Search Results

Search found 2073 results on 83 pages for 'tomcat'.

Page 67/83 | < Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >

• How to configure Apache to act as an SSL proxy to an application server?

  - by ripper234

  I have one physical server that runs: an Apache (httpd) server another web server (let's say Tomcat for sake of argument) on port 1234 Can I configure the Apache server to act as a proxy for SSL traffic, while keeping the application server blissfully unaware of SSL? What I imagine is: Traffic to http://myserevr.com/app is redirected to https://myserver.com/app Traffic to https://myserver.com/app is proxied to the application server. My SSL certificate is only installed on the Apache server, not on the Application server Other traffic to the Apache server (http://myserver.com/anotherapp) is served directly from the Apache server What's the best setup to achieve this? (On Ubuntu, if that matters)

  Read the article

• Can't access link in network using fully qualified domain name

  - by user1033715

  I have installed windows server 2003 and configured Domain controller (domain name - xyz.com) and DNS service. for that I have configured fully qualified domain name as server.xyz.com also I have installed apache tomcat with port 8080 on that server and accessed link successfully using "http://localhost:8080", "http://ip address of server:8080", "http://server.xyz.com:8080". but its working for local machine, and when I tried to access it from another machine in same network using "http://ip address of server:8080" its worked for me. but when I tried it using fully qualified domain name i.e. "http://server.xyz.com:8080" it's giving me error, "Could not connect to server.xyz.com" Please guide me getting this setup done. I need to be able to access this link "http://ip address of server:8080" as "http://server.xyz.com:8080" outside my network Any suggestion are highly appreciated..

  Read the article

• how to manage a multi user server on linux?

  - by user1175942

  I'm working on a university project, where I have Tomcat as a web server, and I want to create a multi user environment on top of linux, so every user that logs into my website has his own credentials, and he can access only his own data (files and folders...). The main issue is that the purpose of the website is executing code on the server-side, so I must have a good (reasonable) protection against malicious code. (a user destroying his own user is fine by me) I thought that defining a linux-user for every website-user is the best solution - it isolates each user from the other, and I can define each one's permissions. Can I create users in linux using shell commands? Can I configure max quota/memory/cpu for a user? Anyone has another idea for managing that kind of multi-user environment?

  Read the article

• Apache2 VirtualHost Configuration with SSL

  - by Peter

  Hello! I'm new here and I have a strange problem which needs to be solved. Previously I searched in the whole forum and I've read all of related questions but I didn't find solution to my question. We have two servers and a firewall computer. On the Server#1 there is an Apache 2.2 web server and it forwards the incoming traffic to the appropriate ports, to our subdomains by its virtual host configuration (Apache, Tomcat, IIS, Server#2 and so on). We recently bought an SSL certificate to protect one of our subdomain. I successfully installed and configured the certificate into the Apache and it works flawlessly within our local network. Our Kerio Winroute Firewall is configured to permit https traffic and it is translated to Server#1. But all of our subdomains are unavailable from outside (http & https too). Web browser shows "Failed to connect" message. Now, I enclose some parts from our httpd.conf and httpd-vhosts.conf file. httpd.conf ServerRoot "C:/Program Files/Apache Software Foundation/Apache2.2" Listen 80 ServerName dev.mydomain.hu:80 DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs" LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule ssl_module modules/mod_ssl.so Include conf/extra/httpd-vhosts.conf <IfModule ssl_module> SSLMutex default SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLSessionCache none </IfModule> httpd-vhosts.conf NameVirtualHost *:80 NameVirtualHost *:443 Listen 443 <VirtualHost *:80> DocumentRoot "C:/Program Files/Apache Software Foundation/Apache2.2/htdocs" ServerName localhost </VirtualHost> #-------EXCHANGE SERVER-------- <VirtualHost *:80> ServerName intra.mydomain.hu ProxyRequests Off ProxyVia On ProxyPass / http://myserver:8080/ ProxyPassReverse / http://myserver:8080/ <Proxy *:80> Order deny,allow Allow from all </Proxy> <Location /> Order allow,deny Allow from all </Location> ErrorLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/exchange.log" CustomLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/exchange_cust.log" common LogLevel info </VirtualHost> #--------FITNESSE SERVER------- <VirtualHost *:80> ServerName test.mydomain.hu ProxyRequests Off <Proxy *:80> Order deny,allow Allow from all </Proxy> ProxyPass / http://myserver:8004/ ProxyPassReverse / http://myserver:8004/ <Location /> AuthType Basic AuthName "FitNesse" AuthUserFile "C:/Program Files/Apache Software Foundation/Apache2.2/auth/password" AuthGroupFile "C:/Program Files/Apache Software Foundation/Apache2.2/auth/pwgroup" require group Users Order allow,deny Allow from all </Location> ErrorLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/fitnesse.log" CustomLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/fitnesse_cust.log" common LogLevel info </VirtualHost> #----WIKI SERVER-----(SSL)- <VirtualHost *:80 *:443> ServerName wiki.mydomain.hu ServerAlias wiki.mydomain.hu SSLEngine On SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/cert/certificate.cer" SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/cert/wiki.itkodex.hu.key" ProxyRequests Off <Proxy *:80> Order deny,allow Allow from all </Proxy> ProxyPass / http://localhost:8000/ ProxyPassReverse / http://localhost:8000/ ErrorLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/wiki.log" CustomLog "c:/Program Files/Apache Software Foundation/Apache2.2/logs/wikicust.log" common LogLevel info </VirtualHost> Because this wiki is a JSPWIKI web application, runs on Apache Tomcat therefore there is no "DocumentRoot" parameter in the VirtualHost. Could anybody please help me, to solve this issue, or what should I modify in the configuration? Thanks in advance! Peter

  Read the article

• java.sql.SQLException: Unsupported feature

  - by Raja Chandra Rangineni

  Hello All, I am using the JPA(hibernate) for the ORM and c3po for connection pooling. While I am able to do all the CRUD operations it gives me the below error while accessing the the data: Here are the tools: Hibernate 3.2.1, Oracle 10g, ojdbc14, connection pool: c3p0-0.9, stack trace: java.sql.SQLException: Unsupported feature at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134) at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179) at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:269) at oracle.jdbc.dbaccess.DBError.throwUnsupportedFeatureSqlException(DBError.java:689) at oracle.jdbc.OracleDatabaseMetaData.supportsGetGeneratedKeys(OracleDatabaseMetaData.java:4180) at com.mchange.v2.c3p0.impl.NewProxyDatabaseMetaData.supportsGetGeneratedKeys(NewProxyDatabaseMetaData.java:3578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:91) at org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2006) at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1289) at org.hibernate.cfg.AnnotationConfiguration.buildSessionFactory(AnnotationConfiguration.java:915) at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:730) at org.hibernate.ejb.HibernatePersistence.createEntityManagerFactory(HibernatePersistence.java:121) at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:51) at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:33) at com.bbn.dbservices.test.BillabilityPeriodsTest.getBillPeriods(BillabilityPeriodsTest.java:33) at com.bbn.dbservices.controller.ServiceController.generateReportsTest(ServiceController.java:355) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.doInvokeMethod(HandlerMethodInvoker.java:654) at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:160) at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:378) at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:366) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:781) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:726) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:636) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:545) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:619) java.sql.SQLException: Unsupported feature at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134) at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179) at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:269) at oracle.jdbc.dbaccess.DBError.throwUnsupportedFeatureSqlException(DBError.java:689) at oracle.jdbc.OracleDatabaseMetaData.supportsGetGeneratedKeys(OracleDatabaseMetaData.java:4180) at com.mchange.v2.c3p0.impl.NewProxyDatabaseMetaData.supportsGetGeneratedKeys(NewProxyDatabaseMetaData.java:3578) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:91) at org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2006) at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1289) at org.hibernate.cfg.AnnotationConfiguration.buildSessionFactory(AnnotationConfiguration.java:915) at org.hibernate.ejb.Ejb3Configuration.buildEntityManagerFactory(Ejb3Configuration.java:730) at org.hibernate.ejb.HibernatePersistence.createEntityManagerFactory(HibernatePersistence.java:121) at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:51) at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:33) at com.bbn.dbservices.test.BillabilityPeriodsTest.getBillPeriods(BillabilityPeriodsTest.java:33) at com.bbn.dbservices.controller.ServiceController.generateReportsTest(ServiceController.java:355) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.doInvokeMethod(HandlerMethodInvoker.java:654) at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:160) at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:378) at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:366) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:781) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:726) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:636) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:545) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:849) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:619) Any help with this is greatly appreciated. Thanks, Raja Chandra Rangineni. enter code here

  Read the article

• Eclipse (STS), Maven and maven-minify-plugin, can they work together?

  - by CodeReaper

  Hi, I am working on a project where I am in charge of html, css and javascript. I found this maven-minify-plugin that seemed to just what I wanted. Everything is good when I deploy using maven on the server, but when I am using Eclipse (STS, www.springsource.com/products/sts) to run the project on localhost no css nor js file is generated by the plugin. Does anyone have experience with this Maven plugin, so they can tell me if it should be possible or not run on localhost? Does anyone have knowledge of another plugin I can use to (combine and) minify javascript and css files when running on localhost in Eclipse and also when deploying using Maven? Any help appreciated... ----extra information---- I basicly just copied in what it said on the plugin webpage, so I have these bits in my pom.xml: .... <build> <plugins> .... <plugin> <groupId>com.samaxes.maven</groupId> <artifactId>maven-minify-plugin</artifactId> <version>1.1</version> <executions> <execution> <id>default-minify</id> <phase>process-resources</phase> <configuration> <cssFiles> .... <param>forms.css</param> <param>jquery.droppy.css</param> <param>jquery.jgrowl.css</param> </cssFiles> <jsFiles> .... <param>jquery.droppy.js</param> <param>jquery.jgrowl.js</param> </jsFiles> <jsFinalFile>script.js</jsFinalFile> <linebreak>-1</linebreak> <nomunge>false</nomunge> <verbose>false</verbose> <preserveAllSemiColons>false</preserveAllSemiColons> <disableOptimizations>false</disableOptimizations> <bufferSize>4096</bufferSize> </configuration> <goals> <goal>minify</goal> </goals> </execution> </executions> </plugin> </plugins> </build> .... Should/Can I bind the plugin to a difference phase? I just use mvn clean package and move the snapshot into tomcat to deploy on the server. I am unsure on how to explain how I run the webapp on localhost, but here goes. I have a vanilia tomcat, that I defined as a server in Eclipse and then defined that the webapp should always build in that "server".

  Read the article

• bidirectional OneToOne Mapping : From Entity to subclass and from superclass to Entity?

  - by Teocali

  I'm trying to establish a tricky bidirectional OneToOne mapping in hibernate. I got the following classes : @Entity @Inheritance(strategy = InheritanceType.JOINED) public class Parent { @OneToOne private AnotherEntity anotherEntity; } @Entity public class Child1 extends Parent{} @Entity public class Child2 extends Parent{} @Entity public class AnotherEntity { @OneToOne(mappedBy = "anotherEntity") private Child1 child1; @OneToOne(mappedBy = "anotherEntity") private Child1 child2; } The problem here is when I'm launching the application : I got the following message : org.hibernate.MappingException: property [anotherEntity] not found on entity [Child1] at org.hibernate.mapping.PersistentClass.getRecursiveProperty(PersistentClass.java:429) at org.hibernate.mapping.PersistentClass.getReferencedProperty(PersistentClass.java:369) at org.hibernate.cfg.Configuration.originalSecondPassCompile(Configuration.java:1614) at org.hibernate.cfg.Configuration.secondPassCompile(Configuration.java:1362) at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1727) at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1778) at org.springframework.orm.hibernate4.LocalSessionFactoryBuilder.buildSessionFactory(LocalSessionFactoryBuilder.java:189) at org.springframework.orm.hibernate4.LocalSessionFactoryBean.buildSessionFactory(LocalSessionFactoryBean.java:350) at org.springframework.orm.hibernate4.LocalSessionFactoryBean.afterPropertiesSet(LocalSessionFactoryBean.java:335) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:567) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464) at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:631) at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:588) at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645) at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508) at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449) at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133) at javax.servlet.GenericServlet.init(GenericServlet.java:160) at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1266) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1185) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1080) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5015) at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5302) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:895) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:871) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:615) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:962) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:536) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1471) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:301) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761) at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1436) at org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:673) at org.apache.catalina.manager.ManagerServlet.doPut(ManagerServlet.java:431) at javax.servlet.http.HttpServlet.service(HttpServlet.java:644) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:108) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:225) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:565) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) One obvious solution would be to move the anotherEntity field to Child1 and Child2, but it would mean lose the link from Parent to AnotherEntity. Any help welcome.

  Read the article

• APT: Hold packages back from updates without APT Pin

  - by David

  I know about pinning packages with APT; that's not what I want to do. Other questions have been answered with either using pinning or by using pins temporarily. I don't want to do this... What I want to do is keep packages back the same way the kernel has been: # apt-get upgrade Reading package lists... Done Building dependency tree Reading state information... Done The following packages have been kept back: linux-generic-pae linux-headers-generic-pae linux-image-generic-pae The following packages will be upgraded: I want to add tomcat-* and mysql-* and sun-* to this list. In the past, there was a configuration parameter to do this - I've always thought it was something like Apt::Get::HoldPkgs or Apt::HoldPkgs but I can't find it. I want to have these packages held from updates until I specifically request them with an "apt-get install". I found the apt-get configuration Apt::NeverAutoRemove; will this do what I want? Added Question: I notice that Apt::NeverAutoRemove and Apt::Never-MarkAuto-Sections (among others) are not documented so far as I can see; they're not in the manpages. Neither is aptitude::Keep-Unused-Pattern and aptitude::Get-Root-Command. Is there any comprehensive and complete documentation for apt.conf?

  Read the article

• Faceted search with Solr on Windows

  - by Dr.NETjes

  With over 10 million hits a day, funda.nl is probably the largest ASP.NET website which uses Solr on a Windows platform. While all our data (i.e. real estate properties) is stored in SQL Server, we're using Solr 1.4.1 to return the faceted search results as fast as we can.And yes, Solr is very fast. We did do some heavy stress testing on our Solr service, which allowed us to do over 1,000 req/sec on a single 64-bits Solr instance; and that's including converting search-url's to Solr http-queries and deserializing Solr's result-XML back to .NET objects! Let me tell you about faceted search and how to integrate Solr in a .NET/Windows environment. I'll bet it's easier than you think :-) What is faceted search? Faceted search is the clustering of search results into categories, allowing users to drill into search results. By showing the number of hits for each facet category, users can easily see how many results match that category. If you're still a bit confused, this example from CNET explains it all: The SQL solution for faceted search Our ("pre-Solr") solution for faceted search was done by adding a lot of redundant columns to our SQL tables and doing a COUNT(...) for each of those columns:   So if a user was searching for real estate properties in the city 'Amsterdam', our facet-query would be something like: SELECT COUNT(hasGarden), COUNT(has2Bathrooms), COUNT(has3Bathrooms), COUNT(etc...) FROM Houses WHERE city = 'Amsterdam' While this solution worked fine for a couple of years, it wasn't very easy for developers to add new facets. And also, performing COUNT's on all matched rows only performs well if you have a limited amount of rows in a table (i.e. less than a million). Enter Solr "Solr is an open source enterprise search server based on the Lucene Java search library, with XML/HTTP and JSON APIs, hit highlighting, faceted search, caching, replication, and a web administration interface." (quoted from Wikipedia's page on Solr) Solr isn't a database, it's more like a big index. Every time you upload data to Solr, it will analyze the data and create an inverted index from it (like the index-pages of a book). This way Solr can lookup data very quickly. To explain the inner workings of Solr is beyond the scope of this post, but if you want to learn more, please visit the Solr Wiki pages. Getting faceted search results from Solr is very easy; first let me show you how to send a http-query to Solr:    http://localhost:8983/solr/select?q=city:Amsterdam This will return an XML document containing the search results (in this example only three houses in the city of Amsterdam):    <response>     <result name="response" numFound="3" start="0">         <doc>            <long name="id">3203</long>            <str name="city">Amsterdam</str>            <str name="steet">Keizersgracht</str>            <int name="numberOfBathrooms">2</int>        </doc>         <doc>             <long name="id">3205</long>             <str name="city">Amsterdam</str>             <str name="steet">Vondelstraat</str>             <int name="numberOfBathrooms">3</int>          </doc>          <doc>             <long name="id">4293</long>             <str name="city">Amsterdam</str>             <str name="steet">Wibautstraat</str>             <int name="numberOfBathrooms">2</int>          </doc>       </result>   </response> By adding a facet-querypart for the field "numberOfBathrooms", Solr will return the facets for this particular field. We will see that there's one house in Amsterdam with three bathrooms and two houses with two bathrooms.    http://localhost:8983/solr/select?q=city:Amsterdam&facet=true&facet.field=numberOfBathrooms The complete XML response from Solr now looks like:    <response>      <result name="response" numFound="3" start="0">         <doc>            <long name="id">3203</long>            <str name="city">Amsterdam</str>            <str name="steet">Keizersgracht</str>            <int name="numberOfBathrooms">2</int>         </doc>         <doc>            <long name="id">3205</long>            <str name="city">Amsterdam</str>            <str name="steet">Vondelstraat</str>            <int name="numberOfBathrooms">3</int>         </doc>         <doc>            <long name="id">4293</long>            <str name="city">Amsterdam</str>            <str name="steet">Wibautstraat</str>            <int name="numberOfBathrooms">2</int>         </doc>      </result>      <lst name="facet_fields">         <lst name="numberOfBathrooms">            <int name="2">2</int>            <int name="3">1</int>         </lst>      </lst>   </response> Trying Solr for yourself To run Solr on your local machine and experiment with it, you should read the Solr tutorial. This tutorial really only takes 1 hour, in which you install Solr, upload sample data and get some query results. And yes, it works on Windows without a problem. Note that in the Solr tutorial, you're using Jetty as a Java Servlet Container (that's why you must start it using "java -jar start.jar"). In our environment we prefer to use Apache Tomcat to host Solr, which installs like a Windows service and works more like .NET developers expect. See the SolrTomcat page.Some best practices for running Solr on Windows: Use the 64-bits version of Tomcat. In our tests, this doubled the req/sec we were able to handle!Use a .NET XmlReader to convert Solr's XML output-stream to .NET objects. Don't use XPath; it won't scale well.Use filter queries ("fq" parameter) instead of the normal "q" parameter where possible. Filter queries are cached by Solr and will speed up Solr's response time (see FilterQueryGuidance)In my next post I’ll talk about how to keep Solr's indexed data in sync with the data in your SQL tables. Timestamps / rowversions will help you out here!

  Read the article

• In 'apt-cache depends' output, what is the meaning of Suggests, Recommends, |, <>?

  - by fred.bear

  I've checked the man/info page, but there is no reference to some aspects of the output fomat of apt-cache depends The man/info page tried to be helpful (in an obtuse manner); quote: "For the specific meaning of the remainder of the output it is best to consult the apt source code" Now in fairness to the info page, that quote was in regards to the 'showpkg' option which it had reasonably explained, but my option had no such explanation... I understand that Linux info comes from many sources (not just man/info pages), and I don't particularly want to rummage through the source (altough somtimes I do), so here is an example of what I'd like to know the meaning of. # I can assume what these mean, but... # What does | mean? (probably means 'or'???) # What does <pkg> and the following indentations mean? # At the end, the interaction(?) of Suggest and Recommends puzzles me. $ apt-cache depends solr-common solr-common Depends: debconf |Depends: openjdk-6-jre-headless |Depends: <java5-runtime-headless> default-jre-headless gcj-4.4-jre-headless gcj-jre-headless gij-4.3 openjdk-6-jre-headless Depends: <java6-runtime-headless> default-jre-headless openjdk-6-jre-headless Depends: libcommons-codec-java Depends: libcommons-csv-java Depends: libcommons-fileupload-java Depends: libcommons-httpclient-java Depends: libcommons-io-java Depends: libjaxp1.3-java Depends: libjetty-java Depends: liblucene2-java Depends: libservlet2.5-java Depends: libslf4j-java Depends: libxml-commons-external-java Suggests: libmysql-java |Recommends: solr-tomcat Recommends: solr-jetty

  Read the article

• Static objects and concurrency in a web application

  - by Ionut

  I'm developing small Java Web Applications on Tomcat server and I'm using MySQL as my database. Up until now I was using a connection singleton for accessing the database but I found out that this will ensure just on connection per Application and there will be problems if multiple users want to access the database in the same time. (They all have to make us of that single Connection object). I created a Connection Pool and I hope that this is the correct way of doing things. Furthermore it seems that I developed the bad habit of creating a lot of static object and static methods (mainly because I was under the wrong impression that every static object will be duplicated for every client which accesses my application). Because of this all the Service Classes ( classes used to handle database data) are static and distributed through a ServiceFactory: public class ServiceFactory { private static final String JDBC = "JDBC"; private static String impl; private static AccountService accountService; private static BoardService boardService; public static AccountService getAccountService(){ initConfig(); if (accountService == null){ if (impl.equalsIgnoreCase(JDBC)){ accountService = new JDBCAccountService(); } } return accountService; } public static BoardService getBoardService(){ initConfig(); if (boardService == null){ if (impl.equalsIgnoreCase(JDBC)){ boardService = new JDBCBoardService(); } } return boardService; } private static void initConfig(){ if (StringUtil.isEmpty(impl)){ impl = ConfigUtil.getProperty("service.implementation"); // If the config failed initialize with standard if (StringUtil.isEmpty(impl)){ impl = JDBC; } } } This was the factory class which, as you can see, allows just one Service to exist at any time. Now, is this a bad practice? What happens if let's say 1k users access AccountService simultaneously? I know that all this questions and bad practices come from a bad understanding of the static attribute in a web application and the way the server handles this attributes. Any help on this topic would be more than welcomed. Thank you for your time!

  Read the article

• Whole Lotta Virtualization Goin' On

  - by rickramsey

  Lately we've published a lot of content about virtualization. Here's a sampling. Podcat: Technology Preview of Transcendent Memory Turns out that in a virtual environment, RAM is the bottleneck. Not because it's slow, it's not, but because each CPU still had to use its own RAM. Which gets expensive. In this podcast, Dan Magenheimer describes how Oracle and the open source community taught the guest kernel in Oracle Linux to share its memory with other CPU's. Transcendent memory will wind up saving large data centers a lot of money. Find out how. Tech Article: How to Use Oracle VM Templates This article describes how to prepare an Oracle VM environment to use Oracle VM Templates, how to obtain a template, and how to deploy the template to your Oracle VM environment. It also describes how to create a virtual machine based on that template and how you can clone the template and change the clone's configuration. Tech Article: How to Set Up a Load Balanced Application Across Two Oracle Solaris Zones Install Apache Tomcat on two Oracle Solaris zones. Connect them across a VPN. And let the Integrated Load Balancer in Oracle Solaris 11 manage traffic. Presto: high(er) availability in a single server. Tech Article: How to Install Oracle RAC on Oracle Solaris Zone Clusters Learn how to implement a multi-tiered database environment that isolates database tiers and administrative domains, while taking advantage of centralized (and simpler) cluster admin. For fans of Jerry Lee Lewis If you're a fan of Jerry Lee Lewis, you might enjoy this video. - Rick Website Newsletter Facebook Twitter

  Read the article

• Explain Model View Controller

  - by Channel72

  My experience with developing dynamic websites is limited mostly to Java servlets. I've used Tomcat to develop various Java servlets, and I wouldn't hesitate to say that I'm reasonably proficient with this technology, as well as with client-side HTML/CSS/Javascript for the front-end. When I think "dynamic website", I think: user requests a URL with a query string, server receives the query, and then proceeds to output HTML dynamically in order to respond to the query. This often involves communication with a database in order to fetch requested data for display. This is basically the idea behind the doGet method of a Java HttpServlet. But these days, I'm hearing more and more about newer frameworks such as Django and Ruby on Rails, all of which take advantage of the "Model View Controller" architecture. I've read various articles which explain MVC, but I'm having trouble really understanding the benefits. I understand that the general idea is to separate business logic from UI logic, but I fail to see how this is anything really different from normal web programming. Web programming, by it's very nature, forces you to separate business logic (back-end server-side programming) from UI programming (client-side HTML or Javascript), because the two exist in entirely different spheres of programming. Question: What does MVC offer over something like a Java servlet, and more importantly, what exactly is MVC and how is it different from what you would normally do to develop a dynamic website using a more traditional approach such as a Java servlet (or even something older like CGI). If possible, when explaining MVC, please provide an example which illustrates how MVC is applied to the web development process, and how it is beneficial.

  Read the article

• How to properly deny Railo directory access through Apache

  - by Sn3akyP3t3

  I've been battle tested on this and failed to achieve my goal which is to deny all access to all directories except the Public directory and only allow access to all all other directories with specific IP addresses. To get Railo+Apache+Tomcat installed I pretty much followed this script: https://github.com/talltroym/Railo-Ubuntu-Installer-Script then verified settings with this tutorial: http://blog.nictunney.com/2012/03/railo-tomcat-and-apache-on-amazon-ec2.html From the installation script these mods are enabled: sudo a2enmod ssl sudo a2enmod proxy sudo a2enmod proxy_http sudo a2enmod rewrite sudo a2ensite default-ssl Outside of the script I copied the sites-available to sites-enabled then reloaded Apache. I have a directory created for Railo cmfl located at /var/www/Railo/ Navigating the browser to http ://Server_IP_Address/Railo forces ssl and relocates to https ://Server_IP_Address/Railo which shows off index.cfm. Not providing index.cfm and omitting https indicates that the DirectoryIndex directive and RewriteCond of Apache appears to be working for the sites-enabled VirtualHost. The problem I'm encountering is that I cannot seem to deny access to all directories except Public. My directory structure is rather simple and looks like this: Railo error Public NotPublic Sandbox These are my sites-enabled configurations: <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www #Default Deny All to prevent walking backwards in file system Alias /Railo/ "/var/www/Railo/" <Directory ~ ".*/Railo/(?!Public).*"> Order Deny,Allow Deny from All </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> DirectoryIndex index.cfm index.cfml default.cfm default.cfml index.htm index.html index.cfc RewriteEngine on RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R] </VirtualHost> and <IfModule mod_ssl.c> <VirtualHost _default_:443> ServerAdmin webmaster@localhost DocumentRoot /var/www Alias /Railo/ "/var/www/Railo/" <Directory ~ "/var/www/Railo/(?!Public).*"> Order Deny,Allow Deny from All </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/ssl/certs/ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded) # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath /etc/apache2/ssl.crl/ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl # Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. #SSLVerifyClient require #SSLVerifyDepth 10 # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server # variable checks and other lookup directives. The syntax is a # mixture between C and Perl. See the mod_ssl documentation # for more details. #<Location /> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #</Location> # SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. # o ExportCertData: # This exports two additional environment variables: SSL_CLIENT_CERT and # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the # server (always existing) and the client (only existing when client # authentication is used). This can be used to import the certificates # into CGI scripts. # o StdEnvVars: # This exports the standard SSL/TLS related `SSL_*' environment variables. # Per default this exportation is switched off for performance reasons, # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> # SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is send or allowed to received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown DirectoryIndex index.cfm index.cfml default.cfm default.cfml index.htm index.html #Proxy .cfm and cfc requests to Railo ProxyPassMatch ^/(.+.cf[cm])(/.*)?$ http://127.0.0.1:8888/$1 ProxyPassReverse / http://127.0.0.1:8888/ #Deny access to admin except for local clients <Location /railo-context/admin/> Order deny,allow Deny from all # Allow from <Omitted> # Allow from <Omitted> Allow from 127.0.0.1 </Location> </VirtualHost> </IfModule> The apache2.conf includes the following: # Include the virtual host configurations: Include sites-enabled/ <IfModule !mod_jk.c> LoadModule jk_module /usr/lib/apache2/modules/mod_jk.so </IfModule> <IfModule mod_jk.c> JkMount /*.cfm ajp13 JkMount /*.cfc ajp13 JkMount /*.do ajp13 JkMount /*.jsp ajp13 JkMount /*.cfchart ajp13 JkMount /*.cfm/* ajp13 JkMount /*.cfml/* ajp13 # Flex Gateway Mappings # JkMount /flex2gateway/* ajp13 # JkMount /flashservices/gateway/* ajp13 # JkMount /messagebroker/* ajp13 JkMountCopy all JkLogFile /var/log/apache2/mod_jk.log </IfModule> I believe I understand most of this except the jk_module inclusion which I've noticed has an error that shows up in the logs that I can't sort out: [warn] No JkShmFile defined in httpd.conf. Using default /etc/apache2/logs/jk-runtime-status I've checked my Regular expression against the paths of the directories with RegexBuddy just to be sure that I wasn't correct. The problem doesn't appear to be Regex related although I may have something incorrect in the Directory directive. The Location directive seems to be working correctly for blocking out Railo admin site access.

  Read the article

• Phishing attack stuck with jsp loginAction.do page?

  - by user970533

  I'm testing a phishing website on a staged replica of an jsp web-application. I'm doing the usual attack which involves changing the post and action field of source code to divert to my own written jsp script capture the logins and redirect the victim to the original website. It looks easy, but trust me, it's has been me more then 2 weeks and I cannot write the logins to the text file. I have tested the jsp page on my local wamp server it works fine. In staged, when I click on the ok button for user/password field I'm taken to loginAction.do script. I checked this using the tamper data add-on on Firefox. The only way I was able to make my script run was to use burp proxy intercept the request and change action parameter to refer my uploaded script. I want to know what does an loginAction.do? I have googled it - it's quite common to see it in jsp application. I have checked the code; there is nothing that tells me why the page always points to the .do script instead of mine. Is there some kind of redirection in Tomcat? I like to know. I'm unable to exploit this attack vector? I need the community's help.

  Read the article

• Multiple vulnerabilities in Oracle Java Web Console

  - by RitwikGhoshal

  CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2007-5333 Information Exposure vulnerability 5.0 Apache Tomcat Solaris 10 SPARC: 147673-04 X86: 147674-04 CVE-2007-5342 Permissions, Privileges, and Access Controls vulnerability 6.4 CVE-2007-6286 Request handling vulnerability 4.3 CVE-2008-0002 Information disclosure vulnerability 5.8 CVE-2008-1232 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2008-1947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2008-2370 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0 CVE-2008-2938 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3 CVE-2008-5515 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0 CVE-2009-0033 Improper Input Validation vulnerability 5.0 CVE-2009-0580 Information Exposure vulnerability 4.3 CVE-2009-0781 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2009-0783 Information Exposure vulnerability 4.6 CVE-2009-2693 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.8 CVE-2009-2901 Permissions, Privileges, and Access Controls vulnerability 4.3 CVE-2009-2902 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3 CVE-2009-3548 Credentials Management vulnerability 7.5 CVE-2010-1157 Information Exposure vulnerability 2.6 CVE-2010-2227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.4 CVE-2010-3718 Directory traversal vulnerability 1.2 CVE-2010-4172 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2010-4312 Configuration vulnerability 6.4 CVE-2011-0013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 CVE-2011-0534 Resource Management Errors vulnerability 5.0 CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-2204 Information Exposure vulnerability 1.9 CVE-2011-2526 Improper Input Validation vulnerability 4.4 CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability 7.5 CVE-2011-4858 Resource Management Errors vulnerability 5.0 CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability 5.0 CVE-2011-5063 Improper Authentication vulnerability 4.3 CVE-2011-5064 Cryptographic Issues vulnerability 4.3 CVE-2012-0022 Numeric Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

  Read the article

• GIS-based data visualization and maintenance tool

  - by Dave Jarvis

  Background Looking to leverage an existing GIS system for exploring organizational data. Architecture The following figure represents a high-level overview of the system's desired features: The most basic usage would be as follows: The user visits a web site. The system presents a map (having regions, cities, and buildings). The user drills-down on the map to a particular building. The system provides a basic CRUD interface. The user can view and modify information about personnel (e.g., their assigned teams), equipment (e.g., network appliances), applications, and the building itself (e.g., contact and phone numbers). Ideally, all the components should be open-source (or otherwise free). Problem This must be a small project that needs a quick (but functional) prototype, mostly to confirm whether or not such a system would be useful in the long term. Questions What software components would you use to quickly develop a working prototype? What open-source solutions already exist, if any? Ideas Here is what I am thinking: PostGIS - Define the regions, cities, and sites Google Maps - Display an interactive, clickable map geoJSON - Protocol between PostGIS and Google Maps Seam - CRUD interface Custom Development For example, this would entail: Installation and configuration Configure SSH for remote logins Subversion (or git) PostgreSQL PostGIS Java Tomcat Seam JasperReports Enter GIS information into PostGIS Aggregate data sources into PostgreSQL database Develop starting page for map interface Develop clickable Google Maps interface Develop summary reports Develop CRUD interface using Seam for data maintenance Surely something like this already exists? Thank you!

  Read the article

• SSL Certificate Works in Monit - But Not in Keystore

  - by Bart Silverstrim

  I have a situation where there's a keystore file with the various root/intermediate certificates stored in it in a way that it seems to work for most browsers. Problem is that when mobile browsers hit it, there's a break in the chain and they complain. I used an SSL checker at http://www.sslshopper.com/ssl-checker.html and it states that "The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate." So...the desktop browsers must have the intermediate certs already and can make the chain connections, I'm assuming, while the mobile browsers can't. The thing is that I had used Portecle to export certificates from the keystore and cobble them together to create a .PEM certificate to run the Monit utility. When I check that application with the SSL checker, it works fine! The person that originally created the keystore said he couldn't follow the SSL provider's directions for creating the keystore because he created the CSR request using openssl, so the cert and private key had to be converted to DER format and use importkey to get it to work; following the directions he found online had importkey seem to use only a set keystore file as a result, and it would erase anything already in the file if it existed. So is there a way to take the certificate I created for Monit and create a working keystore for the Tomcat website? What would be causing the chain to be broken in the current keystore, but work for Monit? I have the SSL cert provider's intermediate and cross certificates, and the website's certificate, but is what else would I need to create a working chain of certs for a keystore?

  Read the article

• Ubuntu security with services running from /opt

  - by thejartender

  It took me a while to understand what's going on here (I think), but can someone explain to me if there are security risks with regards to my logic of what's going on here as I am trying to set up a home web server as a developer with some good Linux knowledge? Ubuntu is not like other systems, as it has restricted the root user account. You can not log in as root or su to root. This was a problem for me as I have had to install numerous applications and services to /opt as per user documentation (XAMPPfor Linux is a good example). The problem here is that this directory is owned by root:root. I notice that my admin user account does not belong to root group through the following command: groups username so my understanding is that even though the files and services that I place in /opt belong to root, executing them by means of sudo (as required) does not mean that they are run as root? I imagine that the sudo command is hidden somewhere under belonging to the root user and has a 775 permission? So the question I have is if running a service like Tomcat, Apcahe, etc exposes my system like on other systems? Obviously I need to secure these in configurations, but isn't the golden rule to never run something as root? What happens if I have multiple services running under same user/group with regards to a compromised server?

  Read the article

• J2EE or .Net Framework [closed]

  - by Kevino

  I want to learn JAVA or C#... tell me the strength and weakness of each platforms J2EE and .Net Framework today in 2012 and which is safer for the future jobs wise? I tend to prefer Java because here (Montreal, Toronto) there is like 6 Java jobs for each C# jobs and some experienced programmers advised me to go with Java because they say JVM languages are winning in the cloud and the rise of Android can't do anything except help Java in the long run. Is that true today with the release of windows 8 soon and ios devices? On the other side 1 of these programmers told me that corporation love Asp.Net Mvc3 for intranet and web dev and that tomcat/apache java jsp adoption is slowing down compared to Asp.net and ruby on rails & html5 etc. He told me too since I have a good background in system admins & networking C# would be better for me because I'll be able to do more things in the microsoft world with powershell automation and creating my own apps for all the networking stuffs (windows server, dns,dhcp, active directory, sharepoint etc). But what if windows 8 flop java and android aren't safer in the long run? because he told me mono was a joke compared to Java/android or native objective-c on ios devices. (I plan to do a full time study of 10hr's / 15hr's a day for the next 9 months of either Java or C# that's why I ask this)

  Read the article

• Disabling shutdown command for all users, even root - consequences?

  - by Rich

  I would like to disable the shutdown command for all users, even root, on an Ubuntu Server installation. The reason I want to do this is to ensure that I don't get into the habit of shutting down the machine in this way, as I SSH into a lot of production machines at the same time as this one, and I don't want to accidentally shutdown one of the other machines by typing the command into the wrong window. The server I want do disable shutdown on only runs inside VirtualBox on my Windows desktop, and I only use it for local testing so it is not a problem if I can't shut it down from the command line. I have already mitigated the problem a bit by ensuring I have a different password on the VirtualBox image, but obviously if I am within the sudo 'window' on one of the production machines, I could still accidentally shut it down. My questions are: How do I disable the shutdown command? If I do disable the shutdown command, are there any consequences that I should be made aware of? Most specifically, will it disable support for ACPI shutdown that is the equivalent of pressing the power button on a physical machine? Could it affect other generic applications? For information, I just use this VirtualBox image for trying out shell scripts, running Tomcat and Java, and that kind of thing.

  Read the article

• Running multiple box2D world objects on a server

  - by CharbelAbdo

  I'm creating a multiplayer game using LibGdx (with Box2d) and Kryonet. Since this is the first time I work on multiplayer games, I read a bit about server - client implementations, and it turns out that the server should handle important tasks like collision detection, hits, characters dying etc... Based on some articles (like the excellent Gabriel Gambetta Fast paced multiplayer series), I also know that the client should work in parallel to avoid the lag while the server responds to commands. Physics wise, each game will have 2 players, and any projectiles fired. What I'm thinking of doing is the following: Create a physics world on the client When the game is signaled to start, I create the same physics world on the server (without any rendering obviously). Whenever the player issues a command (move or fire), I send the command to the server and immediately start processing it on the client. When the server receives the command, it applies it on the server's world (set velocity etc...) Each 100ms, the server sends the new state to the client which corrects what was calculated locally. Any critical action (hit, death, level up) is calculated only on the server and sent to the client. Essentially, I would have a Box2d World object running on the server for each game in progress, in sync with the worlds running on the clients. The alternative would be to do my own calculations on the server instead of relying on Box2D to do them for me, but I'm trying to avoid that. My question is: Is it wise to have, for example, 1000 instances of the World object running and executing steps on the server? Tomcat used around 750 MBytes of memory when trying it without any object added to the world. Anybody tried that before? If not, is there any alternative? Google did not help me, are there any guidelines to use when you want to have physics on both the client and the server? Thanks for any help.

  Read the article

• Java EE @ Devoxx UK

  - by delabassee

  Devoxx UK is taking place next week (12th and 13th June) in London. As with any Devoxx conference, this UK edition will have a nice mix of content, an impressive list of speakers and obviously Java EE will be well will covered too:  Apache TomEE, Java EE Web Profile and more on Tomcat (David Blevins) Myths, Tales and Voodoo - About Java EE and Testing (Adam Bien) 50 new features of Java EE 7 (Antonio Goncalves & Arun Gupta) Java EE 7 Hands-on Lab (Arun Gupta) In addition, there will be 2 BoF related to Java EE on Thursday evening, the first BoF will be about the Java EE platform and the second one will be about the Java EE Reference Implementation, i.e. GlassFish. I will participate in the Java EE Community BoF where will discuss Java EE general but with all recent activities, I suspect that a large portion of the BoF will spent on discussing the current plans for Java EE 8.  Right after and in the same room, I will join Steve Millidge of C2B2 for the GlassFish is here to stay! BoF. The goal is to discuss on GlassFish, the current status, the plans for the next release, how the community can contributes, etc. It should be mentioned that attending those BoFs is completely free, just make sure to register here.  So if you are in London next week, mind the Geek and see you at Devoxx UK!

  Read the article

• ArchBeat Link-o-Rama for December 4, 2012

  - by Bob Rhubart

  Exalogic 2.0.1 Tea Break Snippets - Creating and using Distribution Groups | The Old Toxophilist "Although in many cases we, as Cloud Users, may not be to worried how the Virtualisation Algorithm decides where to place our vServers," says The Old Toxopholist, "there are cases where it is extremely important that vServers run on distinct physical compute nodes." There's plenty more on the subject in his blog post. Oracle Endeca (2.3) Record Level Security | Adam Seed Adam Sneed's blog post covers "the basics of security within Endeca Information Discovery, as these basic security objects are required in order to explain the implementation of record level security." ODI Handling DQ | Gurcan Orhan Oracle ACE Director Gurcan Orhan suggests you have fun with these scripts for Oracle Data Integrator. Parleys Testimonial at GlassFish Community Event - JavaOne 2012 Video of Parley's webmaster Stephan Janssen's presentation at the GlassFish Community Event at JavaOne 2012, in which he explains why Parley's moved from Tomcat to GlassFish. Java Spotlight Episode 109: Pete Muir on CDI 1.1 This edition of Roger Brinkley's Java Spotlight Podcast features an interview with CDI 1.1 spec lead Pete Muir of JBoss/Red Hat. Muir talks about the features in CDI 1.1 and what to expect in the future. Webcast: Java Management Extensions with Oracle WebLogic Server 12c Dr. Frank Munz and Dave Cabelus do the talking in this on-demand webcast focused on Oracle WebLogic Server 12c with Java Management Extensions (JMX). Using the Coherence API to get Portable Object Format bytes | Bruno Borges Bruno Borges shares a code snippet that illustrates how easy it is to use the Coherence API. Thought for the Day "Experience is something you don't get until just after you need it." — Anonymous Source: SoftwareQuotes.com

  Read the article

• Good practice or service for monitoring unhandled application errors for a small organization

  - by palto

  I'm working with multiple software with varying ways of monitoring for errors. When I make software, I usually send email with the stack trace to admins(usually me). Some customer software is monitored by a team who check that a particular batch run was successfull. Other software might not have any monitoring at all(someone will call when things go wrong horribly). Sending emails is good, except when things start going wrong, my mail gets filled fast. Also I don't want to solve the same problem in code for every software. Is there some relatively cheap and low maintenance software or practice to handle this. I want it to be cheap/low maintenance because usually I work alone or in teams of 5 or smaller. For example it would be great if errors would be aggregated so I don't get 10 000 emails when something unexpected happens... For clarification: By unhandled errors I mean Exceptions that were unhandled by application code that were propagated to Tomcat or Jboss. I don't need help with how to catch those errors. I need help with what to do with them. Is there any cloud application that I could send my errors to? Or some simple server to install? Or some library that can handle errors using configuration files. I use Java if that is any help.

  Read the article

< Previous Page | 63 64 65 66 67 68 69 70 71 72 73 74  | Next Page >