You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Xiaoling Chen <c_...@hotmail.com> on 2003/03/24 13:46:01 UTC
Browser got incomplete html
Hello,
I met this problem. My html page showed incompletely.
Sometimes html tag like "<TD" is showed, and sometimes only
half of the whole result showed. I read the source of the html,
it seems browser got imcomplete html.
I'm using Tomcat4.1.18, Apache1.3.12 and mod_Jk2
OS is solaris8.
Thanks for any help
Regards,
Xiaoling
Re: Tomcat SSL mutual authentication: Nobody's got a clue?
Posted by joe <li...@concrete-it.com>.
first of all: use jdk1.4.x !!! i found a bug in the old implementatin.
if someone is interrested i can search in my archive to describe the bug.
here is how to patch the tomcat 4.1.x to handle to make client
authentication 'optional':
in the java class:
org.apache.tomcat.util.net.jsse.JSSESocketFactory
you find 2 times this method call:
.setNeedClientAuth(clientAuth);
change this to:
.setWantClientAuth(clientAuth);
thats it!
and don't forget to change your server.xml:
<!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<!--^M -->
<Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
port="443" minProcessors="5" maxProcessors="75"
enableLookups="true"
acceptCount="100" debug="0" scheme="https" secure="true"
useURIValidationHack="false" disableUploadTimeout="true">
<Factory
className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
clientAuth="true" protocol="TLS"
keystoreFile="/root/certs/java.concrete-it.com.keystore"
keystorePass="changeit" />
</Connector>
here is my link collection for ssl:
http://www-106.ibm.com/developerworks/java/library/j-customssl/sidebar.html
http://developer.java.sun.com/developer/qow/archive/169/index.jsp
http://www.catgen.com/developer/manual/ssl.html#jbosscatalina
you can find a lot of howtos how to make your own CA , server cert and
client certs.
hope this helps,
joe
joe wrote:
> hi,
>
> it's true that there is no 'step-by-step' howto for tomcat, but there
> are many other ssl (and client auth) howtos which you can use for tomcat.
> the only thing is just a little bit of searching and reading about
> ssl, CA, X509 certificates, certification chains ...
>
> i have succesfully established ssl connections with (mutual) client
> certificates. i'll try to find the howto's i've used and post it here
> (i hope i'll find them again).
> i haven't used CRL's - i'm sure there are howtos 'out there'.
>
> and: it's true that tomcat does NOT support mutual client auth ! but
> i've read a little bit of the doc's and the source code and pathed my
> tomcat 4.1.x to change the ssl client auth behavior to mutual.
>
> cu, joe
>
> Mark Liu wrote:
>
>> Hi,
>>
>> No, the Tomcat docs only says how to turn on the
>> *server* authentication, i.e., how to run Tomcat in
>> SSL mode. It does not mention how to have the client
>> also pass over its certificate to the Web server.
>>
>> You have an idea about how to turn on client cert?
>>
>> --- Norris Shelton <no...@yahoo.com> wrote:
>>
>>
>>> That about sums it up. We are looking at client
>>> certs also. The Tomcat docs say how to turn on client
>>> authentication, but
>>> there is not much out there on hooking up to a CA
>>> and verifying
>>> against a CRL.
>>> All of that is beyond the scope of this list and
>>> dives deep into
>>> the realm of JCE.
>>>
>>> We are looking into going with a vendor (probably
>>> VeriSign).
>>>
>>>
>>> --- Mark Liu <ma...@yahoo.com> wrote:
>>>
>>>
>>>> For over 1 week, I've been exploring about this.
>>>
>>> So
>>>
>>>
>>>> far, I got no reply. Is this so professional, so
>>>> tough that nobody's got a clue?
>>>>
>>>> __________________________________________________
>>>> Do you Yahoo!?
>>>> Yahoo! Platinum - Watch CBS' NCAA March Madness,
>>>>
>>>
>>> live on your
>>>
>>>
>>>> desktop!
>>>> http://platinum.yahoo.com
>>>>
>>>>
>>>>
>>>
>> ---------------------------------------------------------------------
>>
>>
>>>> To unsubscribe, e-mail:
>>>> tomcat-user-unsubscribe@jakarta.apache.org
>>>> For additional commands, e-mail:
>>>> tomcat-user-help@jakarta.apache.org
>>>>
>>>>
>>>
>>> =====
>>>
>>> Norris Shelton
>>> Software Engineer
>>> Sun Certified Java 1.1 Programmer
>>> Appriss, Inc.
>>> ICQ# 26487421
>>> AIM NorrisEShelton
>>> YIM norrisshelton
>>>
>>>
>>> __________________________________________________
>>> Do you Yahoo!?
>>> Yahoo! Platinum - Watch CBS' NCAA March Madness,
>>> live on your desktop!
>>> http://platinum.yahoo.com
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>>
>>
>>> To unsubscribe, e-mail:
>>> tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail:
>>> tomcat-user-help@jakarta.apache.org
>>>
>>>
>>
>>
>>
>> __________________________________________________
>> Do you Yahoo!?
>> Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
>> http://platinum.yahoo.com
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>
>>
>>
>
>
Re: Tomcat SSL mutual authentication: Nobody's got a clue?
Posted by joe <li...@concrete-it.com>.
hi,
it's true that there is no 'step-by-step' howto for tomcat, but there
are many other ssl (and client auth) howtos which you can use for tomcat.
the only thing is just a little bit of searching and reading about ssl,
CA, X509 certificates, certification chains ...
i have succesfully established ssl connections with (mutual) client
certificates. i'll try to find the howto's i've used and post it here (i
hope i'll find them again).
i haven't used CRL's - i'm sure there are howtos 'out there'.
and: it's true that tomcat does NOT support mutual client auth ! but
i've read a little bit of the doc's and the source code and pathed my
tomcat 4.1.x to change the ssl client auth behavior to mutual.
cu, joe
Mark Liu wrote:
>Hi,
>
>No, the Tomcat docs only says how to turn on the
>*server* authentication, i.e., how to run Tomcat in
>SSL mode. It does not mention how to have the client
>also pass over its certificate to the Web server.
>
>You have an idea about how to turn on client cert?
>
>--- Norris Shelton <no...@yahoo.com> wrote:
>
>
>>That about sums it up. We are looking at client
>>certs also.
>>The Tomcat docs say how to turn on client
>>authentication, but
>>there is not much out there on hooking up to a CA
>>and verifying
>>against a CRL.
>>
>>All of that is beyond the scope of this list and
>>dives deep into
>>the realm of JCE.
>>
>>We are looking into going with a vendor (probably
>>VeriSign).
>>
>>
>>--- Mark Liu <ma...@yahoo.com> wrote:
>>
>>
>>>For over 1 week, I've been exploring about this.
>>>
>>>
>>So
>>
>>
>>>far, I got no reply. Is this so professional, so
>>>tough that nobody's got a clue?
>>>
>>>__________________________________________________
>>>Do you Yahoo!?
>>>Yahoo! Platinum - Watch CBS' NCAA March Madness,
>>>
>>>
>>live on your
>>
>>
>>>desktop!
>>>http://platinum.yahoo.com
>>>
>>>
>>>
>>>
>---------------------------------------------------------------------
>
>
>>>To unsubscribe, e-mail:
>>>tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail:
>>>tomcat-user-help@jakarta.apache.org
>>>
>>>
>>>
>>=====
>>
>>Norris Shelton
>>Software Engineer
>>Sun Certified Java 1.1 Programmer
>>Appriss, Inc.
>>ICQ# 26487421
>>AIM NorrisEShelton
>>YIM norrisshelton
>>
>>
>>__________________________________________________
>>Do you Yahoo!?
>>Yahoo! Platinum - Watch CBS' NCAA March Madness,
>>live on your desktop!
>>http://platinum.yahoo.com
>>
>>
>>
>>
>---------------------------------------------------------------------
>
>
>>To unsubscribe, e-mail:
>>tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail:
>>tomcat-user-help@jakarta.apache.org
>>
>>
>>
>
>
>__________________________________________________
>Do you Yahoo!?
>Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
>http://platinum.yahoo.com
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>
>
Re: Tomcat SSL mutual authentication: Nobody's got a clue?
Posted by Mark Liu <ma...@yahoo.com>.
Hi,
No, the Tomcat docs only says how to turn on the
*server* authentication, i.e., how to run Tomcat in
SSL mode. It does not mention how to have the client
also pass over its certificate to the Web server.
You have an idea about how to turn on client cert?
--- Norris Shelton <no...@yahoo.com> wrote:
> That about sums it up. We are looking at client
> certs also.
> The Tomcat docs say how to turn on client
> authentication, but
> there is not much out there on hooking up to a CA
> and verifying
> against a CRL.
>
> All of that is beyond the scope of this list and
> dives deep into
> the realm of JCE.
>
> We are looking into going with a vendor (probably
> VeriSign).
>
>
> --- Mark Liu <ma...@yahoo.com> wrote:
> > For over 1 week, I've been exploring about this.
> So
> > far, I got no reply. Is this so professional, so
> > tough that nobody's got a clue?
> >
> > __________________________________________________
> > Do you Yahoo!?
> > Yahoo! Platinum - Watch CBS' NCAA March Madness,
> live on your
> > desktop!
> > http://platinum.yahoo.com
> >
> >
>
---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail:
> > tomcat-user-help@jakarta.apache.org
> >
>
>
> =====
>
> Norris Shelton
> Software Engineer
> Sun Certified Java 1.1 Programmer
> Appriss, Inc.
> ICQ# 26487421
> AIM NorrisEShelton
> YIM norrisshelton
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness,
> live on your desktop!
> http://platinum.yahoo.com
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Tomcat SSL mutual authentication: Nobody's got a clue?
Posted by Norris Shelton <no...@yahoo.com>.
That about sums it up. We are looking at client certs also.
The Tomcat docs say how to turn on client authentication, but
there is not much out there on hooking up to a CA and verifying
against a CRL.
All of that is beyond the scope of this list and dives deep into
the realm of JCE.
We are looking into going with a vendor (probably VeriSign).
--- Mark Liu <ma...@yahoo.com> wrote:
> For over 1 week, I've been exploring about this. So
> far, I got no reply. Is this so professional, so
> tough that nobody's got a clue?
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your
> desktop!
> http://platinum.yahoo.com
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
> tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail:
> tomcat-user-help@jakarta.apache.org
>
=====
Norris Shelton
Software Engineer
Sun Certified Java 1.1 Programmer
Appriss, Inc.
ICQ# 26487421
AIM NorrisEShelton
YIM norrisshelton
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Tomcat SSL mutual authentication: Nobody's got a clue?
Posted by Mark Liu <ma...@yahoo.com>.
For over 1 week, I've been exploring about this. So
far, I got no reply. Is this so professional, so
tough that nobody's got a clue?
__________________________________________________
Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop!
http://platinum.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Browser got incomplete html
Posted by "Steven J. Owens" <pu...@darksleep.com>.
On Mon, Mar 24, 2003 at 09:25:36PM +0000, Jon Wingfield wrote:
> Have a look in the tomcat log files. Either catalina.out or
> localhost_log.<date>.txt. I'll bet there's an exception in one of those.
> If a jsp scriptlet or custom tag throws an uncaught exception Tomcat may
> not be able to forward to any predefined error pages because part of the
> response has already been flushed back to the client (browser). So, what
> you get is an IllegalStateException in the logs and a half-formed page
> in the browser.
I've run into this fairly often. I've also seen that sometimes
the exception is mysteriously swallowed, not printed to the log. Most
often this seems to crop up with a bracket {} mis-configuration in
try/catch or if/else blocks.
I've gotten to the point where, if I see an incomplete page, I
check the log, skim the page source to see if I can spot a bracket
mis-configuration, and then throw:
try {
...
} catch (Throwable t) {
t.printStackTrace();
}
...around the whole thing temporarily, to see if I can get an
exception stack trace to see what problem is actually causing the
behavior.
I've also found it helpful on occasion to crack open the
generated java source and see if it indents properly in emacs/JDE.
Steven J. Owens
puff@darksleep.com
"I'm going to make broad, sweeping generalizations and strong,
declarative statements, because otherwise I'll be here all night and
this document will be four times longer and much less fun to read.
Take it all with a grain of salt." - Me at http://darksleep.com
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
Re: Browser got incomplete html
Posted by Jon Wingfield <jo...@mkodo.com>.
Have a look in the tomcat log files. Either catalina.out or
localhost_log.<date>.txt. I'll bet there's an exception in one of those.
If a jsp scriptlet or custom tag throws an uncaught exception Tomcat may
not be able to forward to any predefined error pages because part of the
response has already been flushed back to the client (browser). So, what
you get is an IllegalStateException in the logs and a half-formed page
in the browser.
Hope this helps,
Jon
Xiaoling Chen wrote:
> Hello,
>
> I met this problem. My html page showed incompletely.
> Sometimes html tag like "<TD" is showed, and sometimes only
> half of the whole result showed. I read the source of the html,
> it seems browser got imcomplete html.
>
> I'm using Tomcat4.1.18, Apache1.3.12 and mod_Jk2
> OS is solaris8.
>
> Thanks for any help
>
> Regards,
> Xiaoling
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org