DeltaManager cannot receive message through TCP channel in Tomcat cluster
Hi all, I've been running two Tomcat 5.5.20 servers in a cluster for some time on Mac OSx but we've recently moved to 64-bit architecture (Debian etch) . I tried as far as possible to keep the config the same, so only the OS has changed (and I also got the Apache Portable Runtime going). However since moving to this new setup I'm starting to see the following messages in my catalina.out: 25-Sep-2007 16:35:11 org.apache.catalina.cluster.session.DeltaManager messageReceived SEVERE: Manager []: Unable to receive message through TCP channel java.lang.ClassNotFoundException: com.mycompany.someSerialiazbleObject and sometimes in other web apps I see instead of ClassNotFoundException: java.io.InvalidClassException: org.mycomapny.someOtherSerializableObject; local class incompatible: stream classdesc serialVersionUID = -139355480548586, local class serialVersionUID = 8444624889687850885 Now I did some homework here and I've tried the following without success: 1) I've compiled the java files on the server's themselves, so I am sure that the correct class versions are being used 2) The object implements java.io.Serializable, and has a generated serial ID from Eclipse. Incidentally, this Long value matches the local class serialVersionUID, so I have no idea where the 'stream' serialVersionUID comes from. 3) I have the same code running on both the Tomcat servers. What I would like to know is where I am supposed to look next for some answers to this problem. Is there any more information from my config that would be relevant to post here? Thanks in advance, my first 'tomcat-users' post :) Dan Garland [EMAIL PROTECTED] -- Stack Trace -- 25-Sep-2007 16:35:11 org.apache.catalina.cluster.session.DeltaManager messageReceived SEVERE: Manager []: Unable to receive message through TCP channel java.lang.ClassNotFoundException: com.mycompany.someSerialiazbleObject at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:242) at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:574) at org.apache.catalina.cluster.session.ReplicationStream.resolveClass(ReplicationStream.java:84) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1538) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1460) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1693) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1299) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:339) at org.apache.catalina.cluster.session.DeltaRequest$AttributeInfo.readExternal(DeltaRequest.java:334) at org.apache.catalina.cluster.session.DeltaRequest.readExternal(DeltaRequest.java:246) at org.apache.catalina.cluster.session.DeltaManager.loadDeltaRequest(DeltaManager.java:697) at org.apache.catalina.cluster.session.DeltaManager.handleSESSION_DELTA(DeltaManager.java:1572) at org.apache.catalina.cluster.session.DeltaManager.messageReceived(DeltaManager.java:1522) at org.apache.catalina.cluster.session.DeltaManager.messageDataReceived(DeltaManager.java:1271) at org.apache.catalina.cluster.session.ClusterSessionListener.messageReceived(ClusterSessionListener.java:85) at org.apache.catalina.cluster.tcp.SimpleTcpCluster.receive(SimpleTcpCluster.java:1167) at org.apache.catalina.cluster.tcp.ClusterReceiverBase.messageDataReceived(ClusterReceiverBase.java:426) at org.apache.catalina.cluster.io.ObjectReader.execute(ObjectReader.java:107) at org.apache.catalina.cluster.tcp.TcpReplicationThread.drainChannel(TcpReplicationThread.java:138) at org.apache.catalina.cluster.tcp.TcpReplicationThread.run(TcpReplicationThread.java:69) __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Virtual Host and dynamic webapp reloading
Hello, I have a virtual host configured on my Tomcat 5.5.20 cluster installation. In my server.xml, I have autoDeploy="true"> And yet if I copy in a new war file (I'm using ant's deploy task) I don't see any changes to my webapp. If I look at the individual server's webapp via the manager application, I see the changes; but I don't see any changes by looking at the virtual host address until I restart Tomcat. Why? Thanks in advance. Dan Garland [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Host and dynamic webapp reloading
My full element then: autoDeploy="true"> debug="0" /> www.myvirtualhost.com subdomain.myvirtualhost.com className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" managerClassName="org.apache.catalina.cluster.session.DeltaManager" expireSessionsOnShutdown="false" useDirtyFlag="true" notifyListenersOnReplication="true"> className="org.apache.catalina.cluster.tcp.ReplicationValve" filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;"/> className="org.apache.catalina.cluster.session.ClusterSessionListener"/> Any ideas? Pid wrote: Daniel M Garland wrote: Hello, I have a virtual host configured on my Tomcat 5.5.20 cluster installation. In my server.xml, I have What config do you have in your Context(s)? p And yet if I copy in a new war file (I'm using ant's deploy task) I don't see any changes to my webapp. If I look at the individual server's webapp via the manager application, I see the changes; but I don't see any changes by looking at the virtual host address until I restart Tomcat. Why? Thanks in advance. Dan Garland [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DeltaManager cannot receive message through TCP channel in Tomcat cluster
Christopher Schultz wrote: Is Eclipse re-setting the serialVersionUID for each compile, or do you have one explicitly set in your code? (Meaning, does the serialVersionUID ever change?) Well in Eclipse I said 'add generated ID', but this declares a final static long that hasn't changed because the code in the class is the same. This long value matches what the Tomcat log says is the 'local' class name... 3) I have the same code running on both the Tomcat servers. Are you sure? Try checking md5sum or sha1sum for the classes in question. Object serialization should not depend upon the architecture (that's the whole point), so switching from a 32-bit machine to a 64-bit one should not have changed anything. Yeh the MD5Sum matches. Any other ideas? I've got expireSessionsOnShutdown=false on my Cluster element, perhaps when I redeployed the code at some point some old session with an old ID is being preserved somehow? I'm not using any session persistence either. Another strange thing is since this started happening I don't ever see the session count in the manager app increase above zero, even though if I sit in front of the webapp my session is persisted across the cluster... weird. Thanks Dan __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Host and dynamic webapp reloading
I've gotta say I've had a miserable time with this one. I've tried
nearly permutation of configurations in the Tomcat documentation and
nothing seems to work; either I get the default host or a white blank
screen.
What I need is for www.mydomain.com to host mywebapp on the default path
and anotherapp on path /anotherapp
If I have this setup in server.xml, everything works:
...
...
However, to get the dynamic webapp reloading I've been recommended to
move my elements out of server.xml. As I am running muliple
virtual hosts I understand that I cannot use conf/context.xml because
this applies to all hosts.
So I have tried each of the following, without success:
- creating a conf/Catalina/mydomain.com/mywebapp.xml
- creating a conf/Catalina/mydomain.com/ROOT.xml
- creating a conf/Catalina/mydomain.com/context.xml
- creating a conf/Catalina/mydomain.com/context.xml.default
- creating a META-INF/context.xml in the web app (although I'd prefer to
sort this out within Tomcat anyway)
I've also tried several variations on the docBase: ".", "mywebapp", the
absolute path, the absolute path to the .war file...
I mean, why wouldn't this work?
in conf/server.xml:
in conf/Catalina/mydomain.com/mywebapp.xml:
Any ideas on how I can achieve the equivalent of my working server.xml
with nested Contexts in some other file?
Regards
Dan Garland
Pid wrote:
Daniel M Garland wrote:
My full element then:
yeah...
remove the context defs from server.xml and put them in
META-INF/context.xml, which is a dir/file inside your webapp.
this method of defining contexts is not encouraged, because you have to
restart the server to reload the config, amongst other reasons.
the default web app is called ROOT.war, your other one would be
asmalljspapp.war. put both files in the appBase dir.
when it unpacks, it'll drop the contexts like so:
appBase/ROOT/META-INF/context.xml
appBase/asmalljspapp/META-INF/context.xml
i strongly recommend that you have a read of the Context config stuff in
the docs. you'll need to set reloadable="true".
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
p
www.myvirtualhost.com
subdomain.myvirtualhost.com
Any ideas?
Pid wrote:
Daniel M Garland wrote:
Hello,
I have a virtual host configured on my Tomcat 5.5.20 cluster
installation.
In my server.xml, I have
What config do you have in your Context(s)?
p
And yet if I copy in a new war file (I'm using ant's deploy task) I
don't see any changes to my webapp. If I look at the individual server's
webapp via the manager application, I see the changes; but I don't see
any changes by looking at the virtual host address until I restart
Tomcat.
Why?
Thanks in advance.
Dan Garland
[EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
_
Re: Virtual Host and dynamic webapp reloading
Hi Chris, I have three virtual hosts that I want to have hosting a webapp on the default path. Each host has a few aliases for subdomains etc. So I don't really want to have ROOT.war in CATALINA_HOME/webapps, partly because I want to keep the manager app and partly because I would have a ROOT.war files for each host, so I think you're saying CATALINA_HOME/webapps /myapp1/ROOT /myapp2/ROOT /myapp3/ROOT So I would've thought that I'd have the appBase of each host be myappX/ROOT, but what would the corresponding context.xml be? Does it actually work holding this file in /conf, I'm not sure about having this in the webapp, is it standard to have a META-INF/context.xml or is that a Tomcat thing? Thanks for all the input so far folks Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan, Daniel M Garland wrote: That docBase="." is going to give you nothing but trouble. Why can't you just do this: 1. Start with a clean install of Tomcat. 2. Modify CATALINA_HOME/conf/server.xml to include your clustering configuration. 3. Drop ROOT.war into CATALINA_HOME/webapps 4. Drop anotherapp.was into CATALINA_HOME/webapps 5. Start up Tomcat This should work. You don't need any crazy configuration. Your configuration should be in META-INF/context.xml in each of your WAR files. Tell me more about your virtual host configuration. Do you actually need Tomcat to understand your virtual hosts? Or, is it sufficient to have all applications available to all host names? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG+n5l9CaO5/Lv0PARAo1aAJ9umVYb/ikB/9BMuzTP+DOHSAIF8gCbBLS5 mib6X4Uo/BvMMMP7tL6L30k= =gz0h -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Java 1.6
Is there any performance increase that you've noticed? Pid wrote: David Smith wrote: I think that was pure speculation. I use JDK 1.6 w/ Tomcat 5.5 in production and have had no issue. Likewise, and they go very nicely indeed. p --David Marco wrote: Hello, I read in previous post today that someone wasn't sure whether Java 1.6 is compatible with tomcat 5.5. This is new to me. Does anyone know more about this (more specifically, what versions of tomcat DO work with SUN jvm 1.6)? Regards, Marco. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Host and dynamic webapp reloading [SOLVED]
Thanks to all for your responses and advice, from this I have now
addressed the problem by using an alternative configuration. For the
record heres what I did:
- I ended up creating a completely different folder for my webapps. I
created subdirectories for each virtual host, rather than having all my
virtual host's web applications inside $CATALINA_HOME/webapps, and set
the appBase in server.xml's element to match this.
- I had my ant script generate a ROOT.war instead of the project name
and dumped this .war in my new appBase/domain/ directory.
- I set unpackWars and autoDeploy to true on each Host
- I created a META-INF/context.xml in my web app (as I needed to do some
config on the context)
Now whenever I drop a new web app in using the catalina ant deploy task
the changes are reflected. So I suppose the punchline is don't bung all
your webapps in the default folder and try to use elements,
but break them into seperate folders, and use ROOT.war if you want to
host off the default context ("/").
thanks everyone!
Daniel M Garland wrote:
Hello,
I have a virtual host configured on my Tomcat 5.5.20 cluster installation.
In my server.xml, I have
autoDeploy="true">
And yet if I copy in a new war file (I'm using ant's deploy task) I
don't see any changes to my webapp. If I look at the individual server's
webapp via the manager application, I see the changes; but I don't see
any changes by looking at the virtual host address until I restart Tomcat.
Why?
Thanks in advance.
Dan Garland
[EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: DeltaManager cannot receive message through TCP channel in Tomcat cluster
Hi In another thread I was advised to change my virtual host config, which has moved this problem on a little bit. I now have a manger context for each virtual host, rather than just on localhost, and these manager apps seem to report the session count; its only the localhost manager that doesn't seem to work properly. Does that shed any light on things? And no the old macs have been re-deployed somewhere else... Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan, Daniel M Garland wrote: Another strange thing is since this started happening I don't ever see the session count in the manager app increase above zero, even though if I sit in front of the webapp my session is persisted across the cluster... weird. Completely weird. Since we're grasping at straws, are you able to re-deploy the old Mac servers for testing purposes? I'd be interested to see if you do a "new" deployment on them if they will act properly. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG+mLr9CaO5/Lv0PARApsqAKCCBEMOIPHNAQNT1AIP8c61QVXTtwCfS5m4 vMNQ+fJPFlQEIgPOB67JaKc= =HdeT -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache Portable Runtime > 1.1.4 on Debian Etch?
Hi again, In my catalina.out I see the following INFO on a server startup: INFO: An older version 1.1.3 of the Apache Tomcat Native library is installed, while Tomcat recommends version greater than 1.1.4 I installed libapr1 and libapr1-dev using apt on Debain etch 64-bit version, and am up-to-date, any Debian users out there who know if there is a debain package for apr that is greater than 1.1.4? Dan __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat jsessionid cookie across subdomain valve
Hi all,
I have a web application that is installed on a virtual host that has a
number of subdomains defined with elements in server.xml. We
would like cookie sessions persist to across these subdomains, and I
understand that this is not standard as defined in the servlet
specification. Therefore I am trying to write a custom Valve that
re-writes the domain on a Cookie to be ".mydomain.com", rather than
"www.mydomain.com". From searching the web to looking at what Daniel
Rall wrote for Tomcat 4 I have tried the invoke() method below in my
valve. Unfortunately, it doesn't seem to work; in my log I see the debug
output that tells me the domain is being set, but when I look at the
cookie in my Firefox web developer toolbar it says that the host of the
cookie is www.mydomain.com.
Has anyone got this to work in Tomcat 5.5.2? Why doesn't this code work
and can anybody tell me if there is anything else I need to change? From
what I can tell if this doesn't work my options are to edit Tomcat
sources or persuade the boss to get Resin (which supports this feature).
BTW I already have cookies="false" in my Context for the time being, its
OK as an interim measure but I'd prefer to have cookies sorted.
public void invoke(Request request, Response response) throws
IOException, ServletException
{
if(request instanceof HttpServletRequest &&
response instanceof HttpServletResponse &&
request.getCookies() != null)
{
HttpServletRequest httprequest = (HttpServletRequest) request;
HttpServletResponse httpresponse = (HttpServletResponse)
response;
boolean domainwasset =
setDomainOnCookies(request.getCookies());
if(!domainwasset)
{
HttpSession session = httprequest.getSession();
if(session.isNew())
{
containerLog.info((session.isNew() ? "new" : "old") + "
session, requested ID="
+ httprequest.getRequestedSessionId() + ", actual
ID =" + session.getId());
Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
session.getId());
cookie.setMaxAge(-1);
// Set the cookie path
String cookiepath = getCookiePath();
if(cookiepath == null || cookiepath.trim().length() == 0)
{
cookiepath = request.getContextPath();
if(cookiepath == null || cookiepath.trim().length() == 0)
{
cookiepath = "/";
}
}
if(httprequest.isSecure())
{
cookie.setSecure(true);
}
cookie.setDomain(getCookieDomain());
containerLog.info("Adding cookie for "+ getCookieDomain());
httpresponse.addCookie(cookie);
}
}
}
// We're done, bring on the next valve
if(next != null)
{
next.invoke(request, response);
}
}
private boolean setDomainOnCookies(Cookie[] cookies)
{
boolean domainset = false;
if(cookies != null)
{
for(Cookie c : cookies)
{
if(c != null &&
c.getName().equals(Globals.SESSION_COOKIE_NAME))
{
containerLog.info("Setting cookie " + c.getName() +" to
" + getCookieDomain() + ", was " + c.getDomain());
c.setDomain(getCookieDomain());
domainset = true;
}
}
}
return domainset;
}
Thanks in advance
Dan Garland
[EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Analog of mod_rewrite in Tomcat?
Hey, If you're after something really simple you could even write a servlet filter that implements your functionality. Dan Ken Bowen wrote: Hi all, Is there an analog of mod_rewrite which operates in Tomcat? It would be used if one was running Tomcat alone as a server without Apache in front of it. Thanks in advance, Ken Bowen - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: DeltaManager cannot receive message through TCP channel in Tomcat cluster
OK I've figured out what's happening, but not how to fix it! I'm running a single Tomcat instance that is hosting some virtual hosts, and we have three Tapestry web applications. For those unfamiliar with Tapestry, a Visit object is defined to represent the user's session and is sort of a facade to avoid working directly with HttpSession. Hence in a cluster this Visit object is propagated around the cluster. Now, what seems to be the case is that Tomcat is getting muddled up with the different Visit classes in each separate application; which is not good. Not only are the classes in different java packages, but they have unique serialVersionIDs. This then gives me the error: java.io.InvalidClassException: com.mydomain.Visit; local class incompatible: stream classdesc serialVersionUID = -139355480 548586, local class serialVersionUID = 8444624889687850885 and it turns out that -139355480548586 is the Visit object from a completely different web application. I'm trying to figure out what changes to my config I made when I went from my old hardware to a new setup, and I believe that the only change is that we configured each virtual host to use its own element, rather than having a single cluster for the engine; but I would've thought that having three seperate clusters on different ports/ addresses would help to prevent this sort of thing happening, rather than cause it? Any other reasons why my serialized objects are being confused in this way? Daniel M Garland wrote: Hi all, I've been running two Tomcat 5.5.20 servers in a cluster for some time on Mac OSx but we've recently moved to 64-bit architecture (Debian etch) . I tried as far as possible to keep the config the same, so only the OS has changed (and I also got the Apache Portable Runtime going). However since moving to this new setup I'm starting to see the following messages in my catalina.out: 25-Sep-2007 16:35:11 org.apache.catalina.cluster.session.DeltaManager messageReceived SEVERE: Manager []: Unable to receive message through TCP channel java.lang.ClassNotFoundException: com.mycompany.someSerialiazbleObject and sometimes in other web apps I see instead of ClassNotFoundException: java.io.InvalidClassException: org.mycomapny.someOtherSerializableObject; local class incompatible: stream classdesc serialVersionUID = -139355480548586, local class serialVersionUID = 8444624889687850885 Now I did some homework here and I've tried the following without success: 1) I've compiled the java files on the server's themselves, so I am sure that the correct class versions are being used 2) The object implements java.io.Serializable, and has a generated serial ID from Eclipse. Incidentally, this Long value matches the local class serialVersionUID, so I have no idea where the 'stream' serialVersionUID comes from. 3) I have the same code running on both the Tomcat servers. What I would like to know is where I am supposed to look next for some answers to this problem. Is there any more information from my config that would be relevant to post here? Thanks in advance, my first 'tomcat-users' post :) Dan Garland [EMAIL PROTECTED] -- Stack Trace -- 25-Sep-2007 16:35:11 org.apache.catalina.cluster.session.DeltaManager messageReceived SEVERE: Manager []: Unable to receive message through TCP channel java.lang.ClassNotFoundException: com.mycompany.someSerialiazbleObject at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:242) at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:574) at org.apache.catalina.cluster.session.ReplicationStream.resolveClass(ReplicationStream.java:84) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1538) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1460) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1693) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1299) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:339) at org.apache.catalina.cluster.session.DeltaRequest$AttributeInfo.readExternal(DeltaRequest.java:334) at org.apache.catalina.cluster.session.DeltaRequest.readExternal(DeltaRequest.java:246) at org.apache.catalina.cluster.session.DeltaManager.loadDeltaRequest(DeltaManager.java:697) at org.apache.catalina.clust
Re: Tomcat jsessionid cookie across subdomain valve
Any thoughts? If this is OT anyone know an appropriate list to post to?
Daniel M Garland wrote:
Hi all,
I have a web application that is installed on a virtual host that has a
number of subdomains defined with elements in server.xml. We
would like cookie sessions persist to across these subdomains, and I
understand that this is not standard as defined in the servlet
specification. Therefore I am trying to write a custom Valve that
re-writes the domain on a Cookie to be ".mydomain.com", rather than
"www.mydomain.com". From searching the web to looking at what Daniel
Rall wrote for Tomcat 4 I have tried the invoke() method below in my
valve. Unfortunately, it doesn't seem to work; in my log I see the debug
output that tells me the domain is being set, but when I look at the
cookie in my Firefox web developer toolbar it says that the host of the
cookie is www.mydomain.com.
Has anyone got this to work in Tomcat 5.5.2? Why doesn't this code work
and can anybody tell me if there is anything else I need to change? From
what I can tell if this doesn't work my options are to edit Tomcat
sources or persuade the boss to get Resin (which supports this feature).
BTW I already have cookies="false" in my Context for the time being, its
OK as an interim measure but I'd prefer to have cookies sorted.
public void invoke(Request request, Response response) throws
IOException, ServletException
{
if(request instanceof HttpServletRequest &&
response instanceof HttpServletResponse &&
request.getCookies() != null)
{
HttpServletRequest httprequest = (HttpServletRequest) request;
HttpServletResponse httpresponse = (HttpServletResponse) response;
boolean domainwasset = setDomainOnCookies(request.getCookies());
if(!domainwasset)
{
HttpSession session = httprequest.getSession();
if(session.isNew())
{
containerLog.info((session.isNew() ? "new" : "old") + "
session, requested ID="
+ httprequest.getRequestedSessionId() + ", actual
ID =" + session.getId());
Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
session.getId());
cookie.setMaxAge(-1);
// Set the cookie path
String cookiepath = getCookiePath();
if(cookiepath == null || cookiepath.trim().length() == 0)
{
cookiepath = request.getContextPath();
if(cookiepath == null || cookiepath.trim().length() == 0)
{
cookiepath = "/";
}
}
if(httprequest.isSecure())
{
cookie.setSecure(true);
}
cookie.setDomain(getCookieDomain());
containerLog.info("Adding cookie for "+ getCookieDomain());
httpresponse.addCookie(cookie);
}
}
}
// We're done, bring on the next valve
if(next != null)
{
next.invoke(request, response);
}
}
private boolean setDomainOnCookies(Cookie[] cookies)
{
boolean domainset = false;
if(cookies != null)
{
for(Cookie c : cookies)
{
if(c != null &&
c.getName().equals(Globals.SESSION_COOKIE_NAME))
{
containerLog.info("Setting cookie " + c.getName() +" to "
+ getCookieDomain() + ", was " + c.getDomain());
c.setDomain(getCookieDomain());
domainset = true;
}
}
}
return domainset;
}
Thanks in advance
Dan Garland
[EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat clustering
Hey The mcastDropTime attribute controls how long a node waits without a response from a peer before considering it dead. Careful though, I tried setting this to be much lower than the default and had all sorts of problems with nodes adding / disappearing all the time; I wonder what sorts of values members of this list use as a bare minimum? Andrew Hole wrote: In cluster of two nodes, which the parameter that I need to configure (or to decrease the value) for a node knows immediately that the other is down? With this configuration a node waits some time. Thanks a lot - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: why/how to use ajp connector...
You use this connector to relay requests to a certain URL pattern to Tomcat, so you can have part of your website as static HTML served by apache and part of it hosted by Tomcat, which could be running your server-side Java. Perhaps you have a jsp contact form on your static site that needs to capture user signups; well you'd have /signups to be your contact form and the Tomcat server would be hosting that page. Other advantages are related to functionality in apache but not in Tomcat, so you often see people asking about mod_rewrite in Tomcat, and the textbook response is to have apache sitting in front of Tomcat to use mod_rewrite, seems overkill for me but there are other reasons too. As for the last point, everything goes through apache and only content that matches a URL is forwarded to Tomcat. You'll have a log file configured mod_jk.log. HTH Dan Garland loredana loredana wrote: Ok, my project manager asked me to set up a server with tomcat, apache and ajp connector. This is the first time I do it and after reading some of the documentation on the ajp connector I still can't figure out it's purpose. Can anybody tell me what is it's use? I read "This is used for cases where you wish to invisibly integrate Tomcat 4 into an existing (or new) Apache installation, and you want Apache to handle the static content contained in the web application" I don't know if I understand that right. Can anybody give me a simple example? And one more question. After reading the documentation and making the changes to the configuration and everything, when I run my application how can I test/verify that the connector is working? how can I determine if apache is handling the static content and not tomcat? 10x in advance and sorry for if the question sounds too "newby" Catch up on fall's hot new shows on Yahoo! TV. Watch previews, get listings, and more! http://tv..yahoo.com/collections/3658 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat jsessionid cookie across subdomain valve
How would I raise this as an enhancement request in Tomcat?
Daniel M Garland wrote:
Hi all,
I have a web application that is installed on a virtual host that has a
number of subdomains defined with elements in server.xml. We
would like cookie sessions persist to across these subdomains, and I
understand that this is not standard as defined in the servlet
specification. Therefore I am trying to write a custom Valve that
re-writes the domain on a Cookie to be ".mydomain.com", rather than
"www.mydomain.com". From searching the web to looking at what Daniel
Rall wrote for Tomcat 4 I have tried the invoke() method below in my
valve. Unfortunately, it doesn't seem to work; in my log I see the debug
output that tells me the domain is being set, but when I look at the
cookie in my Firefox web developer toolbar it says that the host of the
cookie is www.mydomain.com.
Has anyone got this to work in Tomcat 5.5.2? Why doesn't this code work
and can anybody tell me if there is anything else I need to change? From
what I can tell if this doesn't work my options are to edit Tomcat
sources or persuade the boss to get Resin (which supports this feature).
BTW I already have cookies="false" in my Context for the time being, its
OK as an interim measure but I'd prefer to have cookies sorted.
public void invoke(Request request, Response response) throws
IOException, ServletException
{
if(request instanceof HttpServletRequest &&
response instanceof HttpServletResponse &&
request.getCookies() != null)
{
HttpServletRequest httprequest = (HttpServletRequest) request;
HttpServletResponse httpresponse = (HttpServletResponse) response;
boolean domainwasset = setDomainOnCookies(request.getCookies());
if(!domainwasset)
{
HttpSession session = httprequest.getSession();
if(session.isNew())
{
containerLog.info((session.isNew() ? "new" : "old") + "
session, requested ID="
+ httprequest.getRequestedSessionId() + ", actual
ID =" + session.getId());
Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
session.getId());
cookie.setMaxAge(-1);
// Set the cookie path
String cookiepath = getCookiePath();
if(cookiepath == null || cookiepath.trim().length() == 0)
{
cookiepath = request.getContextPath();
if(cookiepath == null || cookiepath.trim().length() == 0)
{
cookiepath = "/";
}
}
if(httprequest.isSecure())
{
cookie.setSecure(true);
}
cookie.setDomain(getCookieDomain());
containerLog.info("Adding cookie for "+ getCookieDomain());
httpresponse.addCookie(cookie);
}
}
}
// We're done, bring on the next valve
if(next != null)
{
next.invoke(request, response);
}
}
private boolean setDomainOnCookies(Cookie[] cookies)
{
boolean domainset = false;
if(cookies != null)
{
for(Cookie c : cookies)
{
if(c != null &&
c.getName().equals(Globals.SESSION_COOKIE_NAME))
{
containerLog.info("Setting cookie " + c.getName() +" to "
+ getCookieDomain() + ", was " + c.getDomain());
c.setDomain(getCookieDomain());
domainset = true;
}
}
}
return domainset;
}
Thanks in advance
Dan Garland
[EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
__
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
__
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: DeltaManager cannot receive message through TCP channel in Tomcat cluster
Thanks for the response So is it better to have one cluster rather than one per host? What about hosts that don't have clustering enabled? Surely there are advantages with having a separate cluster, its listening on a different address so it would have its own message buffer etc.? My current config is roughly as follows : I have two clusters transmitting on differnet multicast addresses (but on the same port) while I am binding my TCP listener to the external IP of the Tomcat server on a different port: ... ... className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" managerClassName="org.apache.catalina.cluster.session.DeltaManager" expireSessionsOnShutdown="false" useDirtyFlag="true" notifyListenersOnReplication="true"> className="org.apache.catalina.cluster.tcp.ReplicationValve" filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;"/> className="org.apache.catalina.cluster.session.ClusterSessionListener"/> ... className="org.apache.catalina.cluster.tcp.SimpleTcpCluster" managerClassName="org.apache.catalina.cluster.session.DeltaManager" expireSessionsOnShutdown="false" useDirtyFlag="true" notifyListenersOnReplication="true"> className="org.apache.catalina.cluster.tcp.ReplicationValve" filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;"/> className="org.apache.catalina.cluster.session.ClusterSessionListener"/> ... Is there anything amiss with this configuration that would result in the problems I am seeing? Thanks Dan Filip Hanik - Dev Lists wrote: it would have to be the multicast address that is unique to take care of the problem, however, easier to run one cluster instance at the engine level, the cluster knows what vhost a piece of replicated data belongs to Filip Daniel M Garland wrote: OK I've figured out what's happening, but not how to fix it! I'm running a single Tomcat instance that is hosting some virtual hosts, and we have three Tapestry web applications. For those unfamiliar with Tapestry, a Visit object is defined to represent the user's session and is sort of a facade to avoid working directly with HttpSession. Hence in a cluster this Visit object is propagated around the cluster. Now, what seems to be the case is that Tomcat is getting muddled up with the different Visit classes in each separate application; which is not good. Not only are the classes in different java packages, but they have unique serialVersionIDs. This then gives me the error: java.io.InvalidClassException: com.mydomain.Visit; local class incompatible: stream classdesc serialVersionUID = -139355480 548586, local class serialVersionUID = 8444624889687850885 and it turns out that -139355480548586 is the Visit object from a completely different web application. I'm trying to figure out what changes to my config I made when I went from my old hardware to a new setup, and I believe that the only change is that we configured each virtual host to use its own element, rather than having a single cluster for the engine; but I would've thought that having three seperate clusters on different ports/ addresses would help to prevent this sort of thing happening, rather than cause it? Any other reasons why my serialized objects are being confused in this way? Daniel M Garland wrote: Hi all, I've been running two Tomcat 5.5.20 servers in a cluster for some time on Mac OSx but we've recently moved to 64-bit architecture (Debian etch) . I tried as far as possible to keep the config the same, so only the OS has changed (and I also got the Apache Portable Runtime going). However since moving to this new setup I'm starting to see the following messages in my catalina.out: 25-Sep-2007 16:35:11 org.apache.catalina.cluster.session.DeltaManager messageReceived SEVERE: Manager []: Unable to receive message through TCP channel java.lang.ClassNotFoundException: com.mycompany.someSerialiazbleObject and sometimes in other web apps I see instead of ClassNotFoundException: java.io.InvalidClassException: org.mycomapny.someOtherSerializableObject; local class incompatible: stream classdesc serialVersionUID = -139355480548586, local class serialVersionUID = 8444624889687850885 Now I did some homework here and I've tried the following without success: 1) I've compiled the java files on the server's themselves, so I am sure that the correct class versions are be
redirecting old context uris when moving context
Hi I was formerly hosting a web application at http://somehost/somecontext which I am now hosting at http://somehost so that the context is now ROOT, instead of somecontext. Is there a way of mapping / redirecting 'old' URI from somecontext to the ROOT, so that http://somehost/somecontext/someuri becomes http://somehost/someuri This would be advantageous to me because bookmarked / search-engine listings for /someuri are now giving a 404, which I'd prefer to be a redirect. There is also the matter of links on other websites. Thanks in advance Dan Garland __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: redirecting old context uris when moving context [SOLVED]
Thanks for the comments, I ended up writing a little servlet filter. I forgot to mention that I had a filter mapping /* on the root context, so that /someuri was being caught by the root context first, so I needed a filter to bypass this. We're also not proxying through apache. Cheers Daniel M Garland wrote: Hi I was formerly hosting a web application at http://somehost/somecontext which I am now hosting at http://somehost so that the context is now ROOT, instead of somecontext. Is there a way of mapping / redirecting 'old' URI from somecontext to the ROOT, so that http://somehost/somecontext/someuri becomes http://somehost/someuri This would be advantageous to me because bookmarked / search-engine listings for /someuri are now giving a 404, which I'd prefer to be a redirect. There is also the matter of links on other websites. Thanks in advance Dan Garland __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Too Many Open Files error
Hi all I'm seeing a problem on a Tomcat instance: 18-Oct-2007 12:41:47 org.apache.tomcat.util.net.AprEndpoint$Acceptor run SEVERE: Socket accept failed org.apache.tomcat.jni.Error: Too many open files at org.apache.tomcat.jni.Socket.accept(Native Method) at org.apache.tomcat.util.net.AprEndpoint$Acceptor.run(AprEndpoint.java:1001) at java.lang.Thread.run(Thread.java:595) Looking through Google and the advice seems to increase the number of file descriptors. I'm on debian etch and cat /proc/sys/fs/file-max gives 369540 I don't believe that I've hit this limit or that increasing this value would be sensible. Given that everything in linux is a file, does this mean that connections are not being closed properly? Where would be a good place to start debugging this problem? Thanks in advance Dan __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Too Many Open Files error
Thanks Jim, It was previously set to 1024, and I quadrupled it. When you say ulimit is persistent will it persist across a reboot? I don't seem to have the command lsof, I'll try and apt-get it. Cheers Dan Jim Cox wrote: On 10/19/07, Daniel M Garland <[EMAIL PROTECTED]> wrote: Should I then place ulimit -n in the catalina startup scripts? Setting a limit with ulimit is "sticky" (i.e. persistent), so there's no need to stick it in the startup script. However, you didn't answer the previous two questions about (1) how many files did Tomcat have open when you got the "Too many open files" error, and (2) what the current ulimit setting for open files is. If you provide those answers people here can help you out a bit more. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Too Many Open Files error
Should I then place ulimit -n in the catalina startup scripts? Jim Cox wrote: On 10/18/07, Daniel M Garland <[EMAIL PROTECTED]> wrote: Hi all I'm seeing a problem on a Tomcat instance: 18-Oct-2007 12:41:47 org.apache.tomcat.util.net.AprEndpoint$Acceptor run SEVERE: Socket accept failed org.apache.tomcat.jni.Error: Too many open files at org.apache.tomcat.jni.Socket.accept(Native Method) at org.apache.tomcat.util.net.AprEndpoint$Acceptor.run(AprEndpoint.java:1001) at java.lang.Thread.run(Thread.java:595) Looking through Google and the advice seems to increase the number of file descriptors. I'm on debian etch and cat /proc/sys/fs/file-max gives 369540 Relevant thing is probably the open file limit for processes -- what does "ulimit -a" return for whatever user you're running Tomcat under? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OpenSSL + APR + Tomcat 5.5.2 Help
Hi folks, Again I call on your expert assistance: I have a tomcat 5.5.2 server running on a Debian Etch linux box. Its configured to use APR 1.1.3 and I want to get SSL going. I've successfully managed this using JSSE but not OpenSSL. I installed openssl using apt, as well as the APR libraries. Tomcat was installed with the binaries from Apache. I ran the following commands (with help from http://marc.info): - Create private key and certificate request for my own certificate authority openssl req -new -newkey rsa:1024 -nodes -out ssl/ca/ca.csr -keyout ssl/ca/ca.key - Self-sign openssl x509 -trustout -signkey ssl/ca/ca.key -days 365 -req -in ssl/ca/ca.csr -out ssl/ca/ca.pem -Import into Java's security thingy keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -file ssl/ca/ca.pem -alias tomcat -Created a file CA's serial numbers? echo "02" > ssl/ca/ca.srl -Created a keystore keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystore ~/.keystore -storetype JKS -Create a certficate request for the server keytool -certreq -keyalg RSA -alias tomcat -file ssl/certreq.csr -keystore .keystore (This certificate got sent off to verisign, but in the meantime I thought I'd try signing myself off to see SSL working) openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserial ssl/ca/ca.srl -req -in ssl/certreq.csr -out ssl/selfcert.crt -days 365 - Import my self-cert into the keystore keytool -import -alias tomcat -keystore .keystore -trustcacerts -file ssl/selfcert.crt Then I had this in server.xml clientAuth="false" sslProtocol="TLS" keystoreFile="/home/tomcat5/.keystore" keystorePass="password" /> The docs said that it would pickup .keystore in the user's home directory but I thought I'd set it explicitly. When I restart tomcat I see in the log: 28-Nov-2007 14:59:26 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 And no errors alluding to SSL anywhere else. When I try to access https://myserver:8443 firefox tells me that the connection was interrupted, following a lengthy pause. keytool -list shows 1 entry. Since I'm a bit of a newbie to SSL, and there is nothing in the log, I am stuck as for what to do next. I gather that since I use APR I might need other settings in my server.conf, but the documentation is vauge on whether I need both the keystore attributes and the openssl stuff, or just the ssl stuff, or what. If I were to add the SSLEngine, SSLCertificateFile, SSLCertificateKeyFile attributes, what values would I feed them based on the previous steps? Does anyone have any good howtos for the openssl side of things (the first line of the official docs is a caveat that the howto applies to JSSE only!) Thanks in advance Dan Garland __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OpenSSL + APR + Tomcat 5.5.2 Help
OK so I tried it with the attributes set and now I get java.lang.Exception: Error setting private key (error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch) Which I take to mean that my server key is not the same as the certificate key. Where did I go wrong? SSLEngine="on" SSLCertificateFile="/home/tomcat5/ssl/myverisign.crt" SSLCertificateKeyFile="/home/tomcat5/ssl/ca/ca.key" Did I send the wrong thing to verisign? Dan Daniel M Garland wrote: Hi folks, Again I call on your expert assistance: I have a tomcat 5.5.2 server running on a Debian Etch linux box. Its configured to use APR 1.1.3 and I want to get SSL going. I've successfully managed this using JSSE but not OpenSSL. I installed openssl using apt, as well as the APR libraries. Tomcat was installed with the binaries from Apache. I ran the following commands (with help from http://marc.info): - Create private key and certificate request for my own certificate authority openssl req -new -newkey rsa:1024 -nodes -out ssl/ca/ca.csr -keyout ssl/ca/ca.key - Self-sign openssl x509 -trustout -signkey ssl/ca/ca.key -days 365 -req -in ssl/ca/ca.csr -out ssl/ca/ca.pem -Import into Java's security thingy keytool -import -keystore $JAVA_HOME/jre/lib/security/cacerts -file ssl/ca/ca.pem -alias tomcat -Created a file CA's serial numbers? echo "02" > ssl/ca/ca.srl -Created a keystore keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystore ~/.keystore -storetype JKS -Create a certficate request for the server keytool -certreq -keyalg RSA -alias tomcat -file ssl/certreq.csr -keystore .keystore (This certificate got sent off to verisign, but in the meantime I thought I'd try signing myself off to see SSL working) openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserial ssl/ca/ca.srl -req -in ssl/certreq.csr -out ssl/selfcert.crt -days 365 - Import my self-cert into the keystore keytool -import -alias tomcat -keystore .keystore -trustcacerts -file ssl/selfcert.crt Then I had this in server.xml clientAuth="false" sslProtocol="TLS" keystoreFile="/home/tomcat5/.keystore" keystorePass="password" /> The docs said that it would pickup .keystore in the user's home directory but I thought I'd set it explicitly. When I restart tomcat I see in the log: 28-Nov-2007 14:59:26 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8443 And no errors alluding to SSL anywhere else. When I try to access https://myserver:8443 firefox tells me that the connection was interrupted, following a lengthy pause. keytool -list shows 1 entry. Since I'm a bit of a newbie to SSL, and there is nothing in the log, I am stuck as for what to do next. I gather that since I use APR I might need other settings in my server.conf, but the documentation is vauge on whether I need both the keystore attributes and the openssl stuff, or just the ssl stuff, or what. If I were to add the SSLEngine, SSLCertificateFile, SSLCertificateKeyFile attributes, what values would I feed them based on the previous steps? Does anyone have any good howtos for the openssl side of things (the first line of the official docs is a caveat that the howto applies to JSSE only!) Thanks in advance Dan Garland __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
