tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Edoardo Panfili <edoa...@aspix.it>
Subject Re: can't connect to manager application
Date Sat, 19 Oct 2013 13:46:16 GMT
Il 19/10/13 14:21, Martin Gainty ha scritto:
>
>
>
>
>
>> Date: Sat, 19 Oct 2013 10:23:11 +0200
>> From: edoardo@aspix.it
>> To: users@tomcat.apache.org
>> Subject: Re: can't connect to manager application
>>
>> Il 19/10/13 00:24, Mark Eggers ha scritto:
>>> On 10/18/2013 3:18 PM, André Warnier wrote:
>>>> Edoardo Panfili wrote:
>>>>> Il 17/10/13 18:45, Edoardo Panfili ha scritto:
>>>>>> My Tomcat (7.0.42) is listening on port 7080 and I have this
>>>>>> conf/tomcat-users.xml in (production server)
>>>>>>
>>>>>> -------
>>>>>> <tomcat-users>
>>>>>> <role rolename="manager-script"/>
>>>>>> <user username="myname" password="pwd"
>>>>>> roles="manager-script,manager-gui,manager-jmx"/>
>>>>>> </tomcat-users>
>>>>>> ----------
>>>>>> if I use
>>>>>>
>>>>>> curl -u myname:pwd
>>>>>> http://localhost:7080/manager/text/reload?path=/myApplication
>>>>>>
>>>>>> the response is--------------------------
>>>>>> <h1>404 Not found</h1>
>>>>>> <p>
>>>>>> The page you tried to access
>>>>>> (/manager/text/reload)
>>>>>> does not exist.
>>>>>> </p>
>>>>>> <p>
>>>>>> The Manager application has been re-structured for Tomcat 7
>>>>>> onwards
>>>>>> and some
>>>>>> of URLs have changed. All URLs used to access the Manager
>>>>>> application should
>>>>>> now start with one of the following options:
>>>>>> </p>
>>>>>> <ul>
>>>>>> <li>/manager/html for the HTML GUI</li>
>>>>>> <li>/manager/text for the text interface</li>
>>>>>> <li>/manager/jmxproxy for the JMX proxy</li>
>>>>>> <li>/manager/status for the status pages</li>
>>>>>> </ul>
>>>>>> <p>
>>>>>> Note that the URL for the text interface has changed from
>>>>>> &quot;/manager&quot; to
>>>>>> &quot;/manager/text&quot;.
>>>>>> </p>
>>>>>> <p>
>>>>>> You probably need to adjust the URL you are using to access the
>>>>>> Manager
>>>>>> application. However, there is always a chance you have found a
>>>>>> bug
>>>>>> in the
>>>>>> Manager application. If you are sure you have found a bug, and
>>>>>> that
>>>>>> the bug
>>>>>> has not already been reported, please report it to the Apache
>>>>>> Tomcat team.
>>>>>> </p>
>>>>>> ---------------------------------------------------------
>>>>>
>>>>>
>>>>> Installation step by step:
>>>>>
>>>>> Unpack new download from tomcat.apache.org
>>>>>
>>>>> 1- set users
>>>>> <tomcat-users>
>>>>> <user username="edoardo" password="pwd"
>>>>> roles="manager-script,manager-gui,manager-jmx,other"/>
>>>>> </tomcat-users>
>>>>>
>>>>> then reload tomcat
>>>>> $curl -u edoardo:pwd
>>>>> http://localhost:8080/manager/text/reload?path=/examples
>>>>> OK - Reloaded application at context path /examples
>>>>>
>>>>>
>>>>> 2- copy myApplication from production server
>>>>> copy configuration file ($tomcat/Catalina/localhost/myApplication.xml)
>>>>> from production server
>>>>> stop & start tomcat
>>>>>
>>>>> $curl -u edoardo:pwd
>>>>> http://localhost:8080/manager/text/reload?path=/myApplication
>>>>> OK - Reloaded application at context path /myApplication
>>>>>
>>>>>
>>>>> 3- first modify to server.xml
>>>>> shutdown tomcat
>>>>> modify server.xml
>>>>> <Connector port="8080" protocol="HTTP/1.1"
>>>>> becomes
>>>>> <Connector port="9080" protocol="HTTP/1.1"
>>>>>
>>>>> start then curl again
>>>>> all well
>>>>>
>>>>>
>>>>> 4- second modify to server.xml
>>>>> <Host name="localhost" appBase="webapps"
>>>>> unpackWARs="true" autoDeploy="true">
>>>>> becomes
>>>>> <Host name="localhost" appBase="webapps"
>>>>> unpackWARs="true" autoDeploy="true" deployXML="false">
>>>>>
>>>>> stop-start
>>>>>
>>>>> $curl -u edoardo:pwd
>>>>> http://localhost:9080/manager/text/reload?path=/myApplication
>>>>> javax.servlet.ServletException: Error instantiating servlet class
>>>>> org.apache.catalina.manager.ManagerServlet
>>>>> [...]
>>>>>
>>>>> $curl -u edoardo:pwd
>>>>> http://localhost:9080/manager/text/reload?path=/myApplication
>>>>> the same error reported in the initial post (above)
>>>>>
>>>>>
>>>>>
>>>>> deployXML="false" is recommended at
>>>>> http://tomcat.apache.org/tomcat-7.0-doc/config/host.html and useful
>>>>> for me.
>>>>>
>>>> One big difference that I see when deployXML="false", is that this file :
>>>> (catalina_base)/webapps/myApplication/META-INF/context.xml
>>>> is no longer being parsed,
>>>> and instead this file is parsed :
>>>> $tomcat/Catalina/localhost/myApplication.xml
>>>> when you reload your app.
>>>> What is the content of that file ?
>>>
>>>  From the last log file that was posted, these context files are pretty
>>> broken (although myApplication.xml only had the magic debug attribute set).
>>>
>>
>> - unpack tomcat
>> - add an user in tomcat-users.xml
>> - modify server.xml adding deployXML="false" to Host
>> <Host name="localhost" appBase="webapps"
>> unpackWARs="true" autoDeploy="true" deployXML="false">
>> - use manager application via curl
>> $ curl -u user:pwd http://localhost:8080/manager/text/reload?path=/example
>>
>> error page.
>>
>> # cat manager.2013-10-19.log
>> 19-ott-2013 10.16.17 org.apache.catalina.core.ApplicationContext log
>> INFO: Marking servlet Manager as unavailable
>> 19-ott-2013 10.16.17 org.apache.catalina.core.StandardWrapperValve invoke
>> GRAVE: Allocate exception for servlet Manager
>> java.lang.SecurityException: Restricted (ContainerServlet) class
>> org.apache.catalina.manager.ManagerServlet
>> at
>> org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:538)
>> at
>> org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:511)
>> at
>> org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:137)
>> at
>> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1144)
>> at
>> org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:865)
>> at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:136)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
>> at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:611)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
>> at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
>> at
>> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
>> at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
>> at
>> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
>> at
>> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
>> at
>> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
>> at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
>> at java.lang.Thread.run(Thread.java:636)
>
> MG>run catalina with debug AND securityManager enabled
> MG>catalina<.bat/sh> debug -security   //Debug Catalina with a security manager
>
> MG>Ensure Security listener is enabled in server.xml
> MG><Listener className="org.apache.catalina.security.SecurityListener" />
>
> MG>check permissions setup for "securityManager" in /conf/catalina.policy
> MG>// catalina.policy - Security Policy Permissions for Tomcat 7
> //
> // This file contains a default set of security policies to be enforced (by the
> // JVM) when Catalina is executed with the "-security" option.  In addition
> // to the permissions granted here, the following additional permissions are
> // granted to each web application:
> //
> // * Read access to the web application's document root directory
> // * Read, write and delete access to the web application's working directory
> // These permissions apply to javac
> grant codeBase "file:${java.home}/lib/-" {
>          permission java.security.AllPermission;
> };
> // These permissions apply to all shared system extensions
> grant codeBase "file:${java.home}/jre/lib/ext/-" {
>          permission java.security.AllPermission;
> };
> // These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
> grant codeBase "file:${java.home}/../lib/-" {
>          permission java.security.AllPermission;
> };
> // These permissions apply to all shared system extensions when
> // ${java.home} points at $JAVA_HOME/jre
> grant codeBase "file:${java.home}/lib/ext/-" {
>          permission java.security.AllPermission;
> };
>
> MG>make sure ALL of these grants in catalina.policy are enabled (and not commented
out or deleted)
> MG>bounce TC and report back

permissions OK.(none modified)
Security listener in server.xml in now enabled
$ export JAVA_HOME=/usr/lib/jvm/java-6-openjdk/


$tomcat/bin/catalina.sh debug -security
Using CATALINA_BASE:   /usr/local/tomcat7
Using CATALINA_HOME:   /usr/local/tomcat7
Using CATALINA_TMPDIR: /usr/local/tomcat7/temp
Using JAVA_HOME:       /usr/lib/jvm/java-6-openjdk/
Using CLASSPATH: 
/usr/local/tomcat7/bin/bootstrap.jar:/usr/local/tomcat7/bin/tomcat-juli.jar
Using Security Manager
Initializing jdb ...
 > run
run org.apache.catalina.startup.Bootstrap start
Set uncaught java.lang.Throwable
Set deferred uncaught java.lang.Throwable
 >
VM Started: 19-ott-2013 15.33.07 
org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal 
performance in production environments was not found on the 
java.library.path: 
/usr/lib/jvm/java-6-openjdk/jre/lib/amd64/server:/usr/lib/jvm/java-6-openjdk/jre/lib/amd64:/usr/lib/jvm/java-6-openjdk/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib/jni:/lib:/usr/lib
java.lang.Error: Start attempted while running as user [root]. Running 
Tomcat as this user has been blocked by the Lifecycle listener 
org.apache.catalina.security.SecurityListener (usually configured in 
CATALINA_BASE/conf/server.xml)
	at 
org.apache.catalina.security.SecurityListener.checkOsUser(SecurityListener.java:154)
	at 
org.apache.catalina.security.SecurityListener.doChecks(SecurityListener.java:142)
	at 
org.apache.catalina.security.SecurityListener.lifecycleEvent(SecurityListener.java:63)
	at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
	at 
org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90)
	at 
org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402)
	at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:99)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:640)
	at org.apache.catalina.startup.Catalina.load(Catalina.java:665)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)

The application exited
root@virtual-vnr:/usr/local/tomcat7/logs#


the same using jdk1.7.0_45 from Oracle.


Edoardo


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message