Tomcat administration: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 12: | Line 12: | ||
* '''Warning:''' You need to emerge commons-logging (the base library Tomcat uses for logging) with the log4j USE flag enabled, else it won't be able to use log4j logging! | * '''Warning:''' You need to emerge commons-logging (the base library Tomcat uses for logging) with the log4j USE flag enabled, else it won't be able to use log4j logging! | ||
== Tomcat Security == | |||
* By default, Tomcat uses a Security Manager on Gentoo. This Security Manager policy is by default, very strict. In particular, it allows JDBC connections but does not allow any kind of write operations on the webapp directory. The security policy configuration file is located at /etc/tomcat-5.5/catalina.policy on Gentoo. Adding for example the following line will make the webapps directory writable by the servlets: | |||
permission java.io.FilePermission "${catalina.home}/webapps/-", "read, write"; | |||
The "-" at the end indicates that every file recursively has the permission applied. Don't forget that standard UNIX permissions still apply, so the <tt>tomcat</tt> user must of course be able to write to the desired directories. |
Revision as of 14:23, 13 April 2007
Tomcat is a servlet container, and as such can be used to deploy web applications using Java on the server side.
Tomcat on Gentoo
Currently (19/03/2007), the init scripts on Gentoo are not able to redirect Tomcat's standard output to a file. This is bug 162379 in Gentoo's bugzilla.
This means everything sending stuff to the standard output (for example a console appender in Log4J) won't work. This also means that stack trace logs (caused by exceptions) are not going to be available, since they are outputted to stdout.
Tomcat Logging
- If Tomcat finds the log4j.jar on its classpath, it will use log4j as its logging system. And if log4j is not configured at all, *nothing* will be printed anywhere. So if you want to disable log4j logging and use JDK logging, you must delete the log4j.jar, it is not sufficient to delete or remove the log4j.properties file.
- Warning: You need to emerge commons-logging (the base library Tomcat uses for logging) with the log4j USE flag enabled, else it won't be able to use log4j logging!
Tomcat Security
- By default, Tomcat uses a Security Manager on Gentoo. This Security Manager policy is by default, very strict. In particular, it allows JDBC connections but does not allow any kind of write operations on the webapp directory. The security policy configuration file is located at /etc/tomcat-5.5/catalina.policy on Gentoo. Adding for example the following line will make the webapps directory writable by the servlets:
permission java.io.FilePermission "${catalina.home}/webapps/-", "read, write";
The "-" at the end indicates that every file recursively has the permission applied. Don't forget that standard UNIX permissions still apply, so the tomcat user must of course be able to write to the desired directories.