Re: AT WITS END regarding JVM arguments

[James H. H. Lampert]

On 9/8/16, 12:23 PM, Christopher Schultz wrote:


Would you care to create an account on the Tomcat Wiki[1] and post
your CL program? It may help someone else running in similar
environments. In fact, if you want to write-up a whole page about
"Running Tomcat on IBM Midrange", you could include that as well as
any other nuggets you've collected throughout the years.


Hmm. Looks like there are scant resources there for Tomcat on Midrange. 
(I bookmarked a page at mysamplecode.com that was very helpful with my 
first few installations.)


I now have a Tomcat Wiki account, but it appears I need to request 
posting privileges (apparently via this very list?) in order to receive 
them.


I'm enrolled as "JamesLampert"; I'll see what I can put together offline 
until I'm informed that I have posting privileges on the Wiki.


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [TOMCAT-JDBC] rs.absolute() throws "Invalid operation for forward only resultset: absolute"

[Mohamad Abbas]

I've created Bug 60099


2016-09-08 17:20 GMT+02:00 Christopher Schultz :

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Mohamad,
>
> On 9/8/16 4:20 AM, Mohamad Abbas wrote:
> > Hello,
> >
> > I am working on a legacy web application running on a tomcat
> > 8.0.37, and i am getting an error "Invalid operation for forward
> > only resultset: absolute" when trying to use an
> > InsensitiveScrollableResultSet (to paginate results).
> >
> > To make it simple and reproduce the problem i've created a test
> > project who contains the "Main" class below. The test project is
> > executed on on a windows 7, using jdk1.8.0_92. The only jars are
> > present in the classpath of the project are: tomcat-jdbc(8.0.37),
> > tomcat-juli(8.8.37), and ojdbc7-12.1.0.2.0.
> >
> > Those are the steps to reproduce the problem:
> >
> > - Create a Statement using the method .prepareStatement(String)=>
> > OK - Execute the query => OK (simple query: SELECT 1 FROM dual) -
> > Create a new Statement (with a SCROLL_INSENSITIVE type) for the
> > same query (SELECT 1 FROM dual) => KO (or OK?), tomcat-jdbc is
> > returning the cached Statement created in Step 1 (a FORWARD_ONLY
> > Statement). - Execute the query => OK - Call absolute method =>
> > Exception: Invalid operation for forward only resultset: absolute
> >
> > I don't know if it is really a bug in tomcat-jdbc or if my problem
> > is due to a misconfiguration.
>
> This looks like a bug to me. Please file a BZ issue for this, and
> include your test case. Also please include a full stack trace of the
> error. If this is possible to get working with an embedded database
> e.g. Derby (which ships with recent Java versions), please do that
> instead of complicating things with Oracle, etc.
>
> Thanks,
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJX0YGsAAoJEBzwKT+lPKRYJHMQAIkgWgJq+5WQj9uNEVYE55oY
> aw6rqc3HOA7V5YK83Q02uPW+XxklXXc74EsJV9nSHfuG6K+gU4zk10/+1YNDM4M4
> OljO9ACua+/lV21t1zqaBIr0+cJQ8dDphwMve9q1j5YNiqCB2UsxmT/fOLwUqPrx
> gItN5trShCDvIGlGNSx5BJS2mF5jm6yJUeFUccRUWKJWthi2jzjNjFSqBHh5+wZV
> aIDI8ljXpqCie5tflRM9wF+Bf/jufufssQMSY2+nmcTuu9NHyA5hshGNo3XNAIIA
> E3tJsi9BQ6wvR0eqV7VbgfANSGRRUpWqvaPmtiXSXvYszVjCkItPhp+drjbyFil5
> 6j7p/c0gWtHPhQJ9xWGnIrXvSt6otlAxNEHQedrz43wE5ekEmBTSmIFafaWYICpm
> vHpKoRvnEFKB2UdONRjEs7kX7arTqzpaxuqcN4/1178Cir16ab12NL5fab0cnzx8
> Lwqer8EGOndtc1a5nn3vtxwd2HQb8HN+mG98Czy5ChDeiGZv4MHByCeck8wJF+nQ
> TqvBuIRDyrVCG09bmBIRdVb65MmdQhlxoxB+k+uURGGGY5GgkC5O21mje9N8+vcn
> UmmfeyDrHs4HvecvSfz7/kmFAM+yj8AqsjeYNpWQU4wG/v/kz+Eof1zkLbZs4VyH
> Tu30JtRs0P0hzlTAq60N
> =htwU
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Header values when using HttpServletResponse.sendRedirect()

[Joe Tseng]

I inherited a clusterf*** of a mess disguised as a JSP/servlet-based
MVC-ish app without the benefit of using Spring or Struts or any sort of
framework. No web services, but lots of $.ajax() POST calls to servlet
methods. I need to get this stabilized before I can redo everything using
REST/Angular.

On Thu, Sep 8, 2016 at 3:27 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

>
> For MVC, you'd have to know how the requests are being sent and
> responses are being processed. You probably have to "listen" for the
> response and grab the response headers from there.
>
> I'm interested... what kind of work are you doing, here? Do you have a
> fat client with a web-services back end or something?
>
>

Re: Header values when using HttpServletResponse.sendRedirect()

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joe,

On 9/8/16 1:38 PM, Joe Tseng wrote:
> FYI I'm using Tomcat v7.x.
> 
> I guess I misunderstood what happens when I use sendRedirect() - it
> sends a new request, not a new response - but the effect is the
> same. That was what I came away with when I read this:
> 
> http://javarevisited.blogspot.com/2011/09/sendredirect-forward-jsp-ser
vlet.html

Oh,
> 
right: that's a misunderstanding about HTTP itself. The
sendRedirect method returns a response to the client and then hangs up
the phone. The client is expected to make a follow-up request in
whatever way it chooses. There are certain response codes that
indicate certain things should be done, but the client is free to do
whatever it wants.

> In any case, I gave up on using the header to pass additional items
> from the server to the browser and ended up just using cookies.

Technically, cookies are just headers :) But they are documented to be
sent BACK to the server once they've been set.

> Unless someone shows me otherwise, everything I saw online showed 
> how to use jQuery/xhr/your JS tool of the month to get header
> values from a GET/POST response; meanwhile I never figured out how
> to extract those values after a document was rendered in a
> traditional MVC app.

For MVC, you'd have to know how the requests are being sent and
responses are being processed. You probably have to "listen" for the
response and grab the response headers from there.

I'm interested... what kind of work are you doing, here? Do you have a
fat client with a web-services back end or something?

- -chris

> On Thu, Sep 8, 2016 at 11:22 AM Christopher Schultz < 
> ch...@christopherschultz.net> wrote:
> 
> Joe,
> 
> On 9/6/16 3:36 PM, Joe Tseng wrote:
 I inherited a codebase that calls 
 HttpServletResponse.sendRedirect() to another page after a
 user is successfully logged in. I want to be able to insert a
 header value before that redirection is executed. I tried to
 simply add a HttpServletResponse.addHeader()/.setHeader() to
 the response object before the redirect is called, but it
 seems a new response object is used and sent to the browser.
 Is that assessment correct? Is there any way for me to modify
 the redirect before it's sent or do I have to use
 .forward()?
> 
> Tomcat version?
> 
> This should work. Calling response.setHeader or response.addHeader
> and then response.sendRedirect() should include your custom
> headers. What makes you think that "a new response object is
> used"?
> 
> -chris
>> 
>> -
>>
>> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0bt8AAoJEBzwKT+lPKRYTMUQAI45TDfn358qRBl3zmLFEpkD
2WcGkqhDvtAAkOeXKqrOpbJW4D22uZEkQo1YdEhAMMosZOIltcp/gLR7e7hSXv9h
nxj+wQ93PzSVt/MOKTTfppGFy1r8dlRFzA/vWpSLy/k8Ab4b3ILyvrJlD+YSUpow
2e1Zsc2+naTmgrPpS3Js89HYWBq5nvcOKHLUMK8wD5F8YohkLWiymBQjwaHXYsEo
eC5WZPbV7bj8FDhKQXXe7HMvgXxN67sSZC/3YJ45EBVz5GprvChZeVOtmE5a5v7h
0L2w0hSzy/0JyQApjnLGxoss9soX2vBM8FnRoCglpYwQF0xTqJ/AYoRicvBwbqdx
jW/g7K/JZeftCNsKwqGhVCwjYZstAnMClP1lv259Tne2iSQizHdwQf/WkE4AaoAg
qF07nMdBulK9pn7KEC0G4ZD/D1PfFK0cUjA6SeG/+KgjfAB9HQfydpMjBASdTlKo
HA9KvebTq/BvFthjgXF4C2NIvKNJpGWzIEnnp2+kLWiEmxshCooZcGJVs0GRiS7c
M+AR1hVjx8Bpa907CgMrbUmjPgJkP9jqG7OJSIy6mJhYNraoGk8c4wp6h6M8Hw+y
7QBmECh4fMsXLUswpBjeKSsRndafTu8vcfBjt+6s3jcrOoVyKzHTXF+KrJuIKEk+
AmfCXWFBSB3GcuNbPpyy
=20YS
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AT WITS END regarding JVM arguments

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

James,

On 9/8/16 12:47 PM, James H. H. Lampert wrote:
> On 9/8/16, 8:34 AM, Christopher Schultz wrote:
> 
>> James, would you care to provide a (simple) patch? You'll get
>> your name in the changelog :)
> 
> Ok. In the initial comments for catalina.bat:
> 
>> . . . rem   Do not set the variables in this script. Instead put
>> them into a script rem   setenv.bat in CATALINA_BASE/bin to keep
>> your customizations separate. rem rem   CATALINA_HOME   May point
>> at your Catalina "build" directory. . . .
> 
> becomes something like (and note the capitalization on the first
> line, to make the warning stand out):
> 
> . . . rem   Do not set the variables in this script. Instead put
> them into a script rem   setenv.bat in CATALINA_BASE/bin to keep
> your customizations separate. rem rem   WHEN RUNNING TOMCAT AS A
> WINDOWS SERVICE: rem   Environment Variables for are NOT set in
> scripts, and any rem   attempt to set them in a setenv.bat script
> will be IGNORED. rem   Instead, they are set in the Registry, and
> are most conveniently rem   maintained with the "tomcat7w.exe"
> maintenance utility. rem rem   CATALINA_HOME   May point at your
> Catalina "build" directory. . . .
> 

Looks reasonable. I'll adjust it slightly and commit the change.

> And the corresponding addition should probably also be made to 
> catalina.sh, since *nix, Mac, and IBM Midrange users (all of whom
> would be more familiar with catalina.sh) are probably the people
> most likely to be unfamiliar with how things work on Windows, and
> to get caught by this "gotcha."

Possibly.

> FWIW, on an IBM Midrange box, I've found that the easiest way to
> launch Tomcat is via a CL program (a sort of COMPILED script for
> the native command language), that can look through the JVMs
> available, and select the most appropriate one, and can also set
> the environment variables (and even do it dynamically, from
> command-line parameters).

Would you care to create an account on the Tomcat Wiki[1] and post
your CL program? It may help someone else running in similar
environments. In fact, if you want to write-up a whole page about
"Running Tomcat on IBM Midrange", you could include that as well as
any other nuggets you've collected throughout the years.

Thanks,
- -chris

[1] http://wiki.apache.org/tomcat/ (click on "Login" at the top to
create an account -- super-intuitive, right?)
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0bqcAAoJEBzwKT+lPKRYVloP/2aGQQIgp02r78cKGp0jUiqt
7EdHtAHnwKn7HeFKMs5kNVAHlZU+tdbzMMEdpx/dTB+J5o7/lL8VteQc6sQBZ3ZH
QV9FjJC7KkEzhlA+KgeoJRtmUyo5/RCs6m9C/dZGHx4SGED4BY9SPC06BYpLL3G7
LuZNntOkbDTjL1EXR9um5xnkz++vd8Ka0hTpqQWoR8Mx23jHqlwAzLLVArNrBtuA
YD3ujhndEhZS4a4I0wx+VxMIq8DyKb1fm0z21HSLLaHYlODMjlH9MOFANvHXAhrj
y+ri2TWVzoMip93sZCfj7q7ZpC5I0ntdid1sYtAsm6E22u4k9FO3PoIs1j/0bnEM
pA6mmekqBBRL9vgMK733ZoRBuwAMq3jHg+A4mEH1cJZGzjkFcr64eVhqDH40yLpF
f+8fJSFKqpL5XpbbN/eyPWyuRKDpD2izPyzDEFrMvSODR+UEuwZ7rPiROtOSFoa8
ZnbDGD642lmShxDBM1XuM67Ol+WB5HAHbRAZ6WDrmH98Fp5HbpIwzbsvETdQ2nwu
zz8ajRYaeO1xcDRDNmhunvB6m3oK8xB9GX1LGmZ767qWlE9N8NK14Hb8XvhU663j
na2XeX2+vWPGzI8nb9po5AOEEfsQ0hvQlrTFek4qDuOJHR5W+gleUuF113ZxzYr9
VpfDn1ed7T4VyGpNUQeN
=Osba
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Header values when using HttpServletResponse.sendRedirect()

[Joe Tseng]

FYI I'm using Tomcat v7.x.

I guess I misunderstood what happens when I use sendRedirect() - it sends a
new request, not a new response - but the effect is the same. That was what
I came away with when I read this:

http://javarevisited.blogspot.com/2011/09/sendredirect-forward-jsp-servlet.html

In any case, I gave up on using the header to pass additional items from
the server to the browser and ended up just using cookies. Unless someone
shows me otherwise, everything I saw online showed how to use
jQuery/xhr/your JS tool of the month to get header values from a GET/POST
response; meanwhile I never figured out how to extract those values after a
document was rendered in a traditional MVC app.

On Thu, Sep 8, 2016 at 11:22 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Joe,
>
> On 9/6/16 3:36 PM, Joe Tseng wrote:
> > I inherited a codebase that calls
> > HttpServletResponse.sendRedirect() to another page after a user is
> > successfully logged in. I want to be able to insert a header value
> > before that redirection is executed. I tried to simply add a
> > HttpServletResponse.addHeader()/.setHeader() to the response object
> > before the redirect is called, but it seems a new response object
> > is used and sent to the browser. Is that assessment correct? Is
> > there any way for me to modify the redirect before it's sent or do
> > I have to use .forward()?
>
> Tomcat version?
>
> This should work. Calling response.setHeader or response.addHeader and
> then response.sendRedirect() should include your custom headers. What
> makes you think that "a new response object is used"?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJX0YIMAAoJEBzwKT+lPKRYq38QAKkGUiXnf0vDOvuedrjq8zry
> Nrc/mVhqezWJq0usCubNKeFPqMtHrGO8BJL4eUdVl/w6FVX0Srf/2C34APrgUJZC
> 9G0l4R8f8jatbnD2irqUo166Bq3TcjSjppdq3wYsGLb6vdRAkC9bMWqEr3piphBi
> yVdKTPflDXo5FEmHcxFgKctwCGzVaqXMJ4tyAEXHZ2jN6azK2mBwCtyZnakoo+Qy
> zFFbI6beczIAood49aohi6k0w/IGkH6KtbcYvWgbSuPoeRPrIUqZBb8VMZtrWF80
> oyyLa1+3gIGnxBv/4KCRUpLuz2iHdjJ/qwTBgiwNmpo68YZIoqN/ylm1VLR+A9Bx
> AV7+ifTZaBQ6oIRWFgziw6ZDtw5l3WCYX2LlyCrSGdbPA7IQ9fYSFNSX0iJUq668
> TUesB+5WapCmW73kZSB1OFYpxLTlJAMY3l8KvZbWfhQ3ozLLd8yKKVFBJ2HlM1i5
> GbquzKQ7qMWTVG89OUoK9b7Ipf1mApEg9CfvXnajcImM7QKASlUc0LEdtF5ujkEc
> mTSw4AYUs3M0jMOarMIE/sn1MMgsjJiDpQUWhxXcX0GjViI/AAyDGqMOuClGBOAw
> IaBhqC8fbgOV31BwA81C3bUcEKRFcYdMASViZO8G1B/bn+s70FFnf+JBqLI96XfI
> xhQuuThjTx2zCU7oLZb0
> =Izss
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: AT WITS END regarding JVM arguments

[James H. H. Lampert]

On 9/8/16, 8:34 AM, Christopher Schultz wrote:


James, would you care to provide a (simple) patch? You'll get your
name in the changelog :)


Ok. In the initial comments for catalina.bat:

> . . .

rem   Do not set the variables in this script. Instead put them into a script
rem   setenv.bat in CATALINA_BASE/bin to keep your customizations separate.
rem
rem   CATALINA_HOME   May point at your Catalina "build" directory.

> . . .

becomes something like (and note the capitalization on the first line, 
to make the warning stand out):


. . .
rem   Do not set the variables in this script. Instead put them into a 
script

rem   setenv.bat in CATALINA_BASE/bin to keep your customizations separate.
rem
rem   WHEN RUNNING TOMCAT AS A WINDOWS SERVICE:
rem   Environment Variables for are NOT set in scripts, and any
rem   attempt to set them in a setenv.bat script will be IGNORED.
rem   Instead, they are set in the Registry, and are most conveniently
rem   maintained with the "tomcat7w.exe" maintenance utility.
rem 

rem   CATALINA_HOME   May point at your Catalina "build" directory. 


. . .

And the corresponding addition should probably also be made to 
catalina.sh, since *nix, Mac, and IBM Midrange users (all of whom would 
be more familiar with catalina.sh) are probably the people most likely 
to be unfamiliar with how things work on Windows, and to get caught by 
this "gotcha."


FWIW, on an IBM Midrange box, I've found that the easiest way to launch 
Tomcat is via a CL program (a sort of COMPILED script for the native 
command language), that can look through the JVMs available, and select 
the most appropriate one, and can also set the environment variables 
(and even do it dynamically, from command-line parameters).


I welcome any rephrasing on my addition to the comment block.

--
James H. H. Lampert

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using server Web.xml Mime Types Data

[Mark Thomas]

On 8 September 2016 17:06:13 BST, George Sexton  wrote:
>
>
>On 9/7/2016 11:44 AM, Mark Thomas wrote:
>> On 07/09/2016 00:58, George Sexton wrote:
>>> Is there any easy way that I can use the mime types in the Tomcat
>server
>>> level web.xml file?
>>>
>>> I know I can parse the XML myself, I was just wondering if there's a
>way
>>> to get the data already defined.
>> ServletContext.getMimeType(String filename) ?
>
>Thanks for the tip. I honestly did search for some solutions before 
>posting. I feel like a fool now. :(

I wouldn't. Not asking the question would have been the foolish thing to do. If 
it makes you feel better, I had to look at how the Default servlet did it to be 
sure I had the right method.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Using server Web.xml Mime Types Data

[George Sexton]

On 9/7/2016 11:44 AM, Mark Thomas wrote:

On 07/09/2016 00:58, George Sexton wrote:

Is there any easy way that I can use the mime types in the Tomcat server
level web.xml file?

I know I can parse the XML myself, I was just wondering if there's a way
to get the data already defined.

ServletContext.getMimeType(String filename) ?


Thanks for the tip. I honestly did search for some solutions before 
posting. I feel like a fool now. :(


Some days are diamonds, and some days are just pieces of coal.



Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



--
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.connectdaily.com

Re: WAR isolation lifecycle

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Cristian,

On 9/6/16 4:15 AM, Cristian Lorenzetto wrote:
> It is a common problem to have a war can't unregister correctly in 
> undeploy phase. a lot of opensource libraries have this problem.
> So you have to restart tomcat every time. But if you have multiple
> war running and you cant stop other applications?

It's unclear what you are asking. Can you ask your question in a
different way?

Tomcat itself runs perfectly well with multiple WARs deployed at the
same time. There are some libraries that don't shut down well, or the
applications that use them don't properly shut them down. The solution
is to either fix the library (ask them!), or use Tomcat's "leak
prevention listener" to pre-load those classes that represent a problem.

http://tomcat.apache.org/tomcat-8.0-doc/config/listeners.html#JRE_Memory
_Leak_Prevention_Listener_-_org.apache.catalina.core.JreMemoryLeakPreven
tionListener

You want to read about the "classesToInitialize" attribute.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0YmEAAoJEBzwKT+lPKRYhuMQALkOnHO/ds5ZM9h/LEmhyjGc
RDRFvY3mRQAdMfv6CqH4RzLH55PqN3QvZDwrfyN1Gw5ZfYmmJLdnNlkBkijI/BE6
CKQ2psiC5mB9GxDC+ZcIM3f0aBkZQjH3xbAU9jmtrf8N7cMvFTFvpBpEouZoAKYb
cChMBKrBp/uO9AqlztFl7m8iiff8pC2zsI+u9pp0MmKGsm8i0TQcdapyb/ukWzO2
hlGVIGW957uo3AGc9It66R32Y7Qo28C2Tlxc78Cx2l8hR9BE+50zqDti/N5BhK7I
xYwGDV+sxqo7EhJKKdK+kbDWc0uBMx6rIL/Ja4mGl/evXh/Ke4D5qCI1fqvhtie/
3vPlUuXKyOpRdZyNdkAtCBXTq3vH0tKTh9D3SekjbNUcyPPLm89++mUcpUjpCiAG
qIxSyUQ/f3o2iHKtx5ghYOs6FYcA+2TOzNe7JlXlHaR9nLakA56SJ0OSs7HZy6YN
mQlN5DGrbynaZSU3eMyZ2LtWKmeSn3DHWaVyNvsxJuNq5W3KoXiu04UJnhcthdiQ
DoT8ZWQVepkQP4ZqtZAF3FlsCWoMZFfSf95nfU5Z02fOPbixRW6UaGfdFa7CdqwE
4Q111nIVri7UmuEkyhCUE1nieqM+yX8pBwtIu7b7RWPEq3N9KFLxtE2J/Whpn2/J
gD0ysN7tXUVCgBTPCAgA
=dvlG
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AT WITS END regarding JVM arguments

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Steve,

On 9/6/16 8:56 PM, Mekkelsen Madden, Steve wrote:
> -Original Message- From: James H. H. Lampert
> [mailto:jam...@touchtonecorp.com] Sent: Tuesday, September 06, 2016
> 6:59 PM To: Tomcat Users List  Subject:
> Re: AT WITS END regarding JVM arguments
> 
> On 9/6/16, 8:05 AM, Christopher Schultz wrote:
> 
>> It's worth noting that, when creating the service from the 
>> command-line, the service.bat script will use the current
>> environment to configure the service. That means that
>> CATALINA_HOME and CATALINA_BASE are all used to configure the
>> service.
>> 
>> Unfortunately, CATALINA_OPTS is not used. I'll have a look to see
>> how tough it would be to add CATALINA_OPTS-handling to
>> service.bat... it seems like it would be nice to do that, and
>> fairly easy.
> 
> I wouldn't sweat that part. I still think that the best way to deal
> with the situation is to put a prominent warning in the preamble
> comments of the relevant configuration files, explaining that the
> configuration files are ignored when Tomcat is run as a Windows
> Service, including links to relevant online documentation for the
> configuration utility.
> 
> I would say that it's valid to assume that somebody *installing*
> Tomcat on a Windows box, to be run as a service, might reasonably
> be expected to know about how it works, and how to configure it,
> whereas somebody like me, accustomed to other platforms, and who
> has never had a reason to study the Windows service part of the
> Tomcat docs, would have no reason to know about it.
> 
> -- JHHL
> 
> I do not agree with that statement. It is rarely if ever, safe to
> assume anything.  For years, that IS what I've done to create the
> Windows Service.  Why else would you have a service.bat file if it
> didn't create the service for you??  In prior releases (8.0.* and
> older), I have never had a problem with using this to create the
> Windows Tomcat Service.  JVM Arguments get added, memory settings,
> arguments etc.  Never a problem.
> 
> If it is not working in 8.5 series, I'd say that's a regression
> issue to be fixed.  Adding a preamble doesn't mean someone won't
> continue to create services this way.  If the service.bat won't do
> it correctly there are two choices - fix it so it does create the
> service properly or remove it from the build and make people use
> the one that does do it correctly.  An ounce of prevention saves a
> lot of headaches down the road for everyone.  Let's go to the root
> of the issue, not apply a band aid to it.


There's no regression. James was just saying that it took him a long
time to figure out why hos changes weren't working. Documentation
tweaking is worthwhile.

James, would you care to provide a (simple) patch? You'll get your
name in the changelog :)

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0YT/AAoJEBzwKT+lPKRYbn4QAKDHnxYq25cupT1/+Pvr9GbB
btsbA+nXNx45PSjAdNLOBjIQ0TYyFe4sdlnSZiPeSoHPxD88W1pXEyNurdydC+/8
Fw/i/LCT/th56TffDqRdlxgQwvx3Hs7WgowSggqJWqrSr0MgNxeAH8HChh/s8c5C
Ig8dH7fhqd2cVboVmlFGz+2XBOq0lt4Vajlxh1Sc2dV0TJHIbEEO9tiClxNV1o3V
6A7ZnKNfBBDM5XE7ePjYBlCaDiif/+jdsFx2JNFTENSGQrOTRptLlXXSfQc1bidU
iBt0hQpMNughuKm3BZCpcbq+TkFriy+4ZxExGsosjK+sKzsyUIVG4L7fZnW0NJWX
1iD5KriZ48qx7HUkDYN1TxBT4vu4xRcHsX16ZR4vNBlGFXiel2wnZeC5Yvj/Gcli
Tbds6CpgklxhfP6JtVXeuSlmfK7kQmEVlprTLfP2MyeDGbFkNM+AT7egsX07rsGa
U06w7EZ89k5HoX9wMvrS5FpwhDiwvDR9yFrrpBE3ZdsBfFN6YLxCidmeQ79Ek6PQ
cbhAQxvCKTGZo4qRUzacdgV6w/hUilQ+Urv9X6Fn4OZs5Kr1A6fbofHjY8FJlN6i
Va5Kt09/QAB3tFqcc0lZsXni4utKNxR74syRxsj3zmckh4SZdXh4RKxxNpJbHZzU
eeI1OVuauGJRO4vR+ruE
=H1Cy
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Restricted Access to Tomcat Manager Caused Database Issues

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Yuval,

On 9/7/16 4:03 AM, Yuval Schwartz wrote:
> Hello,
> 
> Tomcat: 8.0.22 Java: jdk1.8.0_05
> 
> I recently restricted access to my Tomcat Manager App by: 1)
> Changing the name of the manager app. 2) Block access to the
> manager app by IP address.
> 
> I did the following: A) Stopped Tomcat B) Simply renamed the
> manager app in $CATALINA_BASE/webapps by executing the linux
> command "mv manager somename". C) Adding a file to the path
> $CATALINA_BASE/conf/Catalina/[hostname] named "somename.xml" which
> contained the following context element to restrict access to the
> manager app:
> 
>   className="org.apache.catalina.valves.RemoteAddrValve" 
> allow="[myIP]"/> 

Don't put a "path" in the . The filename is already
manager.xml, so Tomcat knows it should be deployed as /manager

Step (B) should have been sufficient. You can modify the
META-INF/context.xml that comes with the manager if you want. Or, even
better, use a separate CATALINA_BASE and your own custom
CATALINA_BASE/conf/Catalina/localhost/manager.xml that points to the
manager application in ${catalina.home}/webapps/manager.

We do this with our ant-based deployment scripts: copy the stock
manager's context.xml file, transform it with an XSLT that sets the
docBase and inserts the RemoteAddrValve and Realm we want, and drop
that file into CATALINA_BASE/conf/[engine]/[host]/manager.xml

> D) Start Tomcat
> 
> This caused my web application to lose access to the database (as
> if the web applications Context element located in 
> /webapps/myapp/META-INF/context.xml was overridden or something).
> 
> Does anyone have any suggestions on what's going on? My host is
> called localhost.

You must have done something other than what you described above. If
you really only touched the manager, than other applications shouldn't
have any problems.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0YRiAAoJEBzwKT+lPKRYWiUP/RXZ0AEymW8C7+hFZNM97E3J
UMxaHBj1VRYqgLlieZmI80rBAQss3dzZtF9ZyxWvF4+boUeOTdH5Q3rK3sK7yvwZ
9bWy6lnw9f9lP+fVurRhg0DngpHjPKtS2fzOeQRDMsQEPBRtJy7OEZxOrgJ4xi5W
eQ548r1P6Op93VEe/jpgnu8NF2TUiyWP5jDxvySTOdFc1nbrFHZjtjJ3OInsr07s
jk+7cqt15Q7oick4Ql8W53uZP6r0C4gMwGPjozHyt14tHjKHeOqcRnn5n4nIKUV9
yuWALFi5Lis1Ww0Z4ybSHzhKbGuPpA4hRCtKgoOZJlIj19ofyjO2iroApQFlySAK
TS9scZA8sBpKLwj4hlWf+cUj2deiCZWYDNkP+gXl5RbpFqhBREKQVB7JknunJqlD
QqY0DUd1gG/xjvehIZd2oaHhO3lmoZTW/9HCqpm5RyUQk4E3TiK0W4XSwrN8pYAZ
fbfQ2QxYljMGV2bQshkLBll5OJNsPNNRmtB0PNzhT3Mll5b16ivpLwOyzTsGfvg4
i1vQXzS59gZIzdCn7LqhbTbN0Vg09EhRXiIjeFW0gbnavFUonMrBNqMqc4slPu/v
51sUo7D+sw7t4O1P+XO+HAdKw538Bgkq7qVFWKnWwXLTqUTyrlWZBJczsRHKlOh3
4SL5mezp6B9mlpm4TJC4
=qRk9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Header values when using HttpServletResponse.sendRedirect()

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joe,

On 9/6/16 3:36 PM, Joe Tseng wrote:
> I inherited a codebase that calls
> HttpServletResponse.sendRedirect() to another page after a user is
> successfully logged in. I want to be able to insert a header value
> before that redirection is executed. I tried to simply add a
> HttpServletResponse.addHeader()/.setHeader() to the response object
> before the redirect is called, but it seems a new response object
> is used and sent to the browser. Is that assessment correct? Is
> there any way for me to modify the redirect before it's sent or do
> I have to use .forward()?

Tomcat version?

This should work. Calling response.setHeader or response.addHeader and
then response.sendRedirect() should include your custom headers. What
makes you think that "a new response object is used"?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0YIMAAoJEBzwKT+lPKRYq38QAKkGUiXnf0vDOvuedrjq8zry
Nrc/mVhqezWJq0usCubNKeFPqMtHrGO8BJL4eUdVl/w6FVX0Srf/2C34APrgUJZC
9G0l4R8f8jatbnD2irqUo166Bq3TcjSjppdq3wYsGLb6vdRAkC9bMWqEr3piphBi
yVdKTPflDXo5FEmHcxFgKctwCGzVaqXMJ4tyAEXHZ2jN6azK2mBwCtyZnakoo+Qy
zFFbI6beczIAood49aohi6k0w/IGkH6KtbcYvWgbSuPoeRPrIUqZBb8VMZtrWF80
oyyLa1+3gIGnxBv/4KCRUpLuz2iHdjJ/qwTBgiwNmpo68YZIoqN/ylm1VLR+A9Bx
AV7+ifTZaBQ6oIRWFgziw6ZDtw5l3WCYX2LlyCrSGdbPA7IQ9fYSFNSX0iJUq668
TUesB+5WapCmW73kZSB1OFYpxLTlJAMY3l8KvZbWfhQ3ozLLd8yKKVFBJ2HlM1i5
GbquzKQ7qMWTVG89OUoK9b7Ipf1mApEg9CfvXnajcImM7QKASlUc0LEdtF5ujkEc
mTSw4AYUs3M0jMOarMIE/sn1MMgsjJiDpQUWhxXcX0GjViI/AAyDGqMOuClGBOAw
IaBhqC8fbgOV31BwA81C3bUcEKRFcYdMASViZO8G1B/bn+s70FFnf+JBqLI96XfI
xhQuuThjTx2zCU7oLZb0
=Izss
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [TOMCAT-JDBC] rs.absolute() throws "Invalid operation for forward only resultset: absolute"

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mohamad,

On 9/8/16 4:20 AM, Mohamad Abbas wrote:
> Hello,
> 
> I am working on a legacy web application running on a tomcat
> 8.0.37, and i am getting an error "Invalid operation for forward
> only resultset: absolute" when trying to use an
> InsensitiveScrollableResultSet (to paginate results).
> 
> To make it simple and reproduce the problem i've created a test
> project who contains the "Main" class below. The test project is
> executed on on a windows 7, using jdk1.8.0_92. The only jars are
> present in the classpath of the project are: tomcat-jdbc(8.0.37),
> tomcat-juli(8.8.37), and ojdbc7-12.1.0.2.0.
> 
> Those are the steps to reproduce the problem:
> 
> - Create a Statement using the method .prepareStatement(String)=>
> OK - Execute the query => OK (simple query: SELECT 1 FROM dual) -
> Create a new Statement (with a SCROLL_INSENSITIVE type) for the
> same query (SELECT 1 FROM dual) => KO (or OK?), tomcat-jdbc is
> returning the cached Statement created in Step 1 (a FORWARD_ONLY
> Statement). - Execute the query => OK - Call absolute method =>
> Exception: Invalid operation for forward only resultset: absolute
> 
> I don't know if it is really a bug in tomcat-jdbc or if my problem
> is due to a misconfiguration.

This looks like a bug to me. Please file a BZ issue for this, and
include your test case. Also please include a full stack trace of the
error. If this is possible to get working with an embedded database
e.g. Derby (which ships with recent Java versions), please do that
instead of complicating things with Oracle, etc.

Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0YGsAAoJEBzwKT+lPKRYJHMQAIkgWgJq+5WQj9uNEVYE55oY
aw6rqc3HOA7V5YK83Q02uPW+XxklXXc74EsJV9nSHfuG6K+gU4zk10/+1YNDM4M4
OljO9ACua+/lV21t1zqaBIr0+cJQ8dDphwMve9q1j5YNiqCB2UsxmT/fOLwUqPrx
gItN5trShCDvIGlGNSx5BJS2mF5jm6yJUeFUccRUWKJWthi2jzjNjFSqBHh5+wZV
aIDI8ljXpqCie5tflRM9wF+Bf/jufufssQMSY2+nmcTuu9NHyA5hshGNo3XNAIIA
E3tJsi9BQ6wvR0eqV7VbgfANSGRRUpWqvaPmtiXSXvYszVjCkItPhp+drjbyFil5
6j7p/c0gWtHPhQJ9xWGnIrXvSt6otlAxNEHQedrz43wE5ekEmBTSmIFafaWYICpm
vHpKoRvnEFKB2UdONRjEs7kX7arTqzpaxuqcN4/1178Cir16ab12NL5fab0cnzx8
Lwqer8EGOndtc1a5nn3vtxwd2HQb8HN+mG98Czy5ChDeiGZv4MHByCeck8wJF+nQ
TqvBuIRDyrVCG09bmBIRdVb65MmdQhlxoxB+k+uURGGGY5GgkC5O21mje9N8+vcn
UmmfeyDrHs4HvecvSfz7/kmFAM+yj8AqsjeYNpWQU4wG/v/kz+Eof1zkLbZs4VyH
Tu30JtRs0P0hzlTAq60N
=htwU
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat as Windows Service

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Amit,

On 9/8/16 12:49 AM, Amit Pande wrote:
> Hello experts,
> 
> We have configured the Tomcat to  run as a Windows Service. And
> Windows SCM has a default time of 30 seconds, but the Tomcat
> process does not start/stop within this time.
> 
> So, if we restart the service via SCM, we receive the Address in
> Use exceptions (as previous Tomcat process hasn't been stopped
> yet).
> 
> We're using our own custom mechanism to hook the Tomcat process
> with the Windows SCM and haven't gone the below mentioned way.
> 
> https://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html
>
>  Any pointers on how to solve this issue ?
> 
> 1. Increasing Windows SCM timeout for this process might work but 
> doesn't sound really clean solution.

It might be your only solution.

> 2. Issue a Catalina stop, and if it does not stop in some time ,
> do a task kill or something similar of the corresponding java.exe
> ?

Windows has a few[1] kill[2] commands[3]. I don't know what the
repercussions of killing your application are, though. Presumably,
your application needs to clean up after itself.

> Appreciate your help here.

What's taking Tomcat (really your application) so long to shutdown?

If there are requests taking a long time to complete, you can
configure Tomcat to cancel those requests after a particular
timeout[4]. I couldn't find a configuration setting for when using an
. Hmm...

- -chris

[1]
http://www.howtogeek.com/145882/how-to-kill-a-process-from-the-cli-in-wi
ndows/
[2] http://tweaks.com/windows/39559/kill-processes-from-command-prompt/
[3] https://technet.microsoft.com/en-us/library/bb491009.aspx
[4] https://tomcat.apache.org/tomcat-8.0-doc/config/http.html,
executorTerminationTimeoutMillis
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0YEEAAoJEBzwKT+lPKRYXMEP/R/pjvAIXyp8LsPhGyR1T1BZ
6HW4MSScWIvaVIwIxfCs73vL3KcIIzrEEN69PClVItLKMFOwtdUC5zW/w9emkWFb
ppDhmFn5QOetldm3E/KiXp0gYpc9e5C/QKwjOsTwXKI3rA6kWsRMa6Tldve5cn81
9TV1F83iICj36n31jkYZJ6EPo9YQDrGvb9ezFhselZEXoSeTVF8q0T4P7fQkoX+q
yqMEHyQQHR3RE6WOHkoz8NX06oSeEFdDrPISblvrqdxYEZD9AsToIR3uqalb29wo
y72nOQPjpONnEcNBy2FpzXAvSPih6YFAlr/14v2W7Bfhdt+szutLkth3+3MDA9bK
tWMXWf11tav4SUeXyb5vpaduSJ+iPXyQdW+UDakqQ2M77vuzbxVSRwXEjvswOhNh
IhY5laFLHglEb/O9FfuNjXtMh0vVlyPJLGEAbsKAQnF5bQB7MckiVWBr7+thAHnM
OCSnDoAwNqk+9hMs4CVPVWNT/kHWWzC6B7iawyoYdqjyln7zQp9YfKEUWudRzw+z
JHQfeFOJsi7xXKHXuxFoNqJKuw5tx6o+Wjy/ElJpAlrOMhGzBPoTQobU/ukSQUUW
X7rF1Sa0cg2UeOeaLe9TQ4yuCDgC02ExD2yxJ7Z2srFG88rCXyxJipwloXTWnyBq
iuAEdD29FZ7n+hiQTfNL
=ZnzF
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat8 unable to load the Resource/property file from jar

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Venkata,

On 9/7/16 4:49 AM, Venkata Reddy P wrote:
> Recently we have upgraded the one of application from tomcat6.x to
> tomcat8.0.36 version. In tomcat6, i was able to read the
> property/resource file from the jar file but certain reasons after
> upgrading to the tomca8.0.36 its failing to load.
> 
> My jar: auth.jar com/trianz/auth/*.java 
> com/trianz/auth/auth.properties
> 
> //failing code, here url always getting null value. URL  url =
> Auth.class.getClassLoader().getResource("com/trianz/auth/auth.properti
es");
>
>  I am sure by looking at the tomcat catalina.startup logs the
> auth.jar is loading properly Is there any way to confirm the file
> in classpath "com/trianz/auth/auth.properties"? How do I fix this?
> 
> Many Thanks in advance.

Can you try reading the file like this:

URL url =
Auth.class.getClassLoader().getResource("/com/trianz/auth/auth.propertie
s")

? (note the leading "/")

Also, from where is the Auth class being loaded? Where is auth.jar
located?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0X2hAAoJEBzwKT+lPKRYIqkQAK4zfB78BcjFmjN+PXPCuVVN
JJus2+fdZ9d4g1bl/A1aJrZPalTqttkrE/cQiJm5G3LTFw2WAXMHX/PslG9Q6nNk
tZ+1uXR6rROngAQpJadIJ5d1TjSnjxYWf75un33Sn2+BCEhGj0ZnTVnVbxSZOamE
Vf0MwXSanwmaBGU0qafrPTswQratHEvk+/9Z7eLPF3ZIEAvdbpsqrjSIW0M2qGTA
tuFqppIWHB6pFWk92n7hTNq8rycVQyRZjIX8ROAn9Z+AM3w7Rej8XC2WhwcOmF3O
/iIN5/Xhl8muiG+n2zyMtkDeYFKIsqJmNLiCCVxJZBaYs8v0ASo12yXobPa1Q0qe
lxk7sIBZaLUwbGc18vN3meLuMNzBHrMb7ZjLf+GTGvzSDyMm6caYDhVFPHHyhn3i
6kpUXCF05hnFUMHk7eIRC4s+VfIM72WnFEeVx0Dhb+xdpaMrcIXUA9aXS/TjPVQb
qV5hQxZsTbG+2aKf/JqPRPZPrkE8SE1ljPB3xNviorRGQqOLb/vRS+6k2DHhk3RJ
JyhSB1UfNfZ49nwlMPbmPoJMyZTgoeEnw6WxSrYOeZR4Nisi5+3+LTrOZlotpQaS
26U+dzBiv1XJtc74rFaYZQ7FiAnWybAbZGkyIVMjmVsdo0c6dpkXRUTvInLo+aai
KBcIRAlgxYbh0LT3pjI9
=dMbb
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8.5.4 uses RFC 6265 by default which does not appear to be Servlet 3.1 compliant

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Robert,

On 9/6/16 11:05 PM, Robert Winch wrote:
> Mark / Rémy,
> 
> Thanks again for your responses.
> 
> I'd like to point out one more thing. Mark stated:
> 
>> To date, the only problem we have seen with RFC6265 that comes to
>> mind is that Tomcat rejects domain values with leading '.' when
>> an application creates a cookie.
> 
> The problem I am experiencing is that applications are using a
> cookie value that contains a space. The cookie value was valid
> prior to Tomcat 8.5, but is no longer valid.
> 
> This means that an update to Tomcat 8.5 prevents the previous
> cookies from being returned by HttpServletRequest.getCookies(). It
> also means that writing the cookie values is no longer valid.
> Writing the cookies could be adjusted, but reading the cookies
> cannot be fixed because the values are already written.

It's an ugly hack, but you can always read the HTTP header yourself
and interpret the string as you see fit.

Or just use the LegacyCookieParser for a while, and re-write your
application's cookies to be more RFC-friendly.

- -chris

> On Tue, Sep 6, 2016 at 5:13 PM, Rémy Maucherat 
> wrote:
> 
>> 2016-09-06 23:04 GMT+02:00 Mark Thomas :
>> 
>>> I was assuming that Servlet 4.0 would update to RFC6265 so
>>> 9.0.x would be no change. 8.0.x uses the legacy parser by
>>> default so we are only talking about 8.5.x. here.
>>> 
>>> The reason I was fine with adding this to
>>> STRICT_SERVLET_COMPLIANCE for 8.5.x was that enabling
>>> STRICT_SERVLET_COMPLIANCE is, unless you are trying to run the
>>> TCK, far more likely to cause problems than fix them. I don't
>>> see it as an option most (all?) real-world users would want to 
>>> enable. It is the "Well, we don't recommend it but if you
>>> *really* want specification compliance then here you are."
>>> option. Which seems to be a good fit for this request.
>>> 
>> 
>> Well, yes, some items got added to the flag that are a bit
>> questionable. I see the very similar URI encoding, which defaults
>> to UTF-8 if it's not used. That's a similar behavior change that
>> can hurt.
>> 
>> Now it bundles too many "legacy HTTP" with some "extra Servlet
>> spec behaviors", and that's not the best combo. Ideally the
>> "strict compliance" flag should be limited to actual Servlet spec
>> behaviors.
>> 
>> 
>>> And if users want STRICT_SERVLET_COMPLIANCE but RFC6265 cookies
>>> then one line in $CATALINA_BASE/conf/context.xml will switch
>>> the default back.
>>> 
>>> Is the above enough to move you to a -0 on this?
>>> 
>> 
>> If people are ok with that new behavior, then that's what it can
>> become.
>> 
>>> 
 Thanks to you actually, it looks doubtful anyone would have
 tackled a cookie refactoring ...
>>> 
>>> Thanks. I must confess that I do still have a small sense of
>>> dread any time a cookie related bug crops up.
>>> 
 People who need absolute compatibility can just as easily 
 configure another cookie support, but the requirement is
 really illegitimate and counter productive.
>>> 
>>> True. The same could be said for all the other defaults changed
>>> by STRICT_SERVLET_COMPLIANCE.
>>> 
 I also think the specification language is not intentional,
 it's only a lack of update in the old javadoc basically.
>>> 
>>> Indeed but unfortunately we are stuck with the spec language we
>>> have. If EG members could actually fix stuff like this directly
>>> rather than having to convince the Oracle spec lead to make the
>>> change...
>>> 
>>> https://java.net/jira/browse/SERVLET_SPEC-37
>>> 
>>> I didn't pay a lot of attention to it then, and it doesn't seem
>>> to be
>> getting fixed.
>> 
>> Rémy
>> 
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX0X0cAAoJEBzwKT+lPKRYvDwP/iX4ZuCtJXxDRm+cYG9Ot3jg
tKnnrIe8FHnHB8pzRKNWnVsb2CFn/FaqOPqeHZ8+nlE38sM7zKzTZJoo3PKBz7eZ
dD4BvHMP0p2dobXmn8bUOtfRc9xxXQ1xC3SmdXQeEynmKkXzfAq9OO+f8a4unlT1
gSEqTBddnPnwWMm+OsKm7tgAfn6O2D4bVvDNC+GRHH7+CSfBF+dxvR6qmRqz9B26
vA2Q/qXEv0VHWKP0+fu5X91x18gqDzXWBluR6zATVwZUa23WjGHwxIKGQ/rne1GE
15Yp5ucghV9ip8IoAthMq7DLcby5WIwGLvTGtN06cemD1U6wXbhWwdRxri+AP6T1
GOQM+aL7VIZD2KFr5rMSXHuPHBSvjaFfodhSALnh9tJtt33PGJ/eiSpYKJA5lKw3
8PV/Z+2kJlpuXmQwJ82OiQLfUgjCrEhibUFxiXphrJ/KOhIoBC7fWFih9OLoD+4S
jGS7vT/uLZGmF59t3sL6Wu2C/Ew4tgaeeUazrVaHyjqiVftiBAeMR6el844l64Tj
Wh2lXtfnpDskWoRbkseem+tiMK7j431vfialh6EbhPxCaLZUo50zHdD9X2Tw009A
PdQH3mUT79Fwj8CREwOLYVH3UeGg414e+UdImQVKnl0Epc8fpQqi0G3+QOXKD+p7
/p12dXhJu1Z2zefdMirx
=b14o
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java.lang.ClassNotFoundException: org.apache.catalina.filters.HttpHeaderSecurityFilter for app specific web.xml under Tomcat 8.0.9 (bundled with Netbeans)

[Violeta Georgieva]

Hi Mladen,

2016-09-08 13:04 GMT+03:00 Mladen Adamović :
>
> Hi Mark,
>
> It seems that in Tomcat 8 it was added in
> Tomcat 8.0.23 (merged from Tomcat 7 I guess)

Typically we back port features to previous versions and not vice versa.

That feature was first developed in Tomcat 9 branch and then back ported.

Regards,
Violeta

>
>- [image: Add:] 54618
>: Add a new
>HttpHeaderSecurityFilter that adds the Strict-Transport-Security,
>X-Frame-Options and X-Content-Type-Options HTTP headers to the
response.
>(markt)
>
> And Netbeans embedded version I was using was 8.0.9, I guess that was the
> problem.
>
>
> On Thu, Sep 8, 2016 at 11:43 AM, Mark Thomas  wrote:
>
> > On 08/09/2016 10:12, Mladen Adamović wrote:
> > > I want in some specific apps to enable HttpHeaderSecurityFilter (I
might
> > > have some insecure applications at the same server).
> >
> > 
> >
> > > But I've got the error message when running from Tomcat 8.0.9.0. This
> > > happened in a development environment, this Tomcat was installed with
> > > Netbeans 8.0.1.
> > >
> > > 08-Sep-2016 09:35:37.108 SEVERE [http-nio-8084-exec-7]
> > > org.apache.catalina.core.StandardContext.filterStart Exception
starting
> > > filter httpHeaderSecurity
> > >  java.lang.ClassNotFoundException: org.apache.catalina.filters.
> > > HttpHeaderSecurityFilter
> >
> > 
> >
> > > What could be the reason Tomcat is displaying ClassNotFoundExpceiotn
for
> > > org.apache.catalina.filters.HttpHeaderSecurityFilter, since this
exists
> > > since Tomcat 7?
> >
> > Read this:
> > http://svn.us.apache.org/repos/asf/tomcat/tc7.0.x/
> > trunk/webapps/docs/changelog.xml
> >
> > and this:
> > http://svn.us.apache.org/repos/asf/tomcat/tc8.0.x/
> > trunk/webapps/docs/changelog.xml
> >
> > Search for "HttpHeaderSecurityFilter" and read all the matching
> > changelog entries.
> >
> > Mark
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >

Re: java.lang.ClassNotFoundException: org.apache.catalina.filters.HttpHeaderSecurityFilter for app specific web.xml under Tomcat 8.0.9 (bundled with Netbeans)

[Mladen Adamović]

Hi Mark,

It seems that in Tomcat 8 it was added in
Tomcat 8.0.23 (merged from Tomcat 7 I guess)

   - [image: Add:] 54618
   : Add a new
   HttpHeaderSecurityFilter that adds the Strict-Transport-Security,
   X-Frame-Options and X-Content-Type-Options HTTP headers to the response.
   (markt)

And Netbeans embedded version I was using was 8.0.9, I guess that was the
problem.


On Thu, Sep 8, 2016 at 11:43 AM, Mark Thomas  wrote:

> On 08/09/2016 10:12, Mladen Adamović wrote:
> > I want in some specific apps to enable HttpHeaderSecurityFilter (I might
> > have some insecure applications at the same server).
>
> 
>
> > But I've got the error message when running from Tomcat 8.0.9.0. This
> > happened in a development environment, this Tomcat was installed with
> > Netbeans 8.0.1.
> >
> > 08-Sep-2016 09:35:37.108 SEVERE [http-nio-8084-exec-7]
> > org.apache.catalina.core.StandardContext.filterStart Exception starting
> > filter httpHeaderSecurity
> >  java.lang.ClassNotFoundException: org.apache.catalina.filters.
> > HttpHeaderSecurityFilter
>
> 
>
> > What could be the reason Tomcat is displaying ClassNotFoundExpceiotn for
> > org.apache.catalina.filters.HttpHeaderSecurityFilter, since this exists
> > since Tomcat 7?
>
> Read this:
> http://svn.us.apache.org/repos/asf/tomcat/tc7.0.x/
> trunk/webapps/docs/changelog.xml
>
> and this:
> http://svn.us.apache.org/repos/asf/tomcat/tc8.0.x/
> trunk/webapps/docs/changelog.xml
>
> Search for "HttpHeaderSecurityFilter" and read all the matching
> changelog entries.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Header values when using HttpServletResponse.sendRedirect()

[Terence M. Bandoian]

On 9/8/2016 4:47 AM, Terence M. Bandoian wrote:

On 9/6/2016 2:36 PM, Joe Tseng wrote:

All,

I inherited a codebase that calls HttpServletResponse.sendRedirect() to
another page after a user is successfully logged in. I want to be 
able to

insert a header value before that redirection is executed. I tried to
simply add a HttpServletResponse.addHeader()/.setHeader() to the 
response
object before the redirect is called, but it seems a new response 
object is
used and sent to the browser. Is that assessment correct? Is there 
any way

for me to modify the redirect before it's sent or do I have to use
.forward()?

thx,

  - Joe




Rather than using sendRedirect, it should be possible to set any 
required headers and the status code using setHeader and setStatus.


-Terence Bandoian
 http://www.tmbsw.com/




Sorry about responding directly - I meant for my reply to go to the list.

-Terence


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: java.lang.ClassNotFoundException: org.apache.catalina.filters.HttpHeaderSecurityFilter for app specific web.xml under Tomcat 8.0.9 (bundled with Netbeans)

[Mark Thomas]

On 08/09/2016 10:12, Mladen Adamović wrote:
> I want in some specific apps to enable HttpHeaderSecurityFilter (I might
> have some insecure applications at the same server).



> But I've got the error message when running from Tomcat 8.0.9.0. This
> happened in a development environment, this Tomcat was installed with
> Netbeans 8.0.1.
> 
> 08-Sep-2016 09:35:37.108 SEVERE [http-nio-8084-exec-7]
> org.apache.catalina.core.StandardContext.filterStart Exception starting
> filter httpHeaderSecurity
>  java.lang.ClassNotFoundException: org.apache.catalina.filters.
> HttpHeaderSecurityFilter



> What could be the reason Tomcat is displaying ClassNotFoundExpceiotn for
> org.apache.catalina.filters.HttpHeaderSecurityFilter, since this exists
> since Tomcat 7?

Read this:
http://svn.us.apache.org/repos/asf/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

and this:
http://svn.us.apache.org/repos/asf/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Search for "HttpHeaderSecurityFilter" and read all the matching
changelog entries.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [TOMCAT-JDBC] rs.absolute() throws "Invalid operation for forward only resultset: absolute"

[Mohamad Abbas]

The ojdbc7-12.1.0.2.0 support TYPE_SCROLL_INSENSITIVE. I already made the
test by calling only the second method who creates a Statement with a
SCROLL_INSENSITIVE type, and it worked.

Regards,

2016-09-08 11:29 GMT+02:00 Terence M. Bandoian :

> On 9/8/2016 3:20 AM, Mohamad Abbas wrote:
>
>> Hello,
>>
>> I am working on a legacy web application running on a tomcat 8.0.37, and i
>> am getting an error "Invalid operation for forward only resultset:
>> absolute" when trying to use an InsensitiveScrollableResultSet (to
>> paginate
>> results).
>>
>> To make it simple and reproduce the problem i've created a test project
>> who
>> contains the "Main" class below. The test project is executed on on a
>> windows 7, using jdk1.8.0_92. The only jars are present in the classpath
>> of
>> the project are: tomcat-jdbc(8.0.37), tomcat-juli(8.8.37),
>> and ojdbc7-12.1.0.2.0.
>>
>> Those are the steps to reproduce the problem:
>>
>> - Create a Statement using the method .prepareStatement(String)=> OK
>> - Execute the query => OK (simple query: SELECT 1 FROM dual)
>> - Create a new Statement (with a SCROLL_INSENSITIVE type) for the same
>> query (SELECT 1 FROM dual) => KO (or OK?), tomcat-jdbc is returning
>> the
>> cached Statement created in Step 1 (a FORWARD_ONLY Statement).
>> - Execute the query => OK
>> - Call absolute method => Exception: Invalid operation for forward
>> only
>>
>> resultset: absolute
>>
>> I don't know if it is really a bug in tomcat-jdbc or if my problem is due
>> to a misconfiguration.
>>
>> Here is the code:
>>
>> package test;
>>
>> import java.sql.Connection;
>> import java.sql.PreparedStatement;
>> import java.sql.ResultSet;
>>
>> import org.apache.tomcat.jdbc.pool.DataSource;
>> import org.apache.tomcat.jdbc.pool.PoolProperties;
>>
>> public class Main {
>>
>>  private static DataSource datasource;
>>
>>  static {
>>  PoolProperties p = new PoolProperties();
>>  p.setUrl("jdbc:oracle:thin:@localhost:1531:test");
>>  p.setDriverClassName("oracle.jdbc.OracleDriver");
>>  p.setUsername("test");
>>  p.setPassword("test");
>>  p.setTestWhileIdle(true);
>>  p.setTestOnBorrow(false);
>>  p.setValidationQuery("SELECT 1 FROM dual");
>>  p.setValidationInterval(3);
>>  p.setMaxActive(1); // to simplify the test
>>  p.setInitialSize(1); // to simplify the test
>>  p.setMaxWait(1); // to simplify the test
>>  p.setMinEvictableIdleTimeMillis(3);
>>  p.setMinIdle(1); // to simplify the test
>>  p.setMaxIdle(1); // to simplify the test
>>  p.setJdbcInterceptors("StatementCache(max=10)"); // If i
>> replace max=10 by max = 0, the problem disappears
>>  datasource = new DataSource();
>>  datasource.setPoolProperties(p);
>>  }
>>
>>  public static void main(String[] args) throws Exception {
>>  testWithForwardOnlyResultSet(datasource);
>>  testWithInsensitiveResultSet(datasource);
>>  }
>>
>>  private static void testWithForwardOnlyResultSet(DataSource
>> datasource)
>> throws Exception {
>>  Connection con = datasource.getConnection();
>>  PreparedStatement st = con.prepareStatement("select 1 from
>> dual");
>>  ResultSet rs = st.executeQuery();
>>  while (rs.next()) {
>>  System.out.println("Result = " + rs.getString(1));
>>  }
>>  rs.close();
>>  st.close();
>>  con.close();
>>  }
>>
>>  private static void testWithInsensitiveResultSet(DataSource
>> datasource)
>> throws Exception {
>>  Connection con = datasource.getConnection();
>>  PreparedStatement st = con.prepareStatement("select 1 from dual",
>> ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
>>  ResultSet rs = st.executeQuery();
>>  rs.absolute(1);
>>  while (rs.next()) {
>>  System.out.println("Result = " + rs.getString(1));
>>  }
>>  rs.close();
>>  st.close();
>>  con.close();
>>  }
>>
>> }
>>
>> Please tell me, if you need more informations.
>>
>> Thanks for your help!
>>
>
>
> If a JDBC driver does not support TYPE_SCROLL_INSENSITIVE, it may fall
> back silently to TYPE_FORWARD_ONLY.
>
> -Terence Bandoian
>  http://www.tmbsw.com/
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: [TOMCAT-JDBC] rs.absolute() throws "Invalid operation for forward only resultset: absolute"

[Terence M. Bandoian]

On 9/8/2016 3:20 AM, Mohamad Abbas wrote:

Hello,

I am working on a legacy web application running on a tomcat 8.0.37, and i
am getting an error "Invalid operation for forward only resultset:
absolute" when trying to use an InsensitiveScrollableResultSet (to paginate
results).

To make it simple and reproduce the problem i've created a test project who
contains the "Main" class below. The test project is executed on on a
windows 7, using jdk1.8.0_92. The only jars are present in the classpath of
the project are: tomcat-jdbc(8.0.37), tomcat-juli(8.8.37),
and ojdbc7-12.1.0.2.0.

Those are the steps to reproduce the problem:

- Create a Statement using the method .prepareStatement(String)=> OK
- Execute the query => OK (simple query: SELECT 1 FROM dual)
- Create a new Statement (with a SCROLL_INSENSITIVE type) for the same
query (SELECT 1 FROM dual) => KO (or OK?), tomcat-jdbc is returning the
cached Statement created in Step 1 (a FORWARD_ONLY Statement).
- Execute the query => OK
- Call absolute method => Exception: Invalid operation for forward only
resultset: absolute

I don't know if it is really a bug in tomcat-jdbc or if my problem is due
to a misconfiguration.

Here is the code:

package test;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

import org.apache.tomcat.jdbc.pool.DataSource;
import org.apache.tomcat.jdbc.pool.PoolProperties;

public class Main {

 private static DataSource datasource;

 static {
 PoolProperties p = new PoolProperties();
 p.setUrl("jdbc:oracle:thin:@localhost:1531:test");
 p.setDriverClassName("oracle.jdbc.OracleDriver");
 p.setUsername("test");
 p.setPassword("test");
 p.setTestWhileIdle(true);
 p.setTestOnBorrow(false);
 p.setValidationQuery("SELECT 1 FROM dual");
 p.setValidationInterval(3);
 p.setMaxActive(1); // to simplify the test
 p.setInitialSize(1); // to simplify the test
 p.setMaxWait(1); // to simplify the test
 p.setMinEvictableIdleTimeMillis(3);
 p.setMinIdle(1); // to simplify the test
 p.setMaxIdle(1); // to simplify the test
 p.setJdbcInterceptors("StatementCache(max=10)"); // If i
replace max=10 by max = 0, the problem disappears
 datasource = new DataSource();
 datasource.setPoolProperties(p);
 }

 public static void main(String[] args) throws Exception {
 testWithForwardOnlyResultSet(datasource);
 testWithInsensitiveResultSet(datasource);
 }

 private static void testWithForwardOnlyResultSet(DataSource datasource)
throws Exception {
 Connection con = datasource.getConnection();
 PreparedStatement st = con.prepareStatement("select 1 from dual");
 ResultSet rs = st.executeQuery();
 while (rs.next()) {
 System.out.println("Result = " + rs.getString(1));
 }
 rs.close();
 st.close();
 con.close();
 }

 private static void testWithInsensitiveResultSet(DataSource datasource)
throws Exception {
 Connection con = datasource.getConnection();
 PreparedStatement st = con.prepareStatement("select 1 from dual",
ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
 ResultSet rs = st.executeQuery();
 rs.absolute(1);
 while (rs.next()) {
 System.out.println("Result = " + rs.getString(1));
 }
 rs.close();
 st.close();
 con.close();
 }

}

Please tell me, if you need more informations.

Thanks for your help!



If a JDBC driver does not support TYPE_SCROLL_INSENSITIVE, it may fall 
back silently to TYPE_FORWARD_ONLY.


-Terence Bandoian
 http://www.tmbsw.com/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

java.lang.ClassNotFoundException: org.apache.catalina.filters.HttpHeaderSecurityFilter for app specific web.xml under Tomcat 8.0.9 (bundled with Netbeans)

[Mladen Adamović]

I want in some specific apps to enable HttpHeaderSecurityFilter (I might
have some insecure applications at the same server).

I've edited web.xml of one application (not the tomcat/conf/web.xml file to
add this filter):


httpHeaderSecurity
org.apache.catalina.filters.HttpHeaderSecurityFilter
true

   hstsMaxAgeSeconds
   31536000



httpHeaderSecurity
/*
/
REQUEST


But I've got the error message when running from Tomcat 8.0.9.0. This
happened in a development environment, this Tomcat was installed with
Netbeans 8.0.1.

08-Sep-2016 09:35:37.108 SEVERE [http-nio-8084-exec-7]
org.apache.catalina.core.StandardContext.filterStart Exception starting
filter httpHeaderSecurity
 java.lang.ClassNotFoundException: org.apache.catalina.filters.
HttpHeaderSecurityFilter
at java.net.URLClassLoader$1.run(URLClassLoader.java:366)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at java.lang.ClassLoader.loadClass(ClassLoader.java:425)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at org.apache.catalina.core.DefaultInstanceManager.loadClass(
DefaultInstanceManager.java:540)
at org.apache.catalina.core.DefaultInstanceManager.
loadClassMaybePrivileged(DefaultInstanceManager.java:531)
at org.apache.catalina.core.DefaultInstanceManager.newInstance(
DefaultInstanceManager.java:150)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(
ApplicationFilterConfig.java:258)
at org.apache.catalina.core.ApplicationFilterConfig.
(ApplicationFilterConfig.java:105)
at org.apache.catalina.core.StandardContext.filterStart(
StandardContext.java:4603)
at org.apache.catalina.core.StandardContext.startInternal(
StandardContext.java:5210)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(
ContainerBase.java:724)
at org.apache.catalina.core.ContainerBase.addChild(
ContainerBase.java:700)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:714)
at org.apache.catalina.startup.HostConfig.deployDescriptor(
HostConfig.java:581)
at org.apache.catalina.startup.HostConfig.deployApps(
HostConfig.java:455)
at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1496)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(
NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(
DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(
BaseModelMBean.java:300)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(
DefaultMBeanServerInterceptor.java:819)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(
JmxMBeanServer.java:801)
at org.apache.catalina.manager.ManagerServlet.check(
ManagerServlet.java:1437)
at org.apache.catalina.manager.ManagerServlet.deploy(
ManagerServlet.java:884)
at org.apache.catalina.manager.ManagerServlet.doGet(
ManagerServlet.java:335)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:618)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:291)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(
WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.netbeans.modules.web.monitor.server.MonitorFilter.
doFilter(MonitorFilter.java:393)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(
SetCharacterEncodingFilter.java:108)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:239)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(
StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(
StandardContextValve.java:106)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(
AuthenticatorBase.java:615)
at org.apache.catalina.core.StandardHostValve.invoke(
StandardHostValve.java:136)
at org.apache.catalina.valves.ErrorReportValve.invoke(

[TOMCAT-JDBC] rs.absolute() throws "Invalid operation for forward only resultset: absolute"

[Mohamad Abbas]

Hello,

I am working on a legacy web application running on a tomcat 8.0.37, and i
am getting an error "Invalid operation for forward only resultset:
absolute" when trying to use an InsensitiveScrollableResultSet (to paginate
results).

To make it simple and reproduce the problem i've created a test project who
contains the "Main" class below. The test project is executed on on a
windows 7, using jdk1.8.0_92. The only jars are present in the classpath of
the project are: tomcat-jdbc(8.0.37), tomcat-juli(8.8.37),
and ojdbc7-12.1.0.2.0.

Those are the steps to reproduce the problem:

   - Create a Statement using the method .prepareStatement(String)=> OK
   - Execute the query => OK (simple query: SELECT 1 FROM dual)
   - Create a new Statement (with a SCROLL_INSENSITIVE type) for the same
   query (SELECT 1 FROM dual) => KO (or OK?), tomcat-jdbc is returning the
   cached Statement created in Step 1 (a FORWARD_ONLY Statement).
   - Execute the query => OK
   - Call absolute method => Exception: Invalid operation for forward only
   resultset: absolute

I don't know if it is really a bug in tomcat-jdbc or if my problem is due
to a misconfiguration.

Here is the code:

package test;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

import org.apache.tomcat.jdbc.pool.DataSource;
import org.apache.tomcat.jdbc.pool.PoolProperties;

public class Main {

private static DataSource datasource;

static {
PoolProperties p = new PoolProperties();
p.setUrl("jdbc:oracle:thin:@localhost:1531:test");
p.setDriverClassName("oracle.jdbc.OracleDriver");
p.setUsername("test");
p.setPassword("test");
p.setTestWhileIdle(true);
p.setTestOnBorrow(false);
p.setValidationQuery("SELECT 1 FROM dual");
p.setValidationInterval(3);
p.setMaxActive(1); // to simplify the test
p.setInitialSize(1); // to simplify the test
p.setMaxWait(1); // to simplify the test
p.setMinEvictableIdleTimeMillis(3);
p.setMinIdle(1); // to simplify the test
p.setMaxIdle(1); // to simplify the test
p.setJdbcInterceptors("StatementCache(max=10)"); // If i
replace max=10 by max = 0, the problem disappears
datasource = new DataSource();
datasource.setPoolProperties(p);
}

public static void main(String[] args) throws Exception {
testWithForwardOnlyResultSet(datasource);
testWithInsensitiveResultSet(datasource);
}

private static void testWithForwardOnlyResultSet(DataSource datasource)
throws Exception {
Connection con = datasource.getConnection();
PreparedStatement st = con.prepareStatement("select 1 from dual");
ResultSet rs = st.executeQuery();
while (rs.next()) {
System.out.println("Result = " + rs.getString(1));
}
rs.close();
st.close();
con.close();
}

private static void testWithInsensitiveResultSet(DataSource datasource)
throws Exception {
Connection con = datasource.getConnection();
PreparedStatement st = con.prepareStatement("select 1 from dual",
ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY);
ResultSet rs = st.executeQuery();
rs.absolute(1);
while (rs.next()) {
System.out.println("Result = " + rs.getString(1));
}
rs.close();
st.close();
con.close();
}

}

Please tell me, if you need more informations.

Thanks for your help!

Re: Restrict access to manager app by IP

[Yuval Schwartz]

Thanks a lot for your replies.
For now, I removed the "path" attribute from the Context elements but left
the xml file in Catalina/[hostname].

When I have some more time, I will move to within my application
(META-INF/context.xml) since that seems to be the consensus here.

Thank you.

On Wed, Sep 7, 2016 at 8:45 PM, Mark Thomas  wrote:

> On 07/09/2016 18:43, Jeffrey Janner wrote:
> >
> >
> >> -Original Message-
> >> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> >> Sent: Tuesday, September 06, 2016 12:30 PM
> >> To: Tomcat Users List 
> >> Subject: Re: Restrict access to manager app by IP
> >>
> > Yuval,
> >
> > On 9/2/16 9:29 AM, Yuval Schwartz wrote:
>  Thanks. I'll give it a shot and let you guys know how it goes. Any
>  input on whether I should put this in my applications context.xml
>  or in my [host] directory?
> >
> > I would do it in the application. Unless you have a particular reason
> > to manually-place the application's context.xml file into
> > conf/[engine]/[host]/[app].xml, allow Tomcat to do that for you.
> >
> > -chris
> >
> >> Chris -
> >
> >> Isn't the Tomcat "/manager" an app separate from the user's webapp?
> Thus the need for the manager.xml in conf/[engine]/[host] directory?
>
> It is an application like any other so you can use:
>
> $CATALINA_BASE/webapps/manager/META-INF/context.xml
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>