Re: Tomcat 6 - How to make an application available at www.mydomain.com

[Borut Hadžialić]

Just a small correction:

1. Make a file called
${catalina.base}/conf/Catalina/localhost/ROOT.xml that contains:

instead of

1. Make a file called
${catalina.base}/conf/Catalina/localhost.ROOT.xml that contains:

On 1/29/12, Borut Hadžialić  wrote:
> Hi,
>
> the best way is to deploy your application to run inside tomcat
> without a context path - eg. to be available at http://localhost:8080/
> instead of http://localhost:8080/myApplication and use your apache
> reverse proxying / virtual host as it is.
>
> Trying to strip application context in virtual host configuration in
> my expirience was troublesome in some of my expiriences and now I
> always try to avoid it.
>
> What do you mean exactly by "without deploying it as ROOT.war"?
>
> You can set the context path of your Tomcat deployed applications to
> whatever you want - context path doesn't have to be the same as .war
> archive name. Just stop using deployment trough webapps directory and
> start using context files inside tomcat-x.x.x/conf directory to define
> your applications (all explained here
> http://tomcat.apache.org/tomcat-6.0-doc/config/context.html ), for
> example:
>
> 1. Make a file called
> ${catalina.base}/conf/Catalina/localhost.ROOT.xml that contains:
>
> 
> 
>  
> 
>
> 2. Copy you myApplication.war to ${catalina.base}/war - or some other
> directory if you want to arange things differently.
>
> 3. Remove myApplication.war from ${catalina.base}/webapps
>
> Where ${catalina.base} is you current tomcat installation (or base
> instance) where you are currently deploying you app.
>
>
>
> On 1/29/12, Thomas Rohde  wrote:
>>> I'm running tomcat 6 behind apache.
>>>
>>> I currently have an application deployed as "myApplication" and it is
>>> available at "http://www.mydomain.com/myApplication";.
>>>
>>> How can I make this application available at "http://www.mydomain.com";
>>> without deploying it as ROOT.war?
>>>
>>> My server is running Ubuntu 10.04.
>>>
>>> Thanks!
>>>
>>> Dean Del Ponte
>>>
>>
>> You could use a rewrite rule to achieve that:
>>
>> RewriteEngine On
>> RewriteRule ^/$ /myApplication/ [PT]
>> JkMount /myApplication* tomcat
>>
>> Works for me very well.
>>
>> Thomas
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
>
> --
> Why?
> Because YES!
>


-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 - How to make an application available at www.mydomain.com

[Borut Hadžialić]

Hi,

the best way is to deploy your application to run inside tomcat
without a context path - eg. to be available at http://localhost:8080/
instead of http://localhost:8080/myApplication and use your apache
reverse proxying / virtual host as it is.

Trying to strip application context in virtual host configuration in
my expirience was troublesome in some of my expiriences and now I
always try to avoid it.

What do you mean exactly by "without deploying it as ROOT.war"?

You can set the context path of your Tomcat deployed applications to
whatever you want - context path doesn't have to be the same as .war
archive name. Just stop using deployment trough webapps directory and
start using context files inside tomcat-x.x.x/conf directory to define
your applications (all explained here
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html ), for
example:

1. Make a file called
${catalina.base}/conf/Catalina/localhost.ROOT.xml that contains:



 


2. Copy you myApplication.war to ${catalina.base}/war - or some other
directory if you want to arange things differently.

3. Remove myApplication.war from ${catalina.base}/webapps

Where ${catalina.base} is you current tomcat installation (or base
instance) where you are currently deploying you app.



On 1/29/12, Thomas Rohde  wrote:
>> I'm running tomcat 6 behind apache.
>>
>> I currently have an application deployed as "myApplication" and it is
>> available at "http://www.mydomain.com/myApplication";.
>>
>> How can I make this application available at "http://www.mydomain.com";
>> without deploying it as ROOT.war?
>>
>> My server is running Ubuntu 10.04.
>>
>> Thanks!
>>
>> Dean Del Ponte
>>
>
> You could use a rewrite rule to achieve that:
>
> RewriteEngine On
> RewriteRule ^/$ /myApplication/ [PT]
> JkMount /myApplication* tomcat
>
> Works for me very well.
>
> Thomas
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Simple Tomcat monitoring ?

[Borut Hadžialić]

You could check it apache threads are the problem by using something like:

ps -feH | grep httpd | wc
(or something else instead httpd to hit only apache processes)

If the line number gets close to 150 (Apache (prefork) MaxClients)
then that is the problem.


On Tue, Apr 12, 2011 at 2:18 PM, André Warnier  wrote:
> Borut Hadžialić wrote:
>>
>> I'm gonna try to make a guess here :)
>>
>>> top - 08:20:02 up 72 days,  9:39,  4 users,  load average: 6.83, 5.63,
>>> 3.16
>>> Tasks: 265 total,   1 running, 264 sleeping,   0 stopped,   0 zombie
>>> Cpu(s):  0.2%us,  0.1%sy,  0.0%ni, 99.2%id,  0.5%wa,  0.0%hi,  0.0%si,
>>>  0.0%st
>>> Mem:  12328624k total, 11382976k used,   945648k free,   123400k buffers
>>> Swap:  4882424k total,      860k used,  4881564k free,  7565012k cached
>>
>> - somewhat large load average (6.83)
>> - but no io waiting (0.5%wa),
>> - app is heavily used
>> - tomcat requests take long time (sometimes takes few seconds to
>> produce the answer).
>>
>> Could it be a lack of threads at apache or tomcat?
>
> Spot on for the observation.
>
> That is one of the things that puzzle me : overall CPU usage is very low,
> and there is no i/o wait.  Yet the load average is high (which should mean
> that a number of processes are constantly waiting for something), and Tomcat
> is using 333% of CPU time (which may be very little time in an absolute
> sense, but is puzzling anyway).
> And the clients are waiting.
> So where are the time/resources being spent ?
>
> About threads :
> - Apache (prefork) MaxClients is set to 150
> - Tomcat AJP Connector does not specify any thread parameters, so defaults
> apply, which should be :
> maxThreads : 200
> maxSpareThreads : 50
> minSpareThreads : 4
>
> Considering that Apache handles most requests for static contents, I think
> that the numbers should be about right.
> But not having so far done any real monitoring, that may be wrong.  Which is
> one of the things I'd like to check.
>
> I think I'll start by making the Tomcat AJP Connector parameters explicit,
> and raise the minSpareThreads a bit.  And also its Heap size.
> But I don't like to start changing things left and right, without knowing
> exactly why I'm doing it.
>
> Is there for example any parameter or command-line switch that I can use for
> the JVM or Tomcat, which would tell me a bit more (in the logs) about when
> Tomcat is starting a new thread, how many are alive on average etc.. ?
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Simple Tomcat monitoring ?

[Borut Hadžialić]

I'm gonna try to make a guess here :)

> top - 08:20:02 up 72 days,  9:39,  4 users,  load average: 6.83, 5.63, 3.16
> Tasks: 265 total,   1 running, 264 sleeping,   0 stopped,   0 zombie
> Cpu(s):  0.2%us,  0.1%sy,  0.0%ni, 99.2%id,  0.5%wa,  0.0%hi,  0.0%si,  0.0%st
> Mem:  12328624k total, 11382976k used,   945648k free,   123400k buffers
> Swap:  4882424k total,  860k used,  4881564k free,  7565012k cached

- somewhat large load average (6.83)
- but no io waiting (0.5%wa),
- app is heavily used
- tomcat requests take long time (sometimes takes few seconds to
produce the answer).

Could it be a lack of threads at apache or tomcat?

On Tue, Apr 12, 2011 at 12:20 PM, André Warnier  wrote:
> Hi.
>
> I have a Linux application server running Apache + mod_jk + tomcat 5.5 (I
> know that it is relatively old; and to compound the heresy, it is installed
> from a Debian package).
> The hardware is quite OK (quad-core fast CPU, 12 GB RAM).
>
> Apache is serving most of the static content, and passing some requests to
> Tomcat via AJP.  Tomcat runs basically a single application, but this
> webapp, although itself quite small, can be heavily used : it is an
> interface to a text retrieval system (a kind of database specialised for
> textual data), and some of the searches made by users can take several
> seconds to come back with results, which may themselves be several pages of
> data.
>
> I can access the host remotely via SSH and via HTTP, and have full control
> of it.
> But it is a productive customer server, so there are limits to what I can
> do.
>
> I am having performance issues with that system : users at times complain
> that "they cannot access the application", and I see things like this in a
> "top" display :
>
> top - 08:20:02 up 72 days,  9:39,  4 users,  load average: 6.83, 5.63, 3.16
> Tasks: 265 total,   1 running, 264 sleeping,   0 stopped,   0 zombie
> Cpu(s):  0.2%us,  0.1%sy,  0.0%ni, 99.2%id,  0.5%wa,  0.0%hi,  0.0%si,
>  0.0%st
> Mem:  12328624k total, 11382976k used,   945648k free,   123400k buffers
> Swap:  4882424k total,      860k used,  4881564k free,  7565012k cached
>
>  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
>  2023 tomcat55  20   0  627m 184m 9344 S  333  1.5  32:00.47 jsvc
>  5396 root      20   0  832m 610m 9224 S  100  5.1  12:32.43 java
>    1 root      20   0 10316  760  624 S    0  0.0   0:33.14 init
>
> (where I presume that if tomcat is showing 333% CPU usage, it is because it
> is running on multiple cores; the second task visible above is the interface
> to the search engine).
>
> Anyway, my question is :
>
> Considering all the above, which would be the easiest/quickest way of
> starting to figure out what this tomcat is doing, and where the
> system/application bottleneck might be ?
>
> My preference would be in an easy tool to install and run, to first get a
> rough idea, and then maybe select more specific tools to examine one or the
> other area more in-depth.
> Or maybe I can just first add some command-line switches to the JVM running
> tomcat, to give me more information in the logs ?
>
> (My workstation is Windows XP, and I can install anything I want on it.)
>
> Additional details :
>
> Platform : (Linux 64-bit)
> # uname -a
> Linux vogon2 2.6.26-2-amd64 #1 SMP Thu Nov 25 04:30:55 UTC 2010 x86_64
> GNU/Linux
>
> Tomcat and Java :
>
> Using CATALINA_BASE:   /usr/share/tomcat5.5
> Using CATALINA_HOME:   /usr/share/tomcat5.5
> Using CATALINA_TMPDIR: /usr/share/tomcat5.5/temp
> Using JRE_HOME:       /usr/lib/jvm/java-6-sun
> Server version: Apache Tomcat/5.5
> Server built:   Oct 15 2008 12:57:44
> Server number:  5.5.26.0
> OS Name:        Linux
> OS Version:     2.6.26-2-amd64
> Architecture:   amd64
> JVM Version:    1.6.0_22-b04
> JVM Vendor:     Sun Microsystems Inc.
> vogon2:/usr/share/tomcat5.5/bin#
>
> Tomcat is started as :
> tomcat55  2023  2021  6 Apr11 ?        00:31:58 /usr/bin/jsvc -user tomcat55
> -cp
> /usr/share/java/commons-daemon.jar:/usr/share/tomcat5.5/bin/bootstrap.jar
> -outfile SYSLOG -errfile SYSLOG -pidfile /var/run/tomcat5.5.pid
> -Djava.awt.headless=true -Xms128M -Xmx128M
> -Djava.endorsed.dirs=/usr/share/tomcat5.5/common/endorsed
> -Dcatalina.base=/var/lib/tomcat5.5 -Dcatalina.home=/usr/share/tomcat5.5
> -Djava.io.tmpdir=/var/lib/tomcat5.5/temp
> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> -Djava.util.logging.config.file=/var/lib/tomcat5.5/conf/logging.properties
> org.apache.catalina.startup.Bootstrap
>
> (which I don't think is a lot of heap space, which may be a problem here.
> But before I change it, I'd like to know why I change it; the server.xml
> settings are pretty much the standard issue, all defaults for threads
> etc..).
>
> Apache and mod_jk :
>
> Apache/2.2.9 (Debian) DAV/2 mod_jk/1.2.26 mod_apreq2-20051231/2.6.0
> mod_perl/2.0.4 Perl/v5.10.0 configured
>
> Thanks in advance for any recommendation
>
>
> 

Re: Windows Authentication: Issue 49318 vs 47679

[Borut Hadžialić]

On Tue, Mar 29, 2011 at 9:57 PM, Mark Thomas  wrote:
> It is in scope with the caveat - as always - that it depends on what the
> final implementation looks like. I do know (from debug logging) that
> right now tokens do not allow delegation. I suspect the hardest part of
> implementing this will be figuring out what config needs tweaking to
> allow that.

I think that credential delegation is configured at the domain
controller and client side, as this nice article describes:
http://spnego.sourceforge.net/credential_delegation.html

>> I am sure this would be useful for some applications - for example the
>> one that we are currently developing needs functionality like this.
>
> Testing help always appreciated if you are happy running the latest
> 7.0.x release (this should be in 7.0.12 which I plan to start releasing
> just as soon as I finish everything on my todo list).
>

We already have some hand written custom code for this. We will not be
switching to 7.0.x (we will be deploying to tcServer in producion, and
it will probably take lots of time for 7.0.12 changes to appear in
some version of tcServer, so we need the custom code we have at the
moment).
I might however try to deploy our app to 7.0.12 when it is out - and
see how much of our custom code will get removed by this spnego
support that you are writing now.

-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Windows Authentication: Issue 49318 vs 47679

[Borut Hadžialić]

Whoops, i reversed the condition of the if statement, it should be:

//check if the credentials can be delegated
if (context.getCredDelegState()) {
...
}

On Tue, Mar 29, 2011 at 9:47 PM, Borut Hadžialić
 wrote:
> Would adding support for client credential delegation be out of scope
> for this implementation or not?
>
> Client credential delegation is when you use the spnego token
> construct a javax.security.auth.Subject instance that represents the
> client - which the server side application can use this to impersonate
> the client (eg. connect to some Kerberized database as the client that
> sent the request, or consume some other kerberized service as the
> client).
>
> The code for creating such a Subject would be something like this:
>
> GSSContext context =
> GSSManager.getInstance().createContext((GSSCredential) null);
> context.acceptSecContext(...);
>
> //check if the credentials can be delegated
> if (!context.getCredDelegState()) {
>
>  //get the delegated credentials from the calling peer...
>  GSSCredential clientCred = context.getDelegCred();
>
>  //Create a Subject out of the delegated credentials.
>  //With this Subject the application server can impersonate the
> client that sent the request.
>  Subject clientSubject =
> com.sun.security.jgss.GSSUtil.createSubject(context.getSrcName(),
> clientCred);
> }
>
> //Store the clientSubject somewhere - maybe to the HttpServletRequest?
>
> I am sure this would be useful for some applications - for example the
> one that we are currently developing needs functionality like this.
>
> On Tue, Mar 29, 2011 at 9:09 PM, Mark Thomas  wrote:
>> On 29/03/2011 15:20, Mark Thomas wrote:
>>> On 28/03/2011 22:31, Stefan Mayr wrote:
>>>> Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
>>>> your scale of "little". Is there already some development we can follow?
>>>> Will this use Java GSS? I never figured out how to configure this with
>>>> Tomcat.
>>>
>>> "little" hopefully means the next week or so in a 7.0.12 release. I have
>>> a handful of things I need/want to get into 7.0.12 and SPNEGO is one of
>>> them.
>>>
>>> Having spent more time than I want to think about and having lost count
>>> of the number of times I re-installed Windows 2k8 server to test this, I
>>> finally got this working a few minutes ago. The current code is *very*
>>> rough and ready and it only does authentication, not authorisation so I
>>> still have some work to do.
>>>
>>> The solution is based on ideas from Spring Security's Kerberos extension
>>> and the most recent patches attached to bug 48685.
>>>
>>> I'll be committing an initial implementation once I have cleaned up the
>>> code a bit and then I'll build on that to add authorisation, more
>>> configuration etc.
>>
>> The first part just got committed [1]. More to follow over the next day
>> or so.
>>
>> Mark
>>
>> [1] http://svn.apache.org/viewvc?rev=1086683&view=rev
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
>
>
> --
> Why?
> Because YES!
>



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Windows Authentication: Issue 49318 vs 47679

[Borut Hadžialić]

Would adding support for client credential delegation be out of scope
for this implementation or not?

Client credential delegation is when you use the spnego token
construct a javax.security.auth.Subject instance that represents the
client - which the server side application can use this to impersonate
the client (eg. connect to some Kerberized database as the client that
sent the request, or consume some other kerberized service as the
client).

The code for creating such a Subject would be something like this:

GSSContext context =
GSSManager.getInstance().createContext((GSSCredential) null);
context.acceptSecContext(...);

//check if the credentials can be delegated
if (!context.getCredDelegState()) {

  //get the delegated credentials from the calling peer...
  GSSCredential clientCred = context.getDelegCred();

  //Create a Subject out of the delegated credentials.
  //With this Subject the application server can impersonate the
client that sent the request.
  Subject clientSubject =
com.sun.security.jgss.GSSUtil.createSubject(context.getSrcName(),
clientCred);
}

//Store the clientSubject somewhere - maybe to the HttpServletRequest?

I am sure this would be useful for some applications - for example the
one that we are currently developing needs functionality like this.

On Tue, Mar 29, 2011 at 9:09 PM, Mark Thomas  wrote:
> On 29/03/2011 15:20, Mark Thomas wrote:
>> On 28/03/2011 22:31, Stefan Mayr wrote:
>>> Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
>>> your scale of "little". Is there already some development we can follow?
>>> Will this use Java GSS? I never figured out how to configure this with
>>> Tomcat.
>>
>> "little" hopefully means the next week or so in a 7.0.12 release. I have
>> a handful of things I need/want to get into 7.0.12 and SPNEGO is one of
>> them.
>>
>> Having spent more time than I want to think about and having lost count
>> of the number of times I re-installed Windows 2k8 server to test this, I
>> finally got this working a few minutes ago. The current code is *very*
>> rough and ready and it only does authentication, not authorisation so I
>> still have some work to do.
>>
>> The solution is based on ideas from Spring Security's Kerberos extension
>> and the most recent patches attached to bug 48685.
>>
>> I'll be committing an initial implementation once I have cleaned up the
>> code a bit and then I'll build on that to add authorisation, more
>> configuration etc.
>
> The first part just got committed [1]. More to follow over the next day
> or so.
>
> Mark
>
> [1] http://svn.apache.org/viewvc?rev=1086683&view=rev
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Windows Authentication: Issue 49318 vs 47679

[Borut Hadžialić]

Hellos Stefan,

if you can't fix your problem with configuration and decide that you
want to solve the problem by programming, then this might help you
http://blog.springsource.com/2009/09/28/spring-security-kerberos/
After understanding that article a developer should be able to add a
SPNEGO implementation (probably not the whole protocol, just as much
it is needed for your app) to your Tomcat application by adding some
filters.
What the implementation needs to do is basically:
 1. If there is a 'Negotiate ..' http header or other authentication,
read it and process it.

 2. Otherwise if there is no authentication, send a spnego challenge
//HttpServletResponse response
response.addHeader("WWW-Authenticate", "Negotiate");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.flushBuffer();


On Sun, Mar 27, 2011 at 8:26 PM, Stefan Mayr  wrote:
> Hello everybody,
>
> as many others before we wanted to do single-sign-on for intranet web
> applications using integrated windows authentication (negotiate because IE
> sometimes tries NTLM instead of using plain kerberos - breaking all our
> kerberos-only experiments).
>
> We thought that IIS would be the best choice for integrated windows
> authentication and we could pass the user via AJP (using mod_jk) to our
> tomcat instances.
>
> Our setup:
> - Windows 2008 R2 using IIS 7.5 (64bit)
> - mod_jk 1.2.31
> - Oracle Java 1.6 U24
> - Tomcat 6.0.32
>
> At first glance using tomcatAuthentication=false worked as expected. We got
> the remote user and started deploying an application. End of happiness - the
> application complained about a missing user-agent. That header was not
> passed to tomcat when authentication was enabled on IIS.
>
> Some research revealed Bug 47679 - Not all headers get passed to Tomcat
> server from isapi_redirect.dll
> (https://issues.apache.org/bugzilla/show_bug.cgi?id=47679)
>
> Today I've found Bug 49318 - add a Negotiate (Kerberos/NTLM) authenticator /
> integrate Waffle (https://issues.apache.org/bugzilla/show_bug.cgi?id=49318).
> The last comment links a new Windows Authentication How-To from Mark Thomas.
> Looks like we have already tried almost all proposed solutions:
>
> - IIS + mod_jk:
>  tried but stuck in Bug 47679. Also tried ARR to pass the user name
>  as a request header from IIS to Tomcat without success
> - Apache mod_ntlm: used it and we replaced it by the much more stable
>  mod_auth_ntlm_winbind. NTLMv1 is also disabled on Windows 7 (default)
> - Apache mod_auth_ntlm: in heavy use but stuck to Apache 2.0 and 32bit
>  plattform - we couldn't get stability problems solved on Apache 2.2
>  and 64bit Linux. No ongoing development.
> - Apache mod_auth_sspi: till now in internal use for a very small
>  project (works just fine), not sure about the future. Although
>  there seems to be some new activity on 1.0.5 beta
> - Waffle: found it on thursday and it is on my our todo-list for
>  testing it next week
>
> Any chances to get Bug 47679 solved? How can we help (we are admins, no
> devs)?
> What solutions have you deployed? Recommendations?
>
> Thank you,
>
>        Stefan Mayr
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 5.5.30 and Spring Framework

[Borut Hadžialić]

> The docBase for my app is /usr/local/jsp/
> I've placed my spring test JSP in /usr/local/jsp/testSpring/testSpring.jsp

You probably want your's app docBase to be something like
/usr/local/myapp, and then have your jsp's in a directory
/usr/local/myapp/WEB-INF/jsp/ - eg.
/usr/local/myapp/WEB-INF/jsp/testSpring/testSpring.jsp


On Sat, Mar 12, 2011 at 5:42 AM, Aureliusz R.  wrote:
> Borut,
>
> thanks again. You were correct, it was lazy initialization. Pretty
> much at this point I got the spring part working.
>
> I've encountered yet another issue with mapping requests from apache2
> web server to tomcat. It seems to have something to do with SSL, as I
> don't have this issue for http.
>
> The situation looks as follows:

>
> apache2/httpd.conf has the following mod_jk mappings:
> JkMount /servlet/* worker1
> JkMount /*.jsp worker1
> JkMount /jsp/* worker1
>
> When I invoke this JSP directly through tomcat, or through apache
> httpd server but over http, it works fine:
> http://server.domain.com:8080/jsp/testSpring/testSpring.htm
> http://server.domain.com/jsp/testSpring/testSpring.htm
>
> When I invoke this JSP through apache httpd over https, it's actually
> looking for the static htm file. It doesn't go through tomcat at all.
> https://server.domain.com/jsp/testSpring/testSpring.htm
>
> Not Found
> The requested URL /jsp/testSpring/testSpring.htm was not found on this server.
>
> Would you be able to point me in the right direction? I searched
> through some of the ssl config files, but I didn't find anything that
> would prevent /jsp/**/*.htm requests from being sent to tomcat.
>
> Thanks,
> aurir_
>
> On Fri, Mar 11, 2011 at 9:30 AM, Borut Hadžialić
>  wrote:
>> Do not put anything in $TOMCAT_HOME/conf/web.xml - leave that file as
>> it is when you unpack a fresh Tomcat distribution.
>>
>> Why the servlet is not being loaded?  - not 100% about this, but I
>> would first check if it is maybe being lazy loaded/initialized. After
>> your tomcat starts up, try to browse http://localhost:8080/test.htm -
>> that http request will be mapped to your spring servlet, and it will
>> trigger the initialization of your spring servlet (if that was the
>> problem in the first place, but i think it is).
>>
>> The exception you were getting meant that your DispatcherServlet
>> couldn't find and load its configuration file at startup.
>> A DispatcherServlet's configuration file is by default
>> /WEB-INF/-servlet.xml'.  is 'spring' in
>> your case - that is how you named it inside web.xml:
>>
>> 
>>        spring
>>     
>> 
>>
>> So your DispatcherServlet instance that you named 'spring' tried to
>> load the file /WEB-INF/spring-servlet.xml, which wasn't there and you
>> got the exception:
>> java.io.FileNotFoundException: Could not open ServletContext resource
>> [/WEB-INF/spring-servlet.xml]
>>
>> Make sure you have 'spring' DispatcherServlet's configuration in a
>> file /WEB-INF/spring-servlet.xml, or use some other file with
>> configuration like this:
>>
>> 
>>        spring
>>        
>>            org.springframework.web.servlet.DispatcherServlet
>>        
>>  
>>    contextConfigLocation
>>    /WEB-INF/foo/bar-servlet.xml
>>  
>>        1
>>    
>>
>> On Fri, Mar 11, 2011 at 4:08 PM, Aureliusz R.  wrote:
>>> Borut,
>>>
>>> your instructions were spot on. I was able to track down my docBase
>>> folder (it was specified in $TOMCAT_HOME/conf/servlet.xml ,
>>> and I verified that it's the correct location by adding some context
>>> parameters to the web.xml in my docBase, and then retrieving them from
>>> a JSP.
>>>
>>> Now I have another problem though. For some reason, my
>>> DispatcherSetvlet (for the spring framework) is not being loaded at
>>> all. I tried placing the piece of XML below in the
>>> $TOMCAT_HOME/conf/web.xml and my docBase/WEB-INF/web.xml. I also
>>> specified invalid fully qualified name for my DispatcherServlet to get
>>> some kind of exception, but I don't get anything. Is there anything
>>> that would prevent this servlet from being loaded?
>>>
>>>
>>>    
>>>        spring
>>>        *.htm
>>>    
>>>
>>>  It's ridiculous because some time ago when I placed it in
>>> $TOMCAT_HOME/conf/web.xml I was getting the exception below, and
>>> that's the reason why I wanted to know w

Re: Tomcat 5.5.30 and Spring Framework

[Borut Hadžialić]

Do not put anything in $TOMCAT_HOME/conf/web.xml - leave that file as
it is when you unpack a fresh Tomcat distribution.

Why the servlet is not being loaded?  - not 100% about this, but I
would first check if it is maybe being lazy loaded/initialized. After
your tomcat starts up, try to browse http://localhost:8080/test.htm -
that http request will be mapped to your spring servlet, and it will
trigger the initialization of your spring servlet (if that was the
problem in the first place, but i think it is).

The exception you were getting meant that your DispatcherServlet
couldn't find and load its configuration file at startup.
A DispatcherServlet's configuration file is by default
/WEB-INF/-servlet.xml'.  is 'spring' in
your case - that is how you named it inside web.xml:


spring
 


So your DispatcherServlet instance that you named 'spring' tried to
load the file /WEB-INF/spring-servlet.xml, which wasn't there and you
got the exception:
java.io.FileNotFoundException: Could not open ServletContext resource
[/WEB-INF/spring-servlet.xml]

Make sure you have 'spring' DispatcherServlet's configuration in a
file /WEB-INF/spring-servlet.xml, or use some other file with
configuration like this:


spring

org.springframework.web.servlet.DispatcherServlet

  
contextConfigLocation
/WEB-INF/foo/bar-servlet.xml
  
1


On Fri, Mar 11, 2011 at 4:08 PM, Aureliusz R.  wrote:
> Borut,
>
> your instructions were spot on. I was able to track down my docBase
> folder (it was specified in $TOMCAT_HOME/conf/servlet.xml ,
> and I verified that it's the correct location by adding some context
> parameters to the web.xml in my docBase, and then retrieving them from
> a JSP.
>
> Now I have another problem though. For some reason, my
> DispatcherSetvlet (for the spring framework) is not being loaded at
> all. I tried placing the piece of XML below in the
> $TOMCAT_HOME/conf/web.xml and my docBase/WEB-INF/web.xml. I also
> specified invalid fully qualified name for my DispatcherServlet to get
> some kind of exception, but I don't get anything. Is there anything
> that would prevent this servlet from being loaded?
>
>
>    
>        spring
>        *.htm
>    
>
>  It's ridiculous because some time ago when I placed it in
> $TOMCAT_HOME/conf/web.xml I was getting the exception below, and
> that's the reason why I wanted to know where my docBase is in the
> first place. Now that I know where it is, the DispatcherServlet
> doesn't seem to be loaded at all. Is there anything that would prevent
> this servlet from being loaded?
>
> org.springframework.beans.factory.BeanDefinitionSt oreException:
> IOException parsing XML document from ServletContext resource
> [/WEB-INF/spring-servlet.xml]; nested exception is
> java.io.FileNotFoundException: Could not open ServletContext resource
> [/WEB-INF/spring-servlet.xml]
>
> Thanks,
> Aurir_
>
> On Tue, Mar 8, 2011 at 2:47 AM, Borut Hadžialić
>  wrote:
>> The piece of xml you posted looks like something from
>> $TOMCAT_HOME/conf/web.xml file. This file contains some default
>> configuration that is applied to all web applications and you usually
>> don't change it.
>>
>> What you need to find is the /WEB-INF directory of your web
>> application. /WEB-INF directory resides in the root directory of your
>> web application. This directory is also called Context Root / Document
>> Base - its the directory that contains all files of your app. You
>> usually put spring config files in the /WEB-INF directory of your web
>> application.
>>
>>
>> It doesn't matter where individual applications are on the disk (where
>> their Context Root / Document Base directories are). Applications can
>> be in $TOMCAT_HOME/webapps, or in some other directories anywhere on
>> the filesystem.
>>
>> To figure out where your application's Context Root / Document Base is
>> you can do this:
>> 1. use find to search for WEB-INF directories on your filesystem
>> 2. find your Tomcat's instance conf directory ($TOMCAT_HOME/conf) and
>> go trough the config files there: first look at server.xml - look for
>>  elements and see if it has a appBase attribute defined. Then
>> check if the  element has any  child elements. If it
>> does, their docBase attribute points to document base of an
>> application.
>> If you don't find it there, look for subdirectories in conf directory
>> - for example there might be subdirectories Catalina/localhost that
>> contain individual application xml config files. Those files also
>> contain  elements - look for their d

Re: Is it possible to configure 2 SSL connectors on one Tomcat instance?

[Borut Hadžialić]

Hi Nikko,

I asume that you really want 2 connectors with 2 different key stores,
not 2 different trust stores.

If you have 2 ip addresses then its easy - define 2 connectors and use
their address attribute to assign each connector one ip address.

If you have only 1 ip address then you might have a problem. The
problem with name based virtual hosts under https/ssl is that ssl
handshake (which involves server sending a certificate for some
domain) happens after tcp/ip connection is established - before the
HOST part of the http request can be read. So if you would have 2
different https virtual domains on same ip:port, the server wouldn't
know which certificate to send just after a tcp/ip connection was
established, because it must decide what certificate to send based on
information which is inside the HTTP request, which can be read only
after establishing a ssl connection. This is a general problem, not
just Tomcat specific.

Maybe if your domains are really similar to host1.myhost.com and
host2.myhost.com you could use a wildcard certificate (*.myhost.com)
or if you are using a self-signed certificate and want just https
encryption and not server verification - then you could use 1 Tomcat
connector.

And btw if you are defining a https connector in tomcat you are using
a key store - a trust store is used when you verify client
certificates when you set clientAuth="true" which is rare.


On Tue, Mar 8, 2011 at 1:57 PM, Nikko Nikko  wrote:
> Hi,
>
>
>
>   Is It possible to define 2 SSL connectors for 2 different virtual domain
> domains? For example I want to define 2 virtual hosts:  “host1.myhost.com”
> and “host2.myhost.com” and want to have different trust store  for each of
> them. I want to run them in one and the same Tomcat instance.
>
>
>
> Best regards,
>
>  Nikko.
>



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 5.5.30 and Spring Framework

[Borut Hadžialić]

The piece of xml you posted looks like something from
$TOMCAT_HOME/conf/web.xml file. This file contains some default
configuration that is applied to all web applications and you usually
don't change it.

What you need to find is the /WEB-INF directory of your web
application. /WEB-INF directory resides in the root directory of your
web application. This directory is also called Context Root / Document
Base - its the directory that contains all files of your app. You
usually put spring config files in the /WEB-INF directory of your web
application.


It doesn't matter where individual applications are on the disk (where
their Context Root / Document Base directories are). Applications can
be in $TOMCAT_HOME/webapps, or in some other directories anywhere on
the filesystem.

To figure out where your application's Context Root / Document Base is
you can do this:
1. use find to search for WEB-INF directories on your filesystem
2. find your Tomcat's instance conf directory ($TOMCAT_HOME/conf) and
go trough the config files there: first look at server.xml - look for
 elements and see if it has a appBase attribute defined. Then
check if the  element has any  child elements. If it
does, their docBase attribute points to document base of an
application.
If you don't find it there, look for subdirectories in conf directory
- for example there might be subdirectories Catalina/localhost that
contain individual application xml config files. Those files also
contain  elements - look for their docBase attribute.

On Tue, Mar 8, 2011 at 4:47 AM, Aureliusz R.  wrote:
> I know this is not a typical tomcat question but please bear with me.
> All Spring integrations call for placing configuration xmls in
> /WEB-INF/ of an application. The tomcat that I'm forced to work with
> has a weird configuration where there are no applications under
> $TOMCAT_HOME/webapps folder. There is one folder where all of the
> servlets go, and the invoker servlet is mapped to it:
>
> 
>  invoker
>  /servlets/*
> 
>
> My question is, how do I know where the context (default context?) in
> such a situation is, so that I could place my spring configuration
> files in there? Is spring usage even possible with such configuration?
>
> Thanks
> Aurir_
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat NTLM Authentication

[Borut Hadžialić]

Yes Andre you are right, I misunderstood the OP - Hila wants to access
the database as a single domain user.

How to implement this is probably database specific. For example
Oracle jdbc driver requires you to either:
A) be running the process which makes the database connections as the
domain user which can access the database.
B) somehow get an instance of javax.security.auth.Subject representing
such an user, for example by using a kerberos keytab file.

There are code examples for A) (connectWithDefaultUser())  and B)
(connectWithSpecificUser()) on the page i linked in the last mail.

The problem after that is how to get connection pooling (you might
need to implement you own).

Hila, what database are you using?


On Mon, Mar 7, 2011 at 11:59 AM, André Warnier  wrote:
> Borut,
>
> thanks. I think that this is very helpful.
> It does not do what the OP wanted to do, but it does what he /should/ be
> doing (in my view).
>
> הילה,
> if the users connect to Tomcat, and the connections to the database are all
> done under the "Tomcat" user-id, then basically you are putting all the
> users into one big pot, and the database does not know who is really
> connecting to it.
> That means that now any of the users can do in the database anything that
> this "Tomcat" user-id can do, and you can never find out afterwards who did
> it.
> And because this "Tomcat" user needs to be able to do in the database
> anything that any user could do, it needs to have very broad rights to the
> database (the sum of all the users rights).
> In the scheme below, that is not true : each user connects to the database
> under his own user-id, so the database can decide who is allowed to do what,
> and can also keep track of who did what.
>
>
> Borut Hadžialić wrote:
>>
>> Hi Hila,
>>
>> I have a similar requirement in my current project. End users (using
>> browsers and java desktop apps) which work on windows workstations
>> which are in a domain, must be able to log in the application without
>> needing to type in username and password (using their windows
>> credentials). Additionaly, the connection to the underlying database
>> must also be done using those user credentials.
>>
>> My steps while implementing this were:
>> 1. Implement authentication (browser->server, desktop app -> server)
>> which uses kerberos
>> 2. Enable credential delegation so your app server can impersonate
>> client when connecting to the database
>> 3. Connect to the database as the client from within app server
>> code/process (this is database-specific)
>>
>> This is how I solved it:
>> I use SPNEGO for browser/webapp scenario authentication. These
>> materials helped me come up with a working server side SPNEGO
>> implementation:
>>
>> This is what I ended up using for reading a SPNEGO token:
>> http://blog.springsource.com/2009/09/28/spring-security-kerberos/
>>
>> Some general information about kerberos from msdn:
>> http://msdn.microsoft.com/en-us/library/ms995329.aspx
>> http://msdn.microsoft.com/en-us/library/ms995330.aspx
>>
>> Very nice articles about credentials delegation (you need that so your
>> app server can impersonate clients when it connects to the database)
>>
>> http://s2.diffuse.it/blog/show/6602-SPNEGO_authentication_and_credential_delegation_with_Java
>> http://spnego.sourceforge.net/credential_delegation.html
>>
>> I also had some java desktop apps which needed to authenticate in a
>> similar way, which use Spring HttpInvoker as a remoting protocol, so I
>> decided to make HttpInvoker pass some SPNEGO headers as well, and it
>> seems to work:
>> https://jira.springsource.org/browse/SES-11
>>
>>
>> We use Oracle as the database and some materials that were helpfull were
>> these:
>> Oracle Jdbc connection with kerberos
>>
>> http://download.oracle.com/docs/cd/E11882_01/java.112/e10589/clntsec.htm#insertedID7
>>
>> http://download.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html
>>
>> Some general info on Oracle Advanced Security
>>
>> http://download-west.oracle.com/docs/cd/B14099_19/idmanage.1012/b14085/odip_actdir001.htm#CHDDFFGG
>>
>> If you also use Oracle I can send you a complete code example for this
>> - I have the whole thing working for simple tests..I should have a
>> more complete implementation in few weeks.
>>
>> Cheers.
>>
>> 2011/3/7 הילה :
>>>
>>> Hey,
>>>
>>> The tomcat is running on windows server 2008 R2 STD
>>> I don't now if using windows authentication is less secure a

Re: Tomcat NTLM Authentication

[Borut Hadžialić]

One of the links I sent you was broken, the right link is:

Oracle Jdbc connection with kerberos
http://download.oracle.com/docs/cd/B28359_01/java.111/b31224/clntsec.htm#CIHCIDHF

Or just google for 'oracle jdbc kerberos' if they move the content again.

On Mon, Mar 7, 2011 at 10:55 AM, Borut Hadžialić
 wrote:
> Hi Hila,
>
> I have a similar requirement in my current project. End users (using
> browsers and java desktop apps) which work on windows workstations
> which are in a domain, must be able to log in the application without
> needing to type in username and password (using their windows
> credentials). Additionaly, the connection to the underlying database
> must also be done using those user credentials.
>
> My steps while implementing this were:
> 1. Implement authentication (browser->server, desktop app -> server)
> which uses kerberos
> 2. Enable credential delegation so your app server can impersonate
> client when connecting to the database
> 3. Connect to the database as the client from within app server
> code/process (this is database-specific)
>
> This is how I solved it:
> I use SPNEGO for browser/webapp scenario authentication. These
> materials helped me come up with a working server side SPNEGO
> implementation:
>
> This is what I ended up using for reading a SPNEGO token:
> http://blog.springsource.com/2009/09/28/spring-security-kerberos/
>
> Some general information about kerberos from msdn:
> http://msdn.microsoft.com/en-us/library/ms995329.aspx
> http://msdn.microsoft.com/en-us/library/ms995330.aspx
>
> Very nice articles about credentials delegation (you need that so your
> app server can impersonate clients when it connects to the database)
> http://s2.diffuse.it/blog/show/6602-SPNEGO_authentication_and_credential_delegation_with_Java
> http://spnego.sourceforge.net/credential_delegation.html
>
> I also had some java desktop apps which needed to authenticate in a
> similar way, which use Spring HttpInvoker as a remoting protocol, so I
> decided to make HttpInvoker pass some SPNEGO headers as well, and it
> seems to work:
> https://jira.springsource.org/browse/SES-11
>
>
> We use Oracle as the database and some materials that were helpfull were 
> these:
> Oracle Jdbc connection with kerberos
> http://download.oracle.com/docs/cd/E11882_01/java.112/e10589/clntsec.htm#insertedID7
> http://download.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html
>
> Some general info on Oracle Advanced Security
> http://download-west.oracle.com/docs/cd/B14099_19/idmanage.1012/b14085/odip_actdir001.htm#CHDDFFGG
>
> If you also use Oracle I can send you a complete code example for this
> - I have the whole thing working for simple tests..I should have a
> more complete implementation in few weeks.
>
> Cheers.
>
> 2011/3/7 הילה :
>> Hey,
>>
>> The tomcat is running on windows server 2008 R2 STD
>> I don't now if using windows authentication is less secure and affects all
>> network's security, since this user have permissions only on the DB. you
>> can't even perform login to servers with this user.
>> anyway, I appreciate your comments and discussion of why it's less secure or
>> not, but I need to perform this (task I've been given from guys in high
>> above positions), so please help with what I'm trying to do :]
>>
>> If I can't use spnego and other stuff of the list i've found, what can I do?
>>
>> Thanks
>> Hila
>>
>>
>> 2011/3/6 André Warnier 
>>
>>>  wrote:
>>>
>>>> Hey,
>>>>
>>>> I want to change the way that tomcat authenticates to the DB of our
>>>> application, from SQL authentication to Windows authentication.
>>>> We use Tomcat 6.0.29 , and the user and password to connect to the DB is
>>>> specified in clear text in the xml configuration file under the folder
>>>> conf/catalina/localhost.
>>>> My goal is to remove the user and password from the xml file, and letting
>>>> the tomcat windows service run with a domain user that has permissions to
>>>> the DB.
>>>>
>>>> when I searched for a solutions for what i'm trying to do, i got to this
>>>> page-
>>>> http://wiki.apache.org/tomcat/FAQ/Windows#Q4
>>>>
>>>> Which suggest these methods:
>>>> -Waffle/JNA
>>>> -Tomcat SPNEGO
>>>> -SPNEGO SF
>>>> -Jespa (commercial)
>>>> -Tomcat IIS Connector
>>>> -Samba JCIFs (obsolete, no NTLMv2)
>>>>
>>>> Are one of these methods suit for what I

Re: Tomcat NTLM Authentication

[Borut Hadžialić]

Hi Hila,

I have a similar requirement in my current project. End users (using
browsers and java desktop apps) which work on windows workstations
which are in a domain, must be able to log in the application without
needing to type in username and password (using their windows
credentials). Additionaly, the connection to the underlying database
must also be done using those user credentials.

My steps while implementing this were:
1. Implement authentication (browser->server, desktop app -> server)
which uses kerberos
2. Enable credential delegation so your app server can impersonate
client when connecting to the database
3. Connect to the database as the client from within app server
code/process (this is database-specific)

This is how I solved it:
I use SPNEGO for browser/webapp scenario authentication. These
materials helped me come up with a working server side SPNEGO
implementation:

This is what I ended up using for reading a SPNEGO token:
http://blog.springsource.com/2009/09/28/spring-security-kerberos/

Some general information about kerberos from msdn:
http://msdn.microsoft.com/en-us/library/ms995329.aspx
http://msdn.microsoft.com/en-us/library/ms995330.aspx

Very nice articles about credentials delegation (you need that so your
app server can impersonate clients when it connects to the database)
http://s2.diffuse.it/blog/show/6602-SPNEGO_authentication_and_credential_delegation_with_Java
http://spnego.sourceforge.net/credential_delegation.html

I also had some java desktop apps which needed to authenticate in a
similar way, which use Spring HttpInvoker as a remoting protocol, so I
decided to make HttpInvoker pass some SPNEGO headers as well, and it
seems to work:
https://jira.springsource.org/browse/SES-11


We use Oracle as the database and some materials that were helpfull were these:
Oracle Jdbc connection with kerberos
http://download.oracle.com/docs/cd/E11882_01/java.112/e10589/clntsec.htm#insertedID7
http://download.oracle.com/javase/6/docs/api/javax/security/auth/Subject.html

Some general info on Oracle Advanced Security
http://download-west.oracle.com/docs/cd/B14099_19/idmanage.1012/b14085/odip_actdir001.htm#CHDDFFGG

If you also use Oracle I can send you a complete code example for this
- I have the whole thing working for simple tests..I should have a
more complete implementation in few weeks.

Cheers.

2011/3/7 הילה :
> Hey,
>
> The tomcat is running on windows server 2008 R2 STD
> I don't now if using windows authentication is less secure and affects all
> network's security, since this user have permissions only on the DB. you
> can't even perform login to servers with this user.
> anyway, I appreciate your comments and discussion of why it's less secure or
> not, but I need to perform this (task I've been given from guys in high
> above positions), so please help with what I'm trying to do :]
>
> If I can't use spnego and other stuff of the list i've found, what can I do?
>
> Thanks
> Hila
>
>
> 2011/3/6 André Warnier 
>
>>  wrote:
>>
>>> Hey,
>>>
>>> I want to change the way that tomcat authenticates to the DB of our
>>> application, from SQL authentication to Windows authentication.
>>> We use Tomcat 6.0.29 , and the user and password to connect to the DB is
>>> specified in clear text in the xml configuration file under the folder
>>> conf/catalina/localhost.
>>> My goal is to remove the user and password from the xml file, and letting
>>> the tomcat windows service run with a domain user that has permissions to
>>> the DB.
>>>
>>> when I searched for a solutions for what i'm trying to do, i got to this
>>> page-
>>> http://wiki.apache.org/tomcat/FAQ/Windows#Q4
>>>
>>> Which suggest these methods:
>>> -Waffle/JNA
>>> -Tomcat SPNEGO
>>> -SPNEGO SF
>>> -Jespa (commercial)
>>> -Tomcat IIS Connector
>>> -Samba JCIFs (obsolete, no NTLMv2)
>>>
>>> Are one of these methods suit for what I'm trying to do?
>>> When reading about Tomcat SPNEGO, it says that users working on a windows
>>> client OS and IE or Firefox, can be silently authenticated (SSO) to a
>>> Tomcat
>>> running on a windows server via NTLM or kerberos. It doesn't seem to be
>>> what
>>> I aim for, since tomcat users are not interest me, only the tomcat windows
>>> service and how it connects to the DB
>>>
>>>  Exactly. Now you have the issue correctly framed.
>> And you are right above : all these methods indeed identify/authenticate
>> the client of the Tomcat application to Tomcat, not Tomcat itself to
>> something else. (**)
>>
>> The one thing missing in your description above, is that your Tomcat server
>> is running on a Windows machine.
>> And also that your back-end database system is able itself to perform user
>> authentication either in clear-text (user-id + password), or via Windows
>> NTLM authentication.
>>
>> (And, if the back-end database server is set to do NTLM authentication,
>> then it can only do so for Domain user-id's; NTLM authentication will not
>> work with a "server-local" user-id).
>>
>>

Re: Can we use Tomcat web server?

[Borut Hadžialić]

Hi,

what would stop you from using Tomcat to host your application in production?

Apache Tomcat is licensed under Apache 2.0 license meaning you can
(practically) do whatever you want with it. And its being successfully
used in production for many years in large number of installations.

Take a look at this link for more information
http://tomcat.apache.org/legal.html



On Tue, Oct 26, 2010 at 10:28 AM, Chandra Shekar Bairi
 wrote:
> Dear friends,
>
> I have developed a small web application using the Tomcat web server
> for my company. We are planning to purchase a web server very soon.
> Can we host this web application in our company before we purchase a
> different web server. This does not serve any business purpose. The
> web application is completely internal to our company.
>
> Kindly clarify.
>
> Thanks
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: apache 2 + tomcat 6 virtualhost question

[Borut Hadžialić]

In that case you can have one tomcat instance per application. Each
application can run inside its own tomcat process and have different
ajp port, mod_jk worker and apache virtual host.

On Thu, May 27, 2010 at 1:29 AM, Bithost Ltda.  wrote:
> El 26-05-10 18:31, Borut Hadžialić escribió:
>>
>> Hi Patricio, try this:
>>
>> 1. Redeploy your app in tomcat so it shows at http://mydomain:8080/
>> instead of http://mydomain:8080/myapp
>>
>> How you do this depends on how you deployed the app in the first place -
>>
>> a) if you deployed a myapp.war and use autodeploy, then rename it to
>> ROOT.war and redeploy it
>> b) if you are using a >
>> 2. Add an AJP connector to your tomcat's conf/server.xml eg:
>> > URIEncoding="utf8"/>
>>  and restart tomcat
>>
>> 3. Define an apache mod_jk worker eg:
>> /usr/local/apache2/conf/workers.properties:
>>
>> worker.list=myapp
>>
>> worker.myapp.type=ajp13
>> worker.myapp.host=localhost
>> worker.myapp.port=8109
>>
>> 4. Add a virtual host in apache configuration:
>>
>> NameVirtualHost *:80
>> 
>>
>> 
>>    ServerAdmin y...@gmail.com <mailto:y...@gmail.com>
>>    DocumentRoot "/usr/local/apache2/htdocs" <--- this is irrelevant
>> because of JkMount /*
>>    ServerName www.mydomain.com <http://www.mydomain.com>
>> #    ServerAlias www.somethingelse.com <http://www.somethingelse.com>
>>    ErrorLog "logs/www.mydomain.com-error_log"
>>    CustomLog "logs/www.mydomain.com-access_log" common#
>>    JkMount /* myapp
>> 
>>
>> 5. Make sure mod_jk config is in apache conf:
>> 
>> JkWorkersFile   /usr/local/apache2/conf/workers.properties
>> JkShmFile       /usr/local/apache2/logs/mod_jk.shm
>> JkLogFile       /usr/local/apache2/logs/mod_jk.log
>> JkLogLevel      info
>> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
>> 
>>
>> Restart apache.
>>
>> In that case files in /home/mydomain/htdocs are no longer relevant.
>>
>>
>>
>> On Wed, May 26, 2010 at 11:32 PM, Bithost Ltda. > <mailto:bithost.ch...@gmail.com>> wrote:
>>
>>    Hello
>>
>>    I'm new to tomcat and i have some experience with apache, i have a
>>    debian server with apache 2.2 + mod_jk and tomcat 6 server.
>>    My doc root for my site is /home/mydomain/htdocs and i have a site
>>    which is using a WAR which i deployed it via the tomcat manager.
>>    So far if i go to http://mydomain:8080/myapp it shows fine, but
>>    now what i need is that if i type www.mydomain.com
>>    <http://www.mydomain.com> it has to show the app directly. I've
>>    managed to create an htaccess with a 301 redirect to the url
>>    http://mydomain:8080/myapp as a temporal fix, but what i need is
>>    that when i type www.mydomain.com <http://www.mydomain.com> it
>>    goes to my app and stays with the mydomain.com
>>    <http://mydomain.com> url.
>>    How can i do that? do you need any config file? any help is
>>    appreciated.
>>
>>    Thanks in advance.
>>
>>
>>    --     Patricio López Salgado
>>    Jefe de Operaciones
>>    2-697 9216
>>
>>    <http://www.bithost.cl>
>>
>>
>>
>>
>> --
>> Why?
>> Because YES!
>
> Hello
>
> I appreciate this very helpful guide, i have some of these configs already
> in motion (got the ajp connector port, workers.properties and mod_jk
> included in apache), but what if i have more than 2 sites which need the
> same way of deploy (virtualhosting), in that case i can't deploy it under
> mydomain.com:8080, it has to be under mydomain.com:8080/myapp
> Thanks for your time.
>



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: apache 2 + tomcat 6 virtualhost question

[Borut Hadžialić]

Small mistake - put

worker.myapp.port=8009 instead of worker.myapp.port=8109  (port needs to be
the same as the one in tomcat's conf/server.xml  wrote:

> Hi Patricio, try this:
>
> 1. Redeploy your app in tomcat so it shows at http://mydomain:8080/instead of
> http://mydomain:8080/myapp
>
> How you do this depends on how you deployed the app in the first place -
>
> a) if you deployed a myapp.war and use autodeploy, then rename it to
> ROOT.war and redeploy it
> b) if you are using a 
> 2. Add an AJP connector to your tomcat's conf/server.xml eg:
>  URIEncoding="utf8"/>
>   and restart tomcat
>
> 3. Define an apache mod_jk worker eg:
> /usr/local/apache2/conf/workers.properties:
>
> worker.list=myapp
>
> worker.myapp.type=ajp13
> worker.myapp.host=localhost
> worker.myapp.port=8109
>
> 4. Add a virtual host in apache configuration:
>
> NameVirtualHost *:80
> 
>
> 
> ServerAdmin y...@gmail.com
> DocumentRoot "/usr/local/apache2/htdocs"   <--- this is irrelevant
> because of JkMount /*
> ServerName www.mydomain.com
> #ServerAlias www.somethingelse.com
> ErrorLog "logs/www.mydomain.com-error_log"
> CustomLog "logs/www.mydomain.com-access_log" common#
> JkMount /* myapp
> 
>
> 5. Make sure mod_jk config is in apache conf:
> 
> JkWorkersFile   /usr/local/apache2/conf/workers.properties
> JkShmFile   /usr/local/apache2/logs/mod_jk.shm
> JkLogFile   /usr/local/apache2/logs/mod_jk.log
> JkLogLevel  info
> JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
> 
>
> Restart apache.
>
> In that case files in /home/mydomain/htdocs are no longer relevant.
>
>
>
>
> On Wed, May 26, 2010 at 11:32 PM, Bithost Ltda. 
> wrote:
>
>>  Hello
>>
>> I'm new to tomcat and i have some experience with apache, i have a debian
>> server with apache 2.2 + mod_jk and tomcat 6 server.
>> My doc root for my site is /home/mydomain/htdocs and i have a site which
>> is using a WAR which i deployed it via the tomcat manager.
>> So far if i go to http://mydomain:8080/myapp it shows fine, but now what
>> i need is that if i type www.mydomain.com it has to show the app
>> directly. I've managed to create an htaccess with a 301 redirect to the url
>> http://mydomain:8080/myapp as a temporal fix, but what i need is that
>> when i type www.mydomain.com it goes to my app and stays with the
>> mydomain.com url.
>> How can i do that? do you need any config file? any help is appreciated.
>>
>> Thanks in advance.
>>
>>
>> --
>> Patricio López Salgado
>> Jefe de Operaciones
>> 2-697 9216
>>
>>  
>>
>
>
>
> --
> Why?
> Because YES!
>



-- 
Why?
Because YES!

Re: apache 2 + tomcat 6 virtualhost question

[Borut Hadžialić]

Hi Patricio, try this:

1. Redeploy your app in tomcat so it shows at http://mydomain:8080/ instead
of http://mydomain:8080/myapp

How you do this depends on how you deployed the app in the first place -

a) if you deployed a myapp.war and use autodeploy, then rename it to
ROOT.war and redeploy it
b) if you are using a 
  and restart tomcat

3. Define an apache mod_jk worker eg:
/usr/local/apache2/conf/workers.properties:

worker.list=myapp

worker.myapp.type=ajp13
worker.myapp.host=localhost
worker.myapp.port=8109

4. Add a virtual host in apache configuration:

NameVirtualHost *:80



ServerAdmin y...@gmail.com
DocumentRoot "/usr/local/apache2/htdocs"   <--- this is irrelevant
because of JkMount /*
ServerName www.mydomain.com
#ServerAlias www.somethingelse.com
ErrorLog "logs/www.mydomain.com-error_log"
CustomLog "logs/www.mydomain.com-access_log" common#
JkMount /* myapp


5. Make sure mod_jk config is in apache conf:

JkWorkersFile   /usr/local/apache2/conf/workers.properties
JkShmFile   /usr/local/apache2/logs/mod_jk.shm
JkLogFile   /usr/local/apache2/logs/mod_jk.log
JkLogLevel  info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "


Restart apache.

In that case files in /home/mydomain/htdocs are no longer relevant.



On Wed, May 26, 2010 at 11:32 PM, Bithost Ltda. wrote:

>  Hello
>
> I'm new to tomcat and i have some experience with apache, i have a debian
> server with apache 2.2 + mod_jk and tomcat 6 server.
> My doc root for my site is /home/mydomain/htdocs and i have a site which is
> using a WAR which i deployed it via the tomcat manager.
> So far if i go to http://mydomain:8080/myapp it shows fine, but now what i
> need is that if i type www.mydomain.com it has to show the app directly.
> I've managed to create an htaccess with a 301 redirect to the url
> http://mydomain:8080/myapp as a temporal fix, but what i need is that when
> i type www.mydomain.com it goes to my app and stays with the mydomain.comurl.
> How can i do that? do you need any config file? any help is appreciated.
>
> Thanks in advance.
>
>
> --
> Patricio López Salgado
> Jefe de Operaciones
> 2-697 9216
>
>  
>



-- 
Why?
Because YES!

Re: Putting "APACHE" in front of a stand-alone Tomcat Server

[Borut Hadžialić]

On Mon, May 17, 2010 at 1:58 PM, Stephen .  wrote:
> Hi,
>
> thanks for your response.
>
> However, I would need some more explanation.
>
> Exactly where and how would I implement those "Tomcat Connectors" ?
>
> Apparently, all I have is the Tomcat engine itself. So, what I need is an
> actual "Apache" server.  (Am I right?)

A simplified explanation - Tomcat connectors - mod_jk is an Apache
HTTPD module that can be used to implement a reverse proxy and load
balancing.

You need to install Apache HTTPD (which runs on Windows too), add
module mod_jk to it and configure it.

You can find more detailed tutorials and explanations how to do it on
google - this is the first one that google returned to me
http://www3.ntu.edu.sg/home/ehchua/programming/howto/apache_tomcat_howto.html

>
> Another thing :  I've had my Tomcat running for a while now. The application
> which is running on the server is Sun's Identity Manager (IDM).
>
> If I now place an Apache in front of it, would that, in any way, damage the
> web application itself?
>

What kind of authentication does the application use?

>
> Thanks
>
>
>
>
>> Date: Mon, 17 May 2010 13:44:12 +0200
>> Subject: Re: Putting "APACHE" in front of a stand-alone Tomcat Server
>> From: borut.hadzia...@gmail.com
>> To: users@tomcat.apache.org
>>
>> Take a look at http://tomcat.apache.org/connectors-doc/
>>
>> I think you can also use apache mod_proxy.
>>
>> On Mon, May 17, 2010 at 1:36 PM, Stephen .  wrote:
>> >
>> >
>> > Hi all,
>> >
>> > just a quick question.
>> >
>> > I am currently using a stand-alone Tomcat Server to run an application.
>> >
>> > However, I plan to expand this application (which is web-based) to
>> > enable "Authentication" processes from external IDPs  (Identity Providers).
>> >
>> > Unfortunately, to be able to implement this, the IDPs require that
>> > Tomcat must not be a stand-alone server. It requires Apache  (apparently,
>> > all authentication requests will need to be routed via the Apache)
>> >
>> > My question is : is it possible to make this change (somehow install, or
>> > "place" Apache in front of my current Tomcat server)?  Or does this require
>> > a whole new installation of Apache Tomcat?
>> >
>> > I am using : Apache Tomcat 6.0.18
>> >
>> >
>> > (Funny thing : I always thought that the name "Apache Tomcat"
>> > automatically meant that my server already had Apache in front of it. But,
>> > it seems I was wrong)
>> >
>> >
>> >
>> > _
>> > Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
>> > https://signup.live.com/signup.aspx?id=60969
>>
>>
>>
>> --
>> Why?
>> Because YES!
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
> 
> Hotmail: Free, trusted and rich email service. Get it now.



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Putting "APACHE" in front of a stand-alone Tomcat Server

[Borut Hadžialić]

Take a look at http://tomcat.apache.org/connectors-doc/

I think you can also use apache mod_proxy.

On Mon, May 17, 2010 at 1:36 PM, Stephen .  wrote:
>
>
> Hi all,
>
> just a quick question.
>
> I am currently using a stand-alone Tomcat Server to run an application.
>
> However, I plan to expand this application (which is web-based) to enable 
> "Authentication" processes from external IDPs  (Identity Providers).
>
> Unfortunately, to be able to implement this, the IDPs require that Tomcat 
> must not be a stand-alone server. It requires Apache  (apparently, all 
> authentication requests will need to be routed via the Apache)
>
> My question is : is it possible to make this change (somehow install, or 
> "place" Apache in front of my current Tomcat server)?  Or does this require a 
> whole new installation of Apache Tomcat?
>
> I am using : Apache Tomcat 6.0.18
>
>
> (Funny thing : I always thought that the name "Apache Tomcat" automatically 
> meant that my server already had Apache in front of it. But, it seems I was 
> wrong)
>
>
>
> _
> Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
> https://signup.live.com/signup.aspx?id=60969



-- 
Why?
Because YES!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: IP-based virtual hosting with Tomcat(6)

[Borut Hadžialić]

Maybe this will be helpfull to you?
http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_Name_

I am not sure how well that extension is supported in browsers and other ssl
clients, or can you get a CA to sign a certificate that contains these
extensions. But, I wouldn't be surprised if  there were no problems with any
of that because there are scenarios in which its useful to have same
certificate be valid for a url that contains a host name or ip address..

What I do know is that I used a single self signed certificate (with subject
alt names for:
IP Address=10.0.100.11
IP Address=10.0.100.12
IP Address=10.0.100.13
IP Address=10.0.100.14
)
locally for testing on 4 app servers that ran a load balanced app. We tested
the app with urls like https://10.0.100.11/ https://10.0.100.12/ and so on.



On Wed, Jul 29, 2009 at 10:44 PM,  wrote:

>
> My second issue is perhaps more serious: is there an underlying assumption
> with
> virtual hosts that they are bound by distinct security constraints? I mean,
> is there
> an implicit assumption, for instance, that distinct virtual hosts would use
> distinct SSL certificates?
>
> I plan to (rather, need to) use the same SSL certificate for all vHosts.
>
> Thanx again!
>
> /U
>
>

-- 
Why?
Because YES!

Re: Did anyone had problems with JspWriter in Tomcat 5.5.17?

[Borut Hadžialić]

I found the cause of the problem.

Tomcat's implementation of javax.servlet.http.HttpServlet implements
the doGet method like this:

   protected void doHead(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException
   {
NoBodyResponse response = new NoBodyResponse(resp);

doGet(req, response);
response.setContentLength();
   }

The problem occurs when a HTTP HEAD request arrives for a page that
isn't in the page cache.

When a HTTP HEAD request is received for a page that is not in the
cache, the caching filter prepares a response wrapper that will
capture the request (content generated by the application's servlets),
puts that wrapper in the place of the real response, for the filters
and servlets next in the chain, and gives the execution to the next
filter/servlet in chain..

But, for HTTP HEAD requests, the caching wrapper never gets to the
servlets that generate content, because the above method wraps it in
NoBodyResponse, a response wrapper that throws away everything that is
writen to it, like /dev/null does... servlets write content to
NoBodyResponse, and the content is lost.

On the way back, the caching filter inspects the response wrapper it
created, sees 200 response code, and decides that the page was
generated well, and caches it... (the content doesn't get cached
because NoBodyResponse didnt forward it to the response it wrapped -
caching filter's response wrapper)

I will fix my caching filter to watch for this special case, and that
will solve the problem in our applications... but I wonder if it is
okay that Tomcat (silently) wraps the response inside a wrapper like
NoBodyResponse that eats content.. or was it my fault that I didn't
explicitly make difference between GET and HEAD requests when thinking
about caching, probably because of lack of expirience..


--
Why?
Because YES!

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Did anyone had problems with JspWriter in Tomcat 5.5.17?

[Borut Hadžialić]

The problem seem to happen before writing to the cache. Jsps write to
response wrapper's buffer.. well, when they do page gets generated
fine, when they don't we get a blank home page served and put in the
cache.

On 7/16/07, rpr_listas <[EMAIL PROTECTED]> wrote:

Hello, Borut.

Are you sure that there are no other  thread writing in the cache at
this moment? How do you prevent this case?

Best regards.
Ricardo




--
Why?
Because YES!

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Did anyone had problems with JspWriter in Tomcat 5.5.17?

[Borut Hadžialić]

The caching filter uses a BlockingCache. A miss (get that returns
null) locks that entry/key, and other threads that try to get the page
from the cache using the same key, must wait until the thread that
locked the entry puts something into the cache and releases the lock.
Lock are released implicitly when cache put method is called, by the
thread that locked it. All this is implemented inside Ehcache. We
havent observed any thread deadlock problems (using JMX to monitor
servers)

Lock implementation is net.sf.ehcache.constructs.concurrent.Mutex
which is a copy of Doug Lea's mutex class from standard Java API,
copied and imported into Ehcache.



On 7/16/07, rpr_listas <[EMAIL PROTECTED]> wrote:

Hello, Borut.

Are you sure that there are no other  thread writing in the cache at
this moment? How do you prevent this case?

Best regards.
Ricardo


Borut Hadžialić escribió:
> Hi list,
>
> I have spent last 15 working hours trying to figure out the cause of a
> strange bug. Home page on one of our web sites sometimes gets
> generated with no content - as a blank page, the response buffer
> having size 0. We use caching filter (modified CachingFilter from
> Ehcache 1.3.0) which uses a response wrapper to capture responses to
> make caching possible. The response wrapper internaly uses standard
> classes ByteArrayOutputStream and PrintWriter from the Java API.
>
> The page cache time-to-live is set to 1 day. When the page is
> generated first time by jsps and tiles it is put into cache, and
> served for next 24 hours from the cache. After 24 hours  it gets
> generated again.
>
> The manifestation of the bug is that randomly, the homepage gets
> generated as a blank page, about once in every 3 cache refreshes. When
> it occurs, the ByteArrayOutputStream has size 0, after the generation
> of the page has completed.
>
> Generating the homepage involves pulling some data from the database,
> which changes rarely, about once every week. I put cache time to live
> 300 seconds to eliminate the posibility that corrupt data from
> database causes errors in page generation. With 300 second time to
> live the problem was still there. The data in database does not change
> between good and faulty page generations. Home page is relatively
> simple - it does not involve pulling data from other data sources. It
> just reads some data the database and uses that data to make some
> html, using jsp.
>
> After turning on logging on database calls, all filters, and using a
> PrintWriter decorator inside our response wraper that echoes all print
> statements to the log,  I found out something strange -
>
> A correct page generation logs some database calls (by the database
> logger), then a chunk of html (by the logging PrintWriter decorator,
> as a result of flushing JspWriter after enough out.write calls have
> been made), then some more database calls, then some more html.. and
> the page gets generated.
>
> ** A faulty generation (the one that produces a blank page) logs
> exactly same database calls as a correct page generation, but the log
> entries produced by the echoing PrintWriter are missing! **, like as
> jsps are executing normally, but something is wrong with the JspWriter
> out object.
>
> I am suspecting that somehow JspWriter writes somewhere else, not
> where it should. It should write into response wrapper's buffer,
> though the echoing/logging PrintWriter. But there is no PrintWriter
> echo and no bytes in response wrapper buffer... more exactly,
> *sometimes* there is no PrintWriter echo and no bytes in response
> wrapper buffer.
>
> I have read all the code that makes up the life cycle of PageContext
> and JspWriter on the docjar site (not sure for what version of
> Tomcat), and couldn't find anything that would help me solve this.
>
> 
http://www.docjar.com/html/api/org/apache/jasper/runtime/JspWriterImpl.java.html
>
> 
http://www.docjar.com/html/api/org/apache/jasper/runtime/PageContextImpl.java.html
>
> 
http://www.docjar.com/html/api/org/apache/jasper/runtime/JspFactoryImpl.java.html
>
>
> After adding some more logging statements I found out that 1 instance
> of JspWritter and 1 instance of PageContext are used shared across all
> page generations (site has low traffic and rarely 2 requests in same
> time). Same JspWritter and  PageContext instances sometimes
> participate in good page and faulty page generations.
>
> I was hoping that someone on this list might know something that could
> help me find out why is this happening. Please help.
>
>


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Why?
Because YES!

Re: Did anyone had problems with JspWriter in Tomcat 5.5.17?

[Borut Hadžialić]

I forgot to write information about our environment:

Os: Red Hat 4.1 (Linux 2.6.9-42.EL) on i386
Jvm: Sun's Java HotSpot(TM) Client VM version 1.5.0_07-b03
Tomcat 5.5.17
We also use Spring, Informix db, iBatis, Jsp (tiles) and Ehcache 1.3.0
We have made 5 sites for now with these same technologies. The bug
only occurrs on the home page on the least visited site.. Other sites
are visited very often (we have to use load balancing on 4 servers)


And 1 more important thing - when the caching filter is turned off,
pages always get generated fine. But.. the code that creates the
wrapper is same for all apps/pages, and works fine in other apps.



--
Why?
Because YES!

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Did anyone had problems with JspWriter in Tomcat 5.5.17?

[Borut Hadžialić]

Hi list,

I have spent last 15 working hours trying to figure out the cause of a
strange bug. Home page on one of our web sites sometimes gets
generated with no content - as a blank page, the response buffer
having size 0. We use caching filter (modified CachingFilter from
Ehcache 1.3.0) which uses a response wrapper to capture responses to
make caching possible. The response wrapper internaly uses standard
classes ByteArrayOutputStream and PrintWriter from the Java API.

The page cache time-to-live is set to 1 day. When the page is
generated first time by jsps and tiles it is put into cache, and
served for next 24 hours from the cache. After 24 hours  it gets
generated again.

The manifestation of the bug is that randomly, the homepage gets
generated as a blank page, about once in every 3 cache refreshes. When
it occurs, the ByteArrayOutputStream has size 0, after the generation
of the page has completed.

Generating the homepage involves pulling some data from the database,
which changes rarely, about once every week. I put cache time to live
300 seconds to eliminate the posibility that corrupt data from
database causes errors in page generation. With 300 second time to
live the problem was still there. The data in database does not change
between good and faulty page generations. Home page is relatively
simple - it does not involve pulling data from other data sources. It
just reads some data the database and uses that data to make some
html, using jsp.

After turning on logging on database calls, all filters, and using a
PrintWriter decorator inside our response wraper that echoes all print
statements to the log,  I found out something strange -

A correct page generation logs some database calls (by the database
logger), then a chunk of html (by the logging PrintWriter decorator,
as a result of flushing JspWriter after enough out.write calls have
been made), then some more database calls, then some more html.. and
the page gets generated.

** A faulty generation (the one that produces a blank page) logs
exactly same database calls as a correct page generation, but the log
entries produced by the echoing PrintWriter are missing! **, like as
jsps are executing normally, but something is wrong with the JspWriter
out object.

I am suspecting that somehow JspWriter writes somewhere else, not
where it should. It should write into response wrapper's buffer,
though the echoing/logging PrintWriter. But there is no PrintWriter
echo and no bytes in response wrapper buffer... more exactly,
*sometimes* there is no PrintWriter echo and no bytes in response
wrapper buffer.

I have read all the code that makes up the life cycle of PageContext
and JspWriter on the docjar site (not sure for what version of
Tomcat), and couldn't find anything that would help me solve this.

http://www.docjar.com/html/api/org/apache/jasper/runtime/JspWriterImpl.java.html
http://www.docjar.com/html/api/org/apache/jasper/runtime/PageContextImpl.java.html
http://www.docjar.com/html/api/org/apache/jasper/runtime/JspFactoryImpl.java.html

After adding some more logging statements I found out that 1 instance
of JspWritter and 1 instance of PageContext are used shared across all
page generations (site has low traffic and rarely 2 requests in same
time). Same JspWritter and  PageContext instances sometimes
participate in good page and faulty page generations.

I was hoping that someone on this list might know something that could
help me find out why is this happening. Please help.


--
Why?
Because YES!

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat as a Standalone server

[Borut Hadžialić]

Buy the domain 'application.com'. After you buy it you will be able to
specify the ip address of the name server responsible for resolving
host names ending with 'application.com'.

Install a name server on your server, and register its ip address as
responsible for 'application.com' (you do that at the place where u
bought your domain).

In your name server, map the ip address of your web server to
'www.application.com'.


On 2/13/07, matthedude <[EMAIL PROTECTED]> wrote:


Hi,

I am creating a simple web application that will consist of a few servlets
and a MySQL database. I have installed tomcat and am using it in development
with the normal 'localhost' address but have not been able to find any good
tutorials on deploying the application to a web address such as
'www.application.com' so that anyone on the internet can enter their
information. The website will not get very many hits and is only harvesting
small amounts of data so my intention is to use a cheap PC with MySQL and
tomcat to run the website. Any help would be greatly appreciated.

Thanks, Matthew
--
View this message in context: 
http://www.nabble.com/Tomcat-as-a-Standalone-server-tf3220304.html#a8943425
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
Why?
Because YES!

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 5.5 class loader question.

[Borut Hadžialić]

Why would Catalina classloader need to see application specific jar files?

On 8/23/06, Mark Thomas <[EMAIL PROTECTED]> wrote:

Borut Hadžialić wrote:
> However, when we move those Jira dependencies from
> $CATALINA_HOME/common/lib/ to $CATALINA_BASE/shared/lib/
> Jira starup fails - it throws several ClassDefNotFoundException
> (for org.postgresql.Driver and other classes)
>
> Does anyone know why is this happening?

Probably because the Catalina classloader also needs to be able to see
those classes. If they are in shared, they are not visible to the core
Tomcat code.

Mark


--
Why?
Because YES!

Tomcat 5.5 class loader question.

[Borut Hadžialić]

Hello, I have a question related to class loading in tomcat.

http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html
Tomcat documentation says this:

***
Therefore, from the perspective of a web application,
class or resource loading looks in the following repositories,
in this order:

Bootstrap classes of your JVM
System class loader classses (described above)
/WEB-INF/classes of your web application
/WEB-INF/lib/*.jar of your web application
$CATALINA_HOME/common/classes
$CATALINA_HOME/common/endorsed/*.jar
$CATALINA_HOME/common/i18n/*.jar
$CATALINA_HOME/common/lib/*.jar
$CATALINA_BASE/shared/classes
$CATALINA_BASE/shared/lib/*.jar
***

But while installing Jira (a popular web application for issue tracking),
we seem to have observed different behaviour.

We have set up a Tomcat instance for Jira (in some directory, lets
call it CATALINA_BASE).

Jira has a set of jar files that contain dependencies, that are not
included in Jira's /WEB-INF/lib directory.
Jira manual states that these jars should be copied to
CATALINA_HOME/common/lib directory.
When those files are copied to CATALINA_HOME/common/lib, Jira works fine.

However, when we move those Jira dependencies from
$CATALINA_HOME/common/lib/ to $CATALINA_BASE/shared/lib/
Jira starup fails - it throws several ClassDefNotFoundException
(for org.postgresql.Driver and other classes)

All this happened while the Jira instance was the only Tomcat instance
on the server,
and while $CATALINA_HOME/conf xml config files did not contain any
entries specific for Jira or
any other aplication other than those that come with Tomcat ba default.

Accoring to what Tomcat help stated this should not be happening,
because jar were only moved to another directory which is also
included in the search path of the class loader.

Does anyone know why is this happening?

redhat 4.1
Java jdk1.5.0_07
Tomcat 5.5.x, probably 5.5.17
atlassian-jira-standard-3.6.3

--
Why?
Because YES!

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]