Re: [PATCH] Re: implement ThreadPool with GenericObjectPool?
Michael wrote: the debugging feature (JMX support) you're adding. JMX is not a debugging feature - it's monitoring/control. It would allow people to see how many threads are used, to eventually stop threads or change the parameters dynamically. I know what JMX itself is--I'm going by the check-in comment: I want to add JMX support and make calls to store the state of the thread, i.e. what is the thread doing. This would allow people to debug hunged threads and allow more control. Perhaps I misunderstood this to mean debugging of the TC code, rather than the servlet's. I was thinking more of user code debugging. I hope tomcat is not hunging too much :-) It looks like a nice feature - like the status page in apache ( that shows you all requests that are active ). In any case, ThreadPool will at least need this patch, since removeThread() is never called. I also can't imagine why addThread() and removeThread() would need to be more than private, given their role. Other liberal access modifiers abound. I'll apply your patch, thanks. You're probably right that addThread() doesn't need to be public - but I don't think it hurts too much either. Also: MonitorRunnable, now that it has a start() method (for JMX, I presume) has no restriction on running more than one thread. This undercuts the meaning of interval, and makes stop() poorly defined. IMO MonitorRunnable, the session expiration thread ( one per ctx ) and the reloading thread ( one per ctx again ) should all go away and be replaced by a single mechanism. Maybe the JMX timer ? I took a look at GenericObjectPool and all associated classes - and it feels far too complex for my taste. If you send a patch to make the whole thread pool pluggable - I'm ok and that would allow you to use whatever pool you want. My requirements: the TP must be an mbean and it must use an interface that allows passing the handback object. Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Duplicate session IDs?
What prevents Tomcat from issuing duplicate session IDs? From the code in ManagerBase, it doesn't look like anything prevents it - the only unique value in the ID is a random number. In fact, the code which would guarantee uniqueness is commented out. I believe we have seen a problem with duplicate session ids on our production (high-traffic) site. It's hard to say exactly because the problem is very rare, but we have had at least two reports from users that they log in and see data from other people's accounts. If Tomcat is generating session ids randomly, this is a _HUGE_ problem. Why not just include a monotonically increasing integer in the session string? Thanks, Jeff Schnitzer [EMAIL PROTECTED] The Sims Online -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 15644] New: - mod_jk2 doesn't recognize it's own directives
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15644. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15644 mod_jk2 doesn't recognize it's own directives Summary: mod_jk2 doesn't recognize it's own directives Product: Tomcat 4 Version: 4.1.18 Platform: PC OS/Version: Linux Status: NEW Severity: Blocker Priority: Other Component: Connector:Coyote JK 2 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Apache/2.0.43 jakarta-tomcat-connectors-jk2-2.0.2-src ## Load mod_jk module IfModule !mod_jk2.c LoadModule jk2_module lib/mod_jk2.so /IfModule IfModule mod_jk2.c JkWorkersFile /usr/local/apache2/conf/workers2.properties # Where to put jk logs JkLogFile /usr/local/apache2/logs/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevel info # Select the log format JkLogStampFormat [%a %b %d %H:%M:%S %Y] # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat %w %V %T # Send servlet for context /examples to worker named worker1 JkMount /*.jsp worker1 # Send JSPs for context /examples to worker named worker1 # JkMount /examples/*.jsp worker1 #LoadModule jk2_module lib/mod_jk2.so # Where to find workers.properties /IfModule config test gives: Syntax error on line 238 of /usr/local/apache2/conf/httpd.conf: Invalid command 'JkWorkersFile', perhaps mis-spelled or defined by a module not included in the server configuration -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
CC/PP support
Hi Iam using Apache Tomcat/4.1.12. 1. Does it support CC/PP exchange protocol. 2. If yes, for a WSP (WAP) session with UAProf on how do i get the values for Profile and Profile diff headers aent by the client? i.e is there any application that will extract the values of these headers and give me their values? Rgds Jaikumar -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 15646] New: - Enhancement
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15646. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15646 Enhancement Summary: Enhancement Product: Tomcat 4 Version: 4.1.12 Platform: All OS/Version: All Status: UNCONFIRMED Severity: Normal Priority: Other Component: Connector:Coyote HTTP/1.1 AssignedTo: [EMAIL PROTECTED] ReportedBy: [EMAIL PROTECTED] Hi I am using TOMCAT 4.1.12. Is CC/PP exchange protocol (UAProf) supported? If yes how do I configure it. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Duplicate session IDs?
I agree that there is a tiny chance this could happen. It seems the original uniquenes code had a bug in it because it did not attach the jvmRoute after re-generating the sessionId. Thats why it was probably commented out. I hope you were joking about the monotonic increase of sessionIds. If that were done - it would be trivial to steal another's sessionId by guessing. Anyhoo, attached is patch which does the following: - Moves the appending of jvmRoute into generateSessionId() - uncomments the duplicate session check - When debug is turned ON (=1) it complains a dup sessionId was created when the occurance happens If there is interest in this - I can throw it into bugzilla so it doesn't get lost. -Tim Schnitzer, Jeff wrote: What prevents Tomcat from issuing duplicate session IDs? From the code in ManagerBase, it doesn't look like anything prevents it - the only unique value in the ID is a random number. In fact, the code which would guarantee uniqueness is commented out. I believe we have seen a problem with duplicate session ids on our production (high-traffic) site. It's hard to say exactly because the problem is very rare, but we have had at least two reports from users that they log in and see data from other people's accounts. If Tomcat is generating session ids randomly, this is a _HUGE_ problem. Why not just include a monotonically increasing integer in the session string? Thanks, Jeff Schnitzer [EMAIL PROTECTED] The Sims Online Index: ManagerBase.java === RCS file: /home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/ManagerBase.java,v retrieving revision 1.12 diff -r1.12 ManagerBase.java 138,139c138,139 --- 293,294c293,294 --- 582,588c582 String jvmRoute = getJvmRoute(); // @todo Move appending of jvmRoute generateSessionId()??? if (jvmRoute != null) { sessionId += '.' + jvmRoute; session.setId(sessionId); } /* --- 590c584 while (sessions.get(sessionId) != null)// Guarantee uniqueness --- while (sessions.get(sessionId) != null){// Guarantee uniqueness 591a586,588 if (debug = 1) log(sm.getString(managerBase.duplicateSessionId)); } 593c590 */ --- 693a691,696 String jvmRoute = getJvmRoute(); if (jvmRoute != null) { result.append('.').append(jvmRoute); } Index: LocalStrings.properties === RCS file: /home/cvspublic/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/session/LocalStrings.properties,v retrieving revision 1.11 diff -r1.11 LocalStrings.properties 22a23 managerBase.duplicateSessionId=Created duplicate sessionId. Regenerating another sessionId now. 63a65 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 15644] - mod_jk2 doesn't recognize it's own directives
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15644. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15644 mod_jk2 doesn't recognize it's own directives [EMAIL PROTECTED] changed: What|Removed |Added Status|NEW |RESOLVED Resolution||INVALID --- Additional Comments From [EMAIL PROTECTED] 2002-12-24 15:56 --- JkWorkersFile, etc... are the jk directives not jk2! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
cvs commit: jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/threads ThreadPool.java
costin 2002/12/24 09:02:55 Modified:util/java/org/apache/tomcat/util/threads ThreadPool.java Log: When the thread ends, remove it from the list of active threads. Obtained from: Michael Revision ChangesPath 1.6 +4 -1 jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/threads/ThreadPool.java Index: ThreadPool.java === RCS file: /home/cvs/jakarta-tomcat-connectors/util/java/org/apache/tomcat/util/threads/ThreadPool.java,v retrieving revision 1.5 retrieving revision 1.6 diff -u -r1.5 -r1.6 --- ThreadPool.java 19 Dec 2002 05:45:42 - 1.5 +++ ThreadPool.java 24 Dec 2002 17:02:54 - 1.6 @@ -560,7 +560,7 @@ } public void run() { - + try { while(true) { try { /* Wait for work. */ @@ -626,6 +626,9 @@ p.log.error(Unexpected exception, ie); } } + } finally { + p.removeThread(Thread.currentThread()); + } } /** Run a task -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY [Bug 15644] - mod_jk2 doesn't recognize it's own directives
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15644. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15644 mod_jk2 doesn't recognize it's own directives --- Additional Comments From [EMAIL PROTECTED] 2002-12-24 19:44 --- oops... probably my fault Otoh, perhaps the section of the manual titled, What's the difference between JK and JK2?, should make that more clear than the rather obscure sounding: The configuration has been changed to follow the component models. Multiple configuration sources can be supported ( in additon to file ) providing better integration with the embeding application. The config layer uses the management layer APIs and it can support persistence for changes done via runtime configuration. How about, IMPORTANT: THE CONFIGURATION FILES FOR JK2 ARE COMPLETELY DIFFERENT FROM JK. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Duplicate session IDs?
on 2002/12/24 5:52 AM, Tim Funk [EMAIL PROTECTED] wrote: I hope you were joking about the monotonic increase of sessionIds. If that were done - it would be trivial to steal another's sessionId by guessing. How is that? laskdfowifjwo2i3jofij2oi3jofwjieogih934htwo4i1 io2oiwejofiwjoijr9238jr9iejofij2oi3jro23ij2i32 Aslkdjfalskdjflaksjdflkasjdflkjlsdkjflaskjdfl3 lakdjflkasjdflkjwoeirjowiejo2ij4o3ij4o2i4o3jo4 flaksjdflksajdflkjsdlfkjsdlkfalsdjflasdkflksd5 laksdfjlkasjdflaskjdflksjdfowiejreowiefjowiee6 The only problem with it is that the session id would grow in length as more digits are added. I don't see how adding a number would make things more easily to steal (as long as the first part is unique random garbage), but maybe I'm missing something. It would be best to do something like this: SHA1(laskdfowifjwo2i3jofij2oi3jofwjieogih934htwo4i1) SHA1(io2oiwejofiwjoijr9238jr9iejofij2oi3jro23ij2i32) SHA1(Aslkdjfalskdjflaksjdflkasjdflkjlsdkjflaskjdfl3) SHA1(lakdjflkasjdflkjwoeirjowiejo2ij4o3ij4o2i4o3jo4) SHA1(flaksjdflksajdflkjsdlfkjsdlkfalsdjflasdkflksd5) ... SHA1(laksdfjlkasjdflaskjdflksjdfowiejreowiefjowiee600) So that you always have a uniform length. Just trying to learn... -jon -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Duplicate session IDs?
I wasn't suggesting making the whole session id a monotonically increasing integer, but to include such a value in the id along with the random part. Thanks for the patch - I'll apply it to my cluster. Please see it into the official distribution! You can imagine the trouble that could be caused if someone was using Tomcat for a banking application... Jeff Schnitzer [EMAIL PROTECTED] The Sims Online --- From: Tim Funk Subject: Re: Duplicate session IDs? Date: Tue, 24 Dec 2002 05:53:33 -0800 --- I agree that there is a tiny chance this could happen. It seems the original uniquenes code had a bug in it because it did not attach the jvmRoute after re-generating the sessionId. Thats why it was probably commented out. I hope you were joking about the monotonic increase of sessionIds. If that were done - it would be trivial to steal another's sessionId by guessing. Anyhoo, attached is patch which does the following: - Moves the appending of jvmRoute into generateSessionId() - uncomments the duplicate session check - When debug is turned ON (=1) it complains a dup sessionId was created when the occurance happens If there is interest in this - I can throw it into bugzilla so it doesn't get lost. -Tim Schnitzer, Jeff wrote: What prevents Tomcat from issuing duplicate session IDs? From the code in ManagerBase, it doesn't look like anything prevents it - the only unique value in the ID is a random number. In fact, the code which would guarantee uniqueness is commented out. I believe we have seen a problem with duplicate session ids on our production (high-traffic) site. It's hard to say exactly because the problem is very rare, but we have had at least two reports from users that they log in and see data from other people's accounts. If Tomcat is generating session ids randomly, this is a _HUGE_ problem. Why not just include a monotonically increasing integer in the session string? Thanks, Jeff Schnitzer [EMAIL PROTECTED] The Sims Online -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
diff for jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java
diff for jasper2/src/share/org/apache/jasper/runtime/PageContextImpl.java. This got line wrapped :( I did this because when I put in my jsp:useBean a mistyped class name, I would just get an error page saying: org.apache.jasper.JasperException: classname ... which wasn't too helpful. Unfortunately at the moment I can't compile jasper and see if this would have fixed my problem. JspServletWrapper.java might have to be changed as well. *** PageContextImpl.java.orig Tue Dec 24 22:08:27 2002 --- PageContextImpl.java Tue Dec 24 22:15:17 2002 *** *** 628,634 if (t instanceof JspException) { Throwable rootCause = ((JspException)t).getRootCause(); if (rootCause != null) { ! throw new ServletException(t.getMessage(), rootCause); } else { throw new ServletException(t); } --- 628,636 if (t instanceof JspException) { Throwable rootCause = ((JspException)t).getRootCause(); if (rootCause != null) { ! //If we just throw new ServletException(t.getMessage() the message ! //has no context and just confuses the user. ! throw new ServletException(Caught +t.getClass()+: +t.getMessage(), rootCause); } else { throw new ServletException(t); } -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]