tomcat user runs fedora

Instructions from tomcat install

From tomcat manual
3.5. Running Tomcat as Non-Root User I don't believe there any issues with running Tomcat as root user. However, for the more security-conscious readers out there, here are some instructions on running Tomcat as a non-root user. At this stage, the Tomcat packages, files and binaries are owned by root. We will first need to create a Tomcat user and group that will own these files, and under which Tomcat will run. Tomcat User :: tomcat Tomcat Group :: tomcat Not too imaginative, huh ? We will now create the Tomcat user and group. Open a terminal window and, as root, # groupadd tomcat # useradd -g tomcat -d /opt/tomcat tomcat # passwd tomcat Notice that we specified the home directory of Tomcat to be /opt/tomcat. Some people believe that this is good practice because it eliminates an additional home directory that needs to be administered. Now, we will put everything in /opt/tomcat under Tomcat user and group. As root, # chown -R tomcat:tomcat /opt/tomcat If /opt/tomcat is a symlink to your Tomcat install directory, you'll need to do this: # chown -R tomcat:tomcat /opt/jakarta-tomcat-5.x.xx Verify that JAVA_HOME and CATALINA_HOME environment variables are setup for tomcat user, and you should be good to go. Once the Tomcat binaries are under Tomcat user, the way you invoke it will be different. To start Tomcat, # su - tomcat -c /opt/tomcat/bin/startup.sh To stop Tomcat, # su - tomcat -c /opt/tomcat/bin/shutdown.sh
In my case replace these commands with
su - tomcat -c /usr/local/fedora/tomcat/bin/startup.sh and
su - tomcat -c /usr/local/fedora/tomcat/bin/shutdown.sh Also, be aware that your web applications will need to be deployed (i.e. copied to the web application directories) as user tomcat, instead of root. A little more hassle, but possibly a little safer too.

Lines added to /etc/profile

The tomcat user needed access to a few envirnoment variables so I added the following lines to /etc/profile

# User specific aliases and functions
export JAVA_HOME=/usr/lib/jvm/jre-1.6.0-openjdk.x86_64
export FEDORA_HOME=/usr/local/fedora
export PATH=$PATH:$FEDORA_HOME/server/bin:$FEDORA_HOME/client/bin:$JAVA_HOME/bin
export CATALINA_HOME=$FEDORA_HOME/tomcat
export UWDCUTIL_HOME=/usr/local/uwdcutils-1.0

Posted by Jeffrey Silvis at 11:24 AM | Permalink | Comments (0)

Reaching the Fedora Repository from a remote box ... localhost issue

I was trying to contact a fedora box from a remote box and I had the problem that when I hit links within Fedora, the word "localhost" kept appearing in the URL. This resolved to a "404" because Fedora is not on my box. I fixed this by editing:
$FEDORA_HOME/server/config/fedora.fcfg and changing the line: <param name="fedoraServerHost" value="localhost"> In the line above, I replaced the word "localhost" with the actual IP address.

Posted by Jeffrey Silvis at 3:01 PM | Permalink | Comments (0)

Turning XACML ON and OFF in Fedora

2.1 Enabling/Disabling XACML Policy Enforcement To enable/disable XACML policy enforcement in Fedora, use the Fedora configuration file (fedora.fcfg). Whether Fedora uses XACML for authorization decisions is controlled by the ENFORCE-MODE parameter in the Authorization module: <param name="ENFORCE-MODE" value="enforce-policies"/> The ENFORCE-MODE parameter can contain one of three values, with the following meanings: 1. enforce-policies – enable XACML enforcement to determine whether a request is permitted or denied
2. permit-all-requests – disable XACML enforcement; PERMIT every request by default
3. deny-all-requests – disable XACML enforcement; DENY every request by default
The enforce-policies setting is used to enable the enforcement of XACML policies, and is the default setting for a Fedora repository. The permit-all-requests setting can facilitate testing code independent of security. The deny-all-requests setting can be used to quickly shut down access to the server, but requires a server restart to affect this. Tomcat container security is, of course, still a first barrier to authentication/authorization (i.e., Fedora's Tomcat web.xml specifies access protection earlier than XACML. Tomcat container security is always in place regardless of the setting for parameter ENFORCE-MODE. see Fedora Commons on XACML

Posted by Jeffrey Silvis at 10:40 AM | Permalink | Comments (0)

title element wrong for media ingest

The IMAGES xml files used to ingest data into the the media repository contain a flaw.
Bad version (current): <title main="Duplex House" variant="Residence project" variant="Exterior presepctive"/> Good: <title type="main" > Duplex House </title> <title type="variant" > Residence project </title> <title type="variant" > Exterior perspective </title> Effected files: bln-dcugranting2007.xml
botanical-dcugranting2007.xml
cbi-dcugranting2007.xml
ellis-dcugranting2007.xml
mno-dcugranting2007.xml
mss-alexanderBros.xml
mss-dcugranting2007.xml

Some more files (all the rest):

s 001-bell-historicalmaps
005-ymca-wwiPhotos
006-map-19thCent
008-eas-ming
011-mss-purcellMasonite

Posted by Jeffrey Silvis at 12:21 PM | Permalink | Comments (0)

Ames collection ingest ... multiple metadata per file

The problem

While ingesting the metadata for the AMes collection I found a problem. Below is a list of metadata sets that map to the same image. s

identifier local	Image
ama00711	ama00711.jpg
ama00712	ama00711.jpg
amp00259	amp00259.jpg
ap00259	amp00259.jpg
amp00435	amp00435.jpg
amp00436	amp00435.jpg
amp00448	amp00449.jpg
amp00449	amp00449.jpg
amp00513	amp00531.jpg
amp00531	amp00531.jpg

Jason's solution

identifier local Image ama00711 ama00711.jpg ama00712 ama00711.jpg - error in the data. Should point to ama00712.jpg (I've fixed it in IMAGES) amp00259 amp00259.jpg ap00259 amp00259.jpg - delete this version amp00435 amp00435.jpg amp00436 amp00435.jpg - error in the data. Should point to amp00436.jpg (I've fixed it in IMAGES) amp00448 amp00449.jpg - error in the data. Should point to amp00448.jpg (I've fixed it in IMAGES) amp00449 amp00449.jpg amp00513 amp00531.jpg - error in the data. Should point to amp00513.jpg (I've fixed it in IMAGES) amp00531 amp00531.jpg

What to do from here

Bill will need to pull the ames collection from IMAGES. I will need to re ingest it and delete ap00259.

Posted by Jeffrey Silvis at 2:49 PM | Permalink | Comments (0)

Control Groups:

a. Managed Content (M): Datastream content is stored and managed within the Fedora repository’s persistent storage. The content can be any MIME type including XML. b. Inline XML (X): A special case of M, restricted to well-formed XML. In this case the datastream content is stored as part of the XML structure of the digital object itself and is thus included when the digital object is exported (e.g., for archival purposes). c. Externally Referenced (E): Datastream content is external to the Fedora repository and is referenced by a URL that is recorded within the digital object. The content can be any MIME type including XML. d. Redirected Content (R): Like E, but datastream content is delivered to the client without any mediation by Fedora; i.e., via an HTTP redirect. You should use this datastream type when the external content is a web page with relative links or it is streaming audio or video. The content can be any MIME type including XML.

State
"A" "I" "D" (Active, Inactive Deleted)
Fedora object type(s)
O=regular data objects, D=behavior definitions, M=behavior mechanisms
.

Posted by Jeffrey Silvis at 5:53 PM | Permalink | Comments (0) | TrackBacks (0)

Minimal DC data stream in Fedora Repository

Fedora docs say That a minimal DC datastream consists of the elements dc:title and dc:identifier

Posted by Jeffrey Silvis at 3:04 PM | Permalink | Comments (0)

Making a mods data stream for fedora.

Overall Plan

The function _ustore_ingest_fedora creates the dc content stream. Here is a list of functions within _ustore_ingest_fedora and what needs to be done to them to create a mods stream.

routine	change needed for mods
_fedora_doc	No change
_dc_datastream	write mods_datastream
_dc_content	write _mods_content
_append_datastream	No change
_append_dc_content	change query string

No change to the rels-ext stuff.

Posted by Jeffrey Silvis at 4:36 PM | Permalink | Comments (0) | TrackBacks (0)

ingestFormat and Fedora 3.0

Version of ingestFormat that fails in Fedora 3.0

Old version version of ingest with ingestFormat equal to "foxml1.0"
This fails in Fedora 3.0. giving the error:

fedora.server.errors.ObjectValidityException: Unsupported format: foxml1.0

Code example that generates error:

 
import fedora.server.types.gen.RepositoryInfo;
import java.io.*;

public class FedoraIngest {

    private static final String protocol = "http";
    private static final String host = "localhost";
    private static final int port = 8080;
    private static final String usr = "fedoraAdmin";
    private static final String pwd = "pass";

    private static final String collection = "swhp";
//    private static final String foxmlSrc = "/Users/bill/projects/fedora/" 
//                                         + collection + "/";

    private static final String foxmlSrc = "/Users/silvi003/Desktop/bill" 
                                         + collection + "/";


    public static void main(String[] argv) throws Exception {

	String[] dir = new java.io.File(foxmlSrc).list(new FOXMLFilter());
	FedoraSOAPClient caller = new FedoraSOAPClient(protocol, host, port, usr, pwd);
	// test client connection status with the most basic call...
	for (int i = 0; i< dir.length; i++) {
	    String pid = dir[i];
	    System.out.println("FedoraIngest " + pid);
	    try {
		FileInputStream fis = null;
		String fedoraPid = null;
		File foxml = new File(foxmlSrc + pid);
		fis = new FileInputStream(foxml);
		fedoraPid = caller.ingest(fis, "foxml1.0", "ingest of " + pid);
		System.out.println("new fedora object: " + fedoraPid);
	    } 
	    catch (Exception excp) {
		System.out.println("ingest error: " + excp.getMessage());
		excp.printStackTrace();
	    }
	}
    }
}

Version of ingestFormat that works in Fedora 3.0

The ingestFormat value of "info:fedora/fedora-system:FOXML-1.1" works in Fedora 3.0.

I found this value in the config file:
$FEDORA_SRC_HOME/src/properties/server/fedora/server/resources/Server.properties
Code example that works:

 
import fedora.server.types.gen.RepositoryInfo;
import java.io.*;

public class FedoraIngestOneFile {

    private static final String protocol = "http";
    private static final String host = "localhost";
    private static final int port = 8080;
    private static final String usr = "fedoraAdmin";
    private static final String pwd = "pass";

    public static void main(String[] argv) throws Exception {

	FedoraSOAPClient caller = new FedoraSOAPClient(protocol, host, port, usr, pwd);
	String FileName = "/Users/silvi003/Desktop/umndob_msp01688";
	    try {
		File foxml = new File(FileName);
		FileInputStream fis = new FileInputStream(foxml);
		String fedoraPid = caller.ingest(fis, "info:fedora/fedora-system:FOXML-1.1", "ingest of " + FileName);
		System.out.println("new fedora object: " + fedoraPid);
	    } 
	    catch (Exception excp) {
		System.out.println("ingest error: " + excp.getMessage());
		excp.printStackTrace();
	    }
    }
}

Posted by Jeffrey Silvis at 2:08 PM | Permalink | Comments (0) | TrackBacks (0)

Upload to soap

MTOM: way of sending binary in soap

SOAP Message Transmission Optimization Mechanism (MTOM)
XOP (XML-binary Optimization Packaging)

RFC 2045 section 6.8 gives description of Base64 Content-Transfer-Encoding

Understanding MTOM

Advantages of MTOM
Introduction to MTOM: A Hands-on Approach (more advantages to MTOM)
Sending Files in Chunks with MTOM Web Services and .NET 2.0

Possible PHP library for MTOM

I have a client/soap server in AXIS2 that sends MTOM back and forth. This could serve as the web service. PHP needs to talk to the AXIS2 webservice.
A possible choice is WSO2 Web Services Framework/PHP Proven Interoperability

WSO2 WSF/PHP features proven interoperability with Microsoft .NET, WSO2 WSAS (Apache Axis2/Java based Web services application server) and other J2EE implementations. The basic SOAP level interoperability as well as WS-* specification implementations have been tested and proven to interoperate.

Attachments with Web Services and Clients
You can send and receive attachments with SOAP messages both in optimized as well as non optimized formats with MTOM support. Attachments with MTOM/XOP
-- problem seems to require that you know the mime type

Downloading a Binary File from a Web Service using Axis2 and SOAP with Attachments

This example uses SWA.

Posted by Jeffrey Silvis at 11:21 AM | Permalink | Comments (0) | TrackBacks (0)

Getting basic axis soap client (CalcClient) to work.

For the axis 1.4 soap client (samples.userguide.example2.CalcClient) to work I had to do the following:

No Problem with server

I copied Calculate.java tomcat/webapps/axis/Calculate.jws and it worked just fine.

The following URLs give the right answer:
http://localhost:8080/axis/Calculator.jws
http://localhost:8080/axis/Calculator.jws?method=add&i1=1&i2=2

Issues with the client

1) Change the build.xml file so that it did not exclude CalcClient.

2) Download two additional jars:
/jaf-1.1.1/activation.jar
javamail-1.4.1/mail.jar
From:
activation.jar
mail.jar

This eliminated the message:
Exception in thread "main" java.lang.NoClassDefFoundError: samples/userguide/example2/CalcClient

3) Changed the names of some of the jars that are in the $AXISCLASSPATH. The correct names are:
/usr/local/axis-1_4/lib/axis-ant.jar
/usr/local/axis-1_4/lib/axis.jar
/usr/local/axis-1_4/lib/commons-discovery-0.2.jar
/usr/local/axis-1_4/lib/commons-logging-1.0.4.jar
/usr/local/axis-1_4/lib/jaxrpc.jar
/usr/local/axis-1_4/lib/log4j-1.2.8.jar
/usr/local/axis-1_4/lib/saaj.jar
/usr/local/axis-1_4/lib/wsdl4j-1.5.1.jar

Some of the names on the AXIS install page are wrong. For instance $AXIS_LIB/commons-discovery.jar is listed while it really should be: $AXIS_LIB/commons-discovery-0.2.jar
4) Moved activation.jar and mail.jar to my $AXIS_LIB (/usr/local/axis-1_4/lib). And made a new $AXISCLASSPATH: yielding the nice result

AXISCLASSPATH=/usr/local/axis-1_4/lib/axis-ant.jar:\
/usr/local/axis-1_4/lib/axis.jar:\
/usr/local/axis-1_4/lib/commons-discovery-0.2.jar:\
/usr/local/axis-1_4/lib/commons-logging-1.0.4.jar:\
/usr/local/axis-1_4/lib/jaxrpc.jar:\
/usr/local/axis-1_4/lib/log4j-1.2.8.jar:\
/usr/local/axis-1_4/lib/saaj.jar:\
/usr/local/axis-1_4/lib/wsdl4j-1.5.1.jar:\
/usr/local/axis-1_4/lib/activation.jar:/usr/local/axis-1_4/lib/mail.jar

java -cp .:$AXISCLASSPATH samples.userguide.example2.CalcClient add 8 34
Got result : 42

Useful Links

Creating Web Services with Apache Axis

Posted by Jeffrey Silvis at 4:32 PM | Permalink | Comments (0) | TrackBacks (0)

svn on chaucer

Location of my svn space on chaucer:

/var/svn/projects/jeff

web

svn:chaucer

Posted by Jeffrey Silvis at 4:27 PM | Permalink | Comments (0) | TrackBacks (0)

Lunch with Colin Clustering, Qmaster, Flash codec

Summary

I had lunch with Colin McFadden today and he told me how he was using clustering to increase Media Mill's throughput.

Qmaster and clustering

Apple Qmaster is a system made by Apple Inc. that provides automated work distribution and processing for high-volume projects created with certain digital visual effects software packages: Shake, Alias Maya, Final Cut Pro, Compressor, DVD Studio Pro and any UNIX command-line program. It processes such jobs on a cluster of Macintosh or Xserve computers. Colin says that the time form opening the box to having a new computer in the cluster is about 1 hour. In the end, the limiting factor will be network speed.

Compressor used by Qmaster

Compressor is a video and audio media compression and encoding application for use with Final Cut Studio and Logic Studio on Mac OS X. It can be used with Qmaster for clustering.

Codec and clustering

A video codec is a device or software that enables video compression and/or decompression for digital video. Flash uses VP6: A proprietary video codec developed by On2 Technologies and used in Adobe Flash Player 8 and above. Colin tells me that VP6 can only run a job on one box at a time.
Adobe is moving to: H.264 is a standard for video compression. It is also known as MPEG-4 Part 10, or MPEG-4 AVC (for Advanced Video Coding). It was written by the ITU-T Video Coding Experts Group (VCEG) together with the ISO/IEC Moving Picture Experts Group (MPEG) as the product of a partnership effort known as the Joint Video Team (JVT). Colin explains that this codec is multi-machine aware.

Posted by Jeffrey Silvis at 1:47 PM | Permalink | Comments (0) | TrackBacks (0)

Java classes to test fedora server

Compile the java class SimpleClient.java with the class FedoraSOAPClient.java in the same directory. That is take the steps:

$> CLASSPATH=/usr/local/fedora/client/fedora-client.jar:.
$> javac SimpleClient.java
$> java SimpleClient

this should produce like this result

Posted by Jeffrey Silvis at 12:08 PM | Permalink | Comments (0) | TrackBacks (0)

Jeff Silvis's Blog

November 24, 2009