00:50.19 | *** part/#tomcat mreynolds (n=mreynold@208.252.86.154) |
00:54.53 | *** join/#tomcat Hugh__ (n=Hugh@puma.mxtelecom.com) |
01:36.14 | *** join/#tomcat halicem (n=m@ip70-190-189-136.ph.ph.cox.net) |
02:10.39 | halicem | hi! |
02:10.39 | halicem | i cant get tomcat to run at all. |
02:10.39 | halicem | if i run it with tomcat5w.exe it'll throw this error: |
02:10.39 | halicem | Access is denied. |
02:10.39 | halicem | Unable to open the service registry key |
02:10.51 | *** join/#tomcat halicem (n=m@ip70-190-189-136.ph.ph.cox.net) |
02:11.13 | halicem | hi! |
02:11.19 | halicem | i cant get tomcat to run at all. |
02:11.29 | halicem | if i run it with tomcat5w.exe it'll throw this error: |
02:11.29 | halicem | Access is denied. |
02:11.29 | halicem | Unable to open the service registry key |
02:11.39 | halicem | if i run it with tomcat5.exe using the command prompt: |
02:11.56 | halicem | [402 prunsrv.c] [error] |
02:11.56 | halicem | The system cannot find the file specified. |
02:12.05 | halicem | [1246 prunsrv.c] [error] |
02:12.05 | halicem | Load configuration failed |
02:12.15 | halicem | if i start it using windows service: |
02:12.23 | lyken | are you admin? |
02:12.25 | halicem | Could not start the Apache Tomcat service on Local Computer. |
02:12.34 | lyken | and you cant just run.. tomcat5.exe |
02:12.37 | halicem | Error 1053: The service did not respond to the start or control request in a timely fashion. (though i threw up the message immediately after starting) |
02:12.37 | halicem | there is a hotfix for error 1053(which supposedly deals with .net framework 1.1) from microsoft but even after patching, its still the same. |
02:12.37 | halicem | my log file just contains: |
02:13.27 | halicem | yes i am, sorry, i got kicked for excess flood last time so im posting it again, not sure up to which part got through. |
02:13.40 | halicem | [info] Service Tomcat5 name Apache Tomcat |
02:13.40 | halicem | [info] Procrun finished. |
02:13.41 | lyken | you should use the start/shutdown batch files in windows |
02:13.48 | lyken | is this windows 2k3? |
02:14.01 | halicem | its windows xp |
02:14.15 | halicem | i'm using jre9. i also tried jre8, no luck there. |
02:14.15 | halicem | installed using the msi and reinstalled it over and over, even tried tomcat6, still nothing. i tried tomcat 4.1 and it worked. but tomcat 5 still won't work. |
02:14.15 | halicem | java_home and catalina_home are properly set. |
02:14.31 | halicem | i'm running windows xp sp2, and tomcat 5.5.20. |
02:14.39 | lyken | if JAVA_HOME is set |
02:14.55 | lyken | then the installer and gui start tools should work |
02:15.12 | halicem | ive tried using the batch files but nothing as well |
02:15.54 | halicem | the start and gui tools throw up the same error as tomcat5w.exe |
02:16.43 | lyken | ive never seen that before |
02:16.48 | lyken | the process should be |
02:16.51 | lyken | install java |
02:16.52 | lyken | install tomcat |
02:16.54 | lyken | start. |
02:17.43 | halicem | yeah, i had tomcat running before, but ireformatted a couple of months back and now i cant get it to run |
02:20.21 | lyken | i dont use windows so i cant help sorry |
02:20.45 | halicem | ok, thanks anyway |
02:36.17 | *** join/#tomcat wsmoak (i=wsmoak@VDSL-130-13-157-245.PHNX.QWEST.NET) |
03:06.03 | *** join/#tomcat jasonb (n=jbrittai@70.89.156.205) |
03:27.00 | wsmoak | what's for dinner? :) |
03:36.02 | jasonb | Hmm, cobb salad, corn bread, hot tea. |
03:43.20 | pucko | bedtime. *off* |
03:44.58 | jasonb | g'night pucko. |
04:10.06 | *** join/#tomcat krunk- (n=krunk-@unaffiliated/krunk-) |
04:10.09 | krunk- | Howdy |
04:33.31 | *** join/#tomcat cobaltsixty (n=cobaltsi@201009159106.user.veloxzone.com.br) |
04:54.27 | *** join/#tomcat valmont (n=chrishol@dsl092-043-004.lax1.dsl.speakeasy.net) |
05:29.46 | *** join/#tomcat LongBeach (n=mike@AFontenayssB-152-1-33-159.w83-114.abo.wanadoo.fr) |
05:30.50 | *** join/#tomcat LongBeach (n=mike@AFontenayssB-152-1-33-159.w83-114.abo.wanadoo.fr) |
05:43.50 | dburger | how to put comment in jspx page? |
05:43.53 | dburger | can't use: |
05:44.03 | dburger | <%-- comment --%> |
05:53.06 | *** join/#tomcat jasonb (i=noneoyer@adsl-66-124-73-250.dsl.sntc01.pacbell.net) |
07:13.36 | *** join/#tomcat Sergey_zsg (n=ZSG@195.64.216.43) |
07:19.44 | *** join/#tomcat prgrmr (n=prgrmr@bzq-88-155-13-76.red.bezeqint.net) |
07:35.06 | *** join/#tomcat PennFan (n=PennFan@141.52.7.111) |
07:35.18 | PennFan | hello everybody |
07:52.00 | *** join/#tomcat prgrmr_ (n=prgrmr@bzq-88-152-172-249.red.bezeqint.net) |
08:27.54 | *** join/#tomcat prgrmr_ (n=prgrmr@bzq-82-81-183-168.red.bezeqint.net) |
08:37.16 | *** part/#tomcat tommyd (n=chatzill@85.232.10.17) |
08:38.19 | *** join/#tomcat flexable (n=flexable@host244-109-dynamic.18-87-r.retail.telecomitalia.it) |
09:09.00 | *** join/#tomcat Vittorio (n=chatzill@host10-255-static.47-85-b.business.telecomitalia.it) |
09:14.25 | *** join/#tomcat kasbah (n=kasbah@62.206.116.171) |
09:15.47 | *** join/#tomcat twilight\ (n=ask@38.80-202-90.nextgentel.com) |
09:44.29 | *** join/#tomcat raj (n=sneharaj@203.129.239.221) |
09:44.40 | raj | hi all how to install apache ant on suse |
09:45.29 | *** join/#tomcat yango (n=yan@unaffiliated/yango) |
09:51.40 | *** join/#tomcat yassine (i=yassine@chello084113228143.18.14.vie.surfer.at) |
10:11.23 | harpoon | raj: find the rpm and install :-) |
10:11.29 | harpoon | yast is your friend |
10:12.10 | harpoon | if you want it "by hand", read the installation description of apache-ant |
10:13.38 | PennFan | good morning yassine :-) |
10:26.03 | yassine | heya PennFan |
10:26.31 | yassine | pennsylvenia belong now to the democrates :) |
10:59.45 | *** join/#tomcat kousuke (n=kikuchi@221x251x19x21.ap221.ftth.ucom.ne.jp) |
11:06.57 | lyken | heh |
11:24.09 | PennFan | yassine thats great, makes me even more a PennFan ;) |
11:54.04 | *** join/#tomcat joered (n=chatter@81-208-83-246.fastres.net) |
11:54.09 | Powerhead | How can i recive current session id? |
12:11.23 | *** join/#tomcat kousuke (n=kikuchi@221x251x19x21.ap221.ftth.ucom.ne.jp) |
12:11.36 | *** join/#tomcat gregor_k (n=Miranda@p54A1C2C7.dip0.t-ipconnect.de) |
12:28.47 | yassine | Powerhead, request.getSession().getSessionID() |
12:30.01 | *** part/#tomcat raj (n=sneharaj@203.129.239.221) |
12:45.34 | *** join/#tomcat teite (i=shu@sun-shu.ision.net) |
12:55.16 | *** join/#tomcat Hugh_ (n=Hugh@puma.mxtelecom.com) |
13:22.37 | *** join/#tomcat wsmoak_ (i=wsmoak@VDSL-130-13-157-245.PHNX.QWEST.NET) |
13:42.50 | Powerhead | yassine -> thanks |
13:42.50 | yassine | Powerhead, yw :) |
13:45.51 | harpoon | i see an -> operator |
13:46.09 | harpoon | wrong language :-) |
13:49.37 | yassine | heya harpoon what's up :) |
13:49.54 | harpoon | mmh |
13:49.58 | harpoon | it works |
13:50.31 | harpoon | i have just ported sqlite on an embedded device with Windows CE 3.0 |
13:50.43 | harpoon | i hate C++ |
13:52.11 | yassine | hihi |
13:53.35 | harpoon | but it is a nice database... |
13:53.59 | harpoon | no datatypes... everything is a char* |
13:54.04 | *** join/#tomcat ishmal (n=ishmal@rrcs-71-40-249-71.sw.biz.rr.com) |
13:54.34 | ishmal | hey, can someone here help with Ant? |
13:54.52 | ishmal | im writing a simple build tool similar to ant, and i am wondering about the syntax |
13:55.06 | harpoon | ishmal: /join #ant |
13:55.07 | harpoon | :-) |
13:55.14 | ishmal | there is one? |
13:55.37 | harpoon | <PROTECTED> |
13:55.53 | harpoon | what's the problem with the syntax? |
13:56.05 | harpoon | the syntax is wellformed xml :-) |
13:56.27 | ishmal | well, just the syntax.. i know that substitutions must be supported in attributes, what about the text values of elements? |
13:57.00 | harpoon | text-values of elements? |
13:57.03 | ishmal | like a="${b}" .. would i need to support <xxx>${b}</xxx> also ? cont find it in the manual |
13:57.52 | harpoon | i can't remember any text-nodes in ant |
13:58.36 | ishmal | ok cool .. was wondering.. im doing an ant-like tool for c++, since i like Ant so much. i hate autoconf so much :) |
13:59.41 | ishmal | and for long lists of libs and include dirs -Ixxx and -lxxx lost of elements with an attribute for each gets bulky |
13:59.50 | ishmal | s/lost/lots |
14:00.47 | ishmal | already wrote the java-like dependency handling according to the #includes |
14:01.30 | ishmal | ok, well, anyway..... thanks. sorry to bother |
14:01.51 | ishmal | o, btw, im normally a java guy |
14:07.56 | *** join/#tomcat krunk- (n=krunk-@unaffiliated/krunk-) |
14:17.42 | harpoon | ishmal: no problem |
14:18.06 | harpoon | i work on an embedded device just in this moment |
14:18.14 | harpoon | embedded c++ |
14:18.19 | harpoon | horrible |
14:18.33 | *** join/#tomcat Hugh (n=Hugh@puma.mxtelecom.com) |
14:44.59 | *** join/#tomcat filter_ua (n=vasya@encode.ciklum.net) |
14:46.01 | filter_ua | hi |
14:47.02 | filter_ua | have a problem with Tomcat 5.5.20 |
14:47.02 | filter_ua | got this error during tomcat startup |
14:47.02 | filter_ua | Error configuring application listener of class |
14:47.02 | filter_ua | java.lang.NoClassDefFoundError: javax/servlet/ServletContextListener |
14:48.08 | filter_ua | just switched from 5.0.28 where it works fine |
14:56.59 | yassine | harpoon, how far are you ? |
15:06.53 | harpoon | yassine: i'm to stupid to use an iterator i guess. |
15:20.12 | *** join/#tomcat f0rget_ (n=f0rget@12.104.6.129) |
15:20.25 | *** part/#tomcat f0rget_ (n=f0rget@12.104.6.129) |
15:21.11 | *** join/#tomcat Hugh_ (n=Hugh@puma-aaisp.mxtelecom.com) |
16:47.27 | *** join/#tomcat pompboy (n=saswel@sas13090.nat.sas.com) |
17:14.16 | *** join/#tomcat randrew (n=raj@dolmen.cc.columbia.edu) |
17:36.03 | bugfixer | anyone know of a proxy servlet for tomcat that would allow me to proxy requests to say /foo to another web server? |
17:37.21 | bugfixer | bugfixer: something similar to mod_proxy in apache |
18:31.11 | *** part/#tomcat filter_ua (n=vasya@encode.ciklum.net) |
18:31.20 | *** join/#tomcat valmont (n=chrishol@pdpc/supporter/silver/valmont) |
18:32.58 | *** join/#tomcat jasonb (i=noneoyer@adsl-66-124-73-250.dsl.sntc01.pacbell.net) |
18:33.55 | *** join/#tomcat vinse (n=vinse@208.253.223.146) |
20:01.12 | *** join/#tomcat l0ngbeach (i=pap@AFontenayssB-152-1-12-5.w82-121.abo.wanadoo.fr) |
20:03.40 | *** join/#tomcat Borges|ntg (n=admin@gentoo/developer/anpereir) |
20:10.14 | Borges|ntg | hi, perhaps one of you know sth about this issue: i'm trying to upload 'big' files (say, 5-10 MB) but i get 'read timeout' errors. I tried to fix it by setting disableUploadTimeout to 'true' in server.xml but it doesn't help...any hints? (tomcat 5.5.20 - rhel 4) |
20:13.22 | Borges|ntg | 'Processing of multipart/form-data request failed. Read timed out' (that's what i see in my logs) |
20:34.09 | pompboy | maybe maxpostsize as documented here: http://tomcat.apache.org/tomcat-5.5-doc/config/http.html |
20:36.51 | *** join/#tomcat Thorn (n=thorn@X1.D-IP06.lipetsk.ru) |
20:36.53 | Thorn | hello |
20:38.21 | Thorn | in JSP EL, I'm trying to compare a field 'subject.role' (data type is char) to a char literal: <c:if test="${subject.role == 'S'}">, but I get: An exception occured trying to convert String "S" to type "java.lang.Long" |
20:39.00 | Thorn | I made a simple test case JSP which demonstrates it: http://papernapkin.org/pastebin/view/2927 |
20:39.31 | Thorn | tomcat version is 5.5.20 |
20:40.24 | Thorn | am I missing something? |
20:42.48 | *** join/#tomcat kasbah (n=kasbah@port-212-202-42-65.dynamic.qsc.de) |
20:44.04 | *** join/#tomcat leonel (n=leonel@189.155.94.161) |
20:54.08 | pompboy | Thorn: isn't a char a Long? Shouldn't you being using a String in the CharBean? |
20:58.26 | Thorn | so I need to have a 1-character String in the bean? in Java I do e.g. if(subject.getRole() == 'S') ... without problems anyway |
21:00.32 | *** join/#tomcat MidNight (n=midnight@173-134.static.alkar.net) |
21:01.49 | pompboy | jstl doesn't have a concept of a String and a char...it only has String data type. |
21:02.16 | pompboy | 'S' is equivalent to "S" |
21:03.22 | MidNight | hi!i`m start tomcat(1st) and apache(2nd) but i have a problem: my apache server(http://localhost) is ranning good but my tomcat server(http://localhost:8080) dosn`t opened(Enabled to connect to the server!).Help me |
21:03.30 | pompboy | literals I mean...not data types. |
21:04.04 | pompboy | MidNight: what does the log say? |
21:04.06 | Thorn | pompboy: I thought it would cast a char to String if needed... |
21:04.51 | pompboy | For Character yes, but, not char. |
21:05.29 | pompboy | I wonder if you added a toString method for your bean...if that would do the trick. |
21:12.52 | pompboy | Thorn: adding a toString() will not get the job done |
21:13.17 | MidNight | Sorry i/m from Ukraine and i.m at 1st at Ubuntu and Tomcat(pleace explane: what does it meen "log"?) |
21:13.56 | Thorn | pompboy: I tried returning Character and String from getRole(), but I get errors from elsewhere (Spring web mvc controllers) |
21:14.53 | Thorn | so looks like I'll have to drop chars for Strings altogether |
21:15.29 | pompboy | Thorn: bummer...I took your example and made the data type String instead of char and all worked as you would expect...not sure what might be going wrong elsewhere. ...sorry. |
21:16.38 | pompboy | MidNight: log...where Tomcat writes information about why it can not see port 8080. It might be as simple as you have a firewall configured and it is preventing access to port 8080. |
21:17.03 | pompboy | MidNight: in the logs directory of where you installed Tomcat. |
21:17.15 | Thorn | pompboy: thanks for your help |
21:18.21 | pompboy | MidNight: file is called catalina.log |
21:18.47 | Borges|ntg | pompboy: well, that doesn't seem to work, thanks anyway :) |
21:19.46 | pompboy | Borges|ntg: I would suggesting posting to the tomcat-users email list then. Somebody there should know the answer. |
21:20.03 | MidNight | it say : (in firefox)Firefox can't establish a connection to the server at localhost:8080. |
21:20.30 | Borges|ntg | pompboy: yes, thx |
21:27.25 | *** part/#tomcat MidNight (n=midnight@173-134.static.alkar.net) |
21:27.46 | *** join/#tomcat MidNight (n=midnight@173-134.static.alkar.net) |
21:31.34 | jasonb | Borges|ntg: What upload library are you using in your webapp? |
21:32.02 | jasonb | Borges|ntg: Also, which HTTP client are you uploading it with? And, have you tried more than one? |
21:33.24 | pompboy | yeah the expert has arrived! |
21:35.05 | pfn | hmm, can I specify a jarfile URL to javax.net.ssl.trustStore |
21:35.15 | *** part/#tomcat MidNight (n=midnight@173-134.static.alkar.net) |
21:35.24 | jasonb | pfn: What are you trying to do? |
21:35.36 | pfn | distribute my trust store in my ria jar file |
21:35.53 | pfn | and reference it from there |
21:35.59 | jasonb | pfn: I doubt you could do that. |
21:36.07 | jasonb | pfn: I think the path is a file system path, not a URL. |
21:36.20 | pfn | suckass... I wonder if I can point the SSLSocketFactory there |
21:36.24 | pfn | programmatically |
21:37.57 | jasonb | pfn: The Connector attribute for it is even named "truststoreFile".. |
21:38.13 | jasonb | pfn: Yes, there is a way to do that. |
21:38.27 | pfn | jasonb without having to implement my own TrustManager |
21:38.36 | jasonb | pfn: The Java Security API offers a way of programmatically loading your cert, key, etc. |
21:38.53 | pfn | right, that's the pain in the ass I'd like to avoid |
21:39.15 | jasonb | Nope.. you either write it yourself or you don't do it in this case. Tomcat does not support reading them from a jar. |
21:39.57 | jasonb | Are you writing your ria to do client cert auth? |
21:40.44 | pfn | no, the ria connects to https |
21:40.51 | pfn | which uses my own ca cert |
21:41.03 | pfn | currently, I just have the trustmanager overriden to accept any server cert |
21:41.14 | jasonb | Then it's not the truststoreFile you'd set, it's the keystoreFile. |
21:41.21 | pfn | it's the trust store |
21:41.26 | pfn | since I want to trust the server cert |
21:41.31 | pfn | not authenticate with a client cert |
21:41.35 | jasonb | ok. |
21:42.50 | pfn | authentication is handled through user/password (common) |
21:43.00 | jasonb | I guess most people don't bother making sure their HTTP clients have a copy of the server cert in the truststore.. since the HTTPS connection would function without it. |
21:44.04 | pfn | https connection doesn't function without it |
21:44.13 | pfn | you get an exception in attempting to connect |
21:44.48 | jasonb | I guess it depends on which HTTPS client code you use for that. :) |
21:45.03 | jasonb | It doesn't have to throw an exception. |
21:45.25 | Borges|ntg | jasonb: org.apache.commons.fileupload.* ; i've tried iexplorer 6 , firefox 1.5 |
21:46.42 | jasonb | Borges|ntg: I've seen that problem before. It always stumped me. I spent days debugging it only to give up on trying to find the fix. I assumed it was a bug in commons-fileupload. Do you know which exact version of commons-fileupload you're using? |
21:48.21 | jasonb | pfn: Which https client implementation are you using? |
21:50.20 | Borges|ntg | jasonb: hmm..FileUpload 1.1.1 - 08 June 2006 (latest one) |
21:51.10 | jasonb | Borges|ntg: Wow. That seems new enough. I would guess there's a bug that is still in there that has been there through many versions. |
21:51.28 | *** part/#tomcat pompboy (n=saswel@sas13090.nat.sas.com) |
21:51.35 | jasonb | Borges|ntg: The worst part is, I've heard other file upload libraries are worse.. but I admit I haven't tried others. |
21:51.59 | Borges|ntg | jasonb: this issue is really annoying heh |
21:52.17 | jasonb | Borges|ntg: It sure is! |
21:53.10 | jasonb | Borges|ntg: Another way might be: make the client do an HTTP PUT instead, and use Tomcat's PUT method to write the data into a file on disk, then have a servlet read the file. |
21:53.29 | Borges|ntg | jasonb: i was searching in google and lots of ppl seem to have it but i can't find an exact solution |
21:53.57 | jasonb | Borges|ntg: I can confirm it's a common problem, and not one easily fixed. |
21:54.30 | jasonb | Borges|ntg: Also, which HTTP server/connector are you running? |
21:54.45 | Borges|ntg | Borges|ntg: Coyote |
21:54.58 | Borges|ntg | er... |
21:55.00 | Borges|ntg | jasonb: ^ |
21:55.34 | jasonb | Borges|ntg: heh :) One thing you might try (which would be easy to try): switch to a different HTTP connector temporarily. |
21:56.45 | Borges|ntg | jasonb: i might try JK |
21:57.10 | jasonb | Borges|ntg: Try that. If you have Apache httpd 2.2.x you can easily set that up with mod_proxy. |
21:57.16 | jasonb | (no compilation of anything required) |
21:58.17 | jasonb | ProxyPass /your-webapp ajp://localhost:8009/your-webapp |
21:58.17 | jasonb | ProxyPassReverse /your-webapp ajp://localhost:8009/your-webapp |
21:58.23 | pfn | jasonb I use both URLConnection and commons-httpclient |
21:58.25 | jasonb | ^^ just add that to your httpd.conf. |
21:58.39 | Borges|ntg | well, i'd have to use apache 2.0 since it's the one provided by red hat, damn it, i wanna go home :P |
21:58.59 | pfn | jasonb URLConnection ends up making the JWS client prompt to accept the certificate |
21:59.09 | pfn | while commons-httpclient just throws an exception |
21:59.13 | Borges|ntg | jasonb: yeah, it's pretty straightforward, i'm just a lazy sysdmin ;) |
21:59.26 | pfn | actually, I don't use URLConnection on https, just commons-httpclient |
21:59.26 | jasonb | Borges|ntg: In that case, it may even be easier to download an apache httpd 2.2 source tar, configure it, build it, install it into, say, /opt/httpd, and run it from in there. |
21:59.54 | jasonb | pfn: Yeah. I think commons-httpclient is slightly slower, but it's certainly nicer to work with. |
22:00.04 | pfn | jasonb if I had a "trusted" root cert signing my cert, it wouldn't be needed |
22:00.09 | pfn | commons-httpclient is nicer for many reasons |
22:00.18 | pfn | 1, I can do form-auth |
22:00.31 | pfn | 2, it doesn't read the entire document into memory prior to sending or receiving |
22:00.40 | pfn | 3, fileupload |
22:01.03 | pfn | I use commons-fileupload, works fine with commons-httpclient |
22:01.06 | pfn | I haven't tried with a browser |
22:01.21 | jasonb | pfn: Just make a self-signed cert. |
22:01.51 | pfn | jasonb the default impl supports self-signed certs by default? |
22:01.54 | pfn | I know commons-httpclient doesn't |
22:02.05 | jasonb | buh? |
22:02.13 | jasonb | I think it does.. hmm. |
22:02.15 | pfn | supports = accepts |
22:02.16 | pfn | it doesn't |
22:02.31 | pfn | commons-httpclient recommends a hack if you want to accept self-signed certs |
22:02.35 | pfn | which I'm using a variant of |
22:02.39 | jasonb | oh. |
22:02.41 | pfn | (to support my unknown ca) |
22:02.49 | pfn | although "recommend" is too strong |
22:02.52 | pfn | since it's "unsafe" |
22:03.03 | jasonb | Thinking back, I guess I didn't use commons-httpclient with Tomcat configured with a self-signed cert.. just web browsers. |
22:03.29 | jasonb | I tihnk commons-httpclient should be hacked to support self-signed certs. |
22:03.40 | pfn | it is hackable to support self-signed certs |
22:05.15 | jasonb | Whether it is "safe" (secure) or not depends on what you need to be safe from. If you just need an encrypted tunnel, then a self-signed cert works fine if you know you're connecting to the right entity initially. |
22:05.52 | jasonb | (especially if you subsequently do BASIC auth, or some other additional auth) |
22:15.25 | yassine | re |
22:16.24 | pfn | that isn't very secure at all |
22:16.42 | pfn | because if you connect to the "wrong" party, you've just given away your access credentials (mitm attack) |
22:18.08 | pfn | and that's the problem, with a self-signed certificate, you *don't* know that you're connect to the correct initial entity |
22:18.20 | pfn | connecting |
22:18.39 | jasonb | It's easy to move a commercial cert to another machine though. |
22:19.17 | jasonb | And, I did say ".. if you know you're connecting to the right entity initially." |
22:20.05 | jasonb | I honestly think that people give commerical certs more credit than they deserve for being secure. |
22:20.31 | pfn | jasonb it isn't "easy" to move a commercial cert to another machine... say someone manages to compromise X's network and insert a transparent proxy in front of X's server |
22:20.45 | pfn | there's no way for that someone to inspect the SSL traffic with a valid certificate |
22:20.54 | jasonb | That's true. That's not what I said though. |
22:21.22 | jasonb | Move, as in scp it off to another machine and start a server there, and route the requests to it. |
22:21.26 | pfn | anyway, and like I said, I don't pay for commercial certs |
22:21.41 | pfn | I have my own CA root that I use to sign my various services |
22:21.51 | pfn | (ldap, imap, http, etc.) |
22:22.15 | pfn | oh, and my ria code as well |
22:22.35 | jasonb | The down side to doing that is that all clients must import your ca cert.. But I can see why you might want it that way. |
22:22.53 | pfn | right, and in a non-commercial environment, I think that's acceptable |
22:23.15 | jasonb | Most people don't really know how to do that though. :) |
22:23.18 | *** join/#tomcat map7 (n=map7@teksup41.lnk.telstra.net) |
22:23.23 | pfn | it goes back to the original ring of trust |
22:23.29 | jasonb | It may not be an issue with a custom client like you're writing. |
22:23.32 | pfn | it's easy, just open up my certificate url |
22:23.40 | pfn | if you're talking a browser |
22:23.49 | pfn | simply loading up www.hanhuy...../certificate/hanhuy.crt |
22:23.51 | pfn | will ask you to import it |
22:25.34 | pfn | but in my case, I'm not asking anyone to import it, so I avoid the complications :) |
22:25.57 | jasonb | I suppose, as long as the web server serves it with the proper mime type. They make so much of this stuff easy for the web browser user now. |
22:26.14 | pfn | apache does by default |
22:26.15 | jasonb | Just click Accept or Ok all over the place, and you're good. :) |
22:26.20 | pfn | so does tomcat (serve with correct mimetype) |
22:26.29 | jasonb | Just accept everything. :) Totally secure! |
22:26.54 | pfn | indeed |
22:27.06 | jasonb | # grep crt /opt/tomcat/conf/web.xml |
22:27.10 | jasonb | (no output) |
22:27.27 | pfn | jasonb DefaultServlet does the mime type mapping |
22:27.30 | jasonb | # grep cer /opt/tomcat/conf/web.xml |
22:27.30 | jasonb | <PROTECTED> |
22:27.30 | jasonb | <PROTECTED> |
22:28.10 | jasonb | # grep key /opt/tomcat/conf/web.xml |
22:28.14 | jasonb | (no output) |
22:28.30 | jasonb | # grep pub /opt/tomcat/conf/web.xml |
22:28.32 | jasonb | (no output) |
22:28.37 | pfn | [pfnguyen@ares lang]$ GET -e http://www.hanhuy.com/certificate/hanhuy.crt | grep Content-Type |
22:28.40 | pfn | Content-Type: application/x-x509-ca-cert |
22:28.44 | pfn | that's served through tomcat |
22:28.51 | jasonb | neat. |
22:29.21 | jasonb | So DefaultServlet has that hard coded? |
22:30.16 | jasonb | # grep x509 container/catalina/src/share/org/apache/catalina/servlets/DefaultServlet.java |
22:30.16 | jasonb | (no output) |
22:30.17 | pfn | I wonder if it comes from java activation |
22:30.17 | pfn | I know the servlet spec defines some mime mappings |
22:30.17 | jasonb | Well, but those go in conf/web.xml. |
22:30.34 | *** join/#tomcat stoni (n=rap@cm126006.red.mundo-r.com) |
22:31.00 | pfn | they shouldn't only be defined there |
22:31.04 | pfn | there should be a default mechanism as well |
22:31.40 | pfn | hmm, I know I used it somewhere |
22:33.53 | pfn | hmm, old version of code, too lazy to search |
22:34.29 | stoni | anyone could tell me what is failing here? http://213.60.126.6:8180/contineo/ |
22:35.33 | pfn | you're using a security manager and don't define your policy |
22:35.58 | pfn | http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/ServletContext.html#getMimeType(java.lang.String) |
22:36.09 | pfn | jasonb I'm sure it doesn't only rely upon what's defined in web.xml |
22:37.22 | stoni | how should I define my security policity? |
22:37.52 | pfn | using policytool |
22:37.52 | stoni | I think there must be a wrong password in the code |
22:38.03 | jasonb | pfn: Well, it doesn't have to, but it mainly does, in the case of Tomcat. |
22:38.04 | stoni | because of i had to create an user in tomcat |
22:38.17 | stoni | but dont know how to setup it in the code |
22:38.29 | pfn | jasonb an easy way to test this would be to simply do getServletContext().getMimeType("file.crt") |
22:38.41 | jasonb | Yup. |
22:40.07 | jasonb | pfn: Cert mime type: null |
22:40.28 | jasonb | That's the output from a JSP that contains: |
22:40.29 | jasonb | Cert mime type: |
22:40.30 | jasonb | <% out.print(getServletContext().getMimeType("file.crt")); %> |
22:40.39 | jasonb | So there! :) |
22:40.40 | pfn | I wonder if apache is doing it then |
22:40.59 | jasonb | Well, Apache httpd has a different list of mime types. |
22:41.06 | jasonb | Theirs probably does have a mapping for it. |
22:41.12 | pfn | possibly |
22:41.14 | jasonb | You can always add a mime type in your webapp's web.xml for it. |
22:41.20 | pfn | but this .crt is served through tomcat via ajp |
22:41.39 | pfn | I figured tomcat would give the mime type, not apache |
22:42.08 | pfn | because I don't have the .crt file in apache-land, only tomcat webapp |
22:42.27 | jasonb | Welp, Tomcat does not know a mime type for it. |
22:42.50 | jasonb | Try adding a *different* mime type name for it in your web.xml. :) |
22:43.24 | pfn | I'll just let it work :p |
22:49.40 | *** join/#tomcat juju_ (n=juju@LAubervilliers-151-11-60-55.w193-251.abo.wanadoo.fr) |
22:57.07 | *** join/#tomcat deeeed (n=dee@jau72-1-88-161-53-206.fbx.proxad.net) |
22:57.09 | deeeed | hi |
22:57.38 | pfn | meh, it'd be nice if SSLProtocolSocketFactory in commons-httpclient allowed one to configure the SSLContext |
22:58.14 | pfn | I wonder if it can just be subclassed |
22:58.47 | deeeed | Do you how how can i use a bean into another bean ? ( for example when i want to use a bean from a jsp i use: <jsp:useBean.../> but i can't do that from a bean) |
22:59.45 | pfn | hmm, guess not |
22:59.56 | pfn | deeed huh? |
23:00.19 | deeeed | erf from a servlet |
23:00.32 | deeeed | i would like to use a bean from a servlet |
23:00.54 | pfn | then you use it in a servlet |
23:00.57 | *** join/#tomcat danl_ (n=danl@152.30.175.26) |
23:01.52 | deeeed | yes but i don't know what is similar to <jsp:useBean../> for a servlet |
23:01.54 | deeeed | ?? |
23:02.26 | pfn | new Bean() |
23:02.27 | pfn | what else |
23:02.34 | pfn | I suspect you don't know java |
23:02.41 | pfn | you should learn java before you try to tackle servlets |
23:03.43 | *** part/#tomcat danl_ (n=danl@152.30.175.26) |
23:03.50 | deeeed | hmm http://forum.java.sun.com/thread.jspa?threadID=464252&messageID=2131847 |
23:04.09 | deeeed | that should work ;) |
23:08.27 | pfn | huh? |
23:08.37 | pfn | your design is completely messed up if that's what you want to do |
23:08.41 | pfn | why should a JSP forward to a servlet |
23:10.21 | deeeed | it's just for a test. |
23:13.54 | deeeed | i try to access the bean named DatabaseBean from my servlet named Servlet1 but it can't resolve the bean name http://rafb.net/paste/results/iQFbLu91.html |
23:14.05 | deeeed | the 2 files are in the same mod1 directory |
23:18.56 | pfn | people shouldn't use jsp as more than just a view |
23:18.59 | pfn | that's mistake #1 |
23:20.59 | deeeed | hmm yes i guess i'll change my design |
23:21.57 | yassine | gn8 everyone |
23:24.35 | *** join/#tomcat lintlock (i=lintlock@152.12.31.78) |
23:33.41 | lintlock | good ness oracle take forever to install |
23:33.54 | lintlock | used the bathroom came back and its still going |
23:57.50 | *** join/#tomcat Nolp (i=SyllabiK@ALille-257-1-88-212.w83-204.abo.wanadoo.fr) |