RE: In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
Hi Mark, I applied your advice. I added a directive to my error page, so it wont create a session variable, and therefore won't try to create a session if it does exist (%@ page session=false%). Well, IT WORKED! I got rid of the java.lang.IllegalStateException: Cannot create a session after the response has been committed exception, which I have seen in my log for months or maybe years! Now the previous thing that went wrong is able to show its details in the log. What is that? A Struts tag that tries to output the content of a bean that is not present even though it should (this is the Struts tag: bean:write name=TEXT-NoteNoShippingFees/). That bean should always be present, because it is created in the previous Struts action. How can it be missing SOMETIMES, if it is not the only bean that is being created in the previous action, and others of these beans that are created in the action are present in the page? I guess it has something to do with the buffer that gets full sometimes, or am I wrong? What do you think? In fact, I have had LOTs of problems with beans that dissappear even though they should be present because they were created in the previous actions. I have been dealing with these randomic problem for YEARS, and I applied just a patch for that (If the bean is not present, redirect to the home page instead of showing an error message and dumping a trace in the log). That was just a workaround, and not a clean solution. I will try now to use a buffer with 16K, to see if that will solve this. Brian -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, September 23, 2010 02:51 PM To: Tomcat Users List Subject: Re: In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed On 23/09/2010 12:01, Brian wrote: Thanks for the commited explanation, but I still have a doubt: Where in my code do I commit? I don't do it explicitly, so it is happening at some point automatically but I don't know exactly where/when. If a full buffer is not the cause, what is it for the commit to happen? In which method/class does it happen? As soon as the buffer is full or you flush the response. I will raise the 8K capacity in the buffer, just in case that is the problem. That would explain why this problem appears to be randomic. If just some pages are too big, that would make the buffer to be full, and then everything in the sequence you described would happen. I don't explicitly disable the session creation in my JSPs, so that is not the problem. I don't call any flushing method either. You need to explicitly disable session generation in your error JSP. That will ensure the sequence never happens. It is clear that something goes wrong in my ProductsForModel.jps page (actually, in the java code generated for it), so an Exception is being thrown and PageContextImpl.handlePageException() takes care of it. But what exception? Is it the java.lang.IllegalStateException: Cannot create a session after the response has been committed? Or is it another one? Yep, the broken error JSP is hiding the exception. Another option is to remove the error handling JSPs. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Why an email list, and not a forum?
At least someone thinks the same way I do! From: m.h.g.emme...@dnb.nl [mailto:m.h.g.emme...@dnb.nl] Sent: Friday, September 24, 2010 12:48 AM To: Tomcat Users List Subject: Re: Why an email list, and not a forum? I agree. A forum would be more practical. It is much easier reading all postings on a topic. I find myself clearing my tomcat users list inbox every morning, while on forums I visit I check out the new or updated topics. The forums these days let you subscribe to topics or complete forums and send you a notification when a new topic gets started or updated. regards, Milko Brian bbprefix-m...@yahoo.com 24-09-2010 02:19 Please respond to Tomcat Users List users@tomcat.apache.org To users@tomcat.apache.org cc Subject Why an email list, and not a forum? Hi, Just a thought: Why is this support taking place in an email list, instead aof a web based forum? Please consider the environment before printing this email. De informatie verzonden met dit e-mailbericht is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Indien u als niet-geadresseerde dit bericht ontvangt, wordt u verzocht direct de afzender hierover te informeren en het bericht te vernietigen. Gebruik van informatie door onbevoegden, openbaarmaking of vermenigvuldiging is verboden en kan leiden tot aansprakelijkheid. De afzender is niet aansprakelijk in geval van onjuiste overbrenging van het e-mailbericht en/of bij ontijdige ontvangst daarvan. The information transmitted is confidential and intended only for the person or entity to whom or which it is addressed. If you are not the intended recipient of this communication, please inform us immediately and destroy this communication. Unauthorised use, disclosure or copying of information is strictly prohibited and may entail liability. The sender accepts no liability for improper transmission of this communication nor for any delay in its receipt.
Re: In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
Brian wrote: ... In fact, I have had LOTs of problems with beans that dissappear that's usually a problem associated with age. I was going to ask, but I have been dealing with these randomic problem for YEARS, you've answered that yourself. ;-) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
On Fri, 24 Sep 2010 07:48:09 +0200, m.h.g.emme...@dnb.nl wrote: I agree. A forum would be more practical. It is much easier reading all postings on a topic. I find myself clearing my tomcat users list inbox every morning, while on forums I visit I check out the new or updated topics. The forums these days let you subscribe to topics or complete forums and send you a notification when a new topic gets started or updated. Use gmail to read list. You'll have a 'forum'. I do really hope we won't switch to web-based-something. -- Mikolaj Rydzewski - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
On Fri, Sep 24, 2010 at 9:28 AM, Mikolaj Rydzewski m...@ceti.pl wrote: On Fri, 24 Sep 2010 07:48:09 +0200, m.h.g.emme...@dnb.nl wrote: I agree. A forum would be more practical. It is much easier reading all postings on a topic. I find myself clearing my tomcat users list inbox every morning, while on forums I visit I check out the new or updated topics. The forums these days let you subscribe to topics or complete forums and send you a notification when a new topic gets started or updated. Use gmail to read list. You'll have a 'forum'. I do really hope we won't switch to web-based-something. -- Mikolaj Rydzewski - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org I noticed something. I've been subscribed to this ML for a long time, never participated much. I'm using gmail for the list and filter the messages into their own label and archive them. Recently I became involved in a discussion because it had a direct reflection on my experience in work. I ended up doing a simplistic patch which hasn't been accepted yet, however since that point I also had to join the dev mailing list. Since I had to check both ML's I've been doing it regularly, though it may just be a fad with me. The point is once your involved in something, doing more than just looking for answers a Mailing list is much better, it involves you much more directly. I don't have to check 10 sites for my 10 subscribed mailing lists. The emails are just there all filtered into their own labels (folders). So its probably better for a open source project to use a mailing list. The dev list has other special functions you just wouldn't see working with a forum, such as having the commit logs mailed, and the bugs mailed. This doesn't work well with forums as you'd either have one massive topic or spam with several little topics. Having said all that though I woudn't attempt to read these lists with outlook/outlook express or thunderbird. That just wouldn't work for me. So forums better for finding answers. Mailing lists better for participating. Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
m.h.g.emme...@dnb.nl : I agree. A forum would be more practical. Please argue. I dont find how a PHPBB-like will be more practical. But you will probably tech me :-) -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche Developpement +261 34 56 000 19 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat not listening on specified port
On 24.9.2010 7:37, Garg, Saman wrote: We are using tomcat-6.0.24 with jdk1.6.0.17 on RHEL 3 OS. We have a wrapper script which sets few variables and then call tomcat.start to start up the instance. In the tomcat log, I do see org.apache.jk.common.ChannelSocket init not getting loaded on the start of tomcat. You might post your logs here, as well as both server.xml files, with sensitive data removed. If you are running multiple instances check if all configuration ports are different. Aside from HTTP port, there are others that should be different like HTTPS, AJP and shutdown port (default is 8005). -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat performance tuning
Support, I Installed tomcat 5.5.20 version in my Windows 2008 server and the java version is Java 1.6.0.b105.We are using 2 Mbps Bandwidth Leased line.In tomcat we hosted around 5(five) application.When the no of seesion increases more than 1600 session the total application is slow and not able to open the application sometime. 1) How can I tune this application in server side for better performance in tomcat side as well as java? 2) I noticed that the current thread busy count is less but the number session is more.What might be the problem? 3)More over for a IP more sessions are opened(noticed via Lambda probe).Is there any problem in that? 4)What is mean by serilizable? For my application it is showing as No 5)What is mean by a)Max Threads b)Min and Max spare threads c)current thread count and current thread busy? Please help me Regards Rujinraj. System Administrator
Re: Tomcat performance tuning
Rujin, I Installed tomcat 5.5.20 version in my Windows 2008 server and the java version is Java 1.6.0.b105.We are using 2 Mbps Bandwidth Leased line.In tomcat we hosted around 5(five) application.When the no of seesion increases more than 1600 session the total application is slow and not able to open the application sometime. In order to solve your problem, you must first determine what is the bottleneck of your system. Is it a) network, b) RAM, c) CPU, or d) hard disk? Use appropriate tools to figure that out first. I must notice that 1600 sessions is quite a large number for 2mbps link. Do you invalidate sessions and do you have a session timeout setting? Some frameworks, like JSF implementations, might introduce extensive session creation if not used properly. Please explain when is your session created and when is destroyed. 1) How can I tune this application in server side for better performance in tomcat side as well as java? That depends on the reason for slow down. Most of the time it is not JVM or Tomcat's fault, but faulty webapp. For start, I would recommend to analyze JVM memory consumption, memory dump, session content, and to tweak with -Xmx and -Xms parameters, if you didn't already do that. Also watch for garbage collection, how often it happens and when. 2) I noticed that the current thread busy count is less but the number session is more.What might be the problem? Those two are not directly related. Active busy thread count is related to the number of *simultaneous* requests, while active sessions might not issue requests at all (just waiting to be invalidated upon timeout). 3)More over for a IP more sessions are opened(noticed via Lambda probe).Is there any problem in that? Sorry, I don't understand this question. 4)What is mean by serilizable? For my application it is showing as No That means that Tomcat will be able to persist your sessions to hard disk in case of shutdown, and to reload them upon start up. Which means that if your sessions are serializable, you will be able to keep them across Tomcat restarts, while if they are not, they will be lost. 5)What is mean by a)Max Threads b)Min and Max spare threads c)current thread count and current thread busy? a. Maximum number of threads Tomcat will create to answer your clients request. That should be over of predicted maximum number of simultaneous requests (not sessions!). b. Minimum and maximum of threads that are currently not answering any requests. Minimum will ensure that there is available thread when new request comes, and maximum will ensure that JVM does not keep too many threads doing nothing and eating up resources. c1. Current number of active threads processing requests, or waiting to process requests. c2. Current number of active threads processing requests. They relate like this: thread_busy = thread_busy + spare_min = thread_active = thread_busy + spare_max = max_threads -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
On 9/24/2010 4:06 AM, Wesley Acheson wrote: ... The point is once your involved in something, doing more than just looking for answers a Mailing list is much better, it involves you much more directly. I don't have to check 10 sites for my 10 subscribed mailing lists. The emails are just there all filtered into their own labels (folders). So its probably better for a open source project to use a mailing list. +1. I actually prefer NNTP groups, but mailing lists are a close second. As soon as you need to follow more than one group, e-mail is much more efficient than a web-based forum. The dev list has other special functions you just wouldn't see working with a forum, such as having the commit logs mailed, and the bugs mailed. This doesn't work well with forums as you'd either have one massive topic or spam with several little topics. Having said all that though I woudn't attempt to read these lists with outlook/outlook express or thunderbird. That just wouldn't work for me. T-bird works fine once you set filters to organize the e-mails. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
But I'm too lazy to go fishing for questions I could answer ... I like them showing up in my inbox. If there in a web forum I'm not going to go looking for them. When I'm looking for an answer to one of my questions, google is my first stop and the tomcat list is archived online. --David On 9/24/2010 3:01 AM, Brian wrote: At least someone thinks the same way I do! From: m.h.g.emme...@dnb.nl [mailto:m.h.g.emme...@dnb.nl] Sent: Friday, September 24, 2010 12:48 AM To: Tomcat Users List Subject: Re: Why an email list, and not a forum? I agree. A forum would be more practical. It is much easier reading all postings on a topic. I find myself clearing my tomcat users list inbox every morning, while on forums I visit I check out the new or updated topics. The forums these days let you subscribe to topics or complete forums and send you a notification when a new topic gets started or updated. regards, Milko Brian bbprefix-m...@yahoo.com 24-09-2010 02:19 Please respond to Tomcat Users List users@tomcat.apache.org To users@tomcat.apache.org cc Subject Why an email list, and not a forum? Hi, Just a thought: Why is this support taking place in an email list, instead aof a web based forum? Please consider the environment before printing this email. De informatie verzonden met dit e-mailbericht is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Indien u als niet-geadresseerde dit bericht ontvangt, wordt u verzocht direct de afzender hierover te informeren en het bericht te vernietigen. Gebruik van informatie door onbevoegden, openbaarmaking of vermenigvuldiging is verboden en kan leiden tot aansprakelijkheid. De afzender is niet aansprakelijk in geval van onjuiste overbrenging van het e-mailbericht en/of bij ontijdige ontvangst daarvan. The information transmitted is confidential and intended only for the person or entity to whom or which it is addressed. If you are not the intended recipient of this communication, please inform us immediately and destroy this communication. Unauthorised use, disclosure or copying of information is strictly prohibited and may entail liability. The sender accepts no liability for improper transmission of this communication nor for any delay in its receipt. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
Sorry, but I don't get why people can't delete emails on topics they aren't interested in; do some people here feel the need to read all the spam they get? Michel - Original Message - From: David kerber dcker...@verizon.net To: users@tomcat.apache.org Sent: Friday, September 24, 2010 8:00 AM Subject: Re: Why an email list, and not a forum? On 9/24/2010 4:06 AM, Wesley Acheson wrote: ... The point is once your involved in something, doing more than just looking for answers a Mailing list is much better, it involves you much more directly. I don't have to check 10 sites for my 10 subscribed mailing lists. The emails are just there all filtered into their own labels (folders). So its probably better for a open source project to use a mailing list. +1. I actually prefer NNTP groups, but mailing lists are a close second. As soon as you need to follow more than one group, e-mail is much more efficient than a web-based forum. The dev list has other special functions you just wouldn't see working with a forum, such as having the commit logs mailed, and the bugs mailed. This doesn't work well with forums as you'd either have one massive topic or spam with several little topics. Having said all that though I woudn't attempt to read these lists with outlook/outlook express or thunderbird. That just wouldn't work for me. T-bird works fine once you set filters to organize the e-mails. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
Absolutely. I have no problem parsing and deleting. --David On 9/24/2010 8:18 AM, michel wrote: Sorry, but I don't get why people can't delete emails on topics they aren't interested in; do some people here feel the need to read all the spam they get? Michel - Original Message - From: David kerber dcker...@verizon.net To: users@tomcat.apache.org Sent: Friday, September 24, 2010 8:00 AM Subject: Re: Why an email list, and not a forum? On 9/24/2010 4:06 AM, Wesley Acheson wrote: ... The point is once your involved in something, doing more than just looking for answers a Mailing list is much better, it involves you much more directly. I don't have to check 10 sites for my 10 subscribed mailing lists. The emails are just there all filtered into their own labels (folders). So its probably better for a open source project to use a mailing list. +1. I actually prefer NNTP groups, but mailing lists are a close second. As soon as you need to follow more than one group, e-mail is much more efficient than a web-based forum. The dev list has other special functions you just wouldn't see working with a forum, such as having the commit logs mailed, and the bugs mailed. This doesn't work well with forums as you'd either have one massive topic or spam with several little topics. Having said all that though I woudn't attempt to read these lists with outlook/outlook express or thunderbird. That just wouldn't work for me. T-bird works fine once you set filters to organize the e-mails. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
On 24/09/2010 01:19, Brian wrote: Hi, Just a thought: Why is this support taking place in an email list, instead aof a web based forum? One might as well ask why mailing lists exist at all in the shiny new world of Web 2.0. The ASF practice is to use mailing lists to keep a public record of support discussions and development decisions. There are some websites which provide web access to these lists, e.g. Markmail, Nabble. Being solely web-based would be limitation rather than an enhancement. p (IMO PHPBB is a horrible, horrible application.) 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Tomcat not listening on specified port
On 24/09/2010 09:37, Ognjen Blagojevic wrote: On 24.9.2010 7:37, Garg, Saman wrote: We are using tomcat-6.0.24 with jdk1.6.0.17 on RHEL 3 OS. We have a wrapper script which sets few variables and then call tomcat.start to start up the instance. In the tomcat log, I do see org.apache.jk.common.ChannelSocket init not getting loaded on the start of tomcat. You might post your logs here, as well as both server.xml files, with sensitive data removed. If you are running multiple instances check if all configuration ports are different. Aside from HTTP port, there are others that should be different like HTTPS, AJP and shutdown port (default is 8005). ... and post the wrapper script. p 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Tomcat 6.0.28 w/ VeriSign SSL TLS -- Errors upon startup.
Hi Mark, I'm a little less familiar with the subjects at hand in your last response. Is there a specific old bug that you're referring to? Should I be installing 6.0.29 instead of 6.0.28? Also, where is the native DLL, and what should it be named for 6.0.28? -- Sean On Thu, Sep 23, 2010 at 3:47 PM, Mark Thomas ma...@apache.org wrote: On 23/09/2010 11:48, Sean Killeen wrote: Sorry for the additional reply but I found some additional information that might be relevant: We have a tomcat 6.0 installation that is referring to the same keystore with the same connector that starts up without error. However, the Tomcat 6.0.28 instance starts up with error. I did a diff on the files with Notepad++ and they are pretty much exactly the same. I pasted my 6.0 connector to replace 6.0.28 default connectors in the server.xml file. Given this, any idea what my next steps might be? You might be hitting an old bug. Make sure the native dll is renamed as well. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6.0.28 w/ VeriSign SSL TLS -- Errors upon startup.
From: Sean Killeen [mailto:seankill...@gmail.com] Subject: Re: Tomcat 6.0.28 w/ VeriSign SSL TLS -- Errors upon startup. Also, where is the native DLL, and what should it be named for 6.0.28? Rename bin/tcnative-1.dll to something that doesn't end in .dll. That will insure APR does not get used. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.28 w/ VeriSign SSL TLS -- Errors upon startup.
@ Chuck / Mark, I have renamed the tcnative-1.dll to tcnative-1.skdll, and have commented out the AprLifecycleListener line. And it works! :) So, something to know is that despite Commenting out the AprLifecycleListener line, it was still looking for the DLL, which had to be renamed. I think that probably solves my issue -- thanks for all the help and support! All the best, Sean On Fri, Sep 24, 2010 at 9:07 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Sean Killeen [mailto:seankill...@gmail.com] Subject: Re: Tomcat 6.0.28 w/ VeriSign SSL TLS -- Errors upon startup. Also, where is the native DLL, and what should it be named for 6.0.28? Rename bin/tcnative-1.dll to something that doesn't end in .dll. That will insure APR does not get used. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian, On 9/24/2010 2:22 AM, Brian wrote: Well, IT WORKED! Excellent. Now the previous thing that went wrong is able to show its details in the log. What is that? A Struts tag that tries to output the content of a bean that is not present even though it should (this is the Struts tag: bean:write name=TEXT-NoteNoShippingFees/). How is the bean declared in the page? Or, is it declared in one page and used in another? That bean should always be present, because it is created in the previous Struts action. Where is it stored? Remember that there are 4 scopes (in increasing order of specificity): application, session, request, and page. If your page is looking in request scope, but the bean is in the session, it won't be found. Or, alternatively, if you store a bean in the request and issue a redirect, then the bean has likely been discarded. How can it be missing SOMETIMES, if it is not the only bean that is being created in the previous action, and others of these beans that are created in the action are present in the page? I guess it has something to do with the buffer that gets full sometimes, or am I wrong? What do you think? You'll have to give us more details. Note that this is not a Struts forum, though many of us (including myself) have Struts experience and would be glad to help. Technically, you ought to start a new thread since you're asking about a new subject (this helps people find answers to their questions when searching the archives). In fact, I have had LOTs of problems with beans that dissappear even though they should be present because they were created in the previous actions. I have been dealing with these randomic problem for YEARS, and I applied just a patch for that (If the bean is not present, redirect to the home page instead of showing an error message and dumping a trace in the log). That was just a workaround, and not a clean solution. I will try now to use a buffer with 16K, to see if that will solve this. Could you also be experiencing session timeouts that aren't properly handled? Does your application use any kind of authentication and authorization? If not, you could easily be seeing visitors with expired sessions accessing actions that expect the session to be in a certain state. There are lots of ways to fix this kind of thing, but the remedies all depend upon your requirements and application architecture. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkycqy0ACgkQ9CaO5/Lv0PDGMgCgktZRGzJLSmg6KLu1fMhu0G+J 66oAniuA/KNxzzRpYyJEqOgadZZ79tF2 =EjKC -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to reproduce tomcat security vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Viola, On 9/22/2010 11:29 PM, viola lu wrote: thanks. I tried it on tomcat 6.0.26, and 6.0.29, it worked for the second one, i can get correct response headers on tomcat 6.0.26 and tomcat 6.0.29: tomcat 6.0.26 What is the first one and the second one? The bugs you mentioned in your first post? Remember, not everyone is thinking what you're thinking: please be clear when posting. suse10sp268:~ # wget -S -O - --post-data='test send post' http://9.125.1.248:8080/BasicAuthor_without_realm/BasicAuthor --07:21:33-- http://9.125.1.248:8080/BasicAuthor_without_realm/BasicAuthor = `-' Connecting to 9.125.1.248:8080... connected. HTTP request sent, awaiting response... HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 *WWW-Authenticate: Basic realm=9.125.1.248:8080* Good: this reproduces the bug. *tomcat 6.0.29:* suse10sp268:~ # wget -S -O - --post-data='test send post' http://9.125.1.248:8080/BasicAuthor_without_realm/BasicAuthor --07:24:02-- http://9.125.1.248:8080/BasicAuthor_without_realm/BasicAuthor = `-' Connecting to 9.125.1.248:8080... connected. HTTP request sent, awaiting response... HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 *WWW-Authenticate: Basic realm=Authentication required* ...and this shows that the bug has been fixed: no IP and port. But for the first one, both got the same response: 200 OK as below: suse10sp268:~ # wget -S -O - --header='Transfer-Encoding:unsupported' --post-data='test send post' http://9.125.1.248:8080/SecurityTomcat/SecurityServlet --07:12:16-- http://9.125.1.248:8080/SecurityTomcat/SecurityServlet = `-' Connecting to 9.125.1.248:8080... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html Content-Length: 61 Date: Thu, 23 Sep 2010 03:09:09 GMT Connection: keep-alive Length: 61 [text/html] 0% [ ] 0 --.--K/s unsupported application/x-www-form-urlencoded 9.125.1.248 100%[=] 61--.--K/s 07:12:16 (7.27 MB/s) - `-' saved [61/61] Seems no difference on tomcat 6.0.26 and tomcat 6.0.29, is there something wrong? Maybe this is sensitive to other conditions as well. On 9/24/2010 12:57 AM, viola lu wrote: After debug into tomcat source code, i found that if transfer-encode is set as 'buffered', tomcat 6.0.26 will report null pointer exception in buffered filter recycle, but in tomcat 6.0.29 , directly report 501 error. But not sure attackers how to obtain sensitive information via a crafted header? When buffers are not recycled properly, information /can/ leak across requests. This means that, under the right conditions, an attacker /might/ be able to exploit the server to disclose information. Just because a vulnerability does not have an exploit doesn't mean it's not a vulnerability: the possibility exists that information can be disclosed. It's not absolutely necessary to be able to actually steal information from a server to be considered a vulnerability. This one might not be reproducible in any predictable way. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkycrgEACgkQ9CaO5/Lv0PDJMgCfZbZmJQzqGKx8vwQ6m7IGd+HV OR4AnjjvmJ37pfrQFtii+lUaRPruYaKD =vKvJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Logging Not Working Properly
I can't get logging to work properly with tomcat(. The file handler prefix
works but anything below INFO does not show up in the log! What could be wrong?
I declare the logger in my classes like the following:
private static Logger logger =
Logger.getLogger(JessServletCommand.class.getName());
My logging.properties file is in my WEB-INF/classes directory. It is the
following:
handlers = org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
# Handler specific properties.
# Describes specific configuration info for Handlers.
org.apache.juli.FileHandler.level = FINE
org.apache.juli.FileHandler.directory = ${catalina.base}/logs
org.apache.juli.FileHandler.prefix = test.
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
RE: Why an email list, and not a forum?
-Original Message- From: Hassan Schroeder [mailto:hassan.schroe...@gmail.com] Sent: Thursday, September 23, 2010 7:40 PM To: Tomcat Users List Subject: Re: Why an email list, and not a forum? On Thu, Sep 23, 2010 at 5:33 PM, Brian bbprefix-m...@yahoo.com wrote: But what if you just want to receive responses to your question, instead of receiving all the emails that is being writen? Or to put it another way -- what if you only want to be a taker, without any intention of participating in a community of users and giving back when you can? I'm sure there's a name for that. Vampires? Mail lists are an old method. Web based forums are more efficient. And even forums (such are the ones powered by phpBB) are not the latest solution. What *is* the latest solution*, then, in your opinion? -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat connection pool - status and future?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason, On 9/23/2010 4:26 PM, Jason Pringle wrote: I started by researching available connection pools for tomcat, and it seems most folks either use DBCP (which has a host of issues) What issues are you thinking of, specifically. These? http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html Of those 10 objections, only 4 of them are actual objections. #5 No releases in a while is not a valid complaint, and the remainder are actually talking about what the new CP has to offer, not judgments against DBCP. What the heck is a static interface, by the way? Note that Tomcat's default connection pool is based upon DBCP. or C3PO (which has its own issues, including that it is LGPL licensed). The biggest problem with C3P0 is that it's unsupported (I heard... I can't find anywhere that it says the project is actually dead, but it's been over 3 years since their last release, and it's clearly labeled beta). It looks like they might be thinking about another point release. What's wrong with LGPL? I'm not trying to start a holy war... just curious about your objections. The feature page of the tomcat connection pool (http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html) seems quite promising, but to be honest, it concerns me that the module is only readily available from a commiter's pages or from source. That is a shame. 3) Is it considered released or still in a beta stage (I found the beta announcement from 2008)? Don't be fooled by the 1.0.8.5 version number: the fact that it's greater than 1 or doesn't have beta or alpha or pre in it's name has no bearing on its stability or quality. At least, that appears to be how the Tomcat team versions things. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyctJwACgkQ9CaO5/Lv0PD15wCgrFjgCYifhkwPZ6r50CYTCVv4 jmMAn0IoBYBvSUT+sGRP+EJidfE1U/Vt =kocK -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Errors not logging to catalina.out after redeploy
Hi Chuck, thanks for your reply. On 9/24/10 12:14 AM, Caldarale, Charles R wrote: From: Roy McMorran [mailto:mcmor...@mdibl.org] Subject: Errors not logging to catalina.out after redeploy Ordinarily if an exception occurs this will be logged to catalina.out. When Tomcat is first started (we use jsvc) this is the case as expected. However if the webapp is redeployed (without a restart of Tomcat) errors are no longer logged to catalina.out. Restarting will return it to the normal behavior (until the next redeploy). What kind of errors are you referring to? For instance the stack trace from a null pointer exception (this is a development box). See below for a better description of the behavior. Do they show up in any of the Tomcat logs? No. Do you have swallowOutput set for the webapp? No. Didn't when at 6.0.20 either. Does the webapp have its own logging mechanism? Yes, log4j, but these are messages that wouldn't ordinarily be logged by this mechanism, eg a NPE. If so, is there some form of console handler configured for it? No, no console handler. Here is a more succinct description of the symptoms as described by the developer: (1) Servlet contains the following code: System.out.println((1) to stdout); System.err.println((2) to stderr before NPE); String foo = null; System.out.println(foo.toUpperCase()); // Cause NPE System.err.println((3) to stderr after NPE); (2) Deploy app to tomcat (3) Re-start tomcat-jsvc (4) Access servlet (unlimited times): catalina.out shows System.out message, first System.err message, and then the NPE stacktrace. (5) Re-deploy app to servlet without restarting tomcat (6) Access servlet: catalina.out shows shows System.out message, first System.err message, but NOT the NPE stacktrace (even though it is occurring). (7) Re-start tomcat-jsvc (8) Same behavior as #4. The behavior at #6 is new since our upgrade from 6.0.20 to 6.0.29. Thanks, Roy -- Roy McMorran Systems Administrator MDI Biological Laboratory mcmor...@mdibl.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: NioBlockingSelector consuming all CPU
Hi list. There is no way to find out what is going with tomcat and the CPU reaching 150%. I have been trying to identify the root cause of this issue. The problem is that with tomcat 6.0.16 the application works very well, but with tomcat 6.0.29 we get this problem. I updated the JVM from jdk 1.6.0_05 to jdk 1.6.0_21 and the problem remais. Once the CPU reach more that 100%, it never comes down unless we restart the container. I also tried with the APR connector, but the container didnt start up with this change so i rolledback to Http11NioProtocol (since we are using comet in our application). PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 30186 apache25 0 657m 291m 8112 S 150 14.5 200:47.69 java 3615 apache15 0 21216 7736 3424 S0 0.4 0:00.32 httpd 3618 apache15 0 22056 8548 3400 S0 0.4 0:00.42 httpd 25181 apache15 0 20820 7296 3384 S0 0.4 0:00.25 httpd 25394 apache15 0 19820 4256 1204 S0 0.2 0:00.00 httpd I appreciate if there is anyone else who could give any idea, i ran out of tries that i could think of. I dont want to go back and use a previous version other than 6.0.29, but i think i will have no choice. Thanks Thiago * * Thiago Locatelli da Silva escreveu: Hi Chuck, thanks for the reply. I am using CentOS linux with kernel version 2.6.18-53.1.13.el5. I have changed the BIO Connector due to our application which makes use of the comet functionality. This has been a hard time since I need to make the application work with tomcat 6.0.29 and after some changes done on the release 6.0.19 the application stopped working. - Thiago Caldarale, Charles R escreveu: From: Thiago Locatelli da Silva [mailto:thiago.si...@digitro.com.br] Subject: NioBlockingSelector consuming all CPU I am running tomcat 6.0.29 with jdk 1.6.0_21 (under linux) Which Linux vendor and version? Others have reported this problem with a 2.4 kernel, with the problem going away under 2.6. You could also try the normal BIO connector or APR to see if that makes a difference. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Why an email list, and not a forum?
-Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, September 24, 2010 7:39 AM To: Tomcat Users List Subject: Re: Why an email list, and not a forum? On 24/09/2010 01:19, Brian wrote: Hi, Just a thought: Why is this support taking place in an email list, instead aof a web based forum? One might as well ask why mailing lists exist at all in the shiny new world of Web 2.0. The ASF practice is to use mailing lists to keep a public record of support discussions and development decisions. There are some websites which provide web access to these lists, e.g. Markmail, Nabble. Being solely web-based would be limitation rather than an enhancement. +1 p (IMO PHPBB is a horrible, horrible application.) Can't comment on that last bit. Personally, I like the mailing list format for this project. It's really helped expand my understanding of Tomcat by reading topics that normally I wouldn't have thought to go looking for. I've had my eyes opened on some issues that I normally would not have gone looking for on a web-based forum. In turn, I've then educated my development team on those issues and our product has improved because of it. For usage, I use *shudder* Outlook, have a rule which dumps all properly formatted list emails into a dedicated folder, which is sorted by conversation, newest on top. From that, I can delete whole threads based on subjects that I can tell have no relevance for me at this point. I also clear out topics as I read them if they've been resolved, or found I'm not interested. If they later interest me enough to contribute, I can go to MarkMail or Nabble and review the thread. Works great. I do subscribe to some web-based forums, notably Linux Questions and Installshield Community, but find I hardly ever use them, much less contribute. I comfortable enough with Linux that I don't have that many Qs, and don't use IS enough during a year to need a lot of help, much less consider myself knowledge-able enough to contribute answers. This format seems nearly perfect for me for this group. Jeff __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat connection pool - status and future?
On 9/24/10 10:24 AM, Christopher Schultz wrote: The biggest problem with C3P0 is that it's unsupported (I heard... I can't find anywhere that it says the project is actually dead, but it's been over 3 years since their last release, and it's clearly labeled beta). It looks like they might be thinking about another point release. Just jumping in here - given this and given my case of a legacy Java app that really needs a platform refresh in a bad way before app problems can be addressed, is a migration path away from c3p0 called for and if so, toward what? - Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
Hi Christoper, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, September 24, 2010 08:44 AM To: Tomcat Users List Subject: Re: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian, On 9/24/2010 2:22 AM, Brian wrote: Well, IT WORKED! Excellent. Now the previous thing that went wrong is able to show its details in the log. What is that? A Struts tag that tries to output the content of a bean that is not present even though it should (this is the Struts tag: bean:write name=TEXT-NoteNoShippingFees/). How is the bean declared in the page? Or, is it declared in one page and used in another? The previous Struts actions places it in the session object. That bean should always be present, because it is created in the previous Struts action. Where is it stored? Remember that there are 4 scopes (in increasing order of specificity): application, session, request, and page. If your page is looking in request scope, but the bean is in the session, it won't be found. Or, alternatively, if you store a bean in the request and issue a redirect, then the bean has likely been discarded. It is stored in the session, just because I wanted to avoid the problems that happen when you redirect. That means that the bean will consume memory while the session is alive (instead of just for the time the request or response is alive), but memory is not a big issue here. That makes me think that the buffer full, then flushed is maybe the reason why the bean dissappears somehow. I have increased the buffer from 8k to 64k, and I will keep an eye on the log to see if it still happens. How can it be missing SOMETIMES, if it is not the only bean that is being created in the previous action, and others of these beans that are created in the action are present in the page? I guess it has something to do with the buffer that gets full sometimes, or am I wrong? What do you think? You'll have to give us more details. Note that this is not a Struts forum, though many of us (including myself) have Struts experience and would be glad to help. Technically, you ought to start a new thread since you're asking about a new subject (this helps people find answers to their questions when searching the archives). You are right. If the problem still exists, I will seach for a solution in another source dedicated to Struts. This is no more related to Tomcat directly. In fact, I have had LOTs of problems with beans that dissappear even though they should be present because they were created in the previous actions. I have been dealing with these randomic problem for YEARS, and I applied just a patch for that (If the bean is not present, redirect to the home page instead of showing an error message and dumping a trace in the log). That was just a workaround, and not a clean solution. I will try now to use a buffer with 16K, to see if that will solve this. Could you also be experiencing session timeouts that aren't properly handled? Does your application use any kind of authentication and authorization? If not, you could easily be seeing visitors with expired sessions accessing actions that expect the session to be in a certain state. The sessions expire if 2 hours have passed, and if that happens, the system forwards them to another page. I mean, in my programming I already considered what should happen if the session suddenly expired, and it should not arrive to this point. Thanks! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
On Fri, Sep 24, 2010 at 5:29 PM, Brian bbprefix-m...@yahoo.com wrote: Hi Christoper, The sessions expire if 2 hours have passed, and if that happens, the system forwards them to another page. I mean, in my programming I already considered what should happen if the session suddenly expired, and it should not arrive to this point. Thanks! You can't be sure that's whats happening though. The browser can make its own rules with session cookies. Unlikely but possible for the cookies to be deleted sometimes. Some people may not accept session cookies in the first place. Are you encoding the urls for sessions too? Where's the bean being set in an Interceptor, in a filter, on an earlier page in the session? Is it possible that you've missed a route to the pages which should always have this bean? Is it possible that people are directly navigating to the page that throws the error (say via a bookmark, or got a cached search engine result)? My advise would be (assuming you have an access log enabled that contains the session id). Look at the access log. Try to figure out the route the person took through your site. How long between page views? Was there some detail that they entered in the bean which was unserialiasble etc. I doubt anyone here can tell you the answer to your new problem, it too dependant on your new environment, however hopefully we will point you in a good direction to start looking. Also you can start a new thread as Christopher put but mark it OT. (if you don't believe tomcat is at fault). Regards, Wesley Acheson - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
Hi Wesley, -Original Message- From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Sent: Friday, September 24, 2010 10:44 AM To: Tomcat Users List Subject: Re: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed On Fri, Sep 24, 2010 at 5:29 PM, Brian bbprefix-m...@yahoo.com wrote: Hi Christoper, The sessions expire if 2 hours have passed, and if that happens, the system forwards them to another page. I mean, in my programming I already considered what should happen if the session suddenly expired, and it should not arrive to this point. Thanks! You can't be sure that's whats happening though. The browser can make its own rules with session cookies. Unlikely but possible for the cookies to be deleted sometimes. Some people may not accept session cookies in the first place. That is interesting. I think I need to study that subject... Oh, regarding people not accepting cookies: Struts then mantains a jsessionid in the URL. Are you encoding the urls for sessions too? Where's the bean being set in an Interceptor, in a filter, on an earlier page in the session? Is it possible that you've missed a route to the pages which should always have this bean? I use Struts. All my URLs are actions (.do). So for all of them, a java code is executed, whish creates the bean and stores it in the session. Is it possible that people are directly navigating to the page that throws the error (say via a bookmark, or got a cached search engine result)? I already considered that in my programming, years ago. If they do, it doesn matter. The actions still execute given that they access a .do and not a .jsp, and the bean gets created immediately before, before the JSP is sent to the response. And if other beans that should be present (because they should have been created, if they followed a regular path of actions in my site) are not present, the client is redirected to the home page. That certainly happens a lot, given that my site gets thousands of request from the crawlers such as GoogleBot! And they do whatever they want, certainly. My advise would be (assuming you have an access log enabled that contains the session id). Look at the access log. Try to figure out the route the person took through your site. How long between page views? Was there some detail that they entered in the bean which was unserialiasble etc. GOOD IDEA! I will do it! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Help with jasypt (Java Security). NoClassDefFoundError.
I am new to jasypt. I have installed the commons libraries that came with the jasypt download in Apache.../common/lib. The class not being found is in one of the libraries. Tomcat 5.0, Java 1.4 running on Windows. Do I need to do something in addition to copying the jar files into common/lib? commons-codec-1.1.jar, commons-lang-2.1.jar, jasypt-1.6.jar from jasypt dist. icu4j-charsets-4_4_1_1.jar, icu4j-4_4_1_1.jar from icu website. Also, once I get past this error, will I need BOTH icu libraries.This exception is on Windows development machine. java.lang.NoClassDefFoundError: org/apache/commons/lang/exception/NestableRuntimeException java.lang.ClassLoader.defineClass0(Native Method) java.lang.ClassLoader.defineClass(ClassLoader.java:539) java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123) java.net.URLClassLoader.defineClass(URLClassLoader.java:251) java.net.URLClassLoader.access$100(URLClassLoader.java:55) java.net.URLClassLoader$1.run(URLClassLoader.java:194) java.security.AccessController.doPrivileged(Native Method) java.net.URLClassLoader.findClass(URLClassLoader.java:187) java.lang.ClassLoader.loadClass(ClassLoader.java:289) java.lang.ClassLoader.loadClass(ClassLoader.java:235) java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) org.jasypt.util.text.BasicTextEncryptor.init(BasicTextEncryptor.java:67) org.apache.jsp.jasyptExample_jsp._jspService(jasyptExample_jsp.java:83) ---this is mine... org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) Below is my simple test servlet page import=org.jasypt.util.text.* String password = 2010-09-23 11:21; String origText = 123456789abcdef,f6c; BasicTextEncryptor textEncryptor = new BasicTextEncryptor();textEncryptor.setPassword(password); String quePaso = textEncryptor.encrypt(origText); String plainText = textEncryptor.decrypt(quePaso); out.println(password+/+origText+/+quePaso+/+plainText); - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Help with jasypt (Java Security). NoClassDefFoundError.
From: Steve Ryder [mailto:sry...@jsrsys.com] Subject: Help with jasypt (Java Security). NoClassDefFoundError. I am new to jasypt. So are we; it's not part of Tomcat. Tomcat 5.0 Not supported. Java 1.4 Not supported. Start again. (Apologies to S Beckett.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wesley, On 9/24/2010 4:06 AM, Wesley Acheson wrote: Having said all that though I woudn't attempt to read these lists with outlook/outlook express or thunderbird. That just wouldn't work for me. I use tb, and it works great for my needs. I can always see the threads I'm participating in, and the latest messages show up at the bottom of my folder (which is my preference... others prefer the top). So forums better for finding answers. Mailing lists better for participating. I find that the ML archives are great, particularly the ones maintained at markmail.org. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc2EkACgkQ9CaO5/Lv0PALAQCfb87uEKpB3V/GplKH1Eskd2JF zhQAoIbXKc3pLnm7svU6uqD2kLVNdnOr =40p2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help with jasypt (Java Security). NoClassDefFoundError.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve, On 9/24/2010 12:17 PM, Steve Ryder wrote: java.lang.NoClassDefFoundError: org/apache/commons/lang/exception/NestableRuntimeException This is likely to be due to your placement of libraries. Aside from Chuck's comments (with which I completely agree: it's upgrade time for you), I would suggest that you place /all/ libraries your web application needs into the webapp's WEB-INF/lib directory, and not use common/lib for any of that stuff. Moving your libraries from the common to the webapp's lib directory is likely to solve this problem for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc2XwACgkQ9CaO5/Lv0PC34QCdHmCZ8/01n9wQD3gvKvaH2hD1 MmkAoJt6H9CxBYbRvCyeHUo7HR3OR7lr =F5qN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat connection pool - status and future?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff, On 9/24/2010 11:14 AM, Jeff Hubbs wrote: On 9/24/10 10:24 AM, Christopher Schultz wrote: The biggest problem with C3P0 is that it's unsupported (I heard... I can't find anywhere that it says the project is actually dead, but it's been over 3 years since their last release, and it's clearly labeled beta). It looks like they might be thinking about another point release. Just jumping in here - given this and given my case of a legacy Java app that really needs a platform refresh in a bad way before app problems can be addressed, is a migration path away from c3p0 called for and if so, toward what? That's tough to tell. See Mark's comments regarding DBCP, which are positive in my view. Also, the C3P0 folks had another semi-release back in April, so maybe they're actually coming back. I would highly recommend talking to the people on that team to see what their plans are. I can see that their forum is full of complaints about deadlock, though that may be due to misconfiguration or their applications' interference with the library. I wouldn't be surprised to hear a lot of complaints about DBCP deadlocking, too. It's like buying a wireless router on Amazon: half the reviews for X say best router I ever had, I switched away from Y which was a POS and then you go look at the reviews for Y and they say the same thing with X and Y reversed. I would say that if things are working for you, there's no reason to switch at all: it's not like a connection pool is a significant part of your infrastructure (meaning that switching shouldn't be too traumatic to your code). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc2ocACgkQ9CaO5/Lv0PD3GwCcDg4k8rbtMcGC1kEhiptwuhEi iVwAnAr/T/27ID+qG9r97wPjN328A/Lx =vtD1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Client to communicate to SSL WebServices on tomcat
Yes, both client and firefox are on my local desktop.. Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Aravidu, On 9/23/2010 7:13 AM, aravidu wrote: Ok. Thanks. I fixed it and tested it again. Now it says this: Caused by: java.net.SocketException: SocketException invoking https://host:8081/myapp/endpoint: Software caused connection abort: recv failed Caused by: java.net.SocketException: Software caused connection abort: recv failed Sounds like a firewall issue. I am sure the URL/endpoint is working because I am able to access the endpoint thru firefox. Are both Firefox and your client running on the same machine? What URL works correctly in your web browser? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkybX8gACgkQ9CaO5/Lv0PDUYwCdEwFSTVwS+7ZRIhgI+YwIWCq/ MjkAn2/O6uYRkuxyxMrwIyaNLuLc9DJ5 =LdWw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Client-to-communicate-to-SSL-WebServices-on-tomcat-tp29780497p29800702.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian, On 9/24/2010 11:29 AM, Brian wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, September 24, 2010 08:44 AM Where is it stored? Remember that there are 4 scopes (in increasing order of specificity): application, session, request, and page. If your page is looking in request scope, but the bean is in the session, it won't be found. Or, alternatively, if you store a bean in the request and issue a redirect, then the bean has likely been discarded. It is stored in the session, just because I wanted to avoid the problems that happen when you redirect. Are you sure that the user is hanging-on to the session? If the client doesn't support cookies, are you properly issuing a redirect? (If you use Struts's ActionForward with redirect=true in S1 or if you use a result type=redirect in S2 then you should be okay). That makes me think that the buffer full, then flushed is maybe the reason why the bean dissappears somehow. Very unlikely: the bean is put into the session far earlier than the error occurs, and the session shouldn't be damaged by anything like what you describe. Could you also be experiencing session timeouts that aren't properly handled? Does your application use any kind of authentication and authorization? If not, you could easily be seeing visitors with expired sessions accessing actions that expect the session to be in a certain state. The sessions expire if 2 hours have passed, and if that happens, the system forwards them to another page. How is that done? Not the forward... the detection of session expiration. I mean, in my programming I already considered what should happen if the session suddenly expired, and it should not arrive to this point. But it might end up there anyway :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc25YACgkQ9CaO5/Lv0PC81gCgo/rUKOR7kbFCpShpxaKDfb65 a6IAmwfqbITWH7w54XGfc2mtVj3/RZHH =tD97 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat connection pool - status and future?
On 09/23/2010 2:27 PM, Mark Thomas wrote: Several release attempts have failed due to a lack of interest. Lack of interest by whom? The development team or the tomcat community? That said, $work is using this as the default pool in a commercial product based on Tomcat with minimal issues. Ah yes, I do see that jar file in a commercial tomcat I downloaded recently. Overall, I'd suggest you take another look at DBCP. The historical issues with deadlocks have been fixed and syncs reduced to the bare minimum. jdbc-pool will easily beat it for performance in highly concurrent apps running on multi-core servers but apart from that, DBCP and jdbc-pool are pretty comparable and there are a number of areas where DBCP does a better job of making the pooled connection look like a normal connection. There are a few places where jdbc-pool requires extra (user written) interceptors to do this. Will do The next generation of DBCP will be based on Pool 2.0 which will be based on the Java 5 concurrency features. Current thinking is to 'borrow' code from jdbc-pool to update Commons Pool but that work has not been started. Ah - a roadmap :) Is there some chatter on the dev list to read up on here? This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Use of error page in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, On 9/23/2010 7:22 AM, Martin O'Shea wrote: form action='%= response.encodeURL(/myApp/loginPage) %' method = post I recommend a change to this: form action='%= response.encodeURL(request.getContextPath() + /loginPage) %' This will allow your webapp to be re-deployed under a different name without breaking. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc3I8ACgkQ9CaO5/Lv0PBTRwCcDsckC3lnUQTNEXVwy/yWiyo+ 5w4AoLtJ9rFX7XiGXgjjGa6frR65nM0N =YcMC -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Use of error page in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, On 9/23/2010 9:17 AM, Martin O'Shea wrote: Please advise how I'm not using the DSR because my config is wrong and parameters have been corrected as ? Sheesh, read the servlet spec. It's not that long, and it's not in Greek. form action='%= response.encodeURL(/myApp/login) %' method = post Wrong URL for authentication. td align = leftinput type = text name = j_username/td /Correct/ name for username field. td align = leftinput type = password name = j_password/td /correct/ name for password field. And where the web.xml file needs to be corrected? Not knowing what your web.xml looks like, now, I couldn't comment. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc3WsACgkQ9CaO5/Lv0PDYuACgkbHEsN56G+8VYKL3xurXDDOZ /XsAoJnDbp5/b5exytsYeCN1TPpiSbL0 =yne/ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Use of error page in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, On 9/23/2010 9:10 AM, Martin O'Shea wrote: Well, that's the code in the 6.0.20 samples I have. What examples are you reading? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc3bEACgkQ9CaO5/Lv0PDNNwCeNZ6Uq6DYwMOCEUNt0x9NGp9f 2cgAnjJ/2xbt+9cu9B0U7EtFkMrOW3qj =Xsix -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Consultant
My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Does anyone have any recommendations for a top notch consulting firm that could provide these services? -- View this message in context: http://old.nabble.com/Tomcat-Consultant-tp29800839p29800839.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat connection pool - status and future?
Chris, On 9/24/2010 7:24 AM, Christopher Schultz wrote: What issues are you thinking of, specifically. These? http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html Googling around shows many complaints about multithreaded behavior and connection dropping. Which (to me) suggests at least pockets of instability. The biggest problem with C3P0 is that it's unsupported (I heard... I can't find anywhere that it says the project is actually dead, but it's been over 3 years since their last release, and it's clearly labeled beta). It looks like they might be thinking about another point release. Unsupported (or weakly supported) is likely a deal breaker for us. What's wrong with LGPL? I'm not trying to start a holy war... just curious about your objections. Our legal department detests LGPL (lack of case law scares lawyers - nobody wants to BE the case law) and getting approval to use anything LGPL is near impossible. In some cases, for well known products (say Hibernate) our company has made legal arrangements with the owner (I don't know details, just that something's been done). I don't necessarily agree with the rules, I just have to follow them. The feature page of the tomcat connection pool (http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html) seems quite promising, but to be honest, it concerns me that the module is only readily available from a commiter's pages or from source. That is a shame. Which part is a shame? That I don't want to propose we put big $$$ at risk on a component that does not have a solid community of support, or that the community hasn't supported a promising component? NB: I'm not passing any judgement on the component itself, but a criterion for us to pull in FOSS is the level of community support etc. --Jason This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp
Re: tomcat connection pool - status and future?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jason, On 9/24/2010 1:26 PM, Jason Pringle wrote: On 9/24/2010 7:24 AM, Christopher Schultz wrote: What's wrong with LGPL? I'm not trying to start a holy war... just curious about your objections. Our legal department detests LGPL (lack of case law scares lawyers - nobody wants to BE the case law) and getting approval to use anything LGPL is near impossible. In some cases, for well known products (say Hibernate) our company has made legal arrangements with the owner (I don't know details, just that something's been done). Wow, I thought RMS was the craziest person out there when it came to OSS licenses. Apparently your legal department is even crazier. I would be shocked if any LGPL-licensed project came after you for using their library, assuming you didn't take their code, slap an interface on top of it, and then sell it as See Three Pee Oh. At any rate, it looks like the LGPL will be a blocker for you. Bummer. I don't necessarily agree with the rules, I just have to follow them. I understand. The feature page of the tomcat connection pool (http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html) seems quite promising, but to be honest, it concerns me that the module is only readily available from a commiter's pages or from source. That is a shame. Which part is a shame? The part about having to build it yourself or trust a build on a committer's page (though, if you don't trust the committer, I'm not sure you should trust the code). That I don't want to propose we put big $$$ at risk on a component that does not have a solid community of support At least you don't have to buy a license :) or that the community hasn't supported a promising component? Technically speaking, the promising component hasn't even emerged from a beta state, so it's not really available for support. To answer your question of markt: tomcat-dbcp has stagnated due to lack of interest from the Tomcat dev team itself. If you are motivated to pick up where Filip left-off, you are more than welcome to join the dev mailing list, start doing your own testing, and possibly even making over the project module. NB: I'm not passing any judgement on the component itself, but a criterion for us to pull in FOSS is the level of community support etc. Fair enough. I wonder why Filip lost interest. This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp Does your legal team know that these messages are archived and re-published? They might have a stroke if they knew... :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5fYACgkQ9CaO5/Lv0PB3UQCdHt7tA881R/d7TSgulaYo1eNf r4gAoJ9eYCtO34jdQDX7HrG4jb0tAf6F =Bx3o -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
http://www.springsource.com/support/professional-services SpringSource claims to be able to do this kind of thing. They were the first google result for tomcat consultant. Did you not search for that or did you disregard it? On Fri, Sep 24, 2010 at 10:25 AM, tdelesio tdele...@gmail.com wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Does anyone have any recommendations for a top notch consulting firm that could provide these services? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
HAHA. Opps I meant clustered. When you say top 5 which companies are you referring to? -- View this message in context: http://old.nabble.com/Tomcat-Consultant-tp29800839p29801197.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat connection pool - status and future?
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: tomcat connection pool - status and future? To answer your question of markt: tomcat-dbcp has stagnated due to lack of interest from the Tomcat dev team itself. Also note that Filip is off on National Guard duty for some extended period of time, so his ability to continue development at the moment is rather limited. Does your legal team know that these messages are archived and re-published? They might have a stroke if they knew... :) Now that would be a positive outcome, wouldn't it? (I'm also struggling with a legal department that seems to be blissfully unaware of how OSS actually works.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Tomcat Consultant
This company LOOKS like specialists: http://www.mulesoft.com/tomcat-support -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, September 24, 2010 12:58 PM To: Tomcat Users List Subject: Re: Tomcat Consultant -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+ A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of session for tomcat 6
Chris,, still i have confused to setting this parameter.Basically I m system administrator not a programmer. Please explain briefly with example... how to configure ?? On 23/09/2010, Pid p...@pidster.com wrote: On 22/09/2010 21:04, rujin raj wrote: Chris, I have installed LambdaProbe for monitoring tomcat. I am not able to monitor the memory utilisation for the application. *Error:This page requires Java5 with enabled JMX Agent. To enable the JXM Agent please add -Dcom.sun.management.jmxremote to java command line or $JAVA_OPTS environment variable. If you are an IBM JDK user please add these properties: -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=29001 -Dcom.sun.management.jmxremote.ssl=false * How can i enable the JMX agent.. I am using Windows 2003 server tomcat 6 and java jre 1.6 is installed. What's unclear about the above? Did you read the message carefully? please add -Dcom.sun.management.jmxremote to java command line or $JAVA_OPTS environment variable. In this case, it's probably actually $CATALINA_OPTS that you want, but the info is all there. p
Re: Tomcat Consultant
At least two of the regular supporters of this mailing list work in spring source and one is one of the main committers to the tomcat project. To me that speaks wonders for the company. I've been trying to get my company to get them in for consultation too. To no avail. Wes On Fri, Sep 24, 2010 at 8:01 PM, Warren Henning warren.henn...@gmail.com wrote: http://www.springsource.com/support/professional-services SpringSource claims to be able to do this kind of thing. They were the first google result for tomcat consultant. Did you not search for that or did you disregard it? On Fri, Sep 24, 2010 at 10:25 AM, tdelesio tdele...@gmail.com wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Does anyone have any recommendations for a top notch consulting firm that could provide these services? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian, On 9/24/2010 2:29 PM, Brian wrote: This company LOOKS like specialists: http://www.mulesoft.com/tomcat-support I've never heard of Tcat, supposedly the Apache Tomcat app server for the enterprise. Beware. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc+4AACgkQ9CaO5/Lv0PBmngCgmDgY2S55+JmGRkI5kJQOEDiC trAAnRhaSSK/OF98vcMFDZ/ynvQ7hfIL =VPZl -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 2:03 PM, tdelesio wrote: HAHA. Opps I meant clustered. Honestly, if you have some in-house Java developers, they ought to be able to get a clustered setup working and demonstrable in a few hours. When you say top 5 which companies are you referring to? Perhaps I'm showing my US-biased thought processes: in the US there are 5 companies that do consulting without any possibility of further refining the word. They will consult with you to define and implement your ERP strategy, design and code your Facebook-killing social network, debug your home air conditioning unit, and help raise your children while you're at work. http://www.independent-consulting-bootcamp.com/Big-5-consulting-firm.html Note that I don't personally agree with the adulatory style of writing contained in the above page. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc/LYACgkQ9CaO5/Lv0PC1WwCZAfmo3Q7jVC4NYv88aiZpw/3k WygAnRnvIuDJgx9OOvtfpXGQgC9n5JFt =yxnO -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Maximum number of session for tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rujin, On 9/24/2010 2:36 PM, rujin raj wrote: still i have confused to setting this parameter.Basically I'm system administrator not a programmer. Please explain briefly with example... how to configure ?? Okay, let's start at the beginning: how do you launch Tomcat? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc/SEACgkQ9CaO5/Lv0PB9UwCgonfDR1L0iGJcteGypDop3jw9 38YAn0qNfpWDZw4Fp0n4WqDF9rkcw3Pp =18rq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
Well... I must say that it looks like you are really an expert! I need to check again my app in order to be able to respond all your questions. I started it 5 years ago, so there are a lot of details that I programmed long time ago, and once they seemed to work fine, I gradually forgot about them. But... for now, it SEEMS that the dissapearing beans issue is not happening anymore. However, it takes more time to be sure. Maybe I have been like lucky, and they will happen anytime soon. At least the can't create session if response has been commited has been solved totally. That is great!!! -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, September 24, 2010 12:11 PM To: Tomcat Users List Subject: Re: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian, On 9/24/2010 11:29 AM, Brian wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, September 24, 2010 08:44 AM Where is it stored? Remember that there are 4 scopes (in increasing order of specificity): application, session, request, and page. If your page is looking in request scope, but the bean is in the session, it won't be found. Or, alternatively, if you store a bean in the request and issue a redirect, then the bean has likely been discarded. It is stored in the session, just because I wanted to avoid the problems that happen when you redirect. Are you sure that the user is hanging-on to the session? If the client doesn't support cookies, are you properly issuing a redirect? (If you use Struts's ActionForward with redirect=true in S1 or if you use a result type=redirect in S2 then you should be okay). That makes me think that the buffer full, then flushed is maybe the reason why the bean dissappears somehow. Very unlikely: the bean is put into the session far earlier than the error occurs, and the session shouldn't be damaged by anything like what you describe. Could you also be experiencing session timeouts that aren't properly handled? Does your application use any kind of authentication and authorization? If not, you could easily be seeing visitors with expired sessions accessing actions that expect the session to be in a certain state. The sessions expire if 2 hours have passed, and if that happens, the system forwards them to another page. How is that done? Not the forward... the detection of session expiration. I mean, in my programming I already considered what should happen if the session suddenly expired, and it should not arrive to this point. But it might end up there anyway :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc25YACgkQ9CaO5/Lv0PC81gCgo/rUKOR7kbFCpShpxaKDfb 65 a6IAmwfqbITWH7w54XGfc2mtVj3/RZHH =tD97 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat connection pool - status and future?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 9/24/2010 2:04 PM, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: tomcat connection pool - status and future? To answer your question of markt: tomcat-dbcp has stagnated due to lack of interest from the Tomcat dev team itself. Also note that Filip is off on National Guard duty for some extended period of time, so his ability to continue development at the moment is rather limited. Good to know. Is he in the /US/ National Guard? He lives in Colorado, right? Does your legal team know that these messages are archived and re-published? They might have a stroke if they knew... :) Now that would be a positive outcome, wouldn't it? Probably not: their health insurance premiums would probably go up in response. (I'm also struggling with a legal department that seems to be blissfully unaware of how OSS actually works.) So sad. I'm lucky to be working in a small group where they really /trust/ the engineers to make decent engineering decisions. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc/rkACgkQ9CaO5/Lv0PBoFACfbe9oB25FjJr6ILxN4/NHhJfa 590AniQxD91EhbUBM6awZfuyg7u9YKgm =tnJI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian, On 9/24/2010 3:38 PM, Brian wrote: At least the can't create session if response has been commited has been solved totally. That is great!!! Yup. Now you can see all those error messages you've been missing. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc/wAACgkQ9CaO5/Lv0PCiwQCgsfaU6xOj4Dn5NsMLKtiaAC77 Fe0AoKre/bNzU86Gk1/TRrTpKkWMtyJf =s67J -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
Hey, you don't need a Big-5 consulting company. You need a a couple of experts: a networking guy and a Tomcat guy. But anyway, I'm sure a Fortune 500 have the money to overpay one of the Big-5. Now, from my understanding, Tomcat is only a web app container while Websphere is an application server. Therefore, depending on your application you may not be able to migrate it to Tomcat, but rather to Glassfish. Glassfish is also an application server. -Jorge On Fri, Sep 24, 2010 at 1:57 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat connection pool - status and future?
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: tomcat connection pool - status and future? Is he in the /US/ National Guard? Yes. He lives in Colorado, right? Last I heard. (Haven't actually seen him in about two years.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Tomcat Consultant
-Original Message- From: Jorge Medina [mailto:cerebrotecnolog...@gmail.com] Sent: Friday, September 24, 2010 02:43 PM To: Tomcat Users List Subject: Re: Tomcat Consultant Hey, you don't need a Big-5 consulting company. Esto si que sonó gracioso. Aca en Peru, Arthur Andersen (QEPD) tenia a unos 3 socios, uno de los cuales se llamaba JORGE MEDINA. :-D You need a a couple of experts: a networking guy and a Tomcat guy. But anyway, I'm sure a Fortune 500 have the money to overpay one of the Big-5. Now, from my understanding, Tomcat is only a web app container while Websphere is an application server. Therefore, depending on your application you may not be able to migrate it to Tomcat, but rather to Glassfish. Glassfish is also an application server. -Jorge On Fri, Sep 24, 2010 at 1:57 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+ A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
I should have copyrights on my name. LOL On Fri, Sep 24, 2010 at 3:49 PM, Brian bbprefix-m...@yahoo.com wrote: -Original Message- From: Jorge Medina [mailto:cerebrotecnolog...@gmail.com] Sent: Friday, September 24, 2010 02:43 PM To: Tomcat Users List Subject: Re: Tomcat Consultant Hey, you don't need a Big-5 consulting company. Esto si que sonó gracioso. Aca en Peru, Arthur Andersen (QEPD) tenia a unos 3 socios, uno de los cuales se llamaba JORGE MEDINA. :-D You need a a couple of experts: a networking guy and a Tomcat guy. But anyway, I'm sure a Fortune 500 have the money to overpay one of the Big-5. Now, from my understanding, Tomcat is only a web app container while Websphere is an application server. Therefore, depending on your application you may not be able to migrate it to Tomcat, but rather to Glassfish. Glassfish is also an application server. -Jorge On Fri, Sep 24, 2010 at 1:57 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+ A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help with jasypt (Java Security). NoClassDefFoundError. (works on Linux)
I wish that were true. I did that (after similar advice from jasypt user list), did not help. Same error. However, I uploaded to Linux Tomcat 5.5 Java 1.5 system, restarted Tomcat, and it works! Go figure. I still have one application running on an old server at Tomcat 5.5 Java 1.4 level. As soon as I migrate it I will update my Windows environment to match. I stayed with Tomcat 5.5 as it is the last stable release and am also at similar level for 1.5. I have learned the hard way that putting up the latest release is rarely a good idea unless there is some compelling reason to do so. Thanks for the advice. - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Friday, September 24, 2010 12:01 PM Subject: Re: Help with jasypt (Java Security). NoClassDefFoundError. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve, On 9/24/2010 12:17 PM, Steve Ryder wrote: java.lang.NoClassDefFoundError: org/apache/commons/lang/exception/NestableRuntimeException This is likely to be due to your placement of libraries. Aside from Chuck's comments (with which I completely agree: it's upgrade time for you), I would suggest that you place /all/ libraries your web application needs into the webapp's WEB-INF/lib directory, and not use common/lib for any of that stuff. Moving your libraries from the common to the webapp's lib directory is likely to solve this problem for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc2XwACgkQ9CaO5/Lv0PC34QCdHmCZ8/01n9wQD3gvKvaH2hD1 MmkAoJt6H9CxBYbRvCyeHUo7HR3OR7lr =F5qN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Help with jasypt (Java Security). NoClassDefFoundError. (works on Linux)
From: Steve Ryder [mailto:sry...@jsrsys.com] Subject: Re: Help with jasypt (Java Security). NoClassDefFoundError. (works on Linux) I stayed with Tomcat 5.5 as it is the last stable release That's clearly not true. The current stable release of Tomcat is 6.0.29. and am also at similar level for 1.5. Which is not supported. Only JRE/JDK 1.6 is now supported by Sun/Oracle, unless you buy their 15-year business license for older levels. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Why an email list, and not a forum?
-Original Message- From: Brian [mailto:bbprefix-m...@yahoo.com] Sent: Friday, September 24, 2010 1:02 AM To: 'Tomcat Users List' Subject: RE: Why an email list, and not a forum? At least someone thinks the same way I do! Given an infinitely large sample, any idea no matter how irrational is bound to find at least a few adherents. George Sexton MH Software, Inc. 303 438-9585 www.mhsoftware.com From: m.h.g.emme...@dnb.nl [mailto:m.h.g.emme...@dnb.nl] Sent: Friday, September 24, 2010 12:48 AM To: Tomcat Users List Subject: Re: Why an email list, and not a forum? I agree. A forum would be more practical. It is much easier reading all postings on a topic. I find myself clearing my tomcat users list inbox every morning, while on forums I visit I check out the new or updated topics. The forums these days let you subscribe to topics or complete forums and send you a notification when a new topic gets started or updated. regards, Milko Brian bbprefix-m...@yahoo.com 24-09-2010 02:19 Please respond to Tomcat Users List users@tomcat.apache.org To users@tomcat.apache.org cc Subject Why an email list, and not a forum? Hi, Just a thought: Why is this support taking place in an email list, instead aof a web based forum? Please consider the environment before printing this email. De informatie verzonden met dit e-mailbericht is vertrouwelijk en uitsluitend bestemd voor de geadresseerde. Indien u als niet- geadresseerde dit bericht ontvangt, wordt u verzocht direct de afzender hierover te informeren en het bericht te vernietigen. Gebruik van informatie door onbevoegden, openbaarmaking of vermenigvuldiging is verboden en kan leiden tot aansprakelijkheid. De afzender is niet aansprakelijk in geval van onjuiste overbrenging van het e-mailbericht en/of bij ontijdige ontvangst daarvan. The information transmitted is confidential and intended only for the person or entity to whom or which it is addressed. If you are not the intended recipient of this communication, please inform us immediately and destroy this communication. Unauthorised use, disclosure or copying of information is strictly prohibited and may entail liability. The sender accepts no liability for improper transmission of this communication nor for any delay in its receipt. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Consultant
triple your budget when the big 5 consultant steps out a lamberghini in a 1000 brooks brothers suit add 25% to the rate if he looks younger than zuckerberg BTW: big 5 consultants only speak english or hindi..you'll need a hindi translator for spanish how about unisys??? Saludos Cordiales desde EEUU Martin Gainty __ No altere ni interrumpa por favor esta transmisión. Gracias Date: Fri, 24 Sep 2010 15:55:28 -0400 Subject: Re: Tomcat Consultant From: cerebrotecnolog...@gmail.com To: users@tomcat.apache.org I should have copyrights on my name. LOL On Fri, Sep 24, 2010 at 3:49 PM, Brian bbprefix-m...@yahoo.com wrote: -Original Message- From: Jorge Medina [mailto:cerebrotecnolog...@gmail.com] Sent: Friday, September 24, 2010 02:43 PM To: Tomcat Users List Subject: Re: Tomcat Consultant Hey, you don't need a Big-5 consulting company. Esto si que sonó gracioso. Aca en Peru, Arthur Andersen (QEPD) tenia a unos 3 socios, uno de los cuales se llamaba JORGE MEDINA. :-D You need a a couple of experts: a networking guy and a Tomcat guy. But anyway, I'm sure a Fortune 500 have the money to overpay one of the Big-5. Now, from my understanding, Tomcat is only a web app container while Websphere is an application server. Therefore, depending on your application you may not be able to migrate it to Tomcat, but rather to Glassfish. Glassfish is also an application server. -Jorge On Fri, Sep 24, 2010 at 1:57 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+ A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
I once worked for a consulting company that wasn't a big 5, but had some pretty good contact. They hired me out of Montreal on Friday, had me in Denver on Sunday and spending 2 weeks in a training center so I could become an instant 'expert' they could hire out for big $$$ on different projects. Then I spent 3 months at home while they tried to get some contacts, and then got canned when they couldn't, then the guys who hired me got canned ... I can't figure out how these companies can get away with this nonsense. - Original Message - From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, September 24, 2010 8:13 PM Subject: RE: Tomcat Consultant triple your budget when the big 5 consultant steps out a lamberghini in a 1000 brooks brothers suit add 25% to the rate if he looks younger than zuckerberg BTW: big 5 consultants only speak english or hindi..you'll need a hindi translator for spanish how about unisys??? Saludos Cordiales desde EEUU Martin Gainty __ No altere ni interrumpa por favor esta transmisión. Gracias Date: Fri, 24 Sep 2010 15:55:28 -0400 Subject: Re: Tomcat Consultant From: cerebrotecnolog...@gmail.com To: users@tomcat.apache.org I should have copyrights on my name. LOL On Fri, Sep 24, 2010 at 3:49 PM, Brian bbprefix-m...@yahoo.com wrote: -Original Message- From: Jorge Medina [mailto:cerebrotecnolog...@gmail.com] Sent: Friday, September 24, 2010 02:43 PM To: Tomcat Users List Subject: Re: Tomcat Consultant Hey, you don't need a Big-5 consulting company. Esto si que sonó gracioso. Aca en Peru, Arthur Andersen (QEPD) tenia a unos 3 socios, uno de los cuales se llamaba JORGE MEDINA. :-D You need a a couple of experts: a networking guy and a Tomcat guy. But anyway, I'm sure a Fortune 500 have the money to overpay one of the Big-5. Now, from my understanding, Tomcat is only a web app container while Websphere is an application server. Therefore, depending on your application you may not be able to migrate it to Tomcat, but rather to Glassfish. Glassfish is also an application server. -Jorge On Fri, Sep 24, 2010 at 1:57 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+ A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Consultant
That is true sometimes. I was hired by Arthur Andersen (RIP), they sent me to an SAP crash-course, the tipe of course that shows you zillions of Powerpoint slides and you get out of the course with tons of doubts. Then they sent me directly to a proyect, and I bet they billed a lot for my time. I was introduced as an experienced SAP consultant. -Original Message- From: michel [mailto:compu...@videotron.ca] Sent: Friday, September 24, 2010 07:35 PM To: Tomcat Users List Subject: Re: Tomcat Consultant I once worked for a consulting company that wasn't a big 5, but had some pretty good contact. They hired me out of Montreal on Friday, had me in Denver on Sunday and spending 2 weeks in a training center so I could become an instant 'expert' they could hire out for big $$$ on different projects. Then I spent 3 months at home while they tried to get some contacts, and then got canned when they couldn't, then the guys who hired me got canned ... I can't figure out how these companies can get away with this nonsense. - Original Message - From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, September 24, 2010 8:13 PM Subject: RE: Tomcat Consultant triple your budget when the big 5 consultant steps out a lamberghini in a 1000 brooks brothers suit add 25% to the rate if he looks younger than zuckerberg BTW: big 5 consultants only speak english or hindi..you'll need a hindi translator for spanish how about unisys??? Saludos Cordiales desde EEUU Martin Gainty __ No altere ni interrumpa por favor esta transmisión. Gracias Date: Fri, 24 Sep 2010 15:55:28 -0400 Subject: Re: Tomcat Consultant From: cerebrotecnolog...@gmail.com To: users@tomcat.apache.org I should have copyrights on my name. LOL On Fri, Sep 24, 2010 at 3:49 PM, Brian bbprefix-m...@yahoo.com wrote: -Original Message- From: Jorge Medina [mailto:cerebrotecnolog...@gmail.com] Sent: Friday, September 24, 2010 02:43 PM To: Tomcat Users List Subject: Re: Tomcat Consultant Hey, you don't need a Big-5 consulting company. Esto si que sonó gracioso. Aca en Peru, Arthur Andersen (QEPD) tenia a unos 3 socios, uno de los cuales se llamaba JORGE MEDINA. :-D You need a a couple of experts: a networking guy and a Tomcat guy. But anyway, I'm sure a Fortune 500 have the money to overpay one of the Big-5. Now, from my understanding, Tomcat is only a web app container while Websphere is an application server. Therefore, depending on your application you may not be able to migrate it to Tomcat, but rather to Glassfish. Glassfish is also an application server. -Jorge On Fri, Sep 24, 2010 at 1:57 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+ A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail:
Re: Tomcat Consultant
Don't know about you, but I was left really, really worried about actually being on a project under those conditions. Lots of room for doing a crash-and-burn ... Back when I started in the business in 1982 I had to learn PL-1, the best darned language that never managed to get a good market share. It was said that it took four years to really learn how to use it. These days all you need is a crash course to be an expert! - Original Message - From: Brian bbprefix-m...@yahoo.com To: 'Tomcat Users List' users@tomcat.apache.org Sent: Friday, September 24, 2010 9:42 PM Subject: RE: Tomcat Consultant That is true sometimes. I was hired by Arthur Andersen (RIP), they sent me to an SAP crash-course, the tipe of course that shows you zillions of Powerpoint slides and you get out of the course with tons of doubts. Then they sent me directly to a proyect, and I bet they billed a lot for my time. I was introduced as an experienced SAP consultant. -Original Message- From: michel [mailto:compu...@videotron.ca] Sent: Friday, September 24, 2010 07:35 PM To: Tomcat Users List Subject: Re: Tomcat Consultant I once worked for a consulting company that wasn't a big 5, but had some pretty good contact. They hired me out of Montreal on Friday, had me in Denver on Sunday and spending 2 weeks in a training center so I could become an instant 'expert' they could hire out for big $$$ on different projects. Then I spent 3 months at home while they tried to get some contacts, and then got canned when they couldn't, then the guys who hired me got canned ... I can't figure out how these companies can get away with this nonsense. - Original Message - From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, September 24, 2010 8:13 PM Subject: RE: Tomcat Consultant triple your budget when the big 5 consultant steps out a lamberghini in a 1000 brooks brothers suit add 25% to the rate if he looks younger than zuckerberg BTW: big 5 consultants only speak english or hindi..you'll need a hindi translator for spanish how about unisys??? Saludos Cordiales desde EEUU Martin Gainty __ No altere ni interrumpa por favor esta transmisión. Gracias Date: Fri, 24 Sep 2010 15:55:28 -0400 Subject: Re: Tomcat Consultant From: cerebrotecnolog...@gmail.com To: users@tomcat.apache.org I should have copyrights on my name. LOL On Fri, Sep 24, 2010 at 3:49 PM, Brian bbprefix-m...@yahoo.com wrote: -Original Message- From: Jorge Medina [mailto:cerebrotecnolog...@gmail.com] Sent: Friday, September 24, 2010 02:43 PM To: Tomcat Users List Subject: Re: Tomcat Consultant Hey, you don't need a Big-5 consulting company. Esto si que sonó gracioso. Aca en Peru, Arthur Andersen (QEPD) tenia a unos 3 socios, uno de los cuales se llamaba JORGE MEDINA. :-D You need a a couple of experts: a networking guy and a Tomcat guy. But anyway, I'm sure a Fortune 500 have the money to overpay one of the Big-5. Now, from my understanding, Tomcat is only a web app container while Websphere is an application server. Therefore, depending on your application you may not be able to migrate it to Tomcat, but rather to Glassfish. Glassfish is also an application server. -Jorge On Fri, Sep 24, 2010 at 1:57 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+ A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Logging Not Working Properly
resurrection.level=FINE
(thanks everybody. You were helpful)
On Sep 24, 2010, at 10:05 AM, Donald Winston wrote:
I can't get logging to work properly with tomcat(. The file handler prefix
works but anything below INFO does not show up in the log! What could be
wrong? I declare the logger in my classes like the following:
private static Logger logger =
Logger.getLogger(JessServletCommand.class.getName());
My logging.properties file is in my WEB-INF/classes directory. It is the
following:
handlers = org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
# Handler specific properties.
# Describes specific configuration info for Handlers.
org.apache.juli.FileHandler.level = FINE
org.apache.juli.FileHandler.directory = ${catalina.base}/logs
org.apache.juli.FileHandler.prefix = test.
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter =
java.util.logging.SimpleFormatter
Donald Paul Winston
satchwins...@yahoo.com
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
I was a PL-I expert. That's why I know it's spelled PL-I (roman numerals not arabic. I always thought this was funny) On Sep 24, 2010, at 9:49 PM, michel wrote: Don't know about you, but I was left really, really worried about actually being on a project under those conditions. Lots of room for doing a crash-and-burn ... Back when I started in the business in 1982 I had to learn PL-1, the best darned language that never managed to get a good market share. It was said that it took four years to really learn how to use it. These days all you need is a crash course to be an expert! - Original Message - From: Brian bbprefix-m...@yahoo.com To: 'Tomcat Users List' users@tomcat.apache.org Sent: Friday, September 24, 2010 9:42 PM Subject: RE: Tomcat Consultant That is true sometimes. I was hired by Arthur Andersen (RIP), they sent me to an SAP crash-course, the tipe of course that shows you zillions of Powerpoint slides and you get out of the course with tons of doubts. Then they sent me directly to a proyect, and I bet they billed a lot for my time. I was introduced as an experienced SAP consultant. -Original Message- From: michel [mailto:compu...@videotron.ca] Sent: Friday, September 24, 2010 07:35 PM To: Tomcat Users List Subject: Re: Tomcat Consultant I once worked for a consulting company that wasn't a big 5, but had some pretty good contact. They hired me out of Montreal on Friday, had me in Denver on Sunday and spending 2 weeks in a training center so I could become an instant 'expert' they could hire out for big $$$ on different projects. Then I spent 3 months at home while they tried to get some contacts, and then got canned when they couldn't, then the guys who hired me got canned ... I can't figure out how these companies can get away with this nonsense. - Original Message - From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, September 24, 2010 8:13 PM Subject: RE: Tomcat Consultant triple your budget when the big 5 consultant steps out a lamberghini in a 1000 brooks brothers suit add 25% to the rate if he looks younger than zuckerberg BTW: big 5 consultants only speak english or hindi..you'll need a hindi translator for spanish how about unisys??? Saludos Cordiales desde EEUU Martin Gainty __ No altere ni interrumpa por favor esta transmisión. Gracias Date: Fri, 24 Sep 2010 15:55:28 -0400 Subject: Re: Tomcat Consultant From: cerebrotecnolog...@gmail.com To: users@tomcat.apache.org I should have copyrights on my name. LOL On Fri, Sep 24, 2010 at 3:49 PM, Brian bbprefix-m...@yahoo.com wrote: -Original Message- From: Jorge Medina [mailto:cerebrotecnolog...@gmail.com] Sent: Friday, September 24, 2010 02:43 PM To: Tomcat Users List Subject: Re: Tomcat Consultant Hey, you don't need a Big-5 consulting company. Esto si que sonó gracioso. Aca en Peru, Arthur Andersen (QEPD) tenia a unos 3 socios, uno de los cuales se llamaba JORGE MEDINA. :-D You need a a couple of experts: a networking guy and a Tomcat guy. But anyway, I'm sure a Fortune 500 have the money to overpay one of the Big-5. Now, from my understanding, Tomcat is only a web app container while Websphere is an application server. Therefore, depending on your application you may not be able to migrate it to Tomcat, but rather to Glassfish. Glassfish is also an application server. -Jorge On Fri, Sep 24, 2010 at 1:57 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+ A27 dC4AoJjm6Dgs7FbMPrD3VBBdZl48VXas =vADj -END PGP SIGNATURE- - To unsubscribe, e-mail:
Re: Tomcat Logging Not Working Properly
On Sat, Sep 25, 2010 at 3:51 AM, Donald Winston satchwins...@yahoo.com wrote: resurrection.level=FINE (thanks everybody. You were helpful) Hey If I don't know I don't answer. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
Just to mess with you, it's really PL/I ... It was a fantastic, leading edge language that should have had a much better future than it really did. - Original Message - From: Donald Winston satchwins...@yahoo.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, September 24, 2010 9:53 PM Subject: Re: Tomcat Consultant I was a PL-I expert. That's why I know it's spelled PL-I (roman numerals not arabic. I always thought this was funny) On Sep 24, 2010, at 9:49 PM, michel wrote: Don't know about you, but I was left really, really worried about actually being on a project under those conditions. Lots of room for doing a crash-and-burn ... Back when I started in the business in 1982 I had to learn PL-1, the best darned language that never managed to get a good market share. It was said that it took four years to really learn how to use it. These days all you need is a crash course to be an expert! - Original Message - From: Brian bbprefix-m...@yahoo.com To: 'Tomcat Users List' users@tomcat.apache.org Sent: Friday, September 24, 2010 9:42 PM Subject: RE: Tomcat Consultant That is true sometimes. I was hired by Arthur Andersen (RIP), they sent me to an SAP crash-course, the tipe of course that shows you zillions of Powerpoint slides and you get out of the course with tons of doubts. Then they sent me directly to a proyect, and I bet they billed a lot for my time. I was introduced as an experienced SAP consultant. -Original Message- From: michel [mailto:compu...@videotron.ca] Sent: Friday, September 24, 2010 07:35 PM To: Tomcat Users List Subject: Re: Tomcat Consultant I once worked for a consulting company that wasn't a big 5, but had some pretty good contact. They hired me out of Montreal on Friday, had me in Denver on Sunday and spending 2 weeks in a training center so I could become an instant 'expert' they could hire out for big $$$ on different projects. Then I spent 3 months at home while they tried to get some contacts, and then got canned when they couldn't, then the guys who hired me got canned ... I can't figure out how these companies can get away with this nonsense. - Original Message - From: Martin Gainty mgai...@hotmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, September 24, 2010 8:13 PM Subject: RE: Tomcat Consultant triple your budget when the big 5 consultant steps out a lamberghini in a 1000 brooks brothers suit add 25% to the rate if he looks younger than zuckerberg BTW: big 5 consultants only speak english or hindi..you'll need a hindi translator for spanish how about unisys??? Saludos Cordiales desde EEUU Martin Gainty __ No altere ni interrumpa por favor esta transmisión. Gracias Date: Fri, 24 Sep 2010 15:55:28 -0400 Subject: Re: Tomcat Consultant From: cerebrotecnolog...@gmail.com To: users@tomcat.apache.org I should have copyrights on my name. LOL On Fri, Sep 24, 2010 at 3:49 PM, Brian bbprefix-m...@yahoo.com wrote: -Original Message- From: Jorge Medina [mailto:cerebrotecnolog...@gmail.com] Sent: Friday, September 24, 2010 02:43 PM To: Tomcat Users List Subject: Re: Tomcat Consultant Hey, you don't need a Big-5 consulting company. Esto si que sonó gracioso. Aca en Peru, Arthur Andersen (QEPD) tenia a unos 3 socios, uno de los cuales se llamaba JORGE MEDINA. :-D You need a a couple of experts: a networking guy and a Tomcat guy. But anyway, I'm sure a Fortune 500 have the money to overpay one of the Big-5. Now, from my understanding, Tomcat is only a web app container while Websphere is an application server. Therefore, depending on your application you may not be able to migrate it to Tomcat, but rather to Glassfish. Glassfish is also an application server. -Jorge On Fri, Sep 24, 2010 at 1:57 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 9/24/2010 1:25 PM, tdelesio wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Wait... are you testing it? If so, then you don't need anyone to set it up, do you? By crusted, did you mean trusted? Does anyone have any recommendations for a top notch consulting firm that could provide these services? I'm sure that any of the big-5 consulting companies would be very happy to take way more money than is necessary to set up an instance of Tomcat for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyc5o4ACgkQ9CaO5/Lv0PAjugCgiACwh5crjW+HXMKbzAWc+ A27
Re: How to reproduce tomcat security vulnerabilities
Got it. Appreciate your clarification, Christopher. I will keep post clear to understand.:) On Fri, Sep 24, 2010 at 9:56 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Viola, On 9/22/2010 11:29 PM, viola lu wrote: thanks. I tried it on tomcat 6.0.26, and 6.0.29, it worked for the second one, i can get correct response headers on tomcat 6.0.26 and tomcat 6.0.29: tomcat 6.0.26 What is the first one and the second one? The bugs you mentioned in your first post? Remember, not everyone is thinking what you're thinking: please be clear when posting. suse10sp268:~ # wget -S -O - --post-data='test send post' http://9.125.1.248:8080/BasicAuthor_without_realm/BasicAuthor --07:21:33-- http://9.125.1.248:8080/BasicAuthor_without_realm/BasicAuthor = `-' Connecting to 9.125.1.248:8080... connected. HTTP request sent, awaiting response... HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 *WWW-Authenticate: Basic realm=9.125.1.248:8080* Good: this reproduces the bug. *tomcat 6.0.29:* suse10sp268:~ # wget -S -O - --post-data='test send post' http://9.125.1.248:8080/BasicAuthor_without_realm/BasicAuthor --07:24:02-- http://9.125.1.248:8080/BasicAuthor_without_realm/BasicAuthor = `-' Connecting to 9.125.1.248:8080... connected. HTTP request sent, awaiting response... HTTP/1.1 401 Unauthorized Server: Apache-Coyote/1.1 *WWW-Authenticate: Basic realm=Authentication required* ...and this shows that the bug has been fixed: no IP and port. But for the first one, both got the same response: 200 OK as below: suse10sp268:~ # wget -S -O - --header='Transfer-Encoding:unsupported' --post-data='test send post' http://9.125.1.248:8080/SecurityTomcat/SecurityServlet --07:12:16-- http://9.125.1.248:8080/SecurityTomcat/SecurityServlet = `-' Connecting to 9.125.1.248:8080... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/html Content-Length: 61 Date: Thu, 23 Sep 2010 03:09:09 GMT Connection: keep-alive Length: 61 [text/html] 0% [ ] 0 --.--K/s unsupported application/x-www-form-urlencoded 9.125.1.248 100%[=] 61--.--K/s 07:12:16 (7.27 MB/s) - `-' saved [61/61] Seems no difference on tomcat 6.0.26 and tomcat 6.0.29, is there something wrong? Maybe this is sensitive to other conditions as well. On 9/24/2010 12:57 AM, viola lu wrote: After debug into tomcat source code, i found that if transfer-encode is set as 'buffered', tomcat 6.0.26 will report null pointer exception in buffered filter recycle, but in tomcat 6.0.29 , directly report 501 error. But not sure attackers how to obtain sensitive information via a crafted header? When buffers are not recycled properly, information /can/ leak across requests. This means that, under the right conditions, an attacker /might/ be able to exploit the server to disclose information. Just because a vulnerability does not have an exploit doesn't mean it's not a vulnerability: the possibility exists that information can be disclosed. It's not absolutely necessary to be able to actually steal information from a server to be considered a vulnerability. This one might not be reproducible in any predictable way. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkycrgEACgkQ9CaO5/Lv0PDJMgCfZbZmJQzqGKx8vwQ6m7IGd+HV OR4AnjjvmJ37pfrQFtii+lUaRPruYaKD =vKvJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- viola
