Re: Tomcat freezes up

[Manivannan Palanichamy]

What solution been found out for this problem? I am really a sufferer of
this problem? I am thinking of entering a bug. But, the problem is, as
Sebastiaan said, reproducing the bug. Let me work on this, or guys you can
also help/guide/work on reproducing the bug.
-- 
Manivannan Palanichamy
http://mani.gw.googlepages.com/index.html

On 8/16/07, Sebastiaan van Erk <[EMAIL PROTECTED]> wrote:
>
> It seems very unlikely to me that the problem is in the Tomcat code. It
> is very widely deployed and any deadlocks would be found relatively
> quickly unless you use a very obscure setup.
>
> Did you do any standard deadlock debugging? E.g., thread dumps and
> deadlock analysis when the freeze occurs, debug in eclipse with the
> sysdeo plugin and examine the state of your application when the freeze
> occurs... etc.
>
> Note that reporting a bug is not very useful when there is no
> information on how to reproduce the bug, you'll just get a WORKSFORME or
> NEEDINFO status on the bug.
>
> Regards,
> Sebastiaan
>
> Manivannan Palanichamy wrote:
> > I posted the same question week back. People advised me to handle the
> > resource safely, like freeing up the database connections after use,
> > releasing file handles etc. I am very sure that I am doing that
> perfectly,
> > but still my tomcat freezes over long run. I've seen this case in many
> > instances. Is it an issue with tomcat thread handling? Because, in user
> > applications, these freezing problems happen most of the time, because
> of
> > poor thread handling.
> >
> > Better we enter a bug/ discuss this issue in tomcat developers forum.
> >
>
>


-- 
Manivannan.Palanichamy (@) Oracle.com
http://mani.gw.googlepages.com/index.html

Re: Resource Security

[Mark Thomas]

Christopher Schultz wrote:
> Andrew,
> 
> Andrew Hole wrote:
>> Is it possible encrypt password on Resource setup?
> 
> No (still).

And for good reason.

First off all, why does the resource password need to be encrypted?
The threat is that an attacker gains unauthorised access to the box
locally or remotely and reads the file. If they can gain this much
access to the box it is already badly compromised. An attacker that
could do this can almost certainly add a malicious web application,
add a filter that sniffs user passwords, read the private SSL key etc.

There are very few circumstances where an attacker that has
compromised the Tomcat server (and can hence add code etc) can do more
damage with the resource password that they couldn't do by writing a
malicious web application and deploying it.

All that being said, lets assume that the resource password needs to
be protected after the box has been compromised. How to protect it? If
the resource password is encrypted Tomcat has to be able to decrypt it
in order to use it. Where does Tomcat get the decryption key from?

The options are:
1. a file on disk
2. entry by system admin on startup
3. some hardware device

1. is pointless. If the attacker can read the file with the encrypted
password, they can read the file with the decryption key.

2. This is better but has a number of issues. If the service fails, an
admin has to be present to restart it. You have just swapped a
confidentiality issue for an availability one. 24x7 operation will
require 5 admins that know this password. The password will probably
be written down somewhere in plain text and is likely to be less well
protected than if it was just left on the file system in the first
place. This of course doesn't take account of the time taken for an
admin to notice the service is down, go to the box and restart it.
Further, the password will almost certainly still be cached for later
reuse, eg when creating a new connection for a database connection
pool. If our attacker has already compromised the box, a malicious web
app and careful use of reflection will yield the password. At the cost
of some resources and some custom code, you could avoid most caching
issues but closed source code (database drivers etc) will still be a risk.

3. Essentially the same set of problems as 2 but with added complexity.

It all comes down to a proper threat assessment. Given what an
attacker who has access to the box is able to do, there are extremely
few cases where protecting the password after the box is compromised
is worth the effort and not enough to make this even appear on
anyone's to-do list.

If someone can come up with a reasonable scenario that makes
encrypting the resource password necessary then I am happy to add an
implementation of password on startup to my list of things to do.

Mark


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Has getParameterNames been updated to use Generics?

[Bill Barker]

"Brian Munroe" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> This is more of a Servlet API question, but pertains to Tomcat
> nonetheless.  I am using Tomcat 5.5.23 with JDK 1.6.
>
> I am having a problem with Generics and request.getParameterNames().
> I keep getting a unchecked cast warning (just a warning, but still).
>
> I was going to just use the @SuppressWarnings annotation, since I
> pretty much can guarantee that the method will always return an
> Enumeration of Strings, right?
>

Yes, the spec guarantees that it returns an Enumeration of Strings.

> Just making sure I would be following the standard idiom until it gets 
> fixed.
>

This is on the list of things for the Servlet 3.0 spec 
(http://www.jcp.org/en/jsr/detail?id=315), but that means you will have to 
wait for Tomcat 7.0.x to get the "fix".  All of the Servlet 2.x specs 
specify a non-generic Enumeration for this method.

> thanks
>
> -- brian
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> 




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: standard valve / errors handling

[Bill Barker]

"David Delbecq" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
> Hello,
>
> it is my understanding that tomcat uses a valve to detect Throwables
> from webapp and redirect to error page. However, in some case, it seems
> impossible to redirect to error page:
>
> 68937425 [http-8081-Processor14] ERROR
> StandardWrapper[/intranet:webdav]  - Servlet.service() for servlet
> webdav threw exception
> java.lang.NullPointerException
> Aug 17, 2007 9:11:36 AM org.apache.catalina.core.StandardHostValve custom
> SEVERE: Exception Processing
> ErrorPage[exceptionType=java.lang.Exception, location=/jsp/error.jsp]
> java.lang.IllegalStateException
>at org.apache.coyote.Response.reset(Response.java:296)
>at org.apache.catalina.connector.Response.reset(Response.java:642)
>at org.apache.catalina.connector.Response.reset(Response.java:908)
>at
> org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:355)
>at
> org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:211)
>at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:134)
>at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
>at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
>at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
>at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
>at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
>at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
>at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
>at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
>at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
>at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
>at java.lang.Thread.run(Thread.java:534)
>
> Problem: because of the valve problem, my jsp is not called. This jsp is
> supposed to handle displaying of this NullPointerException's
> stacktrace(). Is there a way to configure the standard valve so that is
> dumps the stacktrace in tomcat log?
>

Well, it isn't really the valve's problem, so much as it a problem with the 
webdav servlet :).

Tomcat has already send the Response headers back to the browser (and 
probably part of the Response body as well), so there is no way (under the 
HTTP protocol) for it to tell the browser "oops, this is what I meant to 
send".

> Thank you.
>
>
> -- 
> http://www.noooxml.org/
>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
> 




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Can we use output/extras/tomcat-juli.jar by default?

[Filip Hanik - Dev Lists]

fredk2 wrote:

Hi,

To use log4j the documentation
http://tomcat.apache.org/tomcat-6.0-doc/logging.html
suggest that we need to:

1. Replace $CATALINA_HOME/bin/tomcat-juli.jar with the
output/extras/tomcat-juli.jar.

2. Place output/extras/tomcat-juli-adapters.jar in $CATALINA_HOME/lib.

What do these file do?  why are they extras and why not have them in the
default build?
  
they enable you to plug in commons-logging if you want to use that 
instead of java.util.logging


Filip

In my quick basic tests I did not observe any difference in the logging
behaviors when compared to the original tomcat-juli.jar. Can anyone explain
how or when this would become a problem?

Many Thanks - Fred
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Can we use output/extras/tomcat-juli.jar by default?

[fredk2]

Hi,

To use log4j the documentation
http://tomcat.apache.org/tomcat-6.0-doc/logging.html
suggest that we need to:

1. Replace $CATALINA_HOME/bin/tomcat-juli.jar with the
output/extras/tomcat-juli.jar.

2. Place output/extras/tomcat-juli-adapters.jar in $CATALINA_HOME/lib.

What do these file do?  why are they extras and why not have them in the
default build?

In my quick basic tests I did not observe any difference in the logging
behaviors when compared to the original tomcat-juli.jar. Can anyone explain
how or when this would become a problem?

Many Thanks - Fred
-- 
View this message in context: 
http://www.nabble.com/Can-we-use-output-extras-tomcat-juli.jar-by-default--tf4288716.html#a12209126
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12

[Propes, Barry L]

but an XML validator tool will only validate whether the XML is malformed or 
not, right? Not whether it touches parameters that exist in Tomcat. Right?
Glad to hear you got it working.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 17, 2007 7:56 AM
To: Tomcat Users List
Subject: Re: JDBC driver of class '' for connect URL 'null' in Tomcat
5.5.12


Thanks for all your advice,

Problem sorted now.

I moved the ojdbc14.jar into common/lib only, and set-up a context in the 
appname/META-INF/contex.xml. Tomcat still 
wouldn't start after renaming ResourceParams to Resource even after I had 
validated the xml with an xml validator 
tool. In the end I stripped out the context.xml file and retyped everything 
rather than copy and paste the context 
from server.xml. And it now works, I'm guesing the last step was that there was 
something up / hidden with the file 
type encoding utf-8.

Thanks

Ian


Hi Ian.

ojdbc14.jar needs to ONLY be in common/lib.  It won't work in 
myapp/WEB-INF/lib and won't work if you have the jar in both places.

Additionally you should take a look at the JDBC howto docs regarding 
what your  config in your myapp/META-INF/context.xml or 
conf/Catalina/localhost/myapp.xml should look like:

http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html#Oracle%208i%20with%20OCI%20client

My only editorial comment on the page is to NOT place your 
 or  definition in server.xml as recommended 
on the page.  Place it in context.xml or myapp.xml as I describe above.

--David

[EMAIL PROTECTED] wrote:

>Thanks for your advice so far
>
>I've upgraded to the latest Oracle ojdbc14.jar and placed it the 
>myapp\WEB-INF\lib folder, I also tried it the 
>Tomcat\common\lib for for good measure but still got the same results. I'll 
>continue to use ojdbc14.jar from now 
>though.
>
>I've change the ResourceParams name to just Resource name but this causes 
>Tomcat not to startup, the logs show the 
>following trace...
>
>*** Excerpt Tomcat 5.5.12 logs ***
>16-Aug-2007 16:08:32 org.apache.tomcat.util.digester.Digester endElement
>SEVERE: End event threw exception
>java.lang.reflect.InvocationTargetException
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>*** end ***
>
>Does this mean it's now reading the   element. ?
>
>Thanks
>
>Ian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Fixed! Re: Unable to get a basic install working

[Brian Munroe]

On 8/17/07, Lizard Lizard <[EMAIL PROTECTED]> wrote:

> I found the problem. Something else was listening on port 8005. I
> changed it to 8006 in the XML config file and all worked smoothly from
> then on. Thank you for your help; without netstat, I'd never have
> managed to puzzle this out.

Ok, great to hear!  Good troubleshooting.

BTW, On Windows, it is a snap to integrate Apache [1] and Tomcat
together.  In your httpd.conf file, uncomment the

LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

directive and add something similar to the bottom of httpd.conf

(change the foxmarks to your webapp name):

ProxyRequests Off


ProxyPass ajp://localhost:8009/foxmarks/
ProxyPassReverse ajp://localhost:8009/foxmarks/


-- brian

[1] - Assuming you are using a binary release of Apache 2.2.4

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Off-Topic - Linux questions

[Brian Munroe]

On 8/17/07, Vigorito, Nicholas E. <[EMAIL PROTECTED]> wrote:

>
> - If the suid bit is set for the owner of a directory (looks like drws
> when shown via ls -l) what does that mean? I can find what it means for
> a file but not a directory.
>

Here is a much better explanation then I would be able to give:
http://en.wikipedia.org/wiki/Suid#setuid_on_directories

> - If the group for a directory has read/write privs but the files within
> the directory have the same group but the privs on the files is just
> read, can a user who is in that group remove the file from that
> directory?
>

If the directory has group write access then a user could remove a
file if they both have the same group membership, regardless of the
group permissions set on the file.

I would suggest some empirical testing to confirm this.

-- brian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Off-Topic - Linux questions

[Vigorito, Nicholas E.]

Thanks Chris!  

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
rg] On Behalf Of Christopher Schultz
Sent: Friday, August 17, 2007 3:52 PM
To: Tomcat Users List
Subject: Re: Off-Topic - Linux questions

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Vigorito,

Vigorito, Nicholas E. wrote:
> This is off topic but I cannot seem to find the answers to the 
> following for Linux. Anyone know the answers to the following:
> 
> - If the suid bit is set for the owner of a directory (looks like drws

> when shown via ls -l) what does that mean? I can find what it means 
> for a file but not a directory.

STFW: http://www.google.com/search?q=suid%20directory%20linux

Second link:
http://www.linuxforums.org/forum/linux-security/1034-suid-guid-sticky-bi
t.html

"SUID has no effect on directories, SGID on a directory makes all files
created in that directory to have the same GID as the directory itself."

Or, even, RTFM:

$ man 2 stat (on my recent Gentoo Linux system)

"The set-group-ID bit (S_ISGID) has several special uses. For a direc-
tory it indicates that BSD semantics is to be used for that directory:
files created there inherit their group ID from the directory, not from
the effective group ID of the creating process, and directories created
there will also get the S_ISGID bit set. For a file that does not have
the group execution bit (S_IXGRP) set, the set-group-ID bit indicates
mandatory file/record locking."

The S_ISUID bit has no notes, but it's purpose is to "set-user-ID on
execution". Since directories cannot be executed, there is no effect if
this bit is set on a directory.

> - If the group for a directory has read/write privs but the files 
> within the directory have the same group but the privs on the files is

> just read, can a user who is in that group remove the file from that 
> directory?

Why not just try it?

"If the group for a directory has read/write privs", "can a user who is
in that group remove the file from that directory".

Of course. The group can write to the directory. That means then can
unlink files. Remember that deleting a file on most UNIX filesystems is
just removing the entry from the directory. The filesystem determines
whether or not the actual data is worthless after the unlinking
operation.

Deleting a file to which you have no rights in a directory to which you
have full rights is always possible because the file permissions are
irrelevant: only the directory permissions are relevant.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxfxN9CaO5/Lv0PARAgK6AKCeF1A5b3QN3VKhMP8rUp8xmjObkACgmKdn
DM2r2zDy/YAs791zD4Tp0zA=
=g5q6
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RES: RES: RES: Context.xml file

[Milanez, Marcus]

The this is that there are serious security concerns regarding SOX
audits... Are there preventative measures about cleartext pass? No, but
SOX auditors could easily point out all these stuff as 'unsafe
environments'...

Anyway, I'm just trying to enforce security as much as I can in my
environment. I just can't assume anything...

Thank you!

-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED] 
Enviada em: sexta-feira, 17 de agosto de 2007 16:43
Para: Tomcat Users List
Assunto: Re: RES: RES: Context.xml file

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marcus,

Milanez, Marcus wrote:
> I know.. This is quite difficult to address...
> 
> Have your company adhered to SOX already? 

Erm... correct me if I'm wrong, but SOX is all about public disclosure
of bad things happening. There are no preventative measures or anything
like that. It's not like SOX says "you can't have cleartext passwords on
computers directly connected to the Internet".

Of course, if it did, you could always put your app server on a private
subnet and then use a web server in your DMZ. This is my preferred
deployment strategy, anyway.

- -chris

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Off-Topic - Linux questions

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Vigorito,

Vigorito, Nicholas E. wrote:
> This is off topic but I cannot seem to find the answers to the following
> for Linux. Anyone know the answers to the following:
> 
> - If the suid bit is set for the owner of a directory (looks like drws
> when shown via ls -l) what does that mean? I can find what it means for
> a file but not a directory.

STFW: http://www.google.com/search?q=suid%20directory%20linux

Second link:
http://www.linuxforums.org/forum/linux-security/1034-suid-guid-sticky-bit.html

"SUID has no effect on directories, SGID on a directory makes all files
created in that directory to have the same GID as the directory itself."

Or, even, RTFM:

$ man 2 stat (on my recent Gentoo Linux system)

"The set-group-ID bit (S_ISGID) has several special uses. For a direc-
tory it indicates that BSD semantics is to be used for that directory:
files created there inherit their group ID from the directory, not from
the effective group ID of the creating process, and directories created
there will also get the S_ISGID bit set. For a file that does not have
the group execution bit (S_IXGRP) set, the set-group-ID bit indicates
mandatory file/record locking."

The S_ISUID bit has no notes, but it's purpose is to "set-user-ID on
execution". Since directories cannot be executed, there is no effect if
this bit is set on a directory.

> - If the group for a directory has read/write privs but the files within
> the directory have the same group but the privs on the files is just
> read, can a user who is in that group remove the file from that
> directory?

Why not just try it?

"If the group for a directory has read/write privs", "can a user who is
in that group remove the file from that directory".

Of course. The group can write to the directory. That means then can
unlink files. Remember that deleting a file on most UNIX filesystems is
just removing the entry from the directory. The filesystem determines
whether or not the actual data is worthless after the unlinking operation.

Deleting a file to which you have no rights in a directory to which you
have full rights is always possible because the file permissions are
irrelevant: only the directory permissions are relevant.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxfxN9CaO5/Lv0PARAgK6AKCeF1A5b3QN3VKhMP8rUp8xmjObkACgmKdn
DM2r2zDy/YAs791zD4Tp0zA=
=g5q6
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Unable to get a basic install working...

[Brian Munroe]

On 8/17/07, Lizard Lizard <[EMAIL PROTECTED]> wrote:>

> SEVERE: StandardServer.await: create[8005]:
> java.net.BindException: Address already in use: JVM_Bind

>
> It claims the address is already in use, but netstat shows nothing on
> that address. Stopping the apache server itself did not change this. I
> am not sure what else might be running. The log shows the same error
> as before.

How about 8005?  I *think* that is what might be the problem.  If you
do a 'netstat -nb', it will also include which process is using which
port.

A default Tomcat install usually listens on 3 ports:

8005 - The shutdown port, which when sent the correct command (usually
SHUTDOWN) kills the Tomcat process.

8009 - The AJP listener, which is used when integrating with Apache httpd.

8080 - The http listener, which is the built in web server if you are
going to use AJP.

You can change any of these by editing $CATALINA_HOME/conf/server.xml

($CATALINA_HOME  = )

-- brian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RES: RES: Context.xml file

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marcus,

Milanez, Marcus wrote:
> I know.. This is quite difficult to address...
> 
> Have your company adhered to SOX already? 

Erm... correct me if I'm wrong, but SOX is all about public disclosure
of bad things happening. There are no preventative measures or anything
like that. It's not like SOX says "you can't have cleartext passwords on
computers directly connected to the Internet".

Of course, if it did, you could always put your app server on a private
subnet and then use a web server in your DMZ. This is my preferred
deployment strategy, anyway.

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxfoq9CaO5/Lv0PARAvJkAKCc2RE+1Yij19PeD+Lq3mS0B2RrzwCfUPO1
LRXOg4o2WB60zoKQLUymTVc=
=UhTn
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Fixed! Re: Unable to get a basic install working

[Lizard Lizard]

I found the problem. Something else was listening on port 8005. I
changed it to 8006 in the XML config file and all worked smoothly from
then on. Thank you for your help; without netstat, I'd never have
managed to puzzle this out.

-- 
===
Blog: www.xanga.com/lizard_sf
Currently Working On: All manner of things.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RES: RES: Context.xml file

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marcus,

Milanez, Marcus wrote:
> Microsoft seems to have a good solution for that. The 'keys' are
> associated with na specific domain account... What do you think:
> http://msdn2.microsoft.com/en-us/library/ms995355.aspx

I don't see this as a solution. Just because the operating system
provides encryption for you doesn't mean that ultimately the credentials
have to come from either the keyboard (nice and secure, but a total PITA
for any system administrator) or from a cleartext file.

I'd /love/ to hear a proposal that even remotely solves this problem
with NEITHER a cleartext password NOR a hand-entered password on the
console. So far, I haven't heard of one, and I can't think of one myself.

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxflx9CaO5/Lv0PARAilwAKDELMTBFIz1PX4KSb7TkAyil8nH6gCeKV5I
ep8aA/BX2SXiec/WZ3nxr1c=
=ywTS
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Off-Topic - Linux questions

[Vigorito, Nicholas E.]

This is off topic but I cannot seem to find the answers to the following
for Linux. Anyone know the answers to the following:

- If the suid bit is set for the owner of a directory (looks like drws
when shown via ls -l) what does that mean? I can find what it means for
a file but not a directory.

- If the group for a directory has read/write privs but the files within
the directory have the same group but the privs on the files is just
read, can a user who is in that group remove the file from that
directory?

Thanks!

Nick

Re: RES: RES: Context.xml file

[Mark H. Wood]

All the solutions I ever heard of boil down to two approaches:

1)  The secrets are stored in the computer, and protected by filesystem
permissions.  This is what you have now.  Ensure that the
filemode/ACL/whatever is correct to prevent unauthorized access to
the files containing the secrets.  There is no way to improve on
that.  Add as many layers of encryption as you like, but if the
machine can start without assistance then ultimately there must be
a secret stored as cleartext in a file somewhere, and your
security depends on protecting that file.

2)  The secrets are not stored in the computer; when the application
starts, it must notify an operator and wait for him to supply the
secrets, whether by typing in a passphrase, plugging in a
smartcard, or whatever.  The application cannot serve users until
a human has responded.  Your security depends on the
trustworthiness of that human.

The choice is made based on whether you think you are likely to lose
more by someone breaking into the machine's privileged accounts, or by
ignoring customers until a human notices the request for secrets.

-- 
Mark H. Wood, Lead System Programmer   [EMAIL PROTECTED]
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.



pgpKdcI13V6Bv.pgp
Description: PGP signature

RES: RES: Context.xml file

[Milanez, Marcus]

Chris,

Microsoft seems to have a good solution for that. The 'keys' are
associated with na specific domain account... What do you think:
http://msdn2.microsoft.com/en-us/library/ms995355.aspx

Thank you!

-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED] 
Enviada em: sexta-feira, 17 de agosto de 2007 15:17
Para: Tomcat Users List
Assunto: Re: RES: Context.xml file

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marcus,

Milanez, Marcus wrote:
> Regarding that, I came across an implementation suggestion which seems

> to be valid, but still seems to have security issues. What do you
think?
> Take a look at http://wldj.sys-con.com/read/393364.htm

Wow, what a miserably useless article. Tomcat as a reference
implementation is not meant to be used in production? Sounds like BEA
FUD or something like that.

You have identified the source of the problem: the application server
actually needs access to production database. You simply can't get
around this. If a hacker compromises your application server, they will
have access to your database.

The only way to prevent that from happening is to have Tomcat ask you to
enter the database credentials at container startup (or app deployment)
from the console. No reasonable system administrator is going to stand
for that crap, because it means that if your container needs to be
restarted (or the server reboots) or you need to re-deploy the
application, your app is totally down until someone types-in the magic
incantation to get your application attached to the database.

If you encrypt the credentials in the server.xml file, you have to store
the encryption key somewhere the code can access it. You have simply
moved the problem. You can move it many, many times, but you won't get
any more secure.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxeYC9CaO5/Lv0PARAhMlAJ4kzva8Cs2qAnvjVXTHEZ9NkIY57gCfTlFI
qcfAKCw5Zv8l8Ou4EKGqA4U=
=/2Wu
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RES: RES: Context.xml file

[Milanez, Marcus]

I know.. This is quite difficult to address...

Have your company adhered to SOX already? 

-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED] 
Enviada em: sexta-feira, 17 de agosto de 2007 15:17
Para: Tomcat Users List
Assunto: Re: RES: Context.xml file

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marcus,

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Installing APR on Fedora

[Filip Hanik - Dev Lists]

Rainer Jung wrote:

If I remember that correctly:

- if you include it in LD_LIBRARY_PATH, the JVM will add it to 
java.library.path automatically
- if you only add it to java.library.path, it will not be enough for 
the runtime linker to find the tcnative dependencies apr and openssl


Anyone: correct me if I'm wrong.
That is incorrect, it all depends on when the native library is loaded. 
For Tomcat/APR, I believe it is fully sufficient to add it as 
-Djava.library.path, but should you want to load an agent (like a 
profiler tool) then its too late, it has to be in the LD_LIBRARY_PATH 
variable


Filip


Markus Schiegl wrote:

another way could be passing "-Djava.library.path=/usr/local/apr/lib" to
tomcat using CATALINA_OPTS for example.

@all: any drawbacks doing it this way?

kind regards,
   Markus

Ole Ersoy wrote:

Ooooh - OK - That makes a lot of sense :-)  Sweet - It looks like it's
humming real well now, except for a few SSL complaints, but I should be
able to bang those out.

Thanks a gazillion Filip, Rainer, Stephen, Lakshmi, and Hassan.  You
gracious help enabled me to keep my last hair :-)

- Ole

Filip Hanik - Dev Lists wrote:

ok, in your catalina.sh script you will need to do

export LD_LIBRARY_PATH=/usr/local/apr/lib:$LD_LIBRARY_PATH

the file it finds is the correct one.

the CLASSPATH variable only applies to java libraries, this is a
native C library.

Filip


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RES: Context.xml file

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Marcus,

Milanez, Marcus wrote:
> Regarding that, I came across an implementation suggestion which seems
> to be valid, but still seems to have security issues. What do you think?
> Take a look at http://wldj.sys-con.com/read/393364.htm

Wow, what a miserably useless article. Tomcat as a reference
implementation is not meant to be used in production? Sounds like BEA
FUD or something like that.

You have identified the source of the problem: the application server
actually needs access to production database. You simply can't get
around this. If a hacker compromises your application server, they will
have access to your database.

The only way to prevent that from happening is to have Tomcat ask you to
enter the database credentials at container startup (or app deployment)
from the console. No reasonable system administrator is going to stand
for that crap, because it means that if your container needs to be
restarted (or the server reboots) or you need to re-deploy the
application, your app is totally down until someone types-in the magic
incantation to get your application attached to the database.

If you encrypt the credentials in the server.xml file, you have to store
the encryption key somewhere the code can access it. You have simply
moved the problem. You can move it many, many times, but you won't get
any more secure.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxeYC9CaO5/Lv0PARAhMlAJ4kzva8Cs2qAnvjVXTHEZ9NkIY57gCfTlFI
qcfAKCw5Zv8l8Ou4EKGqA4U=
=/2Wu
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Unable to get a basic install working...

[Lizard Lizard]

Thank you for the tip on netstat. (Dammit, Jim, I'm a database
developer, not a network admin!) (Yes, I know, it's important to learn
all relevant skills and I'm not claiming ignorance is justifiable...)
It did lead me to discover that a)Nothing is listening on 8080, and,
b)Despite windows services telling me that Tomcat is 'started', as
soon as I refresh the list, it stops again. The following is what
seems to be the relevant log material:

Aug 17, 2007 1:56:04 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path: C:\Program Files\Apache Software Foundation\Tomcat
6.0\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program
Files\ATI Technologies\ATI.ACE\;C:\Program
Files\Intel\Wireless\Bin\;C:\Program Files\K-Lite Codec
Pack\QuickTime\QTSystem\
Aug 17, 2007 1:56:05 PM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Aug 17, 2007 1:56:05 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 571 ms
Aug 17, 2007 1:56:05 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Aug 17, 2007 1:56:05 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.14
Aug 17, 2007 1:56:05 PM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Aug 17, 2007 1:56:05 PM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Aug 17, 2007 1:56:05 PM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/94  config=null
Aug 17, 2007 1:56:05 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 735 ms
Aug 17, 2007 1:56:05 PM org.apache.catalina.core.StandardServer await
SEVERE: StandardServer.await: create[8005]:
java.net.BindException: Address already in use: JVM_Bind
at java.net.PlainSocketImpl.socketBind(Native Method)
at java.net.PlainSocketImpl.bind(Unknown Source)
at java.net.ServerSocket.bind(Unknown Source)
at java.net.ServerSocket.(Unknown Source)
at 
org.apache.catalina.core.StandardServer.await(StandardServer.java:373)
at org.apache.catalina.startup.Catalina.await(Catalina.java:630)
at org.apache.catalina.startup.Catalina.start(Catalina.java:590)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Aug 17, 2007 1:56:05 PM org.apache.coyote.http11.Http11Protocol pause
INFO: Pausing Coyote HTTP/1.1 on http-8080
Aug 17, 2007 1:56:06 PM org.apache.catalina.core.StandardService stop
INFO: Stopping service Catalina
Aug 17, 2007 1:56:06 PM org.apache.coyote.http11.Http11Protocol destroy
INFO: Stopping Coyote HTTP/1.1 on http-8080

It claims the address is already in use, but netstat shows nothing on
that address. Stopping the apache server itself did not change this. I
am not sure what else might be running. The log shows the same error
as before.
-- 
===
Blog: www.xanga.com/lizard_sf
Currently Working On: All manner of things.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RES: Resource Security

[Milanez, Marcus]

I read this just after I sent the same question... Take alook at the
following article:

http://wldj.sys-con.com/read/393364.htm

-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED] 
Enviada em: sexta-feira, 17 de agosto de 2007 11:46
Para: Tomcat Users List
Assunto: Re: Resource Security

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andrew,

Andrew Hole wrote:
> Is it possible encrypt password on Resource setup?

No (still).

- -chris

PS Yes, you can write your own data source manager that decrypts the
credentials or whatever, but then you have to store /that/ password
somewhere. You just can't win. It's not worth it.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxbSd9CaO5/Lv0PARAqpGAKCtF/DLUaEYdEM0JYr9pOZu94zo3gCeJ4cb
pWt1fKBL21NW8BggZnJpRzM=
=2W2i
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Unable to get a basic install working...

[Brian Munroe]

On 8/17/07, Lizard Lizard <[EMAIL PROTECTED]> wrote:

> I am sure more information is needed to diagnose this problem, and I
> will happily provide it.
>
> Thank you for any support you can offer.
>

2 things to check.

1.  Do the tomcat logs tell you anything? Located in /logs

2.  From a command window, do a 'netstat -an' and look to see if there
is anything listening on localhost port 8080.

-- brian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RES: Context.xml file

[Milanez, Marcus]

Regarding that, I came across an implementation suggestion which seems
to be valid, but still seems to have security issues. What do you think?
Take a look at http://wldj.sys-con.com/read/393364.htm



-Mensagem original-
De: Milanez, Marcus [mailto:[EMAIL PROTECTED] 
Enviada em: sexta-feira, 17 de agosto de 2007 14:18
Para: Tomcat Users List
Assunto: Context.xml file

Hello everyone!

Is there a way to make the context.xml file more secure? I mean, inside
this file we have database users and passwords in plain form, and this
seems to be a severe security issue... How do you guys usually protect
these informations (using context.xml file) in your projects?

Thank you!

Marcus Milanez

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Java freezing at 100% usage, tomcat 5, java 5

[Filip Hanik - Dev Lists]

everything seems to be blocked on this one

"TP-Processor62" daemon prio=1 tid=0x081ef7e0 nid=0x6971 runnable 
[0x94f12000..0x94f130a0]

at java.lang.String.intern(Native Method)
at javax.management.ObjectName.setCanonicalName(ObjectName.java:733)
at javax.management.ObjectName.construct(ObjectName.java:565)
at javax.management.ObjectName.(ObjectName.java:1304)
at 
org.apache.jk.common.ChannelSocket.registerRequest(ChannelSocket.java:461)

at org.apache.jk.common.HandlerRequest.checkRequest(HandlerRequest.java:357)
- locked <0x7267ab08> (a java.lang.Object)
at 
org.apache.jk.common.HandlerRequest.decodeRequest(HandlerRequest.java:367)

at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:261)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:773)
at 
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:703)
at 
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:895)
at 
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)

at java.lang.Thread.run(Thread.java:595)

and that seems to point to the OS/JDK version combo you are running.

try to upgrade to a later JDK, and see if that resoves the issue for you

Filip


Jimmy Phelan :: Blacknight Solutions wrote:


Hi All

We are using tomcat 5 on a shared hosting server. The server is 
running DirectAdmin as its control panel. It is running RedHat 
Enterprise 4, tomcat 5.5.23 and jvm 1.5.0_08-b03


I have attached a stack trace (from kill -3)

We are using a plugin from da-plugin.com to use tomcat in DirectAdmin, 
but the support on this is less than stellar, and we don’t believe it 
to be the issue


What seems to be happening is that every now and again the java 
process jumps to 100% usage, and sticks. Only a service tomcatd 
restart will kill it and restart the server


Tomcat 5 has the following variables enables in its process

-Xmx512M 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
-Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties 
-Djava.endorsed.dirs=/usr/local/tomcat/common/endorsed -classpath 
:/usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/commons-logging-api.jar 
-Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat 
-Djava.io.tmpdir=/usr/local/tomcat/temp 
org.apache.catalina.startup.Bootstrap start


We are also running tomcat-4 in tandem with tomcat 5, it runs with the 
following variables


-Djava.endorsed.dirs=/usr/local/tomcat.4.1.33/common/endorsed 
-classpath 
/usr/local/java/lib/tools.jar:/usr/local/tomcat.4.1.33/bin/bootstrap.jar 
-Dcatalina.base=/usr/local/tomcat.4.1.33 
-Dcatalina.home=/usr/local/tomcat.4.1.33 
-Djava.io.tmpdir=/usr/local/tomcat.4.1.33/temp 
org.apache.catalina.startup.Bootstrap start


We have been trying to sort this out for a while, but cant see 
anything, can anyone else?


Jimmy



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.484 / Virus Database: 269.12.0/957 - Release Date: 8/16/2007 1:46 PM



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Context.xml file

[Milanez, Marcus]

Hello everyone!

Is there a way to make the context.xml file more secure? I mean, inside
this file we have database users and passwords in plain form, and this
seems to be a severe security issue... How do you guys usually protect
these informations (using context.xml file) in your projects?

Thank you!

Marcus Milanez

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Java freezing at 100% usage, tomcat 5, java 5

[Alexey Solofnenko]

I do not know the answer. A similar behaviour happened with our servers 
when finilizer dead-locked. In your case Finilizer did not dead-lock, 
but it fails with exception and I do not know if it recovers after that. 
Try checking stack trace several times in a row and see what the 
finilizer does.


"Finalizer" daemon prio=1 tid=0x0809d908 nid=0x4834 waiting for monitor 
entry [0xb24a1000..0xb24a1ea0]

at java.lang.Throwable.getStackTraceElement(Native Method)
at java.lang.Throwable.getOurStackTrace(Throwable.java:592)
- locked <0x792bef30> (a java.net.SocketException)
at java.lang.Throwable.printStackTrace(Throwable.java:511)
- locked <0x792bf368> (a java.io.PrintWriter)
at com.mysql.jdbc.Util.stackTraceToString(Util.java:291)
at 
com.mysql.jdbc.CommunicationsException.(CommunicationsException.java:186)

at com.mysql.jdbc.MysqlIO.send(MysqlIO.java:2723)
at com.mysql.jdbc.MysqlIO.quit(MysqlIO.java:1401)
at com.mysql.jdbc.Connection.realClose(Connection.java:4882)
at com.mysql.jdbc.Connection.cleanup(Connection.java:2062)
at com.mysql.jdbc.Connection.finalize(Connection.java:3369)
at java.lang.ref.Finalizer.invokeFinalizeMethod(Native Method)
at java.lang.ref.Finalizer.runFinalizer(Finalizer.java:83)
at java.lang.ref.Finalizer.access$100(Finalizer.java:14)
at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:160)


- Alexey.

Jimmy Phelan :: Blacknight Solutions wrote:



Hi All

We are using tomcat 5 on a shared hosting server. The server is 
running DirectAdmin as its control panel. It is running RedHat 
Enterprise 4, tomcat 5.5.23 and jvm 1.5.0_08-b03


I have attached a stack trace (from kill -3)

We are using a plugin from da-plugin.com to use tomcat in DirectAdmin, 
but the support on this is less than stellar, and we don’t believe it 
to be the issue


What seems to be happening is that every now and again the java 
process jumps to 100% usage, and sticks. Only a service tomcatd 
restart will kill it and restart the server


Tomcat 5 has the following variables enables in its process

-Xmx512M 
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager 
-Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties 
-Djava.endorsed.dirs=/usr/local/tomcat/common/endorsed -classpath 
:/usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/commons-logging-api.jar 
-Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat 
-Djava.io.tmpdir=/usr/local/tomcat/temp 
org.apache.catalina.startup.Bootstrap start


We are also running tomcat-4 in tandem with tomcat 5, it runs with the 
following variables


-Djava.endorsed.dirs=/usr/local/tomcat.4.1.33/common/endorsed 
-classpath 
/usr/local/java/lib/tools.jar:/usr/local/tomcat.4.1.33/bin/bootstrap.jar 
-Dcatalina.base=/usr/local/tomcat.4.1.33 
-Dcatalina.home=/usr/local/tomcat.4.1.33 
-Djava.io.tmpdir=/usr/local/tomcat.4.1.33/temp 
org.apache.catalina.startup.Bootstrap start


We have been trying to sort this out for a while, but cant see 
anything, can anyone else?


Jimmy



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


--

Alexey N. Solofnenko 
Pleasant Hill, CA (GMT-8 usually)



smime.p7s
Description: S/MIME Cryptographic Signature

Unable to get a basic install working...

[Lizard Lizard]

Greetings!

I have been given the task of setting up a basic local server to test
out Java servlets and evaluate some web technologies for my company. I
am using Windows XP SP2, Java 1.6, Eclipse 3.2, and Apache 2.2.4. I am
following the directions in the O'Reilly "Eclipse Cookbook", and I
downloaded Tomcat 6.0.14. I can "Start" the tomcat service from the
control panel, but when I connect to http://localhost:8080, I get an
"unable to connect" error. The only change I made to the installation
defaults was to set a unique admin and password instead of "Admin" and
no password.

I am sure more information is needed to diagnose this problem, and I
will happily provide it.

Thank you for any support you can offer.

(The Apache Server install is working; I get the default 'It works!' page)

-- 
===
Blog: www.xanga.com/lizard_sf
Currently Working On: All manner of things.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: mod_jk, Tomcat, Session, Servlets & Portlets

[Rainer Jung]

Not sure that I understand your problem: is a jk load balancer involved 
and your request gets send to the wrong instance? If so, we can explain, 
how the decision is made.


If you are only using a single node, I don't understand the problem. You 
write "you correctly get an exception". If it's correct, then why is it 
wrong?


Regards,

Rainer

Benny Bräuer wrote:

Hi,

I've written a webapp for a portlet container. Within this webapp /
the portlet I can call a link to a servlet. The servlet gets the
session from the portlet container (resp. Tomcat) and do its work.
(Session-sharing between portlets and servlets is working)

This works great when I use the direct adress of tomcat, like
http://foo.bar.com:8080/MyServlet?para=foobar

On our systems we are using Apache 2.0 and mod_jk (1.2.23 to 25). This
made no problems with any sessions until now / that case. If I call
the servlet with the address
http://www.foobar.com/MyServlet?para=foobar I correctly get an
exception from the servlet because of non-existing HttpSession.

I think the session is bound to an url. Is there an possibility to
bind the session to www.foobar.com (or has anyone another idea to
solve my problem). I would appreciate any help.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Round Robin

[Rainer Jung]

1) Real round robin

If you really want to distribute requests fully via round robin, you 
need to set


worker.loadbalancer.sticky_session=False

2) Session stickyness

But usually, this is *not* what you want. Usually, you want requests, 
that belong to a user session to go to the same Tomcat instance, where 
the session has been created, and only requests which do not refer to a 
session should be fully load balanced. So depending on the number of 
sessions relative to the number of new session requests, only a small 
percentage of your requests will be available for real balancing.


If you test balancing only with a couple of clients, it's quite 
possible, that you are only using *very* few sessions, and most of the 
balancing decisions are dictated by the first instance the session hit.


If you've got 3 workers in the balancer, and only two of them actually 
get requests (which I learn from the N/A for worker B), it's likely, 
that you are testing with only two sessions, which most likely is 
totally unrealistic.


In case of session stickyness, there is no way of telling the 
loadbalancer to use round robin for the new session requests (i.e. 
requests which do not refer to a session). We have several ways of 
deciding which node should be chosen (see "method" attribute of the load 
balancer), but round robin is none of them.


Regards,

Rainer


Dean Lonsdale wrote:

Hi all

We are currently trying to setup load balancing in our environment and as 
after testing the Load Balancing it would appear to be working. I have run 
up two applications sessions, one of which went to the 'A' tomcat worker 
and the other to the 'C' tomcat worker. The status page suggests that the 
workers are load balanced, although as yet the 'B' worker has only ever 
appeared with a status of 'N/A' (Unknown). Other workers have appeared 
with a status of 'OK'.
 
I suspect that this load balancer is not using  a 'Round Robin' algorithm. 
I also cannot see any way of setting this as a Load Balancer method. Below 
is our workers.properties file, could anyone please advise why a round 
robin approach may not be working pls ?


thanks in advance

# ==
# JK configuration directives
# ==
ps=/

# ==
# list the workers required as entry points from apache  by name
# ==

worker.list= ajp13, loadbalancer , status

# ==
# Single worker to handle all non load balanced requests
# (Esri IMS)
# ==

worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13

# ==
# Balanced set of workers to handle all load balanced requests
# (IMF Easimap)
# ==

# ---
# 1st Balanced worker Tomcat1
# ---

worker.tomcat1.port=8109
worker.tomcat1.host=localhost
worker.tomcat1.type=ajp13
worker.tomcat1.socket_keepalive=1
worker.tomcat1.socket_timeout=600
worker.tomcat1.lbfactor=100
worker.tomcat1.route=tomcat5_A
worker.tomcat1.connection_pool_timeout=300

# ---
# 2nd Balanced worker Tomcat2
# ---

worker.tomcat2.port=8209
worker.tomcat2.host=localhost
worker.tomcat2.type=ajp13
worker.tomcat2.socket_keepalive=1
worker.tomcat2.socket_timeout=600
worker.tomcat2.lbfactor=100
worker.tomcat2.route=tomcat5_B
worker.tomcat2.connection_pool_timeout=300

# ---
# 3rd Balanced worker Tomcat3
# ---

worker.tomcat3.port=8309
worker.tomcat3.host=localhost
worker.tomcat3.type=ajp13
worker.tomcat3.socket_keepalive=1
worker.tomcat3.socket_timeout=600
worker.tomcat3.lbfactor=100
worker.tomcat3.route=tomcat5_C
worker.tomcat3.connection_pool_timeout=300

#--
# Tomcat balancer
#--
worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=tomcat1, tomcat2, tomcat3


# ==
# Tomcat status worker - gives status information on connected
# instances
# ==

worker.status.type=status






Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Embedding XML documents as children of the context-param element

[Robert Segal]

>Is there any reason why you couldn't store your *.xml file in WEB-INF/

No.  There is no problem with doing this and it's probably the method
I'll use.  Thanks everyone for all the comments.


Robert Segal
Tools Developer
CryptoLogic Inc.
55 St. Clair Ave W., 3rd Floor
Toronto, Ontario
Canada  M4V 2Y7
tel.  + 1.416.545.1455 x5896
fax. + 1.416.545.1454

This message, including any attachments, is confidential and/or
privileged and contains information intended only for the person(s)
named above. Any other distribution, copying or disclosure is strictly
prohibited. If you are not the intended recipient or have received this
message in error, please notify us immediately by reply email and
permanently delete the original transmission from all of your systems
and hard drives, including any attachments, without making a copy.
-Original Message-
From: Brian Munroe [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 16, 2007 5:52 PM
To: Tomcat Users List
Subject: Re: Embedding XML documents as children of the context-param
element

On 8/16/07, Robert Segal <[EMAIL PROTECTED]> wrote:

> So as an alternative I know the second method will work but was
curious
> if anyone has tried the first method.
>

I doubt the 1st method is valid, since you are basically inventing new
deployment descriptor elements, and I know for sure that Eclipse would
go crazy with error messages.

In the 2nd method you are basically serializing the XML into a
string.. I suppose that is Ok, but I think you have to have also have
an java.lang.String element to
consider web.xml well formed.

Is there any reason why you couldn't store your *.xml file in WEB-INF/
and call it with something like:

ServletContext sc = getServletConfig().getServletContext();
String myXMLFIlePath = sc.getRealPath("/WEB-INF/myXMLFIle.xml");
...

Document document = parser.parse(new File(myXMLFilePath));

-- brian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: context.xml not being copied across on deployment

[Gerhardus.Geldenhuis]

Hi Iain,
From a previous question I asked on the list:

If you use auto-deploy and you have a WAR file or directory in the
"webapps" directory, then any "path" attribute you have in your
 element will be ignored (or, worse, confused and used ion some
weird way). Perhaps this is a problem with your deployment. 

> -Original Message-
> From: Emsley, I (Iain) [mailto:[EMAIL PROTECTED] 
> Sent: 17 August 2007 15:21
> To: users@tomcat.apache.org
> Subject: context.xml not being copied across on deployment
> 
> Dear Tomcat users, 
>  
> I'm trying to get a calendaring system (which also uses Ant) 
> to load its applications from 
> C:\foo\apache-tomcat-5.5.17\webapps. I've set  a build file 
> at c:\docs and settings\userid\foo.build.properties which 
> links to a foo.properties and foo.options.xml. These point to 
> the context.xml file in catalina home\web 
> apps\META-INF\context.xml (I've posted one the lines for the 
> tomcat context:
> org.bedework.app.Events.tomcat.context.xml=/META-INF/context.xml).
>  
> When I start Tomcat, the WAR files in webapps are deployed 
> but the context.xml files are ignored (they are required as 
> I'm changing the database from Hypersonic to MySQL). 
>  
> When I check the xml files in
> \apache-tomcat-5.5.17\conf\Catalina\localhost, I'm still 
> getting the context for Hypersonic rather than MySQL. 
>  
> It appears that the WAR files are being copied in whole 
> whilst my update is being ignored. I would be grateful for 
> some pointers as to what else I can try to solve this issue 
> and to learn from it for the future.
>  
> Many thanks, 
>  

__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
__

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Register url in ROOT application

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Chuck and Thomas,

Caldarale, Charles R wrote:
>> From: Thomas Kwan (eTechFocus) [mailto:[EMAIL PROTECTED] 
>> Subject: Re: Register url in ROOT application
>>
>> I want to be able to register a servlet in the ROOT application
>> that will handle request to "/app1". Note that the name space
>> "/app1" is already taken up by my "app1" application.

[snip]

> If you are front-ending Tomcat with httpd, I think you could also use
> URL rewriting in httpd to get the request to go where you want it.

Better yet, you can simply do this:

JkMount /app1   your-root-worker
JkMount /app1/* your-app1-worker

No rewriting necessary!

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxbMS9CaO5/Lv0PARAmvYAKCaXbR3H6HA/UygbxUvQCDekFRmEACdEc22
FvTVqGP/Zxq4rXhD9C8RwJc=
=hgOC
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Resource Security

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Andrew,

Andrew Hole wrote:
> Is it possible encrypt password on Resource setup?

No (still).

- -chris

PS Yes, you can write your own data source manager that decrypts the
credentials or whatever, but then you have to store /that/ password
somewhere. You just can't win. It's not worth it.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxbSd9CaO5/Lv0PARAqpGAKCtF/DLUaEYdEM0JYr9pOZu94zo3gCeJ4cb
pWt1fKBL21NW8BggZnJpRzM=
=2W2i
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: utf-8 encoding problem

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe,

Joseph S wrote:
> Christopher Schultz wrote:
> 
>> Setting the encoding of the response is sometimes necessary when the
>> browser (stupidly, IMO) elects not to send the charset being used to the
>> server.
>>
> It isn't the browser's fault, its the spec's fault. See
> https://bugzilla.mozilla.org/show_bug.cgi?id=289060#c8

Certainly, the specification doesn't help in this regard. I'm
disappointed that things like this never get fixed in specifications.
This question comes up all the time, and the solution is almost always
to simply pick a charset and use it all the time, without question. But
that's messy, and doesn't allow the client to make any choices about
character encoding, etc. :(

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxbRM9CaO5/Lv0PARAuqDAJ9rbnlgMeJe5NjCLyWzj1S53EAxHgCdExsx
CYVYrMDRFMhDpxUoXMFRpPg=
=lW9w
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JDBC connection issue

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gregor,

Gregor Schneider wrote:
> Chuck,
> 
> then the docs are quite misleading.

Nope. Read them again.

> 
> When a request to load a class
> from the web application's WebappX class loader is processed, this
> class loader will look in the local repositories first, instead of
> delegating before looking.
> 

That's exactly what Chuck said. The webapp's classloader tries to load
the webapp's classes first, then delegates if they cannot be found. The
exceptions listed are not very relevant, since nobody ever really tries
to override java.* classes in the first place. The only complication
comes when things like XML parsers are thrown into the mix, which has
always been a headache.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxbKd9CaO5/Lv0PARAvbRAJ9HxP5V/1TouQHgCgMYDnsJWawOBACeMbS/
SuZbZcmeVsXC/gK5p0uiApY=
=JHGc
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: utf-8 encoding problem

[Joseph S]

Christopher Schultz wrote:


Setting the encoding of the response is sometimes necessary when the
browser (stupidly, IMO) elects not to send the charset being used to the
server.

It isn't the browser's fault, its the spec's fault. See 
https://bugzilla.mozilla.org/show_bug.cgi?id=289060#c8


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Matt,

Matthew Kerle wrote:
> I'm changing jobs soon and the new company uses JBoss (:-<), so
> it may take a while to convince them how good tomcat is ;-p!

IIRC, JBoss used to use Tomcat as its servlet container. Maybe that's no
longer the case.

> But I'm a
> big believer in FOSS & the community, so I'd love the chance to
> contribute something to the tomcat docs, especially if it makes life
> easier for other hackers like me...

JBoss counts as FOSS, right?

> thanks! that's just the pointer I need. Question but, if the war is
> outside the auto-deploy'ing webapps dir, then how do you auto-deploy new
> wars?

You can't. That's one of the prices you pay for playing outside the
rules. I don't believe you can, for instance, use the manager app to
deploy a WAR along with a separate context.xml file.

> do you have to use the manager app, or the command-line interface?

You have to do it entirely yourself. You'll have to check, but it's
possible that Tomcat won't even do auto-redeploy if you update the WAR.
There's been a long thread about the (separate) context.xml file being
deleted during auto-deploy of outside WAR files (if I understand the
thread, which I'm not really following). You might want to read through
that for more information.

> have you ever used OC4J?

Nope. I've been off Oracle since they stopped shipping the JDBC driver
as a ZIP file ;)

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxbFO9CaO5/Lv0PARAvBWAJ9Gw9wL/mH7ClHJdoO1Iz1MTfkFqwCfQm5Y
AChHAHzvEH/u+7DOF6G0FDI=
=p6HC
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: context.xml not being copied across on deployment

[Caldarale, Charles R]

> From: Emsley, I (Iain) [mailto:[EMAIL PROTECTED] 
> Subject: context.xml not being copied across on deployment
> 
> When I check the xml files in
> \apache-tomcat-5.5.17\conf\Catalina\localhost, I'm still getting the
> context for Hypersonic rather than MySQL. 

A  element in conf/Catalina/[host]/[app].xml will override the
one in the webapps's META-INF/context.xml file.  Try removing the
conf/Catalina/[host]/[app].xml file first, either as part of your
deployment script or manually.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Register url in ROOT application

[Caldarale, Charles R]

> From: Thomas Kwan (eTechFocus) [mailto:[EMAIL PROTECTED] 
> Subject: Re: Register url in ROOT application
> 
> I want to be able to register a servlet in the ROOT application
> that will handle request to "/app1". Note that the name space
> "/app1" is already taken up by my "app1" application.

I don't see any direct way to do this.  There are a couple of indirect
mechanisms that should work, but both depend on using something other
than "app1" under ROOT; we'll use "app1r" in the following:

1) Put a welcome page in the app1 webapp that redirects to /app1r; this
exposes the renaming to the client, which may be undesirable.

2) Use a filter in the app1 webapp that forwards the request to /app1r;
this requires enabling cross-context, which should not be a problem.

3) Use a valve at the  level to forward the request to /app1r;
this would be Tomcat-specific, but would avoid changes to app1.

If you are front-ending Tomcat with httpd, I think you could also use
URL rewriting in httpd to get the request to go where you want it.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

context.xml not being copied across on deployment

[Emsley, I (Iain)]

Dear Tomcat users, 
 
I'm very new to the Tomcat application and am trying to understand why
my context files are being ignored on deployment. I've had a search in
the mailing archives and read (and tried) the documentation on the
Tomcat site. 
 
I'm trying to get a calendaring system (which also uses Ant) to load its
applications from C:\foo\apache-tomcat-5.5.17\webapps. I've set  a build
file at c:\docs and settings\userid\foo.build.properties which links to
a foo.properties and foo.options.xml. These point to the context.xml
file in catalina home\web apps\META-INF\context.xml (I've posted one the
lines for the tomcat context:
org.bedework.app.Events.tomcat.context.xml=/META-INF/context.xml).
 
When I start Tomcat, the WAR files in webapps are deployed but the
context.xml files are ignored (they are required as I'm changing the
database from Hypersonic to MySQL). 
 
When I check the xml files in
\apache-tomcat-5.5.17\conf\Catalina\localhost, I'm still getting the
context for Hypersonic rather than MySQL. 
 
It appears that the WAR files are being copied in whole whilst my update
is being ignored. I would be grateful for some pointers as to what else
I can try to solve this issue and to learn from it for the future.
 
Many thanks, 
 
Iain
 
Iain Emsley
 

Encoding question

[Russo, Joe]

Just curious why it requires a filter to be used to set character
encoding when it is set at the app server and form level as UTF8?  What
I noticed is it gets translated incorrectly from the form to the
servlet.  Is that correct?  Is it a low level API that causes this?

Thanks,

Joe

Re: Error in Tomcat Installation.

[Hassan Schroeder]

On 8/17/07, David Delbecq <[EMAIL PROTECTED]> wrote:

> 2) download a more recent tomcat (5.0.28 is 3 years old release)

I can confirm that the jsvc packaged with 5.5.23 configures and
builds on a x86_64 SuSE 10.0 system.

HTH,
-- 
Hassan Schroeder  [EMAIL PROTECTED]

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat on FreeBSD

[Arend P. van der Veen]

Hi,

I have installed Tomcat 5.5.23_1 on FreeBSD 6.2.  I have used Servlets a 
lot in the past but have not used ant.  I am now trying to get this 
development environment to work.  Following the basic portinstall of 
Tomcat on FreeBSD I did the following:


1.  sudo cp /usr/local/tomcat5.5/server/lib/catalina-ant.jar 
/usr/local/share/java/apache-ant/lib


2.  Made a sample project

3.  set manager url in build.xml
http://localhost:8180/manager"/>

4.  Chnage permissions in tomcat

cd /usr/local/tomcat5.5]
sudo chown -R www webapps

Once this was done I was able to compile the project and install it using:

ant
ant install

I did notice that it created a new directory in webapps with the new 
application.  So far so good.  If I try to install it again I get an 
error stating that it is already installed.  Again, so far so good.


The problem that I have is if I make changes to the project and reload 
the application using


ant reload

I get the following output:
reload:
   [reload] OK - Reloaded application at context path /hello

This looks ok.  However, when I run it, the changes to the project do 
not show up.  If I look into the directory under webapps, the changes 
have not been moved over.  I have to manually copy the contents from my 
build to webapps under tomcat.


What I am doing wrong.  I am sure that it is someting simple but do not 
seem to figure it out.


Thanks,
Arend



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

exception when running tomcat 5.5.23

[Boris Shulman]

Hi I'm getting the following exception in tomcat 5.5.23:
Aug 17, 2007 3:31:20 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error finishing request
java.lang.ArrayIndexOutOfBoundsException: -45
at
org.apache.coyote.http11.filters.ChunkedInputFilter.parseChunkHeader(ChunkedInputFilter.java:257)
at
org.apache.coyote.http11.filters.ChunkedInputFilter.doRead(ChunkedInputFilter.java:130)
at
org.apache.coyote.http11.filters.ChunkedInputFilter.end(ChunkedInputFilter.java:180)
at
org.apache.coyote.http11.InternalInputBuffer.endRequest(InternalInputBuffer.java:369)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:895)
at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
at java.lang.Thread.run(Thread.java:595)

In this request I transfer binary data inside the request/response
any ideas?
-- 
View this message in context: 
http://www.nabble.com/exception-when-running-tomcat-5.5.23-tf4285807.html#a12199988
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: utf-8 encoding problem

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mark and Joe,

Mark Thomas wrote:
> Joseph Shraibman wrote:
>> Mark Thomas wrote:
>>
>>>request.setCharacterEncoding("UTF-8");
>>
>> Is this always safe?  For responses I can (and do) check the
>> accept-charset request [header], but I can't figure out how to tell
>> what the request encoding should be.

Don't forget that Accept-Charset has nothing to do with the request:
it's all about the list of charsets that are acceptable for the
/response/ to the current request.

Setting the encoding of the response is sometimes necessary when the
browser (stupidly, IMO) elects not to send the charset being used to the
server.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGxab+9CaO5/Lv0PARAhAbAJ0XIzeqDmgiKPqMhQLNSdkJJpgomACfTnZa
ZK1KZN1hgbzoPmUdFWnI29o=
=4CGT
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12

[ian . blenk]

Thanks for all your advice,

Problem sorted now.

I moved the ojdbc14.jar into common/lib only, and set-up a context in the 
appname/META-INF/contex.xml. Tomcat still 
wouldn't start after renaming ResourceParams to Resource even after I had 
validated the xml with an xml validator 
tool. In the end I stripped out the context.xml file and retyped everything 
rather than copy and paste the context 
from server.xml. And it now works, I'm guesing the last step was that there was 
something up / hidden with the file 
type encoding utf-8.

Thanks

Ian


Hi Ian.

ojdbc14.jar needs to ONLY be in common/lib.  It won't work in 
myapp/WEB-INF/lib and won't work if you have the jar in both places.

Additionally you should take a look at the JDBC howto docs regarding 
what your  config in your myapp/META-INF/context.xml or 
conf/Catalina/localhost/myapp.xml should look like:

http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html#Oracle%208i%20with%20OCI%20client

My only editorial comment on the page is to NOT place your 
 or  definition in server.xml as recommended 
on the page.  Place it in context.xml or myapp.xml as I describe above.

--David

[EMAIL PROTECTED] wrote:

>Thanks for your advice so far
>
>I've upgraded to the latest Oracle ojdbc14.jar and placed it the 
>myapp\WEB-INF\lib folder, I also tried it the 
>Tomcat\common\lib for for good measure but still got the same results. I'll 
>continue to use ojdbc14.jar from now 
>though.
>
>I've change the ResourceParams name to just Resource name but this causes 
>Tomcat not to startup, the logs show the 
>following trace...
>
>*** Excerpt Tomcat 5.5.12 logs ***
>16-Aug-2007 16:08:32 org.apache.tomcat.util.digester.Digester endElement
>SEVERE: End event threw exception
>java.lang.reflect.InvocationTargetException
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at 
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>*** end ***
>
>Does this mean it's now reading the   element. ?
>
>Thanks
>
>Ian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

mod_jk, Tomcat, Session, Servlets & Portlets

[Benny Bräuer]

Hi,

I've written a webapp for a portlet container. Within this webapp /
the portlet I can call a link to a servlet. The servlet gets the
session from the portlet container (resp. Tomcat) and do its work.
(Session-sharing between portlets and servlets is working)

This works great when I use the direct adress of tomcat, like
http://foo.bar.com:8080/MyServlet?para=foobar

On our systems we are using Apache 2.0 and mod_jk (1.2.23 to 25). This
made no problems with any sessions until now / that case. If I call
the servlet with the address
http://www.foobar.com/MyServlet?para=foobar I correctly get an
exception from the servlet because of non-existing HttpSession.

I think the session is bound to an url. Is there an possibility to
bind the session to www.foobar.com (or has anyone another idea to
solve my problem). I would appreciate any help.

-- 
Cheers,
Benny

Benny Bräuer
C3-Grid Developing @ Computing and Data Centre
Alfred-Wegener-Institute for polar and marine research
27570 Bremerhaven, Germany
--
"Do your work, then step back.
The only path to serenity."
 ~Lao Tzu - The Tao Te Ching

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Error in Tomcat Installation.

[David Delbecq]

1) use another achitecture (x86 instead of x86_64)
2) download a more recent tomcat (5.0.28 is 3 years old release)
3) download a more recent jsvc (http://commons.apache.org/daemon/jsvc.html)
to your choice
En l'instant précis du 17/08/07 12:10, Potri Raaja s'exprimait en ces
termes:
> Hi ,
>
> I tried to install jakarta-tomcat-5.0.28 in Suse Linux Enterprise Server
> 10 and when I run the command 
>
>   /usr/java/jakarta-tomcat-5.0.28/bin/jsvc-src # ./configure 
>
> I am getting the following error :
>
> *** Current host ***
> checking build system type... x86_64-unknown-linux-gnu
> checking host system type... x86_64-unknown-linux-gnu
> checking cached host system type... ok
> *** C-Language compilation tools ***
> checking for gcc... gcc
> checking for C compiler default output... a.out
> checking whether the C compiler works... yes
> checking whether we are cross compiling... no
> checking for suffix of executables... 
> checking for suffix of object files... o
> checking whether we are using the GNU C compiler... yes
> checking whether gcc accepts -g... yes
> checking for gcc option to accept ANSI C... none needed
> checking for ranlib... ranlib
> *** Java compilation tools ***
> checking for javac... /usr/java/j2sdk1.4.2_15/bin/javac
> checking wether the Java compiler (/usr/java/j2sdk1.4.2_15/bin/javac)
> works... yes
> checking for jar... /usr/java/j2sdk1.4.2_15/bin/jar
> *** Host support ***
> checking C flags dependant on host system type... failed
> configure: error: Unsupported CPU architecture "x86_64"
>
>  Can you please suggest how to solve this issue.
>
> Regards,
> Potri Raaja.M.
>
>   


-- 
http://www.noooxml.org/


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Error in Tomcat Installation.

[Potri Raaja]

Hi ,

I tried to install jakarta-tomcat-5.0.28 in Suse Linux Enterprise Server
10 and when I run the command 

  /usr/java/jakarta-tomcat-5.0.28/bin/jsvc-src # ./configure 

I am getting the following error :

*** Current host ***
checking build system type... x86_64-unknown-linux-gnu
checking host system type... x86_64-unknown-linux-gnu
checking cached host system type... ok
*** C-Language compilation tools ***
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables... 
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for ranlib... ranlib
*** Java compilation tools ***
checking for javac... /usr/java/j2sdk1.4.2_15/bin/javac
checking wether the Java compiler (/usr/java/j2sdk1.4.2_15/bin/javac)
works... yes
checking for jar... /usr/java/j2sdk1.4.2_15/bin/jar
*** Host support ***
checking C flags dependant on host system type... failed
configure: error: Unsupported CPU architecture "x86_64"

 Can you please suggest how to solve this issue.

Regards,
Potri Raaja.M.

-- 
View this message in context: 
http://www.nabble.com/Error-in-Tomcat-Installation.-tf4284872.html#a12197177
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Resource Security

[David Smith]

Nope.

You could write your own db pool init code in a ServletContextListener 
and then do anything you want as far as how to store the pool 
configuration if you really need to encrypt the password.  The standard 
tomcat configuration files don't offer any facility for encrypting 
passwords though.


--David

Andrew Hole wrote:

Is it possible encrypt password on Resource setup?



Thanks
Andew

  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Installing APR on Fedora

[Rainer Jung]

If I remember that correctly:

- if you include it in LD_LIBRARY_PATH, the JVM will add it to 
java.library.path automatically
- if you only add it to java.library.path, it will not be enough for the 
runtime linker to find the tcnative dependencies apr and openssl


Anyone: correct me if I'm wrong.

Markus Schiegl wrote:

another way could be passing "-Djava.library.path=/usr/local/apr/lib" to
tomcat using CATALINA_OPTS for example.

@all: any drawbacks doing it this way?

kind regards,
   Markus

Ole Ersoy wrote:

Ooooh - OK - That makes a lot of sense :-)  Sweet - It looks like it's
humming real well now, except for a few SSL complaints, but I should be
able to bang those out.

Thanks a gazillion Filip, Rainer, Stephen, Lakshmi, and Hassan.  You
gracious help enabled me to keep my last hair :-)

- Ole

Filip Hanik - Dev Lists wrote:

ok, in your catalina.sh script you will need to do

export LD_LIBRARY_PATH=/usr/local/apr/lib:$LD_LIBRARY_PATH

the file it finds is the correct one.

the CLASSPATH variable only applies to java libraries, this is a
native C library.

Filip


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: utf-8 encoding problem

[Ronald Klop]

Most browsers will encode the request the same as the page it came from. This 
is true for POST variables. I'm not sure about GET query variables.

In the past I found some websites explaining this hidden feature, but don't 
have the time to search again.

Ronald.

On Thu Aug 16 20:25:18 CEST 2007 Tomcat Users List  
wrote:

Mark Thomas wrote:

> request.setCharacterEncoding("UTF-8");

Is this always safe? For responses I can (and do) check the 
accept-charset request paramater, but I can't figure out how to tell 
what the request encoding should be.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JDBC connection issue

[Gregor Schneider]

Chuck,

then the docs are quite misleading.

In the 5.5-docs
(http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html) is
said:


n a J2SE 2 (that is, J2SE 1.2 or later) environment, class loaders are
arranged in a parent-child tree. Normally, when a class loader is
asked to load a particular class or resource, it delegates the request
to a parent class loader first, and then looks in its own repositories
only if the parent class loader(s) cannot find the requested class or
resource. The model for web application class loaders differs slightly
from this, as discussed below, but the main principles are the same.


Then, when you scroll down to almost the end of the page, it is said:


As mentioned above, the web application class loader diverges from the
default Java 2 delegation model (in accordance with the
recommendations in the Servlet Specification, version 2.3, section
9.7.2 Web Application Classloader). When a request to load a class
from the web application's WebappX class loader is processed, this
class loader will look in the local repositories first, instead of
delegating before looking. There are exceptions. Classes which are
part of the JRE base classes cannot be overriden. For some classes
(such as the XML parser components in J2SE 1.4+), the J2SE 1.4
endorsed feature can be used (see the common classloader definition
above). Last, any JAR containing servlet API classes will be ignored
by the classloader. All other class loaders in Tomcat 5 follow the
usual delegation pattern.


Well, I wouldn't call this behaviour "slighty different" from the
default Java-behaviour - it least I just now got caught in that trap.

Cheers

Gregor
-- 
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Resource Security

[Andrew Hole]

Is it possible encrypt password on Resource setup?



Thanks
Andew

standard valve / errors handling

[David Delbecq]

Hello,

it is my understanding that tomcat uses a valve to detect Throwables
from webapp and redirect to error page. However, in some case, it seems
impossible to redirect to error page:

68937425 [http-8081-Processor14] ERROR
StandardWrapper[/intranet:webdav]  - Servlet.service() for servlet
webdav threw exception
java.lang.NullPointerException
Aug 17, 2007 9:11:36 AM org.apache.catalina.core.StandardHostValve custom
SEVERE: Exception Processing
ErrorPage[exceptionType=java.lang.Exception, location=/jsp/error.jsp]
java.lang.IllegalStateException
at org.apache.coyote.Response.reset(Response.java:296)
at org.apache.catalina.connector.Response.reset(Response.java:642)
at org.apache.catalina.connector.Response.reset(Response.java:908)
at
org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:355)
at
org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:211)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:134)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:738)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:534)

Problem: because of the valve problem, my jsp is not called. This jsp is
supposed to handle displaying of this NullPointerException's
stacktrace(). Is there a way to configure the standard valve so that is
dumps the stacktrace in tomcat log?

Thank you.


-- 
http://www.noooxml.org/


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]