AccessLogValve logging incorrect/cached data
We have recently noticed that our Tomcat installation is writing incorrect data to the localhost_access_log. It seems to be writing cached data of a previous request for some or all of the fields. For example, sometimes the jsessionid of another IP/client is written in the logs of having made a request for a page. There are other times where the request came from one computer, but is logged with the IP and sessionid of another computer. I have included a sample of the access log that shows what I mean. So far we have upgraded to the newest version of Tomcat (8.5.5) and added RECYCLE_FACADES=true to our catalina.properties file. We also see the same behavior from inside our application using getRemoteAddr(). At this point I am not really sure how to proceed as google doesn't return anything about a problem like this. Any suggestions would be appreciated. Tomcat 8.5.5 OS: Solaris 11.3 sun4v sparc Java: 1.8.0_92 TCNative: 1.2.7 *server.xml:* ... *Clients:* Client1: 192.168.1.100 JSESSIONID: C345EEC54EA556A5E55CE1F7AAB9B706 Client2: 192.168.1.105 JSESSIONID: DF4331A7668F8D67249A86DA2313029D *localhost_access_log.txt:* 192.168.1.100 - - 2016-09-13T14:33:34.154-0500 "GET /javascript/flyout-nav.js HTTP/1.1" 304 0 DF4331A7668F8D67249A86DA2313029D 7 https://192.168.1.1/ 192.168.1.105 - - 2016-09-13T14:57:59.110-0500 "GET /javascript/custom-expand.js HTTP/1.1" 304 0 C345EEC54EA556A5E55CE1F7AAB9B706 11 https://192.168.1.1/
Re: Tomcat 8.5.5 jasper and method sizes
On Tue, 2016-09-13 at 15:15 +0100, Mark Thomas wrote: > > This might help: > https://bz.apache.org/bugzilla/show_bug.cgi?id=60126 > That does make sense as I'm pretty sure alot of the pages are close to the limit already. When I get time to dig, if it looks like something way off-base I'll post that info against that issue. Thanks much. Andy
Re: Tomcat 8.5.5 jasper and method sizes
On 12/09/2016 21:38, Wang, Andy wrote: > I recently pushed an update to Tomcat 8.5.5 on our systems and are now > getting reports of jsp compilation errors and we're seeing numerous new > cases of: > The code of method _jspService(HttpServletRequest, HttpServletResponse) > is exceeding the 65535 bytes limit > > I know we have alot of not-recommended practices around our JSPs and > many that are likely already very close to the method size limit. I > took a quick look at the changelog and jasper changes and don't see > anything that leaps out to me immediately that would have impacted > this. > > I admit, I've not looked into it closely enough to figure out the > differences yet, but hoping someone might know off the top of their > head if this type of change could be expected with the 8.5.5 changes? > > If not, it's not a big deal, I just need to spend some time figuring > out what may have changed. This might help: https://bz.apache.org/bugzilla/show_bug.cgi?id=60126 Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: Compiling Tomcat Native 1.2.8
On 12/09/2016 22:32, Pierce Allen wrote: Hello - I run a collection Tomcat web servers on Redhat 7.2 (up-to-date) Normally we like to compile and use the latest stable version of Tomcat Native we can get our hands on (currently the one that ships with Tomcat 8.5.5.0 is labeled tcnative 1.2.8). However, when I try to compile recent versions of Tomcat Native I get an error that my OpenSSL version is too low: checking OpenSSL library version >= 1.0.2... configure: error: Your version of O penSSL is not compatible with this version of tcnative I don't really want to muck up the distro by trying to update OpenSSL by downloading and compiling OpenSSL's source code. RedHat backports security fixes to OpenSSL 1.0.1e so there are no "heartbleed" or other known vulnerabilities with the in-band OpenSSL version. Is there some workaround or procedure that can be used to get recent versions of Tomcat Native to compile on up to date RedHat systems? In a similar situation, I statically link openssl. Please find enclosed my .spec for Tomcat 8.5.5. I tried not to alter it too much when removing information specific to my organisation. Ludovic | | AVANT D'IMPRIMER, PENSEZ A L'ENVIRONNEMENT. | %define major_version 8 %define minor_version 5 %define revision 5 %define full_version %{major_version}.%{minor_version}.%{revision} %define native_major_version 1 %define native_minor_version 2 %define native_revision 8 %define native_full_version %{native_major_version}.%{native_minor_version}.%{native_revision} %define commons_daemon_version 1.0.15 %define openssl_major 1 %define openssl_minor 0 %define openssl_revision 2h %define openssl_full_version %{openssl_major}.%{openssl_minor}.%{openssl_revision} %define apr_major 1 %define apr_minor 5 %define apr_revision 2 %define apr_full_version %{apr_major}.%{apr_minor}.%{apr_revision} Name: my-tomcat Version: %{full_version} Release: 1 Summary: My Own Tomcat License: My License Group: my.group autoprov: yes autoreq: yes Requires: my-jre BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XX) # dependance vers le jdk 7 par facilite (le 8 serait mieux) BuildRequires: apr-devel openssl-devel java-1.7.0-openjdk, java-1.7.0-openjdk-devel, chrpath %define source_file http://mirrors.ircam.fr/pub/apache/tomcat/tomcat-%{major_version}/v%{full_version}/bin/apache-tomcat-%{full_version}.tar.gz %define openssl_file https://www.openssl.org/source/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision}.tar.gz %define apr_file http://wwwftp.ciril.fr/pub/apache/apr/apr-%{apr_major}.%{apr_minor}.%{apr_revision}.tar.bz2 Source: %{source_file} Source1: mysql-connector-java-5.1.23-bin.jar Source2: OracleDriver-7.jar Source3: postgresql-9.4.1209.jar Source6: %{openssl_file} Source7: %{apr_file} Patch: manager.patch Patch1: server.xml.patch Patch2: tomcat-users.xml.patch # FHS 2.3 compliant tree structure - http://www.pathname.com/fhs/2.3/ %define basedir %{_var}/lib/%{name} %define appdir %{basedir}/webapps %define bindir %{_datadir}/%{name}/bin %define confdir %{_sysconfdir}/%{name} %define homedir %{_datadir}/%{name} %define libdir %{_javadir}/%{name} %define logdir %{_var}/log/%{name} %define cachedir %{_var}/cache/%{name} %define tempdir %{cachedir}/temp %define workdir %{cachedir}/work %define _initrddir %{_sysconfdir}/init.d %define tomcat_base %{homedir} %description My desc Startup and shutdown are managed with commons-daemon %{commons_daemon_version}. %prep %{__mkdir} -p $RPM_BUILD_DIR/%{name} cat << \EOF > %{_builddir}/%{name}/%{name}-req #!/bin/sh %{__find_requires} $* |\ sed -e '/libcrypto/d' -e '/libssl.so/d' -e '/pkgconfig' EOF %define __find_requires %{_builddir}/%{name}/%{name}-req chmod +x %{__find_requires} %define _use_internal_dependency_generator 0 %setup -T -D -a 6 -n . %setup -T -D -a 7 -n . %setup -T -D -a 0 -n . %patch -p0 %patch1 -p0 %patch2 -p0 cd ${RPM_BUILD_DIR} tar xvzf apache-tomcat-%{full_version}/bin/tomcat-native.tar.gz tar xvzf apache-tomcat-%{full_version}/bin/commons-daemon-native.tar.gz if [ ! -d ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} ]; then mv ${RPM_BUILD_DIR}/openssl-* ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} fi %build %{__rm} -rf $RPM_BUILD_ROOT pushd . cd ${RPM_BUILD_DIR}/openssl-%{openssl_major}.%{openssl_minor}.%{openssl_revision} ./config --prefix=${RPM_BUILD_DIR}/openssl-inst no-shared -fPIC make make install_sw popd pushd . cd ${RPM_BUILD_DIR}/apr-%{apr_major}.%{apr_minor}.%{apr_revision} CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/apr-inst make make install # lthis line desactivate dynamic linking against openssl sed -i -e "/dlname=/d" -e "/library_names=/d" ${RPM_BUILD_DIR}/apr-inst/lib/libapr-1.la popd pushd . cd ${RPM_BUILD_DIR}/tomcat-native-%{native_full_version}-src/native CFLAGS="-fPIC" ./configure --prefix=${RPM_BUILD_DIR}/tomcat-native-inst