Re: running packed WAR files with embedded tomcat
Tomcat 7 embedded doesn't need a war file to be unpacked. I have a Spring based application packaged in war and it works. Do you really use Tomcat embedded jars on the classpath or may be from Tomcat installation? 2014/1/22 John Cartwright - NOAA Federal john.c.cartwri...@noaa.gov Thanks for the example Valery. Even with your approach, I'm finding that unless I create a directory webapps in the directory from which I run the program, I get this exception: java.io.IOException: Application base [{1}] for host [/tmp/./webapps] does not exist or is not a directory. It seems to me that the WAR is still needing to be unpacked prior to running. --john On Wed, Jan 22, 2014 at 12:16 AM, Valery Shyshkin vns.shysh...@gmail.com wrote: The code below works fine on my Win 7 PC final Tomcat tomcat = new Tomcat(); tomcat.setPort(9191); //File baseDir = new File(System.getProperty(java.io.tmpdir)); File baseDir = new File(.); tomcat.addContext(, baseDir.getAbsolutePath()); tomcat.addWebapp(/WebApplication2, D:\\VnsTestApps\\Nb74Jetty\\WebApplication2\\dist\\WebApplication2.war); tomcat.start(); tomcat.getServer().await(); 2014/1/22 Valery Shyshkin vns.shysh...@gmail.com By the way it's not a suggestion it's a signature of the addWebApp method. I'll try to find my working code and send it. 2014/1/22 Valery Shyshkin vns.shysh...@gmail.com Try: File baseDir = new File(System.getProperty(java.io.tmpdir)); tomcat.addContext(, baseDir.getAbsolutePath()); 2014/1/22 John Cartwright - NOAA Federal john.c.cartwri...@noaa.gov Thanks for the suggestion Valery, but swapping the arguments doesn't work. --john On Tue, Jan 21, 2014 at 8:12 AM, Valery Shyshkin vns.shysh...@gmail.com wrote: May be tomcat.addWebapp(contextName,pathToWarFile) instead of tomcat.addWebapp(pathToWarFile, contextName) will help yoo. 2014/1/21 John Cartwright - NOAA Federal john.c.cartwri...@noaa.gov Hello All, I'm trying to create a very basic embeded tomcat 7 application to host a packed WAR file. My code looks like: Tomcat tomcat = new Tomcat() tomcat.setPort(port) tomcat.setBaseDir(.) tomcat.addWebapp(pathToWarFile, contextName) It seems to work, but I'm getting an exception on startup complaining about the missing webapps directory: SEVERE: Exception fixing docBase for context [/quickstart] java.io.IOException: Application base [{1}] for host [/private/tmp/./webapps] does not exist or is not a directory. Can someone please direct me to a better way to do this? Is Tomcat#addWebapp not appropriate if hosting a packed WAR file? Thanks! --john
Tomcat WebDav directory configuration
LS, Tomcat 7.0.47. Windows 7 I want to enable WebDav functionality in a different directory that the root: Assume my data directory : c:\DATA. servlet servlet-namewebdav/servlet-name servlet-classorg.apache.catalina.servlets.WebdavServlet/servlet-class init-param param-namedebug/param-name param-value0/param-value /init-param init-param param-namelistings/param-name param-valuetrue/param-value /init-param load-on-startup6/load-on-startup /servlet servlet-mapping servlet-namewebdav/servlet-name url-pattern/dav/url-pattern /servlet-mapping When I hit the url .../dav I see the content of the root files and dirs. Now I want to publish the data that is available in C:\DATA. I'm unable to do this... Thanks would be greatly appreciated. Best Regards, Ruud Sampers This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message. Thank you for your co-operation.
RE: Tomcat 7.0.50 tldValidation
Mark / Chris,Thanks for your responses, and telling me how I can fix this for a particular application. That's greatly appreciated. I maintain several tomcat servers, and have encountered this issue on all three of the applications were I've upgraded Tomcat. This hadn't been an issue for me with earlier Tomcat releases: 7.0.47 and earlier. Ideally I would like to fix this at a tomcat level, rather than modifying several different (sometimes third-party proprietary) applications. As this wasn't a problem in 7.0.47, do you know what's changed, and if this is something I can configure at the Tomcat level without too much pain? Also you mentioned the possibility of include the spec-appropriate TLD Schema along with Tomcat, is this something I could configure easily? If so, would you be able to point me in the right direction (apologies for my ignorance in this area). Thanks again,Paul Date: Wed, 22 Jan 2014 10:24:20 -0500 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat 7.0.50 tldValidation -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/22/14, 10:15 AM, Mark Thomas wrote: On 22/01/2014 14:12, Paul Beckett wrote: Does anyone know: - Why this occurs only since 7.0.50 Changes to XML validation introduced in 7.0.48-7.0.50 - Where the root issue is likely to be / how to fix it Psi probe ships with an implementation of the standard tag library that includes the following: xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee web-jsptaglibrary_2_0.xsd in a tag library descriptor. The web-jsptaglibrary_2_0.xsd is a hint to the location but that is not enough for Tomcat to identify it. Later versions of the standard tag library use: xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd; which is unique so Tomcat is able to identify it. One could argue that web-jsptaglibrary_2_0.xsd should be sufficient to identify location of the intended schema. Would it be worth it to include the spec-appropriate TLD Schema along with Tomcat so that simply mentioning the system id would be enough for Tomcat to recognize it when configuring the digester? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS3+KkAAoJEBzwKT+lPKRYZjQQAJzIJIP9nQXs6CfKFoN8Y+Ay xDfCyiUgreAPvtCdGj6PbtsOQoei1sr+c52Dgyz7YYuMZjZhCYCF38BFhsNyhHrw SWRRs8MIqbYnR7NU2YX22HEcf84SCBXMNK7+K261zlGAFsuYCTFoeOaCx3z/f993 jiPbZfjY0cNHNKJS3VilItUzjdH73noWhjmAHUVQJ4gD5Aa+ZI2f5Enbw0lGXIm1 RSOLJ7+9Zm6AKqeJ+pI4mARxUK9crXqMbmaT/RZKj9zV3T0GrMcUvc7BtvGHsKTv JBckJKleb1dx1hCM1r9XqMvaQ8gU623NYDPq+9w6+cJQdR6oEtBCL3ayLfVTX5Dz PQqmvn8WZUxi7xuENvzlqljfmF6xoFKCfRTHmuiyusch77KsmVHMNJDkoEUhccrE G6Qy749nIIvvhaBMAzSD174XijSiBSAuJxn+zZyiojAcd9S37f4ZKn8cCnTPPZdp XRV3F/tD802qFfKHr887OxIchpKsyTlXSnWVuXYEasg09kPAYNCa6tCZ5xHRazr+ suwM301luStIs3EF+goix5H0njFaQO9bWvVNnjJyvKlQfxJqVyQseMCjDBwYa05C n55LJi0H0Jl3i7qmpLvVIzX54HsUsJiKYp6JCOlNYoVXaZm7xlVtWoZwXj370yX/ Bh3LLh2/gUMPEIn9QeaU =eXbe -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Out of memory exception
Hi, I'm getting out of memory exception errors. Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity(AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at com.xxx.xxx.servlet.WServlet$1.run(WServlet.java:414) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Is there anyway to see currently set jvm heap size details? Any linux commands. I have tried creating setenv.sh and putting the new parameters in it. but echo $JAVA_OPTS was not giving any value. So I have put in .bash_profile and run it. Then restarted tomcat6. this is the line I added in .bash_profile. JAVA_OPTS=-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log Also I checked in heap.log where catelina.out can be found. But its not created. Then I touched and restarted. But that also didn't work. What is the right way to do this? -- Randeep Mob: +919447831699[kerala] Mob: +919880050349[B'lore] I blog here: http://www.randeeppr.me/ Follow me Here: http://twitter.com/Randeeppr Poke me here! http://www.facebook.com/Randeeppr A little Linux Help http://www.linuxhelp.in/ Work profile: http://in.linkedin.com/in/randeeppr
Re: Tomcat 7.0.50 tldValidation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/01/2014 12:20, Paul Beckett wrote: snip/ As this wasn't a problem in 7.0.47, do you know what's changed, and if this is something I can configure at the Tomcat level without too much pain? See my previous response. Also you mentioned the possibility of include the spec-appropriate TLD Schema along with Tomcat, is this something I could configure easily? Not sure what Chris was thinking on that one. Tomcat already includes all the appropriate TLD schema. Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJS4RD8AAoJEBDAHFovYFnnkyoP/1vyRJulvTyRjZELVKav4gsT Lovta+IhRVLCY1sDh2tiA06nARqd+tLAJ5HZ7ZILkbhCATDI4R7IfdQWru/gYwX8 uFmtfWHEhIuRqMIukaBpJU+Jy5QN37rnmSu+ltO9YH1OPPg+vF7RO8RVkEhSW1Fo smOk7GRYHU22DW72qBg2M4i+PByva1Sk/w5bHQTbrEIitTbadM7g2VNgQX/xfwx4 fdIsqxUhmI0B5QZ6mi5ikuAjxAmz8U/nLi2yWzJ4+IttQ+8K9UJPnLjO1CdKcuoI YMfGZEc6Cj7BuG3FYJq1mRZz8hl/3UoxUs/zl2WQnZ7LGSAteuz0dN8DdqRBHfFI KVmIhYq2KaE3ea8gjZzl2uGDPmELECHIQZJ9d90J6fteh5tpD++lay0AyB3l99eY TQSU+yj0hLVJYV/langTvzblGanfoMEZ3mpJNtdqplyEbX2z7E0dGVx8Q3VXVXxd dfPpZ1MX9WpW6Iyylp/dzROZNJ7TsweCfruPML/znjWN93rWr2eBeg7QINf5P5IF /8wD4HKnanZrn4CKWceDxblcoti/Mq6wQBQFpNcCwY4oM3ytmYFtxsN+zC+4OLDd G/I589kOlEKA1EHn4up2PhK6s0reD8AyxeoquvOXOT7af2+wrF3Lke5zSWxHKMJa hxpKUPhFdqGYHjYeZbHZ =4che -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat WebDav directory configuration
Sampers, Ruud wrote: LS, Tomcat 7.0.47. Windows 7 I want to enable WebDav functionality in a different directory that the root: Assume my data directory : c:\DATA. servlet servlet-namewebdav/servlet-name servlet-classorg.apache.catalina.servlets.WebdavServlet/servlet-class init-param param-namedebug/param-name param-value0/param-value /init-param init-param param-namelistings/param-name param-valuetrue/param-value /init-param load-on-startup6/load-on-startup /servlet servlet-mapping servlet-namewebdav/servlet-name url-pattern/dav/url-pattern /servlet-mapping When I hit the url .../dav I see the content of the root files and dirs. Now I want to publish the data that is available in C:\DATA. I'm unable to do this... I think that what you need to look at is this : http://tomcat.apache.org/tomcat-7.0-doc/config/context.html (docBase) In other words, you need to : - create a /META-INF/context.xml file inside your DAV application - define a Context element inside that file, with the appropriate docBase attribute - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Do some research before blogging (was: Out of memory exception)
Randeep writes: I blog here: http://www.randeeppr.me/ Great, but recommending to run Tomcat as root is dangerous nonsense. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
DAV app.
Hi. In order to respond to a previous post to the list, I was trying to find details of the DAV application. I'm starting here : http://tomcat.apache.org/tomcat-7.0-doc/config/index.html but don't really find anything DAV-like. Am I looking in the wrong spot ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache Tomcat Summit at ApacheCon NA 2014
ApacheCon NA will be in Denver 7th to 11th April. The schedule for ApacheCon NA 2014 has been firmed up. There is an opportunity for a project summit on either the Thursday or the Friday. Since the BarCamp has been scheduled for the Thursday the Friday seems like the better option. We have complete flexibility as to the organisation of the Summit. One possible topic is with the Java EE 7 work pretty much complete, what new features is the community interested in between now and when the Java EE 8 work starts? Other suggestions for topics welcome. To get this up and running we need an idea of how many folks might want to attend so please reply to this thread on the users list if: - you are interested in attending - you have a topic / some topics to suggest Thanks, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7 not honoring maxThreads configuration in catalina.properties and activeCount not going beyond 200
I've a tomcat 7 instance with following configuration in catalina.properties for threads server.service-Catalina.executor-tomcatThreadPool.maxThreads=300 server.service-Catalina.executor-tomcatThreadPool.minSpareThreads=300 server.service-Catalina.connector.http1.1.executor=tomcatThreadPool server.service-Catalina.connector.http1.1.protocol=HTTP/1.1 server.service-Catalina.connector.http1.1.connectionTimeout=2 server.service-Catalina.connector.http1.1.acceptCount=300 server.service-Catalina.connector.http1.1.maxKeepAliveRequests=15 server.xml configuration Service name=Catalina Executor name=tomcatThreadPool namePrefix=${server.service-Catalina.executor-tomcatThreadPool.namePrefix} maxThreads=${server.service-Catalina.executor-tomcatThreadPool.maxThreads} minSpareThreads=${server.service-Catalina.executor-tomcatThreadPool.minSpareThreads}/ Connector executor=${server.service-Catalina.connector.http1.1.executor} port=${http.port} protocol=${server.service-Catalina.connector.http1.1.protocol} connectionTimeout=${server.service-Catalina.connector.http1.1.connectionTimeout} redirectPort=${https.port} acceptCount=${server.service-Catalina.connector.http1.1.acceptCount} maxKeepAliveRequests=${server.service-Catalina.connector.http1.1.maxKeepAliveRequests}/ I want 300 threads to serve the requests. With above configuration tomcat starts 300 threads and I can see through JConsole 300 worker threads are running. but when I hit with 300 concurrent requests load the activeCount goes just till 200. Why tomcat is not able to have more than 200 active Threads (parallel threads) processng my requests? Thanks, Akshay
Re: DAV app.
On 23/01/2014 13:21, André Warnier wrote: Hi. In order to respond to a previous post to the list, I was trying to find details of the DAV application. I'm starting here : http://tomcat.apache.org/tomcat-7.0-doc/config/index.html but don't really find anything DAV-like. Am I looking in the wrong spot ? Not really. There isn't much documentation. WebDAV support is provided by a Servlet. The best place to start is the Javadoc for that Servlet: http://tomcat.apache.org/tomcat-8.0-doc/api/org/apache/catalina/servlets/WebdavServlet.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 not honoring maxThreads configuration in catalina.properties and activeCount not going beyond 200
On 23/01/2014 13:30, akshay hiremath wrote: Why tomcat is not able to have more than 200 active Threads (parallel threads) processng my requests? It can. The issue is that the combination of the requests you are making (which you fail to describe), your load testing framework (which you fail to describe) and the scheduling in the CPUs of your hardware (which you also fail to describe) mean that the chances of there actually being 300 concurrent requests for Tomcat to process is pretty much zero. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 not honoring maxThreads configuration in catalina.properties and activeCount not going beyond 200
We have this HP load runner running a load of requests on this system. We don't see request rejected by Tomcat but if I monitor the activeCount attribute of Mbean Catalina:type=Executor,name=tomcatThreadPool over the period of test why the activeCount is not going above 200. if I continuously track activeCount and currentThreadsBusy of MBean Catalina:type=ThreadPool,name=http-bio-8080 I see the graph reahes 200 and flat lines there. Please find monitored graph attached during one of the tests. See time frm start of graph to the 13:30 when test ended. ignore the in between part and rest graph that is of another ongoing test. On Thursday, January 23, 2014 7:06 PM, Mark Thomas ma...@apache.org wrote: On 23/01/2014 13:30, akshay hiremath wrote: Why tomcat is not able to have more than 200 active Threads (parallel threads) processng my requests? It can. The issue is that the combination of the requests you are making (which you fail to describe), your load testing framework (which you fail to describe) and the scheduling in the CPUs of your hardware (which you also fail to describe) mean that the chances of there actually being 300 concurrent requests for Tomcat to process is pretty much zero. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory exception
On Jan 23, 2014, at 7:43 AM, Randeep randeep...@gmail.com wrote: Hi, I'm getting out of memory exception errors. Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity(AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at com.xxx.xxx.servlet.WServlet$1.run(WServlet.java:414) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) Is there anyway to see currently set jvm heap size details? Any linux commands. If you run “ps” and “grep” for something like “java”, “catalina”, etc.. you can find your running Tomcat process. On Linux this should show the full command that was run. Alternatively, you could use “jinfo pid”. That will dump a bunch of info including the VM Flags. I have tried creating setenv.sh and putting the new parameters in it. but echo $JAVA_OPTS was not giving any value. How did you install Tomcat? Did you use your distro’s package manager? Did you download from tomcat.apache.org? How are you starting your server? Are you using the included start script? Are you using an init.d (or other) script you created? Are you using commons daemon? So I have put in .bash_profile and run it. Don’t do that. Why would you want these in your bash profile? Then restarted tomcat6. What version exactly? There are quite a few. this is the line I added in .bash_profile. JAVA_OPTS=-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log” Again, don’t put this in your profile. Also I checked in heap.log where catelina.out can be found. But its not created. Then I touched and restarted. But that also didn't work. What is the right way to do this? If you downloaded from tomcat.apache.org and installed from the zip, you’d put them in bin/setenv.sh and it would work. If you’re using a packaged version of Tomcat from your Linux distro, then it may well be different. If you gave more details, perhaps someone on the list could help. Dan -- Randeep Mob: +919447831699[kerala] Mob: +919880050349[B'lore] I blog here: http://www.randeeppr.me/ Follow me Here: http://twitter.com/Randeeppr Poke me here! http://www.facebook.com/Randeeppr A little Linux Help http://www.linuxhelp.in/ Work profile: http://in.linkedin.com/in/randeeppr - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Deny Put Delete
Can anyone tell me how to fix the following in my Tomcat config. I'm using Apache Tomcat 7.0.30 and I'm failing on the following PCI Security scans. 1. Title: Web server allows PUT: / Impact: An attacker may be able to upload files onto the web server. Data Received: Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS Resolution: Configure the web server not to accept PUT requests. If you require the functionality of PUT for web publishing, use a put script which can only be run by authorized users, which ensures that the script can update only web content files, and which ensures that users can only update their own pages 2. Title: Web server allows HTTP method DELETE Impact: The HTTP DELETE method may allow an attacker to delete arbitrary content from the Web Server. Data Received: Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS Resolution: Disable the DELETE method in the Web Server configuration. If this is not an option, use one of the following workarounds: Apache: Disable the DELETE method by including the following in the Apache configuration: lt;Limit DELETEgt; Order Deny, Allow Deny from All lt;/Limitgt; Any help would be greatly appreciated Stephan Fletcher Manager of Information Services Bohren's Moving Storage Docusafe Records Management 3 Applegate Drive South Robbinsville, NJ 08691 O: 609.208.1470 F: 609.208.1471 W: www.bohrensmoving.comhttp://www.bohrensmoving.com/ W: www.docusafe.comhttp://www.docusafe.com/ Important Notice: This email is copyright of Bohrensmoving.com, and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. This footnote also confirms that this email message has been swept for the presence of computer viruses.
Re: Deny Put Delete
On 23/01/2014 14:57, Stephan Fletcher wrote: Any help would be greatly appreciated rant Buy a better vulnerability scanner. Specifically, one understands that an OPTIONS request returns the methods that are *available* not the methods that are *permitted*. /rant Assuming you haven't changed Tomcat's default configuration any attempt to actually PUT or DELETE a resource will be denied. I have a recollection that we changed the implementation of the OPTIONS request to try and help with this sort of thing. Scratch that. That was for TRACE which won't be included in an OPTIONS response unless Tomcat can confirm that it has been explicitly enabled in the Connector. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Deny Put Delete
It's a third party that is running the scan. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, January 23, 2014 10:05 AM To: Tomcat Users List Subject: Re: Deny Put Delete On 23/01/2014 14:57, Stephan Fletcher wrote: Any help would be greatly appreciated rant Buy a better vulnerability scanner. Specifically, one understands that an OPTIONS request returns the methods that are *available* not the methods that are *permitted*. /rant Assuming you haven't changed Tomcat's default configuration any attempt to actually PUT or DELETE a resource will be denied. I have a recollection that we changed the implementation of the OPTIONS request to try and help with this sort of thing. Scratch that. That was for TRACE which won't be included in an OPTIONS response unless Tomcat can confirm that it has been explicitly enabled in the Connector. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Important Notice: This email is copyright of Bohrensmoving.com, and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. This footnote also confirms that this email message has been swept for the presence of computer viruses. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 1/22/14, 11:34 AM, André Warnier wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 1/22/14, 9:03 AM, Konstantin Preißer wrote: Hi Jeffrey, -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21, 2014 10:19 PM Eureka, I finally figured it out! It was a real eureka moment, some remembrance burned its way up from my subconscious and I had the answer. Ready guys? Really surprised no one mentioned it. It was Windows F-ing Firewall! Good to hear that you could find and solve the problem. (Off topic:) I HATE WINDOWS!! What I can't quite understand is, how one can hate Windows or its F-ing firewall, if they just do what they were configured to do... ;-) When setting up the Windows Firewall, I normally only create rules for specific (TCP) ports, not for specific executables, so that the firewall allows connections to a TCP port regardless of what the name or path of the executable is. Actually, as surprising as it can sometimes be, I find that the Windows firewall is better than iptables *because* it /can/ do things like this. You can make your system a bit safer. For instance, if your server is compromised (yes, I know, once you're owned, you're owned) and the attacker installs some malware of some kind, that malware will not be able to bind to a port or even make outgoing connections, even on standard outgoing ports -- for instance HTTP. Lots of malware connects to external CC servers to give instructions, and the Windows wirewall makes it easy to prevent that from happening even when ports like 80 are used -- and typically left wide-open on servers. Of course, one could argue that the Windows Firewall needs to offer this, because it is inherently easier to infect with malware a Windows server than a Linux server. So it needs to compensate somehow.. Amusing, but I do disagree. SELinux evidently has this feature, though I know nothing about it and have no SELinux experience. Also, US-NSA evidently pwns SELinux so I'm not sure how truly secure it is. It's probably better than the alternative(s), but it's sad that those folks can't help legitimately-secure computer systems for everyone. *sigh* - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4TBRAAoJEBzwKT+lPKRYDj8QAJMFNjW/oGulOEFUcUeK2lzN OGpW2iicU03pJNgPmb1KN43jevLW+QNNfsKRhSOw29hrNf3e18/SPDlioka5VhRj jRL36z7rJwb29VczGTDydltddtZ6E57jetW+nHEPk6CLcknLbHsfCbMC+CZXZzwu VYzKCYOI9xIf1VxnWba8xDX/BIF2eHXPZy/sEsjyhi8W1mSVmLxmuz7V/fDsJGV8 xWXFtlxgOyvdiCkXyaUxXC6NnEI9i20Lq8DgjzXZM5t0sPoRV8KZ3Vt5rHR7uZH2 TsHU9vNaHkQgDCgutwqYi2LLbXzt06DypV7g+eiDki9lg37N847ceokQDOEPmqvT XRjnpGQO9h/Hzgk56EFQrxgAjlKnC0JN6sVLHwkhczLmLeFrJyKnrYFL69qsmvgl SAXDGYtMw5ysJk/41Ufa+bzlNcpql6kk6UmsLO+CeEOm3iBmO0Yd4lw/XnXA8D46 70pphSC3vYbd7hpUn4yN/t/tWiGKzyY8A0maOXLODVDnUs3NUwv9+zDKsI9j77LG MwLIfsKWXDnocpoBDNCj74o26OiZH957wczbkvOQ5kI37007fBguwDB1YB09eU+L ZlDb7yaXEq9QzQv5OJZPhz1pt+36rMFlzPEYBrNRizIsjY03x2gfV9kz2LTMWgGj ZsZiFOkXA2kGQAjdfL6v =DJ+j -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.50 tldValidation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/23/14, 7:54 AM, Mark Thomas wrote: On 23/01/2014 12:20, Paul Beckett wrote: snip/ As this wasn't a problem in 7.0.47, do you know what's changed, and if this is something I can configure at the Tomcat level without too much pain? See my previous response. Also you mentioned the possibility of include the spec-appropriate TLD Schema along with Tomcat, is this something I could configure easily? Not sure what Chris was thinking on that one. Tomcat already includes all the appropriate TLD schema. If that's true, then the Digester should be using the public namespace id of the schema and ignoring the (incomplete) URL provided by the XML document in order to locate the Schema in the local catalog. (I inadvertently said system id in my previous message, but I meant public namespace id... that is, http://java.sun.com/xml/ns/j2ee;). Given the XML document in the original post, what is causing Tomcat /not/ to load that local XML Schema? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4TExAAoJEBzwKT+lPKRYHvMQALaiFv1wx4lvPx0tyM/HTZax RsBZ5+zXYEVZLQVD7uwKhHkBl4qphc48Oi6z+/vFxJp+aysq21SnhGZZevuU8TF/ UniOj5AmMjab+MbnmrJH3wrTpy3y6P6Lxh0CjkAs/lz0+lcMZbDxX/NIBNyLZXLD AU+xs/IHQWtMBoQPGfnovfuo8ze5nYkzXEDrdqufsIA4ggvk/LFtqpsU8nILqmOL u5DEKzfOmBeM378WDtiKNZ308ktfLaE/C8RjV+y2KXzMV8R64j9Yjl6nwoCZPRWv WAyvjRz375rBkJPF/rzlRN01i7TDbH0JQ4BciFDAW4qicvGuQnXx1H7V02d0srri WiTfSDipcVLQ2ab4TsyA7BrZd4mkbk45VfLomYtoa/Lqn8tyeLZrvXI70woS+AV7 AIayc28+TJEv+ghYMaebqzVaXl7sKyoCqPGwlfsFFIz7skbJVglZIRczE3UFb4uS 3WuLRhKHwuAwLVswWCPV/8MC6pqHtBqFWftTHigt3wkP9YR7l+KkFPzm0C79Ncie ox3f473Xr5TtptKnHJ7cDXtOd5bQDq09OQw7sXrBwO7NwmSmwweepnN+ORN9Way9 wFpQcENFwMo3+Mdw/WcgNVa8YyEPHSdHpu/0JusI8stxg3FFzlKUITiAsVbb/z8p BfAtAizpb8O9rgbWkgoh =Sodb -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 not honoring maxThreads configuration in catalina.properties and activeCount not going beyond 200
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 akshay, On 1/23/14, 9:07 AM, akshay hiremath wrote: We have this HP load runner running a load of requests on this system. We don't see request rejected by Tomcat but if I monitor the activeCount attribute of Mbean Catalina:type=Executor,name=tomcatThreadPool over the period of test why the activeCount is not going above 200. if I continuously track activeCount and currentThreadsBusy of MBean Catalina:type=ThreadPool,name=http-bio-8080 I see the graph reahes 200 and flat lines there. Please find monitored graph attached during one of the tests. See time frm start of graph to the 13:30 when test ended. ignore the in between part and rest graph that is of another ongoing test. Attachments are stripped from the list. Find another way to express your thoughts. Is it possible that you are simply not generating enough load? If Tomcat is responding to all of your requests (e.g. none of them are failing to connect, failing to respond, or responding very slowly -- as if queued) than it sounds like your Tomcat instance is handling all the load you are throwing at it. - -chris On Thursday, January 23, 2014 7:06 PM, Mark Thomas ma...@apache.org wrote: On 23/01/2014 13:30, akshay hiremath wrote: Why tomcat is not able to have more than 200 active Threads (parallel threads) processng my requests? It can. The issue is that the combination of the requests you are making (which you fail to describe), your load testing framework (which you fail to describe) and the scheduling in the CPUs of your hardware (which you also fail to describe) mean that the chances of there actually being 300 concurrent requests for Tomcat to process is pretty much zero. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org mailto:users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org mailto:users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4TH3AAoJEBzwKT+lPKRY1vQP/01g9bL731iYBYV9MQtDhLMJ LeBXfV2996qnpX2VftnltPGXq2V9/l93tjRMiDxrcaGIrdzebkzv+PegRdhIxto1 JeIJh9xBFKd+J/aWTmzDYLzE9/eGoGRW+R+G3MuqqBs3KSXaNbEDHtdB/5zzQ0Bj Ht7iWTvPyEkp3JeKBo/FM/nZG2cnBNwC+kNWkdzlOqPIWUVOPmbqQky2qkM86s+d 65trfkDDSkez1ws2bZJ42TbW3IR9Qv1H/YlMzMmr2BJpGUnTAIKwu0l+bD+kH8pT QQo7anuTpuygwsE30zO3FcgkwzTuPcccHTh0G1XvzCYFJJ+tnAa4h+0Z6GAu7q6E 5ltIyHZjp4KJoLulNFQfqlItjabi6XIUwwQk/Ob4pRpgfsORIwapusY1vFThwhJv m3M0fVgWmxCHc41ed+mMhUPewXqqv0iaXKj4oxuW9GSPfdlQ7wCECwcIR11K39aU Ff9dbEEFuT7yvKgQy589dsSycgydCONTS+4b/25stwR1VgxA2MlvhcF8LBNN3o8L kPefjrOQVGLAuwrSgBiAVsD9dNDis5UhQ0sdGUKoLSuI3HSy1KMANVUWjYmig4bP fUmhGlKiM9CknxUpDK/rdAGWUOQU06rXeWVitQ/2p42UQibtAhXuM+1ymw/v4zou SBh0nxrR6K0AVV8KhomP =TIpT -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory exception
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity(AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at com.xxx.xxx.servlet.WServlet$1.run(WServlet.java:414) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) If you are trying to serialize huge JSON objects, this is going to happen. I'm not sure if JSON is as smart as the Java Serialization engine, but if you have a circular-reference in your object graph, I'd be willing to bet that the JSON serializer will run forever and exhaust your heap. It's also possible that you simply have a tiny heap and need more, especially if you aren't currently setting any heap parameters. Is there anyway to see currently set jvm heap size details? Any linux commands. You can attach any profiler to your app. Good luck catching this in the act, though, in production. You can also use jmap -heap which comes with the JDK. Just point it at a process and you'll get a heap summary from a running JVM. Make sure your JVM and jmap version match. I have tried creating setenv.sh and putting the new parameters in it. but echo $JAVA_OPTS was not giving any value. setenv.sh is run during Tomcat startup. Running echo $JAVA_OPTS from the command-line isn't going to reveal anything. What you want to do is modify setenv.sh, re-launch Tomcat, and then look at the process command line... something like this: $ ps aux | grep Bootstrap This should give you the whole command-line for Tomcat, and you can verify that your heap options have been set. So I have put in .bash_profile and run it. Then restarted tomcat6. Don't do that: it will only work if you login using bash, and it won't work for other users you may have to restart Tomcat. this is the line I added in .bash_profile. JAVA_OPTS=-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log You'll need to export JAVA_OPTS, otherwise it won't do anything for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4TM+AAoJEBzwKT+lPKRYfB4QAMP4/MORiK92nK4kJ+KD9alc 2QYcriasb8QkPPgvYHGhGaxeLIprb1TE6tZdMSp08bHadDr+HpSbxi5xq9C6A1RJ fabHj9ShrXqdtTFiewPH3P/ulvaaJNPD1LeIFBwoG7/4vAIGKW48gLhaRUYcbe+z lV2NsZ18u38EZ9KRR8An66jX4PkwMXxl4QdQx5HDmuS/Sx8G7AfDVkuSB5PMNXbg TVlSEz5VeJnEGtBwnjgIa6ZSTv+iIv+nsw4WVuMe+4h1R07e1axxNismkgpUsU46 Ra4P7TssgdrqXFXmX4+kPNzd3xbbhPYIOOrQ0PYt6wGF0Wd9N1r/gvvViDbgghca wp39c3VJM8eE2vy9n0XCGYBkdq2DnRNVFV2y2xnfwecWKtDPEWfklTk8ZvbcAyxe hi3hxQnChCk74nxd/hvI1uNfgHcd/NwtmifwXPNM0BQCZ+AJarCbGca+a/BTTBaX txVIuIEf3jt/gpFu28UI8kt7Hx/PgWJ32QFyIPCbH5EYaSiKSz/Q6wCTvJTbUG4s GCK8AB/rGf1Z8efKlUZw2ESr1yX/VBCu9uOEK/60v+AAthiubq+O2ke1TzWKvy/I MxDhNiMo710w98h5hqIl5SthwXCgv3vEaaiUgDUV8zP3CoOtHL61NNZmLrMBTD2X 18aTMDKJ9BTvoYoZcmyV =IL2E -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.50 tldValidation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 23/01/2014 15:11, Christopher Schultz wrote: Mark, On 1/23/14, 7:54 AM, Mark Thomas wrote: On 23/01/2014 12:20, Paul Beckett wrote: snip/ As this wasn't a problem in 7.0.47, do you know what's changed, and if this is something I can configure at the Tomcat level without too much pain? See my previous response. Also you mentioned the possibility of include the spec-appropriate TLD Schema along with Tomcat, is this something I could configure easily? Not sure what Chris was thinking on that one. Tomcat already includes all the appropriate TLD schema. If that's true, then the Digester should be using the public namespace id of the schema and ignoring the (incomplete) URL provided by the XML document in order to locate the Schema in the local catalog. (I inadvertently said system id in my previous message, but I meant public namespace id... that is, http://java.sun.com/xml/ns/j2ee;). Given the XML document in the original post, what is causing Tomcat /not/ to load that local XML Schema? The way the new custom resolver is written. As per my original response, we could look at better handling for this case. I'd need to go back to the archives and research if there is a reason for the current behaviour. Mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJS4TJxAAoJEBDAHFovYFnnBA8P/RVd4nv7zCuB/eHhBj15Eh3O tC4fB+D/osDNTxn6NbTEljuIzUn+4GZvW0MwUXiph2n52qzaD1jQqQGk8j0thjll Pa+dnNCtkxtAhm48ziPgv1bcmVnCaGevD8KWXlSecX6G3rO3TLTCgQm5k8wqu42m IliLqrcLeb32GUHBNzDQKX8G3ePrp/jN4omkspFZ3YPsBfd7tinYt4t8JYaxndC+ p5CzVwO1VgiU/XA48Tj6KtnxJ9FMUAZNq4qvOJ4InAv1UxmN+Znh2qXI+cQgwZ1v MBcQfTIvoUrw5gJMX8m+h8JvSUFT++fz2wD8iIoLjX+OJw8qhdpaKjzRarUjelgY ah3a3rMZId6WIc5ChKwyY/wNSEP+iwyTFyvFG0aKdIZDtnOqbrEgccMqb+G6NKCc 5gr2tqm245WNEwrLoSvXQUgDu0DqZ4c1mlupwaem+PtHeApkgBmqwOXF+ULU2gph RhXevLDVLG7/E5PF1ELPixjkcyUjJxZwD9EUC8UOwIteAMKCyOEXmceldmiEXAdy DmPKFK8TFf1DpILhwWqB03CKF6gH2J7VzoZkaf0R74J+2+5gCGQynUUZos3baF/K GiuM2+6eP9egVPORSCUY+GMLoDRBnJkQyVGj+j7a9dy7/WxvMT41D+I+gG/SOkoy XHhyteF9ZZTEHW0WCYjr =zZgN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.50 tldValidation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 1/23/14, 10:17 AM, Mark Thomas wrote: On 23/01/2014 15:11, Christopher Schultz wrote: Mark, On 1/23/14, 7:54 AM, Mark Thomas wrote: On 23/01/2014 12:20, Paul Beckett wrote: snip/ As this wasn't a problem in 7.0.47, do you know what's changed, and if this is something I can configure at the Tomcat level without too much pain? See my previous response. Also you mentioned the possibility of include the spec-appropriate TLD Schema along with Tomcat, is this something I could configure easily? Not sure what Chris was thinking on that one. Tomcat already includes all the appropriate TLD schema. If that's true, then the Digester should be using the public namespace id of the schema and ignoring the (incomplete) URL provided by the XML document in order to locate the Schema in the local catalog. (I inadvertently said system id in my previous message, but I meant public namespace id... that is, http://java.sun.com/xml/ns/j2ee;). Given the XML document in the original post, what is causing Tomcat /not/ to load that local XML Schema? The way the new custom resolver is written. As per my original response, we could look at better handling for this case. I'd need to go back to the archives and research if there is a reason for the current behaviour. Okay. Having written a few custom resolvers for just this purpose, I recall them being a total PITA to get right. With the standard XML Schema, for instance, if you do it wrong, you get yourself a nice 10-second delay while you look-up w3.org and they punish you for contacting them by delaying the response from the server. (That was a good move by W3, though... it really motivates everyone to go and fix their own code so it doesn't contact them ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4TRLAAoJEBzwKT+lPKRYLyMP/1bNEqPO7to6Hrm60X83SZRY 4K/uZUReNe2bV/e5C8Mmiew0rL9JvIdaw1QV0YeghjhvES8WnN7otidpz8eXQ7Ze oNE+hDEhUcrx3UUJX47h6TirONc1N40s7FCh/NUZ4Mq1YddhljqQhODemr4Ww8gH N95SrieN8i/Ewdr0hG7OJQzwnjD3Kf9+RpOW+sMECQo0vHr8kuyDfj4KVIGlAW0w ihbUgNbQ4q3x540oTfqPVJH417zBQ2ORcdh6TqjxKVn9upFvvweFyf3rtHHCUwJX QccdhYjj0/lhNKp8Y0KMZa/rwjGVjXhwdSnFdQMX7MU7hle9SXXBy+0rgtQ3Y1GL pkslluM5R5yls/nXbNwVMSFQ/zpMixfei7NLF6pW/XOyktiICogVoOZMpBmWakMI R8EIUEii247thWkOs51GIESm83JE1p/HiN6AJXXAshhSB89z6cHWcKKmnsM7t4UQ 4Est7PZpOvuxXh8VXg4aueq/lnzWgmWp5Dl5xnzC2VpwWyWZjBQmD3CDkfjoBoO0 oMekFTcBZVjsnWa/8vvtlF1Ms5gCoCSDl4op5adD70I0U+2svYkB77CTeiZR6rOj IV180khg7ujvbi6Lk3l4DuO9qdKJF57QiFSbp03TL7NFMd4h5H70sjfec9tEUclT 4X5zW47FeU0rFSrjGHv7 =aRTU -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deny Put Delete
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Stephan, On 1/23/14, 9:57 AM, Stephan Fletcher wrote: Can anyone tell me how to fix the following in my Tomcat config. I'm using Apache Tomcat 7.0.30 and I'm failing on the following PCI Security scans. 1. Title: Web server allows PUT: / Impact: An attacker may be able to upload files onto the web server. Data Received: Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS Resolution: Configure the web server not to accept PUT requests. If you require the functionality of PUT for web publishing, use a put script which can only be run by authorized users, which ensures that the script can update only web content files, and which ensures that users can only update their own pages 2. Title: Web server allows HTTP method DELETE Impact: The HTTP DELETE method may allow an attacker to delete arbitrary content from the Web Server. Data Received: Allow: GET, HEAD, POST, PUT, DELETE, OPTIONS Resolution: Disable the DELETE method in the Web Server configuration. If this is not an option, use one of the following workarounds: Apache: Disable the DELETE method by including the following in the Apache configuration: lt;Limit DELETEgt; Order Deny, Allow Deny from All lt;/Limitgt; Any help would be greatly appreciated IIRC, Tomcat-compiled JSP scripts used to respond to every kind of HTTP verb, including things that weren't standard at all (like HELLO!). I believe that was fixed a while back -- not sure when... I can't seem to find anything in the change log for Tomcat 7, so maybe that was a long long time ago. I just tried OPTIONS on 7.0.47 to a random JSP and it responded by actually running the JSP in standard GET-style mode. Actually... I ran it like this: $ openssl s_client -connect myhost:443 HELLO /path/test.jsp HTTP/1.1 Connection: close Host: myhost [CRLF] ... and my JSP ran. That's a little surprising but definitely not dangerous. PUT and DELETE do the same thing: just run the JSP as usual. Mark's response is probably the more accurate: your vulnerability scanner is just too lazy to find an actual vulnerability but just reports that you are insecure because of a zero-research response it got to a single request. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4TdVAAoJEBzwKT+lPKRYLw4QAKt2hvJdEHsIf6isho9aDijx WwdDaZftdKll6KSPo7uosQ46aQ8SdNnl2+ZVCxzj09J1PM85lIky6Uit719cRtvi 8tP2X+NaiZkj/AqwVZtOi9qawgavwtbch3GW8rB9LPiCzZeimOvpUzcGaevGYoRp tgsW9ZwMlY2bmJg2rxwxxqNyPJJ8iphtPz6+Kj6wTufU7pcU1wc8JtSasMw/C5rV izCxIpNtnKcNQ8IEwky3epTAvaP9iEJIyVj9AUziUqZbNDVCm3IslSo5HpUQfjJR 4zVZHOpyL+fl9M5tghp632x9MuC7XtEnPxOW9ScOYe+6vqxac6hcQ2gw0nyc04n9 Yd2t5T/R47UkMwVZ7GCYiI6Ry/Gsnxl7Cly3W9REKC2Nlu5shCrlOANLXSAfEOoh TbVMTUbOnp4bb4FS97Kq8eDtuffcVmEDotcewaLSvZtIvKBiuUTESdjUT7/mEUsA ucgtNHv/OTY1LUw/B9uNJeoGD7+Srw5do2sD6nI+UV1vTmV/YGZoX/L1kbEN6uHP qiOaQKdkJbwK8kgZPOYAeTevW7D4gaz0AU49ED3QBCSdEQaI9g0RdnumaiZqB65o 34sm6XLoIso5qKfH7HU6iBK9EL19KUsoCfW2CMOGVjFCkg1iKNjoiHvt96kCXxID 2F9z9bM7+vyfslH6aQVw =ZdEc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deny Put Delete
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Stephan, On 1/23/14, 10:09 AM, Stephan Fletcher wrote: It's a third party that is running the scan. Then *they* need to verify that the problem is a false-positive (or not.. it's certainly possible that your are open to a DELETE / attack, but probably not. - -chris -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, January 23, 2014 10:05 AM To: Tomcat Users List Subject: Re: Deny Put Delete On 23/01/2014 14:57, Stephan Fletcher wrote: Any help would be greatly appreciated rant Buy a better vulnerability scanner. Specifically, one understands that an OPTIONS request returns the methods that are *available* not the methods that are *permitted*. /rant Assuming you haven't changed Tomcat's default configuration any attempt to actually PUT or DELETE a resource will be denied. I have a recollection that we changed the implementation of the OPTIONS request to try and help with this sort of thing. Scratch that. That was for TRACE which won't be included in an OPTIONS response unless Tomcat can confirm that it has been explicitly enabled in the Connector. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Important Notice: This email is copyright of Bohrensmoving.com, and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. This footnote also confirms that this email message has been swept for the presence of computer viruses. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4TkVAAoJEBzwKT+lPKRY8+QP/2itb792qFZcI6MQxlc+Ds4P PW0kV+h8+u9V1maTrosIDyzxL9EClmhnUUJ3LZgNO3s6XJn6XEzibQU6jPyrijs9 o2d9q1MTt/OQmml5MYK1OMMqaiOyNIu72/zpRXcRO6yX5Ddne/9RByRck6vjU2Za EpeLKs49xe46eRTtcTYSrDQjH0DJmZfcqHApF7yi3Gb7CUAbZXB+SrYnTTGlTsvs NmpltiN5T0pdts6VNkf6L34jSJi7n9961aAQbCv/3XvKvSR0nxVvKY7+x1b6DmYn izORt55NymzdEz+P+eLHyAff+I7HOul+V41ImYr707RgtRLrANUfqdh29wJi0bbl F7bTT5/lg8kgijeoQt8ls5ME9cfANvij8/R4XO8cTRtXR8nA3QfHMYpRlHOVjW0Z 1EBcKE73aymmyfB0PPq6zdqy6n2YqS91kRn7hUxzs3jpxEWw2u/Z/fIVE7xHsOKJ ElABDO3ORtfiR1MpwNQTcjlB8s8zlzJT8pVkUEdlWEZ7E9H+ikFD/q/LXxTjjGGa EYazOCpIdO2+q9qH0OZnrC14wTogtmstyQKTZykvEOWfsU+OFxl7CbD66/WRQvi2 dRsJkDDbrQDRYb8wb8QqPp9tTSpm/I03pjA7q0QK2tydRkOsH/irpHmQq8RDXJf+ 9p7NCSV3v98Wi9WSoJLR =oPQj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deny Put Delete
On Thu, Jan 23, 2014 at 7:09 AM, Stephan Fletcher sfletc...@bohrensmoving.com wrote: It's a third party that is running the scan. I've dealt with similar nonsensical compliance scans before, and my response was: You believe you can PUT or DELETE files on this installation? ** makes popcorn ** Please proceed. I'll sit here and watch. Take your time. Morons. Bane of productive peoples' existence. Also, a special place in hell for the writers of these scanners... /rant -- Hassan Schroeder hassan.schroe...@gmail.com http://about.me/hassanschroeder twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory exception
Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log' Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat-6.0.37/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. So I better monitor this and if I get the OOM again I have to increase Max limit! On Thu, Jan 23, 2014 at 8:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity(AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at com.xxx.xxx.servlet.WServlet$1.run(WServlet.java:414) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) If you are trying to serialize huge JSON objects, this is going to happen. I'm not sure if JSON is as smart as the Java Serialization engine, but if you have a circular-reference in your object graph, I'd be willing to bet that the JSON serializer will run forever and exhaust your heap. It's also possible that you simply have a tiny heap and need more, especially if you aren't currently setting any heap parameters. Is there anyway to see currently set jvm heap size details? Any linux commands. You can attach any profiler to your app. Good luck catching this in the act, though, in production. You can also use jmap -heap which comes with the JDK. Just point it at a process and you'll get a heap summary from a running JVM. Make sure your JVM and jmap version match. I have tried creating setenv.sh and putting the new parameters in it. but echo $JAVA_OPTS was not giving any value. setenv.sh is run during Tomcat startup. Running echo $JAVA_OPTS from the command-line isn't going to reveal anything. What you want to do is modify setenv.sh, re-launch Tomcat, and then look at the process command line... something like this: $ ps aux | grep Bootstrap This should give you the whole command-line for Tomcat, and you can verify that your heap options have been set. So I have put in .bash_profile and run it. Then restarted tomcat6. Don't do that: it will only work if you login using bash, and it won't work for other users you may have to restart Tomcat. this is the line I added in .bash_profile. JAVA_OPTS=-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log You'll need to export JAVA_OPTS, otherwise it won't do anything for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4TM+AAoJEBzwKT+lPKRYfB4QAMP4/MORiK92nK4kJ+KD9alc 2QYcriasb8QkPPgvYHGhGaxeLIprb1TE6tZdMSp08bHadDr+HpSbxi5xq9C6A1RJ
Re: Do some research before blogging (was: Out of memory exception)
Hi, I assume you are talking about my blog posts in http://www.linuxhelp.in/ I'm sorry. I'll correct it. I test everything as root user. So while writing also it came like that. On Thu, Jan 23, 2014 at 6:40 PM, KD kdal...@hotmail.com wrote: Randeep writes: I blog here: http://www.randeeppr.me/ Great, but recommending to run Tomcat as root is dangerous nonsense. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Randeep Mob: +919447831699[kerala] Mob: +919880050349[B'lore] I blog here: http://www.randeeppr.me/ Follow me Here: http://twitter.com/Randeeppr Poke me here! http://www.facebook.com/Randeeppr A little Linux Help http://www.linuxhelp.in/ Work profile: http://in.linkedin.com/in/randeeppr
Re: Deny Put Delete
Stephan Fletcher wrote: It's a third party that is running the scan. On this list, please do not top-post. Maybe another response : There are regular reports on this list of similar security scanners which find what they deem to be security vulnerabilities. Consult the list archives for more info. It turns out that in about 99% of the cases, the problem is with the security scanner software, and not with any real vulnerability in Tomcat. That explains the kind of responses that you have seen so far. Such reports mostly cause a lot of worries and jumping around, to end up generally with nothing to really worry about, apart from time lost for everyone. That's why people get jumpy at such posts. If you are in the middle, there is not much you can do about it, except be confident enough to tell the originators of the report to please check their data, and explain why they think that there is a security issue. If it turns out that there is a real security issue, explained in more detail than just claiming that there is one, it will be tackled with urgency by the Tomcat developers. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, January 23, 2014 10:05 AM To: Tomcat Users List Subject: Re: Deny Put Delete On 23/01/2014 14:57, Stephan Fletcher wrote: Any help would be greatly appreciated rant Buy a better vulnerability scanner. Specifically, one understands that an OPTIONS request returns the methods that are *available* not the methods that are *permitted*. /rant Assuming you haven't changed Tomcat's default configuration any attempt to actually PUT or DELETE a resource will be denied. I have a recollection that we changed the implementation of the OPTIONS request to try and help with this sort of thing. Scratch that. That was for TRACE which won't be included in an OPTIONS response unless Tomcat can confirm that it has been explicitly enabled in the Connector. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Important Notice: This email is copyright of Bohrensmoving.com, and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. This footnote also confirms that this email message has been swept for the presence of computer viruses. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory exception
Randeep wrote: Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log' Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat-6.0.37/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. So I better monitor this and if I get the OOM again I have to increase Max limit! Maybe you should provide a full path for the -Xloggc option ? On Thu, Jan 23, 2014 at 8:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity(AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at com.xxx.xxx.servlet.WServlet$1.run(WServlet.java:414) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) If you are trying to serialize huge JSON objects, this is going to happen. I'm not sure if JSON is as smart as the Java Serialization engine, but if you have a circular-reference in your object graph, I'd be willing to bet that the JSON serializer will run forever and exhaust your heap. It's also possible that you simply have a tiny heap and need more, especially if you aren't currently setting any heap parameters. Is there anyway to see currently set jvm heap size details? Any linux commands. You can attach any profiler to your app. Good luck catching this in the act, though, in production. You can also use jmap -heap which comes with the JDK. Just point it at a process and you'll get a heap summary from a running JVM. Make sure your JVM and jmap version match. I have tried creating setenv.sh and putting the new parameters in it. but echo $JAVA_OPTS was not giving any value. setenv.sh is run during Tomcat startup. Running echo $JAVA_OPTS from the command-line isn't going to reveal anything. What you want to do is modify setenv.sh, re-launch Tomcat, and then look at the process command line... something like this: $ ps aux | grep Bootstrap This should give you the whole command-line for Tomcat, and you can verify that your heap options have been set. So I have put in .bash_profile and run it. Then restarted tomcat6. Don't do that: it will only work if you login using bash, and it won't work for other users you may have to restart Tomcat. this is the line I added in .bash_profile. JAVA_OPTS=-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log You'll need to export JAVA_OPTS, otherwise it won't do anything for you. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4TM+AAoJEBzwKT+lPKRYfB4QAMP4/MORiK92nK4kJ+KD9alc 2QYcriasb8QkPPgvYHGhGaxeLIprb1TE6tZdMSp08bHadDr+HpSbxi5xq9C6A1RJ
Re: Out of memory exception
On Jan 23, 2014, at 11:38 AM, Randeep randeep...@gmail.com wrote: Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log’ Based on the name of the file you’re listing, it makes me think you’re confusing what this option does. It’s a garbage collection log. While that shows some info about the heap, it’s mainly targeted towards knowing what’s happening with GC in your process. I can’t help but think you might be looking for -XX:+HeapDumpOnOutOfMemoryError, which generates a heap dump when you get an OOME. Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat-6.0.37/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. Try using this option instead: -Xloggc:$CATALINA_BASE/logs/heap.log” That should put the file in your “logs” directory. Dan So I better monitor this and if I get the OOM again I have to increase Max limit! On Thu, Jan 23, 2014 at 8:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity(AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at com.xxx.xxx.servlet.WServlet$1.run(WServlet.java:414) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) If you are trying to serialize huge JSON objects, this is going to happen. I'm not sure if JSON is as smart as the Java Serialization engine, but if you have a circular-reference in your object graph, I'd be willing to bet that the JSON serializer will run forever and exhaust your heap. It's also possible that you simply have a tiny heap and need more, especially if you aren't currently setting any heap parameters. Is there anyway to see currently set jvm heap size details? Any linux commands. You can attach any profiler to your app. Good luck catching this in the act, though, in production. You can also use jmap -heap which comes with the JDK. Just point it at a process and you'll get a heap summary from a running JVM. Make sure your JVM and jmap version match. I have tried creating setenv.sh and putting the new parameters in it. but echo $JAVA_OPTS was not giving any value. setenv.sh is run during Tomcat startup. Running echo $JAVA_OPTS from the command-line isn't going to reveal anything. What you want to do is modify setenv.sh, re-launch Tomcat, and then look at the process command line... something like this: $ ps aux | grep Bootstrap This should give you the whole command-line for Tomcat, and you can verify that your heap options have been set. So I have put in .bash_profile and run it. Then restarted
Re: Out of memory exception
Thanks. That worked. Anything unusual? Garbage collection is happening too often? [root@server logs]# cat /usr/share/apache-tomcat-6.0.37/logs/heap.log 1.910: [GC 16192K-1923K(260160K), 0.0150080 secs] 2.454: [GC 18115K-3151K(260160K), 0.0137140 secs] 2.760: [GC 19343K-3309K(260160K), 0.0058220 secs] 3.648: [GC 19501K-4446K(260160K), 0.0062870 secs] 4.000: [GC 20638K-5063K(260160K), 0.0080940 secs] 4.305: [GC 21255K-6302K(260160K), 0.0060890 secs] 4.598: [GC 22494K-6323K(260160K), 0.0062020 secs] 5.664: [GC 22515K-7098K(260160K), 0.0055070 secs] 6.980: [GC 23290K-8708K(260160K), 0.0176410 secs] 7.332: [GC 24900K-12045K(260160K), 0.0179400 secs] 7.794: [Full GC 24591K-12864K(260160K), 0.2538960 secs] 8.476: [GC 29184K-14200K(260288K), 0.0080560 secs] 8.939: [GC 30520K-15401K(260288K), 0.0407000 secs] 9.379: [GC 31721K-16897K(260288K), 0.0099850 secs] 9.603: [GC 33217K-16652K(260288K), 0.0649140 secs] 10.498: [GC 32972K-17768K(260288K), 0.0068540 secs] 10.885: [GC 34088K-18538K(260288K), 0.0084330 secs] 11.225: [GC 34858K-19584K(260288K), 0.0071730 secs] 11.466: [GC 35904K-20313K(260288K), 0.0050570 secs] 12.128: [GC 36633K-20565K(260288K), 0.0042210 secs] 12.385: [Full GC 26015K-20204K(260288K), 0.2847340 secs] 13.817: [GC 36524K-22174K(260288K), 0.0155690 secs] 14.127: [GC 38494K-25303K(260288K), 0.0816490 secs] 14.671: [GC 41623K-27150K(260288K), 0.0436660 secs] 15.173: [GC 43470K-28757K(260288K), 0.0140720 secs] 15.414: [Full GC 32030K-28926K(260288K), 0.3071990 secs] 65.004: [GC 45310K-31775K(260352K), 0.0105440 secs] [root@server logs]# On Thu, Jan 23, 2014 at 10:33 PM, André Warnier a...@ice-sa.com wrote: Randeep wrote: Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log' Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat- 6.0.37/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. So I better monitor this and if I get the OOM again I have to increase Max limit! Maybe you should provide a full path for the -Xloggc option ? On Thu, Jan 23, 2014 at 8:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity( AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at com.xxx.xxx.servlet.WServlet$1.run(WServlet.java:414) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) If you are trying to serialize huge JSON objects, this is going to happen. I'm not sure if JSON is as smart as the Java Serialization engine, but if you have a circular-reference in your object graph, I'd be willing to bet that the JSON serializer
Re: Out of memory exception
I mean i'd to give full path. like this export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:/usr/share/apache-tomcat-6.0.37/logs/heap.log' On Thu, Jan 23, 2014 at 10:47 PM, Randeep randeep...@gmail.com wrote: Thanks. That worked. Anything unusual? Garbage collection is happening too often? [root@server logs]# cat /usr/share/apache-tomcat-6.0.37/logs/heap.log 1.910: [GC 16192K-1923K(260160K), 0.0150080 secs] 2.454: [GC 18115K-3151K(260160K), 0.0137140 secs] 2.760: [GC 19343K-3309K(260160K), 0.0058220 secs] 3.648: [GC 19501K-4446K(260160K), 0.0062870 secs] 4.000: [GC 20638K-5063K(260160K), 0.0080940 secs] 4.305: [GC 21255K-6302K(260160K), 0.0060890 secs] 4.598: [GC 22494K-6323K(260160K), 0.0062020 secs] 5.664: [GC 22515K-7098K(260160K), 0.0055070 secs] 6.980: [GC 23290K-8708K(260160K), 0.0176410 secs] 7.332: [GC 24900K-12045K(260160K), 0.0179400 secs] 7.794: [Full GC 24591K-12864K(260160K), 0.2538960 secs] 8.476: [GC 29184K-14200K(260288K), 0.0080560 secs] 8.939: [GC 30520K-15401K(260288K), 0.0407000 secs] 9.379: [GC 31721K-16897K(260288K), 0.0099850 secs] 9.603: [GC 33217K-16652K(260288K), 0.0649140 secs] 10.498: [GC 32972K-17768K(260288K), 0.0068540 secs] 10.885: [GC 34088K-18538K(260288K), 0.0084330 secs] 11.225: [GC 34858K-19584K(260288K), 0.0071730 secs] 11.466: [GC 35904K-20313K(260288K), 0.0050570 secs] 12.128: [GC 36633K-20565K(260288K), 0.0042210 secs] 12.385: [Full GC 26015K-20204K(260288K), 0.2847340 secs] 13.817: [GC 36524K-22174K(260288K), 0.0155690 secs] 14.127: [GC 38494K-25303K(260288K), 0.0816490 secs] 14.671: [GC 41623K-27150K(260288K), 0.0436660 secs] 15.173: [GC 43470K-28757K(260288K), 0.0140720 secs] 15.414: [Full GC 32030K-28926K(260288K), 0.3071990 secs] 65.004: [GC 45310K-31775K(260352K), 0.0105440 secs] [root@server logs]# On Thu, Jan 23, 2014 at 10:33 PM, André Warnier a...@ice-sa.com wrote: Randeep wrote: Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log' Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat- 6.0.37/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. So I better monitor this and if I get the OOM again I have to increase Max limit! Maybe you should provide a full path for the -Xloggc option ? On Thu, Jan 23, 2014 at 8:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity( AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at com.xxx.xxx.servlet.WServlet$1.run(WServlet.java:414) at java.util.TimerThread.mainLoop(Timer.java:512) at
Re: Out of memory exception
I have added -XX:+HeapDumpOnOutOfMemoryError also. Thanks. On Thu, Jan 23, 2014 at 10:49 PM, Randeep randeep...@gmail.com wrote: I mean i'd to give full path. like this export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:/usr/share/apache-tomcat-6.0.37/logs/heap.log' On Thu, Jan 23, 2014 at 10:47 PM, Randeep randeep...@gmail.com wrote: Thanks. That worked. Anything unusual? Garbage collection is happening too often? [root@server logs]# cat /usr/share/apache-tomcat-6.0.37/logs/heap.log 1.910: [GC 16192K-1923K(260160K), 0.0150080 secs] 2.454: [GC 18115K-3151K(260160K), 0.0137140 secs] 2.760: [GC 19343K-3309K(260160K), 0.0058220 secs] 3.648: [GC 19501K-4446K(260160K), 0.0062870 secs] 4.000: [GC 20638K-5063K(260160K), 0.0080940 secs] 4.305: [GC 21255K-6302K(260160K), 0.0060890 secs] 4.598: [GC 22494K-6323K(260160K), 0.0062020 secs] 5.664: [GC 22515K-7098K(260160K), 0.0055070 secs] 6.980: [GC 23290K-8708K(260160K), 0.0176410 secs] 7.332: [GC 24900K-12045K(260160K), 0.0179400 secs] 7.794: [Full GC 24591K-12864K(260160K), 0.2538960 secs] 8.476: [GC 29184K-14200K(260288K), 0.0080560 secs] 8.939: [GC 30520K-15401K(260288K), 0.0407000 secs] 9.379: [GC 31721K-16897K(260288K), 0.0099850 secs] 9.603: [GC 33217K-16652K(260288K), 0.0649140 secs] 10.498: [GC 32972K-17768K(260288K), 0.0068540 secs] 10.885: [GC 34088K-18538K(260288K), 0.0084330 secs] 11.225: [GC 34858K-19584K(260288K), 0.0071730 secs] 11.466: [GC 35904K-20313K(260288K), 0.0050570 secs] 12.128: [GC 36633K-20565K(260288K), 0.0042210 secs] 12.385: [Full GC 26015K-20204K(260288K), 0.2847340 secs] 13.817: [GC 36524K-22174K(260288K), 0.0155690 secs] 14.127: [GC 38494K-25303K(260288K), 0.0816490 secs] 14.671: [GC 41623K-27150K(260288K), 0.0436660 secs] 15.173: [GC 43470K-28757K(260288K), 0.0140720 secs] 15.414: [Full GC 32030K-28926K(260288K), 0.3071990 secs] 65.004: [GC 45310K-31775K(260352K), 0.0105440 secs] [root@server logs]# On Thu, Jan 23, 2014 at 10:33 PM, André Warnier a...@ice-sa.com wrote: Randeep wrote: Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log' Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat- 6.0.37/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. So I better monitor this and if I get the OOM again I have to increase Max limit! Maybe you should provide a full path for the -Xloggc option ? On Thu, Jan 23, 2014 at 8:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity( AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java: 572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at
Re: Out of memory exception
On Jan 23, 2014, at 12:22 PM, Randeep randeep...@gmail.com wrote: I have added -XX:+HeapDumpOnOutOfMemoryError also. Thanks. Please stop top posting. Post your comments inline or at the bottom, like everyone else. It makes following the conversation much easier. Dan On Thu, Jan 23, 2014 at 10:49 PM, Randeep randeep...@gmail.com wrote: I mean i'd to give full path. like this export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:/usr/share/apache-tomcat-6.0.37/logs/heap.log' On Thu, Jan 23, 2014 at 10:47 PM, Randeep randeep...@gmail.com wrote: Thanks. That worked. Anything unusual? Garbage collection is happening too often? [root@server logs]# cat /usr/share/apache-tomcat-6.0.37/logs/heap.log 1.910: [GC 16192K-1923K(260160K), 0.0150080 secs] 2.454: [GC 18115K-3151K(260160K), 0.0137140 secs] 2.760: [GC 19343K-3309K(260160K), 0.0058220 secs] 3.648: [GC 19501K-4446K(260160K), 0.0062870 secs] 4.000: [GC 20638K-5063K(260160K), 0.0080940 secs] 4.305: [GC 21255K-6302K(260160K), 0.0060890 secs] 4.598: [GC 22494K-6323K(260160K), 0.0062020 secs] 5.664: [GC 22515K-7098K(260160K), 0.0055070 secs] 6.980: [GC 23290K-8708K(260160K), 0.0176410 secs] 7.332: [GC 24900K-12045K(260160K), 0.0179400 secs] 7.794: [Full GC 24591K-12864K(260160K), 0.2538960 secs] 8.476: [GC 29184K-14200K(260288K), 0.0080560 secs] 8.939: [GC 30520K-15401K(260288K), 0.0407000 secs] 9.379: [GC 31721K-16897K(260288K), 0.0099850 secs] 9.603: [GC 33217K-16652K(260288K), 0.0649140 secs] 10.498: [GC 32972K-17768K(260288K), 0.0068540 secs] 10.885: [GC 34088K-18538K(260288K), 0.0084330 secs] 11.225: [GC 34858K-19584K(260288K), 0.0071730 secs] 11.466: [GC 35904K-20313K(260288K), 0.0050570 secs] 12.128: [GC 36633K-20565K(260288K), 0.0042210 secs] 12.385: [Full GC 26015K-20204K(260288K), 0.2847340 secs] 13.817: [GC 36524K-22174K(260288K), 0.0155690 secs] 14.127: [GC 38494K-25303K(260288K), 0.0816490 secs] 14.671: [GC 41623K-27150K(260288K), 0.0436660 secs] 15.173: [GC 43470K-28757K(260288K), 0.0140720 secs] 15.414: [Full GC 32030K-28926K(260288K), 0.3071990 secs] 65.004: [GC 45310K-31775K(260352K), 0.0105440 secs] [root@server logs]# On Thu, Jan 23, 2014 at 10:33 PM, André Warnier a...@ice-sa.com wrote: Randeep wrote: Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log' Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat- 6.0.37/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. So I better monitor this and if I get the OOM again I have to increase Max limit! Maybe you should provide a full path for the -Xloggc option ? On Thu, Jan 23, 2014 at 8:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity( AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java: 572) at
Re: Deny Put Delete
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hassan, On 1/23/14, 11:08 AM, Hassan Schroeder wrote: On Thu, Jan 23, 2014 at 7:09 AM, Stephan Fletcher sfletc...@bohrensmoving.com wrote: It's a third party that is running the scan. I've dealt with similar nonsensical compliance scans before, and my response was: You believe you can PUT or DELETE files on this installation? ** makes popcorn ** Please proceed. I'll sit here and watch. Take your time. Morons. Bane of productive peoples' existence. Also, a special place in hell for the writers of these scanners... /rant We should recommend that these folks file bugs against the scanner software they use. That way, the customer can sit back and make popcorn while the vendor fixes the bug. Meh, they'll probably ignore it. They get paid whether the scan is useful or not. I called-around looking for pen-testing outfits and their prices were insanely low. I asked about their methodology and they basically said they have a pen testing suite -- an automated tool. I told them thanks for their time and never bothered engaging any of them... I can run automated tools myself. Nessus just ain't that expensive. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4VHtAAoJEBzwKT+lPKRY8bIQAKiE3WQKH2Db/O/OYxsKGj9Q 2XmlJu0LPAwHrDxyvdHKZRbnHcqNimpoa04Ce5Gw6t/x+CSnmzCJ6Mzi7J0OPun6 xkTAV3dcMF6E/tp8lygeNzCpqiPexCjT0LBTWg1t+SkpeXJFcgck14ySEf2XwZfX bym+wp33v6K899Qtmq9mdHEdtTpFpwsmDXIlieYBN0sFTmsquDv+OQC4wE1aSCdH vaha+6TaUK6ua0mp//bOD9AkpPLYUp/N6OaxezfLxKo0vgk/iYeQ/eTiXhGI6Ngs BsRLvwl4PX3QSkkje7YXvALbbPnOPik9/4/WBdtQYzYd70oVreWfoPKmg2jOA5Dw aZuZxvOGM1shRmZ6nGEnLpTjhRedPDCs+/RpLDRfsG66qg+jy6IwSP916B+cUDF7 SPUA+cqBM/tMYHKMm5bDx5zrsyrlLZs1mh48iA6oC1awLl+XXDjN6il7gF657y0P 0jTCMuokR6Gyd/MPo/06MqPY7J2dRV/NPsSHk7ZkjII8BWcQq3a3m2xsjX0g9CD/ Bde6xgFtDV+lKA+SsOLUyrvbeFlLu96CQEvVmb9dKCr3frQ5Z8dOITvzYKo8+Kif N1jlVIv6+1lymHJ9Yk8XFGyO7hKY50X9xTGbQQ6J7H9Fk9a0X78zcXzSuFCNrlfn OfRMlLQQSqgmyUhUjaax =B8vG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory exception
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 11:38 AM, Randeep wrote: Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log' Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat-6.0.37/conf/logging.properties - -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. You should use a full path in Xloggc:heap so you always know where the file is. As it stands, it will be in the CWD of the JVM process. Not sure where that is, because you can run startup.sh from anywhere. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4VJYAAoJEBzwKT+lPKRYhgwP/RZq8grS3/bFNdQL69AV05EF lRTQWinc6rC9Au3Nqw2u0coydpyspNYJemLJaRgTAN0NPlKMU1mZBcqOrFftnt7R nUffJeql5Zx2Ef5uT9NhPlLnJpwuSR3oMHk/hs6qiokZaLs5uqzCk/e1/JcH2qi6 Yjnuhfx5wFUO4S6ld0datFmChLFs6XySfhi+2CilFo2Kw4pkdM2Otnf8hD72FW6k zUGomd9AQw/Jj9/+EojyNYVO/dbcBF5Qa2mnt1PO1tE39x7G7TziQgY4My06MXXV xTrVkkPqYaKerA6JHK89GRHqZFOV6/acOZ8PE1BDQ6cb4EhY+FeyEI8CKo18kUDd XoUttISMIElnCpjbNPoxLDbt66CrUIb1gz8Xe2YxWFMib9V1Seq0xvmMarbUTXRg aeql1spWOEJJf3GR/qpu13AmPt9lTD2t0gDpY+MeB/guShJxm1pU3TEJ/V7FwxBn vJWfNI82RBHCzlUt0aGryYjw19bmgc3Z1st2GMU8WGiDeYFx6nrMUn1QzsWi7QuW k6ZVhkc0mdzXBVyeymWcZE87IKNvlwtOJF3rUpQkvSBxOw3ivLvDVILWLKaDxXCk ncPTFenz4ETNJ0bPQFcf3q45+Bb03YiifqTfNlnE5/+57fvd+J0INYIWlI91rsHP sjppv6K1BzrAe5LPvGTN =WyIX -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory exception
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 12:17 PM, Randeep wrote: Thanks. That worked. Anything unusual? Garbage collection is happening too often? [root@server logs]# cat /usr/share/apache-tomcat-6.0.37/logs/heap.log 1.910: [GC 16192K-1923K(260160K), 0.0150080 secs] 2.454: [GC 18115K-3151K(260160K), 0.0137140 secs] 2.760: [GC 19343K-3309K(260160K), 0.0058220 secs] 3.648: [GC 19501K-4446K(260160K), 0.0062870 secs] 4.000: [GC 20638K-5063K(260160K), 0.0080940 secs] 4.305: [GC 21255K-6302K(260160K), 0.0060890 secs] 4.598: [GC 22494K-6323K(260160K), 0.0062020 secs] 5.664: [GC 22515K-7098K(260160K), 0.0055070 secs] 6.980: [GC 23290K-8708K(260160K), 0.0176410 secs] 7.332: [GC 24900K-12045K(260160K), 0.0179400 secs] 7.794: [Full GC 24591K-12864K(260160K), 0.2538960 secs] 8.476: [GC 29184K-14200K(260288K), 0.0080560 secs] 8.939: [GC 30520K-15401K(260288K), 0.0407000 secs] 9.379: [GC 31721K-16897K(260288K), 0.0099850 secs] 9.603: [GC 33217K-16652K(260288K), 0.0649140 secs] 10.498: [GC 32972K-17768K(260288K), 0.0068540 secs] 10.885: [GC 34088K-18538K(260288K), 0.0084330 secs] 11.225: [GC 34858K-19584K(260288K), 0.0071730 secs] 11.466: [GC 35904K-20313K(260288K), 0.0050570 secs] 12.128: [GC 36633K-20565K(260288K), 0.0042210 secs] 12.385: [Full GC 26015K-20204K(260288K), 0.2847340 secs] 13.817: [GC 36524K-22174K(260288K), 0.0155690 secs] 14.127: [GC 38494K-25303K(260288K), 0.0816490 secs] 14.671: [GC 41623K-27150K(260288K), 0.0436660 secs] 15.173: [GC 43470K-28757K(260288K), 0.0140720 secs] 15.414: [Full GC 32030K-28926K(260288K), 0.3071990 secs] 65.004: [GC 45310K-31775K(260352K), 0.0105440 secs] [root@server logs]# Do what I do: write a Perl script to pull-apart the data from above into something useful, like CSV, and then use a spreadsheet to graph the data. Graphing heap data *really* helps. Looking at numbers is ... useless. - -chris On Thu, Jan 23, 2014 at 10:33 PM, André Warnier a...@ice-sa.com wrote: Randeep wrote: Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log' Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat- 6.0.37/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager - -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. So I better monitor this and if I get the OOM again I have to increase Max limit! Maybe you should provide a full path for the -Xloggc option ? On Thu, Jan 23, 2014 at 8:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity( AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at
Re: Weird issue setting up SSL on a WinDoze box
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chuck, On 1/22/14, 8:26 PM, Caldarale, Charles R wrote: From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] Subject: Weird issue setting up SSL on a WinDoze box Caused by: java.lang.Exception: Connector attribute SSLCertificateFile must be defined when using SSL with APR The relevant connector tag in server.xml is, on this installation, Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true keystoreFile=C:/Program Files/Apache Software Foundation/Tomcat 7.0/wttomcat.ks keyAlias = wintouch clientAuth=false sslProtocol=TLS / You have installed and enabled the APR connector, but are trying to use the Java keystore. To be a bit more clear: when you don't specify the exact class name of your Connector, there are two defaults: APR connector if APR is available, and BIO connector otherwise. So you are a victim of a silent default that you didn't know about. APR uses OpenSSL, so its configuration is quite different, as is the certificate file: http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support_-_APR/Native If you want to use the Java SSL mechanism (it's slower), comment out the APR listener in server.xml: http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html#APR_Lifecycle_Listener_-_org.apache.catalina.core.AprLifecycleListener Or set SSLEngine=off in the Listener's configuration. I guess you might still want to use the native random-number generator for session ids, though APR without SSL is kind of ... silly. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4VOeAAoJEBzwKT+lPKRYBQkQAMGK2TmpSbtWlWovxikE7Sjx 2qrJmO3U1Bte4gsgmh6TH7Vw8/8cqg3e4geeOyCf49phhZ/8Q6OmLoDGtinthNzE +afgv2v/9oKE/FrVUNOTVQIOl0nocb7W09JMjJ1xFuwm3d2l8+pJGy2zXHBW9cyy DB0HQUGa+AaNXqhCEjQ8dSf15E4Amrlc9HlP6P76Reu1Kbo++T+0Ex7ierYf3MfM 1tpT8xSX26wQP/15EZEuA3p59xZdBBH72bFHcLE34UrH/j2SnLMJROG+VeNrX7Z7 j+9C4fkfMX5Wxv8kIz9u9N//Gr/pnaRWGacGp5GdS5taoYTa5/kVBO5z1bbG8YeA yT95/kWt4053IOg1Iv00eZhMSjuNJb8X/TexKvgaMI06IicjrP9koMfNh4XxDSRv SMqhmrQhOhhJ2caZJDdVt5shBGPNLa0e12hBMxszwA6EOx31KZByYpwaQZOZ34g5 vvfvT12SYPq02i+tdzwBagzrQgL1ANwCiwVY5sNNq4VJXXnDJkYtuPEptiGxO0vv JhCwonwROsLxo3Hnc4yOnE3Vpk8cdnPhv/gnciFb5/2WI7MNTfAxcSLW3Q+g+0zo ILIvxheJ0pxL8pJgLFKlUE6nrkc8qW+LsWF0/HPKj81a90AuggevLK+EbZ2wsROE Alx/EdPraWvXVlz8WrWy =NGls -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Out of memory exception
Doing anything as root conceals the errors. Tomcat is no exception and changing it to a real user makes your testing complete. On Thursday, January 23, 2014 12:36 PM, Daniel Mikusa dmik...@gopivotal.com wrote: On Jan 23, 2014, at 11:38 AM, Randeep randeep...@gmail.com wrote: Hi all, Thanks a lot for valuable points. Here the information you guys asked and the changes I made. OS : CentOS release 5.4 (Final) httpd-2.2.3-65.el5.centos(front_end) +(mod_jk)+ apache-tomcat-6.0.37 I installed httpd using yum. Downloaded tomcat from Apache as compressed archive(tar.gz) I'm using following startup script. [root@server ~]# cat /etc/init.d/tomcat6 #!/bin/bash # description: Tomcat Start Stop Restart # processname: tomcat # chkconfig: 234 20 80 JAVA_HOME=/usr/java/default export JAVA_HOME PATH=$JAVA_HOME/bin:$PATH export PATH CATALINA_HOME=/usr/share/apache-tomcat-6.0.37 case $1 in start) sh $CATALINA_HOME/bin/startup.sh ;; stop) sh $CATALINA_HOME/bin/shutdown.sh ;; restart) sh $CATALINA_HOME/bin/shutdown.sh sh $CATALINA_HOME/bin/startup.sh ;; esac exit 0 As you said, I removed the JAVA_OPTS declaration from .bash_profile and I have created setenv.sh and set JAVA_OPTS in it. [root@server bin]# pwd /usr/share/apache-tomcat-6.0.37/bin [root@server bin]# cat setenv.sh export JAVA_OPTS='-Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log’ Based on the name of the file you’re listing, it makes me think you’re confusing what this option does. It’s a garbage collection log. While that shows some info about the heap, it’s mainly targeted towards knowing what’s happening with GC in your process. I can’t help but think you might be looking for -XX:+HeapDumpOnOutOfMemoryError, which generates a heap dump when you get an OOME. Now it shows in grep. [root@server bin]# ps aux | grep Bootstrap root 1100 33.7 5.4 707052 95240 pts/0 Sl 11:29 0:06 /usr/java/default/bin/java -Djava.util.logging.config.file=/usr/share/apache-tomcat-6.0.37/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Xms256m -Xmx512m -Xss512k -verbose:gc -Xloggc:heap.log -Djava.endorsed.dirs=/usr/share/apache-tomcat-6.0.37/endorsed -classpath /usr/share/apache-tomcat-6.0.37/bin/bootstrap.jar -Dcatalina.base=/usr/share/apache-tomcat-6.0.37 -Dcatalina.home=/usr/share/apache-tomcat-6.0.37 -Djava.io.tmpdir=/usr/share/apache-tomcat-6.0.37/temp org.apache.catalina.startup.Bootstrap start root 1158 0.0 0.0 3932 692 pts/0 R+ 11:29 0:00 grep Bootstrap [root@server bin]# But nothing came in heap.log. Try using this option instead: -Xloggc:$CATALINA_BASE/logs/heap.log” That should put the file in your “logs” directory. Dan So I better monitor this and if I get the OOM again I have to increase Max limit! On Thu, Jan 23, 2014 at 8:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Randeep, On 1/23/14, 7:43 AM, Randeep wrote: I'm getting out of memory exception errors. :( Exception in thread Timer-1 java.lang.OutOfMemoryError: Java heap space at java.util.Arrays.copyOf(Arrays.java:2882) at java.lang.AbstractStringBuilder.expandCapacity(AbstractStringBuilder.java:100) at java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:572) at java.lang.StringBuffer.append(StringBuffer.java:320) at org.json.JSONArray.toString(JSONArray.java:834) at org.json.JSONObject.valueToString(JSONObject.java:1359) at org.json.JSONObject.toString(JSONObject.java:1233) at com.xxx.xxx.servlet.WServlet.writeProgramJson(WServlet.java:503) at com.xxx.xxx.servlet.WServlet$1.run(WServlet.java:414) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) If you are trying to serialize huge JSON objects, this is going to happen. I'm not sure if JSON is as smart as the Java Serialization engine, but if you have a circular-reference in your object graph, I'd be willing to bet that the JSON serializer will run forever and exhaust your heap. It's also possible that you simply have a tiny heap and need more, especially if you aren't currently setting any heap parameters. Is there anyway to see currently set jvm heap size details? Any linux commands. You can attach any profiler to your app. Good luck catching this in the act, though, in production. You can also use jmap -heap which comes with the JDK. Just point it at a process and you'll get a heap summary from a running JVM. Make sure your JVM and jmap version match. I have tried creating setenv.sh and putting the new parameters in it. but echo $JAVA_OPTS was not giving any value. setenv.sh is run during Tomcat startup. Running echo $JAVA_OPTS from the command-line isn't going to reveal anything. What you want to do is modify setenv.sh, re-launch Tomcat, and then look at the process command line... something
Re: [OT] Out of memory exception - top posting
Ray Holme wrote: Doing anything as root conceals the errors. Tomcat is no exception and changing it to a real user makes your testing complete. Guys, I think that the rule (or should I say suggestion ?) on this list to *not* top-post is not working. Either people don't read the rules, or they do not understand the rule, or they just ignore it. Anyway, it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
On Thu, Jan 23, 2014 at 12:08 PM, André Warnier a...@ice-sa.com wrote: it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? Does this topic go back to the usenet days of the early 80s? Top posting vs bottom posting? It is so customary to simply reply to people in the MS Outlook world that all of those people get used to top posting, because they know nothing different, until they come here. I'm getting used to bottom posting, but it drives my co-workers crazy and is not proper form where I work. I think this we might be chasing the wind here. Leo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
2014/1/23 André Warnier a...@ice-sa.com: Ray Holme wrote: Doing anything as root conceals the errors. Tomcat is no exception and changing it to a real user makes your testing complete. Guys, I think that the rule (or should I say suggestion ?) on this list to *not* top-post is not working. Either people don't read the rules, or they do not understand the rule, or they just ignore it. Anyway, it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? One of those rules is do not use HTML formatting. So you cannot use bold. One of real issues that I fixed several times is that the references to our mailing list should point to the Mailing Lists page (http://tomcat.apache.org/lists.html#tomcat-users), instead of just providing the subscription address. I might have missed to fix some of those. - just ignore top-posts ? That is what I usually do. - drop the rule ? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
On 1/23/2014 11:21 AM, Leo Donahue wrote: On Thu, Jan 23, 2014 at 12:08 PM, André Warnier a...@ice-sa.com wrote: it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? Does this topic go back to the usenet days of the early 80s? Top posting vs bottom posting? It is so customary to simply reply to people in the MS Outlook world that all of those people get used to top posting, because they know nothing different, until they come here. I'm getting used to bottom posting, but it drives my co-workers crazy and is not proper form where I work. I think this we might be chasing the wind here. Leo There are probably lots of reasons for top-posting, and I don't think we can lay the blame on the MS Outlook world. The people I work with use a mixture of Thunderbird, web-based interfaces, and Outlook. Every one of them top-posts :-(. I think top-posting says a lot about the thought process of the poster. To me it says, my issue, problem, answer, concern is of paramount importance. You should remember everything about my issue. After all, I remember everything about my issue. The attitude is probably not malicious, but more along the lines of a lack of perspective. Two things to consider when posting to a public mailing list: 1. There are lots of topics - people don't keep up with all of them 2. Many people have more pressing concerns - your issue isn't one of them In a work environment, top-posting may be rational since hopefully you're getting mail on issues of primary importance. In an open mailing list, bottom-posting or in-line posting makes sense because contributors are doing this on a voluntary basis (beats rewriting a build process in Maven for example :-p). Also, your concern is most likely not their concern. In short, the contributors aren't spending as many cycles on the issue as the original poster is. This goes along with providing a complete description of your environment and how you arrived at the problem. Within a work environment, there's shared knowledge. In a public mailing list, no one knows but the original poster. Oh, and brevity is probably a good model (shoot me now). . . . . just my two cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
Unfortunately that will mean that all folks who use yahoo need to copy and paste all messages. I have tried reply and reply to conversation but with the new yahoo paradigm (a couple months ago, they changed things) - it no longer allows me to post inside of an email as it did in the past. I understand your frustration and will try to always fully copy a message to an editor in order to allow me to edit and NOT top post. Apologies and my 1/2 cent. rah On Thursday, January 23, 2014 2:44 PM, Mark Eggers its_toas...@yahoo.com wrote: On 1/23/2014 11:21 AM, Leo Donahue wrote: On Thu, Jan 23, 2014 at 12:08 PM, André Warnier a...@ice-sa.com wrote: it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? Does this topic go back to the usenet days of the early 80s? Top posting vs bottom posting? It is so customary to simply reply to people in the MS Outlook world that all of those people get used to top posting, because they know nothing different, until they come here. I'm getting used to bottom posting, but it drives my co-workers crazy and is not proper form where I work. I think this we might be chasing the wind here. Leo There are probably lots of reasons for top-posting, and I don't think we can lay the blame on the MS Outlook world. The people I work with use a mixture of Thunderbird, web-based interfaces, and Outlook. Every one of them top-posts :-(. I think top-posting says a lot about the thought process of the poster. To me it says, my issue, problem, answer, concern is of paramount importance. You should remember everything about my issue. After all, I remember everything about my issue. The attitude is probably not malicious, but more along the lines of a lack of perspective. Two things to consider when posting to a public mailing list: 1. There are lots of topics - people don't keep up with all of them 2. Many people have more pressing concerns - your issue isn't one of them In a work environment, top-posting may be rational since hopefully you're getting mail on issues of primary importance. In an open mailing list, bottom-posting or in-line posting makes sense because contributors are doing this on a voluntary basis (beats rewriting a build process in Maven for example :-p). Also, your concern is most likely not their concern. In short, the contributors aren't spending as many cycles on the issue as the original poster is. This goes along with providing a complete description of your environment and how you arrived at the problem. Within a work environment, there's shared knowledge. In a public mailing list, no one knows but the original poster. Oh, and brevity is probably a good model (shoot me now). . . . . just my two cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] Out of memory exception - top posting
From: Ray Holme [mailto:rayho...@yahoo.com] Subject: Re: [OT] Out of memory exception - top posting Unfortunately that will mean that all folks who use yahoo need to copy and paste all messages. It appears that Mark E has no trouble with in-line posting from yahoo; perhaps he can share his technique. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
Reply at the bottom . . . and one in-line for fun. On Thursday, January 23, 2014 12:22 PM, Ray Holme rayho...@yahoo.com wrote: Unfortunately that will mean that all folks who use yahoo need to copy and paste all messages. I have tried reply and reply to conversation but with the new yahoo paradigm (a couple months ago, they changed things) - it no longer allows me to post inside of an email as it did in the past. This is an in-line reply with Yahoo's web mail interface. I understand your frustration and will try to always fully copy a message to an editor in order to allow me to edit and NOT top post. Apologies and my 1/2 cent. rah On Thursday, January 23, 2014 2:44 PM, Mark Eggers its_toas...@yahoo.com wrote: On 1/23/2014 11:21 AM, Leo Donahue wrote: On Thu, Jan 23, 2014 at 12:08 PM, André Warnier a...@ice-sa.com wrote: it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? Does this topic go back to the usenet days of the early 80s? Top posting vs bottom posting? It is so customary to simply reply to people in the MS Outlook world that all of those people get used to top posting, because they know nothing different, until they come here. I'm getting used to bottom posting, but it drives my co-workers crazy and is not proper form where I work. I think this we might be chasing the wind here. Leo There are probably lots of reasons for top-posting, and I don't think we can lay the blame on the MS Outlook world. The people I work with use a mixture of Thunderbird, web-based interfaces, and Outlook. Every one of them top-posts :-(. I think top-posting says a lot about the thought process of the poster. To me it says, my issue, problem, answer, concern is of paramount importance. You should remember everything about my issue. After all, I remember everything about my issue. The attitude is probably not malicious, but more along the lines of a lack of perspective. Two things to consider when posting to a public mailing list: 1. There are lots of topics - people don't keep up with all of them 2. Many people have more pressing concerns - your issue isn't one of them In a work environment, top-posting may be rational since hopefully you're getting mail on issues of primary importance. In an open mailing list, bottom-posting or in-line posting makes sense because contributors are doing this on a voluntary basis (beats rewriting a build process in Maven for example :-p). Also, your concern is most likely not their concern. In short, the contributors aren't spending as many cycles on the issue as the original poster is. This goes along with providing a complete description of your environment and how you arrived at the problem. Within a work environment, there's shared knowledge. In a public mailing list, no one knows but the original poster. Oh, and brevity is probably a good model (shoot me now). . . . . just my two cents /mde/ Hmm, I normally don't use the web interface. I access my Yahoo account via IMAP and Thunderbird. Just for kicks, I thought I would access it via the web interface and reply to your message. On a Windows box, Ctrl-End gets me to the end of the message. I then trim off the mailing list footer, and finally type in my reply. Voila - no top-posting. I don't know about the tablet version or phone version of Yahoo! mail. /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
On Thursday, January 23, 2014 3:41 PM, Mark Eggers its_toas...@yahoo.com wrote: Reply at the bottom . . . and one in-line for fun. On Thursday, January 23, 2014 12:22 PM, Ray Holme rayho...@yahoo.com wrote: Unfortunately that will mean that all folks who use yahoo need to copy and paste all messages. I have tried reply and reply to conversation but with the new yahoo paradigm (a couple months ago, they changed things) - it no longer allows me to post inside of an email as it did in the past. This is an in-line reply with Yahoo's web mail interface. I understand your frustration and will try to always fully copy a message to an editor in order to allow me to edit and NOT top post. Apologies and my 1/2 cent. rah On Thursday, January 23, 2014 2:44 PM, Mark Eggers its_toas...@yahoo.com wrote: On 1/23/2014 11:21 AM, Leo Donahue wrote: On Thu, Jan 23, 2014 at 12:08 PM, André Warnier a...@ice-sa.com wrote: it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? Does this topic go back to the usenet days of the early 80s? Top posting vs bottom posting? It is so customary to simply reply to people in the MS Outlook world that all of those people get used to top posting, because they know nothing different, until they come here. I'm getting used to bottom posting, but it drives my co-workers crazy and is not proper form where I work. I think this we might be chasing the wind here. Leo There are probably lots of reasons for top-posting, and I don't think we can lay the blame on the MS Outlook world. The people I work with use a mixture of Thunderbird, web-based interfaces, and Outlook. Every one of them top-posts :-(. I think top-posting says a lot about the thought process of the poster. To me it says, my issue, problem, answer, concern is of paramount importance. You should remember everything about my issue. After all, I remember everything about my issue. The attitude is probably not malicious, but more along the lines of a lack of perspective. Two things to consider when posting to a public mailing list: 1. There are lots of topics - people don't keep up with all of them 2. Many people have more pressing concerns - your issue isn't one of them In a work environment, top-posting may be rational since hopefully you're getting mail on issues of primary importance. In an open mailing list, bottom-posting or in-line posting makes sense because contributors are doing this on a voluntary basis (beats rewriting a build process in Maven for example :-p). Also, your concern is most likely not their concern. In short, the contributors aren't spending as many cycles on the issue as the original poster is. This goes along with providing a complete description of your environment and how you arrived at the problem. Within a work environment, there's shared knowledge. In a public mailing list, no one knows but the original poster. Oh, and brevity is probably a good model (shoot me now). . . . . just my two cents /mde/ Hmm, I normally don't use the web interface. I access my Yahoo account via IMAP and Thunderbird. Just for kicks, I thought I would access it via the web interface and reply to your message. On a Windows box, Ctrl-End gets me to the end of the message. I then trim off the mailing list footer, and finally type in my reply. Voila - no top-posting. I don't know about the tablet version or phone version of Yahoo! mail. /mde/ My bad - I did NOT see the button to include message history. Sorry to all. And I am not using a table, just the web interface with Linux. I dug a while and there it was.
Re: [OT] Out of memory exception - top posting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 1/23/14, 2:08 PM, André Warnier wrote: Ray Holme wrote: Doing anything as root conceals the errors. Tomcat is no exception and changing it to a real user makes your testing complete. Guys, I think that the rule (or should I say suggestion ?) on this list to *not* top-post is not working. Either people don't read the rules, or they do not understand the rule, or they just ignore it. Anyway, it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? - -1 to all three. Tomcat (and the ASF as a whole) is a community, and our job as ... vocal? members of the community is to help meet the needs of that community. If top-posting irritates us, we just have to ask that people help us help themselves. But simply summarily ignoring top-posted replies is childish. If the top-posting becomes intolerable (it happens sometimes, especially when there is a complex thread going on and someone - usually the OP - continues to top-post), then feel free to stop replying. But don't crucify people for top-posting alone. Some people can't figure out how to reply properly. Just gently remind posters of the rules and get back to business. There is no need to reply to a post by simply saying Don't top-post and leaving it at that. Save your own time and the time of everyone else on the list (and the archives, where useless messages can't be removed) and just skip that step. If you want to reply meaningfully, feel free to add the don't top-post somewhere in your reply. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4ZIdAAoJEBzwKT+lPKRY+NIP/Aptl3OrcVu85Gp05ekxdds5 x1XmCBkdNnlz9ihom4hSvlm633Xg1Im1jQi+tiyY1ZdAgpzYV3K8zM5CykhuiuxN aWjvlCcKKKkH+6u5WfZQF3LwUFkRFz9WaHC+9LqMuDbHfdVJEuszkzRve6/njtcs FZ54RQQ2Af3x+8UWe9fdb9OoQFCebG08UqB2IgaYIQ7dp3nqlLke/+t+l3Ns0dU1 SLBQbZP3pcMiY9tU4cPTO+F025oITjdAsj8x6JapkA2IapxEsSQCG/35rERFDPUP mZF9jc1r8jz7PtgfcdSD6FfHi5AZfya4OJxzZKRQWEgm1Lp2UOeKaBwszNSojVqq kfxeDjVeFdRxsXEY1a8rlNNNXbfDVjeHV2IOm1LgzelpWlYf9daRKPo0dVGxOnRK 4Blkj1LcNbInWBBk8DfPfpfz3svsn6wNcv9qhgCCNJC5e3jyCjI5aahEij8lKqha hHe9u9xqaPp+47AmeCKa5QTaRuJE8ExTnpaUNNTRkmYnTmy/mLqouEsMHVbRlqgX ujvhg4jqP/ANlbe+ZXpHBeBjDeAWhqhP6f9wWRibZ8BXQdOPFpyNfIrHFpaMRsto jWcHpF2qHcOPuY3xSWvTPOwUCaVpWQt3IPWqIf+rVbdtCkzhd+jL+smo9UX82MaB PS8sanZTLZ0e8UrxTxzm =nlVi -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Fwd: basic tutorial failure on ant install
Hi all, I documented this issue on Stack Overflow. http://stackoverflow.com/questions/21317229/tomcat-tutorial-why-did-this-install-fail Here is my version info $ ~/Tomcat/tomcat/bin/version.sh Using CATALINA_BASE: /home/david/Tomcat/tomcat Using CATALINA_HOME: /home/david/Tomcat/tomcat Using CATALINA_TMPDIR: /home/david/Tomcat/tomcat/temp Using JRE_HOME:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.45.x86_64/ Using CLASSPATH: /home/david/Tomcat/tomcat/bin/bootstrap.jar:/home/david/Tomcat/tomcat/bin/tomcat-juli.jar Server version: Apache Tomcat/7.0.50 Server built: Dec 19 2013 10:18:12 Server number: 7.0.50.0 OS Name:Linux OS Version: 2.6.32-431.el6.x86_64 Architecture: amd64 JVM Version:1.7.0_45-mockbuild_2013_11_22_18_30-b00 JVM Vendor: Oracle Corporation In short, I am working through the basic tutorial. I am blocked on the install step here for unknown reasons: http://tomcat.apache.org/tomcat-7.0-doc/appdev/processes.html#Test_Your_Web_Application I have followed every instruction to a T, but on ant install I get this $ ant install Buildfile: build.xml Trying to override old definition of datatype resources prepare: compile: install: BUILD FAILED java.io.IOException: Server returned HTTP response code: 403 for URL: http://localhost:8080/manager/text/deploy?path=%2Ftomcat-tutorialwar=file%3A%2F%2F%2Fhome%2Fdavid%2FIdeaProjects%2Ftomcat-tutorial%2Fbuild at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1626) at org.apache.catalina.ant.AbstractCatalinaTask.execute(AbstractCatalinaTask.java:230) at org.apache.catalina.ant.DeployTask.execute(DeployTask.java:196) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:288) at sun.reflect.GeneratedMethodAccessor1.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) at org.apache.tools.ant.Task.perform(Task.java:348) at org.apache.tools.ant.Target.execute(Target.java:357) at org.apache.tools.ant.Target.performTasks(Target.java:385) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1337) at org.apache.tools.ant.Project.executeTarget(Project.java:1306) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41) at org.apache.tools.ant.Project.executeTargets(Project.java:1189) at org.apache.tools.ant.Main.runBuild(Main.java:758) at org.apache.tools.ant.Main.startAnt(Main.java:217) at org.apache.tools.ant.launch.Launcher.run(Launcher.java:257) at org.apache.tools.ant.launch.Launcher.main(Launcher.java:104) Here is my OS info [david@david tomcat-tutorial]$ uname -a Linux david.tongal.com 2.6.32-431.el6.x86_64 #1 SMP Fri Nov 22 03:15:09 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux Also as noted in the SO question, here is my Realm $ cat ~/Tomcat/tomcat/conf/tomcat-users.xml ?xml version='1.0' encoding='utf-8'? role rolename=tomcat/ role rolename=role1/ role rolename=manager/ user username=tomcat password=tomcat roles=tomcat/ user username=manager password=manager roles=manager/ /tomcat-users Thanks in advance for help -- Forwarded message -- From: David Williams da...@tongal.com Date: Thu, Jan 23, 2014 at 2:04 PM Subject: basic tutorial failure on ant install To: users@tomcat.apache.org Hi all, I documented this issue on Stack Overflow. http://stackoverflow.com/questions/21317229/tomcat-tutorial-why-did-this-install-fail Here is my version info $ ~/Tomcat/tomcat/bin/version.sh Using CATALINA_BASE: /home/david/Tomcat/tomcat Using CATALINA_HOME: /home/david/Tomcat/tomcat Using CATALINA_TMPDIR: /home/david/Tomcat/tomcat/temp Using JRE_HOME:/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.45.x86_64/ Using CLASSPATH: /home/david/Tomcat/tomcat/bin/bootstrap.jar:/home/david/Tomcat/tomcat/bin/tomcat-juli.jar Server version: Apache Tomcat/7.0.50 Server built: Dec 19 2013 10:18:12 Server number: 7.0.50.0 OS Name:Linux OS Version: 2.6.32-431.el6.x86_64 Architecture: amd64 JVM Version:1.7.0_45-mockbuild_2013_11_22_18_30-b00 JVM Vendor: Oracle Corporation In short, I am working through the basic tutorial. I am blocked on the install step here for unknown reasons: http://tomcat.apache.org/tomcat-7.0-doc/appdev/processes.html#Test_Your_Web_Application I have followed every instruction to a T, but on ant install I get this $ ant install Buildfile: build.xml Trying to override old definition of datatype resources prepare: compile: install: BUILD FAILED java.io.IOException: Server returned HTTP response code: 403 for URL: http://localhost:8080/manager/text/deploy?path=%2Ftomcat-tutorialwar=file%3A%2F%2F%2Fhome%2Fdavid%2FIdeaProjects%2Ftomcat-tutorial%2Fbuild at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1626) at
Re: Fwd: basic tutorial failure on ant install
On 23/01/2014 22:09, David Williams wrote: I have followed every instruction to a T, but on ant install I get this I think not... $ cat ~/Tomcat/tomcat/conf/tomcat-users.xml ?xml version='1.0' encoding='utf-8'? role rolename=tomcat/ role rolename=role1/ role rolename=manager/ user username=tomcat password=tomcat roles=tomcat/ user username=manager password=manager roles=manager/ /tomcat-users You need the manager-script role in order to use the /manager/text/... API Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
On Jan 23, 2014, at 2:05 PM, Christopher Schultz ch...@christopherschultz.net wrote: Some people can't figure out how to reply properly. Just gently remind posters of the rules and get back to business. There is no need to reply to a post by simply saying Don't top-post and leaving it at that. Save your own time and the time of everyone else on the list (and the archives, where useless messages can't be removed) and just skip that step. If you want to reply meaningfully, feel free to add the don't top-post somewhere in your reply. I agree. For some people, it may be their first post to the group (or even their first post to ANY group). They may simply not know community conventions. Don't want to scare them off. - Milo Hyson Chief Scientist CyberLife Labs, Inc. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: basic tutorial failure on ant install
That would be a nice add to the intro guide. Its nowhere to be found in the first three stages up to the install stage. On Thu, Jan 23, 2014 at 2:23 PM, Mark Thomas ma...@apache.org wrote: On 23/01/2014 22:09, David Williams wrote: I have followed every instruction to a T, but on ant install I get this I think not... $ cat ~/Tomcat/tomcat/conf/tomcat-users.xml ?xml version='1.0' encoding='utf-8'? role rolename=tomcat/ role rolename=role1/ role rolename=manager/ user username=tomcat password=tomcat roles=tomcat/ user username=manager password=manager roles=manager/ /tomcat-users You need the manager-script role in order to use the /manager/text/... API Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: basic tutorial failure on ant install
Aside from simply stating that, can you provide a location of the script, some instructions etc? On Thu, Jan 23, 2014 at 2:38 PM, David Williams da...@tongal.com wrote: That would be a nice add to the intro guide. Its nowhere to be found in the first three stages up to the install stage. On Thu, Jan 23, 2014 at 2:23 PM, Mark Thomas ma...@apache.org wrote: On 23/01/2014 22:09, David Williams wrote: I have followed every instruction to a T, but on ant install I get this I think not... $ cat ~/Tomcat/tomcat/conf/tomcat-users.xml ?xml version='1.0' encoding='utf-8'? role rolename=tomcat/ role rolename=role1/ role rolename=manager/ user username=tomcat password=tomcat roles=tomcat/ user username=manager password=manager roles=manager/ /tomcat-users You need the manager-script role in order to use the /manager/text/... API Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: basic tutorial failure on ant install
On 23/01/2014 22:39, David Williams wrote: Aside from simply stating that, can you provide a location of the script, some instructions etc? On Thu, Jan 23, 2014 at 2:38 PM, David Williams da...@tongal.com wrote: That would be a nice add to the intro guide. Its nowhere to be found in the first three stages up to the install stage. Yes it is. Go and search this page: http://tomcat.apache.org/tomcat-7.0-doc/appdev/processes.html#Test_Your_Web_Application for this text: manager-script Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: basic tutorial failure on ant install
2014/1/24 Mark Thomas ma...@apache.org: On 23/01/2014 22:39, David Williams wrote: Aside from simply stating that, can you provide a location of the script, some instructions etc? On Thu, Jan 23, 2014 at 2:38 PM, David Williams da...@tongal.com wrote: That would be a nice add to the intro guide. Its nowhere to be found in the first three stages up to the install stage. Yes it is. Go and search this page: http://tomcat.apache.org/tomcat-7.0-doc/appdev/processes.html#Test_Your_Web_Application for this text: manager-script Note: choose some random password. There exist worms that target the manager app and manager is one of well-known passwords. The manager application can be further secured by restricting IP addresses that have access to it with a RemoteAddrValve. http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Configuring_Manager_Application_Access http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: basic tutorial failure on ant install
Ok, great but where is that? See what Im saying? [david@david tomcat-tutorial]$ sudo updatedb [david@david tomcat-tutorial]$ locate manager-script On Thu, Jan 23, 2014 at 2:41 PM, Mark Thomas ma...@apache.org wrote: On 23/01/2014 22:39, David Williams wrote: Aside from simply stating that, can you provide a location of the script, some instructions etc? On Thu, Jan 23, 2014 at 2:38 PM, David Williams da...@tongal.com wrote: That would be a nice add to the intro guide. Its nowhere to be found in the first three stages up to the install stage. Yes it is. Go and search this page: http://tomcat.apache.org/tomcat-7.0-doc/appdev/processes.html#Test_Your_Web_Application for this text: manager-script Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: basic tutorial failure on ant install
On 23/01/2014 22:53, David Williams wrote: Ok, great but where is that? See what Im saying? [david@david tomcat-tutorial]$ sudo updatedb [david@david tomcat-tutorial]$ locate manager-script You appear to be looking for a file called manager-script. There is no such file. Please go and read the page I suggested you read and look on that page for the text manager-script without the quotes. And please stop top-posting. Mark On Thu, Jan 23, 2014 at 2:41 PM, Mark Thomas ma...@apache.org wrote: On 23/01/2014 22:39, David Williams wrote: Aside from simply stating that, can you provide a location of the script, some instructions etc? On Thu, Jan 23, 2014 at 2:38 PM, David Williams da...@tongal.com wrote: That would be a nice add to the intro guide. Its nowhere to be found in the first three stages up to the install stage. Yes it is. Go and search this page: http://tomcat.apache.org/tomcat-7.0-doc/appdev/processes.html#Test_Your_Web_Application for this text: manager-script Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: basic tutorial failure on ant install
Ok, this needs to be spelled out in the tutorial, it's unclear. The word manager-script makes it sounds like it is a script Thanks for the information. Added to tomcat-users.xml: user username=manager password=manager roles=manager-script/ $ ant install Buildfile: build.xml Trying to override old definition of datatype resources prepare: compile: install: [deploy] OK - Deployed application at context path /tomcat-tutorial BUILD SUCCESSFUL Total time: 0 seconds [david@david tomcat-tutorial]$ On Thu, Jan 23, 2014 at 2:53 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2014/1/24 Mark Thomas ma...@apache.org: On 23/01/2014 22:39, David Williams wrote: Aside from simply stating that, can you provide a location of the script, some instructions etc? On Thu, Jan 23, 2014 at 2:38 PM, David Williams da...@tongal.com wrote: That would be a nice add to the intro guide. Its nowhere to be found in the first three stages up to the install stage. Yes it is. Go and search this page: http://tomcat.apache.org/tomcat-7.0-doc/appdev/processes.html#Test_Your_Web_Application for this text: manager-script Note: choose some random password. There exist worms that target the manager app and manager is one of well-known passwords. The manager application can be further secured by restricting IP addresses that have access to it with a RemoteAddrValve. http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html#Configuring_Manager_Application_Access http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
Christopher, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 1/23/14, 2:08 PM, André Warnier wrote: Ray Holme wrote: Doing anything as root conceals the errors. Tomcat is no exception and changing it to a real user makes your testing complete. Guys, I think that the rule (or should I say suggestion ?) on this list to *not* top-post is not working. Either people don't read the rules, or they do not understand the rule, or they just ignore it. Anyway, it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? - -1 to all three. Tomcat (and the ASF as a whole) is a community, and our job as ... vocal? members of the community is to help meet the needs of that community. If top-posting irritates us, we just have to ask that people help us help themselves. But simply summarily ignoring top-posted replies is childish. If the top-posting becomes intolerable (it happens sometimes, especially when there is a complex thread going on and someone - usually the OP - continues to top-post), then feel free to stop replying. But don't crucify people for top-posting alone. Some people can't figure out how to reply properly. Just gently remind posters of the rules and get back to business. There is no need to reply to a post by simply saying Don't top-post and leaving it at that. Save your own time and the time of everyone else on the list (and the archives, where useless messages can't be removed) and just skip that step. If you want to reply meaningfully, feel free to add the don't top-post somewhere in your reply. In a general sense, I do agree with all of that. Be tolerant of what you receive, and strict in what you produce and that kind of thing. It's just that top-posting /is/ really annoying on this kind of list. And also that it takes quite a lot of energy to politely ask someone to not top-post, and give them the reason why, and point them to the list rules. Might there be some kind of macro in the Tomcat list server, which would allow us to paste such a statement into a response, with just a couple of keystrokes ? As a matter of fact, a few such macros would come in handy. On a historical and statistical base : [TOP] Please don't top-post, because.. [VER] Please provide Tomcat version, Java version, platform OS version [OLD] That version of Tomcat is %d years old. You should upgrade to the latest version, which has many more features and fixes for the latest security issues. [CONF] Can you post the relevant bits of your configuration here (server.xml) ? Please paste it in-line, don't send it as attachment, the list strips them. And remove comments and any sensitive information (passwords etc.) [RTFM] Please check the on-line documentation at http://tomcat.apache.org [SMART] http://www.catb.org/~esr/faqs/smart-questions.html [PAW] Patches are always welcome [HTTPD] This is the Apache Tomcat list, your question relates to Apache httpd, see http://httpd.apache.org [SPEC] Please check the Java Servlet Specification at .. [LAZY] http://lmgtfy.com/ [COMP101] Is this a school exercise ? [BUG] It's not a bug, it's a feature [FEAT] Could you create a Bugzilla entry ? [ASAP] Tomcat is open source and free. This list is manned by volunteers. If you would prefer instant gratification, please consult the list of commercial Tomcat consultants at.. [CAPS] (alias of [ASAP]) [$] (alias of [ASAP]) [CON] It's Context, with a capital C [CON2] Don't do that (put your Context in server.xml). [2C] Just my 2 cent - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Out of memory exception - top posting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 1/23/14, 6:09 PM, André Warnier wrote: Christopher, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 1/23/14, 2:08 PM, André Warnier wrote: Ray Holme wrote: Doing anything as root conceals the errors. Tomcat is no exception and changing it to a real user makes your testing complete. Guys, I think that the rule (or should I say suggestion ?) on this list to *not* top-post is not working. Either people don't read the rules, or they do not understand the rule, or they just ignore it. Anyway, it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? - -1 to all three. Tomcat (and the ASF as a whole) is a community, and our job as ... vocal? members of the community is to help meet the needs of that community. If top-posting irritates us, we just have to ask that people help us help themselves. But simply summarily ignoring top-posted replies is childish. If the top-posting becomes intolerable (it happens sometimes, especially when there is a complex thread going on and someone - usually the OP - continues to top-post), then feel free to stop replying. But don't crucify people for top-posting alone. Some people can't figure out how to reply properly. Just gently remind posters of the rules and get back to business. There is no need to reply to a post by simply saying Don't top-post and leaving it at that. Save your own time and the time of everyone else on the list (and the archives, where useless messages can't be removed) and just skip that step. If you want to reply meaningfully, feel free to add the don't top-post somewhere in your reply. In a general sense, I do agree with all of that. Be tolerant of what you receive, and strict in what you produce and that kind of thing. It's just that top-posting /is/ really annoying on this kind of list. And also that it takes quite a lot of energy to politely ask someone to not top-post, and give them the reason why, and point them to the list rules. Might there be some kind of macro in the Tomcat list server, which would allow us to paste such a statement into a response, with just a couple of keystrokes ? As a matter of fact, a few such macros would come in handy. On a historical and statistical base : [TOP] Please don't top-post, because.. [VER] Please provide Tomcat version, Java version, platform OS version [OLD] That version of Tomcat is %d years old. You should upgrade to the latest version, which has many more features and fixes for the latest security issues. [CONF] Can you post the relevant bits of your configuration here (server.xml) ? Please paste it in-line, don't send it as attachment, the list strips them. And remove comments and any sensitive information (passwords etc.) [RTFM] Please check the on-line documentation at http://tomcat.apache.org [SMART] http://www.catb.org/~esr/faqs/smart-questions.html [PAW] Patches are always welcome [HTTPD] This is the Apache Tomcat list, your question relates to Apache httpd, see http://httpd.apache.org [SPEC] Please check the Java Servlet Specification at .. [LAZY] http://lmgtfy.com/ [COMP101] Is this a school exercise ? [BUG] It's not a bug, it's a feature [FEAT] Could you create a Bugzilla entry ? [ASAP] Tomcat is open source and free. This list is manned by volunteers. If you would prefer instant gratification, please consult the list of commercial Tomcat consultants at.. [CAPS] (alias of [ASAP]) [$] (alias of [ASAP]) [CON] It's Context, with a capital C [CON2] Don't do that (put your Context in server.xml). [2C] Just my 2 cent [ROOT] It's ROOT.war -- capitalization matters, even when using a case-insensitive filesystem. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4aryAAoJEBzwKT+lPKRYtLcP/1JHJO1omNO7zgXyl6CN3Kqu D6W3wh8nyABycCDnUxQLDdkVOUe+cUJ/p9eW4U2TVMIp3Iqf9R6umvROSi0PJAu6 4rdGriR5TJbUigNiEy/pTiW06tZgsYH+3LGMetCvfG2tvz1Chd53CxDXAOwHiuFB EGY6YHmJRPDc/6xQadCqRpyKSyfwHfmdCmxg22n+nMWW7cs+wMHdgHInMEj7tv1i BwltfEK7mX27eJ7EsM54bo+96eVRexbjgL7qZ84SagXTk66JxPMXqxaoJyYqPXG8 KI04+Qf37UmrPJXLkJKXmjSzqSAFUV4RZa7D/VlPkBdBKPzqHwUKk3LMT5O27Xez ZioFZrsbxrz+SEEjfRzh3HT67QcQ4L6imiUbuJ/zWfI9bBG9mgwaFyVQvD2kj9d7 8+Gic3xEa/AHM0BTwaQo7GLIihlH1EiTSoX03BRmp4Ch+FPlSBhaUCP1ZanMv7kb YIdvxCcSOCDMulc5/Z0sVESH5Q5D4UNKlRqZZsbH2VjIi4HFoL/b60m7sDsXMjRQ g9GgFeiNVhUHOYwmQhZXN7V9tEgWpk0wzt6q2Roz8IzG4UhMRx9X7xwCU1a3uG0/ wstnsKUrtxI4DGuf/nlHqmNnSQ65hCgzRb0F+/uh+Xx0DdX9oKtWU2fZNnvlc2SO 5Clo6OgXQYmkZZT39Poq =HLmd
Re: [OT] Out of memory exception - top posting
On 1/23/2014 3:51 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 1/23/14, 6:09 PM, André Warnier wrote: Christopher, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 1/23/14, 2:08 PM, André Warnier wrote: Ray Holme wrote: Doing anything as root conceals the errors. Tomcat is no exception and changing it to a real user makes your testing complete. Guys, I think that the rule (or should I say suggestion ?) on this list to *not* top-post is not working. Either people don't read the rules, or they do not understand the rule, or they just ignore it. Anyway, it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. So I have a few suggestions of my own : - have the list software add a message in *bold* to all messages, indicating that top posts will be *ignored* ? - just ignore top-posts ? - drop the rule ? - -1 to all three. Tomcat (and the ASF as a whole) is a community, and our job as ... vocal? members of the community is to help meet the needs of that community. If top-posting irritates us, we just have to ask that people help us help themselves. But simply summarily ignoring top-posted replies is childish. If the top-posting becomes intolerable (it happens sometimes, especially when there is a complex thread going on and someone - usually the OP - continues to top-post), then feel free to stop replying. But don't crucify people for top-posting alone. Some people can't figure out how to reply properly. Just gently remind posters of the rules and get back to business. There is no need to reply to a post by simply saying Don't top-post and leaving it at that. Save your own time and the time of everyone else on the list (and the archives, where useless messages can't be removed) and just skip that step. If you want to reply meaningfully, feel free to add the don't top-post somewhere in your reply. In a general sense, I do agree with all of that. Be tolerant of what you receive, and strict in what you produce and that kind of thing. It's just that top-posting /is/ really annoying on this kind of list. And also that it takes quite a lot of energy to politely ask someone to not top-post, and give them the reason why, and point them to the list rules. Might there be some kind of macro in the Tomcat list server, which would allow us to paste such a statement into a response, with just a couple of keystrokes ? As a matter of fact, a few such macros would come in handy. On a historical and statistical base : [TOP] Please don't top-post, because.. [VER] Please provide Tomcat version, Java version, platform OS version [OLD] That version of Tomcat is %d years old. You should upgrade to the latest version, which has many more features and fixes for the latest security issues. [CONF] Can you post the relevant bits of your configuration here (server.xml) ? Please paste it in-line, don't send it as attachment, the list strips them. And remove comments and any sensitive information (passwords etc.) [RTFM] Please check the on-line documentation at http://tomcat.apache.org [SMART] http://www.catb.org/~esr/faqs/smart-questions.html [PAW] Patches are always welcome [HTTPD] This is the Apache Tomcat list, your question relates to Apache httpd, see http://httpd.apache.org [SPEC] Please check the Java Servlet Specification at .. [LAZY] http://lmgtfy.com/ [COMP101] Is this a school exercise ? [BUG] It's not a bug, it's a feature [FEAT] Could you create a Bugzilla entry ? [ASAP] Tomcat is open source and free. This list is manned by volunteers. If you would prefer instant gratification, please consult the list of commercial Tomcat consultants at.. [CAPS] (alias of [ASAP]) [$] (alias of [ASAP]) [CON] It's Context, with a capital C [CON2] Don't do that (put your Context in server.xml). [2C] Just my 2 cent [ROOT] It's ROOT.war -- capitalization matters, even when using a case-insensitive filesystem. - -chris Looks like the Quicktext addon for Thunderbird is perfect for this. I'll play around with adding keyboard shortcuts later. - and now we're out in a swamp, in the middle of the forest, beyond the hills off-topic. /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Notification strategy for OutOfMemoryError
On 12/11/2013 11:42 PM, André Warnier wrote: The original issue of the OP was to be notified ASAP when an OOM occurs. And he indicated that an OOM resulted in a message in the logs. So, something is already catching the OOM exception, to write this line in the logs. On the other hand, there is ample literature available that seems to indicate that any method for trying to recover from (or even do something worthwhile after) an OOM is ultimately flawed and unreliable. We have a lot of servlets and JSP's. Most of them do not use huge amounts of memory but a few do (like reports). When there is a memory leak, the first thing to get an OOME will be something that uses a large amount of memory. That request will die, but the rest of the requests that don't use a lot of memory will have plenty of space for a while. I implemented the filter, and it works in my testing. I also implemented the command line jvm option which works but only gives me the first OOME. The command line option works no matter what and the filter works as long as it doesn't run out of memory generating the email message. We'll see how it all works after it gets deployed to our production systems in a few weeks. Our product is mature enough that we've fixed memory leaks to the point that we normally go many months without any OOME's so it could be a while before this actually kicks in for a real operating situation. Thanks to Christopher for the ideas. They were very helpful. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Notification strategy for OutOfMemoryError
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill, On 1/23/14, 8:08 PM, Bill Davidson wrote: On 12/11/2013 11:42 PM, André Warnier wrote: The original issue of the OP was to be notified ASAP when an OOM occurs. And he indicated that an OOM resulted in a message in the logs. So, something is already catching the OOM exception, to write this line in the logs. On the other hand, there is ample literature available that seems to indicate that any method for trying to recover from (or even do something worthwhile after) an OOM is ultimately flawed and unreliable. We have a lot of servlets and JSP's. Most of them do not use huge amounts of memory but a few do (like reports). When there is a memory leak, the first thing to get an OOME will be something that uses a large amount of memory. That request will die, but the rest of the requests that don't use a lot of memory will have plenty of space for a while. I implemented the filter, and it works in my testing. I also implemented the command line jvm option which works but only gives me the first OOME. The command line option works no matter what and the filter works as long as it doesn't run out of memory generating the email message. We'll see how it all works after it gets deployed to our production systems in a few weeks. Our product is mature enough that we've fixed memory leaks to the point that we normally go many months without any OOME's so it could be a while before this actually kicks in for a real operating situation. Thanks to Christopher for the ideas. They were very helpful. Glad to see my thoughts were useful. If you'd care to post your code to either the list or onto the wiki, I'm sure it would be useful to someone. Feel free to trim-out huge sections of the code and say make this fit your environment, etc. if you don't want to show everyone how bad your email-assembling code looks ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4cAdAAoJEBzwKT+lPKRYsv4QALn+ShovWg71Ucxi/43gaGfE u8yTIH9XGwjOb1XBe/Jp6AS63GBFf/QJrkYeiR9UejcOKxBoXjxDg5sDApVfljk0 +/oxolY8ehhe8LRxR3YOuV1k+yNbzrErIKdJUZ281Hk7NDkuhNePPYp6B9/AJAto 5mFh+Y/1ZADNwqA1i1T22GfM4IbCnh/mKbYQdNoEVGQ3b3ISw1Ct/hMkV0lX+DPY JWCA2XADEtQkOK/3UPfhvtdzhYibbtYQm4MwIgtiFEyuV0LC1po1Pk09IT8f0agr eMW5zgNT4KuQ/Qv1zX6oLXVNsLKbLQ+Jd/s4H2GP8IOdc+ASSR6SV6UvjojbU+W4 QvScs1iCYul3Gx70E0JZDOh25+aIMIcLWKz6P0u6Yuo5J3ExiGVZuHcHYSQxtom9 f+uwdweY19Qp9YN+7wLHhrGDwsIBvxKlFgINBSz5fbkblA66K05V/mKSPrjngg2Y 8zn0UJpUCIYdPkKzsg1JwZQvd/8kEV3Qrz2PekF/k6JF/S3LN+nBpLSc+5shtxXv od2cfnpssnSHpKTwTB85ZdrgA/mwkiRuqNdDWQMFt+CIx4+u5Lk6ZrZ2YCLEEpWz fSZK0/QOW3TDa9WgpguQ5wwfRPqLV7Q30/6bNyBMer35+2E8A0Fee7kUgLkEpxzl lBumesN28J4jpIKGTAfo =IEBs -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Notification strategy for OutOfMemoryError
On Thu, Jan 23, 2014 at 8:21 PM, Christopher Schultz ch...@christopherschultz.net wrote: Glad to see my thoughts were useful. If you'd care to post your code to either the list or onto the wiki, I'm sure it would be useful to someone. +1 I love it when others share code, and thanks for suggesting that Chris.
Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 1/22/14, 9:03 AM, Konstantin Preißer wrote: Hi Jeffrey, -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21, 2014 10:19 PM Eureka, I finally figured it out! It was a real eureka moment, some remembrance burned its way up from my subconscious and I had the answer. Ready guys? Really surprised no one mentioned it. It was Windows F-ing Firewall! Good to hear that you could find and solve the problem. (Off topic:) I HATE WINDOWS!! What I can't quite understand is, how one can hate Windows or its F-ing firewall, if they just do what they were configured to do... ;-) When setting up the Windows Firewall, I normally only create rules for specific (TCP) ports, not for specific executables, so that the firewall allows connections to a TCP port regardless of what the name or path of the executable is. Actually, as surprising as it can sometimes be, I find that the Windows firewall is better than iptables *because* it /can/ do things like this. You can make your system a bit safer. For instance, if your server is compromised (yes, I know, once you're owned, you're owned) and the attacker installs some malware of some kind, that malware will not be able to bind to a port or even make outgoing connections, even on standard outgoing ports -- for instance HTTP. Lots of malware connects to external CC servers to give instructions, and the Windows wirewall makes it easy to prevent that from happening even when ports like 80 are used -- and typically left wide-open on servers. - -chris +1 chris, and for these reasons/features (and more), I LOVE WINDOWS (SERVER 2008)!!! :)
Re: [OT] Out of memory exception - top posting
On Thu, Jan 23, 2014 at 2:08 PM, André Warnier a...@ice-sa.com wrote: Either people don't read the rules, or they do not understand the rule, or they just ignore it. I agree. As a tomcat/tomee user, I joined the list, primarily, to listen in on topics (that interest me), so I learned, very quickly, that top-posting is not preferred, here. Anyway, it seems that we're spending more time lately asking people to not top-post, than actually providing answers to their questions. Actually, it seems as though (tomcat lead) Mark Thomas (and others) have been quite tolerable of recent top-posting, and still offer advice and responses (sometimes) without the inevitable, 'don't top post' phrase/response. +1 for those always and/or unconditionally providing support to tomcat users. Also, gmail makes it easy for me to honor the rule against top-posting.
Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 1/23/14, 9:05 PM, Howard W. Smith, Jr. wrote: On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 1/22/14, 9:03 AM, Konstantin Preißer wrote: Hi Jeffrey, -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21, 2014 10:19 PM Eureka, I finally figured it out! It was a real eureka moment, some remembrance burned its way up from my subconscious and I had the answer. Ready guys? Really surprised no one mentioned it. It was Windows F-ing Firewall! Good to hear that you could find and solve the problem. (Off topic:) I HATE WINDOWS!! What I can't quite understand is, how one can hate Windows or its F-ing firewall, if they just do what they were configured to do... ;-) When setting up the Windows Firewall, I normally only create rules for specific (TCP) ports, not for specific executables, so that the firewall allows connections to a TCP port regardless of what the name or path of the executable is. Actually, as surprising as it can sometimes be, I find that the Windows firewall is better than iptables *because* it /can/ do things like this. You can make your system a bit safer. For instance, if your server is compromised (yes, I know, once you're owned, you're owned) and the attacker installs some malware of some kind, that malware will not be able to bind to a port or even make outgoing connections, even on standard outgoing ports -- for instance HTTP. Lots of malware connects to external CC servers to give instructions, and the Windows wirewall makes it easy to prevent that from happening even when ports like 80 are used -- and typically left wide-open on servers. - -chris +1 chris, and for these reasons/features (and more), I LOVE WINDOWS (SERVER 2008)!!! :) It's firewall notwithstanding, Microsoft Windows is a really terrible server OS. At least Powershell gave admins the capability to do things without having to use a GUI for every damn thing, but there is just too much BS in a Windows box for me to ever consider it for a server. Add to that the fact that you have to pay insane license fees, though you would also have to do that I suppose if you used SCO, AIX, etc. Solaris, BSD, and Linux are all free and have entire ecosystems that aren't dominated by the closed-source paradigm. I hope things have changed, but everyone I ever knew that ran Windows Server OSs in production had scheduled rolling-reboots of their servers because things just tended to work when they did that. Otherwise, stuff would fail with some regularity (like every 3 days). It's not clear to be whether restarting the OS or restarting the application did the trick -- as we all know, most Tomcat problems are actually webapp problems. In all my time working with Linux servers, I've never had to resort to such foolishness, nor has anyone else I have known. I've had servers running for over a year without a reboot. (They usually get a reboot for certain software upgrades, so years-running servers don't really exist... or shouldn't). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJS4dj8AAoJEBzwKT+lPKRYs5cP/0uXPMnj9IKZB0vZRYl0+sMc /JL/SywwibmwMD4uenWg1vPDw+KTPfLCPlww74ctc0f/+OfWKOgIPuhxwg24Hcv5 K1Yk0437kBSvzQ3+Kitb8GXK0tVsmfyMYQfoJ4Hgc4ASBXb3PGzg4mR77/8RXQUp P49oTk8LmAtklUo9J8wa0SL3WyLuC2tvAFonbAJgaMuJ3sRO+7WiBdKxyA+nF+T7 Mv5shFWjT6q7lv1XGlHWDbQ1A0KZa9hYwlMdyP4zdsw1VW7Sr/q+bvBVHnepiUbA tw88IwlzwRRdMytCxeZiWggEESIbIw5lqiZ6jtaX7+1PxG0OkPAeP2FXjw+b1SmQ pe5nfsmKIx+6d0SwDl/xzoWa84G4JysbkB4ERRpXYCqwfUKY2/RM3E0h41x2sD/s /appqce7cXN3tRQNVg0tGCrXDKE5Fo/94uP1m4ZXHPm9h2Y8MgTKjoa8526UEvkQ x7ZY0U/TG4wZb0qmOqyJLXwIRrWGLkH0bIv4vdT6/nDHrkw1HFnWVeBJa0JQxcd3 /fQuNIcgsqPiVK1Nethm5wDrprbU+oCHrCCIzu/X3mmRhPD/ttgDFZAf1GuBPss8 5qN5keX2Gdxvkhr3q6zBQqgd/HXNHIk7KXGPbEIeDgaXzWP2IiNiRwRfzQooyC8b 1vf12NVQjVnFI73VONOg =9lOm -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
On Thu, Jan 23, 2014 at 10:07 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Howard, On 1/23/14, 9:05 PM, Howard W. Smith, Jr. wrote: On Wed, Jan 22, 2014 at 10:14 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Konstantin, On 1/22/14, 9:03 AM, Konstantin Preißer wrote: Hi Jeffrey, -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, January 21, 2014 10:19 PM Eureka, I finally figured it out! It was a real eureka moment, some remembrance burned its way up from my subconscious and I had the answer. Ready guys? Really surprised no one mentioned it. It was Windows F-ing Firewall! Good to hear that you could find and solve the problem. (Off topic:) I HATE WINDOWS!! What I can't quite understand is, how one can hate Windows or its F-ing firewall, if they just do what they were configured to do... ;-) When setting up the Windows Firewall, I normally only create rules for specific (TCP) ports, not for specific executables, so that the firewall allows connections to a TCP port regardless of what the name or path of the executable is. Actually, as surprising as it can sometimes be, I find that the Windows firewall is better than iptables *because* it /can/ do things like this. You can make your system a bit safer. For instance, if your server is compromised (yes, I know, once you're owned, you're owned) and the attacker installs some malware of some kind, that malware will not be able to bind to a port or even make outgoing connections, even on standard outgoing ports -- for instance HTTP. Lots of malware connects to external CC servers to give instructions, and the Windows wirewall makes it easy to prevent that from happening even when ports like 80 are used -- and typically left wide-open on servers. - -chris +1 chris, and for these reasons/features (and more), I LOVE WINDOWS (SERVER 2008)!!! :) It's firewall notwithstanding, Microsoft Windows is a really terrible server OS. At least Powershell gave admins the capability to do things without having to use a GUI for every damn thing, but there is just too much BS in a Windows box for me to ever consider it for a server. You are definitely entitled to your opinion and OS preference. Since majority of my experience has been Windows (and even though I love being a keyboard user and hate to operate a mouse), the GUI does not bother me, since I have learned to use keyboard shortcuts to help me operate Windows apps (or GUI, as you call it), been doing those keyboard shortcuts for almost 20 years now. :) Add to that the fact that you have to pay insane license fees, though you would also have to do that I suppose if you used SCO, AIX, etc. Solaris, BSD, and Linux are all free and have entire ecosystems that aren't dominated by the closed-source paradigm. Actually, I have found Linux to be 'attractive', since it is 'free' and since there is less GUI and more command-line there. I had some exposure to Linux and Unix in the past, and I fell in love with UNIX just before I graduated from college, and it was at that point that I made that statement, I can see myself doing this (SPARC machine, Unix OS, and keyboard, programming etc...) for the next 5 to 10 years (as a career)...I was really in love with the keyboard (most of all, in the computer lab). :) Instead of downloading Linux and trying it out, on my own, I just decided to stay with Windows. it just works (for me). And I usually only need 1 or 2 client access licenses (CALs) per server, since I am the primary person that remotely access the server. The servers are primarily used as file servers, until recently, when I developed my first Java EE web application within the last 2 years, so now 1 of the 2 Windows servers are used only as a web (app) server. I hope things have changed, but everyone I ever knew that ran Windows Server OSs in production had scheduled rolling-reboots of their servers because things just tended to work when they did that. Otherwise, stuff would fail with some regularity (like every 3 days). It's not clear to be whether restarting the OS or restarting the application did the trick -- as we all know, most Tomcat problems are actually webapp problems. In all my time working with Linux servers, I've never had to resort to such foolishness, nor has anyone else I have known. I've had servers running for over a year without a reboot. (They usually get a reboot for certain software upgrades, so years-running servers don't really exist... or shouldn't). I have seen posts on this list about people experiencing issues with Windows updates and their tomcat/database not starting or shutting down successfully (or as expected)... i do not experience these things...at all. Yes, I did
Re: Apache Tomcat Summit at ApacheCon NA 2014
On Thu, Jan 23, 2014 at 3:29 PM, Mark Thomas ma...@apache.org wrote: ApacheCon NA will be in Denver 7th to 11th April. The schedule for ApacheCon NA 2014 has been firmed up. There is an opportunity for a project summit on either the Thursday or the Friday. Since the BarCamp has been scheduled for the Thursday the Friday seems like the better option. We have complete flexibility as to the organisation of the Summit. One possible topic is with the Java EE 7 work pretty much complete, what new features is the community interested in between now and when the Java EE 8 work starts? Other suggestions for topics welcome. May I ask to share a summary for those who can't attend? The topic is interesting. By the way are there any plans to have ApacheCon in Europe? To get this up and running we need an idea of how many folks might want to attend so please reply to this thread on the users list if: - you are interested in attending - you have a topic / some topics to suggest Thanks, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat Summit at ApacheCon NA 2014
On 24/01/2014 06:06, Niki Dokovski wrote: On Thu, Jan 23, 2014 at 3:29 PM, Mark Thomas ma...@apache.org wrote: ApacheCon NA will be in Denver 7th to 11th April. The schedule for ApacheCon NA 2014 has been firmed up. There is an opportunity for a project summit on either the Thursday or the Friday. Since the BarCamp has been scheduled for the Thursday the Friday seems like the better option. We have complete flexibility as to the organisation of the Summit. One possible topic is with the Java EE 7 work pretty much complete, what new features is the community interested in between now and when the Java EE 8 work starts? Other suggestions for topics welcome. May I ask to share a summary for those who can't attend? The topic is interesting. Of course. To quote one of the rules of the Apache Way, If it didn't happen on the mailing list, it didn't happen. By the way are there any plans to have ApacheCon in Europe? No definite plans I am aware of but I believe there is a desire to do so. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org