403 Error
Hello, I'm at a loss on how to track down why I'm getting a 403 error. My server.xml file and some logs follow: server.xml localhost_access_log.2021-09-03.txt 10.40.120.133 - - [03/Sep/2021:03:13:34 +] "GET / HTTP/1.1" 403 627 10.40.120.133 - - [03/Sep/2021:03:13:34 +] "GET /favicon.ico HTTP/1.1" 403 627 catalina.out (last 10 lines) <6>Starting service [Catalina] <6>Starting Servlet engine: [Apache Tomcat/9.0.31 (Ubuntu)] <6>At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. log4j:INFO Using URL [file:/usr/share/tomcat9/webapps/submitServer/WEB-INF/classes/log4j.properties] for automatic log4j configuration of repository named [default]. <6>Deploying web application archive [/usr/share/tomcat9/webapps/submitServer.war] <6>At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. <6>Deployment of web application archive [/usr/share/tomcat9/webapps/submitServer.war] has finished in [870] ms <6>Starting ProtocolHandler ["http-nio-8080"] <6>Starting ProtocolHandler ["ajp-nio-172.18.15.61-8009"] <6>Server startup in [2,351] milliseconds catalina.2021-09-03.log (last 10 lines) 03-Sep-2021 03:13:29.144 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [469] milliseconds 03-Sep-2021 03:13:29.195 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina] 03-Sep-2021 03:13:29.195 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.31 (Ubuntu)] 03-Sep-2021 03:13:30.500 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. 03-Sep-2021 03:13:30.605 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/usr/share/tomcat9/webapps/submitServer.war] 03-Sep-2021 03:13:31.459 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. 03-Sep-2021 03:13:31.476 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/usr/share/tomcat9/webapps/submitServer.war] has finished in [870] ms 03-Sep-2021 03:13:31.482 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"] 03-Sep-2021 03:13:31.489 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["ajp-nio-172.18.15.61-8009"] 03-Sep-2021 03:13:31.495 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [2,351] milliseconds localhost.2021-09-03.log (last 5 lines) 03-Sep-2021 03:13:31.473 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'QueryTestOutcomesFilter' 03-Sep-2021 03:13:31.473 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'ServletExceptionFilter' 03-Sep-2021 03:13:31.474 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'BuildServerAuthenticationFilter' 03-Sep-2021 03:13:31.474 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'ProjectJarfileFilter' 03-Sep-2021 03:13:31.474 FINE [main] org.apache.catalina.core.StandardContext.filterStart Starting filter 'InstructorActionFilter' Any assistance would be greatly appreciated. Thanks, David - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
BasicDataSource restart()
I have a requirement to start a new log database on the first of every month. I still need to have access to older monthly log databases. I do not want to create a bunch of hardcoded manually configured individual datasources, one for each month. I have a dynamic datasource solution that is completely implemented and working except for one little thing. I access the BasicDataSource implementation class for the datasource. I have an algorithm that substitutes _MM at the appropriate spot in the configured URL and then updates the url in the datasource. All of this works great. I can live with the fact that the datasource can only point to one database at a time. My concern is that once I transition to another database, there are existing connections in the pool that are already attached to the old database. I need to clear those out and start over. But I don't have the luxury of bouncing tomcat to clean it up. The apache commons BasicDataSource has a restart() method. But unfortunately that method is omitted from the Tomcat version. There is a close() method on the BasicDataSource. But I don't see anything that will re-open it after closing. I thought about changing maxActive to 0, and waiting for it to drain, then setting it back to the original value. None of these sound like an ideal solution. Without a restart() method, is there any other way to force all existing connections to close and start clean? Thx Jerry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[ANN] Apache Tomcat Native 1.2.31 released
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.31 stable. The key features of this release are: - Windows binaries built using OpenSSL 1.1.1l - Fix an issue when building with OpenSSl 3.0.0 Please refer to the change log for the complete list of changes: http://tomcat.apache.org/native-doc/miscellaneous/changelog.html Downloads: http://tomcat.apache.org/download-native.cgi The Apache Tomcat Native Library provides portable API for features not found in contemporary JDK's. It uses Apache Portable Runtime as operating system abstraction layer and OpenSSL for SSL networking and allows optimal performance in production environments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Orphaned thread by JNDIRealm / clearReferencesThreads reports memory leak
Hello, we are using the org.apache.catalina.realm.JNDIRealm for authentication of users against our windows AD. When undeploying the application, we see the following warning in our logs: WARNING [Catalina-utility-1] org.apache.catalina.loader.Webapp ClassLoaderBase.clearReferencesThreads The web application [ROOT] appears to have started a thread named [Thread-106] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread: java.base@11.0.3/java.net.SocketInputStream.socketRead0(Native Method) java.base@11.0.3/java.net.SocketInputStream.socketRead(SocketInputStream.java:115) java.base@11.0.3/java.net.SocketInputStream.read(SocketInputStream.java:168) java.base@11.0.3/java.net.SocketInputStream.read(SocketInputStream.java:140) java.base@11.0.3/sun.security.ssl.SSLSocketInputRecord.read(SSLSocketInputRecord.java:448) java.base@11.0.3/sun.security.ssl.SSLSocketInputRecord.bytesInCompletePacket(SSLSocketInputRecord.java:68) java.base@11.0.3/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1104) java.base@11.0.3/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:823) java.base@11.0.3/java.io.BufferedInputStream.fill(BufferedInputStream.java:252) java.base@11.0.3/java.io.BufferedInputStream.read1(BufferedInputStream.java:292) java.base@11.0.3/java.io.BufferedInputStream.read(BufferedInputStream.java:351) java.naming@11.0.3/com.sun.jndi.ldap.Connection.run(Connection.java:832) java.base@11.0.3/java.lang.Thread.run(Thread.java:834) The warning is not always shown but quite often. Summary of the analysis of the problem: On tomcat startup, the worker-thread is running under the tomcat classloader. But when a reconnect happens, the thread is running with the classloader of the web application and gets thus reported. The details: Digging into the problem via remote debugging showed the reason how this happens: During startup, Tomcat is initializing the JNDIRealm. The open-method of JNDIRealm is switching the classloader between bootstrap-CL and tomcat-lib-CL, depending on the attribute "useContextClassLoader". Afterwards the context-Object is created (createDirContext). Within this LdapCtx, an LdapClient is used to communicate with the AD-Server. This LdapClient uses a com.sun.jndi.ldap.Connection for TCP communication. This connection opens the reported Worker-Thread. This can be seen at https://github.com/AdoptOpenJDK/openjdk-jdk11/blob/master/src/java.naming/share/classes/com/sun/jndi/ldap/Connection.java around line 243 --> worker = Obj.helper.createThread(this); So far, so good. Somehow, the com.sun.jndi.ldap.Connection is sometimes closed and the thread dies. At least, the thread is not visible any more. Maybe because of a timeout on the AD-server side or something else happened. If a new user accesses the site, the JNDIRealm is authenticating the user. This triggers the following chain (path is shortened): JNDIRealm.getUserBySearch --> LdapCtx.dosearch --> LdapCtx.ensureOpen --> LdapCtx.connect --> LdapClient.getInstance --> Connection. This creates a new com.sun.jndi.ldap.Connection and thus a new thread. But this time, the thread is connected to the classloader of the web-application. On undeployment, the thread is thus reported to be orphaned. It was tested with Tomcat 9.0.52, Windows 10, OpenJDK 11.0.12_7. As the authentication is conducted within tomcat, before the application is triggered, I am not sure if the problem can be tackled on application side. Thanks in advance, Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
