Re: Two auth methods for one application
Hi Jan, The servlet spec doesn't support anything like this. I think what you'll have to do is write your own Authenticator. You can configure your own Authenticator by registering aValve that is an Authenticator in your webapp'sContext. Just write your own code and register it usingValve. I don't know if that helps: I recently had a similar problem and I solved it (also thanks to support of this mailing list) in Tomcat 6 (also with apache and ajp) this way: I wanted two different auth-mechanisms for two classes of users: One inside our network, the other one outside. The outside users have to login via Basic Auth, the others not (because of their IP-address). I extended RequestFilterValve and overwrote the method process. If the IP address is one of the allowed ones, a UserPrincipal with a generell access is created, which logins the user automatically. If not, the user has to authenticate by username and password. protected void process(String property, Request request, Response response) throws IOException, ServletException { // Check the allow patterns, if any for (int i = 0; i allows.length; i++) { if (allows[i].matcher(property).matches()) { // create a principal for an existing fake user final ListString roles = new ArrayListString(); roles.add(USER_ROLE); final Principal principal = new GenericPrincipal(null, USER, PASS, roles); // set it in this request request.setUserPrincipal(principal); } } // pass this request to the next valve (basic auth) getNext().invoke(request, response); return; } You have to use the new Valve in your context file and switch on Basic Auth in WEB-INF/web.xml of your webapp. ?xml version=1.0 encoding=UTF-8? Context path=/YOUR_WEBAPP Valve className=org.apache.catalina.valves.RemoteAddrOrAuthValve allow=YOUR_IP_MASK/ /Context security-constraint web-resource-collection web-resource-namerestrict by URL/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method /web-resource-collection auth-constraint role-nameUSER_ROLE/role-name /auth-constraint user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint Beste Regards, Remon - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why am I Getting org.apache.catalina.realm.JDBCRealm getPassword SEVERE: Exception performing authentication?
On 09/02/2012 00:19, Jonathan Rosenberg wrote: Thanks to all who are trying to help. See info below. Here it is: What about the appname/WEB-INF/web.xml? p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Serving static content using embedded tomcat 7
On 09/02/2012 06:19, sanu wrote: Thanks for your reply. I have a global web.xml, where the DefaultServlet is mapped. The difference I see is that my static resources are not in the same directory as the host's appBase. Could this be the problem ? How can the static content be served in such a case ? Folks are quite good at guessing things on this list, but you are making it harder than it needs to be. Re-read Mark's answer, follow the link, read the page carefully. The rephrase your question and provide some real information. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Using Tomcat7 JDBC Connection Pool
Comments below. On Wed, Feb 8, 2012 at 9:19 PM, Pid p...@pidster.com wrote: On 08/02/2012 14:59, amit shah wrote: Responses below. Thanks. On Wed, Feb 8, 2012 at 7:14 PM, Pid p...@pidster.com wrote: On 08/02/2012 12:30, amit shah wrote: Thanks for the reply. Responses below. On Wed, Feb 8, 2012 at 5:19 PM, Pid p...@pidster.com wrote: On 08/02/2012 11:41, amit shah wrote: I am trying to use the tomcat 7 jdbc connection pool in our application by using the tomcat-jdbc.jar and tomcat-juli.jar files. The basic connection pool works fine. I have few questions/clarifications 1. Executing multiple statements on connection initialization - The pool provides a flexibility to execute a single sql query when the physical connection is established (initSQL property). I couldn't find a way to execute multiple sql queries on connection initialization. The JDBC Interceptor mechanism also doesn't seem to help out. Any suggestions? Why do you want to execute multiple SQL statements for each connection in the pool? Normally you want to do the absolute minimum to validate the connection. These sql statements are not for validating the connection. We use Oracle as our database server. So I wanted to execute the NLS (National Language Setting) queries after the connection is established. You need to do this because it's multi-tenant (per below) and each tenant may require different settings? Yes you are right. Each tenant could have different language settings. Even if the settings are same for all the tenants, the queries are to be executed on every physical connection creation. These settings cannot be set when the schema's are created. They are to be set per session level. I understand that one way to implement this would be to embed the queries in a stored procedure but I was just trying to understand if there was a simpler way of achieving this through configuration. Let me know if there is a way out. Executing an SP doesn't seem to work out since internally the tomcat jdbc pool code tries to execute the initSQL query using a Statement object instead of a CallableStatement which would be required in this case. Any suggestions/alternatives? 2. alternateUserNameAllowed property - If a connection is requested with the credentials user1/password1 and the connection was previously connected using user2/password2, the connection will be closed, and reopened with the requested credentials. This property was added as an enhancement to bug 50025https://issues.apache.org/bugzilla/show_bug.cgi?id=50025. I didn’t understand the reason behind closing the previous connection. Can the pool not still maintain the previous connection and open a new connection if the user/password combination do not match?. This way the same pool can be used for multiple schemas. The old connection is closed so that the current user (who has different credentials) can't then use that connection. If you want to use the old connection, don't pass in new credentials. Note: this is a pool of connections, not a single connection. Can the pool still not close the old connection and maintain a map of username/password vs connection. So that the same pool can be used for multiple schemas on an Oracle server. This would help out in implementing multi-tenant applications where not all environments are active at the same time. So the same pool can be used for multiple environments. The application can still provides the ability the create a specific pool for individual environments. Let me know if anything is unclear. The pool returns members at random, so how would you know which cached credentials you were getting? The credentials which are passed to the getConnection(String username, String password) method. When we configure the same pool to be used for multiple schema's the pool will *not *be configured with default username password. OK, so you create a bunch of connections with various credentials, you want to cache those connections and only return them if the creds match for the new request? So you're basically creating an uncontrolled pool per cred pair, inside the outer pool which is controlled? Yes right. If the pool kept all of the connections open with different credentials how can you guarantee availability/performance/SLA for each tenant? All the connections can still follow the same configuration rules of timeout. Not relevant if the connections are in use. What is the advantage of a single pool in this case? The benefit we gain is not having many pools (reduces the pool mgmt overhead on the application server) which means less number of application server and database server resources. What overhead? The application server and database server resources (memory, cpu etc) for keeping the
Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
Hi Guys! First of all, I want to be grateful for help. I'm (very) newbie with apache-tomcat world, level 1 (I've installed Tomcat sucessfully once ;-) ) Well, I've a Tomcat 5.5.27 version with an application in production environment and i've installed the same version for windows on a VM-WiXP to test configuration before applying changes to production server And I want to monitorize the application remotelly through jconsole. So, I've added this lines to catalina startup script: set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false (When all works I'll add authentication, but now i need to run jconsole.) Now I'm accesible to 8999 port (RMI Registry?) telneting, but jconsole outputs a connection error. I've executed netstat -an command and I've seen that 8999 port connextion is STABLISHED, but there is another port (48657) to the tomcat ip in SYN_WAIT. Well, I've been reading documentation and it seems that i must configure manually an additional port to connect through jconsole because this port is a random port (RMIServer and RMIConnection?) and it's a problem to gain access through firewalls I've been reading more information and I've arrived to this document http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html#Enabling_JMX_Remote Then, I've added Listener className=org.apache.catalina.mbeans.JMXAdaptorLifecycleListener namingPort=8999 port=48657 host=tomcatservername / This is the point i'm blocked. Tomcat doesn't start, and catalina.out file shows this error: SEVERE: Begin event threw exception java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdaptorLifecycleListener I've been looking for JMXAdaptorLifecycleListener, but i don't know how to make it works. Could anyone help me? Thanks and regards Andres Aguado - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
See comments inline -Original Message- From: Andres Aguado [mailto:andriu@gmail.com] Sent: 9. februar 2012 13:52 To: users@tomcat.apache.org Subject: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool Hi Guys! First of all, I want to be grateful for help. I'm (very) newbie with apache-tomcat world, level 1 (I've installed Tomcat sucessfully once ;-) ) Well, I've a Tomcat 5.5.27 version with an application in production environment and i've installed the same version for windows on a VM-WiXP to test configuration before applying changes to production server And I want to monitorize the application remotelly through jconsole. So, I've added this lines to catalina startup script: set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false (When all works I'll add authentication, but now i need to run jconsole.) Now I'm accesible to 8999 port (RMI Registry?) telneting, but jconsole outputs a connection error. I've executed netstat -an command and I've seen that 8999 port connextion is STABLISHED, but there is another port (48657) to the tomcat ip in SYN_WAIT. Well, I've been reading documentation and it seems that i must configure manually an additional port to connect through jconsole because this port is a random port (RMIServer and RMIConnection?) and it's a problem to gain access through firewalls I've been reading more information and I've arrived to this document http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html#Enabling_JMX_Remote Then, I've added Listener className=org.apache.catalina.mbeans.JMXAdaptorLifecycleListener namingPort=8999 port=48657 host=tomcatservername / This is the point i'm blocked. Tomcat doesn't start, and catalina.out file shows this error: SEVERE: Begin event threw exception java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdaptorLifecycleListener I've been looking for JMXAdaptorLifecycleListener, but i don't know how to make it works. I'm new to this too but my guess is that the name is JMXAdapterLifecycleListener (Adapter not Adaptor) Could anyone help me? Thanks and regards Andres Aguado - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using Tomcat7 JDBC Connection Pool
One more comment below about oracle UCP. On Thu, Feb 9, 2012 at 5:10 PM, amit shah amits...@gmail.com wrote: Comments below. On Wed, Feb 8, 2012 at 9:19 PM, Pid p...@pidster.com wrote: On 08/02/2012 14:59, amit shah wrote: Responses below. Thanks. On Wed, Feb 8, 2012 at 7:14 PM, Pid p...@pidster.com wrote: On 08/02/2012 12:30, amit shah wrote: Thanks for the reply. Responses below. On Wed, Feb 8, 2012 at 5:19 PM, Pid p...@pidster.com wrote: On 08/02/2012 11:41, amit shah wrote: I am trying to use the tomcat 7 jdbc connection pool in our application by using the tomcat-jdbc.jar and tomcat-juli.jar files. The basic connection pool works fine. I have few questions/clarifications 1. Executing multiple statements on connection initialization - The pool provides a flexibility to execute a single sql query when the physical connection is established (initSQL property). I couldn't find a way to execute multiple sql queries on connection initialization. The JDBC Interceptor mechanism also doesn't seem to help out. Any suggestions? Why do you want to execute multiple SQL statements for each connection in the pool? Normally you want to do the absolute minimum to validate the connection. These sql statements are not for validating the connection. We use Oracle as our database server. So I wanted to execute the NLS (National Language Setting) queries after the connection is established. You need to do this because it's multi-tenant (per below) and each tenant may require different settings? Yes you are right. Each tenant could have different language settings. Even if the settings are same for all the tenants, the queries are to be executed on every physical connection creation. These settings cannot be set when the schema's are created. They are to be set per session level. I understand that one way to implement this would be to embed the queries in a stored procedure but I was just trying to understand if there was a simpler way of achieving this through configuration. Let me know if there is a way out. Executing an SP doesn't seem to work out since internally the tomcat jdbc pool code tries to execute the initSQL query using a Statement object instead of a CallableStatement which would be required in this case. Any suggestions/alternatives? 2. alternateUserNameAllowed property - If a connection is requested with the credentials user1/password1 and the connection was previously connected using user2/password2, the connection will be closed, and reopened with the requested credentials. This property was added as an enhancement to bug 50025https://issues.apache.org/bugzilla/show_bug.cgi?id=50025. I didn’t understand the reason behind closing the previous connection. Can the pool not still maintain the previous connection and open a new connection if the user/password combination do not match?. This way the same pool can be used for multiple schemas. The old connection is closed so that the current user (who has different credentials) can't then use that connection. If you want to use the old connection, don't pass in new credentials. Note: this is a pool of connections, not a single connection. Can the pool still not close the old connection and maintain a map of username/password vs connection. So that the same pool can be used for multiple schemas on an Oracle server. This would help out in implementing multi-tenant applications where not all environments are active at the same time. So the same pool can be used for multiple environments. The application can still provides the ability the create a specific pool for individual environments. Let me know if anything is unclear. The pool returns members at random, so how would you know which cached credentials you were getting? The credentials which are passed to the getConnection(String username, String password) method. When we configure the same pool to be used for multiple schema's the pool will *not *be configured with default username password. OK, so you create a bunch of connections with various credentials, you want to cache those connections and only return them if the creds match for the new request? So you're basically creating an uncontrolled pool per cred pair, inside the outer pool which is controlled? Yes right. If the pool kept all of the connections open with different credentials how can you guarantee availability/performance/SLA for each tenant? All the connections can still follow the same configuration rules of timeout. Not relevant if the connections are in use. What is the advantage of a single pool in this case? The benefit we gain is not having many pools (reduces the pool mgmt overhead on the application server) which means less number of application server and database
Re: Using Tomcat7 JDBC Connection Pool
On 09/02/2012 12:56, amit shah wrote: One more comment below about oracle UCP. snip The pool returns members at random, so how would you know which cached credentials you were getting? The credentials which are passed to the getConnection(String username, String password) method. When we configure the same pool to be used for multiple schema's the pool will *not *be configured with default username password. OK, so you create a bunch of connections with various credentials, you want to cache those connections and only return them if the creds match for the new request? So you're basically creating an uncontrolled pool per cred pair, inside the outer pool which is controlled? Yes right. So why not create multiple controlled pools not run into availability problems? snip What overhead? The application server and database server resources (memory, cpu etc) for keeping the connections open? That's a total connection count dependent metric. So the overhead is virtually the same regardless of whether you have 5 pools or 1, if you have the same total number of connections. For e.g. If we have 5 tenants with 5 pools configured with 10 min pool size, we would have min 50 connections always open to the database server. This count would be for each application server. If we had the same pool for all 5 tenants, there would be just 10 connections open per application server. There's a flaw in your logic. In your example there may be zero connections open for a given tenant because they use a shared pool. So you might has well have separate pools with the minimum set to 2 and still have more connections guaranteed per tenant, and the 10 you were aiming for. Worse, if you hit your max with other tenants, a remaining tenant might not be able to get a connection at all, thus failing to address one of the key requirements in a multi-tenant system - guaranteed availability. Probably true when all the tenants are actively used. As I said, there is always a flexibility in the configuration to use a separate pool for a particular tenant. That should be the default IMO. You're asking for trouble otherwise. Also the application can always provide a configuration flexibility to allow a tenant to use a separate pool instead of sharing it with other tenants (like I said above). This flexibility is provided by the Oracle Universal Connection Poolhttp://docs.oracle.com/cd/E11882_01/java.112/e12265/toc.htm So if that's a better fit for your requirement, why not use it? It provides the feature I mentioned about by has lock contention issues. Tomcat 7 jdbc pool seems to be better and hence I was trying it out. ! snip If you are programmatically registering the pool, can you not just register it with the MBean server yourself? Ok I will try this and provide an update. Cool. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
JMX enabled - not able to monitor connection pooling
Using: Toncat 6.0.35 AND 7.0.latest in a Win32 Environment. My JMX params are as follows: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=6969 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false This is only on my dev box, so I am no so much worried about security at this point, I just want to get it working for now, I'll work on the security as the next piece, where I move it over to SSL and having authentication for a production box. In TC7, I have enabled JMX, and in Hyperic I'm able to monitor the extras except the one thing I need to. I also checked in JConsole, just to make sure it wasn't an initial id10t error. I want to be able to monitor the connection pool. Is there an option that I have to enable to be able to monitor connection pooling in Tomcat via JMX and Hyperic? I checked the Hyp. forums to no real avail. This user group seems to be better with information so I just wanted to see if anyone else out there is using Hyperic, monitoring CP's, and what they did to get it working. As always thanks in advance. Warmest Regards, Josh
Re: JMX enabled - not able to monitor connection pooling
On Thu, 2012-02-09 at 05:52 -0800, Josh Gooding wrote: Using: Toncat 6.0.35 AND 7.0.latest in a Win32 Environment. My JMX params are as follows: -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=6969 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false This is only on my dev box, so I am no so much worried about security at this point, I just want to get it working for now, I'll work on the security as the next piece, where I move it over to SSL and having authentication for a production box. In TC7, I have enabled JMX, and in Hyperic I'm able to monitor the extras except the one thing I need to. I also checked in JConsole, just to make sure it wasn't an initial id10t error. What did you see when you connected with jconsole? I'm assuming that you were able to connect. Were you able to see the mbeans for the connection pool? I want to be able to monitor the connection pool. Can you include your configuration for the connection pool? Dan Is there an option that I have to enable to be able to monitor connection pooling in Tomcat via JMX and Hyperic? I checked the Hyp. forums to no real avail. This user group seems to be better with information so I just wanted to see if anyone else out there is using Hyperic, monitoring CP's, and what they did to get it working. As always thanks in advance. Warmest Regards, Josh
Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
On 09.02.2012 13:51, Andres Aguado wrote: Hi Guys! First of all, I want to be grateful for help. I'm (very) newbie with apache-tomcat world, level 1 (I've installed Tomcat sucessfully once ;-) ) Well, I've a Tomcat 5.5.27 version with an application in production environment and i've installed the same version for windows on a VM-WiXP to test configuration before applying changes to production server And I want to monitorize the application remotelly through jconsole. So, I've added this lines to catalina startup script: set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false (When all works I'll add authentication, but now i need to run jconsole.) Now I'm accesible to 8999 port (RMI Registry?) telneting, but jconsole outputs a connection error. I've executed netstat -an command and I've seen that 8999 port connextion is STABLISHED, but there is another port (48657) to the tomcat ip in SYN_WAIT. Well, I've been reading documentation and it seems that i must configure manually an additional port to connect through jconsole because this port is a random port (RMIServer and RMIConnection?) and it's a problem to gain access through firewalls I've been reading more information and I've arrived to this document http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html#Enabling_JMX_Remote Then, I've addedListener className=org.apache.catalina.mbeans.JMXAdaptorLifecycleListener namingPort=8999 port=48657 host=tomcatservername / This is the point i'm blocked. Tomcat doesn't start, and catalina.out file shows this error: SEVERE: Begin event threw exception java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdaptorLifecycleListener I've been looking for JMXAdaptorLifecycleListener, but i don't know how to make it works. Could anyone help me? I think for TC 5.5 the class is not included in the binary downloads. You need to grab a source download and build it using Java 5. When building using Java 1.4.2 which IMHO is the default for a release, the class can't be build. Check your jar files, the class should be in catalina-optional.jar. Starting with Tomcat 6 this functionality is available as a separate Jar, which is part of the so-called extra downloads (in the extra folder underneath the bin folder. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JmxRemoteLifecycleListener binding to all IP addresses
Greetings, I am using Apache Tomcat 7.0.25 using IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux s390x-64 jvmxz6460sr8ifx-20100609_59383). Inspired by the flurry of JMX related questions on this list, I attempted to follow the official documentation[1] to enable remote JMX access. My sanitized conf/server.xml: ?xml version=1.0 encoding=utf-8? Server address=a.b.c.d port=8081 Listener className=org.apache.catalina.core.AprLifecycleListener/ Listener className=org.apache.catalina.core.JasperListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Listener className=org.apache.catalina.mbeans.JmxRemoteLifecycleListener rmiRegistryPortPlatform=8181 rmiServerPortPlatform=8182 / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase readonly=true factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=${catalina.home}/conf/tomcat-users.xml/ /GlobalNamingResources Service name=Catalina Connector scheme=http address=a.b.c.d port=8080 compression=on enableLookups=false URIEncoding=UTF-8/ Connector scheme=https address=a.b.c.d port=8443 secure=true compression=on enableLookups=false URIEncoding=UTF-8 SSLEnabled=true SSLCertificateFile=${catalina.home}/conf/cacert.pem SSLCertificateKeyFile=${catalina.home}/conf/privkey.pem/ Engine name=Catalina defaultHost=vhost.acme.com Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=vhost.acme.com appBase=webapps autoDeploy=false deployIgnore=.svn unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve pattern=common resolveHosts=false/ Context path=/manager privileged=true/ /Host /Engine /Service /Server I verify that Tomcat thinks this is performing correctly: logs/catalina.2012-02-09.log:09-Feb-2012 10:27:23.134 INFO [AsyncFileHandlerWriter-1715627586] org.apache.catalina.mbeans.JmxRemoteLifecycleListener.createServer The JMX Remote Listener has configured the registry on port 8181 and the server on port 8182 for the Platform server Prior to server start, netstat -a --numeric-ports | grep LIST | grep 8181 shows empty output. After server start, the same command shows: tcp0 0 *:8181 *:* LISTEN This is not good because I have multiple, completely separate, installations of Tomcat 7.0.25. I want each of them to be able to have their own JMX on a.b.c.d .. however, it seems that Tomcat is doing a blanket socket bind despite me coding the IP address. I think it would be ideal that if a Server address= is coded, that those would be used when binding JMX. Additionally, to allow coding the hostname to bind in that Listener. What is the expected behavior? Is this a bug? -Jesse [1] http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#Additional_Implementations -- There are 10 types of people in this world, those that can read binary and those that can not. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
On 09/02/2012 14:03, Rainer Jung wrote: On 09.02.2012 13:51, Andres Aguado wrote: Hi Guys! First of all, I want to be grateful for help. I'm (very) newbie with apache-tomcat world, level 1 (I've installed Tomcat sucessfully once ;-) ) Well, I've a Tomcat 5.5.27 version with an application in production environment and i've installed the same version for windows on a VM-WiXP to test configuration before applying changes to production server And I want to monitorize the application remotelly through jconsole. So, I've added this lines to catalina startup script: set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false (When all works I'll add authentication, but now i need to run jconsole.) Now I'm accesible to 8999 port (RMI Registry?) telneting, but jconsole outputs a connection error. I've executed netstat -an command and I've seen that 8999 port connextion is STABLISHED, but there is another port (48657) to the tomcat ip in SYN_WAIT. Well, I've been reading documentation and it seems that i must configure manually an additional port to connect through jconsole because this port is a random port (RMIServer and RMIConnection?) and it's a problem to gain access through firewalls I've been reading more information and I've arrived to this document http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html#Enabling_JMX_Remote Then, I've addedListener className=org.apache.catalina.mbeans.JMXAdaptorLifecycleListener namingPort=8999 port=48657 host=tomcatservername / This is the point i'm blocked. Tomcat doesn't start, and catalina.out file shows this error: SEVERE: Begin event threw exception java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdaptorLifecycleListener I've been looking for JMXAdaptorLifecycleListener, but i don't know how to make it works. Could anyone help me? I think for TC 5.5 the class is not included in the binary downloads. You need to grab a source download and build it using Java 5. When building using Java 1.4.2 which IMHO is the default for a release, the class can't be build. Check your jar files, the class should be in catalina-optional.jar. Starting with Tomcat 6 this functionality is available as a separate Jar, which is part of the so-called extra downloads (in the extra folder underneath the bin folder. +1 Is there a reason you can't use a newer version, like 7.0 Andres? p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: JmxRemoteLifecycleListener binding to all IP addresses
2012/2/9 Jesse Farinacci jie...@gmail.com: Greetings, I am using Apache Tomcat 7.0.25 using IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Linux s390x-64 jvmxz6460sr8ifx-20100609_59383). Inspired by the flurry of JMX related questions on this list, I attempted to follow the official documentation[1] to enable remote JMX access. My sanitized conf/server.xml: ?xml version=1.0 encoding=utf-8? Server address=a.b.c.d port=8081 Listener className=org.apache.catalina.core.AprLifecycleListener/ Listener className=org.apache.catalina.core.JasperListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Listener className=org.apache.catalina.mbeans.JmxRemoteLifecycleListener rmiRegistryPortPlatform=8181 rmiServerPortPlatform=8182 / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase readonly=true factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=${catalina.home}/conf/tomcat-users.xml/ /GlobalNamingResources Service name=Catalina Connector scheme=http address=a.b.c.d port=8080 compression=on enableLookups=false URIEncoding=UTF-8/ Connector scheme=https address=a.b.c.d port=8443 secure=true compression=on enableLookups=false URIEncoding=UTF-8 SSLEnabled=true SSLCertificateFile=${catalina.home}/conf/cacert.pem SSLCertificateKeyFile=${catalina.home}/conf/privkey.pem/ Engine name=Catalina defaultHost=vhost.acme.com Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=vhost.acme.com appBase=webapps autoDeploy=false deployIgnore=.svn unpackWARs=true Valve className=org.apache.catalina.valves.AccessLogValve pattern=common resolveHosts=false/ Context path=/manager privileged=true/ /Host /Engine /Service /Server I verify that Tomcat thinks this is performing correctly: logs/catalina.2012-02-09.log:09-Feb-2012 10:27:23.134 INFO [AsyncFileHandlerWriter-1715627586] org.apache.catalina.mbeans.JmxRemoteLifecycleListener.createServer The JMX Remote Listener has configured the registry on port 8181 and the server on port 8182 for the Platform server Prior to server start, netstat -a --numeric-ports | grep LIST | grep 8181 shows empty output. After server start, the same command shows: tcp 0 0 *:8181 *:* LISTEN This is not good because I have multiple, completely separate, installations of Tomcat 7.0.25. I want each of them to be able to have their own JMX on a.b.c.d .. however, it seems that Tomcat is doing a blanket socket bind despite me coding the IP address. I think it would be ideal that if a Server address= is coded, that those would be used when binding JMX. Additionally, to allow coding the hostname to bind in that Listener. What is the expected behavior? Is this a bug? -Jesse [1] http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#Additional_Implementations -- There are 10 types of people in this world, those that can read binary and those that can not. useLocalPorts=true is what you are needing. It is in the docs [1], but you may also look at the sources. As of now there is no option to explicitly configure the IP address to bind to, but if you want one you may propose a patch. See how useLocalPorts option is implemented. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JmxRemoteLifecycleListener binding to all IP addresses
On 09/02/2012 15:35, Jesse Farinacci wrote: What is the expected behavior? Is this a bug? The expected behaviour is as you describe. No it is not a bug. Being able to specify the bind address is an enhancement request that doesn't look too difficult to implement (and would remove the need for the useLocalPorts attribute since localhost / 127.0.0.1 / ::1 could be specified as the host name / address). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using Tomcat7 JDBC Connection Pool
Any thoughts on the first point about executing multiple SQL queries on physical connection creation? On 09-Feb-2012, at 7:05 PM, Pid p...@pidster.com wrote: On 09/02/2012 12:56, amit shah wrote: One more comment below about oracle UCP. snip The pool returns members at random, so how would you know which cached credentials you were getting? The credentials which are passed to the getConnection(String username, String password) method. When we configure the same pool to be used for multiple schema's the pool will *not *be configured with default username password. OK, so you create a bunch of connections with various credentials, you want to cache those connections and only return them if the creds match for the new request? So you're basically creating an uncontrolled pool per cred pair, inside the outer pool which is controlled? Yes right. So why not create multiple controlled pools not run into availability problems? snip What overhead? The application server and database server resources (memory, cpu etc) for keeping the connections open? That's a total connection count dependent metric. So the overhead is virtually the same regardless of whether you have 5 pools or 1, if you have the same total number of connections. For e.g. If we have 5 tenants with 5 pools configured with 10 min pool size, we would have min 50 connections always open to the database server. This count would be for each application server. If we had the same pool for all 5 tenants, there would be just 10 connections open per application server. There's a flaw in your logic. In your example there may be zero connections open for a given tenant because they use a shared pool. So you might has well have separate pools with the minimum set to 2 and still have more connections guaranteed per tenant, and the 10 you were aiming for. Worse, if you hit your max with other tenants, a remaining tenant might not be able to get a connection at all, thus failing to address one of the key requirements in a multi-tenant system - guaranteed availability. Probably true when all the tenants are actively used. As I said, there is always a flexibility in the configuration to use a separate pool for a particular tenant. That should be the default IMO. You're asking for trouble otherwise. Also the application can always provide a configuration flexibility to allow a tenant to use a separate pool instead of sharing it with other tenants (like I said above). This flexibility is provided by the Oracle Universal Connection Poolhttp://docs.oracle.com/cd/E11882_01/java.112/e12265/toc.htm So if that's a better fit for your requirement, why not use it? It provides the feature I mentioned about by has lock contention issues. Tomcat 7 jdbc pool seems to be better and hence I was trying it out. ! snip If you are programmatically registering the pool, can you not just register it with the MBean server yourself? Ok I will try this and provide an update. Cool. p -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
controlling Server Authentication only vs Mutual authentication
Hi, I work on an java web-app running on Tomcat 7. The entire application is required be doing SSL on port 443 (everything is accessed via https://). Two different login options are given to the user : username/password or client certificate authentication. We employ application-managed security as opposed to contain-manage (i.e. we don't use realms). I have the following connector in my server.xml : Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true keystoreFile=d:\certs\server_cert.jks keystorePass=changeit truststoreFile=d:\certs\truststore.jks truststorePass=changeit clientAuth=true sslProtocol=TLS / This forces mutual authentication on anything I try to access using https. How can I configure tomcat so that only specific links (a specific struts action for example) would require mutual authentication or how can I exclude from the mutual authentication. Thanks, Sanjeev.
Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
Hi, first, for me there is a powerfull reason for maintain 5.5 version. This is the initial version and application is working fine now, and I think that i'm not prepare to execute the upgrade, i don't know how and where to begin. And second, i'm trying to compile JMXAdaptorLifecycleListener.java to get class file (i think that i must do this, but not sure), and i'm getting this error. Here is one example, but it's appearing me 11 errors like this one. C:\Program Files\Java\jdk1.5.0_22\binjavac -classpath %CATALINA_HOME%\server\lib\catalina.jar:%CATALINA_HOME%\bin\commons-logging-api-1.1.1.jar c:\JMXAdaptorLifecycleListener.java -Xlint warning: [path] bad path element C:\apache-tomcat-5.5.27\server\lib\catalina.jar:C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar: no such file or directory c:\JMXAdaptorLifecycleListener.java:25: cannot find symbol symbol : class Lifecycle location: package org.apache.catalina import org.apache.catalina.Lifecycle; I've created .java file copying text from internet, as attached The last, I've checked catalina-optional.jar but no similar class could be found inside, i suppose that i must copy into this jar file the .class file obtained after compiling .java file, but this is my assumption Thanks a lot for your time, it's very appreciated Regards, Andres 2012/2/9 Pid p...@pidster.com: On 09/02/2012 14:03, Rainer Jung wrote: On 09.02.2012 13:51, Andres Aguado wrote: Hi Guys! First of all, I want to be grateful for help. I'm (very) newbie with apache-tomcat world, level 1 (I've installed Tomcat sucessfully once ;-) ) Well, I've a Tomcat 5.5.27 version with an application in production environment and i've installed the same version for windows on a VM-WiXP to test configuration before applying changes to production server And I want to monitorize the application remotelly through jconsole. So, I've added this lines to catalina startup script: set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false (When all works I'll add authentication, but now i need to run jconsole.) Now I'm accesible to 8999 port (RMI Registry?) telneting, but jconsole outputs a connection error. I've executed netstat -an command and I've seen that 8999 port connextion is STABLISHED, but there is another port (48657) to the tomcat ip in SYN_WAIT. Well, I've been reading documentation and it seems that i must configure manually an additional port to connect through jconsole because this port is a random port (RMIServer and RMIConnection?) and it's a problem to gain access through firewalls I've been reading more information and I've arrived to this document http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html#Enabling_JMX_Remote Then, I've addedListener className=org.apache.catalina.mbeans.JMXAdaptorLifecycleListener namingPort=8999 port=48657 host=tomcatservername / This is the point i'm blocked. Tomcat doesn't start, and catalina.out file shows this error: SEVERE: Begin event threw exception java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdaptorLifecycleListener I've been looking for JMXAdaptorLifecycleListener, but i don't know how to make it works. Could anyone help me? I think for TC 5.5 the class is not included in the binary downloads. You need to grab a source download and build it using Java 5. When building using Java 1.4.2 which IMHO is the default for a release, the class can't be build. Check your jar files, the class should be in catalina-optional.jar. Starting with Tomcat 6 this functionality is available as a separate Jar, which is part of the so-called extra downloads (in the extra folder underneath the bin folder. +1 Is there a reason you can't use a newer version, like 7.0 Andres? p -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using Tomcat7 JDBC Connection Pool
On 09/02/2012 16:21, Amit wrote: Any thoughts on the first point about executing multiple SQL queries on physical connection creation? I have no idea if it'll work, but I'd try: SELECT 1; SELECT 1; If you are controlling the pool (and you are) by passing in username/password parameters each time, then you could do it as an extra transaction thereafter. p On 09-Feb-2012, at 7:05 PM, Pid p...@pidster.com wrote: On 09/02/2012 12:56, amit shah wrote: One more comment below about oracle UCP. snip The pool returns members at random, so how would you know which cached credentials you were getting? The credentials which are passed to the getConnection(String username, String password) method. When we configure the same pool to be used for multiple schema's the pool will *not *be configured with default username password. OK, so you create a bunch of connections with various credentials, you want to cache those connections and only return them if the creds match for the new request? So you're basically creating an uncontrolled pool per cred pair, inside the outer pool which is controlled? Yes right. So why not create multiple controlled pools not run into availability problems? snip What overhead? The application server and database server resources (memory, cpu etc) for keeping the connections open? That's a total connection count dependent metric. So the overhead is virtually the same regardless of whether you have 5 pools or 1, if you have the same total number of connections. For e.g. If we have 5 tenants with 5 pools configured with 10 min pool size, we would have min 50 connections always open to the database server. This count would be for each application server. If we had the same pool for all 5 tenants, there would be just 10 connections open per application server. There's a flaw in your logic. In your example there may be zero connections open for a given tenant because they use a shared pool. So you might has well have separate pools with the minimum set to 2 and still have more connections guaranteed per tenant, and the 10 you were aiming for. Worse, if you hit your max with other tenants, a remaining tenant might not be able to get a connection at all, thus failing to address one of the key requirements in a multi-tenant system - guaranteed availability. Probably true when all the tenants are actively used. As I said, there is always a flexibility in the configuration to use a separate pool for a particular tenant. That should be the default IMO. You're asking for trouble otherwise. Also the application can always provide a configuration flexibility to allow a tenant to use a separate pool instead of sharing it with other tenants (like I said above). This flexibility is provided by the Oracle Universal Connection Poolhttp://docs.oracle.com/cd/E11882_01/java.112/e12265/toc.htm So if that's a better fit for your requirement, why not use it? It provides the feature I mentioned about by has lock contention issues. Tomcat 7 jdbc pool seems to be better and hence I was trying it out. ! snip If you are programmatically registering the pool, can you not just register it with the MBean server yourself? Ok I will try this and provide an update. Cool. p -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
On 09/02/2012 16:26, Andres Aguado wrote: Hi, first, for me there is a powerfull reason for maintain 5.5 version. This is the initial version and application is working fine now, and I think that i'm not prepare to execute the upgrade, i don't know how and where to begin. And second, i'm trying to compile JMXAdaptorLifecycleListener.java to get class file (i think that i must do this, but not sure), and i'm getting this error. Here is one example, but it's appearing me 11 errors like this one. C:\Program Files\Java\jdk1.5.0_22\binjavac -classpath %CATALINA_HOME%\server\lib\catalina.jar:%CATALINA_HOME%\bin\commons-logging-api-1.1.1.jar c:\JMXAdaptorLifecycleListener.java -Xlint warning: [path] bad path element C:\apache-tomcat-5.5.27\server\lib\catalina.jar:C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar: no such file or directory The colon character is a path separator. You have it in the C: part of each path. p c:\JMXAdaptorLifecycleListener.java:25: cannot find symbol symbol : class Lifecycle location: package org.apache.catalina import org.apache.catalina.Lifecycle; I've created .java file copying text from internet, as attached The last, I've checked catalina-optional.jar but no similar class could be found inside, i suppose that i must copy into this jar file the .class file obtained after compiling .java file, but this is my assumption Thanks a lot for your time, it's very appreciated Regards, Andres 2012/2/9 Pid p...@pidster.com: On 09/02/2012 14:03, Rainer Jung wrote: On 09.02.2012 13:51, Andres Aguado wrote: Hi Guys! First of all, I want to be grateful for help. I'm (very) newbie with apache-tomcat world, level 1 (I've installed Tomcat sucessfully once ;-) ) Well, I've a Tomcat 5.5.27 version with an application in production environment and i've installed the same version for windows on a VM-WiXP to test configuration before applying changes to production server And I want to monitorize the application remotelly through jconsole. So, I've added this lines to catalina startup script: set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false (When all works I'll add authentication, but now i need to run jconsole.) Now I'm accesible to 8999 port (RMI Registry?) telneting, but jconsole outputs a connection error. I've executed netstat -an command and I've seen that 8999 port connextion is STABLISHED, but there is another port (48657) to the tomcat ip in SYN_WAIT. Well, I've been reading documentation and it seems that i must configure manually an additional port to connect through jconsole because this port is a random port (RMIServer and RMIConnection?) and it's a problem to gain access through firewalls I've been reading more information and I've arrived to this document http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html#Enabling_JMX_Remote Then, I've addedListener className=org.apache.catalina.mbeans.JMXAdaptorLifecycleListener namingPort=8999 port=48657 host=tomcatservername / This is the point i'm blocked. Tomcat doesn't start, and catalina.out file shows this error: SEVERE: Begin event threw exception java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdaptorLifecycleListener I've been looking for JMXAdaptorLifecycleListener, but i don't know how to make it works. Could anyone help me? I think for TC 5.5 the class is not included in the binary downloads. You need to grab a source download and build it using Java 5. When building using Java 1.4.2 which IMHO is the default for a release, the class can't be build. Check your jar files, the class should be in catalina-optional.jar. Starting with Tomcat 6 this functionality is available as a separate Jar, which is part of the so-called extra downloads (in the extra folder underneath the bin folder. +1 Is there a reason you can't use a newer version, like 7.0 Andres? p -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
RE: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
From: Pid [mailto:p...@pidster.com] Subject: Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool warning: [path] bad path element C:\apache-tomcat-5.5.27\server\lib\catalina.jar:C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar: no such file or directory The colon character is a path separator. You have it in the C: part of each path. Actually, the colon is _not_ a path separator here, it's a drive delimiter. It's the attempted use of the colon elsewhere that causes the problem; it should be a semi-colon on Windows: C:\apache-tomcat-5.5.27\server\lib\catalina.jar;C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using Tomcat7 JDBC Connection Pool
Comment below On 09-Feb-2012, at 10:18 PM, Pid p...@pidster.com wrote: On 09/02/2012 16:21, Amit wrote: Any thoughts on the first point about executing multiple SQL queries on physical connection creation? I have no idea if it'll work, but I'd try: SELECT 1; SELECT 1; If you are controlling the pool (and you are) by passing in username/password parameters each time, then you could do it as an extra transaction thereafter. Executing the queries after retrieving the connection would not be the right option since they would execute every time the connection is borrowed instead of executing it only on physical connection creation. Can the jdbc interceptor architecture be extended to provide a method which is called when the physical connection is created? ( similar to disconnect()) p On 09-Feb-2012, at 7:05 PM, Pid p...@pidster.com wrote: On 09/02/2012 12:56, amit shah wrote: One more comment below about oracle UCP. snip The pool returns members at random, so how would you know which cached credentials you were getting? The credentials which are passed to the getConnection(String username, String password) method. When we configure the same pool to be used for multiple schema's the pool will *not *be configured with default username password. OK, so you create a bunch of connections with various credentials, you want to cache those connections and only return them if the creds match for the new request? So you're basically creating an uncontrolled pool per cred pair, inside the outer pool which is controlled? Yes right. So why not create multiple controlled pools not run into availability problems? snip What overhead? The application server and database server resources (memory, cpu etc) for keeping the connections open? That's a total connection count dependent metric. So the overhead is virtually the same regardless of whether you have 5 pools or 1, if you have the same total number of connections. For e.g. If we have 5 tenants with 5 pools configured with 10 min pool size, we would have min 50 connections always open to the database server. This count would be for each application server. If we had the same pool for all 5 tenants, there would be just 10 connections open per application server. There's a flaw in your logic. In your example there may be zero connections open for a given tenant because they use a shared pool. So you might has well have separate pools with the minimum set to 2 and still have more connections guaranteed per tenant, and the 10 you were aiming for. Worse, if you hit your max with other tenants, a remaining tenant might not be able to get a connection at all, thus failing to address one of the key requirements in a multi-tenant system - guaranteed availability. Probably true when all the tenants are actively used. As I said, there is always a flexibility in the configuration to use a separate pool for a particular tenant. That should be the default IMO. You're asking for trouble otherwise. Also the application can always provide a configuration flexibility to allow a tenant to use a separate pool instead of sharing it with other tenants (like I said above). This flexibility is provided by the Oracle Universal Connection Poolhttp://docs.oracle.com/cd/E11882_01/java.112/e12265/toc.htm So if that's a better fit for your requirement, why not use it? It provides the feature I mentioned about by has lock contention issues. Tomcat 7 jdbc pool seems to be better and hence I was trying it out. ! snip If you are programmatically registering the pool, can you not just register it with the MBean server yourself? Ok I will try this and provide an update. Cool. p -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
Great, it's great!. First obstacle overcomed. Now, i've compiled .java file and it's been created a .class file. Now i've got this .class file and i've added it to catalina.jar and catalina-optional.jar, but when i try to start catalina script other error appears in catalina.out, like this: GRAVE: Begin event threw exception java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdapterLifecycleListener at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) ... ADVERTENCIA: Catalina.start using conf/server.xml: java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdapterLifecycleListener .. Thanks and regards, Andres 2012/2/9 Caldarale, Charles R chuck.caldar...@unisys.com: From: Pid [mailto:p...@pidster.com] Subject: Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool warning: [path] bad path element C:\apache-tomcat-5.5.27\server\lib\catalina.jar:C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar: no such file or directory The colon character is a path separator. You have it in the C: part of each path. Actually, the colon is _not_ a path separator here, it's a drive delimiter. It's the attempted use of the colon elsewhere that causes the problem; it should be a semi-colon on Windows: C:\apache-tomcat-5.5.27\server\lib\catalina.jar;C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
Ok, i've got it up!!. I've copied .class file into a directory that i must create; C:\apache-tomcat-5.5.27\server\lib\org\apache\catalina\mbeans. Also, i must delete lines into catalina.bat startup file set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false because i receive an error about rmi in use. Now tomcat is running and both ports 8999 and 8084 defined in server.xml Listener className=org.apache.catalina.mbeans.JMXAdaptorLifecycleListener namingPort=8999 port=8084 host=tomcat-server-name / Now, to enable authentication, is it simillar than in catalina.bat? Well, i think that i'm going to continue tomorrow, it's a good end of day Thanks for your responses Andres 2012/2/9 Andres Aguado andriu@gmail.com: Great, it's great!. First obstacle overcomed. Now, i've compiled .java file and it's been created a .class file. Now i've got this .class file and i've added it to catalina.jar and catalina-optional.jar, but when i try to start catalina script other error appears in catalina.out, like this: GRAVE: Begin event threw exception java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdapterLifecycleListener at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) ... ADVERTENCIA: Catalina.start using conf/server.xml: java.lang.ClassNotFoundException: org.apache.catalina.mbeans.JMXAdapterLifecycleListener .. Thanks and regards, Andres 2012/2/9 Caldarale, Charles R chuck.caldar...@unisys.com: From: Pid [mailto:p...@pidster.com] Subject: Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool warning: [path] bad path element C:\apache-tomcat-5.5.27\server\lib\catalina.jar:C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar: no such file or directory The colon character is a path separator. You have it in the C: part of each path. Actually, the colon is _not_ a path separator here, it's a drive delimiter. It's the attempted use of the colon elsewhere that causes the problem; it should be a semi-colon on Windows: C:\apache-tomcat-5.5.27\server\lib\catalina.jar;C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk and URL rewriting/proxying?
Hi List I have a quick question (I hope). I'm using mod_jk to forward from Apache httpd 2.2.8 to tomcat 7.0.20 (Ubuntu 8.04). I think I saw something on this list some time ago but can't remember what it was really about (the real issue was not want I want to do). So I want users to access my webapp from xxx.yyy.zz and then have apache/mod_jk to change it to xxx.yyy.zz/myapp According to http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html I have to manipulate headers but as far as I remember there was something about ProxyPass and ProxyPassReverse. Are they only available to mod_proxy or mod_ajp? I don't want the app to become ROOT since I have another app that should be running as ROOT. I thought about making seperat host's in server.xml but I dont like the fact that I need to restart tomcat each time I need to add a new host so I thought I might achieve want I want by letting apache httpd take care of that part. Kind regards Casper - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: mod_jk and URL rewriting/proxying?
From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
Den 09-02-2012 19:36, Caldarale, Charles R skrev: From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. Ha my bad. I use separate subdomains. Right now the localhost-host uses the default ROOT (the one shipped with Tomcat) but I plan to use another webapp later. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. Nice, that will be the thing to do then :) Thanks for the tip! - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
On 09.02.2012 19:07, Casper Wandahl Schmidt wrote: Hi List I have a quick question (I hope). I'm using mod_jk to forward from Apache httpd 2.2.8 to tomcat 7.0.20 (Ubuntu 8.04). I think I saw something on this list some time ago but can't remember what it was really about (the real issue was not want I want to do). So I want users to access my webapp from xxx.yyy.zz and then have apache/mod_jk to change it to xxx.yyy.zz/myapp According to http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html I have to manipulate headers but as far as I remember there was something about ProxyPass and ProxyPassReverse. Are they only available to mod_proxy or mod_ajp? Yes, those can currently not be combined with mod_jk. Sorry. I don't want the app to become ROOT since I have another app that should be running as ROOT. I thought about making seperat host's in server.xml but I dont like the fact that I need to restart tomcat each time I need to add a new host so I thought I might achieve want I want by letting apache httpd take care of that part. You might want to look at the host-manager webapp. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ServletException logging changes between 5.5 and 6.0/7.0?
Hello, I'm seeing a difference in the way Tomcat handles logging exceptions thrown by a servlet, and I wonder if it's a configuration change or if this is simply how Tomcat is expected to behave. Tomcat versions tested: 5.5.26, 6.0.35, 7.0.25 OS: Windows 7 Java: 1.5.0_22 for Tomcat 5.5.26 and 6.0.35, 1.6.0_24 for Tomcat 7.0.25 To test, I created a webapp with a single servlet, ExceptionServlet, that simply throw a ServletException in its service() method, e.g.: public class ExceptionServlet extends HttpServlet { protected void service(HttpServletRequest arg0, HttpServletResponse arg1) throws ServletException, IOException { throw new ServletException(HEY SERVLET EXCEPTION); } } Further, the webapp uses log4j (1.2.16) and commons-logging (1.1.1). The log4j.properties for the webapp looks like this: log4j.rootLogger=INFO,A log4j.appender.A=org.apache.log4j.RollingFileAppender log4j.appender.A.file=/opt/personal/logs/ex/ex.info.log log4j.appender.A.layout=org.apache.log4j.PatternLayout log4j.appender.A.layout.conversionPattern=%m%n log4j.appender.A.maxFileSize=10MB log4j.appender.A.maxBackupIndex=10 In a default deployment of Tomcat 5.5.26, I drop the webapp in the webapps directory, start up Tomcat, and call the ExceptionServlet. The resultant exception message and stack trace appear in the log file specified by the webapp's log4j.properties file, as I would expect. Servlet.service() for servlet ex threw exception javax.servlet.ServletException: HEY SERVLET EXCEPTION at personal.ExceptionServlet.service(ExceptionServlet.java:17) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) ... However, in a default deployment of Tomcat 6.0.35 or Tomcat 7.0.25, when I drop the webapp in the webapps directory, start up the respective Tomcat, and invoke the ExceptionServlet, the resultant exception message and stack trace appear in the Tomcat's log file, e.g. $TOMCAT_HOME/logs/localhost.2012-02-09.log. It's pretty much the same log message as above: # from Tomcat 7.0.25 SEVERE: Servlet.service() for servlet [ex] in context with path [/et] threw exception [HEY SERVLET EXCEPTION] with root cause javax.servlet.ServletException: HEY SERVLET EXCEPTION at personal.ExceptionServlet.service(ExceptionServlet.java:17) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) ... I made no configuration changes to any of the Tomcat installations. So I guess my questions are: 1. Is it correct to expect that exceptions thrown by a servlet should be logged in the webapp's log files? 2. If so, what changed between Tomcat 5.5 and Tomcat 6.0/7.0 that would cause exceptions thrown by a servlet to be logged in Tomcat's log files, or what configuration change do I need to make so that the exception appears in the webapp's logs? Thanks in advance for any insights into my problem! Chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: mod_jk and URL rewriting/proxying?
-Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Thursday, February 09, 2012 12:36 PM To: Tomcat Users List Subject: RE: mod_jk and URL rewriting/proxying? From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. - Chuck Chuck - Does the host-manager persist changes now, or is it still running changes only? That is, does one still have to modify the server.xml if we want new hosts to be there the next time we restart tomcat? Jeff __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ServletException logging changes between 5.5 and 6.0/7.0?
2012/2/9 C C ccb...@yahoo.com: Hello, I'm seeing a difference in the way Tomcat handles logging exceptions thrown by a servlet, and I wonder if it's a configuration change or if this is simply how Tomcat is expected to behave. Tomcat versions tested: 5.5.26, 6.0.35, 7.0.25 OS: Windows 7 Java: 1.5.0_22 for Tomcat 5.5.26 and 6.0.35, 1.6.0_24 for Tomcat 7.0.25 To test, I created a webapp with a single servlet, ExceptionServlet, that simply throw a ServletException in its service() method, e.g.: public class ExceptionServlet extends HttpServlet { protected void service(HttpServletRequest arg0, HttpServletResponse arg1) throws ServletException, IOException { throw new ServletException(HEY SERVLET EXCEPTION); } } Further, the webapp uses log4j (1.2.16) and commons-logging (1.1.1). The log4j.properties for the webapp looks like this: log4j.rootLogger=INFO,A log4j.appender.A=org.apache.log4j.RollingFileAppender log4j.appender.A.file=/opt/personal/logs/ex/ex.info.log log4j.appender.A.layout=org.apache.log4j.PatternLayout log4j.appender.A.layout.conversionPattern=%m%n log4j.appender.A.maxFileSize=10MB log4j.appender.A.maxBackupIndex=10 In a default deployment of Tomcat 5.5.26, I drop the webapp in the webapps directory, start up Tomcat, and call the ExceptionServlet. The resultant exception message and stack trace appear in the log file specified by the webapp's log4j.properties file, as I would expect. Servlet.service() for servlet ex threw exception javax.servlet.ServletException: HEY SERVLET EXCEPTION at personal.ExceptionServlet.service(ExceptionServlet.java:17) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) ... However, in a default deployment of Tomcat 6.0.35 or Tomcat 7.0.25, when I drop the webapp in the webapps directory, start up the respective Tomcat, and invoke the ExceptionServlet, the resultant exception message and stack trace appear in the Tomcat's log file, e.g. $TOMCAT_HOME/logs/localhost.2012-02-09.log. It's pretty much the same log message as above: # from Tomcat 7.0.25 SEVERE: Servlet.service() for servlet [ex] in context with path [/et] threw exception [HEY SERVLET EXCEPTION] with root cause javax.servlet.ServletException: HEY SERVLET EXCEPTION at personal.ExceptionServlet.service(ExceptionServlet.java:17) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) ... I made no configuration changes to any of the Tomcat installations. So I guess my questions are: 1. Is it correct to expect that exceptions thrown by a servlet should be logged in the webapp's log files? No. Out of the blue I would think that it would be logged into the same file as if using Servlet.log() call. That goes to Context log file. Thus it went to the localhost.log file, because you have not configured a separate one for your context (like e.g. the manager app does). I do not know why your configuration worked in 5.5. Note that logging implementation has changed between 5.5 and 6.0 (as mentioned in the Migration Guide [1]) in that sense that Tomcat no longer provides commons-logging.jar library to be used by applications, but uses its own renamed version of the classes. Maybe it is related. [1] http://tomcat.apache.org/migration.html 2. If so, what changed between Tomcat 5.5 and Tomcat 6.0/7.0 that would cause exceptions thrown by a servlet to be logged in Tomcat's log files, or what configuration change do I need to make so that the exception appears in the webapp's logs? Thanks in advance for any insights into my problem! Chris Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cores with FlushableGzipOutputStream
Try again now that I'm subscribed. -Original Message- From: Allen Reese Sent: Thursday, February 09, 2012 12:03 PM To: 'users@tomcat.apache.org' Cc: Lars Anderson Subject: Cores with FlushableGzipOutputStream We've just upgraded from tomcat 6.0.33 to 6.0.35 and started having the JVM core on our production boxes. I'm trying to determine what the next course of action should be here. I have an Oracle Support contract, but they don't seem to see this as a JVM issue, and blame it on a native lib. Thanks. Allen Reese Core Platforms Yahoo!, Inc. Running on linux x86-64, jdk 6u27, 6u29, 6u30, 7u2 We run several tests and the output is: Jdk | Version | flags | 6u30 | 6.0.33| compression enabled | works 6u30 | 6.0.35| compression enabled | cores 6u30 | 6.0.35| compression disabled | works 6u30 | 6.0.35| Remove changes to FlushableGzipOutputStream [1] | works 6u30 | 6.0.35| -Dsun.zip.disableMemoryMapping=true | cores 7u2 | 6.0.35| compression enabled | cores 7u2 | 6.0.35| compression disabled | 7u2 | 6.0.35| Remove changes to FlushableGzipOutputStream [1] | 7u2 | 6.0.35| -Dsun.zip.disableMemoryMapping=true | cores https://issues.apache.org/bugzilla/show_bug.cgi?id=52121 I filed an SR with Oracle, as this looks like a JVM bug and got the following response: Generic Note Hi Allen, Thank you for sending the hotspot error logs (hs_err_pidpid). Each one of them has verbiage that indicates the problem is not with Java, but with native code: # Problematic frame: # C [libzip.so+0x77e3] char+0xa3 # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # The case description also noted: Rolling back this patch to tomcat increases stability: http://svn.apache.org/viewvc?view=revisionrevision=1197382 Again, this points to software other than Java. The Java defect mentioned, 4813885, was fixed in June of 2009. = Allen Reese Core Platforms Yahoo!, Inc. [1]: Patch to remove changes to FlushableGZIPOutputStream from 6.0.35. --- apache-tomcat-6.0.35- src/java/org/apache/coyote/http11/filters/FlushableGZIPOutputStream.jav a 2011-11-28 02:22:45.0 -0800 +++ apache-tomcat-6.0.33- src/java/org/apache/coyote/http11/filters/FlushableGZIPOutputStream.jav a 2011-08-16 05:26:14.0 -0700 @@ -35,93 +35,58 @@ super(os); } +private static final byte[] EMPTYBYTEARRAY = new byte[0]; +private boolean hasData = false; + /** - * It is used to reserve one byte of real data so that it can be used when - * flushing the stream. + * Here we make sure we have received data, so that the header has been for + * sure written to the output stream already. */ -private byte[] lastByte = new byte[1]; -private boolean hasLastByte = false; - -@Override -public void write(byte[] bytes) throws IOException { -write(bytes, 0, bytes.length); -} - @Override -public synchronized void write(byte[] bytes, int offset, int length) +public synchronized void write(byte[] bytes, int i, int i1) throws IOException { -if (length 0) { -flushLastByte(); -if (length 1) { -super.write(bytes, offset, length - 1); -} -rememberLastByte(bytes[offset + length - 1]); -} +super.write(bytes, i, i1); +hasData = true; } @Override public synchronized void write(int i) throws IOException { -flushLastByte(); -rememberLastByte((byte) i); +super.write(i); +hasData = true; } @Override -public synchronized void finish() throws IOException { -try { -flushLastByte(); -} catch (IOException ignore) { -// If our write failed, then trailer write in finish() will fail -// with IOException as well, but it will leave Deflater in more -// consistent state. -} -super.finish(); +public synchronized void write(byte[] bytes) throws IOException { +super.write(bytes); +hasData = true; } @Override -public synchronized void close() throws IOException { -try { -flushLastByte(); -} catch (IOException ignored) { -// Ignore. As OutputStream#close() says, the contract of close() -// is to close the stream. It does not matter much if the -// stream is not writable any more. +public synchronized void flush()
RE: Cores with FlushableGzipOutputStream
unsubscribe From: are...@yahoo-inc.com To: users@tomcat.apache.org CC: laraa...@yahoo-inc.com Date: Thu, 9 Feb 2012 12:07:15 -0800 Subject: RE: Cores with FlushableGzipOutputStream Try again now that I'm subscribed. -Original Message- From: Allen Reese Sent: Thursday, February 09, 2012 12:03 PM To: 'users@tomcat.apache.org' Cc: Lars Anderson Subject: Cores with FlushableGzipOutputStream We've just upgraded from tomcat 6.0.33 to 6.0.35 and started having the JVM core on our production boxes. I'm trying to determine what the next course of action should be here. I have an Oracle Support contract, but they don't seem to see this as a JVM issue, and blame it on a native lib. Thanks. Allen Reese Core Platforms Yahoo!, Inc. Running on linux x86-64, jdk 6u27, 6u29, 6u30, 7u2 We run several tests and the output is: Jdk | Version | flags | 6u30 | 6.0.33 | compression enabled | works 6u30 | 6.0.35 | compression enabled | cores 6u30 | 6.0.35 | compression disabled | works 6u30 | 6.0.35 | Remove changes to FlushableGzipOutputStream [1] | works 6u30 | 6.0.35 | -Dsun.zip.disableMemoryMapping=true | cores 7u2 | 6.0.35 | compression enabled | cores 7u2 | 6.0.35 | compression disabled | 7u2 | 6.0.35 | Remove changes to FlushableGzipOutputStream [1] | 7u2 | 6.0.35 | -Dsun.zip.disableMemoryMapping=true | cores https://issues.apache.org/bugzilla/show_bug.cgi?id=52121 I filed an SR with Oracle, as this looks like a JVM bug and got the following response: Generic Note Hi Allen, Thank you for sending the hotspot error logs (hs_err_pidpid). Each one of them has verbiage that indicates the problem is not with Java, but with native code: # Problematic frame: # C [libzip.so+0x77e3] char+0xa3 # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # The case description also noted: Rolling back this patch to tomcat increases stability: http://svn.apache.org/viewvc?view=revisionrevision=1197382 Again, this points to software other than Java. The Java defect mentioned, 4813885, was fixed in June of 2009. = Allen Reese Core Platforms Yahoo!, Inc. [1]: Patch to remove changes to FlushableGZIPOutputStream from 6.0.35. --- apache-tomcat-6.0.35- src/java/org/apache/coyote/http11/filters/FlushableGZIPOutputStream.jav a 2011-11-28 02:22:45.0 -0800 +++ apache-tomcat-6.0.33- src/java/org/apache/coyote/http11/filters/FlushableGZIPOutputStream.jav a 2011-08-16 05:26:14.0 -0700 @@ -35,93 +35,58 @@ super(os); } + private static final byte[] EMPTYBYTEARRAY = new byte[0]; + private boolean hasData = false; + /** - * It is used to reserve one byte of real data so that it can be used when - * flushing the stream. + * Here we make sure we have received data, so that the header has been for + * sure written to the output stream already. */ - private byte[] lastByte = new byte[1]; - private boolean hasLastByte = false; - - @Override - public void write(byte[] bytes) throws IOException { - write(bytes, 0, bytes.length); - } - @Override - public synchronized void write(byte[] bytes, int offset, int length) + public synchronized void write(byte[] bytes, int i, int i1) throws IOException { - if (length 0) { - flushLastByte(); - if (length 1) { - super.write(bytes, offset, length - 1); - } - rememberLastByte(bytes[offset + length - 1]); - } + super.write(bytes, i, i1); + hasData = true; } @Override public synchronized void write(int i) throws IOException { - flushLastByte(); - rememberLastByte((byte) i); + super.write(i); + hasData = true; } @Override - public synchronized void finish() throws IOException { - try { - flushLastByte(); - } catch (IOException ignore) { - // If our write failed, then trailer write in finish() will fail - // with IOException as well, but it will leave Deflater in more - // consistent state. - } - super.finish(); + public synchronized void write(byte[] bytes) throws IOException { + super.write(bytes); + hasData = true; } @Override - public synchronized void close() throws IOException { - try { - flushLastByte(); - } catch (IOException ignored) { - // Ignore. As OutputStream#close() says, the contract of close() - // is to close the stream. It does not matter much if the - // stream is not writable any more. + public synchronized void flush() throws IOException { + if (!hasData) { + return; // do not allow the gzip header to be flushed on its own } - super.close(); - } - private void rememberLastByte(byte b) {
RE: mod_jk and URL rewriting/proxying?
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: RE: mod_jk and URL rewriting/proxying? does one still have to modify the server.xml if we want new hosts to be there the next time we restart tomcat? A brief scan of the code indicates that you will have to maintain server.xml yourself. All I could see was code that manipulates the active objects; nothing seems to be persisted. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cores with FlushableGzipOutputStream
From: Allen Reese [mailto:are...@yahoo-inc.com] Subject: RE: Cores with FlushableGzipOutputStream I'm trying to determine what the next course of action should be here. I have an Oracle Support contract, but they don't seem to see this as a JVM issue, and blame it on a native lib. # Problematic frame: # C [libzip.so+0x77e3] char+0xa3 They conveniently forgot that's a library that comes with the JVM... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: choosing an httpd connector
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mari, (Yeah, that was a lot of irrelevant detail). On 2/8/12 7:51 PM, Mari Masuda wrote: Given these constraints I am not sure which connector would be the best choice. I came across this article from 2010 as a result of my (mostly unsuccessful) Googling: http://www.tomcatexpert.com/blog/2010/06/16/deciding-between-modjk-modproxyhttp-and-modproxyajp but since I am just the de facto programmer at my work I am not well-versed in system administration so it is highly likely that there is something obvious that I am missing. As Hassan points out, your app will be contacting Solr directly, so there's no reason to hook Tomcat up to your web server (unless you are putting Solr on a separate box and for some reason that other box also has a web server that you have to go through). Just set up any HTTP connector on localhost. By default, you'll get the BIO (blocking I/O) connector which is good enough to get up and running. If you don't expect to get very many requests to Solr from the local(ish) Drupal (because you'll only be expecting a certain number of concurrent Drupal requests, and not all of them will require a Solr request), then that will be just fine. If you want to be able to scale-up to many connections a little better, consider switching to the NIO (non-blocking I/O) or the APR connectors, both of which can handle more connections with fewer resources (particularly if you are using HTTP Keep-Alive). I have searched the list archives as well, but I think my search was too broad or otherwise used the wrong terminology so I apologize if this question has been answered multiple times already. If so, I am happy to RTFM and would appreciate any and all pointers to existing threads. I would use the default BIO connector until you think you might be hitting a bottleneck. If that happens, come back here and let us know what's going on, and we can give you some better advice. I have successfully installed Tomcat 7.0.25 on my dev machine, which is a Mac, and I am using Apache 2.2.14. The production machine will be Windows if that makes any difference. It doesn't make a difference at all, though everyone has their own preferences for production environments. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80LGIACgkQ9CaO5/Lv0PCvLwCgv/Epqs+lKnopPtsLU4duHlBZ gfsAn2WiLemQd8QAq7LdWnyutILfLv9C =6fr1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cores with FlushableGzipOutputStream
On 09/02/2012 20:07, Allen Reese wrote: Try again now that I'm subscribed. If libzip.so is provided by the JVM installer (and I think it is) then it is still a JVM problem. See [1] for an example where Oracle did accept that an crash in libzip.so was a bug. All changing the Tomcat code indicates is that some paths trigger the bug and some don't. That does not absolve the JVM of responsibility. Mark [1] http://bugs.sun.com/view_bug.do?bug_id=6866479 -Original Message- From: Allen Reese Sent: Thursday, February 09, 2012 12:03 PM To: 'users@tomcat.apache.org' Cc: Lars Anderson Subject: Cores with FlushableGzipOutputStream We've just upgraded from tomcat 6.0.33 to 6.0.35 and started having the JVM core on our production boxes. I'm trying to determine what the next course of action should be here. I have an Oracle Support contract, but they don't seem to see this as a JVM issue, and blame it on a native lib. Thanks. Allen Reese Core Platforms Yahoo!, Inc. Running on linux x86-64, jdk 6u27, 6u29, 6u30, 7u2 We run several tests and the output is: Jdk | Version | flags | 6u30 | 6.0.33| compression enabled | works 6u30 | 6.0.35| compression enabled | cores 6u30 | 6.0.35| compression disabled | works 6u30 | 6.0.35| Remove changes to FlushableGzipOutputStream [1] | works 6u30 | 6.0.35| -Dsun.zip.disableMemoryMapping=true | cores 7u2 | 6.0.35| compression enabled | cores 7u2 | 6.0.35| compression disabled | 7u2 | 6.0.35| Remove changes to FlushableGzipOutputStream [1] | 7u2 | 6.0.35| -Dsun.zip.disableMemoryMapping=true | cores https://issues.apache.org/bugzilla/show_bug.cgi?id=52121 I filed an SR with Oracle, as this looks like a JVM bug and got the following response: Generic Note Hi Allen, Thank you for sending the hotspot error logs (hs_err_pidpid). Each one of them has verbiage that indicates the problem is not with Java, but with native code: # Problematic frame: # C [libzip.so+0x77e3] char+0xa3 # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # The case description also noted: Rolling back this patch to tomcat increases stability: http://svn.apache.org/viewvc?view=revisionrevision=1197382 Again, this points to software other than Java. The Java defect mentioned, 4813885, was fixed in June of 2009. = Allen Reese Core Platforms Yahoo!, Inc. [1]: Patch to remove changes to FlushableGZIPOutputStream from 6.0.35. --- apache-tomcat-6.0.35- src/java/org/apache/coyote/http11/filters/FlushableGZIPOutputStream.jav a2011-11-28 02:22:45.0 -0800 +++ apache-tomcat-6.0.33- src/java/org/apache/coyote/http11/filters/FlushableGZIPOutputStream.jav a2011-08-16 05:26:14.0 -0700 @@ -35,93 +35,58 @@ super(os); } +private static final byte[] EMPTYBYTEARRAY = new byte[0]; +private boolean hasData = false; + /** - * It is used to reserve one byte of real data so that it can be used when - * flushing the stream. + * Here we make sure we have received data, so that the header has been for + * sure written to the output stream already. */ -private byte[] lastByte = new byte[1]; -private boolean hasLastByte = false; - -@Override -public void write(byte[] bytes) throws IOException { -write(bytes, 0, bytes.length); -} - @Override -public synchronized void write(byte[] bytes, int offset, int length) +public synchronized void write(byte[] bytes, int i, int i1) throws IOException { -if (length 0) { -flushLastByte(); -if (length 1) { -super.write(bytes, offset, length - 1); -} -rememberLastByte(bytes[offset + length - 1]); -} +super.write(bytes, i, i1); +hasData = true; } @Override public synchronized void write(int i) throws IOException { -flushLastByte(); -rememberLastByte((byte) i); +super.write(i); +hasData = true; } @Override -public synchronized void finish() throws IOException { -try { -flushLastByte(); -} catch (IOException ignore) { -// If our write failed, then trailer write in finish() will fail -// with IOException as well, but it will leave Deflater in more -// consistent state. -} -super.finish(); +public synchronized void write(byte[] bytes) throws IOException { +super.write(bytes); +hasData = true; } @Override -public
Re: mod_jk and URL rewriting/proxying?
On 09/02/2012 20:18, Caldarale, Charles R wrote: From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: RE: mod_jk and URL rewriting/proxying? does one still have to modify the server.xml if we want new hosts to be there the next time we restart tomcat? A brief scan of the code indicates that you will have to maintain server.xml yourself. All I could see was code that manipulates the active objects; nothing seems to be persisted. Correct. There was some code that tried to do this back in 5.5.x but it was buggy, not maintained and therefore got dropped. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cores with FlushableGzipOutputStream
2012/2/10 Allen Reese are...@yahoo-inc.com: Try again now that I'm subscribed. -Original Message- From: Allen Reese Sent: Thursday, February 09, 2012 12:03 PM To: 'users@tomcat.apache.org' Cc: Lars Anderson Subject: Cores with FlushableGzipOutputStream We've just upgraded from tomcat 6.0.33 to 6.0.35 and started having the JVM core on our production boxes. I'm trying to determine what the next course of action should be here. I have an Oracle Support contract, but they don't seem to see this as a JVM issue, and blame it on a native lib. Thanks. Allen Reese Core Platforms Yahoo!, Inc. Running on linux x86-64, jdk 6u27, 6u29, 6u30, 7u2 We run several tests and the output is: Jdk | Version | flags | 6u30 | 6.0.33 | compression enabled | works 6u30 | 6.0.35 | compression enabled | cores 6u30 | 6.0.35 | compression disabled | works 6u30 | 6.0.35 | Remove changes to FlushableGzipOutputStream [1] | works 6u30 | 6.0.35 | -Dsun.zip.disableMemoryMapping=true | cores 7u2 | 6.0.35 | compression enabled | cores 7u2 | 6.0.35 | compression disabled | 7u2 | 6.0.35 | Remove changes to FlushableGzipOutputStream [1] | 7u2 | 6.0.35 | -Dsun.zip.disableMemoryMapping=true | cores https://issues.apache.org/bugzilla/show_bug.cgi?id=52121 I filed an SR with Oracle, as this looks like a JVM bug and got the following response: Generic Note Hi Allen, Thank you for sending the hotspot error logs (hs_err_pidpid). Each one of them has verbiage that indicates the problem is not with Java, but with native code: # Problematic frame: # C [libzip.so+0x77e3] char+0xa3 # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # The case description also noted: Rolling back this patch to tomcat increases stability: http://svn.apache.org/viewvc?view=revisionrevision=1197382 Again, this points to software other than Java. The Java defect mentioned, 4813885, was fixed in June of 2009. = Allen Reese Core Platforms Yahoo!, Inc. [1]: Patch to remove changes to FlushableGZIPOutputStream from 6.0.35. (...) Hi! If you revert r1197382 you will be facing BZ 52121 [1]. Overall, BZ 52121 itself was about a bug in Deflater implementation in JRE. The difference is that I tried to make the new implementation as safe as possible, making sure that Deflater.setLevel() calls do not occur in a row, but there is some data between them. Either way Deflater API does not have such limitation on the use of setLevel(), so the root cause of BZ 52121 is a JRE bug. I think that the current code is safe and you hitting a different issue. Your better stability is likely a luck caused by a different state of Deflater thanks to different implementation at Tomcat side. Maybe you have some web resource that consistently produces a response that triggers this issue. From experience of BZ 52121 we were lucky that someone was able to provide sample data that reproduced the issue. It looks that originally it was some product listing generated by JSP page. Maybe you can find something similar. That data is now part of Tomcat testsuite (see TestFlushableGZIPOutputStream class). Note that the reproducer is rather simple and does not use Tomcat, but just the streams I/O. Anyway, a JRE should not fail fatally with a core dump regardless of what public API the program uses. [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=52121 Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ServletException logging changes between 5.5 and 6.0/7.0?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris, On 2/9/12 2:40 PM, C C wrote: To test, I created a webapp with a single servlet, ExceptionServlet, that simply throw a ServletException in its service() method, e.g.: public class ExceptionServlet extends HttpServlet { protected void service(HttpServletRequest arg0, HttpServletResponse arg1) throws ServletException, IOException { throw new ServletException(HEY SERVLET EXCEPTION); } } Further, the webapp uses log4j (1.2.16) and commons-logging (1.1.1). The log4j.properties for the webapp looks like this: log4j.rootLogger=INFO,A log4j.appender.A=org.apache.log4j.RollingFileAppender log4j.appender.A.file=/opt/personal/logs/ex/ex.info.log log4j.appender.A.layout=org.apache.log4j.PatternLayout log4j.appender.A.layout.conversionPattern=%m%n log4j.appender.A.maxFileSize=10MB log4j.appender.A.maxBackupIndex=10 So log4j.properties is located in WEB-INF/classes? Where is log4j.jar? Do you have any other code in this example webapp -- for instance, something that actually loads the log4j.properties file? In order to use log4j with Tomcat 6.0 and 7.0, you need to download some Tomcat extras as described here: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j So if you haven't done that, then log4j will not be used at all, unless you have both written some code to initialize log4j during webapp startup and written an error handler to capture errors and log them to some kind of log. In a default deployment of Tomcat 5.5.26, I drop the webapp in the webapps directory, start up Tomcat, and call the ExceptionServlet. The resultant exception message and stack trace appear in the log file specified by the webapp's log4j.properties file, as I would expect. I wouldn't expect that at all, unless your log4j.properties file lives at the server level and not at the webapp level. So, which is it? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80NAcACgkQ9CaO5/Lv0PAuJgCgvnWXtgCUS5qbrIBJBd3/u88d lFQAn1VeFSs4kEv9S5c/6WEOh0LNMYD7 =oB/i -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Casper, On 2/9/12 1:43 PM, Casper Wandahl Schmidt wrote: Den 09-02-2012 19:36, Caldarale, Charles R skrev: From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. Ha my bad. I use separate subdomains. Right now the localhost-host uses the default ROOT (the one shipped with Tomcat) but I plan to use another webapp later. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. Nice, that will be the thing to do then :) Thanks for the tip! IIRC, the host-manager won't save the server.xml back to disk, so you'll have to remember to update your server.xml whenever you want to hot-deploy a new domain name, anyway. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80NH0ACgkQ9CaO5/Lv0PAOYACeOE6TRto+xkg05iMtKiOUcyvP FSUAnROQ2VOQT+GxkHMV1nYwaIdjOD+d =3Kim -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: ServletException logging changes between 5.5 and 6.0/7.0?
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: ServletException logging changes between 5.5 and 6.0/7.0? In order to use log4j with Tomcat 6.0 and 7.0, you need to download some Tomcat extras as described here: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j Just to be clear: that's only when you want Tomcat to use log4j for its own logging; nothing to do with any logging implementation inside the webapp itself. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: [OT] Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andres, On 2/9/12 11:26 AM, Andres Aguado wrote: Hi, first, for me there is a powerfull reason for maintain 5.5 version. This is the initial version and application is working fine now, and I think that i'm not prepare to execute the upgrade, i don't know how and where to begin. Upgrading from 5.5 to 7.0 should ideally be as painless as installing Tomcat 7 and dropping your WAR into the webapps directory. The APIs are all backward-compatible. You may run into trouble in the following areas: 0. Don't have a META-INF/context.xml file? Make one. Don't use server.xml for webapp deployment anymore. 1. Non-spec-standard behavior Newer versions of Tomcat have become increasingly cranky about bad code, configurations, etc. You may have some warnings and/or errors that you will have to fix. You should fix those /anyway/, but now Tomcat complains about them. 2. Logging Logging has changed a lot over the years and so you'll have to read the documentation if things don't work for you. 3. Edge cases There are lots more settings in the later versions of Tomcat to get it to behave in ways that used to be the standard (or at least expected behavior). If you find that your webapp is acting strangely, check Tomcat's changelog to see what might have changed. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80NmcACgkQ9CaO5/Lv0PDfswCeMmlkGkP9Q57W1uthyie/txvw 7rsAnikU1dpAc8lQM+zYVxNcB/Zk5Fky =idKe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andres, On 2/9/12 12:29 PM, Andres Aguado wrote: Great, it's great!. First obstacle overcomed. Now, i've compiled .java file and it's been created a .class file. Now i've got this .class file and i've added it to catalina.jar and catalina-optional.jar Don't add the class to both jars. Better yet, don't add it to any jars. Do what you've apparently done in a later post: put it into server/classes and not in a JAR file. That way, it will be easier to see that you've modified the environment. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80Nq4ACgkQ9CaO5/Lv0PAMLgCfVyUS/yOG/OyTCrlvfhQspowu 8HYAniN+EGWcEGEnrkPJD0P/A7/bLOrv =1hqz -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ServletException logging changes between 5.5 and 6.0/7.0?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 2/9/12 4:06 PM, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: ServletException logging changes between 5.5 and 6.0/7.0? In order to use log4j with Tomcat 6.0 and 7.0, you need to download some Tomcat extras as described here: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j Just to be clear: that's only when you want Tomcat to use log4j for its own logging; nothing to do with any logging implementation inside the webapp itself. Yes, with one exception: use of ServletContext.log(). If you use that for logging (which I happen to think is foolish), then you'll need to configure your logging at the Tomcat-level. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80N3sACgkQ9CaO5/Lv0PAh3QCglSb487Qz39vArWhJHNSD6Cwq eRMAn3XhOcEUJlMf5hB1lAWBc8txOmyD =t5Cz -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: ServletException logging changes between 5.5 and 6.0/7.0?
unsubscribe From: chuck.caldar...@unisys.com To: users@tomcat.apache.org Date: Thu, 9 Feb 2012 15:06:39 -0600 Subject: RE: ServletException logging changes between 5.5 and 6.0/7.0? From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: ServletException logging changes between 5.5 and 6.0/7.0? In order to use log4j with Tomcat 6.0 and 7.0, you need to download some Tomcat extras as described here: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j Just to be clear: that's only when you want Tomcat to use log4j for its own logging; nothing to do with any logging implementation inside the webapp itself. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: ServletException logging changes between 5.5 and 6.0/7.0?
unsubscribe From: chuck.caldar...@unisys.com To: users@tomcat.apache.org Date: Thu, 9 Feb 2012 15:06:39 -0600 Subject: RE: ServletException logging changes between 5.5 and 6.0/7.0? From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: ServletException logging changes between 5.5 and 6.0/7.0? In order to use log4j with Tomcat 6.0 and 7.0, you need to download some Tomcat extras as described here: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j Just to be clear: that's only when you want Tomcat to use log4j for its own logging; nothing to do with any logging implementation inside the webapp itself. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: ServletException logging changes between 5.5 and 6.0/7.0?
From: ken dias [mailto:kend...@hotmail.com] Subject: RE: ServletException logging changes between 5.5 and 6.0/7.0? unsubscribe Zero-for-three... http://tomcat.apache.org/lists.html#tomcat-users - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cores with FlushableGzipOutputStream
-Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Thursday, February 09, 2012 1:00 PM To: Tomcat Users List Subject: Re: Cores with FlushableGzipOutputStream 2012/2/10 Allen Reese are...@yahoo-inc.com: Try again now that I'm subscribed. -Original Message- From: Allen Reese Sent: Thursday, February 09, 2012 12:03 PM To: 'users@tomcat.apache.org' Cc: Lars Anderson Subject: Cores with FlushableGzipOutputStream We've just upgraded from tomcat 6.0.33 to 6.0.35 and started having the JVM core on our production boxes. I'm trying to determine what the next course of action should be here. I have an Oracle Support contract, but they don't seem to see this as a JVM issue, and blame it on a native lib. Thanks. Allen Reese Core Platforms Yahoo!, Inc. Running on linux x86-64, jdk 6u27, 6u29, 6u30, 7u2 We run several tests and the output is: Jdk | Version | flags | 6u30 | 6.0.33 | compression enabled | works 6u30 | 6.0.35 | compression enabled | cores 6u30 | 6.0.35 | compression disabled | works 6u30 | 6.0.35 | Remove changes to FlushableGzipOutputStream [1] | works 6u30 | 6.0.35 | -Dsun.zip.disableMemoryMapping=true | cores 7u2 | 6.0.35 | compression enabled | cores 7u2 | 6.0.35 | compression disabled | 7u2 | 6.0.35 | Remove changes to FlushableGzipOutputStream [1] | 7u2 | 6.0.35 | -Dsun.zip.disableMemoryMapping=true | cores https://issues.apache.org/bugzilla/show_bug.cgi?id=52121 I filed an SR with Oracle, as this looks like a JVM bug and got the following response: Generic Note Hi Allen, Thank you for sending the hotspot error logs (hs_err_pidpid). Each one of them has verbiage that indicates the problem is not with Java, but with native code: # Problematic frame: # C [libzip.so+0x77e3] char+0xa3 # # If you would like to submit a bug report, please visit: # http://java.sun.com/webapps/bugreport/crash.jsp # The crash happened outside the Java Virtual Machine in native code. # See problematic frame for where to report the bug. # The case description also noted: Rolling back this patch to tomcat increases stability: http://svn.apache.org/viewvc?view=revisionrevision=1197382 Again, this points to software other than Java. The Java defect mentioned, 4813885, was fixed in June of 2009. = Allen Reese Core Platforms Yahoo!, Inc. [1]: Patch to remove changes to FlushableGZIPOutputStream from 6.0.35. (...) Hi! If you revert r1197382 you will be facing BZ 52121 [1]. Overall, BZ 52121 itself was about a bug in Deflater implementation in JRE. The difference is that I tried to make the new implementation as safe as possible, making sure that Deflater.setLevel() calls do not occur in a row, but there is some data between them. Either way Deflater API does not have such limitation on the use of setLevel(), so the root cause of BZ 52121 is a JRE bug. I think that the current code is safe and you hitting a different issue. Your better stability is likely a luck caused by a different state of Deflater thanks to different implementation at Tomcat side. Maybe you have some web resource that consistently produces a response that triggers this issue. From experience of BZ 52121 we were lucky that someone was able to provide sample data that reproduced the issue. It looks that originally it was some product listing generated by JSP page. Maybe you can find something similar. That data is now part of Tomcat testsuite (see TestFlushableGZIPOutputStream class). Note that the reproducer is rather simple and does not use Tomcat, but just the streams I/O. Anyway, a JRE should not fail fatally with a core dump regardless of what public API the program uses. Thanks. This is what I was after, I'm going to put this thread in my SR with Oracle along with Mark's reply. I'll see if we can get the data that triggers it, it's a high volume system and the cores come after about 3 to 4 hours. [1] https://issues.apache.org/bugzilla/show_bug.cgi?id=52121 Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
On 9 Feb 2012, at 17:10, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Pid [mailto:p...@pidster.com] Subject: Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool warning: [path] bad path element C:\apache-tomcat-5.5.27\server\lib\catalina.jar:C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar: no such file or directory The colon character is a path separator. You have it in the C: part of each path. Actually, the colon is _not_ a path separator here, it's a drive delimiter. It's the attempted use of the colon elsewhere that causes the problem; it should be a semi-colon on Windows: C:\apache-tomcat-5.5.27\server\lib\catalina.jar;C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar Erk. FAIL. p - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ServletException logging changes between 5.5 and 6.0/7.0?
Hi Christopher, - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Thursday, February 9, 2012 1:00 PM Subject: Re: ServletException logging changes between 5.5 and 6.0/7.0? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris, On 2/9/12 2:40 PM, C C wrote: To test, I created a webapp with a single servlet, ExceptionServlet, that simply throw a ServletException in its service() method, e.g.: ... snip ... So log4j.properties is located in WEB-INF/classes? Where is log4j.jar? My log4j.properties is in WEB-INF/classes, and log4j.jar is in WEB-INF/lib. Do you have any other code in this example webapp -- for instance, something that actually loads the log4j.properties file? I don't have any other code in my example webapp. The only code is that ExceptionServlet. In the ExceptionServlet I don't have any code that loads log4j.properties or configures log4j in any way. In order to use log4j with Tomcat 6.0 and 7.0, you need to download some Tomcat extras as described here: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j Thanks, I've done this, and found it doesn't really address my problem. My problem is not that I want Tomcat6/7 to use log4j for logging, my problem is that, when my ExceptionServlet throws the ServletException, on TC5.5 the exception was logged in the webapp's log, whereas on TC6/7 it was logged in Tomcat's localhost.log. Konstantin provided a response which seemed to make sense: an exception thrown by a servlet is probably logged using Servlet.log(), so the log message should end up in the Context file. Because my webapp also had commons-logging.jar in WEB-INF/lib, that was probably interfering with / taking over the commons-logging.jar that is shipped with TC5.5. If I remove all the logging jars from my webapp on TC5.5, the behavior looks like TC6/7, where the servlet's exception is logged in Tomcat's log. So if you haven't done that, then log4j will not be used at all, unless you have both written some code to initialize log4j during webapp startup and written an error handler to capture errors and log them to some kind of log. In a default deployment of Tomcat 5.5.26, I drop the webapp in the webapps directory, start up Tomcat, and call the ExceptionServlet. The resultant exception message and stack trace appear in the log file specified by the webapp's log4j.properties file, as I would expect. I wouldn't expect that at all, unless your log4j.properties file lives at the server level and not at the webapp level. So, which is it? Again, log4j.jar and log4j.properties at the webapp level. I think my understanding of where a servlet exception should be logged is incorrect, and the fact my webapp had commons-logging.jar somehow interfered with where the exception was logged. Does that sound about right? Thanks, Chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Path parameters and getRequestURI
On 1:59 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, There was a change in 6.0.33 (and it has always been the case in 7.0.x?) that HttpServletRequest.getRequestURI now returns path parameters as part of the URI. That notably includes the URL-encoded jsessionid that Tomcat uses when the availability of cookies on the client is set to be determined. I have a Filter that checks to see if the user is accessing a particular set of predefined pages and redirects them if they don't hit any of them. Needless to say, without any changes to my code, anyone who hits this filter who either has cookies disabled or is in the middle of an authentication ritual that redirects to the original page is going to have a problem. Is it safe to simply remove everything after the initial ; if I'm not interested in any path parameters? I don't want to just trim-off that kind of thing blindly if there are any gotchas that I should be aware of. Can anyone think of a reason I can't just do that? Thanks, - -chris Hi, Chris- What about using HttpServletRequest.getServletPath()? -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ServletException logging changes between 5.5 and 6.0/7.0?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris, On 2/9/12 5:00 PM, C C wrote: From: Christopher Schultz ch...@christopherschultz.net So log4j.properties is located in WEB-INF/classes? Where is log4j.jar? My log4j.properties is in WEB-INF/classes, and log4j.jar is in WEB-INF/lib. Okay. Do you have any other code in this example webapp -- for instance, something that actually loads the log4j.properties file? I don't have any other code in my example webapp. The only code is that ExceptionServlet. In the ExceptionServlet I don't have any code that loads log4j.properties or configures log4j in any way. I wouldn't expect Tomcat to configure log4j for you in that case. I'm surprised that it somehow worked in Tomcat 5.5. In order to use log4j with Tomcat 6.0 and 7.0, you need to download some Tomcat extras as described here: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j Thanks, I've done this, and found it doesn't really address my problem. My problem is not that I want Tomcat6/7 to use log4j for logging, my problem is that, when my ExceptionServlet throws the ServletException, on TC5.5 the exception was logged in the webapp's log, whereas on TC6/7 it was logged in Tomcat's localhost.log. Gotcha. I know for my webapps, I explicitly configure error handlers in web.xml to catch errors, log them, and show nice messages to users. Konstantin provided a response which seemed to make sense: an exception thrown by a servlet is probably logged using Servlet.log(), so the log message should end up in the Context file. Because my webapp also had commons-logging.jar in WEB-INF/lib, that was probably interfering with / taking over the commons-logging.jar that is shipped with TC5.5. If I remove all the logging jars from my webapp on TC5.5, the behavior looks like TC6/7, where the servlet's exception is logged in Tomcat's log. It's quite possible that Tomcat 5.5 wasn't re-naming packages to avoid this kind of class interference, and that Tomcat was logging to the webapp's logger. That's not how I understand the class and resource loading stuff to work, but I've been wrong before. Perhaps Tomcat was using the wrong context class loader when trying to load the logging configuration and getting yours. That might do it. I wouldn't expect that at all, unless your log4j.properties file lives at the server level and not at the webapp level. So, which is it? Again, log4j.jar and log4j.properties at the webapp level. I think my understanding of where a servlet exception should be logged is incorrect, and the fact my webapp had commons-logging.jar somehow interfered with where the exception was logged. Does that sound about right? Right: configure one or more error-page(s) in web.xml and point them at a servlet that can log the errors appropriately. On the other hand, you can configure Tomcat to log stuff that goes to ServletContext.log() to go to the log file of your choice: you just have to set it up using CATALINA_BASE/conf/logging.properties instead of inside your webapp (which is one reason I wouldn't favor doing it: because your logging configuration is outside of your webapp's control). Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80TT4ACgkQ9CaO5/Lv0PA/3gCfQr0756AsyEmrf4ZrFuylXejv nIYAoKy89JB3liogP/btzi4zvoO2CCcb =tFkg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Path parameters and getRequestURI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terrence, On 2/9/12 5:16 PM, Terence M. Bandoian wrote: On 1:59 PM, Christopher Schultz wrote: Is it safe to simply remove everything after the initial ; if I'm not interested in any path parameters? I don't want to just trim-off that kind of thing blindly if there are any gotchas that I should be aware of. What about using HttpServletRequest.getServletPath()? That's a damned good question. I'll have to read more into the docs to see what that's supposed to do. In a simple test, it seems that I get everything I want except that I have to re-add the context path to the beginning of the URI, which isn't a big deal. If Tomcat has already done the work for me, why not use it? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80TkEACgkQ9CaO5/Lv0PC1SACfWWE831aTOL9BOwZqw9ulA/u2 MVIAoJwk7gUuqMyOh0HhpndBnV23IaUw =DFNl -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ServletException logging changes between 5.5 and 6.0/7.0?
So log4j.properties is located in WEB-INF/classes? Where is log4j.jar? My log4j.properties is in WEB-INF/classes, and log4j.jar is in WEB-INF/lib. Okay. Do you have any other code in this example webapp -- for instance, something that actually loads the log4j.properties file? I don't have any other code in my example webapp. The only code is that ExceptionServlet. In the ExceptionServlet I don't have any code that loads log4j.properties or configures log4j in any way. I wouldn't expect Tomcat to configure log4j for you in that case. I'm surprised that it somehow worked in Tomcat 5.5. It makes sense. Tomcat 5.5 comes with full commons-logging library and it can autodetect if log4j is available. In Tomcat 6.0 the default logging library has that detection code removed. You have to download alternative copy of the library from extras to re-enable autodetection (as was already mentioned in this thread below). In order to use log4j with Tomcat 6.0 and 7.0, you need to download some Tomcat extras as described here: http://tomcat.apache.org/tomcat-7.0-doc/logging.html#Using_Log4j (...) Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Path parameters and getRequestURI
2012/2/9 Christopher Schultz ch...@christopherschultz.net: There was a change in 6.0.33 (and it has always been the case in 7.0.x?) that HttpServletRequest.getRequestURI now returns path parameters as part of the URI. That notably includes the URL-encoded jsessionid that Tomcat uses when the availability of cookies on the client is set to be determined. (...) See this thread: Path Parameters - Servlet API http://tomcat.markmail.org/thread/ykx72wcuzcmiyujz Best regards, Konstantin Kolinko I have a Filter that checks to see if the user is accessing a particular set of predefined pages and redirects them if they don't hit any of them. Needless to say, without any changes to my code, anyone who hits this filter who either has cookies disabled or is in the middle of an authentication ritual that redirects to the original page is going to have a problem. Is it safe to simply remove everything after the initial ; if I'm not interested in any path parameters? I don't want to just trim-off that kind of thing blindly if there are any gotchas that I should be aware of. Can anyone think of a reason I can't just do that? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8y3IIACgkQ9CaO5/Lv0PDjVgCfWtDEaSmK1ctLtYs9hZknXrPM EiMAn0y4getXGjQAMTa8dGCH6uYJfWnS =YI6Y -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: clarification on Correct error in fix for 49683
Just to confirm - 7.0.25 seems to solve the problem for the most part. /Janne On 24 Jan 2012, at 10:53, Janne Jalkanen wrote: Been running 7.0.25 in production now for a day and the fd leak seems at least mitigated somewhat. lsof still lists a few open sockets left by Tomcat, but this is less than what 7.0.23/.22 was doing. I will continue to run this a bit further and report back in a day or two whether the situation is getting worse. java 4086 ubuntu 10u sock0,6 0t0 73725644 can't identify protocol java 4086 ubuntu 59u sock0,6 0t0 77721715 can't identify protocol java 4086 ubuntu 96u sock0,6 0t0 77721057 can't identify protocol java 4086 ubuntu 108u sock0,6 0t0 77723538 can't identify protocol java 4086 ubuntu 119u sock0,6 0t0 77722327 can't identify protocol java 4086 ubuntu 132u sock0,6 0t0 77724248 can't identify protocol java 4086 ubuntu 134u sock0,6 0t0 77723129 can't identify protocol /Janne On 21 Jan 2012, at 23:19, Mike Wertheim wrote: The change log for Tomcat 7.0.25 contains this entry: Correct error in fix for 49683. (markt) Is this bug fix expected to fix the file descriptor leak that was reported in Tomcat 7.0.23? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: starting connectors after the tomcat startup
Hi all, I could achieve the required behaviour by extending the standardService provided by tomcat. In my overrided startInternal() method i just dont start connectors. thanks, --Pradeep - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why am I Getting org.apache.catalina.realm.JDBCRealm getPassword SEVERE: Exception performing authentication?
After many sessions of logging, testing, etc. I have convinced that I have been looking at tow unrelated issues: 1) Tomcat's auth was failing due to closed DB connections. But this is actually not a problem was unrelated to the problem I was trying to track down. 2) My app's DB pool is not set up correctly. I need to figure out how/why now. It was coincidental timing in the the logs that was leading me to believe the two were related. Thanks to all of you who offered suggestions. I belong to many tech forums, but this is the easiest one on which to get good help. Actually, makes me wish I had more problems with Tomcat than my other systems :-) -- Jonathan Rosenberg Founder Executive Director Tabby's Place, a Cat Sanctuary http://www.tabbysplace.org/ On Thu, Feb 9, 2012 at 4:46 AM, Pid p...@pidster.com wrote: On 09/02/2012 00:19, Jonathan Rosenberg wrote: Thanks to all who are trying to help. See info below. Here it is: What about the appname/WEB-INF/web.xml? p -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
Den 09-02-2012 22:02, Christopher Schultz skrev: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Casper, On 2/9/12 1:43 PM, Casper Wandahl Schmidt wrote: Den 09-02-2012 19:36, Caldarale, Charles R skrev: From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. Ha my bad. I use separate subdomains. Right now the localhost-host uses the default ROOT (the one shipped with Tomcat) but I plan to use another webapp later. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. Nice, that will be the thing to do then :) Thanks for the tip! IIRC, the host-manager won't save the server.xml back to disk, so you'll have to remember to update your server.xml whenever you want to hot-deploy a new domain name, anyway. Well at least I don't have to restart tomcat for the changes to take effect :) Maybe I would take some time to look at how tomcat reads from server.xml and how the host-manager works and perhaps find a way to persist the changes :) Any clues as to where to look for that part of the code? Casper - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80NH0ACgkQ9CaO5/Lv0PAOYACeOE6TRto+xkg05iMtKiOUcyvP FSUAnROQ2VOQT+GxkHMV1nYwaIdjOD+d =3Kim -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org