Yoga class at noon p endif See the Apache Introduction to SSI for more information on using SSI

    Original URL path: http://www.llobet.co.cr/docs/ssi-howto.html (2015-10-31)
    Open archived version from archive

  • Apache Tomcat 8 (8.0.24) - CGI How To
    t want to run a web server like Apache httpd Tomcat s CGI support is largely compatible with Apache httpd s but there are some limitations e g only one cgi bin directory CGI support is implemented using the servlet class org apache catalina servlets CGIServlet Traditionally this servlet is mapped to the URL pattern cgi bin By default CGI support is disabled in Tomcat Installation CAUTION CGI scripts are used to execute programs external to the Tomcat JVM If you are using the Java SecurityManager this will bypass your security policy configuration in catalina policy To enable CGI support There are commented out sample servlet and servlet mapping elements for CGI servlet in the default CATALINA BASE conf web xml file To enable CGI support in your web application copy that servlet and servlet mapping declarations into WEB INF web xml file of your web application Uncommenting the servlet and servlet mapping in CATALINA BASE conf web xml file enables CGI for all installed web applications at once Set privileged true on the Context element for your web application Only Contexts which are marked as privileged are allowed to use the CGI servlet Note that modifying the global CATALINA BASE conf context xml file affects all web applications See Context documentation for details Configuration There are several servlet init parameters which can be used to configure the behaviour of the CGI servlet cgiPathPrefix The CGI search path will start at the web application root directory File separator this prefix By default there is no value which results in the web application root directory being used as the search path The recommended value is WEB INF cgi debug Debugging detail level for messages logged by this servlet Default is 0 executable The of the executable to be used to run

    Original URL path: http://www.llobet.co.cr/docs/cgi-howto.html (2015-10-31)
    Open archived version from archive

  • Apache Tomcat 8 (8.0.24) - Proxy Support HOW-TO
    was sent ServletRequest getLocalName Returns the host name of the Internet Protocol IP interface on which the request was received ServletRequest getLocalPort Returns the Internet Protocol IP port number of the interface on which the request was received When you are running behind a proxy server or a web server that is configured to behave like a proxy server you will sometimes prefer to manage the values returned by these calls In particular you will generally want the port number to reflect that specified in the original request not the one on which the Connector itself is listening You can use the proxyName and proxyPort attributes on the Connector element to configure these values Proxy support can take many forms The following sections describe proxy configurations for several common cases Apache 1 3 Proxy Support Apache 1 3 supports an optional module mod proxy that configures the web server to act as a proxy server This can be used to forward requests for a particular web application to a Tomcat instance without having to configure a web connector such as mod jk To accomplish this you need to perform the following tasks Configure your copy of Apache so that it includes the mod proxy module If you are building from source the easiest way to do this is to include the enable module proxy directive on the configure command line If not already added for you make sure that you are loading the mod proxy module at Apache startup time by using the following directives in your httpd conf file LoadModule proxy module path to modules mod proxy so AddModule mod proxy c Include two directives in your httpd conf file for each web application that you wish to forward to Tomcat For example to forward an application at context path myapp ProxyPass myapp http localhost 8081 myapp ProxyPassReverse myapp http localhost 8081 myapp which tells Apache to forward URLs of the form http localhost myapp to the Tomcat connector listening on port 8081 Configure your copy of Tomcat to include a special Connector element with appropriate proxy settings for example Connector port 8081 proxyName www mycompany com proxyPort 80 which will cause servlets inside this web application to think that all proxied requests were directed to www mycompany com on port 80 It is legal to omit the proxyName attribute from the Connector element If you do so the value returned by request getServerName will by the host name on which Tomcat is running In the example above it would be localhost If you also have a Connector listening on port 8080 nested within the same Service element the requests to either port will share the same set of virtual hosts and web applications You might wish to use the IP filtering features of your operating system to restrict connections to port 8081 in this example to be allowed only from the server that is running Apache Alternatively you can set up a series of web applications that are

    Original URL path: http://www.llobet.co.cr/docs/proxy-howto.html (2015-10-31)
    Open archived version from archive



  •