tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject RE: can't connect to manager application
Date Sat, 19 Oct 2013 12:21:44 GMT


  


> Date: Sat, 19 Oct 2013 10:23:11 +0200
> From: edoardo@aspix.it
> To: users@tomcat.apache.org
> Subject: Re: can't connect to manager application
> 
> Il 19/10/13 00:24, Mark Eggers ha scritto:
> > On 10/18/2013 3:18 PM, André Warnier wrote:
> >> Edoardo Panfili wrote:
> >>> Il 17/10/13 18:45, Edoardo Panfili ha scritto:
> >>>> My Tomcat (7.0.42) is listening on port 7080 and I have this
> >>>> conf/tomcat-users.xml in (production server)
> >>>>
> >>>> -------
> >>>> <tomcat-users>
> >>>> <role rolename="manager-script"/>
> >>>> <user username="myname" password="pwd"
> >>>> roles="manager-script,manager-gui,manager-jmx"/>
> >>>> </tomcat-users>
> >>>> ----------
> >>>> if I use
> >>>>
> >>>> curl -u myname:pwd
> >>>> http://localhost:7080/manager/text/reload?path=/myApplication
> >>>>
> >>>> the response is--------------------------
> >>>> <h1>404 Not found</h1>
> >>>> <p>
> >>>> The page you tried to access
> >>>> (/manager/text/reload)
> >>>> does not exist.
> >>>> </p>
> >>>> <p>
> >>>> The Manager application has been re-structured for Tomcat 7
> >>>> onwards
> >>>> and some
> >>>> of URLs have changed. All URLs used to access the Manager
> >>>> application should
> >>>> now start with one of the following options:
> >>>> </p>
> >>>> <ul>
> >>>> <li>/manager/html for the HTML GUI</li>
> >>>> <li>/manager/text for the text interface</li>
> >>>> <li>/manager/jmxproxy for the JMX proxy</li>
> >>>> <li>/manager/status for the status pages</li>
> >>>> </ul>
> >>>> <p>
> >>>> Note that the URL for the text interface has changed from
> >>>> &quot;/manager&quot; to
> >>>> &quot;/manager/text&quot;.
> >>>> </p>
> >>>> <p>
> >>>> You probably need to adjust the URL you are using to access the
> >>>> Manager
> >>>> application. However, there is always a chance you have found a
> >>>> bug
> >>>> in the
> >>>> Manager application. If you are sure you have found a bug, and
> >>>> that
> >>>> the bug
> >>>> has not already been reported, please report it to the Apache
> >>>> Tomcat team.
> >>>> </p>
> >>>> ---------------------------------------------------------
> >>>
> >>>
> >>> Installation step by step:
> >>>
> >>> Unpack new download from tomcat.apache.org
> >>>
> >>> 1- set users
> >>> <tomcat-users>
> >>> <user username="edoardo" password="pwd"
> >>> roles="manager-script,manager-gui,manager-jmx,other"/>
> >>> </tomcat-users>
> >>>
> >>> then reload tomcat
> >>> $curl -u edoardo:pwd
> >>> http://localhost:8080/manager/text/reload?path=/examples
> >>> OK - Reloaded application at context path /examples
> >>>
> >>>
> >>> 2- copy myApplication from production server
> >>> copy configuration file ($tomcat/Catalina/localhost/myApplication.xml)
> >>> from production server
> >>> stop & start tomcat
> >>>
> >>> $curl -u edoardo:pwd
> >>> http://localhost:8080/manager/text/reload?path=/myApplication
> >>> OK - Reloaded application at context path /myApplication
> >>>
> >>>
> >>> 3- first modify to server.xml
> >>> shutdown tomcat
> >>> modify server.xml
> >>> <Connector port="8080" protocol="HTTP/1.1"
> >>> becomes
> >>> <Connector port="9080" protocol="HTTP/1.1"
> >>>
> >>> start then curl again
> >>> all well
> >>>
> >>>
> >>> 4- second modify to server.xml
> >>> <Host name="localhost" appBase="webapps"
> >>> unpackWARs="true" autoDeploy="true">
> >>> becomes
> >>> <Host name="localhost" appBase="webapps"
> >>> unpackWARs="true" autoDeploy="true" deployXML="false">
> >>>
> >>> stop-start
> >>>
> >>> $curl -u edoardo:pwd
> >>> http://localhost:9080/manager/text/reload?path=/myApplication
> >>> javax.servlet.ServletException: Error instantiating servlet class
> >>> org.apache.catalina.manager.ManagerServlet
> >>> [...]
> >>>
> >>> $curl -u edoardo:pwd
> >>> http://localhost:9080/manager/text/reload?path=/myApplication
> >>> the same error reported in the initial post (above)
> >>>
> >>>
> >>>
> >>> deployXML="false" is recommended at
> >>> http://tomcat.apache.org/tomcat-7.0-doc/config/host.html and useful
> >>> for me.
> >>>
> >> One big difference that I see when deployXML="false", is that this file :
> >> (catalina_base)/webapps/myApplication/META-INF/context.xml
> >> is no longer being parsed,
> >> and instead this file is parsed :
> >> $tomcat/Catalina/localhost/myApplication.xml
> >> when you reload your app.
> >> What is the content of that file ?
> >
> > From the last log file that was posted, these context files are pretty
> > broken (although myApplication.xml only had the magic debug attribute set).
> >
> 
> - unpack tomcat
> - add an user in tomcat-users.xml
> - modify server.xml adding deployXML="false" to Host
> <Host name="localhost" appBase="webapps"
> unpackWARs="true" autoDeploy="true" deployXML="false">
> - use manager application via curl
> $ curl -u user:pwd http://localhost:8080/manager/text/reload?path=/example
> 
> error page.
> 
> # cat manager.2013-10-19.log
> 19-ott-2013 10.16.17 org.apache.catalina.core.ApplicationContext log
> INFO: Marking servlet Manager as unavailable
> 19-ott-2013 10.16.17 org.apache.catalina.core.StandardWrapperValve invoke
> GRAVE: Allocate exception for servlet Manager
> java.lang.SecurityException: Restricted (ContainerServlet) class 
> org.apache.catalina.manager.ManagerServlet
> at 
> org.apache.catalina.core.DefaultInstanceManager.checkAccess(DefaultInstanceManager.java:538)
> at 
> org.apache.catalina.core.DefaultInstanceManager.loadClassMaybePrivileged(DefaultInstanceManager.java:511)
> at 
> org.apache.catalina.core.DefaultInstanceManager.newInstance(DefaultInstanceManager.java:137)
> at 
> org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1144)
> at 
> org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:865)
> at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:136)
> at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
> at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:611)
> at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at 
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
> at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at 
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> at 
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
> at 
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> at 
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:636)

MG>run catalina with debug AND securityManager enabled
MG>catalina<.bat/sh> debug -security   //Debug Catalina with a security manager
 
MG>Ensure Security listener is enabled in server.xml
MG><Listener className="org.apache.catalina.security.SecurityListener" />

MG>check permissions setup for "securityManager" in /conf/catalina.policy 
MG>// catalina.policy - Security Policy Permissions for Tomcat 7
//
// This file contains a default set of security policies to be enforced (by the
// JVM) when Catalina is executed with the "-security" option.  In addition
// to the permissions granted here, the following additional permissions are
// granted to each web application:
//
// * Read access to the web application's document root directory
// * Read, write and delete access to the web application's working directory
// These permissions apply to javac
grant codeBase "file:${java.home}/lib/-" {
        permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions
grant codeBase "file:${java.home}/jre/lib/ext/-" {
        permission java.security.AllPermission;
};
// These permissions apply to javac when ${java.home] points at $JAVA_HOME/jre
grant codeBase "file:${java.home}/../lib/-" {
        permission java.security.AllPermission;
};
// These permissions apply to all shared system extensions when
// ${java.home} points at $JAVA_HOME/jre
grant codeBase "file:${java.home}/lib/ext/-" {
        permission java.security.AllPermission;
};

MG>make sure ALL of these grants in catalina.policy are enabled (and not commented out
or deleted)
MG>bounce TC and report back
> 
> my running environment is
> OS: Debian 6.0.7
> Tomcat: 7.042 from Apache site
> java: OpenJDK Runtime Environment (IcedTea6 1.8.13) (6b18-1.8.13-0+squeeze2)
> 
> 
> Edoardo
MG>MG
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message