I've been trying the whole day to make Tomcat6 use system proxy settings. Tried various ways, about 200 different Versions of
tomcat6 //US/Tomcat6 ++JvmOptions "-Djava.net.useSystemProxies=true"
I tried to set the property in service.bat in the "install" section like this (also many similar versions):
...
:foundJvm
echo Using JVM: "%PR_JVM%"
"%EXECUTABLE%" //IS//%SERVICE_NAME% --StartClass org.apache.catalina.startup.Bootstrap --StopClass org.apache.catalina.startup.Bootstrap --StartParams start --StopParams stop --JvmOptions "-Djava.net.useSystemProxies=true"
I tried settings this with the tomcat6w GUI. Not sure if it does anything anyway.
Also tried setting JAVA_HOME to JRE and JDK. No difference.
Tried setting -Dhttp.proxyHost=proxyhostURL and -Dhttp.proxyPort=proxyPortNumber. Those at least seem not to be ignored because the connection then failed (used random local ip and port).
Now the fun fact: I can run it through catalina.bat, set the parameter there (CATALINA_OPTS=...) and it works like a charm. So what is that doing there? I would like to have it as a service which would be way more user friendly, but if there's no way to achieve it, I'm willing to consider just throwing catalina.bat into autorun.
So... did anybody ever get that working? Or does anybody have ideas/advices?
Assuming this is on Windows, I found a Registry key under:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\<app-name>\Parameters\Java
The entry is named Options of type REG_MULTI_SZ. This contained all the -D JVM options, one line per option. I added our HTTP/HTTPS proxy name (we're using NTLM authentication proxies)
-Dhttp.proxyHost=proxy.company.local
-Dhttp.proxyPort=8080
-Dhttps.proxyHost=proxy.company.local
-Dhttps.proxyPort=8080
-Dhttp.proxyUser=svc_account
-Dhttp.proxyPassword=svc_Password
Related
I'm running in to an error when I try to run my server application from Eclipse. The error is java.net.BindException: Permission denied. I think this is because I am using port 443 to set up an SSL connection. I can get around this problem if I run my code on the command line using java and sudo. Is there a way to set up Eclipse so that when I hit the run button, my application is executed with sudo?
You can follow these steps to compile/debug applications as superuser.
Rename your java-application
sudo mv /usr/lib/jvm/java-6-openjdk/jre/bin/java /usr/lib/jvm/java-6-openjdk/jre/bin/java.ori
Create following script and store it as /usr/lib/jvm/java-6-openjdk/jre/bin/java
#!/bin/bash
# file: /usr/lib/jvm/java-6-openjdk/jre/bin/java
# descr: Starter for jdk. Runs jdk as root when
# cmd-line-arg "--run-as-root" is specified.
#
jre="/usr/lib/jvm/java-6-openjdk/jre/bin/java.ori"
run_as_root=false
args=
# Filter command-line argument
for arg in "$#"
do
case "$arg" in
--run-as-root) run_as_root=true
;;
*) args="$args $arg"
;;
esac
done
# Remove leading whitespaces
args=$(echo $args | sed -e 's/^[ \t]*//')
if $run_as_root
then
echo "WARNING: Running as root!"
gksu "$jre $args"
else
$jre $args
fi
Change the permissions to make it executable
sudo chmod 0755 /usr/lib/jvm/java-6-openjdk/jre/bin/java
Startup eclipse
Go to Window->Preferences->Java->Installed JREs
Duplicate java-6-openjdk to java-6-openjdk-root
Edit JRE and add "--run-as-root" as Default VM Argument
To run projects as root you need to follow these steps:
Go to Project->Properties->Java Build Path
Double-Click the JRE System Library and choose in Alternate JRE "java-6-openjdk-root"
Note: The idea is from http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852
Assuming you are on Linux (*nix),
How about starting your eclipse session via a sudo command?
Such as
sudo ~/eclipse/eclipse
Now whatever you do from eclipse will have the sudo context?
As mentioned in this thread:
In order to open a port below 1024 on Unix/Linux systems you need to be
"root".
I also used the argument -Dorg.eclipse.equinox.http.jetty.port=8080 to change the listen port, but this seems to be ignored (according to the stacktrace)
Please use "-Dorg.osgi.service.http.port=8080".
As mentioned in HTTP Service:
org.osgi.service.http.port - specifies the port number to use for the http serving. The default value for this property is 80 (which requires root permission), as per the OSGi specification.
org.osgi.service.http.port.secure - specifies the port number to use for secure http serving. The default value for this property is 443 (which requires root permission), as per the OSGi specification.
Maybe if you try to modify that last property to a value above 1024 it could work without requiring any special privilege.
Another option would be to use iptables or ipfilter to forward port 80 to a port above 1024.
(Can someone contribute a link to a practical and easy-to-understand explanation ?)
A better answer, perhaps, if this serves your needs AND is possible, could be simple port redirection on your router.
Instead of trying to force your linux/unix to open a reserved port, when you are only developing this now (not installing) and you want to run it in a debugger,
set your router to redirect incoming (external) port 443 to a port that is more convenient for your current needs (say 4443).
I think most routers support this, and if yours doesn't it gives your mum a good christmas or birthday present idea!
I am writing C not Java but this should work in either case.
I use remote debug - define a "remote" connection to LOCALHOST which allows you to specify the user you will connect with, specify ROOT. Then define a Remote Application in debug configuration connection: LOCALHOST. Be sure to check "skip download to target path" at the bottom of the main tab as well as under the connection properties window.
You can use Remote Java Application mechanism for this.
Create Debug configuration for Remote Java Application
section in Run -> Debug configurations...
Set your project name
Choose Connection type as Standard (Socket Attach)
Configure Connection properties parameters for your binding
(for you it will be localhost and 443).
Set breakpoint in your app (e.g. at the beginning of the main method)
Run your app from terminal as superuser with following command: java -Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp
Hit debug button in Eclipse for early created Remote Java Application
You code should be stopped on breakpoint in Eclipse!
If you use External tools (Run menu/External tools or an icon next to the Run/Debug icons on the toolbar), you can use any scripts or whatever you like. The scripts may give you elevated rights, or whatever.
On the other hand, this way debugging the application can become very hard, as neither the Run nor Debug commands get associated with this External tool configuration. Maybe it is possible to connect the Eclipse debugger of the application, but I don't know, how that is possible.
You may go this way
create a Makefile with javac calls
add the following line:
setcap 'cap_net_admin=+ep' Server
configure sudo to allow your Eclipse user to run setcap.
So you will have a transparent debugging (no sudo wrapper - gdb ok).
Cons: it is a local security breach.
Solution:
put this to /opt/my-stupid-eclipse
#!/bin/sh
setcap 'cap_net_admin=+ep cap_net_raw=+ep' $1
chmod +x this script and whitelist it on sudo config.
username ALL=(ALL) NOPASSWD: /opt/my-stupid-eclipse
Add it to your makefile, specify path to your Server binary.
Now you have pretty strange but secure script, that cannot be changed by other users... and still a little breach for replacing Server binary with any malicious code, that will gain caps, so no filename check/stricts will help.. can $1 be contaminated with bash commands, no? Guess, no.
Tomcat is not starting in debug mode. Getting below logs.
C:\ApacheSoft\apache-tomcat-7.0.67\bin>catalina.bat jpda start
Using CATALINA_BASE: "C:\ApacheSoft\apache-tomcat-7.0.67"
Using CATALINA_HOME: "C:\ApacheSoft\apache-tomcat-7.0.67"
Using CATALINA_TMPDIR: "C:\ApacheSoft\apache-tomcat-7.0.67\temp"
Using JRE_HOME: "C:\Program Files\Java\jdk1.7.0_79"
Using CLASSPATH: "C:\ApacheSoft\apache-tomcat-7.0.67\bin\bootstrap.jar;C:\ApacheSoft\apache-tomcat-7.0.67\bin\tomcat-juli.jar"
=transport=dt_socket was unexpected at this time.
Let me guess, you read a link called "HOW TO REMOTELY DEBUG APPLICATION RUNNING ON TOMCAT FROM WITHIN INTELLIJ IDEA" on blog.trifork.com.
The instructions say to do this for Windows in your setenv.bat:
set JPDA_OPTS="-agentlib:jdwp=transport=dt_socket, address=1043, server=y, suspend=n"
Yeah, that's not going to work. catalina.bat adds its own quotes, so it winds up trying to do this:
if not ""-agentlib:jdwp=transport=dt_socket, address=1043, server=y, suspend=n"" == "" goto gotJpdaOpts
A better plan is to do this:
set JPDA_OPTS=-agentlib:jdwp=transport=dt_socket,address=1043,server=y,suspend=n
I know this is from almost a year ago, but I ran into this, and ultimately had to remove "#echo off" from the Tomcat batch files and chase this down myself. Hopefully, this will get voted up so that it can save someone else this grief.
There is another possibility that you configure both two different ways to enable JPDA in jvm during starting tomcat in remote debug mode.
In windows, there're several ways to enable JPDA in jvm.
1.one way is :
open the startup.bat.
add the lines below
set JPDA_ADDRESS=8001
set JPDA_TRANSPORT=dt_socket
call "%EXECUTABLE%" jpda start %CMD_LINE_ARGS%
2.the second way is:
create a setenv.bat file under CATALINA_HOME/bin directory.
and add the line below:
set JPDA_OPTS=-agentlib:jdwp=transport=dt_socket, address=1043, server=y, suspend=n
of course, they're other ways.
I have the same problem with you, but then I found I configured in these ways both, it will result in the failure to open the JPDA port, without any error details.
Then I chose the method 1 only, the port was opened successfully.
Hope this can help other newbies on this.
The space char in C:\Program Files\Java\jdk1.7.0_79 cause the problem.
Replace it with short name could solve the problem.
Execute command dir c:\PROGRA~1\Java\jdk1.7.0_79 and check the file list to verify whether PROGRA~1 is correct. If not, try PROGRA~2 and so on...
Then change environment variable JAVA_HOME or JRE_HOME to try again.
I have been running a Tomcat 6.0.37 server for quite some time via the startup.bat.Now I want to run tomcat as a service that starts automatically when the machine starts up.
I created the service with the bat : service.bat install.This created the service succesfully.When trying to start it however I get the error in the title.I then tried running just the exe(tomcat6.exe).This gave me the exact same error.
I have checked that CATALINA_HOME,JAVA_HOME and JRE_HOME is set correctly.bootstrap.jar does exist in tomcat/bin.Path to the jvm is correct.jvm.dll does exist in jre6/bin/server.
I also found a thread with a different class missing where they said rt.jar was missing from the jre,I checked this and mine exists in jre6/lib/.I really don't have anymore ideas as to what can be wrong.
try to update the service by executing (adapt to your path):
C:\> tomcat6 //US//Tomcat6 --Description="Apache Tomcat Server - http://tomcat.apache.org/ " \
C:\> --Startup=auto --Classpath=%JAVA_HOME%\lib\tools.jar;%CATALINA_HOME%\bin\bootstrap.jar
US means: update service.
This should fix the classpath.
All the necessary information are in the official website:
http://tomcat.apache.org/tomcat-6.0-doc/windows-service-howto.html
Recommend using one of the "Java as a Windows Service" frameworks as they handle adding JARs to the classpath, etc. This can be done manually however via the "java -cp {set your classpath here...}" options as well.
I need to disable IPv6. For that the java documentation indicates setting jvm property java.net.preferIPv4Stack=true.
But I don't understand how to do it from the code itself.
Many forums demonstrated doing it from the command prompt, but I need to do it at runtime.
You can use System.setProperty("java.net.preferIPv4Stack" , "true");
This is equivalent to passing it in the command line via -Djava.net.preferIPv4Stack=true
Another approach, if you're desperate and don't have access to (a) the code or (b) the command line, then you can use environment variables:
http://docs.oracle.com/javase/7/docs/webnotes/tsg/TSG-Desktop/html/plugin.html.
Specifically for java web start set the environment variable:
JAVAWS_VM_ARGS
and for applets:
_JPI_VM_OPTIONS
e.g.
_JPI_VM_OPTIONS=-Djava.net.preferIPv4Stack=true
Additionally, under Windows global options (for general Java applications) can be set in the Java control plan page under the "Java" tab.
I ran into this very problem trying to send mail with javax.mail from a web application in a web server running Java 7. Internal mail server destinations failed with "network unreachable", despite telnet and ping working from the same host, and while external mail servers worked. I tried
System.setProperty("java.net.preferIPv4Stack" , "true");
in the code, but that failed. So the parameter value was probably cached earlier by the system. Setting the VM argument
-Djava.net.preferIPv4Stack=true
in the web server startup script worked.
One further bit of evidence: in a very small targeted test program, setting the system property in the code did work. So the parameter is probably cached when the first Socket is used, probably not just as the JVM starts.
well,
I used System.setProperty("java.net.preferIPv4Stack" , "true"); and it works from JAVA, but it doesn't work on JBOSS AS7.
Here is my work around solution,
Add the below line to the end of the file ${JBOSS_HOME}/bin/standalone.conf.bat (just after :JAVA_OPTS_SET )
set "JAVA_OPTS=%JAVA_OPTS% -Djava.net.preferIPv4Stack=true"
Note: restart JBoss server
you can set the environment variable JAVA_TOOL_OPTS like as follows, which will be picked by JVM for any application.
set JAVA_TOOL_OPTS=-Djava.net.preferIPv4Stack=true
You can set this from the command prompt or set in system environment variables, based on your need. Note that this will reflect into all the java applications that run in your machine, even if it's a java interpreter that you have in a private setup.
System.setProperty is not working for applets. Because JVM already running before applet start. In this case we use applet parameters like this:
deployJava.runApplet({
id: 'MyApplet',
code: 'com.mkysoft.myapplet.SomeClass',
archive: 'com.mkysoft.myapplet.jar'
}, {
java_version: "1.6*", // Target version
cache_option: "no",
cache_archive: "",
codebase_lookup: true,
java_arguments: "-Djava.net.preferIPv4Stack=true"
},
"1.6" // Minimum version
);
You can find deployJava.js at https://www.java.com/js/deployJava.js
I'm running in to an error when I try to run my server application from Eclipse. The error is java.net.BindException: Permission denied. I think this is because I am using port 443 to set up an SSL connection. I can get around this problem if I run my code on the command line using java and sudo. Is there a way to set up Eclipse so that when I hit the run button, my application is executed with sudo?
You can follow these steps to compile/debug applications as superuser.
Rename your java-application
sudo mv /usr/lib/jvm/java-6-openjdk/jre/bin/java /usr/lib/jvm/java-6-openjdk/jre/bin/java.ori
Create following script and store it as /usr/lib/jvm/java-6-openjdk/jre/bin/java
#!/bin/bash
# file: /usr/lib/jvm/java-6-openjdk/jre/bin/java
# descr: Starter for jdk. Runs jdk as root when
# cmd-line-arg "--run-as-root" is specified.
#
jre="/usr/lib/jvm/java-6-openjdk/jre/bin/java.ori"
run_as_root=false
args=
# Filter command-line argument
for arg in "$#"
do
case "$arg" in
--run-as-root) run_as_root=true
;;
*) args="$args $arg"
;;
esac
done
# Remove leading whitespaces
args=$(echo $args | sed -e 's/^[ \t]*//')
if $run_as_root
then
echo "WARNING: Running as root!"
gksu "$jre $args"
else
$jre $args
fi
Change the permissions to make it executable
sudo chmod 0755 /usr/lib/jvm/java-6-openjdk/jre/bin/java
Startup eclipse
Go to Window->Preferences->Java->Installed JREs
Duplicate java-6-openjdk to java-6-openjdk-root
Edit JRE and add "--run-as-root" as Default VM Argument
To run projects as root you need to follow these steps:
Go to Project->Properties->Java Build Path
Double-Click the JRE System Library and choose in Alternate JRE "java-6-openjdk-root"
Note: The idea is from http://www.eclipse.org/forums/index.php/mv/msg/87353/724852/#msg_724852
Assuming you are on Linux (*nix),
How about starting your eclipse session via a sudo command?
Such as
sudo ~/eclipse/eclipse
Now whatever you do from eclipse will have the sudo context?
As mentioned in this thread:
In order to open a port below 1024 on Unix/Linux systems you need to be
"root".
I also used the argument -Dorg.eclipse.equinox.http.jetty.port=8080 to change the listen port, but this seems to be ignored (according to the stacktrace)
Please use "-Dorg.osgi.service.http.port=8080".
As mentioned in HTTP Service:
org.osgi.service.http.port - specifies the port number to use for the http serving. The default value for this property is 80 (which requires root permission), as per the OSGi specification.
org.osgi.service.http.port.secure - specifies the port number to use for secure http serving. The default value for this property is 443 (which requires root permission), as per the OSGi specification.
Maybe if you try to modify that last property to a value above 1024 it could work without requiring any special privilege.
Another option would be to use iptables or ipfilter to forward port 80 to a port above 1024.
(Can someone contribute a link to a practical and easy-to-understand explanation ?)
A better answer, perhaps, if this serves your needs AND is possible, could be simple port redirection on your router.
Instead of trying to force your linux/unix to open a reserved port, when you are only developing this now (not installing) and you want to run it in a debugger,
set your router to redirect incoming (external) port 443 to a port that is more convenient for your current needs (say 4443).
I think most routers support this, and if yours doesn't it gives your mum a good christmas or birthday present idea!
I am writing C not Java but this should work in either case.
I use remote debug - define a "remote" connection to LOCALHOST which allows you to specify the user you will connect with, specify ROOT. Then define a Remote Application in debug configuration connection: LOCALHOST. Be sure to check "skip download to target path" at the bottom of the main tab as well as under the connection properties window.
You can use Remote Java Application mechanism for this.
Create Debug configuration for Remote Java Application
section in Run -> Debug configurations...
Set your project name
Choose Connection type as Standard (Socket Attach)
Configure Connection properties parameters for your binding
(for you it will be localhost and 443).
Set breakpoint in your app (e.g. at the beginning of the main method)
Run your app from terminal as superuser with following command: java -Xdebug -Xrunjdwp:transport=dt_socket,server=y,address=443 MyApp
Hit debug button in Eclipse for early created Remote Java Application
You code should be stopped on breakpoint in Eclipse!
If you use External tools (Run menu/External tools or an icon next to the Run/Debug icons on the toolbar), you can use any scripts or whatever you like. The scripts may give you elevated rights, or whatever.
On the other hand, this way debugging the application can become very hard, as neither the Run nor Debug commands get associated with this External tool configuration. Maybe it is possible to connect the Eclipse debugger of the application, but I don't know, how that is possible.
You may go this way
create a Makefile with javac calls
add the following line:
setcap 'cap_net_admin=+ep' Server
configure sudo to allow your Eclipse user to run setcap.
So you will have a transparent debugging (no sudo wrapper - gdb ok).
Cons: it is a local security breach.
Solution:
put this to /opt/my-stupid-eclipse
#!/bin/sh
setcap 'cap_net_admin=+ep cap_net_raw=+ep' $1
chmod +x this script and whitelist it on sudo config.
username ALL=(ALL) NOPASSWD: /opt/my-stupid-eclipse
Add it to your makefile, specify path to your Server binary.
Now you have pretty strange but secure script, that cannot be changed by other users... and still a little breach for replacing Server binary with any malicious code, that will gain caps, so no filename check/stricts will help.. can $1 be contaminated with bash commands, no? Guess, no.