I'm trying to get Tomcat 6.0.20 working with SSL authentication. I used keytool to create a new certificate, put it into my user dir, and set the tomcat authentication to this (server.xml):
(Omitted)
-->
<Server port="8005" shutdown="SHUTDOWN">
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" SSLRandomSeed="builtin" />
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener" />
<!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector port="9090" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="9091" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<Connector port="9091" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
keystoreFile="/home/media/.keystore"
keystorePass="123456"
clientAuth="false" sslProtocol="TLS" />
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="9091" />
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine name="Catalina" defaultHost="localhost">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- The request dumper valve dumps useful debugging information about
the request and response data received and sent by Tomcat.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.RequestDumperValve"/>
-->
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
<!-- Define the default virtual host
Note: XML Schema validation will not work with Xerces 2.2.
-->
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
-->
</Host>
</Engine>
</Service>
</Server>
However, whist connection thru http is fine, whenever I try to connect through port 9091 (https) I always get the message "the connection was interrupted". I never got a certificate or anything, though there was no errors in catalina.out
What could be wrong. Must I generate a OpenSSL key pair and import it in addition to creating and specifying a keystore?
I'd suggest using curl to troubleshoot your problems. curl is a unix tool as well as a library, and on Windows is runs well under cygwin. Try the following command:
curl -Iv https://yourhost:9091
You should see some output which looks something like this:
* About to connect() to yourhost port 9091 (#0)
* Trying 67.207.137.114... connected
* Connected to yourhost (67.207.137.114) port 9091 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem, verify that the CA cert is OK. Details:
From here you should be able to narrow down where to troubleshoot.
Related
I installed the CEP ( Proton ) through the official documentation, https://forge.fiware.org/plugins/mediawiki/wiki/fiware/index.php/CEP_GE_-_IBM_Proactive_Technology_Online_Installation_and_Administration_Guide
After that, I watched this recommended video to learn more about CEP. https://edu.fiware.org/pluginfile.php/653/mod_resource/content/1/CEP-Tutorial.mp4
But I can't check engine instance state, because appears this error in response:Could not read instance state, message: Error activating jmx proxy:
It seems that JMX is not properly configured.
As described in the installation guide, in the Apache Tomcat users configuration file you need to add manager-jmx role, and add it to the manager user name:
<tomcat-users>
...
<role rolename="manager-jmx" />
<user username="manager" password="manager" roles="manager-gui,manager-status,manager-script,manager-jmx" />
...
</tomcat-users>
You need to enable JMX access on Apache Tomcat, by adding it to CATALINA_OPTS, as described in the installation guide.
You also need to specify the JMX service port in the ProtonAdmin.properties file, as described in the same installation guide.
I am using the latest (commit 9574e71e8db595ce7b2fa2f8fbfc38deec2ad74b) version of ejabberd and tries to make the mod_multicast module work, but I'm failing.
I have this:
modules:
mod_multicast:
host: "multicast.cego.dk"
allow: all
which I believe should work, however I get this response when sending a massage:
<message from="multicast.cego.dk"
to="robert78#komogvind.dk/13809541201432712492488165"
type="error">
<addresses xmlns="http://jabber.org/protocol/address">
<address type="to"
jid="betatester01#komogvind.dk"/>
<address type="to"
jid="robert78#komogvind.dk"/>
<body>
Hello, World!
</body>
</addresses>
<error code="403"
type="auth">
<forbidden xmlns="urn:ietf:params:xml:ns:xmpp-stanzas"/>
<text xmlns="urn:ietf:params:xml:ns:xmpp-stanzas">
Packet relay is denied by service policy
</text>
</error>
</message>
Why is this?
I also tried with 'allow: admin' and 'allow: multicast' and then defining a multicast acl as described in the documentation but all attempts fail.
The "multicast.cego.dk" service shows up in service discovery and I can query it with service discovery.
At the moment, ejabberd only support multicasting to local user and does not support relaying.
I created a feature request for you on ejabberd ticket tracker:
https://github.com/processone/ejabberd/issues/583
I've been trying to set up my tomcat server on amazon's ec2 server with little luck. I have the same exact setup running fine on my windows local machine with no issues.
Caused by: javax.naming.NameNotFoundException: Name [jdbc/orders] is not bound in this Context. Unable to find [jdbc].
at org.apache.naming.NamingContext.lookup(NamingContext.java:819)
at org.apache.naming.NamingContext.lookup(NamingContext.java:167)
at org.apache.naming.SelectorContext.lookup(SelectorContext.java:156)
at javax.naming.InitialContext.lookup(InitialContext.java:411)
at org.springframework.jndi.JndiTemplate$1.doInContext(JndiTemplate.java:154)
at org.springframework.jndi.JndiTemplate.execute(JndiTemplate.java:87)
at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:152)
at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:178)
at org.springframework.jndi.JndiLocatorSupport.lookup(JndiLocatorSupport.java:104)
at org.springframework.jndi.JndiObjectLocator.lookup(JndiObjectLocator.java:105)
at org.springframework.jndi.JndiObjectFactoryBean.lookupWithFallback(JndiObjectFactoryBean.java:201)
at org.springframework.jndi.JndiObjectFactoryBean.afterPropertiesSet(JndiObjectFactoryBean.java:187)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1541)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1479)
... 103 more
server.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
--><!-- Note: A "Server" is not itself a "Container", so you may not
define subcomponents such as "Valves" at this level.
Documentation at /docs/config/server.html
--><Server port="8005" shutdown="SHUTDOWN">
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />
-->
<!--APR library loader. Documentation at /docs/apr.html -->
<Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/>
<!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
<Listener className="org.apache.catalina.core.JasperListener"/>
<!-- Prevent memory leaks due to use of particular java/javax APIs-->
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<!-- Global JNDI resources
Documentation at /docs/jndi-resources-howto.html
-->
<GlobalNamingResources>
<!-- Editable user database that can also be used by
UserDatabaseRealm to authenticate users
-->
<Resource name="jdbc/orders" auth="Container" type="javax.sql.DataSource"
maxActive="100" maxIdle="30" maxWait="10000" username="marios"
password="135181mi!" driverClassName="com.mysql.jdbc.Driver"
url="jdbc:mysql://localhost:3306/orders" />
<Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
</GlobalNamingResources>
<!-- A "Service" is a collection of one or more "Connectors" that share
a single "Container" Note: A "Service" is not itself a "Container",
so you may not define subcomponents such as "Valves" at this level.
Documentation at /docs/config/service.html
-->
<Service name="Catalina">
<!--The connectors can use a shared executor, you can define one or more named thread pools-->
<!--
<Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
maxThreads="150" minSpareThreads="4"/>
-->
<!-- A "Connector" represents an endpoint by which requests are received
and responses are returned. Documentation at :
Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
Java AJP Connector: /docs/config/ajp.html
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL HTTP/1.1 Connector on port 8080
-->
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
-->
<!-- Define a SSL HTTP/1.1 Connector on port 8443
This connector uses the JSSE configuration, when using APR, the
connector should be using the OpenSSL style configuration
described in the APR documentation -->
<!--
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
-->
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
<!-- An Engine represents the entry point (within Catalina) that processes
every request. The Engine implementation for Tomcat stand alone
analyzes the HTTP headers included with the request, and passes them
on to the appropriate Host (virtual host).
Documentation at /docs/config/engine.html -->
<!-- You should set jvmRoute to support load-balancing via AJP ie :
<Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
-->
<Engine defaultHost="localhost" name="Catalina">
<!--For clustering, please take a look at documentation at:
/docs/cluster-howto.html (simple how to)
/docs/config/cluster.html (reference documentation) -->
<!--
<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
-->
<!-- Use the LockOutRealm to prevent attempts to guess user passwords
via a brute-force attack -->
<Realm className="org.apache.catalina.realm.LockOutRealm">
<!-- This Realm uses the UserDatabase configured in the global JNDI
resources under the key "UserDatabase". Any edits
that are performed against this UserDatabase are immediately
available for use by the Realm. -->
<Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
</Realm>
<Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="false">
<!-- SingleSignOn valve, share authentication between web applications
Documentation at: /docs/config/valve.html -->
<!--
<Valve className="org.apache.catalina.authenticator.SingleSignOn" />
-->
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." suffix=".txt"/>
</Host>
</Engine>
</Service>
</Server>
WEB-INF/context.xml tried to also put this in tomcat7/config/context.xml
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- The contents of this file will be loaded for each web application -->
<Context docBase="PaphosDiner" path="/PaphosDiner" reloadable="true" source="org.eclipse.jst.jee.server:PaphosDiner">
<ResourceLink name="jdbc/orders"
global="jdbc/orders"
auth="Container"
type="javax.sql.DataSource" />
<!-- Default set of monitored resources -->
<WatchedResource>WEB-INF/web.xml</WatchedResource>
</Context>
web.xml
<resource-ref>
<description>Database</description>
<res-ref-name>jdbc/orders</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
I have also included the mysqlconnector jar in the server
You are not technically doing anything wrong, I have experienced (with tomcat and mysql) and rectified this issue on my side, you can validate by having a JSP Database test page not using DataSource, the issue is that most Amazon services do not support things out of the box:
JNDI Datasource
EC2 including Beanstalk lack this feature, as per your code above:
dataSource="jdbc/orders"
Solution is to either resort to:
JDBC DriverManager
Create JNDI Datasource
References:
https://forums.aws.amazon.com/thread.jspa?threadID=108499
https://forums.aws.amazon.com/thread.jspa?messageID=313642
I think to try to speed up my Web App by reducing the size of transferred data. For example, in Nginx there is a special module. How to enable compression for JBoss server?
JBoss AS version 6 or lower
To enable gzip compression, settings need to be added to your existing HTTP connector.
Located at /server/default/deploy/jbossweb.sar/server.xml:
<!-- A HTTP/1.1 Connector on port 8080 -->
<Connector protocol="HTTP/1.1" port="${jboss.web.http.port}"
address="${jboss.bind.address}" redirectPort="${jboss.web.https.port}"
compression="force"
compressionMinSize="512"
noCompressionUserAgents=""
compressableMimeType="text/html,text/xml,text/css,text/javascript"
/>
JBoss AS 7.0.x
JBoss 7.0.x - 7.1.0 have no support for gzip compression build in.
See also issue report at: https://issues.jboss.org/browse/AS7-2991
One way to add gzip compression in JBoss 7.0 is to add is as filter.
For details: https://code.google.com/p/webutilities/wiki/CompressionFilter
JBoss AS 7.1.1
Just recently JBoss finished adding gzip compression to JBoss. As of version 7.1.1Final, gzip compression is supported out of the box again. To enable, add to the server launch params:
-Dorg.apache.coyote.http11.Http11Protocol.COMPRESSION=on
I have an ASP.NET web application written in VB.NET. One part of the application makes an AJAX call to an internal ASMX file which in turn makes a call to a remote web service which is just a single ASMX file. Normally this works fine and has been deployed a couple of times and works fine. One client however, is getting the message from the AJAX call:
The HTTP request is unauthorized with client authentication scheme
'Anonymous'. The authentication header received from the server was
'NTLM’.
I have scoured a large amount of websites trying to fix this but I can’t seem to find any answer that works for me.
I have been unable to replicate the error on my test server, which is the same as the client, Win2003 IIS6.
The remote web service is deployed on Windows 2008 r2 – IIS7.5. The remote service is deployed using ‘Anonymous’ authentication only. The client deployment is set up with Anonymous and ‘Integrated Windows Authentication’. I have tried changing the authentication levels on both implementations but cannot replicate the issue. The closest I have come is when I set the remote service IIS authentication to
The HTTP request is unauthorized with client authentication scheme
'Ntlm'. The authentication header received from the server was ''.
In the web.config file the reference to the remote service is:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="SVCMappingSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://svc.website.com/services/myService.asmx" binding="basicHttpBinding" bindingConfiguration="SVCMappingSoap" contract="SVCMappingService.SVCMappingSoap" name="SVCMappingSoap"/>
</client>
</system.serviceModel>
I have tried changing a number of the setting in the <security> section but still unable to replicate.
I am not sure of your total server setup.
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
</security>
instead of above one please try with below configuration
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm"/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
please go through below links, you can more idea on those and you can change the config based on your requirements:
http://blogs.msdn.com/b/publicsector/archive/2005/10/19/482833.aspx
http://fczaja.blogspot.com/2009/10/http-request-is-unauthorized-with.html
http://ddkonline.blogspot.com/2009/11/fix-http-request-is-unauthorized-with.html
I had to change the default generated
<security mode="Transport"/>
into
<security mode="Transport" >
<transport clientCredentialType="Ntlm"/>
</security>
One more comment for this problem:
If you are not using HTTPS,
<security mode="Transport"/>
is not supported. You can use
<security mode="TransportCredentialOnly">
instead.