[nflug] Apache/Tomcat Question
Brad Bartram
brad.bartram at gmail.com
Tue Jun 27 14:48:20 EDT 2006
Based on the scope you've described, I agree that this is almost a purely
Java level task. I was under the impression that your scope was a little
smaller than that.
With that in mind, you are really looking more for a solution entailing an
entire permissions schema, at least to do it right and be flexible. That
goes a little beyond where I can probably directly help - at least on a
mailing list.
I would handle this situation a couple different ways:
- I would see if someone else has already invented the wheel you need and
posted the code either as a project or snippets online.
- Or, depending on the big picture, I would look into a content management
solution either as an open source project or contact me off list as I work
for a company that deals completely with content management and we may be
able to do a full featured solution for you.
brad
On 6/27/06, joshj at linuxmail.org <joshj at linuxmail.org> wrote:
>
>
> When we last left our adventurers...
>
> > Ok based on what you're telling me, you should be able to pass the data
> you
> > want want to send within that authenticated page.
> >
> > For the time being though, let's go back to your apache
> configuration. Is
> > it being used to serve regular content? In your example, you are
> serving a
> > text file. I know from previous posts, that you have other content
> being
> > served as well. Is that content that you want tomcat to serve also
> being
> > served via "normal" apache pages? If not, then just configure mod_jk to
> > serve those content types as well, then there is no more dual-app-server
> > confusion. If not, then things get tricky.
>
> Most of the static files are served by apache: .js, .jpg, .css. But the
> files in /Data have special needs. They are static files. But a client can
> only access their files. And there are at least a few users per client.
> And some users have access to some files and others do not.
>
> >
> > If it's down to a pure java solution, then I'm really out of my
> element. My
> > best suggestion would be to hunt down some examples of this type of
> thing
> > via google. I will ask some of the Java guys here about it and see if I
> can
> > get something useful.
>
> I do believe I'm down to having to use a pure Java solution. Since the
> authentication is not handled at any Tomcat layer. I have done much
> searching and the common answer to this seems to be opening up the file
> within java and streaming it back to the user. Which I am hoping to avoid
> because then I have to check every extension, and make sure to set the
> correct contentType. And then if a new filetype is added for a different
> client in the future (which is a very real possibility) then I will have
> to go back into the program and make sure that it is included.
>
> So if anyone you work with has some suggestions that'd be awesome.
>
> >
> > Normally the admin interface is at the url of your tomcat install
> /manager/
> > - of course this has to be enabled in your configuration xml files, but
> most
> > default installs have it in some form, just check the configs.
>
> Ok, found it. Thanks. I've just been editing the xml files by hand this
> whole time.
>
> -Josh
>
> >
> > On 6/27/06, joshj at linuxmail.org <joshj at linuxmail.org> wrote:
> >>
> >> The "Admin Interface" of which you speak alludes me. I'm just using
> >> plain-jane Tomcat from tomcat.apache.org. I am no Java expert by any
> >> means, so I think you are speaking of some concepts that I don't
> >> understand. There may be a better way to handle logins, but I'm using
> a
> >> session-level (cookie) Bean. At the top of each of my .jsp pages is a
> >> small function which checks the bean to make sure that they have
> access to
> >> the page. If they do, then the page is displayed. If they do not then
> they
> >> are sent to the login page. With .jsp's this is very easy. I merely
> >> "jsp:include" the relevant jsp which checks the login. But now I want
> to
> >> serve up file /Data/Files/9/Batch/abc123.txt . Normally, apache would
> >> handle this request. But I need tomcat to make sure:
> >>
> >> a.) This is client #9. And...
> >> b.) This particular user (which belongs to client number 9) has access
> to
> >> this particular file.
> >>
> >> So to do this I need to get to that session level bean. Which I don't
> know
> >> any other way to do unless I get the request to a servlet or jsp of
> >> somekind. And then I don't know how to get back to the file.
> >>
> >>
> >> When we last left our adventurers...
> >>
> >> > Basically mod_jk, in its simplest form, will take a request bound
> for
> >> port
> >> > 80 and apache and look at the type of data it is requesting. Like
> .php
> >> gets
> >> > passed to the php module, or .html gets handled natively by apache,
> >> > something like .jsp will simply get forwarded on to Tomcat. Apache
> >> isn't
> >> > really doing anything at that point except for acting as a conduit
> so
> >> that
> >> > both distinct servers can use port 80 simultaneously, which makes
> coding
> >> > multi-language web apps a little simpler.
> >> >
> >> > Tomcat has a pretty extensive administration interface. Basically,
> when
> >> it
> >> > gets set up, you do just enough dirty work on Tomcat to get the
> thing to
> >> run
> >> > and then configure everything else (permissions, database, settings,
> >> etc.)
> >> > via the admin app. It's really though this app that you should be
> >> directing
> >> > your attention.
> >> >
> >> > Your application should have capability to access the allowed
> functions
> >> of
> >> > the environment it's running within, which in this case is
> Tomcat. That
> >> > includes your permissions and access. You shouldn't have to use
> >> explicit
> >> > filters and such just to access permission data being passed from
> the
> >> > session and handled by the application server.
> >> >
> >> > You may want to spend a little time grepping the tomcat docs and
> even do
> >> > some searches over at the Sun website as they have their own spin
> off
> >> app
> >> > server based on Tomcat, which is to say it is basically branded
> Tomcat.
> >> >
> >> > brad
> >> >
> >> > On 6/27/06, joshj at linuxmail.org <joshj at linuxmail.org> wrote:
> >> > >
> >> > > When we last left our adventurers...
> >> > >
> >> > > > I would say that there should be no reason you couldn't do what
> you
> >> want
> >> > > to
> >> > > > natively within Tomcat. You shouldn't need more than a modicum
> of
> >> java,
> >> > > if
> >> > > > any at all to do it. Tomcat should have some native handling
> of
> >> > > > authentication to it's services, which you can use in
> conjunction
> >> with
> >> > > your
> >> > > > applications.
> >> > > >
> >> > > > The big thing to remember is that although you have Apache and
> >> Tomcat
> >> > > linked
> >> > > > using mod_jk, Tomcat is a standalone server, with it's own auth
> >> > > mechanisms
> >> > > > and capabilities. Mod_jk simply allows the java content to be
> >> passed
> >> > > off to
> >> > > > tomcat automagically through apache instead of having to
> directly
> >> > > address
> >> > > > the server over port 8080 or whereever you set it up at.
> >> > > >
> >> > > > You probably know that, but just in case, I figured, I would
> >> > > > expound
> >> as
> >> > > I
> >> > > > know plenty of java developers that have very little clue about
> the
> >> > > workings
> >> > > > of the app server and vice-versa.
> >> > > >
> >> > > > In short, it should be able to be done, and I would say to
> leverage
> >> > > Tomcat
> >> > > > to do what you need to do.
> >> > > >
> >> > > > brad
> >> > >
> >> > > I just figured that since the trouble was put into making a
> mod_jk,
> >> and
> >> > > not merely passing off the request to tomcat (mod_rewrite or
> proxy
> >> style),
> >> > > that maybe it did more than that. Like accepting requests back in
> >> > > some
> >> > > way-shape-or-form.
> >> > >
> >> > > I'm attempting to use a Filter handle the request. Am I barking
> up
> >> > > the
> >> > > wrong tree? Or is this the way to go?
> >> > >
> >> > > -Josh
> >> > >
> >> > > >
> >> > > > On 6/27/06, joshj at linuxmail.org <joshj at linuxmail.org> wrote:
> >> > > > >
> >> > > > > It got a little out of hand but that was just some friendly
> >> banter.
> >> > > Merely
> >> > > > > commenting on how sometimes someone here will ask a question
> and
> >> > > someone
> >> > > > > else will recommend that they change their distro or
> platform. I
> >> > > actually
> >> > > > > completely agree with Brad. Enterprise (or "Enterprisey") is
> >> nothing
> >> > > but
> >> > > > > bullshit. Its all about a good language for the job at hand
> and
> >> > > > > a
> >> > > > > good
> >> > > > > design. And I try, God knows I try, but I hate Java for
> >> > > webprogramming.
> >> > > > >
> >> > > > > So anyway, is it possible to verify someone's session and
> then
> >> dish
> >> > > out
> >> > > > > the file (using Apache/Tomcat)? And I don't care what kind
> of
> >> file it
> >> > > is.
> >> > > > > Anything from txt to xml to pdf or jpg. I just don't want to
> use
> >> Java
> >> > > to
> >> > > > > 'stream' the file (even though that is the common answer
> I've
> >> seen)
> >> > > since
> >> > > > > that is essentially duplicating code for something that
> Tomcat
> >> and
> >> > > Apache
> >> > > > > can already do.
> >> > > > >
> >> > > > > And my deepest apologies to any "Java lovers" (if there is
> such
> >> > > > > a
> >> > > thing)
> >> > > > > and "Enterprisey believers". I know not what I do.
> >> > > > >
> >> > > > > xo
> >> > > > > -Josh
> >> > > > >
> >> > > > > When we last left our adventurers...
> >> > > > >
> >> > > > > > Since this is all started and I'm feeling feisty this
> morning,
> >> I'll
> >> > > add
> >> > > > > my
> >> > > > > > $.02 to the debate.
> >> > > > > >
> >> > > > > > I've supported and contributed to application devlopment
> using
> >> > > various
> >> > > > > > languages and platforms. I can say with all confidence
> that
> >> > > language
> >> > > > > has
> >> > > > > > only a small part to play with stability or
> >> > > > > enterprise-worthy-ness. It's
> >> > > > > > about the coders and the project spec.
> >> > > > > >
> >> > > > > > Java is nice; it runs everywhere; and is OO by
> nature. Perl
> >> > > > > > is
> >> > > > > > Perl
> >> > > -
> >> > > > > it
> >> > > > > > does what it does and makes coffee with the right CPAN
> >> > > > > modules. However, in
> >> > > > > > both of these cases, don't consider marketing propaganda,
> >> corporate
> >> > > > > dollars,
> >> > > > > > and press for reality.
> >> > > > > >
> >> > > > > > I've seen Java fail to accomplish the project's goals just
> as
> >> > > quickly as
> >> > > > > if
> >> > > > > > it was spec'd for Perl. On the flip side, I've seen PHP
> >> > > > > > create
> >> an
> >> > > app
> >> > > > > for a
> >> > > > > > quarter of the money and less than an 8th of the time of a
> >> > > comparable
> >> > > > > java
> >> > > > > > solution. Of course, I've also seen some awsome things
> being
> >> > > developed
> >> > > > > > using Java.
> >> > > > > >
> >> > > > > > My complaint with Java is the complexity involved in
> setting
> >> > > > > > up
> >> an
> >> > > > > efficient
> >> > > > > > environment. Tomcat is not a simple app to setup and run
> -
> >> > > especially
> >> > > > > if
> >> > > > > > you are linking it to dynamically serve regular html or
> some
> >> form
> >> > > > > > of
> >> > > > > > webscript pages like php.
> >> > > > > >
> >> > > > > > Perl is also a beast. The fact that it has a loosely
> defined
> >> form
> >> > > > > without
> >> > > > > > any real rigidity in its syntax makes for some very very
> very
> >> ugly
> >> > > code.
> >> > > > > > And don't get me started on CPAN.
> >> > > > > >
> >> > > > > > In all, there is no perfect language out there now. A
> good
> >> > > programmer
> >> > > > > does
> >> > > > > > the best job he / she can with the best tool for the job.
> >> > > > > > They
> >> > > don't
> >> > > > > simply
> >> > > > > > do it because they can or because the marketing says its
> good
> >> and
> >> > > > > > "enterprise ready". But that rule should hold for all
> things
> >> IT.
> >> > > > > >
> >> > > > > >
> >> > > > > >
> >> > > > > > On 6/27/06, Pete Cummings <pete at linuxcowboy.com> wrote:
> >> > > > > > >
> >> > > > > > > Websphere !!!!! That's great if you want to "port" your
> >> freakin
> >> > > job
> >> > > > > > > to
> >> > > > > > > India! enterprise software =Asian concentration
> camps!!!
> >> Stick
> >> > > with
> >> > > > > Open
> >> > > > > > > Source and live free (or die).
> >> > > > > > >
> >> > > > > > >
> >> > > > > > > David J. Andruczyk wrote:
> >> > > > > > >
> >> > > > > > > Use an enterprise application. i.e. don't ask your
> local
> >> LUG,
> >> > > ask
> >> > > > > the
> >> > > > > > > enterprise vendors..
> >> > > > > > >
> >> > > > > > > The first one that pops into my head is IBM's
> websphere.
> >> (only
> >> > > > > > > because
> >> > > > > > > of the 40+ servers I support most run it with oracle
> for
> >> > > > > > > all
> >> > > their
> >> > > > > > > web
> >> > > > > > > stuff) and this is a large worldwide "enterprise"
> level
> >> site.
> >> > > Aside
> >> > > > > > > from that I don't know much about websphere. (I support
> the
> >> > > boxes,
> >> > > > > > > not
> >> > > > > > > the customer apps)
> >> > > > > > >
> >> > > > > > >
> >> > > > > > >
> >> > > > > > > --- joshj at linuxmail.org wrote:
> >> > > > > > >
> >> > > > > > > Sing now while you can. Sure perl makes that little
> >> > > > > > > stuff
> >> > > easier.
> >> > > > > But
> >> > > > > > > when
> >> > > > > > > you're writing enterprise applications you can't use a
> toy
> >> like
> >> > > that.
> >> > > > > > > And
> >> > > > > > > you want to talk about Scalable? I'd love to see you
> scale
> >> your
> >> > > hippy
> >> > > > > > >
> >> > > > > > > programs across multiple servers!
> >> > > > > > >
> >> > > > > > > Love
> >> > > > > > > -Josh
> >> > > > > > >
> >> > > > > > > Well i'm sure you're java solution will be
> scalable
> >> > > > > > > and
> >> > > > > enterprise
> >> > > > > > > ready enough to allow you plenty of time to fix your
> tie
> >> while
> >> > > you
> >> > > > > > > reassess your paradigm for a more proactive approach.
> >> > > > > > >
> >> > > > > > > On 6/26/06, joshj at linuxmail.org <joshj at linuxmail.org>
> >> > > > > > > <joshj at linuxmail.org> wrote:
> >> > > > > > >
> >> > > > > > > Don't give me that "right tool for the job" malarky
> you
> >> > > > > > > freakin
> >> > > > > > >
> >> > > > > > > Perl
> >> > > > > > >
> >> > > > > > > hippy. Go back to the commune with all the other
> Perl,
> >> PHP,
> >> > > > > > > and
> >> > > > > > >
> >> > > > > > > Python
> >> > > > > > >
> >> > > > > > > programmers.
> >> > > > > > >
> >> > > > > >
> > _______________________________________________
> >> > > > > > > nflug mailing list
> >> > > > > > > nflug at nflug
> .orghttp://www.nflug.org/mailman/listinfo/nflug
> >> > > > > > >
> >> > > > > > > _______________________________________________
> >> > > > > > > nflug mailing list
> >> > > > > > > nflug at nflug
> .orghttp://www.nflug.org/mailman/listinfo/nflug
> >> > > > > > >
> >> > > > > > > Dave J. Andruczyk
> >> > > > > > >
> >> > > > > > > __________________________________________________
> >> > > > > > > Do You Yahoo!?
> >> > > > > > > Tired of spam? Yahoo! Mail has the best spam
> protection
> >> around
> >> > > > > > > http://mail.yahoo.com
> >> > > > > > > _______________________________________________
> >> > > > > > > nflug mailing list
> >> > > > > > > nflug at nflug
> .orghttp://www.nflug.org/mailman/listinfo/nflug
> >> > > > > > >
> >> > > > > > >
> >> > > > > > >
> >> > > > > > > _______________________________________________
> >> > > > > > > nflug mailing list
> >> > > > > > > nflug at nflug.org
> >> > > > > > > http://www.nflug.org/mailman/listinfo/nflug
> >> > > > > > >
> >> > > > > > >
> >> > > > > > >
> >> > > > > >
> >> >> >> _______________________________________________
> >> > > > > nflug mailing list
> >> > > > > nflug at nflug.org
> >> > > > > http://www.nflug.org/mailman/listinfo/nflug
> >> > > > >
> >> > > >
> >> >> _______________________________________________
> >> > > nflug mailing list
> >> > > nflug at nflug.org
> >> > > http://www.nflug.org/mailman/listinfo/nflug
> >> > >
> >> >
> >> _______________________________________________
> >> nflug mailing list
> >> nflug at nflug.org
> >> http://www.nflug.org/mailman/listinfo/nflug
> >>
> >
> >
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.nflug.org/pipermail/nflug/attachments/20070525/402dd390/attachment.html
-------------- next part --------------
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug
More information about the nflug
mailing list