[ Pobierz całość w formacie PDF ]
.The third line defines the type of the worker.I think it was a poorchoice to name the worker ajp12 when it is also type ajp12.You can name a workeranything you want as long as the name consists of letters and numbers.The forthline gives the worker a weight rating for load-balancing purposes.A high numberindicates a powerful machine and when there are multiple machines involved in aload-balanced scenario, the load-balancer worker will choose the worker, which hasthe highest lbfactor first.The same properties for the ajp13 worker are defined in the next four lines in theworkers.propertiesfile.The next two lines define a worker called loadbalancer, which is of type lb andwhich balances workers ajp12 and ajp13 using a round-robin schema.These twolines are:worker.loadbalancer.type=lbworker.loadbalancer.balanced_workers=ajp12, ajp13The next two lines define a worker called inprocessof type jni.This worker sclass_pathis defined by setting the second line to /var/tomcat/classesfor aLinux system:worker.inprocess.type=jniworker.inprocess.class_path=$(workers.tomcat_home)$(ps)classesThe next six lines add six library files to the class path:worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)jaxp.jarworker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)parser.jarworker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)jasper.jarworker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)servlet.jarworker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)webserver.jarworker.inprocess.class_path=$(workers.java_home)$(ps)lib$(ps)tools.jarg4821-2 ch17.F 2/22/02 10:29 AM Page 477Chapter 17 &' Running Java Servlets and JSP Pages with Tomcat477The final class path (on Linux) for the inprocess worker looks as shown here:/var/tomcat/classes:/var/tomcat/lib/jaxp.jar:/var/tomcat/lib/parser.jar:/var/tomcat/lib/jasper.jar:/var/tomcat/lib/servlet.jar:/var/tomcat/lib/webserver.jar:/usr/java/jdk1.3.0_02/lib/tools.jarThe next four lines, as shown below, define a set of command-line options for theinprocess worker:worker.inprocess.cmd_line=-configworker.inprocess.cmd_line=$(workers.tomcat_home)/conf/jni_server.xmlworker.inprocess.cmd_line=-homeworker.inprocess.cmd_line=$(workers.tomcat_home)The next line defines the JVM library path:worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)bin$(ps)classic$(ps)jvm.dllThe JVM library path (on Linux) is/usr/java/jdk1.3.0_02/jre/lib/i386/classic/libjvm.so.So you mustchange the above jvm_libline to be:worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)lib$(ps)i386$(ps)classic$(ps)libjvm.soThe next two lines define the filenames that are used to write the STDOUTandSTDERRfor the inprocess worker:worker.inprocess.stdout=$(workers.tomcat_home)$(ps)inprocess.stdoutworker.inprocess.stderr=$(workers.tomcat_home)$(ps)inprocess.stderrThe STDOUTis written to /var/tomcat/inprocess.stdoutand STDERRis writtento /var/tomcat/inprocess.stderron a Linux system.The final line defines a system property for the inprocess worker.The defaultproperty set by the following line is tomcat.homewith the value /var/tomcaton Linux:worker.inprocess.sysprops=tomcat.home=$(workers.tomcat_home)Configuring Tomcat to use the Java Security ManagerThe Java Security Manager enforces security restrictions on everything Java, whichincludes applets, servlets, JSP, and even Tomcat itself.By using the Java SecurityManager, you can control what each application can or cannot do.Table 17-2 showsthe types of permissions you can set.g4821-2 ch17.F 2/22/02 10:29 AM Page 478Part III &' Running Web Applications478Table 17-2Java Security Manager Permission TypesPermission Type Meaningjava.util.PropertyPermission Controls read/write access to JVM properties suchas java.home.java.lang.RuntimePermission Controls use of some system or run-timefunctions such as exit() and exec().java.io.FilePermission Controls files and directories permissionsjava.net.SocketPermission Controls use of network sockets.java.net.NetPermission Controls use of multicast network connections.java.lang.reflect.Controls use of reflection to do classReflectPermission introspection.java.security.Controls access to security methods.SecurityPermissionjava.security.AllPermission Allows everything, which is effectively same thingas not using the Java Security Manager.The security policies for Tomcat are defined in /var/tomcat/conf/tomcat.policyfile.This file typically grants permissions using the following syntax:grant codeBase code_source {permission_type class [name [, action_list]];};For example, the default /var/tomcat/conf/tomcat.policyfile grants thefollowing permissions:// Example webapp policy// By default we grant read access to webapp dir and// write to workdirgrant codeBase file:${tomcat.home}/webapps/examples {permission java.net.SocketPermission localhost:1024- , listen ;permission java.util.PropertyPermission * , read ;};The files in ${tomcat.home}/webapps/examples(that is,/var/tomcat/webapps/examples) are granted permission to use network sockets to listen on localhostusing 1024 or higher ports and to allow only read access to all JVM properties.g4821-2 ch17.F 2/22/02 10:29 AM Page 479Chapter 17 &' Running Java Servlets and JSP Pages with Tomcat479If you want an application called /var/tomcat/webapps/your_app_nameto connectto the Lightweight Directory Access Protocol (LDAP) server using TCP port 389, thegrant permission that you need is:grant codeBase file:${tomcat.home}/webapps/ app_name {permission java.net.SocketPermission localhost:389 , connect ;permission java.util.PropertyPermission * , read ;};By default, the Java Security Manager is disabled for Tomcat.You must enable itas follows:1.In /var/tomcat/conf/server.xmlfile you should find the following:This default setting disables the Security Manager, so you must remove thecomments so that you have the following instead:2.Restart Tomcat using the -securityoption.For example, /usr/bin/tomcat-securityrestarts Tomcat with Java Security Manager.The JVM will throw an AccessControlExceptionor a SecurityExceptionwhen the Java Security Manager intercepts a security policy violation.Configuring Apache for Servlets and JSPWhen you start Tomcat, it creates a configuration file called /var/tomcat/conf/mod_jk.conf-auto.You need this file to be loaded by Apache to interact withTomcat.To do so, modify httpd.confto add the following line:Include /var/tomcat/conf/mod_jk.conf-autoThe automatically generated mod_jk.conf-autofile has one problem.It instructsApache to load the mod_jk.somodule from a subdirectory called libexecunder theserver s root directory (pointed to by ServerRootdirective in httpd.conf)
[ Pobierz całość w formacie PDF ]