Re: SSL port number

2007-08-20 Thread Stephen Caine 

Markus,


Stephen Caine wrote:


A simple way to restart Tomcat from a non-root user would be nice.


Interesting wish.  A non-root user with the right to control my  
system services is approximately the last thing I would want to see.


Well, if you can set a 'user' option for startup, why not shutdown?

Stephen

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Running MINA inside Tomcat causing problems.

2007-08-20 Thread satish viswanatham 
Hi

This undeploy does not happen during startup. It happens after receiving few
TCP and UDP messages.

Now the app gets un-deployed and does not get re-deployed. No additional
information was provided why the app got un-deployed.

I want to know the root cause of why the app being un-deployed?

thanks
Satish

On 8/20/07, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
>
> does the undeploy happen during startup? or after running for a while?
>
> if it is during runtime, you can disable the host autoDeploy
>
> 
>
> Filip
>
> satish viswanatham wrote:
> > Is there way to log more details about  why HostConfig checkResources
> was
> > called? On an exception or some other problem?
> >
> > Aug 20, 2007 1:24:54 PM
> org.apache.catalina.startup.HostConfigcheckResources
> >
> >> INFO: Undeploying context [/tester]
> >>
> >
> > thanks
> > Satish
> >
> > On 8/20/07, satish viswanatham <[EMAIL PROTECTED]> wrote:
> >
> >> Hi Filip,
> >>
> >> Thank you for a quick response.  I do have reloadable="false" in my
> >> context.
> >>
> >> I do not see web.xml's time stamp changing.
> >>
> >> thanks
> >> Satish
> >>
> >> On 8/20/07, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
> >>
> >>> make sure your turn reloadable="false" for your context,
> >>> and make sure nothing modifies the timestamp of WEB-INF/web.xml
> >>>
> >>> Filip
> >>>
> >>> satish viswanatham wrote:
> >>>
>  Hi
> 
>  I have a Servlet- which start TCP and UDP MINA servers. After
> 
> >>> receiving few
> >>>
>  packets on the server - the servlet gets un-deployed. Not java stack
> 
> >>> trace
> >>>
>  or details were available in the logs. Is there is a way to debug
> 
> >>> this? The
> >>>
>  code runs fine outside Tomcat.  I think MINA uses Sl4J and I made
> sure
> 
> >>> I
> >>>
>  have commons-logging.jar, log4j.jar and sl4j-log4j12-1.3.1.jar. I am
> 
> >>> using
> >>>
>  Tomcat 5.5.12. Which version of log4j does Tomcat 5.5.12 use? I tried
> 
> >>> with
> >>>
>  both Apache MINA 1.1 and 1.0. It has the same issue. I have just this
> 
> >>> web
> >>>
>  app deployed on tomcat.
> 
>  Please let me know, if you have suggestions.
> 
>  thanks
> 
>  Aug 20, 2007 1:24:54 PM
> 
> >>> org.apache.catalina.startup.HostConfigcheckResources
> >>>
>  INFO: Undeploying context [/tester]
> 
> 
>  Aug 20, 2007 1:26:41 PM
> 
> >>> org.apache.catalina.loader.WebappClassLoaderloadClass
> >>>
>  INFO: Illegal access: this web application instance has been stopped
>  already.  Could not load
> 
> org.apache.mina.transport.socket.nio.support.DatagramConnectorDelegate
> 
> >>> .  The
> >>>
>  eventual following stack trace is caused by an error thrown for
> 
> >>> debugging
> >>>
>  purposes as well as to attempt to terminate the thread which caused
> 
> >>> the
> >>>
>  illegal access, and has no functional impact.
>  Aug 20, 2007 1:26:41 PM
> 
> >>> org.apache.catalina.loader.WebappClassLoaderloadClass
> >>>
>  INFO: Illegal access: this web application instance has been stopped
>  already.  Could not load org.apache.log4j.spi.ThrowableInformation
> 
> >>> .  The
> >>>
>  eventual following stack trace is caused by an error thrown for
> 
> >>> debugging
> >>>
>  purposes as well as to attempt to terminate the thread which caused
> 
> >>> the
> >>>
>  illegal access, and has no functional impact.
>  Aug 20, 2007 1:26:41 PM
> 
> >>> org.apache.catalina.loader.WebappClassLoaderloadClass
> >>>
>  INFO: Illegal access: this web application instance has been stopped
>  already.  Could not load org.apache.log4j.spi.ThrowableInformation
> 
> >>> .  The
> >>>
>  eventual following stack trace is caused by an error thrown for
> 
> >>> debugging
> >>>
>  purposes as well as to attempt to terminate the thread which caused
> 
> >>> the
> >>>
>  illegal access, and has no functional impact.
> 
> 
> 
> 
> >>>
> 
> >>>
>  No virus found in this incoming message.
>  Checked by AVG Free Edition.
>  Version: 7.5.484 / Virus Database: 269.12.0/961 - Release Date:
> 
> >>> 8/19/2007 7:27 AM
> >>>
> >>> -
> >>> To start a new topic, e-mail: users@tomcat.apache.org
> >>> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>> For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>>
> >
> >
> > 
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.484 / Virus Database: 269.12.0/961 - Release Date:
> 8/19/2007 7:27 AM
> >
>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-m

Re: SSL on Windows Vista with Tomcat 5.0.28 not working

2007-08-20 Thread Brian Munroe 
On 8/20/07, Brian Munroe <[EMAIL PROTECTED]> wrote:

>
> There might be some security settings you may need to tweak.  What
> those are, I have no Idea.
>

Or after a Google search, because I was curious, IE7 doesn't like SHA-1:

http://blogs.atlassian.com/developer/2007/06/ie7_on_vista_and_ssl.html

-- brian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Very Slow Startup with APR

2007-08-20 Thread Adrian Sutton 

Hi all,
I've been setting up Tomcat 5.5, with Java 5 on a Debian Etch server  
with a lot of success and just one problem - Tomcat seems to take a  
long time to load. I think the problem started when I installed APR/ 
tomcat native and enabled SSL through it but it's hard to pin point  
because the whole setup came together largely at once (it's a brand  
new server).


At one point the start up time was well under 10 seconds and it's now  
blown out to 5-15 minutes - but it does eventually come up. The last  
message in the log before the long delay is:

Aug 20, 2007 3:08:56 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080

Once it starts the full startup logs look like:
Aug 20, 2007 3:08:56 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Aug 20, 2007 3:22:17 PM org.apache.coyote.http11.Http11AprProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
Aug 20, 2007 3:22:17 PM org.apache.coyote.ajp.AjpAprProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
Aug 20, 2007 3:22:17 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 804697 ms
Aug 20, 2007 3:22:18 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Aug 20, 2007 3:22:18 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5
Aug 20, 2007 3:22:18 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Aug 20, 2007 3:22:31 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
Aug 20, 2007 3:22:31 PM org.apache.coyote.http11.Http11AprProtocol start
INFO: Starting Coyote HTTP/1.1 on http-8443
Aug 20, 2007 3:22:32 PM org.apache.coyote.ajp.AjpAprProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
Aug 20, 2007 3:22:32 PM org.apache.catalina.storeconfig.StoreLoader load
INFO: Find registry server-registry.xml at classpath resource
Aug 20, 2007 3:22:32 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 14410 ms

Once it starts everything works fine and goes fast. Any pointers for  
how to track down the cause would be greatly appreciated.


Thanks,

Adrian Sutton
http://www.symphonious.net




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: AJP talking TLS or SSL

2007-08-20 Thread Brian Munroe 
On 8/20/07, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:

> autossh, but that would fall under your tunneling category.
> I think those are only options, I can't think of anything else

yep, unfortunately.  Thanks anyways.

I will probably just end up using IPSec.

-- brian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Can we use output/extras/tomcat-juli.jar by default?

2007-08-20 Thread Mark Thomas 
Matthew Kerle wrote:
> ok, found the following:
> http://issues.apache.org/bugzilla/show_bug.cgi?id=26372
> &
> http://issues.apache.org/bugzilla/show_bug.cgi?id=27371 (depended-on)
> 
> is that the one you mean?

This wasn't one of the ones I was thinking of.

> we use commons-logging so we've never encountered any of these issues,
> but now I know a good reason not to use log4j on tomcat, thanks!

Of commons-logging and log4j, my impression (haven't counted the bugs)
is that (mis)-use of commons-logging has caused more memory leak
issues than log4j on its own.

Mark


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: AJP talking TLS or SSL

2007-08-20 Thread Filip Hanik - Dev Lists 

Brian Munroe wrote:

I am well aware after STW that the 2 best suggestions for securing
traffic between Apache httpd and Tomcat over AJP (either using
mod_jk_proxy or mod_jk), is:

1.  Use either IPSec, stunnel, etc.

2.  Don't use AJP and proxy https between Tomcat and Apache.

Any other options?  I'd really like to encrypt AJP traffic out of the box...
  

autossh, but that would fall under your tunneling category.
I think those are only options, I can't think of anything else

thanks

-- brian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Running MINA inside Tomcat causing problems.

2007-08-20 Thread Filip Hanik - Dev Lists 

does the undeploy happen during startup? or after running for a while?

if it is during runtime, you can disable the host autoDeploy



Filip

satish viswanatham wrote:

Is there way to log more details about  why HostConfig checkResources was
called? On an exception or some other problem?

Aug 20, 2007 1:24:54 PM org.apache.catalina.startup.HostConfigcheckResources
  

INFO: Undeploying context [/tester]



thanks
Satish

On 8/20/07, satish viswanatham <[EMAIL PROTECTED]> wrote:
  

Hi Filip,

Thank you for a quick response.  I do have reloadable="false" in my
context.

I do not see web.xml's time stamp changing.

thanks
Satish

On 8/20/07, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:


make sure your turn reloadable="false" for your context,
and make sure nothing modifies the timestamp of WEB-INF/web.xml

Filip

satish viswanatham wrote:
  

Hi

I have a Servlet- which start TCP and UDP MINA servers. After


receiving few
  

packets on the server - the servlet gets un-deployed. Not java stack


trace
  

or details were available in the logs. Is there is a way to debug


this? The
  

code runs fine outside Tomcat.  I think MINA uses Sl4J and I made sure


I
  

have commons-logging.jar, log4j.jar and sl4j-log4j12-1.3.1.jar. I am


using
  

Tomcat 5.5.12. Which version of log4j does Tomcat 5.5.12 use? I tried


with
  

both Apache MINA 1.1 and 1.0. It has the same issue. I have just this


web
  

app deployed on tomcat.

Please let me know, if you have suggestions.

thanks

Aug 20, 2007 1:24:54 PM


org.apache.catalina.startup.HostConfigcheckResources
  

INFO: Undeploying context [/tester]


Aug 20, 2007 1:26:41 PM


org.apache.catalina.loader.WebappClassLoaderloadClass
  

INFO: Illegal access: this web application instance has been stopped
already.  Could not load
org.apache.mina.transport.socket.nio.support.DatagramConnectorDelegate


.  The
  

eventual following stack trace is caused by an error thrown for


debugging
  

purposes as well as to attempt to terminate the thread which caused


the
  

illegal access, and has no functional impact.
Aug 20, 2007 1:26:41 PM


org.apache.catalina.loader.WebappClassLoaderloadClass
  

INFO: Illegal access: this web application instance has been stopped
already.  Could not load org.apache.log4j.spi.ThrowableInformation


.  The
  

eventual following stack trace is caused by an error thrown for


debugging
  

purposes as well as to attempt to terminate the thread which caused


the
  

illegal access, and has no functional impact.
Aug 20, 2007 1:26:41 PM


org.apache.catalina.loader.WebappClassLoaderloadClass
  

INFO: Illegal access: this web application instance has been stopped
already.  Could not load org.apache.log4j.spi.ThrowableInformation


.  The
  

eventual following stack trace is caused by an error thrown for


debugging
  

purposes as well as to attempt to terminate the thread which caused


the
  

illegal access, and has no functional impact.






  

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.484 / Virus Database: 269.12.0/961 - Release Date:


8/19/2007 7:27 AM
  
-

To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


  


  



No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.484 / Virus Database: 269.12.0/961 - Release Date: 8/19/2007 7:27 AM
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RES: Resource Security

2007-08-20 Thread Mark Thomas 
Milanez, Marcus wrote:
Should I always assume that the resources that my application access
(like a database for example) doesn't need additional security,
because it is hosted in a server, and if this so called server was
attacked them worse things could actually happen?
Generally I would expect worse things to happen if the database server
was compromised compared to just a single account. Of course, it
depends which account.

In this case, should I assume as a developer (not as a system admin),
that my network is safe, that my web server is safe?
You can't look at the individual components. You have to look at the
system as a whole. Security is always a trade-off. The right
trade-offs will vary from system to system.

In terms of security, is it right to delegate a web system
administrator the right to know my application's database user and
password?
Again, it is a trade-off. What are the risks of them knowing the
password vs. them not knowing? Is it practical to keep it from them?
My own $0.02 would be that you can keep the DBA password from them but
the password the system uses would be very hard to keep from them. If
you really don't trust them with it then you are either very paranoid
or you should be thinking about terminating their employment.

I know that security recommendations in database side tells us that an
application users should only have access to what they need, in terms
of commands, tables and so on, but again, should I always assume that
as a developer?
It will vary from organisation to organisation but I would expect the
system developers to provide a set of scripts to create the necessary
database objects and the DBA to review them to ensure they are
appropriate, including minimal permissions.

> In my point of view, I think my application server should take care of all 
> these issues for me...
The app server can't do you security assessment for you. If you find
one that can, let me know ;)

In fact my only suggestion is: My app. Server should ask for a 'key'
(besides the manager password) whenever I install a new application.
This key could be used to encrypt all my application files, preventing
anyone to open them. I know there are issues like 'Where should this
key be stored?', 'Who should type this key ?' and I know that, but I
can't find a good answer... I'm just exposing some ideas.
There is no easy solution to this (that I can think of)


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL on Windows Vista with Tomcat 5.0.28 not working

2007-08-20 Thread Brian Munroe 
On 8/20/07, Mark Thomas <[EMAIL PROTECTED]> wrote:

> Looks like time to start looking at the network traffic to figure out
> what is going wrong.
>

Either that, or my guess is Vista is being "helpful" and not allowing
sites with self-signed or untrusted SSL certificates to pass through
to the user.

There might be some security settings you may need to tweak.  What
those are, I have no Idea.

-- brian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

AJP talking TLS or SSL

2007-08-20 Thread Brian Munroe 
I am well aware after STW that the 2 best suggestions for securing
traffic between Apache httpd and Tomcat over AJP (either using
mod_jk_proxy or mod_jk), is:

1.  Use either IPSec, stunnel, etc.

2.  Don't use AJP and proxy https between Tomcat and Apache.

Any other options?  I'd really like to encrypt AJP traffic out of the box...

thanks

-- brian

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL on Windows Vista with Tomcat 5.0.28 not working

2007-08-20 Thread Mark Thomas 
David Roberts wrote:
> Anyone know how I can allow Internet Explorer on Windows Vista to see an SSL 
> based webapp, running on Tomcat 5.0.28 with j2sdk1.4.2_06, when using your 
> own certificate?

Looks like time to start looking at the network traffic to figure out
what is going wrong.

Mark

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL port number

2007-08-20 Thread Markus Schönhaber 
Stephen Caine wrote:

> A simple way to restart Tomcat from a non-root user would be nice.

Interesting wish.
A non-root user with the right to control my system services is
approximately the last thing I would want to see.

Regards
  mks

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Can we use output/extras/tomcat-juli.jar by default?

2007-08-20 Thread fredk2 

Hi,

If I understand Filip's answer correctly... the difference between the
default tomcat-juli.jar and the output/extras/tomcat-juli.jar is that the
first one is some glue code that hardcodes commons-logging to  work only
with java.util.logging and the second supports the "complete"
commons-logging - therefore also log4j.

So am I correct to think that it does not hurt to have the "extras"
tomcat-juli.jar and tomcat-juli-adapters.jar in the ${catalina.home}/lib,
without log4j.jar, and still successfully log by configuring a j.u.l 
${catalina.base}/conf/logging.properties ?

Bill's comment is an interesting one. I remember seeing somewhere (tomcat
docs?) a warning against app reloading; that doing so was a memory leak soon
or later.

Many Thanks - Fred

fredk2 wrote:
> Hi,
>
> To use log4j the documentation
> http://tomcat.apache.org/tomcat-6.0-doc/logging.html
> suggest that we need to:
>
> 1. Replace $CATALINA_HOME/bin/tomcat-juli.jar with the
> output/extras/tomcat-juli.jar.
>
> 2. Place output/extras/tomcat-juli-adapters.jar in $CATALINA_HOME/lib.
>
> What do these file do?  why are they extras and why not have them in the
> default build?
>   
they enable you to plug in commons-logging if you want to use that 
instead of java.util.logging

Filip
> In my quick basic tests I did not observe any difference in the logging
> behaviors when compared to the original tomcat-juli.jar. Can anyone
> explain
> how or when this would become a problem?
>
> Many Thanks - Fred
>   

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-- 
View this message in context: 
http://www.nabble.com/Can-we-use-output-extras-tomcat-juli.jar-by-default--tf4288716.html#a12245350
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Running MINA inside Tomcat causing problems.

2007-08-20 Thread satish viswanatham 
Is there way to log more details about  why HostConfig checkResources was
called? On an exception or some other problem?

Aug 20, 2007 1:24:54 PM org.apache.catalina.startup.HostConfigcheckResources
> INFO: Undeploying context [/tester]

thanks
Satish

On 8/20/07, satish viswanatham <[EMAIL PROTECTED]> wrote:
>
> Hi Filip,
>
> Thank you for a quick response.  I do have reloadable="false" in my
> context.
>
> I do not see web.xml's time stamp changing.
>
> thanks
> Satish
>
> On 8/20/07, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
> >
> > make sure your turn reloadable="false" for your context,
> > and make sure nothing modifies the timestamp of WEB-INF/web.xml
> >
> > Filip
> >
> > satish viswanatham wrote:
> > > Hi
> > >
> > > I have a Servlet- which start TCP and UDP MINA servers. After
> > receiving few
> > > packets on the server - the servlet gets un-deployed. Not java stack
> > trace
> > > or details were available in the logs. Is there is a way to debug
> > this? The
> > > code runs fine outside Tomcat.  I think MINA uses Sl4J and I made sure
> > I
> > > have commons-logging.jar, log4j.jar and sl4j-log4j12-1.3.1.jar. I am
> > using
> > > Tomcat 5.5.12. Which version of log4j does Tomcat 5.5.12 use? I tried
> > with
> > > both Apache MINA 1.1 and 1.0. It has the same issue. I have just this
> > web
> > > app deployed on tomcat.
> > >
> > > Please let me know, if you have suggestions.
> > >
> > > thanks
> > >
> > > Aug 20, 2007 1:24:54 PM
> > org.apache.catalina.startup.HostConfigcheckResources
> > > INFO: Undeploying context [/tester]
> > >
> > >
> > > Aug 20, 2007 1:26:41 PM
> > org.apache.catalina.loader.WebappClassLoaderloadClass
> > > INFO: Illegal access: this web application instance has been stopped
> > > already.  Could not load
> > > org.apache.mina.transport.socket.nio.support.DatagramConnectorDelegate
> > .  The
> > > eventual following stack trace is caused by an error thrown for
> > debugging
> > > purposes as well as to attempt to terminate the thread which caused
> > the
> > > illegal access, and has no functional impact.
> > > Aug 20, 2007 1:26:41 PM
> > org.apache.catalina.loader.WebappClassLoaderloadClass
> > > INFO: Illegal access: this web application instance has been stopped
> > > already.  Could not load org.apache.log4j.spi.ThrowableInformation
> > .  The
> > > eventual following stack trace is caused by an error thrown for
> > debugging
> > > purposes as well as to attempt to terminate the thread which caused
> > the
> > > illegal access, and has no functional impact.
> > > Aug 20, 2007 1:26:41 PM
> > org.apache.catalina.loader.WebappClassLoaderloadClass
> > > INFO: Illegal access: this web application instance has been stopped
> > > already.  Could not load org.apache.log4j.spi.ThrowableInformation
> > .  The
> > > eventual following stack trace is caused by an error thrown for
> > debugging
> > > purposes as well as to attempt to terminate the thread which caused
> > the
> > > illegal access, and has no functional impact.
> > >
> > >
> > >
> > 
> > >
> > > No virus found in this incoming message.
> > > Checked by AVG Free Edition.
> > > Version: 7.5.484 / Virus Database: 269.12.0/961 - Release Date:
> > 8/19/2007 7:27 AM
> > >
> >
> >
> > -
> > To start a new topic, e-mail: users@tomcat.apache.org
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>

Re: Does anyone have an approach to checking if Tomcat instance is UP?

2007-08-20 Thread Kim Albee 
Tracy,

The JSP does a call to a method in our app -- which if it runs, that means
the app is up and available -- the method does a simple query against the DB
and then returns a status of OK if the method runs through just fine.

In our example from this weekend -- the health.jsp (which is the one that
does this check) ran and returned a good result, but the main
index.jspreturned the 500 error with the OutOfMemory exception.  So
that is what is
confusing here.

thanks,
Kim :-)

On 8/20/07, Nelson, Tracy M. <[EMAIL PROTECTED]> wrote:
>
> How is your JSP checking your application?  Are you issuing a request to
> your app and checking the HTTP status?  If so, why isn't it recognizing
> the 500?  Or is the JSP in your application which is failing?
>
> | -Original Message-
> | From: Kim Albee [mailto:[EMAIL PROTECTED]
> | Sent: Monday, 20 August, 2007 09:48
> |
> | Repeatedly, that JSP will work, but the site is down because Tomcat
> hit an
> | OutOfMemory exception -- but our JSP (which is very small) still runs
> | through it's process and returns that everything is happy.  Our
> | application
> | is up, but the 500 error is an OutOFMemory exception.
> -
> 
> The information contained in this message is confidential
> proprietary property of Nelnet, Inc. and its affiliated
> companies (Nelnet) and is intended for the recipient only.
> Any reproduction, forwarding, or copying without the express
> permission of Nelnet is strictly prohibited. If you have
> received this communication in error, please notify us
> immediately by replying to this e-mail.
> 
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

Re: Does anyone have an approach to checking if Tomcat instance is UP?

2007-08-20 Thread Kim Albee 
Dan,

True enough, except then those queries would get held as a user session, and
we don't want that -- which is why we have a 'skinny' health.jsp that checks
our app -- and 'should' crash if there are any issues with tomcat or the
application -- but in this case, the main pages were getting out of memory
exceptions, but the skinny health.jsp was running just fine... which it
shouldn't be if there are failures in either Tomcat or the App.

We're using Application Monitor to monitor the app and tomcat JVM instances
as well as the health.jsp response.  But for the load balancer, which only
uses health.jsp, that's what needs to pick up the problem and report
accordingly so the load balancer will take that server out of the load
balanced cluster.

Kim :-)

On 8/20/07, Dan Armbrust <[EMAIL PROTECTED]> wrote:
>
> A simple cron job that points to a URL using lynx, and greps the
> output for what it should see will do the trick...
>
> Dan
>
> On 8/20/07, Kim Albee <[EMAIL PROTECTED]> wrote:
> > Hello --
> >
> > We have a load balanced situation, and we have a JSP that runs and
> checks
> > our application to ensure it's up and returns a string that the monitor
> app
> > is looking for if all is well.
> >
> > Repeatedly, that JSP will work, but the site is down because Tomcat hit
> an
> > OutOfMemory exception -- but our JSP (which is very small) still runs
> > through it's process and returns that everything is happy.  Our
> application
> > is up, but the 500 error is an OutOFMemory exception.
> >
> > We need a fool-proof way of knowing that the site is up or not,
> specifically
> > so the load balancer will know to stop routing traffic to a server when
> it's
> > down, and we can have people taking a look at what happened and bring
> the
> > server back online without loss of service from a user perspective.
> >
> > Any suggestions on how to accomplish this?
> >
> > thanks,
> > Kim :-)
> >
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

Re: Running MINA inside Tomcat causing problems.

2007-08-20 Thread satish viswanatham 
Hi Filip,

Thank you for a quick response.  I do have reloadable="false" in my context.


I do not see web.xml's time stamp changing.

thanks
Satish

On 8/20/07, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:
>
> make sure your turn reloadable="false" for your context,
> and make sure nothing modifies the timestamp of WEB-INF/web.xml
>
> Filip
>
> satish viswanatham wrote:
> > Hi
> >
> > I have a Servlet- which start TCP and UDP MINA servers. After receiving
> few
> > packets on the server - the servlet gets un-deployed. Not java stack
> trace
> > or details were available in the logs. Is there is a way to debug this?
> The
> > code runs fine outside Tomcat.  I think MINA uses Sl4J and I made sure I
> > have commons-logging.jar, log4j.jar and sl4j-log4j12-1.3.1.jar. I am
> using
> > Tomcat 5.5.12. Which version of log4j does Tomcat 5.5.12 use? I tried
> with
> > both Apache MINA 1.1 and 1.0. It has the same issue. I have just this
> web
> > app deployed on tomcat.
> >
> > Please let me know, if you have suggestions.
> >
> > thanks
> >
> > Aug 20, 2007 1:24:54 PM
> org.apache.catalina.startup.HostConfigcheckResources
> > INFO: Undeploying context [/tester]
> >
> >
> > Aug 20, 2007 1:26:41 PM
> org.apache.catalina.loader.WebappClassLoaderloadClass
> > INFO: Illegal access: this web application instance has been stopped
> > already.  Could not load
> > org.apache.mina.transport.socket.nio.support.DatagramConnectorDelegate
> .  The
> > eventual following stack trace is caused by an error thrown for
> debugging
> > purposes as well as to attempt to terminate the thread which caused the
> > illegal access, and has no functional impact.
> > Aug 20, 2007 1:26:41 PM
> org.apache.catalina.loader.WebappClassLoaderloadClass
> > INFO: Illegal access: this web application instance has been stopped
> > already.  Could not load org.apache.log4j.spi.ThrowableInformation.  The
> > eventual following stack trace is caused by an error thrown for
> debugging
> > purposes as well as to attempt to terminate the thread which caused the
> > illegal access, and has no functional impact.
> > Aug 20, 2007 1:26:41 PM
> org.apache.catalina.loader.WebappClassLoaderloadClass
> > INFO: Illegal access: this web application instance has been stopped
> > already.  Could not load org.apache.log4j.spi.ThrowableInformation.  The
> > eventual following stack trace is caused by an error thrown for
> debugging
> > purposes as well as to attempt to terminate the thread which caused the
> > illegal access, and has no functional impact.
> >
> >
> > 
> >
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.5.484 / Virus Database: 269.12.0/961 - Release Date:
> 8/19/2007 7:27 AM
> >
>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

Re: SSL port number

2007-08-20 Thread Stephen Caine 

Well, since you asked...

... or use jsvc which lets Tomcat drop privileges after binding to  
a privileged port and which is distributed with the Tomcat archives.



Did you use it?
did you like it?
We have no reason but the port to give the tomcat-user any  
privilege (even if only at booting); but i'm always interested in  
improving our installations


A simple way to restart Tomcat from a non-root user would be nice.

Stephen


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Joakim T Monstad is out of the office.

2007-08-20 Thread JMonstad 
I will be out of the office starting  08/20/2007 and will not return until
08/23/2007.

I will respond to your message when I return, but can be reached at 952 836
4385 (send a txt if possible, since I won't be able to answer many calls)

Re: Running MINA inside Tomcat causing problems.

2007-08-20 Thread Filip Hanik - Dev Lists 

make sure your turn reloadable="false" for your context,
and make sure nothing modifies the timestamp of WEB-INF/web.xml

Filip

satish viswanatham wrote:

Hi

I have a Servlet- which start TCP and UDP MINA servers. After receiving few
packets on the server - the servlet gets un-deployed. Not java stack trace
or details were available in the logs. Is there is a way to debug this? The
code runs fine outside Tomcat.  I think MINA uses Sl4J and I made sure I
have commons-logging.jar, log4j.jar and sl4j-log4j12-1.3.1.jar. I am using
Tomcat 5.5.12. Which version of log4j does Tomcat 5.5.12 use? I tried with
both Apache MINA 1.1 and 1.0. It has the same issue. I have just this web
app deployed on tomcat.

Please let me know, if you have suggestions.

thanks

Aug 20, 2007 1:24:54 PM org.apache.catalina.startup.HostConfigcheckResources
INFO: Undeploying context [/tester]


Aug 20, 2007 1:26:41 PM org.apache.catalina.loader.WebappClassLoaderloadClass
INFO: Illegal access: this web application instance has been stopped
already.  Could not load
org.apache.mina.transport.socket.nio.support.DatagramConnectorDelegate.  The
eventual following stack trace is caused by an error thrown for debugging
purposes as well as to attempt to terminate the thread which caused the
illegal access, and has no functional impact.
Aug 20, 2007 1:26:41 PM org.apache.catalina.loader.WebappClassLoaderloadClass
INFO: Illegal access: this web application instance has been stopped
already.  Could not load org.apache.log4j.spi.ThrowableInformation.  The
eventual following stack trace is caused by an error thrown for debugging
purposes as well as to attempt to terminate the thread which caused the
illegal access, and has no functional impact.
Aug 20, 2007 1:26:41 PM org.apache.catalina.loader.WebappClassLoaderloadClass
INFO: Illegal access: this web application instance has been stopped
already.  Could not load org.apache.log4j.spi.ThrowableInformation.  The
eventual following stack trace is caused by an error thrown for debugging
purposes as well as to attempt to terminate the thread which caused the
illegal access, and has no functional impact.

  



No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.484 / Virus Database: 269.12.0/961 - Release Date: 8/19/2007 7:27 AM
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Running MINA inside Tomcat causing problems.

2007-08-20 Thread satish viswanatham 
Hi

I have a Servlet- which start TCP and UDP MINA servers. After receiving few
packets on the server - the servlet gets un-deployed. Not java stack trace
or details were available in the logs. Is there is a way to debug this? The
code runs fine outside Tomcat.  I think MINA uses Sl4J and I made sure I
have commons-logging.jar, log4j.jar and sl4j-log4j12-1.3.1.jar. I am using
Tomcat 5.5.12. Which version of log4j does Tomcat 5.5.12 use? I tried with
both Apache MINA 1.1 and 1.0. It has the same issue. I have just this web
app deployed on tomcat.

Please let me know, if you have suggestions.

thanks

Aug 20, 2007 1:24:54 PM org.apache.catalina.startup.HostConfigcheckResources
INFO: Undeploying context [/tester]


Aug 20, 2007 1:26:41 PM org.apache.catalina.loader.WebappClassLoaderloadClass
INFO: Illegal access: this web application instance has been stopped
already.  Could not load
org.apache.mina.transport.socket.nio.support.DatagramConnectorDelegate.  The
eventual following stack trace is caused by an error thrown for debugging
purposes as well as to attempt to terminate the thread which caused the
illegal access, and has no functional impact.
Aug 20, 2007 1:26:41 PM org.apache.catalina.loader.WebappClassLoaderloadClass
INFO: Illegal access: this web application instance has been stopped
already.  Could not load org.apache.log4j.spi.ThrowableInformation.  The
eventual following stack trace is caused by an error thrown for debugging
purposes as well as to attempt to terminate the thread which caused the
illegal access, and has no functional impact.
Aug 20, 2007 1:26:41 PM org.apache.catalina.loader.WebappClassLoaderloadClass
INFO: Illegal access: this web application instance has been stopped
already.  Could not load org.apache.log4j.spi.ThrowableInformation.  The
eventual following stack trace is caused by an error thrown for debugging
purposes as well as to attempt to terminate the thread which caused the
illegal access, and has no functional impact.

Re: replication not working

2007-08-20 Thread Filip Hanik - Dev Lists 

the easiest way to fix it would be
1. check what name the command `hostname` spits out
2. make sure that /etc/hosts contains that hostname and IP address

or you could go the other way
http://tomcat.apache.org/tomcat-6.0-doc/config/cluster-receiver.html
look for the address attribute

see the http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html

Filip

Tony Jurado wrote:

Greetings.  I have trolled the mailing list archives, but didn't see
anything that helped me, so, I'm hoping that some kind soul can offer some
insight.

I have just upgraded our production servers from Apache 2.0.53, Tomcat
5.5.23, mod_jk 1.2.19 to Apache 2.2.4, Tomcat 6.0.13, mod_jk 1.2.25 in order
to take advantage of session replication between three servers (Red Hat
Enterprise Linux ES release 4 Nahant Update 5).

The session replication with this configuration worked between our dev
server and our pre-prod server, but it is not working in production.  When I
switch between servers on production I get prompted to login, however the
switch to the other server in the development cluster does not cause me to
get prompted for the password.

I'm not seeing anything in the log files that points to the issue.

The server.xml file has the following (these hostnames are altered):


  
  
foo.bar.com
10 more alias lines deleted for brevity

  


The only difference between the prod and dev servers is the  lines.

I see that the Clustering/Session Replication HOW-TO doc says:

 The IP broadcasted is java.net.InetAddress.getLocalHost().getHostAddress()

 (make sure you don't broadcast 127.0.0.1, this is a common error).

getHostAddress does return 127.0.0.1, but I don't see anything in the docs
that tell me how to correct this.  Also, getHostAddress returns 127.0.0.1 on
the servers that work, so this may be a red herring.

Many thanks in advance for any suggestions!

searchkey93933939

  



No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.484 / Virus Database: 269.12.0/961 - Release Date: 8/19/2007 7:27 AM
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Apache Tomcat Connector connection pool's relation to workers and processes?

2007-08-20 Thread Brian.Horblit 
First, thanks in advance!
 
I have been playing with the 1.2.23 version of the JK Connector. In
particular, I've been setting up an Apache 2 front end to multiple
Tomcat 6's by using load balancing workers delegating to "real" workers.
For the most part the documentation is quite clear, but something I've
not found explictly discussed (perhaps I've just missed it???) is the
relation between the connector's connection pool and the workers.
 
Discussions of the connection pool note that a pool is set up for each
Apache child process and the number of connections in the pool should
correspond to the number of threads in the child process (for threaded
Apaches). Each child process will have its own instance of the connector
and the connector's load balancer worker and real workers (I would
assume). 
 
- Are the connections in the connection pool simply dolled out as needed
to real workers, across all workers and their target Tomcats?
 
- In the ("old new") JK2 connector, there was a setting to limit the
number of connections from a worker to its target (the Tomcat instance).
Looks like there is no such option on JK 1.2.x? If not, one would be
able to limit the overall number of connections (from and Apache
process) to all the workers/Tomcats via the connection_pool_size, and
one would be able to throttle the number of simultaneous requests Tomcat
would attempt to handle via the maxProcessors attribute. I liked the
ability to throttle the traffic to the worker (on the web server) so I
just wanted to ensure I understood the JK model.
 
- Should the number of connections really match the Apache child process
threads? The Apache threads might need to be set "high" to handle static
content requests and traffic spikes that you don't want Tomcat to deal
with...
 
Thanks again!
 
Brian
 
Brian D. Horblit
Senior Principal Engineer
Thomson Healthcare

(303) 486-6697
(800) 525-9083 x 6697
www.thomsonhealthcare.com  
[EMAIL PROTECTED]

RE: Does anyone have an approach to checking if Tomcat instance is UP?

2007-08-20 Thread Brian.Horblit 
 
Kim,

You mentiond "fool-proof"... Perhaps a multi-pronged approach is best,
if you have the time and inclination to implement it.

1) Apps can have "issues" for lots of reasons (running out of memory, db
load and/or locks, thread deadlocks, etc, etc.) In lots of cases the
VM/Tomcat are "OK", but the app is not. With this in mind, if you can
get your monitoring software to actually hit the app's core
functionality itself, you can see if the app is responding, no matter if
the VM/Tomcat are OK. Can you get your monitoring software to hit a
non-trivial, non-access-controlled page? Can you get the monitor to
login/logout every so often (say every few minutes)? How about building
a health-check page in the app itself that queries all major resources
like RDBMSs, and full text search engines, and LDAPs, etc and prints out
status for all those? Depending on our access control setup, you can
restrict access to the status page to your monitor (perpahs via IP
address) or simply have that URL innaccessable from the public network.
Also consider your tolerence for slowness. If the site is "up" but
taking 20 seconds to respond, maybe that is "broken." So of the monitor
can check for response times that will help. 

2) For the OOME condition, Jeff beat me to it. You can also, for
example, use JMX and an http adapter to query an Mbean for the current
memory state and alert if you are above 90%. The alert can be an email.
This pro-active approach (and a fast response to the alert ;-) means
your app won't get to the point of being unresponsive.

3) Perhaps this is too obvious, but why is the app running out of
memory? Is there a leak or is the number of simultaneous requests too
much? Have you given the app enough headroom in terms of max heap? We've
had apps that just suck memory like nuts and have many simultaneous
users, but if the VM is sized large enough they are happy.

4) For (free) monitoring software that can help with some of this, check
out http://www.nagios.org/. Nagios and Splunk are cool. It is awesome
what this stuff does for the price!

Hope this helps at least a little,

Brian Horblit

Brian D. Horblit
Senior Principal Engineer
Thomson Healthcare

(303) 486-6697
(800) 525-9083 x 6697
www.thomsonhealthcare.com
[EMAIL PROTECTED]
 



-->-Original Message-
-->From: Jeff Hoffmann [mailto:[EMAIL PROTECTED] 
-->Sent: Monday, August 20, 2007 10:25 AM
-->To: Tomcat Users List
-->Subject: Re: Does anyone have an approach to checking if 
-->Tomcat instance is UP?

[stuff deleted...]

-->If what you're concerned about is an OOME, you can have a 
-->JSP that queries the runtime memory usage and outputs 
-->something easily parsable to alert you to a (pending) problem.  IE:
-->
-->Runtime rt = Runtime.getRuntime();
-->double used = rt.totalMemory()-rt.freeMemory(); double free 
-->= rt.freeMemory(); double available =  
-->rt.maxMemory()-rt.totalMemory(); double usedpercent = 
-->(used/rt.maxMemory()) * 100; double freepercent = 
-->(free/rt.maxMemory()) * 100; double availablepercent = 
-->(available/rt.maxMemory()) * 100;
-->
-->If your normal state is used % is < 50%, you could send out 
-->a warning when it goes to 70% or restart if it goes to 90%.
-->
-->--
-->Jeff Hoffmann
-->Head Plate Spinner
-->PropertyKey.com
-->
-->-
-->To start a new topic, e-mail: users@tomcat.apache.org To 
-->unsubscribe, e-mail: [EMAIL PROTECTED]
-->For additional commands, e-mail: [EMAIL PROTECTED]
-->
-->

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: load balancing

2007-08-20 Thread Rainer Jung 
You might need to think about the necessary aspects of your solution 
first. Some of those might be:


- Necessity of High Availability, more precisely, amount of availability 
needed (planned and unplanned downtimes, allowed planned downtimes, when 
and how long and how much in before declared)


- Are services stateful or stateless, so can you actually use round 
robin, or do users need to be rerouted to their origin node when doing 
followup requests? Will you need session replication to enhance 
availability, or would relogin be OK in case of node failure?


- Do you prefer management of load balancing by the network people, or 
the server people or application. Which of those groups accept that they 
have to build up some knowledge about the details of the mechanisms 
involved?


- How many objects will need to be managed: 10 Tomcat instances, or 10 
Tomcat nodes with 4 instances each with 5 very different webas per 
instance ...


- Is SSL involved? Which layer should terminate SSL?

More questions than answers, but the questions are intended to give you 
an idea, that there are not only simple technical issues when deciding 
about this kind of global application architecture.


If you don't need HA, then you could start with a single lb, maybe with 
a standby second one. If you need HA you'll need a pair and a network 
layer construct, that ensures transparent failover.


Usually you also have stateful sessions, so you need to think about 
stickyness. Often sessions are not very expensive for the customers, sou 
you can start without replication.


Network appliances or Apache/mod_jk: This mostly depends on:

- which people (organisation, skills) should do the daily administration 
concerning the balancing

- how are you going to implement HA

In case you consider mod_jk: there is also Apache 2.2 with 
mod_proxy_balancer/mod_proxy_ajp. These modules will be fine for an easy 
quickstart. In case you are planning to do more complex topologies, 
timeouts etc., you might want to directly start with mod_jk (Disclaimer: 
I'm writing code for mod_jk).


Regards,

Rainer

Asensio, Rodrigo wrote:

Hi, I'm planing to do load balancing on my 3 apache tomcat server.
Actually they are windows 2003, 5.5.23, ibm jdk 1.5.
I'm planing to put a linux in the front who balances the load for the 3
servers. I read about the issue and there are several solutions. This is
a small farm, maybe up to 10 servers in the very very future, will no
grow up more than that. Now, what do you recomend ? use a Apache mod_jk
in the front ? use the load balancer with a round robin rule ?
 
regards

R
 
---

Rodrigo Asensio
Fuel Management Services
Gilbarco Veeder Root
phone: +1 336 547 5023
email: [EMAIL PROTECTED]
 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

replication not working

2007-08-20 Thread Tony Jurado 
Greetings.  I have trolled the mailing list archives, but didn't see
anything that helped me, so, I'm hoping that some kind soul can offer some
insight.

I have just upgraded our production servers from Apache 2.0.53, Tomcat
5.5.23, mod_jk 1.2.19 to Apache 2.2.4, Tomcat 6.0.13, mod_jk 1.2.25 in order
to take advantage of session replication between three servers (Red Hat
Enterprise Linux ES release 4 Nahant Update 5).

The session replication with this configuration worked between our dev
server and our pre-prod server, but it is not working in production.  When I
switch between servers on production I get prompted to login, however the
switch to the other server in the development cluster does not cause me to
get prompted for the password.

I'm not seeing anything in the log files that points to the issue.

The server.xml file has the following (these hostnames are altered):


  
  
foo.bar.com
10 more alias lines deleted for brevity

  


The only difference between the prod and dev servers is the  lines.

I see that the Clustering/Session Replication HOW-TO doc says:

 The IP broadcasted is java.net.InetAddress.getLocalHost().getHostAddress()

 (make sure you don't broadcast 127.0.0.1, this is a common error).

getHostAddress does return 127.0.0.1, but I don't see anything in the docs
that tell me how to correct this.  Also, getHostAddress returns 127.0.0.1 on
the servers that work, so this may be a red herring.

Many thanks in advance for any suggestions!

searchkey93933939

load balancing

2007-08-20 Thread Asensio, Rodrigo 
Hi, I'm planing to do load balancing on my 3 apache tomcat server.
Actually they are windows 2003, 5.5.23, ibm jdk 1.5.
I'm planing to put a linux in the front who balances the load for the 3
servers. I read about the issue and there are several solutions. This is
a small farm, maybe up to 10 servers in the very very future, will no
grow up more than that. Now, what do you recomend ? use a Apache mod_jk
in the front ? use the load balancer with a round robin rule ?
 
regards
R
 
---
Rodrigo Asensio
Fuel Management Services
Gilbarco Veeder Root
phone: +1 336 547 5023
email: [EMAIL PROTECTED]
 
 


This message (including any attachments) contains confidential
and/or proprietary information intended only for the addressee.
Any unauthorized disclosure, copying, distribution or reliance on
the contents of this information is strictly prohibited and may
constitute a violation of law.  If you are not the intended
recipient, please notify the sender immediately by responding to
this e-mail, and delete the message from your system.  If you
have any questions about this e-mail please notify the sender
immediately.

Failed to connect to remote VM. Connection refused

2007-08-20 Thread Andrew Hole 
I configure tomcat to debug remotly from Eclipse:

start "Configure Tomcat". Go to Java tab. add the following 2 lines.
-Xdebug
-Xrunjdwp:transport=dt_socket,address=8000,server=y,suspend=n
Then go to Startup tab and add the following two lines in the arguments
entry box.
jpda
start

Restarting tomcat I don't see no one log in catalina.out refering to JPDA!


I get the following error when I try to debug from eclipse:
Failed to connect to remote VM. Connection refused

Why?
Thanks a lot


Thanks a lot

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David Hesson 

You guys have no idea how happy I am.

David Hesson wrote:
Opera totally works.  I just uploaded a 4.2GB file with it :)  Thank 
you guys so much.  Solution to uploading >2GB files was indeed not a 
Tomcat issue.  The login page will now contain the following text:


To upload files > 2GB, here are a list of browsers...
1) Opera
2) ?

:)  Cheers and many thanks,

David

Len Popp wrote:

Yes, I've seen problems with IE and Firefox uploading files > 2GB (but
I haven't tested the latest versions). The browser either sends a
bogus Content-Length, or it doesn't send a request at all!

David, try your test JSP with the Opera browser. It seems to be able
to send large files.
  




--
David Hesson
Software Engineer
NuRelm, Inc.
http://www.nurelm.com

Toll Free: 1-877-268-7356  ext. 207
Local: 1-724-430-0490  ext. 207


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David Hesson 
Opera totally works.  I just uploaded a 4.2GB file with it :)  Thank you 
guys so much.  Solution to uploading >2GB files was indeed not a Tomcat 
issue.  The login page will now contain the following text:


To upload files > 2GB, here are a list of browsers...
1) Opera
2) ?

:)  Cheers and many thanks,

David

Len Popp wrote:

Yes, I've seen problems with IE and Firefox uploading files > 2GB (but
I haven't tested the latest versions). The browser either sends a
bogus Content-Length, or it doesn't send a request at all!

David, try your test JSP with the Opera browser. It seems to be able
to send large files.
  


--
David Hesson
Software Engineer
NuRelm, Inc.
http://www.nurelm.com

Toll Free: 1-877-268-7356  ext. 207
Local: 1-724-430-0490  ext. 207


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: FW: Filter

2007-08-20 Thread Ben Souther 
Just like with sendRedirect, you would branch your code so that it
either forwards to your 'denyURI' page or calls doFilter.


On Mon, 2007-08-20 at 12:42, Hehl, Thomas wrote:
> Hmmm. So then for the example cited, the parameter to getRequestDispatcher()
> would be denyURI?
> 
> What about the doFilter()?
> 
> -Original Message-
> From: Ben Souther [mailto:[EMAIL PROTECTED] 
> Sent: Monday, August 20, 2007 12:39 PM
> To: Tomcat Users List
> Subject: Re: FW: Filter
> 
> Look at RequestDispatcher.forward.
> All of this takes place on the server and doesn't change the URL.
> http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/RequestDispatcher.html#f
> orward(javax.servlet.ServletRequest,%20javax.servlet.ServletResponse)
> 
> 
> 
> On Mon, 2007-08-20 at 11:35, Hehl, Thomas wrote:
> > OK, since no one had a suggestion about that, is there ways out of a
> filter
> > that won't re-write the URL? Maybe instead of using response.redirect?
> > 
> >  
> > 
> > Thanks.
> > 
> >  
> > 
> >   _  
> > 
> > From: Hehl, Thomas 
> > Sent: Monday, August 20, 2007 8:42 AM
> > To: 'users@tomcat.apache.org'
> > Subject: Filter
> > 
> >  
> > 
> > Our application has a security filter on it that ensures access to all
> > servlets is from a logged in user. This has worked fine for years.
> > 
> >  
> > 
> > We are now testing over this new security software that relays requests
> from
> > an external webapp to our internal one. The problem is that the security
> > filter re-writes the URL, which is very different from the one on the
> > outside.
> > 
> >  
> > 
> > Anyone have an idea about what to do about this?
> > 
> >  
> > 
> > Thanks.
> > 
> >  
> > 
> > Thom Hehl
> > Sr. eJuror Architect
> > 
> > * Office (859) 277-8800 x 144
> > 
> > * [EMAIL PROTECTED]   
> > ACS, Inc.
> > 
> > Government Solutions
> > 
> > 1733 Harrodsburg Road
> > Lexington, KY 40504-3617
> > 
> > This e-mail message, including any attachments, is for the sole use of the
> > intended recipient(s) and may contain confidential and privileged
> > information. Any unauthorized review, use, disclosure or distribution is
> > prohibited. If you are not the intended recipient, please contact the
> sender
> > by reply e-mail and destroy all copies of the original message and notify
> > sender via e-mail at [EMAIL PROTECTED]
> >   or by telephone at 859-277-8800 ext.
> 144.
> > Thank you.
> > 
> >  
> 
> 
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David Hesson 

Thanks, will do.

Len Popp wrote:

Yes, I've seen problems with IE and Firefox uploading files > 2GB (but
I haven't tested the latest versions). The browser either sends a
bogus Content-Length, or it doesn't send a request at all!

David, try your test JSP with the Opera browser. It seems to be able
to send large files.
  


--
David Hesson
Software Engineer
NuRelm, Inc.
http://www.nurelm.com

Toll Free: 1-877-268-7356  ext. 207
Local: 1-724-430-0490  ext. 207


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Len Popp 
Yes, I've seen problems with IE and Firefox uploading files > 2GB (but
I haven't tested the latest versions). The browser either sends a
bogus Content-Length, or it doesn't send a request at all!

David, try your test JSP with the Opera browser. It seems to be able
to send large files.
-- 
Len


On 8/20/07, Markus Schiegl <[EMAIL PROTECTED]> wrote:
> Hi,
>
> a few days ago i had the same question/problem. i found:
>
> http://www.motobit.com/help/scptutl/pa98.htm
>
> If this is correct (my own limited tests confirmed it) you're effectivly
> limited to 2GB uploads using HTTP and it's not tomcat's problem alone -
> if at all.
>
> kind regards,
>Markus
>
> David Hesson wrote:
> > I have installed 6.0.14 now and the same problem persists.  I am
> > starting to worry about our choice to use Java for this web application
> > project now... the client insisted that we used .NET framework or
> > 'Microsoft' products if you will, but limitations arise.  I just won't
> > be able to stand the 'we told you so' that is sure to happen if we can't
> > find a workaround with existing deployment options that allow huge
> > uploads.  He never mentioned he wanted 2+ GB uploads anyways, but again
> > that's probably our fault for not asking, and then testing limitations
> > before designing/selecting frameworks, language, etc.
> >
> > Caldarale, Charles R wrote:
> >>> From: David Hesson [mailto:[EMAIL PROTECTED] Subject: Re:
> >>> Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
> >>>
> >>> I haven't checked where the content length is pulled from
> >>> a String but if it does cause a crash, then it is handled
> >>> internally
> >>>
> >>
> >> Here's the code of interest:
> >>
> >> public int getContentLength() {
> >> long length = getContentLengthLong();
> >>
> >> if (length < Integer.MAX_VALUE) {
> >> return (int) length;
> >> }
> >> return -1;
> >> }
> >>
> >> (from the 6.0.14 version of org/apache/coyote/Request.java).  The real
> >> problem is with the Servlet API spec, which defines the return type of
> >> getContentLength() as an int.  Until that problem is resolved, you'll
> >> have to avoid using that API.  Note that internally, Tomcat tracks the
> >> size with a long, not an int, although as Rainer has pointed out, some
> >> problems existed in older levels that have been addressed in 6.0.14.
> >>
> >>  - Chuck
> >>
> >>
> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> >> MATERIAL and is thus for use only by the intended recipient. If you
> >> received this in error, please contact the sender and delete the e-mail
> >> and its attachments from all computers.
> >>
> >> -
> >> To start a new topic, e-mail: users@tomcat.apache.org
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
> >
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: FW: Filter

2007-08-20 Thread Hehl, Thomas 
Hmmm. So then for the example cited, the parameter to getRequestDispatcher()
would be denyURI?

What about the doFilter()?

-Original Message-
From: Ben Souther [mailto:[EMAIL PROTECTED] 
Sent: Monday, August 20, 2007 12:39 PM
To: Tomcat Users List
Subject: Re: FW: Filter

Look at RequestDispatcher.forward.
All of this takes place on the server and doesn't change the URL.
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/RequestDispatcher.html#f
orward(javax.servlet.ServletRequest,%20javax.servlet.ServletResponse)



On Mon, 2007-08-20 at 11:35, Hehl, Thomas wrote:
> OK, since no one had a suggestion about that, is there ways out of a
filter
> that won't re-write the URL? Maybe instead of using response.redirect?
> 
>  
> 
> Thanks.
> 
>  
> 
>   _  
> 
> From: Hehl, Thomas 
> Sent: Monday, August 20, 2007 8:42 AM
> To: 'users@tomcat.apache.org'
> Subject: Filter
> 
>  
> 
> Our application has a security filter on it that ensures access to all
> servlets is from a logged in user. This has worked fine for years.
> 
>  
> 
> We are now testing over this new security software that relays requests
from
> an external webapp to our internal one. The problem is that the security
> filter re-writes the URL, which is very different from the one on the
> outside.
> 
>  
> 
> Anyone have an idea about what to do about this?
> 
>  
> 
> Thanks.
> 
>  
> 
> Thom Hehl
> Sr. eJuror Architect
> 
> * Office (859) 277-8800 x 144
> 
> * [EMAIL PROTECTED]   
> ACS, Inc.
> 
> Government Solutions
> 
> 1733 Harrodsburg Road
> Lexington, KY 40504-3617
> 
> This e-mail message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain confidential and privileged
> information. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient, please contact the
sender
> by reply e-mail and destroy all copies of the original message and notify
> sender via e-mail at [EMAIL PROTECTED]
>   or by telephone at 859-277-8800 ext.
144.
> Thank you.
> 
>  


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: FW: Filter

2007-08-20 Thread Ben Souther 
Look at RequestDispatcher.forward.
All of this takes place on the server and doesn't change the URL.
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/RequestDispatcher.html#forward(javax.servlet.ServletRequest,%20javax.servlet.ServletResponse)



On Mon, 2007-08-20 at 11:35, Hehl, Thomas wrote:
> OK, since no one had a suggestion about that, is there ways out of a filter
> that won't re-write the URL? Maybe instead of using response.redirect?
> 
>  
> 
> Thanks.
> 
>  
> 
>   _  
> 
> From: Hehl, Thomas 
> Sent: Monday, August 20, 2007 8:42 AM
> To: 'users@tomcat.apache.org'
> Subject: Filter
> 
>  
> 
> Our application has a security filter on it that ensures access to all
> servlets is from a logged in user. This has worked fine for years.
> 
>  
> 
> We are now testing over this new security software that relays requests from
> an external webapp to our internal one. The problem is that the security
> filter re-writes the URL, which is very different from the one on the
> outside.
> 
>  
> 
> Anyone have an idea about what to do about this?
> 
>  
> 
> Thanks.
> 
>  
> 
> Thom Hehl
> Sr. eJuror Architect
> 
> * Office (859) 277-8800 x 144
> 
> * [EMAIL PROTECTED]   
> ACS, Inc.
> 
> Government Solutions
> 
> 1733 Harrodsburg Road
> Lexington, KY 40504-3617
> 
> This e-mail message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain confidential and privileged
> information. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient, please contact the sender
> by reply e-mail and destroy all copies of the original message and notify
> sender via e-mail at [EMAIL PROTECTED]
>   or by telephone at 859-277-8800 ext. 144.
> Thank you.
> 
>  


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

David Hesson wrote:
> Servlets are never reached in the web application, only the filters are
> hit.  Servlet calls seem to be getting skipped.

Your filters are called, but not the servlet? That's odd. Can you post
the code to your filters? Or disable as much as you can?

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGycKq9CaO5/Lv0PARAuNCAKC95oyxjLA8yhZbNUzDClovVcfLmgCeMK5j
t6OTwvSXY3pP59HkFxVP8tc=
=qxAS
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Will a fix to 5.5 be done for CVE-2007-3382 and CVE-2007-3385?

2007-08-20 Thread Filip Hanik - Dev Lists 

a 5.5.25 tag is planned for Friday, includes both of those fixes

Filip

Lanoux, Mark wrote:

Does any know if a fix to Tomcat 5.5 will be done to remediate security
issues CVE-2007-3382 and CVE-2007-3385?

http://securitytracker.com/alerts/2007/Aug/1018556.html

http://securitytracker.com/alerts/2007/Aug/1018557.html

We would rather not have to upgrade to 6.0.14 at this time

Thanks,
Mark



  



No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.484 / Virus Database: 269.12.0/961 - Release Date: 8/19/2007 7:27 AM
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Does anyone have an approach to checking if Tomcat instance is UP?

2007-08-20 Thread Jeff Hoffmann 

Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dan,

Dan Armbrust wrote:

A simple cron job that points to a URL using lynx, and greps the
output for what it should see will do the trick...


I would use wget instead of Lynx, but that's just me.

Don't forget that the OP said that his JSPs appear to run correctly even
after the OOME.


If what you're concerned about is an OOME, you can have a JSP that 
queries the runtime memory usage and outputs something easily parsable 
to alert you to a (pending) problem.  IE:


Runtime rt = Runtime.getRuntime();
double used = rt.totalMemory()-rt.freeMemory();
double free = rt.freeMemory();
double available =  rt.maxMemory()-rt.totalMemory();
double usedpercent = (used/rt.maxMemory()) * 100;
double freepercent = (free/rt.maxMemory()) * 100;
double availablepercent = (available/rt.maxMemory()) * 100;

If your normal state is used % is < 50%, you could send out a warning 
when it goes to 70% or restart if it goes to 90%.


--
Jeff Hoffmann
Head Plate Spinner
PropertyKey.com

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David Hesson 
Well I am a new developer (I was still in college when I began helping 
with this project)  My boss told me the client would like to use .NET, 
and I got kind of excited because I haven't worked with .NET/ASP/C# for 
quite a bit, and I love the compiler, but he talked the client out of it 
(the client is personally known [can't really say friend as they don't 
get along too well] by my boss).  When I say limitations arise, I meant 
that quite possibly even .NET could even have some types of issues with 
huge uploads, so I guess what I was saying is that 'limitations 
sometimes come with software programming, and thus just because we chose 
Java instead of .NET didn't mean .NET couldn't have had its own issues'.


Servlets are never reached in the web application, only the filters are 
hit.  Servlet calls seem to be getting skipped.


Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

David Hesson wrote:
  

I have installed 6.0.14 now and the same problem persists.  I am
starting to worry about our choice to use Java for this web application
project now...



I know for a fact that Tomcat 5.5 can accept bigger-than-2GB uploads.
There must be something else going on, as evidenced by the fact that
your code isn't being called.

Can you toss-out your JSPs and try a vanilla servlet? Just something
that can dump out the headers and maybe spit out progress to a log file
for how many bytes it's receiving? Just print something like "got
another 10MB everytime you hit 10MB.

  

the client insisted that we used .NET framework or
'Microsoft' products if you will, but limitations [arose].



Just 'cause I'm curious: what were those limitations? It's pretty ballsy
to ignore a semi-major customer requirement like that.

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGybwf9CaO5/Lv0PARApssAKCIdQ41r/1fwy7+UHjAx/BA6xi00gCbBK6E
hWDIvpvlq88xQceW98nPOGY=
=pGFC
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  


--
David Hesson
Software Engineer
NuRelm, Inc.
http://www.nurelm.com

Toll Free: 1-877-268-7356  ext. 207
Local: 1-724-430-0490  ext. 207

RE: Possible Tomcat + Javascript + Internet Explorer Problem

2007-08-20 Thread Nelson, Tracy M. 

| From: redminator [mailto:[EMAIL PROTECTED]
| Sent: Monday, 20 August, 2007 02:50
| 
| I have some javascript code that creates a slide menu. It works fine
both

| in IE and Mozilla.
| 
| But, when I integrate that code in a page which I open from tomcat,
the
| code
| doesn't work anymore when I use IE. Still works fine with Mozila. 

How are you integrating the code?  Is a standalone script, or are you
embedding the code directly in the page?

When you say it "doesn't work", what does that mean?  Are you getting an
error?  Or does your menu just not show up?  Have you tried running the
page through a debugger?
-

The information contained in this message is confidential
proprietary property of Nelnet, Inc. and its affiliated 
companies (Nelnet) and is intended for the recipient only.
Any reproduction, forwarding, or copying without the express
permission of Nelnet is strictly prohibited. If you have
received this communication in error, please notify us
immediately by replying to this e-mail.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Markus,

Markus Schiegl wrote:
> a few days ago i had the same question/problem. i found:
> 
> http://www.motobit.com/help/scptutl/pa98.htm
> 
> If this is correct (my own limited tests confirmed it) you're effectivly
> limited to 2GB uploads using HTTP and it's not tomcat's problem alone -
> if at all.

Now that's /very/ interesting. If your browser won't upload your big
'old file, then maybe that's why the servlet (or JSP) never gets invoked.

You might want to try using wget, which should be able to cram a ton of
data down your servlet's throat.

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGyb379CaO5/Lv0PARAm4uAJ4p8+poqcoBF0QSiirJ6gyyH8+jkwCeI+LU
BOXPefXMjIrz7okqiFDW1R0=
=9Omq
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Does anyone have an approach to checking if Tomcat instance is UP?

2007-08-20 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Dan,

Dan Armbrust wrote:
> A simple cron job that points to a URL using lynx, and greps the
> output for what it should see will do the trick...

I would use wget instead of Lynx, but that's just me.

Don't forget that the OP said that his JSPs appear to run correctly even
after the OOME.

Kim, how can /you/ tell that the server is dead, even when the pages
still display? If you can write a JSP or a simple servlet to test for
that detectable condition, then maybe you can report it in a web page,
then use the above technique for testing your server's health.

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGybyb9CaO5/Lv0PARAsW1AJ9BcjU7Wz/7CKqkSHuEzGblnJ9v/QCeOgJo
P/x5UZzZ65U+nOjesskNaKY=
=85U3
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Does anyone have an approach to checking if Tomcat instance is UP?

2007-08-20 Thread Nelson, Tracy M. 
How is your JSP checking your application?  Are you issuing a request to
your app and checking the HTTP status?  If so, why isn't it recognizing
the 500?  Or is the JSP in your application which is failing?

| -Original Message-
| From: Kim Albee [mailto:[EMAIL PROTECTED]
| Sent: Monday, 20 August, 2007 09:48
| 
| Repeatedly, that JSP will work, but the site is down because Tomcat
hit an
| OutOfMemory exception -- but our JSP (which is very small) still runs
| through it's process and returns that everything is happy.  Our
| application
| is up, but the 500 error is an OutOFMemory exception.
-

The information contained in this message is confidential
proprietary property of Nelnet, Inc. and its affiliated 
companies (Nelnet) and is intended for the recipient only.
Any reproduction, forwarding, or copying without the express
permission of Nelnet is strictly prohibited. If you have
received this communication in error, please notify us
immediately by replying to this e-mail.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Markus Schiegl 
Hi,

a few days ago i had the same question/problem. i found:

http://www.motobit.com/help/scptutl/pa98.htm

If this is correct (my own limited tests confirmed it) you're effectivly
limited to 2GB uploads using HTTP and it's not tomcat's problem alone -
if at all.

kind regards,
   Markus

David Hesson wrote:
> I have installed 6.0.14 now and the same problem persists.  I am
> starting to worry about our choice to use Java for this web application
> project now... the client insisted that we used .NET framework or
> 'Microsoft' products if you will, but limitations arise.  I just won't
> be able to stand the 'we told you so' that is sure to happen if we can't
> find a workaround with existing deployment options that allow huge
> uploads.  He never mentioned he wanted 2+ GB uploads anyways, but again
> that's probably our fault for not asking, and then testing limitations
> before designing/selecting frameworks, language, etc.
> 
> Caldarale, Charles R wrote:
>>> From: David Hesson [mailto:[EMAIL PROTECTED] Subject: Re:
>>> Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
>>>
>>> I haven't checked where the content length is pulled from
>>> a String but if it does cause a crash, then it is handled
>>> internally
>>> 
>>
>> Here's the code of interest:
>>
>> public int getContentLength() {
>> long length = getContentLengthLong();
>>
>> if (length < Integer.MAX_VALUE) {
>> return (int) length;
>> }
>> return -1;
>> }
>>
>> (from the 6.0.14 version of org/apache/coyote/Request.java).  The real
>> problem is with the Servlet API spec, which defines the return type of
>> getContentLength() as an int.  Until that problem is resolved, you'll
>> have to avoid using that API.  Note that internally, Tomcat tracks the
>> size with a long, not an int, although as Rainer has pointed out, some
>> problems existed in older levels that have been addressed in 6.0.14.
>>
>>  - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you
>> received this in error, please contact the sender and delete the e-mail
>> and its attachments from all computers.
>>
>> -
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>>   
> 

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

David Hesson wrote:
> I have installed 6.0.14 now and the same problem persists.  I am
> starting to worry about our choice to use Java for this web application
> project now...

I know for a fact that Tomcat 5.5 can accept bigger-than-2GB uploads.
There must be something else going on, as evidenced by the fact that
your code isn't being called.

Can you toss-out your JSPs and try a vanilla servlet? Just something
that can dump out the headers and maybe spit out progress to a log file
for how many bytes it's receiving? Just print something like "got
another 10MB everytime you hit 10MB.

> the client insisted that we used .NET framework or
> 'Microsoft' products if you will, but limitations [arose].

Just 'cause I'm curious: what were those limitations? It's pretty ballsy
to ignore a semi-major customer requirement like that.

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGybwf9CaO5/Lv0PARApssAKCIdQ41r/1fwy7+UHjAx/BA6xi00gCbBK6E
hWDIvpvlq88xQceW98nPOGY=
=pGFC
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Does anyone have an approach to checking if Tomcat instance is UP?

2007-08-20 Thread Dan Armbrust 
A simple cron job that points to a URL using lynx, and greps the
output for what it should see will do the trick...

Dan

On 8/20/07, Kim Albee <[EMAIL PROTECTED]> wrote:
> Hello --
>
> We have a load balanced situation, and we have a JSP that runs and checks
> our application to ensure it's up and returns a string that the monitor app
> is looking for if all is well.
>
> Repeatedly, that JSP will work, but the site is down because Tomcat hit an
> OutOfMemory exception -- but our JSP (which is very small) still runs
> through it's process and returns that everything is happy.  Our application
> is up, but the 500 error is an OutOFMemory exception.
>
> We need a fool-proof way of knowing that the site is up or not, specifically
> so the load balancer will know to stop routing traffic to a server when it's
> down, and we can have people taking a look at what happened and bring the
> server back online without loss of service from a user perspective.
>
> Any suggestions on how to accomplish this?
>
> thanks,
> Kim :-)
>

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

David Hesson wrote:
> Hello, thanks for the information received thus far and trying to assist
> me. With regards to the Integer problem:

[snip]

> C:\Documents and Settings\David\Desktop>java test
> -2147483640
> 
> It overflows when they are added together.

True. This is integer addition overflow, not a negative number resulting
from reading a too-large string of digits into a too-small int value.

> I haven't checked where the
> content length is pulled from a String but if it does cause a crash,
> then it is handled internally, as I don't receive errors/log messages
> due to this issue.

That is true. One problem with Tomcat (really the servlet spec) is that
the ServetRequest.getContentLength method returns a 32-bit int instead
of a 64-bit long, which means that you need to read the Content-Length
as a string and convert it to a long if you want to be able to correctly
read Content-Length headers with numbers bigger than 2^32 - 1.

> What is this mod_jk you speak of?  Does it come with Tomcat or do I need
> to set it up?  I'll begin googling in a second for research, but a
> straight forward answer would be wonderful.

mod_jk is an Apache httpd module that can be used to connect Apache
httpd to Tomcat. IIRC, older versions of mod_jk read the Content-Length
header as a 32-bit signed int and therefore broke uploads bigger than 2GB.

> Also, with regards to
> printing out the content length, the following happens whenever a large
> (2.XGB+) file is uploaded:
> 
> I have a filter that displays all headers of the request, */ALL/ *of
> this was output when I submitted that file _/*ONE */_time (it's like
> Tomcat leaves the request hanging, never sets up the content-length/
> etc, and loops until someone/something decides to handle this request). 
> I have trimmed the output substantially, because the same output is
> issued approx every second or two for ONE request indefinitely (I left
> my desk for about 15 minutes, and this same thing was still going).

[snip]

> INFO: if-modified-since: Mon, 13 Aug 2007 21:42:37 GMT

if-modified-since on a file upload? That's odd...

> Aug 14, 2007 10:54:00 AM
> com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing
> INFO: host: localhost:8084

This looks like a second request. Are you sure this was a single
request? It might help to print out the requested URI before you print
the headers. It might help you sort-out the header output you're seeing.

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGybgD9CaO5/Lv0PARAiwsAKCMrDk2Jtq7wGbg6+mnLD7CU1apyQCgliB0
2fGMClmmWVAGWPCousnfRlM=
=6dIQ
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Caldarale, Charles R 
> From: David Hesson [mailto:[EMAIL PROTECTED] 
> Subject: Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
> 
> If I were to compile and run all this on a 64 bit,
> do integers use 32 bit still

Recompilation for different platforms is never needed for Java code -
that's one of its advantages.  However, a Java int is always 32 bits,
regardless of platform.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to detect user logins

2007-08-20 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

David Delbecq wrote:
> For now, the layout is Filter that check userPrincipal. If user
> principal is not null for the first time, issues that check, mark
> that user got checked for next times, in session, and continue query.
>  However, if i could mark the session as "need upgrade" upon login,
> this would make things, i think, easier to manage as filter would
> only need to look for that "need upgrade" flag.

I think you'll find that you're just breaking your filter into two
separate filters: you'd have one that check to see if the session "needs
an upgrade", and then another one to "upgrade" it. Since the
functionality is all related, I'm not sure if there's a good reason not
to keep it all together.

Do you have any particular complaints about your existing strategy?

- -chris

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGybYb9CaO5/Lv0PARAvhKAJ98z4exrOeiSHS+0eQ2IlYWYl17lACeK5mF
JKrxaBpWuU+0DsXoST1jKbU=
=ByA4
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Will a fix to 5.5 be done for CVE-2007-3382 and CVE-2007-3385?

2007-08-20 Thread Lanoux, Mark 

Does any know if a fix to Tomcat 5.5 will be done to remediate security
issues CVE-2007-3382 and CVE-2007-3385?

http://securitytracker.com/alerts/2007/Aug/1018556.html

http://securitytracker.com/alerts/2007/Aug/1018557.html

We would rather not have to upgrade to 6.0.14 at this time

Thanks,
Mark

FW: Filter

2007-08-20 Thread Hehl, Thomas 
OK, since no one had a suggestion about that, is there ways out of a filter
that won't re-write the URL? Maybe instead of using response.redirect?

 

Thanks.

 

  _  

From: Hehl, Thomas 
Sent: Monday, August 20, 2007 8:42 AM
To: 'users@tomcat.apache.org'
Subject: Filter

 

Our application has a security filter on it that ensures access to all
servlets is from a logged in user. This has worked fine for years.

 

We are now testing over this new security software that relays requests from
an external webapp to our internal one. The problem is that the security
filter re-writes the URL, which is very different from the one on the
outside.

 

Anyone have an idea about what to do about this?

 

Thanks.

 

Thom Hehl
Sr. eJuror Architect

* Office (859) 277-8800 x 144

* [EMAIL PROTECTED]   
ACS, Inc.

Government Solutions

1733 Harrodsburg Road
Lexington, KY 40504-3617

This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies of the original message and notify
sender via e-mail at [EMAIL PROTECTED]
  or by telephone at 859-277-8800 ext. 144.
Thank you.

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David Hesson 
Wow, I wonder if I'm going to have to do some kind of Applet to get this 
to work properly?  Another solution is forwarding requests to some FTP 
app, but they want progress bars.  If I were to compile and run all this 
on a 64 bit, do integers use 32 bit still or are they knocked up to 64 
in Java?  Glad to see .NET isn't much better off.


Peter Crowther wrote:
From: David kerber [mailto:[EMAIL PROTECTED] 
Do you know if .NOT will let upload these giant files?



Definitely not on 32-bit (see http://support.microsoft.com/kb/295626).
The address space maxes out at 1 Gbyte, and IIS has to buffer the bytes
in RAM before ASP.NET can process them.

http://aspnetresources.com/articles/dark_side_of_file_uploads.aspx is an
interesting read for all flavours - notably, don't expect to be able to
do this sensibly any earlier than IIS7.

- Peter

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  


--
David Hesson
Software Engineer
NuRelm, Inc.
http://www.nurelm.com

Toll Free: 1-877-268-7356  ext. 207
Local: 1-724-430-0490  ext. 207

RE: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Peter Crowther 
> From: David kerber [mailto:[EMAIL PROTECTED] 
> Do you know if .NOT will let upload these giant files?

Definitely not on 32-bit (see http://support.microsoft.com/kb/295626).
The address space maxes out at 1 Gbyte, and IIS has to buffer the bytes
in RAM before ASP.NET can process them.

http://aspnetresources.com/articles/dark_side_of_file_uploads.aspx is an
interesting read for all flavours - notably, don't expect to be able to
do this sensibly any earlier than IIS7.

- Peter

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David Hesson 
No clue, I guess that is an assumption on my behalf.  If it doesn't, I'd 
be delighted to know that.  Will do some research shortly.


David kerber wrote:

David Hesson wrote:
I have installed 6.0.14 now and the same problem persists.  I am 
starting to worry about our choice to use Java for this web 
application project now... the client insisted that we used .NET 
framework or 'Microsoft' products if you will, but limitations 
arise.  I just won't be able to stand the 'we told you so' that is 
sure to

Do you know if .NOT will let upload these giant files?

D



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
David Hesson
Software Engineer
NuRelm, Inc.
http://www.nurelm.com

Toll Free: 1-877-268-7356  ext. 207
Local: 1-724-430-0490  ext. 207


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David kerber 

David Hesson wrote:
I have installed 6.0.14 now and the same problem persists.  I am 
starting to worry about our choice to use Java for this web 
application project now... the client insisted that we used .NET 
framework or 'Microsoft' products if you will, but limitations arise.  
I just won't be able to stand the 'we told you so' that is sure to

Do you know if .NOT will let upload these giant files?

D



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David Hesson 
Currently, I am posting to another jsp page that just prints out the 
method used (should say post if all goes well).  I have a Servlet that I 
use to write files that works on everything under 2GB, but on large 
uploads, the thread is never hit, thus I began posting to a tmp.jsp page 
until I figure out why tmp.jsp is never reached.  Yes, lib snapshot of 
directory:


/lib
commons-fileupload-1.2.jar
*
---**index.jsp---*

<[EMAIL PROTECTED] contentType="text/html"%>
<[EMAIL PROTECTED] pageEncoding="UTF-8"%>

http://www.w3.org/TR/html4/loose.dtd";>


   
   
   JSP Page
   
   

   enctype="multipart/form-data" onsubmit="javascript: displayProgress();">
 

 
 
   
  
   



*---**tmp.jsp**---*

<[EMAIL PROTECTED] contentType="text/html"%>
<[EMAIL PROTECTED] pageEncoding="UTF-8"%>

http://www.w3.org/TR/html4/loose.dtd";>


   
   
   JSP Page
   
   

   <%=request.getMethod ()%>
  
   



Caldarale, Charles R wrote:
From: David Hesson [mailto:[EMAIL PROTECTED] 
Subject: Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads


I have installed 6.0.14 now and the same problem persists.



Can you post your servlet/JSP code (if it's not excessively large)?
IIRC, you're using Commons FileUpload 1.2; is that correct?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  


--
David Hesson
Software Engineer
NuRelm, Inc.
http://www.nurelm.com

Toll Free: 1-877-268-7356  ext. 207
Local: 1-724-430-0490  ext. 207

Does anyone have an approach to checking if Tomcat instance is UP?

2007-08-20 Thread Kim Albee 
Hello --

We have a load balanced situation, and we have a JSP that runs and checks
our application to ensure it's up and returns a string that the monitor app
is looking for if all is well.

Repeatedly, that JSP will work, but the site is down because Tomcat hit an
OutOfMemory exception -- but our JSP (which is very small) still runs
through it's process and returns that everything is happy.  Our application
is up, but the 500 error is an OutOFMemory exception.

We need a fool-proof way of knowing that the site is up or not, specifically
so the load balancer will know to stop routing traffic to a server when it's
down, and we can have people taking a look at what happened and bring the
server back online without loss of service from a user perspective.

Any suggestions on how to accomplish this?

thanks,
Kim :-)

RE: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Caldarale, Charles R 
> From: David Hesson [mailto:[EMAIL PROTECTED] 
> Subject: Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
> 
> I have installed 6.0.14 now and the same problem persists.

Can you post your servlet/JSP code (if it's not excessively large)?
IIRC, you're using Commons FileUpload 1.2; is that correct?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David Hesson 
I have installed 6.0.14 now and the same problem persists.  I am 
starting to worry about our choice to use Java for this web application 
project now... the client insisted that we used .NET framework or 
'Microsoft' products if you will, but limitations arise.  I just won't 
be able to stand the 'we told you so' that is sure to happen if we can't 
find a workaround with existing deployment options that allow huge 
uploads.  He never mentioned he wanted 2+ GB uploads anyways, but again 
that's probably our fault for not asking, and then testing limitations 
before designing/selecting frameworks, language, etc.


Caldarale, Charles R wrote:
From: David Hesson [mailto:[EMAIL PROTECTED] 
Subject: Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads


I haven't checked where the content length is pulled from
a String but if it does cause a crash, then it is handled
internally



Here's the code of interest:

public int getContentLength() {
long length = getContentLengthLong();

if (length < Integer.MAX_VALUE) {
return (int) length;
}
return -1;
}

(from the 6.0.14 version of org/apache/coyote/Request.java).  The real
problem is with the Servlet API spec, which defines the return type of
getContentLength() as an int.  Until that problem is resolved, you'll
have to avoid using that API.  Note that internally, Tomcat tracks the
size with a long, not an int, although as Rainer has pointed out, some
problems existed in older levels that have been addressed in 6.0.14.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  


--
David Hesson
Software Engineer
NuRelm, Inc.
http://www.nurelm.com

Toll Free: 1-877-268-7356  ext. 207
Local: 1-724-430-0490  ext. 207

RE: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread Caldarale, Charles R 
> From: David Hesson [mailto:[EMAIL PROTECTED] 
> Subject: Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads
> 
> I haven't checked where the content length is pulled from
> a String but if it does cause a crash, then it is handled
> internally

Here's the code of interest:

public int getContentLength() {
long length = getContentLengthLong();

if (length < Integer.MAX_VALUE) {
return (int) length;
}
return -1;
}

(from the 6.0.14 version of org/apache/coyote/Request.java).  The real
problem is with the Servlet API spec, which defines the return type of
getContentLength() as an int.  Until that problem is resolved, you'll
have to avoid using that API.  Note that internally, Tomcat tracks the
size with a long, not an int, although as Rainer has pointed out, some
problems existed in older levels that have been addressed in 6.0.14.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RES: Resource Security

2007-08-20 Thread Milanez, Marcus 

For all those interested in tightening tomcat security, there are some
interesting advices from OWASP here
http://www.owasp.org/index.php/Securing_tomcat

Yours,

Marcus Milanez

-Mensagem original-
De: Milanez, Marcus [mailto:[EMAIL PROTECTED] 
Enviada em: segunda-feira, 20 de agosto de 2007 09:21
Para: Tomcat Users List
Assunto: RES: Resource Security


Mark,

First of all, let me thank you for your detailed response. This list
contains lots of qualified people, and I'm really glad I'm part of it
because I'm learning more and more everyday. 

All the reasons you mentioned are reasonable, but there are some pointes
that makes me think a lot (and I must assume I don't have the right
answers). Here they are:

1) Can I assume things in terms of security? For a matter of an example,
should I always assume that the resources that my application access
(like a database for example) doesn't need additional security, because
it is hosted in a server, and if this so called server was attacked them
worse things could actually happen? In this case, should I assume as a
developer (not as a system admin), that my network is safe, that my web
server is safe?

2) Whenever I think of security, I'm not only considering a hacker
attack. In terms of security, is it right to delegate a web system
administrator the right to know my application's database user and
password? I know that security recommendations in database side tells us
that an application users should only have access to what they need, in
terms of commands, tables and so on, but again, should I always assume
that as a developer?  


In my point of view, I think my application server should take care of
all these issues for me... How? I don't know. In fact my only suggestion
is: My app. Server should ask for a 'key' (besides the manager password)
whenever I install a new application. This key could be used to encrypt
all my application files, preventing anyone to open them. I know there
are issues like 'Where should this key be stored?', 'Who should type
this key ?' and I know that, but I can't find a good answer... I'm just
exposing some ideas.

Thank you all for your attention once more. This community is really
great..

Yours,

Marcus Milanez


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multi-Gigabyte Uploads, Tomcat 2GB and higher uploads

2007-08-20 Thread David Hesson 
Hello, thanks for the information received thus far and trying to assist 
me. With regards to the Integer problem:


public class test
{
   public static void main (String []args)
   {
   int j = 10; int y = 2147483646;
   int result = j + y;
   System.out.println( result );
   }
}

C:\Documents and Settings\David\Desktop>java test
-2147483640

It overflows when they are added together.  I haven't checked where the 
content length is pulled from a String but if it does cause a crash, 
then it is handled internally, as I don't receive errors/log messages 
due to this issue.  I may have to check out the source for Tomcat or 
Catalina (whichever does this handling) and see what goes on.



Now, if you were using an old version of mod_jk (which you didn't
mention), it's possible that the Content-Length header is being
corrupted. Since you have a filter chain, can you print the (String)
value of the Content-Length header before processing begins? That would
be helpful.


What is this mod_jk you speak of?  Does it come with Tomcat or do I need 
to set it up?  I'll begin googling in a second for research, but a 
straight forward answer would be wonderful.  Also, with regards to 
printing out the content length, the following happens whenever a large 
(2.XGB+) file is uploaded:


I have a filter that displays all headers of the request, */ALL/ *of 
this was output when I submitted that file _/*ONE */_time (it's like 
Tomcat leaves the request hanging, never sets up the content-length/ 
etc, and loops until someone/something decides to handle this request).  
I have trimmed the output substantially, because the same output is 
issued approx every second or two for ONE request indefinitely (I left 
my desk for about 15 minutes, and this same thing was still going).


Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: host: localhost:8084
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing
INFO: user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; 
rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: accept: */*
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: accept-language: en-us,en;q=0.5
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: accept-encoding: gzip,deflate
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: keep-alive: 300
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: connection: keep-alive
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: referer: http://localhost:8084/RosenthalFiles/
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing
INFO: cookie: JSESSIONID=B9F5C30C710AAAFA048E85FE1B559668; 
GUEST_LANGUAGE_ID=en_US; COOKIE_SUPPORT=true
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: if-modified-since: Mon, 13 Aug 2007 21:42:37 GMT
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: if-none-match: "1187041357000"
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: host: localhost:8084
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing
INFO: user-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; 
rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: accept: */*
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: accept-language: en-us,en;q=0.5
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: accept-encoding: gzip,deflate
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: keep-alive: 300
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: connection: keep-alive
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing

INFO: referer: http://localhost:8084/RosenthalFiles/
Aug 14, 2007 10:54:00 AM 
com.nurelm.rosenthalftp.filter.ContentLengthFilter doBeforeProcessing
INFO: cookie: JSESSIONID=B9F5C30C710AAAFA048E85FE1B559668; 
GUEST_LANGUAGE_ID=en_US; COOKIE_SUPPORT=

RES: Resource Security

2007-08-20 Thread Milanez, Marcus 

Mark,

First of all, let me thank you for your detailed response. This list contains 
lots of qualified people, and I'm really glad I'm part of it because I'm 
learning more and more everyday. 

All the reasons you mentioned are reasonable, but there are some pointes that 
makes me think a lot (and I must assume I don't have the right answers). Here 
they are:

1) Can I assume things in terms of security? For a matter of an example, should 
I always assume that the resources that my application access (like a database 
for example) doesn't need additional security, because it is hosted in a 
server, and if this so called server was attacked them worse things could 
actually happen? In this case, should I assume as a developer (not as a system 
admin), that my network is safe, that my web server is safe?

2) Whenever I think of security, I'm not only considering a hacker attack. In 
terms of security, is it right to delegate a web system administrator the right 
to know my application's database user and password? I know that security 
recommendations in database side tells us that an application users should only 
have access to what they need, in terms of commands, tables and so on, but 
again, should I always assume that as a developer?  


In my point of view, I think my application server should take care of all 
these issues for me... How? I don't know. In fact my only suggestion is: My 
app. Server should ask for a 'key' (besides the manager password) whenever I 
install a new application. This key could be used to encrypt all my application 
files, preventing anyone to open them. I know there are issues like 'Where 
should this key be stored?', 'Who should type this key ?' and I know that, but 
I can't find a good answer... I'm just exposing some ideas.

Thank you all for your attention once more. This community is really great..

Yours,

Marcus Milanez



-Mensagem original-
De: Mark Thomas [mailto:[EMAIL PROTECTED] 
Enviada em: sábado, 18 de agosto de 2007 00:31
Para: Tomcat Users List
Assunto: Re: Resource Security

Christopher Schultz wrote:
> Andrew,
> 
> Andrew Hole wrote:
>> Is it possible encrypt password on Resource setup?
> 
> No (still).

And for good reason.

First off all, why does the resource password need to be encrypted?
The threat is that an attacker gains unauthorised access to the box locally or 
remotely and reads the file. If they can gain this much access to the box it is 
already badly compromised. An attacker that could do this can almost certainly 
add a malicious web application, add a filter that sniffs user passwords, read 
the private SSL key etc.

There are very few circumstances where an attacker that has compromised the 
Tomcat server (and can hence add code etc) can do more damage with the resource 
password that they couldn't do by writing a malicious web application and 
deploying it.

All that being said, lets assume that the resource password needs to be 
protected after the box has been compromised. How to protect it? If the 
resource password is encrypted Tomcat has to be able to decrypt it in order to 
use it. Where does Tomcat get the decryption key from?

The options are:
1. a file on disk
2. entry by system admin on startup
3. some hardware device

1. is pointless. If the attacker can read the file with the encrypted password, 
they can read the file with the decryption key.

2. This is better but has a number of issues. If the service fails, an admin 
has to be present to restart it. You have just swapped a confidentiality issue 
for an availability one. 24x7 operation will require 5 admins that know this 
password. The password will probably be written down somewhere in plain text 
and is likely to be less well protected than if it was just left on the file 
system in the first place. This of course doesn't take account of the time 
taken for an admin to notice the service is down, go to the box and restart it.
Further, the password will almost certainly still be cached for later reuse, eg 
when creating a new connection for a database connection pool. If our attacker 
has already compromised the box, a malicious web app and careful use of 
reflection will yield the password. At the cost of some resources and some 
custom code, you could avoid most caching issues but closed source code 
(database drivers etc) will still be a risk.

3. Essentially the same set of problems as 2 but with added complexity.

It all comes down to a proper threat assessment. Given what an attacker who has 
access to the box is able to do, there are extremely few cases where protecting 
the password after the box is compromised is worth the effort and not enough to 
make this even appear on anyone's to-do list.

If someone can come up with a reasonable scenario that makes encrypting the 
resource password necessary then I am happy to add an implementation of 
password on startup to my list of things to do.

Mark

Re: SSL port number

2007-08-20 Thread Markus Schönhaber 
Lorenzo Cerini wrote:

> Markus Schönhaber wrote:

>> ... or use jsvc which lets Tomcat drop privileges after binding to a
>> privileged port and which is distributed with the Tomcat archives.
>>   
> Did you use it?
> did you like it?

Yes.
Yes.

> We have no reason but the port to give the tomcat-user any privilege 
> (even if only at
> booting); but i'm always interested in improving our installations

Letting Tomcat (or other Java applications) bind to privileged ports
without giving it permanent root rights, is AFAICT the main reason jsvc
exists.
http://commons.apache.org/daemon/index.html

Regards
  mks

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL port number

2007-08-20 Thread David Smith 
The commons-daemon project (better known on this list as jsvc) will 
allow startup as a non-root user and access to ports below 1024.  See 
http://jakarta.apache.org/commons/daemon for details.


--David

Lorenzo Cerini wrote:


Markus Schönhaber wrote:


Stephen Caine wrote:

 

We use Tomcat SSL without Apache and it has been very stable.  The  
only issue has been the using port 8443 as some firewalls block access.




Why don't you tell Tomcat to use the port you want it to use - for
  


You cannot access port below 1024 with a user other than root on many 
*nix system.

You need to have a PAT somewhere.
Or run tomcat as root (not advisable).
L.


example 443?

Regards
  mks

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

  




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL port number

2007-08-20 Thread Lorenzo Cerini 

Markus Schönhaber wrote:

Lorenzo Cerini schrieb:

  

Markus Schönhaber wrote:


Stephen Caine wrote:

  
  
We use Tomcat SSL without Apache and it has been very stable.  The  
only issue has been the using port 8443 as some firewalls block access.



Why don't you tell Tomcat to use the port you want it to use - for
  
  
You cannot access port below 1024 with a user other than root on many 
*nix system.

You need to have a PAT somewhere.
Or run tomcat as root (not advisable).



... or use jsvc which lets Tomcat drop privileges after binding to a
privileged port and which is distributed with the Tomcat archives.
  

Did you use it?
did you like it?
We have no reason but the port to give the tomcat-user any privilege 
(even if only at

booting); but i'm always interested in improving our installations
L.


Regards
  mks


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL port number

2007-08-20 Thread Markus Schönhaber 
Stephen Caine schrieb:

> I previously posted a question about port redirection which was  
> answered.  I was referring to that previous post.

Well, there seems to be something wrong with my crystal ball. I'll have
to get this damned thing checked ;-)


Regards
  mks

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL port number

2007-08-20 Thread Markus Schönhaber 
Lorenzo Cerini schrieb:

> Markus Schönhaber wrote:
>> Stephen Caine wrote:
>>
>>   
>>> We use Tomcat SSL without Apache and it has been very stable.  The  
>>> only issue has been the using port 8443 as some firewalls block access.
>>> 
>> Why don't you tell Tomcat to use the port you want it to use - for
>>   
> You cannot access port below 1024 with a user other than root on many 
> *nix system.
> You need to have a PAT somewhere.
> Or run tomcat as root (not advisable).

... or use jsvc which lets Tomcat drop privileges after binding to a
privileged port and which is distributed with the Tomcat archives.

Regards
  mks


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL port number (was: Re: Tomcat SSL/HTTPS Performance vs Apache)

2007-08-20 Thread Stephen Caine 

Markus,

I previously posted a question about port redirection which was  
answered.  I was referring to that previous post.


Stephen


We use Tomcat SSL without Apache and it has been very stable.   
The  only issue has been the using port 8443 as some firewalls  
block access.


Why don't you tell Tomcat to use the port you want it to use -  
forexample 443?


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat SSL/HTTPS Performance vs Apache

2007-08-20 Thread Markus Schönhaber 
Berglas, Anthony schrieb:

> Has anyone done any performance analysis of Tomcat's SSL performance,
> especially compared to Apache.  It is rumored that Tomcat is unusable
> without Apache in front for SSL, but I wonder if that is true.  

And whoever made this claim did surely provide a verifiable analysis
that backs it up?
I doubt that.

> Our application will have lots of clients making short connections, so
> it is the RSA processing time that is critical.

Especially if you use APR I wouldn't expect any noticeable difference in
performance between httpd and Tomcat, because in this case both use in
essence the same code.

But whatever I think is quite irrelevant. How Tomcat behaves in your
special use case is something only you can find out for sure.

Regards
  mks

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL port number

2007-08-20 Thread Lorenzo Cerini 

Markus Schönhaber wrote:

Stephen Caine wrote:

  
We use Tomcat SSL without Apache and it has been very stable.  The  
only issue has been the using port 8443 as some firewalls block access.



Why don't you tell Tomcat to use the port you want it to use - for
  
You cannot access port below 1024 with a user other than root on many 
*nix system.

You need to have a PAT somewhere.
Or run tomcat as root (not advisable).
L.

example 443?

Regards
  mks

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat SSL/HTTPS Performance vs Apache

2007-08-20 Thread Lorenzo Cerini 

Hi, all
we use SSL tomcat for our web applications.
Since i work in the transport branch, where there is a lot of real time, 
automatic data exchange, i can say tomcat alone for SSL'ed services is 
very stable,

and even easier to manage than the apache-httpd.
About fastness and scalability is a matter of what you want to do with 
tomcat (e.g. more dynamic or static content?).
The only concern you could have is about port 443. On *nix systems where 
we launch tomcat with a dedicated user, obviously you are forbidden to 
use port 443

(just root can), and forced to redirect to another port at firewall level.
L.

Anthony,

Has anyone done any performance analysis of Tomcat's SSL performance, 
especially compared to Apache.  It is rumored that Tomcat is unusable 
without Apache in front for SSL, but I wonder if that is true.


We use Tomcat SSL without Apache and it has been very stable.  The 
only issue has been the using port 8443 as some firewalls block access.


Stephen

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

SSL port number (was: Re: Tomcat SSL/HTTPS Performance vs Apache)

2007-08-20 Thread Markus Schönhaber 
Stephen Caine wrote:

> We use Tomcat SSL without Apache and it has been very stable.  The  
> only issue has been the using port 8443 as some firewalls block access.

Why don't you tell Tomcat to use the port you want it to use - for
example 443?

Regards
  mks

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat SSL/HTTPS Performance vs Apache

2007-08-20 Thread Stephen Caine 

Anthony,

Has anyone done any performance analysis of Tomcat's SSL  
performance, especially compared to Apache.  It is rumored that  
Tomcat is unusable without Apache in front for SSL, but I wonder if  
that is true.


We use Tomcat SSL without Apache and it has been very stable.  The  
only issue has been the using port 8443 as some firewalls block access.


Stephen

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Filter

2007-08-20 Thread Hehl, Thomas 
Our application has a security filter on it that ensures access to all
servlets is from a logged in user. This has worked fine for years.

 

We are now testing over this new security software that relays requests from
an external webapp to our internal one. The problem is that the security
filter re-writes the URL, which is very different from the one on the
outside.

 

Anyone have an idea about what to do about this?

 

Thanks.

 

Thom Hehl
Sr. eJuror Architect

* Office (859) 277-8800 x 144

* [EMAIL PROTECTED]   
ACS, Inc.

Government Solutions

1733 Harrodsburg Road
Lexington, KY 40504-3617

This e-mail message, including any attachments, is for the sole use of the
intended recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender
by reply e-mail and destroy all copies of the original message and notify
sender via e-mail at [EMAIL PROTECTED]
  or by telephone at 859-277-8800 ext. 144.
Thank you.

Very large catalina.out containing millions of 'null characters'

2007-08-20 Thread Mark Stevens 
Another strange one from me,

When starting/restarting Tomcat, it automatically creates a
250MB(Approx) catalina.out file, when viewing the file, it only has
couple of hundred lines showing normal log messages(no errors) however
when opening the file it 'vi' the status line states there are
millions of 'null characters', these are obviously what is causing the
file to be so large.

Has anyone seen this before?

O/S: Solaris 2.8
Tomcat version: 4.0.1


Thanks in advance,

Mark.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

SSL on Windows Vista with Tomcat 5.0.28 not working

2007-08-20 Thread David Roberts 
Hi,
 
I am using Tomcat 5.0.28, and I use SSL for my webapp.
I am using j2sdk1.4.2_06.
I have created my own SSL certificate for our server, using the Java keytool 
utility.
 
Everything works fine when using Internet Explorer on Windows XP. You simply 
click Yes when the browser prompts you about the certificate, or install it if 
you want.
But a client was using Windows Vista, and told me they could not see the 
webapp. It simply says that the page cannot be found. It turns out, that on all 
Windows Vista machines I've tried, they cannot see the webapp. I have googled 
high and low for an answer, and support from the Microsoft site and a few 
others have not helped.
 
Anyone know how I can allow Internet Explorer on Windows Vista to see an SSL 
based webapp, running on Tomcat 5.0.28 with j2sdk1.4.2_06, when using your own 
certificate?
 
Thanks.

Disclaimer
This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed.
If you are not the intended recipient, you are notified that you may not
use, distribute or copy this document in any manner whatsoever. Kindly
also notify the sender immediately by telephone, and delete the e-mail.
When addressed to clients of the company from where this e-mail
originates ("the sending company ") any opinion or advice contained in
this e-mail is subject to the terms and conditions expressed in any
applicable terms of business or client engagement letter . The sending
company does not accept liability for any damage, loss or expense
arising from this e-mail and/or from the accessing of any files attached
to this e-mail.

Re: Possible Tomcat + Javascript + Internet Explorer Problem

2007-08-20 Thread David Smith 
Check your page output -- are the .. tags getting 
collapsed to ?  If so, try to put a comment in between to see 
if that helps prevent the collapse.  I remember having problems with 
collapsing script tags that load javascript from a separate file.


--David

redminator wrote:

I have some javascript code that creates a slide menu. It works fine both in
IE and Mozilla.

But, when I integrate that code in a page which I open from tomcat, the code
doesn't work anymore when I use IE. Still works fine with Mozila. I asked
this question on a javascript forum and they suggested I ask on a tomcat
forum. 


Any ideas?

Thanks a lot.
  



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

How to detect user logins

2007-08-20 Thread David Delbecq 
Hello,

I'm in a situation where i need some operations to be done upon user
login. The idea is, when a user access a secured area, it get's first
promped for http auth (security constraint, that part is working without
trouble), but when the user get authenticated, before giving user his
request result, request should be handled by a filter or alike that will
do various operations (like profile upgrade to new version in database,
eventually displaying an upgrade page for mandatory informations).

For now, the layout is
Filter that check userPrincipal. If user principal is not null for the
first time, issues that check, mark that user got checked for next
times, in session, and continue query.
However, if i could mark the session as "need upgrade" upon login, this
would make things, i think, easier to manage as filter would only need
to look for that "need upgrade" flag.

-- 
http://www.noooxml.org/


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat on FreeBSD

2007-08-20 Thread Ronald Klop 

What java version are you running?

Ronald.

On Fri Aug 17 16:00:41 CEST 2007 Tomcat Users List  
wrote:

Hi,

I have installed Tomcat 5.5.23_1 on FreeBSD 6.2. I have used Servlets a 
lot in the past but have not used ant. I am now trying to get this 
development environment to work. Following the basic portinstall of 
Tomcat on FreeBSD I did the following:


1. sudo cp /usr/local/tomcat5.5/server/lib/catalina-ant.jar 
/usr/local/share/java/apache-ant/lib


2. Made a sample project

3. set manager url in build.xml
http://localhost:8180/manager"/>

4. Chnage permissions in tomcat

cd /usr/local/tomcat5.5]
sudo chown -R www webapps

Once this was done I was able to compile the project and install it using:

ant
ant install

I did notice that it created a new directory in webapps with the new 
application. So far so good. If I try to install it again I get an 
error stating that it is already installed. Again, so far so good.


The problem that I have is if I make changes to the project and reload 
the application using


ant reload

I get the following output:
reload:
[reload] OK - Reloaded application at context path /hello

This looks ok. However, when I run it, the changes to the project do 
not show up. If I look into the directory under webapps, the changes 
have not been moved over. I have to manually copy the contents from my 
build to webapps under tomcat.


What I am doing wrong. I am sure that it is someting simple but do not 
seem to figure it out.


Thanks,
Arend



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Enable file downloads outside the application tree

2007-08-20 Thread David Delbecq 
If your OS allow it, use symbolic links + context->allowLinking=true
En l'instant précis du 20/08/07 07:49, Glenn McCall s'exprimait en ces
termes:
> Hi I have a bulletin board scenarion (i.e. people can download files =
> that others have uploaded).
>
> The easiest solution is to simply save the uploaded files within my =
> application's directory tree (e.g. .../webapps/myapp/files or similar). =
> The problem with this is that if I deploy a new version of the web app, =
> any previously uploaded files are nuked with the rest of the old version =
> as my new version is being deployed.
>
> My preferred solution is (at this point) to map the path "/myapp/files" =
> to another directory. To do this, I'm looking for a "mapping" entry to =
> put into my web.xml that would map the /myapp/files path to a directory =
> outside my tomcat server (e.g. /myapp/files -> /downloads or similar). =
> Unfortunately I just can't seem to find anything that would allow this =
> other than writing a servlet or creating a whole new application (I can =
> specify this alternate directory in the  element via the =
> docBase attribute) but it would be a whole new application and cause me =
> problems elsewhere.
>
> Can I achieve this with a "mapping" entry in my web.xml (or =
> context.xml)? And if so, how? Ideally this would return "correct" real =
> path for a call to ServletContext.GetRealPath ("myapp/files").
>
> Thanks
>
>   


-- 
http://www.noooxml.org/


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Possible Tomcat + Javascript + Internet Explorer Problem

2007-08-20 Thread David Delbecq 
2 possibilities. Either your IE is configured to refuse javascript from
the "internet area" and so you need to check your IE configuration,
Either your java script is playing with the urls and badly handles the
;JESSIONID=xxx  that tomcat add to your url if they have been made
using J2EE compliant url building code. Appart from the JSESSIONID,
tomcat should not alter in any way your queries.
En l'instant précis du 20/08/07 09:50, redminator s'exprimait en ces
termes:
> I have some javascript code that creates a slide menu. It works fine both in
> IE and Mozilla.
>
> But, when I integrate that code in a page which I open from tomcat, the code
> doesn't work anymore when I use IE. Still works fine with Mozila. I asked
> this question on a javascript forum and they suggested I ask on a tomcat
> forum. 
>
> Any ideas?
>
> Thanks a lot.
>   


-- 
http://www.noooxml.org/


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat SSL/HTTPS Performance vs Apache

2007-08-20 Thread Berglas, Anthony 
Has anyone done any performance analysis of Tomcat's SSL performance,
especially compared to Apache.  It is rumored that Tomcat is unusable
without Apache in front for SSL, but I wonder if that is true.  

Our application will have lots of clients making short connections, so
it is the RSA processing time that is critical.

Anthony

--
Dr Anthony Berglas 
Ph. +61 7 3227 4410
(Mob. +61 42 783 0248)
[EMAIL PROTECTED]; [EMAIL PROTECTED]

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Possible Tomcat + Javascript + Internet Explorer Problem

2007-08-20 Thread redminator 


I have some javascript code that creates a slide menu. It works fine both in
IE and Mozilla.

But, when I integrate that code in a page which I open from tomcat, the code
doesn't work anymore when I use IE. Still works fine with Mozila. I asked
this question on a javascript forum and they suggested I ask on a tomcat
forum. 

Any ideas?

Thanks a lot.
-- 
View this message in context: 
http://www.nabble.com/Possible-Tomcat-%2B-Javascript-%2B-Internet-Explorer-Problem-tf4297179.html#a12231478
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: mod_jk, Tomcat, Session, Servlets & Portlets

2007-08-20 Thread Benny Bräuer 
Hi Rainer,

I'm not using any Forward-JkOptions.
Thanks for the information about the session kinds, maybe I can use it
to manipulate the session manually.

-- 
Cheers,
Benny

Benny Bräuer
C3-Grid Developing @ Computing and Data Centre
Alfred-Wegener-Institute for polar and marine research
27570 Bremerhaven, Germany
--
"Do your work, then step back.
The only path to serenity."
 ~Lao Tzu - The Tao Te Ching

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]