Tomcat configuration tuning
Hi guys,
I am at stage where I have all my various components talking to one another (Apache
http server 2.0.49 - Mod JK2 - Tomcat 4.1.30) and running nicely with each other,
but the loads on the server are increasing rapidly in our production environment (
~2000 logins/day and peak concurrency of ~75 currently ) and I want to get the best
possible configuration for my server. (Dual 1GHz, 1GB Ram, Win 2k, SQL Server +
Web/Apps servers).
Now, ultimately this is up to me, but I am unsure of a few relationships and variables
used in the configuration files. The settings I have work, but I want them to be
optimal and more importantly I want to understand them, so any help on the following
would be greatly appreciated.
1) server.xml/Connector/bufferSize. Is this allocated for every users session until
it is terminated, or is it a peak size that could be allocated?
2) workers2.properties/shm.slots. Does this equate to the
server.xml/Connector/maxProcessors? or are these fundamentally different?
I have attached my fully working configuration below for those who are interested, as
I noticed a lot of people in the archives looking for working examples using JK2.
Many thanks,
Matt
P.S. I am new to the list but I have been using Tomcat for many years and love it, and
if I can help with anyones queries, from the trivial to complex, I would be only too
happy to do so.
workers2.properties
[logger]
##
LOGGER
##
# Log level. Supported: EMERG, ERROR, INFO, DEBUG
level=ERROR
# Log file. XXX you may be able to change this at runtime, to
# implement rolling.
file=${serverRoot}/logs/jk2_error.log
[config]
##
CONFIG
##
# Location of the workers2.properties file
file=${serverRoot}/conf/workers2.properties
# Set the debug level of the config component
debug=0
# Set the debug level of the hidden env component
debugEnv=0
[shm]
##
SHARED MEMORY SETUP
##
# Name of the file that will be mmapped to use as shared memory,
# If set to 'anonymous' use the anonymous shered memory
file=${serverRoot}/logs/shm.file
# Number of shared memory slots. Set to the number of child
# processes
slots=378
# Use process memory instead of shared memory. Useful for single
# child mpm's
useMemory=0
[lb:lb_group]
##
LOAD BALANCER (EVEN IF USED ON ONE MACHINE)
##
# If set, jk2 won't touch the headers in case of error and will
# let for example Apache present the
# ErrorDocument via mod_alias.
noErrorHeader=1
#
noWorkerMsg=No workers available
#
noWorkerCode=503
#
hwBalanceErr=
# If all the workers are in the error state, probably by Tomcat
# refusing any new connections due to the overload, you can set
# the timeout forcing lb to wait that some worker becomes
# available, instead of immediately returning error to the
# client. This is very useful in situations with high peek
# load. The timeout should be set to the maximum application
# call time, but not less then 1 second.
timeout=5000
# Number of attempts that lb will try on each worker before
# giving up.
attempts=6
# Time to wait before retrying to see if the worker came out of
# the error state. Default = 60secs
recovery=30
# Sessions stick to the same worker, 1=true 0=false
stickySession=1
[channel.socket:localhost:8009]
##
CHANNEL SETUP, LINKED TO LOAD BALANCER
##
# Port where Tomcat is listening. It is automatically extracted
# from the name - you shouldn't have to specify it explicitely.
port=8009
# Remote host. You should use the name, no need to override it
host=127.0.0.1
# If 1, only requests for existing sessions will be forwarded
graceful=0
# ?
keepAlive=0
# Socket timeout for sending and receiving (0=infinite)
timeout=0
# Load balancing factor to use. At this moment, it'll be set on
# the worker, but in future it should be possible to use lb on
# a channel level.
lb_factor=100
# loadbalanced groups to which this channel and the associated
# worker will be added, multivalued. You need to set it only if
# you have an advanced setup with multiple clusters.
group=lb_group
# Must match the JVM route on tomcat Engine, for load balancing
tomcatId=hsInstance
[ajp13:localhost:8009]
##
AJP1.3
RE: Tomcat configuration tuning
Hi Matt,
Welcome to the list from me. It's funny because you have just listed precisely the
same server setup as we are launching our new tomcat based app to this weekend and I
have been having nightmares about performance.
We have a system like this;
user -
IIS -
JK2 ISAPI -
Tomcat 5.0.19 -
-- Content Management System Bean
-- SQL Server 2000
-- SQL Server 2000 via JNDI resource setup
Our application is built on Struts.
We found performance to be very poor under a load of 20 users of 3 iterators of 20
page requests (13 secs per page) avg pages per secon 1.1!! Looking into it revealed
too much XML, too much database connectivity and too much dynamic rending on the
pages.
I came up with a caching strategy for our navigation as well as removing all XML to
database calls instead (you may have seen my last post)
Along with other things I have managed 10 pages per seconds and 1.5 seconds per page
under the same load test. I'm still not entirely happy and wonder if I am missing any
confoguration type stuff to make my app run faster either in tomcat, jk2, iis and so
fourth. I run tomcat as a service with -Xms128 -Xmx384.
I would be very interested if you have time to hear of any useful quick tips you found
can optimise via configuration - maybe even seeing your server.conf and anything else,
perhaps any ideas about code optimisation and also how complex your system is (db
accesses or other system integration).
What are your page response times under load and so on.
It's a big ask but you have a very similar hardware setup and I would like to maximise
my use of it.
Cheers! ADC
-Original Message-
From: Matt Woodings [mailto:[EMAIL PROTECTED]
Sent: 08 April 2004 16:50
To: [EMAIL PROTECTED]
Subject: Tomcat configuration tuning
Hi guys,
I am at stage where I have all my various components talking to one another (Apache
http server 2.0.49 - Mod JK2 - Tomcat 4.1.30) and running nicely with each other,
but the loads on the server are increasing rapidly in our production environment (
~2000 logins/day and peak concurrency of ~75 currently ) and I want to get the best
possible configuration for my server. (Dual 1GHz, 1GB Ram, Win 2k, SQL Server +
Web/Apps servers).
Now, ultimately this is up to me, but I am unsure of a few relationships and variables
used in the configuration files. The settings I have work, but I want them to be
optimal and more importantly I want to understand them, so any help on the following
would be greatly appreciated.
1) server.xml/Connector/bufferSize. Is this allocated for every users session until
it is terminated, or is it a peak size that could be allocated?
2) workers2.properties/shm.slots. Does this equate to the
server.xml/Connector/maxProcessors? or are these fundamentally different?
I have attached my fully working configuration below for those who are interested, as
I noticed a lot of people in the archives looking for working examples using JK2.
Many thanks,
Matt
P.S. I am new to the list but I have been using Tomcat for many years and love it, and
if I can help with anyones queries, from the trivial to complex, I would be only too
happy to do so.
workers2.properties
[logger]
##
LOGGER
##
# Log level. Supported: EMERG, ERROR, INFO, DEBUG
level=ERROR
# Log file. XXX you may be able to change this at runtime, to
# implement rolling.
file=${serverRoot}/logs/jk2_error.log
[config]
##
CONFIG
##
# Location of the workers2.properties file
file=${serverRoot}/conf/workers2.properties
# Set the debug level of the config component
debug=0
# Set the debug level of the hidden env component
debugEnv=0
[shm]
##
SHARED MEMORY SETUP
##
# Name of the file that will be mmapped to use as shared memory,
# If set to 'anonymous' use the anonymous shered memory
file=${serverRoot}/logs/shm.file
# Number of shared memory slots. Set to the number of child
# processes
slots=378
# Use process memory instead of shared memory. Useful for single
# child mpm's
useMemory=0
[lb:lb_group]
##
LOAD BALANCER (EVEN IF USED ON ONE MACHINE)
##
# If set, jk2 won't touch the headers in case of error and will
# let for example Apache present the
# ErrorDocument via mod_alias.
noErrorHeader=1
#
noWorkerMsg=No workers available
#
noWorkerCode=503
#
hwBalanceErr=
# If all
RE: Tomcat configuration tuning
Hi, Welcome to the list from me. It's funny because you have just listed precisely the same server setup as we are launching our new tomcat based You have a wacky definition of precisely because he has Apache at the front-end and you have IIS. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat configuration tuning
Yes ok :) but other than that ;) ADC. -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: 08 April 2004 17:01 To: Tomcat Users List Subject: RE: Tomcat configuration tuning Hi, Welcome to the list from me. It's funny because you have just listed precisely the same server setup as we are launching our new tomcat based You have a wacky definition of precisely because he has Apache at the front-end and you have IIS. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat configuration tuning
Hey Yes our struts uses the tiles plugin also. And the page load times are as a result of running on the server itself unfortunately. I am using the JTDS driver which apparently is one of the fastest SQL Server 2000 implementations for db connectivity. One of the things about our system is that every click the user makes is a search to the CMS for content that belongs to that page. This could be considered sub-optimal. For instance, I could cache results per 15 minutes or something, but content changes often so I thought I would leave it dynamic. I spent some time running JProfiler against the app. The accumulated CPU and memory seemed to ultimately come down to these search calls to the CMS especially under load. Per request I have to instantiate the vendors' bean which is an interface to the CMS server socket and is responsible for giving back all the data from the calls. I then simply package up what I need in data transfer objects and ship them to the JSPs. The JSPs are highly configurable in terms of skinning and so on and have calls to the file system to check if images are present and so on. I think I could cache that too. In fact looking at timings in the logs shows the page start to end is sub 1 second, the rest (user click - page process start) I think is caught up at the search but even so that is generally about 0.8s. Pages are taking about 0.1 and my cached implementation of nav takes 0.06 or so to load. But overall the pages under load feel like they take about 2 seconds and also I get the feeling tomcat is recompiling something it really doesn't need to - that was why I was interested in the development flag in server.conf and whether I should turn that to false. A fair amount of CPU and memory was going to Log4J also. I removed a lot of our unnecessary debugging statements and this too helped. I guess it comes down to the CMS load but any tips from others on the list are so very welcome, Cheers, ADC -Original Message- From: LILES, DAVID (CONTRACTOR) [mailto:[EMAIL PROTECTED] Sent: 08 April 2004 17:22 To: Allistair Crossley Subject: RE: Tomcat configuration tuning I have seen a couple postings regarding poor performance with Tomcat recently and thought I'd respond because we are using IIS5 with Tomcat 5 and SQL 2000 as well. We have a Struts site but our difference is that we are using Tiles for our presentation... haven't really looked into the performance differences between Tiles and non-Tiles display rates As for our database connectivity... we are using an internally developed connection pooling class (no JNDI), but have recently started migrating to Hibernate. It is interesting hearing how long it is taking for the pages to be displayed considering we are on a similar set-up and have not noticed this type of problem. We have not made any special optimization setting changes, we basically did an out of the box set-up Is this occurring when running the app locally or on the server? I would be curious to know what is the resource load on the box running the app, how is the connectivity (bandwidth) to the box, has any sort of optimization tools been run against the code to check for bottle-necks? Not sure that I can provide much value technically, but feel free to ask -Dave -Original Message- From: Allistair Crossley [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 11:00 AM To: Tomcat Users List Cc: [EMAIL PROTECTED] Subject:RE: Tomcat configuration tuning Hi Matt, Welcome to the list from me. It's funny because you have just listed precisely the same server setup as we are launching our new tomcat based app to this weekend and I have been having nightmares about performance. We have a system like this; user - IIS - JK2 ISAPI - Tomcat 5.0.19 - -- Content Management System Bean -- SQL Server 2000 -- SQL Server 2000 via JNDI resource setup Our application is built on Struts. We found performance to be very poor under a load of 20 users of 3 iterators of 20 page requests (13 secs per page) avg pages per secon 1.1!! Looking into it revealed too much XML, too much database connectivity and too much dynamic rending on the pages. I came up with a caching strategy for our navigation as well as removing all XML to database calls instead (you may have seen my last post) Along with other things I have managed 10 pages per seconds and 1.5 seconds per page under the same load test. I'm still not entirely happy and wonder if I am missing any confoguration type stuff to make my app run faster either in tomcat, jk2, iis and so fourth. I run tomcat as a service with -Xms128 -Xmx384. I would be very interested if you have time to hear of any useful quick tips you found can optimise via configuration - maybe even seeing your server.conf and anything else, perhaps any ideas about code optimisation and also how complex your system
R: Tomcat configuration tuning
Hello, I'm having the same problem with a big news portal I'm developing (goal.com, and a few of other sites - italian soccer team - that share the same content management), and even if it is developed with .NET, the concept is almost the same. I don't know how your environment is set up, but u can cache the results for 15 min or even forever, but u can force a cache reload whenever you update a content in the adminstration application. If the frontend is running in another context (or even another server) then the admin site (and u don't have access to the same instance of the CMS), you can call a webservice (or a simplier page) to do this. Simone - Simone Chiaretta www.piyosailing.com/S Any sufficiently advanced technology is indistinguishable from magic Life is short, play hard -Messaggio originale- Da: Allistair Crossley [mailto:[EMAIL PROTECTED] Inviato: giovedì 8 aprile 2004 18.33 A: LILES, DAVID (CONTRACTOR); [EMAIL PROTECTED] Oggetto: RE: Tomcat configuration tuning Hey Yes our struts uses the tiles plugin also. And the page load times are as a result of running on the server itself unfortunately. I am using the JTDS driver which apparently is one of the fastest SQL Server 2000 implementations for db connectivity. One of the things about our system is that every click the user makes is a search to the CMS for content that belongs to that page. This could be considered sub-optimal. For instance, I could cache results per 15 minutes or something, but content changes often so I thought I would leave it dynamic. I spent some time running JProfiler against the app. The accumulated CPU and memory seemed to ultimately come down to these search calls to the CMS especially under load. Per request I have to instantiate the vendors' bean which is an interface to the CMS server socket and is responsible for giving back all the data from the calls. I then simply package up what I need in data transfer objects and ship them to the JSPs. The JSPs are highly configurable in terms of skinning and so on and have calls to the file system to check if images are present and so on. I think I could cache that too. In fact looking at timings in the logs shows the page start to end is sub 1 second, the rest (user click - page process start) I think is caught up at the search but even so that is generally about 0.8s. Pages are taking about 0.1 and my cached implementation of nav takes 0.06 or so to load. But overall the pages under load feel like they take about 2 seconds and also I get the feeling tomcat is recompiling something it really doesn't need to - that was why I was interested in the development flag in server.conf and whether I should turn that to false. A fair amount of CPU and memory was going to Log4J also. I removed a lot of our unnecessary debugging statements and this too helped. I guess it comes down to the CMS load but any tips from others on the list are so very welcome, Cheers, ADC -Original Message- From: LILES, DAVID (CONTRACTOR) [mailto:[EMAIL PROTECTED] Sent: 08 April 2004 17:22 To: Allistair Crossley Subject: RE: Tomcat configuration tuning I have seen a couple postings regarding poor performance with Tomcat recently and thought I'd respond because we are using IIS5 with Tomcat 5 and SQL 2000 as well. We have a Struts site but our difference is that we are using Tiles for our presentation... haven't really looked into the performance differences between Tiles and non-Tiles display rates As for our database connectivity... we are using an internally developed connection pooling class (no JNDI), but have recently started migrating to Hibernate. It is interesting hearing how long it is taking for the pages to be displayed considering we are on a similar set-up and have not noticed this type of problem. We have not made any special optimization setting changes, we basically did an out of the box set-up Is this occurring when running the app locally or on the server? I would be curious to know what is the resource load on the box running the app, how is the connectivity (bandwidth) to the box, has any sort of optimization tools been run against the code to check for bottle-necks? Not sure that I can provide much value technically, but feel free to ask -Dave -Original Message- From: Allistair Crossley [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 11:00 AM To: Tomcat Users List Cc: [EMAIL PROTECTED] Subject: RE: Tomcat configuration tuning Hi Matt, Welcome to the list from me. It's funny because you have just listed precisely the same server setup as we are launching our new tomcat based app to this weekend and I have been having nightmares about performance. We have a system like this; user - IIS - JK2 ISAPI
Re: Tomcat configuration tuning
Hi Allistair, Thanks for the quick response. My server.xml file is below but to some of the questions you had. One of the biggest speed increases we gained was from SQL optimization and table tuning. One thing about server.xml configuration which I realised is the acceptCount being set too high, because if your server is struggling anyway having the requests backing up is not going to help in fact may help it to go down. What I mean by SQL optimization is we had java take over a lot of processing rather than the database, so some of our queries may seem at first a little broad but the speed increase was incredible. Think how fast java can iterate through a set of results rather than constantly referring to the db, so that was one. Also, one of our tables is heavily used and also ever increasing in size, so to keep this fast I keep only a few weeks worth of data in it (so its indexing is still really quick) and offload the rest to a history table which is only used for reporting ... so based on date range I either quickly recieve the latest info or slightly slower receive data from the past. Unfortunately I am unable to give you response times as they would be meaningless (number of db hits, processing etc), but suffice to say its in the region of 100msecs for non db jsp pages to 20+ secs (depending upon connection) for insanely large amounts of db/processed pages and for the vast majority of pages for select style queries are about 700msecs. Sorry I can't be of more help there. I haven't read your post on caching yet, but I rely heavily on XML for our site, from configuration to the menu options, and I also use streamed XML to XSLT for all our views. I guess it comes down to what you need to do, but I would love to hear how you are using it. One of the problems I am tackling at the moment is for places where there is a lot of db inserts/updates which can't be done on-mass, so I am coming up with a plan to assign these tasks to be fulfilled at off peak times, or in manageable chunks so as to keep response times high. One of the problems I am overcoming is that our users aren't tech savvy and if a page doesn't load fast enough they will hit reload constantly and escalate any memory problems I may have had to the dreaded outOfMemory Exception. Regards, Matt P.S. Struts ROCKS!!! server.xml ?xml version='1.0' encoding='utf-8'? Server className=org.apache.catalina.core.StandardServer port=8005 debug=0 shutdown=SHUTDOWN Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0 jsr77Names=false/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ GlobalNamingResources Environment name=simpleValue override=true type=java.lang.Integer value=30/ Resource name=UserDatabase scope=Shareable type=org.apache.catalina.UserDatabase auth=Container description=User database that can be updated and saved/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service className=org.apache.catalina.core.StandardService debug=0 name=Tomcat-Load-Balance-1 Connector className=org.apache.coyote.tomcat4.CoyoteConnector redirectPort=8443 bufferSize=8192 port=8009 connectionTimeout=0 enableLookups=true protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler debug=0 disableUploadTimeout=true maxProcessors=378 minProcessors=5 acceptCount=100 useURIValidationHack=false / Engine jvmRoute=hsInstance debug=0 defaultHost=instance1 name=LoadBalance Host appBase=webapps autoDeploy=true debug=0 unpackWARs=true name=instance1 Context crossContext=true reloadable=true debug=0 docBase=** path=/hs Resource name=jdbc/** scope=Shareable type=javax.sql.DataSource/ ResourceParams name=jdbc/** parameter nameurl/name value**/value /parameter parameter namemaxIdle/name value1000/value /parameter parameter namemaxActive/name value1/value /parameter parameter namedriverClassName/name valuecom.microsoft.jdbc.sqlserver.SQLServerDriver/value /parameter parameter namemaxWait/name value6/value /parameter parameter nameremoveAbandoned/name valuetrue/value /parameter parameter nameusername/name value**/value /parameter parameter namelogAbandoned/name valuetrue/value /parameter parameter
RE: Tomcat configuration tuning
Slightly off-forum but related to my performance tuning of my tomcat webapp, I am using the JCIFS NTLM authentication servlet as a filter. The filter is mapped to all requests /*. I just thought to myself on the train home whether because NTLM is a 3-way handshake, that this may be causing some kind of performance hit. The filter authenticates the desktop user and then populates the request.getRemoteUser. I suppose I could do this once with a login servlet and then populate a session user object and if that ever expires redirect back to the login servlet. Does anyone have an opinion on whether it would be worth my time removing the filter per request in favour of a once-only login action. I appreciate this is off-tomcat, so no hard feelings if noone replies ;) ADC FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat configuration tuning
I do just what you described below. If the loginContext isn't in the session, I show do a global-forward to the login form. And, because I didn't want to have to put a session check into every Struts action I used AspectJ to weave in a pointcut into every action. Works great. I was considering going with a filter servlet instead but if you say its slow then maybe I did the right thing. Charlie Allistair Crossley wrote: Slightly off-forum but related to my performance tuning of my tomcat webapp, I am using the JCIFS NTLM authentication servlet as a filter. The filter is mapped to all requests /*. I just thought to myself on the train home whether because NTLM is a 3-way handshake, that this may be causing some kind of performance hit. The filter authenticates the desktop user and then populates the request.getRemoteUser. I suppose I could do this once with a login servlet and then populate a session user object and if that ever expires redirect back to the login servlet. Does anyone have an opinion on whether it would be worth my time removing the filter per request in favour of a once-only login action. I appreciate this is off-tomcat, so no hard feelings if noone replies ;) ADC FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat configuration tuning
Hi, Did you profile the filter versus aspects? Now that's a benchmark I'd be really interested in. To the original poster: assuming your filter is smart enough to check the session for a user is authenticated already token, the /* mapping is not that big a deal. If you're re-authenticating every time, that's terrible, and you should make your filter smarter. Yoav Shapira Millennium Research Informatics -Original Message- From: Charles N. Harvey III [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 3:38 PM To: Tomcat Users List Subject: Re: Tomcat configuration tuning I do just what you described below. If the loginContext isn't in the session, I show do a global-forward to the login form. And, because I didn't want to have to put a session check into every Struts action I used AspectJ to weave in a pointcut into every action. Works great. I was considering going with a filter servlet instead but if you say its slow then maybe I did the right thing. Charlie Allistair Crossley wrote: Slightly off-forum but related to my performance tuning of my tomcat webapp, I am using the JCIFS NTLM authentication servlet as a filter. The filter is mapped to all requests /*. I just thought to myself on the train home whether because NTLM is a 3-way handshake, that this may be causing some kind of performance hit. The filter authenticates the desktop user and then populates the request.getRemoteUser. I suppose I could do this once with a login servlet and then populate a session user object and if that ever expires redirect back to the login servlet. Does anyone have an opinion on whether it would be worth my time removing the filter per request in favour of a once-only login action. I appreciate this is off-tomcat, so no hard feelings if noone replies ;) ADC FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT -- -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat configuration tuning
I've never actually used a profiler before. I keep meaning to I swear. Its my next big venture. I just figured out unit testing about 2 weeks ago. We just never have time for that silly testing and profiling stuff at my company. I never actually wrote the filter either. But I have one around that I could use to at least do some testing. I'll try this profiling and try to get the results back to the list. Charlie Shapira, Yoav wrote: Hi, Did you profile the filter versus aspects? Now that's a benchmark I'd be really interested in. To the original poster: assuming your filter is smart enough to check the session for a user is authenticated already token, the /* mapping is not that big a deal. If you're re-authenticating every time, that's terrible, and you should make your filter smarter. Yoav Shapira Millennium Research Informatics -Original Message- From: Charles N. Harvey III [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 3:38 PM To: Tomcat Users List Subject: Re: Tomcat configuration tuning I do just what you described below. If the loginContext isn't in the session, I show do a global-forward to the login form. And, because I didn't want to have to put a session check into every Struts action I used AspectJ to weave in a pointcut into every action. Works great. I was considering going with a filter servlet instead but if you say its slow then maybe I did the right thing. Charlie Allistair Crossley wrote: Slightly off-forum but related to my performance tuning of my tomcat webapp, I am using the JCIFS NTLM authentication servlet as a filter. The filter is mapped to all requests /*. I just thought to myself on the train home whether because NTLM is a 3-way handshake, that this may be causing some kind of performance hit. The filter authenticates the desktop user and then populates the request.getRemoteUser. I suppose I could do this once with a login servlet and then populate a session user object and if that ever expires redirect back to the login servlet. Does anyone have an opinion on whether it would be worth my time removing the filter per request in favour of a once-only login action. I appreciate this is off-tomcat, so no hard feelings if noone replies ;) ADC FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT -- -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat configuration tuning
Hi Yoav It's the Samba team JCIFS NTLM servlet filter, so I guess I need to find out from them if the auth is done each time. Cheers, ADC -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Thu 08/04/2004 20:39 To: Tomcat Users List Cc: Subject: RE: Tomcat configuration tuning Hi, Did you profile the filter versus aspects? Now that's a benchmark I'd be really interested in. To the original poster: assuming your filter is smart enough to check the session for a user is authenticated already token, the /* mapping is not that big a deal. If you're re-authenticating every time, that's terrible, and you should make your filter smarter. Yoav Shapira Millennium Research Informatics -Original Message- From: Charles N. Harvey III [mailto:[EMAIL PROTECTED] Sent: Thursday, April 08, 2004 3:38 PM To: Tomcat Users List Subject: Re: Tomcat configuration tuning I do just what you described below. If the loginContext isn't in the session, I show do a global-forward to the login form. And, because I didn't want to have to put a session check into every Struts action I used AspectJ to weave in a pointcut into every action. Works great. I was considering going with a filter servlet instead but if you say its slow then maybe I did the right thing. Charlie Allistair Crossley wrote: Slightly off-forum but related to my performance tuning of my tomcat webapp, I am using the JCIFS NTLM authentication servlet as a filter. The filter is mapped to all requests /*. I just thought to myself on the train home whether because NTLM is a 3-way handshake, that this may be causing some kind of performance hit. The filter authenticates the desktop user and then populates the request.getRemoteUser. I suppose I could do this once with a login servlet and then populate a session user object and if that ever expires redirect back to the login servlet. Does anyone have an opinion on whether it would be worth my time removing the filter per request in favour of a once-only login action. I appreciate this is off-tomcat, so no hard feelings if noone replies ;) ADC FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT -- -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat configuration tuning
All our actions extend an abstract base action that handles auth if the session user is null and then delegates to a subclass to do the actial work which is another way of what you describe there. Hm...are you saying you use JCIFS also? Is the loginContext your own or part of the JCIFS API. ADC -Original Message- From: Charles N. Harvey III [mailto:[EMAIL PROTECTED] Sent: Thu 08/04/2004 20:38 To: Tomcat Users List Cc: Subject: Re: Tomcat configuration tuning I do just what you described below. If the loginContext isn't in the session, I show do a global-forward to the login form. And, because I didn't want to have to put a session check into every Struts action I used AspectJ to weave in a pointcut into every action. Works great. I was considering going with a filter servlet instead but if you say its slow then maybe I did the right thing. Charlie Allistair Crossley wrote: Slightly off-forum but related to my performance tuning of my tomcat webapp, I am using the JCIFS NTLM authentication servlet as a filter. The filter is mapped to all requests /*. I just thought to myself on the train home whether because NTLM is a 3-way handshake, that this may be causing some kind of performance hit. The filter authenticates the desktop user and then populates the request.getRemoteUser. I suppose I could do this once with a login servlet and then populate a session user object and if that ever expires redirect back to the login servlet. Does anyone have an opinion on whether it would be worth my time removing the filter per request in favour of a once-only login action. I appreciate this is off-tomcat, so no hard feelings if noone replies ;) ADC FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat configuration tuning
LoginContext is part of the jdk1.4. javax.security.auth.login.LoginContext. It is usually extended by others. I found the very popular example on javaworld.com where the author created an RDBMDLoginContext. I changed that to my own OJBLoginContext because I use Apache OJB. Its pretty easy to write one, just override each of the methods. Charlie Allistair Crossley wrote: All our actions extend an abstract base action that handles auth if the session user is null and then delegates to a subclass to do the actial work which is another way of what you describe there. Hm...are you saying you use JCIFS also? Is the loginContext your own or part of the JCIFS API. ADC -Original Message- From: Charles N. Harvey III [mailto:[EMAIL PROTECTED] Sent: Thu 08/04/2004 20:38 To: Tomcat Users List Cc: Subject: Re: Tomcat configuration tuning I do just what you described below. If the loginContext isn't in the session, I show do a global-forward to the login form. And, because I didn't want to have to put a session check into every Struts action I used AspectJ to weave in a pointcut into every action. Works great. I was considering going with a filter servlet instead but if you say its slow then maybe I did the right thing. Charlie Allistair Crossley wrote: Slightly off-forum but related to my performance tuning of my tomcat webapp, I am using the JCIFS NTLM authentication servlet as a filter. The filter is mapped to all requests /*. I just thought to myself on the train home whether because NTLM is a 3-way handshake, that this may be causing some kind of performance hit. The filter authenticates the desktop user and then populates the request.getRemoteUser. I suppose I could do this once with a login servlet and then populate a session user object and if that ever expires redirect back to the login servlet. Does anyone have an opinion on whether it would be worth my time removing the filter per request in favour of a once-only login action. I appreciate this is off-tomcat, so no hard feelings if noone replies ;) ADC FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat configuration tuning
Sorry, I was a little off in that last e-mail. The example on javaworld.com has you extending LoginContext to SessionLoginContext. It extends LoginContext and implements HttpSessionBindingListner. This is done so that when the session is over, the logout method is called from valueUnbound(). RDBMSLoginModule is the other class from the example and it implements LoginModule. This is the jaas class that you configure in your jaas.config file. None of this really has anything to do with Tomcat configuration tuning, sorry for going off on a tangent. Charlie Charles N. Harvey III wrote: LoginContext is part of the jdk1.4. javax.security.auth.login.LoginContext. It is usually extended by others. I found the very popular example on javaworld.com where the author created an RDBMDLoginContext. I changed that to my own OJBLoginContext because I use Apache OJB. Its pretty easy to write one, just override each of the methods. Charlie Allistair Crossley wrote: All our actions extend an abstract base action that handles auth if the session user is null and then delegates to a subclass to do the actial work which is another way of what you describe there. Hm...are you saying you use JCIFS also? Is the loginContext your own or part of the JCIFS API. ADC -Original Message- From: Charles N. Harvey III [mailto:[EMAIL PROTECTED] Sent: Thu 08/04/2004 20:38 To: Tomcat Users List Cc: Subject: Re: Tomcat configuration tuning I do just what you described below. If the loginContext isn't in the session, I show do a global-forward to the login form. And, because I didn't want to have to put a session check into every Struts action I used AspectJ to weave in a pointcut into every action. Works great. I was considering going with a filter servlet instead but if you say its slow then maybe I did the right thing. Charlie Allistair Crossley wrote: Slightly off-forum but related to my performance tuning of my tomcat webapp, I am using the JCIFS NTLM authentication servlet as a filter. The filter is mapped to all requests /*. I just thought to myself on the train home whether because NTLM is a 3-way handshake, that this may be causing some kind of performance hit. The filter authenticates the desktop user and then populates the request.getRemoteUser. I suppose I could do this once with a login servlet and then populate a session user object and if that ever expires redirect back to the login servlet. Does anyone have an opinion on whether it would be worth my time removing the filter per request in favour of a once-only login action. I appreciate this is off-tomcat, so no hard feelings if noone replies ;) ADC FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
