Stanbol war deployed to tomcat7 on ubuntu 14.04

[Luyi Wang <wa...@guitarca.com>]

Hi all:

Would like to share my experience on deploying stanbol war file to tomcat7
on ubuntu 14.04

After the full build by following instruction upon
http://stanbol.apache.org/docs/trunk/tutorial.html

I got the stanbol.war file deployed on tomcat7 but it kept reporting error
for resource not available as Apache Sling is starting. I checked the
access log and found stanbol (actually sling) failed in creating a folder
under tomcat folder instead of tomcat webapps folder. An easy hack way is
to create a folder named "stanbol"  with tomcat7 user/group access under
your $CATALINA_BASE folder and restart tomcat7. Then everything is fine
except the the link "system/console" would be broken by default setting.

The broken link reporting permission error. To solve this, need to edit two
parts.
1. add permission into your tomcat policy configuration which is under
/etc/tomcat7/policy.d folder.  You can choose one to edit since later on
they all compile to be one file as $CATALINA_BASE/work/catalina.policy
(/var/lib/tomcat7/work/catalina.policy)

The hack way is to grant permission with careless.

grant {
permission java.security.AllPermission;
};


I tried to make it more robust by adding permission only for stanbol
codebase however I failed to make it work. If anyone knows how to do , let
me know.

After that , need to change the tomcat init script in /etc/init.d/tomcat
Line 98 to yes.

TOMCAT7_SECURITY=yes


After all these, every component would work but we need to alter the tomcat
application memory size.

vi /etc/default/tomcat7

change the JAVA_OPTS line.

JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m
-XX:+UseConcMarkSweepGC"

Then restart tomcat7.


Hope this would help people.

Thanks.

-Luyi.

Re: Stanbol war deployed to tomcat7 on ubuntu 14.04

[Luyi Wang <wa...@guitarca.com>]

No problem for this.  I will try to add this probably on friday.

Thanks.

On Thu, Sep 11, 2014 at 12:10 AM, Fabian Christ <
christ.fabian@googlemail.com> wrote:

> Hi Luyi,
>
> thanks for sharing your experience. Would be great to have this
> information on our websites. Any interest to share are a patch for the
> site?
>
> To do so,
>
> 1) checkout the site sources via SVN from
> https://svn.apache.org/repos/asf/stanbol/site/trunk/
> 2) Make your changes where you think they would best fit it and create a
> patch.
> 3) Create a JIRA issue describing your changes and attach the patch.
> 4) A Stanbol committer will review the patch and apply it to our website.
>
> Would be really great to have this and your contribution!
>
> Best,
>  - Fabian
>
> 2014-09-08 18:35 GMT+02:00 ajs6f@virginia.edu <aj...@virginia.edu>:
> > I think that would be a container-specific concern, but I honestly don't
> know enough to comment further. You might want to explore the option of
> segregating Stanbol into its own container, although I realize that would
> mean extra overhead.
> >
> > ---
> > A. Soroka
> > The University of Virginia Library
> >
> > On Sep 8, 2014, at 11:27 AM, Luyi Wang <wa...@guitarca.com> wrote:
> >
> >> yeah.
> >>
> >> only for stanbol. The permission granted right now are available for
> whole
> >> site.
> >>
> >>
> >> On Mon, Sep 8, 2014 at 8:14 AM, ajs6f@virginia.edu <aj...@virginia.edu>
> >> wrote:
> >>
> >>> Do you mean giving only permissions to actions originating in the
> Stanbol
> >>> webapp and not to actions originating in other webapps deployed in
> your web
> >>> container?
> >>>
> >>> ---
> >>> A. Soroka
> >>> The University of Virginia Library
> >>>
> >>> On Sep 8, 2014, at 11:11 AM, Luyi Wang <wa...@guitarca.com> wrote:
> >>>
> >>>> Does anyone have some idea on giving only codebase permission?
> >>>>
> >>>> On Sun, Sep 7, 2014 at 4:07 AM, ajs6f@virginia.edu <
> ajs6f@virginia.edu>
> >>>> wrote:
> >>>>
> >>>>> Another approach here is to move the Stanbol home _out_ of the
> directory
> >>>>> of your web container. I think that's a little clearer and safer, and
> >>>>> that's how I run Stanbol as a web app. You can do that with an init
> >>> param
> >>>>> in the Stanbol web application's web.xml file, with an element like
> >>> this:
> >>>>>
> >>>>> </init-param>
> >>>>>               <init-param> <!-- the default sling.home is set to
> >>> stanbol
> >>>>> -->
> >>>>>               <param-name>sling.home</param-name>
> >>>>>               <param-value>/my/directory/for/stanbol</param-value>
> >>>>> </init-param>
> >>>>>
> >>>>> And of course you must give the Tomcat user rights to content under
> that
> >>>>> directory.
> >>>>>
> >>>>> ---
> >>>>> A. Soroka
> >>>>> The University of Virginia Library
> >>>>>
> >>>>> On Sep 7, 2014, at 1:08 AM, Luyi Wang <wa...@guitarca.com> wrote:
> >>>>>
> >>>>>> Hi all:
> >>>>>>
> >>>>>> Would like to share my experience on deploying stanbol war file to
> >>>>> tomcat7
> >>>>>> on ubuntu 14.04
> >>>>>>
> >>>>>> After the full build by following instruction upon
> >>>>>> http://stanbol.apache.org/docs/trunk/tutorial.html
> >>>>>>
> >>>>>> I got the stanbol.war file deployed on tomcat7 but it kept reporting
> >>>>> error
> >>>>>> for resource not available as Apache Sling is starting. I checked
> the
> >>>>>> access log and found stanbol (actually sling) failed in creating a
> >>> folder
> >>>>>> under tomcat folder instead of tomcat webapps folder. An easy hack
> way
> >>> is
> >>>>>> to create a folder named "stanbol"  with tomcat7 user/group access
> >>> under
> >>>>>> your $CATALINA_BASE folder and restart tomcat7. Then everything is
> fine
> >>>>>> except the the link "system/console" would be broken by default
> >>> setting.
> >>>>>>
> >>>>>> The broken link reporting permission error. To solve this, need to
> edit
> >>>>> two
> >>>>>> parts.
> >>>>>> 1. add permission into your tomcat policy configuration which is
> under
> >>>>>> /etc/tomcat7/policy.d folder.  You can choose one to edit since
> later
> >>> on
> >>>>>> they all compile to be one file as
> $CATALINA_BASE/work/catalina.policy
> >>>>>> (/var/lib/tomcat7/work/catalina.policy)
> >>>>>>
> >>>>>> The hack way is to grant permission with careless.
> >>>>>>
> >>>>>> grant {
> >>>>>> permission java.security.AllPermission;
> >>>>>> };
> >>>>>>
> >>>>>>
> >>>>>> I tried to make it more robust by adding permission only for stanbol
> >>>>>> codebase however I failed to make it work. If anyone knows how to
> do ,
> >>>>> let
> >>>>>> me know.
> >>>>>>
> >>>>>> After that , need to change the tomcat init script in
> >>> /etc/init.d/tomcat
> >>>>>> Line 98 to yes.
> >>>>>>
> >>>>>> TOMCAT7_SECURITY=yes
> >>>>>>
> >>>>>>
> >>>>>> After all these, every component would work but we need to alter the
> >>>>> tomcat
> >>>>>> application memory size.
> >>>>>>
> >>>>>> vi /etc/default/tomcat7
> >>>>>>
> >>>>>> change the JAVA_OPTS line.
> >>>>>>
> >>>>>> JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m
> >>>>>> -XX:+UseConcMarkSweepGC"
> >>>>>>
> >>>>>> Then restart tomcat7.
> >>>>>>
> >>>>>>
> >>>>>> Hope this would help people.
> >>>>>>
> >>>>>> Thanks.
> >>>>>>
> >>>>>> -Luyi.
> >>>>>
> >>>>>
> >>>
> >>>
> >
>
>
>
> --
> Fabian
> http://twitter.com/fctwitt
>

Re: Stanbol war deployed to tomcat7 on ubuntu 14.04

[Fabian Christ <ch...@googlemail.com>]

Hi Luyi,

thanks for sharing your experience. Would be great to have this
information on our websites. Any interest to share are a patch for the
site?

To do so,

1) checkout the site sources via SVN from
https://svn.apache.org/repos/asf/stanbol/site/trunk/
2) Make your changes where you think they would best fit it and create a patch.
3) Create a JIRA issue describing your changes and attach the patch.
4) A Stanbol committer will review the patch and apply it to our website.

Would be really great to have this and your contribution!

Best,
 - Fabian

2014-09-08 18:35 GMT+02:00 ajs6f@virginia.edu <aj...@virginia.edu>:
> I think that would be a container-specific concern, but I honestly don't know enough to comment further. You might want to explore the option of segregating Stanbol into its own container, although I realize that would mean extra overhead.
>
> ---
> A. Soroka
> The University of Virginia Library
>
> On Sep 8, 2014, at 11:27 AM, Luyi Wang <wa...@guitarca.com> wrote:
>
>> yeah.
>>
>> only for stanbol. The permission granted right now are available for whole
>> site.
>>
>>
>> On Mon, Sep 8, 2014 at 8:14 AM, ajs6f@virginia.edu <aj...@virginia.edu>
>> wrote:
>>
>>> Do you mean giving only permissions to actions originating in the Stanbol
>>> webapp and not to actions originating in other webapps deployed in your web
>>> container?
>>>
>>> ---
>>> A. Soroka
>>> The University of Virginia Library
>>>
>>> On Sep 8, 2014, at 11:11 AM, Luyi Wang <wa...@guitarca.com> wrote:
>>>
>>>> Does anyone have some idea on giving only codebase permission?
>>>>
>>>> On Sun, Sep 7, 2014 at 4:07 AM, ajs6f@virginia.edu <aj...@virginia.edu>
>>>> wrote:
>>>>
>>>>> Another approach here is to move the Stanbol home _out_ of the directory
>>>>> of your web container. I think that's a little clearer and safer, and
>>>>> that's how I run Stanbol as a web app. You can do that with an init
>>> param
>>>>> in the Stanbol web application's web.xml file, with an element like
>>> this:
>>>>>
>>>>> </init-param>
>>>>>               <init-param> <!-- the default sling.home is set to
>>> stanbol
>>>>> -->
>>>>>               <param-name>sling.home</param-name>
>>>>>               <param-value>/my/directory/for/stanbol</param-value>
>>>>> </init-param>
>>>>>
>>>>> And of course you must give the Tomcat user rights to content under that
>>>>> directory.
>>>>>
>>>>> ---
>>>>> A. Soroka
>>>>> The University of Virginia Library
>>>>>
>>>>> On Sep 7, 2014, at 1:08 AM, Luyi Wang <wa...@guitarca.com> wrote:
>>>>>
>>>>>> Hi all:
>>>>>>
>>>>>> Would like to share my experience on deploying stanbol war file to
>>>>> tomcat7
>>>>>> on ubuntu 14.04
>>>>>>
>>>>>> After the full build by following instruction upon
>>>>>> http://stanbol.apache.org/docs/trunk/tutorial.html
>>>>>>
>>>>>> I got the stanbol.war file deployed on tomcat7 but it kept reporting
>>>>> error
>>>>>> for resource not available as Apache Sling is starting. I checked the
>>>>>> access log and found stanbol (actually sling) failed in creating a
>>> folder
>>>>>> under tomcat folder instead of tomcat webapps folder. An easy hack way
>>> is
>>>>>> to create a folder named "stanbol"  with tomcat7 user/group access
>>> under
>>>>>> your $CATALINA_BASE folder and restart tomcat7. Then everything is fine
>>>>>> except the the link "system/console" would be broken by default
>>> setting.
>>>>>>
>>>>>> The broken link reporting permission error. To solve this, need to edit
>>>>> two
>>>>>> parts.
>>>>>> 1. add permission into your tomcat policy configuration which is under
>>>>>> /etc/tomcat7/policy.d folder.  You can choose one to edit since later
>>> on
>>>>>> they all compile to be one file as $CATALINA_BASE/work/catalina.policy
>>>>>> (/var/lib/tomcat7/work/catalina.policy)
>>>>>>
>>>>>> The hack way is to grant permission with careless.
>>>>>>
>>>>>> grant {
>>>>>> permission java.security.AllPermission;
>>>>>> };
>>>>>>
>>>>>>
>>>>>> I tried to make it more robust by adding permission only for stanbol
>>>>>> codebase however I failed to make it work. If anyone knows how to do ,
>>>>> let
>>>>>> me know.
>>>>>>
>>>>>> After that , need to change the tomcat init script in
>>> /etc/init.d/tomcat
>>>>>> Line 98 to yes.
>>>>>>
>>>>>> TOMCAT7_SECURITY=yes
>>>>>>
>>>>>>
>>>>>> After all these, every component would work but we need to alter the
>>>>> tomcat
>>>>>> application memory size.
>>>>>>
>>>>>> vi /etc/default/tomcat7
>>>>>>
>>>>>> change the JAVA_OPTS line.
>>>>>>
>>>>>> JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m
>>>>>> -XX:+UseConcMarkSweepGC"
>>>>>>
>>>>>> Then restart tomcat7.
>>>>>>
>>>>>>
>>>>>> Hope this would help people.
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>>> -Luyi.
>>>>>
>>>>>
>>>
>>>
>



-- 
Fabian
http://twitter.com/fctwitt

Re: Stanbol war deployed to tomcat7 on ubuntu 14.04

["ajs6f@virginia.edu" <aj...@virginia.edu>]

I think that would be a container-specific concern, but I honestly don't know enough to comment further. You might want to explore the option of segregating Stanbol into its own container, although I realize that would mean extra overhead.

---
A. Soroka
The University of Virginia Library

On Sep 8, 2014, at 11:27 AM, Luyi Wang <wa...@guitarca.com> wrote:

> yeah.
> 
> only for stanbol. The permission granted right now are available for whole
> site.
> 
> 
> On Mon, Sep 8, 2014 at 8:14 AM, ajs6f@virginia.edu <aj...@virginia.edu>
> wrote:
> 
>> Do you mean giving only permissions to actions originating in the Stanbol
>> webapp and not to actions originating in other webapps deployed in your web
>> container?
>> 
>> ---
>> A. Soroka
>> The University of Virginia Library
>> 
>> On Sep 8, 2014, at 11:11 AM, Luyi Wang <wa...@guitarca.com> wrote:
>> 
>>> Does anyone have some idea on giving only codebase permission?
>>> 
>>> On Sun, Sep 7, 2014 at 4:07 AM, ajs6f@virginia.edu <aj...@virginia.edu>
>>> wrote:
>>> 
>>>> Another approach here is to move the Stanbol home _out_ of the directory
>>>> of your web container. I think that's a little clearer and safer, and
>>>> that's how I run Stanbol as a web app. You can do that with an init
>> param
>>>> in the Stanbol web application's web.xml file, with an element like
>> this:
>>>> 
>>>> </init-param>
>>>>               <init-param> <!-- the default sling.home is set to
>> stanbol
>>>> -->
>>>>               <param-name>sling.home</param-name>
>>>>               <param-value>/my/directory/for/stanbol</param-value>
>>>> </init-param>
>>>> 
>>>> And of course you must give the Tomcat user rights to content under that
>>>> directory.
>>>> 
>>>> ---
>>>> A. Soroka
>>>> The University of Virginia Library
>>>> 
>>>> On Sep 7, 2014, at 1:08 AM, Luyi Wang <wa...@guitarca.com> wrote:
>>>> 
>>>>> Hi all:
>>>>> 
>>>>> Would like to share my experience on deploying stanbol war file to
>>>> tomcat7
>>>>> on ubuntu 14.04
>>>>> 
>>>>> After the full build by following instruction upon
>>>>> http://stanbol.apache.org/docs/trunk/tutorial.html
>>>>> 
>>>>> I got the stanbol.war file deployed on tomcat7 but it kept reporting
>>>> error
>>>>> for resource not available as Apache Sling is starting. I checked the
>>>>> access log and found stanbol (actually sling) failed in creating a
>> folder
>>>>> under tomcat folder instead of tomcat webapps folder. An easy hack way
>> is
>>>>> to create a folder named "stanbol"  with tomcat7 user/group access
>> under
>>>>> your $CATALINA_BASE folder and restart tomcat7. Then everything is fine
>>>>> except the the link "system/console" would be broken by default
>> setting.
>>>>> 
>>>>> The broken link reporting permission error. To solve this, need to edit
>>>> two
>>>>> parts.
>>>>> 1. add permission into your tomcat policy configuration which is under
>>>>> /etc/tomcat7/policy.d folder.  You can choose one to edit since later
>> on
>>>>> they all compile to be one file as $CATALINA_BASE/work/catalina.policy
>>>>> (/var/lib/tomcat7/work/catalina.policy)
>>>>> 
>>>>> The hack way is to grant permission with careless.
>>>>> 
>>>>> grant {
>>>>> permission java.security.AllPermission;
>>>>> };
>>>>> 
>>>>> 
>>>>> I tried to make it more robust by adding permission only for stanbol
>>>>> codebase however I failed to make it work. If anyone knows how to do ,
>>>> let
>>>>> me know.
>>>>> 
>>>>> After that , need to change the tomcat init script in
>> /etc/init.d/tomcat
>>>>> Line 98 to yes.
>>>>> 
>>>>> TOMCAT7_SECURITY=yes
>>>>> 
>>>>> 
>>>>> After all these, every component would work but we need to alter the
>>>> tomcat
>>>>> application memory size.
>>>>> 
>>>>> vi /etc/default/tomcat7
>>>>> 
>>>>> change the JAVA_OPTS line.
>>>>> 
>>>>> JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m
>>>>> -XX:+UseConcMarkSweepGC"
>>>>> 
>>>>> Then restart tomcat7.
>>>>> 
>>>>> 
>>>>> Hope this would help people.
>>>>> 
>>>>> Thanks.
>>>>> 
>>>>> -Luyi.
>>>> 
>>>> 
>> 
>> 

Re: Stanbol war deployed to tomcat7 on ubuntu 14.04

[Luyi Wang <wa...@guitarca.com>]

yeah.

only for stanbol. The permission granted right now are available for whole
site.


On Mon, Sep 8, 2014 at 8:14 AM, ajs6f@virginia.edu <aj...@virginia.edu>
wrote:

> Do you mean giving only permissions to actions originating in the Stanbol
> webapp and not to actions originating in other webapps deployed in your web
> container?
>
> ---
> A. Soroka
> The University of Virginia Library
>
> On Sep 8, 2014, at 11:11 AM, Luyi Wang <wa...@guitarca.com> wrote:
>
> > Does anyone have some idea on giving only codebase permission?
> >
> > On Sun, Sep 7, 2014 at 4:07 AM, ajs6f@virginia.edu <aj...@virginia.edu>
> > wrote:
> >
> >> Another approach here is to move the Stanbol home _out_ of the directory
> >> of your web container. I think that's a little clearer and safer, and
> >> that's how I run Stanbol as a web app. You can do that with an init
> param
> >> in the Stanbol web application's web.xml file, with an element like
> this:
> >>
> >> </init-param>
> >>                <init-param> <!-- the default sling.home is set to
> stanbol
> >> -->
> >>                <param-name>sling.home</param-name>
> >>                <param-value>/my/directory/for/stanbol</param-value>
> >> </init-param>
> >>
> >> And of course you must give the Tomcat user rights to content under that
> >> directory.
> >>
> >> ---
> >> A. Soroka
> >> The University of Virginia Library
> >>
> >> On Sep 7, 2014, at 1:08 AM, Luyi Wang <wa...@guitarca.com> wrote:
> >>
> >>> Hi all:
> >>>
> >>> Would like to share my experience on deploying stanbol war file to
> >> tomcat7
> >>> on ubuntu 14.04
> >>>
> >>> After the full build by following instruction upon
> >>> http://stanbol.apache.org/docs/trunk/tutorial.html
> >>>
> >>> I got the stanbol.war file deployed on tomcat7 but it kept reporting
> >> error
> >>> for resource not available as Apache Sling is starting. I checked the
> >>> access log and found stanbol (actually sling) failed in creating a
> folder
> >>> under tomcat folder instead of tomcat webapps folder. An easy hack way
> is
> >>> to create a folder named "stanbol"  with tomcat7 user/group access
> under
> >>> your $CATALINA_BASE folder and restart tomcat7. Then everything is fine
> >>> except the the link "system/console" would be broken by default
> setting.
> >>>
> >>> The broken link reporting permission error. To solve this, need to edit
> >> two
> >>> parts.
> >>> 1. add permission into your tomcat policy configuration which is under
> >>> /etc/tomcat7/policy.d folder.  You can choose one to edit since later
> on
> >>> they all compile to be one file as $CATALINA_BASE/work/catalina.policy
> >>> (/var/lib/tomcat7/work/catalina.policy)
> >>>
> >>> The hack way is to grant permission with careless.
> >>>
> >>> grant {
> >>> permission java.security.AllPermission;
> >>> };
> >>>
> >>>
> >>> I tried to make it more robust by adding permission only for stanbol
> >>> codebase however I failed to make it work. If anyone knows how to do ,
> >> let
> >>> me know.
> >>>
> >>> After that , need to change the tomcat init script in
> /etc/init.d/tomcat
> >>> Line 98 to yes.
> >>>
> >>> TOMCAT7_SECURITY=yes
> >>>
> >>>
> >>> After all these, every component would work but we need to alter the
> >> tomcat
> >>> application memory size.
> >>>
> >>> vi /etc/default/tomcat7
> >>>
> >>> change the JAVA_OPTS line.
> >>>
> >>> JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m
> >>> -XX:+UseConcMarkSweepGC"
> >>>
> >>> Then restart tomcat7.
> >>>
> >>>
> >>> Hope this would help people.
> >>>
> >>> Thanks.
> >>>
> >>> -Luyi.
> >>
> >>
>
>

Re: Stanbol war deployed to tomcat7 on ubuntu 14.04

["ajs6f@virginia.edu" <aj...@virginia.edu>]

Do you mean giving only permissions to actions originating in the Stanbol webapp and not to actions originating in other webapps deployed in your web container?

---
A. Soroka
The University of Virginia Library

On Sep 8, 2014, at 11:11 AM, Luyi Wang <wa...@guitarca.com> wrote:

> Does anyone have some idea on giving only codebase permission?
> 
> On Sun, Sep 7, 2014 at 4:07 AM, ajs6f@virginia.edu <aj...@virginia.edu>
> wrote:
> 
>> Another approach here is to move the Stanbol home _out_ of the directory
>> of your web container. I think that's a little clearer and safer, and
>> that's how I run Stanbol as a web app. You can do that with an init param
>> in the Stanbol web application's web.xml file, with an element like this:
>> 
>> </init-param>
>>                <init-param> <!-- the default sling.home is set to stanbol
>> -->
>>                <param-name>sling.home</param-name>
>>                <param-value>/my/directory/for/stanbol</param-value>
>> </init-param>
>> 
>> And of course you must give the Tomcat user rights to content under that
>> directory.
>> 
>> ---
>> A. Soroka
>> The University of Virginia Library
>> 
>> On Sep 7, 2014, at 1:08 AM, Luyi Wang <wa...@guitarca.com> wrote:
>> 
>>> Hi all:
>>> 
>>> Would like to share my experience on deploying stanbol war file to
>> tomcat7
>>> on ubuntu 14.04
>>> 
>>> After the full build by following instruction upon
>>> http://stanbol.apache.org/docs/trunk/tutorial.html
>>> 
>>> I got the stanbol.war file deployed on tomcat7 but it kept reporting
>> error
>>> for resource not available as Apache Sling is starting. I checked the
>>> access log and found stanbol (actually sling) failed in creating a folder
>>> under tomcat folder instead of tomcat webapps folder. An easy hack way is
>>> to create a folder named "stanbol"  with tomcat7 user/group access under
>>> your $CATALINA_BASE folder and restart tomcat7. Then everything is fine
>>> except the the link "system/console" would be broken by default setting.
>>> 
>>> The broken link reporting permission error. To solve this, need to edit
>> two
>>> parts.
>>> 1. add permission into your tomcat policy configuration which is under
>>> /etc/tomcat7/policy.d folder.  You can choose one to edit since later on
>>> they all compile to be one file as $CATALINA_BASE/work/catalina.policy
>>> (/var/lib/tomcat7/work/catalina.policy)
>>> 
>>> The hack way is to grant permission with careless.
>>> 
>>> grant {
>>> permission java.security.AllPermission;
>>> };
>>> 
>>> 
>>> I tried to make it more robust by adding permission only for stanbol
>>> codebase however I failed to make it work. If anyone knows how to do ,
>> let
>>> me know.
>>> 
>>> After that , need to change the tomcat init script in /etc/init.d/tomcat
>>> Line 98 to yes.
>>> 
>>> TOMCAT7_SECURITY=yes
>>> 
>>> 
>>> After all these, every component would work but we need to alter the
>> tomcat
>>> application memory size.
>>> 
>>> vi /etc/default/tomcat7
>>> 
>>> change the JAVA_OPTS line.
>>> 
>>> JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m
>>> -XX:+UseConcMarkSweepGC"
>>> 
>>> Then restart tomcat7.
>>> 
>>> 
>>> Hope this would help people.
>>> 
>>> Thanks.
>>> 
>>> -Luyi.
>> 
>> 

Re: Stanbol war deployed to tomcat7 on ubuntu 14.04

[Luyi Wang <wa...@guitarca.com>]

Does anyone have some idea on giving only codebase permission?

On Sun, Sep 7, 2014 at 4:07 AM, ajs6f@virginia.edu <aj...@virginia.edu>
wrote:

> Another approach here is to move the Stanbol home _out_ of the directory
> of your web container. I think that's a little clearer and safer, and
> that's how I run Stanbol as a web app. You can do that with an init param
> in the Stanbol web application's web.xml file, with an element like this:
>
> </init-param>
>                 <init-param> <!-- the default sling.home is set to stanbol
> -->
>                 <param-name>sling.home</param-name>
>                 <param-value>/my/directory/for/stanbol</param-value>
> </init-param>
>
> And of course you must give the Tomcat user rights to content under that
> directory.
>
> ---
> A. Soroka
> The University of Virginia Library
>
> On Sep 7, 2014, at 1:08 AM, Luyi Wang <wa...@guitarca.com> wrote:
>
> > Hi all:
> >
> > Would like to share my experience on deploying stanbol war file to
> tomcat7
> > on ubuntu 14.04
> >
> > After the full build by following instruction upon
> > http://stanbol.apache.org/docs/trunk/tutorial.html
> >
> > I got the stanbol.war file deployed on tomcat7 but it kept reporting
> error
> > for resource not available as Apache Sling is starting. I checked the
> > access log and found stanbol (actually sling) failed in creating a folder
> > under tomcat folder instead of tomcat webapps folder. An easy hack way is
> > to create a folder named "stanbol"  with tomcat7 user/group access under
> > your $CATALINA_BASE folder and restart tomcat7. Then everything is fine
> > except the the link "system/console" would be broken by default setting.
> >
> > The broken link reporting permission error. To solve this, need to edit
> two
> > parts.
> > 1. add permission into your tomcat policy configuration which is under
> > /etc/tomcat7/policy.d folder.  You can choose one to edit since later on
> > they all compile to be one file as $CATALINA_BASE/work/catalina.policy
> > (/var/lib/tomcat7/work/catalina.policy)
> >
> > The hack way is to grant permission with careless.
> >
> > grant {
> > permission java.security.AllPermission;
> > };
> >
> >
> > I tried to make it more robust by adding permission only for stanbol
> > codebase however I failed to make it work. If anyone knows how to do ,
> let
> > me know.
> >
> > After that , need to change the tomcat init script in /etc/init.d/tomcat
> > Line 98 to yes.
> >
> > TOMCAT7_SECURITY=yes
> >
> >
> > After all these, every component would work but we need to alter the
> tomcat
> > application memory size.
> >
> > vi /etc/default/tomcat7
> >
> > change the JAVA_OPTS line.
> >
> > JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m
> > -XX:+UseConcMarkSweepGC"
> >
> > Then restart tomcat7.
> >
> >
> > Hope this would help people.
> >
> > Thanks.
> >
> > -Luyi.
>
>

Re: Stanbol war deployed to tomcat7 on ubuntu 14.04

["ajs6f@virginia.edu" <aj...@virginia.edu>]

Another approach here is to move the Stanbol home _out_ of the directory of your web container. I think that's a little clearer and safer, and that's how I run Stanbol as a web app. You can do that with an init param in the Stanbol web application's web.xml file, with an element like this:

</init-param>
		<init-param> <!-- the default sling.home is set to stanbol -->
                <param-name>sling.home</param-name>
                <param-value>/my/directory/for/stanbol</param-value>
</init-param>

And of course you must give the Tomcat user rights to content under that directory.

---
A. Soroka
The University of Virginia Library

On Sep 7, 2014, at 1:08 AM, Luyi Wang <wa...@guitarca.com> wrote:

> Hi all:
> 
> Would like to share my experience on deploying stanbol war file to tomcat7
> on ubuntu 14.04
> 
> After the full build by following instruction upon
> http://stanbol.apache.org/docs/trunk/tutorial.html
> 
> I got the stanbol.war file deployed on tomcat7 but it kept reporting error
> for resource not available as Apache Sling is starting. I checked the
> access log and found stanbol (actually sling) failed in creating a folder
> under tomcat folder instead of tomcat webapps folder. An easy hack way is
> to create a folder named "stanbol"  with tomcat7 user/group access under
> your $CATALINA_BASE folder and restart tomcat7. Then everything is fine
> except the the link "system/console" would be broken by default setting.
> 
> The broken link reporting permission error. To solve this, need to edit two
> parts.
> 1. add permission into your tomcat policy configuration which is under
> /etc/tomcat7/policy.d folder.  You can choose one to edit since later on
> they all compile to be one file as $CATALINA_BASE/work/catalina.policy
> (/var/lib/tomcat7/work/catalina.policy)
> 
> The hack way is to grant permission with careless.
> 
> grant {
> permission java.security.AllPermission;
> };
> 
> 
> I tried to make it more robust by adding permission only for stanbol
> codebase however I failed to make it work. If anyone knows how to do , let
> me know.
> 
> After that , need to change the tomcat init script in /etc/init.d/tomcat
> Line 98 to yes.
> 
> TOMCAT7_SECURITY=yes
> 
> 
> After all these, every component would work but we need to alter the tomcat
> application memory size.
> 
> vi /etc/default/tomcat7
> 
> change the JAVA_OPTS line.
> 
> JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m
> -XX:+UseConcMarkSweepGC"
> 
> Then restart tomcat7.
> 
> 
> Hope this would help people.
> 
> Thanks.
> 
> -Luyi.