Re: Apache Tomcat 8.0.0-RC1 release vote started

[Michael-O]

Am 2013-08-01 22:59, schrieb Mark Thomas:

If you'd like early sight of Tomcat 8 and an opportunity to contribute
to Tomcat development, the release vote has now opened for the first
Tomcat 8 release candidate.

Features include:
-[...]
- Update to DBCP2 (now includes JMX monitoring)

  ^
Why if we do have the wonderful Tomcat JDBC Pool? Can't we get rid of 
that relic?


Michael


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: javaagent is messing with webapp classpath

[Alberto SOUZA]

I see... even if i leave my agent empty? Because i did this test and, just
with the presence of agent, tomcat got lost. And the same agent works fine
in GlassFish(3 and 4) and Jboss(7 and 8). Right now, for some reason, my
impression is that the agent is requesting that every class used for my
application should  be in agent jar. For example, if i have a
ServletContextListener, tomcat is forcing the agent to have the jar bundled
in the agent's jar.

regards


On Thu, Aug 1, 2013 at 7:05 PM, Leon Rosenberg wrote:

> Hello,
>
> yes, your java agent is probably not well coded :-)
>
> regards
> Leon
>
>
> On Thu, Aug 1, 2013 at 8:33 PM, Alberto SOUZA  wrote:
>
> > Hi,
> >
> > I have a javaagent that changes some specific classes of my project. But,
> > when i start the server using the agent I get a lot of
> > ClassNotFoundException for a  lot of classes... Like
> > ServletContextListener. When I don't use the javaagent argument
> everything
> > goes fine. Does anyone have an idea?
> >
> > Thanks!!
> >
>

Clean up after building and installing ARP on RHEL 6

[Tomcat Random]

Spent a while getting APR installed and my logs are now showing no warning
and indicate the native libraries are working. As per the docs: "The
libraries will be found in $CATALINA_HOME/lib" - Yup, that's fine.

But it seems like I have APR/native directories in several places now.

Are the APR libraries in lib self-contained? Anyone know if other
directories or files related to their build are safe to delete?

Examples:
/usr/bin/apr-1-config
/usr/local/www/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-src/jni/native

Would not be heartbroken if I had to wget the same files to rebuild. I'm
sort of a neat freak with stray files and would rather rm them.

Best,
Alec

Re: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces.

[Tomcat Random]

"Spaces in paths (and filenames) are evil, and should never have been
allowed in the first place.  A special place in hell is reserved for the
genius who first allowed this stupid thing in an OS.

Luled at this.

The underscore is your friend. I find it odd that the OP can't just rename
said directories, but who knows: there's always inheriting a lot of WTF's
from an existing project that just leads to non-stop facepalming.


On Wed, Jul 31, 2013 at 1:27 PM, André Warnier  wrote:

> TRAN Trung Thanh wrote:
>
>> Hi all,
>> I am newbie here.
>> Today, I tried to start apache tomcat 7.0.42 in Linux environment. Server
>> path contains two consecutive spaces. When I run ./catalina.sh run, server
>> cannot start and there is the following exception in console
>>
>> ./catalina.sh run
>> Using CATALINA_BASE:   /home/example/twoconsecutive  spaces
>> Using CATALINA_HOME:   /home/example/twoconsecutive  spaces
>> Using CATALINA_TMPDIR: /home/example/twoconsecutive  spaces/temp
>> Using JRE_HOME:/home/example/java/jdk1.6
>> Using CLASSPATH:   /home/example/twoconsecutive
>> spaces/bin/bootstrap.jar:/**home/example/twoconsecutive
>> spaces/bin/tomcat-juli.jar
>> Exception in thread "main" java.lang.**NoClassDefFoundError:
>> org/apache/catalina/startup/**Bootstrap
>> Caused by: java.lang.**ClassNotFoundException:
>> org.apache.catalina.startup.**Bootstrap
>> at java.net.URLClassLoader$1.run(**URLClassLoader.java:202)
>> at java.security.**AccessController.doPrivileged(**Native Method)
>> at java.net.URLClassLoader.**findClass(URLClassLoader.java:**190)
>> at java.lang.ClassLoader.**loadClass(ClassLoader.java:**306)
>> at sun.misc.Launcher$**AppClassLoader.loadClass(**Launcher.java:301)
>> at java.lang.ClassLoader.**loadClass(ClassLoader.java:**247)
>> Could not find the main class: org.apache.catalina.startup.**Bootstrap.
>>  Program will exit.
>>
>> Tomcat server can start if  server path does not contain consecutive
>> space.
>>
>> Do anyone face to the same issue with me in this case? Have you any
>> suggestion to fix this issue?
>>
>
> Yes : don't do that (using spaces in paths).
>
>
>   It is quite important for my deployment.
>
>>
>>
> That's a pity.
> Spaces in paths (and filenames) are evil, and should never have been
> allowed in the first place.  A special place in hell is reserved for the
> genius who first allowed this stupid thing in an OS.  I wish I had 0.1 cent
> for every programming hour lost because of this.
>
> Technically, you can certainly find the correct way to quote them in any
> particular place and environment.  But usually, this is merely moving the
> problem to some other place further down the line, where it is even less
> visible and harder to find the bugs.
> I suppose the same could be said about any non-visible character, but
> spaces (along with TAB) are specially evil because in most environments,
> they are considered either as valid separators between words/tokens or as
> "non-significant".
>
> My serious recommendation would be to think really hard about a way to nip
> this in the bud, and avoid allowing them and using them in the first place.
> Think that if you allow them somewhere, and even if you quote them
> correctly there, you will have to continue quoting them (appropriately)
> everywhere else that you are using the corresponding strings.  It is almost
> guaranteed that this will bite you somewhere.
>
>
>
> --**--**-
> To unsubscribe, e-mail: 
> users-unsubscribe@tomcat.**apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Configuration question for 2500 simultaneous users.

[Tomcat Random]

Hey Chris,

I'm expecting 5000 simultaneous users, with a physical load balancer to two
physical app servers. So ~2500 per machine, each running an instance of
tomcat not fronted by httpd or any proxy server. (i.e., using Tomcat to
serve a few static assets along with the webapp).

"are you just interested in speculative performance tuning?" That's correct
- with just one user (myself) testing it everything is wonderful. I've just
got that uneasy feeling the servers will explode when we flip over from our
old host/codebase and get all the traffic.

Best,
Alec



On Wed, Jul 31, 2013 at 11:09 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Alec,
>
> On 7/30/13 3:42 PM, Tomcat Random wrote:
> > The project I'm working on has 5000 simultaneous users average. I
> > have two physical servers both running an instance of Tomcat 7.0.
> > They're behind a physical load balancer with sticky, least
> > connections balancing. Nothing in front of the Tomcats. Port 80 to
> > is routed to them by iptables.
> >
> > Anyone out there willing to offer some tips (or point me to them)
> > on configuration for this amount of traffic?
> >
> > Environment is: DELL PowerEdge R720 - 32 GB DELL RAM, GB Memory:
> > 32 Single Socket Six Core Intel Xeon E5-2640 2.5GHz, #Processors:
> > 1, #Cores per Proc: 6 RHEL 6
>
> Are you experiencing any problems, or are you just interested in
> speculative performance tuning?
>
> Tomcat's default configuration is quite reasonable. How many
> simultaneous /connections/ do you expect?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.14 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJR+SisAAoJEBzwKT+lPKRYXfQP/AvnWo09Ucm7xSr4zIaQgVtX
> PP0Uw7EV0valZEXlVsdRBJY6fFn2m3e43zpC6dsZidflUzS5ITZ0R7S5JShNZnLJ
> LpBDf8KQG6OrHuNsZ7iLvuSXWHBOvLqdHvXvrRH4vcj5xleMtZzm4FA5GyG/bS4P
> wvSltjkUkOtcaXg4kf50iXKNXtMrZPPuTBgdZxT6uHuM3x8Ux2sLPAufJ06Rf+Wx
> N/uAyylthDlI367G3ZrBRuzP5nbrdKjZNKHpd3uHVq0TkO9QtGn3/baa7+6SeFfP
> M3KycT9yjbOiiKFcpFCZ9OdJDQpSOXZhjGQZckqsyqN5lD1FL2fppDj9uWUdOgPT
> A73Hsy2Bu+rzfw6QIf5okVLy1PzF7dRv8/moGwN5fsNDY5nX7ccWua245X1irCwv
> z0Hw3jQWtVUTnbFu8oR9cEYuly+Hv5oFoc94vQ78/an44pAJgP3FNWU9lv5oE4YR
> RCPrPElyb50KNNeCfu4SEBO/DVo1XJSMb6Xi6k70oehac3mmeNlqRQBOJ9/BfrA+
> pwU1JY3Q5V+yXTaGyzv1gLDViFoj0kIPtlch/WH4sfsQeZvS0oI/ol6U3rtb8PdO
> eKIsnOzynud7KDkWf+LO+C+GCcrcqeBl2XFirt4pd227VV36jHZgx5Zf5Epf9v04
> o4etXLrcpbB6wgGkWR5K
> =FKB4
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Configuration question for 2500 simultaneous users.

[Tomcat Random]

Thanks Mark, I've been getting up to speed on JMeter. I've used selenium
before. "The particulars depend on your particular application" - agreed.
That part I can work out myself by looking at bottlenecks, generally timing
areas of the application with more and more granularity, in places where
the app behaves slowly.

Best,
Alec


On Tue, Jul 30, 2013 at 6:17 PM, Mark Eggers  wrote:

> On 7/30/2013 1:17 PM, Tomcat Random wrote:
>
>> Thanks Mark, I will give it a close read.
>>
>> As far as profiling, are you using any tools that are worth mentioning?
>>
>>
> Nothing outstanding, since currently all of our applications are pretty
> lightweight. That may change if we redo the architecture.
>
> JMeter / Selenium in combination can generate a lot of traffic. Generate a
> selenium test script, export to JUnit, couple with HTMLUnit, and hammer
> away.
>
> There are several ways to watch what goes on with your application:
>
> JConsole
> VisualVM
>
> The Tomcat Wiki page has more:
>
> http://wiki.apache.org/tomcat/**FAQ/Monitoring
>
> For lighter weight profiling (usually to figure out where the application
> bottlenecks are), I run the project under NetBeans and instrument the
> project.
>
> Access logs are usually a good first source for generating JMeter tests.
>
> In general, people can only give you guidelines concerning sizing,
> profiling, and benchmarking. The particulars depend on your particular
> application.
>
>
> . . . . just my two cents.
> /mde/
>
> PS - Please don't top post.
>
>  Best,
>> A
>>
>>
>>
>> On Tue, Jul 30, 2013 at 4:02 PM, Mark Eggers 
>> wrote:
>>
>>  On 7/30/2013 12:42 PM, Tomcat Random wrote:
>>>
>>>  The project I'm working on has 5000 simultaneous users average. I have
 two
 physical servers both running an instance of Tomcat 7.0. They're behind
 a
 physical load balancer with sticky, least connections balancing. Nothing
 in
 front of the Tomcats. Port 80 to is routed to them by iptables.

 Anyone out there willing to offer some tips (or point me to them) on
 configuration for this amount of traffic?

 Environment is:
 DELL PowerEdge R720 - 32 GB DELL RAM, GB Memory: 32
 Single Socket Six Core Intel Xeon E5-2640 2.5GHz, #Processors: 1, #Cores
 per Proc: 6
 RHEL 6

 TIA,
 Alec


  A great overview, and a solid outline of the process you should follow:
>>>
>>> http://people.apache.org/~markt/presentations/2009-04-**
>>> 01-TomcatTuning.pdf>> presentations/2009-04-01-**TomcatTuning.pdf
>>> >
>>>
>>>
>>> That, plus profiling your application with real-world traffic to
>>> understand bottlenecks and use cases . . .
>>>
>>> . . . just my two cents.
>>> /mde/
>>>
>>
>
> --**--**-
> To unsubscribe, e-mail: 
> users-unsubscribe@tomcat.**apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: javaagent is messing with webapp classpath

[Leon Rosenberg]

Hello,

yes, your java agent is probably not well coded :-)

regards
Leon


On Thu, Aug 1, 2013 at 8:33 PM, Alberto SOUZA  wrote:

> Hi,
>
> I have a javaagent that changes some specific classes of my project. But,
> when i start the server using the agent I get a lot of
> ClassNotFoundException for a  lot of classes... Like
> ServletContextListener. When I don't use the javaagent argument everything
> goes fine. Does anyone have an idea?
>
> Thanks!!
>

OT: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces.

[Jeffrey Janner]

> -Original Message-
> From: Michael-O [mailto:1983-01...@gmx.net]
> Sent: Thursday, August 01, 2013 1:10 PM
> To: Tomcat Users List
> Subject: Re: Cannot start apache tomcat 7.0 if server path contains two
> consecutive spaces.
> 
> Am 2013-08-01 15:41, schrieb Jeffrey Janner:
> >> -Original Message-
> >> From: André Warnier [mailto:a...@ice-sa.com]
> >> Sent: Wednesday, July 31, 2013 12:27 PM
> >> To: Tomcat Users List
> >> Subject: Re: Cannot start apache tomcat 7.0 if server path contains
> >> two consecutive spaces.
> >>
> >> TRAN Trung Thanh wrote:
> >>> Hi all,
> >>> I am newbie here.
> >>> Today, I tried to start apache tomcat 7.0.42 in Linux environment.
> >>> Server path contains two consecutive spaces. When I run
> >>> ./catalina.sh run, server cannot start and there is the following
> >>> exception in console
> >>>
> >>> ./catalina.sh run
> >>> Using CATALINA_BASE:   /home/example/twoconsecutive  spaces
> >>> Using CATALINA_HOME:   /home/example/twoconsecutive  spaces
> >>> Using CATALINA_TMPDIR: /home/example/twoconsecutive  spaces/temp
> >>> Using JRE_HOME:/home/example/java/jdk1.6
> >>> Using CLASSPATH:   /home/example/twoconsecutive
> >>> spaces/bin/bootstrap.jar:/home/example/twoconsecutive
> >>> spaces/bin/tomcat-juli.jar
> >>> Exception in thread "main" java.lang.NoClassDefFoundError:
> >>> org/apache/catalina/startup/Bootstrap
> >>> Caused by: java.lang.ClassNotFoundException:
> >>> org.apache.catalina.startup.Bootstrap
> >>>  at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
> >>>  at java.security.AccessController.doPrivileged(Native Method)
> >>>  at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
> >>>  at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
> >>>  at
> sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
> >>>  at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
> >>> Could not find the main class:
> org.apache.catalina.startup.Bootstrap.
> >>> Program will exit.
> >>>
> >>> Tomcat server can start if  server path does not contain
> consecutive
> >> space.
> >>>
> >>> Do anyone face to the same issue with me in this case? Have you any
> >>> suggestion to fix this issue?
> >>
> >> Yes : don't do that (using spaces in paths).
> >>
> >> It is quite important for my deployment.
> >>>
> >>
> >> That's a pity.
> >> Spaces in paths (and filenames) are evil, and should never have been
> >> allowed in the first place.  A special place in hell is reserved for
> >> the genius who first allowed this stupid thing in an OS.  I wish I
> >> had
> >> 0.1 cent for every programming hour lost because of this.
> >>
> >> Technically, you can certainly find the correct way to quote them in
> >> any particular place and environment.  But usually, this is merely
> >> moving the problem to some other place further down the line, where
> >> it is even less visible and harder to find the bugs.
> >> I suppose the same could be said about any non-visible character,
> but
> >> spaces (along with
> >> TAB) are specially evil because in most environments, they are
> >> considered either as valid separators between words/tokens or as
> >> "non- significant".
> >>
> >> My serious recommendation would be to think really hard about a way
> >> to nip this in the bud, and avoid allowing them and using them in
> the
> >> first place.
> >> Think that if you allow them somewhere, and even if you quote them
> >> correctly there, you will have to continue quoting them
> >> (appropriately) everywhere else that you are using the corresponding
> >> strings.  It is almost guaranteed that this will bite you somewhere.
> >>
> >>
> >
> > Agree with everything Andre says here. Even under Windows, where the
> OS seems to handle it fine, as long as you're in the GUI, it is a
> problem.  You have to remember to quote the path everytime you want to
> use it at the command line level, or in PowerShell, etc.
> > It is really easier to remember that if you want the look of a space,
> but need a non-printable character, to just use the underbar.  How much
> easier things could be if instead of "My Documents" you could write
> My_Documents.  Still looks like two words but it is only one.
> > As long as you have control over the naming, you should follow this
> advise.
> > Jeff
> 
> I guess for that reason Microsoft has replaced the C:\Documents and
> Settings folder.
> 
Possibly, because it's now called "C:\Users". Now if they'd only abandon that 
silly backslash file separator character...


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Apache Tomcat 8.0.0-RC1 release vote started

[Mark Thomas]

If you'd like early sight of Tomcat 8 and an opportunity to contribute
to Tomcat development, the release vote has now opened for the first
Tomcat 8 release candidate.

Features include:
- Servlet 3.1 implementation
- JSP 2.3 impelementation
- EL 3.0 implementation
- WebSocket 1.0 implementation
- Update to DBCP2 (now includes JMX monitoring)

The more folks that can test this release candidate, the better the next
one will be and the better the 8.0.0 release will be. This is your
chance to ensure that your app works on Tomcat 8 and if it doesn't get
any associated Tomcat bugs fixed early.

Details are available on the vote thread on the dev list [1].

To be clear, this is not an official release. This is the vote that
precedes the official release. If this vote passes then 8.0.0-RC1 will
be released officially, added to the mirrors, linked from the download
pages etc.

Mark

[1] http://markmail.org/message/feu2f3uqgjxauvkr

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[David kerber]

On 8/1/2013 2:24 PM, Caldarale, Charles R wrote:

From: Seema Patel [mailto:seema...@hotmail.com]
Subject: RE: java.net.UnknownHostException: Failed to negotiate with a suitable 
domain controller for xxx



When upgrading Tomcat from version 5.5 to 7, would I need to upgrade to
version 6 first and then to 7 or can I go straight from 5.5 to 7?


Do it in one step - there's no point in doing it twice.  The migration guide is 
here:


Yep, it will just about twice as long to do it in two steps as it does 
to do it in one.  Ask me how I know this...






http://tomcat.apache.org/migration.html

It doesn't specifically cover going from 5.5 to 7.0, so read all the sections 
before proceeding.

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

javaagent is messing with webapp classpath

[Alberto SOUZA]

Hi,

I have a javaagent that changes some specific classes of my project. But,
when i start the server using the agent I get a lot of
ClassNotFoundException for a  lot of classes... Like
ServletContextListener. When I don't use the javaagent argument everything
goes fine. Does anyone have an idea?

Thanks!!

Re: GetRealPath Alternative for WAR Deployment

[Majors, Jeremy]

Thanks Mark.  I ended up doing something similar (added a context
parameter to the context files) which are being generated by the build
process.

Jeremy

On 8/1/13 1:19 PM, "Mark Thomas"  wrote:

>On 01/08/2013 17:45, Majors, Jeremy wrote:
>> I've seen multiple postings online that state that when you deploy a
>> WAR file rather than using an exploded WAR, then the
>> request.getServletContext().getRealPath() method returns null.  Due
>> to a requirement by my team lead, I cannot deploy the application in
>> any other fashion besides a precompiled WAR file (deploying a folder
>> fixes this issue) and I was using the
>> request.getServletContext().getRealPath()  method so that I could get
>> the version # of the WAR that I have deployed (ex:  myWAR##001.war).
>> Is there another way to get the version number?  I also looked online
>> to see if there was a way to get the docBase parameter from the
>> context file, but all the postings for that said to use
>> request.getServletContext().getRealPath(), which is returning null.
>> 
>> Any guidance would be greatly appreciated.
>
>There are ways via Tomcat internals but they tend to get blocked in
>production environments.
>
>The simplest way is to add a version.properties file to WEB-INF/classes
>(kept up to date by your build script) with the information you need and
>access it via the class loader.
>
>Mark
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[Caldarale, Charles R]

> From: Seema Patel [mailto:seema...@hotmail.com] 
> Subject: RE: java.net.UnknownHostException: Failed to negotiate with a 
> suitable domain controller for xxx

> When upgrading Tomcat from version 5.5 to 7, would I need to upgrade to 
> version 6 first and then to 7 or can I go straight from 5.5 to 7?

Do it in one step - there's no point in doing it twice.  The migration guide is 
here:

http://tomcat.apache.org/migration.html

It doesn't specifically cover going from 5.5 to 7.0, so read all the sections 
before proceeding.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: GetRealPath Alternative for WAR Deployment

[Mark Thomas]

On 01/08/2013 17:45, Majors, Jeremy wrote:
> I've seen multiple postings online that state that when you deploy a
> WAR file rather than using an exploded WAR, then the
> request.getServletContext().getRealPath() method returns null.  Due
> to a requirement by my team lead, I cannot deploy the application in
> any other fashion besides a precompiled WAR file (deploying a folder
> fixes this issue) and I was using the
> request.getServletContext().getRealPath()  method so that I could get
> the version # of the WAR that I have deployed (ex:  myWAR##001.war).
> Is there another way to get the version number?  I also looked online
> to see if there was a way to get the docBase parameter from the
> context file, but all the postings for that said to use
> request.getServletContext().getRealPath(), which is returning null.
> 
> Any guidance would be greatly appreciated.

There are ways via Tomcat internals but they tend to get blocked in
production environments.

The simplest way is to add a version.properties file to WEB-INF/classes
(kept up to date by your build script) with the information you need and
access it via the class loader.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces.

[Michael-O]

Am 2013-08-01 15:41, schrieb Jeffrey Janner:

-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Wednesday, July 31, 2013 12:27 PM
To: Tomcat Users List
Subject: Re: Cannot start apache tomcat 7.0 if server path contains two
consecutive spaces.

TRAN Trung Thanh wrote:

Hi all,
I am newbie here.
Today, I tried to start apache tomcat 7.0.42 in Linux environment.
Server path contains two consecutive spaces. When I run ./catalina.sh
run, server cannot start and there is the following exception in
console

./catalina.sh run
Using CATALINA_BASE:   /home/example/twoconsecutive  spaces
Using CATALINA_HOME:   /home/example/twoconsecutive  spaces
Using CATALINA_TMPDIR: /home/example/twoconsecutive  spaces/temp
Using JRE_HOME:/home/example/java/jdk1.6
Using CLASSPATH:   /home/example/twoconsecutive
spaces/bin/bootstrap.jar:/home/example/twoconsecutive
spaces/bin/tomcat-juli.jar
Exception in thread "main" java.lang.NoClassDefFoundError:
org/apache/catalina/startup/Bootstrap
Caused by: java.lang.ClassNotFoundException:
org.apache.catalina.startup.Bootstrap
 at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
 at java.security.AccessController.doPrivileged(Native Method)
 at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
 at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
 at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
Could not find the main class: org.apache.catalina.startup.Bootstrap.
Program will exit.

Tomcat server can start if  server path does not contain consecutive

space.


Do anyone face to the same issue with me in this case? Have you any
suggestion to fix this issue?


Yes : don't do that (using spaces in paths).

It is quite important for my deployment.




That's a pity.
Spaces in paths (and filenames) are evil, and should never have been
allowed in the first place.  A special place in hell is reserved for
the genius who first allowed this stupid thing in an OS.  I wish I had
0.1 cent for every programming hour lost because of this.

Technically, you can certainly find the correct way to quote them in
any particular place and environment.  But usually, this is merely
moving the problem to some other place further down the line, where it
is even less visible and harder to find the bugs.
I suppose the same could be said about any non-visible character, but
spaces (along with
TAB) are specially evil because in most environments, they are
considered either as valid separators between words/tokens or as "non-
significant".

My serious recommendation would be to think really hard about a way to
nip this in the bud, and avoid allowing them and using them in the
first place.
Think that if you allow them somewhere, and even if you quote them
correctly there, you will have to continue quoting them (appropriately)
everywhere else that you are using the corresponding strings.  It is
almost guaranteed that this will bite you somewhere.




Agree with everything Andre says here. Even under Windows, where the OS seems 
to handle it fine, as long as you're in the GUI, it is a problem.  You have to 
remember to quote the path everytime you want to use it at the command line 
level, or in PowerShell, etc.
It is really easier to remember that if you want the look of a space, but need a 
non-printable character, to just use the underbar.  How much easier things could be if 
instead of "My Documents" you could write My_Documents.  Still looks like two 
words but it is only one.
As long as you have control over the naming, you should follow this advise.
Jeff


I guess for that reason Microsoft has replaced the C:\Documents and 
Settings folder.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Do you know how to configure Tomcat in ipv6 ?

[Jeffrey Janner]

> -Original Message-
> From: olivier giorgi [mailto:olivier_gio...@yahoo.fr]
> Sent: Thursday, August 01, 2013 11:17 AM
> To: users@tomcat.apache.org
> Subject: Do you know how to configure Tomcat in ipv6 ?
> 
> Hello to all,
> 
> Please, could you help me about the following subject:
> 
> How to configure Tomcat in ipv6 ?
> 
> Thanks in advance.
> Best regards Olivier.

Start here: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Do you know how to configure Tomcat in ipv6 ?

[Gilles Badouet]

In order to do what?

Your question is too generic!!





Kind regards





Gilles Rubens Badouet

Student ID: 3940347

Faculty of Engineering and Computing

MSc Network Computing Course

Mobile: 07424486426


From: olivier giorgi 
Sent: 01 August 2013 17:17
To: users@tomcat.apache.org
Subject: Do you know how to configure Tomcat in ipv6 ?

Hello to all,

Please, could you help me about the following subject:

How to configure Tomcat in ipv6 ?

Thanks in advance.
Best regards Olivier.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Do you know how to configure Tomcat in ipv6 ?

[olivier giorgi]

Hello to all,
 
Please, could you help me about the following subject:
 
How to configure Tomcat in ipv6 ?
 
Thanks in advance.
Best regards Olivier.

Re: Using the bin/daemon.sh script on ubuntu.

[Christian Schneider]

Thanks for the great responses.

@Ognjen: Yes, currently we also use the setenv.sh (because it will not be
touched by an update).
The *ln -s* Tipp is not bad.
But the problem is, it stores the files in the folder (/opt/tomcat/logs).

On our (AWS) installation we have limited space on /opt, therefore we
attached an EBS volume  to /var/, - otherwise we would get problems with
the log files. Now it can grow above some GB.

But because the log dirs are defined in the logging.properties (what get
shipped and overridden by updates) we put this "hack" into our setenv.sh:

sed -i 's/${catalina.base}\/logs/\/var\/log\/tomcat\//g'
\/opt\/tomcat\/conf\/logging.properties

This will replace the sting *${catalina.base}\/logs* with */var\/log\/tomcat
* everytime setenv.sh is executed.

Now we will never forget to touch the logging.properties after an update.
But i still think it is not that elegant...

Best Regards,
Christian.


2013/7/30 Ognjen Blagojevic 

> Christian,
>
>
> On 30.7.2013 11:58, Christian Schneider wrote:
>
>> But what about:
>> * set env. variables (maybe: catalina.sh?, /etc/profiles?)
>>
>
> /etc/profiles is executed when you enter bash shell, so if Tomcat starts
> at boot time, it won't be able to access environment variables defined in
> /etc/profile.
>
> I set JAVA_HOME, CATALINA_BASE and CATALINA_HOME environment variables in
> /etc/init.d/tomcat (which is a copy of daemon.sh), but I guess there may be
> a better place to do that.
>
> This link [1] recommends to put environment variables in
> /etc/default/tomcat, and then to source them from /etc/init.d/tomcat.
>
>
>
>  * adjust the heap size
>>
>
> Create file $CATALINA_BASE/bin/setenv.sh:
>
> 
> export CATALINA_OPTS='-Xms...m -Xmx...m'
> 
>
>
>
>  * logging to the right directory (like: /var/log/tomcat/...)
>>
>
> Maybe something like:
>
> ln -s /var/log/tomcat $CATALINA_BASE/logs
>
>
>
>  * specifying the User: "tomcat"
>>
>
> User 'tomcat' is already specified in daemon.sh, though you may override
> that with $TOMCAT_USER environment variable.
>
> -Ognjen
>
> [1] http://unix.stackexchange.com/**questions/44370/how-to-make-**
> unix-service-see-environment-**variables
>
>
> --**--**-
> To unsubscribe, e-mail: 
> users-unsubscribe@tomcat.**apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

GetRealPath Alternative for WAR Deployment

[Majors, Jeremy]

I've seen multiple postings online that state that when you deploy a WAR file 
rather than using an exploded WAR, then the 
request.getServletContext().getRealPath() method returns null.  Due to a 
requirement by my team lead, I cannot deploy the application in any other 
fashion besides a precompiled WAR file (deploying a folder fixes this issue) 
and I was using the request.getServletContext().getRealPath()  method so that I 
could get the version # of the WAR that I have deployed (ex:  myWAR##001.war).  
Is there another way to get the version number?  I also looked online to see if 
there was a way to get the docBase parameter from the context file, but all the 
postings for that said to use request.getServletContext().getRealPath(), which 
is returning null.

Any guidance would be greatly appreciated.

Thanks,
Jeremy

RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[Seema Patel]

> Date: Thu, 1 Aug 2013 15:55:37 +0200
> From: a...@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: java.net.UnknownHostException: Failed to negotiate with a 
> suitable domain controller for xxx
> 
> Seema Patel wrote:
> > 
> >> Date: Thu, 1 Aug 2013 12:06:39 +0200
> >> From: a...@ice-sa.com
> >> To: users@tomcat.apache.org
> >> Subject: Re: java.net.UnknownHostException: Failed to negotiate with a 
> >> suitable domain controller for xxx
> >>
> >> Seema Patel wrote:
> >>> Hi,
> >>>  
> >>> I am not sure if this is the right List to post this on, please advise if 
> >>> it isn't and let me know where is best to post.
> >>>  
> >>> I am getting the following error on one of our applications running on 
> >>> our intranet:
> >>>  
> >>> 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR 
> >>> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action]
> >>>  - Servlet.service() for servlet action threw exception
> >>> java.net.UnknownHostException: Failed to negotiate with a suitable domain 
> >>> controller for xxx.LOCAL
> >>> at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187)
> >>> at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
> >>> at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
> >>> at 
> >>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> >>> at 
> >>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> >>> at 
> >>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> >>> at 
> >>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> >>> at 
> >>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
> >>> at 
> >>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> >>> at 
> >>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> >>> at 
> >>> org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
> >>> at 
> >>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> >>> at 
> >>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> >>> at 
> >>> org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837)
> >>> at 
> >>> org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640)
> >>> at 
> >>> org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287)
> >>> at java.lang.Thread.run(Unknown Source)
> >>>  
> >> I believe that you should read this page carefully, in particular the blue 
> >> text at the 
> >> beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html
> >>
> >> Can you have a look at the WEB-INF/web.xml file *of your application*, and 
> >> check if there 
> >> is a servlet filter configured there, which matches the name above ?
> >>
> >> If so, make a backup copy of that web.xml file, and then edit it to remove 
> >> that filter 
> >> from it, and try again.
> >> I am not quite sure, but it looks possible to me that you have a duplicate 
> >> authentication 
> >> mechanism in use : one at the container (Tomcat) level, and one at the 
> >> application level.
> >> And the one used at the application level is obsolete, unsupported, 
> >> unmaintained etc..
> >>
> > 
> > I have found out that JCIFS is no longer supported, but it will take a lot 
> > of time, development and resources to update it to the recommended Jespa.  
> > In my web.xml file I have the following:
> > 
> > 
> > NtlmHttpFilter
> > jcifs.http.NtlmHttpFilter
> >
> > 
> > 
> > jcifs.smb.client.domain
> > xxx
> > 
> > 
> > 
> > jcifs.smb.client.username
> > xxx
> > 
> > 
> > jcifs.smb.client.password
> > xxx
> > 
> > 
> > 
> > jcifs.util.loglevel
> > 3
> > 
> > 
> > 
> > jcifs.http.insecureBasic
> > true
> > 
> > 
> > 
> > HRADGroupFilter
> > xxx.ADGroupFilter
> > 
> > AllowedGroups
> > G-HR,G-MIS
> > 
> > 
> > 
> > SuggestionsGroupFilter
> > xxx.ADGroupFilter
> > 
> > AllowedGroups
> > xxx, xxx
> > 
> > 
> > 
> > 
> > NtlmHttpFilter
> > /suggestions/*
> > 
> > 
> > SuggestionsGroupFilter
> > /suggestions/*
> > 
> > 
> > NtlmHttpFilter
> > /xxx/*
> > 
> > 
> > HRADGroupFilter
> > /xxx/xxx.do
> > 
> > 
> > 
> > So, are you saying to just remove the following from the above?:
> >NtlmHttpFilter
> >jcifs.http.NtlmHttpFilter
> > 
> > Is there a

Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[André Warnier]

Seema Patel wrote:



Date: Thu, 1 Aug 2013 12:06:39 +0200
From: a...@ice-sa.com
To: users@tomcat.apache.org
Subject: Re: java.net.UnknownHostException: Failed to negotiate with a suitable 
domain controller for xxx

Seema Patel wrote:

Hi,
 
I am not sure if this is the right List to post this on, please advise if it isn't and let me know where is best to post.
 
I am getting the following error on one of our applications running on our intranet:
 
2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Servlet.service() for servlet action threw exception

java.net.UnknownHostException: Failed to negotiate with a suitable domain 
controller for xxx.LOCAL
at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187)
at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at 
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837)
at 
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287)
at java.lang.Thread.run(Unknown Source)
 
I believe that you should read this page carefully, in particular the blue text at the 
beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html


Can you have a look at the WEB-INF/web.xml file *of your application*, and check if there 
is a servlet filter configured there, which matches the name above ?


If so, make a backup copy of that web.xml file, and then edit it to remove that filter 
from it, and try again.
I am not quite sure, but it looks possible to me that you have a duplicate authentication 
mechanism in use : one at the container (Tomcat) level, and one at the application level.

And the one used at the application level is obsolete, unsupported, 
unmaintained etc..



I have found out that JCIFS is no longer supported, but it will take a lot of 
time, development and resources to update it to the recommended Jespa.  In my 
web.xml file I have the following:


NtlmHttpFilter
jcifs.http.NtlmHttpFilter
   


jcifs.smb.client.domain
xxx



jcifs.smb.client.username
xxx


jcifs.smb.client.password
xxx



jcifs.util.loglevel
3



jcifs.http.insecureBasic
true



HRADGroupFilter
xxx.ADGroupFilter

AllowedGroups
G-HR,G-MIS



SuggestionsGroupFilter
xxx.ADGroupFilter

AllowedGroups
xxx, xxx





NtlmHttpFilter
/suggestions/*


SuggestionsGroupFilter
/suggestions/*


NtlmHttpFilter
/xxx/*


HRADGroupFilter
/xxx/xxx.do



So, are you saying to just remove the following from the above?:
   NtlmHttpFilter
   jcifs.http.NtlmHttpFilter

Is there anything else in there that needs to be removed?  Sorry for my lack of 
understanding, but this was all developed by previous developers, who are no 
longer working here and have left no documentation.



Neither I nor the other contributors on this list knows what your application(s) really 
do, nor how your whole system really fits together.
In addition, this list is for the support of Tomcat, and your issue is not really with 
Tomcat, but seems to be really at the application level and how this application

a) performs user authentication
b) later uses the results of the user authentication
The fact that there is no documentation and that the relevant delevelopers have left is a 
pity, but not really something we can do anything about.


What I really suggest, if this application is important for you (and apart from what Chuck 
already mentioned) is this : get in touch with the Jespa a

RE: Cannot start apache tomcat 7.0 if server path contains two consecutive spaces.

[Jeffrey Janner]

> -Original Message-
> From: André Warnier [mailto:a...@ice-sa.com]
> Sent: Wednesday, July 31, 2013 12:27 PM
> To: Tomcat Users List
> Subject: Re: Cannot start apache tomcat 7.0 if server path contains two
> consecutive spaces.
> 
> TRAN Trung Thanh wrote:
> > Hi all,
> > I am newbie here.
> > Today, I tried to start apache tomcat 7.0.42 in Linux environment.
> > Server path contains two consecutive spaces. When I run ./catalina.sh
> > run, server cannot start and there is the following exception in
> > console
> >
> > ./catalina.sh run
> > Using CATALINA_BASE:   /home/example/twoconsecutive  spaces
> > Using CATALINA_HOME:   /home/example/twoconsecutive  spaces
> > Using CATALINA_TMPDIR: /home/example/twoconsecutive  spaces/temp
> > Using JRE_HOME:/home/example/java/jdk1.6
> > Using CLASSPATH:   /home/example/twoconsecutive
> > spaces/bin/bootstrap.jar:/home/example/twoconsecutive
> > spaces/bin/tomcat-juli.jar
> > Exception in thread "main" java.lang.NoClassDefFoundError:
> > org/apache/catalina/startup/Bootstrap
> > Caused by: java.lang.ClassNotFoundException:
> > org.apache.catalina.startup.Bootstrap
> > at java.net.URLClassLoader$1.run(URLClassLoader.java:202)
> > at java.security.AccessController.doPrivileged(Native Method)
> > at java.net.URLClassLoader.findClass(URLClassLoader.java:190)
> > at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
> > at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301)
> > at java.lang.ClassLoader.loadClass(ClassLoader.java:247)
> > Could not find the main class: org.apache.catalina.startup.Bootstrap.
> > Program will exit.
> >
> > Tomcat server can start if  server path does not contain consecutive
> space.
> >
> > Do anyone face to the same issue with me in this case? Have you any
> > suggestion to fix this issue?
> 
> Yes : don't do that (using spaces in paths).
> 
>It is quite important for my deployment.
> >
> 
> That's a pity.
> Spaces in paths (and filenames) are evil, and should never have been
> allowed in the first place.  A special place in hell is reserved for
> the genius who first allowed this stupid thing in an OS.  I wish I had
> 0.1 cent for every programming hour lost because of this.
> 
> Technically, you can certainly find the correct way to quote them in
> any particular place and environment.  But usually, this is merely
> moving the problem to some other place further down the line, where it
> is even less visible and harder to find the bugs.
> I suppose the same could be said about any non-visible character, but
> spaces (along with
> TAB) are specially evil because in most environments, they are
> considered either as valid separators between words/tokens or as "non-
> significant".
> 
> My serious recommendation would be to think really hard about a way to
> nip this in the bud, and avoid allowing them and using them in the
> first place.
> Think that if you allow them somewhere, and even if you quote them
> correctly there, you will have to continue quoting them (appropriately)
> everywhere else that you are using the corresponding strings.  It is
> almost guaranteed that this will bite you somewhere.
> 
> 

Agree with everything Andre says here. Even under Windows, where the OS seems 
to handle it fine, as long as you're in the GUI, it is a problem.  You have to 
remember to quote the path everytime you want to use it at the command line 
level, or in PowerShell, etc. 
It is really easier to remember that if you want the look of a space, but need 
a non-printable character, to just use the underbar.  How much easier things 
could be if instead of "My Documents" you could write My_Documents.  Still 
looks like two words but it is only one.
As long as you have control over the naming, you should follow this advise. 
Jeff


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[Martin Gainty]

nslookup DomainName

if you still call no joy there is nothing we can do (without contacting your 
Domain Admin and asking if DomainName is live)

Martin 
__ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.
Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.

 
> From: seema...@hotmail.com
> To: users@tomcat.apache.org
> Subject: RE: java.net.UnknownHostException: Failed to negotiate with a 
> suitable domain controller for xxx
> Date: Thu, 1 Aug 2013 12:02:34 +0100
> 
> 
> 
> > Date: Thu, 1 Aug 2013 12:06:39 +0200
> > From: a...@ice-sa.com
> > To: users@tomcat.apache.org
> > Subject: Re: java.net.UnknownHostException: Failed to negotiate with a 
> > suitable domain controller for xxx
> > 
> > Seema Patel wrote:
> > > Hi,
> > >  
> > > I am not sure if this is the right List to post this on, please advise if 
> > > it isn't and let me know where is best to post.
> > >  
> > > I am getting the following error on one of our applications running on 
> > > our intranet:
> > >  
> > > 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR 
> > > org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action]
> > >  - Servlet.service() for servlet action threw exception
> > > java.net.UnknownHostException: Failed to negotiate with a suitable domain 
> > > controller for xxx.LOCAL
> > > at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187)
> > > at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
> > > at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
> > > at 
> > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> > > at 
> > > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> > > at 
> > > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> > > at 
> > > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> > > at 
> > > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
> > > at 
> > > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> > > at 
> > > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> > > at 
> > > org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
> > > at 
> > > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> > > at 
> > > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> > > at 
> > > org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837)
> > > at 
> > > org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640)
> > > at 
> > > org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287)
> > > at java.lang.Thread.run(Unknown Source)
> > >  
> > 
> > I believe that you should read this page carefully, in particular the blue 
> > text at the 
> > beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html
> > 
> > Can you have a look at the WEB-INF/web.xml file *of your application*, and 
> > check if there 
> > is a servlet filter configured there, which matches the name above ?
> > 
> > If so, make a backup copy of that web.xml file, and then edit it to remove 
> > that filter 
> > from it, and try again.
> > I am not quite sure, but it looks possible to me that you have a duplicate 
> > authentication 
> > mechanism in use : one at the container (Tomcat) level, and one at the 
> > application level.
> > And the one used at the application level is obsolete, unsupported, 
> > unmaintained etc..
> > 
> 
> I have found out that JCIFS is no longer supported, but it will take a lot of 
> time, development and resources to update it to the recommended Jespa.  In my 
> web.xml file I have the following:
> 
> 
> NtlmHttpFilter
> jcifs.http.NtlmHttpFilter
>
> 
> 
> jcifs.smb.client.domain
> xxx
> 
> 
> 
>

Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Chuck,

On 8/1/13 7:50 AM, Caldarale, Charles R wrote:
>> From: Seema Patel [mailto:seema...@hotmail.com] Subject:
>> java.net.UnknownHostException: Failed to negotiate with a
>> suitable domain controller for xxx
> 
>> I am not sure if this is the right List to post this on
> 
> This is the correct list, but...
> 
>> jcifs.http.NtlmHttpFilter
> 
> Not supported: http://jcifs.samba.org/src/docs/ntlmhttpauth.html
> 
>> We are running Tomcat 5.5.29.
> 
> Not supported.
> 
>> java version "1.5.0_22"
> 
> Not supported.
> 
> You really, really need to upgrade your environment.  Using
> unsupported versions of the JVM and Tomcat leaves you open to
> numerous attacks and other bugs that will never be addressed in
> those versions.

+1

For what it's worth, upgrading the JVM is usually painless (with a few
exceptions, but it's easy to try!).

Since you were already on Tomcat 5.5, the transition from 5.5 -> 7.0
(latest) is pretty much a drop-in replacement (you'll need to re-write
your server.xml from scratch, but it shouldn't be a big deal to
re-configure your s).

http://tomcat.apache.org/migration-6.html
http://tomcat.apache.org/migration-7.html

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR+mFbAAoJEBzwKT+lPKRYyZ4QAMpa71PhxVktGiTwX0W49H2D
Irbt9EQ88BYjwawl0vgpcrt48ofMBOwErhsyFyYhk/zaaKRQOkP9Yf+lhq2sHkOQ
FNMzF52ZyYPcaPhlN7DsGMbEZtYqq07SkTPXYQ9bY7+CAbWUF/4CZ4vG3q0q7MiY
h48SIUs4EKF0UBmDFBcLdJj0xo+Lbnd6mx4WmasjJTDuniZsK6qZtxnn66UQBw2P
7n8hLCOBXvsjol9m5z/bJt1SifjQVNSfyoxlL7A7Pf1QP9zh1bAYen9efPKoa2Za
TM0KGYa9Vb8hNRGPGZH7/Rs0ZfIdpFrPqJtWTVeZBbt7EtABZbvDW3bsh5WYgzv1
G0pyJQl8tnVpem9QvniX4POHEuboSfco53k3SBe8dp6M+798zLAr4DcamRsvxR0d
2nJxLkl3XZiF3IaxyfeIjIz00gqU3AXj4T+yOtMb2g6ok3eRJlaTqraHyeMSPFQ0
IEzcHEUwuYlRfm4+IBqwlQUjRpKTkkM7rjqGQIQz1BqCrZ4amcjM7QlW9/3wj+p+
I803eFy+XfNJ5EwE2t/s1H+zzMM7uzsvR4dMkak4IMcV8r1TRYF+8ddR6AKYNuzX
pKwuFEXRaDycPkxaWoh9OO2UZ5OXk6VPU9QCuEcaLgDLjH3UHpAAFvM27dkmi/5P
tlQKaspmVeRFL8u+i8a3
=udXh
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL and 408 error code (incomplete request)

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sol,

On 7/31/13 5:32 PM, sol myr wrote:
> Has anyone happened to stumble onto this issue, please: Our Ajax
> works perfectly as long as its non-secure. However, when switching
> to SSL we sometimes see 408 errors (incomplete request). This only
> happens on ajax, and inconsistently (similar requests might succeed
> on one moment, but fail on the other).
> 
> Please note: 1. Our client is Chrome browser, using JQuery for
> ajax 2. Server is Tomcat 7 3. Network is fast and stable, and the
> ajax requests are small 4. Problem occurs for both our connectors:
> APR and Http (both with SSL enabled) 5. Our x509 certificate is
> valid (otherwise it would have failed on *all* ajax ssl requests,
> not to mention the non-ajax ssl)

How often is "sometimes"? Can you give a rough idea of the volume you
are serving, and what percentage seem to be failing? Is there any
pattern -- like certain IP addresses fail more often than others, etc.?

Do you have mobile clients? Or is all your testing local?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR+mAeAAoJEBzwKT+lPKRYWNMP/iPaCTc07jMkpJ079rYB/R1H
aDb8rIrXMdEXb4iMqNiMRg3PlFpu5CfM2Z5XYClhpbdkFs6EW9lyD7KRPyPseFyg
G4TleXSCaKYCMlhOmW4biM3HE9Dj1+H2UEI+q4qcQWE3K0+PvQCB6IADg6Q1mT2y
bV7Yv5nOIyZY9Wq7LGTPe9TAfInfdPohb/fT5deu9vEhb/3bj+nbIbwrAfKXEfic
lpockmZxiq/tkQA1Ijjfi6nXkItmR+0VjQa+wHKg6lW43XHq3UCA4AVsH3cZde5C
K74WOv8OosTmacyeKeze/kNFtpf6HrkoSPfJ7OVP966iQ9RmYHMBf/t2X0Qe45Lt
vcjOMZCVAWzjqsJKe71Mi3WgDmqbGOyGYq0jTpI39CdqU/71juyQMxJe0mpJpUPk
MGjBWQYXg1cSCKSQjDPsdUSN7uRZfo9dmMQrcVyOcI5UAmap95KciyGeW1z8PKs8
x0E8bP2/c38INdGHAbbjgGwVacnav37VKNn0Yky4eCWjiMFwoym3L/eL/DvrtGVu
Be4V3ei7Dzju7R9x90KaumpG4OzC+SUI9oCFgDiVgbN5yQwsuP8Gaz0A/RCqdJFZ
EhvCbNKog9JU8hTmeCUiH/ACGzW7RjWFl8KZgZzmxbLHRGOjc3BGRIXKtB1G7OjU
o6LNmVxkLXLHERIleY4d
=zy5F
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat and IP transparency

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ilya,

On 7/31/13 3:11 PM, Ilya Kazakevich wrote:
> They may use RemoteIpValve to fetch "real" ip from
> "x-forwarded-for" and set it to "remote_addr" where getRemoteAddr
> will get it.

+1

Assuming you can "modify" the webapp by inserting a Valve, you can use
it to do exactly what you want to do:

http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_IP_Valve

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR+l8/AAoJEBzwKT+lPKRY1oEQAIBga6U1jQdOXA217pVaZ9K5
6e6LRVuZfebUwztrHdN64MiHglGdtIOLOB+yZC4pCd3yvH+PfaHOZdyKrEY7osoI
aXBBy40S1u+1YQGvovfVhMRO4UUUs7S5jxkQNlvHtib7VVoILUBfHDf0cW2tilRf
SPAwvn3p1DeAuNq/m+VruRNDwHD270j9+OO0TSh+rWR6TK2XaSNIJ6eb4hWdmvPV
CoISQpadS8l4XawW09wrKKq7EN0WOrhKgj9o2U4fIQfayX8T3rvaLu1LQpHunEWV
Z9Cs3eliP09Uxhi2VWov5cx2mf9pxtLu3p+0400s/9MqHjutT6rkEOyuvs7BPtRD
JJ3wlrWY3Ah9SrFxHKv7FdJ5ycS5BX9+x+KzvIuuBUTDg/nB7Uz2aF1AwSzws2lI
5YSkw+5dRpnZqz2GY3W8gYwLjSLImYuPgJhWCiel/6I13HcwFllseR9GqxWXx0Zj
g0ChufG/WtVusH/uBcAt5FTUNfepiMBaYjjsZfG2VR7PQT64U3GqcHmeIf+OzOUH
oEIknGvozRWMytqGs8ZZ934vtX2mMkwqkpvlMS1sfor7KLDLWtIDEIR56DrXpecp
02y85wHZkf3FiPHR2QhDYKwWnhGg+3vknogPBgtWsgv6gLd130+jv/gBnlGzJC6T
H2gbsz1RLKEWvVEITxSb
=BAxw
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[Caldarale, Charles R]

> From: Seema Patel [mailto:seema...@hotmail.com] 
> Subject: java.net.UnknownHostException: Failed to negotiate with a suitable 
> domain controller for xxx

> I am not sure if this is the right List to post this on

This is the correct list, but...

> jcifs.http.NtlmHttpFilter

Not supported: http://jcifs.samba.org/src/docs/ntlmhttpauth.html

> We are running Tomcat 5.5.29.

Not supported.

> java version "1.5.0_22"

Not supported.

You really, really need to upgrade your environment.  Using unsupported 
versions of the JVM and Tomcat leaves you open to numerous attacks and other 
bugs that will never be addressed in those versions.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[Seema Patel]

> Date: Thu, 1 Aug 2013 12:06:39 +0200
> From: a...@ice-sa.com
> To: users@tomcat.apache.org
> Subject: Re: java.net.UnknownHostException: Failed to negotiate with a 
> suitable domain controller for xxx
> 
> Seema Patel wrote:
> > Hi,
> >  
> > I am not sure if this is the right List to post this on, please advise if 
> > it isn't and let me know where is best to post.
> >  
> > I am getting the following error on one of our applications running on our 
> > intranet:
> >  
> > 2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR 
> > org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action]
> >  - Servlet.service() for servlet action threw exception
> > java.net.UnknownHostException: Failed to negotiate with a suitable domain 
> > controller for xxx.LOCAL
> > at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187)
> > at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
> > at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
> > at 
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
> > at 
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
> > at 
> > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> > at 
> > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
> > at 
> > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
> > at 
> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> > at 
> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
> > at 
> > org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
> > at 
> > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
> > at 
> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
> > at 
> > org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837)
> > at 
> > org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640)
> > at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287)
> > at java.lang.Thread.run(Unknown Source)
> >  
> 
> I believe that you should read this page carefully, in particular the blue 
> text at the 
> beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html
> 
> Can you have a look at the WEB-INF/web.xml file *of your application*, and 
> check if there 
> is a servlet filter configured there, which matches the name above ?
> 
> If so, make a backup copy of that web.xml file, and then edit it to remove 
> that filter 
> from it, and try again.
> I am not quite sure, but it looks possible to me that you have a duplicate 
> authentication 
> mechanism in use : one at the container (Tomcat) level, and one at the 
> application level.
> And the one used at the application level is obsolete, unsupported, 
> unmaintained etc..
> 

I have found out that JCIFS is no longer supported, but it will take a lot of 
time, development and resources to update it to the recommended Jespa.  In my 
web.xml file I have the following:


NtlmHttpFilter
jcifs.http.NtlmHttpFilter
   


jcifs.smb.client.domain
xxx



jcifs.smb.client.username
xxx


jcifs.smb.client.password
xxx



jcifs.util.loglevel
3



jcifs.http.insecureBasic
true



HRADGroupFilter
xxx.ADGroupFilter

AllowedGroups
G-HR,G-MIS



SuggestionsGroupFilter
xxx.ADGroupFilter

AllowedGroups
xxx, xxx




NtlmHttpFilter
/suggestions/*


SuggestionsGroupFilter
/suggestions/*


NtlmHttpFilter
/xxx/*


HRADGroupFilter
/xxx/xxx.do



So, are you saying to just remove the following from the above?:
   NtlmHttpFilter
   jcifs.http.NtlmHttpFilter

Is there anything else in there that needs to be removed?  Sorry for my lack of 
understanding, but this was all developed by previous developers, who are no 
longer working here and have left no documentation.

Thanks

> 
> > In my tomcat/conf/server.xml file I have:
> >  
> >  > debug="01" resourceName="ActiveDirectory"
> > connectionURL="ldap://xxx:xxx";
> > alternativeURL="ldap://xxx:xxx";
> > connectionName="LDAP@xxx.local" connectionPassword="xxx"
> > referrals="follow" userBase="dc=vtlwavenet,dc=local"
> > userSearch="(sAMAccountName={0})" userSubtree="true"
> > roleBase="dc=xxx,dc=local" roleSearch="(member={0})"
> > roleName="cn" roleSubtree="true" />
> >  
> > I have 2 .war files r

Re: java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[André Warnier]

Seema Patel wrote:

Hi,
 
I am not sure if this is the right List to post this on, please advise if it isn't and let me know where is best to post.
 
I am getting the following error on one of our applications running on our intranet:
 
2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] - Servlet.service() for servlet action threw exception

java.net.UnknownHostException: Failed to negotiate with a suitable domain 
controller for xxx.LOCAL
at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187)
at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at 
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837)
at 
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287)
at java.lang.Thread.run(Unknown Source)
 


I believe that you should read this page carefully, in particular the blue text at the 
beginning : http://jcifs.samba.org/src/docs/ntlmhttpauth.html


Can you have a look at the WEB-INF/web.xml file *of your application*, and check if there 
is a servlet filter configured there, which matches the name above ?


If so, make a backup copy of that web.xml file, and then edit it to remove that filter 
from it, and try again.
I am not quite sure, but it looks possible to me that you have a duplicate authentication 
mechanism in use : one at the container (Tomcat) level, and one at the application level.

And the one used at the application level is obsolete, unsupported, 
unmaintained etc..



In my tomcat/conf/server.xml file I have:
 

debug="01" resourceName="ActiveDirectory"
connectionURL="ldap://xxx:xxx";
alternativeURL="ldap://xxx:xxx";
connectionName="LDAP@xxx.local" connectionPassword="xxx"
referrals="follow" userBase="dc=vtlwavenet,dc=local"
userSearch="(sAMAccountName={0})" userSubtree="true"
roleBase="dc=xxx,dc=local" roleSearch="(member={0})"
roleName="cn" roleSubtree="true" />
 
I have 2 .war files running from this tomcat - 1) intranet portal A, 2) intranet helpdesk page and also another intranet portal B (both run from slightly different URLs).

When tomcat was restarted the intranet portal A runs, intranet portal B runs 
but the intranet helpdesk portal doesn't run.  For this we get the error 
message shown above.
 
I don't know if it is the java code, some setting in the tomcat catalina base or if it is a tomcat network issue.
 
We are running Tomcat 5.5.29.

java version "1.5.0_22"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03)
Java HotSpot(TM) Client VM (build 1.5.0_22-b03, mixed mode, sharing) 
It is on a Windows Server 2003 R2 SP2 VM box.
 
Any help on this is appreciated.

Thanks in advance
 
Seema
 
 
 
 		 	   		  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE:Tomcat and IP transparency

[Eugène Adell]

Hi Joan

I think your problem is not easy to solve. If it is possible to know which 
requests could be for this blackbox (from client IP or destination IP) then you 
should serve all these requests without using your cache at all.

How to achieve this ? Maybe by using an IP-based Virtual Host on your server 
and forwarding all requests coming to this IP to the blackbox, at the OS level 
(iptables). The other listening IP (that you've been using till now) will still 
accept the other requests. Maybe, you have to add a round-trip in your servlet 
for redirecting all requests for the blackbox with a "302 Redirect" to the 
other IP, if your clients handle such redirects.

Probably to do all this, but not in 5 minutes

Eugene




De : Joan Balagueró Ventus Proxy [joan.balagu...@ventusproxy.com]
Envoyé : mercredi 31 juillet 2013 21:04
À : users@tomcat.apache.org
Objet : Tomcat and IP transparency

Hello,



I already asked this question to the Apache HttpClient Forum. They don't
know if this is possible with java/Tomcat.



I have developed a proxy servlet with an xml cache, running in a Tomcat
6.0.37 on Linux Centos6.4.



When the incoming xml request (sent from an external client) is not found in
the proxy cache, I use HttpClient 4.2.5 to create a new http request and
redirect it to the provider application servers to get the xml response.



So far, everything worked ok with all our clients. But now we've a provider
that needs ip transparency. Then, the request created by httpclient needs to
carry the origin ip address (that from the external client), not the proxy
ip. My proxy gets correctly the external IP (using request.getRemoteAddr()),
but when the provider application reads the IP provided by the http client
using request.getRemoteAddr(), they obviously get the proxy IP.



The provider software is a blackbox, then reading ips with
'request.getRemoteAddr()' is something that they cannot change now.
Therefore, things like adding a 'X-Forwarded-for' header cannot be
implemented in this scenario.



Is it possible tot achieve this at  Tomcat level? Has anyone found an
scenario like this?



Thanks in advance,

Joan.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

java.net.UnknownHostException: Failed to negotiate with a suitable domain controller for xxx

[Seema Patel]

Hi,
 
I am not sure if this is the right List to post this on, please advise if it 
isn't and let me know where is best to post.
 
I am getting the following error on one of our applications running on our 
intranet:
 
2013-07-31 17:15:11,180 [http-xxx.xxx.x.xxx-xx-x] ERROR 
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/forms].[action] 
- Servlet.service() for servlet action threw exception
java.net.UnknownHostException: Failed to negotiate with a suitable domain 
controller for xxx.LOCAL
at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:187)
at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at 
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:465)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:393)
at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at 
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:837)
at 
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:640)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1287)
at java.lang.Thread.run(Unknown Source)
 
In my tomcat/conf/server.xml file I have:
 
ldap://xxx:xxx";
alternativeURL="ldap://xxx:xxx";
connectionName="LDAP@xxx.local" connectionPassword="xxx"
referrals="follow" userBase="dc=vtlwavenet,dc=local"
userSearch="(sAMAccountName={0})" userSubtree="true"
roleBase="dc=xxx,dc=local" roleSearch="(member={0})"
roleName="cn" roleSubtree="true" />
 
I have 2 .war files running from this tomcat - 1) intranet portal A, 2) 
intranet helpdesk page and also another intranet portal B (both run from 
slightly different URLs).
When tomcat was restarted the intranet portal A runs, intranet portal B runs 
but the intranet helpdesk portal doesn't run.  For this we get the error 
message shown above.
 
I don't know if it is the java code, some setting in the tomcat catalina base 
or if it is a tomcat network issue.
 
We are running Tomcat 5.5.29.
java version "1.5.0_22"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03)
Java HotSpot(TM) Client VM (build 1.5.0_22-b03, mixed mode, sharing) 
It is on a Windows Server 2003 R2 SP2 VM box.
 
Any help on this is appreciated.
Thanks in advance
 
Seema
 
 
 
  

Re: SSL and 408 error code (incomplete request)

[sol myr]

Thank very much, that sounds like a good property to tweak. we'll try it out :)




- Original Message -
From: Martin Gainty 
To: Tomcat Users List 
Cc: 
Sent: Thursday, August 1, 2013 1:07 AM
Subject: RE: SSL and 408 error code (incomplete request)

what happens if you increase the connectionTimeout (on your ssl connector) to a 
longer interval  e.g.?

$CATALINA_HOME/conf/server.xml  

  

Martin 
__ 
Verzicht und Vertraulichkeitanmerkung

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.

> Date: Wed, 31 Jul 2013 14:32:39 -0700
> From: solmy...@yahoo.com
> Subject: SSL and 408 error code (incomplete request)
> To: users@tomcat.apache.org
> 
> Hi,
> 
> 
> Has anyone happened to stumble onto this issue, please:
> Our Ajax works perfectly as long as its non-secure.
> However, when switching to SSL we sometimes see 408 errors (incomplete 
> request). This only happens on ajax, and inconsistently (similar requests 
> might succeed on one moment, but fail on the other).
> 
> Please note:
> 1. Our client is Chrome browser, using JQuery for ajax
> 2. Server is Tomcat 7
> 3. Network is fast and stable, and the ajax requests are small
> 4. Problem occurs for both our connectors: APR and Http (both with SSL 
> enabled) 
> 5. Our x509 certificate is valid (otherwise it would have failed on *all* 
> ajax ssl requests, not to mention the non-ajax ssl)
> 
> Thanks :)
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL and 408 error code (incomplete request)

[sol myr]

Thanks very much for this detailed answer.
We don't see a reason for the client to delay data sending (request is small 
and unconditional, network is stable with no firewalls in the middle).
So given your helpful explanation, we'll also ask in the Chrome forums :)
thanks again




- Original Message -
From: André Warnier 
To: Tomcat Users List 
Cc: 
Sent: Thursday, August 1, 2013 1:56 AM
Subject: Re: SSL and 408 error code (incomplete request)

sol myr wrote:
> Hi,
> 
> 
> Has anyone happened to stumble onto this issue, please:
> Our Ajax works perfectly as long as its non-secure.
> However, when switching to SSL we sometimes see 408 errors (incomplete 
> request). This only happens on ajax, and inconsistently (similar requests 
> might succeed on one moment, but fail on the other).
> 
> Please note:
> 1. Our client is Chrome browser, using JQuery for ajax
> 2. Server is Tomcat 7
> 3. Network is fast and stable, and the ajax requests are small
> 4. Problem occurs for both our connectors: APR and Http (both with SSL 
> enabled) 
> 5. Our x509 certificate is valid (otherwise it would have failed on *all* 
> ajax ssl requests, not to mention the non-ajax ssl)
> 
The HTTP RFC 2616 states :

10.4 Client Error 4xx

The 4xx class of status code is intended for cases in which the client seems to 
have erred.

and

10.4.9 408 Request Timeout

The client did not produce a request within the time that the server was 
prepared to wait. 
The client MAY repeat the request without modifications at any later time.

On the face of it thus (and barring some real bug in Tomcat), this looks like a 
client 
error, scenario :
- the client opens a TCP connection to the server, with the purpose of sending 
a request 
on that connection
- but then the client fails to send a request on that connection, for a time 
sufficient 
for the server to declare a "time-out" (or takes an inordinate amount of time 
to send the 
request line - such as in one kind of DOS attack).

Any idea why some of your client requests may have such a behaviour ?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org