JSPWiki Apache Tomcat Deployment#

JSPWiki Apache Tomcat Installation and deployment.

References#

Setup Method for Ubuntu/Debian#

Installing and setting up the security and permissions for JSPWiki CodeBase for Tomcat on Ubuntu

  1. Upload JSPWiki.war via the http://localhost:8180/manager/html or paste into webapps directory
    1. I recommend using the JSPWiki.war instead of the package manager, as to getting the latest release of the wiki. I found its much easier to configure this way.
  2. Edit /var/lib/tomcat5.5/webapps/JSPWiki/WEB-INF/
  3. Add /var/lib/tomcat5.5/conf/policy.d/05JSPWiki.policy with the code below.
    1. Although it says to goto ./JSPWiki/Install.jsp, security context will not allow the servlet to start, so you will have to manually edit the jspwiki.properties, then run it.
  4. Restart Tomcat > "sudo /etc/init.d/tomcat5.5 restart"
  5. Try http://localhost:8180/JSPWiki or http://localhost:8180/JSPWiki/Install.jsp
    1. Be sure to run this at least once after setup, so to lock this file from the public.
    2. Don't forget to copy, write down admin password, for first login from running Install.jsp
  6. If the servlet won't start, view your /var/log/syslog or /var/log/tomcat5.5/*

Edit the jspwiki settings

// file location: /var/lib/tomcat5.5/webapps/JSPWiki/WEB-INF/jspwiki.properties
// !!change the directory to the location you want to locate your wiki files!!
jspwiki.baseURL=http://localhost:8180/JSPWiki/
jspwiki.fileSystemProvider.pageDir = /opt/wiki/pages/
jspwiki.workDir =/opt/wiki/tmp/
jspwiki.basicAttachmentProvider.storageDir = /opt/wiki/pages/
log4j.appender.FileLog.File = /opt/wiki/pages/

Edit the Tomcat security policy for jspwiki

// file location: /var/lib/tomcat5.5/conf/policy.d/05JSPWiki.policy
grant codeBase "file:/var/lib/tomcat5.5/webapps/JSPWiki/-" {

   // give the codebase access to the local directory that I am storing my data
   // !!change the directory to the location you want to locate your wiki files!!
   permission java.io.FilePermission "file:/opt/wiki/-", "read, write";
   
   // just allow the entire codebase permissions to do what it needs.
   // This security setting could be more specific, 
   //   but I did not have time to narrow down the library causing the exceptions
   permission java.security.AllPermission;
   
   // or narrowing down specific access
   //permission java.util.PropertyPermission "user.dir", "read";
   //permission java.util.PropertyPermission "jspwiki.propertyfile.cascade.1", "read";
};

// this file does not exist, but it does solve a problem with exceptions being thrown in syslog
grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
   permission java.io.FilePermission "/var/lib/tomcat5.5/webapps/JSPWiki/WEB-INF/classes/logging.properties", "read";
}; 

OR

Edit the tomcat executable (not recommended)

// file location: /etc/init.d/tomcat5.5

// I would recommend trying this with it turned off, to verify a correct installation.
// then turn it back on and add a tomcat security policy
# Use the Java security manager? (yes/no)
TOMCAT5_SECURITY=no

Also Note: you may need to fix this bug with the logging error. It will turn up with the example servlets too.

/* NOTE: 04webapps.policy - I also added this to solve issues
 *
   // I also added this to 04webapps.policy grant section
   // http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460839
   grant {
     permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.digester";
     permission java.lang.RuntimePermission "defineClassInPackage.org.apache.tomcat.util.digester";
   };

   // and I also added

   // added
   // http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460839
   // as far as I can see, I do not see files here, but this does solve a problem with syslog debug
   grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" {
     permission java.io.FilePermission "/usr/share/tomcat5.5-webapps/jsp-examples/WEB-INF/classes/logging.properties", "read";
     permission java.io.FilePermission "/usr/share/tomcat5.5-webapps/servlets-examples/WEB-INF/classes/logging.properties", "read";
     // permission java.io.FilePermission "/var/lib/tomcat5.5/webapps/JSPWiki/WEB-INF/classes/logging.properties", "read";

   }; 
*
*/


Making the JSPWiki Your Root Servlet#

To make the wiki your root servlet for you domain, rename the "JSPWiki.war" to "ROOT.war" and upload it via the tomcat manager or paste it into your webapps directory for your domain.

// RENAME
JSPWiki.war To ROOT.war

How to Access Files Outside the Webapp Container#

By default, Tomcat prevents all webapps from accessing files or directories outside the container. Even if you define a symlink inside the container that can be properly navigated outside using the file system, Tomcat's resource loader will normally refuse to follow a symlink.
If you already have a lot of files and directories that you manage elsewhere in the file system, e.g. a photo collection, then you will need to circumvent the security feature in the best way possible.

  1. Create a symbolic (soft) link within the jspWiki container to your external directory, e.g.
ln -s /real/path/to/my/photos/ /[tomcat-home]/[webapps-dir]/[wiki-path]/files/photos
  1. Verify the new symlink works properly, e.g. these two commands should produce the same results:
ls -l /real/path/to/my/photos/
ls -l /[tomcat-home]/[webapps-dir]/[wiki-path]/files/photos/
  1. Permit your webapp to follow symlinks by pre-defining a Context entry in an xml file available to Tomcat when it starts, but outside the webapp container. The path and filename should be...
$CATALINA_HOME/conf/[engine-name]/[host-name]/[context-path].xml
You can discover the correct values for your [engine-name] and [host-name] from your server.xml file, by referring to the Engine and Host xml elements. The [context-path] is the url path to your webapp, e.g. "jspWiki".
The [context-path].xml file can be as simple as this...
<Context allowLinking="true">
  1. Finally, restart Tomcat to establish the new environment for your webapp.


TODO - Other Distros?#


Comments and Quick Snippets#

Put your Comments and Small snippets below here:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-53) was last changed on 15-Dec-2008 16:48 by Brian Burch