tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ray Holme <rayho...@yahoo.com>
Subject Re: linking (limiting???)
Date Wed, 18 Dec 2013 13:22:35 GMT
>Hmm . . . . Lots of speculation here. How are the files referenced in 
your application? It seems that if the physical files are available, 
then the application works fine. If the physical files are not 
available, then the database has problems (firebird under xinetd, 
perhaps?) and you get 404 errors. Does the application scan a directory 
and populate the database on startup? Does the database need to know 
where the files are? Does the database need read access to the files?

 I have spent the night thinking about this. As I said before, these files have NOTHING to
do with the database (located elsewhere and outside of the webapp, of course).
They are accessed by either HTTPD or Apache/Tomcat (WHICH?). And therein may be the rub. Perhaps
if the file is accessed by Apache/Tomcat (port 8080), they would be fine. Perhaps if HTTPD
(port 80) tries to get them using /var/www/html/myApplication (a symbolic link to /opt/apache/webapps/MyApplication)
it fails. If this makes sense (and it might), then it depends on how the file is going to
be picked up - is there any write-up to figure out how this httpd VS apache/tomcat link works
(I have no idea what modjk.so does except pass things back and forth between the two  ::
totally needed in Linux but not on a deployed application in MS-XP using port 8080 - perhaps
exclusively without using  port 80). If this does NOT make sense, then making the application
run as tomcat (not root) does not make sense for improving this particular situation (agreed
that I should do this and will immediately, but root -> tomcat should not change the link
behavior - in any
 of the three scenarios (link, alias, virtual directory)).

Once I get the tomcat user to run everrything, I will try again and post the results.




On , Ray Holme <rayholme@yahoo.com> wrote:
 
I think I found out how to reply inline usine yahoo. I hope. Trying anyway - NO, it will not
let embed replies.
BS.. I will copy paste.


Inline - per my usual:

Yes Doc.

On 12/17/2013 10:23 AM, Ray Holme wrote:
> First: Thanks for clarifying my understanding of XML tags AND FIXING my typo.
>         and apologies for top-posting - I had hoped I was making it easier by
>         restating the crux of the problem and shortening everyone's read.
>
> AND for the record, yahoo is NO longer including the prior message which is what
> I intended originally. I am
 not sure when they changed things, but I am NOT a yahoo
> fan anymore. I tried to get your message included above.

I'm using yahoo for my mailing lists, all others end up in gmail. 
However I'm using Thunderbird and IMAP, so I can control how my mail 
works a bit better.


I use yahoo for gmail but straight front end.
> ------------------------
> BUT SO far, I have totally failed with linking  - below is the detail.
> Quick recap - for those with shorter memories than even mine. :=<]
>
> "appName" has a top level directory .../webapps/appName/appName_tour"
>    which contains a bunch of very large files - "a demo tour"
>    the goal is to separate this from the WAR file
>    (later in another app, I want photos separated for same reason
>      BUT in the case HERE, the files are read only, nothing written to dir).
>
> a) try 1 - using links (moved the directory to /opt/appName_tour) and did a symbolic
link
>   under the application directory (MS systems cannot do this)
>
> ---
 .../webapps/appName/META-INF/context.xml contains 3 lines
> <?xml version="1.0"
 encoding="UTF-8"?>
> <Context allowLinking="true">
> </Context>
>
>   When I try to run the linked demo I get this in the popup window generated:
>
> HTTP Status 404 - /appName/appName_tour/appNamev3.html
> type Status report
> message /appName/appName_tour/appNamev3.html
> description The requested resource is not available.
> Apache Tomcat/7.0.35

So, a few questions are in order here:

1. Where did you get the Tomcat from?

STRAIGHT FROM THE APACHE TOMCAT DOWNLOAD SITE.
I USED THE apache-tomcat-7.0.35.tar.gz and installed myself in /opt/

If it's from a distribution repackage, components get scattered all 
over. However this should not impact linking.

2. Are you running with SELinux enabled?

YES

If SELinux is enforcing and you've installed Tomcat from a distribution 
package, you may be running into SELinux issues. What does sealert say?

sealert is complaining about mandb and abrtd - nothing else (those were there a long time
ago)

3. General permissions

Does the user running Tomcat have proper permissions for 
/opt/appName_tour? You'll
 need read/execute access for all intervening 
directories, and read access for the files.

OH YES. It was 755 and all files in it are 644. I am a newbie to some features of tomcat,
but some might say a very old hand at Unix and then much later Linux admin.

4. What user is Tomcat running as?

Right now it is root, but I plan to change that soon - you wrote about systemd and I plan
to go thay way. There is a user and a group tomcat, but I am not using it yet. I was hoping
to finish this link thing before moving on to do that right.

If you're binding to port 80, then you'll at least have to start out as 
a privileged user. Typically this is done with a jsvc wrapper. Don't run 
Tomcat (or any server) as root.

I know you are right and I need to do this. Maybe now is the time, before solving the link
problem.

The application we are talking about has been running for many years (slap me for doing it
as root).
>
>   The strange thing here is that I thought I had this one was working a few days back.
>
> b) try 2 - using aliases - removed the symbolic link and left the real directory
>    
 (/opt/appName_tour exists but there is NO .../webapps/appName/appName_tour)
>
> ---.../webapps/appName/META-INF/context.xml contains 3 lines
> <?xml version="1.0" encoding="UTF-8"?>
> <Context aliases="/appName_tour=/opt/appName_tour">
> </Context>
>
>   SAME RESULTS in the popup windowas in a) above.
>
> c) try 3 use Virtual Directory Context - left directories setup as in b (above)
>     (/opt/appName_tour exists but there is NO .../webapps/appName/appName_tour)
>
> ---.../webapps/appName/META-INF/context.xml contains 5 lines
> <?xml version="1.0" encoding="UTF-8"?>
> <Context>
> <Resources
 className="org.apache.naming.resources.VirtualDirContext"
>                        extraResourcePaths="/appName_tour=/opt/appName_tour">
> </Resources>
> </Context>
>
>   SAME RESULTS in the popup windowas in a) and b) above.
>
> Footnote: I also tried making an empty directory in the webapps/appName directory
> instead of leaving it NOT THERE at all. Same results.
>
> Painful Footnote: For some obscure reason, I must separate each trial by quite a bit
of time (30 mins)
>   - JUST THIS application goes nuts getting a database connection (looks like an xinetd
shutdown)
>     I get a null pointer to the startup of the app which requires
 the DB
>
>   - there are FOUR apache-tomcat application directories here - all use databases (different)
>     restarting tomcat does NOT affect any of three others - they ALL work fine
>
>   - after 30 minutes of tomcat DOWN, this app starts fine too
>       there are NO warnings in /var/log/messages about xinetd refusing connections
(have seen before)
>        just starts and stops of xinetd <-> db connectors (normal heavy startup
usage)
>
>   - without these changes to context.xml (a-c enumerated above) (i.e. the tour is a
real directory)
>       this application restarts just fine every time I restart tomcat
>       (and did in fedora 8, 12, 14, 16
 too)
>
>   --- this is weird and painful or I would have completed all these tests hours ago
>

Hmm . . . . Lots of speculation here. How are the files referenced in 
your application? It seems that if the physical files are available, 
then the application works fine. If the physical files are not 
available, then the database has problems (firebird under xinetd, 
perhaps?) and you get 404 errors. Does the application scan a directory 
and populate the database on startup? Does the database need to know 
where the files are? Does the database need read access to the files?

Yes I use firebird (and before that interbase). The database cares nothing about these files.

In particular, only the web browser needs to find the "tour.html" file which loads other .swf
files.

Yes, as soon as I moved the directory back (made it real), the application demo tour works
fine.

The really strange thing is that the whole application fails to come up AFTER I fail with
the linking and restart tomcat complaining of "db connection" problems. Wait 30 minutes and
it is healed. And NO, this is curious but not a topic for this forum.

I just wanted to get linking working (however I could, but prefer a solution which will work
in MS land too).


So, I will table this for now. I need to get this all running under tomcat (the user/group)
and using systemd not system 5 start files.




So many questions, so little info . . .

Here are a couple of thoughts to try.

1. Write a small test application

I wrote one - took about 10 minutes - to test how this all works since 
I've not done this before. You should be able to write a quick 
application, drop it in a locally installed Tomcat downloaded from 
tomcat.apache.org, and verify that it works.

2. Determine what's different

I outlined some of the questions above. Basically, they are probably 
either permission issues (real, SELinux), or how your application 
accesses the resources (looking for files in the wrong place). I can't 
think
 of other issues at the moment.

3. Fix what's different

If it's not a permissions issue, then it's more likely an application 
issue. We'd need to know more, and at that point we've wandered well off 
the Tomcat mailing list topics.




On Tuesday, December 17, 2013 2:52 PM, Mark Eggers <its_toasted@yahoo.com> wrote:
 
Inline - per my usual:

On 12/17/2013 10:23 AM, Ray Holme wrote:
> First: Thanks
 for clarifying my understanding of XML tags AND FIXING my typo.
>         and apologies for top-posting - I had hoped I was making it easier by
>         restating the crux of the problem and shortening everyone's read.
>
> AND for the record, yahoo is NO longer including the prior message which is what
> I intended originally. I am not sure when they changed things, but I am NOT a yahoo
> fan anymore. I tried to get your message included above.

I'm using yahoo for my mailing lists, all others end up in gmail. 
However I'm using Thunderbird and IMAP, so I can control how my mail 
works a bit better.

> ------------------------
> BUT SO far, I have totally failed with linking  -
 below is the detail.
> Quick recap - for those with shorter memories than even mine. :=<]
>
> "appName" has a top level directory .../webapps/appName/appName_tour"
>    which contains a bunch of very large files - "a demo tour"
>    the goal is to separate this from the WAR file
>    (later in another app, I want photos separated for same reason
>      BUT in the case HERE, the files are read only, nothing written to dir).
>
> a) try 1 - using links (moved the directory to /opt/appName_tour) and did a symbolic
link
>   under the application directory (MS systems cannot do this)
>
> --- .../webapps/appName/META-INF/context.xml contains 3 lines
> <?xml
 version="1.0" encoding="UTF-8"?>
> <Context allowLinking="true">
> </Context>
>
>   When I try to run the linked demo I get this in the popup window generated:
>
> HTTP Status 404 - /appName/appName_tour/appNamev3.html
> type Status report
> message /appName/appName_tour/appNamev3.html
> description The requested resource is not available.
> Apache Tomcat/7.0.35

So, a few questions are in order here:

1. Where did you get the Tomcat from?

If it's from a distribution repackage, components get scattered all 
over. However this should not impact linking.

2. Are you running with SELinux enabled?

If SELinux is enforcing and you've installed Tomcat from a distribution 
package, you may be running into SELinux issues. What does sealert say?

3. General permissions

Does the user running Tomcat have proper permissions for 
/opt/appName_tour? You'll need read/execute access for all intervening 
directories, and read access for the files.

4. What user is Tomcat running as?

If you're binding to port 80, then you'll at least have to start out as 
a privileged user. Typically this is done with a jsvc wrapper. Don't run 
Tomcat (or any server) as root.

>
>   The strange thing here is that I thought I had this one was working a few days back.
>
> b) try 2 - using aliases - removed the symbolic link and left the real directory
>     (/opt/appName_tour exists but there is NO .../webapps/appName/appName_tour)
>
> ---.../webapps/appName/META-INF/context.xml contains 3 lines
> <?xml version="1.0" encoding="UTF-8"?>
> <Context aliases="/appName_tour=/opt/appName_tour">
> </Context>
>
>   SAME RESULTS in the popup windowas in a) above.
>
> c) try 3 use Virtual Directory Context - left directories setup as in b (above)
>     (/opt/appName_tour exists but there is NO .../webapps/appName/appName_tour)
>
> ---.../webapps/appName/META-INF/context.xml contains 5 lines
> <?xml version="1.0" encoding="UTF-8"?>
> <Context>
> <Resources className="org.apache.naming.resources.VirtualDirContext"
>                        extraResourcePaths="/appName_tour=/opt/appName_tour">
> </Resources>
> </Context>
>
>   SAME RESULTS in the popup windowas in a) and b) above.
>
> Footnote: I also tried making an empty directory in the webapps/appName directory
> instead of leaving it NOT THERE at all. Same results.
>
> Painful Footnote: For some obscure reason, I must separate each trial by quite a bit
of time (30 mins)
>   - JUST THIS application goes nuts getting a database
 connection (looks like an xinetd shutdown)
>     I get a null pointer to the startup of the app which requires the DB
>
>   - there are FOUR apache-tomcat application directories here - all use databases (different)
>     restarting tomcat does NOT affect any of three others - they ALL work fine
>
>   - after 30 minutes of tomcat DOWN, this app starts fine too
>       there are NO warnings in /var/log/messages about xinetd refusing connections
(have seen before)
>        just starts and stops of xinetd <-> db connectors (normal heavy startup
usage)
>
>   - without these changes to context.xml (a-c enumerated above) (i.e. the tour is a
real directory)
>      
 this application restarts just fine every time I restart tomcat
>       (and did in fedora 8, 12, 14, 16 too)
>
>   --- this is weird and painful or I would have completed all these tests hours ago
>

Hmm . . . . Lots of speculation here. How are the files referenced in 
your application? It seems that if the physical files are available, 
then the application works fine. If the physical files are not 
available, then the database has problems (firebird under xinetd, 
perhaps?) and you get 404 errors. Does the application scan a directory 
and populate the database on startup? Does the database need to know 
where the files are? Does the database need read access to the files?

So many questions, so
 little info . . .

Here are a couple of thoughts to try.

1. Write a small test application

I wrote one - took about 10 minutes - to test how this all works since 
I've not done this before. You should be able to write a quick 
application, drop it in a locally installed Tomcat downloaded from 
tomcat.apache.org, and verify that it works.

2. Determine what's different

I outlined some of the questions above. Basically, they are probably 
either permission issues (real, SELinux), or how your application 
accesses the resources (looking for files in the wrong place). I can't 
think of other issues at the moment.

3. Fix what's different

If it's not a permissions issue, then it's more likely an application 
issue. We'd need to know more, and at that point we've wandered well off 
the Tomcat mailing list topics.

. . . just my two cents.
/mde/


>
>
> On Monday, December 16, 2013 5:19 PM, Mark Eggers <its_toasted@yahoo.com> wrote:
>
> Replies inline.
>
> Note, people on this mailing list frown on top-posting (see items 6 and
> 7 here: http://tomcat.apache.org/lists.html). It does make the reply and
> response difficult to follow without rereading the entire thread.
>
> Please either reply inline or at the end, so people late to the party
> (or those of us with short / fragmented memory :-p) can remember what's
> going on.
>
> On 12/16/2013 1:00 PM, Ray Holme wrote:
>> I have been trying three scenarios. So far one works (least security and not good
for all OS versions).
>> Again thanks to both Marks for the pointers, but I am afraid they are not working
yet.
>>
>> My goal is to enable one directory to be used which is outside the application (and
tomcat too)
>>      
 .../webapps/mywebapp  hierarchy
>>       which mywebapp.war will replace with a new
 release
>>
>>      use 1: to store/retrieve images locally to a machine
>>             under application control (db stores names of files)
>>      use 2: to store a static movie - demo (no update - this is the simple test
case I try)
>>
>> The goal is to get this stuff out of the war file (leaving nothing, an empty dir,
or a link as needed - see below).  All of the below require apache/tomcat to be down when
you make the changes, then restart to test
>>
>> a) IF you have linux (or unix) or osx - you can do symbolic linking
>>        simply move the directory and link (my case below):
>>        cd ..../webapps/mywebapp; mv images
 /opt; ln -s /opt/images
>>
>>      and to enable symbolic linking to other directories on your machine (all
of them)
>>
>>      create a ..../webapps/mywebapp/META-INF/context.xml file (or edit the one
you have)
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <Context allowLinking="true"> </Context>
>>
>>      advantages for this method: works simply
>>      faults:    MS os's don't do symbolic; also opens up ALL linking (security
issues? probably)
>>
>>     BUT THERE ARE 2 other SAFER more restrictive ways below, both also done in
>>      the same 
 context.xml file (if I can get either of them to work - the examples often say the server.xml
file, but there is only one of them in the top tomcat conf directory, which has NO context
references - but if they go there, then path= probably needs to be specified.)
>>
>> b)
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <Context aliases="/images=/opt/images" />
>> </Context>
>>
>> c)
>>
>> <?xml version="1.0" encoding="UTF-8"?>
>> <Context   <Resources className="org.apache.naming.resources.VirtualDirContext"
>>                          extraResourcePaths="/images=/opt/images" />
>> </Context>
>>
>
> I hope that you meant:
>
> <Context>
> <Resources className="org.apache.naming.resources.VirtualDirContext"
>                         extraResourcePaths="/images=/opt/images" />
> </Context>
>
>
>> -------------------------
>> These are both more security conscious and might should work for MS
>>     (with MS correct paths such as d:\images)
>>
>> Which of these is simpler and/or better - I have no idea.  Net comparisons don't
say.
>>      but the VirtualDirContext.html pages say: DO
 NOT USE FOR PRODUCTION
>>      of course- they don't say why NOT
>
> I'm not sure that this is valid any more.
>
>> Why both require the escaped greater than sign, beats me too. "/>"
>
> It's not an escaped greater than sign. It's how one closes an empty tag
> in XML. You could also have written it the following way:
>
> <Context>
> <Resources className="org.apache.naming.resources.VirtualDirContext"
>                         extraResourcePaths="/images=/opt/images">
> </Resources>
> </Context>
>
>>      I would have thought it
 would be simply ">" on the 2nd and 3rd lines resp. (b and c)
>>
>> NEITHER OF THESE WORKED FOR ME! (so far and I have tried many variants)
>>
>>     Do I have to have the symbolic link (in Linux - I did for a) obviously)
>>         or should this be a plain empty directories (like Linux/Unix mount points)
>>         or should there be no "../webapps/myapp/images" anything at all?
>
> There should be nothing in your web application at all. However,
> according to the documentation, the alias path (and by extension, the
> VirtualDirContext) are searched first, so it shouldn't matter as long as
> the target directory exists.
>
>>
>> In the manual version there are more parameters, but most folks say to drop
>>
>>       "path=mywebapp"
>>
>> and the rest seem to not be relevant to what I am doing so I cut them out. Maybe
that is the problem.
>>
>> Here is the example I found under VirtualDirContext online
>>
>> <Context path="/mywebapp" docBase="/Users/theuser/mywebapp/src/main/webapp" >
>> <Resources className="org.apache.naming.resources.VirtualDirContext"
>> extraResourcePaths="/pictures=/Users/theuser/mypictures,/movies=/Users/theuser/mymovies"
/>
>> <Loader className="org.apache.catalina.loader.VirtualWebappLoader" virtualClasspath="/Users/theuser/mywebapp/target/classes"
/>
>> <JarScanner scanAllDirectories="true" />
>> </Context>
>
> The example you quoted was for the directory structure listed above the
> example.
>
> Do not use path if you're deploying in the appBase directory defined in
> server.xml ($CATALINA_BASE/webapps by default), which you are.
>
> Do not use docBase at all - this is for locating an application outside
> of the appBase directory defined in server.xml.
>
> Now using the following context.xml:
>
> <Context>
> <Resources className="org.apache.naming.resources.VirtualDirContext"
>                     
    extraResourcePaths="/images=/opt/images" />
> </Context>
>
> Your application should end up with <img> tags looking like the following:
>
> <img src="images/picture1.png" alt="Picture 1">
>
> Things are a bit nicer if you use the core tag libraries, and of course
> if you're using HTML 5 you'll need to close the tag (the above is HTML
> 4.01 Transitional).
>
> I wrote a quick web application to access some pictures in my home
> directory with:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <Context>
>       <Resources className="org.apache.naming.resources.VirtualDirContext"
>                  extraResourcePaths="/pictures=/home/mdeggers/Pictures"/>
> </Context>
>
> This was done on Fedora 19, Tomcat 7.0.42, JRE 1.7.0_45, and it worked
> as advertised.
>
> I also tried the following, which worked:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <Context aliases="/pictures=/home/mdeggers/Pictures">
> </Context>
>
> Links in my index.jsp:
>
> <img src="pictures/snapshot1.png" alt="snapshot 1"><br>
> <img src="pictures/snapshot2.png" alt="snapshot 2"><br>
> <img src="pictures/snapshot3.png" alt="snapshot
 3"><br>
> <img src="pictures/snapshot4.png" alt="snapshot 4"><br>
>
> I normally use the core tag library, so those links would be:
>
> <img
>     src='<c:url value="/pictures/snapshot1.png"/>' alt="snapshot 1"><br>
> <img
>     src='<c:url value="/pictures/snapshot2.png"/>' alt="snapshot 2"><br>
> <img
>     src='<c:url value="/pictures/snapshot3.png"/>' alt="snapshot 3"><br>
> <img
>     src='<c:url value="/pictures/snapshot4.png"/>' alt="snapshot 4"><br>
>
> . . . . just my two cents.
> /mde/
>
>>
>>
>>
>>
>>
>> On Sunday, December 15, 2013 7:39 PM, Christopher Schultz <chris@christopherschultz.net>
wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Martin,
>>
>> On 12/15/13, 4:52 PM, Martin Gainty wrote:
>>> Mark I assume you're referring to Virtual DirContext...? <Context
>>> path="/mywebapp" docBase="/Users/theuser/mywebapp/src/main/webapp"
>>>>
>>
>> You shouldn't use the "path" attribute, here. You
 should know this.
>>
>>> <Resources
>>> className="org.apache.naming.resources.VirtualDirContext"
>>>
>>> extraResourcePaths="/WEB-INF/classes=/Users/theuser/mywebapp/target/classes,/pictures=/Users/theuser/mypictures,/movies=/Users/theuser/mymovies"/>
>>
>> VirtualDirContext
>>>
>> is not necessary, but it is one option.
>>
>> - -chris


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message