Re: Problems with SSL-enabled Tomcat 5.5
HI, i im also having the same problem. java.io.IOException: Alias name aliasName does not identify a key entry. But i m not bale to over come it. I m using keytool not opessl. Please suggst me. thanks ,Bhuvan MP bajistaman wrote: So what you did was to create a new private key, CSR and then just follow the instructions from your CA and everything worked? Thanks, Johann -- View this message in context: http://www.nabble.com/Problems-with-SSL-enabled-Tomcat-5.5-tp12394044p22491455.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache/mod_jk serves random files from tomcat
We were not using APR. Since this was a live project I had no choice but switch to regular http proxy which doesn't work as well as AJP (speed/functionality) but is consistent. Alas, as much as I'd like to help with solving this issue, I wasn't able to reproduce in a test environment and the production environment is now live so I can't mess with it. Cheers! Yuval Perlov www.r-u-on.com On Mar 10, 2009, at 6:27 PM, Rainer Jung wrote: Hi Yuval, did you find out in the meantime, whether you were using the tcnative (aka APR) connector? Regards, Rainer On 19.02.2009 11:34, Yuval Perlov wrote: Just the swapping responses has me concerned. Thank you so much for the rest of your responses we will put them to good use once we give up on AJP completely. Yuval On Feb 18, 2009, at 8:45 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yuval, On 2/17/2009 1:48 PM, Yuval Perlov wrote: Is APR part of tomcat or apache [httpd]? APR is the Apache Portable Runtime. Technically, it's its own beast and is used by both httpd and Tomcat (optionally). If I am running on linux and have no .so files in my tomcat directory does that mean I have no APR installed? The Tomcat directory isn't the only place .so files could be located. Anywhere in the java.library.path is possible. If you have an AprLifecycleListener configured in your server.xml, then you are attempting to use APR. If you get a message in catalina.out on startup that says something like APR Configured or APR library not found then you have your answer. On a more positive note, we switched to proxy_http (after making the necessary code changes) and everything works now - no more mixed content. Of course we lost a lot of necessary functionality: 1. request.isSecure() doesn't work You can always use https :) 2. we don't know the server name we are hit with (since it is hard coded in httpd.conf) This should be an option in mod_proxy. Is it not? ProxyPreserveHost? 3. we have no access to the source IP (for geo location) Why not use mod_headers to convert the original IP address into an X-Original-IP header. Better yet, use the X-Forwarded-For header that should be set by default by mod_proxy. BTW - Am I the only one that is seriously worried that this kind of problem can even exist on a platform of this maturity? Which problem? The swapping-responses problem or everything else you've outlined about your inadequate configuration? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sqljdbc, integrated sql server authentication and multiple webapps
Not a real answer to your question, but you might want to have a look at the following :..AndréThanks for trying to help. Unfortunately, this isn't a browser application.. it's an XML application that runs on an IP phone so there are no user credentials.It's a corporate directory that everybody has access to (well, almost.. it's multicompany but the company is identified by phone). Needless to say that itwould be unacceptable if users had to enter a local machine account (for a machine they're not even supposed to have access to) to access the directory- it all needs to be handled server side and there needs to be one account (never exposed to anybody) that handles authentication for just the DB.The way the error presents makes me think that for some reason, the authentication lib cannot be found for the second app so that could potentially be Tomcat's fault.RegardsStephan
JSESSIONID hijacking
Hi list. I've got an issue which I would like to share with you guys. My webapp requires a user to login, which on his turn creates a session for that user. Now, when I browse my webapp the address bar shows the current URL with a JSESSIONID. Let's say: http://testweb/testpageaction.do;jsessionid=SD23SL4DE134ADFF565D If I execute this same URL in another machine, then I am able to browse my webapp, as if I was logged in. I expected the session to be invalid for this request. I've searched Google for jsessionid hijacking and found some ways to avoid jsessionid to appear in the URL, or at least to ignore jsessionid's passed by URL. However, as the jsessionid URL rewriting is defined in the servlet specification, I would expect this to be secure. Therefor I was wondering whether the hijacking is caused by a misconfiguration of Tomcat, my webapp or rather completely normal. I would really appreciate if someone could shed a light on this. P.S.: I'm using Tomcat 5.5.27 - jdk 1.5.0_15. Thanks in advance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JSESSIONID hijacking
jsessionid is the only way to indentity the user logined. if you get it ,you are this user. but? we can check others , for example IP! - Original Message - From: Pieter Temmerman ptemmerman@sadiel.es To: Tomcat Users List users@tomcat.apache.org Sent: Friday, March 13, 2009 5:15 PM Subject: JSESSIONID hijacking Hi list. I've got an issue which I would like to share with you guys. My webapp requires a user to login, which on his turn creates a session for that user. Now, when I browse my webapp the address bar shows the current URL with a JSESSIONID. Let's say: http://testweb/testpageaction.do;jsessionid=SD23SL4DE134ADFF565D If I execute this same URL in another machine, then I am able to browse my webapp, as if I was logged in. I expected the session to be invalid for this request. I've searched Google for jsessionid hijacking and found some ways to avoid jsessionid to appear in the URL, or at least to ignore jsessionid's passed by URL. However, as the jsessionid URL rewriting is defined in the servlet specification, I would expect this to be secure. Therefor I was wondering whether the hijacking is caused by a misconfiguration of Tomcat, my webapp or rather completely normal. I would really appreciate if someone could shed a light on this. P.S.: I'm using Tomcat 5.5.27 - jdk 1.5.0_15. Thanks in advance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSESSIONID hijacking
From: Pieter Temmerman [mailto:ptemmerman@sadiel.es] However, as the jsessionid URL rewriting is defined in the servlet specification, I would expect this to be secure. Why, out of interest? Therefor I was wondering whether the hijacking is caused by a misconfiguration of Tomcat, my webapp or rather completely normal. It's completely normal. Other frameworks have exactly the same features. Some form of magic number maps to a session; match the magic number and you match the session. Sometimes there's a different magic number to match a login, but that's just a different magic number that can be hijacked too. If you don't want eavesdroppers to be able to pick up your sessions, use SSL. If you don't want session IDs to appear in your URLs so that your users don't cut+paste them or save them in favourites, use cookies. But be assured that if someone can read the request your browser sends to the server, they can hijack your session. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: howto clear Tomcat 6.0 ServerInfo.properties ?
Thanks Mark, I want to avoid modifying the files in $CATALINA_HOME. But it seems that in this case the CLASSPATH has to be modified, to unzip the property file there, because unzipping to the common class loader dirtectory does not work. So I appended CLASSPATH=$CATALINA_BASE/system_class_loader:$CLASSPATH to $CATALINA_HOME/bin/setclasspath.sh and unzipped the propery file in the directory $CATALINA_BASE/system_class_loader. Now it works. Any suggestions to this solutions? I would appreciate not to change anything in $CATALINA_HOME, but the CLASSPATH is unset in catalina.sh as You know... Thanks again, Stephanie Original-Nachricht Datum: Thu, 12 Mar 2009 15:33:22 + Von: Mark Thomas ma...@apache.org An: Tomcat Users List users@tomcat.apache.org Betreff: Re: howto clear Tomcat 6.0 ServerInfo.properties ? Do the same thing but just unpack the jar to $CATALINA_HOME/lib common/classes and common/lib have been merged into $CATALINA_HOME/lib in Tomcat 6. -- Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: howto clear Tomcat 6.0 ServerInfo.properties ?
I mean what did not work was adding
common.loader=${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.base}/lib,${catalina.base}/lib/*.jar
to $CATALINA_BASE/conf/catalina.properties
and unzipping the SystemInfo.properties from
$CATALINA_HOME/server/lib/catalina.jar to
$CATALINA_BASE/lib/org/apache/catalina/util/
Thanks,
Stephanie
Original-Nachricht
Datum: Thu, 12 Mar 2009 15:33:22 +
Von: Mark Thomas ma...@apache.org
An: Tomcat Users List users@tomcat.apache.org
Betreff: Re: howto clear Tomcat 6.0 ServerInfo.properties ?
Do the same thing but just unpack the jar to $CATALINA_HOME/lib
common/classes and common/lib have been merged into $CATALINA_HOME/lib
in Tomcat 6.
Mark
--
Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen:
http://www.gmx.net/de/go/multimessenger01
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with LoadBalancing
On 13.03.2009 10:54, Toni Menendez Lopez wrote: Here is the trace with the error, from mod_jk.log with DEBUG mode, but I suspect where is the error... The thing is that I have 2 workers working one for JBOSS (MCDP) and one for TOMCAT(izonetv), and the thing is that in the call I do redirect from JBOSS to TOMCAT, and it seems that in the second request for tomcat the mod_jk still is trying to send the call to the MCDP worker. Any idea how can I do the configuration ? This is my worker : # Automatically Generated workers.properties file worker.list=MCDP,izonetv,status # MCDP LoadBalancer Definition worker.MCDP.balance_workers=MCDP-mifeas01_data,MCDP-mifeas02_data worker.MCDP.method=Session worker.MCDP.retries=1 worker.MCDP.sticky_session=1 worker.MCDP.sticky_session_force=1 worker.MCDP.type=lb # MCDP-mifeas01_data Node Definition worker.MCDP-mifeas01_data.connect_timeout=1 worker.MCDP-mifeas01_data.fail_on_status=404 worker.MCDP-mifeas01_data.host=mifeas01_data worker.MCDP-mifeas01_data.lbfactor=1 worker.MCDP-mifeas01_data.port=8109 worker.MCDP-mifeas01_data.reply_timeout=3 worker.MCDP-mifeas01_data.type=ajp13 # MCDP-mifeas02_data Node Definition worker.MCDP-mifeas02_data.connect_timeout=1 worker.MCDP-mifeas02_data.fail_on_status=404 worker.MCDP-mifeas02_data.host=mifeas02_data worker.MCDP-mifeas02_data.lbfactor=1 worker.MCDP-mifeas02_data.port=8109 worker.MCDP-mifeas02_data.reply_timeout=3 worker.MCDP-mifeas02_data.type=ajp13 # izonetv LoadBalancer Definition worker.izonetv.balance_workers=izonetv-mifeas01_data,izonetv-mifeas02_data worker.izonetv.method=Session worker.izonetv.retries=1 worker.izonetv.sticky_session=True worker.izonetv.sticky_session_force=1 worker.izonetv.type=lb # izonetv-mifeas01_data Node Definition worker.izonetv-mifeas01_data.connect_timeout=1 worker.izonetv-mifeas01_data.fail_on_status=404 worker.izonetv-mifeas01_data.host=mifeas01_data worker.izonetv-mifeas01_data.lbfactor=1 worker.izonetv-mifeas01_data.port=8009 worker.izonetv-mifeas01_data.reply_timeout=3 worker.izonetv-mifeas01_data.type=ajp13 # izonetv-mifeas02_data Node Definition worker.izonetv-mifeas02_data.connect_timeout=1 worker.izonetv-mifeas02_data.fail_on_status=404 worker.izonetv-mifeas02_data.host=mifeas02_data worker.izonetv-mifeas02_data.lbfactor=1 worker.izonetv-mifeas02_data.port=8009 worker.izonetv-mifeas02_data.reply_timeout=3 worker.izonetv-mifeas02_data.type=ajp13 # Status worker for managing load balancer worker.status.type=status Toni. You are confusing me. I thought you wanted to discuss a problem related to shutting down a passive cluster node. Not you are talking about a problem, whether a request gets send to the right Tomcat. The log says that the redirect goes to a URL starting with http://159.23.98.22/CDP311/... and everything that matches /CDP311/ is mounted to izonetv. So mod_jk tries to send via izonetv, but all members of this node are in error state. We don't know why, because those nodes seem to have gone into error earlier and you didn't include those parts of the log file. BTW: Please first update your mod_jk, because 1.2.23 is 2 years old, and when trying to help it's much easier to assume the latest stable behaviour. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSESSIONID hijacking
However, as the jsessionid URL rewriting is defined in the servlet specification, I would expect this to be secure. Why, out of interest? I don't know. It just seemed way to easy to hijack a session, so I supposed it must be secure. It's completely normal. Other frameworks have exactly the same features. Some form of magic number maps to a session; match the magic number and you match the session. Sometimes there's a different magic number to match a login, but that's just a different magic number that can be hijacked too. If you don't want eavesdroppers to be able to pick up your sessions, use SSL. If you don't want session IDs to appear in your URLs so that your users don't cut+paste them or save them in favourites, use cookies. But be assured that if someone can read the request your browser sends to the server, they can hijack your session. In my case cookies are created as well. By SSL, I suppose you mean client authentication with a certificate? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSESSIONID hijacking
From: Pieter Temmerman [mailto:ptemmerman@sadiel.es] I don't know. It just seemed way to easy to hijack a session, so I supposed it must be secure. Large portions of the web architecture are insecure by their original design. This makes security in web-based systems... erm.. a challenge :-). In my case cookies are created as well. OK. So why not rely entirely on the cookie rather than exposing the JSESSIONID in the URL at all? Or (most likely) have I got the wrong end of the stick here? By SSL, I suppose you mean client authentication with a certificate? No, I mean securing the connection by using https: rather than http:. Entirely server-side. At least that way, someone with a wiretap can't steal your session IDs off the wire. There's still a long way to go before you can prevent a different person using a different client from using a session ID that they happen to have obtained via (say) an eavesdropping plug-in on the user's browser, but it's a good start. Something to think about: No security will be 100%, not least because there are users involved and they're really remarkably good at leaving massive security holes in any technological solution - emailing their password to a colleague's Hotmail account, writing down login details on a Post-It or just leaving their computer unlocked as they nip to the loo. What security is good enough for your application? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JSESSIONID hijacking
2009/3/13 zhaoxueqing zhaoxueq...@g-data.com.cn: jsessionid is the only way to indentity the user logined. if you get it ,you are this user. but? we can check others , for example IP! But we can *still* do IP spoofing. Any other better recomendation? This issue is one of my concern also. -- Zaki Akhmad - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JSESSIONID hijacking
Just a word about associating a given session to one IP address, it works alright and sure is a security enhancement - not sure though if there are built-in support for that in tomcat though it can be implemented at application layer. The major drawback of doing so depends of your user's ISP IPs management i.e. some will change IP addresses quite frequently thus causing them to loose their session each time they'll be switched to a different IP. One would also have to think of network's artefacts such as proxies that may be shared by many users on customer's end - together with your own network architecture that may also prevent you from retrieving correctly originating IPs - re latest posts on request.getRemoteAddr() vs. request.getHeader(REMOTE_ADDR) - Joseph On Fri, Mar 13, 2009 at 12:18 PM, Peter Crowther peter.crowt...@melandra.com wrote: From: Pieter Temmerman [mailto:ptemmerman@sadiel.es] I don't know. It just seemed way to easy to hijack a session, so I supposed it must be secure. Large portions of the web architecture are insecure by their original design. This makes security in web-based systems... erm.. a challenge :-). In my case cookies are created as well. OK. So why not rely entirely on the cookie rather than exposing the JSESSIONID in the URL at all? Or (most likely) have I got the wrong end of the stick here? By SSL, I suppose you mean client authentication with a certificate? No, I mean securing the connection by using https: rather than http:. Entirely server-side. At least that way, someone with a wiretap can't steal your session IDs off the wire. There's still a long way to go before you can prevent a different person using a different client from using a session ID that they happen to have obtained via (say) an eavesdropping plug-in on the user's browser, but it's a good start. Something to think about: No security will be 100%, not least because there are users involved and they're really remarkably good at leaving massive security holes in any technological solution - emailing their password to a colleague's Hotmail account, writing down login details on a Post-It or just leaving their computer unlocked as they nip to the loo. What security is good enough for your application? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSESSIONID hijacking
From: Zaki Akhmad [mailto:zakiakh...@gmail.com] 2009/3/13 zhaoxueqing zhaoxueq...@g-data.com.cn: jsessionid is the only way to indentity the user logined. if you get it ,you are this user. but? we can check others , for example IP! Difficult, depending on your environment. Some ISPs run large proxy clusters, meaning that different requests can appear to come from different IP addresses. But we can *still* do IP spoofing. Any other better recomendation? Don't just use a non-varying shared secret (a password) as login information. Instead, use client certificate authentication (distributed by non-network means such as USB keys) and/or a SecurID token or similar. All of which pushes the cost of security to the point that the application may be unworkable. What is good enough for your application? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Path problem
popprem wrote: Hi, I'v really stuck with an issue. I have done a web program using struts framework. I have a plugin class there for which i have to pass a configuration file as parameter. That file is in webapps/Myapp/WEB-INF/ directory. So i mentioned relative path as ../webapps/Myapp/WEB-INF/conf.xml. it works fine if i download tomcat zip file extract it use. Bt if i download a .exe file (eg: Apache-tomcat-5.5.15.exe) run it to install use it, struts doesnt get that path. I'm really stuck with this prob. i need a way to specify path which works for both tomcat installations. Please help me to solve this prob. Note: I thought to check where a file creates if i create a file from my program. When the tomcat.zip is used i found the created test file is in bin directory of tomcat. That means tomcat defaultly points to bin directory, so the path to the config file ../webapps/Myapp/WEB-INF/conf.xml. works fine. When i used tomcat.exe installed tomcat in my machine run the program,i found that the test file i created in my code level was in windows/system32/ directory. so in this case tomcat doesnt defaultly points to the bin directory i guess. hope this helps to give me a good answer. Thanks in advance. Check the docs for your plugin to see if there's any other way of expressing the path to your config file. The standard method of reading any file in a webapp is to use ServletContext.getResourceAsStream() to get an input stream and then use that to read the file. Doing that, the path would be /WEB-INF/conf/.xml. I'd be surprised of a Struts plugin doesn't accept something like that. --David - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: howto clear Tomcat 6.0 ServerInfo.properties ?
From: Stephanie Wullbieter [mailto:swu...@gmx.de]
Subject: Re: howto clear Tomcat 6.0 ServerInfo.properties ?
I would appreciate not to change anything in $CATALINA_HOME,
but the CLASSPATH is unset in catalina.sh as You know...
That's because setting CLASSPATH for Tomcat is pretty much always a bad idea.
You still haven't explained why you think it's necessary to update
ServerInfo.properties at all. If you want to differentiate multiple Tomcat
instances, the value of ${catalina.base} would seem to suffice.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Path problem
From: popprem [mailto:popp...@gmail.com] Subject: Path problem David answered the critical part of your question, but I thought I'd take a crack at the rest. That means tomcat defaultly points to bin directory Tomcat doesn't defaultly [sic] point to anything. The current directory of the process you used to start Tomcat when using the script happened to be Tomcat's bin directory - but that's just the way you're using the script, not a Tomcat requirement. When i used tomcat.exe installed tomcat in my machine run the program,i found that the test file i created in my code level was in windows/system32/ directory. Because that's the default current directory for services. It's almost always a bad idea to depend on the current directory setting in a complex server environment; if you must have a file system path to something, better to use one based off a system property. In your case, the getResourceAsStream() method is much preferred, since it elinates any file system dependencies. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: howto clear Tomcat 6.0 ServerInfo.properties ?
Caldarale, Charles R:
You still haven't explained why you think it's necessary to update
ServerInfo.properties at all. If you want to differentiate multiple
Tomcat instances, the value of ${catalina.base} would seem to
suffice.
My guess would be that she wants to hide Tomcat version information from
Tomcat's error pages. Some people think that this increases security
somehow. I'm not sure, why.
Regards
mks
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cofiguring tomcat for trial certificate by trusted authorities like verisign not working.
From: Bhuvanesh Pattanashetti [mailto:bhuva...@gmail.com] Subject: Re: Cofiguring tomcat for trial certificate by trusted authorities like verisign not working. - no i m not using keystore. snip I have generated the keystore using keytool. Please reconcile the above two statements. Also, answer the question: are you using APR? (Do you have tcnative-1.dll in Tomcat's bin directory?) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: howto clear Tomcat 6.0 ServerInfo.properties ?
Stephanie Wullbieter:
I mean what did not work was adding
common.loader=${catalina.home}/lib,${catalina.home}/lib/*.jar,${catalina.base}/lib,${catalina.base}/lib/*.jar
to $CATALINA_BASE/conf/catalina.properties
and unzipping the SystemInfo.properties from
$CATALINA_HOME/server/lib/catalina.jar to
$CATALINA_BASE/lib/org/apache/catalina/util/
Seems to me that this is to be expected, since ${catalina.base}/lib
is searched *after* ${catalina.home}/lib/*.jar (i. e. after
catalina.jar) when common.loader is set as above.
Regards
mks
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: howto clear Tomcat 6.0 ServerInfo.properties ?
From: Markus Schönhaber [mailto:tomcat-us...@list-post.mks-mail.de] Subject: Re: howto clear Tomcat 6.0 ServerInfo.properties ? My guess would be that she wants to hide Tomcat version information from Tomcat's error pages. Then setting the server attribute of the Connector element and providing custom error pages would seem to be a whole lot easier and more robust. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] RE: Max Number of users
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gregor, On 3/12/2009 11:24 AM, Gregor Schneider wrote: www.tele-underwriting.de Aw, you don't even give major version number for Apache httpd. Netcraft will be so sad :( Generator: 10 fingers and some brain Cute. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6ZssACgkQ9CaO5/Lv0PDNeACeM5C5EHVXxnKRrIoziZJOlZEP rZcAoLDtOCghDOi6z4pSU9EkR6ZW3M8f =j65f -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: howto clear Tomcat 6.0 ServerInfo.properties ?
Thanks Markus,
setting
common.loader=${catalina.base}/lib,${catalina.base}/lib/*.jar,${catalina.home}/lib,${catalina.home}/lib/*.jar
and unzipping to ${catalina.base}/lib did solve it.
Greetings,
Stephanie
Original-Nachricht
Datum: Fri, 13 Mar 2009 14:32:20 +0100
Von: Markus Schönhaber tomcat-us...@list-post.mks-mail.de
An: users@tomcat.apache.org
Betreff: Re: howto clear Tomcat 6.0 ServerInfo.properties ?
Stephanie Wullbieter:
I mean what did not work was adding
to $CATALINA_BASE/conf/catalina.properties
and unzipping the SystemInfo.properties from
$CATALINA_HOME/server/lib/catalina.jar to
$CATALINA_BASE/lib/org/apache/catalina/util/
Seems to me that this is to be expected, since ${catalina.base}/lib
is searched *after* ${catalina.home}/lib/*.jar (i. e. after
catalina.jar) when common.loader is set as above.
Regards
mks
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen:
http://www.gmx.net/de/go/multimessenger01
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Servlet mapping issue
Hello to everyone, I've developed a tree menu which uses a Servlet and AJAX posts. I've exported it as a jar and now I want to include it in another webapp. The problem is that this webapp cannot reach the servlet obviously because it's not mapped in web.xml. Here's my question Is it possible to add a servlet mapping which points directly to the servlet contained in the .jar file of my tree menu? Thanks Sergio -- *I.M.I.N. Holding s.r.l.* Sergio Arrighi sergio.arri...@iminholding.com mailto:sergio.arri...@iminholding.com Cell. 3455805121 Vicolo Molino, 2 21052 Busto Arsizio Varese Tel. +39 0331324679 Fax. +39 0331324678 www.iminholding.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sqljdbc, integrated sql server authentication and multiple webapps - only the first app can connect
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephan, On 3/10/2009 5:07 AM, Stephan Steiner wrote: The first application to make a connection to the database succeeds in doing so and it will have access to the DB until I stop it (or stop tomcat). The second app to try and access the database can never connect and gets the error you get when sqljdbc_auth.dll is not in the path. If you're using a native library (sqljdbc_auth.dll), you must be using a Java wrapper that loads the library and then puts calls through to it. I wonder if you are putting the JNI wrapper in your webapp's lib directory and that's trying to double-initialize the DLL. The DLL file should have come with a JAR file, too. Where do you have that JAR file installed? If you have it once per webapp, your problem is probably double-init. Try moving the JAR file that came with the DLL into Tomcat's lib directory (that is, $CATALINA_BASE/lib). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6aU0ACgkQ9CaO5/Lv0PACsgCfTw4K6KHIYYRMZbjidgQksBgm KP8AoIwTqUipDW/Sc37/BZONVzxANzPB =Q5BK -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: Cookie not being set
Andromeda Mobile wrote: Thanks guys for your help. By moving the jsp include to the head of the document I was able to get the set cookie working so it was to do with the fact that the cookie needed to be sent before any other output was streamed. Just my didactic streak at play : Think of it this way : A HTTP response looks like this : 200 OK (HTTP status line) header line 1 header line 2 ... more header lines, like Set-Cookie: .. (one blank line) Content ... On the wire, the 200 OK is the first one to go out, followed by the first header line, etc. Tomcat composes the status line and the header lines, but holds on to them as long as it can, while it is creating the content. As long as it has not yet output the first byte of the content, you can still change the headers. But as soon as Tomcat has to output the first byte of the content, it has to output the status line, and the header lines, and the blank line first, before the first content byte. Thus, as soon as the first content byte goes out, the headers are already out, and it is too late to change them. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Lazy Virtual Hosting?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 3/10/2009 9:27 PM, Caldarale, Charles R wrote:
From: Gregor Schneider [mailto:rc4...@googlemail.com]
Subject: Re: Lazy Virtual Hosting?
However, since I'll have to use Authentication (see my other post),
thus needing SSL, I guess I have to setup a HTTP-Connector for each
of them.
If you really want to have a separate Connector for each site with
no potential for cross-talk, you'll actually need a separate Service
element for each. Alternatively, a Valve at the Engine level would
probably suffice to prevent mixing of IP addresses and site names.
Another potential reason for using separate Connectors is to
(somewhat) guarantee availability of each of your webapps. If you have
an Executor with 100 threads available, a single webapp('s users) can
consume all the threads and (temporarily) starve the other webapps.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkm6aywACgkQ9CaO5/Lv0PCzAQCfQlwPKYXOn/uyrZW3WcWJZl0l
BZQAn3omVt3HGzeKxmd9m5sIOtWYfZja
=IIQw
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Servlet mapping issue
From: Sergio Arrighi [mailto:sergio.arri...@iminholding.com] Subject: Servlet mapping issue Here's my question Is it possible to add a servlet mapping which points directly to the servlet contained in the .jar file of my tree menu? Well... yes. Servlet mapping is explained in the servlet spec, and there are numerous examples that ship with Tomcat. Is there more to your question? Perhaps some constraints that you haven't mentioned? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] RE: Max Number of users
Chris, On Fri, Mar 13, 2009 at 2:59 PM, Christopher Schultz ch...@christopherschultz.net wrote: Generator: 10 fingers and some brain Cute. I do have the copyright on that one, however, I put it under the GPL - ooops - did I say GPL? I mean Apache License 2.0 ;) Regds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gregor, On 3/10/2009 5:44 PM, Gregor Schneider wrote: Mark, On Tue, Mar 10, 2009 at 8:23 PM, Mark Thomas ma...@apache.org wrote: Ditch FORM auth, use DIGEST. I'm afraid I don't see how to combine DIGEST with a Login-form - and that's a customer request. Then you're out of luck. The only workarounds I've ever heard are to use some javascript tricks to hash or encrypt the username and/or password before it's sent to the server. Of course, this technique actually /reduces/ the security to zero because either replay attacks are trivial or the encryption keys are found in the javascript code. Duh. I know that SecurityFilter is quite a handy tool, however, that doesn't support Tomcat's SSO-functionality yet (?). Correct. It also doesn't support FORM auth with anything but plaintext j_password parameters. I guess I can live with an unencrypted SessionID since our sites are not that important as to expect any session-hijacking (btw., does Tomcat check if the SessionID maps to a certain IP?). No. But securityfilter's cvs head contains a filter that does just that. You can use it completely independently of securityfilter if you want to borrow it from the project. ;) What is important is performance - therefore I tend to not use SSL except for the LoginForm. Looks like we have to get a few certs then. I would give your customer the choice: no cert (less money) but you have to use DIGEST auth ; versus use form auth and buy an SSL cert. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6bKEACgkQ9CaO5/Lv0PCSigCgu5sIRcpHaR97j2sDDJzHcVz5 4xEAoJE6nrwCHFKEYfCNmeAjnfBJzIer =D8C3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 3/10/2009 3:24 PM, Caldarale, Charles R wrote: From: Gregor Schneider [mailto:rc4...@googlemail.com] Subject: j_security_check SSL is there any way to achieve encryption for the Login-process without a valid SSL-cert? Note that if the login is performed under HTTPS, the generated session is only for HTTPS; falling back to HTTP will result in use of a different session object. Just to be clear, it's the session creation that is sensitive to SSL, not the actual login (authentication step). If your session exists and is visible to non-secure communications before authentication, then it will also be so after authentication. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6bPoACgkQ9CaO5/Lv0PACKQCfRYLd0qS2v84xckUW0Tpk/y2g +y4AnjJR9ny4mWd7RdBPJjhE8CRS7GXp =Deaf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: howto clear Tomcat 6.0 ServerInfo.properties ?
Caldarale, Charles R: From: Markus Schönhaber My guess would be that she wants to hide Tomcat version information from Tomcat's error pages. Then setting the server attribute of the Connector element and providing custom error pages would seem to be a whole lot easier and more robust. Of course. As I said before, I don't know why some people think they increase security by messing around with server.properties. I've once seen an article about Tomcat security somewhere on the net which did propose this. Maybe that's the reason. Regards mks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat for Dummies
From: Ken Bowen [mailto:kbo...@als.com] Subject: Re: Tomcat for Dummies I believe (but do not know -- Chuck, Mark??) that Tomcat essentially creates a (new or recycled) thread in which to run contextDestroyed . Looks like it's actually the thread that processes the request for the Tomcat manager app that calls contextDestroyed() (and contextIntitialized() when restarting); no new threads are spawned or picked up out of the pool. (Verified by setting maxThreads=1 and displaying the thread name in the listener.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cofiguring tomcat for trial certificate by trusted authorities like verisign not working.
Ohh i was sorry for the above two statement. :( I m using the keystore. (Keytool) and i m not using APR. thanks. Bhuvan On Fri, Mar 13, 2009 at 7:00 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Bhuvanesh Pattanashetti [mailto:bhuva...@gmail.com] Subject: Re: Cofiguring tomcat for trial certificate by trusted authorities like verisign not working. - no i m not using keystore. snip I have generated the keystore using keytool. Please reconcile the above two statements. Also, answer the question: are you using APR? (Do you have tcnative-1.dll in Tomcat's bin directory?) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/11/2009 6:33 AM, André Warnier wrote: And if it asks to undeploy itself, is it not like pulling the carpet from under its own feet? It's more like asking a parent to pull the rug, but, yes, that's basically what you're doing. I mean, this webapp is running, and even after asking the Manager to undeploy itself (meaning its whole shebang of classes and libs will be erased from the disk), it should be able to still stop itself cleanly. What if that requires a class that would have to be loaded from its own WEB-INF/classes dir, which may not be there anymore ? When undeploying a webapp, no new requests will be sent to it, all currently-processing requests are allowed to complete, and then a whole series of things happen to take the webapp out of service. Consider reading all of SRV.10 of the servlet specification. It's quite readable (not legalese or mathematical proofs or anything) and gives you a lot of good information. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6cAwACgkQ9CaO5/Lv0PAOywCeOfRVhb+De+NraBwStFCOKc1u 8nMAnjYlh6jsjzKhiWZB60KwyyBkiNq8 =Rm3X -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check SSL
Hi guys. I'm following this loosely, along with some other threads. There is another one going on right now which also talks about authentication, hijacking JSESSIONID etc.. Gregor, what is not very clear to me, and maybe you want to do a wrapup, is what exactly you are - and are not - trying to achieve. For example, /why/ you want the users to login, and /if/ you want this one login to be valid for your 4 websites/applications (say convenience SSO) or not. And /if/ you want that one user, having logged-in once today, should be able to re-access the same application later on without re-logging in, if in the meantime he went to have a long lunch, or closed his browser etc.. Or if you want a login just to block robots from accessing the site, or if you want a login just so that you can track a user for reasons of statistics and so on. From earlier explanations, it does not seem that you really have any confidential information to protect, nor that you are too worried about someone hijacking a user session etc.. And, if you want users to login, how are you giving them a user-id and password to login ? I'm just mentioning all this because I generally get the feeling that you are not too hot on using HTTPS and CA certificates on all these sites, and maybe you don't really need to, for what you want to achieve. Unless I am mistaken, I don't think that using HTTPS in order to protect the user-id/password from eavesdropping by some miscreant, you necessarily have to have a Verisign certificate for each site. Again unless I am mistaken, a CA-signed certificate is meant to be used to reassure the client that he is really talking to the server you say you are, and not some other impersonating phishing site. But it is not a prerequisite for simply making a connection through HTTPS. Or ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tcnative-1.dll
Hi, all How can I tell for sure that tcnative-1.dll is used by tomcat ? System is Windows 2003 SP2, Tomcat 5.5.20, JDK 1.5.0_11, tcnative-1.dll used is 1.1.12 Tomcat is started as a service. File tcnative-1.dll is placed in directory mentioned within -Djava.library.path =... in registry. If it's not in this directory there is a warning in stdout.log(which is the only one used for logging). (can't find... tcnative-1.dll... ), but when it's placed in the directory, there is no message about it's loading (as stated in http://tomcat.apache.org/native-doc/). Difference in version behaviour, or...? Best Regards, YANKO MARKOV LTS BULGARIA - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tcnative-1.dll
Check your stdout (or catalina.out), it should have something like org.apache.coyote.http11.Http11AprProtocol init. Http11AprProtocol means you use APR, Http11Protocol -- no. -Original Message- From: markov.ya...@neftochim.bg [mailto:markov.ya...@neftochim.bg] Sent: Friday, March 13, 2009 5:44 PM To: users@tomcat.apache.org Subject: tcnative-1.dll Hi, all How can I tell for sure that tcnative-1.dll is used by tomcat ? System is Windows 2003 SP2, Tomcat 5.5.20, JDK 1.5.0_11, tcnative-1.dll used is 1.1.12 Tomcat is started as a service. File tcnative-1.dll is placed in directory mentioned within -Djava.library.path =... in registry. If it's not in this directory there is a warning in stdout.log(which is the only one used for logging). (can't find... tcnative-1.dll... ), but when it's placed in the directory, there is no message about it's loading (as stated in http://tomcat.apache.org/native-doc/). Difference in version behaviour, or...? Best Regards, YANKO MARKOV LTS BULGARIA - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tcnative-1.dll
Check catalina.out (or whatever file your Tomcat is logging to). I get the following in Unix when not using the APR, you should get a similar message in Windows or a message indicating that the APR was found and loaded. INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /opt/pdsdk/openssl/lib:/opt/pdsdk/apr/lib:/opt/pdsdk/apr-util/lib::/usr/ java/jdk1.6.0_07/jre/lib/amd64/server:/usr/java/jdk1.6.0_07/jre/lib/amd6 4:/usr/java/packages/lib/amd64:/lib:/usr/lib Mar 12, 2009 1:42:40 PM org.apache.coyote.http11.Http11Protocol init -Jorge -Original Message- From: markov.ya...@neftochim.bg [mailto:markov.ya...@neftochim.bg] Sent: Friday, March 13, 2009 10:44 AM To: users@tomcat.apache.org Subject: tcnative-1.dll Hi, all How can I tell for sure that tcnative-1.dll is used by tomcat ? System is Windows 2003 SP2, Tomcat 5.5.20, JDK 1.5.0_11, tcnative-1.dll used is 1.1.12 Tomcat is started as a service. File tcnative-1.dll is placed in directory mentioned within -Djava.library.path =... in registry. If it's not in this directory there is a warning in stdout.log(which is the only one used for logging). (can't find... tcnative-1.dll... ), but when it's placed in the directory, there is no message about it's loading (as stated in http://tomcat.apache.org/native-doc/). Difference in version behaviour, or...? Best Regards, YANKO MARKOV LTS BULGARIA - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Servlet mapping issue
Hi! Thanks for the really quick answer. It's probabily something really basic to do, but I'm a newbie and I'm not able to do it: I have an application (lets call it APP1) and it's organized like this: APP1 - WEB-INF +++ lib . myJar.jar (contains the package org.imin.treemenu) -.-.-.-.-.-.-.-..-.-.-.-.-.-.-.- myServlet (org.imin.treemenu.TreeMenuServlet) - web.xml Now I need to register _myServlet_ in the deploy descriptor and I write these lines in web.xml: servlet description/description display-nameTreeMenuServlet/display-name servlet-nameTreeMenuServlet/servlet-name servlet-classorg.imin.treemenu.TreeMenuServlet/servlet-class /servlet servlet-mapping servlet-nameTreeMenuServlet/servlet-name url-pattern/TreeMenuServlet/url-pattern /servlet-mapping When I try my application and I click on the button which make an AJAX post request on this servlet the browser returns an error (404 not found) Sorry to bother but I'm new! Thanks Sergio Caldarale, Charles R ha scritto: From: Sergio Arrighi [mailto:sergio.arri...@iminholding.com] Subject: Servlet mapping issue Here's my question Is it possible to add a servlet mapping which points directly to the servlet contained in the .jar file of my tree menu? Well... yes. Servlet mapping is explained in the servlet spec, and there are numerous examples that ship with Tomcat. Is there more to your question? Perhaps some constraints that you haven't mentioned? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- *I.M.I.N. Holding s.r.l.* Sergio Arrighi sergio.arri...@iminholding.com mailto:sergio.arri...@iminholding.com Cell. 3455805121 Vicolo Molino, 2 21052 Busto Arsizio Varese Tel. +39 0331324679 Fax. +39 0331324678 www.iminholding.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, I think it will help to give you perl analogies to everything. Here goes. On 3/11/2009 6:00 AM, André Warnier wrote: - we have a JVM This is the 'perl' binary. - inside the JVM, we have a Tomcat This is the perl script you're executing. If you ran 'perl tomcat.pl' from the command line, this is roughly what you'd get. - then inside Tomcat, we have webapps Here's where the analogy breaks down a bit, and why it may be a bit confusing for you. Let's say that tomcat.pl can run arbitrary /other/ scripts for you. These arbitrary scripts are long-running (days, months, etc.), and then communicate their status back to tomcat.pl (through whatever means) and can accept commands (like 'stop' or 'handle this request') from tomcat.pl. You could also think of a webapp like a set of perl scripts deployed into httpd, except that they are always loaded into memory, even when not actively servicing requests (you can ignore mod_perl's likelihood of being cached, etc.). It's already getting more mysterious there for me, but I resolve this intellectually by imagining that a webapp is just a subroutine which Tomcat runs from time to time, in response to a HTTP request for example. Essentially, yes. In our perl analogy, tomcat.pl owns all the network connections and accepts all the requests. Once it decides which script should be the target, it does some housekeeping and then delegates the handling of the request to one of these long-running scripts. Folks from the LAMP world sometimes get tripped up here because of the threading involved. With httpd, a request it typically handled by an httpd process, a script is started (perl, php, whatever), and runs to completion, at which point the script dies and httpd goes back to waiting for a request. The webapp equivalent is roughly equivalent except that the script continues to live-on in memory along with all the other scripts that are part of the webapp. They can share data and even communicate (through app-created threads) when there are no requests to be processed. A Java webapp is a much more cohesive and dynamic beast than a collection of scripts that mostly do not interact with each other (other than maybe sharing a database). So a webapp in fact is Tomcat, in the sense that when it runs it does so as an integral part of the Tomcat process. So much so that if a webapp were to execute a system.exit(), it would take the whole Tomcat (and JVM) with it. Yes ? I would agree that your conclusion is correct (i.e. System.exit takes down the whole JVM, excepting Mark's comments) but I think your summary is not: Tomcat is /not/ the webapp. Tomcat is a webapp /container/ (that's the technical term, actually). Saying that Tomcat is the webapp is like saying that Microsoft Windows /is/ dwm.exe because its the thing that you interact with (and dwm can ask the OS to shut down). Actually, the dwm example is pretty good because you /can/ kill dwm and still have the OS run. dwm is like the manager app: it can start other webapps (double-click an icon to launch), shut them down (click the X button), and even kill itself (try killing dwm.exe). If it commits suicide, the other webapps stay running. You can even restart the manager app (not sure exactly how to do this, but it's possible in theory) just like you can restart dwm. The analogy gets better because dwm accepts much of the input from the user (like requests from remote users of webapps) and delegates most of it to the running application. Okay, I'll put an end to this because I'm sure it will get out of hand pretty soon. My next question in this rubrique will be about what individual webapps really share at the deep-down level, considering that they are all in the end issued from the same JVM process. This is all done using standard Java stuff and it pretty much all comes down to ClassLoaders (gasp!). Without using JNI, you can't do anything that's outside of the ClassLoader and the heap. When Tomcat deploys a webapp, it creates a ClassLoader for that webapp that tries to load all classes from that webapp's WEB-INF/classes filter and JAR files within WEB-INF/lib. Anything not found will be delegated /up/ the ClassLoader hierarchy until it gets back to the root ClassLoader (which loads things like java.lang.Object, etc.). Classes loaded in this ClassLoader are only visible to this webapp. Static data (class members with the keyword static) is separate from any other webapp's same static data, even with the same class name. An example is a singleton (a class that should only have a single object created from it at runtime). If you have a singleton class and it's in both webappA/WEB-INF/classes /and/ webappB/WEB-INF/classes, then the two singletons are distinct, cannot communicate, etc. Technically, they are different classes because a class is defined by: a) the ClassLoader that loaded it and b) its fully-qualified class name, including package.
Re: j_security_check SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/13/2009 10:38 AM, André Warnier wrote: Unless I am mistaken, I don't think that using HTTPS in order to protect the user-id/password from eavesdropping by some miscreant, you necessarily have to have a Verisign certificate for each site. Correct. You need to use an SSL cert, but it doesn't need to be signed by a widely-trusted certificate authority. Again unless I am mistaken, a CA-signed certificate is meant to be used to reassure the client that he is really talking to the server you say you are, and not some other impersonating phishing site. Again, correct. But it is not a prerequisite for simply making a connection through HTTPS. Right, but it /is/ a prerequisite for most users not getting a scary UNTRUSTED SECURITY CERTIFICATE warning. It's too bad that, with the introduction of EV certs, the big CAs aren't just giving-away the old certs. Or, offering a super-low-cost certificate that says this is really only good for channel encryption, we didn't do any checking into the legitimacy of this organization. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6eHYACgkQ9CaO5/Lv0PC3YQCgtNnSZoK+9MrVZYD5zrfJ65mo g3kAn0h4yitFysnid4jq6dN70CRC7Ad0 =IsQQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Lazy Virtual Hosting?
Chris,
On Fri, Mar 13, 2009 at 3:18 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
Another potential reason for using separate Connectors is to
(somewhat) guarantee availability of each of your webapps. If you have
an Executor with 100 threads available, a single webapp('s users) can
consume all the threads and (temporarily) starve the other webapps.
That's a very interesting thought - thanks for that one!
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Servlet mapping issue
What's in your access-log? Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.x Proxy Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex, On 3/11/2009 9:03 AM, Alexander Diedler wrote: We have a Tomcat Application, which has to communicate through a Proxy Server with authentication. Should be the authentication done in the Java Class or it is possible to configure Tomcat for Proxy Authentication? What are you using to open your communication channel to the proxy server? Tomcat does not provide any classes for you to do so. Presumably, you are using httpclient or URLConnection or something like that. If the former, check their documentation. If the latter, google for java proxy configuration or java proxy setup and you'll find lots of documentation on how to tell /Java/ (not Tomcat) to use a proxy for HTTP connections. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6eaoACgkQ9CaO5/Lv0PCLLQCdHTlPfswxbtZigTPVgOwn94Ny eSsAn0OLijmMWuH/E5XPfkc4maKkgZ5A =2Gc/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tcnative-1.dll
From: markov.ya...@neftochim.bg [mailto:markov.ya...@neftochim.bg] Subject: tcnative-1.dll If it's not in this directory there is a warning in stdout.log(which is the only one used for logging). (can't find... tcnative-1.dll... ), but when it's placed in the directory, there is no message about it's loading (as stated in http://tomcat.apache.org/native-doc/). That's characteristic of the 2.5-year old Tomcat you're running; newer ones put a positive message in the logs when APR is being used. Your lack of a negative message is the only indication you'll get on such an old level. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tcnative-1.dll
markov.ya...@neftochim.bg: How can I tell for sure that tcnative-1.dll is used by tomcat ? System is Windows 2003 SP2, Tomcat 5.5.20, JDK 1.5.0_11, tcnative-1.dll used is 1.1.12 Tomcat is started as a service. File tcnative-1.dll is placed in directory mentioned within -Djava.library.path =... in registry. If it's not in this directory there is a warning in stdout.log(which is the only one used for logging). (can't find... tcnative-1.dll... ), but when it's placed in the directory, there is no message about it's loading (as stated in http://tomcat.apache.org/native-doc/). Difference in version behaviour, or...? It was not that long ago that Chuck proved me wrong, so I could easily remember that this question was asked recently: http://marc.info/?l=tomcat-userm=123326323910806w=2 Bottom line for Tomcat 5.5: if the native lib is found, no message will appear in the logs. Only failure to load it will be logged. Tomcat 6.0 will print out information in either case. Regards mks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat for Dummies
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Tomcat for Dummies You can even restart the manager app Nit picking: probably not. It looks like the manager app does all the work of starting and stopping other webapps, so there doesn't appear to be any threads running around to do the work for you. You could have some other app restart the manager, but then you've basically just reimplemented the manager. Auto-deploy is probably the only other means of restarting the manager. When Tomcat deploys a webapp, it creates a ClassLoader for that webapp that tries to load all classes from that webapp's WEB-INF/classes filter and JAR files within WEB-INF/lib. Such loading actually only occurs when needed, not at deployment, other than for listeners and servlets marked as load-on-startup. Consequently, missing classes may not be found for quite some time. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Servlet mapping issue
Sergio Arrighi wrote: Hi! Thanks for the really quick answer. It's probabily something really basic to do, but I'm a newbie and I'm not able to do it: I have an application (lets call it APP1) and it's organized like this: APP1 - WEB-INF +++ lib . myJar.jar (contains the package org.imin.treemenu) -.-.-.-.-.-.-.-..-.-.-.-.-.-.-.- myServlet (org.imin.treemenu.TreeMenuServlet) - web.xml Now I need to register _myServlet_ in the deploy descriptor and I write these lines in web.xml: servlet description/description display-nameTreeMenuServlet/display-name servlet-nameTreeMenuServlet/servlet-name servlet-classorg.imin.treemenu.TreeMenuServlet/servlet-class /servlet servlet-mapping servlet-nameTreeMenuServlet/servlet-name url-pattern/TreeMenuServlet/url-pattern /servlet-mapping When I try my application and I click on the button which make an AJAX post request on this servlet the browser returns an error (404 not found) Sorry to bother but I'm new! Thanks Sergio Caldarale, Charles R ha scritto: From: Sergio Arrighi [mailto:sergio.arri...@iminholding.com] Subject: Servlet mapping issue Here's my question Is it possible to add a servlet mapping which points directly to the servlet contained in the .jar file of my tree menu? Well... yes. Servlet mapping is explained in the servlet spec, and there are numerous examples that ship with Tomcat. Is there more to your question? Perhaps some constraints that you haven't mentioned? - Chuck What URL is your AJAX posting to? Also take a look at your logs for any relevant messages. Maybe there was a problem setting up your servlet. The servlet mapping looks good as you defined it in your webapp's WEB-INF/web.xml file. --David - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check SSL
Chris,
On Fri, Mar 13, 2009 at 3:26 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
Just to be clear, it's the session creation that is sensitive to SSL,
not the actual login (authentication step). If your session exists and
is visible to non-secure communications before authentication, then it
will also be so after authentication.
Well, I believe this scenario is quite unlikely, since the login-form
(running as https) usually is the first page to be displayed.
Let me twist your words a bit ;)
If the session is created *after* the login-form, that means it's
created while using HTTP, there shouldn't be any problems left except
for the Session-Cookies which might be hijacked, right?
So would following scenario work?
- login using form-based login via https
- when successful:
HttpSession session = request.getSession();
// guess that shoudln't happen
if (session != null) {
session.invalidate();
}
session = request.getSession (true);
Looks ok to me - you comments?
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Servlet mapping issue
From: Sergio Arrighi [mailto:sergio.arri...@iminholding.com] Subject: Re: Servlet mapping issue When I try my application and I click on the button which make an AJAX post request on this servlet the browser returns an error (404 not found) For initial testing, take AJAX out of the picture; just enter the URL for the servlet in the browser's address bar and see if you get a response (or use wget or curl or equivalent): http://server/APP1/TreeMenuServlet As others have stated, definitely look in the logs for any problem reporting. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
Hi. I hadn't had a chance yet to thank the various people here for having the patience and persistence to explain to this dummy what must be rather evident to experts. I do so now, profusely. It was very informative and rather clear. I also gather that some of the details were not necessarily so evident to the experts either, before they themselves went digging in the code. I have read the Servlet Specs section 10. I can't say I enjoy it particularly, the reason being that at just about every line it refers to some probably basic Java or servlet server knowledge that unfortunately I do not have yet, so it is sometimes to me rather cryptic. It is so however, that the Specs plus your explanations together really make this a lot easier to grasp. Just one tiny aspect remains, no longer mysterious but just a bit hazy still. It does have to do also with my lack of Java knowledge still. Thus a servlet which is part of a webapp asks the Manager for it (the webapp) to be undeployed. As a consequence, Tomcat no longer accepts new requests for that webapp, and starts the process of stopping it and undeploying it. If the webapp defined a ServletContextListener, this thing 's ContextDestroy function will be called, once, by Tomcat, the idea being that this is a warning like watch it, you are being stopped and undeployed. Tomcat basically does not care after that if the webapp really does anything with the warning, but it waits a reasonable time (some tens of seconds possibly) for any currently active servlets of that webapp to have a chance to finish up and return. After this time has passed, if any servlets of the webapp were still active, Tomcat would forcefully kill them off (how it does that I don't know, but I really don't need or want to know that). What I still do not know is the following : suppose there are 3 active servlets (processing requests) at the moment the request to undeploy is issued by one of them. The servlet issuing the undeploy request knows that it has asked for it, so it can take any appropriate measures to terminate itself cleanly and quickly. Which leaves the other two (I am using two intentionally, because there is only one call to the ServletContextListener; it avoids cheating). How do they know ? There must be something that the ContextDestroy function does, which allows /both/ of these servlets to find out (if they check) that they have only a limited time to live, and to hurry to close themselves down properly, even if they would otherwise be busy for another couple of minutes for instance. Would that be like positioning some variable somewhere, accessible to all the servlets belonging to that same webapp, which they can check from time to time ? Or does one have to implement in each servlet some kind of callback routine that the ContextDestroy can call ? (the Servlet Spec section 10 doesn't mention that, so I guess this is not the case; or it just assumes that whoever reads it is not a Java dummy and should know this already). And, does that tie into the fact that all the servlets of a same webapp, by virtue of sharing the same classloader, can actually share something ? And, does that somehow relate to what the original OP of another thread, who was talking about a static variable being set when Tomcat is shut down, meant ? (despite the fact that I rather brashly sniped at him for ditto). Thanks André Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/11/2009 6:33 AM, André Warnier wrote: And if it asks to undeploy itself, is it not like pulling the carpet from under its own feet? It's more like asking a parent to pull the rug, but, yes, that's basically what you're doing. I mean, this webapp is running, and even after asking the Manager to undeploy itself (meaning its whole shebang of classes and libs will be erased from the disk), it should be able to still stop itself cleanly. What if that requires a class that would have to be loaded from its own WEB-INF/classes dir, which may not be there anymore ? When undeploying a webapp, no new requests will be sent to it, all currently-processing requests are allowed to complete, and then a whole series of things happen to take the webapp out of service. Consider reading all of SRV.10 of the servlet specification. It's quite readable (not legalese or mathematical proofs or anything) and gives you a lot of good information. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6cAwACgkQ9CaO5/Lv0PAOywCeOfRVhb+De+NraBwStFCOKc1u 8nMAnjYlh6jsjzKhiWZB60KwyyBkiNq8 =Rm3X -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail:
Re: Servlet mapping issue
Sergio Arrighi wrote: [...] Thanks for the info you put here. That was very clear, if even I understand. When I try my application and I click on the button which make an AJAX post request on this servlet the browser returns an error (404 not found) I think what you need to provide here, is the exact URL that your AJAX POST is posting to, so that we can have an idea of what the 404 is due to. Do you know ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
Christopher Schultz wrote: Er... does that help? Yes, a lot. It even answers a large part of the question I just posted again. I just don't like your disparaging tone about perl. You know, we perl guys can also do threads, just as we can also do OO stuff. We can also do strict; we can even do Singletons and closures, so there. The difference is that we can choose to do any of these things or not, depending on how we feel about it, while you Java guys are stuck with one model. ;-) More seriously, apart from being essentially a perl guy, I am also a mod_perl guy, and much of what you so kindly explain has a rather close analogy when thinking about an Apache server and its mod_perl handler modules (which are persistent, unlike cgi-bin scripts). Java and the Servlet Spec are more rigid, in that they enforce a rather strict model, which keeps programmers in line and facilitates collaboration on larger projects. We perl guys just tend to be more on the artistic side, and be able to take liberties with the model. Which does often lead us into trouble when we do not understand what we're playing with. Anyway, many thanks for making the effort to try to explain this in a framework that you thought I would more readily understand. Not everyone is able to do such mental gymnastics, or willing to take the time to do it. Appreciated. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check SSL
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
On 3/13/2009 11:42 AM, Gregor Schneider wrote:
So would following scenario work?
- login using form-based login via https
- when successful:
HttpSession session = request.getSession();
// guess that shoudln't happen
if (session != null) {
session.invalidate();
}
session = request.getSession (true);
Looks ok to me - you comments?
I don't see how this could work. Immediately after login you invalidate
the session, thus logging-out the user.
Here's what you want to do:
- - Write a filter that intercepts all HTTPS traffic and redirects it to
HTTP. This will make sure that anyone attempting to use HTTPS for the
fun of it will end up seeing a non-secure page. This will not affect
calls to j_security_check.
- - Modify your login page to invalidate the session and redirect to HTTP
if HTTPS is detected. This will expire sessions that are created in
the secure realm in response to deep requests to your webapp (this
handles the case of someone trying to hit /some/secure/place and
Tomcat automatically forwarding to the login page, in HTTPS mode).
I was going to say that you should make sure that your login page forces
a session creation, but Tomcat will already have created your session
before the login page displays. Make sure your login form points to
https://your.server/j_security_check (of course!).
I think that will make it all work.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkm6hmkACgkQ9CaO5/Lv0PAtfwCdGxR5PFUxNNc+DHtXhEVmBukS
ercAnRdFVf/EAUPr6NfP5xzOGDOw5FUT
=8q9E
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat for Dummies
[I seem to be getting very delayed emails from the list; if this has already been answered, ignore me!] From: André Warnier [mailto:a...@ice-sa.com] suppose there are 3 active servlets (processing requests) at the moment the request to undeploy is issued by one of them. The servlet issuing the undeploy request knows that it has asked for it, so it can take any appropriate measures to terminate itself cleanly and quickly. Which leaves the other two (I am using two intentionally, because there is only one call to the ServletContextListener; it avoids cheating). How do they know ? That's up to you, as the application developer. It depends how tight a coupling you want between the servlets, and how much configuration you want in web.xml. Would that be like positioning some variable somewhere, accessible to all the servlets belonging to that same webapp, which they can check from time to time ? That works. Or does one have to implement in each servlet some kind of callback routine that the ContextDestroy can call ? That works too. Or if they were genuinely independent servlets that happened to be bundled into the same webapp, I think you could choose to register three listeners so that each of the three got an appropriate ContextDestroy call? And, does that tie into the fact that all the servlets of a same webapp, by virtue of sharing the same classloader, can actually share something? They share classes, and hence they can share (say) a singleton or a static variable. And, does that somehow relate to what the original OP of another thread, who was talking about a static variable being set when Tomcat is shut down, meant ? Probably :-). - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/13/2009 12:04 PM, André Warnier wrote: As a consequence, Tomcat no longer accepts new requests for that webapp, and starts the process of stopping it and undeploying it. If the webapp defined a ServletContextListener, this thing 's ContextDestroy function will be called, once, by Tomcat, the idea being that this is a warning like watch it, you are being stopped and undeployed. Tomcat basically does not care after that if the webapp really does anything with the warning, but it waits a reasonable time (some tens of seconds possibly) for any currently active servlets of that webapp to have a chance to finish up and return. After this time has passed, if any servlets of the webapp were still active, Tomcat would forcefully kill them off (how it does that I don't know, but I really don't need or want to know that). It happens the other way around. Here is the chronology of events: 1. Undeploy process is initiated 2. New requests are disabled 3. Existing requests are completed (or time out? wasn't there someone this week complaining that TC will wait forever?) 4. All servlets are taken out of service (destroy() is called) 5. Session listeners are notified that sessions are dying 6. ContextListeners are notified the app is going down This prevents #6 from causing requests in #3 to fail due to any race conditions. Which leaves the other two (I am using two intentionally, because there is only one call to the ServletContextListener; it avoids cheating). The request to deploy the webapp was a loopback HTTP request to another webapp (the manager). This may or may not have been triggered by a client (HTTP) request. Yes, it's confusing. But by the time the undeploy actually starts, the thread that asked for the shutdown is almost certainly idle, having completed its request processing. How do they know ? There must be something that the ContextDestroy function does, which allows /both/ of these servlets to find out (if they check) that they have only a limited time to live, and to hurry to close themselves down properly, even if they would otherwise be busy for another couple of minutes for instance. See the chronology above. Would that be like positioning some variable somewhere, accessible to all the servlets belonging to that same webapp, which they can check from time to time ? Or does one have to implement in each servlet some kind of callback routine that the ContextDestroy can call ? (the Servlet Spec section 10 doesn't mention that, so I guess this is not the case; or it just assumes that whoever reads it is not a Java dummy and should know this already). Heh. See SRV.2 for servlet information, and #4 above. And, does that tie into the fact that all the servlets of a same webapp, by virtue of sharing the same classloader, can actually share something? They can also share data in the application context which is represented by the ServletContext object (and available to any request, filter, or servlet). And, does that somehow relate to what the original OP of another thread, who was talking about a static variable being set when Tomcat is shut down, meant ? (despite the fact that I rather brashly sniped at him for ditto). I think he was asking if Tomcat somehow sets something somewhere (like globals.is_shutting_down) to indicate that the server is going down. The answer is: no, Tomcat doesn't do anything like that. It follows the servlet specification, which ... er, specifies how all components are to be notified that the webapp is going down. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6ic0ACgkQ9CaO5/Lv0PD6tgCfcSIxjgNiWyQ/xlTDY7ak+z1c 5X4An3hjYxLaOjUSxefzyUCifYDh2aSI =W1W0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 3/13/2009 11:34 AM, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Tomcat for Dummies You can even restart the manager app Nit picking: probably not. It looks like the manager app does all the work of starting and stopping other webapps, so there doesn't appear to be any threads running around to do the work for you. You could have some other app restart the manager, but then you've basically just reimplemented the manager. Auto-deploy is probably the only other means of restarting the manager. Right. To be clear: I just meant that the manager app is just somewhat special. Taking it down (or back up) won't affect any other webapps. When Tomcat deploys a webapp, it creates a ClassLoader for that webapp that tries to load all classes from that webapp's WEB-INF/classes filter and JAR files within WEB-INF/lib. Such loading actually only occurs when needed, not at deployment, other than for listeners and servlets marked as load-on-startup. Consequently, missing classes may not be found for quite some time. I suppose I was missing some parentheses. What I meant was: When Tomcat deploys a webapp, it creates a ClassLoader for that webapp (that tries to load all classes from that webapp's WEB-INF/classes filter and JAR files within WEB-INF/lib). I didn't mean to imply that all classes were speculatively loaded. They are loaded on demand. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6ilUACgkQ9CaO5/Lv0PAjzACghxABFimn2ny+Rle9TIjvblum oYgAn2mAdHdVvlSzp6arli0e9krXVzHw =9LWP -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/13/2009 12:05 PM, André Warnier wrote: I just don't like your disparaging tone about perl. Oh, sorry. I wasn't trying to be negative. Actually, I quite like Perl. I'm always the one who gets beat up (verbally) at geek parties when people start complaining about how Perl is a write-only language (meaning that nobody can ever read a perl script after the fact). In fact, I usually defend Perl. You know, we perl guys can also do threads, just as we can also do OO stuff. We can also do strict; we can even do Singletons and closures, so there. The difference is that we can choose to do any of these things or not, depending on how we feel about it, while you Java guys are stuck with one model. ;-) Correct. Java started out as a (somewhat) purely object-oriented language. Perl started as a purely procedural language. I have to admit that I hate the addition of objects to Perl. It just feels like Larry Wall wanted to say me too! when OO languages started gaining popularity. More seriously, apart from being essentially a perl guy, I am also a mod_perl guy, and much of what you so kindly explain has a rather close analogy when thinking about an Apache server and its mod_perl handler modules (which are persistent, unlike cgi-bin scripts). I suspected as much. Java and the Servlet Spec are more rigid, in that they enforce a rather strict model, which keeps programmers in line and facilitates collaboration on larger projects. We perl guys just tend to be more on the artistic side, and be able to take liberties with the model. Which does often lead us into trouble when we do not understand what we're playing with. Yeah... nobody ever got into trouble writing a Java webapp :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6i1gACgkQ9CaO5/Lv0PCTiACfdXsk4EPaIrIUHtOgJsKt++Ge GtYAn1zi4krRndqOPHfd1JcacqXSVwo4 =UU02 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache/mod_jk serves random files from tomcat
Hi Rainer, Thanks for the reply. Answers to your questions below, Rainer Jung-3 wrote: Jus to make sure, we are talking about the same kind of observation: could you please describe independently, how the observed problem looks like in your case? In development, the developers are getting other people pages. So user1 requests pageA and gets user2's pageB. In production, we don't get user input, but the probe on the load balancer is not getting the response it is looking for, so it thinks the machine its checking is down. The probe is called serverlive.jsp. Here is the accesslog entry during the problem (13 being the primary LB, 14 the backup): xxx.xxx.xxx.14 - - [12/Mar/2009:23:09:53 -0500] GET /serverlive.jsp 200 13 xxx.xxx.xxx.13 - - [12/Mar/2009:23:09:54 -0500] GET /serverlive.jsp 200 13 xxx.xxx.xxx.14 - - [12/Mar/2009:23:09:59 -0500] GET /serverlive.jsp 200 13 xxx.xxx.xxx.13 - - [12/Mar/2009:23:09:59 -0500] GET /serverlive.jsp 200 13 xxx.xxx.xxx.14 - - [12/Mar/2009:23:10:04 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.13 - - [12/Mar/2009:23:10:05 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.14 - - [12/Mar/2009:23:10:10 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.13 - - [12/Mar/2009:23:10:10 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.14 - - [12/Mar/2009:23:11:00 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.14 - - [12/Mar/2009:23:12:34 -0500] GET /serverlive.jsp 503 997 xxx.xxx.xxx.13 - - [12/Mar/2009:23:11:46 -0500] GET /serverlive.jsp 503 997 xxx.xxx.xxx.13 - - [12/Mar/2009:23:12:31 -0500] GET /serverlive.jsp 503 997 xxx.xxx.xxx.13 - - [12/Mar/2009:23:11:01 -0500] GET /serverlive.jsp 503 997 I'll try and get some log entries from development. Rainer Jung-3 wrote: Since you see the problem with mod_jk2 and with mod_jk I somehow doubt, that it comes form mod_jk (but hey, I'm involved in mod_jk development, so that might simply be defense. This is the main reason I posted here. If I'm indeed seeing the same problem as the others here, then my case may disprove the mod_jk theory. Or perhaps the issue resides in both my versions? Rainer Jung-3 wrote: What is obvious, your Tomcat is *very* outdated. You are using a no longer supported major version (5.0) and with 5.0 you are using a very old minor version. If you have any chance, upgrade your Tomcat. Yes, I know. I'll see what I can do. Rainer Jung-3 wrote: Apart from that: what else can you tell about the problem? Are there log entries either from mod_jk, Apache httpd or Tomcat associated with these events? Would you be able to snoop traffic between httpd and Tomcat and between httpd and the clients? We haven't been seen any errors, in any logs. I can go through the logs and compare them, and then compare those findings between the enviroments. Not sure whats involved in snooping traffic. I can look into that as well. Rainer Jung-3 wrote: Where did you get your mod_jk from? How was it build? Not sure the answer to that. Both were installed by other people, who either don't recall their orgins, or are no longer employed here. I'm working on building the 1.2.27 from source right now. We're x86, not sparc, by the way. Thanks for your help. Please let me know of anything else I can provide. I will make updates as new information comes up. -- View this message in context: http://www.nabble.com/Apache-mod_jk-serves-random-files-from-tomcat-tp18385568p22500565.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
Interestingthanks Chuck Ken On Mar 13, 2009, at 10:33 AM, Caldarale, Charles R wrote: From: Ken Bowen [mailto:kbo...@als.com] Subject: Re: Tomcat for Dummies I believe (but do not know -- Chuck, Mark??) that Tomcat essentially creates a (new or recycled) thread in which to run contextDestroyed . Looks like it's actually the thread that processes the request for the Tomcat manager app that calls contextDestroyed() (and contextIntitialized() when restarting); no new threads are spawned or picked up out of the pool. (Verified by setting maxThreads=1 and displaying the thread name in the listener.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with LoadBalancing
On 13.03.2009 14:08, Toni Menendez Lopez wrote: The behaviour is the one that I explained in the first mail, that when I stop one of the servers, I ahve very huge delays to respond to the requests of the session that were managed by this server. OK. After reading documentation I think that problem is related with parameter : #worker.izonetv.sticky_session_force=1, which if is not commented I am not able to launch any call. Hmm, above you say you have huge delays, here you say you are not able to launch any call. Let me first explain stickyness: A request that is forwarded by mod_jk to Tomcat can carry a session id. Session ids can be part of a request by either setting a so-called session cookie. This cookie has the name JSESSIONID. Or the session id is added at the end of the URL in the form ;jsessionid= Now how does stickyness work: - you set the so called jvmRoute in server.xml of your Tomcats. Each Tomcat gets a different jvmRoute. Say you have jvmRoute node1 and node2. - Tomcat automatically adds the jvmRoute to the end of each session id, whenever it creates a session. The jvmRoute is separated from the rest of the id by a dot .. - When a mod_jk load balancer operates sticky and it has to forward a request, that contains a session id, it looks for a dot in this id, and if it find it, it takes everything after the dot in the id as the name of the backend. The load balancer then looks for a member worker, whose name is equal to this jvmRoute. In the above example that would've been node1 or node2. By default any load balancer in mod_jk tries to be sticky, but if it either cant find the correct worker, or this worker is in error, it chooses another worker. If you set sticky_session_force, then you tell mod_jk that it should not try another worker in this case, and instead return an error. From your previously send mod_jk log file we can see, that your JBoss sets a session cookie for the root path /. That means, this cookie will be sent fr every request to this host. Since it is a session cookie, this is a good candidate for desaster, because when you now switch the application, but it is served by the same host, the browser sends the JBoss session cookie, although that application will not know this session. With sticky_session_force set to true (not the default), when JBoss sends the redirect to the Tomcat webapp, the browser will send a request for this Tomcat webapp, but will also send the session cookie from JBoss, because JBoss set the cookie path to /. Furthermore JBoss included a node name in the session id and the load balancer that handles to forwarding to Tomcat doesn't know about that node, so it can't preserve strict stickyness. Usually you don't want sticky_session_force. Normally so I comment this parameter otherwise my service does not work, See above. and if I comment I think the mod_jk with requeso of a loose session try to go to other worked and it does not sent any error and takes a very long delay. No it didn't in the error log you sent previously. It immediately returned an error because the request was handeled with forced stickyness, and the wofrker name given by the session id didn't exist. So, for this reason I am trying to investigate the problem with this parameter. So, focusing in this parameter, the log that I sent to you is with the parameter commented, and I found a strange thing. I explain to you : My request is the following : http://159.23.98.22/cdp-fe/Trigger.do? http://159.23.98.22/cdp-fe/Trigger.do. When I send this to apache mod_jk redirects this to my JBOSS application ( MCDP worker) and my JBOSS aplication redirect this link to http://159.23.98.22/CDP311/.. But now mod_jk when receives this second request is trying to send this request to MCDP worker again and not to IZONETV worker. The log shows that mod_jk tries to send it via izonetv: It says: - Found a wildchar match '/CDP311/*=izonetv' - Into handler jakarta-servlet worker=izonetv - found a worker izonetv - Service error=0 for worker=izonetv But it fails, because sticky_session_force was activated - service sticky_session=1 id='oK+zmQoPUFefT2vcqTSagg**.MCDP-mifeas02_data' and it can't find the worker MCDP-mifeas02_data as part of izonetv: - searching worker for session route MCDP-mifeas02_data Any idea why ? Sorry, about the updating of mod_jk but is a close platform and I am not able to update the mod_jk. That's very bad. Someone should be able to update it and I do recommend that (although in this case it wpouldn't solve your problem). Thanks again, Toni. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache/mod_jk serves random files from tomcat
On 13.03.2009 17:50, SQ wrote: Rainer Jung-3 wrote: Just to make sure, we are talking about the same kind of observation: could you please describe independently, how the observed problem looks like in your case? In development, the developers are getting other people pages. So user1 requests pageA and gets user2's pageB. In production, we don't get user input, but the probe on the load balancer is not getting the response it is looking for, so it thinks the machine its checking is down. The probe is called serverlive.jsp. Here is the accesslog entry during the problem (13 being the primary LB, 14 the backup): xxx.xxx.xxx.14 - - [12/Mar/2009:23:09:53 -0500] GET /serverlive.jsp 200 13 xxx.xxx.xxx.13 - - [12/Mar/2009:23:09:54 -0500] GET /serverlive.jsp 200 13 xxx.xxx.xxx.14 - - [12/Mar/2009:23:09:59 -0500] GET /serverlive.jsp 200 13 xxx.xxx.xxx.13 - - [12/Mar/2009:23:09:59 -0500] GET /serverlive.jsp 200 13 xxx.xxx.xxx.14 - - [12/Mar/2009:23:10:04 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.13 - - [12/Mar/2009:23:10:05 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.14 - - [12/Mar/2009:23:10:10 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.13 - - [12/Mar/2009:23:10:10 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.14 - - [12/Mar/2009:23:11:00 -0500] GET /serverlive.jsp 503 1070 xxx.xxx.xxx.14 - - [12/Mar/2009:23:12:34 -0500] GET /serverlive.jsp 503 997 xxx.xxx.xxx.13 - - [12/Mar/2009:23:11:46 -0500] GET /serverlive.jsp 503 997 xxx.xxx.xxx.13 - - [12/Mar/2009:23:12:31 -0500] GET /serverlive.jsp 503 997 xxx.xxx.xxx.13 - - [12/Mar/2009:23:11:01 -0500] GET /serverlive.jsp 503 997 I guess you mean the lines with the 503 are the bad responses? But those do not indicate, that the probe gets back the page requested by someone else, it shows that the web server or Tomcat throw an HTTP error, namely 503. In this case I would guess, that mod_jk detected an error and put th enode into error status. You should check your mod_jk log file. It might also be good to temporarily activate the access log of Tomcat too, in order to check, whether the 503 already came from there or not. I would expect the develop observation and this one are two different things. I'll try and get some log entries from development. Rainer Jung-3 wrote: Since you see the problem with mod_jk2 and with mod_jk I somehow doubt, that it comes form mod_jk (but hey, I'm involved in mod_jk development, so that might simply be defense. This is the main reason I posted here. If I'm indeed seeing the same problem as the others here, then my case may disprove the mod_jk theory. Or perhaps the issue resides in both my versions? Do both (mod_jk and mod_jk2 show the problems A=develop and B=probes? Rainer Jung-3 wrote: What is obvious, your Tomcat is *very* outdated. You are using a no longer supported major version (5.0) and with 5.0 you are using a very old minor version. If you have any chance, upgrade your Tomcat. Yes, I know. I'll see what I can do. Rainer Jung-3 wrote: Apart from that: what else can you tell about the problem? Are there log entries either from mod_jk, Apache httpd or Tomcat associated with these events? Would you be able to snoop traffic between httpd and Tomcat and between httpd and the clients? As indicated above: if the system using mod_jk logs status code 503 in the access log (and the 503 is not in the Tomcat access log), it is *very* likely, that mod_jk writes something to its JkLogFile. Set JkLogLevel to info (but info message alone are not relevant; when you get a 503 it should log some error and interesting info messages at the same time). We haven't been seen any errors, in any logs. I can go through the logs and compare them, and then compare those findings between the enviroments. Not sure whats involved in snooping traffic. I can look into that as well. Rainer Jung-3 wrote: Where did you get your mod_jk from? How was it build? Not sure the answer to that. Both were installed by other people, who either don't recall their orgins, or are no longer employed here. I'm working on building the 1.2.27 from source right now. We're x86, not sparc, by the way. OK. For Solaris x86 we never provided bins (I think), so someone might have built them. Under Solaris you might run into some build troubles, in case you are using a Sun provided httpd. Sun often compiles it with the Sun compiler and there is a slight chance, that a gcc compiled mod_jk will crash with a Sun compiled httpd. The Sun compiler is free though. I'm just mentioning this, so you know that it would be best if the compiler used for httpd and used for mod_jk are the same or at least close to each other. Thanks for your help. Please let me know of anything else I can provide. I will make updates as new information comes up. Regards, Rainer - To unsubscribe, e-mail:
RE: Tomcat for Dummies
From: Peter Crowther [mailto:peter.crowt...@melandra.com] Subject: RE: Tomcat for Dummies Or does one have to implement in each servlet some kind of callback routine that the ContextDestroy can call ? That works too. Not really. From the API spec for contextDestroyed(): All servlets and filters have been destroy()ed before any ServletContextListeners are notified of context destruction. Note that the destroy() method for each servlet will already have been called prior to the invocation of contextDestroyed(). Individual servlets should have already done whatever cleanup is specific to them; the contextDestroyed() call is for cleanup necessary for the entire webapp. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache/mod_jk serves random files from tomcat
On 13.03.2009 18:14, Rainer Jung wrote: Not sure the answer to that. Both were installed by other people, who either don't recall their orgins, or are no longer employed here. I'm working on building the 1.2.27 from source right now. We're x86, not sparc, by the way. OK. For Solaris x86 we never provided bins (I think) Oups, correction, we did. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat for Dummies
Christopher Schultz wrote: Oh, sorry. As you certainly surmised, I wasn't being serious, and was in fact fishing for some reaction. Perl is a write-only language (meaning that nobody can ever read a perl script after the fact). I like that one. Let me offer another one, popular in perl geek circles : A bad programmer can write assembly-language programs in any language. (Although the audience for that one is more limited these days, when most active programmers probably never saw an assembly-language program in their professional life). That's the most frequent reproach addressed to perl, but it does not have to be that way, and it is most frequently made by people who do not know their perl from their haskell, and are easily confused and thrown into convulsions by the mere appearence of a $scalar, an @array or a %hash. But for instance the following kind of snippet, while undoubtedly looking simple and elegant to any confirmed Java servlet programmer, in the eyes of this beholder is not any better : this.writer = new PrintWriter( new OutputStreamWriter( new CapturedServletOutputStream( new ByteArrayOutputStream(; Admittedly, it doesn't contain and cryptic sign, but it merely displaces the problem : the Java part of it is minimal and easy; but for someone like me, it means going to dig into at least 25 pages of Javadocs to figure out what these things do, what kind of parameters they take, and how they relate to eachother. And I omitted the try/catch block around it to save space. In the eyes of the beholder, thus.. Basically, being a Java programmer is not a matter of learning the Java language; that part is easy. But it's a matter of knowing your classes, and that to me takes an incredible amount of time before you can start being productive. I have the impression that one can only become really proficient in one particular area of the class hierarchy, so long is the ramp-up period. That's a serious comment by the way, and I am curious to know if a proficient Java programmer feels that way too. I'm working in a very small company, doing a lot of different things to satisfy a wide range of customers. So I tend to flit from one area to the other, without really ever having the chance (not admittedly the desire) to become really an expert at any of them. That's why perl suits me fine, because it covers a lot of areas without requiring years of study. I have to admit that I hate the addition of objects to Perl. Yeah, but perl OO is fun just /because/ you can poke holes in it. You are never forced to use it. Many CPAN modules even provide both an OO and a non-OO interface, so again you can use the one or the other according to what's expedient for the current task. Yeah... nobody ever got into trouble writing a Java webapp :) I must admit there's truth to that. Despite my abysmal Java and Tomcat knowledge, I haven't managed to really take down a Tomcat yet. Except with system.exit(), but that's cheating (and can be prevented, as pointed out earlier) (ok, you can probably manage to trigger the OOM gnome). With mod_perl, it's easier to take down an Apache child or the whole thing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Too many threads
On Wed, Mar 11, 2009 at 06:25:08PM -0400, Christopher Schultz wrote: But i've got one question left, can I set idle timeout for the thread TP-Processor, after which they will die? I think you have to use an Executor for that. See http://tomcat.apache.org/tomcat-6.0-doc/config/executor.html for details. Thank you. Now everything works perfectly. -- BRGDS. Alexey Vlasov. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
Caldarale, Charles R wrote: From: Peter Crowther [mailto:peter.crowt...@melandra.com] Subject: RE: Tomcat for Dummies Or does one have to implement in each servlet some kind of callback routine that the ContextDestroy can call ? That works too. Not really. From the API spec for contextDestroyed(): All servlets and filters have been destroy()ed before any ServletContextListeners are notified of context destruction. Note that the destroy() method for each servlet will already have been called prior to the invocation of contextDestroyed(). Individual servlets should have already done whatever cleanup is specific to them; the contextDestroyed() call is for cleanup necessary for the entire webapp. Now, do I understand this wrong, or does it mean that in fact the running servlets are not being notified in any way that the application is being stopped ? So there would be no way for a servlet that is active, and is involved in some lengthy operation, to interrupt what it is doing and close down cleanly ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
André Warnier wrote: Caldarale, Charles R wrote: From: Peter Crowther [mailto:peter.crowt...@melandra.com] Subject: RE: Tomcat for Dummies Or does one have to implement in each servlet some kind of callback routine that the ContextDestroy can call ? That works too. Not really. From the API spec for contextDestroyed(): All servlets and filters have been destroy()ed before any ServletContextListeners are notified of context destruction. Note that the destroy() method for each servlet will already have been called prior to the invocation of contextDestroyed(). Individual servlets should have already done whatever cleanup is specific to them; the contextDestroyed() call is for cleanup necessary for the entire webapp. Now, do I understand this wrong, or does it mean that in fact the running servlets are not being notified in any way that the application is being stopped ? So there would be no way for a servlet that is active, and is involved in some lengthy operation, to interrupt what it is doing and close down cleanly ? Ooops.. I guess the servlet's destroy() method is where it should happen then. Missed that one at first. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check SSL
Hi André, first: Please forgive me my late answer also to your PM, however, I was really busy here so that I didn't find any time to answer in an appropriate (aka detailed) manner. So here we go: Customers When talking about customers, I'm actually talking about our staff from the business-dept, and I'm talking about external customers. Since we are a Reinsurer, the external customers are primary insurers as mots of you guys will have to deal with sooner or later. If any requirement for a website is suggested, this always comes from our internal customers Type of Websites - We have to distinguish between to different types of websites: Type I: Are websites open to the public which might be interested in our products. This contains some data available to the public, plus some protected contents where only selected propects / customers have access to. Currently, those sites are not SSL-encrypted, however, there is AAA for some content using Form-based login. Type II: Are websites accessible to our external worlwide customers (Life-Insurers) only. Since our clients also might enter data from their customers (i.e. Life-Insurance-clients from primary insurers), data always are confidential, thus those sites are always SSL-encrypted. Setup Our current setup for both types is as follows: - Apache 2.2 in front for static content - Tomcat 5.5 for dynamic content attached to Apache HTTPD via mod_jk - For authorization we are using Apache HTTPD's authorization in combination with mod_auth_cookie_mysql2 (http://home.digithi.de/digithi/dev/mod_auth_cookie_mysql/) AAA works in such a way, that Apache HTTPD is taking the request, checks, if it point to protected content, if so, forwards to a protected Tomcat-hosted JSP. The JSP is utilizing Tomcat's FORM-Login, and after successful login writes a Session-cookie into a MySQL-database (among other stuff). When the next request to a protected content comes to Apache HTTPD, Apache HTTPD checks wether a certain cookie exists and compares it's value with the value stored inside the MySQL-database. If found, it's ok, else it goes back to the Login-Page. As I said before, we have multiple website all hosted on the same servers (behind a Loadbalancer). Role-Based AAA Since some customers do have access to more than one website of ours, we hvae created a role-based system so that once authorized and belonging to multiple roles, they don't have to re-login again thanks to Tomcat's SSO-Valve. We are using session-cookies timing out after a defined period of time. They are also invalidated if the brwoser is closed. Motivation for Setup We server a lot of static content (html, javascript, pdf), so that we decided to serve this via Apache HTTPD for performance reasons. Since for security reasons we didn't want to use PHP for dynamic content (and since I'm a Java-guy), we opted for JSPs / Servlets for dynamic content. Since I'm into Opensource and I like Apache Group's stuff a lot (and for some other reasons), we opted for Tomcat for the dynamic content. Problems -- Most of our users are running IE in various versions. Sometimes, some strange error occurs when instead of dynamic content to be served, the user just sees a Page cannot be displayed error-message. We checked our logs (Apache HTTPD, Tomcat), alas, to no avail. However, whene I checked the logs of mod_jk, I found some messages like this one: [Fri Mar 13 13:48:22 2009][0869:] [info] jk_handler::mod_jk.c (1971): Aborting connection for worker=wrkr [Fri Mar 13 13:48:44 2009][20858:] [info] ajp_process_callback::jk_ajp_common.c (1412): Connection aborted or network problems [Fri Mar 13 13:48:44 2009][20858:] [info] ajp_service::jk_ajp_common.c (1761): Receiving from tomcat failed, because of client error without recovery in send loop 0 Besides, it's quite difficult when a Tomcat session times out: This has to be propagated to Apache HTTPD, meaning, the cookie-entry has to be removed from the MySQL-database. Currently we're achieving this with a SessionListener clearing the values from the database once a Session gets destroyed. SSL / Costs - Actually the costs of the SSL-certs is not such a big issue (we talk about 300€ which is an equivalent for 3 hrs work - this is not the money *I'm* getting but what my company calculates with). It's just the hazzle getting them via our provider, re-authenticate with the SSL-provider and so on. It's simply not a smooth process, and that's why I was looking for an alternate solution. Current Development -- I'm curently porting the first few site into a Tomcat-only-environment strctly following the KISS-principle: Keep It Simple, Stupid! I'm testing them now with Tomcat 6 using the APR, thus avoiding all the hazzle with Apache / mod_jk / Tomcat-connectivity, avoiding the hazzle with AAA using
RE: Tomcat for Dummies
From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: Tomcat for Dummies Now, do I understand this wrong You do understand it wrong. the running servlets A servlet doesn't run; threads run, executing code in servlets. are not being notified in any way that the application is being stopped ? During the processing for a stop request for a webapp, the destroy() method of each servlet in the webapp is called. It's up to the servlet destroy() method to coordinate that with any threads that happen to be executing inside a servlet at the time. Tomcat does not notify any running threads that a stop request has occurred, since a) the servlet spec doesn't require it, and b) some platforms have no means of performing such a notification. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check SSL
Chris,
On Fri, Mar 13, 2009 at 5:14 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
On 3/13/2009 11:42 AM, Gregor Schneider wrote:
So would following scenario work?
- login using form-based login via https
- when successful:
HttpSession session = request.getSession();
// guess that shoudln't happen
if (session != null) {
session.invalidate();
}
session = request.getSession (true);
Looks ok to me - you comments?
I don't see how this could work. Immediately after login you invalidate
the session, thus logging-out the user.
Duuh... you're right: Invalidated the session logs the user out.
Here's what you want to do:
[ snip ]
I think that will make it all work.
So will I then be able to access the HttpSession-object created when
inside HTTPS (login-page) when I'm querying it from within a JSP
served via plain HTTP?
That was the problem Chuck mentioned, and this I tried to solve with
my - silly - suggestion from above?
Actually I don't think so.
What I'm just wondering is:
I sees quite some pages using HTTPS for Authorization (Form-based),
but once authorized, they serve via HTTP.
How just simply do they do that?
Rgds
Gregor
--
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat for Dummies
This is a Fantastic request for Info. I am relieved to know there are some folks that can still frame a question in such a way to be a pleasure to read. Thanks, Ed -Original Message- From: André Warnier a...@ice-sa.com Sent: Mar 13, 2009 12:04 PM To: Tomcat Users List users@tomcat.apache.org Subject: Re: Tomcat for Dummies Hi. I hadn't had a chance yet to thank the various people here for having the patience and persistence to explain to this dummy what must be rather evident to experts. I do so now, profusely. It was very informative and rather clear. I also gather that some of the details were not necessarily so evident to the experts either, before they themselves went digging in the code. I have read the Servlet Specs section 10. I can't say I enjoy it particularly, the reason being that at just about every line it refers to some probably basic Java or servlet server knowledge that unfortunately I do not have yet, so it is sometimes to me rather cryptic. It is so however, that the Specs plus your explanations together really make this a lot easier to grasp. Just one tiny aspect remains, no longer mysterious but just a bit hazy still. It does have to do also with my lack of Java knowledge still. Thus a servlet which is part of a webapp asks the Manager for it (the webapp) to be undeployed. As a consequence, Tomcat no longer accepts new requests for that webapp, and starts the process of stopping it and undeploying it. If the webapp defined a ServletContextListener, this thing 's ContextDestroy function will be called, once, by Tomcat, the idea being that this is a warning like watch it, you are being stopped and undeployed. Tomcat basically does not care after that if the webapp really does anything with the warning, but it waits a reasonable time (some tens of seconds possibly) for any currently active servlets of that webapp to have a chance to finish up and return. After this time has passed, if any servlets of the webapp were still active, Tomcat would forcefully kill them off (how it does that I don't know, but I really don't need or want to know that). What I still do not know is the following : suppose there are 3 active servlets (processing requests) at the moment the request to undeploy is issued by one of them. The servlet issuing the undeploy request knows that it has asked for it, so it can take any appropriate measures to terminate itself cleanly and quickly. Which leaves the other two (I am using two intentionally, because there is only one call to the ServletContextListener; it avoids cheating). How do they know ? There must be something that the ContextDestroy function does, which allows /both/ of these servlets to find out (if they check) that they have only a limited time to live, and to hurry to close themselves down properly, even if they would otherwise be busy for another couple of minutes for instance. Would that be like positioning some variable somewhere, accessible to all the servlets belonging to that same webapp, which they can check from time to time ? Or does one have to implement in each servlet some kind of callback routine that the ContextDestroy can call ? (the Servlet Spec section 10 doesn't mention that, so I guess this is not the case; or it just assumes that whoever reads it is not a Java dummy and should know this already). And, does that tie into the fact that all the servlets of a same webapp, by virtue of sharing the same classloader, can actually share something ? And, does that somehow relate to what the original OP of another thread, who was talking about a static variable being set when Tomcat is shut down, meant ? (despite the fact that I rather brashly sniped at him for ditto). Thanks André Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/11/2009 6:33 AM, André Warnier wrote: And if it asks to undeploy itself, is it not like pulling the carpet from under its own feet? It's more like asking a parent to pull the rug, but, yes, that's basically what you're doing. I mean, this webapp is running, and even after asking the Manager to undeploy itself (meaning its whole shebang of classes and libs will be erased from the disk), it should be able to still stop itself cleanly. What if that requires a class that would have to be loaded from its own WEB-INF/classes dir, which may not be there anymore ? When undeploying a webapp, no new requests will be sent to it, all currently-processing requests are allowed to complete, and then a whole series of things happen to take the webapp out of service. Consider reading all of SRV.10 of the servlet specification. It's quite readable (not legalese or mathematical proofs or anything) and gives you a lot of good information. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6cAwACgkQ9CaO5/Lv0PAOywCeOfRVhb+De+NraBwStFCOKc1u
Re: Tomcat for Dummies
Edward Bicker wrote: This is a Fantastic request for Info. I am relieved to know there are some folks that can still frame a question in such a way to be a pleasure to read. Thanks, Ed Obviously the answerers agree; look at how much more detailed and useful the responses are!! Some of this stuff looks like it would be good content for a tomcat for beginners FAQ. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Path problem
I still have questions about the path to a file. {This is within a
servlet... actually in my case I am trying to read/write from a
ContextListenr} I understand that just opening a FIle will be relative
to where Tomcat was started. Is there a simple java method (and on what
class) that will give me the correct path to 'webapps/MyApplication/'.
As recommended below, you could use Class.getResourcesStream(), but as
I understand it, that will give the location of this class under
WEB-INF. And that assumes you are calling it from one of your own
classes and the loader picked up your class.
I got the following technique from a book, but I am not in love with it:
public void contextInitialized(ServletContextEvent event) {
ServletContext sctx = event.getServletContext();
String propPath = sctx.getRealPath( /WEB-INF/resource.properties);
FileInputStream inStrm = new FileInputStream(propPath);
.
}
Is this the proper way to do it?
-d
Caldarale, Charles R wrote:
From: popprem [mailto:popp...@gmail.com]
Subject: Path problem
David answered the critical part of your question, but I thought I'd take a
crack at the rest.
That means tomcat defaultly points to bin directory
Tomcat doesn't defaultly [sic] point to anything. The current directory of
the process you used to start Tomcat when using the script happened to be Tomcat's bin
directory - but that's just the way you're using the script, not a Tomcat requirement.
When i used tomcat.exe installed tomcat in my machine run
the program,i found that the test file i created in my code
level was in windows/system32/ directory.
Because that's the default current directory for services.
It's almost always a bad idea to depend on the current directory setting in a
complex server environment; if you must have a file system path to something,
better to use one based off a system property. In your case, the
getResourceAsStream() method is much preferred, since it elinates any file
system dependencies.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Path problem
From: David.Meldrum [mailto:david.meld...@verizon.net]
Subject: Re: Path problem
actually in my case I am trying to read/write from a
ContextListenr
It's generally a bad idea to ever *write* into the webapp deployment space.
You have no guarantee that the space is writable, nor that the container will
provide any write access. You're much better off writing to files outside of
Tomcat's directory structure, where the path can be provided by system
property, environment variable, init-param, or whatever.
As recommended below, you could use
Class.getResourcesStream(), but as I understand it,
that will give the location of this class under
WEB-INF.
Or anywhere else in the webapp's structure; it's not confined to WEB-INF.
public void contextInitialized(ServletContextEvent event) {
ServletContext sctx = event.getServletContext();
String propPath = sctx.getRealPath(
/WEB-INF/resource.properties);
FileInputStream inStrm = new FileInputStream(propPath);
.
}
Using ServletContext.getRealPath() is risky; the container is under no
obligation to provide access to the underlying file system (think deployment
via .war file). Much safer and better to use getResourceAsStream().
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Path problem
Caldarale, Charles R wrote: [...] It's generally a bad idea to ever *write* into the webapp deployment space. You have no guarantee that the space is writable, nor that the container will provide any write access. You're much better off writing to files outside of Tomcat's directory structure, where the path can be provided by system property, environment variable, init-param, or whatever. Just elaborating a bit : what Chuck means is that this Tomcat could be running on his iPhone, or the webapps directory may be located on a read-only filesystem. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Path problem
Or the war-file doesn't get unpacked, but the app is started from within the war, and the ressource is inside the war. And please note the difference: It's not Class.getRessourceAsStream(), but ServletContext.getRessourceAsStream(); So in your example: ServletContext sctx = event.getServletContext(); InpuStream is = sctx.getRessourceAsStream(/WEB-INF/yourFileHere.props). Please also do note, that according to the servlet-specs the parameter-String in ServletContext.getRessourceAsStream() alsways has to start with a slash (/). Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Path problem
...and please forgive me all my typos Rgds Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Path problem
OK, I agree about writing, but what about reading? I guess I didn't
realize there was a method called getResourcesStream(), on
ServletContext, so that clears up some confusion. Yet when I read the
javadoc on ServletContext.getRessourceAsStream()
see:
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/ServletContext.html#getResourceAsStream(java.lang.String)
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/ServletContext.html#getResourceAsStream%28java.lang.String%29
It still isn't clear how to properly use this. For example, how do I
get a reference to the /webapps/MyWebApp/WEB-INF/foo.properties file?
Like this?
ServletContext.getRessourceAsStream(/webapps/MyWebApp/WEB-INF/foo.properties);?
The javadoc says the argument is a path, but I don't know the full path,
only relative to Tomcat, and I don't really know where Tomcat is.
Also how do I create a file under /logs?
Is there some way to determine the path to the /logs directory in a
format that I can create a file under the logs
directory, without assuming where Tomcat is deployed?
-d
Caldarale, Charles R wrote:
From: David.Meldrum [mailto:david.meld...@verizon.net]
Subject: Re: Path problem
actually in my case I am trying to read/write from a
ContextListenr
It's generally a bad idea to ever *write* into the webapp deployment space. You have
no guarantee that the space is writable, nor that the container will provide any
write access. You're much better off writing to files outside of Tomcat's directory
structure, where the path can be provided by system property, environment variable,
init-param, or whatever.
As recommended below, you could use
Class.getResourcesStream(), but as I understand it,
that will give the location of this class under
WEB-INF.
Or anywhere else in the webapp's structure; it's not confined to WEB-INF.
public void contextInitialized(ServletContextEvent event) {
ServletContext sctx = event.getServletContext();
String propPath = sctx.getRealPath(
/WEB-INF/resource.properties);
FileInputStream inStrm = new FileInputStream(propPath);
.
}
Using ServletContext.getRealPath() is risky; the container is under no
obligation to provide access to the underlying file system (think deployment
via .war file). Much safer and better to use getResourceAsStream().
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Testando entrada no grupo
Olá pessoal, Estou tentando entrar no grupo. Alguém pode por favor responder para eu ver se consegui. Obrigada Siomara
Re: JSESSIONID hijacking
Pieter Temmerman wrote: Hi list. I've got an issue which I would like to share with you guys. My webapp requires a user to login, which on his turn creates a session for that user. Now, when I browse my webapp the address bar shows the current URL with a JSESSIONID. Let's say: http://testweb/testpageaction.do;jsessionid=SD23SL4DE134ADFF565D If I execute this same URL in another machine, then I am able to browse my webapp, as if I was logged in. I expected the session to be invalid for this request. I've searched Google for jsessionid hijacking and found some ways to avoid jsessionid to appear in the URL, or at least to ignore jsessionid's passed by URL. session ID is passed by URL rewriting or by cookie. Either way is open to sniffers. The only way to avoid sniffers is to use SSL for the entire user session. SSL encrypts the information and also ensures that both sides are talking to whom they expect to talk and not to a man in the middle. However, as the jsessionid URL rewriting is defined in the servlet specification, I would expect this to be secure. Nope. You are assuming away all the problems. Therefor I was wondering whether the hijacking is caused by a misconfiguration of Tomcat, my webapp or rather completely normal. I would really appreciate if someone could shed a light on this. See comments above. You start with SSL, then you should add more layers of security. For example you should ensure that users may only arrive at one of your pages by way of another of your pages. This is sometimes called transaction integrity. I cannot provide info on how we do that without compromising our security, but you should be able to figure out something for your own use. And there are other layers of security to add, logs to review, etc. --cheers, HH P.S.: I'm using Tomcat 5.5.27 - jdk 1.5.0_15. Thanks in advance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Testando entrada no grupo
Boa tarde, Sim, você agora é membro da Tomcat Users List users@tomcat.apache.org Yes, now you are member of Tomcat Users List users@tomcat.apache.org Att, Silvio Cesar L. dos Santos DTI - Divisão de Tecnologia da Informação/Analista de Redes Pleno UNIGRANRIO - Universidade do Grande Rio +55 21 2672-7720 silvio.ce...@unigranrio.edu.br http://www.unigranrio.br siom...@portosdobrasil.gov.br escreveu: Olá pessoal, Estou tentando entrar no grupo. Alguém pode por favor responder para eu ver se consegui. Obrigada Siomara - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat for Dummies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/13/2009 1:25 PM, André Warnier wrote: But for instance the following kind of snippet, while undoubtedly looking simple and elegant to any confirmed Java servlet programmer, in the eyes of this beholder is not any better : this.writer = new PrintWriter( new OutputStreamWriter( new CapturedServletOutputStream( new ByteArrayOutputStream(; Hey, that looks familiar! Admittedly, it doesn't contain and cryptic sign, but it merely displaces the problem : the Java part of it is minimal and easy; but for someone like me, it means going to dig into at least 25 pages of Javadocs to figure out what these things do, what kind of parameters they take, and how they relate to each other. And I omitted the try/catch block around it to save space. Sure. Java developers will recognize this as simply decorating an output stream. Familiarity with the Java API certainly helps. In the eyes of the beholder, thus.. Basically, being a Java programmer is not a matter of learning the Java language; that part is easy. Well, syntax is easy. There are some nuances that often trip people up: synchronization, threading, and heap usage. But it's a matter of knowing your classes, and that to me takes an incredible amount of time before you can start being productive. I have the impression that one can only become really proficient in one particular area of the class hierarchy, so long is the ramp-up period. That's a serious comment by the way, and I am curious to know if a proficient Java programmer feels that way too. I agree. The same can be said of Perl, though. If I were to say, I'd love to use Perl, but it doesn't come with an easy way to make outgoing HTTP connections! you would respond by saying oh, just use HTTP:Client. Of course, I've never heard of HTTP:Client before (and installing it via CPAN is not exactly the easiest process to understand) and so I would come to the same conclusion you did (knowing what's available is /hard/!). I'm working in a very small company, doing a lot of different things to satisfy a wide range of customers. So I tend to flit from one area to the other, without really ever having the chance (not admittedly the desire) to become really an expert at any of them. That's why perl suits me fine, because it covers a lot of areas without requiring years of study. If you have the Perl background, then yes. I suspect if I had to do some of those things, I might turn to Java based upon my familiarity. Yeah... nobody ever got into trouble writing a Java webapp :) I must admit there's truth to that. Despite my abysmal Java and Tomcat knowledge, I haven't managed to really take down a Tomcat yet. Wow, you haven't been trying very hard, then :) Except with system.exit(), but that's cheating (and can be prevented, as pointed out earlier) (ok, you can probably manage to trigger the OOM gnome). With mod_perl, it's easier to take down an Apache child or the whole thing. Try creating lots of new threads, or recurse infinitely or something like that. The former will exhaust your thread limit (and you'll get an OOME and most likely toast Tomcat) and the latter will toast the running thread (but it will recover, or at least be recycled/replaced in the request handling thread pool). If you're really adventurous, you can create a JNI library and really do some damage. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6xsYACgkQ9CaO5/Lv0PDdZQCfYcP+JqZlThB3+6RHgCGx+U39 eR4Anj3flbEU2GaWIOF5YEzcdUW1Tyjv =Fhwz -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Testando entrada no grupo
Hey Siomara, Welcome to the forum Seja bem vinda Cheers, Bruno On Fri, Mar 13, 2009 at 3:36 PM, siom...@portosdobrasil.gov.br wrote: Olá pessoal, Estou tentando entrar no grupo. Alguém pode por favor responder para eu ver se consegui. Obrigada Siomara
Re: Problems with LoadBalancing
OK, now is all clear for me So it is better not to use sticky_session_force=True, OK, is my actual configuration so Now is the question : If I don´t have this sticky_session_force=True , what happen with the requests of a session of a server which for any reason have switched off. I mean, the worker who was handeling this session now does not exist, so it is impossible to continue with the same SESSIONID. In this case, another worker will try to manage the request, isn´t it ? It will change the SESSIONID for a new SESSION ID ? For me, in this case, is when my requests have a long delay May be I can do a test with few requests and just in the middle shutting down the server with DEBUG in mod_jk, and ty to see the traces. So, in this case I can see where are the delays ? What do you think ? Thank you very much, it is very, very, very helpfully for me 2009/3/13 Rainer Jung rainer.j...@kippdata.de On 13.03.2009 14:08, Toni Menendez Lopez wrote: The behaviour is the one that I explained in the first mail, that when I stop one of the servers, I ahve very huge delays to respond to the requests of the session that were managed by this server. OK. After reading documentation I think that problem is related with parameter : #worker.izonetv.sticky_session_force=1, which if is not commented I am not able to launch any call. Hmm, above you say you have huge delays, here you say you are not able to launch any call. Let me first explain stickyness: A request that is forwarded by mod_jk to Tomcat can carry a session id. Session ids can be part of a request by either setting a so-called session cookie. This cookie has the name JSESSIONID. Or the session id is added at the end of the URL in the form ;jsessionid= Now how does stickyness work: - you set the so called jvmRoute in server.xml of your Tomcats. Each Tomcat gets a different jvmRoute. Say you have jvmRoute node1 and node2. - Tomcat automatically adds the jvmRoute to the end of each session id, whenever it creates a session. The jvmRoute is separated from the rest of the id by a dot .. - When a mod_jk load balancer operates sticky and it has to forward a request, that contains a session id, it looks for a dot in this id, and if it find it, it takes everything after the dot in the id as the name of the backend. The load balancer then looks for a member worker, whose name is equal to this jvmRoute. In the above example that would've been node1 or node2. By default any load balancer in mod_jk tries to be sticky, but if it either cant find the correct worker, or this worker is in error, it chooses another worker. If you set sticky_session_force, then you tell mod_jk that it should not try another worker in this case, and instead return an error. From your previously send mod_jk log file we can see, that your JBoss sets a session cookie for the root path /. That means, this cookie will be sent fr every request to this host. Since it is a session cookie, this is a good candidate for desaster, because when you now switch the application, but it is served by the same host, the browser sends the JBoss session cookie, although that application will not know this session. With sticky_session_force set to true (not the default), when JBoss sends the redirect to the Tomcat webapp, the browser will send a request for this Tomcat webapp, but will also send the session cookie from JBoss, because JBoss set the cookie path to /. Furthermore JBoss included a node name in the session id and the load balancer that handles to forwarding to Tomcat doesn't know about that node, so it can't preserve strict stickyness. Usually you don't want sticky_session_force. Normally so I comment this parameter otherwise my service does not work, See above. and if I comment I think the mod_jk with requeso of a loose session try to go to other worked and it does not sent any error and takes a very long delay. No it didn't in the error log you sent previously. It immediately returned an error because the request was handeled with forced stickyness, and the wofrker name given by the session id didn't exist. So, for this reason I am trying to investigate the problem with this parameter. So, focusing in this parameter, the log that I sent to you is with the parameter commented, and I found a strange thing. I explain to you : My request is the following : http://159.23.98.22/cdp-fe/Trigger.do? http://159.23.98.22/cdp-fe/Trigger.do. When I send this to apache mod_jk redirects this to my JBOSS application ( MCDP worker) and my JBOSS aplication redirect this link to http://159.23.98.22/CDP311/.. But now mod_jk when receives this second request is trying to send this request to MCDP worker again and not to IZONETV worker. The log shows that mod_jk tries to send it via izonetv: It says: - Found a wildchar match '/CDP311/*=izonetv' - Into handler jakarta-servlet worker=izonetv - found a
Re: j_security_check SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gregor, On 3/13/2009 1:58 PM, Gregor Schneider wrote: So will I then be able to access the HttpSession-object created when inside HTTPS (login-page) when I'm querying it from within a JSP served via plain HTTP? No, the session will be created in HTTP mode, then you'll submit in HTTPS mode (and the non-secure session is viewable in the secure context) and then go back to HTTP mode. That was the problem Chuck mentioned, and this I tried to solve with my - silly - suggestion from above? Try creating a sequence of requests that you think are likely, and apply the rules I laid out to see how the webapp would react. If there's a case you think won't work, let me know and I'll see if I can come up with an idea. I sees quite some pages using HTTPS for Authorization (Form-based), but once authorized, they serve via HTTP. How just simply do they do that? The session is created in HTTP mode which is why this works. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkm6x/cACgkQ9CaO5/Lv0PD4BQCfcqJdd3wVDn7/YfMtKiMTMMia 0jMAn07FSA6Au3j9ZwWqAhmS10J3uHVu =ncMM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat database connection pool
Hi, In tomcat 5.5, the database connection pool associated with my application does not seem to shutdown when I undeploy the application. All the postgres processes are still in existence. (ps -ef | grep postgres) Can anyone provide some insight as to why clean up of the connection pool is not taking place? What am I doing wrong? What can I do to fix this? Thank you very much for your help. Carol Cheung -- View this message in context: http://www.nabble.com/tomcat-database-connection-pool-tp22503977p22503977.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat database connection pool
Il 13-03-2009 22:37, Carol Cheung ha scritto: Hi, In tomcat 5.5, the database connection pool associated with my application does not seem to shutdown when I undeploy the application. All the postgres processes are still in existence. (ps -ef | grep postgres) Can anyone provide some insight as to why clean up of the connection pool is not taking place? What am I doing wrong? What can I do to fix this? search How to close open connections after application stop? http://mail-archives.apache.org/mod_mbox/tomcat-users/200902.mbox/browser at page 6 maybe that you can found some usefull informations. Edoardo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Path problem
From: David.Meldrum [mailto:david.meld...@verizon.net] Subject: Re: Path problem For example, how do I get a reference to the /webapps/MyWebApp/WEB-INF/foo.properties file? Gregor already told you here: http://marc.info/?l=tomcat-userm=123697177925016w=2 ServletContext.getRessourceAsStream(/webapps/MyWebApp/WEB-INF /foo.properties);? No, leave out the /webapps. The javadoc says the argument is a path Read the doc more carefully; it actually says: The path must begin with a '/' and is interpreted as relative to the current context root. but I don't know the full path, You don't need to; the path is relative to your webapp (despite the leading slash). Also how do I create a file under /logs? Usually, you use a logger. Tomcat provides a built-in logging mechanism based on java.util.logging, or you can implement one based on any of several standard libraries, such as log4j. The logger configuration specifies where to write the output. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Code/Design Mapping in Tomcat
Greetings, First of all, this isn't a question about how to use Tomcat, but rather a research question about its architecture, so if this should be going to a different mailing list, please let me know. From working over the documentation available online and in the Tomcat javadocs, I've tried to make a possible high-level model of Tomcat's architecture, which is available in this pdf (http://www.willamette.edu/~mvitouse/tomcat_model.pdf). The high-level entities, or layers, in this model are defined as sets of Java classes that may use any resource inside the same layer (with cycles allowed), but may only use Java files in other layers if the object being referenced is in a layer below that of the referencing object. I'm sure that this graph isn't complete, and may be outright wrong in places, so if someone who is more intimate with the structure of Tomcat than I am could take a look at it and offer any suggestions they might have, I would be very grateful. This model doesn't have to be 100% accurate, as long as it generally reflects the architecture of the system, but if there are any gross violations or omissions here please let me know where I should look. I haven't given the contents of each layer here, for reasons I talk about below, but the basic components of each layer should be clear enough, e.g. the Host layer contains the Host class and related classes like HostConfig. Some background and context for this request: I'm a student working on a project to develop a constraint-based system to analyze the mapping between a high-level model of a system's architecture and the system's actual source code structure. The constraint system we have right now works by taking a graph of dependency relations in the high-level model of a program (represented as a set of binary relations), an extracted graph of the relations in the actual source of the program, and an incomplete set of initial mappings between the two. It then (ideally) can complete the mapping, that is, infer which high level entity contains each source component. This can allow us to find places where the high-level model is violated on the source level, or where the high-level model is incorrect. A previous experience in applying this method to a medium-sized software system, GenSet, as well as the formal definition and explanation of the system, is here (http://willamette.edu/~jflasset/research/papers/zhang04fse.pdf). We now want to apply this system to a much larger piece of code, like Tomcat, to see how well it scales to large, not-necessarily layered architectures. Thanks very much for your time, Michael Vitousek - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat database connection pool
From: Carol Cheung [mailto:cache...@consumercontact.com] Subject: tomcat database connection pool In tomcat 5.5, the database connection pool associated with my application does not seem to shutdown when I undeploy the application. You don't say if the DBCP is managed by the container (Tomcat) or by your webapp. If it's the former, the pool will persist for the life of Tomcat (but see the link below). If the latter, your best bet is to implement a ServletContextListener that will explicitly shut down the pool when the contextDestroyed() method is called. The servlet spec even uses this situation as an example. An easier link to follow for the previously reference discussion thread is this: http://marc.info/?l=tomcat-userm=123529838331464w=2 And the critical messages of the thread: http://marc.info/?l=tomcat-userm=123532841602124w=2 http://marc.info/?l=tomcat-userm=123532986503723w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Code/Design Mapping in Tomcat
From: Michael Vitousek [mailto:mvito...@willamette.edu] Subject: Code/Design Mapping in Tomcat if there are any gross violations or omissions here please let me know where I should look. You left out the Service layer; it should go between Server and Engine. Connectors belong to a Service, not the singleton Server. This will be interesting to hear about as you progress. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Extending JNDI
Hello I am running Apache Jetspeed Portal server (which sits on top of Tomcat) as a development platform. We then deploy portlets to Websphere portal server for production. One area of incompatibility that I would like to fix is JNDI branches. Tomcat provides the standard java:comp/env/ branch, but IBM have a couple of other branches (e.g. /cells/persistent/... and /services/...) that don't have the usual java:comp/env/ prefix. As JNDI paths specified in /conf/context.xml automatically get the prefix added, these JNDI paths won't work on Tomcat/Jetspeed. I have an application level fix that works, but developers need to use a specific class to do JNDI access (and regularly forget to do so). So I would like implement the other JNDI branches in Tomcat itself. It would be nice if this could be done as a plug-in module, but I am happy to hack the Tomcat source code if necessary. My impression is that I would need to provide a new naming context to implement this. Can anyone point me at some documentation or give me some ideas on how I could implement these paths? Regards Ron
Problem starting Tomcat in Netbeans
Sorry for bothering the list with the same problem again, but this problem has became a nightmare at this point. Bundled Tomcat 5.5.17 on Netbeans is not starting and I'm getting the following error: *SEVERE: Parse error in default web.xml java.lang.NullPointerException* at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2725) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2751) at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1060) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1772) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2923) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:645) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:508) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:781) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:721) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:977) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:278) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5130) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3945) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:608) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021) at org.apache.catalina.core.StandardHost.start(StandardHost.java:718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Mar 13, 2009 3:26:56 PM org.apache.catalina.startup.ContextConfig processContextConfig *SEVERE: Occurred at line 18 column 20* This is what I have in the first lines of my conf/web.xml (the 18th. line is in black). ?xml version=1.0 encoding=UTF-8? web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; servlet servlet-namedefault/servlet-name servlet-classorg.apache.catalina.servlets.DefaultServlet/servlet-class init-param param-namedebug/param-name param-value0/param-value /init-param init-param param-namelistings/param-name param-valuefalse/param-value
Re: Problem starting Tomcat in Netbeans
Hi Carlos This line looks odd? Why are there asterisks around it? *servlet-classorg.apache.jasper.servlet.JspServlet/servlet-class* Regards Ron - Original Message - From: Carlos Botto carl...@qualitau.com To: Tomcat Users List users@tomcat.apache.org Sent: Saturday, March 14, 2009 11:43 AM Subject: Problem starting Tomcat in Netbeans Sorry for bothering the list with the same problem again, but this problem has became a nightmare at this point. Bundled Tomcat 5.5.17 on Netbeans is not starting and I'm getting the following error: *SEVERE: Parse error in default web.xml java.lang.NullPointerException* at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2725) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2751) at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1060) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1772) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2923) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:645) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:508) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:781) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:721) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:977) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:278) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5130) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3945) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:608) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021) at org.apache.catalina.core.StandardHost.start(StandardHost.java:718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Mar 13, 2009 3:26:56 PM org.apache.catalina.startup.ContextConfig processContextConfig *SEVERE: Occurred at line 18 column 20* This is what I have in the first lines of my conf/web.xml (the 18th. line is in black). ?xml version=1.0 encoding=UTF-8? web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee
Re: tomcat database connection pool
don't forget the best mail archive browser that I have encountered *http://tinyurl.com/blhhks* Real URL: http://tomcat.markmail.org/search/?q=How%20to%20close%20open%20connections%20after%20application%20stop#query:How%20to%20close%20open%20connections%20after%20application%20stop%20list%3Aorg.apache.tomcat.users+page:1+mid:2g4sdltz6wosa4d2+state:results Caldarale, Charles R wrote: From: Carol Cheung [mailto:cache...@consumercontact.com] Subject: tomcat database connection pool In tomcat 5.5, the database connection pool associated with my application does not seem to shutdown when I undeploy the application. You don't say if the DBCP is managed by the container (Tomcat) or by your webapp. If it's the former, the pool will persist for the life of Tomcat (but see the link below). If the latter, your best bet is to implement a ServletContextListener that will explicitly shut down the pool when the contextDestroyed() method is called. The servlet spec even uses this situation as an example. An easier link to follow for the previously reference discussion thread is this: http://marc.info/?l=tomcat-userm=123529838331464w=2 And the critical messages of the thread: http://marc.info/?l=tomcat-userm=123532841602124w=2 http://marc.info/?l=tomcat-userm=123532986503723w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem starting Tomcat in Netbeans
Hi Ron, There are no * in the code, those in the email were put on purpose to underline the 18th. line. Thanks Carlos Ron McNulty wrote: Hi Carlos This line looks odd? Why are there asterisks around it? *servlet-classorg.apache.jasper.servlet.JspServlet/servlet-class* Regards Ron - Original Message - From: Carlos Botto carl...@qualitau.com To: Tomcat Users List users@tomcat.apache.org Sent: Saturday, March 14, 2009 11:43 AM Subject: Problem starting Tomcat in Netbeans Sorry for bothering the list with the same problem again, but this problem has became a nightmare at this point. Bundled Tomcat 5.5.17 on Netbeans is not starting and I'm getting the following error: *SEVERE: Parse error in default web.xml java.lang.NullPointerException* at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2725) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2751) at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1060) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1772) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2923) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:645) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:508) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:781) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:721) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:977) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:278) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5130) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3945) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:608) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021) at org.apache.catalina.core.StandardHost.start(StandardHost.java:718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432) Mar 13, 2009 3:26:56 PM org.apache.catalina.startup.ContextConfig processContextConfig *SEVERE: Occurred at line 18 column 20* This is what I have in the first lines of my conf/web.xml (the 18th. line is in black). ?xml
Re: Problem starting Tomcat in Netbeans
Hi Carlos The error is coming from Digester, whose job in life is simply to parse XML files and read them into objects. Have you opened web.xml with a hex editor and checked for non-ascii characters? Regards Ron - Original Message - From: Carlos Botto carl...@qualitau.com To: Tomcat Users List users@tomcat.apache.org Sent: Saturday, March 14, 2009 12:04 PM Subject: Re: Problem starting Tomcat in Netbeans Hi Ron, There are no * in the code, those in the email were put on purpose to underline the 18th. line. Thanks Carlos Ron McNulty wrote: Hi Carlos This line looks odd? Why are there asterisks around it? *servlet-classorg.apache.jasper.servlet.JspServlet/servlet-class* Regards Ron - Original Message - From: Carlos Botto carl...@qualitau.com To: Tomcat Users List users@tomcat.apache.org Sent: Saturday, March 14, 2009 11:43 AM Subject: Problem starting Tomcat in Netbeans Sorry for bothering the list with the same problem again, but this problem has became a nightmare at this point. Bundled Tomcat 5.5.17 on Netbeans is not starting and I'm getting the following error: *SEVERE: Parse error in default web.xml java.lang.NullPointerException* at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2725) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2751) at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1060) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1772) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2923) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:645) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:508) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:781) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:721) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:977) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:278) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5130) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3945) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:608) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021) at org.apache.catalina.core.StandardHost.start(StandardHost.java:718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at
Re: Problem starting Tomcat in Netbeans
Ron, I did it. Also I deleted the line and typed it again. Thanks Carlos Ron McNulty wrote: Hi Carlos The error is coming from Digester, whose job in life is simply to parse XML files and read them into objects. Have you opened web.xml with a hex editor and checked for non-ascii characters? Regards Ron - Original Message - From: Carlos Botto carl...@qualitau.com To: Tomcat Users List users@tomcat.apache.org Sent: Saturday, March 14, 2009 12:04 PM Subject: Re: Problem starting Tomcat in Netbeans Hi Ron, There are no * in the code, those in the email were put on purpose to underline the 18th. line. Thanks Carlos Ron McNulty wrote: Hi Carlos This line looks odd? Why are there asterisks around it? *servlet-classorg.apache.jasper.servlet.JspServlet/servlet-class* Regards Ron - Original Message - From: Carlos Botto carl...@qualitau.com To: Tomcat Users List users@tomcat.apache.org Sent: Saturday, March 14, 2009 11:43 AM Subject: Problem starting Tomcat in Netbeans Sorry for bothering the list with the same problem again, but this problem has became a nightmare at this point. Bundled Tomcat 5.5.17 on Netbeans is not starting and I'm getting the following error: *SEVERE: Parse error in default web.xml java.lang.NullPointerException* at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2725) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2751) at org.apache.tomcat.util.digester.Digester.endElement(Digester.java:1060) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement(AbstractSAXParser.java:601) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocumentFragmentScannerImpl.java:1772) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2923) at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:645) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:508) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1205) at com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(SAXParserImpl.java:522) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561) at org.apache.catalina.startup.ContextConfig.processContextConfig(ContextConfig.java:781) at org.apache.catalina.startup.ContextConfig.contextConfig(ContextConfig.java:721) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:977) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:278) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5130) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3945) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:608) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:535) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:470) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:310) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021) at org.apache.catalina.core.StandardHost.start(StandardHost.java:718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442) at org.apache.catalina.core.StandardService.start(StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
