lizongbo at 618119.com

出错信息为：

[code]
2007-11-02 11:33:41,471 ERROR [org.jboss.cache.transaction.DummyTransactionManager] - <binding of DummyTransactionManager failed>
javax.naming.NamingException: Context is read only
at org.apache.naming.NamingContext.checkWritable(NamingContext.java:903)

at org.apache.naming.NamingContext.bind(NamingContext.java:831)
at org.apache.naming.NamingContext.bind(NamingContext.java:171)
at org.apache.naming.NamingContext.bind(NamingContext.java:187)
at org.apache.naming.SelectorContext.bind(SelectorContext.java:171)
at javax.naming.InitialContext.bind(InitialContext.java:359)
at org.jboss.cache.transaction.DummyTransactionManager.getInstance(DummyTransactionManager.java:42)
at org.jboss.cache.transaction.GenericTransactionManagerLookup

.getTransactionManager (GenericTransactionManagerLookup.java:92)
at org.jboss.cache.CacheImpl.createTransactionManager(CacheImpl.java:660)
at org.jboss.cache.CacheImpl.internalStart(CacheImpl.java:726)
at org.jboss.cache.CacheImpl.start(CacheImpl.java:708)
at org.jboss.cache.DefaultCacheFactory.createCache(DefaultCacheFactory.java:79)
[/code]
这是因为我们通常是使用了JbossCache 自带的配置文件样本来进行配置的。
配置文件中默认是这样配置的：
<attribute name=”TransactionManagerLookupClass”>org.jboss.cache.transaction.GenericTransactionManagerLookup
</attribute>

而通过查看 org.jboss.cache.transaction.DummyTransactionManager.java的代码可以发现，
在创建TransactionManager的时候执行了一个Context。bind绑定操作。
出错信息用 log.error写入日志里：

代码为：[code]
public static DummyTransactionManager getInstance()
{
if (instance == null)
{
instance = new DummyTransactionManager();
try
{
Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY, “org.jboss.cache.transaction.DummyContextFactory”);
Context ctx = new InitialContext(p);
ctx.bind(”java:/TransactionManager”, instance);
ctx.bind(”UserTransaction”, new DummyUserTransaction(instance));
}
catch (NamingException e)
{
log.error(”binding of DummyTransactionManager failed”, e);
}
}
return instance;
}
[/code]

jboss官方网站有相关讨论：
http://jboss.org/?module=bb&op=viewtopic&t=98997

解决办法也很简单，就是将 TransactionManagerLookupClass指定为自己实现的MyTransactionManagerLookup

MyTransactionManagerLookup。java 代码如下 ：
[code]

package com.lizongbo.jbosscache;

import org.jboss.cache.transaction.TransactionManagerLookup;
import javax.transaction.TransactionManager;
import org.jboss.cache.transaction.BatchModeTransactionManager;

public class MyTransactionManagerLookup implements TransactionManagerLookup {
public TransactionManager getTransactionManager() throws Exception {
return new BatchModeTransactionManager();
}

}
[/code]

修改后的配置文件为：

<!–
Configure the TransactionManager
–>
<attribute name=”TransactionManagerLookupClass”>com.lizongbo.jbosscache.MyTransactionManagerLookup</attribute>

Tags: cache, Context, JbossCache, JNDI, Tomcat, TransactionManager

Related posts

• 配置独立运行的jsp预编译ant脚本 (0)
• 开张了。 (0)
• 对tomcat cluster集群配置中session复制用法的一个误解 (0)
• 在Apache Tomcat上安装Wordpress 2.3 (0)
• Tomcat遇到”Error listenerStart”或”Error filterStart”问题且无详细日志时的log配置. (0)

httpd-vhosts.conf的配置例子如下：

#
# Virtual Hosts
#
# If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn’t need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL: http://httpd.--escaped_anchor:3470e7efc9d2fc0f6a96039a71c7a880--.org/docs/2.2/vhosts/ >
# for further details before you try to setup virtual hosts.
#
# You may use the command line option ‘-S’ to verify your virtual host
# configuration.

#
# Use name-based virtual hosting.
#

LoadModule headers_module modules/mod_headers.so
LoadModule expires_module modules/mod_expires.so

ExpiresActive On
ExpiresByType text/css A259200
#text/css类型文件的过期设置为“访问后的259200秒”
ExpiresByType application/x-javascript A259200
# application/x-javascript类型文件的过期设置为“访问后的300秒”
ExpiresByType image/png A2592000
#image/png类型文件的过期设置为“访问后的2592000秒”
ExpiresByType image/gif A2592000
#image/gif类型文件的过期设置为“访问后的2592000秒”
ExpiresByType application/x-shockwave-flash A2592000
# application/x-shockwave-flash类型文件的过期设置为“访问后的2592000秒”

LoadModule deflate_module modules/mod_deflate.so
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/javascript text/css

NameVirtualHost *

#
# VirtualHost example:
# Almost any Apache directive may go into a VirtualHost container.
# The first VirtualHost section is used for all requests that do not
# match a ServerName or ServerAlias in any <VirtualHost> block.
#

LoadModule jk_module modules/mod_jk-apache-2.2.4.so

JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JklogLevel error
JkOptions +ForwardURICompatUnparsed
JkOptions +ForwardSSLCertChain

<VirtualHost *>
ServerAdmin admin@www.618119.com
DocumentRoot /www/docs/www.618119.com
ServerName 618119.com
ServerAlias www.618119.com
ErrorLog logs/www.618119.com-error.log
CustomLog “|bin/cronolog.exe logs/www.618119.com-access%Y%m%d.log” combined
JkMount / www
JkMount /* www
JkMount /jkstatus jkstatus
<Location /jkstatus>
Order deny,allow
Allow from 127.
</Location>

</VirtualHost>

<VirtualHost *>
ServerAdmin admin@blog.618119.com
DocumentRoot /www/docs/blog.618119.com
ServerName www.blog.618119.com
ServerAlias *.blog.618119.com
ErrorLog logs/blog.618119.com-error.log
CustomLog “|bin/cronolog.exe logs/blog.618119.com-access%Y%m%d.log” combined
JkMount /* blog
JkMount /jkstatus jkstatus
<Location /jkstatus>
Order deny,allow
Allow from 127.
</Location>
</VirtualHost>

<VirtualHost *>
ServerAdmin admin@www.618119.com
DocumentRoot /www/docs/lizongbo.618119.com
ServerName lizongbo.618119.com
ErrorLog logs/lizongbo.618119.com-error.log
CustomLog “|bin/cronolog.exe logs/lizongbo.618119.com-access%Y%m%d.log” combined
JkMount / ring
JkMount /* ring

</VirtualHost>

(more…)

Tags: ajp13, Apache, mod_jk, Tomcat, vhost

Related posts

• 配置独立运行的jsp预编译ant脚本 (0)
• 给wordpress加上记录Combined格式日志的功能 (0)
• 开张了。 (0)
• 在Tomcat 6.0.14中安装配置awstats (0)
• 在Apache Tomcat上安装Wordpress 2.3 (0)

Tomcat的apr组件是使用JNI用来提升Tomcat的系统性能，在启用apr特性之后，Tomcat的 https功能不能使用JSSE的证书配置，
而需要使用OpenSSL,对于clientAuth的双向认证配置，也与一般方式不同，经过试验，摸索出配置步骤如下：

证书文件的制作步骤如下:

下载并安装openvpn,然后在
C:\Program Files\OpenVPN\easy-rsa下根据readme指导的步骤生成根证书,服务器证书(非自签名证书),客户端证书.

我的具体步骤:
1.命令行下进入 C:\Program Files\OpenVPN\easy-rsa
首先运行init-config.bat
当前目录下会生成openssl.cnf和vars.bat
2.编辑vars,bat,修改以下变量,保存文件.
set KEY_SIZE=2048
set KEY_COUNTRY=CN
set KEY_PROVINCE=GD
set KEY_CITY=ShenZhen
set KEY_ORG=zongbo.Inc
set KEY_EMAIL=lizongbo@618119.com

3.命令行下运行
vars.bat
clean-all
4.创建ca证书
1. vars
2. build-ca
5.创建服务器公匙密码
(由于KEY_SIZE设置成了2048,因此可能需要很长的是时间才能创建,此时可以改回1024)
1. vars
2. build-dh

6.创建服务器证书和key.
1. vars
2. build-key-server www

7.创建客户端证书(创建可导入的格式)
1. vars
2. build-key-pkcs12 lizongbo

以下是整个命令执行的过程

C:\Program Files\OpenVPN\easy-rsa>init-config

C:\Program Files\OpenVPN\easy-rsa>copy vars.bat.sample vars.bat
已复制 1 个文件。

C:\Program Files\OpenVPN\easy-rsa>copy openssl.cnf.sample openssl.cnf
已复制 1 个文件。

C:\Program Files\OpenVPN\easy-rsa>vars.bat

C:\Program Files\OpenVPN\easy-rsa>clean-all
系统找不到指定的文件。
已复制 1 个文件。
已复制 1 个文件。

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>build-ca
Loading ’screen’ into random state - done
Generating a 2048 bit RSA private key
…………………………………..+++
……………………………………………………………………..
……………………………………………………………………..
…………………….+++
writing new private key to ‘keys\ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:CN
State or Province Name (full name) [GD]:GD
Locality Name (eg, city) [ShenZhen]:ShenZhen
Organization Name (eg, company) [zongbo.Inc]:zongbo.Inc
Organizational Unit Name (eg, section) []:lzb.Inc
Common Name (eg, your name or your server’s hostname) []:ca.lizongbo.com
Email Address [lizongbo@618119.com]:lizongbo@618119.com

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>build-dh
Loading ’screen’ into random state - done
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
………………………………………………..+……………..+…..
……………………………………………………………..+……..
……………………………………………………………………..
………………….+…………………………………………………
……………………………………………………………………..
……………………………………………………………………..
…………………..+…………………………………………..+…..
…………………………………+………………………..+……….
……………………………………………………………..+……..
………………………………………………………….+…………
………………………….+…………………………………………
……………………………………………………………+……….
……………………………………………………………………..
…+…………………………………+………..+……………………
………………………………+…………………………………….
……………………………………………………………………..
.+………………………………………………………………+…..
……………………………………………………………………..
………………………………………………………….+…………
…………………………………………
C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>build-key-server www
Loading ’screen’ into random state - done
Generating a 2048 bit RSA private key
……….+++
…………………………….+++
writing new private key to ‘keys\www.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:CN
State or Province Name (full name) [GD]:GD
Locality Name (eg, city) [ShenZhen]:ShenZhen
Organization Name (eg, company) [zongbo.Inc]:zongbo.Inc
Organizational Unit Name (eg, section) []:lzb.Inc
Common Name (eg, your name or your server’s hostname) []:www.618119.com
Email Address [lizongbo@618119.com]:lizongbo@618119.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:lizongbo
An optional company name []:lzb.cmp
Using configuration from openssl.cnf
Loading ’screen’ into random state - done
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’CN’
stateOrProvinceName :PRINTABLE:’GD’
localityName :PRINTABLE:’ShenZhen’
organizationName :PRINTABLE:’zongbo.Inc’
organizationalUnitName:PRINTABLE:’lzb.Inc’
commonName :PRINTABLE:’www.618119.com’
emailAddress :IA5STRING:’lizongbo@618119.com’
Certificate is to be certified until Sep 17 02:27:21 2017 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\Program Files\OpenVPN\easy-rsa>vars

C:\Program Files\OpenVPN\easy-rsa>build-key lizongbo
Loading ’screen’ into random state - done
Generating a 2048 bit RSA private key
……………+++
……………………+++
writing new private key to ‘keys\lizongbo.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:CN
State or Province Name (full name) [GD]:GD
Locality Name (eg, city) [ShenZhen]:ShenZhen
Organization Name (eg, company) [zongbo.Inc]:zongbo.Inc
Organizational Unit Name (eg, section) []:lzb.Inc
Common Name (eg, your name or your server’s hostname) []:lizongbo
Email Address [lizongbo@618119.com]:lizongbo@618119.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:lizongbo
An optional company name []:lzb.cmp
Using configuration from openssl.cnf
Loading ’screen’ into random state - done
DEBUG[load_index]: unique_subject = “yes”
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName :PRINTABLE:’CN’
stateOrProvinceName :PRINTABLE:’GD’
localityName :PRINTABLE:’ShenZhen’
organizationName :PRINTABLE:’zongbo.Inc’
organizationalUnitName:PRINTABLE:’lzb.Inc’
commonName :PRINTABLE:’lizongbo’
emailAddress :IA5STRING:’lizongbo@618119.com’
Certificate is to be certified until Sep 17 02:28:38 2017 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

C:\Program Files\OpenVPN\easy-rsa>

证书文件的安装步骤如下:

在IE中 :
在资源管理其中,双击easy-rsa\keys\ca.crt,导入根证书.双击www.crt,导入服务器证书,双击lizongbo.p12,导入客户端证书.

在Firefox中:

主菜单–>工具–>选项–>加密,察看证书–>证书机构->导入,选择ca.crt,导入之后,选中刚导入的证书,然后点”编辑”,将三项新任设置全部打上钩.

切换面板到”web站点”,导入,选择www.crt,导入之后,选中刚导入的证书,然后点”编辑”,选择”信任此证书的认证”

切换到”您的证书”,导入,选择lizongbo.p12, 输入生成证书时设置的密码,导入成功.
(Firefox中如果不首先导入根证书，Firefox会提示-12227错误，”接收到错误或未期望的消息，错误号-12227 “, 与IE的表现不同)
(more…)

Tags: -12227, APR, clientAuth, https, openssl, Tomcat

Related posts

• 配置独立运行的jsp预编译ant脚本 (0)
• 配置windows下的curl来获取https页面内容 (2)
• 慎用ByteBuffer.allocateDirect (0)
• 开张了。 (0)
• 对tomcat cluster集群配置中session复制用法的一个误解 (0)