Re: DOS kind of Attack to your RAM?
... It's not even vaguely a Java/TC question. ... Who did? What evidence is there that you were attacked? In what sense is it a DOS attack? What does it have to do with Jakarta? Well, actually (and I am no trying to go into a rhetorical diatribe), as I said, I am using HSQL in memory tables for session handling and temporary data storage and Java/TC as servlet engine. How is it so far fetched to Java/Jakarta/TC people? Again, the techniques to attack/corrupt the RAM on a server are not exactly a Java/TC issue, but aren't HSQLDB (a pure Java DBMS) in memory(/RAM only) tables and TC definitely a very Java/TC environment in which these types of attacks could happen? I wouldn't believe so, but could TC's gc be somehow reclaiming the RAM that HSQL is using? I hacked the TC source and created the session DB/table at TC start-up/bootstrapping code and the in memory temp tables in the httpservlet.init method. The thing is that apparently it happens in a temperamental (and intelligent?) way. If things get rotten in memory then the OS/TC should shut down, but it is happening as if someone is somehow able to run queries on the in memory database tables and just delete certain users data. I use HSQL in memory tables because I am working on a diskless multi-instance Apache + TCs environment. If this (attacking you RAM based OS/app) is the only option you leave open to hackers to get to you -they- will use it. Now, does sealing all webapp classes and/or using an encrypted FS and RAMDISK help? You haven't really said what 'they' have done. I only commit a transaction to the backend server when the HTTPSession has either eventually come to a natural end/committed by the user or the user has left off the session leaving an incomplete session (which is automatically reclaimed by the engine (you would use the hooks from the ServletSessionListener interface)) I have functionally a stress tested it and it works wonderfully. Then I see on the logs that some users where online doing their stuff without trouble when the data they had in RAM suddenly evaporates without leaving traces. Also last time I checked in English you always need a subject 'they' -means-, namely, 'they' and google/http://www.mail-archive.com/[EMAIL PROTECTED]/ searches tell me you are not exactly a 'no-previous-history' person. Also, sorry if I bothered you guys at tomcat-dev Please, help. - Original Message - From: Andy Armstrong [EMAIL PROTECTED] To: Tomcat Developers List tomcat-dev@jakarta.apache.org Sent: Thursday, March 17, 2005 3:13 AM Subject: Re: DOS kind of Attack to your RAM? On 17 Mar 2005, at 04:31, John Smith wrote: I know this is not exactly a Java/TC question, but that could happen to any machine in a DMZ. It's not even vaguely a Java/TC question. Today as I showcased some app to my clients there was an incident of clients entering data that is not saved. It apparently happens in some cases, all data kept in sessions I keep in a memory HSQL table only when a user is done I save the data on the back end tables But apparently they corrupted the in memory data somehow Who did? What evidence is there that you were attacked? In what sense is it a DOS attack? What does it have to do with Jakarta? How do these m*th$r fck!rs do that (any links?) and how can you avoid it? You haven't really said what 'they' have done. -- Andy Armstrong, hexten.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Split catalina.out to separate stdout and stderr?
Or just read and undrestand the startup parameters and go catalina run out.txt - Original Message - From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 17, 2005 11:43 AM Subject: Re: Split catalina.out to separate stdout and stderr? You'd need to write a listener (or other code) which calls the appropriate System calls to set out and err in the JVM. -Tim [EMAIL PROTECTED] wrote: Hi, I'm runnning Tomcat 4.1.30 on Linux/Unix. I'm trying to get our app's debug info from catalina.out split into 2 separate stderr and stdout files. I'm able to do this in Windows via the System.out File and System.err File registry parameters, but I can't find a way to do this in Linux/Unix. I've tried a couple things that haven't worked: (A) Changing catalina.sh from $CATALINA_BASE/logs/catalina.out 21 to 2 $CATALINA_BASE/logs/catalina.err 1 $CATALINA_BASE/logs/catalina.out (B) JAVA_OPTS and CATALINA_OPTS with -Dstdout= and -Dstderr= params (C) JAVA_OPTS and CATALINA_OPTS with -outfile= and -errfile= params Is there any easy way to do this? Thanks in advance for any assistance. ~RZ __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: loadbalancing with mod_jk 1.2.8
I do know how to stop TC, I said the whole idea for people to know I was thinking about an HA set up using Apache + TC instances The part I am most interested in is,namely; how to make the connector at run time NOT send NEW connections to one the tomcat instances being used for loadbalancing - Original Message - From: Graham Bleach [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, January 26, 2005 6:04 PM Subject: Re: loadbalancing with mod_jk 1.2.8 On Wed, Jan 26, 2005 at 01:41:25PM -0500, John Smith wrote: Is there any way to make the connector at run time to NOT send NEW connections to one the tomcat instances being used for loadbalancing, and then reload this TC instances once all sessions to it have timed out? If you stop the tomcat instance with the command $CATALINA_HOME/bin/catalina.sh stop I believe tomcat waits for threads to finish what they are doing before it actually terminates. G -- Privacy is a transient notion. It started when people stopped believing that God could see everything and stopped when governments realised there was a vacancy to be filled. -- Roger Needham - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: loadbalancing with mod_jk 1.2.8
Well, it definitely looks like something to look into. Thank you. I was thinking about HA options and found this one to be so easy, that wonder why people are not using it. Now, you say, I have users that may work on a session for several hours sometimes Is this a think-time issue (are they editing a text or something?) or long-running back end queries? I don't know exactly 'where the shoe hurts', but in the first case I would just give them a JNL-based application to play with and for the second case I would use run JDBC queries from JMS and somehow keep a tag on the query. I hope this gave you some ideas - Original Message - From: Richard Mixon (qwest) [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, January 27, 2005 10:15 AM Subject: RE: loadbalancing with mod_jk 1.2.8 John, From what I gather, this is the purpose of the properties local_worker and local_worker_only properties in the workers.properties file. They are documented at the bottom of this page: http://jakarta.apache.org/tomcat/connectors-doc/config/workers.html Unfortunately the explanation is not clear - partially due to the English. I say this somewhat apologetically - realizing of course that the writers command of English if probably far, far better than my command of their native language. From what I do understand: 1) At the point that you decide to do maintenance on one machine, you need to change your workers.properties and set local_worker=0 for that particular machine. 2) Then do a reload on your Apache configuration. 3) JK will then stop directing new traffic to the designated machine. 4) After all sessions have expired or quiesced you can stop that Tomcat instance and do the maintenance. The above scenario may work for some, but not for my case. I have users that may work on a session for several hours sometimes. So I need to use JK and Tomcat session replication which is supposed to let you use the ant stop command and have all traffic immediately handled by the other Tomcat instances. There is a separate active thread on this issue. I see Filip just mentioned a new valve JvmRouteBinderValve that may help solve my problem. Hope this helps - Richard -Original Message- From: John Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, January 27, 2005 2:12 AM To: Tomcat Users List Subject: Re: loadbalancing with mod_jk 1.2.8 I do know how to stop TC, I said the whole idea for people to know I was thinking about an HA set up using Apache + TC instances The part I am most interested in is,namely; how to make the connector at run time NOT send NEW connections to one the tomcat instances being used for loadbalancing - Original Message - From: Graham Bleach [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, January 26, 2005 6:04 PM Subject: Re: loadbalancing with mod_jk 1.2.8 On Wed, Jan 26, 2005 at 01:41:25PM -0500, John Smith wrote: Is there any way to make the connector at run time to NOT send NEW connections to one the tomcat instances being used for loadbalancing, and then reload this TC instances once all sessions to it have timed out? If you stop the tomcat instance with the command $CATALINA_HOME/bin/catalina.sh stop I believe tomcat waits for threads to finish what they are doing before it actually terminates. G -- Privacy is a transient notion. It started when people stopped believing that God could see everything and stopped when governments realised there was a vacancy to be filled. -- Roger Needham - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
loadbalancing with mod_jk 1.2.8
Is there any way to make the connector at run time to NOT send NEW connections to one the tomcat instances being used for loadbalancing, and then reload this TC instances once all sessions to it have timed out? Are there hooks for this in the mod_jk 1.2.8 Aprotocol? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A Platform for Highly Concurrent Services
The idea of a 'staged event-driven architecture' could certainly sound 'interesting' to some people not bussy enough, but all I read were jingles and christmas is over ;-) Your benchmanrks on http://www.eecs.harvard.edu/~mdw/talks/seda-sosp01-talk.pdf Might be pretty much flatten out when you offer all the features and compatible stuff that apache does Also you can simply code around this idea or what I read from what is says to me. What tells you, for example, the OS itslef with enough RAM is not caching common and recurrent 'events' in memory anyway? These stats might be pretty contrived in that sense: ._ Existing OS designs do not provide graceful management of load . . . ._ Adopt a structured approach to event-driven concurrency . . . IMHO, these ideas belong more in an application server. Probably you will find more adepts among the Geronimo project. Good news is that they have design Geronimo with JMX in mind, so maybe plugging in these ideas will be pretty easy Hi, I actually contribute to the development of Sandstorm, a Staged Event-Driven Architecture (SEDA) based high-performance platform for services http://www.eecs.harvard.edu/~mdw/proj/seda/ Our platform is like an operating system for services; it manage ressource dynamically and offer optimal performance. By exemple, we have done a http server prototype that is much more performant than the Apache server! We are actually developping many interesting features and I would be happy if some developpers would like to contribute to the project. Please, contact me if you are interested. Best regards, -Jean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL accelerator
I think your way to go is front ending TC with apache httpd. that might also offer you a number of other beneffits. I don't know of anyway to make the SSL implementation of java use an SSL accelerator card Even if an implementation of the JVM might use openssl (which I am not possitive about on SUN's JVMs) 'you' will have to somehow recompile the native implementation of the sec libraries using SSL to use your hardware . . . Again I am not sure and even if it is certainly doable I think you might run againt some JVM licensing issues and stuff - Original Message - From: Frank Parato [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, January 13, 2005 8:20 AM Subject: RE: SSL accelerator Alright.. The SSLPassPhraseDialog is not relevant... I found some documentation that states that if I want to use some other application with the card, I need to recompile openssl with a separate include directory. Unfortunately I didn't have to install openssl with tomcat so the question is, does tomcat use openssl ? If so, where to I recompile it ? It's a java app so do I need to recompile java binaries ? I have a feeling this will not work for me. -Original Message- From: Frank Parato [mailto:[EMAIL PROTECTED] Sent: Thursday, January 13, 2005 7:48 AM To: Tomcat Users List Subject: SSL accelerator Hello all, I'm still trying to figure out how to use my SSL accelerator card with tomcat. Is there an equivalent to Apache's SSLPassPhraseDialog derivative in tomcat ? Thanks, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Multihoming TC
Say you have a number of TC instances running from different boxes/IP addresses/locations, and you develop from one of the boxes. How do you replicate all data/code in all other instances in a reliable way are there RFC or a standard replication protocol to do that? I have read a number of posts complaining about TC's implementations of webdav and do know there are 'ways' (including the always inviting 'monkey' ones) to do that, but I am asking about best practices that work well with TC. How do people make these kinds of things happen? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multihoming TC
I am replying to both posters tryin gto consolidate both ideas 1/ please post a *new* message when writing to the list. Sorry, I just got distracted after answering to some people's problems on the list. 2/ What I've seen a lot of people (myself included) do: develop your app on your test/dev machine; build it into a WAR file; push the WAR out to the production servers at some scheduled time and restart/reload Tomcat. Well, that is doable and it is certainly not difficult. Let me recreate it the way I am thinking about it: 2.1_ develop your app on your test/dev machine which could be a CVS based one, but I think the synch'ing should be separate from the CVS, dev. . . . 2.2_ push the WAR out to the production servers . . . the 'pushing' part or better said 'synchronization' of all servers should be atomic adn automatic, based on 2.2.1_ kind of a synchronization protocoll, 2.2.2_ that knows of the location of the other machines and that they all were time synch'ed 2.2.3_ their latest tree-like 'signature' structure for the data in: 2.2.3.1_ databases; down to a record level ('creation' and 'last updated' time stamps must be kept for each record which is always good anyway when you need (an you always do) optimistic locking, concurrent updates, etc) and ('mirror/rsync' works for file systems only, right?) Separating DB updates from webapp ones is also good because in DB-driven sites must updates are made to the data . . . 2.2.3.2_ and the code; down to the classes' MD5 signatures (JARs are way to grob for this, usually you just change a class, or a web.xml file not the whole webapp) at some scheduled time I don't quite like the idea of a 'scheduled time', I would rather go with pushed 'landmark' updates, or maybe giving both as options. Also automation is always good for DOS attacks, I think updating a live site needs some hot blood and bony skulls backing/being aware of it 2.2.4 restart/reload Tomcat I don't like the idea of having to restart TC in a production server, at least not as part of the replication strat. I would rather go with a backend staging server that would keep a copy of the lastest sync'ed 'site images'. This is were all updates are made prior to 'restarting TC' and this backend staging server is also the one brokering all: 2.2.4.1_ HTTP 404-like errors 2.2.4.2_ and exceptions with customized redirections, searches, etc. There could also be 'master' stage servers (just in case that many people work concurrently) and slave/replicated ones This backend server would be also connected to the same DB that front ends connect too 2.3._ Once these tree-like 'signatures' of all back end servers is the same, so we know that all copies of the data and code ar OK, the front end servers would be updated by either: 2.3.1_ 'restarting' the front instances (that would get their data feeds from the same backend directory structure) or 2.3.2_ CD-ROMs could be burned 2.3.3_ classes could be read/loaded from a DB . . . I think this is good also because even if the updates are automatic the 'commited' ones are not and things can be still changed/fine tune prior to commiting an update. Basically 'deltas' will be visible to all mirror sites' admins that can check them and decide what should be commited or not . . . The push is OS-specific; in Unix-style environments, I've used everything from a scripted scp or rsync to a manual FTP. I was kind of thinking about making it happen as part of a synch'ing protocoll that does not need extra port or nothing it would be a HTTP/SSL (partially of totally) communication with data transfers and all between all backend staging servers Does this answer your question, or did I misunderstand it? I think we understood each other well. We are just looking at the same problem from different perspective and with a different scope - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multihoming TC
on my own previous post. frontend TC instances don't need to be restarted. Backend servers could run ant tasks on the front end insts. to reload each webapp instead of restarting the TC instances It would also be a nice extra if there is kind of a voting system for admins to approve updates or disapprove them and discus why with othe admins in a secure way - Original Message - From: John Smith [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, December 28, 2004 10:55 AM Subject: Re: Multihoming TC I am replying to both posters tryin gto consolidate both ideas 1/ please post a *new* message when writing to the list. Sorry, I just got distracted after answering to some people's problems on the list. 2/ What I've seen a lot of people (myself included) do: develop your app on your test/dev machine; build it into a WAR file; push the WAR out to the production servers at some scheduled time and restart/reload Tomcat. Well, that is doable and it is certainly not difficult. Let me recreate it the way I am thinking about it: 2.1_ develop your app on your test/dev machine which could be a CVS based one, but I think the synch'ing should be separate from the CVS, dev. . . . 2.2_ push the WAR out to the production servers . . . the 'pushing' part or better said 'synchronization' of all servers should be atomic adn automatic, based on 2.2.1_ kind of a synchronization protocoll, 2.2.2_ that knows of the location of the other machines and that they all were time synch'ed 2.2.3_ their latest tree-like 'signature' structure for the data in: 2.2.3.1_ databases; down to a record level ('creation' and 'last updated' time stamps must be kept for each record which is always good anyway when you need (an you always do) optimistic locking, concurrent updates, etc) and ('mirror/rsync' works for file systems only, right?) Separating DB updates from webapp ones is also good because in DB-driven sites must updates are made to the data . . . 2.2.3.2_ and the code; down to the classes' MD5 signatures (JARs are way to grob for this, usually you just change a class, or a web.xml file not the whole webapp) at some scheduled time I don't quite like the idea of a 'scheduled time', I would rather go with pushed 'landmark' updates, or maybe giving both as options. Also automation is always good for DOS attacks, I think updating a live site needs some hot blood and bony skulls backing/being aware of it 2.2.4 restart/reload Tomcat I don't like the idea of having to restart TC in a production server, at least not as part of the replication strat. I would rather go with a backend staging server that would keep a copy of the lastest sync'ed 'site images'. This is were all updates are made prior to 'restarting TC' and this backend staging server is also the one brokering all: 2.2.4.1_ HTTP 404-like errors 2.2.4.2_ and exceptions with customized redirections, searches, etc. There could also be 'master' stage servers (just in case that many people work concurrently) and slave/replicated ones This backend server would be also connected to the same DB that front ends connect too 2.3._ Once these tree-like 'signatures' of all back end servers is the same, so we know that all copies of the data and code ar OK, the front end servers would be updated by either: 2.3.1_ 'restarting' the front instances (that would get their data feeds from the same backend directory structure) or 2.3.2_ CD-ROMs could be burned 2.3.3_ classes could be read/loaded from a DB . . . I think this is good also because even if the updates are automatic the 'commited' ones are not and things can be still changed/fine tune prior to commiting an update. Basically 'deltas' will be visible to all mirror sites' admins that can check them and decide what should be commited or not . . . The push is OS-specific; in Unix-style environments, I've used everything from a scripted scp or rsync to a manual FTP. I was kind of thinking about making it happen as part of a synch'ing protocoll that does not need extra port or nothing it would be a HTTP/SSL (partially of totally) communication with data transfers and all between all backend staging servers Does this answer your question, or did I misunderstand it? I think we understood each other well. We are just looking at the same problem from different perspective and with a different scope - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL encryption
I think you may do that the same way that hotmail and google does, namely; immediatly redirecting the user after loggin and placing some user authorized/online flag on a database run ethereal and trace the request/responce conversation while logging into hotmail . . . - Original Message - From: VAN DER MARLIERE FREDERIC [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Monday, December 27, 2004 10:03 AM Subject: SSL encryption Hi all. I would like to encrypt my login process so that login and password are not visible on the network. That's why I defined a SSL connector on port 8443 in my server.xml. My problem is that after the user logged in, request keep on using the https protocol on port 8443. Does someone know how to encrypt only the login process and afterwards use the http protocol again, on port 8080 ? Thanks. Fred. Ce message et toutes les pieces jointes (ci-apres le message) sont confidentiels et etablis a l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisee est interdite.Tout message electronique est susceptible d'alteration. Le CREDIT DU NORD et ses filiales declinent toute responsabilite au titre de ce message s'il a ete altere, deforme ou falsifie. This message and any attachments ( the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited.E-mails are susceptible to alteration. Neither CREDIT DU NORD nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Remotely Administering your box, is webdav the tool for the job?
Apparently no one is using WebDAV to develop/administer their tomcat boxes. All I have found in the list are complains and 'requests for enhancements' comments Basically all we need is: 1._ being able to upload files to the server, (on port 80 or 443 in order to avoid firewall issues) 2._ place them at certain locations 3._ restart the webapp Anyone using/needing it? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDI object not shared among TC instances
Why would you expect this to be possible? JNDI defines an API for a directory . . . Nope! JNDI stands for Java Naming and Directory Interface (JNDI) check out java.sun.com/products/jndi/ most 'Naming' services work is based on networking protocols even many of those looking like file/directory ones Once you involve multiple JVMs, you need some sort of object sharing and/or persistence system to allow code in multiple JVM's to look up 'the same' objects. . . . object sharing . . ., which I (to a certain extent wrongly or wishfully thining) understood to be provided by JNDI. The 'persistence' part of it I can be taken care of by other subsystem or yourself Some of us used to work on Object Oriented Databases for this purpose One way to go - Original Message - From: Benson Margulies [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, December 13, 2004 9:31 PM Subject: RE: JNDI object not shared among TC instances Why would you expect this to be possible? JNDI defines an API for a directory. Inside one JVM, it's simple technology to use that API to look up Java objects. Once you involve multiple JVMs, you need some sort of object sharing and/or persistence system to allow code in multiple JVM's to look up 'the same' objects. Some of us used to work on Object Oriented Databases for this purpose --- EJBs are another view. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDI object not shared among TC instances
Hmm! I beg your pardon, but I will have to ask you a very basic question, indeed :-) Which FAQ do you mean? Tomcat's, JNDI's or Java's? I went off crazy looking for it and I couldn't find it. I thought I had exhausted all other ways to understand this problem . . . and thanks for sheding light into it. If it is impossible to do things the way I thought I could, I will have to work around it somehow, problably keeping all data structuring the objects' states in a backend database tables I still have a kind of conceptual/phylosophical question. How do you set up a singleton that would be such for different JVMs instances, from different JVMs vendors, different boxes and networks, based on plain JNDI (I mean without EJBs or DBMS replication)? Or, . . . am I day dreaming? I really thought this was what JNDI was all about and even EJBs naming was based on JNDI. Thanks - Original Message - From: Shapira, Yoav [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, December 13, 2004 8:59 AM Subject: RE: JNDI object not shared among TC instances Hi, Tomcat's JNDI implementation does not support sharing for that matter even external connections. (This is in the FAQ by the way). If you want to share an object among multiple Tomcat instances via JNDI, you must use a JNDI provider that supports this. Yoav Shapira http://www.yoavshapira.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDI object not shared among TC instances
Thanks Joav and for the other people stumbling on the same rock and by the way why don't they use a search box at http://jakarta.apache.org/tomcat/faq/ ? I had to click in, search and and click out of it again for every faq topic!!!??? OK, I found the answer here: http://jakarta.apache.org/tomcat/faq/misc.html#externalJndi Can I access Tomcat's JNDI provider from outside tomcat? Not at this time. The question/answer should be worded/extended like . . . Even different Tomcat instances use different JNDI contexts, . . . and here: http://jakarta.apache.org/tomcat/faq/misc.html#ejb Is tomcat an EJB server? Can I use EJBs with tomcat? Tomcat is not an EJB server. Tomcat is not a full J2EE server. Tomcat is a Servlet container. Tomcat does support those parts of the J2EE specification that are required for Servlets, such as a subset of JNDI functionality. Furthermore, you can connect to remote J2EE servers, or run tomcat embedded inside a full J2EE server. Now I see, I was getting a little too fancy, I will have to use EJBs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDI object not shared among TC instances
Hi, as, I understand things, the JNDI can be used to share an object among different JVMs even from J2SE applications running on different machines. Right? I need a relatively light object (that is why I am avoiding EJBs altogether) which would simply: 1._ poll a backend database at configurable periods, and if some data has changed 2._ update its internal state, which is then 3._ administered to and updated in a number of independent tomcat instances Well, I did the following exp. and repeated it even compiling TC 5.5.5 from source in case I had to check it, but before I start diving deeper into what I think might be the reason for this anomaly, I want to check that I don't have a silly conf problem I haven't seen or there is something I am not quite understanding here. Here is the method to my madness: 1._ I first downloaded TC's source code, 'built it' with ant, ran and tested it. 2._ Then I set up a number (3) of separate instances running from independent JVMs using the same files as in the original, plain installation, as describe in 1; by: 2.1_ setting up three independent directories, ... /tc00/, /tc02/, and /tc04/ off the original installation 2.2_ just copying /conf/ and /bin/ from the original installation and dumping similar files on each dir described in 2.1 2.3_ changing then in each of the /conf/server.xml 2.3.1_ the Server port=8005 2.3.2_ the non-SSL HTTP/1.1 Connector port=8080 2.3.3_ the AJP 1.3 Connector port=8009 (- will need it for later tinkering with Apache) for all three independent instances, and 2.4_ making sure that the same absolute directory was used in the appBase attribute of the Host name=localhost . . . context 2.5_ then, making sure that the same; 2.5.1_ JAVA_HOME 2.5.2_ CATALINA_HOME but different 2.5.3_ CATALINA_BASE was set in the respective .../tcXX/bin/catalina.bat files (client wants me to 'try' windows 'too'), pointing to the respective .../tcXX 3._ I then run all three instances and tested every thing was OK and scan log files for any errors, warnings, . . . Everything seemed to be working just fine! // - - - - - - - - - - - - - - - - - - - - - Then I used the following slimmed down classes from example code sections in the jakarta JNDI howto, in order to illustrate my point. Both classes were placed in the original installation's /common/classes/JNDITest/ directory // - - - - - - - - - - - - - - - - - - - - - package JNDITest; public class JNDI00{ private int bar = 0; private long lCreatTime = System.currentTimeMillis(); private String foo = Default Foo, created at + lCreatTime + ; // __ public String getFoo() { return (this.foo); } public void setFoo(String foo) { this.foo = foo; } // __ public int getBar() { return (this.bar); } public void setBar(int bar) { this.bar = bar; } // __ public long getCreatTime() { return (lCreatTime); } public void setCreatTime(long l){} // __ } // - - - - - - - - - - - - - - - - - - - - - package JNDITest; import java.util.*; import javax.naming.*; import javax.naming.spi.*; public class JNDI00Factory implements ObjectFactory { public Object getObjectInstance(Object obj, Name name, Context nameCtx, Hashtable environment) throws NamingException { JNDI00 JNDI_Obj = new JNDI00(); Reference ref = (Reference) obj; Enumeration addrs = ref.getAll(); while (addrs.hasMoreElements()) { RefAddr addr = (RefAddr) addrs.nextElement(); String aSNm = addr.getType(); String value = (String) addr.getContent(); if (aSNm.equals(foo)) { JNDI_Obj.setFoo(value); } else if (aSNm.equals(bar)) { try { JNDI_Obj.setBar(Integer.parseInt(value)); } catch (NumberFormatException e) { throw new NamingException(Invalid 'bar' value + value); } } } return (JNDI_Obj); } } // - - - - - - - - - - - - - - - - - - - - - then included for each TC instance in the GlobalNamingResources element of $CATALINA_HOME/conf/server.xml Resource name=JNDICtxt/JNDI00Factory auth=Container type=JNDITest.JNDI00 factory=org.apache.naming.factory.BeanFactory bar=23/ // - - - - - - - - - - - - - - - - - - - - - in $CATALINA_HOME/conf/ Catalina/localhost/ROOT.xml ResourceLink name=jndiName global=JNDICtxt/JNDI00Factory type=JNDITest.JNDI00/ // - - - - - - - - - - - - - - - - - - - - - and at the end of $CATALINA_HOME/webapps/ROOT/WEB-INF/web.xml resource-env-ref descriptionJNDICtxt JNDI00Factory Test/description resource-env-ref-namejndiName/resource-env-ref-name resource-env-ref-typeJNDITest.JNDI00/resource-env-ref-type /resource-env-ref // - - - - - - - - - - - - - - - - - - - - - Then included right on /ROOT/index.jsp code segments looking like: %@ page language=java % %@ page import=java.util.* % %@ page
TOMCAT authentication
Hello I'm pretty sure this is a known issue, even though I didn't find much about it; I'm having a problem with authenticating users in TomCat. I have an IIS server to server static content and Tomcat to serve dynamic content, if users knows URL that goes directly to Tomcat then Tomcat wont even ask for use to enter his/her username and password while if user goes through first page of IIS (where it redirects to tomcat) IIS askes user for his/her username and password. How do I enable authentication at Tomcat so that even if users knows direct URL it would still ask him/her for his/her username and password? Thank you in advance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Number of Processes
Can you point out the JVM version you are using. on Redhat 7 and 8. John [EMAIL PROTECTED] 7/8/2003 1:03:56 AM As far as I understand it, top and ps changed in Redhat due to the confusion of processes vs. threads. I am not positive that this is the case, but you might just look up the CHANGE docs for the package that supplies Redhat's ps and top (probably two different RPMs). Ben Ricker Wellinx.com On Mon, 2003-07-07 at 12:38, Shannon Scott wrote: Thank You for helping, but I still think I am having a threading problem. I read here: http://marc.theaimsgroup.com/?l=tomcat-userm=104378596024043w=2 that On linux, the top command displays every java thread as a separate line item. On my Linux Redhat 7.2 machine I get several listed with the top ( and ps ) command, but on my redhat 8.0 machines I only get 1 listed with the top ( and ps ) command. Does anyone understand this behavior? Thanks again. Shannon - Original Message - From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, July 07, 2003 11:56 AM Subject: Re: Number of Processes The JVM is one process. One process with many threads. minProcessors!=OS processes. minProcessors == number of concurrent workers at any given point in time -Tim Shannon Scott wrote: Hello, I have noticed that tomcat uses only one process on my new redhat 8.0 machine. ( ps -elf | grep tomcat ) There is an interesting explanation here. http://marc.theaimsgroup.com/?l=tomcat-userm=103762836306068w=2 So I wrote a short test_process.jsp page ( below ) that I thought would force another process, but I still only show one when I try to open the page with multiple browsers. Does anyone have a way to force another process to begin? Could something in my configuration not allow other processes? I have set the minProcessors=5 in my server.xml Connector. Linux RedHat 8.0 Apache 2.0.43 ( mod_jk ) Tomcat 4.1.24 Any help is greatly appreciated. Thank You. Shannon test_process.jsp: %@ page session=false % % Thread.sleep(1); out.print( Done... ); % - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Watch Hallmark. Enjoy cool movies. http://server1.msn.co.in/sp03/hallmark/index.asp Win hot prizes! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat and weblogic
Anyone out there using tomcat with weblogic instead of weblogic's own servlet engine? Any advice or issues that might be helpful to consider as I evalute this possibility? _ Get your FREE download of MSN Explorer at http://explorer.msn.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]