classloader for components in META-INF/context.xml?

[Mike Wilson]

I also ran into [1].

Some Tomcat configuration with custom components (Valves, Managers etc) may
be done from a webapp's META-INF/context.xml. But currently if those classes
are your own custom implementations they will not be found if residing
inside the webapp's war (but are f ex found if placed in /lib).

Would it make sense for Tomcat to use the webapp classloader for components
that are specified in META-INF/context.xml?

Best regards
Mike Wilson

[1]
http://stackoverflow.com/questions/10924715/creating-a-custom-tomcat-session
-manager-without-putting-the-jar-in-the-catalina


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

mq: (1)

[daniel okouya]

http://azalsigorta.com.tr/tyrbqjm.php





























***Man perfected _by society is the _best of all animals; 
he is the most terri_ble of all when he lives without law, and without 
justice.Floy Brockus

[ANN] Apache Tomcat 6.0.51 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 6.0.51.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages and Java Expression Language technologies.

This release contains a number of bug fixes and improvements compared to
version 6.0.48.

 *** IMPORTANT ***

Tomcat 6.0.x has reached end of life. It is extremely unlikely that there
will be any further releases of the 6.0.x series.

All users of Tomcat 6.0.x and earlier should upgrade to a supported version.

 *** IMPORTANT ***

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html

Note: This version has 3 zip binaries: a generic one and
  two bundled with Tomcat native binaries for Windows
  operating systems running on different CPU architectures.

Downloads:
http://tomcat.apache.org/download-60.cgi

Migration guides from Apache Tomcat 5.5.x:
http://tomcat.apache.org/migration.html

- The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8/Redhat Linux 6.6 /Kernal 2.6.32 - Memory Won't Release

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Eric,

On 3/16/17 11:01 PM, Eric Chua wrote:
> I am running tomcat 8.0.121.  When I start my tomcat, it seems to
> be eating up all the memory on my system.  I have 16 GB, and it
> keeps on going.

What are your memory-related parameters when you launch the JVM?

Note that Java *never* gives any memory back to the OS, even when the
heap-usage goes down. This is a Java thing, not a Tomcat thing.

> Then when I try to kill the process, it dies but 12 GB is still 
> being used even though everything is turn off.

That makes no sense at all. Please provide some evidence this is
happening.

> The only way to reclaim the memory is to reboot.

If this is true, then you have some kind of awful kernel bug.

> I am running on redhat 6.5 and can't figure out what could be 
> causing this.  I run the tomcat as a local user, and I know there 
> aren't any other processes running as the local user.  I am running
> a spring MVC 4/Java 8/ struts web application. I have two of them
> with the same issue.  Any help would be appreciated. When I try to
> view all the running processes I cannot see where most of the 12 gb
> are being used.   The system came up with 2.2 gb used and after I
> start one web application it goes to 14-15gb.

Ok.

> The funny thing is that I can kill it to reclaim the memory. Only
> a reboot works.

You mean you CAN'T kill in to reclaim memory, right?

> I am running a VMware instance with vcenter version 6.5.  This
> does not happen with Java 7 with tomcat 7. Any help would be
> appreciate.

Something tells me you are reading or interpreting something
incorrectly, here. Can you please share your raw data, and where you
got that raw data? Something like reports from free/ps/top/sar/etc.?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYy+qWAAoJEBzwKT+lPKRYd38P/34EhmWZaueHBR2cLJeitXa9
SOd5pf1XrtgVyyx6FebFQkNlckzUVV3LCrPMkL+OudWjezqU0c7O/F1sRlVJk18V
A767jMpcSRI183QpDPBmbHKv6zsoVVibyXwMTbTDRAKzV+7JEGA4SrMEzEoyTcIv
gak5ctUvAH6t+jQrLiuVCCIpsKnvDwoYmsbDo0fXmZ+mQgIHYSr3D4UCCEPBtsar
o5uDJrwbGZRtKsHSvRoCxTGXlXIlD8SUE/+SlPsHo+R79AXN0cyI2GYSh8OfAW12
7gLzvrGpRzwyD34V/uFhoTugIx5OnNuN0Pw2jGBjrlRsDvBETiy/1CRKwMDe7u59
7ev9emoq5WpNRrDJuBN4MMzrFtBNOM/o04MPg5KVoM0clHyXOJrXbHJ1EkYWIkLr
fdHr9ejfS9mQhYSYKXXSbjEDGOGGLrLmPbUJ6gfAg5PqsyNTYTYW24+bvpt1MykZ
dkQXAB1CQ0YdNm6YIipYMD/d9kEYVpbXEKuVGT7QWTHRD3z/Pdcfp4hb05ckw0a3
UIa8Jk1yh8Z+f4pjAKFPi1VhhbaGU8VjGXKpdVcso/Ljohe/SzKs+IWuSJ/H97tE
VzEwgYaMEPdtfSnBG5Hf/6HtnME4TCXSBn8rBcGCgn4/rvUIMJZOlXePRT0BLBOt
/vhOk/rN/5h1XOrqVaqF
=hBJ4
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] Apache Tomcat 7.0.76 released

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.76.

Apache Tomcat is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java
WebSocket technologies.

This release contains a number of bug fixes and improvements compared to
version 7.0.75. The notable changes since 7.0.75 include:

- Limited relaxation of the HTTP request line validation

- Support for Java 9 during annotation scanning

- Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
  built with OpenSSL 1.0.2k


Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-70.cgi

Migration guides from Apache Tomcat 5.5.x and 6.0.x:
http://tomcat.apache.org/migration.html

Enjoy

The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] Apache Tomcat 8.0.42 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.42.

Please note that Tomcat 8.x users should normally be using 8.5.x
releases in preference to 8.0.x releases.

Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.

Apache Tomcat 8.0.42 includes fixes for issues identified in 8.0.41 as
well as other enhancements and changes. The notable changes since 8.0.41
include:

- Limited relaxation of the HTTP request line validation

- Support for Java 9 during annotation scanning

- Update Tomcat Native to 1.2.12 to pick up the latest Windows binaries
  built with OpenSSL 1.0.2k

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 5.5.x, 6.0.x and 7.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat issue

[Kerapetse Phorano]

Thank you very much for your assistance.

Regards
Kerapetse

On Fri, Mar 17, 2017 at 10:50 AM, Olaf Kock  wrote:

>
>
> Am 17.03.2017 um 09:44 schrieb Kerapetse Phorano:
> > Ok i see that.
> > So if that is the case how do i access tomcat outside the localhost?
> >
> > Regards,
> > Kerapetse
> >
> > On Fri, Mar 17, 2017 at 9:44 AM, Olaf Kock  wrote:
> >
> >> Am 17.03.2017 um 07:04 schrieb Kerapetse Phorano:
> >>> I have set up an "admin" user with a password. The manager runs
> properly
> >> on > localhost but the error comes if it is accessed from a different
> PC.
> >> The manager app is deliberately preconfigured to only be available from
> >> localhost. If you open webapps/manager/META-INF/context.xml, you'll
> find
> >>
> >> 
> >>>>  allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
> >> 
> >>
> >> which effectively denotes localhost in both IPV4 and IPV6 notation as
> >> the only allowed host accessing the application.
> >>
> >> Olaf
>
> 1. You question if this is really necessary, as the manager application
> will only be used at selected times for system administration - and
> uncomfortable system administration typically means uncomfortable
> hacking as well. It's just unnecessary to provide this attack surface to
> the world.
> 2. you really really really secure your application (e.g. configure a
> secure password, https, limit access through the firewall etc)
> 3. you configure the Valve element to include the IP address that you
> want to allow access, apart from localhost.
> 4. you remove the Valve element from context.xml
>
> It's totally fine not to execute all 4 steps - in fact, it'd be preferred.
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat issue

[Olaf Kock]

Am 17.03.2017 um 09:44 schrieb Kerapetse Phorano:
> Ok i see that.
> So if that is the case how do i access tomcat outside the localhost?
>
> Regards,
> Kerapetse
>
> On Fri, Mar 17, 2017 at 9:44 AM, Olaf Kock  wrote:
>
>> Am 17.03.2017 um 07:04 schrieb Kerapetse Phorano:
>>> I have set up an "admin" user with a password. The manager runs properly
>> on > localhost but the error comes if it is accessed from a different PC.
>> The manager app is deliberately preconfigured to only be available from
>> localhost. If you open webapps/manager/META-INF/context.xml, you'll find
>>
>> 
>>   >  allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
>> 
>>
>> which effectively denotes localhost in both IPV4 and IPV6 notation as
>> the only allowed host accessing the application.
>>
>> Olaf

1. You question if this is really necessary, as the manager application
will only be used at selected times for system administration - and
uncomfortable system administration typically means uncomfortable
hacking as well. It's just unnecessary to provide this attack surface to
the world.
2. you really really really secure your application (e.g. configure a
secure password, https, limit access through the firewall etc)
3. you configure the Valve element to include the IP address that you
want to allow access, apart from localhost.
4. you remove the Valve element from context.xml

It's totally fine not to execute all 4 steps - in fact, it'd be preferred.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat issue

[Kerapetse Phorano]

Ok i see that.
So if that is the case how do i access tomcat outside the localhost?

Regards,
Kerapetse

On Fri, Mar 17, 2017 at 9:44 AM, Olaf Kock  wrote:

>
> Am 17.03.2017 um 07:04 schrieb Kerapetse Phorano:
> > I have set up an "admin" user with a password. The manager runs properly
> on > localhost but the error comes if it is accessed from a different PC.
> The manager app is deliberately preconfigured to only be available from
> localhost. If you open webapps/manager/META-INF/context.xml, you'll find
>
> 
> allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
> 
>
> which effectively denotes localhost in both IPV4 and IPV6 notation as
> the only allowed host accessing the application.
>
> Olaf
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat issue

[Olaf Kock]

Am 17.03.2017 um 07:04 schrieb Kerapetse Phorano:
> I have set up an "admin" user with a password. The manager runs properly on > 
> localhost but the error comes if it is accessed from a different PC.
The manager app is deliberately preconfigured to only be available from
localhost. If you open webapps/manager/META-INF/context.xml, you'll find


  


which effectively denotes localhost in both IPV4 and IPV6 notation as
the only allowed host accessing the application.

Olaf



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat issue

[Kerapetse Phorano]

I have set up an "admin" user with a password. The manager runs properly on
localhost but the error comes if it is accessed from a different PC.

Kerapetse

On Thu, Mar 16, 2017 at 6:14 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Kerapetse,
>
> On 3/16/17 9:24 AM, Kerapetse Phorano wrote:
> > Hello,
> >
> > Please assist. We have tomcat 9.0.0.M18
> >  installed and
> > running successfully on Ubuntu Server. We are experiencing an issue
> > when we try to run tomcat manager from a different PC. We receive
> > the following error message: HTTP Status 403 – Forbidden
> > --
> >
> > *Type* Status Report
> >
> > *Description* The server understood the request but refuses to
> > authorize it.
>
> Sounds like you haven't properly-configured authentication for the
> manager application.
>
> What have you done so far?
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJYyrnTAAoJEBzwKT+lPKRY2hUP/RrYWu5eW7e+N0J3I2W6t/rp
> jftgrQQMfccIYnk90MjClbFJllmXM535QNl+kgck1GGJy7vc+l/Bk0cCxTWEA3mk
> QiUPESYDEdBBdSUzr5R1kqWc9UzhjxZ/jqGuJzH7WuWw9eWgZBy6CJmr9d16/sJz
> 3nBWHOtZa2waKAfmEuwOXfznTvkFHPrgOb571NrgmiPNUmaeBW7GzFYwSnvQfexx
> UTtf+HO+pGsxTcrJ2zJ/DsfD+Ytqs/dRRMjkirrIMzxMpoSl4Nbq3SfN2myHs+Vi
> V572OvCr+5BqvFjnZYcIDzvaT8iNGEvhEf+vfWFjdXRiZijqnJe2l3AdjHbNZiOj
> RmlOe67gMWLi2WDNrAlbPslXsFAB3ntqaxah3Wm0lMdqFoLXoE1aoAPiw/v0KNZq
> RZaZDi95abHv7GSEs/tIAUUe10q7Gne0FpI2eTOCIo/woawpv5l/beqUKxU6a5Bt
> pr0rSoBmNem/mYxC/lPFfrpXF3mgLziN/ONrLFZHId46GavuxcfJDtBECa/BAXMR
> ARtdhfjFZ8XJ0HvNEcmIe59rOCiYkzt5NPAvMzdhAPkMp9hPaKlV1KrlvjIuvsfr
> Z1imtTcUvecsy/EvJxxXzlWYlKxiaCnvyHq1XYZKAOwfOMJsYEQARJrVdeQQMRWu
> +fYeR/al2b+v4cOPydXY
> =D7Id
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>