Performance & *SpareThreads
Hi, I got few question would like ask hope someone answer my question, below is the server information Windows 2003 server Tomcat 6.0 (configured java initial / maximum memory pool: 1024 MB) Apache 2.2 (using mod_jk) Java 1.6 The testing result I've use Jmeter (configured 100 thread per-second) it will die when thread(Jmeter) between 200 ~ 300 >From the research get to know minSpareThreads and maxSpareThreads, after set the configure it can handle more to 400 ~ 600 (1st) What is the minSpareThreads and maxSpareThreads is? [Unable to find the description on tomcat 6.0 but able find for tomcat 5.5 as http://tomcat.apache.org/tomcat-5.5-doc/config/http.html] (2nd) From read 1 by 1 at the forums about Performance tuning - tomcat, some mention keep hit > 20k per seconds, how their do it? I'm new to the tomcat / apache, hope someone can point me a link or useful information to help / improve the performance Thank You very much - McAfe -- View this message in context: http://old.nabble.com/Performance---*SpareThreads-tp31687863p31687863.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: java.lang.ClassNotFoundException - JSP pages
The problem is that one of my web-apps compiles JSP at run-time - so that we can update them on-the-fly. BTW, I'm still not getting this error today - so it looks like it is either the checkInterval flag, reduction of memory usage or minimizing the catalina/stdout logging (we had some unnecessary logging and exceptions). Does that make sense? Thanks! > Date: Mon, 23 May 2011 22:41:23 +0100 > From: p...@pidster.com > To: users@tomcat.apache.org > Subject: Re: java.lang.ClassNotFoundException - JSP pages > > On 23/05/2011 14:10, Tom Wolf wrote: > > If anyone has any tips, I'll appreciate it. > > Precompile the JSPs and build a WAR file, deploy that instead. > > > p >
RE: Session Expiry Issue on Tomcat 5.5.27
2 things to look at: keep-alive parameter for the connector session-timeout in web.xml do the logs confirm the webapp is producing activity when the connection is closed? Martin -- __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Tue, 24 May 2011 11:38:35 +0530 > Subject: Session Expiry Issue on Tomcat 5.5.27 > From: simran...@gmail.com > To: users@tomcat.apache.org > > Hi All > > In our application we are trying to manage session per user login and have > set the session inactivity to 15 minutes [user details are set to the > session], when we are running the application for longer duration [over 2 > days] with continuous activity per user login we see that some session are > expired even if there is some activity going on and the user gets logged > out. We are deploying our application on tomcat 5.5.27. > > > Regards > Harsimran
CrawlerSessionManagerValve question
What is the reason NOT to assume that request with more than one User-Agent header originates from a bot? See lines 133, 134 in Tomcat 7.0.14. Thanks Martin - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: CrawlerSessionManagerValve question
On 24/05/2011 12:50, Martin Kouba wrote: > What is the reason NOT to assume that request with more than one > User-Agent header originates from a bot? > See lines 133, 134 in Tomcat 7.0.14. Simply that none of the samples I looked at had multiple UA headers and a suggestion from another committer that skipping those requests might be a way to save a few cycles. If you have traces that show multiple headers, I'd be interested in seeing them. Cheers, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: CrawlerSessionManagerValve question
Mark Thomas wrote: On 24/05/2011 12:50, Martin Kouba wrote: What is the reason NOT to assume that request with more than one User-Agent header originates from a bot? See lines 133, 134 in Tomcat 7.0.14. Simply that none of the samples I looked at had multiple UA headers and a suggestion from another committer that skipping those requests might be a way to save a few cycles. If you have traces that show multiple headers, I'd be interested in seeing them. From the RFC police : RFC 2616, 4.2 Message Headers : Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. (note the "if and only") RFC 2616, 14.43 User-Agent User-Agent = "User-Agent" ":" 1*( product | comment ) (so *not* defined as '#(values)') ==> (my interpretation) : multiple User-Agent headers are invalid. Discussion : 14.43 otherwise says : The field can contain multiple product tokens (section 3.8) and comments identifying the agent and any subproducts which form a significant part of the user agent. By convention, the product tokens are listed in order of their significance for identifying the application. and 4.2 otherwise says : It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message, by appending each subsequent field-value to the first, each separated by a comma. The order in which header fields with the same field-name are received is therefore significant to the interpretation of the combined field value, and thus a proxy MUST NOT change the order of these field values when a message is forwarded. Thus, if one were to accept multiple User-Agent headers, and combine them as a comma-separated list, one would then have trouble respecting the "order of their significance" as expressed in 14.43. So it makes sense to allow only one User-Agent header. And maybe the "lines 133, 134 in Tomcat 7.0.14" should be modified to reject the request if it has more than one such ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Session Expiry Issue on Tomcat 5.5.27
> From: Harsimranjit singh Kler [mailto:simran...@gmail.com] > Subject: Session Expiry Issue on Tomcat 5.5.27 > we see that some session are expired even if there is some > activity going on and the user gets logged out. Are you sure the session is expiring, or is it perhaps being explicitly invalidated? You might want to configure an HttpSessionListener for the webapp, and have it log session information and the current stack trace when its sessionDestroyed() method is invoked. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Overriding error page displayed when a context fails to initialize
I've a web application with two contexts "ROOT" and "mycontext". Both contexts have custom error pages defined in the web.xml and everything works as expected in most cases. The only problem is that if my context, mycontext, fails to initialize (e.g. database is unavailable), and if some one tries to access a page from context1, Tomcat falls back to the default error pages. Is there a way to override the default error pages in this case? Thanks in advance for your help. Sai Pullabhotla - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Overriding error page displayed when a context fails to initialize
On Tue, May 24, 2011 at 9:59 AM, Sai Pullabhotla < sai.pullabho...@jmethods.com> wrote: > I've a web application with two contexts "ROOT" and "mycontext". Both > contexts have custom error pages defined in the web.xml and everything > works as expected in most cases. The only problem is that if my > context, mycontext, fails to initialize (e.g. database is > unavailable), and if some one tries to access a page from context1, > Tomcat falls back to the default error pages. Is there a way to > override the default error pages in this case? > > If the application throws an exception during context initialization, then the web app is not loaded. Hence your custom error pages won't be defined. The logical choice would be to stop the app from failing during context initialization - well at least stop it from throwing an exception. Then the app would still load into tomcat, and so the custom pages would still work. Can you perform the initialization using lazy instantiation? I guess the question is what do you want to happen when db fails during context initialization? You could have a flag and a filter that redirects to a "all broken" jsp if the app can't connect to the db? HTH Chris
Static Resources - Runtime Problems
I'm finding that whether I use a redirect() or a forward() to a static resource, my server goes crazy. at org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:572) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:229) at org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:572) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:229) Above is output to the console many times. Then the pattern below repeats until I stop the application with the Tomcat Manager. at javax.servlet.http.HttpServlet.service(HttpServlet.java:621) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:471) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:402) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329) at edu.ufl.uflib.hr.web.HRSurveyLogin.doGet(HRSurveyLogin.java:180) I must be overlooking something very basic. The catalina log simply says: May 24, 2011 8:33:35 AM org.apache.catalina.core.StandardWrapper unload INFO: Waiting for 461 instance(s) to be deallocated May 24, 2011 8:33:36 AM org.apache.catalina.core.StandardWrapper unload INFO: Waiting for 461 instance(s) to be deallocated May 24, 2011 8:33:37 AM org.apache.catalina.core.StandardWrapper unload Can anyone help? mj - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Static Resources - Runtime Problems
> From: Jay, Michael [mailto:em...@ufl.edu] > Subject: Static Resources - Runtime Problems > I must be overlooking something very basic. A) Not telling us the version of Tomcat you're using, the JVM level, the platform it's all running on, and whether or not you're running Tomcat stand-alone or behind some other web server. B) Not providing the actual exception that occurred, but instead just a portion of the stack trace associated with it. C) Configuring a loop in your filter declarations. Post your WEB-INF/web.xml so we can look at it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Static Resources - Runtime Problems
> From: Caldarale, Charles R > Subject: RE: Static Resources - Runtime Problems > C) Configuring a loop in your filter declarations. Post > your WEB-INF/web.xml so we can look at it. Might not be in filter declarations; could easily be just the servlet mapping you've set up. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Static Resources - Runtime Problems
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
Re: Session Expiry Issue on Tomcat 5.5.27
hi Using Session.setMaxInactiveInterval() so expecting it overwrite web.xml 's expirytime. >keep-alive parameter for the connector Where to set this value can u explain? thanks On Tue, May 24, 2011 at 4:43 PM, Martin Gainty wrote: > > 2 things to look at: > keep-alive parameter for the connector > session-timeout in web.xml > > do the logs confirm the webapp is producing activity when the connection is > closed? > Martin -- > __ > Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité > > Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene > Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte > Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht > dient lediglich dem Austausch von Informationen und entfaltet keine > rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von > E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. > Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le > destinataire prévu, nous te demandons avec bonté que pour satisfaire > informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie > de ceci est interdite. Ce message sert à l'information seulement et n'aura > pas n'importe quel effet légalement obligatoire. Étant donné que les email > peuvent facilement être sujets à la manipulation, nous ne pouvons accepter > aucune responsabilité pour le contenu fourni. > > > > > > Date: Tue, 24 May 2011 11:38:35 +0530 > > Subject: Session Expiry Issue on Tomcat 5.5.27 > > From: simran...@gmail.com > > To: users@tomcat.apache.org > > > > Hi All > > > > In our application we are trying to manage session per user login and > have > > set the session inactivity to 15 minutes [user details are set to the > > session], when we are running the application for longer duration [over 2 > > days] with continuous activity per user login we see that some session > are > > expired even if there is some activity going on and the user gets logged > > out. We are deploying our application on tomcat 5.5.27. > > > > > > Regards > > Harsimran > >
RE: Static Resources - Runtime Problems
I apologize for the insufficient data. The goal is to foward the user to
google.com to login and on successful authentication, reveal the original page
desired. The original author used a .jsp that simply produces itself. But
that's a separate issue--I think. I've not been able to capture an exception
when attempting to forward(). Tomcat seems to go into a loop of some kind.--mj
OS: Windows 7 Enterprise (6.1.7600)
Tomcat: 7.0.12
IE: 8.0.7600.16385
The initial servlet . . .
// source file HRSurveyLogin.java
package edu.ufl.uflib.hr.web;
// external libraries
import java.io.*;
import java.lang.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.openid4java.*;
import org.openid4java.association.*;
import org.openid4java.discovery.*;
import org.openid4java.consumer.*;
import org.openid4java.message.*;
import org.openid4java.message.ax.*;
public class HRSurveyLogin extends HttpServlet
{
// attributes
String discoveryTargetURL; //
userSuppliedString (discovery endpoint)
String verifierServlet;//
openid.return_to (our verification servlet)
String assocHandle;//
openid.assoc_handle
AuthRequest authentication;// object
with auth data
ConsumerManager manager; //
directing openid4java object
DiscoveryInformation discoveryData;// after
"association"
List discoveryDoc; //
xrds response doc (xml--why a list?)
FetchRequest fetcher; //
attribute getter
PrintWriter outstream; // not used
RequestDispatcher home;// control
transfer mechanism
RequestDispatcher debug;
RequestDispatcher test;
ServletContext context;// this
app's memory area
/*
*
*
* populate the openid4java tools here and prepare the
*
* authentication request here during intit()
*
*
*
*/
public void init() throws ServletException
{
// prepare openid4java objects
// TODO: use real ip address
// verifierServlet =
"http://128.227.254.84:8080/hrsurvey/verify";;
discoveryTargetURL = "https://www.google.com/accounts/o8/id";;
verifierServlet = "http://localhost:8080/hrsurvey/verify";;
manager = new ConsumerManager();
context = this.getServletContext();
try
{
// prepare control transfer mechanism
debug = context.getRequestDispatcher("/error");
home = context.getRequestDispatcher("/hrsurvey.htm");
}
catch(Exception error)
{
System.out.println("problem initializing dispatchers: "
+ error.getMessage());
}
try
{
// perform discovery
discoveryDoc = manager.discover(discoveryTargetURL);
}
catch(Exception error)
{
System.out.println("problem during discovery");
System.out.println(error.getMessage());
}
// handshake and get "real" endpoint address
// TODO: catch errors here--see documentation
discoveryData = manager.associate(discoveryDoc);
try
{
// build authentication request and obtain shared secret
authentication = manager.authenticate(discoveryData,
verifierServlet);
assocHandle = authentication.getHandle();
}
catch (Exception error)
{
System.out.println(" problem with authentication!!!" +
error.getMessage());
}
try
{ // add e-mail request to url
fetcher = FetchRequest.createFetchRequest();
fetcher.addAttribute(
JkExtractSSL not sending SSL information to tomcat
I've setup a pretty generic httpd(2.2.19)+mod_jk to tomcat 6 on Oracle Linux 5 (CentOS 5 equiv) with SSL setup. With JkExtractSSL and the correct SSLOptions in the httpd configuration files. I can see the SSL environment variables in /cgi-bin/printenv but no headers or environment variables in the backend tomcat app. Am I missing something? Thanks Marc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Static Resources - Runtime Problems
On Tue, 24 May 2011 10:47:32 -0400, Jay, Michael wrote:
IMHO code that follows pattern
try {
... something
} catch (Exception e) {
System.out("oops");
}
...
try {
... something
} catch (Exception e) {
System.out("oops");
}
deserves only /dev/null as a permanent storage destination.
--
Mikolaj Rydzewski
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JkExtractSSL not sending SSL information to tomcat
On 24/05/2011 15:56, Marc Boorshtein wrote: > I've setup a pretty generic httpd(2.2.19)+mod_jk to tomcat 6 on Oracle > Linux 5 (CentOS 5 equiv) with SSL setup. With JkExtractSSL and the > correct SSLOptions in the httpd configuration files. And your SSLOptions are what exactly? Also Tomcat and mod_jk version info might be relevant. Mark I can see the > SSL environment variables in /cgi-bin/printenv but no headers or > environment variables in the backend tomcat app. Am I missing > something? > > Thanks > Marc > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JkExtractSSL not sending SSL information to tomcat
>
> And your SSLOptions are what exactly?
>
> Also Tomcat and mod_jk version info might be relevant.
>
oadModulejk_module modules/mod_jk.so
LoadFile "/home/sys/ssl-poc/webgate/access/oblix/lib/libgcc_s.so.1"
LoadFile "/home/sys/ssl-poc/webgate/access/oblix/lib/libstdc++.so.5"
SSLOptions +StdEnvVars
SSLOptions +ExportCertData
JkWorkerProperty worker.list=worker1
JkWorkerProperty worker.worker1.type=ajp13
JkWorkerProperty worker.worker1.host=localhost
JkWorkerProperty worker.worker1.port=8009
JkShmFile /home/sys/ssl-poc/httpd/logs/mod_jk.shm
JkLogFile /home/sys/ssl-poc/httpd/logs/mod_jk.log
JkLogLevelinfo
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkExtractSSL On
WebGateMode PEER
SetHandler obwebgateerr
SetHandler obwebgateerr
# General setup for the virtual host
DocumentRoot "/home/sys/ssl-poc/httpd/htdocs"
ServerName ws.server.net:9443
ErrorLog "/home/sys/ssl-poc/httpd/logs/error_ws_log"
TransferLog "/home/sys/ssl-poc/httpd/logs/access_ws_log"
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/home/sys/ssl-poc/httpd/conf/server-ws.crt"
SSLCertificateKeyFile "/home/sys/ssl-poc/httpd/conf/server-ws.key"
#
#
#
#
#
#
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog "/home/sys/ssl-poc/httpd/logs/ssl_request_log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
AuthType Oblix
require valid-user
JkMount worker1
Thanks
Marc
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Overriding error page displayed when a context fails to initialize
Thanks for the reply, Chris. We do several things during context initialization with the ServletContextListener hook. The contextInitialized method may not complete for various reasons, sometimes with checked exceptions and sometimes with unchecked exceptions. We just let Tomcat/JVM handle the unchecked exceptions. We do not have any custom filter that checks the "health of the context" at the moment. What I'm looking for is a way to override the error pages of Tomcat at the global level (not application/context specific), but container specific. For example, if I can define an error page/template in server.xml or something like that. Just checking to see if there is way to override this in Tomcat. In the mean time, I will see if I can have a "catchall" during context initialization and see how various pieces (individual URLs) of the application react when the context really failed to initialize. Sai Pullabhotla On Tue, May 24, 2011 at 8:10 AM, chris derham wrote: > On Tue, May 24, 2011 at 9:59 AM, Sai Pullabhotla < > sai.pullabho...@jmethods.com> wrote: > >> I've a web application with two contexts "ROOT" and "mycontext". Both >> contexts have custom error pages defined in the web.xml and everything >> works as expected in most cases. The only problem is that if my >> context, mycontext, fails to initialize (e.g. database is >> unavailable), and if some one tries to access a page from context1, >> Tomcat falls back to the default error pages. Is there a way to >> override the default error pages in this case? >> >> If the application throws an exception during context initialization, then > the web app is not loaded. Hence your custom error pages won't be defined. > The logical choice would be to stop the app from failing during context > initialization - well at least stop it from throwing an exception. Then the > app would still load into tomcat, and so the custom pages would still work. > Can you perform the initialization using lazy instantiation? > > I guess the question is what do you want to happen when db fails during > context initialization? You could have a flag and a filter that redirects to > a "all broken" jsp if the app can't connect to the db? > > HTH > > Chris > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Overriding error page displayed when a context fails to initialize
> From: Sai Pullabhotla [mailto:sai.pullabho...@jmethods.com] > Subject: Re: Overriding error page displayed when a context fails to > initialize > What I'm looking for is a way to override the error pages of > Tomcat at the global level (not application/context specific) There's no such mechanism mostly because the servlet spec doesn't provide for one. The ROOT webapp becomes the catch-all, and you can put filters and generic error pages there. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
restricted utilization on "@WebServlet" annotation of Servlet 3.0
Dear Sirs,
Tomcat 7.0.14
Servlet 3.0
Windows XP SP3 x86版
My servlet programs with "@WebServlet" annotation have three problems as
follows:
1. A servlet program with "@WebServlet"
annotation(@WebServlet(name="HelloServlet", urlPatterns={"/hello"}))
cantnot be called from a browser with "http://localhost:8080/test/hello";.
2.When there are two servlet programs which have the same file name in the
different packages, a servlet program cannot work with the different
urlPatterns in "@WebServer" annotation. In order to make the program work,
the different file name is required.
3.A servlet program can be called by JSP program and it can call the same
JSP program. However, the same JSP program cannot call the same servlet
program again because "urlPatters" of the servlet program cannot be read.
Are these usages are correct under the present implementation of Servlet
3.0.. Or please tell me a technique to follow the specification of Servlet
3.0..
Regards
Noriko Etani
Kobe Institute of Computing, Japan
Email: et...@kic.ac.jp/kero...@kcn.ne.jp
restricted utilization on "@WebServlet" annotation of Servlet 3.0
Dear Sirs,
Tomcat 7.0.14
Servlet 3.0
Windows XP SP3 x86
My servlet programs with "@WebServlet" annotation have three problems as
follows:
1. A servlet program with "@WebServlet"
annotation(@WebServlet(name="HelloServlet", urlPatterns={"/hello"}))
cantnot be called from a browser with "http://localhost:8080/test/hello";.
2.When there are two servlet programs which have the same file name in the
different packages, a servlet program cannot work with the different
urlPatterns in "@WebServer" annotation. In order to make the program work,
the different file name is required.
3.A servlet program can be called by JSP program and it can call the same
JSP program. However, the same JSP program cannot call the same servlet
program again because "urlPatters" of the servlet program cannot be read.
Are these usages are correct under the present implementation of Servlet
3.0.. Or please tell me a technique to follow the specification of Servlet
3.0..
Regards
Noriko Etani
Kobe Institute of Computing, Japan
Email: et...@kic.ac.jp/kero...@kcn.ne.jp
Re: Performance & *SpareThreads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 McAfe, On 5/24/2011 3:01 AM, McAfe wrote: > Apache 2.2 (using mod_jk) > > The testing result I've use Jmeter (configured 100 thread per-second) it > will die when thread(Jmeter) between 200 ~ 300 AJP expects to have persistent connections. What is your Apache httpd configuration for StartServers/MinSpareServers/MaxSpareServers (for prefork MPM) or startServers/MinSpareThreads/MaxSpareThreads (for worker MPM)? What are you settings on the Tomcat side for your AJP ? > From the research get to know minSpareThreads and maxSpareThreads, after set > the configure it can handle more to 400 ~ 600 minSpareThreads and maxSpareThreads shouldn't be used when using AJP: you should be using the exact number configured on the httpd side. Otherwise, you risk AJP connections churning. > (1st) What is the minSpareThreads and maxSpareThreads is? [Unable to find > the description on tomcat 6.0 but able find for tomcat 5.5 as > http://tomcat.apache.org/tomcat-5.5-doc/config/http.html] Tomcat 6 and 7 no longer use these settings. If you want a dynamically-sized thread pool, use an instead. http://tomcat.apache.org/tomcat-6.0-doc/config/executor.html > (2nd) From read 1 by 1 at the forums about Performance tuning - tomcat, some > mention keep hit > 20k per seconds, how their do it? That depends a lot on what kind of load it was under. Serving static files is fast. Running database transactions is slow. Also, sizing the various pools can have an effect: you can max-out the throughput of a single client but still have plenty of CPU time and I/O time available on the server. If that's the case, make your connection pools bigger. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3b86gACgkQ9CaO5/Lv0PD/BgCgn4GRuqON8mS9Y0IO9j8ra0Ou TTgAn08U0AgGtpi6JE+nnk1OLNLlhzDK =zahv -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JkExtractSSL not sending SSL information to tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc, On 5/24/2011 11:39 AM, Marc Boorshtein wrote: > SSLOptions +StdEnvVars > SSLOptions +ExportCertData > > JkExtractSSL On > > I'm not entirely sure about the JkExtractSSL option, but some other mod_jk options are not copied into all virtual hosts. You might want to try moving the JkExtractSSL directive into (each of) your virtual host(s). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3b9E4ACgkQ9CaO5/Lv0PDqJACgnTonUznHMb9xcX4PCx7zz5Mi tHYAmwVGYv4xlD8c9OXcylJflFppkXyX =/Gsa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: restricted utilization on "@WebServlet" annotation of Servlet 3.0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kerotan,
On 5/24/2011 1:28 PM, kerotan wrote:
> Tomcat 7.0.14
> My servlet programs with "@WebServlet" annotation have three problems as
> follows:
> 1. A servlet program with "@WebServlet"
> annotation(@WebServlet(name="HelloServlet", urlPatterns={"/hello"}))
> cannot be called from a browser with "http://localhost:8080/test/hello";.
What is the result? Is this webapp deployed into the /test context path?
> 2. When there are two servlet programs which have the same file name in the
> different packages, a servlet program cannot work with the different
> urlPatterns in "@WebServer" annotation. In order to make the program work,
> the different file name is required.
A different file name, or a different "name" attribute chosen in the
@WebServlet annotation? The former makes no sense, while the latter
makes perfect sense.
> 3. A servlet program can be called by JSP program and it can call the same
> JSP program. However, the same JSP program cannot call the same servlet
> program again because "urlPatters" of the servlet program cannot be read.
Can you explain this in more detail? I do not understand.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3b9YMACgkQ9CaO5/Lv0PAT4gCgnWNIh8YPMuxarAHFJWerLRvn
vF0An1yFTXb3/SniQpO9c1D4i9mHjyss
=szFj
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Overriding error page displayed when a context fails to initialize
Caldarale, Charles R wrote: From: Sai Pullabhotla [mailto:sai.pullabho...@jmethods.com] Subject: Re: Overriding error page displayed when a context fails to initialize What I'm looking for is a way to override the error pages of Tomcat at the global level (not application/context specific) There's no such mechanism mostly because the servlet spec doesn't provide for one. The ROOT webapp becomes the catch-all, and you can put filters and generic error pages there. Would the following work, e.g. ? Suppose there are 3 webapps : app1, app2, app3, respectively deployed at (tomcat_dir)/webapps/app1 (tomcat_dir)/webapps/app2 (tomcat_dir)/webapps/app3 plus the default ROOT context deployed at (tomcat_dir)/webapps/ROOT and suppose you created 3 additional directories under webapps/ROOT, respectively (tomcat_dir)/webapps/ROOT/app1 (tomcat_dir)/webapps/ROOT/app2 (tomcat_dir)/webapps/ROOT/app3 The standard Tomcat setup defines, in (tomcat_dir)/conf/web.xml, a "welcome file list" as follows : index.html index.htm index.jsp So, in each of the above new directories, you deploy a "index.jsp" page, like (tomcat_dir)/webapps/ROOT/app1/index.jsp (tomcat_dir)/webapps/ROOT/app2/index.jsp (tomcat_dir)/webapps/ROOT/app3/index.jsp , each of these pages displaying a nice message like : "Sorry, this xyz application failed to deploy and is not available". Then what would happen is : - if all applications deploy properly, a request for the URL "/app1/x" would be mapped to the application "app1" - if app1 did not deploy properly, a request for the URL "/app1" would end up being mapped to the default ROOT application and its sub-directory "/ROOT/app1", thus returning the welcome page (tomcat_dir)/webapps/ROOT/app1/index.jsp, and the message. No ? (The above was for the basic principle, but I suppose one could optimise this, to avoid having to create these sub-directories and duplicating those error pages, by mapping these things more cleverly in ROOT's web.xml.) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Static Resources - Runtime Problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 5/24/2011 10:47 AM, Jay, Michael wrote: > I apologize for the insufficient data. The goal is to foward the > user to google.com to login and on successful authentication, reveal > the original page desired. The original author used a .jsp that > simply produces itself. But that's a separate issue--I think. I've > not been able to capture an exception when attempting to forward(). > Tomcat seems to go into a loop of some kind.--mj It looks more like the object graph has a /very/ long chain to get to the real request object. Can you post the /entire/ stack trace you get? What is the actual error? Probably a StackOverflowException or something like that. HttpServletRequestWrapper is a Servlet API class that can be used to wrap a request object. AFAIK, Tomcat does not use this class for anything unless you have explicitly configured Tomcat to attach a Filter to incoming requests. If you have many requests that forward to other resources that forward to other resources that forward... and so on, the request can be (inadvertently) wrapped multiple times. I didn't see *any* filter definitions in your web.xml so your code must be wrapping something at some point. A look at the full stack trace will help a bit. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3b93gACgkQ9CaO5/Lv0PAMcQCfXhUBsPGd6zDcU1MiFhFc8ouj xfAAnR+Zq+1gkkTQtVMS7xHZ/E7R1s+Q =BwFT -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Static Resources - Runtime Problems
I appreciate you trying to be helpful rather than otherwise. The current state of the code is simply an exploration, a debugging exercise, though one that is causing a lot of frustration and costing a lot of time. I'm not sure how to get the full trace. It goes beyond what I can capture in the console window and it doesn't appear in catalina.log--many more lines appear in the console. Perhaps tweaking the shortcut that starts tomcat to pipe to a file? Any suggestions on how to get that data for you? And to answer Charles and Martin, no, I haven't mapped the .htm to anything. Since it is not a servlet I didn't know that was necessary. If I have a test.htm file in the context root of this web app, how would I configure the and elements? I don't want the user to be able to access the page directly, I want a servlet to forward to it under the right conditions. I'll try again to isolate the error. mj -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, May 24, 2011 2:23 PM To: Tomcat Users List Subject: Re: Static Resources - Runtime Problems -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, On 5/24/2011 10:47 AM, Jay, Michael wrote: > I apologize for the insufficient data. The goal is to foward the > user to google.com to login and on successful authentication, reveal > the original page desired. The original author used a .jsp that > simply produces itself. But that's a separate issue--I think. I've > not been able to capture an exception when attempting to forward(). > Tomcat seems to go into a loop of some kind.--mj It looks more like the object graph has a /very/ long chain to get to the real request object. Can you post the /entire/ stack trace you get? What is the actual error? Probably a StackOverflowException or something like that. HttpServletRequestWrapper is a Servlet API class that can be used to wrap a request object. AFAIK, Tomcat does not use this class for anything unless you have explicitly configured Tomcat to attach a Filter to incoming requests. If you have many requests that forward to other resources that forward to other resources that forward... and so on, the request can be (inadvertently) wrapped multiple times. I didn't see *any* filter definitions in your web.xml so your code must be wrapping something at some point. A look at the full stack trace will help a bit. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3b93gACgkQ9CaO5/Lv0PAMcQCfXhUBsPGd6zDcU1MiFhFc8ouj xfAAnR+Zq+1gkkTQtVMS7xHZ/E7R1s+Q =BwFT -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Static Resources - Runtime Problems
> From: Jay, Michael [mailto:em...@ufl.edu] > Subject: RE: Static Resources - Runtime Problems > I haven't mapped the .htm to anything. Actually, you have: > > HRSurveyLogin > / > That will send everything to HRSurveyLogin, including anything it redirects or forwards. (Can you say, "infinite loop"?) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: JkExtractSSL not sending SSL information to tomcat
> Marc, > > On 5/24/2011 11:39 AM, Marc Boorshtein wrote: >> SSLOptions +StdEnvVars >> SSLOptions +ExportCertData >> >> JkExtractSSL On >> >> > > I'm not entirely sure about the JkExtractSSL option, but some other > mod_jk options are not copied into all virtual hosts. You might want to > try moving the JkExtractSSL directive into (each of) your virtual host(s). > > - -chris No changes. I looked at a wireshark trace and no ssl information was sent - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Static Resources - Runtime Problems
That was gnawing at the back of my mind a little bit. So how would you have an entry point servlet run at a simple address without consuming everything in that path? If the context is /hrsurvey and all the other servlets are mapped with that assumed as a prefix, can there not be anything mapped to /hrsurvey? If I'm looking foolish here it's worth it. Under a lot of pressure to make something work that I've never looked at before. I appreciate the insight. mj -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, May 24, 2011 4:07 PM To: Tomcat Users List Subject: RE: Static Resources - Runtime Problems > From: Jay, Michael [mailto:em...@ufl.edu] > Subject: RE: Static Resources - Runtime Problems > I haven't mapped the .htm to anything. Actually, you have: > > HRSurveyLogin > / > That will send everything to HRSurveyLogin, including anything it redirects or forwards. (Can you say, "infinite loop"?) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Control character in cookie value or attribute
This is super low priority, since I assume somebody is passing junk in a Set-Cookie header, but I'd love to get to the bottom of it (I'm of the "no request left behind" mindset), and I'm still in the dark about what Tomcat doesn't like about what it's being passed. Can you guys shed any light on what might evoke that "Control character in cookie value or attribute" error in 7.0.14? I still can't get my head wrapped around which ServerCookie.* property(ies) to tweak to try to figure this out. Thanks, Dan On Fri, May 20, 2011 at 4:56 PM, Dan Checkoway wrote: > Ah, thanks! To be honest I'm not sure which of those properties would work > around the "Control character in cookie value or attribute" exception. > > Maybe org.apache.tomcat.util.http. ServerCookie.FWD_SLASH_IS_SEPARATOR? I > can't tell if "Control character" means a literal non-printable character > (i.e. something between 0x00 and 0x1F), or something else like a \ getting > in there, like foo\nbar. > > Don't suppose it could be unicode in a cookie value that's causing this? > Which seems more plausible to you, 0x00 or unicode? > > And any specific suggestions for config tweaks would be much appreciated! > > Dan > > > > On Fri, May 20, 2011 at 3:56 PM, Caldarale, Charles R < > chuck.caldar...@unisys.com> wrote: > > > > > From: Dan Checkoway [mailto:dchecko...@gmail.com] > > > Subject: Control character in cookie value or attribute > > > > > I honestly have no idea if it's related to the tomcat version > > > or some legitimately wacked out Set-Cookie header coming in. > > > > Both, actually. Tomcat 7 is bit more picky about what it accepts for > cookies. You can control the behavior with the cookie-related properties > listed here: > > > > > http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification > > > > - Chuck > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > >
RE: Static Resources - Runtime Problems
Using a filter would insert the entry point of the Servlet into an entire path with the option of allowing/not allowing it to continue down the call chain. -->FilterA->FilterB->RealServlet | +->SomethingInteresting FilterA will have the ability to examine the request and pass it to some other logic (SomethingInteresting) and also abort the passing to FilterB and the RealServlet if required. This means that a call to /a/b/wooHoo can be examined/processed at the /a level, and then the /a/b level before it finally arrives at /a/b/wooHoo. Bill -Original Message- From: Jay, Michael [mailto:em...@ufl.edu] Sent: May 24, 2011 4:21 PM To: 'Tomcat Users List' Subject: RE: Static Resources - Runtime Problems That was gnawing at the back of my mind a little bit. So how would you have an entry point servlet run at a simple address without consuming everything in that path? If the context is /hrsurvey and all the other servlets are mapped with that assumed as a prefix, can there not be anything mapped to /hrsurvey? If I'm looking foolish here it's worth it. Under a lot of pressure to make something work that I've never looked at before. I appreciate the insight. mj -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, May 24, 2011 4:07 PM To: Tomcat Users List Subject: RE: Static Resources - Runtime Problems > From: Jay, Michael [mailto:em...@ufl.edu] > Subject: RE: Static Resources - Runtime Problems > I haven't mapped the .htm to anything. Actually, you have: > > HRSurveyLogin > / > That will send everything to HRSurveyLogin, including anything it redirects or forwards. (Can you say, "infinite loop"?) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value or attribute
On 24/05/2011 21:25, Dan Checkoway wrote: > This is super low priority, since I assume somebody is passing junk in a > Set-Cookie header, but I'd love to get to the bottom of it (I'm of the "no > request left behind" mindset), and I'm still in the dark about what Tomcat > doesn't like about what it's being passed. > > Can you guys shed any light on what might evoke that "Control character in > cookie value or attribute" error in 7.0.14? One of the huge benefits of Tomcat is that it is open source so, if you know where to look, you can just check the source code to see why Tomcat behaves the way it does. You have a stack trace so you know the file and line number. Take a look at line 192 (and the couple of lines above it) in the following file: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?view=annotate That file is from svn trunk but it hasn't changed since 7.0.14. > I still can't get my head wrapped around which ServerCookie.* property(ies) > to tweak to try to figure this out. Those aren't going to help you. If a control character is detected in the cookie header then the whole request is toast. Mark > > Thanks, > Dan > > On Fri, May 20, 2011 at 4:56 PM, Dan Checkoway wrote: > >> Ah, thanks! To be honest I'm not sure which of those properties would work >> around the "Control character in cookie value or attribute" exception. >> >> Maybe org.apache.tomcat.util.http. ServerCookie.FWD_SLASH_IS_SEPARATOR? I >> can't tell if "Control character" means a literal non-printable character >> (i.e. something between 0x00 and 0x1F), or something else like a \ getting >> in there, like foo\nbar. >> >> Don't suppose it could be unicode in a cookie value that's causing this? >> Which seems more plausible to you, 0x00 or unicode? >> >> And any specific suggestions for config tweaks would be much appreciated! >> >> Dan >> >> >> >> On Fri, May 20, 2011 at 3:56 PM, Caldarale, Charles R < >> chuck.caldar...@unisys.com> wrote: >>> From: Dan Checkoway [mailto:dchecko...@gmail.com] Subject: Control character in cookie value or attribute >>> I honestly have no idea if it's related to the tomcat version or some legitimately wacked out Set-Cookie header coming in. >>> >>> Both, actually. Tomcat 7 is bit more picky about what it accepts for >> cookies. You can control the behavior with the cookie-related properties >> listed here: >>> >>> >> http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification >>> >>> - Chuck >>> >>> >>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you received >> this in error, please contact the sender and delete the e-mail and its >> attachments from all computers. >>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Static Resources - Runtime Problems
On 24/05/2011 21:21, Jay, Michael wrote: > That was gnawing at the back of my mind a little bit. So how would you have > an entry point servlet run at a simple address without consuming everything > in that path? If the context is /hrsurvey and all the other servlets are > mapped with that assumed as a prefix, can there not be anything mapped to > /hrsurvey? You'd use an exact match (which takes precedence). > If I'm looking foolish here it's worth it. Under a lot of pressure to make > something work that I've never looked at before. I appreciate the insight. Rather than me copy and pasting a few pages of the spec here, I highly recommend that you read section 12 of the Servlet spec for info on how requests are mapped to servlets. Getting back to the original problem, it looks like something somewhere has managed to create an HttpRequestWrapper that wraps itself. That is going to be tricky to track down. How easy is this to reproduce? Can you figure out what triggers it from the access logs? Mark > > mj > > -Original Message- > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] > Sent: Tuesday, May 24, 2011 4:07 PM > To: Tomcat Users List > Subject: RE: Static Resources - Runtime Problems > >> From: Jay, Michael [mailto:em...@ufl.edu] >> Subject: RE: Static Resources - Runtime Problems > >> I haven't mapped the .htm to anything. > > Actually, you have: > >> >> HRSurveyLogin >> / >> > > That will send everything to HRSurveyLogin, including anything it redirects > or forwards. (Can you say, "infinite loop"?) > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Static Resources - Runtime Problems
Thanks! -Original Message- From: Bill Miller [mailto:millebi.subscripti...@gmail.com] Sent: Tuesday, May 24, 2011 4:32 PM To: 'Tomcat Users List' Subject: RE: Static Resources - Runtime Problems Using a filter would insert the entry point of the Servlet into an entire path with the option of allowing/not allowing it to continue down the call chain. -->FilterA->FilterB->RealServlet | +->SomethingInteresting FilterA will have the ability to examine the request and pass it to some other logic (SomethingInteresting) and also abort the passing to FilterB and the RealServlet if required. This means that a call to /a/b/wooHoo can be examined/processed at the /a level, and then the /a/b level before it finally arrives at /a/b/wooHoo. Bill -Original Message- From: Jay, Michael [mailto:em...@ufl.edu] Sent: May 24, 2011 4:21 PM To: 'Tomcat Users List' Subject: RE: Static Resources - Runtime Problems That was gnawing at the back of my mind a little bit. So how would you have an entry point servlet run at a simple address without consuming everything in that path? If the context is /hrsurvey and all the other servlets are mapped with that assumed as a prefix, can there not be anything mapped to /hrsurvey? If I'm looking foolish here it's worth it. Under a lot of pressure to make something work that I've never looked at before. I appreciate the insight. mj -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, May 24, 2011 4:07 PM To: Tomcat Users List Subject: RE: Static Resources - Runtime Problems > From: Jay, Michael [mailto:em...@ufl.edu] > Subject: RE: Static Resources - Runtime Problems > I haven't mapped the .htm to anything. Actually, you have: > > HRSurveyLogin > / > That will send everything to HRSurveyLogin, including anything it redirects or forwards. (Can you say, "infinite loop"?) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JkExtractSSL not sending SSL information to tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc, On 5/24/2011 4:13 PM, Marc Boorshtein wrote: >> Marc, >> >> On 5/24/2011 11:39 AM, Marc Boorshtein wrote: >>> SSLOptions +StdEnvVars >>> SSLOptions +ExportCertData >>> >>> JkExtractSSL On >>> >>> >> >> I'm not entirely sure about the JkExtractSSL option, but some other >> mod_jk options are not copied into all virtual hosts. You might want to >> try moving the JkExtractSSL directive into (each of) your virtual host(s). > > No changes. I looked at a wireshark trace and no ssl information was sent :( I've definitely gotten mod_jk to send the SSL certificate information over to Tomcat in the past, and I don't recall any herculean measures required to do so. See here for a recap of my efforts to get client-certs working in Tomcat: http://markmail.org/message/kzxsamuiu6bldjmv - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3cGygACgkQ9CaO5/Lv0PCQrgCfTrXNCtbgsZkJB/DsBNye9isf 1ywAmgJ/uFmay4Kw/2BB/ZPgaUat9w8z =ZHda -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JkExtractSSL not sending SSL information to tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc, On 5/24/2011 10:56 AM, Marc Boorshtein wrote: > I've setup a pretty generic httpd(2.2.19)+mod_jk to tomcat 6 on Oracle > Linux 5 (CentOS 5 equiv) with SSL setup. With JkExtractSSL and the > correct SSLOptions in the httpd configuration files. I can see the > SSL environment variables in /cgi-bin/printenv but no headers or > environment variables in the backend tomcat app. Am I missing > something? Something just tickled my brain, here: you said "environment variables or headers". The data stored in environment variables on the Apache httpd side are neither stored in environment variables (since the environment is shared, and a multi-threaded server would never work) nor in request headers (because that's not really appropriate). Instead, they are stored in the request /attributes/. Unfortunately, the mod_jk documentation doesn't make that clear. I'll try to find a reference, even if it's only in the source code. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3cHB8ACgkQ9CaO5/Lv0PBvmQCgjvNNbcH+Bq7kYKu5mLBtcKXn tHYAoJyJgNWUL+9qsUtStvZukjdjyySF =bpQP -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value or attribute
Ah, thanks! I see now that setting ALLOW_HTTP_SEPARATORS_IN_V0=true
bypasses that check in a few spots. Probably what Chuck was alluding
to in his reply...
The one spot it wouldn't bypass is line 292 in ServerCookie.java. You
guys could switch the order of the logical checks in there, i.e.:
-} else if (CookieSupport.isHttpToken(value) &&
-!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
-CookieSupport.isV0Token(value) &&
-CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
+} else if (!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
+CookieSupport.isHttpToken(value) ||
+CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
+CookieSupport.isV0Token(value)) {
...and I think that would pretty much solve the issue for me. Or at
least allow me to process the request and figure out what nastiness is
getting passed in the Set-Cookie value (presumably unicode).
Dan
On Tue, May 24, 2011 at 4:42 PM, Mark Thomas wrote:
> On 24/05/2011 21:25, Dan Checkoway wrote:
>> This is super low priority, since I assume somebody is passing junk in a
>> Set-Cookie header, but I'd love to get to the bottom of it (I'm of the "no
>> request left behind" mindset), and I'm still in the dark about what Tomcat
>> doesn't like about what it's being passed.
>>
>> Can you guys shed any light on what might evoke that "Control character in
>> cookie value or attribute" error in 7.0.14?
>
> One of the huge benefits of Tomcat is that it is open source so, if you
> know where to look, you can just check the source code to see why Tomcat
> behaves the way it does. You have a stack trace so you know the file and
> line number. Take a look at line 192 (and the couple of lines above it)
> in the following file:
> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/CookieSupport.java?view=annotate
>
> That file is from svn trunk but it hasn't changed since 7.0.14.
>
>> I still can't get my head wrapped around which ServerCookie.* property(ies)
>> to tweak to try to figure this out.
>
> Those aren't going to help you. If a control character is detected in
> the cookie header then the whole request is toast.
>
> Mark
>
>>
>> Thanks,
>> Dan
>>
>> On Fri, May 20, 2011 at 4:56 PM, Dan Checkoway wrote:
>>
>>> Ah, thanks! To be honest I'm not sure which of those properties would work
>>> around the "Control character in cookie value or attribute" exception.
>>>
>>> Maybe org.apache.tomcat.util.http. ServerCookie.FWD_SLASH_IS_SEPARATOR? I
>>> can't tell if "Control character" means a literal non-printable character
>>> (i.e. something between 0x00 and 0x1F), or something else like a \ getting
>>> in there, like foo\nbar.
>>>
>>> Don't suppose it could be unicode in a cookie value that's causing this?
>>> Which seems more plausible to you, 0x00 or unicode?
>>>
>>> And any specific suggestions for config tweaks would be much appreciated!
>>>
>>> Dan
>>>
>>>
>>>
>>> On Fri, May 20, 2011 at 3:56 PM, Caldarale, Charles R <
>>> chuck.caldar...@unisys.com> wrote:
> From: Dan Checkoway [mailto:dchecko...@gmail.com]
> Subject: Control character in cookie value or attribute
> I honestly have no idea if it's related to the tomcat version
> or some legitimately wacked out Set-Cookie header coming in.
Both, actually. Tomcat 7 is bit more picky about what it accepts for
>>> cookies. You can control the behavior with the cookie-related properties
>>> listed here:
>>> http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html#Specification
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>>> MATERIAL and is thus for use only by the intended recipient. If you received
>>> this in error, please contact the sender and delete the e-mail and its
>>> attachments from all computers.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JkExtractSSL not sending SSL information to tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc,
On 5/24/2011 4:59 PM, Christopher Schultz wrote:
> Instead, they are stored in the request /attributes/.
Specifically, these:
javax.servlet.request.cipher_suite - as a String
javax.servlet.request.key_size - as an Integer
javax.servlet.request.ssl_session - as a String
I'm not sure if you can get the SSL protocol (e.g. "SSLv3" vs. "TLSv1")
unless you use JkEnvVar to have mod_jk take the http-side's SSL_PROTOCOL
environment variable and send it over to Tomcat like this:
JkEnvVar SSL_PROTOCOL
Then you can get the protocol using request.getAttribute("SSL_PROTOCOL").
I would have expected JkExtractSSL On (which is the default) to
pre-populate a series of SSL-oriented attributes similar to the list
found at http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars but
that doesn't appear to be the case -- at least, the attributes cannot be
found under request.getAttribute("SSL_CIPHER"), etc. even when requested
directly (the mod_jk documentation says explicitly that these attribute
names will *not* be included in those returned by
request.getAttributeNames).
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3cIRkACgkQ9CaO5/Lv0PDt5wCfTd4cBJsxLLCL+87k72nmcpur
yV0AnRgb2Wr0tNnoRs8m6MKa7f6axmx2
=SvNT
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value or attribute
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan,
On 5/24/2011 5:09 PM, Dan Checkoway wrote:
> -} else if (CookieSupport.isHttpToken(value) &&
> -!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
> -CookieSupport.isV0Token(value) &&
> -CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
> +} else if (!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
> +CookieSupport.isHttpToken(value) ||
> +CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
> +CookieSupport.isV0Token(value)) {
Ooh... looks like that expression could use some parentheses, too.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3cIV8ACgkQ9CaO5/Lv0PCnLgCeMu4DbPnKULW5m5Hvm1b63c6i
XSwAn0IDD6jd5xmTKg+WhSuC4qPWULay
=tHC+
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value or attribute
I wasn't gonna say anything about that, but I did consult my "operator
precedence" reference while looking at it... :-) +1 on parens!
Dan
On Tue, May 24, 2011 at 5:21 PM, Christopher Schultz
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Dan,
>
> On 5/24/2011 5:09 PM, Dan Checkoway wrote:
>> - } else if (CookieSupport.isHttpToken(value) &&
>> - !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
>> - CookieSupport.isV0Token(value) &&
>> - CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
>> + } else if (!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
>> + CookieSupport.isHttpToken(value) ||
>> + CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
>> + CookieSupport.isV0Token(value)) {
>
> Ooh... looks like that expression could use some parentheses, too.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk3cIV8ACgkQ9CaO5/Lv0PCnLgCeMu4DbPnKULW5m5Hvm1b63c6i
> XSwAn0IDD6jd5xmTKg+WhSuC4qPWULay
> =tHC+
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Control character in cookie value or attribute
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: Control character in cookie value or attribute
> On 5/24/2011 5:09 PM, Dan Checkoway wrote:
> > -} else if (CookieSupport.isHttpToken(value) &&
> > -!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
> > -CookieSupport.isV0Token(value) &&
> > -CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
> > +} else if (!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
> > +CookieSupport.isHttpToken(value) ||
> > +CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
> > +CookieSupport.isV0Token(value)) {
> Ooh... looks like that expression could use some parentheses, too.
Doesn't absolutely require them, but...
I have a chart of C operator precedence on my wall; it's on two pages, and if I
have to look at the back side of the sheet to figure it out, the expression
should have parentheses. && and || are on the back side...
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
Re: JkExtractSSL not sending SSL information to tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc,
On 5/24/2011 5:20 PM, Christopher Schultz wrote:
> On 5/24/2011 4:59 PM, Christopher Schultz wrote:
>> Instead, they are stored in the request /attributes/.
>
> Specifically, these:
>
> javax.servlet.request.cipher_suite - as a String
> javax.servlet.request.key_size - as an Integer
> javax.servlet.request.ssl_session - as a String
The above are specified as part of the Servlet 3.0 Specification under
section 3.8. Not shown above (because I wasn't using a client
certificate for testing) is "javax.servlet.request.X509Certificate"
which is of type java.security.cert.X509Certificate[] (note the array type).
> I would have expected JkExtractSSL On (which is the default) to
> pre-populate a series of SSL-oriented attributes similar to the list
> found at http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#envvars but
> that doesn't appear to be the case
Looking at the mod_jk code, it appears that the only variables that are
included by using JkExtractSSL are those shown above. If you want more,
you'll have to use JkEnvVar.
I can confirm that "JkEnvVar SSL_PROTOCOL" will result in
request.getAttribute("SSL_PROTOCOL") returning "TLSv1" or whatever
secure protocol is in use for the current request.
Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3cJSkACgkQ9CaO5/Lv0PDBaACgjr4EKI49IyBMyObzwUHHFStm
VGEAnj2Yxu99GrYC+qvbIPfoSGcjXc+o
=FrAY
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value or attribute
Hope you don't mind...I opened a ticket for this:
https://issues.apache.org/bugzilla/show_bug.cgi?id=51260
Dan
On Tue, May 24, 2011 at 5:28 PM, Caldarale, Charles R
wrote:
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Subject: Re: Control character in cookie value or attribute
>
>> On 5/24/2011 5:09 PM, Dan Checkoway wrote:
>> > - } else if (CookieSupport.isHttpToken(value) &&
>> > - !CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
>> > - CookieSupport.isV0Token(value) &&
>> > - CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
>> > + } else if (!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
>> > + CookieSupport.isHttpToken(value) ||
>> > + CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
>> > + CookieSupport.isV0Token(value)) {
>
>> Ooh... looks like that expression could use some parentheses, too.
>
> Doesn't absolutely require them, but...
>
> I have a chart of C operator precedence on my wall; it's on two pages, and if
> I have to look at the back side of the sheet to figure it out, the expression
> should have parentheses. && and || are on the back side...
>
> - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value or attribute
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 5/24/2011 5:28 PM, Caldarale, Charles R wrote:
>> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
>> Subject: Re: Control character in cookie value or attribute
>
>> On 5/24/2011 5:09 PM, Dan Checkoway wrote:
>>> -} else if (CookieSupport.isHttpToken(value) &&
>>> -!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 ||
>>> -CookieSupport.isV0Token(value) &&
>>> -CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0) {
>>> +} else if (!CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
>>> +CookieSupport.isHttpToken(value) ||
>>> +CookieSupport.ALLOW_HTTP_SEPARATORS_IN_V0 &&
>>> +CookieSupport.isV0Token(value)) {
>
>> Ooh... looks like that expression could use some parentheses, too.
>
> Doesn't absolutely require them, but...
>
> I have a chart of C operator precedence on my wall; it's on two
> pages, and if I have to look at the back side of the sheet to figure
> it out, the expression should have parentheses. && and || are on the
> back side...
Yeah, my rules for operator precedence have always been, loosely:
Do not use parent (unless necessary) for these operators:
. -> ! ^ unary-
In expressions where the operators are unambiguous due to standard
mathematical expectations ( * and / versus + and -), parens are not
necessary.
In logical (boolean) expressions where all operators are the same (like
lots of && or lots of ||), no parens are necessary).
Everything else should use parens.
In Java, like C, && binds tighter than ||, which means that when Dan
switched the first two expression elements, he did not change the
meaning of the expression.
Dan, including parens in your patch would be a good thing :)
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3cLYwACgkQ9CaO5/Lv0PABlQCgtqFj8HqEFB+mSHzThSLxdbqb
a4wAn1Xvwb9jDfrTIx7ECAx+t6+jK+sC
=Dqcw
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JkExtractSSL not sending SSL information to tomcat
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marc,
On 5/24/2011 5:37 PM, Christopher Schultz wrote:
> Looking at the mod_jk code, it appears that the only variables that are
> included by using JkExtractSSL are those shown above. If you want more,
> you'll have to use JkEnvVar.
>
> I can confirm that "JkEnvVar SSL_PROTOCOL" will result in
> request.getAttribute("SSL_PROTOCOL") returning "TLSv1" or whatever
> secure protocol is in use for the current request.
I have clarified this in the mod_jk documentation in the trunk, so it
will be available in the documentation in the next release.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk3cLlIACgkQ9CaO5/Lv0PDb4gCfYpKsqWz0o6ufEdeT59rPwyS0
EhwAoIdLD6/XRwwcYJJq6dE2YDW3D7ao
=95l/
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JkExtractSSL not sending SSL information to tomcat
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc, On 5/24/2011 10:56 AM, Marc Boorshtein wrote: I've setup a pretty generic httpd(2.2.19)+mod_jk to tomcat 6 on Oracle Linux 5 (CentOS 5 equiv) with SSL setup. With JkExtractSSL and the correct SSLOptions in the httpd configuration files. I can see the SSL environment variables in /cgi-bin/printenv but no headers or environment variables in the backend tomcat app. Am I missing something? Something just tickled my brain, here: you said "environment variables or headers". The data stored in environment variables on the Apache httpd side are neither stored in environment variables (since the environment is shared, and a multi-threaded server would never work) nor in request headers (because that's not really appropriate). Instead, they are stored in the request /attributes/. Unfortunately, the mod_jk documentation doesn't make that clear. I'll try to find a reference, even if it's only in the source code. Checkup JkEnvVar. http://grokbase.com/topic/2007/04/19/howto-forward-user-name-from-apache-via-mod-jk-to-tomcat/00UYI-2ef5d4aI6oZhrQPFf3JD0 Funny, that.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Performance & *SpareThreads
Hi Chris, My reply as follows Mcafe[20110523] and thanks for the reply - McAfe Christopher Schultz-2 wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > McAfe, > > On 5/24/2011 3:01 AM, McAfe wrote: >> Apache 2.2 (using mod_jk) >> >> The testing result I've use Jmeter (configured 100 thread per-second) it >> will die when thread(Jmeter) between 200 ~ 300 > > AJP expects to have persistent connections. What is your Apache httpd > configuration for StartServers/MinSpareServers/MaxSpareServers (for > prefork MPM) or startServers/MinSpareThreads/MaxSpareThreads (for worker > MPM)? > > Mcafe[20110523]: Did not configure Apache so far target on Tomcat (as for > research from google and test the result in Apache not much different) > > What are you settings on the Tomcat side for your AJP ? > > Mcafe[20110523]: the follows is my setting for AJP > >maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" >connectionTimeout="2" >redirectPort="8443" /> > >> From the research get to know minSpareThreads and maxSpareThreads, after >> set >> the configure it can handle more to 400 ~ 600 > > minSpareThreads and maxSpareThreads shouldn't be used when using AJP: > you should be using the exact number configured on the httpd side. > Otherwise, you risk AJP connections churning. > > Mcafe[20110523]: Sorry no idea about this, as I'm new and wanted to learn > more. Fine tuning is not simple thing as just develop, hope you can give > me more example > >> (1st) What is the minSpareThreads and maxSpareThreads is? [Unable to find >> the description on tomcat 6.0 but able find for tomcat 5.5 as >> http://tomcat.apache.org/tomcat-5.5-doc/config/http.html] > > Tomcat 6 and 7 no longer use these settings. If you want a > dynamically-sized thread pool, use an instead. > http://tomcat.apache.org/tomcat-6.0-doc/config/executor.html > > Mcafe[20110523]: Yup saw the default setting in the server.xml but unable > to find any useful example for the setting tried and the result not much > different (from the testing) > > maxThreads="150" minSpareThreads="4"/> > >> (2nd) From read 1 by 1 at the forums about Performance tuning - tomcat, >> some >> mention keep hit > 20k per seconds, how their do it? > > That depends a lot on what kind of load it was under. Serving static > files is fast. Running database transactions is slow. Also, sizing the > various pools can have an effect: you can max-out the throughput of a > single client but still have plenty of CPU time and I/O time available > on the server. If that's the case, make your connection pools bigger. > > Mcafe[20110523]: Yup, the webapps have to grab data from database and > return according. I'm interesting with "you can max-out the throughput of > a > single client but still have plenty of CPU time and I/O time available > on the server. If that's the case, make your connection pools bigger." > > Can you explain more? > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk3b86gACgkQ9CaO5/Lv0PD/BgCgn4GRuqON8mS9Y0IO9j8ra0Ou > TTgAn08U0AgGtpi6JE+nnk1OLNLlhzDK > =zahv > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Performance---*SpareThreads-tp31687863p31696321.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
