tomcat5.5 can't start
Hi all : I have some problem with tomcat . I have install tomcat5.5 , root@ ibm:/tmp# dpkg --get-selections | grep tomcat5.5 libtomcat5.5-java install tomcat5.5 install then I using /etc/init.d/tomcat5.5 start to start tomcat, r...@ibm:/tmp# /etc/init.d/tomcat5.5 start * Starting Tomcat servlet engine tomcat5.5 [ OK ] But when I to check the tomcat ,I find tomcat didn't start . I have modify /etc/default/tomcat5.5 ,set TOMCAT5_SECURITY=no And my /var/log/tomcat5.5/ is empty . What's problem with my tomcat ? Cheers, jay
Re: poor-man's plugins: loading a subclass of a Web application class from common/lib
You don't say which version of Tomcat you're using, but I guess 6.0 from your paths. Correct. I've tried both 6.0.16 and 6.0.20. You should take a close look at http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html . I read that page before posting to this list, along with other Tomcat docs, the Tomcat wiki, and the archives of this list. So you ask for Class.forName(AudiBankImporter). The webapp classloader can't load this, so delegates to the common classloader. The common classloader loads the class and tries to resolve the class' references to other classes. It tries to resolve the reference to TransactionImport; can't find it; delegates up the chain; still can't find it; and fails with the error you see. Ah! Ok, that totally makes sense. Thank you for this clear interpretation! If you really, really have to do it this way (and it seems like a rather odd thing to do), you'll need to ensure that the common classloader can resolve TransactionImport. This means that you then should ensure TransactionImport is *not* loaded by your webapp classloader - you need to move it out of your webapp to CATALINA_HOME/lib. My idea was that TransactionImport is the interface (abstract class, actually) that the webapp authors define and use in webapp code, and plugin authors need only to implement TransactionImport, provide the fully-qualified class name of their implementation and put their compiled implementation somewhere that the Webapp can load. Ideally, this would be somewhere like $HOME/.mifos/plugins , I was just trying to simplify things during development by placing plugins in $CATALINA_HOME/lib for now. Any idea how I could load plugins from $HOME/.mifos/plugins ? Would it be possible to add jars or classes in this directory to the classpath at runtime? I could exclude TransactionImport from the webapp, but I think this would complicate deployment. I'd have to say something like to deploy my webapp you must also place mifos-spi-1.0.jar in $CATALINA_HOME/lib. Maybe that's not too bad? Makes upgrading the webapp a bit more of a hassle (more than just dropping in a new war). Hmm, actually, maybe this will work! It appears I can import and mention TransactionImport even if it is only available during compilation (ie: not placed in WEB-INF/lib in the webapp). Ok, cool, this is looking like the best option so far until I can figure out how to load plugins from $HOME/.mifos/plugins . Yay! Equally, you could put the jar containing AudiBankImporter into your webapp, which seems like a simpler and more isolated approach unless you're trying to solve a larger problem than you've described! I want to release my webapp first, then allow plugin authors to write and load plugins at their leisure. Perhaps there's a way to automate copying a plugin into WEB-INF/lib such that it can be used by a webapp? I'm sure I'm going about this all wrong, but hopefully I'm getting closer to something that makes sense. I tried setting Loader delegate=true/ in context.xml (based on http://tinyurl.com/yk7f63k), and I *am* able to load AudiBankImporter if I include TransactionImport in the plugin jar. I don't know other implications of this change, and it seems like a weird thing to have to require to be able to deploy my webapp. I think I covered most of Pid's questions too, except: * yes, TransactionImport is in a package * I had been trying to include _and_ exclude TransactionImport in the plugin jar in $CATALINA_HOME/lib . The first gave me a class cast exception (AudiBankImporter cannot be cast to TransactionImport), and the second (which we've covered) runs into the ClassNotFoundException since TransactionImport can't be seen by the common classloader. Thank you both for your help so far, and sorry if this is drifting to non-Tomcat stuff. Finally, here's the code I've been experimenting with in case folks are curious. source for package defining TransactionImport abstract class: https://mifos.dev.java.net/source/browse/mifos/trunk/spi/ source for package implementing TransactionImport (AudiBankImporter): https://mifos.dev.java.net/source/browse/mifos/spikes/importPluginExample/ The plugin framework will eventually end up in the Mifos webapp ( https://mifos.dev.java.net/source/browse/mifos/trunk/application ), but I made a small webapp for testing purposes: http://adammonsen.com/tmp/smallappwithplugins.tgz - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 5.5.17, fails group(roles) authentication in ldap
On 12/10/2009 05:59, Grey Karapetyan wrote: any ideas? Loads, thanks. http://catb.org/~esr/faqs/smart-questions.html p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat5.5 can't start
What operating system? What Java version? This looks like a packaging problem from a third-party repackaged version of Tomcat, so it may be that nobody on this list can help you as nobody here built the package! If you download the zip file of the same Tomcat version (or preferably the most recent one) from http://tomcat.apache.org, unzip it and run it using its own shell script, does it start? - Peter 2009/10/12 jay uniojnqoif...@gmail.com: Hi all : I have some problem with tomcat . I have install tomcat5.5 , root@ ibm:/tmp# dpkg --get-selections | grep tomcat5.5 libtomcat5.5-java install tomcat5.5 install then I using /etc/init.d/tomcat5.5 start to start tomcat, r...@ibm:/tmp# /etc/init.d/tomcat5.5 start * Starting Tomcat servlet engine tomcat5.5 [ OK ] But when I to check the tomcat ,I find tomcat didn't start . I have modify /etc/default/tomcat5.5 ,set TOMCAT5_SECURITY=no And my /var/log/tomcat5.5/ is empty . What's problem with my tomcat ? Cheers, jay - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
FOO / HTTP/1.1
Hi, If I send this to my Tomcat it responds with HTTP/1.1 200 OK and calls my servlet. :-) telnet localhost 8080 FOO / HTTP/1.1 Host: localhost What is this suppost to do? Ronald.
Re: tomcat5.5 can't start
looks like you are using ubuntu or debian but it installs tomcat 5.5 which is an old version . maybe you should upgrade your distrib? anyway your question probably belongs to the debian/ubuntu lists not here. also from my personal exper. ,thought i installed successfully tomcat on ubuntu it is always better to use vanilla tomcat versions. Evgeny On Mon, Oct 12, 2009 at 9:05 AM, jay uniojnqoif...@gmail.com wrote: Hi all : I have some problem with tomcat . I have install tomcat5.5 , root@ ibm:/tmp# dpkg --get-selections | grep tomcat5.5 libtomcat5.5-java install tomcat5.5 install then I using /etc/init.d/tomcat5.5 start to start tomcat, r...@ibm:/tmp# /etc/init.d/tomcat5.5 start * Starting Tomcat servlet engine tomcat5.5 [ OK ] But when I to check the tomcat ,I find tomcat didn't start . I have modify /etc/default/tomcat5.5 ,set TOMCAT5_SECURITY=no And my /var/log/tomcat5.5/ is empty . What's problem with my tomcat ? Cheers, jay
RE: Application gets started twice
Chuck, thank you for your advice and patience :) I have found context element nested inside host element on some tutorial long time ago and that where all the troubles started (It was probably meant for pre 5 Tomcat). Now, following your advice, I have chosen the ROOT approach to be perfectly legal. My last problem is the possibility to make the localhost:8080 (used for mod_jk) also available under localhost:8080/app (as internal endpoints) Is there any legal/simple way to accomplish this? Otherwise I will have put my application back to localhost:8080/app And try to reconfigure mod_jk so that it will show it under mydomain.com instead of mydomain.com/app Thanks, Maciej -- [Chuck] You probably don't want to get rid of the Context elements, but they really should not be in server.xml, at least not on Tomcat 5.0 or newer. Also, if you want a particular webapp to be the default webapp for a Host, it should be named ROOT, not anything else. [Chuck] Again, Context elements should not be in server.xml, and the default webapp for the Host should be named ROOT. Following standard practice makes things much easier; if you were to do that, you could eliminate the Context element altogether, and simply place your webapp in: /usr/local/apache-tomcat-5.5.28/AlfrescoApp/ROOT.war - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FOO / HTTP/1.1
Ronald Klop wrote: Hi, If I send this to my Tomcat it responds with HTTP/1.1 200 OK and calls my servlet. :-) telnet localhost 8080 FOO / HTTP/1.1 Host: localhost What is this suppost to do? :-) I don't know what is the context, and how you determine that Tomcat is the target, nor how you know that your servlet is being called, but on the face if it, it does exactly what it is supposed to do. From the above, the conclusions that can be drawn are : - there is a webserver on localhost which answers to port 8080 - it has a valid document to return for the URL / - and it is not too picky about HTTP verbs, since it seems to consider FOO as an acceptable alias for GET If you want more information, I am afraid that you will have to supply more details about your configuration, and maybe explain exactly what the question is. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: poor-man's plugins: loading a subclass of a Web application class from common/lib
On 12/10/2009 08:42, Adam Monsen wrote: You don't say which version of Tomcat you're using, but I guess 6.0 from your paths. Correct. I've tried both 6.0.16 and 6.0.20. You should take a close look at http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html . I read that page before posting to this list, along with other Tomcat docs, the Tomcat wiki, and the archives of this list. So you ask for Class.forName(AudiBankImporter). The webapp classloader can't load this, so delegates to the common classloader. The common classloader loads the class and tries to resolve the class' references to other classes. It tries to resolve the reference to TransactionImport; can't find it; delegates up the chain; still can't find it; and fails with the error you see. Ah! Ok, that totally makes sense. Thank you for this clear interpretation! If you really, really have to do it this way (and it seems like a rather odd thing to do), you'll need to ensure that the common classloader can resolve TransactionImport. This means that you then should ensure TransactionImport is *not* loaded by your webapp classloader - you need to move it out of your webapp to CATALINA_HOME/lib. My idea was that TransactionImport is the interface (abstract class, actually) that the webapp authors define and use in webapp code, and plugin authors need only to implement TransactionImport, provide the fully-qualified class name of their implementation and put their compiled implementation somewhere that the Webapp can load. Ideally, this would be somewhere like $HOME/.mifos/plugins , I was just trying to simplify things during development by placing plugins in $CATALINA_HOME/lib for now. Any idea how I could load plugins from $HOME/.mifos/plugins ? Would it be possible to add jars or classes in this directory to the classpath at runtime? I could exclude TransactionImport from the webapp, but I think this would complicate deployment. I'd have to say something like to deploy my webapp you must also place mifos-spi-1.0.jar in $CATALINA_HOME/lib. Maybe that's not too bad? Makes upgrading the webapp a bit more of a hassle (more than just dropping in a new war). Hmm, actually, maybe this will work! It appears I can import and mention TransactionImport even if it is only available during compilation (ie: not placed in WEB-INF/lib in the webapp). Ok, cool, this is looking like the best option so far until I can figure out how to load plugins from $HOME/.mifos/plugins . Yay! Equally, you could put the jar containing AudiBankImporter into your webapp, which seems like a simpler and more isolated approach unless you're trying to solve a larger problem than you've described! I want to release my webapp first, then allow plugin authors to write and load plugins at their leisure. Have you looked at the ServiceLoader API? Perhaps there's a way to automate copying a plugin into WEB-INF/lib such that it can be used by a webapp? Probably not a good idea. I'm sure I'm going about this all wrong, but hopefully I'm getting closer to something that makes sense. I tried settingLoader delegate=true/ in context.xml (based on http://tinyurl.com/yk7f63k), That seems to be related to a completely different issue, even if the outcome seems to help. and I *am* able to load AudiBankImporter if I include TransactionImport in the plugin jar. I don't know other implications of this change, and it seems like a weird thing to have to require to be able to deploy my webapp. You *must* include the interface class(es). This is not optional. I think I covered most of Pid's questions too, except: * yes, TransactionImport is in a package * I had been trying to include _and_ exclude TransactionImport in the plugin jar in $CATALINA_HOME/lib . The first gave me a class cast exception (AudiBankImporter cannot be cast to TransactionImport), and the second (which we've covered) runs into the ClassNotFoundException since TransactionImport can't be seen by the common classloader. You may experience a ClassCastException if TransactionImport.class is in two places at the same time. The interface (and any related classes) should be placed in a jar (say base.jar). Anyone implementing the interface (or extending an abstract class) must ensure that 'base.jar' is available to the ClassLoader that contains their implementing class. This means the following: If the implementing class (in say impl.jar) is in myapp/WEB-INF/lib then base.jar can be in either the webapp, or $CATALINA_HOME/lib If impl.jar is in $CATALINA_HOME/lib then base.jar must be there too. You may *not* put 'impl.jar' in $CATALINA_HOME/lib if 'base.jar' is in myapp/WEB-INF/lib. I hesitate to suggest this, as I think you need to understand how the ClassLoader hierarchy works before proceeding, but... ...if your web app uses a custom ClassLoader that performs as normal, but looks in a special location for additional plug-in classes, you may be able to achieve
Re: FOO / HTTP/1.1
The question is why Tomcat does not return a 501 NOT IMPLEMENTED error like Apache does? But I already found something. It does give a 501 when I call my servlet which only implements doGet, but when it goes to index.jsp the jsp stuff calls the service() method which doesn't check the http method. Probably this is ok. Ronald. Op maandag, 12 oktober 2009 12:01 schreef André Warnier a...@ice-sa.com: Ronald Klop wrote: Hi, If I send this to my Tomcat it responds with HTTP/1.1 200 OK and calls my servlet. :-) telnet localhost 8080 FOO / HTTP/1.1 Host: localhost What is this suppost to do? :-) I don't know what is the context, and how you determine that Tomcat is the target, nor how you know that your servlet is being called, but on the face if it, it does exactly what it is supposed to do. From the above, the conclusions that can be drawn are : - there is a webserver on localhost which answers to port 8080 - it has a valid document to return for the URL / - and it is not too picky about HTTP verbs, since it seems to consider FOO as an acceptable alias for GET If you want more information, I am afraid that you will have to supply more details about your configuration, and maybe explain exactly what the question is. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FOO / HTTP/1.1
For Servlets - as long as Servlet.service(ServletRequest,ServletResponse) is implemented - you wont see the 501. So thats why you see the 501 for your servlet. JSP's are funny since there is nothing in the spec which restricts the request method. So service(...) is overridden by all JSP's so it will handle GET/POST/HEAD/??? - which isn't necessarily a bad thing since you *could* implement PUT (Or any other valid but typically unused method) in a Servlet and forward to a JSP to render the results. -Tim Ronald Klop wrote: The question is why Tomcat does not return a 501 NOT IMPLEMENTED error like Apache does? But I already found something. It does give a 501 when I call my servlet which only implements doGet, but when it goes to index.jsp the jsp stuff calls the service() method which doesn't check the http method. Probably this is ok. Ronald. Op maandag, 12 oktober 2009 12:01 schreef André Warnier a...@ice-sa.com: Ronald Klop wrote: Hi, If I send this to my Tomcat it responds with HTTP/1.1 200 OK and calls my servlet. :-) telnet localhost 8080 FOO / HTTP/1.1 Host: localhost What is this suppost to do? :-) I don't know what is the context, and how you determine that Tomcat is the target, nor how you know that your servlet is being called, but on the face if it, it does exactly what it is supposed to do. From the above, the conclusions that can be drawn are : - there is a webserver on localhost which answers to port 8080 - it has a valid document to return for the URL / - and it is not too picky about HTTP verbs, since it seems to consider FOO as an acceptable alias for GET If you want more information, I am afraid that you will have to supply more details about your configuration, and maybe explain exactly what the question is. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Persistent Storage for Webapps
Hi, In my webapp I need persistent storage. I am building my webapp as a .war file, and copying it into $CATALINE_HOME/webapps/ Tomcat extracts $CATALINA_HOME/webapps/app.war to $CATALINA_HOME/webapps/app/ The war file contains an empty directory /WEB-INF/data . During operations, data files are created under /WEB-INF/data/ Today I created a new release, new.war and upgraded like: cat /tmp/new.war $CATALINA_HOME/webapps/app.war app.war was re-extracted, and all of my data under /WEB-INF/data/ disappeared. Question: id /WEB-INF/ in the extracted directory the correct place for persistent data storage? If not, where is? My goal is to find a consistent way of creating persistent data relative to the context. I dont want to have to configure context parameters with data directory paths for each installation. I saw some code referencing the temp directory obtained from ServletContext.getAttribute(javax.servlet.context.tempdir), but I also saw that this data is only guaranteed to last while the app is running. Where can I find documentation of this behavior? grepping the servlet spec returns no matches for tempdir. I'd appreciate any pointers. Thanks, Jesse - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.20 always works in GMT timezone even after forcing it to use Asia/Calcutta by multiple methods.
java.util.PropertyPermission user.timezone, write; line not there in catalina.policy file. Should this line not need to be present for granting the pernission? What is the code for restricting the timezone overide permission in catalina.policy file? Moreover it was misundstanding between our developers, Nobody said that kernel tomcat mismatch might be the cause of the problem. TZData is also up-to-date. Regards On Mon, Oct 12, 2009 at 11:20 AM, raghu gs iamra...@gmail.com wrote: Yeah, we have couple of other servers running the same codebase. We don't experience such an issue in those servers, Anyway i'll get back to here once i got concrete information from our developers. Regards On Mon, Oct 12, 2009 at 11:17 AM, Peter Crowther peter.crowt...@melandra.com wrote: 2009/10/12 raghu gs iamra...@gmail.com: But our engineers where is that this a Kernal and Tomcat issue. Is there possibilty for that? There are a large number of people using Tomcat who don't see this issue and are in non-GMT timezones - including a fairly large number in India, if the email addresses I've seen on the list are any indicator. So far, I don't remember anyone else reporting the issue, and if it was a Tomcat issue I would have expected it to show up in other installations than yours. Is it possible? Well, anything's possible. But it seems unlikely. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Persistent Storage for Webapps
Jesse Long wrote: Question: id /WEB-INF/ in the extracted directory the correct place for persistent data storage? If not, where is? No, WEB-INF is not a correct place app generated files. You can use any directory outside of context root. My goal is to find a consistent way of creating persistent data relative to the context. I dont want to have to configure context parameters with data directory paths for each installation. It depends :-) You can have a code that generates path to storage directory based on host name, based on app name, based on server's IP, reads it from JNDI context, etc. With such solution you don't need any context parameters, you need one war file (I mean war file is not environment dependant). -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Questions on Single Sign On?
To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? Either way us fine, i'm just trying to use the server to handle as much of the work load as possible and lessen the actual coding load. Thanks in advance, - Josh
RE: Application gets started twice
From: Maciej Zabielski [mailto:m...@tessel.pl] Subject: RE: Application gets started twice My last problem is the possibility to make the localhost:8080 (used for mod_jk) also available under localhost:8080/app (as internal endpoints) Is there any legal/simple way to accomplish this? Since you want this to be effective on port 8080 (httpd not involved), you can use the rewrite filter: http://tuckey.org/urlrewrite/ Alternatively, you could install a dummy webapp at either ROOT or app that simply forwards all requests to the correct one. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Questions on Single Sign On?
makes sense depending on the scope session scope information can be stored in either session scope and carried throughout Browser session Application is trickier as the information you have to be stored usually to a Database oracle Single-signon works well with exsiting oracle application technology stack and oracle database http://www.oracle.com/technology/products/id_mgmt/esso/index.html Jetspeed Portal system allows you to setup group roles and users join the roles and have access read/write/execute/delete access to defined resource (doc/jpg/pdf/page) http://portals.apache.org/jetspeed-2/ Not trivial to setup either but its something you may want to seriously consider Feel free to ping me offline if you need help with either product Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Mon, 12 Oct 2009 09:17:21 -0400 Subject: Questions on Single Sign On? From: josh.good...@gmail.com To: users@tomcat.apache.org To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? Either way us fine, i'm just trying to use the server to handle as much of the work load as possible and lessen the actual coding load. Thanks in advance, - Josh _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141664/direct/01/
Re: Questions on Single Sign On?
2009/10/12 Josh Gooding josh.good...@gmail.com: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Correct. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? You'll need custom code. Are you sure this is an appropriate requirement? In particular, how do you plan to handle (say) a browser or client crash that loses the in-memory session cookie? The user can neither log out from the old session nor log into a new session until the server times out the session. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Application gets started twice
Yes, that sounds like a good idea. For now I have tried something similar that has only one drawback - it is visible from outside. Because I didn't want to mess with alfresco endpoints, I have moved alfresco to regular webapps folder, Share site is under its own host. Therefore Share site works directly like this share.domain.com And for Alfresco I use alfresco.domain.com with auto rewrite to alfresco.domain.com/alfresco That is rather fine with me. Locally Alfresco is available under regular address localhost:8080/alfresco and Share application can access all the endpoints without any modifications. Inside HTTPD virtual host for Alfresco I have added: RewriteEngine On RewriteCond %{REQUEST_URI} !^/alfresco/ RewriteRule ^/. http://alfresco.tessel.pl/alfresco/ [R] Once more - big thanks for your support Regards Maciej -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Monday, October 12, 2009 3:19 PM To: Tomcat Users List Subject: RE: Application gets started twice From: Maciej Zabielski [mailto:m...@tessel.pl] Subject: RE: Application gets started twice My last problem is the possibility to make the localhost:8080 (used for mod_jk) also available under localhost:8080/app (as internal endpoints) Is there any legal/simple way to accomplish this? Since you want this to be effective on port 8080 (httpd not involved), you can use the rewrite filter: http://tuckey.org/urlrewrite/ Alternatively, you could install a dummy webapp at either ROOT or app that simply forwards all requests to the correct one. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
On 12/10/2009 14:37, Peter Crowther wrote: 2009/10/12 Josh Goodingjosh.good...@gmail.com: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Correct. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? You'll need custom code. Are you sure this is an appropriate requirement? In particular, how do you plan to handle (say) a browser or client crash that loses the in-memory session cookie? The user can neither log out from the old session nor log into a new session until the server times out the session. The OP could just set a new key value in the session each time a user logs in, and ensure that any user with an old, invalid key is logged out on their next request. You would need to compare the key in the session, on each request, to the key associated with the user in storage somewhere, which is an additional overhead. A Filter in each app would be suitable, (or a Valve though these will soon be going the way of the Dodo, so they're probably not a good long term choice). p - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
Josh Gooding wrote: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Well, kind of.. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? Either way us fine, i'm just trying to use the server to handle as much of the work load as possible and lessen the actual coding load. It really depends on what kind of login (or rather, user authentication) you have set up. If you are using Tomcat's integrated (or container-based) authentication mechanism, then as far as I know the authenticated user-id is something that will be stored in the session data. As long as the session is valid, the user will not be asked to re-authenticate. As soon as the session is invalidated and they try to access a webapp that is submitted to AAA, they will be asked to login again. This is true for all webapps that are in the same realm. It is fairly well explained here : http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On The keys here are which kind of AAA you are using, the Realm of your webapps, the session and its associated cookie. Note that this kind of SSO is Tomcat-specific, and valid only for a single Tomcat. What many of my customers understand by SSO is a bit different : it means that they wish to login once in the morning when they turn on their workstation, and never again during the day. They then want this single login to be valid, automatically, for all servers and applications they access during the day, whether they are running under Tomcat or not (but also the ones running under Tomcat). That's a different story. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
I know doing this at the application level is probably going to be a little messy and that's ok for now. Since this is for a video training program, yes the requirement is appropriate. As for handling browser crashes, I'll have to set the timeout to an appropriate time, (1/2 hour or so) but if you are watching videos and testing, or reading docs, you can chew up 1/2 hour easily so I haven't really thought it through fully yet. At the moment, I am using Tomcat's Realm's authentication due to the different roles throughout the program. Key pairs to the DB is more overhead than I would like to see, and I'd only like to use that if all else fails. That seems to be, no offense, a bit of resource wasting. What do you mean that valves are going kaput? Is that for the TC7 release? Andre, your talking about something like Active Directory for Windows Domain's to use with say Communicator, Outlook, etc, across windows environments with domain authentication? I understand what the Tomcat's and most org's SSO means, but I am trying to translate into something that I can talk about and not have a huge amount of keystrokes in typing. It's looking more and more like a custom code job (for the most part). I'll continue to do some research on this, but I think that coding is going to be the most direct route so far. Thanks everyone. I appreciate the input. - Josh On Mon, Oct 12, 2009 at 9:50 AM, Pid p...@pidster.com wrote: On 12/10/2009 14:37, Peter Crowther wrote: 2009/10/12 Josh Goodingjosh.good...@gmail.com: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Correct. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? You'll need custom code. Are you sure this is an appropriate requirement? In particular, how do you plan to handle (say) a browser or client crash that loses the in-memory session cookie? The user can neither log out from the old session nor log into a new session until the server times out the session. The OP could just set a new key value in the session each time a user logs in, and ensure that any user with an old, invalid key is logged out on their next request. You would need to compare the key in the session, on each request, to the key associated with the user in storage somewhere, which is an additional overhead. A Filter in each app would be suitable, (or a Valve though these will soon be going the way of the Dodo, so they're probably not a good long term choice). p - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Persistent Storage for Webapps
Mikolaj Rydzewski wrote: Jesse Long wrote: Question: id /WEB-INF/ in the extracted directory the correct place for persistent data storage? If not, where is? No, WEB-INF is not a correct place app generated files. You can use any directory outside of context root. My goal is to find a consistent way of creating persistent data relative to the context. I dont want to have to configure context parameters with data directory paths for each installation. It depends :-) You can have a code that generates path to storage directory based on host name, based on app name, based on server's IP, reads it from JNDI context, etc. With such solution you don't need any context parameters, you need one war file (I mean war file is not environment dependant). Thanks for your answers. I still like the concept of having the container allocate persistent storage space. Can I configure tomcat to not delete from the javax.servlet.context.tempdir directory? Thanks, Jesse - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
2009/10/12 Josh Gooding josh.good...@gmail.com: As for handling browser crashes, I'll have to set the timeout to an appropriate time, (1/2 hour or so) but if you are watching videos and testing, or reading docs, you can chew up 1/2 hour easily so I haven't really thought it through fully yet. Pid's approach of invalidating the old session(s) when you see a new one would get round my objection very neatly - it's probably the best approach to the problem. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Persistent Storage for Webapps
Jesse Long wrote: Thanks for your answers. I still like the concept of having the container allocate persistent storage space. Can I configure tomcat to not delete from the javax.servlet.context.tempdir directory? 'persistent' and 'temp' sounds like opposite. -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Perter, On 10/12/2009 9:37 AM, Peter Crowther wrote: 2009/10/12 Josh Gooding josh.good...@gmail.com: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Correct. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? You'll need custom code. Are you sure this is an appropriate requirement? In particular, how do you plan to handle (say) a browser or client crash that loses the in-memory session cookie? Also, if the client loses their session cookie, how will the OP uniquely identify the client in order to apply this policy? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTQl8ACgkQ9CaO5/Lv0PAjLQCfaWOW7Vh6zqvw59q+0xUN3qGd BIgAoIsDYiQiXmICSWg1/5sqeGsxmjNs =C+RH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
On 12-Oct-2009, at 10:51, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Perter, On 10/12/2009 9:37 AM, Peter Crowther wrote: 2009/10/12 Josh Gooding josh.good...@gmail.com: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Correct. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? You'll need custom code. Are you sure this is an appropriate requirement? In particular, how do you plan to handle (say) a browser or client crash that loses the in-memory session cookie? Also, if the client loses their session cookie, how will the OP uniquely identify the client in order to apply this policy? The only solution I can think of is a non-session cookie that the web application deals with itself. If it can't find it mapped to the users session-id in the application context, then the user is considered logged out. The catch is if the user opens up a new browser this will kill the existing session, so you would have to back this up with a dialogue warning the user that they are already logged in and logging in again will log out the other session. What is important is to balance the needs of single sign on and the security provided to the user of closing their browser, and thus ending their session. André - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6.0.20 always works in GMT timezone even after forcing it to use Asia/Calcutta by multiple methods.
-Original Message- From: raghu gs [mailto:iamra...@gmail.com] Sent: Monday, October 12, 2009 5:18 AM To: Tomcat Users List Subject: Re: Tomcat 6.0.20 always works in GMT timezone even after forcing it to use Asia/Calcutta by multiple methods. java.util.PropertyPermission user.timezone, write; line not there in catalina.policy file. Should this line not need to be present for granting the pernission? The reference to catalina.policy only applies if you are running under a security manager. Are you running under a security manager? What is the code for restricting the timezone overide permission in catalina.policy file? Moreover it was misundstanding between our developers, Nobody said that kernel tomcat mismatch might be the cause of the problem. TZData is also up-to-date. Regards George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
Josh Gooding wrote: ... Andre, your talking about something like Active Directory for Windows Domain's to use with say Communicator, Outlook, etc, across windows environments with domain authentication? Yes, although Windows domain authentication is not the only game in town. I understand what the Tomcat's and most org's SSO means, but I am trying to translate into something that I can talk about and not have a huge amount of keystrokes in typing. And I suggest that you to think this through from the beginning, and not rush into a Tomcat-only authentication, if your users for instance are going to get weary very quickly to have to login (again!) each time they want to access this application on this host. The other snag is if in order to do your type of authentication you need to have your own store of user-id's and passwords. User-id's are usually OK (they can be the same as the user's usual login), but to get a network admin to give you the users passwords, so that you can store them in your own Tomcat-only store, is going to be more tricky. (Users do not, as a rule, like to have to remember several passwords). There are basically two types of authentication usable in Tomcat : the container-based authentication of which mainly question so far, and the servlet filter based authentication mechanisms. These consist of wrapping all your to-be-protected webapps in a servlet filter, which authenticates each request before it even gets to your webapp. Servlet filters are defined at the Servlet Spec level, so are portable. To the webapp, it is transparent. It just finds an authenticated user whenever it runs. The filter itself determines what kind of authentication happens, using which back-end etc.. Here are two examples : http://securityfilter.sourceforge.net/ http://www.ioplex.com Reading their docs should give you some material to think about. There exists a 3rd way : if you have a webserver in front of Tomcat (IIS or Apache), they can do the user authentication, and via mod_jk (*) pass an authenticated user-id to Tomcat (roles is another story). (* : plus, for Apache only, mod_proxy_ajp) In any case, I don't really think that you will need to create new code. There are enough ready-to-use solutions floating around that this should be unnecessary. And, as some people already indirectly pointed out, coding AAA and doing it right can be very tricky. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
On 12/10/2009 15:16, Josh Gooding wrote: I know doing this at the application level is probably going to be a little messy and that's ok for now. Since this is for a video training program, yes the requirement is appropriate. As for handling browser crashes, I'll have to set the timeout to an appropriate time, (1/2 hour or so) but if you are watching videos and testing, or reading docs, you can chew up 1/2 hour easily so I haven't really thought it through fully yet. At the moment, I am using Tomcat's Realm's authentication due to the different roles throughout the program. Key pairs to the DB is more overhead than I would like to see, and I'd only like to use that if all else fails. That seems to be, no offense, a bit of resource wasting. A single (sensible query) DB hit is not a huge overhead in a modern app, especially if your app is hitting the DB multiple times, producing complex objects, for each page requested. It needn't be a DB, it could be a suitable synchronised (or not?) map, held in the application scope. You have to keep things in context. (Hehe, you see what I did there?) What do you mean that valves are going kaput? Is that for the TC7 release? I understand that the goal in TC7 is to replace Valves with Filters configured at various levels. It has ever been the case that integrating your app with Tomcat internals is a risky strategy, because they are not bound to a spec and thus could change on each release. p Andre, your talking about something like Active Directory for Windows Domain's to use with say Communicator, Outlook, etc, across windows environments with domain authentication? I understand what the Tomcat's and most org's SSO means, but I am trying to translate into something that I can talk about and not have a huge amount of keystrokes in typing. It's looking more and more like a custom code job (for the most part). I'll continue to do some research on this, but I think that coding is going to be the most direct route so far. Thanks everyone. I appreciate the input. - Josh On Mon, Oct 12, 2009 at 9:50 AM, Pidp...@pidster.com wrote: On 12/10/2009 14:37, Peter Crowther wrote: 2009/10/12 Josh Goodingjosh.good...@gmail.com: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Correct. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? You'll need custom code. Are you sure this is an appropriate requirement? In particular, how do you plan to handle (say) a browser or client crash that loses the in-memory session cookie? The user can neither log out from the old session nor log into a new session until the server times out the session. The OP could just set a new key value in the session each time a user logs in, and ensure that any user with an old, invalid key is logged out on their next request. You would need to compare the key in the session, on each request, to the key associated with the user in storage somewhere, which is an additional overhead. A Filter in each app would be suitable, (or a Valve though these will soon be going the way of the Dodo, so they're probably not a good long term choice). p - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: poor-man's plugins: loading a subclass of a Web application class from common/lib
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Adam, On 10/12/2009 3:42 AM, Adam Monsen wrote: My idea was that TransactionImport is the interface (abstract class, actually) that the webapp authors define and use in webapp code, and plugin authors need only to implement TransactionImport, provide the fully-qualified class name of their implementation and put their compiled implementation somewhere that the Webapp can load. Do you have some kind of container-provided service that will be included? If not, why not simply include the JAR file containing your interfaces directly in each webapp that uses it? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTSEcACgkQ9CaO5/Lv0PAkNQCbBulwBuqTE3BlPKOSQnAxIcEU ibIAoLnt3FNUOCS7OFV+NUhEAp8oVEwo =x/I6 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
Well upon clicking logout the following occurs: session.removeAttribute(User); session.invalidate(); response.sendRedirect(EULA.jsp); If I close the browser window, and reopen it without clicking the logout button, I can still get back into my active session. How would I invalidate the session upon closing the browser window? On Mon, Oct 12, 2009 at 11:02 AM, Andre-John Mas aj...@sympatico.ca wrote: On 12-Oct-2009, at 10:51, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Perter, On 10/12/2009 9:37 AM, Peter Crowther wrote: 2009/10/12 Josh Gooding josh.good...@gmail.com: To my knowledge the Single Sign on in Tomcat is a way for all of your back end applications in your VH to recognize that you have logged in to one place, and all of the apps belonging to that VH will be logged into. Correct. What I am trying to do is restrict the login from users to one single session. (i.e. if you are logged in once, you cannot log in again unless your session expires or you log out.) Is this possible with what is included with Tomcat or is this going to take some custom code? You'll need custom code. Are you sure this is an appropriate requirement? In particular, how do you plan to handle (say) a browser or client crash that loses the in-memory session cookie? Also, if the client loses their session cookie, how will the OP uniquely identify the client in order to apply this policy? The only solution I can think of is a non-session cookie that the web application deals with itself. If it can't find it mapped to the users session-id in the application context, then the user is considered logged out. The catch is if the user opens up a new browser this will kill the existing session, so you would have to back this up with a dialogue warning the user that they are already logged in and logging in again will log out the other session. What is important is to balance the needs of single sign on and the security provided to the user of closing their browser, and thus ending their session. André - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Simple APR install question...
Hi All, I want to setup APR for Tomcat 6.0.20 under windows. I only want the APR I do not need SSL or OpenSSO at this time. So do I put the all the dlls (ipv4 ipv6 also) under windows32 folder or just the tcnative-1.dll? Or maybe the dlls are put under the bin directory of tomcat? Many Thanks, -Tony - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
2009/10/12 Josh Gooding josh.good...@gmail.com: If I close the browser window, and reopen it without clicking the logout button, I can still get back into my active session. How would I invalidate the session upon closing the browser window? I'm surprised that happens if you shut down the browser *process* (that would delete the in-memory cookie for the session - try it), but not surprised if you close the *window*. Sessions are associated with a browser process, not a particular window - so you can have 10 windows open at once in the same browser, to the same site, and they will use the same session. This is a feature of HTTP, cannot be gotten round, and applications must either accept that constraint or break under some circumstances. For example, what happens if you do something in a logged-in session, open a new window on your app, hit your login page, log in as a different user, go back to the old window and try to make use of the page? Similarly, another feature of HTTP is that the browser does not have to maintain any contact at all with the server, and does not have to tell the server it's going away. There's also no event you can reliably catch in Javascript to detect that the window is closing (onclose comes close, but not all browsers implement it). Even a session timeout on the server merely means I haven't seen a request within this period, not the user has closed the window. I've seen people put code in a hidden iframe that polls the server every couple of minutes just to keep the session alive, and to use a short (say 5-minute) session timeout, but even that doesn't detect a closed window immediately. Again, this is a feature of HTTP, cannot be gotten round, and you just have to accept that perfectly valid sessions may hang around for some time after the user closes the particular window they're using to interact with your site. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
On 12-Oct-2009, at 11:24, Josh Gooding wrote: Well upon clicking logout the following occurs: session.removeAttribute(User); session.invalidate(); response.sendRedirect(EULA.jsp); If I close the browser window, and reopen it without clicking the logout button, I can still get back into my active session. How would I invalidate the session upon closing the browser window? What browser are you using, and how are you reopening the window? If you exit your browser the session should be invalidated, though: - Firefox maintains its state if you make it remember the open tabs/ windows - IE will open a separate application instance only if it is launched via the desktop icon. Selecting 'New Window' form the file menu will simply create a new window in the same instance. André - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
On Mon, Oct 12, 2009 at 11:03 AM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: ... Andre, your talking about something like Active Directory for Windows Domain's to use with say Communicator, Outlook, etc, across windows environments with domain authentication? Yes, although Windows domain authentication is not the only game in town. ** I know Andre, it was just the first thing that popped into my head. The shop I work for is a Microjunk shop and I am the only dinosaur who codes on OS platforms here after I leave they can claim to be an all .NET shop. However, i'm the only one working on programs that are making the company money... :: shrug :: anywho. I know there are others, WIndows is just one of the most commonly recognized. You also have raduis, NIS, and if I am not mistaken even LDAP. I understand what the Tomcat's and most org's SSO means, but I am trying to translate into something that I can talk about and not have a huge amount of keystrokes in typing. And I suggest that you to think this through from the beginning, and not rush into a Tomcat-only authentication, if your users for instance are going to get weary very quickly to have to login (again!) each time they want to access this application on this host. The other snag is if in order to do your type of authentication you need to have your own store of user-id's and passwords. User-id's are usually OK (they can be the same as the user's usual login), but to get a network admin to give you the users passwords, so that you can store them in your own Tomcat-only store, is going to be more tricky. (Users do not, as a rule, like to have to remember several passwords). There are basically two types of authentication usable in Tomcat : the container-based authentication of which mainly question so far, and the servlet filter based authentication mechanisms. These consist of wrapping all your to-be-protected webapps in a servlet filter, which authenticates each request before it even gets to your webapp. Servlet filters are defined at the Servlet Spec level, so are portable. To the webapp, it is transparent. It just finds an authenticated user whenever it runs. The filter itself determines what kind of authentication happens, using which back-end etc.. Here are two examples : http://securityfilter.sourceforge.net/ http://www.ioplex.com Reading their docs should give you some material to think about. There exists a 3rd way : if you have a webserver in front of Tomcat (IIS or Apache), they can do the user authentication, and via mod_jk (*) pass an authenticated user-id to Tomcat (roles is another story). (* : plus, for Apache only, mod_proxy_ajp) In any case, I don't really think that you will need to create new code. There are enough ready-to-use solutions floating around that this should be unnecessary. And, as some people already indirectly pointed out, coding AAA and doing it right can be very tricky. ** I already removed httpd from the server and am very reluctant to reconfigure / install it. I'll look into those and check. Thanks man, this project is really opening my eyes to a lot of other things that I would have never thought of. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] mod_jk inserting Transfer-Encoding Chunked header
At the risk of bringing this thread back on topic, I still haven't found a solution to the problem. I suspect that mod_jk may be setting the Content-Length header in a case that SunOne does not expect (SunOne is case-sensitive to headers in it's NSAPI modules!). I note the following sentence from http://docsun.cites.uiuc.edu/sun_docs/C/solaris_9/SUNWadoc/SONEAPPSVRNSAPI/dnhttp.html#24970 Response length determination: If the buffering layer cannot determine the length of the response, it uses HTTP 1.1 chunked encoding instead of the content-length header to convey the delineation information. If the client only understands HTTP 1.0, the server must close the connection to indicate the end of the response. Delving into the mod_jk source is certainly an option, but I'm concerned about other incompatibilities we may stumble across later (particularly as this seems an uncommon combination to run nowadays). For the moment we've just reverted to using the SunOne 7.0 stock reverse proxy. This seems to fulfill our immediate needs, and we can perhaps revisit mod_jk later. Thanks for the tips so far, Sam - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
On 12-Oct-2009, at 11:41, Josh Gooding wrote: On Mon, Oct 12, 2009 at 11:03 AM, André Warnier a...@ice-sa.com wrote: Josh Gooding wrote: ... Andre, your talking about something like Active Directory for Windows Domain's to use with say Communicator, Outlook, etc, across windows environments with domain authentication? Yes, although Windows domain authentication is not the only game in town. ** I know Andre, it was just the first thing that popped into my head. The shop I work for is a Microjunk shop and I am the only dinosaur who codes on OS platforms here after I leave they can claim to be an all .NET shop. However, i'm the only one working on programs that are making the company money... :: shrug :: anywho. I know there are others, WIndows is just one of the most commonly recognized. You also have raduis, NIS, and if I am not mistaken even LDAP. You can even use LDAP with ActiveDirectory, on the condition they provide you the access you need. André-John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Out of memory being caused by notFoundResources in org.apache.catalina.loader.WebappClassLoader
Guys Tomcat 6.0.20, java 1.6, linux x64 org.apache.catalina.loader.WebappClassLoader records every resource you asked for that doesn't exist. On our site we have alot of pages ( 800,000 ) all of which are using struts2 with validation. every hit means the validator does a request for a resource actionName-validation.xml This then gets cached in the WebappClassLoader about line 249 /** * The list of not found resources. */ protected HashMap notFoundResources = new HashMap(); Can this be made into a weak hash map perchance ? or something so that it won't invoke a out of memory. I'm also looking at removing the validator from those urls if anyone knows how to tell the validation interceptor that we don't use the xml files and ONLY use annotations then that would be great :) Ta D
Re: Persistent Storage for Webapps
Am Mon, 12 Oct 2009 13:01:44 +0200 schrieb Jesse Long j...@unknown.za.net: In my webapp I need persistent storage. I am building my webapp as a .war file, and copying it into $CATALINE_HOME/webapps/ Tomcat extracts $CATALINA_HOME/webapps/app.war to $CATALINA_HOME/webapps/app/ The war file contains an empty directory /WEB-INF/data . During operations, data files are created under /WEB-INF/data/ WEB-INF should contain only static files which shouldn't be accessible by Webclients (directly), e.g. by /app/data/filename . So it seems to be a bad place Question: id /WEB-INF/ in the extracted directory the correct place for persistent data storage? If not, where is? AFAIK there is no general advise where to put dynamic, persistent data. As system administrator I prefer solutions that give me the opportunity to decide myself where to put dynamic data. There are a lot of reasons for this: securing against disk space overflow, backup, priviledge separation, etc. Following this way you might create a properties-file outside the Tomcat-hierarchy at a sensible place (e.g. /etc/app.properties) with the paths your application should use. Another way is to define a Tomcat-parameter during JVM-startup that will contain the path to your data-directory. As this might not survive the next update of Tomcat itself I don't like this kind of configuration but some applications and classes are working this way. My goal is to find a consistent way of creating persistent data relative to the context. I dont want to have to configure context parameters with data directory paths for each installation. untested idea: If you have no control over the filesystem of the target Tomcat you could create a mini-application named data.war that you are deploying. Of course there is always the danger of accidentally erasing the data by re-deploying this pseudo-application. And you will have to find a way by valves, etc. to preserve this path from being accessed by web-clients. Maybe it is enough if you leave out the context-entry. Gruss, Tobias. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
Ugh... tabs said it all. I didn't take into consideration about them. On Mon, Oct 12, 2009 at 11:41 AM, Andre-John Mas aj...@sympatico.ca wrote: On 12-Oct-2009, at 11:24, Josh Gooding wrote: Well upon clicking logout the following occurs: session.removeAttribute(User); session.invalidate(); response.sendRedirect(EULA.jsp); If I close the browser window, and reopen it without clicking the logout button, I can still get back into my active session. How would I invalidate the session upon closing the browser window? What browser are you using, and how are you reopening the window? If you exit your browser the session should be invalidated, though: - Firefox maintains its state if you make it remember the open tabs/windows - IE will open a separate application instance only if it is launched via the desktop icon. Selecting 'New Window' form the file menu will simply create a new window in the same instance. André - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Questions on Single Sign On?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 10/12/2009 11:03 AM, André Warnier wrote: [servlet-filter mechanisms] consist of wrapping all your to-be-protected webapps in a servlet filter, which authenticates each request before it even gets to your webapp. Servlet filters are defined at the Servlet Spec level, so are portable. To the webapp, it is transparent. It just finds an authenticated user whenever it runs. The filter itself determines what kind of authentication happens, using which back-end etc.. Here are two examples : http://securityfilter.sourceforge.net/ http://www.ioplex.com Another one is ACEGI (or Spring Security) which, I believe, includes SSO capabilities (which securityfilter does not): http://www.acegisecurity.org/ - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTW7wACgkQ9CaO5/Lv0PCkMgCfdoxVvuoHVQd82NccfaXbOf7+ My8An3lElTBRv1z/fO7adtzSee47dcKs =8KJ8 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory being caused by notFoundResources in org.apache.catalina.loader.WebappClassLoader
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 10/12/2009 12:03 PM, David Cassidy wrote: org.apache.catalina.loader.WebappClassLoader records every resource you asked for that doesn't exist. On our site we have alot of pages ( 800,000 ) all of which are using struts2 with validation. every hit means the validator does a request for a resource actionName-validation.xml Ouch. I can't see any obvious way to disable the file-based validation configuration. You'd have to ask the struts folks about that. You could try setting cachingAllowed=false in your Context element in context.xml. This page documents that attribute to disable caching of static resources: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html You could also play with the cacheTTL setting, too. It's possible that the caching you are disabling is merely the contents of the files that /are/ found. I haven't looked at the code, though. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTXl0ACgkQ9CaO5/Lv0PDfYwCeMp/92uTjLKcMLF6Biku7L91k ip0An1n4+SHQmDPEdoZAVPL4sceelyf0 =6LS+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Persistent Storage for Webapps
Tobias Crefeld wrote: Am Mon, 12 Oct 2009 13:01:44 +0200 schrieb Jesse Long j...@unknown.za.net: In my webapp I need persistent storage. I am building my webapp as a .war file, and copying it into $CATALINE_HOME/webapps/ Tomcat extracts $CATALINA_HOME/webapps/app.war to $CATALINA_HOME/webapps/app/ The war file contains an empty directory /WEB-INF/data . During operations, data files are created under /WEB-INF/data/ WEB-INF should contain only static files which shouldn't be accessible by Webclients (directly), e.g. by /app/data/filename . So it seems to be a bad place Question: id /WEB-INF/ in the extracted directory the correct place for persistent data storage? If not, where is? AFAIK there is no general advise where to put dynamic, persistent data. As system administrator I prefer solutions that give me the opportunity to decide myself where to put dynamic data. There are a lot of reasons for this: securing against disk space overflow, backup, priviledge separation, etc. Following this way you might create a properties-file outside the Tomcat-hierarchy at a sensible place (e.g. /etc/app.properties) with the paths your application should use. Another way is to define a Tomcat-parameter during JVM-startup that will contain the path to your data-directory. As this might not survive the next update of Tomcat itself I don't like this kind of configuration but some applications and classes are working this way. My goal is to find a consistent way of creating persistent data relative to the context. I dont want to have to configure context parameters with data directory paths for each installation. untested idea: If you have no control over the filesystem of the target Tomcat you could create a mini-application named data.war that you are deploying. Of course there is always the danger of accidentally erasing the data by re-deploying this pseudo-application. And you will have to find a way by valves, etc. to preserve this path from being accessed by web-clients. Maybe it is enough if you leave out the context-entry. Thanks for your answers Tobias. Unfortunately we have a very real use case for multiple instances on one host, with different data paths. So, /etc/app.properties is not usable, but /etc/app-context path derived data.properties might be but virtual hosting would break. No way to identify unique host consistently. Also, I could use a path name derived from the temp directory name, but nothing says the temp directory name will be consistent. For now I will reluctantly use context parameters. Thanks, Jesse - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Simple APR install question...
From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Simple APR install question... I want to setup APR for Tomcat 6.0.20 under windows. So do I put the all the dlls What do you mean by all the dlls? The only one I'm aware of is tcnative-1.dll, and it's normally placed in Tomcat's bin directory. Make sure you get the 32- or 64-bit version, as appropriate for the JVM you're running, and make sure it's level 1.1.16. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory being caused by notFoundResources in org.apache.catalina.loader.WebappClassLoader
David Cassidy wrote: Guys Tomcat 6.0.20, java 1.6, linux x64 org.apache.catalina.loader.WebappClassLoader records every resource you asked for that doesn't exist. On our site we have alot of pages ( 800,000 ) all of which are using struts2 with validation. every hit means the validator does a request for a resource actionName-validation.xml This then gets cached in the WebappClassLoader about line 249 /** * The list of not found resources. */ protected HashMap notFoundResources = new HashMap(); Can this be made into a weak hash map perchance ? Please create a bugzilla entry for this so it doesn't get lost. Cheers, Mark or something so that it won't invoke a out of memory. I'm also looking at removing the validator from those urls if anyone knows how to tell the validation interceptor that we don't use the xml files and ONLY use annotations then that would be great :) Ta D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Simple APR install question...
I note that the README says that 1.1.12 is the current stable version. Is there a compelling reason to go for 1.1.16? Hmm, that said the repository I looked at only had up to 1.1.14. - Darryl From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, October 12, 2009 7:03:17 PM Subject: RE: Simple APR install question... From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Simple APR install question... I want to setup APR for Tomcat 6.0.20 under windows. So do I put the all the dlls What do you mean by all the dlls? The only one I'm aware of is tcnative-1.dll, and it's normally placed in Tomcat's bin directory. Make sure you get the 32- or 64-bit version, as appropriate for the JVM you're running, and make sure it's level 1.1.16. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Simple APR install question...
Hi Darryl, Yes the latest one is 1.1.16. I went back to the web site and it says: The Apache Tomcat team is proud to announce the immediate availability of Tomcat Native 1.1.16 Stable. The url I found this at is: http://tomcat.apache.org/native-doc/ This was in Nov 2008 that version was released as being stable. So I guess I am confused why the web site says one thang and the readme another. Also, there was no link on the Tomcat site to 1.1.16 of the APR binarys or source for that matter. Thanks for the response. -Tony --- On Mon, 10/12/09, Darryl Pentz djpe...@yahoo.com wrote: From: Darryl Pentz djpe...@yahoo.com Subject: Re: Simple APR install question... To: Tomcat Users List users@tomcat.apache.org Date: Monday, October 12, 2009, 11:07 AM I note that the README says that 1.1.12 is the current stable version. Is there a compelling reason to go for 1.1.16? Hmm, that said the repository I looked at only had up to 1.1.14. - Darryl From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, October 12, 2009 7:03:17 PM Subject: RE: Simple APR install question... From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Simple APR install question... I want to setup APR for Tomcat 6.0.20 under windows. So do I put the all the dlls What do you mean by all the dlls? The only one I'm aware of is tcnative-1.dll, and it's normally placed in Tomcat's bin directory. Make sure you get the 32- or 64-bit version, as appropriate for the JVM you're running, and make sure it's level 1.1.16. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Simple APR install question...
Darryl Pentz wrote: I note that the README says that 1.1.12 is the current stable version. It is out of date. Is there a compelling reason to go for 1.1.16? Yes. A number of important bug fixes. Hmm, that said the repository I looked at only had up to 1.1.14. Looks like you are looking at the old repo. Follow the links from the main Tomcat web pages. Mark - Darryl From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, October 12, 2009 7:03:17 PM Subject: RE: Simple APR install question... From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Simple APR install question... I want to setup APR for Tomcat 6.0.20 under windows. So do I put the all the dlls What do you mean by all the dlls? The only one I'm aware of is tcnative-1.dll, and it's normally placed in Tomcat's bin directory. Make sure you get the 32- or 64-bit version, as appropriate for the JVM you're running, and make sure it's level 1.1.16. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Simple APR install question...
Thanks Chuck for the help. There were no install instructions so not sure it they were supposed to be in the bin. The other dlls seem to be for ipv6 and ipv4. If you look at this link for win32 binaries you will see why I wrote what I did. http://tomcat.heanet.ie/native/1.1.14/binaries/win32/ So since there I could not find install instructions is there any changes to the server.xml or elsewhere to for this? Thanks, -Tony --- On Mon, 10/12/09, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Caldarale, Charles R chuck.caldar...@unisys.com Subject: RE: Simple APR install question... To: Tomcat Users List users@tomcat.apache.org Date: Monday, October 12, 2009, 11:03 AM From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Simple APR install question... I want to setup APR for Tomcat 6.0.20 under windows. So do I put the all the dlls What do you mean by all the dlls? The only one I'm aware of is tcnative-1.dll, and it's normally placed in Tomcat's bin directory. Make sure you get the 32- or 64-bit version, as appropriate for the JVM you're running, and make sure it's level 1.1.16. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Simple APR install question...
Tony Anecito wrote: Hi Darryl, Yes the latest one is 1.1.16. I went back to the web site and it says: The Apache Tomcat team is proud to announce the immediate availability of Tomcat Native 1.1.16 Stable. The url I found this at is: http://tomcat.apache.org/native-doc/ This was in Nov 2008 that version was released as being stable. So I guess I am confused why the web site says one thang and the readme another. Also, there was no link on the Tomcat site to 1.1.16 of the APR binarys or source for that matter. APR == native and is usually referred to in the docs as the APR/Native connector. http://tomcat.apache.org/ Link LHS Tomcat Native - http://tomcat.apache.org/download-native.cgi Mark Thanks for the response. -Tony --- On Mon, 10/12/09, Darryl Pentz djpe...@yahoo.com wrote: From: Darryl Pentz djpe...@yahoo.com Subject: Re: Simple APR install question... To: Tomcat Users List users@tomcat.apache.org Date: Monday, October 12, 2009, 11:07 AM I note that the README says that 1.1.12 is the current stable version. Is there a compelling reason to go for 1.1.16? Hmm, that said the repository I looked at only had up to 1.1.14. - Darryl From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, October 12, 2009 7:03:17 PM Subject: RE: Simple APR install question... From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Simple APR install question... I want to setup APR for Tomcat 6.0.20 under windows. So do I put the all the dlls What do you mean by all the dlls? The only one I'm aware of is tcnative-1.dll, and it's normally placed in Tomcat's bin directory. Make sure you get the 32- or 64-bit version, as appropriate for the JVM you're running, and make sure it's level 1.1.16. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Simple APR install question...
From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: RE: Simple APR install question... The other dlls seem to be for ipv6 and ipv4. If you look at this link for win32 binaries you will see why I wrote what I did. http://tomcat.heanet.ie/native/1.1.14/binaries/win32/ That's an old, old link that should be removed. Use the current one: http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/ Or from the download link on the Tomcat Native page, which auto-selects a mirror: http://tomcat.apache.org/download-native.cgi - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Simple APR install question...
Hi Darryl, Okay I think I figured out what is going on. 1.1.16 I think is Tomcat Native and not the APR I mentioned. The 1.1.12 has only the one DLL that Chuck mentioned and the 1.1.14 has several. If I use the one dll from 1.1.12 I should be okay. The APR web site page does not mention which release is the stable one. So the last question is do I have to modify any of the Tomcat config files to support simple APR (no sso or ssl)? Or just by copying the dll from 1.1.12 to the bin directory and restarting Tomcat cause the faster APR to be used by default? Many Thanks, -Tony --- On Mon, 10/12/09, Tony Anecito adanec...@yahoo.com wrote: From: Tony Anecito adanec...@yahoo.com Subject: Re: Simple APR install question... To: Tomcat Users List users@tomcat.apache.org, Darryl Pentz djpe...@yahoo.com Date: Monday, October 12, 2009, 11:15 AM Hi Darryl, Yes the latest one is 1.1.16. I went back to the web site and it says: The Apache Tomcat team is proud to announce the immediate availability of Tomcat Native 1.1.16 Stable. The url I found this at is: http://tomcat.apache.org/native-doc/ This was in Nov 2008 that version was released as being stable. So I guess I am confused why the web site says one thang and the readme another. Also, there was no link on the Tomcat site to 1.1.16 of the APR binarys or source for that matter. Thanks for the response. -Tony --- On Mon, 10/12/09, Darryl Pentz djpe...@yahoo.com wrote: From: Darryl Pentz djpe...@yahoo.com Subject: Re: Simple APR install question... To: Tomcat Users List users@tomcat.apache.org Date: Monday, October 12, 2009, 11:07 AM I note that the README says that 1.1.12 is the current stable version. Is there a compelling reason to go for 1.1.16? Hmm, that said the repository I looked at only had up to 1.1.14. - Darryl From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, October 12, 2009 7:03:17 PM Subject: RE: Simple APR install question... From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Simple APR install question... I want to setup APR for Tomcat 6.0.20 under windows. So do I put the all the dlls What do you mean by all the dlls? The only one I'm aware of is tcnative-1.dll, and it's normally placed in Tomcat's bin directory. Make sure you get the 32- or 64-bit version, as appropriate for the JVM you're running, and make sure it's level 1.1.16. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Simple APR install question...
From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Re: Simple APR install question... This was in Nov 2008 that version was released as being stable. So I guess I am confused why the web site says one thang and the readme another. Exactly what README are you referring to? Also, there was no link on the Tomcat site to 1.1.16 of the APR binarys or source for that matter. ??? Look again - use the Tomcat Native link under the Download section. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Simple APR install question...
Many Thanks guys. That clears up the last email I sent a bit more. I was goign to use the older 1.1.12 till I read this. So just add to the bin dir restart and I Tomcat by default will be using this APR? In the server or boot log I should see a reference to the APR loaded and being used? Many Thanks you guys are awesome! -Tony --- On Mon, 10/12/09, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Caldarale, Charles R chuck.caldar...@unisys.com Subject: RE: Simple APR install question... To: Tomcat Users List users@tomcat.apache.org Date: Monday, October 12, 2009, 11:26 AM From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: RE: Simple APR install question... The other dlls seem to be for ipv6 and ipv4. If you look at this link for win32 binaries you will see why I wrote what I did. http://tomcat.heanet.ie/native/1.1.14/binaries/win32/ That's an old, old link that should be removed. Use the current one: http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/ Or from the download link on the Tomcat Native page, which auto-selects a mirror: http://tomcat.apache.org/download-native.cgi - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Simple APR install question...
From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Re: Simple APR install question... Okay I think I figured out what is going on. 1.1.16 I think is Tomcat Native and not the APR I mentioned. APR = Tomcat Native. If I use the one dll from 1.1.12 I should be okay. Don't use 1.1.12; use 1.1.16, from one of the locations previously given (not the one in Ireland). So the last question is do I have to modify any of the Tomcat config files to support simple APR (no sso or ssl)? If you have not previously commented out the APR listener in server.xml, just put the .dll in the bin directory. Otherwise, uncomment the listener first. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Simple APR install question...
I must confess to not having really paid much attention to the APR listener. Do you recommend always using this when running on Windows or are there only certain conditions under which to use APR? thanks, Darryl From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, October 12, 2009 7:32:04 PM Subject: RE: Simple APR install question... From: Tony Anecito [mailto:adanec...@yahoo.com] Subject: Re: Simple APR install question... Okay I think I figured out what is going on. 1.1.16 I think is Tomcat Native and not the APR I mentioned. APR = Tomcat Native. If I use the one dll from 1.1.12 I should be okay. Don't use 1.1.12; use 1.1.16, from one of the locations previously given (not the one in Ireland). So the last question is do I have to modify any of the Tomcat config files to support simple APR (no sso or ssl)? If you have not previously commented out the APR listener in server.xml, just put the .dll in the bin directory. Otherwise, uncomment the listener first. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Simple APR install question...
From: Darryl Pentz [mailto:djpe...@yahoo.com] Subject: Re: Simple APR install question... I must confess to not having really paid much attention to the APR listener. Do you recommend always using this when running on Windows or are there only certain conditions under which to use APR? There's no clear-cut answer. Check the comparison of the various flavors, and see which one best fits your needs: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#Connector%20Comparison If you are using SSL, *and* want the maximum possible throughput, then the OpenSSL component of APR is much faster than the pure Java equivalent. However, the SSL configuration is completely different, and APR has to be built for each platform you run on. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Simple APR install question...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Darryl, On 10/12/2009 1:38 PM, Darryl Pentz wrote: I must confess to not having really paid much attention to the APR listener. Do you recommend always using this when running on Windows or are there only certain conditions under which to use APR? You will see a notice performance increase if you use APR + SSL with Tomcat. APR also allows the use of an optimized sendFile capability on certain Connectors which is also measurable. This is true of APR use on Microsoft Windows or really any other OS: it's not true that APR is specifically useful on Microsoft Windows. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTbNkACgkQ9CaO5/Lv0PBhSACdH17J7w8L1P/D/YJfxPvOJwvo e3cAn1uO61NI7K66+MpwgTBI+tlICskx =wT8R -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Thanks For All The Help!!
Thanks to Chuck and all the rest. As I mentioned in a previous email(s) I was trying to update some performance Testing I started a few years ago where I got to a point where I was seeing 3-4msec. My architecture till last night was Apache web server and JBoss 5.1.0GA. Based on some this groups recommendations I ended up taking an interesting ride but am almost done. I thought you all might find this educational: 1. Disable Apache Web Server and use Tomcat http connector 2. Because of using php and Tomcat does not support it had to change all php to html. 3. Found out port 80 issues with internal Tomcat of JBoss and maybe router/OS. Setup Tomcat external to JBoss and rewrote web service to use jndi to get to EJB's on JBoss 5.1.0GA. Configured Tomcat to use port 80. 4. Moved dir for jnlp jars under ROOT since did not know how to configure Tomcat to point to dir outside of ROOT.war. 5. Reran perf tests last night and almost inside of 2msec response time after steps 1-4. Now is 3-4msec was 4-5 with JBoss/Internal Tomcat. Did some jvm tuning and need to do some more. Web Service measures 20 microseconds at exposed web service method inside of Tomcat. Next step is to install APR and rerun tests and maybe do some more tuning jvm and maybe elsewhere for Tomcat. Goal is to see if I can get down to 1msec or less as measured at Java client and/or using profiler to measure at Tomcat server. Again thanks for all the help! I wanted to lighten up my architecture and now can do 3 tier or 2 and maybe eliminate JBoss altogether some day to have 1 tier (not including database). -Tony - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Persistent Storage for Webapps
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jesse, On 10/12/2009 12:57 PM, Jesse Long wrote: Unfortunately we have a very real use case for multiple instances on one host, with different data paths. So, /etc/app.properties is not usable, but /etc/app-context path derived data.properties might be but virtual hosting would break. No way to identify unique host consistently. I think that the previous suggestion of using JNDI to resolve either the path to a configuration file, or simply to determine the configuration itself (that is, have config values directly available through JNDI) is probably the right way to go: they can be specified by the server administrator, are context-specific, and do not require the developer to worry about them at all (except to read their values and act accordingly). Also, I could use a path name derived from the temp directory name, but nothing says the temp directory name will be consistent. For now I will reluctantly use context parameters. Forget about the temp directory: the servlet spec is basically preventing that from being useful to you. Also, as someone pointed out, 'temporary' and 'persistent' are usually regarded as antonyms. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTbZkACgkQ9CaO5/Lv0PD9LwCfXjMj4Gg9pq3lZRkBpu2gHAfu IZ4An0pV3erpLLiLaKDer+yb7muMwOc3 =T9JR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Thanks For All The Help!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tony, On 10/12/2009 1:52 PM, Tony Anecito wrote: Next step is to install APR and rerun tests and maybe do some more tuning jvm and maybe elsewhere for Tomcat. I doubt you'll see any performance increase when adding APR to the mix (no SSL, right?), but I don't believe it will hurt. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTbkwACgkQ9CaO5/Lv0PCxAQCdFKADCIgbsJNyqr7MbGgqmxsC YPMAoIzBb9TZPQEhkz1cheYrKy3dKeGf =2RwG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Thanks For All The Help!!
Hi Chris, Yes you are correct no SSL. I thought I would give APR a try since it was recommended in general to use it for http. As you say it could not hurt. Best Regards, -Tony --- On Mon, 10/12/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: Thanks For All The Help!! To: Tomcat Users List users@tomcat.apache.org Date: Monday, October 12, 2009, 11:58 AM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tony, On 10/12/2009 1:52 PM, Tony Anecito wrote: Next step is to install APR and rerun tests and maybe do some more tuning jvm and maybe elsewhere for Tomcat. I doubt you'll see any performance increase when adding APR to the mix (no SSL, right?), but I don't believe it will hurt. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTbkwACgkQ9CaO5/Lv0PCxAQCdFKADCIgbsJNyqr7MbGgqmxsC YPMAoIzBb9TZPQEhkz1cheYrKy3dKeGf =2RwG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: poor-man's plugins: loading a subclass of a Web application class from common/lib
I want to release my webapp first, then allow plugin authors to write and load plugins at their leisure. Have you looked at the ServiceLoader API? No, I hadn't, but I just tried it out. Cool! I like that it hides guts like Class.forName(). Thanks! However, it doesn't get around the issues I'm facing trying to allow folks to easily write plugins for my webapp. If the implementing class (in say impl.jar) is in myapp/WEB-INF/lib But myapp/WEB-INF/lib is the exploded WAR dir, right? Folks generally deploy our webapp on their own systems, so this means they'd have to start up our app (Tomcat explodes the war), stop, copy impl.jar into myapp/WEB-INF/lib, re-start. And can we count on Tomcat never blowing away the exploded WAR dir? Another option to get myapp/WEB-INF/lib is to include impl.jar (and impl2.jar, impl3.jar) in our WAR, but we'd like to allow folks deploying our webapp to write plugins, load, and unload them at their leisure. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: logged-SEVERE: Caught exception (java.lang.NullPointerException)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Renuka, On 10/12/2009 1:45 AM, Renuka Slalagi wrote: I am running tomcat jakarta-tomcat-4.1.31 on Solaris.As my server gets down I get the below errors logged in catalina. Tomcat 4.x is no longer supported, so you should upgrade to a more recent version (they're on 6.0 these days). org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run SEVERE: Caught exception (java.lang.NullPointerException) executing org.apache.jk.common.socketconnect...@1cb0cb7, terminating thread Oct 10, 2009 9:27:13 PM org.apache.jk.common.MsgAjp processHeader SEVERE: BAD packet signature 200 00 c8 00 00 | .?.. Hmm... Oct 10, 2009 9:27:13 PM org.apache.jk.common.MsgAjp processHeader SEVERE: BAD packet signature 18245 47 45 54 20 00 00 00 00 00 00 00 00 00 00 00 00 | GET This looks like you have an AJP (or JK) connector configured on a port, but you're trying to speak HTTP to it. Please post your server.xml configuration for all enabled Connector elements, and provide an example URL that will cause this error to occur. I suspect you have inadvertently configured an AJP connector on port 80 (or 8080, or whatever you expected to be an HTTP connector). These log lines appear to be from a subsequent Tomcat startup: org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Starting service Tomcat-Standalone Apache Tomcat/4.1.31 Oct 11, 2009 4:20:04 PM The HTTP connector appears to be running on port 8080. org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Oct 11, 2009 4:20:18 PM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Oct 11, 2009 4:20:18 PM org.apache.jk.server.JkMain start The AJP connector appears to be running on port 8009. Are you running Tomcat behind Apache httpd or some other web server? If so, it's possible that you are trying to access port 8009 directly using HTTP protocol instead of AJP. INFO: Jk running ID=0 time=1/52 config=/appl/apache/jakarta-tomcat-4.1.31/conf/jk2.properties Yikes! You should get rid of jk2. mod_jk has incorporated everything useful from the attempt at jk2 and jk2 is a completely dead project. You should post the configuration from /appl/apache/jakarta-tomcat-4.1.31/conf/jk2.properties as well. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTcL8ACgkQ9CaO5/Lv0PD/qgCgkCX6yHCns41J3qHjk1IrU7BA T7QAn2e6eYmS4QE8ZKIjJGHYh2iNfrjb =woZ+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Persistent Storage for Webapps
So you have multiple contexts on a host, each of which needs separate, persistent storage? If you don't want to keep track of a property files, you could write a bean with a method that takes a HttpRequest as a argument, and returns a file path based on the info in the request. You would have to dedicate a directory on your server as the root for the persistence system. Then build subdirectories based on info available in the request object. I could go on if you want, but basically I'm trying to say there is more than enough info in each HttpRequest to allow you build a flexible, scalable persistence system without having to resort to .properties files which you'll then have to squirrel away somewhere and remember to update each time you change your Context name, etc. Just look at the javadocs for HttpRequest. See especially getContextPath() and getLocalName(). On Mon, Oct 12, 2009 at 12:57 PM, Jesse Long j...@unknown.za.net wrote: Tobias Crefeld wrote: Am Mon, 12 Oct 2009 13:01:44 +0200 schrieb Jesse Long j...@unknown.za.net: In my webapp I need persistent storage. I am building my webapp as a .war file, and copying it into $CATALINE_HOME/webapps/ Tomcat extracts $CATALINA_HOME/webapps/app.war to $CATALINA_HOME/webapps/app/ The war file contains an empty directory /WEB-INF/data . During operations, data files are created under /WEB-INF/data/ WEB-INF should contain only static files which shouldn't be accessible by Webclients (directly), e.g. by /app/data/filename . So it seems to be a bad place Question: id /WEB-INF/ in the extracted directory the correct place for persistent data storage? If not, where is? AFAIK there is no general advise where to put dynamic, persistent data. As system administrator I prefer solutions that give me the opportunity to decide myself where to put dynamic data. There are a lot of reasons for this: securing against disk space overflow, backup, priviledge separation, etc. Following this way you might create a properties-file outside the Tomcat-hierarchy at a sensible place (e.g. /etc/app.properties) with the paths your application should use. Another way is to define a Tomcat-parameter during JVM-startup that will contain the path to your data-directory. As this might not survive the next update of Tomcat itself I don't like this kind of configuration but some applications and classes are working this way. My goal is to find a consistent way of creating persistent data relative to the context. I dont want to have to configure context parameters with data directory paths for each installation. untested idea: If you have no control over the filesystem of the target Tomcat you could create a mini-application named data.war that you are deploying. Of course there is always the danger of accidentally erasing the data by re-deploying this pseudo-application. And you will have to find a way by valves, etc. to preserve this path from being accessed by web-clients. Maybe it is enough if you leave out the context-entry. Thanks for your answers Tobias. Unfortunately we have a very real use case for multiple instances on one host, with different data paths. So, /etc/app.properties is not usable, but /etc/app-context path derived data.properties might be but virtual hosting would break. No way to identify unique host consistently. Also, I could use a path name derived from the temp directory name, but nothing says the temp directory name will be consistent. For now I will reluctantly use context parameters. Thanks, Jesse - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Thanks For All The Help!!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tony, On 10/12/2009 2:01 PM, Tony Anecito wrote: Yes you are correct no SSL. I thought I would give APR a try since it was recommended in general to use it for http. As you say it could not hurt. The only thing it might hurt is simplicity: another component means something else to configure, deploy, keep up-to-date, and, potentially, debug if something goes wrong. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTcUgACgkQ9CaO5/Lv0PCDIwCfTj12fwVfXmsoB82bgshEJaUD sKgAoJ8lztV1Pi4ySZyGwFzH5wNzE+zf =EV2D -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: poor-man's plugins: loading a subclass of a Web application class from common/lib
Do you have some kind of container-provided service that will be included? I'm not sure I understand the question, but I think the answer is no. Tomcat provides the servlet container, and it doesn't include much besides an implementation of the servlet API, right? If not, why not simply include the JAR file containing your interfaces directly in each webapp that uses it? The interfaces are intended to be used only by plugins that can be added and removed from the webapp while it is shut down, not by other webapps. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: poor-man's plugins: loading a subclass of a Web application class from common/lib
On 12/10/2009 19:06, Adam Monsen wrote: I want to release my webapp first, then allow plugin authors to write and load plugins at their leisure. Have you looked at the ServiceLoader API? No, I hadn't, but I just tried it out. Cool! I like that it hides guts like Class.forName(). Thanks! However, it doesn't get around the issues I'm facing trying to allow folks to easily write plugins for my webapp. No it doesn't, but then you're trying to do something that the spec to which Tomcat conforms, doesn't support. If the implementing class (in say impl.jar) is in myapp/WEB-INF/lib But myapp/WEB-INF/lib is the exploded WAR dir, right? Folks generally deploy our webapp on their own systems, so this means they'd have to start up our app (Tomcat explodes the war), stop, copy impl.jar into myapp/WEB-INF/lib, re-start. Yes, exactly. And can we count on Tomcat never blowing away the exploded WAR dir? No, you can't. Another option to get myapp/WEB-INF/lib is to include impl.jar (and impl2.jar, impl3.jar) in our WAR, but we'd like to allow folks deploying our webapp to write plugins, load, and unload them at their leisure. Leisure? Meaning 'very frequently' or 'very infrequently'. Don't forget, you can't just add classes to a web application and expect them to work. The web app will need to be restarted. If they're adding them infrequently, what's the problem with a quick restart? I could speculate that it might be possible to create some kind of dynamic ClassLoader, but you'd have to look elsewhere for advice on how to do so. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Thanks For All The Help!!
Hi Chris, I understand but the tactical goal is improved performance. If it does not help it is easy to undo. Thanks again, -Tony --- On Mon, 10/12/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: Thanks For All The Help!! To: Tomcat Users List users@tomcat.apache.org Date: Monday, October 12, 2009, 12:11 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tony, On 10/12/2009 2:01 PM, Tony Anecito wrote: Yes you are correct no SSL. I thought I would give APR a try since it was recommended in general to use it for http. As you say it could not hurt. The only thing it might hurt is simplicity: another component means something else to configure, deploy, keep up-to-date, and, potentially, debug if something goes wrong. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTcUgACgkQ9CaO5/Lv0PCDIwCfTj12fwVfXmsoB82bgshEJaUD sKgAoJ8lztV1Pi4ySZyGwFzH5wNzE+zf =EV2D -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: poor-man's plugins: loading a subclass of a Web application class from common/lib
On 12/10/2009 19:28, Adam Monsen wrote: The interfaces are intended to be used only by plugins that can be added and removed from the webapp while it is shut down, Well as long as the user can explode the webapp, they just have to add files to the webapp /lib and you're in business. Much easier than writing extra code. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: poor-man's plugins: loading a subclass of a Web application class from common/lib
Well as long as the user can explode the webapp, they just have to add files to the webapp /lib and you're in business. Yes, this sounds like it should work for now, and I can look at writing a custom classloader or (gasp) OSGi if I need a more complex plugin system. Thanks, all. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Persistent Storage for Webapps
So you have multiple contexts on a host, each of which needs separate, persistent storage? If you don't want to keep track of a property files, you could write a bean with a method that takes a HttpRequest as a argument, and returns a file path based on the info in the request. You would have to dedicate a directory on your server as the root for the persistence system. Then build subdirectories based on info available in the request object. I could go on if you want, but basically I'm trying to say there is more than enough info in each HttpRequest to allow you build a flexible, scalable persistence system without having to resort to .properties files which you'll then have to squirrel away somewhere and remember to update each time you change your Context name, etc. Just look at the javadocs for HttpRequest. See especially getContextPath() and getLocalName(). Yes, these are good points about managing persistent data. The OP's original issue with updating his WAR and deleting the data directory - followed by trying to use temporary points out a misconception about persistence that system administrators live to solve. Persistent data has no business being in the webapps. Webapps need to find the correct data. The system admin needs to backup the data and perhaps restore it. If Tomcat server A dies then does the service need to reappear on Tomcat server B where is the data? This suggests that you should have your data on a network mount point. What if your webapps is insanely sucessful and you need to put your server in the cloud? Where are you going to find your user's data? Did you hear what happened to T-Mobile and the Sidekick - they just lost most every client's contacts stored in their cloud If you are stubborn and I've been myself with virtual host config on the Tomcat 3.3 model, you will later spend dear effort programming yourself out of the box. In my case we are nearly ready to go to Tomcat 6 and a single Webapps completely in a single WAR able to run multiple hosts (not SSL). Network storage and file-locking are required, you can never assume you are the only one touching a file. But now we are off topic, managing persistent data can take numerous forms - see Apache Lucene, Hadoop, CouchDB, ... and then there are the SQL... Regards, Dave On Mon, Oct 12, 2009 at 12:57 PM, Jesse Long j...@unknown.za.net wrote: Tobias Crefeld wrote: Am Mon, 12 Oct 2009 13:01:44 +0200 schrieb Jesse Long j...@unknown.za.net: In my webapp I need persistent storage. I am building my webapp as a .war file, and copying it into $CATALINE_HOME/webapps/ Tomcat extracts $CATALINA_HOME/webapps/app.war to $CATALINA_HOME/webapps/app/ The war file contains an empty directory /WEB-INF/data . During operations, data files are created under /WEB-INF/data/ WEB-INF should contain only static files which shouldn't be accessible by Webclients (directly), e.g. by /app/data/filename . So it seems to be a bad place Question: id /WEB-INF/ in the extracted directory the correct place for persistent data storage? If not, where is? AFAIK there is no general advise where to put dynamic, persistent data. As system administrator I prefer solutions that give me the opportunity to decide myself where to put dynamic data. There are a lot of reasons for this: securing against disk space overflow, backup, priviledge separation, etc. Following this way you might create a properties-file outside the Tomcat-hierarchy at a sensible place (e.g. /etc/app.properties) with the paths your application should use. Another way is to define a Tomcat-parameter during JVM-startup that will contain the path to your data-directory. As this might not survive the next update of Tomcat itself I don't like this kind of configuration but some applications and classes are working this way. My goal is to find a consistent way of creating persistent data relative to the context. I dont want to have to configure context parameters with data directory paths for each installation. untested idea: If you have no control over the filesystem of the target Tomcat you could create a mini-application named data.war that you are deploying. Of course there is always the danger of accidentally erasing the data by re-deploying this pseudo-application. And you will have to find a way by valves, etc. to preserve this path from being accessed by web-clients. Maybe it is enough if you leave out the context-entry. Thanks for your answers Tobias. Unfortunately we have a very real use case for multiple instances on one host, with different data paths. So, /etc/app.properties is not usable, but /etc/app-context path derived data.properties might be but virtual hosting would break. No way to identify unique host consistently. Also, I could use a path name derived from the temp directory name, but nothing says the temp directory name will be consistent.
Re: Are ClassLoader resources cached forever?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gary, On 9/14/2009 2:36 PM, garyh6 wrote: We are using Tomcat 5.5. Does the class org.apache.catalina.loader.WebappClassLoader cache resources found from the findResource() method (which is called when Java code calls getResource())? I looked at source code and it seems to suggest it does, but I want to make sure I was understanding it correctly? If it does cache resources, are there any concerns about the cache growing so large that OutOfMemory errors occur? Or is the cache flushed periodically based on some criteria such as size, last accessed, etc? Resurrecting an old thread: someone asked a new question today which reminded me of this one, so I thought I'd reply with a potential solution. If you set the cachingAllowed attribute on your Context element to false, will this meet your needs? I believe this will disable caching and therefore eliminate the memory concerns you have. Today's question was about using SoftReference objects for caching, to allow the GC to trigger a cache flush in the event of a memory demand. You may want to watch the list and/or Tomcat's bugzilla for activity regarding that request. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrToOoACgkQ9CaO5/Lv0PBXJgCff3vh/D+UMXVs7liyGpbvZalJ o0UAniCgVarOEkw+6EfKhK5QV6oyGNcC =gu8O -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory being caused by notFoundResources in org.apache.catalina.loader.WebappClassLoader
Chris Yes - ouch indeed ! Yes i'll try them as well - might have a look at the source as well see if there is anything to turn of teh file based validation I had a quick look at the caching and thats totally different sadly. No its definitely the things that are not found. When i get an out of memory the JVM will dump the heap. I've walked it (i know 1 gig...) and its really things that are not found. there are no files by those names so... Hey ho D On 12/10/09 17:50, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 10/12/2009 12:03 PM, David Cassidy wrote: org.apache.catalina.loader.WebappClassLoader records every resource you asked for that doesn't exist. On our site we have alot of pages ( 800,000 ) all of which are using struts2 with validation. every hit means the validator does a request for a resource actionName-validation.xml Ouch. I can't see any obvious way to disable the file-based validation configuration. You'd have to ask the struts folks about that. You could try setting cachingAllowed=false in yourContext element in context.xml. This page documents that attribute to disable caching of static resources: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html You could also play with the cacheTTL setting, too. It's possible that the caching you are disabling is merely the contents of the files that /are/ found. I haven't looked at the code, though. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrTXl0ACgkQ9CaO5/Lv0PDfYwCeMp/92uTjLKcMLF6Biku7L91k ip0An1n4+SHQmDPEdoZAVPL4sceelyf0 =6LS+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory being caused by notFoundResources in org.apache.catalina.loader.WebappClassLoader
Mark, Okies will do David On 12/10/09 18:05, Mark Thomas wrote: David Cassidy wrote: Guys Tomcat 6.0.20, java 1.6, linux x64 org.apache.catalina.loader.WebappClassLoader records every resource you asked for that doesn't exist. On our site we have alot of pages ( 800,000 ) all of which are using struts2 with validation. every hit means the validator does a request for a resource actionName-validation.xml This then gets cached in the WebappClassLoader about line 249 /** * The list of not found resources. */ protected HashMap notFoundResources = new HashMap(); Can this be made into a weak hash map perchance ? Please create a bugzilla entry for this so it doesn't get lost. Cheers, Mark or something so that it won't invoke a out of memory. I'm also looking at removing the validator from those urls if anyone knows how to tell the validation interceptor that we don't use the xml files and ONLY use annotations then that would be great :) Ta D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat hangs for minutes between ContextConfig and StandardContext (Starting the app)
Well, I guess I was wrong. The delay is still there. I installed a new copy of Tomcat and still have the same problem. I have the following context files: ${CATALINA_HOME}/conf/context.xml Which contains (comments removed): Context WatchedResourceWEB-INF/web.xml/WatchedResource Manager pathname= / /Context ${CATALINA_HOME}/conf/Catalina/localhost/Spc.xml Context antiJARLocking=true antiResourceLocking=true Manager pathname= / /Context I uncommented the Manager element because I don't want to persist sessions between startups. I am still getting the four minute delay. The tomcat log messages show (similar to before): 2009-10-12 18:06:13,973 DEBUG main org.apache.catalina.startup.ContextConfig - Successfully processed context [/Spc] configuration file E:\apache-tomcat-6.0.18\conf\Catalina\localhost\Spc.xml null 2009-10-12 18:10:12,987 DEBUG main org.apache.catalina.core.StandardContext - Starting /Spc I notice that the null is still being displayed, which, according to an earlier reply indicated the file has no recognizable content. Can you tell me what I'm doing wrong? Thank you for any help. -Original Message- From: Law, Christopher [mailto:chris@snapon.com] Sent: Saturday, October 10, 2009 10:02 AM To: Tomcat Users List Subject: RE: Tomcat hangs for minutes between ContextConfig and StandardContext (Starting the app) Yup, guess I missed the keyword Attributes in the doc. Anyway, I added the attributes and it has significantly improved the deploy and startup. There are minor delays as indicated in the Tomcat doc, but these are delays of seconds - much better than four minutes! Thank you! -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, October 09, 2009 8:40 PM To: Tomcat Users List Subject: RE: Tomcat hangs for minutes between ContextConfig and StandardContext (Starting the app) From: Law, Christopher [mailto:chris@snapon.com] Subject: RE: Tomcat hangs for minutes between ContextConfig and StandardContext (Starting the app) The Tomcat logs show: 2009-10-09 16:03:11,093 DEBUG main org.apache.catalina.startup.ContextConfig - Successfully processed context [/Spc] configuration file D:\apache-tomcat-6.0.18\conf\Catalina\localhost\Spc.xml null The null says your Spc.xml file had no recognizable content; looks like you have it formatted incorrectly. It should look like this: Context antiJARLocking=true antiResourceLocking=true / - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Multiple Domains on one Tomcat Server now MySQL not working
I'm not shure if this problem really relates to Tomcat but it happened after altering the tomcat configuration. I've two different domains for two differnt webapps. Therefore i search on the internet how to manage multiple domains on Tomcat. I found this resource: http://www.westsoftware.net/java/domains-on-tomcat.jsp. I modified the corrensponding configuration file in the following way: Extract server.xml: ... Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=mydomain.de debug=0 appBase=webapps/myapp2 unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=mydomain.de-log. suffix=.txt timestamp=true/ Aliaswww.mydomain.de/Alias /Host /Engine /Service /Server and i added the follwing ROOT.xml file in the folder $CATALINA_HOME/conf/Catalina/mydomain.de ROOT.xml: ?xml version='1.0' encoding='utf-8'? Context displayName=mydomain.de docBase= path= workDir=work/Catalina/mydomain.de/_ /Context Actually it works fine, i can now differentiate between the two webapps by the domain. But while the first webapp has no problems accessing the mysql database i do have problems with the second webapp for which i added the new configuration. The problem that i have now: I don't know what is happening here. I already checked the log files in the CATALINA_HOME/logs folder but i could not find anything. I also checked that the mysql connection for the second webapp works when invoking it by www.regulardomain.de/myapp2. Has anybody an idea what could cause this problem? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Are ClassLoader resources cached forever?
If you set the cachingAllowed attribute on your Context element to false, will this meet your needs? I believe this will disable caching and therefore eliminate the memory concerns you have. Thanks for the reply. Our situation was actually reversed. We are using Tomcat with a custom classloader that dynamically determines the jars to load at startup, but otherwise defers to Tomcat for class loading functionality. However, we found a bottleneck in our code where the ClassLoader was loading the same resource over and over again. We finally realized that Tomcat would not cache this resource when the jars were dynamically added instead of being present in web-inf. We have implemented our own caching but before doing so, wanted to find out about the Tomcat experience so we avoided any pitfalls that are already well-known. Also, I am not sure we are talking about the same resources here. We were concerned with the ClassLoader.getResource() method that loads resources into the JVM. I would imagine the Context element refers to resources serverd up by the web server, such as static HTML, JPGs, etc. -- View this message in context: http://www.nabble.com/Are-ClassLoader-resources-cached-forever--tp25440666p25864704.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Multiple Domains on one Tomcat Server now MySQL not working
From: Paul van Hoven [mailto:paul.van.ho...@googlemail.com] Subject: Multiple Domains on one Tomcat Server now MySQL not working I'm not shure if this problem really relates to Tomcat but it happened after altering the tomcat configuration. Care to give us a hint about version of Tomcat you're using? Configuration is different from level to level. Therefore i search on the internet how to manage multiple domains on Tomcat. Might be better to read the real documentation first: http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html http://tomcat.apache.org/tomcat-5.5-doc/virtual-hosting-howto.html I found this resource: http://www.westsoftware.net/java/domains-on-tomcat.jsp. It's unfortunate you found that, since it's chock full of errors. Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=mydomain.de debug=0 appBase=webapps/myapp2 The above is not good; the different appBase directories must be distinct, not one under another. unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=mydomain.de-log. suffix=.txt timestamp=true/ Logger elements have not been used in Tomcat for some years. Aliaswww.mydomain.de/Alias /Host /Engine /Service /Server and i added the follwing ROOT.xml file in the folder $CATALINA_HOME/conf/Catalina/mydomain.de ROOT.xml: ?xml version='1.0' encoding='utf-8'? Context displayName=mydomain.de docBase= path= workDir=work/Catalina/mydomain.de/_ /Context Both the docBase and path attributes have invalid values; luckily, neither one is allowed here, and they are hopefully being ignored. Actually it works fine, i can now differentiate between the two webapps by the domain. What two webapps? You have only shown us one Context element. But while the first webapp has no problems accessing the mysql database i do have problems with the second webapp for which i added the new configuration. What's the first webapp? What Resource elements have you defined, and where are they? You might want to post your complete server.xml and all Context elements. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat hangs for minutes between ContextConfig and StandardContext (Starting the app)
From: Law, Christopher [mailto:chris@snapon.com] Subject: RE: Tomcat hangs for minutes between ContextConfig and StandardContext (Starting the app) ${CATALINA_HOME}/conf/context.xml Which contains (comments removed): Context WatchedResourceWEB-INF/web.xml/WatchedResource Manager pathname= / /Context That looks o.k. ${CATALINA_HOME}/conf/Catalina/localhost/Spc.xml Context antiJARLocking=true antiResourceLocking=true Manager pathname= / /Context The additional Manager element isn't needed (but it won't hurt); the global one will suffice. 2009-10-12 18:06:13,973 DEBUG main org.apache.catalina.startup.ContextConfig - Successfully processed context [/Spc] configuration file E:\apache-tomcat-6.0.18\conf\Catalina\localhost\Spc.xml null I notice that the null is still being displayed, which, according to an earlier reply indicated the file has no recognizable content. Having now looked through the code, I think I was mistaken. Looks like there's a normal path that will produce that message even when a valid Context element is present. Can you tell me what I'm doing wrong? At this point, I'm reduced to guessing. By any chance, is there a case mismatch - is your webapp properly deployed in [appBase]/Spc.xml or perhaps incorrectly in [appBase]/spc.xml? Can you post your entire server.xml? (Grasping for straws here.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Getting out of memory using tomcat 6.0.20 but works fine in tomcat 5.5.28
Hi All, My application working fine in tomcat 5.5.28 and java version 1.5.0_19 while doing load balancing tests. But when I upgrade tomcat to version 6.0.20 getting out of memory soon. I looked at the heap dump using Eclipse memory analyzer below listed taking more memory. java.util.concurrent.ConcurrentHashMap$Segment 44.73 % (3,353 objects) ConcurrentHashMap$Segment contains the objects of java.util.concurrent.locks.ReentrantLock$NonfairSync and java.util.concurrent.ConcurrentHashMap$HashEnry[]. I am using 64 bin sun os (5.10 Generic_120012-14 i86pc i386 i86pc). Any bug in tomcat 6.0.20 version? Thanks, Kalpana -- View this message in context: http://www.nabble.com/Getting-out-of-memory-using-tomcat-6.0.20-but-works-fine-in-tomcat-5.5.28-tp25866219p25866219.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL/HTTPS forwarding under Apache + mod_jk + tomcat
Very userful information. Wondering if someone can help me out with similar query: My current set up: I got 1 apache and 2 tomcat servers (all on different machines). I already got SSL set up on individual Tomcat machines to work on port 8443. There is no SSL installed on Apache. I got mod_jk installed on apache to forward all HTTP requests to tomcat servers for load balancing. It works fine. I like to also forward all HTTPS requests to tomcat servers. Question: Do I must install certificate (SSL) on apache server? and remove from tomcat servers??? If possible: I prefer to leave SSL on tomcat servers, and just tell apache to forward all HTTPS to tomcats just like HTTP. My tomcat servers will handle the workload fine with https. Can it be done? and how? Thanks heaps, Tezza -- View this message in context: http://www.nabble.com/SSL-HTTPS-forwarding-under-Apache-%2B-mod_jk-%2B-tomcat-tp17817647p25866870.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
trouble with connector configured to receive from SSL accelerator
[quickie synopsis] A request arriving on a connector configured for scheme=https and with secure=true is generating absolute redirect urls with scheme=https and port = 80 (https://localhost:80/path.html) because incoming request was on 443 and didn't have an explicit port in the Host header. [/quickie synopsis] I have a the standard connector configured on port 8080. I'm using an ssl accelerator (stunnel, for the purposes of debugging this) to talk to a 2nd connector which is configured to listen on port 8090. I added secure=true and scheme=https to the Connector tag of the second connector, but it is otherwise identical. The accelerator is configured to listen on port 443 and talk to port 8090. The redirectPort of both connectors is set to 443. If I connect to a resource, via stunnel, the connection correctly tunnels through 443 to port 8090. Unfortunately, If the resource needs to construct a redirect URL, after logging in to my app for example, the Connector goes badly wrong. I've gone through the code in the debugger and it correctly gets a True response from request.isSecure(). Because the request is secure and the response must also be secure, it can construct a standard redirect url, so it calls response.sendResponse(/path.html). That method eventually needs to construct an absolute url, which is does via the toAbsolute() method of org.apache.catalina.connector.Response. That method uses request.getScheme(), to retrieve https (correct) and request.getServerName() to get the correct host name. It then calls request.getServerPort(), which incorrectly returns the value of 80. I assume it does this because there is no port specified in the Host header, since the request is arriving on the default https port of 443, and there is a bug which causes it to assume the default port is port 80, even though the connector is configured to be secure and use https scheme. The code which constructs the url always appends :port to the hostname unless the port matches the default port for the scheme, and since 80 != 443, it winds up constructing a redirect url of https://localhost:80/path.html. Needless to say, this is totally incorrect. There is nothing listening on port 80 at all. I could understand if the connector were to return a redirect url to its own listen port of 8090. I don't think it would be correct, but it would at least make some sense. But picking up port 80 when nothing is listening to port 80 and the request isn't an http request without a port has to be a bug (or at least a missing configuration option that doesn't seem to be in the documentation anywhere). What do I need to do to get the request to correctly return 443 as the port when a request arrives on the connector without any port in the url or Host header? My two connectors are configured as such: Connector compressableMimeType=text/html,text/xml,text/javascript,text/css,application/x-amf compression=on compressionMinSize=2048 connectionTimeout=2 enableLookups=false noCompressionUserAgents=gozilla, traviata port=8080 protocol=HTTP/1.1 redirectPort=443/ Connector compressableMimeType=text/html,text/xml,text/javascript,text/css,application/x-amf compression=on compressionMinSize=2048 connectionTimeout=2 enableLookups=false noCompressionUserAgents=gozilla, traviata port=8090 secure=true scheme=https protocol=HTTP/1.1 redirectPort=443/ [cringe]I'm not using 6.0.20 yet. This is 6.0.18, but I couldn't find any reference to a bug fix in 19 or 20. It is a big deal to go to a new server version, and I'd rather avoid the work if I can. I'll test on 6.0.20 as soon as I send this mail, but I am really hoping for a suggestion for how to fix this on 6.0.18[/cringe]
Tomcat hangs when cmd window fills up
Hi all This is possibly a little OT, but maybe someone has come across this. We are running Tomcat 5 (Actually Jetspeed-2.1.3) on a Windows 2K box. We start it from a cmd window, using startup.bat. All runs fine until a large amount of text gets output to the log (redirected to the Tomcat window). Tomcat then locks up. Pressing ctrl C produces another burst of data, and makes things run again for a while. I suspect this is not a Tomcat problem, but I can't find anything on google that helps. Regards Ron
Re: trouble with connector configured to receive from SSL accelerator
For what it is worth, I confirmed that the same issue exists with the latest 6.0.20 release. I also confirmed that if I set up SSL to run on a non-standard port (anything but 443), it works perfectly, because the port number is correctly picked up from the Host header rather than being left at the incorrect default of 80 when no port is specified in the url. On Mon, Oct 12, 2009 at 9:59 PM, Sam Gendler sgend...@vid.me wrote: [quickie synopsis] A request arriving on a connector configured for scheme=https and with secure=true is generating absolute redirect urls with scheme=https and port = 80 (https://localhost:80/path.html) because incoming request was on 443 and didn't have an explicit port in the Host header. [/quickie synopsis] I have a the standard connector configured on port 8080. I'm using an ssl accelerator (stunnel, for the purposes of debugging this) to talk to a 2nd connector which is configured to listen on port 8090. I added secure=true and scheme=https to the Connector tag of the second connector, but it is otherwise identical. The accelerator is configured to listen on port 443 and talk to port 8090. The redirectPort of both connectors is set to 443. If I connect to a resource, via stunnel, the connection correctly tunnels through 443 to port 8090. Unfortunately, If the resource needs to construct a redirect URL, after logging in to my app for example, the Connector goes badly wrong. I've gone through the code in the debugger and it correctly gets a True response from request.isSecure(). Because the request is secure and the response must also be secure, it can construct a standard redirect url, so it calls response.sendResponse(/path.html). That method eventually needs to construct an absolute url, which is does via the toAbsolute() method of org.apache.catalina.connector.Response. That method uses request.getScheme(), to retrieve https (correct) and request.getServerName() to get the correct host name. It then calls request.getServerPort(), which incorrectly returns the value of 80. I assume it does this because there is no port specified in the Host header, since the request is arriving on the default https port of 443, and there is a bug which causes it to assume the default port is port 80, even though the connector is configured to be secure and use https scheme. The code which constructs the url always appends :port to the hostname unless the port matches the default port for the scheme, and since 80 != 443, it winds up constructing a redirect url of https://localhost:80/path.html. Needless to say, this is totally incorrect. There is nothing listening on port 80 at all. I could understand if the connector were to return a redirect url to its own listen port of 8090. I don't think it would be correct, but it would at least make some sense. But picking up port 80 when nothing is listening to port 80 and the request isn't an http request without a port has to be a bug (or at least a missing configuration option that doesn't seem to be in the documentation anywhere). What do I need to do to get the request to correctly return 443 as the port when a request arrives on the connector without any port in the url or Host header? My two connectors are configured as such: Connector compressableMimeType=text/html,text/xml,text/javascript,text/css,application/x-amf compression=on compressionMinSize=2048 connectionTimeout=2 enableLookups=false noCompressionUserAgents=gozilla, traviata port=8080 protocol=HTTP/1.1 redirectPort=443/ Connector compressableMimeType=text/html,text/xml,text/javascript,text/css,application/x-amf compression=on compressionMinSize=2048 connectionTimeout=2 enableLookups=false noCompressionUserAgents=gozilla, traviata port=8090 secure=true scheme=https protocol=HTTP/1.1 redirectPort=443/ [cringe]I'm not using 6.0.20 yet. This is 6.0.18, but I couldn't find any reference to a bug fix in 19 or 20. It is a big deal to go to a new server version, and I'd rather avoid the work if I can. I'll test on 6.0.20 as soon as I send this mail, but I am really hoping for a suggestion for how to fix this on 6.0.18[/cringe]