Re: How to combine SPNEGO and BASIC authenticators?
Konstantin Krasnov wrote: Hello! How to combine SPNEGO and BASIC authenticators? Have a look at the ongoing discussion "RE: Regarding compatibility". - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding compatibility
Caldarale, Charles R wrote: From: David Kerber [mailto:dcker...@verizon.net] Subject: Re: Regarding compatibility It will be open source, right? Both open *and* closed source. But you won't know which until you download it and open the package... Furry source... Are we all going to be entangled in this? Mmm, that's an interesting thought. The DarkEnergy compiler should be entangling. This way, any modification to the source will be instantantly reflected in the object code (and all its copies), wherever they are. No more updates to download, every installation forever up-to-date etc. Think of the savings in bandwidth. Makes the revision process a bit tricky though. And need a disentangling backup utility. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: problems with performance with IIS 7.5 and Tomcat Connector
On 02.02.2012 10:04, Alex Samad - Yieldbroker wrote: I have 2 x W2k8r2 + NLB (Network load balancing) + IIS 7.5 + Tomcat Plugin => 2 x RHEL 6.1 + Jboss 7 (I think). (not setup in JBoss cluster mode) We have a .net client that talks to the IIS and then onto Jboss. We have been running some tests on our new setup. When we run client to Jboss node (just 1), we can create 1000 connections very fast, as in the client application open 1000 connections as fast as it cans and then starts to communicate from there. When we point out client at IIS (we started with 200 connection) we are seeing problems. 1) IIS reports 200 connection starting up just about instantly IIS reports or the redirector reports? Connections from client to IIS or from IIS to JBoss? 2) we have setup the virtual web site with 4 worker processes (as it's a 4 cpu machine), we see 4 process and lots of threads start up 3) I can see in the ajp logs that the connector is starting up But on the jboss node, counting the 8009 connections it takes a very long time for the connections to start up 2-3 every 3-4 seconds. Even the first ones, or in addition to the fast 200 ones? Note that the ISAPI redirector only starts a new backend connection if it needs one. There is no 1:1 relation between frontend and backend connections. Whenever a request arrives on a frontend connection, the redirector puts it on an available backend connection. If all of them are busy (waiting for responses), it creates a new backend connection until the pool limit is reached (which is 2000 in your case). If opening a new connection is slow I'd expect there to be a network or backend problem. You could trace using wireshark and see, what actually takes time (whether it is waiting for packets from the backend, or connections break or whatever). Now it might be that I had logging on in debug mode I did try in info mode and seemed to be just as bad. Debug log is only useful to debug. It kills performance. This is my connector config # Global Vars worker.maintain=60 worker.list=jbclb # JBoss cluser worker.jbclb.type=lb worker.jbclb.balance_workers=worker1, worker2 worker.jbclb.sticky_session=true worker.jbclb.method=Request # Template for all worker threads worker.template.type=ajp13 worker.template.port=8009 worker.template.ping_mode=A worker.template.ping_timeout=3 worker.template.connection_pool_size=2000 worker.template.connection_pool_minsize=100 worker.template.socket_keepalive=true worker.list=worker1 # worker 1 worker.worker1.host=10.32.25.251 worker.worker1.route=node1 worker.worker1.reference=worker.template worker.list=worker2 # worker 1 worker.worker2.route=node2 worker.worker2.host=10.32.25.252 worker.worker2.reference=worker.template ISAPA config file # Configuration file for the Jakarta ISAPI Redirector # The path to the ISAPI Redirector Extension, relative to the website # This must be in a virtual directory with execute privileges extension_uri=/jakarta/isapi_redirect.dll # Full path to the log file for the ISAPI Redirector log_file=C:\YB\Local\dev.com\Logs\ajpconfisapi_redirect.log # Log level (debug, info, warn, error or trace) #log_level=info log_level=warn #log_level=debug log_filesize=20M #log_rotationtime=86400 # Full path to the workers.properties file worker_file=C:\YB\Shared\dev.com\ajpconfig\workers.properties # Full path to the uriworkermap.properties file worker_mount_file=C:\YB\Shared\dev.com\ajpconfig\uriworkermap.properties # Rewrite rewrite_rule_file=C:\YB\Shared\dev.com\ajpconfig\\rewrite.properties #uri_select=proxy The performance so far of the connector seems to be rather bad, I am presuming it something I have setup, cause 200 connections shouldn't be that hard to handle. What do you mean by "bad performance": - response time without load - response times under load - maximum throughput in requests per second - something else? Usually performance problems more often come from the web apps. You could take a thread dump of JBoss while inducing load, to see what's happening there. Of course if the same performance measurement shows no problem using direct access, then we are back talking about the redirector. I am going to turn logging down to warn and see what happens. ... did info logging reveal anything interesting? I have noticed during this testing that when the connector crashes and it seems to do that quite regularly I have to stop and restart all of IIS not just the virtual site I attached the connector to. OK, that's something else and it seems the redirector does not really work well with IIS 7.5. I hope Tim or Mladen can comment. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to combine SPNEGO and BASIC authenticators?
Hello! How to combine SPNEGO and BASIC authenticators? Thanks. -- Konstantin Krasnov
RE: Regarding compatibility
> From: David Kerber [mailto:dcker...@verizon.net] > Subject: Re: Regarding compatibility > > > It will be open source, right? > > Both open *and* closed source. > But you won't know which until you download it and open the package... Furry source... Are we all going to be entangled in this? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding compatibility
On 2/2/2012 6:32 PM, Hassan Schroeder wrote: On Thu, Feb 2, 2012 at 3:12 PM, Donn Aiken wrote: It will be open source, right? Both open *and* closed source. But you won't know which until you download it and open the package... ( Radioactive Isotope and Hammer Not Included. ) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] Re: Regarding compatibility
[snip] > OpenQuantumLoopGravity. > >>> The problem is that nobody can look at the page without changing its > >>> content. > >> > >> LMAO That might be achievable. > >> > > Note that you could get over the issue which Chris mentioned, by > > having the response time be random. So you would either get a > > predictable page in an unpredictable time, or a random page within a > > predictable time. You just cannot get both. > Excellent analysis, Andre; it looks like you're qualified to be the dev team > leader > on this project! > > D Doesn't the nature of the problem / solution mean that is has already been done potentially maybe :) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Re: Regarding compatibility
On 2/2/2012 5:09 PM, André Warnier wrote: Pid wrote: On 02/02/2012 15:36, Christopher Schultz wrote: Pid, On 2/2/12 10:25 AM, Pid wrote: We should start an Incubator wiki proposal page for OpenQuantumLoopGravity. The problem is that nobody can look at the page without changing its content. LMAO That might be achievable. Note that you could get over the issue which Chris mentioned, by having the response time be random. So you would either get a predictable page in an unpredictable time, or a random page within a predictable time. You just cannot get both. Excellent analysis, Andre; it looks like you're qualified to be the dev team leader on this project! D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding compatibility
On Thu, Feb 2, 2012 at 3:12 PM, Donn Aiken wrote: > It will be open source, right? Both open *and* closed source. ( Radioactive Isotope and Hammer Not Included. ) -- Hassan Schroeder hassan.schroe...@gmail.com http://about.me/hassanschroeder twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding compatibility
On Feb 2, 2012 5:01 PM, "André Warnier" wrote: > > Pid wrote: >> >> On 02/02/2012 15:01, Christopher Schultz wrote: >>> >>> David, >>> >>> On 2/2/12 7:50 AM, David kerber wrote: On 2/2/2012 6:25 AM, Pid wrote: > > On 02/02/2012 10:27, bhawana rajpurohit wrote: >> >> Hi, >> >> This is to ask you that we have Apache 2.2.17 and tomcat >> 7.0.12. > > Why not upgrade to Apache HTTPD 2.2.22 and Apache Tomcat 7.0.25? > > Go on, it'll be fun! > > >> Kindy tell us that whether they are compatible with >> vtier(virtual Tier) architechture or not. > > Yes. Unless you're using quantum loop gravity. Is that open source? :D >>> >>> I think you want either OpenQuantumLoopGravity or GNQLG (GNU's Not >>> Quantum Loop Gravity). They are, of course, completely incompatible >>> with each other. >> >> >> We should start an Incubator wiki proposal page for OpenQuantumLoopGravity. >> > Oh yes. > The programming language could be called DarkEnergy, and the documentation be written in DarkMatter (and it would always include unwritten chapters, named black holes). The language should contain only string variables, but with enough methods and properties to make them super-strings. Numeric constants should be relative. Arithmetic expressions should be allowed to violate parity, in certain cases. It should also offer graphic primitives allowing to draw in at least 11 dimensions (of which up to 7 could be rolled-up). > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > +1 It will be open source, right?
Re: [OT] Re: Regarding compatibility
Pid wrote: On 02/02/2012 15:36, Christopher Schultz wrote: Pid, On 2/2/12 10:25 AM, Pid wrote: We should start an Incubator wiki proposal page for OpenQuantumLoopGravity. The problem is that nobody can look at the page without changing its content. LMAO That might be achievable. Note that you could get over the issue which Chris mentioned, by having the response time be random. So you would either get a predictable page in an unpredictable time, or a random page within a predictable time. You just cannot get both. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Reinstall with 302 error
-Original Message- From: Bilal S [mailto:bilal.so...@gmail.com] Sent: Saturday, January 28, 2012 10:09 AM To: Tomcat Users List Subject: Re: Reinstall with 302 error It would not be unusual for a page to redirect to itself. Have you tried an alternate connection mechanisms. Http proxy or BonCode ( http://tomcatiis.riaforge.org)? Does it behave the same? If this app works unmodified in Mac OSX, it should work in Windows. On Wed, Jan 25, 2012 at 5:08 PM, Benjamin Madore wrote: > Hi all, > >I have inherited a two web applications written several > years ago. Since the server, which had been installed just before I > arrived, > was rebuilt last month we have not been able to log in to the application. > We had continued to update Tomcat and Java before the rebuild so it was > running the latest versions at the time on Windows 2008. > > > > Previously we had been using IIS to redirect the site, however we installed > the Tomcat Connector. > > > > We use an SSL cert that has been installed in IIS. > > > > The index.jsp page loads fine, but other jsp pages in the site give an > error. Other sites have no problem, and I am able to view jsp pages with or > without https. > > > > One web app (the eli2117 and 2121 folders) won't load at all after the > login > page, and the other (dataSearch) appears normal, it will reload the login > page (related to a bug in the application, login was always flaky on it > unless you were logged into an instance of the former application). > > > > Other pages (the test directory) load fine. > > > > The eli app uses "response.sendRedirect("home.jsp");" in the login process; > but it appears to me that even login.jsp is not being recognized from the > form submit. > > > > We have a test server running Tomcat 6 and MacOS 10.4 where the application > works fine. I understand there is a big difference between the two, but the > budget for upgrades is thin around here. As I said before, it ran in the > current environment prior to the rebuild. > > > > I would appreciate any hints on where to go from here on fixing the > problem. > > > > Attached are log snippets. > > > > Thanks, > > Ben Madore > > > > Research Programmer, Linguistics Dpt. > > University of Pittsburgh, Cathedral of Learning > > > > 136.142.248.135 - - [24/Jan/2012:14:02:12 -0500] "GET /eli2121/ HTTP/1.1" > 200 6501 > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "POST /eli2121/login.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > 136.142.248.135 - - [24/Jan/2012:14:02:20 -0500] "GET /eli2121/home.jsp > HTTP/1.1" 302 - > > > > 107.9.135.86 - - [25/Jan/2012:00:37:31 -0500] "GET > /eli2117/course.jsp?action=submit&file_type_id=1 HTTP/1.1" 302 - > > 107.9.135.86 - - [25/Jan/2012:00:37:32 -0500] "GET /eli2117/home.jsp > HTTP/1.1" 302 - > > 107.9.135.86 - - [25/Jan/2012:00:37:32 -0500] "GET /eli2117/home.jsp > HTTP/1.1" 302 - > > 107.9.135.86 - - [25/Jan/2012:00:37:32 -0500] "GET /eli2117/home.jsp > HTTP/1.1" 302 - > > 107.9.135.86 - - [25/Jan/2012:00:37:32 -0500] "GET /eli2117/home.jsp > HTTP/1.1" 302 - > > 107.9.135.86 - - [25/Jan/2012:00:37:32 -0500] "GET /eli2117/home.jsp > HTTP/1.1" 302 - > > 107.9.135.86 - - [25/Jan/2012:00:37:32 -0500] "GET /eli2117/home.
Re: Regarding compatibility
Pid wrote: On 02/02/2012 15:01, Christopher Schultz wrote: David, On 2/2/12 7:50 AM, David kerber wrote: On 2/2/2012 6:25 AM, Pid wrote: On 02/02/2012 10:27, bhawana rajpurohit wrote: Hi, This is to ask you that we have Apache 2.2.17 and tomcat 7.0.12. Why not upgrade to Apache HTTPD 2.2.22 and Apache Tomcat 7.0.25? Go on, it'll be fun! Kindy tell us that whether they are compatible with vtier(virtual Tier) architechture or not. Yes. Unless you're using quantum loop gravity. Is that open source? :D I think you want either OpenQuantumLoopGravity or GNQLG (GNU's Not Quantum Loop Gravity). They are, of course, completely incompatible with each other. We should start an Incubator wiki proposal page for OpenQuantumLoopGravity. Oh yes. The programming language could be called DarkEnergy, and the documentation be written in DarkMatter (and it would always include unwritten chapters, named black holes). The language should contain only string variables, but with enough methods and properties to make them super-strings. Numeric constants should be relative. Arithmetic expressions should be allowed to violate parity, in certain cases. It should also offer graphic primitives allowing to draw in at least 11 dimensions (of which up to 7 could be rolled-up). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Two auth methods for one application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jan, On 2/2/12 11:05 AM, Jan Vávra wrote: > I'm trying to do SSL or Basic auth. This is slightly different: SSL > or Form auth. How I'm thinking about that basic vs. form auth > should be the only one difference. I'll explore this. The code posted on the wiki is essentially what I proposed, except that it's not configurable: the SSL + Form is hard-coded. It should be trivial to change that from FormAuthenticator to BasicAuthenticator. If this were configurable and a true CombinedAuthenticator, I think it would be really useful to the Tomcat community and I would support its addition to the core product. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8rAOYACgkQ9CaO5/Lv0PBmiQCgg5NXeG9iX3hZCcaTxiilFzN4 2E8AoLdVdQC1w5lCxey2bve5FfvTGRmf =ajhe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] problems with performance with IIS 7.5 and Tomcat Connector
On 02/02/2012 20:19, Bilal S wrote: > I am willing to learn but finding the Apache related processes > singularly difficult to deal with. We are working with mailing list, > in the age of websites and social media. Correct. This is deliberate. Mailing lists are the lowest common denominator and allow the widest possible participation. Not everyone has an always on internet connection with high bandwidth. For those folks with bandwidth to spare that prefer a forum interface, there are third parties that provide it. I love that the tools we use at the ASF work just as well when I (or anyone else) is at the end of a very slow mobile data connection in the middle of almost nowhere even though trying to view a web page from the same place is pretty much impossible these days. > There is no easy to find contact form anywhere on the Apache > websites. Also correct. The primary form of communication within Apache communities are the mailing lists and these should be obviously linked from each project's home page. In Tomcat's case, you'll find the forum based interfaces linked from the same place. > Yet, there seems to be a lot emotions floating around in this list. With a high a volume mailing list such as this, there is an expectation that folks follow [1] and a distinct lack of patience for folks that continue to ignore that excellent advice after they have been pointed towards it. > This in a way is good. It speaks of passion and dedication. I would > ask that this passion is directed toward assistance and innovation. > This probably will go farther than anything else. > > Feel free to email me directly if you want to chat. Off-list communication is discouraged. This is a single community that communicates through the project mailing lists. This is particularly important on the dev list. A key element of the "Apache Way" is: "If it didn't happen on the list, it didn't happen". Mark [1] http://catb.org/esr/faqs/smart-questions.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] problems with performance with IIS 7.5 and Tomcat Connector
> >> > > > > If you believe that the problem is localized around the connector have > you > > tried to bypass it to verify that assumption and create a baseline? > > If you used IIS HTTP proxy what are the results? > > If you were hitting the tomcat servers on HTTP directly (no IIS) what are > > the results? > > If you used an alternate connector (BonCode) (I dare not write the URL > > since then the Tomcat guys are going to jump on me for daring to suggest > > other solutions not invented here) > > I'll bite. > > 1. Bilal announces release of his (?) connector. > 2. Bilal responds to a user configuration problem by suggesting they > uses another connector, the one referred to in #1. > 3. Repeat #2. > > > Personally* I don't object to you promoting your(?) project here. > > It's just that not disclosing that when you're helping another user by > suggesting they use your(?) project instead of fixing the actual issue > seems a bit off. > > > p > > * I'm one person, it's just my own view > ==> Thank you for sharing. I appreciate your comments. I will highlight this in subsequent interactions. In the end, I am trying to help. If any of my projects can assist, I consider it gravy but not the end goal. After all, my name being unique would have made this obvious to anyone who can handle a command prompt. You will also note that I am asking for collection of data to diagnose the issues given. I hope you do not consider data collection and analysis counterproductive and relegate this to "not fixin the issue". I am willing to learn but finding the Apache related processes singularly difficult to deal with. We are working with mailing list, in the age of websites and social media. Yahoo groups met the light of day in the late 90's yet there is no web-forum available. There is no easy to find contact form anywhere on the Apache websites. Yet, there seems to be a lot emotions floating around in this list. This in a way is good. It speaks of passion and dedication. I would ask that this passion is directed toward assistance and innovation. This probably will go farther than anything else. Feel free to email me directly if you want to chat.
RE: [OT] problems with performance with IIS 7.5 and Tomcat Connector
>> If you believe that the problem is localized around the connector have you >> tried to bypass it to verify that assumption and create >> a baseline? Yes, thought I mentioned we went directly to tomcat/jboss and were able to open 1000 connection within a couple of sec's >> If you used IIS HTTP proxy what are the results? Haven't spent the time to get it to work... >> If you were hitting the tomcat servers on HTTP directly (no IIS) what are >> the results? See above >> If you used an alternate connector (BonCode) (I dare not write the URL since >> then the Tomcat guys are going to jump on me for >> daring to suggest other >> solutions not invented here) what are the results? Looked at it, but it seems to be a version 1.00rc, first thought not mature enough to put in to production >> >> If all is similar, then, looking at the JBoss side for performance >> optimization would probably a good idea. Definitely IIS/Connector problem ! Thanks Ps I hate using outlook for mailing lists grrr - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] problems with performance with IIS 7.5 and Tomcat Connector
On 2 Feb 2012, at 16:09, Bilal S wrote: > On Thu, Feb 2, 2012 at 5:06 AM, Mark Thomas wrote: > >> On 02/02/2012 09:57, André Warnier wrote: >>> Alex Samad - Yieldbroker wrote: Hi Hopefully this is the right list :) >>> >>> Actually I don't know, but I would also like to know. >>> I have noticed previously on this list, that whenever someone mentions >>> JBoss, some of the people here (Tomcat developers ?) >> >> In the most recent case, it was a JBoss/Tomcat developer who responded > > > >>> seem to react quite >>> strongly, and tell the poster curtly to go ask their question on the >>> JBoss support list. >>> >> > ==> > I agree that support objective of this list is sometimes overshadowed by > personal egos and short-circuited responses. I have observed this regularly > but believe that the persons responsible have the right intent, just not > the maturity required. > We are all trying to learn and help each other in the end. > > >>> On the other hand, it seems to be so that JBoss is a server software >>> which uses Tomcat as the underlying servlet engine. (But maybe also I am >>> mistaken there, I do not really know JBoss). >> >> JBoss used to embed Tomcat directly. Some time ago (before Tomcat 7 - >> Remy would know exactly when) JBoss opted to fork Tomcat. I believe (I >> haven't looked) that the code bases remain similar in many areas but >> there are some significant differences. For example, the Servlet 3 >> implementations are likely to be very different. >> >> I don't see any issue with JBoss questions here up to the point that it >> is apparent that the issue is in an area where the JBoss fork has >> diverged. Then the JBoss support forums would be a better place to seek >> help. >> >> Agreed. > > >>> In any case, there seems to be more to it than meets the eye of the >>> naive subscriber that I am. So it would be nice if someone here provided >>> some clarity on the matter. >> >> The above is the best I can do short of doing a diff between the JBoss >> code and Tomcat code. >> >>> Anyway, from your description of the matter and of the configuration >>> files, it seems that your question is at least to a large extent related >>> to the isapi_redirect IIS plugin, which is developed by some of the >>> people on this list, and thus for which this list is the right place for >>> your questions, as far as I know. >> >> +1. >> > > If you believe that the problem is localized around the connector have you > tried to bypass it to verify that assumption and create a baseline? > If you used IIS HTTP proxy what are the results? > If you were hitting the tomcat servers on HTTP directly (no IIS) what are > the results? > If you used an alternate connector (BonCode) (I dare not write the URL > since then the Tomcat guys are going to jump on me for daring to suggest > other solutions not invented here) I'll bite. 1. Bilal announces release of his (?) connector. 2. Bilal responds to a user configuration problem by suggesting they uses another connector, the one referred to in #1. 3. Repeat #2. Personally* I don't object to you promoting your(?) project here. It's just that not disclosing that when you're helping another user by suggesting they use your(?) project instead of fixing the actual issue seems a bit off. p * I'm one person, it's just my own view > what are the results? > > If all is similar, then, looking at the JBoss side for performance > optimization would probably a good idea. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] problems with performance with IIS 7.5 and Tomcat Connector
On Thu, Feb 2, 2012 at 5:06 AM, Mark Thomas wrote: > On 02/02/2012 09:57, André Warnier wrote: > > Alex Samad - Yieldbroker wrote: > >> Hi > >> > >> > >> > >> Hopefully this is the right list :) > > > > Actually I don't know, but I would also like to know. > > I have noticed previously on this list, that whenever someone mentions > > JBoss, some of the people here (Tomcat developers ?) > > In the most recent case, it was a JBoss/Tomcat developer who responded > > seem to react quite > > strongly, and tell the poster curtly to go ask their question on the > > JBoss support list. > > > ==> I agree that support objective of this list is sometimes overshadowed by personal egos and short-circuited responses. I have observed this regularly but believe that the persons responsible have the right intent, just not the maturity required. We are all trying to learn and help each other in the end. > > On the other hand, it seems to be so that JBoss is a server software > > which uses Tomcat as the underlying servlet engine. (But maybe also I am > > mistaken there, I do not really know JBoss). > > JBoss used to embed Tomcat directly. Some time ago (before Tomcat 7 - > Remy would know exactly when) JBoss opted to fork Tomcat. I believe (I > haven't looked) that the code bases remain similar in many areas but > there are some significant differences. For example, the Servlet 3 > implementations are likely to be very different. > > I don't see any issue with JBoss questions here up to the point that it > is apparent that the issue is in an area where the JBoss fork has > diverged. Then the JBoss support forums would be a better place to seek > help. > > Agreed. > > In any case, there seems to be more to it than meets the eye of the > > naive subscriber that I am. So it would be nice if someone here provided > > some clarity on the matter. > > The above is the best I can do short of doing a diff between the JBoss > code and Tomcat code. > > > Anyway, from your description of the matter and of the configuration > > files, it seems that your question is at least to a large extent related > > to the isapi_redirect IIS plugin, which is developed by some of the > > people on this list, and thus for which this list is the right place for > > your questions, as far as I know. > > +1. > If you believe that the problem is localized around the connector have you tried to bypass it to verify that assumption and create a baseline? If you used IIS HTTP proxy what are the results? If you were hitting the tomcat servers on HTTP directly (no IIS) what are the results? If you used an alternate connector (BonCode) (I dare not write the URL since then the Tomcat guys are going to jump on me for daring to suggest other solutions not invented here) what are the results? If all is similar, then, looking at the JBoss side for performance optimization would probably a good idea.
Re: Two auth methods for one application
On 02/02/2012 15:00, Christopher Schultz wrote: Jan, On 2/2/12 6:26 AM, Jan Vávra wrote: Is it possible to configure tomcat to call both variants of functions? I'd like to write something like CLIENT-CERT or BASIC. The servlet spec doesn't support anything like this. I think what you'll have to do is write your own Authenticator. You can configure your own Authenticator by registering a that is an Authenticator in your webapp's. Just write your own code and register it using. You can look at the documentation for, say, BasicAuthenticatorValve: http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Basic_Authenticator_Valve And you're going to want to extend AuthenticatorBase. Tomcat has a "CombinedRealm" which allows authentication against one of several sub-realms (like LDAP /or/ JDBC), but does not have a CombinedAuthenticator, which might be a useful addition. If you come up with something that works, consider donating it to the project. Jan, are you trying to achieve something like: http://wiki.apache.org/tomcat/SSLWithFORMFallback ? I'm trying to do SSL or Basic auth. This is slightly different: SSL or Form auth. How I'm thinking about that basic vs. form auth should be the only one difference. I'll explore this. Thanks. Jan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] Re: Regarding compatibility
On 02/02/2012 15:36, Christopher Schultz wrote: > Pid, > > On 2/2/12 10:25 AM, Pid wrote: >> We should start an Incubator wiki proposal page for >> OpenQuantumLoopGravity. > > The problem is that nobody can look at the page without changing its > content. LMAO That might be achievable. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Two auth methods for one application
On 02/02/2012 15:34, Christopher Schultz wrote: > Pid, > > On 2/2/12 10:28 AM, Pid wrote: >> On 02/02/2012 15:00, Christopher Schultz wrote: >>> Tomcat has a "CombinedRealm" which allows authentication against >>> one of several sub-realms (like LDAP /or/ JDBC), but does not >>> have a CombinedAuthenticator, which might be a useful addition. >>> If you come up with something that works, consider donating it to >>> the project. > >> Jan, are you trying to achieve something like: > >> http://wiki.apache.org/tomcat/SSLWithFORMFallback > > Good call. I didn't know that was in the Wiki. Or even: http://wiki.apache.org/tomcat/SSLWithFORMFallback6 note the +6 p > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: help debug cluster error --java.net.BindException: Cannot assign requested address
On 02/02/2012 15:34, Randy Paries wrote: > Pid > so tcpListenAddress should be the IP of the machine correct? > > thanks thats probably it Yep. p > On Thu, Feb 2, 2012 at 5:28 AM, Pid wrote: >> On 02/02/2012 10:17, Randy Paries wrote: >>> Hello, >>> I have two centos servers running tomcat 5.5 (yeah i know its old) >>> >>> one of the servers died and i had to rebuild from scratch. Everything >>> is working but the clustering. >>> >>> is there anything between the cluster configs that needs to be >>> different? I just copied one to the other. I had it working ok before >>> server 2 crashed, so i know server 1 is configured ok and that is what >>> i copied from >>> >>> when i start tomcat i get >>> >>> SEVERE: Unable to start cluster listener. >>> java.net.BindException: Cannot assign requested address >>> at sun.nio.ch.Net.bind(Native Method) >>> at >>> sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119) >>> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59) >>> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:52) >>> at >>> org.apache.catalina.cluster.tcp.ReplicationListener.listen(ReplicationListener.java:120) >>> at >>> org.apache.catalina.cluster.tcp.ClusterReceiverBase.run(ClusterReceiverBase.java:394) >>> at java.lang.Thread.run(Thread.java:595) >>> >>> when i created the new server i just copied the tomcat dir and placed >>> it on the rebuild server. >>> in my server.xml(see below) i put an ip in tcpListenAddress instead >>> of auto because i have muiltiple IPS >>> >>> any suggestions on how to debug this? >>> >>> thanks for any help >>> >>> >> className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" >>> doClusterLog="true" >>> clusterLogName="clusterlog" >>> >>> managerClassName="org.apache.catalina.cluster.session.DeltaManager" >>> expireSessionsOnShutdown="false" >>> useDirtyFlag="true" >>> notifyListenersOnReplication="true"> >>> >>> >> className="org.apache.catalina.cluster.mcast.McastService" >>> mcastAddr="228.0.0.9" >>> mcastPort="45564" >>> mcastFrequency="500" >>> recoveryEnabled="true" >>> mcastDropTime="3000"/> >>> >>> >> >>> className="org.apache.catalina.cluster.tcp.ReplicationListener" >>> tcpListenAddress="192.168.0.203" >>> tcpListenPort="4001" >>> tcpSelectorTimeout="100" >>> tcpThreadCount="35"/> >> >> Is the IP address above correct (192.168.0.203) for this server? >> You stated that you 'just copied it' - if you didn't change the IP, it's >> probably not correct. >> >> >> p >> >>> >> >>> className="org.apache.catalina.cluster.tcp.ReplicationTransmitter" >>>replicationMode="pooled" >>> ackTimeout="15000"/> >>> >>> >> className="org.apache.catalina.cluster.tcp.ReplicationValve" >>> >>> filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;.*\.pdf;\*.wav;\*.mp3;"/> >>> >>> >> className="org.apache.catalina.cluster.session.ClusterSessionListener"/> >>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> >> -- >> >> [key:62590808] >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Regarding compatibility
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 2/2/12 10:25 AM, Pid wrote: > We should start an Incubator wiki proposal page for > OpenQuantumLoopGravity. The problem is that nobody can look at the page without changing its content. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8qrYgACgkQ9CaO5/Lv0PCqxQCdErDxNUSoSlgAdj+o/Q8nl3uM x8wAn3kuN1zEVMQOBAfu1hks5ye1Eu+L =FbJf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Two auth methods for one application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 2/2/12 10:28 AM, Pid wrote: > On 02/02/2012 15:00, Christopher Schultz wrote: >> Tomcat has a "CombinedRealm" which allows authentication against >> one of several sub-realms (like LDAP /or/ JDBC), but does not >> have a CombinedAuthenticator, which might be a useful addition. >> If you come up with something that works, consider donating it to >> the project. > > Jan, are you trying to achieve something like: > > http://wiki.apache.org/tomcat/SSLWithFORMFallback Good call. I didn't know that was in the Wiki. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8qrRsACgkQ9CaO5/Lv0PCoRACfWOllUHVUbsi0StznMuGkNdky OL4An1LsfgpwFFW+77cahL8ooYoXWyYZ =HOsX -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: help debug cluster error --java.net.BindException: Cannot assign requested address
Pid so tcpListenAddress should be the IP of the machine correct? thanks thats probably it On Thu, Feb 2, 2012 at 5:28 AM, Pid wrote: > On 02/02/2012 10:17, Randy Paries wrote: >> Hello, >> I have two centos servers running tomcat 5.5 (yeah i know its old) >> >> one of the servers died and i had to rebuild from scratch. Everything >> is working but the clustering. >> >> is there anything between the cluster configs that needs to be >> different? I just copied one to the other. I had it working ok before >> server 2 crashed, so i know server 1 is configured ok and that is what >> i copied from >> >> when i start tomcat i get >> >> SEVERE: Unable to start cluster listener. >> java.net.BindException: Cannot assign requested address >> at sun.nio.ch.Net.bind(Native Method) >> at >> sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119) >> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59) >> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:52) >> at >> org.apache.catalina.cluster.tcp.ReplicationListener.listen(ReplicationListener.java:120) >> at >> org.apache.catalina.cluster.tcp.ClusterReceiverBase.run(ClusterReceiverBase.java:394) >> at java.lang.Thread.run(Thread.java:595) >> >> when i created the new server i just copied the tomcat dir and placed >> it on the rebuild server. >> in my server.xml(see below) i put an ip in tcpListenAddress instead >> of auto because i have muiltiple IPS >> >> any suggestions on how to debug this? >> >> thanks for any help >> >> > doClusterLog="true" >> clusterLogName="clusterlog" >> >> managerClassName="org.apache.catalina.cluster.session.DeltaManager" >> expireSessionsOnShutdown="false" >> useDirtyFlag="true" >> notifyListenersOnReplication="true"> >> >> > className="org.apache.catalina.cluster.mcast.McastService" >> mcastAddr="228.0.0.9" >> mcastPort="45564" >> mcastFrequency="500" >> recoveryEnabled="true" >> mcastDropTime="3000"/> >> >> > >> className="org.apache.catalina.cluster.tcp.ReplicationListener" >> tcpListenAddress="192.168.0.203" >> tcpListenPort="4001" >> tcpSelectorTimeout="100" >> tcpThreadCount="35"/> > > Is the IP address above correct (192.168.0.203) for this server? > You stated that you 'just copied it' - if you didn't change the IP, it's > probably not correct. > > > p > >> > >> className="org.apache.catalina.cluster.tcp.ReplicationTransmitter" >> replicationMode="pooled" >> ackTimeout="15000"/> >> >> > className="org.apache.catalina.cluster.tcp.ReplicationValve" >> >> filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;.*\.pdf;\*.wav;\*.mp3;"/> >> >> > className="org.apache.catalina.cluster.session.ClusterSessionListener"/> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > -- > > [key:62590808] > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Two auth methods for one application
On 02/02/2012 15:00, Christopher Schultz wrote: > Jan, > > On 2/2/12 6:26 AM, Jan Vávra wrote: >> Is it possible to configure tomcat to call both variants of >> functions? I'd like to write something like >> CLIENT-CERT or BASIC. > > The servlet spec doesn't support anything like this. I think what > you'll have to do is write your own Authenticator. You can configure > your own Authenticator by registering a that is an > Authenticator in your webapp's . Just write your own code and > register it using . > > You can look at the documentation for, say, BasicAuthenticatorValve: > http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Basic_Authenticator_Valve > > And you're going to want to extend AuthenticatorBase. > > Tomcat has a "CombinedRealm" which allows authentication against one > of several sub-realms (like LDAP /or/ JDBC), but does not have a > CombinedAuthenticator, which might be a useful addition. If you come > up with something that works, consider donating it to the project. Jan, are you trying to achieve something like: http://wiki.apache.org/tomcat/SSLWithFORMFallback ? p > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Regarding compatibility
On 02/02/2012 15:01, Christopher Schultz wrote: > David, > > On 2/2/12 7:50 AM, David kerber wrote: >> On 2/2/2012 6:25 AM, Pid wrote: >>> On 02/02/2012 10:27, bhawana rajpurohit wrote: Hi, This is to ask you that we have Apache 2.2.17 and tomcat 7.0.12. >>> >>> Why not upgrade to Apache HTTPD 2.2.22 and Apache Tomcat 7.0.25? >>> >>> Go on, it'll be fun! >>> >>> Kindy tell us that whether they are compatible with vtier(virtual Tier) architechture or not. >>> >>> Yes. Unless you're using quantum loop gravity. > >> Is that open source? :D > > I think you want either OpenQuantumLoopGravity or GNQLG (GNU's Not > Quantum Loop Gravity). They are, of course, completely incompatible > with each other. We should start an Incubator wiki proposal page for OpenQuantumLoopGravity. p > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Correct behavior while checking the thread binding in DirContextURLStreamHandler ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, > On 01/02/2012 11:50, Ivan wrote: >> 2012/2/1 Christopher Schultz >> >> Of course, you still need to check for null after the loop, so >> it's not like the change really affects anything other than minor >> readability. > > No sure whether I understood you clearly, if a context is binding > on the current thread, and current context classloader has parent > classloader, current get method will throw an > IllegalStateException. So my question is that, in this scenario, > should the context binded on the thread be ignored ? I did not find > too many comments on the svn log, while I guess that the logic may > be : a. Check whether there is a context binding on the current > context classloader, if does, return it. b. Check whether there is > a context binding on the current thread, if does, return it. c. > Check whether there is a context binding on the classloader tree of > the current context classloader, if does return it. d. Throw an > IllegalStateException. I still can't figure out if you think there's an actual bug here. Is the problem that you object to illogical code? Is there a branch that does not need to exist because you can prove that a certain situation will never arise? I find this kind of thing sometimes when using FindBugs: fb will tell me that a certain local variable being checked for null somewhere results in dead-code in the body of the if, like this: if(null != conn) { conn.close(); } fb says that "conn" can never be non-null here, so the code is dead. I always tell fb to ignore that because I don't want to modify the code sometime in the future such that "conn" *might* be null and forget to add the null-check (or conn.close) back into the code. Defensive programming sometimes results in illogical code. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8qptMACgkQ9CaO5/Lv0PCV+ACeIx3y69FvjIbaasS2seLtDqm4 lEUAnipaSpnrn1Figs0TQ9ucS+FN3+5I =nWlV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding compatibility
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 2/2/12 7:50 AM, David kerber wrote: > On 2/2/2012 6:25 AM, Pid wrote: >> On 02/02/2012 10:27, bhawana rajpurohit wrote: >>> Hi, >>> >>> This is to ask you that we have Apache 2.2.17 and tomcat >>> 7.0.12. >> >> Why not upgrade to Apache HTTPD 2.2.22 and Apache Tomcat 7.0.25? >> >> Go on, it'll be fun! >> >> >>> Kindy tell us that whether they are compatible with >>> vtier(virtual Tier) architechture or not. >> >> Yes. Unless you're using quantum loop gravity. > > Is that open source? :D I think you want either OpenQuantumLoopGravity or GNQLG (GNU's Not Quantum Loop Gravity). They are, of course, completely incompatible with each other. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8qpWIACgkQ9CaO5/Lv0PCd0QCaA0tVykUC/SZTsPhJf+miDz2v NTAAn1gQFnI6t5F4kxyojldrEOMza5c+ =elcs -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Two auth methods for one application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jan, On 2/2/12 6:26 AM, Jan Vávra wrote: > Is it possible to configure tomcat to call both variants of > functions? I'd like to write something like > CLIENT-CERT or BASIC. The servlet spec doesn't support anything like this. I think what you'll have to do is write your own Authenticator. You can configure your own Authenticator by registering a that is an Authenticator in your webapp's . Just write your own code and register it using . You can look at the documentation for, say, BasicAuthenticatorValve: http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Basic_Authenticator_Valve And you're going to want to extend AuthenticatorBase. Tomcat has a "CombinedRealm" which allows authentication against one of several sub-realms (like LDAP /or/ JDBC), but does not have a CombinedAuthenticator, which might be a useful addition. If you come up with something that works, consider donating it to the project. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8qpP4ACgkQ9CaO5/Lv0PA5sACghn/zNiYE2Ibcpb6VQNzduVtL rl8An1pMRYD1k8NXHv+bPTIGZz4uFWcG =bSq+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to configure certificate file (*.cer) in Tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Geet, On 2/2/12 12:06 AM, Geet Chandra wrote: > Thanks Dale!!! > > Few more questions > > 1. As I have exported *.cer as I have using Digital Badge in > Internet Explorer.Can I use the same *.cer to configure in > server.xml.If not, how can I generate the same file. > > 2. How can I generate ca2cert.pem file to use in server.xml http://lmgtfy.com/?q=convert+cer+to+pem - -chris PS lmgtfy needs a site like lmlmgtfy so I don't have to type so much. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8qot8ACgkQ9CaO5/Lv0PCidQCgm/tUvxQdyIkLSENwaAVueMD7 DaYAn0YTuvOOYTayh6XAVZ1UcQCza+sA =EN25 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to configure certificate file (*.cer) in Tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dale, On 2/1/12 11:34 PM, Dale Ogilvie wrote: > FYI, Here's how we did it with APR for local workstation SSL. > > Download APR from here: > http://tomcat.apache.org/download-native.cgi Nit: that's tcnative, not APR. tcnative requires APR, but they are separate things. > Copy the files (openssl.exe and tc-native.dll) into the tomcat > bin directory Note that you'll also need libapr.dll. Also, I believe you'll have to set "-Djava.library.path=%CATALINA_BASE%\bin", otherwise the JVM won't find the libraries. > Set up your SSL connector, pointing to your CA signed server > SSLCertificateFile and the CA as SSLCACertificateFile: > > maxThreads="150" scheme="https" secure="true" clientAuth="false" > sslProtocol="TLS" SSLCertificateFile="c:/temp/localhost.cer" > SSLCACertificateFile="c:/temp/ca2cert.pem" /> Just make sure that everything is in PEM form. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8qooIACgkQ9CaO5/Lv0PB/cwCgxDDHRBD/h7JfjjSdeRz4Q9g1 EK8AoKbF0/cLo/zz4vYV1pXmjP21Z8/c =czvq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding compatibility
bhawana rajpurohit wrote: Hi, This is to ask you that we have Apache 2.2.17 and tomcat 7.0.12.Kindy tell us that whether they are compatible with vtier(virtual Tier) architechture or not. We don't know. Did you try it ? (and check http://catb.org/esr/faqs/smart-questions.html) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding compatibility
On 2/2/2012 6:25 AM, Pid wrote: On 02/02/2012 10:27, bhawana rajpurohit wrote: Hi, This is to ask you that we have Apache 2.2.17 and tomcat 7.0.12. Why not upgrade to Apache HTTPD 2.2.22 and Apache Tomcat 7.0.25? Go on, it'll be fun! Kindy tell us that whether they are compatible with vtier(virtual Tier) architechture or not. Yes. Unless you're using quantum loop gravity. Is that open source? :D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: help debug cluster error --java.net.BindException: Cannot assign requested address
On 02/02/2012 10:17, Randy Paries wrote: > Hello, > I have two centos servers running tomcat 5.5 (yeah i know its old) > > one of the servers died and i had to rebuild from scratch. Everything > is working but the clustering. > > is there anything between the cluster configs that needs to be > different? I just copied one to the other. I had it working ok before > server 2 crashed, so i know server 1 is configured ok and that is what > i copied from > > when i start tomcat i get > > SEVERE: Unable to start cluster listener. > java.net.BindException: Cannot assign requested address > at sun.nio.ch.Net.bind(Native Method) > at > sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119) > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59) > at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:52) > at > org.apache.catalina.cluster.tcp.ReplicationListener.listen(ReplicationListener.java:120) > at > org.apache.catalina.cluster.tcp.ClusterReceiverBase.run(ClusterReceiverBase.java:394) > at java.lang.Thread.run(Thread.java:595) > > when i created the new server i just copied the tomcat dir and placed > it on the rebuild server. > in my server.xml(see below) i put an ip in tcpListenAddress instead > of auto because i have muiltiple IPS > > any suggestions on how to debug this? > > thanks for any help > > doClusterLog="true" > clusterLogName="clusterlog" > > managerClassName="org.apache.catalina.cluster.session.DeltaManager" > expireSessionsOnShutdown="false" > useDirtyFlag="true" > notifyListenersOnReplication="true"> > > className="org.apache.catalina.cluster.mcast.McastService" > mcastAddr="228.0.0.9" > mcastPort="45564" > mcastFrequency="500" > recoveryEnabled="true" > mcastDropTime="3000"/> > > > className="org.apache.catalina.cluster.tcp.ReplicationListener" > tcpListenAddress="192.168.0.203" > tcpListenPort="4001" > tcpSelectorTimeout="100" > tcpThreadCount="35"/> Is the IP address above correct (192.168.0.203) for this server? You stated that you 'just copied it' - if you didn't change the IP, it's probably not correct. p > > className="org.apache.catalina.cluster.tcp.ReplicationTransmitter" >replicationMode="pooled" > ackTimeout="15000"/> > > className="org.apache.catalina.cluster.tcp.ReplicationValve" > > filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;.*\.pdf;\*.wav;\*.mp3;"/> > > className="org.apache.catalina.cluster.session.ClusterSessionListener"/> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -- [key:62590808] signature.asc Description: OpenPGP digital signature
Two auth methods for one application
Hello, I have implemented own realm. I extended RealmBase, overrided methods (1) public Principal authenticate(X509Certificate[] certs), (2) public Principal authenticate(String username, String credentials). I have Tomcat 6 that runs behind Apache Server over AJP. In the situation (1) client connects to HOST1, Apache Server challenges for client certificate. In the situation (2) client connects to HOST2. Both HOST1, HOST2 are configured to do a reverse proxy to /myapp on tomcat. I am not able to configure tomcat to call both methods. In the myapp's web.xml I have CLIENT-CERT SecustampRealm and tomcat calls the function (1). When I replace CLIENT-CERT for BASIC tomcat calls the function (2). Is it possible to configure tomcat to call both variants of functions? I'd like to write something like CLIENT-CERT or BASIC. Jan. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding compatibility
On 02/02/2012 10:27, bhawana rajpurohit wrote: > Hi, > > This is to ask you that we have Apache 2.2.17 and tomcat 7.0.12. Why not upgrade to Apache HTTPD 2.2.22 and Apache Tomcat 7.0.25? Go on, it'll be fun! > Kindy tell us that whether they are compatible with vtier(virtual Tier) > architechture or not. Yes. Unless you're using quantum loop gravity. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: POST data (single character) cleared when using tomcat 6.0.33 and Character Encoding Filter
cc: dev 2012/1/23 kitagawa : >> >> While developing using ubuntu 11.04, tomcat 6.0.33 and java 1.5 I ran >> into a problem after setting the character encoding filter for >> requests. >> When posting a request, the value of any field with only a single >> character submitted is cleared. >> >> I also tested this issue with: >> tomcat 6.0.32 and java 1.5 (no problem) >> tomcat 6.0.35 and java 1.5 (same error occured) >> tomcat 6.0.33 and java 1.6 (no problem) >> tomcat 6.0.35 and java 1.6 (no problem) >> >> >> This can be repeated using the RequestParamExample that comes with tomcat. >> >> 1. uncomment the "Set Character Encoding" line in >> apache-tomcat-6.0.33\webapps\examples\WEB-INF\web.xml (lines 88 and >> 93) >> 2. start tomcat >> 3. go to http://localhost:8080/examples/servlets/servlet/RequestParamExample >> and enter a single character into the first or last name fields then >> post. >> >> The entered value does not show up. Instead, the value shows up blank. >> If I enter two characters they appear correctly. >> > > I researched it some more and found a bug in Java 1.5 in > java.nio.charset.Charset.decode() that might be the cause. > A ticket was submitted regarding a similar problem to sun in 2004 > http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6196991 > (patched in Java 1.6) > > Tomcat 6.0.33 r1140904 the > /tomcat/tc6.0.x/trunk/java/org/apache/tomcat/util/buf/ByteChunk.java > class was changed to use java.nio.charset.Charset.decode(). > This is probably why there was no problem before in version 6.0.32. > FYI: The same issue reported against 5.5.35: https://issues.apache.org/bugzilla/show_bug.cgi?id=52579 Thank you for your research. I think you are right. Though I am not sure how much this can be fixed in Tomcat now. 1. r1140904 [1] in 6.0.33 is a fix for issue 51400. Reverting it will reintroduce the issue. 2. The recent code that uses Charset in 5.5.35 and 6.0.35 is part of fix for CVE-2012-0022 [2] So a different implementation might be needed. [1] http://svn.apache.org/viewvc?view=revision&revision=1140904 [2] http://tomcat.apache.org/security.html The good news are that it does not affect UTF-8, so using that encoding may be a workaround. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to configure certificate file (*.cer) in Tomcat 6
On 02/02/2012 05:06, Geet Chandra wrote: > Thanks Dale!!! Please stop top-posting. Please post your reply below each relevant part of the previous email. > Few more questions Like this. > 1. As I have exported *.cer as I have using Digital Badge in Internet > Explorer.Can I use the same *.cer to configure in server.xml.If not, how > can I generate the same file. Huh? http://www.google.co.uk/search?q=digital+badge p > 2. How can I generate ca2cert.pem file to use in server.xml > > On Thu, Feb 2, 2012 at 10:04 AM, Dale Ogilvie wrote: > >> FYI, Here's how we did it with APR for local workstation SSL. >> >> Download APR from here: http://tomcat.apache.org/download-native.cgi >> >> Copy the files (openssl.exe and tc-native.dll) into the tomcat bin >> directory >> >> Set up your SSL connector, pointing to your CA signed server >> SSLCertificateFile and the CA as SSLCACertificateFile: >> >> > maxThreads="150" scheme="https" secure="true" >> clientAuth="false" sslProtocol="TLS" >> SSLCertificateFile="c:/temp/localhost.cer" >> SSLCACertificateFile="c:/temp/ca2cert.pem" >> /> >> >> -Original Message- >> From: Geet Chandra [mailto:gee...@gmail.com] >> Sent: Thursday, 2 February 2012 3:05 p.m. >> To: Tomcat Users List >> Subject: Re: How to configure certificate file (*.cer) in Tomcat 6 >> >> Thanks Chris!!! >> >> Please tell steps to configure *.cer certificate file. >> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > -- [key:62590808] signature.asc Description: OpenPGP digital signature
help debug cluster error --java.net.BindException: Cannot assign requested address
Hello, I have two centos servers running tomcat 5.5 (yeah i know its old) one of the servers died and i had to rebuild from scratch. Everything is working but the clustering. is there anything between the cluster configs that needs to be different? I just copied one to the other. I had it working ok before server 2 crashed, so i know server 1 is configured ok and that is what i copied from when i start tomcat i get SEVERE: Unable to start cluster listener. java.net.BindException: Cannot assign requested address at sun.nio.ch.Net.bind(Native Method) at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:119) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:52) at org.apache.catalina.cluster.tcp.ReplicationListener.listen(ReplicationListener.java:120) at org.apache.catalina.cluster.tcp.ClusterReceiverBase.run(ClusterReceiverBase.java:394) at java.lang.Thread.run(Thread.java:595) when i created the new server i just copied the tomcat dir and placed it on the rebuild server. in my server.xml(see below) i put an ip in tcpListenAddress instead of auto because i have muiltiple IPS any suggestions on how to debug this? thanks for any help - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] problems with performance with IIS 7.5 and Tomcat Connector
On 02/02/2012 09:57, André Warnier wrote: > Alex Samad - Yieldbroker wrote: >> Hi >> >> >> >> Hopefully this is the right list :) > > Actually I don't know, but I would also like to know. > I have noticed previously on this list, that whenever someone mentions > JBoss, some of the people here (Tomcat developers ?) In the most recent case, it was a JBoss/Tomcat developer who responded. > seem to react quite > strongly, and tell the poster curtly to go ask their question on the > JBoss support list. > > On the other hand, it seems to be so that JBoss is a server software > which uses Tomcat as the underlying servlet engine. (But maybe also I am > mistaken there, I do not really know JBoss). JBoss used to embed Tomcat directly. Some time ago (before Tomcat 7 - Remy would know exactly when) JBoss opted to fork Tomcat. I believe (I haven't looked) that the code bases remain similar in many areas but there are some significant differences. For example, the Servlet 3 implementations are likely to be very different. I don't see any issue with JBoss questions here up to the point that it is apparent that the issue is in an area where the JBoss fork has diverged. Then the JBoss support forums would be a better place to seek help. > In any case, there seems to be more to it than meets the eye of the > naive subscriber that I am. So it would be nice if someone here provided > some clarity on the matter. The above is the best I can do short of doing a diff between the JBoss code and Tomcat code. > Anyway, from your description of the matter and of the configuration > files, it seems that your question is at least to a large extent related > to the isapi_redirect IIS plugin, which is developed by some of the > people on this list, and thus for which this list is the right place for > your questions, as far as I know. +1. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] problems with performance with IIS 7.5 and Tomcat Connector
Alex Samad - Yieldbroker wrote: Hi Hopefully this is the right list :) Actually I don't know, but I would also like to know. I have noticed previously on this list, that whenever someone mentions JBoss, some of the people here (Tomcat developers ?) seem to react quite strongly, and tell the poster curtly to go ask their question on the JBoss support list. On the other hand, it seems to be so that JBoss is a server software which uses Tomcat as the underlying servlet engine. (But maybe also I am mistaken there, I do not really know JBoss). In any case, there seems to be more to it than meets the eye of the naive subscriber that I am. So it would be nice if someone here provided some clarity on the matter. Anyway, from your description of the matter and of the configuration files, it seems that your question is at least to a large extent related to the isapi_redirect IIS plugin, which is developed by some of the people on this list, and thus for which this list is the right place for your questions, as far as I know. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
problems with performance with IIS 7.5 and Tomcat Connector
Hi Hopefully this is the right list :) I have 2 x W2k8r2 + NLB (Network load balancing) + IIS 7.5 + Tomcat Plugin => 2 x RHEL 6.1 + Jboss 7 (I think). (not setup in JBoss cluster mode) We have a .net client that talks to the IIS and then onto Jboss. We have been running some tests on our new setup. When we run client to Jboss node (just 1), we can create 1000 connections very fast, as in the client application open 1000 connections as fast as it cans and then starts to communicate from there. When we point out client at IIS (we started with 200 connection) we are seeing problems. 1) IIS reports 200 connection starting up just about instantly 2) we have setup the virtual web site with 4 worker processes (as it's a 4 cpu machine), we see 4 process and lots of threads start up 3) I can see in the ajp logs that the connector is starting up But on the jboss node, counting the 8009 connections it takes a very long time for the connections to start up 2-3 every 3-4 seconds. Now it might be that I had logging on in debug mode I did try in info mode and seemed to be just as bad. This is my connector config # Global Vars worker.maintain=60 worker.list=jbclb # JBoss cluser worker.jbclb.type=lb worker.jbclb.balance_workers=worker1, worker2 worker.jbclb.sticky_session=true worker.jbclb.method=Request # Template for all worker threads worker.template.type=ajp13 worker.template.port=8009 worker.template.ping_mode=A worker.template.ping_timeout=3 worker.template.connection_pool_size=2000 worker.template.connection_pool_minsize=100 worker.template.socket_keepalive=true worker.list=worker1 # worker 1 worker.worker1.host=10.32.25.251 worker.worker1.route=node1 worker.worker1.reference=worker.template worker.list=worker2 # worker 1 worker.worker2.route=node2 worker.worker2.host=10.32.25.252 worker.worker2.reference=worker.template ISAPA config file # Configuration file for the Jakarta ISAPI Redirector # The path to the ISAPI Redirector Extension, relative to the website # This must be in a virtual directory with execute privileges extension_uri=/jakarta/isapi_redirect.dll # Full path to the log file for the ISAPI Redirector log_file=C:\YB\Local\dev.com\Logs\ajpconfisapi_redirect.log # Log level (debug, info, warn, error or trace) #log_level=info log_level=warn #log_level=debug log_filesize=20M #log_rotationtime=86400 # Full path to the workers.properties file worker_file=C:\YB\Shared\dev.com\ajpconfig\workers.properties # Full path to the uriworkermap.properties file worker_mount_file=C:\YB\Shared\dev.com\ajpconfig\uriworkermap.properties # Rewrite rewrite_rule_file=C:\YB\Shared\dev.com\ajpconfig\\rewrite.properties # #uri_select=proxy The performance so far of the connector seems to be rather bad, I am presuming it something I have setup, cause 200 connections shouldn't be that hard to handle. I am going to turn logging down to warn and see what happens. But I was wondering if the list has an help/suggestions for me. I have noticed during this testing that when the connector crashes and it seems to do that quite regularly I have to stop and restart all of IIS not just the virtual site I attached the connector to. Thanks Alex