You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Alberto Garoffolo <a....@web-rise.com> on 2002/01/14 16:28:54 UTC
Please, need help about Tomcat 4.0.x classloader compatibility with custom protocol definition
Hi,
I' ve a problem defining under Tomcat 4.0.x my own protocol
handler setting the property "java.protocol.handler.pkgs"
(URL class cannot load URLStreamHandlers located in the "common/lib"
directory).
My protocol interacts with all my webapps allowing them to
add their handlers at runtime
( for example: protocolname://handler1/ , protocolname://handler2/ ...).
I' ve implemented this with a singletone object
(queryied by my implementation of the URLStreamHandler Class) that
holds the associations handler_name->component_instance.
Under Tomcat 4 i had to put my protocol jar in the common/lib
directory to access the same singletone object from all webapps.
Then i've encountered some problems registering the protocol,
before with "URL.setURLStreamHandlerFactory" because the factory
was already defined by Tomcat, and after with the property
"java.protocol.handler.pkgs".
One month ago i solved the problem modifying Tomcat 4.0.1
to not register the factory if the package "org.apache.naming.resources"
is specified in the property "java.protocol.handler.pkgs", then i sent
the patch to tomcat-dev list but no reply
Now, having the same problem with Tomcat 4.0.2 b1, i retried to declare
my protocol setting the "java.protocol.handler.pkgs" property but it still
doesn't work.
Debugging the application, i found that the ClassLoader used by java.net.URL
cannot
find my URLStreamHandler implementation that is in the common/lib.
This is the "java.net.URL" code that should instantiate the
URLStreamHandler:
(packagePrefix is the package found in the property
"java.protocol.handler.pkgs"
and protocol, the requested protocol name )
<code>
try {
String clsName = packagePrefix + "." + protocol + ".Handler";
Class cls = null;
try {
cls = Class.forName(clsName);
} catch (ClassNotFoundException e) {
ClassLoader cl = ClassLoader.getSystemClassLoader();
if (cl != null) {
cls = cl.loadClass(clsName);
}
}
if (cls != null) {
handler =
(URLStreamHandler)cls.newInstance();
}
} catch (Exception e) {
// any number of exceptions can get thrown here
}
</code>
I think it could be a ClassLoader bug.
Thanks for patience :-)
Thanks in advance for any help.
Ciao,
Alberto.
P.S.
Here follows how i patched Tomcat 4.0.1 to not register the
URLStreamHandlerFactory
if the package "org.apache.naming.resources" is specified in the property
"java.protocol.handler.pkgs".
-------------------------------------------------------------------------
I' ve modified with success my tomcat 4.01 to allow webapps to register
their protocol handler in this way:
in WebappLoader.java and in StandardLoader.java before setting the factory i
check if the property
"java.protocol.handler.pkgs" contains the package
"org.apache.naming.resources", in this case it' s not
necessary to set the Factory because the URL class will use, for the jndi
protocol, the class named:
"org.apache.naming.resources" + ".jndi" + ".Handler"; if the proprty isn't
set i register the Factory.
Then, i' ve modified catalina.sh setting CATALINA_OPTS with value:
"-Djava.protocol.handler.pkgs=org.apache.naming.resources"
-------------------------------------------------------------------------
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
I can't run Tomcat 3.3 with SSL
Posted by Mihail <ku...@ivc.nnov.ru>.
Hello.
I can't run Tomcat 3.3 with SSL on Red Hat Linux 7.0
I make key with keytool, then add
<Http10Connector
port="8443"
secure="true"
keystore="/var/tomcat/conf/keystore"
keypass="mynewpass"
clientAuth="false" />
in server.xml
Then I start tomcat. And he doesn't work!
--
Best regards,
Mihail mailto:kumy@ivc.nnov.ru
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
URL cannot load URLStreamHandlers located in the "common/lib" directory (was: Please, need help about Tomcat 4.0.x classloader compatibility with custom protocol definition)
Posted by Alberto Garoffolo <a....@web-rise.com>.
Hi,
----- Original Message -----
From: "Alberto Garoffolo" <a....@web-rise.com>
To: <to...@jakarta.apache.org>
Sent: Monday, January 14, 2002 4:28 PM
Subject: Please, need help about Tomcat 4.0.x classloader compatibility with
custom protocol definition
> Hi,
>
> I' ve a problem defining under Tomcat 4.0.x my own protocol
> handler setting the property "java.protocol.handler.pkgs"
>
> (URL class cannot load URLStreamHandlers located in the "common/lib"
> directory).
>
> My protocol interacts with all my webapps allowing them to
> add their handlers at runtime
> ( for example: protocolname://handler1/ , protocolname://handler2/ ...).
> I' ve implemented this with a singletone object
> (queryied by my implementation of the URLStreamHandler Class) that
> holds the associations handler_name->component_instance.
> Under Tomcat 4 i had to put my protocol jar in the common/lib
> directory to access the same singletone object from all webapps.
>
> Then i've encountered some problems registering the protocol,
> before with "URL.setURLStreamHandlerFactory" because the factory
> was already defined by Tomcat, and after with the property
> "java.protocol.handler.pkgs".
>
> One month ago i solved the problem modifying Tomcat 4.0.1
> to not register the factory if the package "org.apache.naming.resources"
> is specified in the property "java.protocol.handler.pkgs", then i sent
> the patch to tomcat-dev list but no reply
>
>
> Now, having the same problem with Tomcat 4.0.2 b1, i retried to declare
> my protocol setting the "java.protocol.handler.pkgs" property but it still
> doesn't work.
>
> Debugging the application, i found that the ClassLoader used by
java.net.URL
> cannot
> find my URLStreamHandler implementation that is in the common/lib.
>
> This is the "java.net.URL" code that should instantiate the
> URLStreamHandler:
> (packagePrefix is the package found in the property
> "java.protocol.handler.pkgs"
> and protocol, the requested protocol name )
>
> <code>
> try {
> String clsName = packagePrefix + "." + protocol + ".Handler";
>
> Class cls = null;
> try {
> cls = Class.forName(clsName);
> } catch (ClassNotFoundException e) {
>
> ClassLoader cl = ClassLoader.getSystemClassLoader();
> if (cl != null) {
> cls = cl.loadClass(clsName);
> }
> }
> if (cls != null) {
> handler =
> (URLStreamHandler)cls.newInstance();
> }
> } catch (Exception e) {
> // any number of exceptions can get thrown here
> }
> </code>
>
> I think it could be a ClassLoader bug.
>
> Thanks for patience :-)
>
> Thanks in advance for any help.
>
> Ciao,
> Alberto.
>
> P.S.
> Here follows how i patched Tomcat 4.0.1 to not register the
> URLStreamHandlerFactory
> if the package "org.apache.naming.resources" is specified in the property
> "java.protocol.handler.pkgs".
>
> -------------------------------------------------------------------------
> I' ve modified with success my tomcat 4.01 to allow webapps to register
> their protocol handler in this way:
>
> in WebappLoader.java and in StandardLoader.java before setting the factory
i
> check if the property
> "java.protocol.handler.pkgs" contains the package
> "org.apache.naming.resources", in this case it' s not
> necessary to set the Factory because the URL class will use, for the jndi
> protocol, the class named:
> "org.apache.naming.resources" + ".jndi" + ".Handler"; if the proprty isn't
> set i register the Factory.
>
> Then, i' ve modified catalina.sh setting CATALINA_OPTS with value:
> "-Djava.protocol.handler.pkgs=org.apache.naming.resources"
> -------------------------------------------------------------------------
>
Is there anyone can tell me if what i encountered is a bug in Tomcat or if i
made something wrong?
Are you interested to the patch i post to not register the
URLStreamHandlerFactory?
Best Regards,
Alberto.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Help importing SSL certificates
Posted by Roland <ro...@netquant.com.br>.
Hello,
I found the problem myself.
The problem is in the keytool import:
"-import - Import either a certificate to be treated as a "trusted certificate"
or a certificate reply returned by a CA. The latter will be used to replace
the corresponding
self-signed certificate in the keystore."
To import a signed certificate, you first had to create a corresponding
self-signed certificate in keytool, which will then be replaced. This was
our mistake, since we not only signed but also created our certificate
outside of keytool.
Roland
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Help importing SSL certificates
Posted by Eric Rescorla <ek...@rtfm.com>.
Roland <ro...@netquant.com.br> writes:
> I'm trying to use SSL with Tomcat. Everything is fine if I use a
> certificate generated with keytool. But, if I try to import a certificate
> generated with OpenSSL, it doesn't work. What happens is that I can import
> the certificate and it will not complain. But when I try to connect to
> Tomcat with the browser it will give an error like 'unknown encryption
> algorithm'.
> Can anyone help here?
We'll need rather more detail in order to help:
(1) What gives you "unknown encryption error" the client or server?
(2) Does the other side give you an error (i.e. check the server
logs).
(3) Can you capture an ssldump (http://www.rtfm.com/ssldump) of the
transaction?
If you really get stuck, you can always use PureTLS, which can
use OpenSSL-generated certs directly :)
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Help importing SSL certificates
Posted by Michael Jennings <mi...@southgatesoftware.com>.
Hi Roland,
As far as I understand tomcat/ssl/openssl and java's keystore, you need to
do the following:
1. Generate a private key/self-signed certificate pair in a keystore file
(mykeys.jks for example)
and give it an alias ("tomcat" for example)
2. Export a certificate signing request (CSR) for your key (pleasesignit.csr
for example)
3. Get someone friendly (Rich CA Ltd. for example) to digitally sign your
CSR, and give you back a certificate reply (cert-reply.crt for example)
4. Import the certificate reply into your keystore file using the alias you
chose ("mykey")
Now you should have a private key with a public key that has been signed by
Rich CA Ltd.
Now just use your keystore with tomcat and be sure to include your keystore
password
in your server.conf file and you should be able to accept SSL connections
with tomcat.
The only problem is, every single client that attempts an SSL connection to
your
tomcat needs to have Rich CA Ltd. pre-defined as a certificate authority in
order
for the connection to proceed.
Companies like Thawte and Verisign are already pre-defined as certificate
authorities on
most web browsers, so if you pay them to sign your CSR you should be fine.
Hope this helps!
-Mike
----- Original Message -----
From: "Roland" <ro...@netquant.com.br>
To: "Tomcat Developers List" <to...@jakarta.apache.org>
Sent: Monday, January 14, 2002 8:04 AM
Subject: Help importing SSL certificates
> Hello,
> I'm trying to use SSL with Tomcat. Everything is fine if I use a
> certificate generated with keytool. But, if I try to import a certificate
> generated with OpenSSL, it doesn't work. What happens is that I can import
> the certificate and it will not complain. But when I try to connect to
> Tomcat with the browser it will give an error like 'unknown encryption
> algorithm'.
> Can anyone help here?
> Roland
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
> For additional commands, e-mail:
<ma...@jakarta.apache.org>
>
>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Help importing SSL certificates
Posted by Roland <ro...@netquant.com.br>.
Hello,
I'm trying to use SSL with Tomcat. Everything is fine if I use a
certificate generated with keytool. But, if I try to import a certificate
generated with OpenSSL, it doesn't work. What happens is that I can import
the certificate and it will not complain. But when I try to connect to
Tomcat with the browser it will give an error like 'unknown encryption
algorithm'.
Can anyone help here?
Roland
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>