Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Tomcat Users List" <tomcat-user@jakarta.apache.org>
Date: Wed, 10 Dec 2003 11:33:48 -0500
From: Jeanfrancois Arcand <jfarcand@apache.org>
Subject: Re: XSL-T migration stylesheet [was: RE: TC5 + SSL: Keystore password
 bound to default "changeit"?]
In-reply-to: <9BE519B99CEAD3119DE9009027CA3012030F3DC4@NBGV114A>
To: Tomcat Users List <tomcat-user@jakarta.apache.org>
Message-id: <3FD74AEC.4000909@apache.org>
MIME-version: 1.0
Content-type: text/plain; format=flowed; charset=us-ascii
Content-transfer-encoding: 7bit
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031007
References: <9BE519B99CEAD3119DE9009027CA3012030F3DC4@NBGV114A>


Baer Peter Christoph Alexander wrote:

>Hi Jeanfrancois,
>
>not that I want to deny my responsibility.
>If I felt being able to do one of the patches,
>I would not hesitate. I wouldn't post my thoughts
>here, but the ready-made patches instead, of
>course. ;-)
>
>But: I think the only persons who really have the
>knowledge required to create a migration stylesheet
>are the Tomcat developers, as they are the only
>persons knowing what tags there actually are, and
>how they were changed over the time.
>People like me could derive this kind of information
>from a DTD or schema, but there is none...
>Vicious circle, here! ;-)
>
>But I'll think about starting the XSL-T migration
>thing. Maybe we can persuade the Tomcat developers
>to add there wisdom.
>
>In fact, I think, it would be possible to start
>very simple. The migration wouldn't be completely
>done by the stylesheet, but some conversion would
>already be done automatically, that has not to be
>done by hand. Like removing Factory tags and
>changing attribute name Protocol to sslProtocol.
>
>What do you think? Do you think it could be done,
>and lead to a really useful result? I'm optimistic,
>but I'm only a Tomcat user, not a Tomcat developer,
>and so I might overlook the big rock right in my
>way... ;-)
>  
>
Yes, it could be done, but that needs a lot of works and as a 
developper, I have more "critical" things to do right now (and I'm sure 
most of the developper has). But I agree, we are very bad sometimes when 
"user experience" come into the picture (or I'm very bad...).....

-- Jeanfrancois


>Regards
>	Alex
>
>  
>
>>-----Original Message-----
>>From: Jeanfrancois Arcand [mailto:jfarcand@apache.org]
>>Sent: Wednesday, December 10, 2003 3:21 PM
>>To: Tomcat Users List
>>Cc: Ankur Shah
>>Subject: Re: TC5 + SSL: Keystore password bound to default "changeit"?
>>
>>
>>
>>
>>Baer Peter Christoph Alexander wrote:
>>
>>    
>>
>>>Am Dienstag, 9. Dezember 2003 20:54 schrieb Ankur Shah:
>>> 
>>>
>>>      
>>>
>>>>Remy Maucherat wrote:
>>>>   
>>>>
>>>>        
>>>>
>>>>>Baer Peter Christoph Alexander wrote:
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>>>Hi!
>>>>>>
>>>>>>I have a question about something, I observe, but don't
>>>>>>want to believe... ;-)
>>>>>>
>>>>>>Tomcat 5 can use my keystore, but only if the password is
>>>>>>"changeit", the default password. Now, the docs say, one
>>>>>>should use this, but with TC 4.0.6 it was possible to
>>>>>>change it. Is the password hard coded in TC 5?
>>>>>>       
>>>>>>
>>>>>>            
>>>>>>
>>>>>I didn't test that particular feature myself, but I 
>>>>>          
>>>>>
>>believe this works
>>    
>>
>>>>>ok.
>>>>>The way connectors parameters (and in particular SSL 
>>>>>          
>>>>>
>>parameters) are
>>    
>>
>>>>>defined changed in TC 5.0.x. Look there:
>>>>>http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/coyote.html
>>>>>There's the SSL howto also.
>>>>>     
>>>>>
>>>>>          
>>>>>
>>>>Also, you might want to make sure that the password of your 
>>>>        
>>>>
>>*target key*
>>    
>>
>>>>matches your keystore password. I'm not sure how that plays out in
>>>>tomcat world, but I can see that to be a problem if the 
>>>>        
>>>>
>>server assumes
>>    
>>
>>>>the key's password to be the same as that of the keystore.
>>>>   
>>>>
>>>>        
>>>>
>>><Thoughts>
>>><Just an idea>
>>>server.xml is an XML file. It used to be XML in TC4, and it
>>>ist still XML in TC5. Shouldn't it be possible, then, to 
>>>      
>>>
>>write an XSL-T
>>    
>>
>>>stylesheet converting old config files into newer formats?
>>>That would considerably ease migration/upgrade pains...
>>></Just an idea>
>>> 
>>>
>>>      
>>>
>>Yes, it could. You're more than Welcome to submit a patch :-)
>>
>>
>>    
>>
>>><Just an idea>
>>>If we had an XML schema definition (be it W3C XML schema,
>>>Relax NG or whatever), an XML editor like Pollo or XML Spy
>>>could validate the config file. This would help to avoid and
>>>reveal mistakes and thus speed up Tomcat configuration...
>>></Just an idea>
>>> 
>>>
>>>      
>>>
>>Just search that list on the topic ;-) It is not possible at 
>>the moment 
>>to have a DTD or schema for the server.xml (due to its 
>>complexity). If 
>>you have time and think you can come with something, a second 
>>patch is 
>>welcome!
>>
>>-- Jeanfrancois
>>
>>    
>>
>>></Thoughts>
>>>
>>>Regards
>>>
>>>	Alex
>>>
>>>---------------------------------------------------------------------
>>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>
>>>
>>> 
>>>
>>>      
>>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>
>>    
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org