Re: Apache AJP to 4 TCs
I did a fresh install, and it all worked. Steps documented @ http://bruniglobal.blogspot.com/2010/09/load-balancing-4-tomcats-with-apache-22.html I then went back to my old install, and noticed that I didnt specific ServerName domain:80 I did that and it all worked.. weird. Anyway, thank you all for your help on this, I really liked Mark's worker.template approach :) and Chris' questions info. If there is anything I can improve in the process, as documented, please let me know. Cheers Andrew On Fri, Sep 10, 2010 at 11:38 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, On 9/10/2010 2:52 AM, Andrew Bruno wrote: Thank you for the responses. I have gone about and installed a fresh Apache (on a seperate box), and have documented my steps in http://bruniglobal.blogspot.com/2010/09/load-balancing-4-tomcats-with-apache-22.html So far so good. I can load balance across all 4 tomcats, BUT I HAVE NOT ENABLED/ADDED SSL yet. Could the the ssl config be causing me grief? Almost certainly not. If you are using Apache httpd to terminate SSL, mod_jk doesn't even know about it (except that it will know the SSL state and pass that along the wire to Tomcat so it knows the connection is secure). JkMount /* loadbalancer JkOptions +ForwardSSLCertChain Presumably, you have more Jk* directives. Can you post those? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyKNL8ACgkQ9CaO5/Lv0PCeogCfS6AMtaI5scFUsw6Yaoxl6ptC YuQAniV/ZgCDcLxItD2cPO/2in+OxpZ8 =xa0R -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
To JAAS or not to JAAS
Hello, I have a web application written with JAAS authentication, using my own login modules. This is fine as long as the deployment is made by a system administrator who knows how to configure jaas.config and to place needed jars in the tomcat lib directory, following my instructions. Also, JAAS mode requires the sysadmin to prepare the backend db himself with a sql file of mine, and configure the context.xml with db informations. Now, I would like the same web app to be deployable in 2 ways, both with JAAS and without JAAS, to simplify deployment by less experienced deployer who will just put the war file inside webapp and access the application. During the first access I would like the application to understand that is not working in JAAS mode, check for a properties file inside the webapp, that when not existsant will trigger an installation sequence via web (to configure db access and so on). This will create this properties file that will be the reference configuration, substituting the context.xml / jaas config. My simple idea would be to have this war without the context.xml definitions, then have an init parameter of the application in web.xml to define Use Jaas = Yes/No that will let the webapp understand and do what I described. My question is: do I have a cleaner way to do this? Maybe I have some way to understand that my webapp is under JAAS control or not during application startup? Thanks for any help, Gabriele. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
apache tomcat load balancing not working using mod_proxy
Hello Team, I am trying to achieve load balancing with proxies modules. Following are the configuration of proxy module. LoadModule proxy_ajp_module modules/mod_proxy_ajp.so LoadModule proxy_balancer_module modules/mod_proxy_balancer.so IfDefine SSL Listen server_name:443 VirtualHost _default_:443 Proxy balancer://tomcatservers BalancerMember ajp://server_name:8009 route=tomcat4 retry=60 BalancerMember ajp://server_name:8010 route=tomcat5 retry=60 /Proxy Location /* Allow From All ProxyPass balancer://tomcatservers/* stickysession=JSESSIONID nofailover=off /Location and tomcat server.xml contain following entry. Tomcat5 Engine name=Catalina defaultHost=localhost jvmRoute=tomcat5 Tomcat4 Engine name=Catalina defaultHost=localhost jvmRoute=tomcat5 kindly assist me to acheive loadbalancing using proxies modules.
Re: apache tomcat load balancing not working using mod_proxy
Amol Puglia wrote: .. kindly assist me to acheive loadbalancing using proxies modules. Kindly telling us what version of Apache, Tomcat, Java etc you are using, on which platform, and what is not working, may help us helping you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: apache tomcat load balancing not working using mod_proxy
On 13/09/2010 10:56, Amol Puglia wrote: Location /* No need to use a wildcard. ProxyPass balancer://tomcatservers/* stickysession=JSESSIONID nofailover=off No need to use a wildcard. The stickysession attribute is invalid - see the docs The nofailover attribue is unexpected unless you have clustering configured. Tomcat4 Engine name=Catalina defaultHost=localhost jvmRoute=tomcat5 Fix your jvmRoute. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: apache tomcat load balancing not working using mod_proxy
Hello Mark, Thanks for the response. Please let me know what do i use in place of wildcard. 2)I required nofailover attribute as i have to load balanced two tomcat servers in the backend. 3)It will be good if you can let me know when to use the stickysession attribute or provide me the docs link which explains when to use the stickysession attribute. 4)I have fixed the jvmroutepath. --- On Mon, 9/13/10, Mark Thomas ma...@apache.org wrote: From: Mark Thomas ma...@apache.org Subject: Re: apache tomcat load balancing not working using mod_proxy To: Tomcat Users List users@tomcat.apache.org Date: Monday, September 13, 2010, 3:36 PM On 13/09/2010 10:56, Amol Puglia wrote: Location /* No need to use a wildcard. ProxyPass balancer://tomcatservers/* stickysession=JSESSIONID nofailover=off No need to use a wildcard. The stickysession attribute is invalid - see the docs The nofailover attribue is unexpected unless you have clustering configured. Tomcat4 Engine name=Catalina defaultHost=localhost jvmRoute=tomcat5 Fix your jvmRoute. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: apache tomcat load balancing not working using mod_proxy
Hi, I am using following versions of softwares 1)Apache version :- 2.2.14 2)Tomcat version :- apache-tomcat-6.0.20 3)Java Version :- jdk 1.6.0.5 4)Operating system :- solaris 5.10 I am trying to acheive load balancing for two instance of tomcat with apache with mod_proxy module. As of now our apache request is not getting redirected to tomcat and we are getting following error in the error_logs. [Mon Sep 13 10:43:59 2010] [error] [client 172.17.136.151] File does not exist: /opt/web/apache2/htdocs/eMatrix kindly assist. --- On Mon, 9/13/10, André Warnier a...@ice-sa.com wrote: From: André Warnier a...@ice-sa.com Subject: Re: apache tomcat load balancing not working using mod_proxy To: Tomcat Users List users@tomcat.apache.org Date: Monday, September 13, 2010, 3:30 PM Amol Puglia wrote: .. kindly assist me to acheive loadbalancing using proxies modules. Kindly telling us what version of Apache, Tomcat, Java etc you are using, on which platform, and what is not working, may help us helping you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: apache tomcat load balancing not working using mod_proxy
On 13/09/2010 11:20, Amol Puglia wrote: Hello Mark, Thanks for the response. Please let me know what do i use in place of wildcard. You don't. Read the docs for ProxyPass. 2)I required nofailover attribute as i have to load balanced two tomcat servers in the backend. No you don't. Load balancing != clustering. 3)It will be good if you can let me know when to use the stickysession attribute or provide me the docs link which explains when to use the stickysession attribute. http://www.lmgtfy.com/?q=httpd+2.2+ProxyPass Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Interesting wiki article and discussion: static versus transient Log references
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, For those who are interested, there is an interesting discussion surrounding an article on the Apache Commons Wiki regarding the use of static log references within library code deployed at a container level - such as Tomcat. I'm not sure it has any direct bearing on any of our readers, but some may find it interesting. Here's a link to the article: http://wiki.apache.org/commons/Logging/StaticLog Here a link to the discussion: http://markmail.org/thread/y5lmvy4xwosro36m Enjoy, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOJdoACgkQ9CaO5/Lv0PCepACdGGEpVb1pwBlweoO4H67hw5iQ aioAn3PZMnb1930FWwPjQyzwk+JeWo1m =YL8A -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Interesting wiki article and discussion: static versus transient Log references
Thats a useful refrence page. Thanks On Mon, Sep 13, 2010 at 3:23 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, For those who are interested, there is an interesting discussion surrounding an article on the Apache Commons Wiki regarding the use of static log references within library code deployed at a container level - such as Tomcat. I'm not sure it has any direct bearing on any of our readers, but some may find it interesting. Here's a link to the article: http://wiki.apache.org/commons/Logging/StaticLog Here a link to the discussion: http://markmail.org/thread/y5lmvy4xwosro36m Enjoy, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOJdoACgkQ9CaO5/Lv0PCepACdGGEpVb1pwBlweoO4H67hw5iQ aioAn3PZMnb1930FWwPjQyzwk+JeWo1m =YL8A -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org That's a useful reference page. Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache AJP to 4 TCs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, On 9/13/2010 3:09 AM, Andrew Bruno wrote: If there is anything I can improve in the process, as documented, please let me know. Upgrade from Tomcat 4.x to Tomcat 6.x? ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOMbkACgkQ9CaO5/Lv0PDpIwCglFp5PAEfMaByWfeZQF1xQD84 gzEAoJ0UDapygQaQHtuypy+09IoGOOTl =pdoT -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache AJP to 4 TCs
Thanks, but credit where credit is due. The basis for my configuration was taken from the examples in the source code. There are a lot of notes in the original source code configurations. Even if you don't compile it yourself (I do, since I'm mostly on Linux), the files are worth the read. Download the connector source from http://tomcat.apache.org/download-connectors.cgi, unzip the file, and take a look in the tomcat-connectors-1.2.30-src/conf directory. There are a lot of nice explanations tucked into the example configuration files. . . . . just my two cents. /mde/ - Original Message From: Andrew Bruno andrew.br...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, September 13, 2010 12:09:30 AM Subject: Re: Apache AJP to 4 TCs I did a fresh install, and it all worked. Steps documented @ http://bruniglobal.blogspot.com/2010/09/load-balancing-4-tomcats-with-apache-22.html I then went back to my old install, and noticed that I didnt specific ServerName domain:80 I did that and it all worked.. weird. Anyway, thank you all for your help on this, I really liked Mark's worker.template approach :) and Chris' questions info. If there is anything I can improve in the process, as documented, please let me know. Cheers Andrew - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: To JAAS or not to JAAS
As an alternative, maybe you could write an ant script that would add the libraries, read values from a properties file to write the jaas.config file, and populate the database? Copying files with ant is easy, and http://db.apache.org/ddlutils/ makes it pretty easy to dump and recreate databases. Editing jaas.conf with property substitution might be a bit tricky, but possible if your authorization / authentication requirements aren't too complex. The Jetspeed Maven plugin does some similar work as well, but I've found it to be a bit invasive at times. . . . . just some random thoughts. /mde/ From: Gabriele Bulfon gbul...@sonicle.com To: Tomcat Users List users@tomcat.apache.org Sent: Mon, September 13, 2010 2:55:09 AM Subject: To JAAS or not to JAAS Hello, I have a web application written with JAAS authentication, using my own login modules. This is fine as long as the deployment is made by a system administrator who knows how to configure jaas.config and to place needed jars in the tomcat lib directory, following my instructions. Also, JAAS mode requires the sysadmin to prepare the backend db himself with a sql file of mine, and configure the context.xml with db informations. Now, I would like the same web app to be deployable in 2 ways, both with JAAS and without JAAS, to simplify deployment by less experienced deployer who will just put the war file inside webapp and access the application. During the first access I would like the application to understand that is not working in JAAS mode, check for a properties file inside the webapp, that when not existsant will trigger an installation sequence via web (to configure db access and so on). This will create this properties file that will be the reference configuration, substituting the context.xml / jaas config. My simple idea would be to have this war without the context.xml definitions, then have an init parameter of the application in web.xml to define Use Jaas = Yes/No that will let the webapp understand and do what I described. My question is: do I have a cleaner way to do this? Maybe I have some way to understand that my webapp is under JAAS control or not during application startup? Thanks for any help, Gabriele. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat AJP APR connector to mod_jk can result in SEND_BODY_CHUNK message after END_RESPONSE message, was Re: unusual mod_jk 1.2.30 log messages
Hi, I'm top posting because I have more details and better logs. I've change the thread title accordingly. Environment is the same as the original post, with the exception that I have applied the patch Rainer suggested so that mod_jk provides more information when a protocol error is detected. Configs are at the end of the message. When running httpd/mod_jk in trace mode we are seeing one or two SEND_BODY_CHUNK messages of length 4 (referred to as a 'flush' message from now on) just before the END_RESPONSE message. I see this even when querying the Tomcat Manager (manager/html) home page so this is not our application specifically. Our problem is that in a servlet that retrieves a file that is then sent to the client we are receiving a 'flush' message _after_ the END_RESPONSE message. On the next request, mod_jk sees this a breach in the protocol, closes the socket and results in poor performance and missed requests. The files are significantly bigger than the standard 8k buffers (~500kb). The relevant servlet is a Spring Controller (some details omitted) that does the following: public ModelAndView handle(HttpServletRequest request, HttpServletResponse response, Object command, BindException errors) throws Exception { ... ... image is a byte buffer containing an image ... response.setContentType(image.getMimeType()); response.setContentLength(image.getImage().length); FileCopyUtils.copy( image.getImage(), response.getOutputStream(); return null; } We were using a manual explicit flush() and close() on the output stream instead of using FileCopyUtils. When we did that, we got two 'flush' messages but one was still after the END_RESPONSE. FileCopyUtils closes the OutputStream automatically but doesn't flush it as we were doing previously doing manually. For example: Full trace level logs available at: http://pastebin.com/KsHeXT58 home page requests (/), result in a 301 to /home.action. This produces a double 'flush' before the END_REQUEST message (only debug level shown): [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_unmarshal_response::jk_ajp_common.c (660): status = 301 [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_unmarshal_response::jk_ajp_common.c (667): Number of headers is = 5 [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_unmarshal_response::jk_ajp_common.c (723): Header[0] [Set-Cookie] = [JSESSIONID=FA47238C8C9976E37793701F10A2D923.jvm1; Path=/] [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_unmarshal_response::jk_ajp_common.c (723): Header[1] [Location] = [home.action] [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_unmarshal_response::jk_ajp_common.c (723): Header[2] [Connection] = [close] [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_unmarshal_response::jk_ajp_common.c (723): Header[3] [Content-Type] = [text/html] [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_unmarshal_response::jk_ajp_common.c (723): Header[4] [Content-Length] = [4] Then comes the body content: [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): received from ajp13 pos=0 len=8 max=8192 [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 03 00 04 0D 0A 0D 0A 00 00 00 00 00 00 00 00 00 - [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ws_write::mod_jk.c (507): written 4 out of 4 1st flush message [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): received from ajp13 pos=0 len=4 max=8192 [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - 2nd flush message [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): received from ajp13 pos=0 len=4 max=8192 [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - Normal END_MESSAGE [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): received from ajp13 pos=0 len=2 max=8192 [Mon Sep 13 11:47:37.460 2010] [31725:1144342848] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1336): 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - The home page retrieval proceeds in exactly the same manner (including the two 'flush' messages. However when we try this against the file retrieval servlet above (remember files are ~500k) we get the following behaviour instead: Headers received by mod_jk from the request: [Mon Sep 13 11:47:38.118 2010] [31728:1147218240] [debug]
Re: Tomcat AJP APR connector to mod_jk can result in SEND_BODY_CHUNK message after END_RESPONSE message, was Re: unusual mod_jk 1.2.30 log messages
On 09/13/2010 07:15 PM, Brett Delle Grazie wrote: Our problem is that in a servlet that retrieves a file that is then sent to the client we are receiving a 'flush' message _after_ the END_RESPONSE message. On the next request, mod_jk sees this a breach in the protocol, closes the socket and results in poor performance and missed requests. The workaround would be to drop any flush messages after the END_RESPONSE check. However, this is obvious error of the server side. END_RESPOSE in AJP protocol reflects the Socket.close() so any flush (or read or write) on that socket would throw an exception if the non-AJP protocol was used inside that servlet/stream. Detaching AJP streams from the servlet and using them as a OutputStream is not very well handled in Tomcat. I suppose if using APR the entire thing would even crash the JVM. Trying to deal with that on mod_jk side would have my strong -1. Regards -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to serialize user principle
Hi All,,, Is there anyway that force tomcat to serialize user Principle so that when tomcat webapp get reloaded or even tomcat restarted, logged in users won't be asked to login again... Best Regards
Re: How to serialize user principle
Mohammad M. AbuZer wrote: Hi All,,, Is there anyway that force tomcat to serialize user Principle so that when tomcat webapp get reloaded or even tomcat restarted, logged in users won't be asked to login again... Would this be what you are referring to ? http://tomcat.apache.org/tomcat-5.5-doc/config/manager.html#Restart_Persistence - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to serialize user principle
From: Mohammad M. AbuZer [mailto:m.abuze...@gmail.com] Subject: How to serialize user principle Is there anyway that force tomcat to serialize user Principle so that when tomcat webapp get reloaded or even tomcat restarted, logged in users won't be asked to login again... That normally happens automatically (as long as the session hasn't expired), so the real question is what did you change to disable the standard behavior? While you're at it, tell us the Tomcat version you're using, and the Realm you have configured for authentication. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to serialize user principle
Caldarale, Charles R wrote: From: Mohammad M. AbuZer [mailto:m.abuze...@gmail.com] Subject: How to serialize user principle Is there anyway that force tomcat to serialize user Principle so that when tomcat webapp get reloaded or even tomcat restarted, logged in users won't be asked to login again... That normally happens automatically (as long as the session hasn't expired), so the real question is what did you change to disable the standard behavior? While you're at it, tell us the Tomcat version you're using, and the Realm you have configured for authentication. I think that you also should be more clear about what you would really like to achieve. As far as I know, the Tomcat (container-managed) authentication is based on the user session, and the persistence of a session is linked to the JSESSIONID cookie which Tomcat sends to the browser; and as far as I know this JSESSIONID cookie, by default, only lasts for the duration of a web browser session. So, independently of whether Tomcat saves and persists the sessions across a webapp reload or a Tomcat restart, if the user close and re-open their browser, their session will be lost, and so will their authentication. If your goal is that users need to login only once during any day, then you should look at some Single-Sign-On mechanism, external to Tomcat. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to serialize user principle
I'm using tomcat 7.0.2 BETA, I used JDBCRealm, and I think it uses by default GenericPrinciple at org.apache.catalina.realm, which do not implement Serializable interface, On Mon, Sep 13, 2010 at 8:04 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Mohammad M. AbuZer [mailto:m.abuze...@gmail.com] Subject: How to serialize user principle Is there anyway that force tomcat to serialize user Principle so that when tomcat webapp get reloaded or even tomcat restarted, logged in users won't be asked to login again... That normally happens automatically (as long as the session hasn't expired), so the real question is what did you change to disable the standard behavior? While you're at it, tell us the Tomcat version you're using, and the Realm you have configured for authentication. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- * Best Regards Mohammad M. AbuZer* Junior Java Developer Mobile: +962-78-5416416
Re: interaction between .forward() and security-constraint
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian, On 9/12/2010 4:18 PM, Brian McBride wrote: On 09/09/2010 19:47, Christopher Schultz wrote: I'm sure there are some edge cases where an authenticated user might end up looking like a guest, but you cna probably solve those. That's a bit of a worry. Can you say any more about the edge cases I should be concerned about. Well, if Tomcat intercepts a request in order to perform authentication, then the filter will not be called during that request/response transaction. That's probably - specifically - not a problem because the whole point of the transaction is authentication... presumably you're not delivering protected resources /during/ authentication. I hadn't really thought about what those edge cases were... I just wanted to point out that, when considering authentication and authorization code, you really need to think /hard/ about every possibility, because failure to do so may leave you open to exploitation. If you always use HTTP Authentication (it wasn't clear what was really going on, with all that talk about DIGEST authentication), then you can always get the username from the request headers. In that case, your filter can use that as a source of authentication data, too. I was hoping to use http authentication so I could use well debugged code rather than write my own. But I've currently given up on that. I meant using HTTP BASIC vs FORM authentication -- both are well-tested. I wasn't happy with BASIC authentication on the grounds the password leaves the user's machine. Even if its safe on the wire because of SSL, there is always the chance it will leak from the server end somehow. I want to be sure I never know the user's actual password. Sounds like a good idea. I don't want to store users passwords, I want to store some digest of them. To protect against dictionary attacks on the password database I want to store salted passwords - i.e. add a larg'ish random number to each users password before taking the digest. I couldn't see how to use salted password storage along with HTTP DIGEST authentication. Neither FORM nor BASIC/DIGEST authentication in Tomcat support salted passwords without you writing some of your own code. So I've written my own based on HTTP DIGEST but where the challenge includes the salt so the client can compute the users effective password. Do you intend for regular web browsers to be able to support this? I don't think this is possible in the real world unless you control 100% of the clients. HTTP DIGEST authentication is, unfortunately, likely to just die and go away. It's been designed around the MD5 digest algorithm which is, these days, considered relatively unsafe. There is no protocol through which the client and server can negotiate a digest algorithm, so MD5 is always assumed. Hopefully, DIGEST will be replaced by something like DIGEST2 with a better negotiation protocol so that it can be extended into the future as new crypto primitives become available and old ones are retired. Another variation I am trying is to associate a user not with a session but with an SSL session. Each SSL session must be authenticated. This prevents someone snooping/guessing the JSESSIONID ( some of my traffic is in clear and the JSESSIONID is therefor not secure) and using a different SSL connection and faking the JSESSIONID to get access. That might work, but SSL sessions and user sessions aren't always 1:1. For instance, the SSL session might expire and be renegotiated while the user session should remain the same. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOdFYACgkQ9CaO5/Lv0PCU/gCgq98nOlMMX/NnRYdQU0ikoEre BHcAn2e1u/ggle9cjWmNebKLXAXHuSah =co+W -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to serialize user principle
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 9/13/2010 2:21 PM, André Warnier wrote: As far as I know, the Tomcat (container-managed) authentication is based on the user session Per the servlet spec, the HttpSession == user login for FORM authentication. and the persistence of a session is linked to the JSESSIONID cookie which Tomcat sends to the browser; and as far as I know this JSESSIONID cookie, by default, only lasts for the duration of a web browser session. So, independently of whether Tomcat saves and persists the sessions across a webapp reload or a Tomcat restart, if the user close and re-open their browser, their session will be lost, and so will their authentication. Generally speaking, yes. If your goal is that users need to login only once during any day, then you should look at some Single-Sign-On mechanism, external to Tomcat. Or, just change the session expiration time. I think Mohammad is talking about logins surviving a Tomcat restart (which they should be able to do, without any additional configuration from the default). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOdmsACgkQ9CaO5/Lv0PB+3QCeMVV+1Y3tKnKMWLgFBwBki/7T WYAAoIzSo4hu+GuM5ttfgw/EV7qL9J4Z =7FyR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to serialize user principal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammad, (Note the change in spelling of principal. Principle is a notion or laws or morals.) On 9/13/2010 2:37 PM, Mohammad M. AbuZer wrote: I'm using tomcat 7.0.2 BETA, I used JDBCRealm, and I think it uses by default GenericPrinciple at org.apache.catalina.realm, which do not implement Serializable interface, Note that the Principal itself is not stored as a session attribute, and is therefore not serialized in the way you are thinking. Tomcat should be able to persist the user's session information across a Tomcat restart. I happen to witness that capability several times per day personally (though in Tomcat 5.5 and 6.0, not 7.0). Also, note that JDBCRealm has long bees associated with poor performance due to it's use of a single Connection object for all authentication. Consider using DataSourceRealm along with a connection pool instead. Are you getting any errors in your log files? Usually, when a user's session seems to expire during a Tomcat restart, it's because the session itself is not serializable due to an object that application code has carelessly inserted into the session. That usually emits an error during session saving or re-loading. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOeW0ACgkQ9CaO5/Lv0PBVtQCeI+2STfjSCp3F650XsyL0WX2V CnsAoKUJLGCrv+VkMTdcvinr4k+J7Nen =J0Vx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to serialize user principal
Thanks to note about disadvantages of using JDBCRealm, but about tomcat login-surviving, I still see login-page, after web-app reload or tomcat restart... even default configuration presents On Mon, Sep 13, 2010 at 9:20 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammad, (Note the change in spelling of principal. Principle is a notion or laws or morals.) On 9/13/2010 2:37 PM, Mohammad M. AbuZer wrote: I'm using tomcat 7.0.2 BETA, I used JDBCRealm, and I think it uses by default GenericPrinciple at org.apache.catalina.realm, which do not implement Serializable interface, Note that the Principal itself is not stored as a session attribute, and is therefore not serialized in the way you are thinking. Tomcat should be able to persist the user's session information across a Tomcat restart. I happen to witness that capability several times per day personally (though in Tomcat 5.5 and 6.0, not 7.0). Also, note that JDBCRealm has long bees associated with poor performance due to it's use of a single Connection object for all authentication. Consider using DataSourceRealm along with a connection pool instead. Are you getting any errors in your log files? Usually, when a user's session seems to expire during a Tomcat restart, it's because the session itself is not serializable due to an object that application code has carelessly inserted into the session. That usually emits an error during session saving or re-loading. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOeW0ACgkQ9CaO5/Lv0PBVtQCeI+2STfjSCp3F650XsyL0WX2V CnsAoKUJLGCrv+VkMTdcvinr4k+J7Nen =J0Vx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- * Best Regards Mohammad M. AbuZer* Junior Java Developer Mobile: +962-78-5416416
Re: How to serialize user principal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammad, On 9/13/2010 3:29 PM, Mohammad M. AbuZer wrote: Thanks to note about disadvantages of using JDBCRealm, but about tomcat login-surviving, I still see login-page, after web-app reload or tomcat restart... even default configuration presents Hmm. What's in the session, then? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOfOsACgkQ9CaO5/Lv0PBLLACdFQ954KDF5Z27XUO44DsJlyXQ oWgAoJf4k4atY0UC7L23tMTeuS4+dCQ+ =+ZnD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Want to get involved in Tomcat development?
So does martins comment answer this? On Sat, Sep 11, 2010 at 7:01 PM, Mark Thomas ma...@apache.org wrote: https://issues.apache.org/bugzilla/show_bug.cgi?id=49914 could be a good place to start. No idea if this is a bug or user error but from past experience my gut instinct is that this will be an easy one to research (and patch if necessary). If you want any pointers, (or have any other questions about fixing this issue) the dev list is the place to ask. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Want to get involved in Tomcat development?
On 13/09/2010 21:24, Wesley Acheson wrote: So does martins comment answer this? I tend to have a hard time parsing Martin's comments and usually just ignore them as the vast majority of them are just plain wrong and past attempts to point out the errors have fallen on deaf ears. If I have understood his comments correctly he seems to be saying that code can through an NPE if urlPattern.length == 1. I am 99.9% certain that is not the case. And the OP wasn't complaining about an NPE anyway... So no, Martin's comments have not addressed that bug at all. Mark On Sat, Sep 11, 2010 at 7:01 PM, Mark Thomas ma...@apache.org wrote: https://issues.apache.org/bugzilla/show_bug.cgi?id=49914 could be a good place to start. No idea if this is a bug or user error but from past experience my gut instinct is that this will be an easy one to research (and patch if necessary). If you want any pointers, (or have any other questions about fixing this issue) the dev list is the place to ask. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Want to get involved in Tomcat development?
From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Subject: Re: Want to get involved in Tomcat development? On Sat, Sep 11, 2010 at 7:01 PM, Mark Thomas ma...@apache.org wrote: https://issues.apache.org/bugzilla/show_bug.cgi?id=49914 could be a good place to start. So does martins comment answer this? No, since Martin ignored the urlPattern.length() 2 check in his analysis, and throwing an NPE is clearly inappropriate under any circumstance. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Possible to proxy JMX?
On 12/09/2010 21:38, Wesley Acheson wrote: Hi I was wondering if Its possible to proxy a JMX service. I got to thinking a lot of people don't hot deploy for whatever reasons. They literally shut down tomcat and put in the new content and start it up again. If it was possible to proxy JMX though I think it should be possible to have a small daemon application that proxy's tomcats JMX, and injects two commands, startup and restart. The idea being so this minimal java application could launch or relaunch tomcat. (I think it would need to call the startup.sh or startup.bat file) Wouldn't you just launch an embedded Tomcat instance? You made me think of this, new in Java 6: http://download.oracle.com/javase/6/docs/api/javax/management/JMX.html p What does everyone think? Would that be useful / possible? Its beyond my capabilities to write. I got to thinking about this after reading a misunderstanding in bugzilla. https://issues.apache.org/bugzilla/show_bug.cgi?id=49234#c70 and https://issues.apache.org/bugzilla/show_bug.cgi?id=49234#c71 with chamith buddhika's changes it really would be possible to do every step in this list. Including startup. Just an Idea really. I'm not going to attempt it. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Tomcat IIS - Understanding Context definition to access Webapps
On 12/09/2010 22:09, Caldarale, Charles R wrote: From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Subject: Re: Tomcat IIS - Understanding Context definition to access Webapps I create in conf/Catalina/localhost a new file called webSiteA.xml with this content: try creating it in conf/Catalina/webSiteA Need to be more explicit; the file must be named ROOT.xml (case sensitive), in the above directory. Context path=/ reloadable=true docBase=C:\Inetpub\wwwroot\SiteA distributable=true The path element will be ignored. It's not valid at all when the Context element is in the above location. (For what it's worth, the value specified is completely illegal; a plain slash is never used.) Also, there is no distributable attribute for Context, so get rid of that as well. Also, be wary of publishing any part of this URL directly via IIS: C:\Inetpub\wwwroot\SiteA Any config errors and your app components are exposed. p THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Possible to proxy JMX?
On Mon, Sep 13, 2010 at 11:12 PM, Pid p...@pidster.com wrote: On 12/09/2010 21:38, Wesley Acheson wrote: If it was possible to proxy JMX though I think it should be possible to have a small daemon application that proxy's tomcats JMX, and injects two commands, startup and restart. The idea being so this minimal java application could launch or relaunch tomcat. (I think it would need to call the startup.sh or startup.bat file) Wouldn't you just launch an embedded Tomcat instance? No cause that kind of defeats the point of having a shutdown. If peoples applications memory leak etc. You would want the container separate from the launcher. Dunno If I'm making sense with this. It does make sense in my head. You made me think of this, new in Java 6: http://download.oracle.com/javase/6/docs/api/javax/management/JMX.html Taking a look now p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: interaction between .forward() and security-constraint
Hi Christopher, On 13/09/2010 19:58, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- [...] That's a bit of a worry. Can you say any more about the edge cases I should be concerned about. Well, if Tomcat intercepts a request in order to perform authentication, then the filter will not be called during that request/response transaction. That's probably - specifically - not a problem because the whole point of the transaction is authentication... presumably you're not delivering protected resources /during/ authentication. Your are right. The filter may kick in during a 'normal' transaction to require authentication before it can proceed, but no restricted resources are delivered during authentication. I hadn't really thought about what those edge cases were... I just wanted to point out that, when considering authentication and authorization code, you really need to think /hard/ about every possibility, because failure to do so may leave you open to exploitation. I'm fumbling about seeking the hardness knob that controls my thinking ... I know its there somewhere ... :) [...] I don't want to store users passwords, I want to store some digest of them. To protect against dictionary attacks on the password database I want to store salted passwords - i.e. add a larg'ish random number to each users password before taking the digest. I couldn't see how to use salted password storage along with HTTP DIGEST authentication. Neither FORM nor BASIC/DIGEST authentication in Tomcat support salted passwords without you writing some of your own code. It's good to have that confirmed. So I've written my own based on HTTP DIGEST but where the challenge includes the salt so the client can compute the users effective password. Do you intend for regular web browsers to be able to support this? I don't think this is possible in the real world unless you control 100% of the clients. I have two sorts of clients - applications where I can specify what's required, and browsers where I can assume the use javascript. I have some javascript that will compute the response to a challenge and send it off to the server. HTTP DIGEST authentication is, unfortunately, likely to just die and go away. I'm learning from the discussion on this list that DIGEST is not very popular. However, it is a published algorithm and therefore has a bit more credibility than one I cooked up. It's been designed around the MD5 digest algorithm which is, these days, considered relatively unsafe. The basic changes I have made are to switch from MD5 to SHA-256 and add a 64 bit salt to the users password. There is no protocol through which the client and server can negotiate a digest algorithm, so MD5 is always assumed. Hopefully, DIGEST will be replaced by something like DIGEST2 with a better negotiation protocol so that it can be extended into the future as new crypto primitives become available and old ones are retired. That would be great. Another variation I am trying is to associate a user not with a session but with an SSL session. Each SSL session must be authenticated. This prevents someone snooping/guessing the JSESSIONID ( some of my traffic is in clear and the JSESSIONID is therefor not secure) and using a different SSL connection and faking the JSESSIONID to get access. That might work, but SSL sessions and user sessions aren't always 1:1. For instance, the SSL session might expire and be renegotiated while the user session should remain the same. Hmmm, yes, that could be bad. Well at least that way round its secure - it just means the client may have to authenticate again. I don't know what control I can have over SSL sessions expiring. The other issue is multiple SSL sessions in the same user session. A programmatic client can take care of that - the browser access should not need multiple sessions - but I'll only know if this is a problem when I've built enough of it to tell. One thing I'm slightly nervous of is reuse of the SSL session id. The SSL spec says the server gets to choose the ID for an SSL session so I need to know that the server doesn't reuse them in a way that might compromise this approach. OpenSSH states that it uses a random number as wide as the protocol allows. Haven't found a statement about what JSSE does and haven't had an answer yet to my question to the forum. I expect its fine - it would just be nice to have it in writing. I appreciate the input and comments. Brian - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOdFYACgkQ9CaO5/Lv0PCU/gCgq98nOlMMX/NnRYdQU0ikoEre BHcAn2e1u/ggle9cjWmNebKLXAXHuSah =co+W -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
classpathx-mail
Hello, i would send emails with javamail-api. My tomcat 5.5 comes with the classpathx-javamail. My installation of Sun's javamail via maven2 seems to be in conflict with the classpathx-mail package. Someone can please tell me how can i avoid that tomcat makes use of the classpathx-mail package? TIA Daniel signature.asc Description: This is a digitally signed message part
Re: Tomcat AJP APR connector to mod_jk can result in SEND_BODY_CHUNK message after END_RESPONSE message, was Re: unusual mod_jk 1.2.30 log messages
On Mon, 2010-09-13 at 19:41 +0200, Mladen Turk wrote: On 09/13/2010 07:15 PM, Brett Delle Grazie wrote: Our problem is that in a servlet that retrieves a file that is then sent to the client we are receiving a 'flush' message _after_ the END_RESPONSE message. On the next request, mod_jk sees this a breach in the protocol, closes the socket and results in poor performance and missed requests. The workaround would be to drop any flush messages after the END_RESPONSE check. However, this is obvious error of the server side. END_RESPOSE in AJP protocol reflects the Socket.close() so any flush (or read or write) on that socket would throw an exception if the non-AJP protocol was used inside that servlet/stream. Detaching AJP streams from the servlet and using them as a OutputStream is not very well handled in Tomcat. I suppose if using APR the entire thing would even crash the JVM. Trying to deal with that on mod_jk side would have my strong -1. And I would agree with that whole heartedly. So I guess the APR AJP connector implementation needs to be reviewed... I am looking but as I'm not familiar with the code any help or pointers would be appreciated. Should I raise a bugzilla bug? Thanks, Regards -- Best Regards, Brett Delle Grazie __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
One question about EL 2.2 :java.lang.NoSuchMethodException error when call a managedbean int method
1. Create a managed bean ,define an int field package coreservlets; import javax.faces.bean.*; @ManagedBean public class SpanishColorMapper extends ColorMapper { private int age; public SpanishColorMapper() { super(Spanish, rojo, anaranjado, amarillo, verde, negro, blanco); } public int calYear(int x) { return age + x; } public int getAge() { return age; } public void setAge(int x) { age = x; } } 2.Direclty call calYear method in xhtml like: td#{spanishColorMapper.calYear(5)}/td but it's reported that : java.lang.NoSuchMethodException: coreservlets.SpanishColorMapper.calYear(java.lang.Long) Caused by: java.lang.NoSuchMethodException - coreservlets.SpanishColorMapper.calYear(java.lang.Long) javax.faces.FacesException: java.lang.NoSuchMethodException: coreservlets.SpanishColorMapper.calYear(java.lang.Long) at org.apache.myfaces.shared_impl.context.ExceptionHandlerImpl.wrap(ExceptionHandlerImpl.java:241) at org.apache.myfaces.shared_impl.context.ExceptionHandlerImpl.handle(ExceptionHandlerImpl.java:156) at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:258) at javax.faces.webapp.FacesServlet.service(FacesServlet.java:191) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:163) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:108) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:556) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:401) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:281) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:579) at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1568) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.NoSuchMethodException: coreservlets.SpanishColorMapper.calYear(java.lang.Long) at java.lang.Class.getMethod(Class.java:1605) at javax.el.BeanELResolver.invoke(BeanELResolver.java:377) at javax.el.CompositeELResolver.invoke(CompositeELResolver.java:137) at org.apache.el.parser.AstValue.getValue(AstValue.java:159) at org.apache.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:192) at org.apache.myfaces.view.facelets.el.ELText$ELTextVariable.writeText(ELText.java:213) at org.apache.myfaces.view.facelets.compiler.TextInstruction.write(TextInstruction.java:48) at org.apache.myfaces.view.facelets.compiler.UIInstructions.encodeBegin(UIInstructions.java:46) at org.apache.myfaces.view.facelets.compiler.UILeaf.encodeAll(UILeaf.java:214) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:614) at javax.faces.component.UIComponent.encodeAll(UIComponent.java:614) at org.apache.myfaces.view.facelets.FaceletViewDeclarationLanguage.renderView(FaceletViewDeclarationLanguage.java:1155) at org.apache.myfaces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:263) at org.apache.myfaces.lifecycle.RenderResponseExecutor.execute(RenderResponseExecutor.java:85) at org.apache.myfaces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:239) ... 16 more Seems by default it's set as Long. Is this a bug of EL implementation? Parse number as Long, not type of ManagedBean defined? -- viola
Re: Tomcat AJP APR connector to mod_jk can result in SEND_BODY_CHUNK message after END_RESPONSE message, was Re: unusual mod_jk 1.2.30 log messages
On 09/14/2010 12:28 AM, Brett Delle Grazie wrote: Detaching AJP streams from the servlet and using them as a OutputStream is not very well handled in Tomcat. I suppose if using APR the entire thing would even crash the JVM. Trying to deal with that on mod_jk side would have my strong -1. And I would agree with that whole heartedly. So I guess the APR AJP connector implementation needs to be reviewed... I am looking but as I'm not familiar with the code any help or pointers would be appreciated. For AJP APR connector 'if (actionCode == ActionCode.ACTION_CLIENT_FLUSH)' doesn't check if the socket was already virtually closed so I guess that would be a first thing to look at. We cannot just check for finished flag thought, cause recycle() would reset that. Instead if there was getOutputSteam() we would need to directly invalidate that stream. This means we would need to remember that stream somewhere. Further more the wrapped socket is 'long' pointing to the native pointer, so we don't have object notification on physical socket close (that's another problem that manifests in JVM core for detached sockets). Should I raise a bugzilla bug? Yes, and a dev list would be better place to discuss that further. Regards -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: classpathx-mail
On 13/09/2010 22:20, Daniel Rindt wrote: Hello, i would send emails with javamail-api. My tomcat 5.5 comes with the classpathx-javamail. My installation of Sun's javamail via maven2 seems to be in conflict with the classpathx-mail package. Someone can please tell me how can i avoid that tomcat makes use of the classpathx-mail Remove the one you don't want. p 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature