date:20131205

On 05/12/2013 08:33, Johan Compagner wrote:


 Good.

 Remove the tomcat7-websocket.jar library if you do not need it.  This
 library (added in 7.0.47, a JSR-356 Java WebSocket 1.0 implementation)
 has a ServletContainerInitializer and thus forces Tomcat to perform
 annotation scanning.


 Does anyone know why this wasn't done by using services? (SPI)
  So that we can directly point to a class that is the websocket or point to
 a class that registers the websockets?

The Java WebSocket 1.0 specification requires this behaviour.

As has been pointed out previously, there really should be a way for a
web application to disable a container provided SCI if it knows it
doesn't need it. The specification doesn't currently allow this. A
Tomcat specific feature to do this is on my TODO list. I'm thinking
something like a regular expression of SCI implementation classes to
exclude configured on the Context. As always, patches welcome.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Severe 7.0.47 startup performance regression

2013-12-05 Thread Johan Compagner


  Does anyone know why this wasn't done by using services? (SPI)
   So that we can directly point to a class that is the websocket or point
 to
  a class that registers the websockets?

 The Java WebSocket 1.0 specification requires this behaviour.

 As has been pointed out previously, there really should be a way for a
 web application to disable a container provided SCI if it knows it
 doesn't need it. The specification doesn't currently allow this. A
 Tomcat specific feature to do this is on my TODO list. I'm thinking
 something like a regular expression of SCI implementation classes to
 exclude configured on the Context. As always, patches welcome.



I was just wondering what the reasons where for depending on a full
jar/class scan.
I didn't follow the spec discussion at all (i am just about to start using
websockets)
I know the spec is build like that that they are not depending at all of a
web container or something like that
 (i think you explained this before)

but doing full jar/class scans instead is for me just a weird choice, thats
bad for performance for huge apps.

Also having some kind of setting so that tomcat doesn't scan if you as a
developer know that it doesn't need it at all.
That only fixes stuff that really don't use it. But now i have a big
project and i do use 1 or 2 websocket here and there.
Then it must be scanned. What i rather would have that it works like a SPI
or some other kind of (osgi) services
so that websocket scanner just ask for a SPI instances and then gets the
websocket classes from that.
then only 1 file is looked for in a jar (manifest/services/) instead of
all the classes

johan

Re: ssl on tomcat

Please do not top-post.
It is annoying when someone is trying to figure out what you are talking about.

Randeep wrote:

Chris,
Yes. I have so many http links as some of our old submitted apps used non
secured http links. as the apps are in use we cannot change it. I cannot
use any redirect rules to convert all the http to https because of that.

Well then, basically, you are doomed.
The basic problem is that these old apps are very badly written, if they use absolute URLs
to point to things on the same site.

The only real good way to do this, is to modify these apps and pages, to use relative
links. Maybe you could do that with some automated script ?

s#http://myserver.com/(.*)$#/$1#g

Otherwise, you are going to be applying patches over patches over redirects over rewrites
all over the place, and there will always be something not working, and it will be a
maintenance nightmare.

What you have to think about it this :
- If *the browser* gets a html page containing a link that starts with http://;, then
*the browser* is going to establish a HTTP (non-secure) connection with the server, and
send that request through this connection.
- If *the browser* gets a html page containing a link that starts with https://;, then
*the browser* is going to establish a HTTPS (secure) connection with the server, and pass
that request through this connection.

There is nothing that the server can do, to magically change a HTTP to a HTTPS
connection.
(At best, the server could send back a redirect response).

So if your pages, server-side, originally contain links that start with http://;, you
have to change those links, *inside of the pages*, before you send them to the browser.

Otherwise there is little that you can do on the server side.

You can theoretically achieve this, on the server side, with a filter which examines all
the outgoing pages and replaces the links in them before they go out to the browser, but
as you can imagine this is very inefficient, and prone to errors.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Severe 7.0.47 startup performance regression

On 05/12/2013 11:50, Johan Compagner wrote:

 Does anyone know why this wasn't done by using services? (SPI)
  So that we can directly point to a class that is the websocket or point
 to
 a class that registers the websockets?

 The Java WebSocket 1.0 specification requires this behaviour.

 As has been pointed out previously, there really should be a way for a
 web application to disable a container provided SCI if it knows it
 doesn't need it. The specification doesn't currently allow this. A
 Tomcat specific feature to do this is on my TODO list. I'm thinking
 something like a regular expression of SCI implementation classes to
 exclude configured on the Context. As always, patches welcome.



 I was just wondering what the reasons where for depending on a full
 jar/class scan.
 I didn't follow the spec discussion at all (i am just about to start using
 websockets)
 I know the spec is build like that that they are not depending at all of a
 web container or something like that
  (i think you explained this before)
 
 but doing full jar/class scans instead is for me just a weird choice, thats
 bad for performance for huge apps.
 
 Also having some kind of setting so that tomcat doesn't scan if you as a
 developer know that it doesn't need it at all.
 That only fixes stuff that really don't use it. But now i have a big
 project and i do use 1 or 2 websocket here and there.
 Then it must be scanned. What i rather would have that it works like a SPI
 or some other kind of (osgi) services
 so that websocket scanner just ask for a SPI instances and then gets the
 websocket classes from that.
 then only 1 file is looked for in a jar (manifest/services/) instead of
 all the classes

There is also the programmatic interface to WebSockets so once there is
a way to disable the SCI, you can use the programmatic interface to set
everything up.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Severe 7.0.47 startup performance regression

2013-12-05 Thread Rossen Stoyanchev

On Thu, Dec 5, 2013 at 7:05 AM, Mark Thomas ma...@apache.org wrote:


 There is also the programmatic interface to WebSockets so once there is
 a way to disable the SCI, you can use the programmatic interface to set
 everything up.


Yes, the very existence of a programmatic interface alternative more or
less implies there should be a way to disable the SCI and still be able to
use WebSocket. Is it not possible to use an absolute-ordering element in
web.xml? I was under the impression that's the mechanism for applications
to control which web fragments to include or exclude. My understanding from
the EG discussions was that SCI was chosen precisely because it is an
existing mechanism that is understood, so I don't understand the reason why
a new mechanism is needed to control SCI scanning.

Rossen

Tomcat 6 lib jars

2013-12-05 Thread Patel, Rakesh (Java)

Hi,

I've come across lots of duplicate jars in the tomcat/lib directory on the 
servers we have been given by our infrastructure people.

The directory looks like this:

-rw-r--r-- 1 root root   15153 Jul 20  2011 annotations-api-6.0.24.jar
lrwxrwxrwx 1 root root  26 Oct 29 17:05 annotations-api.jar - 
annotations-api-6.0.24.jar
-rw-r--r-- 1 root root 1205728 Jul 20  2011 catalina-6.0.24.jar
-rw-r--r-- 1 root root   54149 Jul 20  2011 catalina-ant-6.0.24.jar
lrwxrwxrwx 1 root root  23 Oct 29 17:05 catalina-ant.jar - 
catalina-ant-6.0.24.jar
-rw-r--r-- 1 root root  130751 Jul 20  2011 catalina-ha-6.0.24.jar
lrwxrwxrwx 1 root root  22 Oct 29 17:05 catalina-ha.jar - 
catalina-ha-6.0.24.jar
lrwxrwxrwx 1 root root  19 Oct 29 17:05 catalina.jar - catalina-6.0.24.jar
-rw-r--r-- 1 root root  235744 Jul 20  2011 catalina-tribes-6.0.24.jar
lrwxrwxrwx 1 root root  26 Oct 29 17:05 catalina-tribes.jar - 
catalina-tribes-6.0.24.jar
lrwxrwxrwx 1 root root  39 Oct 29 17:05 commons-collections.jar - 
/usr/share/java/commons-collections.jar
lrwxrwxrwx 1 root root  32 Oct 29 17:05 commons-dbcp.jar - 
/usr/share/java/commons-dbcp.jar
lrwxrwxrwx 1 root root  32 Oct 29 17:05 commons-pool.jar - 
/usr/share/java/commons-pool.jar
-rw-r--r-- 1 root root  533217 Jul 20  2011 jasper-6.0.24.jar
-rw-r--r-- 1 root root  108903 Jul 20  2011 jasper-el-6.0.24.jar
lrwxrwxrwx 1 root root  20 Oct 29 17:05 jasper-el.jar - 
jasper-el-6.0.24.jar
lrwxrwxrwx 1 root root  17 Oct 29 17:05 jasper.jar - jasper-6.0.24.jar
lrwxrwxrwx 1 root root  23 Oct 29 17:05 jasper-jdt.jar - 
/usr/share/java/ecj.jar
lrwxrwxrwx 1 root root  25 Oct 29 17:05 log4j.jar - 
/usr/share/java/log4j.jar
lrwxrwxrwx 1 root root  33 Oct 29 17:05 mx4j-jmx.jar - 
/usr/share/java/mx4j/mx4j-jmx.jar
lrwxrwxrwx 1 root root  36 Oct 29 17:05 mx4j-remote.jar - 
/usr/share/java/mx4j/mx4j-remote.jar
-rw-r--r-- 1 root root  832960 Oct 29 17:07 mysql-connector-java-5.1.22-bin.jar
lrwxrwxrwx 1 root root  59 Oct 29 17:07 mysql-connector-java.jar - 
/usr/share/java/tomcat6/mysql-connector-java-5.1.22-bin.jar
-rw-r--r-- 1 root root   26083 Oct 29 17:07 slf4j-api-1.7.2.jar
lrwxrwxrwx 1 root root  43 Oct 29 17:07 slf4j-api.jar - 
/usr/share/java/tomcat6/slf4j-api-1.7.2.jar
-rw-r--r-- 1 root root8819 Oct 29 17:07 slf4j-log4j12-1.7.2.jar
lrwxrwxrwx 1 root root  47 Oct 29 17:07 slf4j-log4j12.jar - 
/usr/share/java/tomcat6/slf4j-log4j12-1.7.2.jar
lrwxrwxrwx 1 root root  32 Oct 29 17:05 tomcat6-el-2.1-api-6.0.24.jar - 
../tomcat6-el-2.1-api-6.0.24.jar
lrwxrwxrwx 1 root root  33 Oct 29 17:05 tomcat6-jsp-2.1-api-6.0.24.jar - 
../tomcat6-jsp-2.1-api-6.0.24.jar
lrwxrwxrwx 1 root root  37 Oct 29 17:05 tomcat6-servlet-2.5-api-6.0.24.jar 
- ../tomcat6-servlet-2.5-api-6.0.24.jar
-rw-r--r-- 1 root root  768357 Jul 20  2011 tomcat-coyote-6.0.24.jar
lrwxrwxrwx 1 root root  24 Oct 29 17:05 tomcat-coyote.jar - 
tomcat-coyote-6.0.24.jar
-rw-r--r-- 1 root root   69826 Jul 20  2011 tomcat-i18n-es-6.0.24.jar
lrwxrwxrwx 1 root root  25 Oct 29 17:05 tomcat-i18n-es.jar - 
tomcat-i18n-es-6.0.24.jar
-rw-r--r-- 1 root root   51772 Jul 20  2011 tomcat-i18n-fr-6.0.24.jar
lrwxrwxrwx 1 root root  25 Oct 29 17:05 tomcat-i18n-fr.jar - 
tomcat-i18n-fr-6.0.24.jar
-rw-r--r-- 1 root root   54441 Jul 20  2011 tomcat-i18n-ja-6.0.24.jar
lrwxrwxrwx 1 root root  25 Oct 29 17:05 tomcat-i18n-ja.jar - 
tomcat-i18n-ja-6.0.24.jar
lrwxrwxrwx 1 root root  38 Oct 29 17:05 tomcat-juli.jar - 
/usr/share/tomcat6/bin/tomcat-juli.jar

You'll notice generic jar names sum linked to specific jars AND the specific 
jar also in the directory. 

Is this harmless? Or should I ask for a 'cleaner' install from the apache 
website? I believe this installation comes from the central CentOS6 repository.

Thanks

Rakesh
Information in this email including any attachments may be privileged, 
confidential and is intended exclusively for the addressee. The views expressed 
may not be official policy, but the personal views of the originator. If you 
have received it in error, please notify the sender by return e-mail and delete 
it from your system. You should not reproduce, distribute, store, retransmit, 
use or disclose its contents to anyone. Please note we reserve the right to 
monitor all e-mail communication through our internal and external networks. 
SKY and the SKY marks are trademarks of British Sky Broadcasting Group plc and 
Sky International AG and are used under licence. British Sky Broadcasting 
Limited (Registration No. 2906991), Sky-In-Home Service Limited (Registration 
No. 2067075) and Sky Subscribers Services Limited (Registration No. 2340150) 
are direct or indirect subsidiaries of British Sky Broadcasting Group plc 
(Registration No. 2247735). All of the companies mentioned in this paragraph 
are incorporated in England and Wales and share the same registered office at 
Grant Way, Isleworth, Middlesex TW7 5QD.

JNDI Realm and GSSAPI problems with TC 7

2013-12-05 Thread Hendrik Dev

Hi,

i have a few questions about the JNDIRealm, GSSAPI (Kerberos 5 mech)
authentication and the SPNEGO Authenticator Valve in TC 7.0.47:

Preface: In the docs SPNEGO Authenticator Valve/JNDIRealm is called
30) Windows Authentication but i guess its not only working for
windows? I see no code which is explicitly tied to windows or active
directory so i assume its also working for Linux/MIT Kerberos/OpenLDAP
setup, is this true?

What i try to achieve is that the JNDIRealm will use the user's (
which is authenticated by the spnego valve) delegated credentials to
connect to the LDAP server and then query the roles to which the users
belongs to. This is not working for me for two reasons:

1) JndiRealm tries initially on startup to make a connection to the
LDAP server which makes no sense because there are no GSSAPI
credentials yet - JndiRealm.startInternal() (Line 2225)

2) After temporarily solving issue 1) the JNDI Realm prompt me for
username and password. This seems to be originating from the SASL
Client default callback. I tried to register my own callbackhandler
(setting java.naming.security.sasl.callback) but it’s ignored.
Inspecting the code of JNDIRealm.java it seems that such a scenario is
not indented but the docs argue the converse
http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Tomcat_instance

Any help is appreciated.

Thanks
Hendrik

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 lib jars

2013-12-05 Thread Daniel Mikusa

On Dec 5, 2013, at 9:42 AM, Patel, Rakesh (Java) rakesh.pat...@bskyb.com 
wrote:

 Hi,
 
 I've come across lots of duplicate jars in the tomcat/lib directory on the 
 servers we have been given by our infrastructure people.
 
 The directory looks like this:
 
 -rw-r--r-- 1 root root   15153 Jul 20  2011 annotations-api-6.0.24.jar
 lrwxrwxrwx 1 root root  26 Oct 29 17:05 annotations-api.jar - 
 annotations-api-6.0.24.jar
 -rw-r--r-- 1 root root 1205728 Jul 20  2011 catalina-6.0.24.jar
 -rw-r--r-- 1 root root   54149 Jul 20  2011 catalina-ant-6.0.24.jar
 lrwxrwxrwx 1 root root  23 Oct 29 17:05 catalina-ant.jar - 
 catalina-ant-6.0.24.jar
 -rw-r--r-- 1 root root  130751 Jul 20  2011 catalina-ha-6.0.24.jar
 lrwxrwxrwx 1 root root  22 Oct 29 17:05 catalina-ha.jar - 
 catalina-ha-6.0.24.jar
 lrwxrwxrwx 1 root root  19 Oct 29 17:05 catalina.jar - 
 catalina-6.0.24.jar
 -rw-r--r-- 1 root root  235744 Jul 20  2011 catalina-tribes-6.0.24.jar
 lrwxrwxrwx 1 root root  26 Oct 29 17:05 catalina-tribes.jar - 
 catalina-tribes-6.0.24.jar
 lrwxrwxrwx 1 root root  39 Oct 29 17:05 commons-collections.jar - 
 /usr/share/java/commons-collections.jar
 lrwxrwxrwx 1 root root  32 Oct 29 17:05 commons-dbcp.jar - 
 /usr/share/java/commons-dbcp.jar
 lrwxrwxrwx 1 root root  32 Oct 29 17:05 commons-pool.jar - 
 /usr/share/java/commons-pool.jar
 -rw-r--r-- 1 root root  533217 Jul 20  2011 jasper-6.0.24.jar
 -rw-r--r-- 1 root root  108903 Jul 20  2011 jasper-el-6.0.24.jar
 lrwxrwxrwx 1 root root  20 Oct 29 17:05 jasper-el.jar - 
 jasper-el-6.0.24.jar
 lrwxrwxrwx 1 root root  17 Oct 29 17:05 jasper.jar - jasper-6.0.24.jar
 lrwxrwxrwx 1 root root  23 Oct 29 17:05 jasper-jdt.jar - 
 /usr/share/java/ecj.jar
 lrwxrwxrwx 1 root root  25 Oct 29 17:05 log4j.jar - 
 /usr/share/java/log4j.jar
 lrwxrwxrwx 1 root root  33 Oct 29 17:05 mx4j-jmx.jar - 
 /usr/share/java/mx4j/mx4j-jmx.jar
 lrwxrwxrwx 1 root root  36 Oct 29 17:05 mx4j-remote.jar - 
 /usr/share/java/mx4j/mx4j-remote.jar
 -rw-r--r-- 1 root root  832960 Oct 29 17:07 
 mysql-connector-java-5.1.22-bin.jar
 lrwxrwxrwx 1 root root  59 Oct 29 17:07 mysql-connector-java.jar - 
 /usr/share/java/tomcat6/mysql-connector-java-5.1.22-bin.jar
 -rw-r--r-- 1 root root   26083 Oct 29 17:07 slf4j-api-1.7.2.jar
 lrwxrwxrwx 1 root root  43 Oct 29 17:07 slf4j-api.jar - 
 /usr/share/java/tomcat6/slf4j-api-1.7.2.jar
 -rw-r--r-- 1 root root8819 Oct 29 17:07 slf4j-log4j12-1.7.2.jar
 lrwxrwxrwx 1 root root  47 Oct 29 17:07 slf4j-log4j12.jar - 
 /usr/share/java/tomcat6/slf4j-log4j12-1.7.2.jar
 lrwxrwxrwx 1 root root  32 Oct 29 17:05 tomcat6-el-2.1-api-6.0.24.jar - 
 ../tomcat6-el-2.1-api-6.0.24.jar
 lrwxrwxrwx 1 root root  33 Oct 29 17:05 tomcat6-jsp-2.1-api-6.0.24.jar - 
 ../tomcat6-jsp-2.1-api-6.0.24.jar
 lrwxrwxrwx 1 root root  37 Oct 29 17:05 
 tomcat6-servlet-2.5-api-6.0.24.jar - ../tomcat6-servlet-2.5-api-6.0.24.jar
 -rw-r--r-- 1 root root  768357 Jul 20  2011 tomcat-coyote-6.0.24.jar
 lrwxrwxrwx 1 root root  24 Oct 29 17:05 tomcat-coyote.jar - 
 tomcat-coyote-6.0.24.jar
 -rw-r--r-- 1 root root   69826 Jul 20  2011 tomcat-i18n-es-6.0.24.jar
 lrwxrwxrwx 1 root root  25 Oct 29 17:05 tomcat-i18n-es.jar - 
 tomcat-i18n-es-6.0.24.jar
 -rw-r--r-- 1 root root   51772 Jul 20  2011 tomcat-i18n-fr-6.0.24.jar
 lrwxrwxrwx 1 root root  25 Oct 29 17:05 tomcat-i18n-fr.jar - 
 tomcat-i18n-fr-6.0.24.jar
 -rw-r--r-- 1 root root   54441 Jul 20  2011 tomcat-i18n-ja-6.0.24.jar
 lrwxrwxrwx 1 root root  25 Oct 29 17:05 tomcat-i18n-ja.jar - 
 tomcat-i18n-ja-6.0.24.jar
 lrwxrwxrwx 1 root root  38 Oct 29 17:05 tomcat-juli.jar - 
 /usr/share/tomcat6/bin/tomcat-juli.jar
 
 You'll notice generic jar names sum linked to specific jars AND the specific 
 jar also in the directory. 
 
 Is this harmless? Or should I ask for a 'cleaner' install from the apache 
 website? I believe this installation comes from the central CentOS6 
 repository.

Minimally, I would ask for an up-to-date version of Tomcat.  The libraries seem 
to indicate that 6.0.24 is installed and that's pretty old now.  As for the 
latest 6.0.x release.

As far as the duplicate JAR files, one situation off the top of my head where 
it could cause problems is if the versions are different.  For example, if the 
JAR file in the lib folder is version X and the symlink points to version Y.  
This is problematic because you would have no idea which version of the JAR is 
going to be loaded.  You'd want one or the other, either the file or the 
symlink.

Personally, and I think many people on the list would agree, I'd suggest 
against using the installation from your distro's repository.  They're 
typically way out-of-date (see my comment above) and they tend to put files in 
weird places.  At least weird relative to the standard installation that is 
available from tomcat.apache.org.  While having files in weird places may not 
directly cause problems, it does make it more

%F in AccessLogValve

2013-12-05 Thread francisco.sanmartin-gomez

Hello,

I'm trying to use the %F in the AccessLogValve but all I'm getting in the logs 
is the string: ???F???

This is the configuration in server.xml

Host name=localhost  appBase=webapps
unpackWARs=true autoDeploy=true
Valve className=org.apache.catalina.valves.AccessLogValve 
directory=logs
   prefix=localhost_access_log. suffix=.txt
   pattern=%h %l %u %t quot;%rquot; %s %b ttp: %D ttc: %F /

  /Host

And I'm using
Name: tomcat7
Arch: noarch
Version : 7.0.39


Any ideas?

Thanks in advance.

Kind regards,

Francisco Pako Sanmartin

Re: %F in AccessLogValve

2013-12-05 Thread Daniel Mikusa

On Dec 5, 2013, at 10:31 AM, francisco.sanmartin-go...@here.com wrote:

 Hello,
 
 I'm trying to use the %F in the AccessLogValve but all I'm getting in the 
 logs is the string: ???F???

Seems like this option is not available in your version.  Have you tried the 
latest release?

Dan

 
 This is the configuration in server.xml
 
 Host name=localhost  appBase=webapps
unpackWARs=true autoDeploy=true
Valve className=org.apache.catalina.valves.AccessLogValve 
 directory=logs
   prefix=localhost_access_log. suffix=.txt
   pattern=%h %l %u %t quot;%rquot; %s %b ttp: %D ttc: %F /
 
  /Host
 
 And I'm using
 Name: tomcat7
 Arch: noarch
 Version : 7.0.39
 
 
 Any ideas?
 
 Thanks in advance.
 
 Kind regards,
 
 Francisco Pako Sanmartin
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Severe 7.0.47 startup performance regression

On 05/12/2013 14:22, Rossen Stoyanchev wrote:
 On Thu, Dec 5, 2013 at 7:05 AM, Mark Thomas ma...@apache.org wrote:
 

 There is also the programmatic interface to WebSockets so once there is
 a way to disable the SCI, you can use the programmatic interface to set
 everything up.
 
 
 Yes, the very existence of a programmatic interface alternative more or
 less implies there should be a way to disable the SCI and still be able to
 use WebSocket. Is it not possible to use an absolute-ordering element in
 web.xml?

That provides a way to exclude JARs from scanning (which should be most
of the problem) but not classes.

 I was under the impression that's the mechanism for applications
 to control which web fragments to include or exclude. My understanding from
 the EG discussions was that SCI was chosen precisely because it is an
 existing mechanism that is understood, so I don't understand the reason why
 a new mechanism is needed to control SCI scanning.

I think there is still a use for being able to disable container
provided SCIs on a per context basis outside of what is available in the
spec. That said, if no-one agrees with me then I have plenty of other
things to be working on.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: %F in AccessLogValve

2013-12-05 Thread Konstantin Preißer

Hi,

 -Original Message-
 From: francisco.sanmartin-go...@here.com [mailto:francisco.sanmartin-
 go...@here.com]
 Sent: Thursday, December 5, 2013 4:31 PM

 I'm trying to use the %F in the AccessLogValve but all I'm getting in the 
 logs is
 the string: ???F???
 
 This is the configuration in server.xml
 
 Host name=localhost  appBase=webapps
 unpackWARs=true autoDeploy=true
 Valve className=org.apache.catalina.valves.AccessLogValve
 directory=logs
prefix=localhost_access_log. suffix=.txt
pattern=%h %l %u %t quot;%rquot; %s %b ttp: %D ttc: %F /
 
   /Host
 
 And I'm using
 Name: tomcat7
 Arch: noarch
 Version : 7.0.39
 
 
 Any ideas?

According to [1], the %F pattern is available from Tomcat 7.0.42 onwards.

[1] https://issues.apache.org/bugzilla/show_bug.cgi?id=55102


Regards,
Konstantin Preißer


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: %F in AccessLogValve

2013-12-05 Thread Daniel Mikusa

On Dec 5, 2013, at 10:55 AM, Daniel Mikusa dmik...@gopivotal.com wrote:

 On Dec 5, 2013, at 10:31 AM, francisco.sanmartin-go...@here.com wrote:
 
 Hello,
 
 I'm trying to use the %F in the AccessLogValve but all I'm getting in the 
 logs is the string: ???F???
 
 Seems like this option is not available in your version.  

You need 7.0.42 or greater.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55102

 Have you tried the latest release?
 
 Dan
 
 
 This is the configuration in server.xml
 
 Host name=localhost  appBase=webapps
   unpackWARs=true autoDeploy=true
   Valve className=org.apache.catalina.valves.AccessLogValve 
 directory=logs
  prefix=localhost_access_log. suffix=.txt
  pattern=%h %l %u %t quot;%rquot; %s %b ttp: %D ttc: %F /
 
 /Host
 
 And I'm using
 Name: tomcat7
 Arch: noarch
 Version : 7.0.39
 
 
 Any ideas?
 
 Thanks in advance.
 
 Kind regards,
 
 Francisco Pako Sanmartin
 
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: %F in AccessLogValve

2013-12-05 Thread francisco.sanmartin-gomez

Oh, thanks. Good to know.

-Original Message-
From: ext Daniel Mikusa [mailto:dmik...@gopivotal.com] 
Sent: jueves, 05 de diciembre de 2013 16:58
To: Tomcat Users List
Subject: Re: %F in AccessLogValve

On Dec 5, 2013, at 10:55 AM, Daniel Mikusa dmik...@gopivotal.com wrote:

 On Dec 5, 2013, at 10:31 AM, francisco.sanmartin-go...@here.com wrote:
 
 Hello,
 
 I'm trying to use the %F in the AccessLogValve but all I'm getting in the 
 logs is the string: ???F???
 
 Seems like this option is not available in your version.  

You need 7.0.42 or greater.

https://issues.apache.org/bugzilla/show_bug.cgi?id=55102

 Have you tried the latest release?
 
 Dan
 
 
 This is the configuration in server.xml
 
 Host name=localhost  appBase=webapps
   unpackWARs=true autoDeploy=true
   Valve className=org.apache.catalina.valves.AccessLogValve 
 directory=logs
  prefix=localhost_access_log. suffix=.txt
  pattern=%h %l %u %t quot;%rquot; %s %b ttp: %D ttc: %F /
 
 /Host
 
 And I'm using
 Name: tomcat7
 Arch: noarch
 Version : 7.0.39
 
 
 Any ideas?
 
 Thanks in advance.
 
 Kind regards,
 
 Francisco Pako Sanmartin
 
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Severe 7.0.47 startup performance regression

2013-12-05 Thread Rossen Stoyanchev

On Thu, Dec 5, 2013 at 10:57 AM, Mark Thomas ma...@apache.org wrote:

 On 05/12/2013 14:22, Rossen Stoyanchev wrote:
  On Thu, Dec 5, 2013 at 7:05 AM, Mark Thomas ma...@apache.org wrote:
 
 
  There is also the programmatic interface to WebSockets so once there is
  a way to disable the SCI, you can use the programmatic interface to set
  everything up.
 
 
  Yes, the very existence of a programmatic interface alternative more or
  less implies there should be a way to disable the SCI and still be able
 to
  use WebSocket. Is it not possible to use an absolute-ordering element
 in
  web.xml?

 That provides a way to exclude JARs from scanning (which should be most
 of the problem) but not classes.


Okay, I wasn't aware of that. It would have been useful to somehow exclude
the WAR itself too, so it's all one mechanism.


  I was under the impression that's the mechanism for applications
  to control which web fragments to include or exclude. My understanding
 from
  the EG discussions was that SCI was chosen precisely because it is an
  existing mechanism that is understood, so I don't understand the reason
 why
  a new mechanism is needed to control SCI scanning.

 I think there is still a use for being able to disable container
 provided SCIs on a per context basis outside of what is available in the
 spec. That said, if no-one agrees with me then I have plenty of other
 things to be working on.


I agree there should be a way to disable container provided SCI. My
surprise was that there isn't already a way to do that.

Re: mod_proxy not redirecting servlet redirect properly


Konstantin Kolinko wrote:

2013/12/5 Ponmani nvr...@yahoo.co.uk:

Hi



I am very new to mod_proxy. Gone thru some tutorials and configured mod_proxy. 
Everything works great except this issue. Couldn't solve even after spending 
hrs in googling. Issue is - I have apache 2 in front of tomcat 6 (running in 
port 8080) in my internet website. I am using mod_proxy to mask the port 8080. 
In one of the servlets POST method i am redirecting the request to a JSP page 
but port 8080 is displayed in the URL as follows after successful redirect 
http://myip.com:8080/myapp/WebContent/result.jsp?message=success
Couldn't figure out how to avoid it. Here is my httpd conf entry
VirtualHost *:80 ServerAdmin sha...@example.com ServerName http://myip 
ServerAlias http://myip ProxyPass /myapp http://myip:8080/myapp ProxyPassReverse 
/myapp myip:8080/myapp ProxyPass /myapp ! RedirectMatch 301 ^/myapp/(.*)$ /$1 
RedirectMatch 301 ^/myapp$ /
/VirtualHost
Can someone pls. let me know what the problem is? thanks


http://tomcat.apache.org/tomcat-6.0-doc/config/http.html
See proxyPort attribute.



And (to the OP) :
Your message is quite hard to read.
But from what I can see of your config above :
- ServerName is wrong, it should just be myip
- ServerAlias is also wrong, for the same reason.  But it is also superfluous, as it is 
the same as ServerName. You need a ServerAlias only if you have a different hostname.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Expire Sesssion

2013-12-05 Thread Crystal Maramba

-Original Message-
From: Igor Cicimov [mailto:icici...@gmail.com] 
Sent: Wednesday, December 04, 2013 6:54 PM
To: Tomcat Users List
Subject: Re: Expire Sesssion

On 05/12/2013 9:47 AM, Crystal Maramba cmara...@acumenllc.com wrote:

 Version: Apache Tomcat 7.0.42
 Server: 2008r2 Standard

 How can I change the expired sessions in Tomcat Manager from 30 minutes
to 480 minutes?

 I think you can do it through the web.xml file located in
\tomcat\conf\web.xml and then restart Tomcat.

 Is there a difference if I change it in the \tomcat\conf location versus
\tomcat\webapps\[web app name]\web-inf\web.xml location?

First one will apply to all apps.

 If I change the web.xml file in the \tomcat\conf\web.xml location will it
override the web app location?

No.

Thanks for the response. Is there a way to do this through the Tomcat manager 
without modifying tomcat web.xml config file?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Transfer-Encoding: chunked not working

2013-12-05 Thread C. Benson Manica

The content I expect is in the neighborhood of 30K. What I get back is

$ curl -i http://localhost:8080/

HTTP/1.1 200 OK^M
Server: Apache-Coyote/1.1^M
Set-Cookie: JSESSIONID=6ED488F581B8D3317261ADA2AD97CC20; Path=/; HttpOnly^M
Content-Type: text/html;charset=UTF-8^M
Transfer-Encoding: chunked^M
Date: Thu, 05 Dec 2013 17:47:22 GMT^M
^M


!DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN 
http://www.w3.org/TR/html4/loose.dtd;
!-- intervening content elided --
var s

i.e., it just ends 16384 bytes into the full content of the page. This
behavior also happens when I load the page in Chrome, so it's not just some
oddity of curl.

I'm not using a tool to inspect traffic, because if it becomes that
troublesome to debug a default install, I'm probably just going to use
jetty. (full disclosure: I *am* now using jetty, with the same web
application, and not running into any issues, so whatever's going on is in
Tomcat world.)

In answer to your meta-question, brew seemed to do a reasonable job with
Tomcat, modulo this issue. I don't know
that /usr/local/Cellar/tomcat/7.0.47/libexec makes 100% sense for
$TOMCAT_HOME, but at least everything's in the same place.

On Wed, Dec 4, 2013 at 9:57 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Benson,

 On 12/3/13, 6:55 PM, C. Benson Manica wrote:
  Tomcat 7.0.47, OSX 10.8. Fresh install via homebrew.

 [As an aside, I'm interested in your experience with
 Tomcat-via-homebrew. I use Mac OS but installed Tomcat via
 direct-download. Does brew make a giant mess of everything, or is it
 pretty good?]

  I'm running a web app with Tomcat that is returning the header
  Transfer-Encoding: chunked and seemingly exactly one 16384-byte
  chunk of content that is longer than that.

 What do you mean by the above statement? Is the content 16384 bytes
 long or isn't it? A chunked response should include a main response
 which just says chunked and then a series of actual chunks with
 content-length headers in each one.

 What is the content-length header in the first chunk? How many bytes
 do you actually get in that chunk? Did you get a zero-byte final
 chunk? How did you count those bytes? How many total bytes were you
 expecting?

 What tool are you using to inspect the traffic?

  Consequently the page that should be transferred is not rendered by
  the user agent (Chrome in this case). AFAICT it's Tomcat that isn't
  sending all the chunks properly. Why might it not be doing that?
  What else might be the problem?

 Unless your web application is doing odd things, Tomcat is responsible
 for chunking your response. If you are using a fronting web server,
 that could complicate matters, too, but it does not sound like you are
 doing that.

 Can you give some more information? (See above)

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.15 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJSn20BAAoJEBzwKT+lPKRY2J0QAJYX2l1LYLhHdHSR9RWgSMwK
 WOjyNsRDV4OYUL8vSPFwWH4kktgWm4i5YkLwJUqTxkjD/XjrmGHzbaI879zgZ6Qp
 W05LBZuRhQ6YERjSiZFMb0ZN3+kzqOdLJjQ1d8dSLPSP3/leWLMYF2IP8KsIpf87
 pcdwjfshujzOy1Rjpod9fYehdgIoD0vLQyH/5vIEI9kS2Peqa7mx05axOYmoaTjP
 a/y8nWdbOPfQDkHKwN+F75CHXQIbtr/jVTh9fuVdnv2EMKvySHV4vFnrh9mvTKDD
 6FX8+ktOl/MidJ0bU1Wzo4m9rFtDBylFsWnrHEDD3MYCGoypMtIvlOGoi2NGjb4t
 CuMEWZSHdz83wFEBnEQqrfyYCcwfUMFg247+72T/6irg7PQJwFWxOUZI6lQ5XYbF
 V6wl8Lm9MzXPAL4231PO3zOxQYE2slE5XeL03zi6QuxmxW8UUaAVYP1n05vYO7AS
 LUKBYqH7Z6odH6mkDIemAOq/AOjOZLhB6XRaoRvrZKHDRpm/LwfYtt3s0TC9lD7u
 bse0THd4amYvHjBaiV34yMx+htSM7Pqk3oqwZDouvLQo/4p0lsktQLRNgFF00oBI
 ++uhC6YQNqkua9E1s1KSsCpdFrHxhb819Sj6GCyru0iNplw5awtXDcIZ83OG4UJu
 SmNsFn4XKMtyS0YK1fCj
 =Fx81
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-- 
C. Benson Manica
cbman...@gmail.com

Re: Need Information regarding Apache Webserver static file configuration


Tapajyoti Roybarman wrote:

Hi Andre,

I apologize for not following the mailing rule. Actually this is the first 
time that I am taking the help of such a forum.


Before I begin asking you anything I want to thank you for such a detailed 
explanation.


To begin with, answer to your question - why do you want to serve these 
files from Apache httpd, instead of letting Tomcat do it? I am planning 
to use Apache httpd as a Load Balancer. And to improve the performance of 
my application, I want to serve the static content from apache itself.


Now, as per your suggestion I have modified the entries of httpd.conf file 
to this.


ProxyPassMatch ^/.*\.(gif|jpg|css|png)$! http://localhost:8080/
ProxyPassMatch ^/(.*\.jsp)$ http://localhost:8080/$1
ProxyPassReverse / http://localhost:8080/

ProxyPassMatch ^/.*\.(gif|jpg|css|png)$! http://localhost:8080/ - By using 
this setting I am able to serve static files from apache. I have kept my 
files under DocumentRoot as per your suggestion.


ProxyPassMatch ^/(.*\.jsp)$ http://localhost:8080/$1 - If I am not using 
this. I am getting a page not found error for my page Login.jsp present 
inside Tomcat/Webapps/MyApplication. When I am using this setting I am 
able to reach to the page Login.jsp.


Now, the probelm is, the Login.jsp actually sends the request to a servlet 
to complete the login functionality. I am not able to reach to that 
servlet using the above settings. The URL  is - 
http://localhost/MyApplication/servlet/login


What should I add in the httpd.conf to achieve this?


Assuming that all the URLs which contain /servlet/ are to be forwarded to 
Tomcat,
you could use something like :

ProxyPassMatch ^/.*\.(gif|jpg|css|png)$! http://localhost:8080/
ProxyPassMatch ^/(.*\.jsp)$ http://localhost:8080/$1
ProxyPassMatch ^/(.*/servlet/.*)$ http://localhost:8080/$1

ProxyPassReverse / http://localhost:8080/


Note : still be careful of the order of the directives.  As indicated in the corresponding 
mod_proxy documentation, httpd evaluates each Proxy* directive in turn, from top to 
bottom, and the first one that matches wins the day.

For example, if you had this order :

ProxyPassMatch ^/(.*\.jsp)$ http://localhost:8080/$1
ProxyPassMatch ^/(.*/servlet/.*)$ http://localhost:8080/$1
ProxyPassMatch ^/.*\.(gif|jpg|css|png)$! http://localhost:8080/

then a URL like
http://localhost/MyApplication/servlet/something/image.jpg
would be proxied to Tomcat, because the line
ProxyPassMatch ^/(.*/servlet/.*)$ http://localhost:8080/$1
would match before the line
ProxyPassMatch ^/.*\.(gif|jpg|css|png)$! http://localhost:8080/

As I recall, httpd has an internal flag that means proxy this URL or don't proxy this 
URL.  As soon as one of the expressions in a Proxy* statement matches, that flag is set 
(one way or the other), and no further evaluation of Proxy* statements takes place.


That also means that if you happen to know that there are many more URLs containing 
/servlet/ than there are ending in .jsp, you could do some (very small) optimisation 
by doing this :

ProxyPassMatch ^/.*\.(gif|jpg|css|png)$! http://localhost:8080/
ProxyPassMatch ^/(.*/servlet/.*)$ http://localhost:8080/$1
ProxyPassMatch ^/(.*\.jsp)$ http://localhost:8080/$1


Alternatively again : if, once you have filtered out all URLs ending in 
(gif|jpg|css|png), you know that all the remaining ones that start with /MyApplication 
should be forwarded to Tomcat, then you could use :


ProxyPassMatch ^/.*\.(gif|jpg|css|png)$ ! http://localhost:8080/
ProxyPassMatch ^/MyApplication http://localhost:8080/MyApplication

and that would take care of both
/MyApplication/servlet/login
/MyApplication/Login.jsp
and many others.

It's fun playing with..
And mod_rewrite is even more fun.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Transfer-Encoding: chunked not working

2013-12-05 Thread Konstantin Preißer

Hi,

 -Original Message-
 From: C. Benson Manica [mailto:cbman...@gmail.com]
 Sent: Thursday, December 5, 2013 6:54 PM
 To: Tomcat Users List
 Subject: Re: Transfer-Encoding: chunked not working

 The content I expect is in the neighborhood of 30K. What I get back is

 $ curl -i http://localhost:8080/

 HTTP/1.1 200 OK^M
 Server: Apache-Coyote/1.1^M
 Set-Cookie: JSESSIONID=6ED488F581B8D3317261ADA2AD97CC20; Path=/;
 HttpOnly^M
 Content-Type: text/html;charset=UTF-8^M
 Transfer-Encoding: chunked^M
 Date: Thu, 05 Dec 2013 17:47:22 GMT^M
 ^M

 !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN 
 http://www.w3.org/TR/html4/loose.dtd;
 !-- intervening content elided --
 var s

 i.e., it just ends 16384 bytes into the full content of the page. This
 behavior also happens when I load the page in Chrome, so it's not just some
 oddity of curl.

 I'm not using a tool to inspect traffic, because if it becomes that
 troublesome to debug a default install, I'm probably just going to use
 jetty. (full disclosure: I *am* now using jetty, with the same web
 application, and not running into any issues, so whatever's going on is in
 Tomcat world.)

Can you show what exactly you are doing in your web application to generate the 
response?

I cannot reproduce the problem with a simple servlet that e.g. writes 3 
bytes to the response with Tomcat 7.0.47.

Regards,
Konstantin Preißer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ssl on tomcat

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Randeep,

On 12/4/13, 1:30 PM, Randeep wrote:
 Chris, Yes. I have so many http links as  some of our old submitted
 apps used non secured http links. as the apps are in use we cannot
 change it. I cannot use any redirect rules to convert all the http
 to https because of that.
 
 We use struts for framework. And normal jsp pages. I'm not a
 developer so cant say much about it.
 
 This is in my server.xml Listener
 className=org.apache.catalina.core.AprLifecycleListener 
 SSLEngine=on / Connector port=8080 protocol=HTTP/1.1 
 connectionTimeout=2 redirectPort=8443 / Connector
 port=8009 protocol=AJP/1.3 redirectPort=8443 /
 
 
 [root@server conf.d]# cat mod_jk.conf # Where to find
 workers.properties JkWorkersFile
 /etc/httpd/conf.d/workers.properties # Where to put jk logs 
 JkLogFile /var/log/httpd/mod_jk.log # Set the jk log level
 [debug/error/info] JkLogLevel info # Select the log format 
 JkLogStampFormat [%a %b %d %H:%M:%S %Y]  # JkOptions indicate to
 send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat
 -ForwardDirectories # JkRequestLogFormat set the request format 
 JkRequestLogFormat %w %V %T # Send servlet for context /examples
 to worker named worker1 #JkMount /examples worker1 # Send JSPs for
 context /examples/* to worker named worker1 JkMount /* worker1 
 JkShmFile  /etc/httpd/logs/jk-runtime-status
 
 [root@server conf.d]# cat /etc/httpd/conf.d/workers.properties 
 #workers.tomcat_home=/usr/tomcat/apache-tomcat-6.0.26 
 #workers.tomcat_home=/usr/share/tomcat5 
 workers.tomcat_home=/usr/share/apache-tomcat-6.0.37/ 
 workers.java_home=/usr/java/default ps=/ worker.list=worker1 
 worker.default.port=8009 worker.default.host=localhost 
 worker.default.type=ajp13 #worker.default.lbfactor=1
 
 Let me know if there is anything else i need to provide

Yes. What do your links look like in your pages?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSoMX5AAoJEBzwKT+lPKRY+bMP/1bsOUTESydTjx0uP7SxYzeZ
FES9UkmjtcqV3UNarMwRg9QfdUpQMZQjDoQ1Gqa+wBITgpI87j5QTJApiwOPLK/9
dH6QAd79vDWP+HctlfdYyLnBEzEvKnFTHSsVibP9bHBz+YPXZOXVyatPf7Rn5ZjP
wG5Jp60AP1sQ4bM7zSlG9oxPT2V534LkS9/r3804rehg9Y3e4bOH9wSx+ZMu85qf
nK596yEF8C9DY2A6Ngddb5pcqg2ZHM5JpE2GX30s+hcIg9+QIKTX3dXgVHXvVBmD
pEfrp53J8t1UQVgK5GVcIJUe7r2Tl/vsnTeU6vvHJiafSNd9qQiG5F1wHHdFwPe9
Ugr12vCX76RrLpANaCe9Dc5fq1nWLjzdH/2S1Pd5KXbFLRNZV1+dV2x+z6m1nDfR
RTwy5TwkiYBUuo4qPxl/D5rUQVt3Um4BzuQXPikd1hAiUXnT8AZhzovc+CuOx5UW
ssTXdSOJRk/Ubz6DMHtkcTnHiNUlmcP+zMH/udGHKNBbZU7JRGkp6mPYg3WuoXv5
kjxXIPelXiDGfIajioxUvBc7BxwGEfuDuym189WlhFrkVAlt2laU3zmGJQAIbtW8
650yRjFj3JAQtTQ+1tBHHhOXCSfLxAwA4Xf/Ah0+5voSSsSmkIVb4Da2e80/wWlZ
qTiIADVgqbfkZ9vkzY19
=gBPr
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need Information regarding Apache Webserver static file configuration

2013-12-05 Thread David kerber


On 12/5/2013 5:37 AM, Tapajyoti Roybarman wrote:

Hi Andre,

I apologize for not following the mailing rule. Actually this is the first
time that I am taking the help of such a forum.

Before I begin asking you anything I want to thank you for such a detailed
explanation.

To begin with, answer to your question - why do you want to serve these
files from Apache httpd, instead of letting Tomcat do it? I am planning
to use Apache httpd as a Load Balancer. And to improve the performance of
my application, I want to serve the static content from apache itself.


Keep in mind that the performance boost you get from having httpd 
serving static files instead of Tomcat will be small, perhaps not even 
measurable depending on the details of your configuration and application.


Having httpd as a load balancer is a good use of it, but having it serve 
all your static files as a performance booster, not so much.


Dave


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Expire Sesssion

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Crystal,

On 12/5/13, 12:10 PM, Crystal Maramba wrote:
 
 
 -Original Message- From: Igor Cicimov
 [mailto:icici...@gmail.com] Sent: Wednesday, December 04, 2013 6:54
 PM To: Tomcat Users List Subject: Re: Expire Sesssion
 
 On 05/12/2013 9:47 AM, Crystal Maramba cmara...@acumenllc.com
 wrote:
 
 Version: Apache Tomcat 7.0.42 Server: 2008r2 Standard
 
 How can I change the expired sessions in Tomcat Manager from 30
 minutes
 to 480 minutes?
 
 I think you can do it through the web.xml file located in
 \tomcat\conf\web.xml and then restart Tomcat.
 
 Is there a difference if I change it in the \tomcat\conf location
 versus
 \tomcat\webapps\[web app name]\web-inf\web.xml location?
 
 First one will apply to all apps.
 
 If I change the web.xml file in the \tomcat\conf\web.xml location
 will it
 override the web app location?
 
 No.
 
 Thanks for the response. Is there a way to do this through the
 Tomcat manager without modifying tomcat web.xml config file?

No. That could be added, but it would not persist across
re-deployments or server restarts without some ... effort.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSoMejAAoJEBzwKT+lPKRYwXQP/2j1yljzh4Ce34M3LAyHh2Fy
zR7nPMB4QrZCXKm2O9kncpd7b5nX86Y1IbRGCfTiihqTeI31yndEYR366FvSIova
nuAevupVPPxhshYb9RiXQD3olI9sPFbef64ELZ933S+u/k9kC9/fc6er4h5DRjdx
0MwxF3dJIAH5BG0HbcloENLT/2se3OG6j1ut28QisiLTaGmG5E/4b14F1GgMcQUy
DtlwmGcO3YWW0rjGBfBoTQwtuzMCpzoalgt6FiXPbaLXOkum1thrX7nUOGizpWq0
Ez4+nQwGJDn5jhnQKvedzEblnUc5Hnzv+srp1bXbf3h5f8vB2z+NIiLLFBb17dld
j5M2CQoZwj0T13Re8Q9T6EwLIg87Mi6ROExlORXaZr59dLnFB87izYVAsgOIhs/W
oI+JpkDuNakZCf4Zpcu3qkZFRYG9Ulqy23t1KS40qWYDeDoCHqaK3sk2nWxadVd5
gc1IWK5al8IIc/gYMYH8JOvE3mb65fFcIVcnGaf7LeWwGehf7FUe27nf1j5mTvOn
VfmmqnWPdj2FptCOx0rXE+CRBQFbcwycADkqWHRZajJ725zHy/P8g2+FeF4cf7Fq
CAZ2bjPujcJBHo7dl73y3fUcVSfoXkwiShZB+SgakZ3f8zHYLPkngI1+HKfq9m3K
j6mK3IzLN8hHNsVwR7ZT
=kpwU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Transfer-Encoding: chunked not working

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

C.,

On 12/5/13, 12:53 PM, C. Benson Manica wrote:
 The content I expect is in the neighborhood of 30K. What I get back
 is
 
 $ curl -i http://localhost:8080/
 
 HTTP/1.1 200 OK^M Server: Apache-Coyote/1.1^M Set-Cookie:
 JSESSIONID=6ED488F581B8D3317261ADA2AD97CC20; Path=/; HttpOnly^M 
 Content-Type: text/html;charset=UTF-8^M Transfer-Encoding:
 chunked^M Date: Thu, 05 Dec 2013 17:47:22 GMT^M ^M
 
 
 !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN  
 http://www.w3.org/TR/html4/loose.dtd; !-- intervening content
 elided -- var s

Unfortunately, curl appears to be handling the content for you. I
think you want to look at the raw bytes coming back.

I can't remember if I installed it myself or what, but you might have
tcpdump on your machine already. Try this:

$ sudo tcpdump -Xi lo0 src port 8080

This will dump everything. You'll need to read a bit to see all the
headers. You might also want to read-up on chunked transfer-encoding.

 I'm not using a tool to inspect traffic, because if it becomes
 that troublesome to debug a default install, I'm probably just
 going to use jetty. (full disclosure: I *am* now using jetty, with
 the same web application, and not running into any issues, so
 whatever's going on is in Tomcat world.)

Can you perhaps reduce the problem to something you could share with
us? Maybe someone on the list would be willing to do all that work so
that Tomcat can get fixed, assuming there is a problem.

 In answer to your meta-question, brew seemed to do a reasonable job
 with Tomcat, modulo this issue. I don't know that
 /usr/local/Cellar/tomcat/7.0.47/libexec makes 100% sense for 
 $TOMCAT_HOME, but at least everything's in the same place.

Good to know.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSoMzHAAoJEBzwKT+lPKRYV+AQAL2IEEnamhh8TsEes0BChuPl
uIkhrHM5i8f3OKQ6Gx4QP2aYJcjPcWg+1aGf/O7TdJsYTiWn9lQVunBfivZxtDYg
ABBlu3oqiOPjv/gZWbDy6adwwpCnWG8JPV4eiLtI1K3jHiu/XDABPQH1asw0uYXV
6NsY9cLfJsMe0WKa2IJoYDabrE0LXOo7v4jLdz3TLARQ50W8RWwqhxxJrme8hSe/
elCI7u2bLF93WTtWEjS6XZYDA///N54IvR1wjBDwjWAw/z5Zy+/25/RS+w3QGVDe
tW51wxE0xI0Rqk44U+Kt3vi3iYp6+2CNmrT3ZnT9UzSVWmBRjM13E+tvdjiv7VLA
gj+vGvRgEEtJecA3Di4+NlDsocxj865m3jEZqXDOKU1avoWDLWiIew1Ihb9qXpjU
pFUZNFy+kgYnP8QBXnjW3DcJHhU43Jhb5UP1QazVDml1ZQlbX4KUwgiPOLiCr6mz
VI58FUb3HZKSfyqB4xzt60TDJ7IexWq9PkjcF6wh9wkZtTMO4jV3Est7JAXcuz2w
EmKp9l1/hmqKF487PHiQodIQuiK3Yis+W8cjGvubVV/vjsQ/rlFCSrt1uIbUfhoO
aZ8QsBVL7UlpS3X1yqAnKPPUb84VtLteRK/DVzI13Nvxs9+KepOc68qlMZCJaXQv
UNZgZmunwk6o6hiBHKe2
=bQW3
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

org.apache.catalina.session.PersistentManager

2013-12-05 Thread spring

Hi,

if I want to use org.apache.catalina.session.PersistentManager but do not
want the async storage of session data is it sufficient to add a valve which
stores the session data after the request via manager.getStore().save(..)?

And how can I prevent that the session is stored again by the background
process of the manager?

Any drawbacks with this approach (besides performance)?

Thank you


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need Information regarding Apache Webserver static file configuration

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

David,

On 12/5/13, 1:33 PM, David kerber wrote:
 On 12/5/2013 5:37 AM, Tapajyoti Roybarman wrote:
 Hi Andre,
 
 I apologize for not following the mailing rule. Actually this is
 the first time that I am taking the help of such a forum.
 
 Before I begin asking you anything I want to thank you for such
 a detailed explanation.
 
 To begin with, answer to your question - why do you want to
 serve these files from Apache httpd, instead of letting Tomcat do
 it? I am planning to use Apache httpd as a Load Balancer. And to
 improve the performance of my application, I want to serve the
 static content from apache itself.
 
 Keep in mind that the performance boost you get from having httpd 
 serving static files instead of Tomcat will be small, perhaps not
 even measurable depending on the details of your configuration and
 application.
 
 Having httpd as a load balancer is a good use of it, but having it
 serve all your static files as a performance booster, not so much.

Well, given that he's going to use httpd for load-balancing, I can't
imagine that proxying all the static content will be as fast as
duplicating that content out to the httpd instance. I'm willing to bet
there is a measurable difference.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSoM9PAAoJEBzwKT+lPKRYdMwQAJ1b5s9YvC23X4tz/X1nIbRV
jXGMgJFLyx1j1CLu5rgv5ARmltpQJw604/2XgwXDudwW/7fXmeBczJcX7DH2ZqdO
ll0f/ruuHJGkGHAX33LbiyeeIgR/M0eyQEhEYO4xaHFcMxkUHllA247b5+b9/Bgc
cWPhhCo6fQx+pwU5himPeqXYQdvo+1R3uhjTe15V88VnptV+AEWFf75xPDjxJNtY
5pF4+HuKimOLEQj0/hwFW51u4mN7+ThvWEBg+619lp4G2omzA1ZOmALGC+3ZNAh/
9zt1MCy43ENWU0lh/NNxFf9o3wKJp9j0sy60VVaBLJqmh8BXkca1sM2Bx32vA/TR
t1rExcNsif2PzHkEcWsf0IuRhONsP8xAqq5MJh08LjdL4owkht1/NdFQYO74cuFe
RS9ypl+K+cRHhZB5V6obkRgekdfnln/nLpkzxHYpwq1Pk4c8N9Rclo0zJgbAEZuM
wXvdNvb+Uy48nUalXlm3ekLfR0x1RlrMDdd14R19lG4IzfFvnwWm6xNc4N04OMfj
GgKCjNTVpaO5oXV94TsUldMWBKC3txF+Gc/C/D/QUAfayTTCYV+vNy4h1rYhR6u/
j4O4a+npHXpVqiDGT5rt4hyP/NtKVv1VYpVLxDJPcATOjPIkaZNYrfB+nw0fIj+M
yGacb91XLmnZpPDZom+P
=kkwR
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Expire Sesssion

2013-12-05 Thread Crystal Maramba

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Thursday, December 05, 2013 10:36 AM
To: Tomcat Users List
Subject: Re: Expire Sesssion

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Crystal,

On 12/5/13, 12:10 PM, Crystal Maramba wrote:

 -Original Message- From: Igor Cicimov 
 [mailto:icici...@gmail.com] Sent: Wednesday, December 04, 2013 6:54 PM 
 To: Tomcat Users List Subject: Re: Expire Sesssion

 On 05/12/2013 9:47 AM, Crystal Maramba cmara...@acumenllc.com
 wrote:

 Version: Apache Tomcat 7.0.42 Server: 2008r2 Standard

 How can I change the expired sessions in Tomcat Manager from 30 
 minutes
 to 480 minutes?

 I think you can do it through the web.xml file located in
 \tomcat\conf\web.xml and then restart Tomcat.

 Is there a difference if I change it in the \tomcat\conf location 
 versus
 \tomcat\webapps\[web app name]\web-inf\web.xml location?

 First one will apply to all apps.

 If I change the web.xml file in the \tomcat\conf\web.xml location 
 will it
 override the web app location?

 No.

 Thanks for the response. Is there a way to do this through the Tomcat 
 manager without modifying tomcat web.xml config file?

No. That could be added, but it would not persist across re-deployments or 
server restarts without some ... effort.

- -chris

Ok, thank you. Any idea on how you would do that? I don't see a save button 
anywhere.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSoMejAAoJEBzwKT+lPKRYwXQP/2j1yljzh4Ce34M3LAyHh2Fy
zR7nPMB4QrZCXKm2O9kncpd7b5nX86Y1IbRGCfTiihqTeI31yndEYR366FvSIova
nuAevupVPPxhshYb9RiXQD3olI9sPFbef64ELZ933S+u/k9kC9/fc6er4h5DRjdx
0MwxF3dJIAH5BG0HbcloENLT/2se3OG6j1ut28QisiLTaGmG5E/4b14F1GgMcQUy
DtlwmGcO3YWW0rjGBfBoTQwtuzMCpzoalgt6FiXPbaLXOkum1thrX7nUOGizpWq0
Ez4+nQwGJDn5jhnQKvedzEblnUc5Hnzv+srp1bXbf3h5f8vB2z+NIiLLFBb17dld
j5M2CQoZwj0T13Re8Q9T6EwLIg87Mi6ROExlORXaZr59dLnFB87izYVAsgOIhs/W
oI+JpkDuNakZCf4Zpcu3qkZFRYG9Ulqy23t1KS40qWYDeDoCHqaK3sk2nWxadVd5
gc1IWK5al8IIc/gYMYH8JOvE3mb65fFcIVcnGaf7LeWwGehf7FUe27nf1j5mTvOn
VfmmqnWPdj2FptCOx0rXE+CRBQFbcwycADkqWHRZajJ725zHy/P8g2+FeF4cf7Fq
CAZ2bjPujcJBHo7dl73y3fUcVSfoXkwiShZB+SgakZ3f8zHYLPkngI1+HKfq9m3K
j6mK3IzLN8hHNsVwR7ZT
=kpwU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Accessing ServletContext from WebSocket endpoint

2013-12-05 Thread Enrico Olivelli


Hi,
is there a standard way to access ServletContext from a WebSocket 
ServerEndpoint ?


thank you
Tomcat is great

Enrico Olivelli

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Accessing ServletContext from WebSocket endpoint

2013-12-05 Thread Violeta Georgieva

Hi,


2013/12/5 Enrico Olivelli eolive...@gmail.com

 Hi,
 is there a standard way to access ServletContext from a WebSocket
ServerEndpoint ?

Recently there was such discussion:
http://markmail.org/message/pqkzatjastefxvd6?q=Tomcat+8+Websockets+configuration+list:org%2Eapache%2Etomcat%2Euser/

Regards
Violeta

Re: Expire Sesssion

Crystal,

At the risk of stating the obvious, you can also override the default
session timeout programmatically using HttpSession's method:

setMaxInactiveInterval(int interval)

-Alec


On Thu, Dec 5, 2013 at 2:27 PM, Crystal Maramba cmara...@acumenllc.comwrote:



 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Sent: Thursday, December 05, 2013 10:36 AM
 To: Tomcat Users List
 Subject: Re: Expire Sesssion

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Crystal,

 On 12/5/13, 12:10 PM, Crystal Maramba wrote:
 
 
  -Original Message- From: Igor Cicimov
  [mailto:icici...@gmail.com] Sent: Wednesday, December 04, 2013 6:54 PM
  To: Tomcat Users List Subject: Re: Expire Sesssion
 
  On 05/12/2013 9:47 AM, Crystal Maramba cmara...@acumenllc.com
  wrote:
 
  Version: Apache Tomcat 7.0.42 Server: 2008r2 Standard
 
  How can I change the expired sessions in Tomcat Manager from 30
  minutes
  to 480 minutes?
 
  I think you can do it through the web.xml file located in
  \tomcat\conf\web.xml and then restart Tomcat.
 
  Is there a difference if I change it in the \tomcat\conf location
  versus
  \tomcat\webapps\[web app name]\web-inf\web.xml location?
 
  First one will apply to all apps.
 
  If I change the web.xml file in the \tomcat\conf\web.xml location
  will it
  override the web app location?
 
  No.
 
  Thanks for the response. Is there a way to do this through the Tomcat
  manager without modifying tomcat web.xml config file?

 No. That could be added, but it would not persist across re-deployments or
 server restarts without some ... effort.

 - -chris

 Ok, thank you. Any idea on how you would do that? I don't see a save
 button anywhere.

 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.15 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJSoMejAAoJEBzwKT+lPKRYwXQP/2j1yljzh4Ce34M3LAyHh2Fy
 zR7nPMB4QrZCXKm2O9kncpd7b5nX86Y1IbRGCfTiihqTeI31yndEYR366FvSIova
 nuAevupVPPxhshYb9RiXQD3olI9sPFbef64ELZ933S+u/k9kC9/fc6er4h5DRjdx
 0MwxF3dJIAH5BG0HbcloENLT/2se3OG6j1ut28QisiLTaGmG5E/4b14F1GgMcQUy
 DtlwmGcO3YWW0rjGBfBoTQwtuzMCpzoalgt6FiXPbaLXOkum1thrX7nUOGizpWq0
 Ez4+nQwGJDn5jhnQKvedzEblnUc5Hnzv+srp1bXbf3h5f8vB2z+NIiLLFBb17dld
 j5M2CQoZwj0T13Re8Q9T6EwLIg87Mi6ROExlORXaZr59dLnFB87izYVAsgOIhs/W
 oI+JpkDuNakZCf4Zpcu3qkZFRYG9Ulqy23t1KS40qWYDeDoCHqaK3sk2nWxadVd5
 gc1IWK5al8IIc/gYMYH8JOvE3mb65fFcIVcnGaf7LeWwGehf7FUe27nf1j5mTvOn
 VfmmqnWPdj2FptCOx0rXE+CRBQFbcwycADkqWHRZajJ725zHy/P8g2+FeF4cf7Fq
 CAZ2bjPujcJBHo7dl73y3fUcVSfoXkwiShZB+SgakZ3f8zHYLPkngI1+HKfq9m3K
 j6mK3IzLN8hHNsVwR7ZT
 =kpwU
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_proxy not redirecting servlet redirect properly

2013-12-05 Thread Jan Vávra


Hello,
 is really cutting of the /myapp the thing you want to do? Isn't it 
turned-up?


Now from url http://myip/myapp/smthg
you redirect client to
http://myip/smthg

You wrote : In one of the servlets POST method i am redirecting the 
request to a JSP page

So the scenatio is.
1. client makes a POST request to a servlet
2. The servlet returns Redirect in the response. And there you need to 
compute the url to redirect to.

If you use only relative url, you should not have this problem.
If you need full url, you should use mod_ajp or read the hostname:port 
part from configuration.

But there is no need to define Redirect in Apache Server config.

Jan.

Hi



I am very new to mod_proxy. Gone thru some tutorials and configured mod_proxy. 
Everything works great except this issue. Couldn't solve even after spending 
hrs in googling. Issue is - I have apache 2 in front of tomcat 6 (running in 
port 8080) in my internet website. I am using mod_proxy to mask the port 8080. 
In one of the servlets POST method i am redirecting the request to a JSP page 
but port 8080 is displayed in the URL as follows after successful redirect 
http://myip.com:8080/myapp/WebContent/result.jsp?message=success
Couldn't figure out how to avoid it. Here is my httpd conf entry
VirtualHost *:80 ServerAdmin sha...@example.com ServerName http://myip 
ServerAlias http://myip ProxyPass /myapp http://myip:8080/myapp ProxyPassReverse 
/myapp myip:8080/myapp ProxyPass /myapp ! RedirectMatch 301 ^/myapp/(.*)$ /$1 
RedirectMatch 301 ^/myapp$ /
/VirtualHost
Can someone pls. let me know what the problem is? thanks



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Expire Sesssion

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Crystal,

On 12/5/13, 2:27 PM, Crystal Maramba wrote:
 
 
 -Original Message- From: Christopher Schultz
 [mailto:ch...@christopherschultz.net] Sent: Thursday, December 05,
 2013 10:36 AM To: Tomcat Users List Subject: Re: Expire Sesssion
 
 Crystal,
 
 On 12/5/13, 12:10 PM, Crystal Maramba wrote:
 
 
 -Original Message- From: Igor Cicimov 
 [mailto:icici...@gmail.com] Sent: Wednesday, December 04, 2013
 6:54 PM To: Tomcat Users List Subject: Re: Expire Sesssion
 
 On 05/12/2013 9:47 AM, Crystal Maramba
 cmara...@acumenllc.com wrote:
 
 Version: Apache Tomcat 7.0.42 Server: 2008r2 Standard
 
 How can I change the expired sessions in Tomcat Manager from 30
  minutes
 to 480 minutes?
 
 I think you can do it through the web.xml file located in
 \tomcat\conf\web.xml and then restart Tomcat.
 
 Is there a difference if I change it in the \tomcat\conf
 location versus
 \tomcat\webapps\[web app name]\web-inf\web.xml location?
 
 First one will apply to all apps.
 
 If I change the web.xml file in the \tomcat\conf\web.xml
 location will it
 override the web app location?
 
 No.
 
 Thanks for the response. Is there a way to do this through the
 Tomcat manager without modifying tomcat web.xml config file?
 
 No. That could be added, but it would not persist across
 re-deployments or server restarts without some ... effort.
 
 -chris
 
 Ok, thank you. Any idea on how you would do that? I don't see a
 save button anywhere.

That's what I was saying: there is no save button because there's
nothing to save right now. It's a new feature that would have to be
added to the Manager app. I don't see any particular reason to
implement such a feature because modifying the web.xml is so trivial.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSoOg8AAoJEBzwKT+lPKRYaakP/1RgLRF0Sx5WfiCOLO9ZoF3+
yr2fnuRxUdD92P0dtshJHp+kkDEN9u4czlGtzfdeoFd0hatkWNX7bYGB3C18T9ne
GF9JGyMS1OEDQk+eCQkhJ1MYTG1GcFqzUfCBvyWDZERNboPJpjxb4TAMX4R5VdSw
i7eZwRQ4R97WJxEv0RwQGx4xMje4VbWkEX0w3Txu1tvnSt+W9Q5W/7qzEAsAJk11
ITQmXG5vxbT2owFXG8ljW/hB4POIPoTMeSgkhjJV7Ywv1YLNok4ikpcGlwFYXbVD
yY0MDIEg4Iy5+ZWutiF0DPOCgozILISKYKov0vMaZxR7/gcY3cgPoQ3gP9n4KEPr
R6J8jKQrIYl8Z0S8EUUOIEXVmJAOWbwxiSgxjzwT2IHSygDxMrF+VKxHmBL2MYkT
9cL6eWgh97+BzbzbjH6kwUWFGUL/wj/H/bmTQ0MjXrBPkZ1PP4/jLB86qsl59XuD
H6Xg+R/ABv7dyiR7A5GCN3wYq9hLjdEF8k941IuotxEZhOoi2B5PhxpHgyJVdjsY
3b6vmeQmyopQ4VjKiDdl/Sh6lOmNZGVRZqe8nR54wHAyBnp6XRywuRFvQrZbpwHP
Yi8i5JgPUdfZK/ZhPXyorTc5NkL3tVEBrYaNDq0CUrzeFi3l4bfzgRcdj5XzKq/+
n0Mn7zyqtL7gzF0ouJhu
=axvO
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Expire Sesssion

2013-12-05 Thread John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at Cisco)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alec,

On 12/5/13, 3:29 PM, Tomcat Random wrote:
 Crystal,
 
 At the risk of stating the obvious, you can also override the
 default session timeout programmatically using HttpSession's
 method:
 
 setMaxInactiveInterval(int interval)

I'm guessing that since Crystal doesn't want to modify web.xml, she's
not going to want to modify the source and re-compile.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSoOhVAAoJEBzwKT+lPKRY20MQAK+yDWwcAMBnIGPHWFUOXoVW
P0LgiWDUvpnDCr2o+LPJLtTBbB3bHD/slkdvCNXXE91iaSUhuEJgulbaxalgSW/f
nxDtoShBvkJywG2zm/3g+kePOQCyyQTON2ywzm/2emVzSLKFXF+J6kACLJgsYsVr
3BAUdhXWxCsowJO84iG5b4agSdl0TgwQl3Y3WZiPkilWmtqI2i4Ua/oInjrbqlKr
xcDcT1u37YKHDb/9hQUJ7wJq+2ZuRS5hqZsMI40qoinfVzEX297bctFi8Vj5XYAN
4HZPOHvIdoA7VZVDImRGXyrJBLLkEPwJ0XITI8ddQ5IczDeIN5ARHYGleDI1WmLb
qjG6JBT9u0C9oJZi5LOKesjB4WSj+frt8tli3CZu39z7AI1upmushVRPp8caRN9N
6cZpGkJxNz8HZzmFYIvkNWDBAHSEIM/fjmH3hZ59OFLzhi6mOtckH0daBGIFcTA9
a8XkYXFMYWGfXPmQyha8K//NOCSyGCxMo2Uo/ZkWVq1bDp1rs0Gnsf2cNuI5izL3
hQlLlK0bbysoGamWjnsC5hwU3p43ZPYJkpc12Dzs7jlUkHav14QlQgA6DRE4o7ZY
/4rfTVWvGAR+qG6bF9ynBb856JMdTJmDz8vVPpzE7sy4GREcNrJ7m1tT3TyZ5Bxf
3XkJ3AOFzelkUQAwL8FH
=UMid
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 7 SEVERE: Invalid message received with signature

Hello,

I did some testing with Apache reverse proxy to Tomcat a week ago or so, and am 
now out of the blue seeing a string of SEVERE messages in catalina.out. Apache 
is not running
and in fact has been uninstalled. The  proxyPort directive has been removed 
from the Tomcat server.xml connector config, and Tomcat has been rebooted.  I 
was using http
not ajp. Any input would be appreciated.

Connector port=8100 protocol=HTTP/1.1
   connectionTimeout=2
   redirectPort=8445

org.apache.coyote.ajp.AjpMessage processHeader
SEVERE: Invalid message received with signature 


Tomcat 7.0.39
jdk1.6.0_45
Apache 2.2.3-43 (not currently running or installed

Thanks
-John

Re: Expire Sesssion

Chris,

True. But changing the web.xml file will still require a restart. It
depends on if she wants to change this frequently or permanently. The
interval could go in a properties file as well, if
setMaxInactiveInterval(...) is used. Also requires a restart by default but
there are file listeners.

-Alec


On Thu, Dec 5, 2013 at 3:55 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Alec,

 On 12/5/13, 3:29 PM, Tomcat Random wrote:
  Crystal,
 
  At the risk of stating the obvious, you can also override the
  default session timeout programmatically using HttpSession's
  method:
 
  setMaxInactiveInterval(int interval)

 I'm guessing that since Crystal doesn't want to modify web.xml, she's
 not going to want to modify the source and re-compile.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.15 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJSoOhVAAoJEBzwKT+lPKRY20MQAK+yDWwcAMBnIGPHWFUOXoVW
 P0LgiWDUvpnDCr2o+LPJLtTBbB3bHD/slkdvCNXXE91iaSUhuEJgulbaxalgSW/f
 nxDtoShBvkJywG2zm/3g+kePOQCyyQTON2ywzm/2emVzSLKFXF+J6kACLJgsYsVr
 3BAUdhXWxCsowJO84iG5b4agSdl0TgwQl3Y3WZiPkilWmtqI2i4Ua/oInjrbqlKr
 xcDcT1u37YKHDb/9hQUJ7wJq+2ZuRS5hqZsMI40qoinfVzEX297bctFi8Vj5XYAN
 4HZPOHvIdoA7VZVDImRGXyrJBLLkEPwJ0XITI8ddQ5IczDeIN5ARHYGleDI1WmLb
 qjG6JBT9u0C9oJZi5LOKesjB4WSj+frt8tli3CZu39z7AI1upmushVRPp8caRN9N
 6cZpGkJxNz8HZzmFYIvkNWDBAHSEIM/fjmH3hZ59OFLzhi6mOtckH0daBGIFcTA9
 a8XkYXFMYWGfXPmQyha8K//NOCSyGCxMo2Uo/ZkWVq1bDp1rs0Gnsf2cNuI5izL3
 hQlLlK0bbysoGamWjnsC5hwU3p43ZPYJkpc12Dzs7jlUkHav14QlQgA6DRE4o7ZY
 /4rfTVWvGAR+qG6bF9ynBb856JMdTJmDz8vVPpzE7sy4GREcNrJ7m1tT3TyZ5Bxf
 3XkJ3AOFzelkUQAwL8FH
 =UMid
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Expire Sesssion

2013-12-05 Thread Crystal Maramba

-Original Message-
From: Tomcat Random [mailto:tomcat.ran...@gmail.com] 
Sent: Thursday, December 05, 2013 3:03 PM
To: Tomcat Users List
Subject: Re: Expire Sesssion

Chris,

True. But changing the web.xml file will still require a restart. It depends on 
if she wants to change this frequently or permanently. The interval could go in 
a properties file as well, if
setMaxInactiveInterval(...) is used. Also requires a restart by default but 
there are file listeners.

-Alec

On Thu, Dec 5, 2013 at 3:55 PM, Christopher Schultz  
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA256

 Alec,

 On 12/5/13, 3:29 PM, Tomcat Random wrote:
  Crystal,

  At the risk of stating the obvious, you can also override the 
  default session timeout programmatically using HttpSession's
  method:

  setMaxInactiveInterval(int interval)

 I'm guessing that since Crystal doesn't want to modify web.xml, she's 
 not going to want to modify the source and re-compile.

 - -chris

Hi Alec,

This is an internal site so restart is ok. I would prefer it to be permanent. 
Can you send me an example of what you are referring to for properties file?

Hi Chris,

Sorry I misunderstood your comment. Thanks for the clarification. I am actually 
looking for other options besides modifying the web.xml config file. Someone 
mentioned that we could do it through the Tomcat Manager but I didn't see how 
that would be possible, so I was looking at getting other options or 
clarification as to how that could be done.

I don't mind making the modification to the web.xml file at the web app level 
and at the tomcat home  level. 

Crys
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.15 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

 iQIcBAEBCAAGBQJSoOhVAAoJEBzwKT+lPKRY20MQAK+yDWwcAMBnIGPHWFUOXoVW
 P0LgiWDUvpnDCr2o+LPJLtTBbB3bHD/slkdvCNXXE91iaSUhuEJgulbaxalgSW/f
 nxDtoShBvkJywG2zm/3g+kePOQCyyQTON2ywzm/2emVzSLKFXF+J6kACLJgsYsVr
 3BAUdhXWxCsowJO84iG5b4agSdl0TgwQl3Y3WZiPkilWmtqI2i4Ua/oInjrbqlKr
 xcDcT1u37YKHDb/9hQUJ7wJq+2ZuRS5hqZsMI40qoinfVzEX297bctFi8Vj5XYAN
 4HZPOHvIdoA7VZVDImRGXyrJBLLkEPwJ0XITI8ddQ5IczDeIN5ARHYGleDI1WmLb
 qjG6JBT9u0C9oJZi5LOKesjB4WSj+frt8tli3CZu39z7AI1upmushVRPp8caRN9N
 6cZpGkJxNz8HZzmFYIvkNWDBAHSEIM/fjmH3hZ59OFLzhi6mOtckH0daBGIFcTA9
 a8XkYXFMYWGfXPmQyha8K//NOCSyGCxMo2Uo/ZkWVq1bDp1rs0Gnsf2cNuI5izL3
 hQlLlK0bbysoGamWjnsC5hwU3p43ZPYJkpc12Dzs7jlUkHav14QlQgA6DRE4o7ZY
 /4rfTVWvGAR+qG6bF9ynBb856JMdTJmDz8vVPpzE7sy4GREcNrJ7m1tT3TyZ5Bxf
 3XkJ3AOFzelkUQAwL8FH
 =UMid
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 lib jars

Dan,

+1. I can't imagine what kind of headaches are waiting around with all the
symbolic links for the JARs.

-Alec


On Thu, Dec 5, 2013 at 10:03 AM, Daniel Mikusa dmik...@gopivotal.comwrote:

 On Dec 5, 2013, at 9:42 AM, Patel, Rakesh (Java) 
 rakesh.pat...@bskyb.com wrote:

  Hi,
 
  I've come across lots of duplicate jars in the tomcat/lib directory on
 the servers we have been given by our infrastructure people.
 
  The directory looks like this:
 
  -rw-r--r-- 1 root root   15153 Jul 20  2011 annotations-api-6.0.24.jar
  lrwxrwxrwx 1 root root  26 Oct 29 17:05 annotations-api.jar -
 annotations-api-6.0.24.jar
  -rw-r--r-- 1 root root 1205728 Jul 20  2011 catalina-6.0.24.jar
  -rw-r--r-- 1 root root   54149 Jul 20  2011 catalina-ant-6.0.24.jar
  lrwxrwxrwx 1 root root  23 Oct 29 17:05 catalina-ant.jar -
 catalina-ant-6.0.24.jar
  -rw-r--r-- 1 root root  130751 Jul 20  2011 catalina-ha-6.0.24.jar
  lrwxrwxrwx 1 root root  22 Oct 29 17:05 catalina-ha.jar -
 catalina-ha-6.0.24.jar
  lrwxrwxrwx 1 root root  19 Oct 29 17:05 catalina.jar -
 catalina-6.0.24.jar
  -rw-r--r-- 1 root root  235744 Jul 20  2011 catalina-tribes-6.0.24.jar
  lrwxrwxrwx 1 root root  26 Oct 29 17:05 catalina-tribes.jar -
 catalina-tribes-6.0.24.jar
  lrwxrwxrwx 1 root root  39 Oct 29 17:05 commons-collections.jar -
 /usr/share/java/commons-collections.jar
  lrwxrwxrwx 1 root root  32 Oct 29 17:05 commons-dbcp.jar -
 /usr/share/java/commons-dbcp.jar
  lrwxrwxrwx 1 root root  32 Oct 29 17:05 commons-pool.jar -
 /usr/share/java/commons-pool.jar
  -rw-r--r-- 1 root root  533217 Jul 20  2011 jasper-6.0.24.jar
  -rw-r--r-- 1 root root  108903 Jul 20  2011 jasper-el-6.0.24.jar
  lrwxrwxrwx 1 root root  20 Oct 29 17:05 jasper-el.jar -
 jasper-el-6.0.24.jar
  lrwxrwxrwx 1 root root  17 Oct 29 17:05 jasper.jar -
 jasper-6.0.24.jar
  lrwxrwxrwx 1 root root  23 Oct 29 17:05 jasper-jdt.jar -
 /usr/share/java/ecj.jar
  lrwxrwxrwx 1 root root  25 Oct 29 17:05 log4j.jar -
 /usr/share/java/log4j.jar
  lrwxrwxrwx 1 root root  33 Oct 29 17:05 mx4j-jmx.jar -
 /usr/share/java/mx4j/mx4j-jmx.jar
  lrwxrwxrwx 1 root root  36 Oct 29 17:05 mx4j-remote.jar -
 /usr/share/java/mx4j/mx4j-remote.jar
  -rw-r--r-- 1 root root  832960 Oct 29 17:07
 mysql-connector-java-5.1.22-bin.jar
  lrwxrwxrwx 1 root root  59 Oct 29 17:07 mysql-connector-java.jar -
 /usr/share/java/tomcat6/mysql-connector-java-5.1.22-bin.jar
  -rw-r--r-- 1 root root   26083 Oct 29 17:07 slf4j-api-1.7.2.jar
  lrwxrwxrwx 1 root root  43 Oct 29 17:07 slf4j-api.jar -
 /usr/share/java/tomcat6/slf4j-api-1.7.2.jar
  -rw-r--r-- 1 root root8819 Oct 29 17:07 slf4j-log4j12-1.7.2.jar
  lrwxrwxrwx 1 root root  47 Oct 29 17:07 slf4j-log4j12.jar -
 /usr/share/java/tomcat6/slf4j-log4j12-1.7.2.jar
  lrwxrwxrwx 1 root root  32 Oct 29 17:05
 tomcat6-el-2.1-api-6.0.24.jar - ../tomcat6-el-2.1-api-6.0.24.jar
  lrwxrwxrwx 1 root root  33 Oct 29 17:05
 tomcat6-jsp-2.1-api-6.0.24.jar - ../tomcat6-jsp-2.1-api-6.0.24.jar
  lrwxrwxrwx 1 root root  37 Oct 29 17:05
 tomcat6-servlet-2.5-api-6.0.24.jar - ../tomcat6-servlet-2.5-api-6.0.24.jar
  -rw-r--r-- 1 root root  768357 Jul 20  2011 tomcat-coyote-6.0.24.jar
  lrwxrwxrwx 1 root root  24 Oct 29 17:05 tomcat-coyote.jar -
 tomcat-coyote-6.0.24.jar
  -rw-r--r-- 1 root root   69826 Jul 20  2011 tomcat-i18n-es-6.0.24.jar
  lrwxrwxrwx 1 root root  25 Oct 29 17:05 tomcat-i18n-es.jar -
 tomcat-i18n-es-6.0.24.jar
  -rw-r--r-- 1 root root   51772 Jul 20  2011 tomcat-i18n-fr-6.0.24.jar
  lrwxrwxrwx 1 root root  25 Oct 29 17:05 tomcat-i18n-fr.jar -
 tomcat-i18n-fr-6.0.24.jar
  -rw-r--r-- 1 root root   54441 Jul 20  2011 tomcat-i18n-ja-6.0.24.jar
  lrwxrwxrwx 1 root root  25 Oct 29 17:05 tomcat-i18n-ja.jar -
 tomcat-i18n-ja-6.0.24.jar
  lrwxrwxrwx 1 root root  38 Oct 29 17:05 tomcat-juli.jar -
 /usr/share/tomcat6/bin/tomcat-juli.jar
 
  You'll notice generic jar names sum linked to specific jars AND the
 specific jar also in the directory.
 
  Is this harmless? Or should I ask for a 'cleaner' install from the
 apache website? I believe this installation comes from the central CentOS6
 repository.

 Minimally, I would ask for an up-to-date version of Tomcat.  The libraries
 seem to indicate that 6.0.24 is installed and that's pretty old now.  As
 for the latest 6.0.x release.

 As far as the duplicate JAR files, one situation off the top of my head
 where it could cause problems is if the versions are different.  For
 example, if the JAR file in the lib folder is version X and the symlink
 points to version Y.  This is problematic because you would have no idea
 which version of the JAR is going to be loaded.  You'd want one or the
 other, either the file or the symlink.

 Personally, and I think many people on the list would agree, I'd suggest
 against using the installation from your distro's repository.  They're
 typically way out-of-date (see my comment above) and they tend to put

Re: Expire Sesssion

Crystal,

The properties file is just a standard java properties file. Really, it's
only a better option if you have other settings and want to consolidate
them there, along with your session expiration time.

If you can edit the web.xml and restart, and it's permanent, then I'd
recommend you just change the web.xml. If you want all your webapps to have
an expiration of 480, then change it in $CATALINA_HOME/conf, otherwise do
it in each webapps web.xml file as needed.

HTH,
Alec


On Thu, Dec 5, 2013 at 6:25 PM, Crystal Maramba cmara...@acumenllc.comwrote:



 -Original Message-
 From: Tomcat Random [mailto:tomcat.ran...@gmail.com]
 Sent: Thursday, December 05, 2013 3:03 PM
 To: Tomcat Users List
 Subject: Re: Expire Sesssion

 Chris,

 True. But changing the web.xml file will still require a restart. It
 depends on if she wants to change this frequently or permanently. The
 interval could go in a properties file as well, if
 setMaxInactiveInterval(...) is used. Also requires a restart by default
 but there are file listeners.

 -Alec


 On Thu, Dec 5, 2013 at 3:55 PM, Christopher Schultz 
 ch...@christopherschultz.net wrote:

  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA256
 
  Alec,
 
  On 12/5/13, 3:29 PM, Tomcat Random wrote:
   Crystal,
  
   At the risk of stating the obvious, you can also override the
   default session timeout programmatically using HttpSession's
   method:
  
   setMaxInactiveInterval(int interval)
 
  I'm guessing that since Crystal doesn't want to modify web.xml, she's
  not going to want to modify the source and re-compile.
 
  - -chris


 Hi Alec,

 This is an internal site so restart is ok. I would prefer it to be
 permanent. Can you send me an example of what you are referring to for
 properties file?

 Hi Chris,

 Sorry I misunderstood your comment. Thanks for the clarification. I am
 actually looking for other options besides modifying the web.xml config
 file. Someone mentioned that we could do it through the Tomcat Manager but
 I didn't see how that would be possible, so I was looking at getting other
 options or clarification as to how that could be done.

 I don't mind making the modification to the web.xml file at the web app
 level and at the tomcat home  level.

 Crys
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1.4.15 (Darwin)
  Comment: GPGTools - http://gpgtools.org
  Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
 
  iQIcBAEBCAAGBQJSoOhVAAoJEBzwKT+lPKRY20MQAK+yDWwcAMBnIGPHWFUOXoVW
  P0LgiWDUvpnDCr2o+LPJLtTBbB3bHD/slkdvCNXXE91iaSUhuEJgulbaxalgSW/f
  nxDtoShBvkJywG2zm/3g+kePOQCyyQTON2ywzm/2emVzSLKFXF+J6kACLJgsYsVr
  3BAUdhXWxCsowJO84iG5b4agSdl0TgwQl3Y3WZiPkilWmtqI2i4Ua/oInjrbqlKr
  xcDcT1u37YKHDb/9hQUJ7wJq+2ZuRS5hqZsMI40qoinfVzEX297bctFi8Vj5XYAN
  4HZPOHvIdoA7VZVDImRGXyrJBLLkEPwJ0XITI8ddQ5IczDeIN5ARHYGleDI1WmLb
  qjG6JBT9u0C9oJZi5LOKesjB4WSj+frt8tli3CZu39z7AI1upmushVRPp8caRN9N
  6cZpGkJxNz8HZzmFYIvkNWDBAHSEIM/fjmH3hZ59OFLzhi6mOtckH0daBGIFcTA9
  a8XkYXFMYWGfXPmQyha8K//NOCSyGCxMo2Uo/ZkWVq1bDp1rs0Gnsf2cNuI5izL3
  hQlLlK0bbysoGamWjnsC5hwU3p43ZPYJkpc12Dzs7jlUkHav14QlQgA6DRE4o7ZY
  /4rfTVWvGAR+qG6bF9ynBb856JMdTJmDz8vVPpzE7sy4GREcNrJ7m1tT3TyZ5Bxf
  3XkJ3AOFzelkUQAwL8FH
  =UMid
  -END PGP SIGNATURE-
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 7 SEVERE: Invalid message received with signature

2013-12-05 Thread Caldarale, Charles R

 From: John Beaulaurier -X (jbeaulau - ADVANCED NETWORK INFORMATION INC at 
 Cisco)
 [mailto:jbeau...@cisco.com] 
 Subject: Tomcat 7 SEVERE: Invalid message received with signature

 Apache is not running and in fact has been uninstalled.

Presumably you mean Apache httpd, not Apache Tomcat (both are from Apache, and 
precision counts here).

 Any input would be appreciated.

 Connector port=8100 protocol=HTTP/1.1
connectionTimeout=2
redirectPort=8445

 org.apache.coyote.ajp.AjpMessage processHeader
 SEVERE: Invalid message received with signature 

It would seem that you still have an AJP Connector configured in the 
server.xml that's actually being used.  First, make sure your Tomcat is using 
the server.xml you're editing (e.g., don't run it under an IDE).  If that 
doesn't resolve the issue, post your entire server.xml here, minus comments and 
with sensitive fields obfuscated.  Also look in all of the Tomcat logs for 
startup information about the various connectors and listeners that are active.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JNDI Realm and GSSAPI problems with TC 7

On 05/12/2013 14:48, Hendrik Dev wrote:
 Hi,
 
 i have a few questions about the JNDIRealm, GSSAPI (Kerberos 5 mech)
 authentication and the SPNEGO Authenticator Valve in TC 7.0.47:
 
 Preface: In the docs SPNEGO Authenticator Valve/JNDIRealm is called
 30) Windows Authentication but i guess its not only working for
 windows? I see no code which is explicitly tied to windows or active
 directory so i assume its also working for Linux/MIT Kerberos/OpenLDAP
 setup, is this true?

It *should* work with those but it has only been tested with:
- Windows domain controller
- Windows client
- Tomcat running on Windows Server
- Tomcat running on Ubuntu Server

The remainder of my reply is based on a combination of reading the
source and what I recall of my intentions when I implemented the SPNEGO
support rather than actual testing.

 What i try to achieve is that the JNDIRealm will use the user's (
 which is authenticated by the spnego valve) delegated credentials to
 connect to the LDAP server and then query the roles to which the users
 belongs to. This is not working for me for two reasons:
 
 1) JndiRealm tries initially on startup to make a connection to the
 LDAP server which makes no sense because there are no GSSAPI
 credentials yet - JndiRealm.startInternal() (Line 2225)

Either the directory will need to allow anonymous bind or you'll need to
define a user with minimal privs and provide the appropriate user name
and password in the connectionName and connectionPassword attributes.

 2) After temporarily solving issue 1)
How?

 the JNDI Realm prompt me for username and password.
Do you mean Tomcat tells your browser to display the BASIC auth password
dialog? Or do you mean something else? What are the HTTP headers at this
point?

 This seems to be originating from the SASL Client default callback.
What are you basing that statement on?

 I tried to register my own callbackhandler
 (setting java.naming.security.sasl.callback) but it’s ignored.
What did you set this to?

 Inspecting the code of JNDIRealm.java it seems that such a scenario is
 not indented
I assume you mean intended here.

Take another look at the getPrincipal(DirContext, String, GSSCredential)
method. Keep in mind that the SPNEGO authenticator is a little different
in that it doesn't obtain the username and credentials for a Realm to
validate. The SPNEGO authenticator provides an authenticated user and
their associated credentials. The Realms simply use the authenticated
user without further validation.

 but the docs argue the converse
 http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html#Tomcat_instance
The default behaviour with the JNDIRealm is to use the authenticated
client's credentials to obtain the roles.

 Any help is appreciated.
A good place to start would be for you to provide us with some
configuration details. The behaviour you seem to be aiming for is
supported and very close to the default. At this point this looks like a
configuration error but we can't help much if we can't see the
configuration.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] JNDI Realm and GSSAPI problems with TC 7


Mark Thomas wrote:
...



It *should* work with those but it has only been tested with:
- Windows domain controller
- Windows client
- Tomcat running on Windows Server
- Tomcat running on Ubuntu Server


..
Ah ! To my knowledge, this is the first indication *ever* that this also works on 
Unix/Linux Tomcat hosts.


The page at 
http://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Built-in_Tomcat_support
does not say this, and the language used strongly tends to suggest that it works under 
Windows (as a Tomcat host), and never actually mentions any other OS.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] JNDI Realm and GSSAPI problems with TC 7

André Warnier a...@ice-sa.com wrote:
Mark Thomas wrote:
...

 
 It *should* work with those but it has only been tested with:
 - Windows domain controller
 - Windows client
 - Tomcat running on Windows Server
 - Tomcat running on Ubuntu Server
 
..
Ah ! To my knowledge, this is the first indication *ever* that this
also works on 
Unix/Linux Tomcat hosts.

The page at 
http://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Built-in_Tomcat_support
does not say this, and the language used strongly tends to suggest that
it works under 
Windows (as a Tomcat host), and never actually mentions any other OS.

It has worked since the day the feature was added but I only found the time to 
test it to confirm it works this week. The docs were updated in svn a few days 
ago and will be included in the next 7.0.x and 8.0.x releases.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Expire Sesssion