Installing Tomcat 6 on Debian Squeeze

 Loading ...

Posted on 13 March 2010 No comments

This post describes how to setup Tomcat 6 on Debian Squeeze. The configured Tomcat serves requests on port 80 without the need of an additional web server. This is especially good for virtual servers (VPS) providing limit memory. It also has multiple virtual hosts configured, each with it’s own webapp with context root / and optional support for PHP via the Quercus PHP implementation.

Installing Sun Java 6

Ensure the non-free section is enabled for the APT repository configuration in /etc/apt/sources.list, e.g. “deb http://ftp.de.debian.org/debian testing main contrib non-free”

apt-get update
apt-get install sun-java6-jdk
echo 'JAVA_HOME="/usr/lib/jvm/java-6-sun"' >> /etc/environment
echo 'JRE_HOME="/usr/lib/jvm/java-6-sun/jre"' >> /etc/environment

Installing Tomcat 6

apt-get install tomcat6 tomcat6-admin
/etc/init.d/tomcat6 stop

Creating standard Tomcat directory layout

mkdir /opt/tomcat
cd /opt/tomcat
ln -s /etc/tomcat6/ conf
ln -s /usr/share/tomcat6/bin/ bin
ln -s /usr/share/tomcat6/lib/ lib
ln -s /var/lib/tomcat6/webapps webapps
ln -s /var/log/tomcat6/ logs

Creating a Tomcat admin user

In /opt/tomcat/conf/tomcat-users.xml add an entry like:

<user name="ADMIN_USERNAME" password="ADMIN_PASSWORD" roles="admin,manager" />

Setting up virtual hosts

For each virtual host execute the following command. Replace “mydomain.com” with the desired virtual host name, but omit the “www.” part.

mkdir -p /opt/tomcat/webapps.mydomain.com/ROOT

In the <Engine> tag of “/opt/tomcat/conf/server.xml” add one host entry for each virtual host.

<Host name="mydomain.com" appBase="/opt/tomcat/webapps.mydomain.com">
    <Alias>www.mydomain.com>/Alias>
    <Valve className="org.apache.catalina.valves.AccessLogValve" prefix="mydomain_access_log." suffix=".txt" pattern="common"/>
</Host>

The <Alias> tag tells Tomcat to redirect from www.mydomain.com to mydomain.com.
The <Valve> tag enables access logging in the standard logging format.

Using xinetd to configure port 80 for Tomcat

Binding a service on port 80 requires root permissions. Thus we use port forwarding to “bind” Tomcat to port 80. My VPS does not support the use of “iptables -j REDIRECT” therefore I am using xinetd as a web proxy.
Ensure that no other service is listening on port 80/443:

netstat -pan | grep ":80\|:443"

Register the required xinetd services:

echo echo "
service www
{
        socket_type     = stream
        protocol        = tcp
        user            = root
        wait            = no
        bind            = 88.80.198.181
        port            = 80
        redirect        = localhost 8080
        disable         = no
        flags           = REUSE
        log_type        = FILE /var/log/wwwaccess.log
        log_on_success  -= PID HOST DURATION EXIT

        per_source      = UNLIMITED
        instances       = UNLIMITED
}

service https
{
        socket_type     = stream
        protocol        = tcp
        user            = root
        wait            = no
        bind            = 88.80.198.181
        port            = 443
        redirect        = localhost 8443
        disable         = no
        flags           = REUSE
        log_type        = FILE /var/log/httpsaccess.log
        log_on_success  -= PID HOST DURATION EXIT

        per_source      = UNLIMITED
        instances       = UNLIMITED
}
" > /etc/init.d/tomcat
/etc/init.d/xinetd restart

If you want to use a different service name, e.g. “tomcat” instead of “www” you must add this service to /var/services, e.g. “tomcat 80/tcp”
In /opt/tomcat/conf/server.xml modify the <Connector> as follows:

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" proxyPort="80" address="127.0.0.1" />

This binds Tomcat to localhost. It also tells Tomcat that port 80 is the proxy port which is necessary for correct URL generation.
From now on the Tomcat admin applications are only accessible via localhost. You can use SSH port forwarding to still access the applications from your workstation’s web browser. E.g. if you are using PuTTY you can use this command line option “-L 8080:localhost:8080″ to forward the server’s local 8080 port to your workstation’s local 8080 port. On your workstation’s browser you then simply enter http://localhost:8080/manager/html and are connected to the server’s Tomcat admin application.

Enabling PHP support (optional)

Download Quercus.

mkdir -p /opt/downloads
wget -o /opt/downloads/quercus-4.0.3.war http://caucho.com/download/quercus-4.0.3.war

Install Quercus as a shared library.

unzip -j /opt/downloads/quercus-4.0.3.war \*.jar -d /opt/tomcat/lib

Enable PHP support for the virtual hosts by installing the quercus web.xml. For each virtual host execute:

unzip /opt/downloads/quercus-4.0.3.war *web.xml -d /opt/tomcat/webapps.mydomain.com/ROOT

Starting Tomcat

/etc/init.d/tomcat start

References

• Securing Linux for Java services: The port dilemma
• Redirect HTTP and HTTPS traffic to Tomcat’s ports
• Tomcat 6: Virtual Hosting How To
• Tomcat 6: Classloader How To
• Virtual Hosting with Tomcat
• Quercus: Tomcat
• How to install Tomcat 6 on Ubuntu 9.04 (Jaunty)

getpass für Jython

 Loading ...

Posted on 21 November 2008 1 comment

In meinem aktuellen Projekt entwickle ich u.a. verschiedene Jython basierte Kommandozeilenanwendungen. Einige davon erwarten die Eingabe von maskierten Passwörtern. Python stellt hierfür das getpass Modul bereit. Leider ist bisher keine entsprechende Implementierung für Jython verfügbar.

Im folgenden ein passendes Modul, welches diese Funktionalität bereitstellt. Es verwendet einen Mechanismus um die Passworteingabe in der Kommandozeile zu maskieren, welcher hier beschrieben wurde http://java.sun.com/developer/technicalArticles/Security/pwordmask/. Sollte Jython in Verbindung mit Java 6 oder höher eingesetzt werden, so nutzt dieses Modul stattdessen die neue Console.readPassword() Methode. Sollte das Modul in einer Umgebung laufen in welcher eine getpass Modulimplementierung verfügbar ist, dann wird stattdessen an die entsprechende Methode im getpass Modul delegiert.

# ext_getpass.py
# @author Sebastian Thomschke, http://sebthom.de/
import thread, sys, time, os

# exposed methods:
__all__ = ["getpass","getuser"]

def __doMasking(stream):
    __doMasking.stop = 0
    while not __doMasking.stop:
        stream.write("b*")
        stream.flush()
        time.sleep(0.01)

def generic_getpass(prompt="Password: ", stream=None):
    if not stream:
        stream = sys.stderr
    prompt = str(prompt)
    if prompt:
        stream.write(prompt)
        stream.flush()
    thread.start_new_thread(__doMasking, (stream,))
    password = raw_input()
    __doMasking.stop = 1
    return password

def generic_getuser():
    for name in ('LOGNAME', 'USER', 'LNAME', 'USERNAME'):
        usr = os.environ.get(name)
        if usr: return usr

def java6_getpass(prompt="Password: ", stream=None):
    if not stream:
        stream = sys.stderr
    prompt = str(prompt)
    if prompt:
        stream.write(prompt)
        stream.flush()

    from java.lang import System
    console = System.console()
    if console == None:
	    return generic_getpass(prompt, stream)
    else:
        return "".join(console.readPassword())

try:
    # trying to use Python's getpass implementation
    import getpass
    getpass = getpass.getpass
    getuser = getpass.getuser
except ImportError, e:
    getuser = generic_getuser

    # trying to use Java 6's Console.readPassword() implementation
    try:
        from java.io import Console
        getpass = java6_getpass
    except ImportError, e:
        # use the generic getpass implementation
        getpass = generic_getpass

Here is an usage example:

import ext_getpass as getpass

pw = getpass.getpass("Please enter your password:")
print "The entered password was: " + pw

Sun JDK5/6 compilers broken when linking overloaded methods with variable arguments

(4 votes)

 Loading ...

Posted on 16 May 2008 1 comment

We are currently switching the build system of OVal from custom Ant scripts to Maven 2. During that process we accidentally compiled the project using the Java compiler of the Sun JDK 5 instead of the AspectJ compiler. Surprisingly javac did not complain about the missing aspect class files. Instead it already aborted while compiling an ordinary Java class which only referenced other non-AspectJ related classes. This is the original error message:

[INFO] [compiler:compile]
[INFO] Compiling 180 source files to C:\projects\oval\src\trunk\target\classes
[INFO] ------------------------------------------------------------------------
[ERROR] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Compilation failure
C:\projects\oval\src\trunk\src\main\java\net\sf\oval\Validator.java:[373,58]
addMethodParameterChecks(java.lang.reflect.Method,int,java.lang.Object)
has private access in net.sf.oval.internal.ClassChecks 

There exist multiple methods named addMethodParameterChecks in the class ClassChecks with different signatures. The problem is that javac tries to link against the wrong method when compiling the class calling one of the methods.

Read the rest of this entry »

Suche

Web sebthom.de

OVal 1.0 veröffentlicht!

 Loading ...

Posted on 22 July 2007 No comments

OVal ist ein pragmatisches und erweiterbares Validierungsframework für jegliche Art von Javaobjekten (nicht nur JavaBeans). Bedingungen können via Annotationen, POJOs oder XML konfiguriert werden. Zusäzliche Bedingungen können in Form von Java Klassen oder die Verwendung von Skriptsprachen wie JavaScript, Groovy, BeanShell, OGNL oder MVEL ausgedrückt werden. Neben der einfachen Objektvalidierung kann OVal auch Funktionen für Programming by Contract bereitstellen. Hierzu werden AspectJ basierte Aspekte verwendet.

Projektseite: http://sourceforge.net/projects/oval/