You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Bruce Pease <bp...@wth.com> on 2013/03/27 15:16:42 UTC
Velocity Logging
I am using Wicket 1.4.22 with Tomcat 7.0.37 and JDK 1.6.0_33. The recent
upgrade to Tomcat created an issue where the cannot
be undeployed unless the app is shut down due to the Wicket dependency
velocity logging in use (1.4).
We are running a web application under tomcat using the wicket framework. A
requirement for Wicket is the velocity libraries. The velocity framework is
auto loading and writing to a log in the conf directory. Since it is in use
I am unable to undeploy the web application. So, I am looking for a way to
turn off the velocity logging. Previous version of tomcat does not have this
issue (7.0.26).
Thanks in advance for your help.
Bruce D. Pease
Technical Team Lead - Web Applications
CruiseOne(r) <http://www.cruiseone.com/> & Cruises Inc(tm)
<http://www.cruisesinc.com/>
1201 W. Cypress Creek Road, Suite 100
Fort Lauderdale, FL 33309-1955
954-958-3654 (direct) | 954-958-3665 (fax)
bpease@wth.com <ma...@wth.com>
RE: Velocity Logging
Posted by Bruce Pease <bp...@wth.com>.
Since we are not using velocity we were able to remove the velocity
libraries, and this issue was resolved.
-----Original Message-----
From: Christopher Schultz [mailto:chris@christopherschultz.net]
Sent: Wednesday, March 27, 2013 2:38 PM
To: Tomcat Users List
Subject: Re: Velocity Logging
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Bruce,
On 3/27/13 10:16 AM, Bruce Pease wrote:
> I am using Wicket 1.4.22 with Tomcat 7.0.37 and JDK 1.6.0_33. The
> recent upgrade to Tomcat created an issue where the cannot
>
> be undeployed unless the app is shut down due to the Wicket dependency
> velocity logging in use (1.4).
>
>
>
> We are running a web application under tomcat using the wicket
> framework. A requirement for Wicket is the velocity libraries.
> The velocity framework is auto loading and writing to a log in the
> conf directory. Since it is in use I am unable to undeploy the web
> application. So, I am looking for a way to turn off the velocity
> logging. Previous version of tomcat does not have this issue
> (7.0.26).
1. Wrong mailing list? (This is for Tomcat, maybe you want Velocity?) 2.
Sounds like you are putting your Velocity and/or logging libraries in a
shared location.. is that the case? If so, stop doing that.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJRUzyIAAoJEBzwKT+lPKRYVSUQAKVhSnphqObwNZ1ZIJ1hXYOq
t3obA4/yWgKsOjBNlih8bye4bszVLvw3ETXeD5znTax5Pl3R/h9Gv5t84xTQ468d
eyzXvde5G7JfAURk3Lh47smaEdAuNSg4dVlDO+1SzIzkxsKrOOOFvvf69LDUpouY
EWAt27OYfP5UdGqn+TN8TYok87qWhdzMwELvHhWIBq84zUYp4iIrla2CYwpzCje+
yUfi9Qysb/U9dcqSnfmTM2GYZw+KaP0NXZXjfUdNk5B6C1I5YuNoWtOrFZhtwKru
S2OWocAhzEG02JEW+qdcEu4QaPA3KmrvGPNjJ9KTZHOVfDAonMS6Zk6XCFsBdwWi
rP2wIvaPwVYMrkrQBBPaLBttpNPRVI+DRxcheNqWT5r3kiPOP8f8nY1dR7OwTq/x
bsTxej0B0beMz9yIMVmw3gIELMOceFz2ufyBOYWpXWH/hTNw7yWnfSvmLyLJyzp0
0DMBK3svg3ZOqoJq/VVe9e8yHyq1PaSA76k+vqUmcFhoo0gX+4YzQ3fKyTe+XYME
YKpuTxeagxmmx+nPe10QIaOxhxGL8iDfs7GCHAxsDQbiRgae0ViRSHbLBpRDLI40
Vhc2KDf0OItvKRsf2+tZMy0LUHKdfy33ZUHKOkXEMlaXbK6AcX3GS8jJ4JA7x5aq
hD4PWviP7S6ZVO6/7sYL
=cE0X
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Velocity Logging
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Bruce,
On 3/27/13 10:16 AM, Bruce Pease wrote:
> I am using Wicket 1.4.22 with Tomcat 7.0.37 and JDK 1.6.0_33. The
> recent upgrade to Tomcat created an issue where the cannot
>
> be undeployed unless the app is shut down due to the Wicket
> dependency velocity logging in use (1.4).
>
>
>
> We are running a web application under tomcat using the wicket
> framework. A requirement for Wicket is the velocity libraries.
> The velocity framework is auto loading and writing to a log in the
> conf directory. Since it is in use I am unable to undeploy the web
> application. So, I am looking for a way to turn off the velocity
> logging. Previous version of tomcat does not have this issue
> (7.0.26).
1. Wrong mailing list? (This is for Tomcat, maybe you want Velocity?)
2. Sounds like you are putting your Velocity and/or logging libraries
in a shared location.. is that the case? If so, stop doing that.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBCAAGBQJRUzyIAAoJEBzwKT+lPKRYVSUQAKVhSnphqObwNZ1ZIJ1hXYOq
t3obA4/yWgKsOjBNlih8bye4bszVLvw3ETXeD5znTax5Pl3R/h9Gv5t84xTQ468d
eyzXvde5G7JfAURk3Lh47smaEdAuNSg4dVlDO+1SzIzkxsKrOOOFvvf69LDUpouY
EWAt27OYfP5UdGqn+TN8TYok87qWhdzMwELvHhWIBq84zUYp4iIrla2CYwpzCje+
yUfi9Qysb/U9dcqSnfmTM2GYZw+KaP0NXZXjfUdNk5B6C1I5YuNoWtOrFZhtwKru
S2OWocAhzEG02JEW+qdcEu4QaPA3KmrvGPNjJ9KTZHOVfDAonMS6Zk6XCFsBdwWi
rP2wIvaPwVYMrkrQBBPaLBttpNPRVI+DRxcheNqWT5r3kiPOP8f8nY1dR7OwTq/x
bsTxej0B0beMz9yIMVmw3gIELMOceFz2ufyBOYWpXWH/hTNw7yWnfSvmLyLJyzp0
0DMBK3svg3ZOqoJq/VVe9e8yHyq1PaSA76k+vqUmcFhoo0gX+4YzQ3fKyTe+XYME
YKpuTxeagxmmx+nPe10QIaOxhxGL8iDfs7GCHAxsDQbiRgae0ViRSHbLBpRDLI40
Vhc2KDf0OItvKRsf2+tZMy0LUHKdfy33ZUHKOkXEMlaXbK6AcX3GS8jJ4JA7x5aq
hD4PWviP7S6ZVO6/7sYL
=cE0X
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
RE: Tomcat support for JNDIRealm LDAPS connections
Posted by "Wilmoth, Jon" <Jo...@nordstrom.com>.
Thanks Felix. You're correct for a single auth SSL connection the password was not required (I assume a mutual auth connection would work as well if the keystore for the client cert was physically different). I assumed that since it was provided in the connector config (http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support) it would be required, but not the case!
Thanks again,
Jon
-----Original Message-----
From: Felix Schumacher [mailto:felix.schumacher@internetallee.de]
Sent: Thursday, March 28, 2013 6:52 AM
To: Tomcat Users List
Subject: Re: Tomcat support for JNDIRealm LDAPS connections
Hi Jon,
first of all, it seems that you have hijacked a thread by replying to a
mail from this mailing list and changing the subject of the thread.
That might be a reason, why you have not got any answers to your
question yet.
Am 27.03.2013 17:03, schrieb Wilmoth, Jon:
> After searching through the Tomcat user forums and bug list it
> appears there are only two options to enable ldaps connections,
> without modification to the Tomcat JNDI Realm itself:
>
> 1) Start Tomcat using system properties that specify the default
> trust keystore & password (e.g. -Djavax.net.ssl.trustStore=<path to
> truststore> -Djavax.net.ssl.trustStorePassword=<password>). The
> problem with this is it requires the password to the trust keystore be
> provided on the command line.
I don't think that you need to give a trustStorePassword, when all you
need is a secure connection to a tls/ssl based service.
You only need the password, if you want to access private keys in the
truststore, for example when you want to use client certificates.
HTH
Felix
> 2) Add the CA cert to the <java-home>/lib/security/cacerts file (or
> <java-home>/lib/security/jssecacerts which has higher precedence)
> which is used as the default trust store. This has the downside of
> tying the CA cert maintenance lifecycle to the JVM maintenance
> lifecycle (e.g. upgrades). It also limits the reuse of a JDK
> installation across applications/Tomcat instances.
>
> Are there any plans for org.apache.catalina.realm.JNDIRealm to
> address these items via support for configuring the trust store
> path/password like org.apache.tomcat.util.net.AbstractEndpoint?
>
> Thanks,
> Jon
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat support for JNDIRealm LDAPS connections
Posted by Felix Schumacher <fe...@internetallee.de>.
Hi Jon,
first of all, it seems that you have hijacked a thread by replying to a
mail from this mailing list and changing the subject of the thread.
That might be a reason, why you have not got any answers to your
question yet.
Am 27.03.2013 17:03, schrieb Wilmoth, Jon:
> After searching through the Tomcat user forums and bug list it
> appears there are only two options to enable ldaps connections,
> without modification to the Tomcat JNDI Realm itself:
>
> 1) Start Tomcat using system properties that specify the default
> trust keystore & password (e.g. -Djavax.net.ssl.trustStore=<path to
> truststore> -Djavax.net.ssl.trustStorePassword=<password>). The
> problem with this is it requires the password to the trust keystore be
> provided on the command line.
I don't think that you need to give a trustStorePassword, when all you
need is a secure connection to a tls/ssl based service.
You only need the password, if you want to access private keys in the
truststore, for example when you want to use client certificates.
HTH
Felix
> 2) Add the CA cert to the <java-home>/lib/security/cacerts file (or
> <java-home>/lib/security/jssecacerts which has higher precedence)
> which is used as the default trust store. This has the downside of
> tying the CA cert maintenance lifecycle to the JVM maintenance
> lifecycle (e.g. upgrades). It also limits the reuse of a JDK
> installation across applications/Tomcat instances.
>
> Are there any plans for org.apache.catalina.realm.JNDIRealm to
> address these items via support for configuring the trust store
> path/password like org.apache.tomcat.util.net.AbstractEndpoint?
>
> Thanks,
> Jon
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Tomcat support for JNDIRealm LDAPS connections
Posted by "Wilmoth, Jon" <Jo...@nordstrom.com>.
After searching through the Tomcat user forums and bug list it appears there are only two options to enable ldaps connections, without modification to the Tomcat JNDI Realm itself:
1) Start Tomcat using system properties that specify the default trust keystore & password (e.g. -Djavax.net.ssl.trustStore=<path to truststore> -Djavax.net.ssl.trustStorePassword=<password>). The problem with this is it requires the password to the trust keystore be provided on the command line.
2) Add the CA cert to the <java-home>/lib/security/cacerts file (or <java-home>/lib/security/jssecacerts which has higher precedence) which is used as the default trust store. This has the downside of tying the CA cert maintenance lifecycle to the JVM maintenance lifecycle (e.g. upgrades). It also limits the reuse of a JDK installation across applications/Tomcat instances.
Are there any plans for org.apache.catalina.realm.JNDIRealm to address these items via support for configuring the trust store path/password like org.apache.tomcat.util.net.AbstractEndpoint?
Thanks,
Jon
Re: Velocity Logging
Posted by Martin Grigorov <mg...@apache.org>.
On Wed, Mar 27, 2013 at 4:16 PM, Bruce Pease <bp...@wth.com> wrote:
> I am using Wicket 1.4.22 with Tomcat 7.0.37 and JDK 1.6.0_33. The recent
> upgrade to Tomcat created an issue where the cannot
>
> be undeployed unless the app is shut down due to the Wicket dependency
> velocity logging in use (1.4).
>
>
>
> We are running a web application under tomcat using the wicket framework.
> A
> requirement for Wicket is the velocity libraries. The velocity framework
> is
> auto loading and writing to a log in the conf directory. Since it is in
> use
> I am unable to undeploy the web application. So, I am looking for a way to
> turn off the velocity logging. Previous version of tomcat does not have
> this
> issue (7.0.26).
>
>
http://markmail.org/thread/5yyyidq62klahoi4
>
>
> Thanks in advance for your help.
>
>
>
> Bruce D. Pease
> Technical Team Lead - Web Applications
> CruiseOne(r) <http://www.cruiseone.com/> & Cruises Inc(tm)
> <http://www.cruisesinc.com/>
> 1201 W. Cypress Creek Road, Suite 100
> Fort Lauderdale, FL 33309-1955
> 954-958-3654 (direct) | 954-958-3665 (fax)
> bpease@wth.com <ma...@wth.com>
>
>
>
>
--
Martin Grigorov
jWeekend
Training, Consulting, Development
http://jWeekend.com <http://jweekend.com/>