RE: JVM crash issue
> From: jochen [mailto:songzhou...@gmail.com] > I deployed an inhouse application in Tomcat 6.0 and I > experienced random JVM crashes for two weeks. Are you *absolutely certain* your hardware is good? We've had several reports of JVM crashes on this list where the real problem is faulty hardware - usually bad RAM. It's far more common than most people realise. Test by running the application on different hardware. [...] > Native frames: (J=compiled Java code, j=interpreted, Vv=VM > code, C=native code) > V [libjvm.so+0x3678c8] > Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) > v ~BufferBlob::Interpreter [...] > java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/ > Object;)Ljava/lang/Object; > v ~BufferBlob::Interpreter > J > com.opensymphony.xwork2.DefaultActionInvocation.invoke()Ljava/ lang/String; [...] The code that is closest to the crash is this OpenSymphony code, which is then invoking something by reflection when the crash happens. Do the crashes always happen at the same point in the code? If so, I'd ask OpenSymphony :-). If not, I suspect bad hardware - but you might want to analyse several crash dumps to look for common factors. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JVM crash issue
Hi all, I deployed an inhouse application in Tomcat 6.0 and I experienced random JVM crashes for two weeks. I searched the archieves for this topic, and went through the "Troubleshooting guild for Java SE6 with HotSpot VM" spec again, but still unable to fiure out what could have caused those crashes. Below is one of JVM error logs, Could any big guy give me some advice? or any help is greatly appreciated. sorry for the long message. JVM error log -- # # An unexpected error has been detected by Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x2aecf42738c8, pid=31900, tid=1125493056 # # Java VM: Java HotSpot(TM) 64-Bit Server VM (10.0-b23 mixed mode linux-amd64) # Problematic frame: # V [libjvm.so+0x3678c8] # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # --- T H R E A D --- Current thread (0x2aab3ed7): JavaThread "catalina-exec-2" daemon [_thread_in_vm, id=31977, stack(0x4305a000,0x4315b000)] siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0x Registers: RAX=0x2aab3ed70620, RBX=0x2aab3ed70a08, RCX=0x2aab3ed7, RDX=0x2aecf3ac6280 RSP=0x431564d0, RBP=0x43156560, RSI=0x4315aa20, RDI=0x0001 R8 =0x0ffc, R9 =0x2aecf475c230, R10=0x2aecf475fcb0, R11=0x2aab3fc513a0 R12=0x, R13=0x2aab3ed70630, R14=0x, R15=0x431564f0 RIP=0x2aecf42738c8, EFL=0x00010246, CSGSFS=0x0033, ERR=0x0004 TRAPNO=0x000e Top of Stack: (sp=0x431564d0) 0x431564d0: 2aab3fc513a0 2aab3ed70620 0x431564e0: 2aab3ed70630 2aab3ed70a08 0x431564f0: 2aab3ed7 0x43156500: 2aecf475b170 2aab3ed7 0x43156510: 2aab3ed7 0001 0x43156520: 2aab3ed7 2aecf41ffd43 0x43156530: 2aab275ed380 2aaab1500830 0x43156540: 2aaab1500bc8 2aaab1500830 0x43156550: 43156820 2aab3ed7 0x43156560: 2aab3ed70198 2aab42736bf9 0x43156570: 43156590 2aecf42ad629 0x43156580: 0001 2ea065d8 0x43156590: 2aab3ed7 0001 0x431565a0: 0004 0x431565b0: 43156808 43156810 0x431565c0: 43156818 0x431565d0: 2aab275ed470 0004 0x431565e0: 43156630 2aecf41ff6f5 0x431565f0: 2aab3ed7 0004 0x43156600: 2aab275ed660 0004 0x43156610: 2aab275ed660 2aab3ed7 0x43156620: 0004 2aab3ed70a88 0x43156630: 43156670 2aecf4546950 0x43156640: 2aab275ed6a0 2aab3ed7 0x43156650: 2aab275ed680 2b5a86f6 0x43156660: 43156748 2aab3ed7 0x43156670: 2aab275ed700 2b58dc3e 0x43156680: 2aab275ed680 2aecf422a4a2 0x43156690: 2aab3ed7 43156750 0x431566a0: 2aab275ed6a0 43156740 0x431566b0: 431566b0 2ebe3178 0x431566c0: 43156700 2aaab034aa08 Instructions: (pc=0x2aecf42738c8) 0x2aecf42738b8: 4d 8b 6b 10 4c 89 6d 80 49 8b 5b 18 48 89 5d 88 0x2aecf42738c8: 49 8b 3c 24 e8 9f 92 fd ff 48 89 c7 49 89 c4 e8 Stack: [0x4305a000,0x4315b000], sp=0x431564d0, free space=1009k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x3678c8] Java frames: (J=compiled Java code, j=interpreted, Vv=VM code) v ~BufferBlob::Interpreter v ~BufferBlob::Interpreter v ~BufferBlob::Interpreter v ~BufferBlob::StubRoutines (1) v ~BufferBlob::Interpreter v ~BufferBlob::Interpreter J java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; v ~BufferBlob::Interpreter J com.opensymphony.xwork2.DefaultActionInvocation.invoke()Ljava/lang/String; v ~BufferBlob::Interpreter v ~BufferBlob::Interpreter J com.opensymphony.xwork2.DefaultActionInvocation.invoke()Ljava/lang/String; v ~BufferBlob::Interpreter v ~BufferBlob::Interpreter v ~BufferBlob::Interpreter J com.opensymphony.xwork2.DefaultActionInvocation.invoke()Ljava/lang/String; v ~BufferBlob::Interpreter J com.opensymphony.xwork2.DefaultActionInvocation.invoke()Ljava/lang/String; v ~BufferBlob::Interpreter v ~BufferBlob::Interpreter J com.opensymphony.xwork2.DefaultActionInvocation.invoke()Ljava/lang/String; v ~BufferBlob::Interpreter J com.opensymphony.xwork2.DefaultActionInvocation.invoke()Ljava/lang/String; J org.apache.struts2.interceptor.CheckboxInterceptor.intercept(
Re: OCI and Realm Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrea, On 4/16/2009 10:45 AM, Andrea De Gaetano wrote: > Everything works with the "Thin" Driver, instead with OCI driver, after the > login procedure the java virtual machine crash with some memory dump > messages... Care to post those messages? > export ORACLE_HOME=/usr/lib/oracle/10.2.0/client > export JAVA_HOME=/usr/java/jdk1.5.0_17/ > export CATALINA_BASE=/opt/tomcat/apache-tomcat-5.5.27 > export TOMCAT_HOME=/opt/tomcat/apache-tomcat-5.5.27 > export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib Can you get a standalone program to successfully connect to Oracle using the OCI driver using the same JVM on the same machine? It's unlikely that this is a Tomcat problem (Tomcat doesn't do a whole lot with the JDBC driver except register it with the JVM and try to use it). > The server is a 64 bit machine but I don't think there is problem about it. Are you running a 64-bit JVM? How about the native portion of the Oracle library? Is that 32-bit or 64-bit? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvoqoACgkQ9CaO5/Lv0PCeNACgh2QLzs++UQXZ95yI60vKx1QB r8sAn13StGp+EL8r3Z1Th7veenr4Y7uY =4wfA -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Avoiding username/password being logged into localhost access logs
> From: jithu mada [mailto:jithu.m...@gmail.com] > Subject: Re: Avoiding username/password being logged into localhost > access logs > > Its only accessible to few users. > > But the user wants the username and password to be obscured. Then you'll need to extend the existing logger class, have your replacement scan for username and password, and apply appropriate obfuscation. It would be easier just to completely restrict access to the log files, and filter them after the fact. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Avoiding username/password being logged into localhost access logs
jithu mada wrote: [...] The only way I can see for the userid and password to be visible in an access log, is if they are part of the URL (actually, of the query string) and unencoded. Which would mean that this is a form-based authentication, with either no method attribute in the tag, or method="GET". If it was really a POST, it would be in the body of the request, and not appear in the access log. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Avoiding username/password being logged into localhost access logs
Thanks for the prompt Reply. The tomcat is running on AIX 5.3 and the files are not publicly accessible. Its only accessible to few users. But the user wants the username and password to be obscured. On Wed, Apr 22, 2009 at 5:43 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Tom-cat [mailto:jithu.m...@gmail.com] > > Subject: Avoiding username/password being logged into localhost access > > logs > > > > We are using Tomcat 5.0.27. > > No longer supported. > > > It has become a security issue as anyone with an > > account to the system can browse through the logs > > and find out the username and password of the users. > > Why are your log files publically accessible? You didn't tell us the > platform you're running on, but pretty much everything has ways to make > files/directories accessible only to select users. > > Is your Tomcat configuration accessible as well? > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: Avoiding username/password being logged into localhost access logs
> From: Tom-cat [mailto:jithu.m...@gmail.com] > Subject: Avoiding username/password being logged into localhost access > logs > > We are using Tomcat 5.0.27. No longer supported. > It has become a security issue as anyone with an > account to the system can browse through the logs > and find out the username and password of the users. Why are your log files publically accessible? You didn't tell us the platform you're running on, but pretty much everything has ways to make files/directories accessible only to select users. Is your Tomcat configuration accessible as well? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Fwd: username/password being logged in clear text
-- Forwarded message -- From: jithu mada Date: Wed, Apr 22, 2009 at 5:38 PM Subject: username/password being logged in clear text To: users@tomcat.apache.org Hi, We are using Tomcat 5.0.27. Whenever the user logs using GET or POST request his/her username and password are being logged in clear text in the localhost access logs. It has become a security issue as anyone with an account to the system can browse through the logs and find out the username and password of the users. So I was going through the documentation to find if there is any attribute which controls this behavior and we can prevent it from being printed in the log file but I couldn't find one. And I am using org.apache.catalina.logger.FileLogger as the Logger class. I really appreciate if you can help me out here. thanks Jitender
Avoiding username/password being logged into localhost access logs
Hi, We are using Tomcat 5.0.27. Whenever the user logs using GET or POST request his/her username and password are being logged in clear text in the localhost access logs. It has become a security issue as anyone with an account to the system can browse through the logs and find out the username and password of the users. So I was going through the documentation to find if there is any attribute which controls this behavior and we can prevent it from being printed in the log file but I couldn't find one. And I am using org.apache.catalina.logger.FileLogger as the Logger class. Any replies greatly appreciated. -- View this message in context: http://www.nabble.com/Avoiding-username-password-being-logged-into-localhost-access-logs-tp23176286p23176286.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Undeploy does not delete all .jar files
First time Second time Third time All three times gives me the same result. My application runs fine...well, I didn't check the 3rd time. I just can't undeploy in the Tomcat Manager. I have been stopping the service and redeploying manually for awhile now and everything seemed ok. I just can't do it without stopping the service. JT On Wed, Apr 22, 2009 at 4:24 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: JT [mailto:jltoo...@gmail.com] > > Subject: Re: Undeploy does not delete all .jar files > > > > Not sure why I have the . I put that in over a > > year ago and I was looking at docs and examples online > > and since it seemed to work I didn't worry about it. > > It didn't "work" - it didn't do anything. > > > Anyways, I did not add the Logger back into my application context.xml > > file. My application context.xml file looks like this. > > > > > > > type="javax.sql.DataSource" > >driverClassName="oracle.jdbc.driver.OracleDriver" > > url="jdbc:oracle:thin:@.../> > > > > Did you seriously nest one element inside another? That's > obviously incorrect; it should look something like this: > > > type="javax.sql.DataSource" > driverClassName="oracle.jdbc.driver.OracleDriver" > url="jdbc:oracle:thin:@.../> > > > I have not attempted to validate your settings. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Steps to configure Tomcat 5.0 with PKCS#11 support
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Raminder, On 4/22/2009 5:06 AM, Raminder Singh wrote: > We are using tomcat 5.0.28 and JDK 1.5.10. Now, there is some > requirement to use tomcat with PKCS#11 support. Initial study shows > that a hardware token would be needed for this. > > 1) Is minimum tomcat version 5.5 is must for this? It appears so. > 2) Is this hardware requirement is mandatory? Or any other way > is possible? Well, PKCS#11 is traditionally used with hardware, but a software token is also acceptable. > 3) what additional changes would be required at server.xml > level for PKCS#11 support. RTFM: http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html There are also references in the list archives: http://marc.info/?l=tomcat-user&m=118066767827013&w=2 Unfortunately, that doesn't seem to be the right answer: http://marc.info/?l=tomcat-user&m=118073747704071&w=2 ...although the OP might not be properly configuring their keystore. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvfisACgkQ9CaO5/Lv0PBwwACfYoeFfvGsOcUfMKb+fU4ZJG6R Mw8AoId5zZdQvqY+HZmkbC4dS8UPc4a2 =Cg6t -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Undeploy does not delete all .jar files
> From: JT [mailto:jltoo...@gmail.com] > Subject: Re: Undeploy does not delete all .jar files > > Not sure why I have the . I put that in over a > year ago and I was looking at docs and examples online > and since it seemed to work I didn't worry about it. It didn't "work" - it didn't do anything. > Anyways, I did not add the Logger back into my application context.xml > file. My application context.xml file looks like this. > > > type="javax.sql.DataSource" >driverClassName="oracle.jdbc.driver.OracleDriver" > url="jdbc:oracle:thin:@.../> > Did you seriously nest one element inside another? That's obviously incorrect; it should look something like this:
RE: Access Deny of Tomcat
> From: FreddieWeng [mailto:freddiew...@gmail.com] > Subject: RE: Access Deny of Tomcat > > I created a new directory in the Tomcat home directory That's not useful; webapps (even if they consist of nothing but static content) are normally placed under the appBase directory. The default for Tomcat is named, coincidentally, webapps. > then tried to use IE in a client to see the file info within > that directory, but failed. What URL did you try? Note that directory listings are disabled by default, although contents may be retrieved when explicitly named on the URL. To enable directory listings, you'll need to adjust the listings parameter for the DefaultServlet declared in conf/web.xml. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Undeploy does not delete all .jar files
On Wed, Apr 22, 2009 at 12:58 PM, JT wrote: > My application context.xml file looks like this. > > > driverClassName=”oracle.jdbc.driver.OracleDriver” > url=”jdbc:oracle:thin:@.../> > I'm surprised Tomcat even starts with that -- Context elements can't be nested. Try: -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Headstart on "Resolving OOM-PermGen errors on webapp reload"
> From: Martin Gainty [mailto:mgai...@hotmail.com] > Subject: RE: Headstart on "Resolving OOM-PermGen errors on webapp > reload" > > we expect free technical support 24/7/365 so bring a blackberry w/ you No thanks; I'll keep my iPhone (and Skype, so I don't have to pay AT&T's outrageous international charges). > are there any good primers on eden,PermGen and general heap? Start here: http://java.sun.com/javase/technologies/hotspot/gc/index.jsp Look at the Memory Management white paper and Garbage Collection Tuning to start. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Access Deny of Tomcat
FreddieWeng wrote: I'm using Tomcat 6.0.18, which was downloaded from tomcat.apache.org, with jvm 6.0.07 on Windows XP. Which one did you download and install ? In Tomcat 5 .. Binary distributions .. Core.. there are 2 : a "zip" version, and a Windows Installer. Which one did you download and install ? I was just trying to see if Tomcat works. Check first if it is running. If you installed the Windows Installer version, then in the "Windows Services" part of your control panel, you should see a service "Apache Tomcat", marked as running. True ? I created a new directory in the Tomcat home directory, That's not the right place. and then tried to use IE in a client to see the file info within that directory, but failed. What URL did you enter in IE, and what happened ? What message did you get in IE ? No firewall was using. I'm wondering if I have to change something settings in Tomcat Server first, e.g. provide access authority to specific clients? No. thanks very much in advance~~ Caldarale, Charles R wrote: From: FreddieWeng [mailto:freddiew...@gmail.com] Subject: Access Deny of Tomcat I'm a new comer to Tomcat and your help is very appreciated~~ What version of Tomcat are you a newcomer to? (That's the first piece of information that should appear whenever you start a new discussion thread.) Also, what JVM are you using, and what platform are you running on? Did you install a Tomcat download from tomcat.apache.org, or did you get it from some 3rd party? I tried to connect to directories in Tomcat server from some client. What does "connect to directories" mean? Tomcat is a server for webapps; what webapps have you deployed? What are you trying to "connect" to? What is the mechanism you're using to "connect"? Do the examples that come with a standard Tomcat work? Do you have a firewall blocking access? Do you have any idea of how to fix this problem? Not until you describe what you're actually trying to do. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] Headstart on "Resolving OOM-PermGen errors on webapp reload"
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: Headstart on "Resolving OOM-PermGen errors on webapp > reload" > > You'll probably want mountains, and chocolate. Switzerland ? London. $ vs pound is pretty decent right now. It's been 45+ years since I've been on the Tube... > I recently came across this article : > http://en.wikipedia.org/wiki/Adaptive_Replacement_Cache I don't see the parallels; nothing in GC is LRU based that I can think of. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Headstart on "Resolving OOM-PermGen errors on webapp reload"
we expect free technical support 24/7/365 so bring a blackberry w/ you are there any good primers on eden,PermGen and general heap? (HF) Martin __ Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > From: chuck.caldar...@unisys.com > To: users@tomcat.apache.org > Date: Wed, 22 Apr 2009 14:19:16 -0500 > Subject: RE: Headstart on "Resolving OOM-PermGen errors on webapp reload" > > > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > > Subject: Re: Headstart on "Resolving OOM-PermGen errors on webapp > > reload" > > > > Does that mean that, technically speaking, PermGen is allowed > > to grow to take over the whole heap? > > No, PermGen is independent of the general heap, limited by MaxPermSize and > -Xmx respectively. They are allocated contiguously to insure that the > underlying reference marking of HotSpot GC works properly. > > > Odd that the NewSize can exceed the maximum heap. > > It can't really; if I get time before going on vacation this Friday I'll look > to see where that number comes from. > > > You *did* say it was unnecessarily complicated ;) > > Probably "seemed like a good idea at the time." > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > _ Windows Live™ Hotmail®:…more than just e-mail. http://windowslive.com/online/hotmail?ocid=TXT_TAGLM_WL_HM_more_042009
RE: Access Deny of Tomcat
I'm using Tomcat 6.0.18, which was downloaded from tomcat.apache.org, with jvm 6.0.07 on Windows XP. I was just trying to see if Tomcat works. I created a new directory in the Tomcat home directory, and then tried to use IE in a client to see the file info within that directory, but failed. No firewall was using. I'm wondering if I have to change something settings in Tomcat Server first, e.g. provide access authority to specific clients? thanks very much in advance~~ Caldarale, Charles R wrote: > >> From: FreddieWeng [mailto:freddiew...@gmail.com] >> Subject: Access Deny of Tomcat >> >> I'm a new comer to Tomcat and your help is very appreciated~~ > > What version of Tomcat are you a newcomer to? (That's the first piece of > information that should appear whenever you start a new discussion > thread.) Also, what JVM are you using, and what platform are you running > on? Did you install a Tomcat download from tomcat.apache.org, or did you > get it from some 3rd party? > >> I tried to connect to directories in Tomcat server >> from some client. > > What does "connect to directories" mean? Tomcat is a server for webapps; > what webapps have you deployed? What are you trying to "connect" to? > What is the mechanism you're using to "connect"? Do the examples that > come with a standard Tomcat work? > > Do you have a firewall blocking access? > >> Do you have any idea of how to fix this problem? > > Not until you describe what you're actually trying to do. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://www.nabble.com/Access-Deny-of-Tomcat-tp23168490p23175837.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Undeploy does not delete all .jar files
Not sure why I have the . I put that in over a year ago and I was looking at docs and examples online and since it seemed to work I didn't worry about it. now that I need to undeploy without stopping the service things aren't working. This was originally in the global conf/context.xml file Anyways, I did not add the Logger back into my application context.xml file. My application context.xml file looks like this. On Wed, Apr 22, 2009 at 3:25 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: JT [mailto:jltoo...@gmail.com] > > Subject: Re: Undeploy does not delete all .jar files > > > > I am using a database and I think it's telling me > > to add my database connections inside of the > > context.xml file. > > That is correct. If the database is to be used by just a single webapp, > the element should be nested inside the element for > just that webapp. Placing the element in the global > conf/context.xml file will make the database accessible by all webapps, > which is often undesirable. > > > JDeveloper automatically added a META-INF directory and > > when it creates my war file it puts this directory under > > WEB-INF/classes. > > Either the IDE is seriously broken, or you have misconfigured it. If it's > the former, I certainly wouldn't use it, since it can't be trusted. > > > would that mess everything up if I > > have 2 META-INF directories? > > The improperly located META-INF would be ignored by Tomcat. > > > Nothing has changed with the new version of Tomcat. > > How did you end up with a element in the global conf/context.xml? > That construct hasn't been supported for a long time. If your IDE created > it, that's yet another reason not to use it. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: A sample workers.properties file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan, On 4/22/2009 3:43 PM, Jonathan Mast wrote: > yeah i downloaded the source and found the sample workers.properties files. > > The workers.properties.minimal has a bug in it, btw, the ajp13w worker is > not in the worker.list and must be added manually. That's because the worker.list already contains the wlb worker, which uses the ajp13 worker. I would argue that this isn't a "minimal" workers.properties, but everything seems to be in order. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvdS4ACgkQ9CaO5/Lv0PDWiQCghYK1jOeTeXZ2JsUwt4OaAudI kZ4AoKKHr9qNqMWOSff5p0vi0P6UnbZb =Y19P -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: form based authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jill, On 4/22/2009 3:11 PM, Jill Han wrote: > What I want to do is all the applications have the same realm config > in server.xml. That's not what you said earlier: you said you wanted /certain/ applications to have SSO behavior. SSO works by creating a single Realm for all applications within the same and authenticating only a single time. > When it comes to the different Applications, the > authentication will be performed based on application very own > web.xml. This is not possible using SSO, since it always uses the same Realm configuration. The only things you can control with web.xml are the form where authentication is requested (the login-form) which could be different for each webapp and the recognized security roles and what they are allowed to access. > If the applications in the web.xml have the same > , those applications just need to be authenticated once. Tomcat does not provide this capability. You will have to roll your own authentication scheme to do this. > If the applications in the web.xml have different , those > applications need to be authenticated separately. Your best option is to use multiple entries in server.xml, but this requires that you have different host names or IP addresses in order to make it work, which may not be possible or reasonable for your requirements. > Those tasks can be achieved if basic authentication as > BASIC > TEST is used. This is because of a coincidence in how HTTP Auth works. Your browser sends a special HTTP header regardless of the webapp being used, and then the webapp does whatever it wants in order to authenticate and authorize the request. Form authentication is different, since once the authentication is performed, the session is tied to that user and only authorization checks are done after that. If you still can't get this to work, I can think of another solution (and you're not going to like it): 1. Use securityfilter (http://securityfilter.sourceforge.net) 2. Write a servlet that accepts an encrypted identifier from your other applications and crams the Principal into the session (where sf keeps its user info) 3. Encode all your URLs that take you from one application to the other to to provide this encrypted identifier to the login-forcing servlet and then redirect to where you /really/ want to go Of course, this doesn't work if users randomly jump between applications without actually clicking on your links. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvc9MACgkQ9CaO5/Lv0PDI0gCeMz5jpM1h8sqAxVGAqyatHOcP Di8Amwc5K5mhG8unhenRq6Cw2iprgzCk =rvrX -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A sample workers.properties file
yeah i downloaded the source and found the sample workers.properties files. The workers.properties.minimal has a bug in it, btw, the ajp13w worker is not in the worker.list and must be added manually. But it works otherwise. On Wed, Apr 22, 2009 at 2:52 PM, André Warnier wrote: > André Warnier wrote: > >> Jonathan Mast wrote: >> >>> The Tomcat-Connector docs say that the source dist contains a sample >>> workers.properties file, but neither Tomcat 6 nor Httpd 2.2 src archives >>> contain such a file. >>> >>> But the mod_jk connector download does, I am quite sure. >> >> You /have/ downloaded the connector also, I presume ? > http://tomcat.apache.org/download-connectors.cgi > and "binary releases". > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: windows 2k3 / Tomcat 6 / IIS configuration - randomly losing sessions
Christopher Schultz wrote: I would instrument the client using something like LiveHttpHeaders (when is Daniel going to support ff3.5?!) try HttpFox. or IEHeaders (or whatever it is for MSIE) Fiddler2 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: form based authentication
Some corrections on the previous email.
I should say
When singleSignOn is commented, those tasks can be achieved if basic
authentication as
BASIC
TEST
is used.
-Original Message-
From: Jill Han
Sent: Wednesday, April 22, 2009 2:12 PM
To: 'Tomcat Users List'
Subject: RE: form based authentication
There is single in server.xml
...
ldap://url:389";
alternateURL="ldap://url:389";
userBase="DC=AC"
userSearch="(sAMAccountName={0})"
userRoleName="memberof"
roleBase="DC=AC"
roleName="cn"
roleSearch="(uniqueMember={0})"
userSubtree="true"
roleSubtree="false"
/>
...
What I want to do is all the applications have the same realm config in
server.xml. When it comes to the different
Applications, the authentication will be performed based on application very
own web.xml.
If the applications in the web.xml have the same , those
applications just need to be authenticated once.
If the applications in the web.xml have different , those
applications need to be authenticated separately.
Those tasks can be achieved if basic authentication as
BASIC
TEST
is used.
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Wednesday, April 22, 2009 12:12 PM
To: Tomcat Users List
Subject: RE: form based authentication
> From: Jill Han [mailto:jill@alverno.edu]
> Subject: RE: form based authentication
>
> However, this makes authentication activated only once although the
> applications have different realms.
To quote from the SSO doc:
"All web applications configured for this virtual host must share the same
Realm."
http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
Can you separate the various s by ? Or are you stuck with a
single ?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
Re: Headstart on "Resolving OOM-PermGen errors on webapp reload"
Caldarale, Charles R wrote: ... It can't really; if I get time before going on vacation this Friday I'll look to see where that number comes from. We'll miss you. You'll probably want mountains, and chocolate. Switzerland ? You *did* say it was unnecessarily complicated ;) Probably "seemed like a good idea at the time." I recently came across this article : http://en.wikipedia.org/wiki/Adaptive_Replacement_Cache and find some eery parallels. Which makes me wonder about the patent situation.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: windows 2k3 / Tomcat 6 / IIS configuration - randomly losing sessions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 4/22/2009 12:25 AM, Menachem Husarsky wrote: > Christopher Schultz wrote: >> Are all your customers using Cookies? > > Yes. However, URL rewriting is disabled. Er.. how did you do this? Tomcat offers no way to disable URL rewriting. Or, did you implement one of those nasty jsessionid-stripping filters? > When I turn off cookies in > any of my browsers, our website's cart functionality will not work, > so if customers are complaining about their cart's being purged in > the middle of checkout it is not a cookie issue with their browsers. Okay. >> Do you ever switch hostnames during any of the website >> interactions? That would break your Cookie trail and you would >> observe the user's session "disappearing". The same thing can >> happen if the session cookie was created using HTTPS and then you >> switch to HTTP. > > > No we do not switch host names. customers start their sessions in > HTTP and switch to HTTPS to complete checkout. Not the other way > around. Good. The other way around is problematic. If you are instrumenting your application, you might consider logging the "secure" attribute of the session cookie being observed. If you find one marked as "secure" you could have a problem (and the solution is to only create session cookies in non-secure mode). >> Can you give us more information about the circumstances? Does it >> always happen during a particular page transition? What else do >> these failures have in common? > > It seems to happen during a transition from any one page to another, > but losing sessions, primarily interests me when it occurs during the > checkout process. we're recording the cart purge on various checkout > pages. Is the session actively killed, or does the client just lose track of the session id (or cookie, or whatever)? > I don't perceive any particular commonality. At first i thought it > was a browser issue, because it was happening to people who use IE 7. > However, recently I noticed it occurring to Mozilla Firefox users as > well. I have ruled out a browser issue client side as the culprit, > especially in light of the fact that this worked fine for years with > resin. One thing I have noticed is sometimes, a particular customer > would get their cart purged in the middle of a checkout session, and > then it would happen to the same customer/IP a few minutes later. > This is why i pursued the browser line of thinking, but it doesn't > explain why things worked fine for years in resin. Just remember that you didn't just change-out Resin for Tomcat. Your OP said that you changed hosting environments, too, so other factors are likely at play. If you now went back to Resin (replaced TC with Resin, but stayed with your current environment), I would expect that Resin would "fail" in the same way. > Right now I'm pursuing two lines of thinking: > > 1) somehow tomcat is in fact killing off the session, so on the next > request the user get's a new session, thus purging their cart since > our cart system uses sessions for storage. Tomcat will only kill the session if session.invalidate() is called, or if the session times out. I suspect you aren't explicitly setting your session timeouts, which means that they are getting the default timeout of 30 minutes. You can instrument your application by doing the following to see if the session is being killed by something during a request: 1. Write a Filter that... 2. wraps the HttpServletRequest with an object that... 3. intercepts calls to getSession and wraps the HttpSession object with... 4. an object that logs calls to the "invalidate" method Remember to log stack traces ;) > 2) somehow amid page redirects, tomcat doesn't get the session ID > from the browser and therefore issues to the browser a new session > ID, so although the cart exists under the old session object, the > user effectively loses their cart by receiving a new session. I would instrument the client using something like LiveHttpHeaders (when is Daniel going to support ff3.5?!) or IEHeaders (or whatever it is for MSIE) to see the chain of events that leads to session loss. Obviously, being able to reproduce this error is essential, so it's too bad that you haven't been able to do it yourself. If you have enough information in the web server logs, you can probably identify a problem case, then go back and look at their other requests to piece-together the chain of events. Note that Apache httpd can log cookie values if you ask it to do so, and I suspect that the AccessLogValve can do so, too. > Do you have any suggestions for me for how to debug this in a finer > more controlled fashion? Unfortunately, not being able to reproduce the problem is your biggest problem. Once you can do that, identifying and resolving the problem becomes *much* easier. Collecting more information when you identify these cases will certainly help with reproducibility. Good luck, - -chris -BEGIN PG
RE: Undeploy does not delete all .jar files
> From: JT [mailto:jltoo...@gmail.com] > Subject: Re: Undeploy does not delete all .jar files > > I am using a database and I think it's telling me > to add my database connections inside of the > context.xml file. That is correct. If the database is to be used by just a single webapp, the element should be nested inside the element for just that webapp. Placing the element in the global conf/context.xml file will make the database accessible by all webapps, which is often undesirable. > JDeveloper automatically added a META-INF directory and > when it creates my war file it puts this directory under > WEB-INF/classes. Either the IDE is seriously broken, or you have misconfigured it. If it's the former, I certainly wouldn't use it, since it can't be trusted. > would that mess everything up if I > have 2 META-INF directories? The improperly located META-INF would be ignored by Tomcat. > Nothing has changed with the new version of Tomcat. How did you end up with a element in the global conf/context.xml? That construct hasn't been supported for a long time. If your IDE created it, that's yet another reason not to use it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Headstart on "Resolving OOM-PermGen errors on webapp reload"
> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re: Headstart on "Resolving OOM-PermGen errors on webapp > reload" > > Does that mean that, technically speaking, PermGen is allowed > to grow to take over the whole heap? No, PermGen is independent of the general heap, limited by MaxPermSize and -Xmx respectively. They are allocated contiguously to insure that the underlying reference marking of HotSpot GC works properly. > Odd that the NewSize can exceed the maximum heap. It can't really; if I get time before going on vacation this Friday I'll look to see where that number comes from. > You *did* say it was unnecessarily complicated ;) Probably "seemed like a good idea at the time." - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Tomcat Security and Struts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hassan, On 4/22/2009 2:45 PM, Hassan Schroeder wrote: > On Wed, Apr 22, 2009 at 11:43 AM, Mighty Tornado > wrote: >> How can I make the request to port 8443 actually succeed? > > Configure an https Connector. And correctly set your "redirectPort" in the non-secure Connector. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvbKAACgkQ9CaO5/Lv0PDclACgvKUqGHp2wqFbxMqw5xdcZenG 5ccAmwdPTj5V3EeJKccuJ3Kz6Gr9uCPh =w34K -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Security and Struts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 4/22/2009 12:37 PM, André Warnier wrote: > Caldarale, Charles R wrote: >>> From: Mikolaj Rydzewski [mailto:m...@ceti.pl] >>> Subject: Re: Tomcat Security and Struts >>> >>> Mark Thomas wrote: /* will protect everything. >>> If your login page uses any external assets (images, stylesheets, >>> etc), it will become corrupted (assets won't load). >> >> Care to explain that? The above construct seems to work fine for our >> static resources. >> > Maybe this : if the login page itself contains a link to a gif located > in the same area, trying to load that gif will also hit the > authentication bit, and trigger another login page, before the first > even finishes displaying ? Precisely. Unfortunately, this actually makes things worse than you might think, since (some versions of) Tomcat stores the most recent request as the one to re-play after successful authentication. I have seen Tomcat respond post-authentication by serving a CSS file or graphic rather than the "expected" original request (usually an HTML page). The solution, of course, is to leave your (appropriate) static content unprotected. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEUEARECAAYFAknvbEkACgkQ9CaO5/Lv0PAavQCYj4ULwKXkFPd5K1wu1nJXpz+C fQCgoRTZnjyJaoEFQE1pkMgJ+bb7MjQ= =ewii -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: form based authentication
There is single in server.xml
...
ldap://url:389";
alternateURL="ldap://url:389";
userBase="DC=AC"
userSearch="(sAMAccountName={0})"
userRoleName="memberof"
roleBase="DC=AC"
roleName="cn"
roleSearch="(uniqueMember={0})"
userSubtree="true"
roleSubtree="false"
/>
...
What I want to do is all the applications have the same realm config in
server.xml. When it comes to the different
Applications, the authentication will be performed based on application very
own web.xml.
If the applications in the web.xml have the same , those
applications just need to be authenticated once.
If the applications in the web.xml have different , those
applications need to be authenticated separately.
Those tasks can be achieved if basic authentication as
BASIC
TEST
is used.
-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Wednesday, April 22, 2009 12:12 PM
To: Tomcat Users List
Subject: RE: form based authentication
> From: Jill Han [mailto:jill@alverno.edu]
> Subject: RE: form based authentication
>
> However, this makes authentication activated only once although the
> applications have different realms.
To quote from the SSO doc:
"All web applications configured for this virtual host must share the same
Realm."
http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
Can you separate the various s by ? Or are you stuck with a
single ?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
Re: Undeploy does not delete all .jar files
I am confused again. I was using Tomcat 5.5, but I uninstalled 5.5 and installed 6 and tried to start from scratch by following the docs. Maybe I'm missing something, but I am using a database and I think it's telling me to add my database connections inside of the context.xml file. " wrote: > > From: JT [mailto:jltoo...@gmail.com] > > Subject: Re: Undeploy does not delete all .jar files > > > > I took everything out of my conf/context.xml file except for > > WatchedResource. This includes > > > > > directory="logs" prefix="localhost_log." suffix=".txt" > > timestamp="true"/> > > Your config is extremely suspect, since 5.5 does not have any > elements. Given that lots of config items have changed both syntax and > semantics compared with older Tomcat levels, you may need to start from > scratch with a clean 5.5 (or 6.0) installation, and update the newer Tomcat > one step at a time. Do not blindly copy anything from an older version - > read the doc and update the newer config appropriately. > > > I have the context.xml file in my webapps/xxx/WEB-INF/classes/META-INF > > That's another major error; the location should be > webapps/xxx/META-INF/context.xml. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Headstart on "Resolving OOM-PermGen errors on webapp reload"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 4/22/2009 12:16 PM, Caldarale, Charles R wrote: >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Subject: Re: Headstart on "Resolving OOM-PermGen errors on webapp >> reload" >> >> It's also a shame that the values for -Xmx aren't shown > > It is - it's the MaxHeapSize under Heap Configuration. > > The odd thing in your report is MaxNewSize, which is clearly out of > whack; not sure at this point where that comes from. I'm using: java version "1.5.0_13" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_13-b05) Java HotSpot(TM) Client VM (build 1.5.0_13-b05, mixed mode) and the heap configuration, again, for reference is: Heap Configuration: MinHeapFreeRatio = 40 MaxHeapFreeRatio = 70 MaxHeapSize = 67108864 (64.0MB) NewSize = 655360 (0.625MB) MaxNewSize = 4294901760 (4095.9375MB) OldSize = 1441792 (1.375MB) NewRatio = 12 SurvivorRatio= 8 PermSize = 8388608 (8.0MB) MaxPermSize = 67108864 (64.0MB) Does that mean that, technically speaking, PermGen is allowed to grow to take over the whole heap? Clearly, that isn't technically possible (because the other heap sections will be non-zero) but it seems weird that the max permgen is the same as the max heap. I wonder if MaxNewSize is set to be the process max memory (4GB... or just shy of that). That would be a *very* big NewSize. Odd that the NewSize can exceed the maximum heap. You *did* say it was unnecessarily complicated ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknva54ACgkQ9CaO5/Lv0PCwOwCglqyVZQVgBpbDMuKtTo77aQ7T mNYAn2yb4DO7tq1pQuJ+a/iB4myz66fL =hLg9 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A sample workers.properties file
André Warnier wrote: Jonathan Mast wrote: The Tomcat-Connector docs say that the source dist contains a sample workers.properties file, but neither Tomcat 6 nor Httpd 2.2 src archives contain such a file. But the mod_jk connector download does, I am quite sure. You /have/ downloaded the connector also, I presume ? http://tomcat.apache.org/download-connectors.cgi and "binary releases". - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A sample workers.properties file
ok, i'll look, the docs don't explicitly say what source package the sample is in. thanks On Wed, Apr 22, 2009 at 2:48 PM, André Warnier wrote: > Jonathan Mast wrote: > >> The Tomcat-Connector docs say that the source dist contains a sample >> workers.properties file, but neither Tomcat 6 nor Httpd 2.2 src archives >> contain such a file. >> >> But the mod_jk connector download does, I am quite sure. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: A sample workers.properties file
Jonathan Mast wrote: The Tomcat-Connector docs say that the source dist contains a sample workers.properties file, but neither Tomcat 6 nor Httpd 2.2 src archives contain such a file. But the mod_jk connector download does, I am quite sure. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Security and Struts
Mighty Tornado wrote: I think the following might be a problem. When I access the application I get this error in the browser:Firefox can't establish a connection to the server at localhost:8443 But did you not ask for this ? CONFIDENTIAL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Security and Struts
On Wed, Apr 22, 2009 at 11:43 AM, Mighty Tornado wrote: > How can I make the request to port 8443 actually succeed? Configure an https Connector. -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Security and Struts
> From: Mighty Tornado [mailto:mighty.torn...@gmail.com] > Subject: Re: Tomcat Security and Struts > > Firefox can't establish a connection to the > server at localhost:8443 You need to define a secure for port 8443. > But Tomcat is supposed to listen on port 8080 You can't run both HTTP and HTTPS on the same port. Since you specified a of CONFIDENTIAL, you're requiring use of HTTPS. Your HTTP is likely configured to forward secure requests to 8443. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Security and Struts
How can I make the request to port 8443 actually succeed? On Wed, Apr 22, 2009 at 2:40 PM, Hassan Schroeder < hassan.schroe...@gmail.com> wrote: > On Wed, Apr 22, 2009 at 11:16 AM, Mighty Tornado > wrote: > > I think the following might be a problem. When I access the application I > > get this error in the browser:Firefox can't establish a connection to the > > server at localhost:8443 > > > > But Tomcat is supposed to listen on port 8080 - and it has been for my > app, > > until I put in the security feature. > > > > any way around this? > > Er, "way around"? You're *telling* it to use an SSL connection: > > > CONFIDENTIAL > > > If you don't want it to, don't do that. Pretty simple, really. :-) > > -- > Hassan Schroeder hassan.schroe...@gmail.com > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat Security and Struts
On Wed, Apr 22, 2009 at 11:16 AM, Mighty Tornado wrote: > I think the following might be a problem. When I access the application I > get this error in the browser:Firefox can't establish a connection to the > server at localhost:8443 > > But Tomcat is supposed to listen on port 8080 - and it has been for my app, > until I put in the security feature. > > any way around this? Er, "way around"? You're *telling* it to use an SSL connection: CONFIDENTIAL If you don't want it to, don't do that. Pretty simple, really. :-) -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
A sample workers.properties file
The Tomcat-Connector docs say that the source dist contains a sample workers.properties file, but neither Tomcat 6 nor Httpd 2.2 src archives contain such a file. Could someone please post a sample workers.properties file for the aforementioned Tomcat and Httdp versions? Thanks
Re: Tomcat Security and Struts
I think the following might be a problem. When I access the application I get this error in the browser:Firefox can't establish a connection to the server at localhost:8443 But Tomcat is supposed to listen on port 8080 - and it has been for my app, until I put in the security feature. any way around this? On Wed, Apr 22, 2009 at 1:05 PM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: André Warnier [mailto:a...@ice-sa.com] > > Subject: Re: Tomcat Security and Struts > > > > Maybe this : if the login page itself contains a link to a gif located > > in the same area, trying to load that gif will also hit the > > authentication bit, and trigger another login page, before the first > > even finishes displaying ? > > Of course; I was thinking basic authentication, not form. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: Headstart on "Resolving OOM-PermGen errors on webapp reload"
I don't doubt that jmap/jhat would be able to give you more detailed information. My exact goal was to come up with something for automated testing that would help prevent classloader leaks from making it into production. If someone can think of a programmatic way to do that with jmap/jhat, please share! Mark -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Wednesday, April 22, 2009 10:30 AM To: Tomcat Users List Subject: RE: Headstart on "Resolving OOM-PermGen errors on webapp reload" > From: mark_desp...@mcafee.com [mailto:mark_desp...@mcafee.com] > Subject: RE: Headstart on "Resolving OOM-PermGen errors on webapp > reload" > > Yeah, Insane just using reflection and a graph traversal algorithm to > get the job done. It looks like this is implemented by > org.netbeans.insane.impl.InsaneEngine. Other than being programmable for automated testing purposes, does this provide any more or different information than a jmap/jhat combo? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Headstart on "Resolving OOM-PermGen errors on webapp reload"
> From: mark_desp...@mcafee.com [mailto:mark_desp...@mcafee.com] > Subject: RE: Headstart on "Resolving OOM-PermGen errors on webapp > reload" > > Yeah, Insane just using reflection and a graph traversal algorithm to > get the job done. It looks like this is implemented by > org.netbeans.insane.impl.InsaneEngine. Other than being programmable for automated testing purposes, does this provide any more or different information than a jmap/jhat combo? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Headstart on "Resolving OOM-PermGen errors on webapp reload"
Yeah, Insane just using reflection and a graph traversal algorithm to get the job done. It looks like this is implemented by org.netbeans.insane.impl.InsaneEngine. Oh, and I found my copy of the Insane source. The third argument to ScannerUtils.scan() should be true since that is what signals to InsaneEngine that static fields should be traversed during the heap walk. ~Mark -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, April 22, 2009 9:05 AM To: Tomcat Users List Subject: Re: Headstart on "Resolving OOM-PermGen errors on webapp reload" -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 4/21/2009 10:27 PM, mark_desp...@mcafee.com wrote: > Ok, so my wife actually wrote a couple of month ago in Japanese about > using strategy for leveraging the Insane library and a continuous > integration server in order to prevent webapp classloader leakage > issues from creeping in. I'll definitely take a look at this (in English -- tell her thanks!). > With this in place, you can then setup your test environment to > exercise a given webapp, shut it down, and then invoke your > ScannerUtils code to see if that the webapp's classloader is still > hanging around. This is super sexy! What a nice job. I'll have to read-up on the Insane library, but my suspicion is that you probably don't really need it... all the RTTI information is available from the objects themselves, and the code should be relatively simple just tons and tons of loops and recursive calls. > A word of warning... this is a very heavy weight operation. Heh, you think? That's why this type of testing should be done in development and not in production ; - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvQCkACgkQ9CaO5/Lv0PC5OwCeONLPIu7BAaBiwGhEbuYm4caf d/4An2TpoymWDAi2/o4fi/sRwNpqxROy =sL8m -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: form based authentication
> From: Jill Han [mailto:jill@alverno.edu] > Subject: RE: form based authentication > > However, this makes authentication activated only once although the > applications have different realms. To quote from the SSO doc: "All web applications configured for this virtual host must share the same Realm." http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On Can you separate the various s by ? Or are you stuck with a single ? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Tomcat Security and Struts
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: Tomcat Security and Struts > > Maybe this : if the login page itself contains a link to a gif located > in the same area, trying to load that gif will also hit the > authentication bit, and trigger another login page, before the first > even finishes displaying ? Of course; I was thinking basic authentication, not form. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: form based authentication
Thanks, I commented off SingleSignOn as instructed on the link. ... ... However, this makes authentication activated only once although the applications have different realms. For example, App1 and app2 have the same realm in web.xml, I just need to login once which is what I want to see. however app3 has different realm in web.xml. when I change the url from app1 to app3, it didn't trigger the login page and allowed me in. is there anything else missing? Jill -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, April 22, 2009 11:11 AM To: Tomcat Users List Subject: Re: form based authentication -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jill, On 4/22/2009 10:46 AM, Jill Han wrote: > I tried to use form based authentication with JNDIRealm. What I want to > accomplish is to have the two applications with the same realm be > authenticated once. It seems the tomcat ignored the realm. I have to > login twice. You're looking for SSI (Single Sign-On): http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvQXYACgkQ9CaO5/Lv0PCwYgCdE1SF1t1FR4NLwZ+VqcHWftQl XE0AoLwID8h7EN052aW0eS2ifmSfeOBN =Nkum -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Security and Struts
Caldarale, Charles R wrote: From: Mikolaj Rydzewski [mailto:m...@ceti.pl] Subject: Re: Tomcat Security and Struts Mark Thomas wrote: /* will protect everything. If your login page uses any external assets (images, stylesheets, etc), it will become corrupted (assets won't load). Care to explain that? The above construct seems to work fine for our static resources. Maybe this : if the login page itself contains a link to a gif located in the same area, trying to load that gif will also hit the authentication bit, and trigger another login page, before the first even finishes displaying ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk, not sure if an issue
Hi. As (maybe) part of another issue which I am still trying to track down with the concerned network people (client write errors, Sample 2 below), I find the following kind of messages regularly in the mod_jk logfile (Sample 1). I just want to know if this indicates a problem somewhere, or if these are normal occurrences. These [info] messages do not always come as often as shown below, but seem to come with some regularity nevertheless. Basically, my question is whether this indicates that there might be a discrepancy between front-end and back(-)end or something of the kind, or if there is some other parameter to adjust to make these go away. Apache 2.x prefork MPM mod_jk 1.2.27 Tomcat 5.5.x under RHEL, single host JkLogLevel info and worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 # new options since 1.2.27 : worker.ajp13.ping_mode=A (single worker, no load balancing) back-end Connector : maxThreads="150" minSpareThreads="25" maxSpareThreads="100" backlog="100" /> Sample 1 : [Tue Apr 21 13:34:59 2009] GET /myapp/normen/servlet.myapp 200 0.007701 4897 [Tue Apr 21 13:34:59 2009] GET /myapp/normen/servlet.myapp 200 0.004344 1457 [Tue Apr 21 13:34:59 2009] GET /myapp/normen/servlet.myapp 200 0.101926 1945 [Tue Apr 21 13:34:59 2009] GET /myapp/normen/servlet.myapp 200 0.322939 296975 [Tue Apr 21 13:35:14 2009] POST /myapp/normen/servlet.myapp 200 0.032625 1576 [Tue Apr 21 13:35:14 2009] GET /myapp/normen/servlet.myapp 200 0.003084 4176 [Tue Apr 21 13:35:14 2009] [18753:2537034048] [info] ajp_connection_tcp_send_message::jk_ajp_common.c (1064): sendfull for socket 16 returned -32 (errno=32) [Tue Apr 21 13:35:14 2009] [18753:2537034048] [info] ajp_handle_cping_cpong::jk_ajp_common.c (855): can't send cping query [Tue Apr 21 13:35:14 2009] [18753:2537034048] [info] ajp_maintain::jk_ajp_common.c (3046): (ajp13) failed sending request, socket -1 keepalive cping/cpong failure (errno=32) [Tue Apr 21 13:35:14 2009] GET /myapp/normen/servlet.myapp 200 0.010538 1366 [Tue Apr 21 13:35:14 2009] GET /myapp/normen/servlet.myapp 200 0.002768 2507 [Tue Apr 21 13:35:14 2009] GET /myapp/normen/servlet.myapp 200 0.002658 1999 [Tue Apr 21 13:35:17 2009] POST /myapp/normen/servlet.myapp 200 0.060688 21560 [Tue Apr 21 13:35:19 2009] POST /myapp/normen/servlet.myapp 200 0.017692 23635 [Tue Apr 21 13:35:22 2009] POST /myapp/normen/servlet.myapp 200 1.032645 21400 [Tue Apr 21 13:35:34 2009] [30410:2537034048] [info] ajp_connection_tcp_send_message::jk_ajp_common.c (1064): sendfull for socket 16 returned -32 (errno=32) [Tue Apr 21 13:35:34 2009] [30410:2537034048] [info] ajp_handle_cping_cpong::jk_ajp_common.c (855): can't send cping query [Tue Apr 21 13:35:34 2009] [30410:2537034048] [info] ajp_maintain::jk_ajp_common.c (3046): (ajp13) failed sending request, socket -1 keepalive cping/cpong failure (errno=32) [Tue Apr 21 13:35:34 2009] POST /myapp/normen/servlet.myapp 200 0.071825 20753 [Tue Apr 21 13:35:36 2009] POST /myapp/normen/servlet.myapp 200 0.115782 14137 [Tue Apr 21 13:35:56 2009] [30413:2537034048] [info] ajp_connection_tcp_send_message::jk_ajp_common.c (1064): sendfull for socket 1 returned -32 (errno=32) [Tue Apr 21 13:35:56 2009] [30413:2537034048] [info] ajp_handle_cping_cpong::jk_ajp_common.c (855): can't send cping query [Tue Apr 21 13:35:56 2009] [30413:2537034048] [info] ajp_maintain::jk_ajp_common.c (3046): (ajp13) failed sending request, socket -1 keepalive cping/cpong failure (errno=32) [Tue Apr 21 13:35:56 2009] POST /myapp/normen/servlet.myapp 200 0.040233 20753 [Tue Apr 21 13:35:57 2009] [29827:2537034048] [info] ajp_connection_tcp_send_message::jk_ajp_common.c (1064): sendfull for socket 16 returned -32 (errno=32) [Tue Apr 21 13:35:57 2009] [29827:2537034048] [info] ajp_handle_cping_cpong::jk_ajp_common.c (855): can't send cping query [Tue Apr 21 13:35:57 2009] [29827:2537034048] [info] ajp_maintain::jk_ajp_common.c (3046): (ajp13) failed sending request, socket -1 keepalive cping/cpong failure (errno=32) [Tue Apr 21 13:35:57 2009] POST /myapp/normen/servlet.myapp 200 0.036396 12264 [Tue Apr 21 13:36:36 2009] GET /myapp/normen/servlet.myapp 200 0.292587 1409 [Tue Apr 21 13:36:36 2009] GET /myapp/normen/servlet.myapp 200 0.010833 6729 [Tue Apr 21 13:36:36 2009] GET /myapp/normen/servlet.myapp 200 0.015750 3484 [Tue Apr 21 13:36:36 2009] GET /myapp/normen/servlet.myapp 200 0.032983 2915 Sample 2 : (for illustration of the other issue only) [Tue Apr 21 13:15:32 2009] GET /myapp/normen/servlet.myapp 200 0.016737 6729 [Tue Apr 21 13:15:32 2009] GET /myapp/normen/servlet.myapp 200 0.019133 3484 [Tue Apr 21 13:15:32 2009] GET /myapp/normen/servlet.myapp 200 0.010458 2915 [Tue Apr 21 13:15:32 2009] GET /myapp/normen/servlet.myapp 200 0.112756 18897 [Tue Apr 21 13:15:44 2009] [29831:2537034048] [info] ajp_connection_tcp_send_message::jk_ajp_common.c (1064): sendfull for socket 1 returned -32 (errno=32) [Tue Apr
RE: Headstart on "Resolving OOM-PermGen errors on webapp reload"
> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Subject: Re: Headstart on "Resolving OOM-PermGen errors on webapp > reload" > > It's also a shame that the values for -Xmx aren't shown It is - it's the MaxHeapSize under Heap Configuration. The odd thing in your report is MaxNewSize, which is clearly out of whack; not sure at this point where that comes from. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Tomcat Security and Struts
> From: Mikolaj Rydzewski [mailto:m...@ceti.pl] > Subject: Re: Tomcat Security and Struts > > Mark Thomas wrote: > > /* will protect everything. > > > If your login page uses any external assets (images, stylesheets, > etc), it will become corrupted (assets won't load). Care to explain that? The above construct seems to work fine for our static resources. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: form based authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jill, On 4/22/2009 10:46 AM, Jill Han wrote: > I tried to use form based authentication with JNDIRealm. What I want to > accomplish is to have the two applications with the same realm be > authenticated once. It seems the tomcat ignored the realm. I have to > login twice. You're looking for SSI (Single Sign-On): http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvQXYACgkQ9CaO5/Lv0PCwYgCdE1SF1t1FR4NLwZ+VqcHWftQl XE0AoLwID8h7EN052aW0eS2ifmSfeOBN =Nkum -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Security and Struts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mikolaj, On 4/22/2009 9:58 AM, Mikolaj Rydzewski wrote: > Mighty Tornado wrote: > I'm not sure if login page will work if it is located under WEB-INF > directory. Of course it will. There's nothing special about the WEB-INF directory that would prevent it from working. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvQKEACgkQ9CaO5/Lv0PCZ+ACgibpOwt8pKTsKZ0uVIqcRA3O+ yVAAn0BoEp255y/eXE3owWSWNRhs/s52 =Er+e -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Headstart on "Resolving OOM-PermGen errors on webapp reload"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 4/21/2009 10:27 PM, mark_desp...@mcafee.com wrote: > Ok, so my wife actually wrote a couple of month ago in Japanese about > using strategy for leveraging the Insane library and a continuous > integration server in order to prevent webapp classloader leakage > issues from creeping in. I'll definitely take a look at this (in English -- tell her thanks!). > With this in place, you can then setup your test environment to > exercise a given webapp, shut it down, and then invoke your > ScannerUtils code to see if that the webapp's classloader is still > hanging around. This is super sexy! What a nice job. I'll have to read-up on the Insane library, but my suspicion is that you probably don't really need it... all the RTTI information is available from the objects themselves, and the code should be relatively simple just tons and tons of loops and recursive calls. > A word of warning... this is a very heavy weight operation. Heh, you think? That's why this type of testing should be done in development and not in production ; - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvQCkACgkQ9CaO5/Lv0PC5OwCeONLPIu7BAaBiwGhEbuYm4caf d/4An2TpoymWDAi2/o4fi/sRwNpqxROy =sL8m -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: R: Apache / Tomcat Load Balanced mode
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: R: Apache / Tomcat Load Balanced mode > > Do you mean that the can be inserted at the context.xml level, > rather than inside the ? Yes. I had made the opposite assumption to Mark T, in that I thought admin was part of the ROOT context. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Headstart on "Resolving OOM-PermGen errors on webapp reload"
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 4/21/2009 8:48 PM, Caldarale, Charles R wrote: > It's really 64 MB, of which 32.5 MB is available for allocation. The > 8 MB is the initial amount available for allocation. (If this sounds > unnecessarily complicated, that's only because it is, with emphasis > on the unnecessarily.) Gotcha. I thought the "heap configuration" was the current config, but it's the initial configuration. That information is ... not particularly useful. It's too bad they don't have a summary of the /current/ heap configuration anywhere. You have to read the details (which, I admit, isn't that bad). It's also a shame that the values for -Xmx aren't shown, so you'd know how big your heap could get. I'm not assigning any specific values, so I'm getting the default for my jvm/client/physical memory size, which I won't know unless I query the Runtime object. >> I'd love some help interpreting the heap info I see above. > > Anything in particular? Just what you already did. Thanks! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvP24ACgkQ9CaO5/Lv0PCMMwCgmOXyyB9idWxQfDUMyPEQMo2D dpMAoJQbj/YNaveHL67y2S7XZPYILTxR =FABQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: R: Apache / Tomcat Load Balanced mode
André Warnier wrote: > Mark Thomas wrote: >> André Warnier wrote: >>> Mark Thomas wrote: >> I'd assumed that admin was a separate context and therefore could have a >> valve applied. If not, just do it in httpd. >> > Do you mean that the can be inserted at the context.xml level, > rather than inside the ? Yes. Valves are valid at Engine, Host and Context level. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with maximum threads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anand, On 4/22/2009 1:35 AM, connossieur wrote: > This is my Server.xml Note you have two connectors defined: >maxThreads="70" minSpareThreads="20"/> > port="80" protocol="HTTP/1.1" > connectionTimeout="2000" > redirectPort="8443" /> This connector uses the tomcatThreadPool executor which will use threads with names starting with "catalina-exec-". > > This Connector uses its own thread management, and defaults to 200 max threads (http://tomcat.apache.org/tomcat-6.0-doc/connectors.html). If you want the AJP connector to share the 70 threads configured above, you need to set the "executor" attribute on this as well. > Do you think this has a problem? I'll try to upload the thread Dump to my > website and send a link. If you have 1000 threads running in your java process, than either Tomcat has a *huge* bug (unlikely) or your application is going crazy. A thread dump will help diagnose. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAknvPjkACgkQ9CaO5/Lv0PAJcgCgiIHZ8SA7u+XvAC+31WYUi3Yp 5igAn2jlq0AXnM7jeVBAF8lWMkTVskjY =CUNy -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: R: Apache / Tomcat Load Balanced mode
Mark Thomas wrote: André Warnier wrote: Mark Thomas wrote: Caldarale, Charles R wrote: From: Karthik Nanjangude [mailto:karthik.nanjang...@xius-bcgi.com] Subject: RE: R: Apache / Tomcat Load Balanced mode But the intension for doing the same is NOT to expose the "/admin/*" to INTERNET and reply with ERROR 404 for the same, But in case of INTRANET usage access for "/admin/*" should be provided Write a filter that rejects requests for /admin or /admin/* when the request arrives from a non-intranet address. http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html Remote Address Filter or Remote Host Filter Wait, does that not block *all* accesses to that host ? I'd assumed that admin was a separate context and therefore could have a valve applied. If not, just do it in httpd. Do you mean that the can be inserted at the context.xml level, rather than inside the ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat does not shut down
> From: Matthew Chambers [mailto:chamb...@imageworks.com] > Subject: Tomcat does not shut down > > Any tips that I can use to figure out what the server is doing or help > it shut down quicker would be great. And a thread dump shows ...? Use jstack to get one, if needed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: R: Apache / Tomcat Load Balanced mode
André Warnier wrote: > Mark Thomas wrote: >> Caldarale, Charles R wrote: From: Karthik Nanjangude [mailto:karthik.nanjang...@xius-bcgi.com] Subject: RE: R: Apache / Tomcat Load Balanced mode But the intension for doing the same is NOT to expose the "/admin/*" to INTERNET and reply with ERROR 404 for the same, But in case of INTRANET usage access for "/admin/*" should be provided >>> Write a filter that rejects requests for /admin or /admin/* when the >>> request arrives from a non-intranet address. >> >> http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html >> Remote Address Filter or Remote Host Filter >> > Wait, does that not block *all* accesses to that host ? I'd assumed that admin was a separate context and therefore could have a valve applied. If not, just do it in httpd. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: R: Apache / Tomcat Load Balanced mode
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: R: Apache / Tomcat Load Balanced mode > > > http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html > > Remote Address Filter or Remote Host Filter > > > Wait, does that not block *all* accesses to that host ? Yes, which is why I suggested a filter, which could be configured for just "/admin/*". I'm not aware of any means of configuring valves for specific URL patterns. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: R: Apache / Tomcat Load Balanced mode
Mark Thomas wrote: Caldarale, Charles R wrote: From: Karthik Nanjangude [mailto:karthik.nanjang...@xius-bcgi.com] Subject: RE: R: Apache / Tomcat Load Balanced mode But the intension for doing the same is NOT to expose the "/admin/*" to INTERNET and reply with ERROR 404 for the same, But in case of INTRANET usage access for "/admin/*" should be provided Write a filter that rejects requests for /admin or /admin/* when the request arrives from a non-intranet address. http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html Remote Address Filter or Remote Host Filter Wait, does that not block *all* accesses to that host ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat does not shut down
Hey guys. Just recently, I've started to have this problem with Tomcat not shutting down if the server has handled lots of traffic. Our test servers, which have very small amount of traffic, shut down fine. I have to manually kill the Tomcat process. If I run it in the foreground, ctr-c hangs forever. We're using Tomcat 6.0.18. The main components of our web application is Spring 2.5, Oracle 10, and Ice. Any tips that I can use to figure out what the server is doing or help it shut down quicker would be great. Thanks -Matt - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Security and Struts
Mark Thomas wrote: /* will protect everything. If your login page uses any external assets (images, stylesheets, etc), it will become corrupted (assets won't load). -- Mikolaj Rydzewski - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
form based authentication
I tried to use form based authentication with JNDIRealm. What I want to accomplish is to have the two applications with the same realm be authenticated once. It seems the tomcat ignored the realm. I have to login twice. For example: when I login to http://localhost:8080/app1 successfully, then change the url to http://localhost:8080/app2, the login page will be prompted again. I hope I describe my issue clearly. Here is the snippet of web.xml for the app1 and app2 .. FORM FACRES /login.jsp /error.html CN=FacultyStaff,OU=Groups,OU=EMP,DC=AC .. Here is the login.jsp Login Page Your help will be appreciated very much as always. Jill
Re: Tomcat Security and Struts
You are right: I just fixed this mistake - added member into my web.xml However, when I try to access my URL the browser gives me the following message: Data Transfer Interrupted On Wed, Apr 22, 2009 at 10:26 AM, Caldarale, Charles R < chuck.caldar...@unisys.com> wrote: > > From: Mighty Tornado [mailto:mighty.torn...@gmail.com] > > Subject: Tomcat Security and Struts > > > > I am trying to make sure my app requires a login. So I configured the > > following in my deployment descriptor: > > > > > > > >admin > >*.do > >POST > > > > > >member > > > > > >CONFIDENTIAL > > > > > > > >FORM > > > >/WEB-INF/JSP/login.jsp > >/WEB-INF/JSP/loginError.jsp > > > > > > Where is your section? > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: Undeploy does not delete all .jar files
> From: JT [mailto:jltoo...@gmail.com] > Subject: Re: Undeploy does not delete all .jar files > > I took everything out of my conf/context.xml file except for > WatchedResource. This includes > > directory="logs" prefix="localhost_log." suffix=".txt" > timestamp="true"/> Your config is extremely suspect, since 5.5 does not have any elements. Given that lots of config items have changed both syntax and semantics compared with older Tomcat levels, you may need to start from scratch with a clean 5.5 (or 6.0) installation, and update the newer Tomcat one step at a time. Do not blindly copy anything from an older version - read the doc and update the newer config appropriately. > I have the context.xml file in my webapps/xxx/WEB-INF/classes/META-INF That's another major error; the location should be webapps/xxx/META-INF/context.xml. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Security and Struts
> From: Mighty Tornado [mailto:mighty.torn...@gmail.com] > Subject: Tomcat Security and Struts > > I am trying to make sure my app requires a login. So I configured the > following in my deployment descriptor: > > > >admin >*.do >POST > > >member > > >CONFIDENTIAL > > > >FORM > >/WEB-INF/JSP/login.jsp >/WEB-INF/JSP/loginError.jsp > > Where is your section? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Undeploy does not delete all .jar files
I took everything out of my conf/context.xml file except for WatchedResource. This includes I have the context.xml file in my webapps/xxx/WEB-INF/classes/META-INF I deleted the xxx directory under webapps, everything under the work directory, restarted tomcat, dropped the new xxx.war file in webapps. New xxx directory appears with the context.xml in the above location. I go to the manager website and select undeploy and still the same .jars under xxx/WEB-INF/lib. JT On Tue, Apr 21, 2009 at 5:29 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > JT, > > On 4/21/2009 4:35 PM, JT wrote: > > That didn't work either. This is what I did. > > > > I put back what I had in the conf/context.xml file. I still had the path > > and docBase > > Yeah, that's still a problem. Here's what your conf/context.xml should > look like (minus standard comments). > > >WEB-INF/web.xml > > > Adding the "path" and "docBase" attributes will break pretty much > everything, either now or later. Please take them out whether you > understand or not. > > > > > That's good. > > > That's all that i have in that file. I deleted everything under work and > > there was not a file in conf/Catalina/localhost/test.xml. There was only > > host-manager.xml and manger.xml. Then I restarted Tomcat and added the > new > > .war file to webapps and that created a new directory, but still it would > > not undeploy correctly. > > Make the above changes and try again. It still might not fix your issue, > but putting docBase and path into your like this will lead to > lots of troubles. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAknuOtIACgkQ9CaO5/Lv0PBMiQCfbZwsVXgPtK3LPx6zRoRjGZBd > YbUAn1KerwAaNg9zBH7AhFSH8dRdJPZJ > =tivY > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat Security and Struts
Mighty Tornado wrote: > Tomcat 6Struts 1.3 > OS: MacOS X - Leopard > > Hi, > > I am trying to make sure my app requires a login. So I configured the >*.do /* will protect everything. >POST This only protects the POST method. GETs will not be restricted. I'd remove this line. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: R: Apache / Tomcat Load Balanced mode
Caldarale, Charles R wrote: >> From: Karthik Nanjangude [mailto:karthik.nanjang...@xius-bcgi.com] >> Subject: RE: R: Apache / Tomcat Load Balanced mode >> >> But the intension for doing the same is NOT to expose the "/admin/*" >> to INTERNET and reply with ERROR 404 for the same, >> >> But in case of INTRANET usage access for "/admin/*" should be provided > > Write a filter that rejects requests for /admin or /admin/* when the request > arrives from a non-intranet address. http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html Remote Address Filter or Remote Host Filter Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Security and Struts
Mighty Tornado wrote: POST Why do you want to restrict access only to requests with POST method? I usually do not use http-method element. /WEB-INF/JSP/login.jsp I'm not sure if login page will work if it is located under WEB-INF directory. -- Mikolaj Rydzewski - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: R: Apache / Tomcat Load Balanced mode
> From: Karthik Nanjangude [mailto:karthik.nanjang...@xius-bcgi.com] > Subject: RE: R: Apache / Tomcat Load Balanced mode > > But the intension for doing the same is NOT to expose the "/admin/*" > to INTERNET and reply with ERROR 404 for the same, > > But in case of INTRANET usage access for "/admin/*" should be provided Write a filter that rejects requests for /admin or /admin/* when the request arrives from a non-intranet address. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Security and Struts
Tomcat 6Struts 1.3 OS: MacOS X - Leopard Hi, I am trying to make sure my app requires a login. So I configured the following in my deployment descriptor: admin *.do POST member CONFIDENTIAL FORM /WEB-INF/JSP/login.jsp /WEB-INF/JSP/loginError.jsp However, when I follow the links in my app the login page doesn't come in. Any ideas as to what I am doing wrong? Thanks.
RE: R: Apache / Tomcat Load Balanced mode
Hi Thx for the reply >> restrict based on roles so in /conf/tomcat-users.xml By using the AAA Realm, UserId / Passwd would be definitely an usage , But the intension for doing the same is NOT to expose the "/admin/*" to INTERNET and reply with ERROR 404 for the same, But in case of INTRANET usage access for "/admin/*" should be provided Note:- The admin also has a set of Log-in credentials as similar to normal "non admin" case, So using realm would double up the process un-necessarily. Please appreciate this process for more ideas ! With regards Karthik -Original Message- From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Tuesday, April 21, 2009 8:10 PM To: Tomcat Users List Subject: RE: R: Apache / Tomcat Load Balanced mode you can restrict based on roles so in /conf/tomcat-users.xml you can define username fubar to role 'newrole' then in WebAppName/WEB/INF/web.xml HTMLManger and Manager command /admin/* newrole newrole any access to YourWebAppName/admin are enabled only to role='newrole' Martin __ Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > From: karthik.nanjang...@xius-bcgi.com > To: users@tomcat.apache.org > Date: Tue, 21 Apr 2009 18:19:42 +0530 > Subject: RE: R: Apache / Tomcat Load Balanced mode > > Hi > > Thx for the same > > Web application would be installed on 3 nodes of Tomcat below the single load > balancer of Apache http 2.x server > > >> "www.acme.com" being exposed to INTERNET > >> > >> "www.acme.com/admin"being exposed to INTRANET > > > > We would like to block the "/admin" from the INTERNET access > If some body uses "/admin" the response should be blocked > > If the same "/admin" is to be used within the INTRANET local access > We should be able to display the credentials > > > How To achieve the same ? > > > With regards > karthik > > > > > > > > -Original Message- > From: Rainer Jung [mailto:rainer.j...@kippdata.de] > Sent: Tuesday, April 21, 2009 12:51 PM > To: Tomcat Users List > Subject: Re: R: Apache / Tomcat Load Balanced mode > > On 21.04.2009 09:06, Leandro Dardini wrote: > > > > > >> -Messaggio originale- Da: Karthik Nanjangude > >> [mailto:karthik.nanjang...@xius-bcgi.com] Inviato: martedì 21 > >> aprile 2009 7.34 A: Tomcat Users List Oggetto: Apache / Tomcat Load > >> Balanced mode > >> > >> Hi > >> > >> Would the same work with Apache / Tomcat Load Balanced mode > >> > >> Configuration for single installation of the web application > >> "acme" > >> > >> > >> "www.acme.com" being exposed to INTERNET > >> > >> "www.acme.com/admin"being exposed to INTRANET > >> > >> > >> Reason : The application uses a single DB to request of orders > >> (from Subscribers) and same URL with *admin* would process the > >> orders ( Internal Employees) and should not be exposed to outside > >> world. > >> > >> > >> Is there any Configuration with in Apache or Tomcat to achieve the > >> same? > >> > >> > >> > >> With regards Karthik > >> > >> > > > > Maybe I don't understand your question, but to me there is no > > difference in configuring access in Load Balanced or not Load > > Balanced mode. > > > > As regarding the admin section, you can filter it using apache access > > control. > > I agree, load balancing seems to be not related to the question. > > One first decision would be, whether you are able to deploy your > application twice, once as the ROOT context and once as admin. Then > everything will become obvious. > > If you only want to deploy it once, e.g. a
Re: Fun with the JVM crashing.
Christopher Schultz-2 wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Chuck, > > Caldarale, Charles R wrote: >>> From: Bill Davidson [mailto:bill...@gmail.com] >>> Subject: Fun with the JVM crashing. >> >>> I'm thinking that the JVM shouldn't be getting SIGSEGV's. >> >> You're right about that. However, it could also be an OS or hardware >> problem. You might want to run some serious memory tests on the box, >> just to eliminate the latter. > > +100! > > What is the architecture? Do you have physical access? If it's x86 and > you do have physical access, 100% you should run memtest86+ against it. > Let it run all night. > > If it's a production server, replace it with one you trust and then > figure out what the problem is with the old box. > > We had 6 app servers at [bloated CA name removed to protect the guilty] > in production and 2 of them were giving us SIG11's. The solution was to > throw them out and replace them with 2 new ones. One of those sucked, > too, so we had to play server-roulette again before we got all 6 good > ones. > > Good luck, > - -chris > > > We had a similar problem. After running fine for a couple of years, Tomcat on one of our servers started to die every 2 or so hours with the dreaded SIGSEGV (0xb) errors. Since the identical versions of java as well as tomcat were running on our other machines and they had no problems, it would seem to point to a hardware problem on the crashing server. We had our hosting company swap the memory out of that machine and it looks good so far. -- View this message in context: http://www.nabble.com/Fun-with-the-JVM-crashing.-tp21865004p23175427.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: GlobalNamingResources outside of server.xml
> From: André Warnier [mailto:a...@ice-sa.com] > Subject: Re: GlobalNamingResources outside of server.xml > > In this webapp, are some servlets that I get from third-parties, and > which need installation-specific settings in the web.xml deployment > descriptor, settings which are present as and > . Rather than having those parameters in WEB-INF/web.xml, put them in a separately distributed element as nested elements. Have the customer place this element in conf/Catalina/[host]/[appName].xml at deployment time; this will avoid having to modify the .war file. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problem with maximum threads
> From: connossieur [mailto:anand.b...@aricent.com] > Subject: Re: Problem with maximum threads > > I realize that my Server.xml is not being used by the Tomcat engine. I hope you also realize the file name must be server.xml, not Server.xml (case matters). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat 503 errors
On Tue, Apr 21, 2009 at 6:49 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > > mod_proxy_ajp is included in httpd, and there have been /lots/ of > improvements since 2.2.2. Since you can't upgrade, would you consider > switching to using mod_jk, which is available independently? The > configuration is a bit more involved, but you may get better results. Thanks Chris, I'll look into it. -- Daryl Stultz _ 6 Degrees Software and Consulting, Inc. http://www.6degrees.com mailto:da...@6degrees.com
RE: Problem with maximum threads
Anand- the suggestion of look elsewhere was a red herring the problem is your Executor takes thread assignments e.g. then Connector is assigned the Executor threadpool Martin __ Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung / Note de déni et de confidentialité This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Wed, 22 Apr 2009 12:15:22 +0100 > From: p...@pidster.com > To: users@tomcat.apache.org > Subject: Re: Problem with maximum threads > > why not start by creating a backup copy of your server.xml, and then > removing all of the commented out config. > > it'll be easier to see what's going on that way... > > p > > > > connossieur wrote: > > I realize that my Server.xml is not being used by the Tomcat engine. I mean > > the Connector part. > > Should I make any modifications anywhere? > > > > And I regret for the last repeated mails. It was sent by mistake. > > -Anand > > > > connossieur wrote: > >> Christopher, > >> > >> This is my Server.xml > >> > >> > >> > >> > >>>> SSLEngine="on" /> > >> > >> > >> > >>>> /> > >>>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> > >> > >> > >> > >> > >> >> type="org.apache.catalina.UserDatabase" > >> description="User database that can be updated and saved" > >> > >> factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > >> pathname="conf/tomcat-users.xml" /> > >> > >> > >> > >> > >> > >> > >> >> maxThreads="70" minSpareThreads="20"/> > >> >> port="80" protocol="HTTP/1.1" > >> connectionTimeout="2000" > >> redirectPort="8443" /> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >>>> resourceName="UserDatabase"/> > >> > >> > >>>> unpackWARs="true" autoDeploy="true" > >> xmlValidation="false" xmlNamespaceAware="false"> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> Do you think this has a problem? I'll try to upload the thread Dump to my > >> website and send a link. > >> > >> Anand > >> > >> > >> Christopher Schultz-2 wrote: > > Stephen, > > > > On 4/21/2009 5:35 PM, Stephen Caine wrote: > > This is the number of threads Tomcat will handle before it errors with > > 'max threads reached. This is on OS X, 64 bit memory. The heap size is > > 2 gigs. > > > > If you know how to increase this number, then please provide the > > information. Others have also noted this limit on OS X in previous > > posts to this list. > > ulimit? > > > > On my Mac OS X 10.4.11, "ulimit -a" reports max user processes (-u > > switch) are set to 256. You could probably increase that by doing: > > > > ulimit -u 1024 > > > > or whatever. If you've reached an upper limit of 2400, it's probably > > because you're reaching a hard limit set up somewhere else. > > > > There's also: > > > > sysctl -w kern.maxprocperuid=1024 (or more?) > > or > > sysctl -w kern.maxproc=1 (or more?) > > > > (My kern.maxproc is currently set to 532 -- what a strange number -- > > while kern.maxprocperuid is currently 266). > > > > You can also set your defaults in /etc/sysctl.conf: > > > > kern.maxproc=1 > > kern.maxprocperuid=5000 > > > > I didn't know any of this before 5 minutes ago. Google is your friend. > > > > -chris > >>> > -
Re: windows 2k3 / Tomcat 6 / IIS configuration - randomlylosing sessions
On 22.04.2009 06:44, Caldarale, Charles R wrote:
>> From: Menachem Husarsky [mailto:husar...@hotmail.com] Subject: Re:
>> Re: windows 2k3 / Tomcat 6 / IIS configuration - randomlylosing
>> sessions
>>
>> Do you have any suggestions for me for how to debug this in a
>> finer more controlled fashion?
>
> Have you implemented an HttpSessionListener to track the comings and
> goings? This, coupled with request/response logging, might at least
> give you a better idea of which is the more likely of the two failure
> scenarios you've considered.
You can also log %{Cookie}i, %{Set-Cookie}o and the actual session id in
your Tomcat access log. You need to activate it and replace the default
pattern "common" by something like e.g.
"%h %l %u %t "%r" %s %b
"%{Cookie}i" "%{Set-Cookie}o" %S %D"
(all on one line)
Regards,
Rainer
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with maximum threads
why not start by creating a backup copy of your server.xml, and then removing all of the commented out config. it'll be easier to see what's going on that way... p connossieur wrote: > I realize that my Server.xml is not being used by the Tomcat engine. I mean > the Connector part. > Should I make any modifications anywhere? > > And I regret for the last repeated mails. It was sent by mistake. > -Anand > > connossieur wrote: >> Christopher, >> >> This is my Server.xml >> >> >> >> >> > SSLEngine="on" /> >> >> >> >> > /> >> > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> >> >> >> >> >> > type="org.apache.catalina.UserDatabase" >> description="User database that can be updated and saved" >> >> factory="org.apache.catalina.users.MemoryUserDatabaseFactory" >> pathname="conf/tomcat-users.xml" /> >> >> >> >> >> >> >> > maxThreads="70" minSpareThreads="20"/> >> > port="80" protocol="HTTP/1.1" >> connectionTimeout="2000" >> redirectPort="8443" /> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > resourceName="UserDatabase"/> >> >> >> > unpackWARs="true" autoDeploy="true" >> xmlValidation="false" xmlNamespaceAware="false"> >> >> >> >> >> >> >> >> >> >> >> >> >> Do you think this has a problem? I'll try to upload the thread Dump to my >> website and send a link. >> >> Anand >> >> >> Christopher Schultz-2 wrote: > Stephen, > > On 4/21/2009 5:35 PM, Stephen Caine wrote: > This is the number of threads Tomcat will handle before it errors with > 'max threads reached. This is on OS X, 64 bit memory. The heap size is > 2 gigs. > > If you know how to increase this number, then please provide the > information. Others have also noted this limit on OS X in previous > posts to this list. > ulimit? > > On my Mac OS X 10.4.11, "ulimit -a" reports max user processes (-u > switch) are set to 256. You could probably increase that by doing: > > ulimit -u 1024 > > or whatever. If you've reached an upper limit of 2400, it's probably > because you're reaching a hard limit set up somewhere else. > > There's also: > > sysctl -w kern.maxprocperuid=1024 (or more?) > or > sysctl -w kern.maxproc=1 (or more?) > > (My kern.maxproc is currently set to 532 -- what a strange number -- > while kern.maxprocperuid is currently 266). > > You can also set your defaults in /etc/sysctl.conf: > > kern.maxproc=1 > kern.maxprocperuid=5000 > > I didn't know any of this before 5 minutes ago. Google is your friend. > > -chris >>> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GlobalNamingResources outside of server.xml
Robert Koberg wrote:
I just finished my first cup of coffee
You must be in a different timezone then. We've had to refill the coffee
machine a couple of times already.
In any case, thank you for your early interest and for your contribution.
and realized I didn't address
having the external def in the conf directory. You probably do not want
to rely on each user having the same directory structure, so you can't
rely on a hard coded absolute or relative path :)
True.
First, let me say I usually put a .properties file in some system
defined directory and configure at app start up.
...
Right. I guess this would be the sensible and Servlet Spec compatible
thing to do in the first place.
Basically, I jumped into this thread because I had a glimpse of a hope
that the scenario outlined by the OP for (I believe) server.xml, might
also be applicable for the following kind of practical case, which has
come up already several times on this list :
I distribute a webapp to customers, as a war file.
In this webapp, are some servlets that I get from third-parties, and
which need installation-specific settings in the web.xml deployment
descriptor, settings which are present as and
. For example, something like
HostToTalkTo
123.123.45.67
Thus, when I send an updated app as a war-file to the customer, this
customer has to unpack the war-file, edit the web.xml according to their
specific values, repack the war-file and deploy it on their server.
This is rather messy and unpractical.
I have thus been wondering if there was some clever way by which,
without changing the way in which these third-party servlets read their
parameters, one could provide a mechanism that would avoid the
unpacking/modifying/repacking cycle.
From what I've read so far, in any case it does not seem simple.
From what I understand, it would be possible using Xinclude, but that
would entail
1) somehow to convince the customer's Tomcat's Xerces parser to be
Xinclude-aware, which to my naive understanding looks complicated to do,
(and may/may not have side-effects ?)
2) one would need one Xinclude-d text file per param-value, which looks
kind of clumsy
3) and the path to these Xinclude-d files would need to be fixed, which
somehow also conflicts with the hoped-for flexibility
So far thus, it looks still pretty much like a forlorn hope.
Any additional ideas anyone ?
A more general question would be whether someone could think of a way by
which such an added functionality could be added to Tomcat, without
breaking the Servlet Spec compatibility ?
For example, would it be legal/compatible to have something like
${HostToTalkToIP}
and have this valuename defined as a variable somewhere else ?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GlobalNamingResources outside of server.xml
I just finished my first cup of coffee and realized I didn't address having the external def in the conf directory. You probably do not want to rely on each user having the same directory structure, so you can't rely on a hard coded absolute or relative path :) First, let me say I usually put a .properties file in some system defined directory and configure at app start up. Sometime I need a hierarchy and use an XML file in some system defined dir and keep that stored in some DOMish structure (e.g. XOM, dom4j, etc) rather than converting it into some (brittle) object with something like JAXB. Anyway, back to XInclude, there are good use cases especially within an XML heavy app. Relating to getting the external def into the conf dir, you would want to use XML Catalogs. They let you assign a local file to some reference in the XML. This can be used for many different types referenced file resolution. For example below, your local catalog would define: And of course, catalogs can reference other catalogs, which can reference other catalogs... best, -Rob On Apr 22, 2009, at 5:41 AM, Robert Koberg wrote: On Apr 22, 2009, at 4:25 AM, André Warnier wrote: Allright, but I'm afraid this is still somewhat flying over my head, what we me not being /either/ a Java expert, /nor/ a Tomcat expert, /nor/ an XML expert. (What am I then doing on this list, one might ask). So, since everyone but me seems to know pretty well how to do it, sometimes even in several ways, and since from previous threads I believe there is more interest for this, would it be possible for someone to give an effective simple example (or maybe two or three) based for example on this : http://java.sun.com/dtd/web-app_2_3.dtd";> MyApp My simple webapp. MyServlet my.servlet someParam someValue 1 ... of how one could make it so that the of the above "someParam" is a reference to some value defined elsewhere, for example in a file in the Tomcat "conf" directory ? OK, here you cannot use entities in an external file because you have already defined a DTD (one of the problems with DTDs). As for XInclude, the problem is slightly different: The XInclude support has to be turned on for the parser. From Xerces: http://xerces.apache.org/xerces2-j/faq-xinclude.html "Applications using JAXP 1.3 can enable XInclude processing by setting XInclude awareness on the parser factory. The following demonstrates how to accomplish this with SAX: import javax.xml.parsers.SAXParserFactory; SAXParserFactory spf = SAXParserFactory.newInstance(); spf.setNamespaceAware(true); spf.setXIncludeAware(true); ... You can also enable XInclude processing by turning on the XInclude feature." BTW, here is an article that has some examples: http://www.xml.com/pub/a/2002/07/31/xinclude.html Your example might look like: http://java.sun.com/dtd/web-app_2_3.dtd";> http://www.w3.org/2001/XInclude";> MyApp My simple webapp. MyServlet my.servlet someParam defaultValue 1 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with maximum threads
I realize that my Server.xml is not being used by the Tomcat engine. I mean the Connector part. Should I make any modifications anywhere? And I regret for the last repeated mails. It was sent by mistake. -Anand connossieur wrote: > > Christopher, > > This is my Server.xml > > > > >SSLEngine="on" /> > > > >/> >className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> > > > > >type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users.xml" /> > > > > > > >maxThreads="70" minSpareThreads="20"/> > port="80" protocol="HTTP/1.1" > connectionTimeout="2000" > redirectPort="8443" /> > > > > > > > > > > > > > > > > > > > > > > resourceName="UserDatabase"/> > > >unpackWARs="true" autoDeploy="true" > xmlValidation="false" xmlNamespaceAware="false"> > > > > > > > > > > > > > Do you think this has a problem? I'll try to upload the thread Dump to my > website and send a link. > > Anand > > > Christopher Schultz-2 wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> Stephen, >> >> On 4/21/2009 5:35 PM, Stephen Caine wrote: >>> This is the number of threads Tomcat will handle before it errors with >>> 'max threads reached. This is on OS X, 64 bit memory. The heap size is >>> 2 gigs. >>> >>> If you know how to increase this number, then please provide the >>> information. Others have also noted this limit on OS X in previous >>> posts to this list. >> >> ulimit? >> >> On my Mac OS X 10.4.11, "ulimit -a" reports max user processes (-u >> switch) are set to 256. You could probably increase that by doing: >> >> ulimit -u 1024 >> >> or whatever. If you've reached an upper limit of 2400, it's probably >> because you're reaching a hard limit set up somewhere else. >> >> There's also: >> >> sysctl -w kern.maxprocperuid=1024 (or more?) >> or >> sysctl -w kern.maxproc=1 (or more?) >> >> (My kern.maxproc is currently set to 532 -- what a strange number -- >> while kern.maxprocperuid is currently 266). >> >> You can also set your defaults in /etc/sysctl.conf: >> >> kern.maxproc=1 >> kern.maxprocperuid=5000 >> >> I didn't know any of this before 5 minutes ago. Google is your friend. >> >> - -chris >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.9 (MingW32) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAknuQ5wACgkQ9CaO5/Lv0PAAWgCcDkE+pxWHWYg7LgpYt+deUPqo >> ZfcAoJTtQ8RHCnWjXf127ZePRoagordH >> =CJ17 >> -END PGP SIGNATURE- >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > > -- View this message in context: http://www.nabble.com/Problem-with-maximum-threads-tp23154175p23173549.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: What Tomcat presentations / demos / discussions do you want to see at ApacheCon US 2009?
Rainer Jung wrote: On 16.04.2009 12:44, Mark Thomas wrote: Gregor Schneider wrote: - Concerning how often questions regarding mod_jk are showing up in the list: mod_jk - HowTo / Best practices Any takers for presenting this? Not sure, whether this is too specific for ApacheCon, but yes, if there is interest, I could give the talk. I'll submit a proposal and let the committee decide :) Concerning the proposal about a joined talk for httpd and mod_jk reverse proxy solutions: putting all this into one slot will be very dificult. Then we would need to keep it an overview thing and again people might not get the answers they are seeking (to many "it depends" without really explaining how you decide). So I prefer to do either a more specific talk (like one on mod_jk), or we would need two adjacent time slots. The latter gives maybe to much precious time ressources to this topic. May be we need a frond-end presentation with more than one speaker (I will be happy to make a mod_proxy one. Cheers Jean-Frederic Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GlobalNamingResources outside of server.xml
On Apr 22, 2009, at 4:25 AM, André Warnier wrote: Allright, but I'm afraid this is still somewhat flying over my head, what we me not being /either/ a Java expert, /nor/ a Tomcat expert, / nor/ an XML expert. (What am I then doing on this list, one might ask). So, since everyone but me seems to know pretty well how to do it, sometimes even in several ways, and since from previous threads I believe there is more interest for this, would it be possible for someone to give an effective simple example (or maybe two or three) based for example on this : http://java.sun.com/dtd/web-app_2_3.dtd";> MyApp My simple webapp. MyServlet my.servlet someParam someValue 1 ... of how one could make it so that the of the above "someParam" is a reference to some value defined elsewhere, for example in a file in the Tomcat "conf" directory ? OK, here you cannot use entities in an external file because you have already defined a DTD (one of the problems with DTDs). As for XInclude, the problem is slightly different: The XInclude support has to be turned on for the parser. From Xerces: http://xerces.apache.org/xerces2-j/faq-xinclude.html "Applications using JAXP 1.3 can enable XInclude processing by setting XInclude awareness on the parser factory. The following demonstrates how to accomplish this with SAX: import javax.xml.parsers.SAXParserFactory; SAXParserFactory spf = SAXParserFactory.newInstance(); spf.setNamespaceAware(true); spf.setXIncludeAware(true); ... You can also enable XInclude processing by turning on the XInclude feature." BTW, here is an article that has some examples: http://www.xml.com/pub/a/2002/07/31/xinclude.html Your example might look like: http://java.sun.com/dtd/web-app_2_3.dtd";> http://www.w3.org/2001/XInclude";> MyApp My simple webapp. MyServlet my.servlet someParam defaultValue 1 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Steps to configure Tomcat 5.0 with PKCS#11 support
Hi, We are using tomcat 5.0.28 and JDK 1.5.10. Now, there is some requirement to use tomcat with PKCS#11 support. Initial study shows that a hardware token would be needed for this. 1) Is minimum tomcat version 5.5 is must for this? 2) Is this hardware requirement is mandatory? Or any other way is possible? 3) what additional changes would be required at server.xml level for PKCS#11 support. Regards, Raminder Singh CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS***
Re: [OT] Headstart on "Resolving OOM-PermGen errors on webapp reload"
mark_desp...@mcafee.com wrote: ... Being named DeSpain, having a wife able to write about Java GC in Japanese and English, and being oneself able to write eloquently about an Insane Java library and its usage with Tomcat.. This world is full of wonders. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GlobalNamingResources outside of server.xml
Robert Koberg wrote: On Apr 21, 2009, at 7:02 PM, André Warnier wrote: André Warnier wrote: Mark Thomas wrote: André Warnier wrote: Mark Thomas wrote: Anthony J. Biacco wrote: I did end up trying it and it did work, I just didn't know if it was something that's frowned upon, or would for whatever reason was planned to be phased out/deprecated. Nope. That is absolutely fine. I know of a number of large corporations that use that feature extensively. We get it essentially for free with the xml parser so it is going to stay. My ears just kind of popped up on this thread. Would not the same kind of subterfuge be applicable for the case where you send an updated app as a war-file to a customer (thus including its web.xml), but this customer has his own different parameters to set in the web.xml ? Hmm. Never tried it. I'd try it and let us know how you get on. Hmm back. Unfortunately, I'm not really a productive Java/Tomcat programmer, and I don't do this kind of thing often (I mean prepare applications as wars, deploy them etc..). What I mean is that if someone else would a quick easy way to test this and be willing to do it, I am sure it would be much faster, and lots of people would probably be interested in the answer. I've seen this subject come up here a few times. I'll add that if it works, I think it's worth a Wiki article, and that, I am willing (and competent) to write. To each his own.. It is simply XML (the example in this thread uses entities). You could also use XInclude, which let's you define a fallback. And with either entities or XInclude you can use XML Catalogs for a great deal of flexibility. If you have no preference, tend to prefer XInclude over entities. Allright, but I'm afraid this is still somewhat flying over my head, what we me not being /either/ a Java expert, /nor/ a Tomcat expert, /nor/ an XML expert. (What am I then doing on this list, one might ask). So, since everyone but me seems to know pretty well how to do it, sometimes even in several ways, and since from previous threads I believe there is more interest for this, would it be possible for someone to give an effective simple example (or maybe two or three) based for example on this : http://java.sun.com/dtd/web-app_2_3.dtd";> MyApp My simple webapp. MyServlet my.servlet someParam someValue 1 ... of how one could make it so that the of the above "someParam" is a reference to some value defined elsewhere, for example in a file in the Tomcat "conf" directory ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
