I would like to enable Tomcat access logging in GraphDB embedded Tomcat. Does anyone know if this is possible, and eventually how to do it?
If there isn't a specific reason to use Tomcat logging you can use instead GraphDB own audit logging. It does basically the same thing plus options like logging for specific headers and other.
http://graphdb.ontotext.com/documentation/free/security-auditing.html
Related
I have to configure SVN server. I am evaluating two approaches
With Apache.
Without Apache as a OS(Windows) service.
If I go with Apache, I will have browser level access too, which I consider an added advantage.
What approach should I take ?
You want apache - your flexibility and options for logging, authentication and authorization are way richer.
I have web service deployed in my system under Glassfish server. When I try to access it from another system using my IP and port number it shows an access control origin error.
I tried to solve this by putting a accesscrossdomain.xml file in my Glassfish docroot folder, but the error still continues.
What can be done to solve this issue?
You are likely running into the default configuration, which disables remote administration by default for security reasons. This means no SSL while logging into the administration console, no admin password, etc.
GlassFish Server has excellent documentation. For this particular issue, this section of the Security Guide should help. Basically, you'll want to run "asadmin enable-secure-admin". To learn more about secure admin, read this section of the Security Guide.
Does anyone know of a tool that shows a visualization of an Apache HTTPD server configuration? I'm looking for something that I can run against a DMZ server that does a lot of ReverseProxy mapping. I have inherited 3 Apache servers that have ~100 VirtualHosts. It would be nice to be able to see for each VHOST what the specific configuration setting apply to each one. Where are the Error pages coming from for the host, locally globally or from the DMZ server? Things like HTTP Trace method that I cannot seem to turn off (despite the use of TraceEnable and Rewrite rules)
Are there any higher level tools for managing Apache configurations, dependencies and visualizing the relationships between servers?
Any/all replies appreciated.
Take a look at http://www.apache-gui.com/ might be useful?
When testing various authentication solutions (my own LoginModule etc) in JBoss, it seemed to me that sometimes when I redeployed a change or otherwise provoked the login form to show, that JBoss didn't actually call the authentication module.
Just wondering if there is some type of short term caching going on?
I tested both from a web application (taking care to delete cookies etc) and from a fat RMI java client.
Of course, If I restarted JBoss, the full authentication process was followed.
Is there a cache, and if so, can it be disabled for development purposes?
Yes, JBoss caches authentication information by default for a few minutes.
To disable caching, set DefaultCacheTimeout to 0 in the configuration for the JaasSecurityManagerService. The configuration is in the "jboss-service.xml" file.
For more info and various ways to flush the cache, see CachingLoginCredentials at jboss.org.
I've been trying to mug up on Glassfish and one thing that keeps coming up is the "how-to" on fronting Glassfish with Apache. Unfortunately, I have yet to find a description of why you would want to do this!
From my experimentation, Glassfish seems like a pretty fully featured web server-type service; but I might be missing a lot. So, is the notion of front-ending Glassfish more of a solution to integrate it with an existing architecture, or does front-ending (in a pure Java environment) provide extra benefits?
There's also another valid use case as to why we front Glassfish with Apache. Apache in this instance would function as a reverse proxy for increased security of your Glassfish. The RP is configured to allow only certain URLs to be passed through to the application server. For e.g., you may have app contexts /myApp and /myPrivApp deployed in Glassfish. In the RP server, you only configure /myApp to be passed to Glassfish. Anybody requesting for /myPrivApp would see a 404 'cos the request stops right at the RP level.
In one of my deployments, I have a bunch of WARs deployed, some for users coming from the internet, some for intranet only. I have 2 RPs running, one for internet users and the other for intranet. I configure the internet RP to only allow URLs for approved internet applications to pass through while intranet users get to see everything.
Hope that helps.
It is usually used to speed things up. Since apache is a very fast web server it is used to deliver static content. Like images, CSS files and so on. Glassfish serves the dynamic content (servlets, JSPs) in this scenario.
Another reason for using Apache as a frontend to Glassfish is the possibility to provide load balancing across a Glassfish cluster. See http://tiainen.sertik.net/2011/03/load-balancing-with-glassfish-31-and.html for details.
A other reason is that glassfish cannot run (easily) on port 80, without giving it root rights of course.
So, for most users it's easer to run a proxy (apache, nginx, varnish) some sort in front of apache and have both servers run under a normal user.
Then you have a other advantage of some configurations options of your front end. Like others mentioned, caching for example.