Re: TLSCertificateReloadListener Detects Expiration But Never Reads New Cert & Key Files
Hi Mark -- Ha! I just ran a test (while you were responding) and made the same confirmation: TLSCertificateReloadListener in 10.1.18 works, TLSCertificateReloadListener in 10.1.19 doesn't. Thank you! Happy to confirm 10.1.20 for you; just ask. And, by the way, I've seen 'markt' showing up in those Changelogs for quite some time and it's a genuine pleasure to have a conversation with you. You've contributed so much to the Tomcat world, and I appreciate what you do. -- Justin On 3/18/24 3:20 PM, Mark Thomas wrote: On 18/03/2024 08:21, Mark Thomas wrote: On 17/03/2024 15:26, Justin Y wrote: Hi Everyone -- I've spent a few hours scratching my head and then diving into the source code of 10.1.19 to figure out what's going on. Could you test with 10.1.18? I'm wondering if the user provided SSLContext changes in 10.1.19 have triggered a regression. Never mind. I've just confirmed that those changes did trigger a regression. I'll commit a fix shortly and it will be in the next round of releases. Mark Mark I'm using the /TLSCertificateReloadListener/ <https://github.com/apache/tomcat/commit/144cb84e1a9777ef63c30f6021b562cc04aa708d> to reload files that will be (eventually) managed by Let's Encrypt. Although it does detect the expiration and log that things were reloaded, the new files are never read and the old cert & key are used forever, causing the trigger to reoccur again and again. The only way I can get the system to function correctly is if I, during debugging in Eclipse with the matching Tomcat source, null out the "sslContext" on line 102 of AbstractJsseEndpoint. From what I can tell, the SSLHostConfigCertificate objects keep a copy of an SSLContext and during the JMX unregister and register the same SSLContext is transferred, which never takes in the same files. From my limited knowledge, it appears the files will never be loaded unless a new instance of SSLContext is created. I've tried both APR (OpenSSL) and native JSSE configurations. One thing of note - during testing, I'm only using PEM-based cert and key files (no CA). I have tried writing my own /TLSCertificateReloadListener/ <https://github.com/apache/tomcat/commit/144cb84e1a9777ef63c30f6021b562cc04aa708d> implementation but have found no clear way to null the SSLContext of the (determined expired) SSLHostConfigCertificate objects to allow a reload. I appreciate any suggestions! -- Justin - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- -- Justin Y - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
TLSCertificateReloadListener Detects Expiration But Never Reads New Cert & Key Files
Hi Everyone -- I've spent a few hours scratching my head and then diving into the source code of 10.1.19 to figure out what's going on. I'm using the /TLSCertificateReloadListener/ <https://github.com/apache/tomcat/commit/144cb84e1a9777ef63c30f6021b562cc04aa708d> to reload files that will be (eventually) managed by Let's Encrypt. Although it does detect the expiration and log that things were reloaded, the new files are never read and the old cert & key are used forever, causing the trigger to reoccur again and again. The only way I can get the system to function correctly is if I, during debugging in Eclipse with the matching Tomcat source, null out the "sslContext" on line 102 of AbstractJsseEndpoint. From what I can tell, the SSLHostConfigCertificate objects keep a copy of an SSLContext and during the JMX unregister and register the same SSLContext is transferred, which never takes in the same files. From my limited knowledge, it appears the files will never be loaded unless a new instance of SSLContext is created. I've tried both APR (OpenSSL) and native JSSE configurations. One thing of note - during testing, I'm only using PEM-based cert and key files (no CA). I have tried writing my own /TLSCertificateReloadListener/ <https://github.com/apache/tomcat/commit/144cb84e1a9777ef63c30f6021b562cc04aa708d> implementation but have found no clear way to null the SSLContext of the (determined expired) SSLHostConfigCertificate objects to allow a reload. I appreciate any suggestions! -- Justin -- Justin Yunke
Java 11 - Tomcat 8 - SSL
reNio2Channel.processSNI(SecureNio2Channel.java:381) at org.apache.tomcat.util.net.SecureNio2Channel.handshakeInternal(SecureNio2Channel.java:213) at org.apache.tomcat.util.net.SecureNio2Channel.handshake(SecureNio2Channel.java:204) at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1605) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:803) at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:98) at org.apache.tomcat.util.net.SecureNio2Channel$HandshakeReadCompletionHandler.completed(SecureNio2Channel.java:91) at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127) at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219) at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834) Chrome displays: This site can’t provide a secure connection Unknown macro: {myhost name} sent an invalid response. ERR_SSL_PROTOCOL_ERROR With no code changes – and running on 9.0.13 – with the same SSL config in server.xml – I am able to log in fine. Are there known issues with with tomcat 8, Java 11 and SSL? Is upgrading to tomcat 9 necessary? Please let me know if I can provide any more information Thanks! -Justin
Re: Severity of CVE-2016-6816
Great, thank you for answers Mark. Much appreciated! On Thursday, October 5, 2017, 3:29:04 PM CDT, Mark Thomas <ma...@apache.org> wrote: On 05/10/17 20:35, Justin wrote: > Hi all, > I'm curious about the severity of CVE-2016-6816 fixed last November. > http://svn.apache.org/viewvc?view=revision=1767653 > > I see that vendors backported this fix (over time). > http://www.securitytracker.com/id/1037332 > Severity is described as Important, Moderate, CVSS v2 Medium, and CVSS v3 > High. > "A remote user can exploit this to spoof content on the target server, > attempt to poison any intermediate web caches, or conduct cross-site > scripting attacks." > This sounds pretty serious. If my server is running a vulnerable version of > Tomcat, how easy is it to exploit? I'm not going to go into the details of exactly how to exploit this issue but the answer to your question is pretty difficult. 1. You need to be running Tomcat behind a reverse proxy of some form. 2. That reverse proxy needs to accept the same invalid requests as Tomcat (it should reject them with a 400 response). 3. The attacker needs to be able to either upload arbitrary static content which they can then request or formulate a request in such a way that arbitrary content is injected into the response. 1 is very common. 2 is possible but I haven't seen any evidence of it for these particular invalid requests. 3 is (very) unlikely. Overall, I'd judge the chances of all of these lining up on any given system as low to very low. It is one of those where the chances of it happening are low but the impact if it does happen is high. You could argue rating of Low, Moderate or High for this on Tomcat's scale. It is very much a judgement call. Where there is uncertainty over the likelihood then we tend to err on the side of caution. > Must webapps use cookies as some example exploits have shown? No. > "By manipulating the HTTP response the attacker could... obtain sensitive > information from requests other then their own." So if trusted users are > logging in, untrusted users could obtain passwords? Path or query parameters? Untrusted users could obtain anything from the response intended for a trusted user. Passwords are therefore unlikely, as is anything on the request side unless the application is echoing that data back to the client. Session cookies are probably the most likely target. HTH, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Severity of CVE-2016-6816
Hi all, I'm curious about the severity of CVE-2016-6816 fixed last November. http://svn.apache.org/viewvc?view=revision=1767653 I see that vendors backported this fix (over time). http://www.securitytracker.com/id/1037332 Severity is described as Important, Moderate, CVSS v2 Medium, and CVSS v3 High. "A remote user can exploit this to spoof content on the target server, attempt to poison any intermediate web caches, or conduct cross-site scripting attacks." This sounds pretty serious. If my server is running a vulnerable version of Tomcat, how easy is it to exploit? Must webapps use cookies as some example exploits have shown? "By manipulating the HTTP response the attacker could... obtain sensitive information from requests other then their own." So if trusted users are logging in, untrusted users could obtain passwords? Path or query parameters? Thanks, Justin
Character encoding issue in URL
Hi, I have a clean install of an older version of Tomcat (8.0.24). I have noticed when a character is encoded in the URL, Tomcat fails to return the URL requested. I've noted this same request performed in IIS works fine. Apache Tomcat tests: Works (No escape) – http://localhost:8080/examples/delme/íj.pdf Works (URL encoded) – http://localhost:8080/examples/delme/%C3%ADj.pdf Failed (Char encoded) – http://localhost:8080/examples/delme/%EDj.pdf IIS tests: Works (No escape) – http://localhost:8080/examples/delme/íj.pdf Works (URL encoded) – http://localhost:8080/examples/delme/%C3%ADj.pdf Works (Char encoded) – http://localhost:8080/examples/delme/%EDj.pdf I've reviewed this wiki page: https://wiki.apache.org/tomcat/FAQ/CharacterEncoding And it seems to imply that I shouldn't have to do anything, and the URL request should return properly. So my question is, what do I need to configure in Apache Tomcat to handle the character encoding request like IIS does?
Re: Frequency of Tomcat Native releases
| > Did you read the how to build tc-native page? Your link requires login to Confluence, so I'm not familiar with any of the Windows build process other than what I read about APR and what I read in native/BUILDING. Seems a login shouldn't be required to read this info. > do not have a dependency on a specific msvc runtime I believe MSYS2 MingW64 GCC and clang compilers should both work without specific msvcrt: $ which gcc /mingw64/bin/gcc $ gcc --version gcc.exe (Rev3, Built by MSYS2 project) 5.2.0 $ gcc -m64 main.c $ ldd a.exe ntdll.dll => /c/Windows/SYSTEM32/ntdll.dll (0x7ff8167a) KERNEL32.DLL => /c/Windows/system32/KERNEL32.DLL (0x7ff8143f) KERNELBASE.dll => /c/Windows/system32/KERNELBASE.dll (0x7ff813c6) msvcrt.dll => /c/Windows/system32/msvcrt.dll (0x7ff813f0) $ clang --version clang version 3.7.0 (tags/RELEASE_370/final) $ clang -m64 main.c $ ldd a.exe ntdll.dll => /c/Windows/SYSTEM32/ntdll.dll (0x7ff8167a) KERNEL32.DLL => /c/Windows/system32/KERNEL32.DLL (0x7ff8143f) KERNELBASE.dll => /c/Windows/system32/KERNELBASE.dll (0x7ff813c6) msvcrt.dll => /c/Windows/system32/msvcrt.dll (0x7ff813f0) > Python is not - and hasnever been as far as I am aware - a dependency See line 76 of native/buildconf. When I try to 'sh buildconf --with-apr=$HOME/apr' per BUILDING: Building from the svn tree, in MSYS2 (probably not in the documented build process that I can't read), I get: ImportError: No module named 'ConfigParser' If all patches have to go through devs, I'm sure one of the devs who has updated before can do this in minutes. I don't understand why user mailing list should document developer commits and submit patches. On Oct 4, 2015, 5:20:19 AM, Mark Thomas wrote:On 03/10/2015 23:51, Justin wrote: >> - ensure the changelog is up to date > Looks like r1681506 could be logged. Patch please. >> - versions all correct in source > $ find . -type f -exec grep '-H' '1\.1\.' '{}' \;... > ./1.1.x/xdocs/index.xml:...TC-Native-1.1.33 released > ./1.1.x/xdocs/index.xml:... availability of Tomcat Native 1.1.33 Stable. > ./1.1.x/xdocs/news/2015.xml:... TC-Native-1.1.33 released"> Looks good. >> - select and document APR & OpenSSL versions > Please update APR from 1.5.1 to 1.5.2. Patch please. > Please update OpenSSL from 1.0.1m to 1.0.2d. The last release we did we decided it was to early for 1.0.2. I'd be prepared to move to 1.0.2 now but that needs confirmation on the dev list. A separate patch for this should be enough to start that discussion. >> - check everything builds correctly > You'd get more volunteers if building APR didn't require MSVC 6.0 or however > you build .dsw. Did you read the how to build tc-native page? MSVC is not required. > In fact, it'd be nice to see many of these projects adopt Gradle and do away > with many of these old build tools. The toolchain used is driven by the desire to produce Windows binaries that do not have a dependency on a specific msvc runtime. In the past we have had all sorts of difficulties when the JVM depended on a different version to Tomcat. I certainly would not object to anything that made the build process easier for new people to figure out as long as that does not mean sacrificing the msvc runtime requirement. > I tried to build Tomcat Native once from repository and found my version of > Python was too new. I have no idea what you were trying to build but Python is not - and has never been as far as I am aware - a dependency for any Tomcat build. > Gradle allows the flexibility of MSVC, GCC, clang. I have no strong opinion on which build tool is used to simplify the current process. If you known Gradle and want to produce a patch then go for it. Mark > > > > > On Friday, October 2, 2015 5:15 PM, Mark Thomas ma...@apache.org> wrote: > > > On 02/10/2015 19:01, Justin wrote: >> Can we see more frequent releases of Tomcat Native, especially since >> it statically links OpenSSL on Windows? I was hoping to see a new >> release included in Tomcat 8.0.27. There have been a number of >> changes to both Tomcat Native 1.1.x and OpenSSL 1.0.2. >> http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/?view=log >> https://github.com/openssl/openssl/commits/OpenSSL_1_0_2-stable > > I've done the last few tc-native releases because they reached the point > where they really needed to happen. tc-native isn't my area of expertise > so I'd be more than happy to see someone else take this on. > > More frequent releases are certainly possible and very much the way we > should be aiming to do things as an Apache project. "Release early and > release often" is the goal. > > What contribution are you (or anyone else
Re: Frequency of Tomcat Native releases
> - ensure the changelog is up to date Looks like r1681506 could be logged. > - versions all correct in source $ find . -type f -exec grep '-H' '1\.1\.' '{}' \;... ./1.1.x/xdocs/index.xml:...TC-Native-1.1.33 released ./1.1.x/xdocs/index.xml:... availability of Tomcat Native 1.1.33 Stable. ./1.1.x/xdocs/news/2015.xml:... TC-Native-1.1.33 released"> > - select and document APR & OpenSSL versions Please update APR from 1.5.1 to 1.5.2. Please update OpenSSL from 1.0.1m to 1.0.2d. > - check everything builds correctly You'd get more volunteers if building APR didn't require MSVC 6.0 or however you build .dsw. In fact, it'd be nice to see many of these projects adopt Gradle and do away with many of these old build tools. I tried to build Tomcat Native once from repository and found my version of Python was too new. Gradle allows the flexibility of MSVC, GCC, clang. On Friday, October 2, 2015 5:15 PM, Mark Thomas <ma...@apache.org> wrote: On 02/10/2015 19:01, Justin wrote: > Can we see more frequent releases of Tomcat Native, especially since > it statically links OpenSSL on Windows? I was hoping to see a new > release included in Tomcat 8.0.27. There have been a number of > changes to both Tomcat Native 1.1.x and OpenSSL 1.0.2. > http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/?view=log > https://github.com/openssl/openssl/commits/OpenSSL_1_0_2-stable I've done the last few tc-native releases because they reached the point where they really needed to happen. tc-native isn't my area of expertise so I'd be more than happy to see someone else take this on. More frequent releases are certainly possible and very much the way we should be aiming to do things as an Apache project. "Release early and release often" is the goal. What contribution are you (or anyone else reading this) willing/able to make to help this process along? The tc-native release process is documented (ish) here: http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/jnirelease.sh?view=annotate and https://cwiki.apache.org/confluence/display/TOMCAT/Building+the+Tomcat+Native+Connector+binaries+for+Windows Off the top of my head things that need to be done / checked: - ensure the changelog is up to date - versions all correct in source - select and document APR & OpenSSL versions - check everything builds correctly Confirmation that any of the above is ready to go or patches to fix things if there are gaps will move a release forward. I can find the time to apply patches and turn the handle on the release if others can do the work to ensure that svn is in a good state to release. It is a fairly safe bet that anyone helping out substantially on the release is going to find themselves with an invitation to become a Tomcat committer and the RM for the next release. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Frequency of Tomcat Native releases
Can we see more frequent releases of Tomcat Native, especially since it statically links OpenSSL on Windows? I was hoping to see a new release included in Tomcat 8.0.27. There have been a number of changes to both Tomcat Native 1.1.x and OpenSSL 1.0.2. http://svn.apache.org/viewvc/tomcat/native/branches/1.1.x/?view=log https://github.com/openssl/openssl/commits/OpenSSL_1_0_2-stable
Re: Tomcat 8 reliability/performance on Windows 2008 R2 Server vs. RHEL/CentOS
> how one can check logs under win I'm late to the conversation but can recommend tools that I use: MSYS2 (msys2.github.io) and WinTail (tailforwindows.org). The former uses pacman as a package manager to manage grep, sed, curl, ssh, gcc, clang, and much more and does not have the GPL restrictions that Cygwin has. If you're behind a proxy, set http_proxy, https_proxy. The latter is a small Windows GUI designed for viewing logs. On Friday, October 2, 2015 3:12 PM, Frederik Nosiwrote: On 10/02/2015 10:10 PM, Frederik Nosi wrote: > Christopher, > > On 10/02/2015 09:40 PM, Christopher Schultz wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Frederik, >> >> On 10/2/15 12:29 PM, Frederik Nosi wrote: >>> On 10/02/2015 01:05 PM, David kerber wrote: On 10/2/2015 3:47 AM, Mark Thomas wrote: > On 02/10/2015 00:39, Jason Britton wrote: > > > >> And if Mark says there shouldn't be problems, I think that is >> some implicit guarantee of free support from him ;) > :) > > Bugs with reproducible tests cases are always welcome. > >> I have a lot of convenience shell scripts here and there but >> nothing I couldn't replicate in powershell I imagine. I >> would miss grep and find and all the other super useful Linux >> command line operations. I'm not sure I've ever been able to >> successfully search for text in files on a windows machine >> server or otherwise (except when using notepad++). > I've had similar problems using the OS provided tools on > Windows. I've long since switched to this: > > http://www.wingrep.com/ > > and never looked back. AstroGrep! http://astrogrep.sourceforge.net/ >>> Actually tail and other shell commands would be another heavy miss >>> for me, it was at the times i had to manage stuff on Windows years >>> ago. I got used to install Cygwin as first step in those times: >>> >>> https://www.cygwin.com/ >> There are also the win32 builds of GNU tools, but they all seem to run >> terribly slowly. I think it's because the standard C API is probably >> implemented using the win32 API so there's a layer of indirection >> around a lot of things. > > I know i know ... horror stories ... >> >> Cygwin is an option, but it's always ... just not the same. It also >> seems sluggish and things get really bizarre with path names and >> stuff. Some tools work well with the path insanity and others fail >> horribly. > > I do have to support java applications on unix where you can find inside: > > C:\...\Documents\... \Someone > > .. > > So i know. > > Anyway, although slow at least make you actually grep / tail and such. > I really cant understand how one can check logs under win, but maybe > that's me. Sorry, i was talking about Cygwin or win32 builds in case it wasn't clear > > All this though, has little to do with Window's kernel, it's the > userspace that IMHO is not adequate. > > > >> >> - -chris >> -BEGIN PGP SIGNATURE- >> Comment: GPGTools - http://gpgtools.org >> >> iQIcBAEBCAAGBQJWDt2jAAoJEBzwKT+lPKRYJecP/RWW8Al03MskdIKgjNmOgYB2 >> xic7xS+QYHYVeqw9tAdLflxZnkJuCEanU1vuC3vgRhi4MgLYQFmEhY7oH0h55fvT >> WEtrIQNhLMlbIF1V2NTGMJQwnK+zREWJTIBTbAfoPBfft3+jHlOGFz75qydqYn72 >> EoS2jPQvb9mmMbbf57q0mCAHfeuUSke68tuuzRyBvbo5GjOffwp/7wgAyZuo+KRE >> 86WFPkrJZ47QirUxJh8D2FxpQE1rBcX5qy41cY2bYhQt/qqOSnzGr08iefBj2+db >> cBROH3Bc8NGyBsclD3sC5qDlMphthpdEjhYCdFcXUdee4zTbURXWcmmHN74pmWGP >> AasjPrMArX7OsXn74wX3Q8xwm45JAXFZwqCjar/HUsXp96tPe2lW179NM9QVA2nV >> wub3dQflJhX80g4ppWH//Hw28Pbr4K3CETcsmsDQHjR0MOinjfbBQQj7ZiWwPEGw >> Ziub6P73rNQaVdt/OY8DzrcPxfTUIyObH8qGLKoY2CX8/q/FTWiu0FtpuTMOS/Q/ >> L+QUnS6KUCVeJY1jPx+9qu3WcgAuXYa66dbxuqzpiuh+eJ4YA1N3AWX3Hw1lAm9B >> 5rPH43332hXcu7iJf3c5gZKNdPFq9/2XTGP2Dsjp2w8Lmpn+nBO/fv6+hm12DLac >> uZdQVFGzkdln3uDuIhKM >> =amjv >> -END PGP SIGNATURE- >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat6+webapps+log4j
You might try putting the log4j properties file (or xml) in a shared loader location. In catalina.properties add something like this: shared.loader=${catalina.base}/conf/properties and then put the properties file there. ~Justin -Original Message- From: Tiago Sousa [mailto:tiago-a-so...@ext.ptinovacao.pt] Sent: Thursday, January 24, 2013 10:01 AM To: users@tomcat.apache.org Subject: Tomcat6+webapps+log4j Hello to all. I have tomcat 6 using JULI for logging (logging.properties in conf dir) plus several webapps using its own log4j.properties. I need to centralized all the logs so i thought to put a global/shared log4j.properties in $CATALINA_BASE\lib so that tomcat and each webapp can be controlled through this file. The problem i'm facing is that no logs are produced. At this time i'm trying to configure just TOMCAT, no webapps, to log through log4j but still no logs are produced. I've folowed the tutorial in Apache logging webpage with the standard log4j.properties. No logs in $CATALINA_BASE\logs. Can you help me saying what mistakes i am doing in this basic configuration (tomcat and no apps)? Thanks. Tiago - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org CONFIDENTIALITY NOTICE: The information in this message, and any attachment, is intended for the sole use of the individual and entity to whom it is addressed. This information may be privileged, confidential, and protected from disclosure. If you are not the intended recipient you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it, or its contents, is strictly prohibited. If you think that you have received this message in error please notify the sender and destroy all copies of this communication and any attachments. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JAAS Module Tomcat 7 (Bundling and JNDI Datasource access)
I was loading the datasource using Spring jee:jndi-lookup id=websecurDataSource jndi-name=foo/bar / In order for it to work it must be jee:jndi-lookup id=websecurDataSource jndi-name=java:comp/env/foo/bar / Also the Realm definition was not correct. The name of the JAAS class should be in a jaas.conf file, not in the Realm definition. Hope that helps someone else running into similar issues. Thanks whartung for the help. ~Justin -Original Message- From: Justin Rosenberg [mailto:rosenbe...@crlcorp.com] Sent: Wednesday, January 23, 2013 7:06 PM To: users@tomcat.apache.org Subject: JAAS Module Tomcat 7 (Bundling and JNDI Datasource access) I'm running into issues accessing a JNDI datasource in a JAAS module. Can I bundle a JAAS module in my war file? When I try to do this by defining the Realm in the context.xml of the web application I get a java.lang.ClassNotFoundException. The documentation specifies I must put the module in the lib directory. Can someone confirm this? When I deploy all the JAAS module and all required dependencies in a directory listed under common.loader, I run into the following two issue. The JAAS module cannot seem to load the JNDI datasource javax.naming.NameNotFoundException: Name [foo/bar] is not bound in this Context. Unable to find [foo]. Is there a way to expose a JNDI datasource to a JAAS module? Tomcat Version: 7.0.34 Datasource is defined in conf/server.xml as: GlobalNamingResources Resource auth=Container name=foo/bar type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@... username=user password=password / /GlobalNamingResources The datasource is exposed in conf/context.xml as: ResourceLink name=foo/bar global=foo/bar type=javax.sql.DataSource/ The JAAS module is defined at either the server.xml or context.xml of the web application as: Realm className=com.example.JAASModule appName=auth-login userClassNames=com.example.SimplePrincipal roleClassNames=com.example.SimplePrincipal / If defined in the server.xml the server fails to start. If it's in the application context.xml it fails when the application tries to load. Thank you, Justin CONFIDENTIALITY NOTICE: The information in this message, and any attachment, is intended for the sole use of the individual and entity to whom it is addressed. This information may be privileged, confidential, and protected from disclosure. If you are not the intended recipient you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it, or its contents, is strictly prohibited. If you think that you have received this message in error please notify the sender and destroy all copies of this communication and any attachments. Thank you. CONFIDENTIALITY NOTICE: The information in this message, and any attachment, is intended for the sole use of the individual and entity to whom it is addressed. This information may be privileged, confidential, and protected from disclosure. If you are not the intended recipient you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it, or its contents, is strictly prohibited. If you think that you have received this message in error please notify the sender and destroy all copies of this communication and any attachments. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Load properties file from Tomcat directory
Is there a to load a properties file that is dropped in the ${catalina.base}/lib directory? When I try the following it returns null: MyClass.class.getResourceAsStream(PROPERTY_FILE_NAME) I realize I can do the following, but I don't want the code to be server specific: props.load(new File(System.getProperty(catalina.base) + /lib/ + PROPERTY_FILE_NAME).toURL().openStream()); Thanks for the help, Justin CONFIDENTIALITY NOTICE: The information in this message, and any attachment, is intended for the sole use of the individual and entity to whom it is addressed. This information may be privileged, confidential, and protected from disclosure. If you are not the intended recipient you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it, or its contents, is strictly prohibited. If you think that you have received this message in error please notify the sender and destroy all copies of this communication and any attachments. Thank you.
JAAS Module Tomcat 7 (Bundling and JNDI Datasource access)
I'm running into issues accessing a JNDI datasource in a JAAS module. Can I bundle a JAAS module in my war file? When I try to do this by defining the Realm in the context.xml of the web application I get a java.lang.ClassNotFoundException. The documentation specifies I must put the module in the lib directory. Can someone confirm this? When I deploy all the JAAS module and all required dependencies in a directory listed under common.loader, I run into the following two issue. The JAAS module cannot seem to load the JNDI datasource javax.naming.NameNotFoundException: Name [foo/bar] is not bound in this Context. Unable to find [foo]. Is there a way to expose a JNDI datasource to a JAAS module? Tomcat Version: 7.0.34 Datasource is defined in conf/server.xml as: GlobalNamingResources Resource auth=Container name=foo/bar type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@... username=user password=password / /GlobalNamingResources The datasource is exposed in conf/context.xml as: ResourceLink name=foo/bar global=foo/bar type=javax.sql.DataSource/ The JAAS module is defined at either the server.xml or context.xml of the web application as: Realm className=com.example.JAASModule appName=auth-login userClassNames=com.example.SimplePrincipal roleClassNames=com.example.SimplePrincipal / If defined in the server.xml the server fails to start. If it's in the application context.xml it fails when the application tries to load. Thank you, Justin CONFIDENTIALITY NOTICE: The information in this message, and any attachment, is intended for the sole use of the individual and entity to whom it is addressed. This information may be privileged, confidential, and protected from disclosure. If you are not the intended recipient you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it, or its contents, is strictly prohibited. If you think that you have received this message in error please notify the sender and destroy all copies of this communication and any attachments. Thank you.
Re: Tomcat 7.33 update on Windows
Konstantin Kolinko knst.koli...@gmail.com wrote on 12/11/2012 09:12:16 AM: From: Konstantin Kolinko knst.koli...@gmail.com To: Tomcat Users List users@tomcat.apache.org Date: 12/11/2012 09:12 AM Subject: Re: Tomcat 7.33 update on Windows 2012/12/11 Justin Larose justin.lar...@nexweb.org: I just updated Tomcat 7 from version 7.11 to 7.33 on my windows server but when I goto the URL I am seeing 500 error, Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' Not sure why. I made a copy of all config directories prior to install and copied them all to the new Tomcat home. Below is the full stack. (...) root cause java.lang.ClassNotFoundException: com.microsoft.sqlserver.jdbc.SQLServerDriver What jar contains the above class and whether it is present in your installation? I guess you forgot to copy it. (It should be placed into Tomcat's lib/ directory). Thanks for your help Konstantin. It was missing a sql file in the lib directory. It wasn't there when I copied the old Tomcat directory so I had to copy it from another server. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Tomcat 7.33 update on Windows
I just updated Tomcat 7 from version 7.11 to 7.33 on my windows server but when I goto the URL I am seeing 500 error, Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' Not sure why. I made a copy of all config directories prior to install and copied them all to the new Tomcat home. Below is the full stack. _ HTTP Status 500 - javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' type Exception report message javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' description The server encountered an internal error that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:549) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:455) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) root cause javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:912) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:841) org.apache.jsp.index_jsp._jspService(index_jsp.java:286) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) root cause org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'com.microsoft.sqlserver.jdbc.SQLServerDriver' org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1429) org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1371) org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) com.compasseng.jsp.client.cors.Scanner.getScanners(Scanner.java:156) org.apache.jsp.index_jsp._jspService(index_jsp.java:151) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) root cause java.lang.ClassNotFoundException: com.microsoft.sqlserver.jdbc.SQLServerDriver org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1714) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559) org.apache.tomcat.dbcp.dbcp.BasicDataSource.createConnectionFactory(BasicDataSource.java:1420) org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1371) org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:1044) com.compasseng.jsp.client.cors.Scanner.getScanners(Scanner.java:156) org.apache.jsp.index_jsp._jspService(index_jsp.java:151) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:728) note The full stack trace of the root cause is available in the Apache Tomcat/7.0.33 logs. Apache Tomcat/7.0.33 Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service
RE: Configure SSL under Tomcat 7
ayouB __ ayb-2...@hotmail.fr wrote on 03/19/2012 01:00:59 PM: From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Date: 03/19/2012 01:01 PM Subject: RE: Configure SSL under Tomcat 7 Still not working !! I downloaded Apache Tomcat 7.0.26 (again), i added the tcnative-1.dll in my : apache-tomcat-7.0.26\bin, i created a keystore file with this command : keytool -genkeypair -alias tomcat -keyalg RSA -keystore C:\mykeystore i put the file named mykeystore in my : apache-tomcat-7.0.26\conf i modified my Tomcat's server.xml to be able to support HTTPS as it has been said in apache tomcat's documentation from the official website and as it had been said in the e-book : Apache Tomcat 7 (Aleska Vukotic and James Goodwill) in the chapter 7 : Securing tomcat with SSL ! (Step by step) Here's my conf/server.xml : ===server.xml= ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=mykeystore keystorePass=changeit keyAlias=tomcat keyPass=changeit/ This part looks wrong to me. Is your keystore under /conf or in the tomcat home? If its under /conf try this: Connector SSLEnabled=true clientAuth=false keyAlias=tomcat keystoreFile=conf/mykeystore.jks keystorePass=changeit port=8443 scheme=https secure=true sslProtocol=TLS/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3
RE: Cannot rid of expired Certificate ...
From: Andrew Erskine a.ersk...@darasoft.com To: Tomcat Users List users@tomcat.apache.org Date: 01/20/2012 06:05 AM Subject: RE: Cannot rid of expired Certificate ... -Original Message- From: Pid [mailto:p...@pidster.com] Sent: 20 January 2012 11:00 To: Tomcat Users List Subject: Re: Cannot rid of expired Certificate ... On 20/01/2012 10:52, Andrew Erskine wrote: So how do I do that .. I'm only replying to questions .. S0, scroll down a bit... On 20 Jan 2012, at 10:51, André Warnier a...@ice-sa.com wrote: ... and reply below Top post is like this : when I reply to a message, at the top of the message. It makes it much harder to follow the logic flow of a conversation. Andrew Erskine wrote: Top post ? ... each point. p Win2003svr Yes correct store .. the only one I've been using .. did try and clear the cache on firefox will try ie Answering below the question is much clearer. like this ? .. aha Andrew, When you hit the reply button use the option that says Reply with Internet-Style history. That will add the 's to all the previous comments and then you comment under each relevant one. =) - Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Error: Unable to compile class for JSP
Well now that I got the certificate setup and users login to the application they are not seeing all content... When they login to the application (Tomcat version 7.0.23) they get the error below in the initial splash window. (there should be a menu instead) If I switch back to the Tomcat 6.0 version it runs fine. I checked the .jps files and are identical between the version 6 and version 7 application. ___ Jan 11, 2012 8:28:23 AM org.apache.catalina.core.ApplicationDispatcher invoke SEVERE: Servlet.service() for servlet jsp threw exception org.apache.jasper.JasperException: Unable to compile class for JSP: An error occurred at line: 230 in the jsp file: /object_table.jsp The type Part is ambiguous 227:{ 228: //do nothing here - we don't want the filter to be displayed for lifecycles 229: } 230: else if (objType.equals(Part.class)) 231: { 232:ObjectTablePagelet.addButton(Pagelet.EDIT_BUTTON, edit_design_part_master, BarAdapterItem.MODE_ENABLE_ON_ONE, Edit Design Part, 530, 550); 233: } Thanks, Justin LaRose ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: Error: Unable to compile class for JSP
An error occurred at line: 230 in the jsp file: /object_table.jsp The type Part is ambiguous 227:{ 228: //do nothing here - we don't want the filter to be displayed for lifecycles 229: } 230: else if (objType.equals(Part.class)) 231: { Have you imported more than one Part.class by accident, via a wildcard import perhaps? I did not import any classes. I installed Tomcat 7 in a different directory and copied all the webapp directories to the new location. - Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: Error: Unable to compile class for JSP
ma...@apache.org wrote on 01/11/2012 01:19:17 PM: From: ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 01/11/2012 01:20 PM Subject: Re: Error: Unable to compile class for JSP Justin Larose justin.lar...@nexweb.org wrote: An error occurred at line: 230 in the jsp file: /object_table.jsp The type Part is ambiguous 227:{ 228: //do nothing here - we don't want the filter to be displayed for lifecycles 229: } 230: else if (objType.equals(Part.class)) 231: { Have you imported more than one Part.class by accident, via a wildcard import perhaps? I did not import any classes. You must have at least one import to resolve the class Part. Since I'm pretty sure a class with that name was added in servlet 3, wildcard imports are very likely the problem. I downgraded the Tomcat to Version 6.0.35 and looks to be working correctly now. Maybe Serena Dimensions cannot work with that higher version of Tomcat (version 7.0.23)? The only files I copied over from the 6.0 version to the 6.0.35 version were the webapps directory the web.xml file and the server.xml file. The only difference in the server.xml file between the 2 versions is this: Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / - Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors
Ognjen, You must use the same keystore and same alias when you: 1. generate key, 2. generate csr, 3. import certificate. Example: keytool -genkey ... -keystore xxx.jks -alias yyy keytool -certreq ... -keystore xxx.jks -alias yyy and later keytool -import -trustcacerts ... -keystore xxx.jks -alias yyy Same keystore, same alias in all three invocations of keytool. I took screenshots of my actions in doing these steps above. The only problem I see is when I created the keystore at first I named it wcmdev.keystore and now it seems to be named wcmdev.jks . So I have deleted all keystores and will start from scratch again. Here is what I have entered for creating keystore and CSR request: C:\Program Filescd %JAVA_HOME% C:\Program Files\Java\jre6cd bin C:\Program Files\Java\jre6\binkeytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore wcmdev.jks (I deleted this section) Enter key password for tomcat (RETURN if same as keystore password): Re-enter new password: C:\Program Files\Java\jre6\binkeytool -certreq -keyalg RSA -alias tomcat -file wcmdev.csr -keystore wcmdev.jks Enter keystore password: When I get the new certificate should I only import the certificate? Or do I need to import the intermediate and root certificate first? Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors -- Resolved
All, This seems to be the problem. How do I set my imported cert as a key entry or get Tomcat to read it as a CertEntry? You must use the same keystore and same alias when you: 1. generate key, 2. generate csr, 3. import certificate. Example: keytool -genkey ... -keystore xxx.jks -alias yyy keytool -certreq ... -keystore xxx.jks -alias yyy and later keytool -import -trustcacerts ... -keystore xxx.jks -alias yyy Same keystore, same alias in all three invocations of keytool. Thanks for the help everyone. After recreating the .jks and resubmitting the csr all with alias tomcat then importing the root, intermediate and new certificate I was able to access the application. -- Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors
Christopher Schultz ch...@christopherschultz.net wrote on 01/06/2012 05:20:12 PM: From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Date: 01/06/2012 05:20 PM Subject: Re: SSL Configuration Errors -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, On 1/6/12 2:56 PM, Justin Larose wrote: This Tomcat environment was setup long before I worked here, so I am just upgrading from an older version to 7.0.23 and trying to not use a self signed certificate. It's important for you to know if your app actually requires client authentication. Since your Connector says clientAuth=true, it means that all clients must present a valid certificate in order to connect. I actually removed the clientAuth=true statement and I can still access the application with the self signed cert. I have asked the application developers if this is required. I can get the sample-ssl.jks to work with the below connector port information. But when I edit the connector ports to add the new wcmdev-ssl.jks and imported Certificate(s) I received from the CSR I get the error, java.io.IOException: Alias name tomcat does not identify a key entry What do you get if you run this command: $ keytool -list -keystore conf/sample-ssl.jks I cannot run the keytool command from the Tomcat home directory. What I have been doing is making a copy of the .jks and dropping them into the java home/bin directory and running the keytool -list from there. But here is what it looks like from java_home Weird because it is an alias. Is it looking for tomcat as the actual entry name or alias? Your certificate needs to have the alias tomcat. I did import my cert with the alias tomcat. You can see that in the screenshot here: It seems like it is not reading the keystore properly. Should I just create a new CSR from the sample-ssl.jks keystore? That shouldn't be necessary. You may have to re-import your certificate, though. I have used the keytool to delete all 3 certs (root, intermediate and primary) and readd them many times. I even just tried only the Primary cert with the alias tomcat as the only cert. But the log shows same error: SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: Alias name tomcat does not identify a key entry - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8Hc5wACgkQ9CaO5/Lv0PC9LwCcDOxPQ9G8PY6WQAcUq/6zDvjR CU4AoLsvEq++7v0Ml5+A+XjRPilsKA9p =6XzB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors
Chris, This list strips non-text attachments. I will sent it in text format next time. I have used the keytool to delete all 3 certs (root, intermediate and primary) and readd them many times. I even just tried only the Primary cert with the alias tomcat as the only cert. But the log shows same error: SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: Alias name tomcat does not identify a key entry When you created your key to create the CSR, did you use tomcat as the alias for *that* as well? Looks like it can't find a *key*, not a *cert*. I was just looking at that. When I had the 2 list entries and the error log side by side I noticed the error says, Alias name tomcat does not identify a key entry And when I look at the self signed cert it is listed as a PrivateKeyEntry but on my imported cert it is listed as a trustedCertEntry This seems to be the problem. How do I set my imported cert as a key entry or get Tomcat to read it as a CertEntry? Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors
Pid p...@pidster.com wrote on 01/06/2012 04:30:30 AM: From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Date: 01/06/2012 04:31 AM Subject: Re: SSL Configuration Errors Connector port=18080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector Are you actually using Client auth? This Tomcat environment was setup long before I worked here, so I am just upgrading from an older version to 7.0.23 and trying to not use a self signed certificate. clientAuth=true port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 7.0\conf\wcmdev-ssl.jks keystoreType=JKS keystorePass=** keystoreType has the default, you can remove it. I don't like the look of those paths, this is neater: keystoreFile=${catalina.base}\conf\wcmdev-ssl.jks truststoreFile=F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 7.0\conf\wcmdev-ssl.jks truststoreType has the default, you can remove it. truststoreType=JKS truststorePass=** SSLVerifyClient=require SSLEngine=on SSLVerifyDepth=2 sslProtocol=TLS / sslProtocol is also the default, you can remove it. Removed. Connector port=8409 protocol=AJP/1.3 redirectPort=8443 / Are you actually using the AJP connector? Removed. Can you remove all of the client auth config and just configure the keystore alone, first to try to get the SSL working? Removed. Did you follow the steps here? http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html Yes. I can get the sample-ssl.jks to work with the below connector port information. But when I edit the connector ports to add the new wcmdev-ssl.jks and imported Certificate(s) I received from the CSR I get the error, java.io.IOException: Alias name tomcat does not identify a key entry Weird because it is an alias. Is it looking for tomcat as the actual entry name or alias? It seems like it is not reading the keystore properly. Should I just create a new CSR from the sample-ssl.jks keystore? Here is the connector info for the sample-ssl.jks that works. Service name=Catalina Connector port=18080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443/ Connector port=8443 SSLEnabled=true scheme=https secure=true maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 strategy=ms keystoreFile=conf/sample-ssl.jks keystorePass=*** keyAlias=tomcat truststoreFile=conf/sample-ssl.jks truststorePass=***/ Connector port=8543 SSLEnabled=true scheme=https secure=true maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 strategy=ms keystoreFile=conf/sample-ssl.jks keystorePass=*** keyAlias=tomcat truststoreFile=conf/sample-ssl.jks truststorePass=***/ ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: SSL Configuration Errors
Sorry. Comments removed. ___ ?xml version='1.0' encoding='utf-8'? Server port=8405 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=18080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / Connector clientAuth=true port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 7.0\conf\wcmdev-ssl.jks keystoreType=JKS keystorePass=** truststoreFile=F:\Serena\Dimensions 2009 R2\Common Tools\Tomcat 7.0\conf\wcmdev-ssl.jks truststoreType=JKS truststorePass=** SSLVerifyClient=require SSLEngine=on SSLVerifyDepth=2 sslProtocol=TLS / Connector port=8409 protocol=AJP/1.3 redirectPort=8443 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.LockOutRealm Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Realm Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b resolveHosts=false/ /Host /Engine /Service /Server Thanks, Justin LaRose From: Pid p...@pidster.com To: Tomcat Users List users@tomcat.apache.org Date: 01/04/2012 03:29 PM Subject:Re: SSL Configuration Errors On 04/01/2012 19:33, Justin Larose wrote: Hello Group, I am seeing this error when starting Tomcat 7 on Windows. SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8443] java.io.IOException: SSL configuration is invalid due to No available certificate or key corresponds to the SSL cipher suites which are enabled. I have 3 certs in the keystore 1 root, 1 intermediate and the one received from the csr. I also confirmed they are pointing to the correct place and I can see them if I do a keytool -list -v -keystore keystore.jks -alias mydomain I have attached my server.xml below. Anyone know where to start? By removing the comments? p ___ ?xml version='1.0' encoding='utf-8'? Server port=8405 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- !-- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / -- !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests
SSL Configuration Errors
documentation) -- !-- Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster/ -- !-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack -- Realm className=org.apache.catalina.realm.LockOutRealm !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Realm Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true !-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html -- !-- Valve className=org.apache.catalina.authenticator.SingleSignOn / -- !-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern=common -- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b resolveHosts=false/ /Host /Engine /Service /Server Thanks, Justin LaRose ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: Tomcat crashes after startup
Chris, You need to have a key in your keystore with the alias tomcat as well. If you have been following http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#Configuration, you have either missed or misinterpreted a step. I actually followed the document here: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html because I am using Tomcat 6. I also did import the cert with the alias tomcat (see screenshot below). Is there an order in which to import the certs? I imported the server cert first, then the CA, then the root cert. I would advise against using the same keystore for both the keystore and the truststore. The trust store is only used for validating client certificates and, IMO, should be kept separate from the certificates you use for the web service itself. These config settings were in place long before I worked here... I was just copying the info from the old server.xml and adding in the new keystore info. If we do not Use any client certs can I remove the truststore line? Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: Tomcat crashes after startup
Chris, Here is the first few lines of the output.. I don't think I want to copy my entire cert here. ___ F:\Serena\Dimensions 2009 R2\Common Tools\jre\6.0\binkeytool -list -v -keystore wcmdev-ssl.jks -alias tomcat Enter keystore password: Alias name: tomcat Creation date: Nov 10, 2011 Entry type: trustedCertEntry Owner: CN=wcmdev.nexweb.us, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Date: 12/13/2011 03:08 PM Subject:Re: Tomcat crashes after startup -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, On 12/13/11 8:35 AM, Justin Larose wrote: I actually followed the document here: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html because I am using Tomcat 6. Okay. You just hadn't mentioned that (version) before. I also did import the cert with the alias tomcat (see screenshot below). Is there an order in which to import the certs? I imported the server cert first, then the CA, then the root cert. Your screenshot has been suppressed from the list. Instead, can you post a text copy/paste for a keytool -list? I would advise against using the same keystore for both the keystore and the truststore. The trust store is only used for validating client certificates and, IMO, should be kept separate from the certificates you use for the web service itself. These config settings were in place long before I worked here... I was just copying the info from the old server.xml and adding in the new keystore info. If we do not Use any client certs can I remove the truststore line? Almost certainly. You probably want to fix one problem at a time, though. :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7nsIkACgkQ9CaO5/Lv0PD1EgCeNlYJ1udAFvbU4LGOw0lAxrKc s/0An3XMoGo1WCkYjRe7OhJ9gkdj1GlK =ANqY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat crashes after startup
/1.0/ Engine defaultHost=localhost name=Catalina !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false/ /Engine /Service /Server Thanks, Justin ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: Tomcat crashes after startup
=true enableLookups=false keyAlias=tomcat keystoreFile=conf/wcmdev-ssl.jks keystorePass= maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25port=8443 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/wcmdev-ssl.jks truststorePass=/ Connector SSLEnabled=true acceptCount=100 clientAuth=true disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/wcmdev-ssl.jks keystorePass= maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25port=8543 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/wcmdev-ssl.jks truststorePass=/ !-- Define an AJP 1.3 Connector on port 8409. -- Connector port=8409 protocol=AJP/1.3 redirectPort=8443 server=Unknown Web Server/1.0/ Engine defaultHost=localhost name=Catalina !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false/ /Engine /Service /Server Thanks, Justin From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Date: 12/12/2011 03:29 PM Subject:Re: Tomcat crashes after startup On 12/12/2011 20:20, Justin Larose wrote: Group, Can anyone help me with this error below from the catalina.log? I have attached my server.xml as well. I have done some searches on the internet and cannot find much on this error. SEVERE: Error initializing endpoint java.io.IOException: AnyCert TrustManagerFactory not available Seems pretty clear to me. Connector ... port=8543 ... truststoreAlgorithm=AnyCert .../ Fix your broken connector configuration or provide a JSSE implementation that includes this custom truststoreAlgorithm. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: unpackWARs and antiResourceLocking
Thanks for the response. Both 6.0.35 and 7.0.23 exhibit the same behaviour. In 7.0.23, the docBase is changed back to the context path via the ContextName now instead of the context.getPath() but the result is the same. Interestingly enough, there is a comment in the 7.0.23 source on line 750 that suggests the code to copy the .war file is never reached and that it's possibly a bug. This code is never reached because the docBase is changed to the path without the .war extension. I will submit a bug report. Additionally, I am running in a Windows environment and I use the antiResourceLocking on only a few apps so that new application war files may be deployed throughout the day (this is a test server) without bringing down Tomcat. I didn't use the JreLeakPreventionListener because only a few applications need to be re-deployed; everything else is pretty much static and I didn't want the performance hit with antiResourceLocking to affect every app. Is that reasonable or should I still just use the JreLeakPreventionListener? Thanks again Justin Konstantin Kolinko knst.koli...@gmail.com 12/6/2011 10:21 AM 2011/12/6 Justin Miller jumil...@utah.gov: Windows 2008 64-bit Java 1.6.0_16 32-bit Tomcat 6.0.33 Greetings I'm having some difficulties with the above environment and setting unpackWARs = false antiResourceLocking = true with apps packaged as WAR files. It appears that Tomcat is attempting to copy the WAR from the $CATALINA_HOME/webapps directory to the $CATALINA_HOME/temp directory without the .war extension (e.g., original docBase is $CATALINA_HOME/webapps/example.war and a new docBase of $CATALINA_HOME/temp/1-example ). Is my understanding that with the unpackWARs setting set to false, Tomcat just runs directly from the .war? Additionally, with the antiResourceLocking set to true, given the above assumption, would it be that Tomcat runs the app from a .war copied wholesale to the temp directory? If so, it appears that line 973 in ContextConfig.java method antiLocking never evaluates correctly because the docBase gets set to the value of path on line 969, which removes the .war extension so the file ends up being $CATALINA_HOME/temp/1-example instead of 1-example.war. Additionally, applications with sub-context paths (e.g., foo#bar.war) never get deployed to temp correctly with antiResourceLocking=true regardless of the unpackWARs setting because of the above scenario and because the docBase gets set to the context path in the antiLocking method which converts the # separator to /. There appears to be a fix on line 882 of fixDocBase that converts the / character to # in the path but that doesn't make it to the antiLocking method. It sounds like a bug. If you can reproduce it, please file a bug report. I would appreciate though if you can test with recently released 6.0.35 and with 7.0.23. In 7.0.x the app name-path handling was moved to a well-defined helper class, so it is unlikely that the issue is present there. Please advise if I my understandings/assumptions are incorrect and if so, how I might configure Tomcat correctly to run a war without unpacking and locking resources. I am also happy to submit a bug report if needed. 1. Even if war itself is not unpacked, Tomcat has to extract jars from it (otherwise it cannot feed them to class loaders). 2. Regarding whether or not it copies and were - I think it is easier to run and see. It can copy things to /temp, but IIRC most times it copies things to /work/Catalina/localhost/appname. IIRC the TC7 docs were recently a bit clarified on the topic of those options. I do not remember whether that was backported to 6.0 docs. 3. Usually you do not need those anti* flags. The JreLeakPreventionListener (if you have it in your server.xml) changes JRE defaults to keep JARs closed. You also do not need the flags if you never undeploy the webapp while Tomcat is running. (E.g. you never undeploy the manager webapp). 4. The anti* flags are needed on Windows only. On unixes you can delete files that are kept open so this problem does not exist. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat won't start after Windows Reboot
[org.apache.axis.utils.XMLUtils$ThreadLocalDocumentBuilder@1682a53]) and a value of type [org.apache.xerces.jaxp.DocumentBuilderImpl] (value [org.apache.xerces.jaxp.DocumentBuilderImpl@1b2d7df]) but failed to remove it when the web application was stopped. This is very likely to create a memory leak. Dec 5, 2011 3:02:43 PM org.apache.catalina.loader.WebappClassLoader clearThreadLocalMap SEVERE: The web application [/dmwebservice] created a ThreadLocal with key of type [org.apache.axis.utils.XMLUtils.ThreadLocalDocumentBuilder] (value [org.apache.axis.utils.XMLUtils$ThreadLocalDocumentBuilder@c07527]) and a value of type [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl] (value [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl@14b74a7]) but failed to remove it when the web application was stopped. This is very likely to create a memory leak. Dec 5, 2011 3:02:43 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-18080 Dec 5, 2011 3:02:43 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-8443 Dec 5, 2011 3:02:43 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-8543 Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: tomcat manager/status question
Dan, Thanks for the help. I opened the server.xml.orig file (from the Tomcat installation) and copied the GlobalNamingResources and Engine and restarted Tomcat. Afterwards I was able to login using the username and password located in the tomcat-users.xml file. Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/16/2011 02:21 PM Subject:Re: tomcat manager/status question Justin, Assuming that is the entire file, it looks like you do not have a UserDatabase or a Realm defined. You need to define a UserDatabase Resource tag and a Realm for the security configuration. This is required by the manager application perform authentication and authorization. This configuration will look something like the following (non-essential elements removed for brevity)... Server.. GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service... Engine... Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Engine /Service /Server For a complete example, grab a fresh copy of Tomcat and take a look at the server.xml file that is packaged with it. It has both of these elements defined and some comments which explain how it works. Dan On Wed, 2011-11-16 at 11:04 -0800, Justin Larose wrote: I have copied my server.xml file below. __ Server port=8405 shutdown=Shutdown.SerenaCommonTomcat !-- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / -- Listener className=org.apache.catalina.core.JasperListener/ Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Service name=Catalina Connector connectionTimeout=2 port=18080 protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web Server/1.0/ !-- Define a SSL HTTP/1.1 Connector on port 8443, using only 128-bit+ encryption (remove ciphers attribute if not needed). -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA server=Unknown Web Server/1.0/ -- Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks truststorePass=*/ Connector SSLEnabled=true acceptCount=100 clientAuth=true disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8543 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert truststoreFile=conf/sample-ssl.jks truststorePass=*/ !-- Define an AJP 1.3 Connector on port 8409. -- Connector port=8409 protocol=AJP/1.3 redirectPort=8443 server=Unknown Web Server/1.0/ Engine defaultHost=localhost name=Catalina Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false/ /Engine /Service /Server ___ Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 04:26 PM Subject:Re: tomcat manager/status question Justin, Your conf/tomcat-users.xml looks fine to me. I copied and pasted it into a stock Tocmat 6.0.33 server on my machine and it worked fine. At this point, you might want to also post your conf/server.xml file. Dan On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote: Yes I have restarted tomcat after editing this file: ?xml version='1.0' encoding='cp1252'? tomcat-users role rolename=manager-gui/ user username=admin password= roles=manager-gui / /tomcat-users Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 02:32 PM Subject:Re: tomcat manager/status
Re: tomcat manager/status question
I have copied my server.xml file below. __ Server port=8405 shutdown=Shutdown.SerenaCommonTomcat !-- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / -- Listener className=org.apache.catalina.core.JasperListener/ Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ Service name=Catalina Connector connectionTimeout=2 port=18080 protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web Server/1.0/ !-- Define a SSL HTTP/1.1 Connector on port 8443, using only 128-bit+ encryption (remove ciphers attribute if not needed). -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA server=Unknown Web Server/1.0/ -- Connector SSLEnabled=true acceptCount=100 clientAuth=false disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8443 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks truststorePass=*/ Connector SSLEnabled=true acceptCount=100 clientAuth=true disableUploadTimeout=true enableLookups=false keyAlias=tomcat keystoreFile=conf/sample-ssl.jks keystorePass=* maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 port=8543 scheme=https secure=true sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert truststoreFile=conf/sample-ssl.jks truststorePass=*/ !-- Define an AJP 1.3 Connector on port 8409. -- Connector port=8409 protocol=AJP/1.3 redirectPort=8443 server=Unknown Web Server/1.0/ Engine defaultHost=localhost name=Catalina Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false/ /Engine /Service /Server ___ Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 04:26 PM Subject:Re: tomcat manager/status question Justin, Your conf/tomcat-users.xml looks fine to me. I copied and pasted it into a stock Tocmat 6.0.33 server on my machine and it worked fine. At this point, you might want to also post your conf/server.xml file. Dan On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote: Yes I have restarted tomcat after editing this file: ?xml version='1.0' encoding='cp1252'? tomcat-users role rolename=manager-gui/ user username=admin password= roles=manager-gui / /tomcat-users Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 02:32 PM Subject:Re: tomcat manager/status question Justin, What exactly do you have in your conf/tomcat-users.xml file? If you could include the contents of the file inline here, that would be helpful. Don't forget to redact passwords and other sensitive info. Dan On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote: Question: I upgraded my Tomcat version to 6.0 using the apache-tomcat-6.0.33.exe file and I am trying to access the manager and the status pages here: localhost:port\index.jsp I get to the default Tomcat page and select status and I get a login prompt. After entering the username and password that I have configured in the \conf\tomcat-users.xml file it just asks for the password again and again. After the 3rd attempt it will default to the 401 page that talks about configuring the tomcat-users.xml file. I also get the same error after selecting the manager link as well. Do I need to install another portion of Tomcat to get this feature to work? Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
tomcat manager/status question
Question: I upgraded my Tomcat version to 6.0 using the apache-tomcat-6.0.33.exe file and I am trying to access the manager and the status pages here: localhost:port\index.jsp I get to the default Tomcat page and select status and I get a login prompt. After entering the username and password that I have configured in the \conf\tomcat-users.xml file it just asks for the password again and again. After the 3rd attempt it will default to the 401 page that talks about configuring the tomcat-users.xml file. I also get the same error after selecting the manager link as well. Do I need to install another portion of Tomcat to get this feature to work? Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: tomcat manager/status question
Yes I have restarted tomcat after editing this file: ?xml version='1.0' encoding='cp1252'? tomcat-users role rolename=manager-gui/ user username=admin password= roles=manager-gui / /tomcat-users Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org From: Daniel Mikusa dmik...@vmware.com To: Tomcat Users List users@tomcat.apache.org Date: 11/14/2011 02:32 PM Subject:Re: tomcat manager/status question Justin, What exactly do you have in your conf/tomcat-users.xml file? If you could include the contents of the file inline here, that would be helpful. Don't forget to redact passwords and other sensitive info. Dan On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote: Question: I upgraded my Tomcat version to 6.0 using the apache-tomcat-6.0.33.exe file and I am trying to access the manager and the status pages here: localhost:port\index.jsp I get to the default Tomcat page and select status and I get a login prompt. After entering the username and password that I have configured in the \conf\tomcat-users.xml file it just asks for the password again and again. After the 3rd attempt it will default to the 401 page that talks about configuring the tomcat-users.xml file. I also get the same error after selecting the manager link as well. Do I need to install another portion of Tomcat to get this feature to work? Thanks, Justin LaRose Database Web Services Administrator NEXCOM (757) 631-3443 justin.lar...@nexweb.org ** This email and any files transmitted with it are intended solely for the use of the individual or agency to whom they are addressed. If you have received this email in error please notify the Navy Exchange Service Command e-mail administrator. This footnote also confirms that this email message has been scanned for the presence of computer viruses. Thank You! **
Re: Tomcat 7: Why is JDK needed ?
It uses the Java compiler for activities such as compiling JSPs into Servlets into Java class files. All versions of Tomcat require the JDK. Sent from my BlackBerry device -Original Message- From: Bobi St temporaryb...@yahoo.de Date: Thu, 21 Jul 2011 19:58:53 To: users@tomcat.apache.org Subject: Tomcat 7: Why is JDK needed ? Hi there, why is Why is JDK needed also for Tomcat 7 ? Does it use a compiler, or why not simply using for example jre6 ?!? I have to install always extra JDK because of it ... Best regards, - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Configuration in Multi Core Systems
That statement is only correct if memory footprint is an issue, or if each thread allocates a lot of dynamic memory that isn't shared by other threads. If there isn't much memory required, or if most of the data stored in memory is heavily shared, adding more memory will not increase performance. Each processor has it's own on-die memory caches, which affect performance more than the amount of RAM all together (especially with good memory locality design). If all threads are trying to access an object that resides in the memory local to processor 1, adding more memory won't change the fact that access to this object from other processors will require non-local memory access through CPU boundaries. Regards, Justin Randall Sent from my BlackBerry device -Original Message- From: David Kerber dcker...@verizon.net Date: Sun, 24 Apr 2011 08:54:35 To: Tomcat Users Listusers@tomcat.apache.org Reply-To: Tomcat Users List users@tomcat.apache.org Subject: Re: Tomcat Configuration in Multi Core Systems On 4/24/2011 3:07 AM, sujikin wrote: Hi, Thanks for your replies. I was sure Server B will never will be able to match Server A even if it had infinite processors in it ( provided everything remains the same). Just wanted to confirm. @David Server B has *116* processors only. Slow because of time taken to handle single request. 32Gb shared among 116 processors isn't very much RAM for each process (that's why I assumed it was 16, not 116). You'll likely get a performance boost if you can give it more RAM. Regards, Sujeet David Kerber wrote: On 4/23/2011 2:31 PM, Sujeet Singh wrote: Hi, I have two servers which has below configuration, Server A has 32 GB RAM, 4 processors each of 2.8 GHz Server B has 32 GB RAM, 116 processors each of 1.6 GHz. Both servers has tomcat installed having same configuration. Tomcat of server B is at least half as slow as Server A. My question is...just by increasing the worker thread count, the performance of Server B can be increased or we need to do something else also? Tomcat version is 5.5 and Java version is 5. OS used is Solaris 10 SPARC. Thanks Regards, Sujeet First, I assume you mean 16 processors in server B, rather than 116. You need to define slow: time to process a single request, or # of requests it can handle? Server B's clock speed is about half that of A, so I would expect (everything else being equal) that it would run at ~ half the speed of A for a single request. However, given that it has 4x as many processors, it should be able to handle ~ 4x as many simultaneous requests, but each of them will still take about 2x as long as they would on A. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Configuration in Multi Core Systems
Hi Sujeet, In any application, speed is primarily determined by serial portions of code execution. Speed isn't something that is increased by adding more threads, however throughput can usually be increased which has the illusion of increasing speed for a given workload. That said, you should examine the serial parts of your application code and try to leverage additional parallelism (i.e. If you have multiple tasks within a single request to complete which aren't heavily dependent on each other). This can help reduce the time it takes for a given request to complete. If each request is handled only by a single thread then it should be expected that a CPU with 1/2 the speed performs 1/2 as fast. Regards, Justin Randall --Original Message-- From: Sujeet Singh To: users@tomcat.apache.org ReplyTo: Tomcat Users List Subject: Tomcat Configuration in Multi Core Systems Sent: Apr 23, 2011 14:31 Hi, I have two servers which has below configuration, Server A has 32 GB RAM, 4 processors each of 2.8 GHz Server B has 32 GB RAM, 116 processors each of 1.6 GHz. Both servers has tomcat installed having same configuration. Tomcat of server B is at least half as slow as Server A. My question is...just by increasing the worker thread count, the performance of Server B can be increased or we need to do something else also? Tomcat version is 5.5 and Java version is 5. OS used is Solaris 10 SPARC. Thanks Regards, Sujeet Sent from my BlackBerry device
Re: Tomcat on a Linux virtual machine
Hi Darryl, Is the database also running on a VM? My experience with problematic applications on VMs hasn't been related to the application itself (Tomcat, BIND, Apache, etc.) but moreso whether they generate high volumes of local storage I/O (like a database using local disks). The impact this can have can also be magnified if your VM disks aren't properly aligned (a common mistake in many older VM deployments). The vendor should also be providing some form of justification for their statements. Depending on your virtualization platform of choice, there may be various utilities you can use to analyze the performance of the virtualization host itself to help narrow down where bottlenecks may be occurring. Regards, --Original Message-- From: Darryl Lewis To: Tomcat Users List ReplyTo: Tomcat Users List Subject: Tomcat on a Linux virtual machine Sent: Apr 15, 2011 23:18 I have an application (commercial) running on a virtual instance of Linux talking to a Postgres database. We are continually getting locks on the DB that are crashing the app. I think it's just bad programming on the suppliers side, but the supplier has latched onto the idea that it is because it is running on a virtual machine. Has any experienced any problems running Tomcat on a virtual machine similar to this? Sent from my BlackBerry device
RE: [OT] servlet-specific error pages
Hi Chris, I'm assuming the servlet is in control of generating all of the errors you are implying? For example, if the servlet doesn't load properly and a 404 would be generated, the servlet would obviously not be in control of handling this exception and this would would have to make use of error-page directives in web.xml, specifically for error-code 404 which would redirect to a JSP that just so happens to be an XML file. If I've understood what you're looking for correctly I've worked on similar projects in the past and what's worked well for me is leveraging MVC by using the RequestDispatcher to forward to relevant JSPs which happen to all be XML files with the contents populated either via JSP tags or EL. This way you can catch the exceptions/error conditions in your servlet, set the appropriate exception information within the request context and the dispatch to the correct JSP XML page. For example: errorfile.jsp: = %@ page trimDirectiveWhitespaces=true % %@ page contentType=text/xml; charset=UTF-8 % %@ page session=false % % response.setHeader(Cache-Control,no-cache); response.setHeader(Pragma,no-cache); response.setDateHeader (Expires, 0); % ?xml version=1.0 encoding=utf-8? someXmlRoot errorCode${requestScope.errorCode}/errorCode errorMessage${requestScope.errorMessage}/errorMessage /someXmlRoot = In your serlvet you would redirect to the JSP as follows: = RequestDispatcher dispatcher = req.getRequestDispatcher(/WEB-INF/path/to/errorfile.jsp); req.setAttribute(errorCode, 500); req.setAttribute(errorMessage, My server had an oops!); dispatcher.forward(req, rsp); = Note the XML file doesn't have a schema associated with it but that's just for brevity of the example. I hope this helps! Justin Randall Date: Tue, 12 Apr 2011 16:38:25 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: [OT] servlet-specific error pages -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I have a webapp where some of the servlets are expected to return XML all the time, even for error conditions. I'd like to be able to set an error page for those servlets so the response will be in XML instead of HTML like you'd get with the default Tomcat error page or an error page we might have configured for the rest of the site. I didn't see anything in web.xml that would allow me to set an error page for a particular servlet. Any good ideas? Obviously, I can create a system-wide error resource that determines the resource that was being used and then dispatch to either an HTML-oriented or XML-oriented error page, but I was wondering if something like that already existed or if there was a better approach. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2kuEEACgkQ9CaO5/Lv0PBpqACfVky6ZZvG/Rgpt4XK804jdbei JpEAnj/NF2td4NNHoBAbFBRAgsUDkC0v =xjBP -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] servlet-specific error pages
Hi Chris, Of course. I was wondering about other exceptions or errors that maybe I cannot control from that code. Are you referring to internal exceptions within Tomcat's own code or simply unexpected exceptions within the servlet's implemented code? If it's the later you could always just wrap your code with a try block that catches Throwable which will catch any possible exception thrown by Java and properly implemented library exceptions. Perhaps not ideal but considering the available options it might not be too bad. Technically speaking, catching Throwable isn't such a bad practice for end-user facing applications because you can at least redirect to a more elegant Unexpected Exception has occurred page rather than an error page showing a stack trace of a NullPointerException or some other unexpected errors due to programming mistakes as an example. Regards, Justin Randall Date: Wed, 13 Apr 2011 16:11:09 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: [OT] servlet-specific error pages -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, On 4/13/2011 9:17 AM, Justin Randall wrote: Hi Chris, I'm assuming the servlet is in control of generating all of the errors you are implying? Yes and no: For example, if the servlet doesn't load properly and a 404 would be generated, the servlet would obviously not be in control of handling this exception and this would would have to make use of error-page directives in web.xml, specifically for error-code 404 which would redirect to a JSP that just so happens to be an XML file. Right, but I want the default 404 error page to be in HTML. Basically, I want two defaults. If the servlet spec allowed for error-page to include a servlet-name filter, that's what I would use. But it doesn't :( If I've understood what you're looking for correctly I've worked on similar projects in the past and what's worked well for me is leveraging MVC by using the RequestDispatcher to forward to relevant JSPs which happen to all be XML files with the contents populated either via JSP tags or EL. This way you can catch the exceptions/error conditions in your servlet, set the appropriate exception information within the request context and the dispatch to the correct JSP XML page. Of course. I was wondering about other exceptions or errors that maybe I cannot control from that code. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2mA10ACgkQ9CaO5/Lv0PAvMgCgqk4ZiH5b75jrl25Kq73Po3hq qCIAniutff9LdBlxKTUya36QdWp9e+eL =j2iW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] servlet-specific error pages
Hi Martin, What Chris is actually looking for is custom servlet specific error handling in addition to web application error handling (the later is what you have described below). In other words, 401 for Servlet X is directed to a different JSP than 401 for the entire web application. Regards, Justin Randall Sent from my BlackBerry device -Original Message- From: Martin Gainty mgai...@hotmail.com Date: Wed, 13 Apr 2011 21:47:51 To: Tomcat Users Listusers@tomcat.apache.org Reply-To: Tomcat Users List users@tomcat.apache.org Subject: RE: [OT] servlet-specific error pages in web.xml for your webapp map a custom jsp for each returned HTTP status code e.g: error-page error-code401/error-code location/401.jsp/location /error-page error-page error-code403/error-code location/403.jsp/location /error-page error-page error-code404/error-code location/404.jsp/location /error-page Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. From: ran...@hotmail.com To: users@tomcat.apache.org Subject: RE: [OT] servlet-specific error pages Date: Wed, 13 Apr 2011 20:10:48 -0400 Hi Chris, Of course. I was wondering about other exceptions or errors that maybe I cannot control from that code. Are you referring to internal exceptions within Tomcat's own code or simply unexpected exceptions within the servlet's implemented code? If it's the later you could always just wrap your code with a try block that catches Throwable which will catch any possible exception thrown by Java and properly implemented library exceptions. Perhaps not ideal but considering the available options it might not be too bad. Technically speaking, catching Throwable isn't such a bad practice for end-user facing applications because you can at least redirect to a more elegant Unexpected Exception has occurred page rather than an error page showing a stack trace of a NullPointerException or some other unexpected errors due to programming mistakes as an example. Regards, Justin Randall Date: Wed, 13 Apr 2011 16:11:09 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: [OT] servlet-specific error pages -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, On 4/13/2011 9:17 AM, Justin Randall wrote: Hi Chris, I'm assuming the servlet is in control of generating all of the errors you are implying? Yes and no: For example, if the servlet doesn't load properly and a 404 would be generated, the servlet would obviously not be in control of handling this exception and this would would have to make use of error-page directives in web.xml, specifically for error-code 404 which would redirect to a JSP that just so happens to be an XML file. Right, but I want the default 404 error page to be in HTML. Basically, I want two defaults. If the servlet spec allowed for error-page to include a servlet-name filter, that's what I would use. But it doesn't :( If I've understood what you're looking for correctly I've worked on similar projects in the past and what's worked well for me is leveraging MVC by using the RequestDispatcher to forward to relevant JSPs which happen to all be XML files with the contents populated either via JSP tags or EL. This way you can catch the exceptions/error conditions in your servlet, set the appropriate exception information within the request context and the dispatch to the correct JSP XML page. Of course. I was wondering about other exceptions or errors that maybe I cannot control from that code. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2mA10ACgkQ9CaO5/Lv0PAvMgCgqk4ZiH5b75jrl25Kq73Po3hq qCIAniutff9LdBlxKTUya36QdWp9e+eL =j2iW -END PGP SIGNATURE
Re: Customize URL access
Read up on web.xml and using Serlvet mappings to define paths that map to the Servlet class itself. It looks like you're currently using direct servlet invocation. --Original Message-- From: Jonatan Aguirre Kobayashi To: users@tomcat.apache.org ReplyTo: Tomcat Users List Subject: Customize URL access Sent: Mar 31, 2011 09:17 Hello, a have a application and the url is for example http://localhost:8080/myapp/servlet/maiservlet. How i do to access to my application with this url: http://localhost:8080/myapp/maiservlet (without servlet reference) PD: Sorry , my english is not good. Sent from my BlackBerry device - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Followup on 32-bit versus 64-bit performance discussion(s)
In general, it is technically possible for a 32-bit application to perform faster than a 64-bit application when running on a 64-bit CPU because of CPU memory cache behaviour. 64-bit memory addresses occupy more space within a single cache line and can result in added memory cache misses (cache lines filled more quickly) which require additional loads from real memory into CPU registers, effectively slowing down the performance of an application. Sent from my BlackBerry device -Original Message- From: Leon Rosenberg rosenberg.l...@gmail.com Date: Mon, 14 Mar 2011 20:33:21 To: Tomcat Users Listusers@tomcat.apache.org Reply-To: Tomcat Users List users@tomcat.apache.org Subject: Re: [OT] Followup on 32-bit versus 64-bit performance discussion(s) I'm sorry, I probably missed something, but why should 64 bit app on 64 bit os on 64 bit cpu be slower as 32 bit analog? regards Leon On Mon, Mar 14, 2011 at 6:45 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 3/14/2011 1:36 PM, David kerber wrote: On 3/14/2011 1:31 PM, Christopher Schultz wrote: I should have mentioned, we are in a Linux environment, so we have lots of options. ;) Lucky you; I wish I could say the same... You should lobby to virtualize your infrastructure on top of some kind of Linux-based virtualization platform. Then you can still be running on Windows but also have some ... other options ;) I would suggest the other way around if you wanted to operate in a Linux environment, but if the idea is to improve stability, then running Linux on top of Windows isn't exactly recommended technique. I had always heard that Microsoft SQL Server was a really good RDBMS. It's just too bad it has to run on Windows. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1+VDYACgkQ9CaO5/Lv0PBD+wCfQBK7R2hi6tcsxYaIjNTMYQsR jlkAnijh8Tmk7JEX8GLsfzFkf/4qc8Ck =emTF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Followup on 32-bit versus 64-bit performance discussion(s)
Indeed. It really makes you wonder why caches and pipelines weren't scaled more proportionally. At least we can appreciate better calling conventions. :) --Original Message-- From: Christopher Schultz To: Tomcat Users List ReplyTo: Tomcat Users List Subject: Re: [OT] Followup on 32-bit versus 64-bit performance discussion(s) Sent: Mar 14, 2011 17:08 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, On 3/14/2011 3:45 PM, Justin Randall wrote: In general, it is technically possible for a 32-bit application to perform faster than a 64-bit application when running on a 64-bit CPU because of CPU memory cache behaviour. Also due to the amount of data that can be transferred at once across the data paths to the CPU: 64-bit pointers simply take up more bandwidth on those paths. A 32-bit process, using 32-bit pointers, will enjoy a 2x speedup for those types of data. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1+g+MACgkQ9CaO5/Lv0PB8DwCgqTO/v8DuSS4M8qKbAiGAMJch bVoAoIdFUL3MM0TqBOFxWZfMp/+9s8At =2ZPm -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Sent from my BlackBerry device
Re: Change of email address
One would imagine you would simply subscribe your new address and (potentially) unsubscribe your old address. --Original Message-- From: Michael McQuade To: 'Tomcat Users List' ReplyTo: Tomcat Users List Subject: Change of email address Sent: Dec 25, 2010 09:57 How does one go about changing to a new email address? A new address of m.mcqu...@powergate.ca is in effect Thank-You and Merry christmas Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Sent from my BlackBerry device - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Can tomcat detect disconnection by client side in Async mode?
Hello, Without knowing the application and going on standard sockets, I know from experience without using Async mode that Tomcat does generate a ClientAbortException when a TCP RST is received from a client when Tomcat is writing the HTTP response to the client. The client was a CPE which downloaded firmware/config via HTTP and sent a TCP RST after the first chunk of data if the version on the server and in the CPE were identical. Not sure if this is relevant and what the behaviour of your client would be for disconnecting from the server (assuming it's not a web browser). Regards, Justin Randall Sent from my BlackBerry device -Original Message- From: Ben xpsl...@gmail.com Date: Sun, 5 Dec 2010 14:25:56 To: Tomcat Users Listusers@tomcat.apache.org Reply-To: Tomcat Users List users@tomcat.apache.org Subject: Can tomcat detect disconnection by client side in Async mode? Hi there, Any idea about the disconnection handling? Cannot find reference for this. In my application the client may disconnect and send a new request with different parameters. On server side I wanna clean the AsynContext held by previous request. Right now only timeout will do, which is not efficient cos I set the timeout to quite high value to avoid frequent disconnect / connect. Thanks for help. Ben - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Can tomcat detect disconnection by client side in Async mode?
Just to clarify, I'm not trying to imply that ClientAbortException wouldn't be generated for Async mode in some way but simply that I've only tested TCP RST behaviour in non-Async mode. Sent from my BlackBerry device -Original Message- From: Justin Randall ran...@hotmail.com Date: Tue, 7 Dec 2010 00:16:01 To: Tomcat Users Listusers@tomcat.apache.org Reply-To: Tomcat Users List users@tomcat.apache.org Subject: Re: Can tomcat detect disconnection by client side in Async mode? Hello, Without knowing the application and going on standard sockets, I know from experience without using Async mode that Tomcat does generate a ClientAbortException when a TCP RST is received from a client when Tomcat is writing the HTTP response to the client. The client was a CPE which downloaded firmware/config via HTTP and sent a TCP RST after the first chunk of data if the version on the server and in the CPE were identical. Not sure if this is relevant and what the behaviour of your client would be for disconnecting from the server (assuming it's not a web browser). Regards, Justin Randall Sent from my BlackBerry device -Original Message- From: Ben xpsl...@gmail.com Date: Sun, 5 Dec 2010 14:25:56 To: Tomcat Users Listusers@tomcat.apache.org Reply-To: Tomcat Users List users@tomcat.apache.org Subject: Can tomcat detect disconnection by client side in Async mode? Hi there, Any idea about the disconnection handling? Cannot find reference for this. In my application the client may disconnect and send a new request with different parameters. On server side I wanna clean the AsynContext held by previous request. Right now only timeout will do, which is not efficient cos I set the timeout to quite high value to avoid frequent disconnect / connect. Thanks for help. Ben - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: automatic deployment without server.xml - bad request
From: Markus Schönhaber tomcat-us...@list-post.mks-mail.de Yes, it is an error. But in this case, I, too, consider the error erroneous. A status code of 400 basically means that the request was syntactically b0rked. But, as I understand it, that's not the problem here: the request is syntactically fine - it fails because the server is misconfigured. Therefore a status code of 500 seems more appropriate to me. Well, w3.org says: Error 4xx, 5xx The 4xx codes are intended for cases in which the client seems to have erred, and the 5xx codes for the cases in which the server is aware that the server has erred. It is impossible to distinguish these cases in general, so the difference is only informational. The body section may contain a document describing the error in human readable form. Not found 404: The server has not found anything matching the URI given Internal Error 500: The server encountered an unexpected condition which prevented it from fulfilling the request. I still vote for 404 :) (as if my vote matters) because the server is all fine and dandy (the APP is misconfigured not the server), but the client is asking for something not available. But the difference is only informational :) Cheers, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
migrating to Tomcat 7, when
Hi all, I see discussions about migration to Tomcat 7. Do you think it is the right moment to count your production apps on it? My thought is no way Jose but maybe I'm missing something... Thank you, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: automatic deployment without server.xml - bad request
From: Caldarale, Charles R chuck.caldar...@unisys.com JSPs are only compiled upon first reference, not before. That results in a slight (usually very slight) pause for the first guy in, so if you want to pre-compile them, there is a script available to do so: http://tomcat.apache.org/tomcat-6.0-doc/jasper-howto.html#Production%20Configuration n Interesting, thank you. I will look into this. I would have still expected that in the automatic deployment with the single context.xml, tomcat still does that. For the first user, with delay, no problem. But it threw an unlogged error 400 and didn't compile zit, thus my original problem stays... Thanks a lot, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: automatic deployment without server.xml - bad request
From: Konstantin Kolinko knst.koli...@gmail.com Just curious: why wtpwebapps? Eclipse IDE uses that name. Precisely :) Only because Eclipse publishes it there, so the name was kept. No other reason. Try with recent 6.0.x (build it yourself), or 6.0.30 (when it comes out), or 7.0.5 -- they will log such requests into AccessLog. Usually it means that this request was rejected by the connector, or by CoyoteAdapter. What is your client? Ummm, I wouldn't go into beta stuff... I have enough troubles as you can see :) and what do you mean by client? The browser? Do you have a ROOT application deployed? You should have one. This is true, I don't have one. Might this be The/a problem? Thanks a lot, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: automatic deployment without server.xml - bad request
From: Pid p...@pidster.com This is either because your application is not deployed, or because the request path you're using does not match the actual request path deployed. When you start Tomcat, is there a message in the logs saying: 02-Dec-2010 10:44:17 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory com.mycompany.myapp OR 02-Dec-2010 10:44:17 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory myapp ? What is the exact URL (you may omit the actual domain if you wish) that you then request? Hmmm, it says Deploying web application directory com.mycompany.myapp which is somehow what I was expecting (it IS in that directory under wtpwebapps), then I'm calling it with http://localhost:8080/myapp (I need it that way) Now that you mention, I notice this difference: - when I put it in the server.xml and it gets deployed automatically, Tomcat creates under work/Catalina/localhost the directory myapp. All fine. - when I use the standalone context.xml it creates under work/Catalina/localhost a directory com.mycompany.myapp - which stays empty afterwards. I still don't know what and why it happens, but I feel it's getting closer to the root cause :) Thank you, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: automatic deployment without server.xml - bad request
From: Pid p...@pidster.com If the request isn't being routed to your application, then without a ROOT application the host hasn't got a mechanism to serve any response other than an error. Error is fine, as long it's a 404 (and not this enigmatic 400)... Thank you, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
From: Gregor Schneider rc4...@googlemail.com I feel that ppl have a problem if they mistrust their developers in so far that they have to lock their box even to their own developers maintaing the apps. And I'm not talking about full access but I'm talking about browsing the logs. Besides, when having a production-problem, one can react quickly if the developer responsible for the app can read the logs. OTOH, some ppl might have no problems with outages and can wait for the logs being mailed / ftp'ed / whatsoever by the usally always busy server-admins...*sic* I'm living in such an environment. One of the reasons for this separation is fear of quick fixes: production machines are not for testing patches - which otherwise you can bet it would happen if anything beyond log reading would be granted. But we have log reading allowed and everybody is happy - both paranoids and genies. JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: automatic deployment without server.xml - bad request
From: Caldarale, Charles R chuck.caldar...@unisys.com When you say standalone context.xml, are you referring to a Context element located in the webapp's META-INF/context.xml directory? Yes, that one. Make sure you don't have a conf/Catalina/[host]/[appName].xml file, since that will override anything inside the webapp. It usually gets created automatically, right? I remove it by hand each time before I plan some changes/redeploy. Please post the entire (not just a fragment) server.xml you're using with the standalone context.xml, along with the Context element. Remove all comments and obfuscate proprietary information first. Here it goes: ?xml version=1.0 encoding=UTF-8? Server port=8005 shutdown=SHUTDOWN Listener SSLEngine=on className=org.apache.catalina.core.AprLifecycleListener / Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Service name=Catalina Connector URIEncoding=UTF-8 connectionTimeout=2 port=8080 protocol=HTTP/1.1 redirectPort=8443 / Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / Engine defaultHost=localhost name=Catalina Host appBase=wtpwebapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs pattern=common prefix=access_log. resolveHosts=false suffix=.txt / /Host /Engine /Service /Server Thank you, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: automatic deployment without server.xml - bad request
From: Pid p...@pidster.com On 12/2/10 12:34 PM, Justin Case wrote: Error is fine, as long it's a 404 (and not this enigmatic 400)... 400 isn't enigmatic and /is/ an error. ;) It IS an error indeed, but we're not talking about throwing just ANY random error number here :) 400 is a specific error which to my untrained eye has absolutely nothing to do with the fact that under the named context there's no application deployed. That's why a 404 would have sent me much sooner in the right direction - resource not found, instead of trying endlessly to play with the request headers and the HTTP protocol details. But maybe it's just me. I'd suggest you make a simple empty ROOT app. Tomcat will then serve 404s for missing URLs. You could also customise the 404 response page to suit. Yeah I probably will do that - but I will still regard it as a dirty hack... Otherwise thanks a lot for your support, I was obviously misunderstanding what the Path parameter of the Context is expected to do. Now I know what I have to change. Or I think so at least. Back to the drawing board. Thanks a lot to you all gals/guys, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: GET and POST data in same request
GET and POST are HTTP verbs/operations. It is impossible to have a combo GET/POST. Which ever verb is specified in the HTTP headers is what will control whether doGet or doPost is called. You are correct that GET and POST reference data differently, however they are actions and not areas of data in an HTTP request. Regards, Justin --Original Message-- From: Larry To: users ReplyTo: Tomcat Users List Subject: GET and POST data in same request Sent: Dec 2, 2010 17:21 Hello, I need to have an apache mod_rewrite pass a request ( which contains POST data ) along to my servlet with some GET parameters. I think when Tomcat sees the GET params, it invokes my servlet's doGet ( which annihilates my POST data ). I need to be able to access both the GET data from the request URL and the POST data from the body. Is this possible? Maybe its not tomcat's fault ;) Any insight is welcome, thanks. -Larry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Sent from my BlackBerry device
Re: automatic deployment without server.xml - bad request
From: Pid p...@pidster.com On 12/2/10 10:24 PM, Justin Case wrote: Yeah I probably will do that - but I will still regard it as a dirty hack... A ROOT app should be mandatory. It's not - yet :) so I'm all legal without. But what do you think about the 400 error? Is it really appropriate as answer in this setup? And is it really my particular need to write an application only to convert the 400 into 404? I'm just surprised... ...or maybe I should consider whether my application can be both root AND answer to the context... Cheers, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
automatic deployment without server.xml - bad request
Hello all, I'm on Tomcat 6.0.29 in Windows (XP or server 2003, same) and I'm trying to get an application to deploy automatically without putting it in server.xml - as the documentation strongly recommends. Just to note, if I put the context setting in server.xml like this all works fine. Host appBase=wtpwebapps autoDeploy=false deployOnStartup=false name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs pattern=common prefix=access_log. resolveHosts=false suffix=.txt / Context docBase=com.mycompany.myapp path=/myapp reloadable=true override=true Manager pathname= / Resource name=hibernate/MySessionFactory auth=Container type=org.hibernate.SessionFactory factory=com.mycompany.myapp.HibernateSessionFactoryTomcatFactory configuration=hibernate.cfg.xml / /Context /Host If I remove the context from server.xml and place a context.xml in my app's META-INF, then enable the two deploy params, the deployment happens succesfully - that's what the console says at least. The application even starts ok, I can see the logging of my classes. BUT! Each request to the application will throw immediately a HTTP error 400 - bad request. Funny enough, this error will not even be logged anywhere, even when I enabled debug logging in Tomcat! (and got 100M of logs which I searched through). No record of the 400 whatsoever, while I can confirm the Host header IS there - I see it in Firebug (and with the other context it works anyway). What I see different is that the Tomcat's work directory, the work/Catalina/localhost/com.mycomp.myapp directory it created automatically at startup is and stays EMPTY. Now normally there should be the compiled JSP's right? So there's SOMETHING not ok about this automatic deployment, and I'm unable to figure out what it is. There was in May an interesting discussion thread on this list called Misunderstanding deployOnStartup actions, but that guy also ended up using server.xml so... I only see advice like your config is wrong to start with, which might be very true (otherwise one wouldn't be posting), but I wasn't able to see anywhere sampled a CORRECT config. Thanks A LOT for any hints/samples/links, JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: automatic deployment without server.xml - bad request
First of all, thanks for your long answer. Please read (carefully), the following documentation: Exactly from there I got the approach of Copy unpacked directory hierarchy Your docBase would only work if you have a directory $CATALINA_BASE/com.mycompany.myapp. It works actually, only gives the (expected) warning that it will be ignored. But you're right, normally I removed it when switched to context.xml (didn't mention in my message as I thought it unimportant) 2. remove the path attribute from your Context Rename your WAR file to myapp.war. Tomcat will correctly infer the path I'm not using a war but the unpacked approach. Nevertheless, interesting - the automatic deployment section doesn't mention this inference and I was always wondering. 3. Place myapp.war in $CATALINA_BASE/webapps Tomcat (by default) will unpack and deploy your application ...and will it compile the JSPs as well? Because that was my original problem... 4. Remove the Manager node from your Context. The Manager node relates to managing HTTP Sessions. The Hibernate sessions relate to Hibernate units of work. Yes but the Manager = should be used, according to Google, to avoid serializing the HTTP sessions - a previously bothering situation. I think I'll keep it :) 5. Remove the Resource node from your Context. 6. Place the hibernate.cfg.xml file where it will be packaged in WEB-INF/classes. Hibernate.cfg.xml is there already... I'll try removing the Resource but I remember needing to put it there as well (used in some filters) - I might be wrong here. 7. Use a ServletContextListener to get a Hibernate SessionFactory. I'll try this too. that utility class in a listener. I can then attach logging and MBeans to the listener. No beans here :) So, bottom line: great tips thank you! I will try them all. I'm honestly not sure whether they relate to my problem, though... JC - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: what is it doing ?
Hello, From a general Linux perspective, if you have a knowledge of Linux system calls, along with what operations are performed by which web application you could use strace (use the -f to follow threads). Depending on what you're interested in you can filter further for operations on files or network activity (i.e. -e trace=file,network,desc). If you see a lot of erroneous activity (such as constantly trying to open/stat a file that doesn't exist) and you know which web app (or Tomcat) is responsible you can address the issue. You could also check top to see whether the CPU is being consumed in usr or sys space, along with whether maybe the memory on your system is maxed out (trigger high CPU load transfer data between RAM and swap space). Regards, Justin Randall Date: Tue, 19 Oct 2010 17:40:17 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: what is it doing ? Hi. I have a Linux system like so : Linux arthur 2.6.26-2-686 #1 SMP Mon Aug 30 07:01:57 UTC 2010 i686 GNU/Linux with a tomcat like so : Using CATALINA_BASE: /usr/share/tomcat5.5 Using CATALINA_HOME: /usr/share/tomcat5.5 Using CATALINA_TMPDIR: /usr/share/tomcat5.5/temp Using JRE_HOME: /usr/lib/jvm/java-1.5.0-sun Server version: Apache Tomcat/5.5 Server built: Oct 15 2008 12:57:44 Server number: 5.5.26.0 OS Name:Linux OS Version: 2.6.26-2-686 Architecture: i386 JVM Version:1.5.0_22-b03 JVM Vendor: Sun Microsystems Inc. (Java JDK installed) and where night and day, tomcat seems to be using a fair amount of CPU time, like so : PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 2901 tomcat55 20 0 459m 285m 16m S 13 32.3 354:39.13 java although by all means, it should not be doing that much sometimes. How can I figure out what it is actually doing ? I mean, which is the easiest standard tool or procedure not requiring a degree in quantum physics, and which could give me at least a rough idea of which webapp or internal tomcat process is keeping that CPU busy all the time ? I have a nagging feeling that someone is going to tell me to take thread dumps. If so, maybe they would also kindly point out a place where I could find some instructions as to how to interpret such a thing ? Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: what is it doing ?
One more thing, aside from checking whether the CPU consumed is usr or sys you may also want to lookup at iowait (a.k.a wa). This would indicate the CPU is busy waiting for IO operations to complete (potentially a slow disk or storage device). Regards, Justin Randall From: ran...@hotmail.com To: users@tomcat.apache.org Subject: RE: what is it doing ? Date: Tue, 19 Oct 2010 12:10:54 -0400 Hello, From a general Linux perspective, if you have a knowledge of Linux system calls, along with what operations are performed by which web application you could use strace (use the -f to follow threads). Depending on what you're interested in you can filter further for operations on files or network activity (i.e. -e trace=file,network,desc). If you see a lot of erroneous activity (such as constantly trying to open/stat a file that doesn't exist) and you know which web app (or Tomcat) is responsible you can address the issue. You could also check top to see whether the CPU is being consumed in usr or sys space, along with whether maybe the memory on your system is maxed out (trigger high CPU load transfer data between RAM and swap space). Regards, Justin Randall Date: Tue, 19 Oct 2010 17:40:17 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: what is it doing ? Hi. I have a Linux system like so : Linux arthur 2.6.26-2-686 #1 SMP Mon Aug 30 07:01:57 UTC 2010 i686 GNU/Linux with a tomcat like so : Using CATALINA_BASE: /usr/share/tomcat5.5 Using CATALINA_HOME: /usr/share/tomcat5.5 Using CATALINA_TMPDIR: /usr/share/tomcat5.5/temp Using JRE_HOME: /usr/lib/jvm/java-1.5.0-sun Server version: Apache Tomcat/5.5 Server built: Oct 15 2008 12:57:44 Server number: 5.5.26.0 OS Name:Linux OS Version: 2.6.26-2-686 Architecture: i386 JVM Version:1.5.0_22-b03 JVM Vendor: Sun Microsystems Inc. (Java JDK installed) and where night and day, tomcat seems to be using a fair amount of CPU time, like so : PID USER PR NI VIRT RES SHR S %CPU %MEMTIME+ COMMAND 2901 tomcat55 20 0 459m 285m 16m S 13 32.3 354:39.13 java although by all means, it should not be doing that much sometimes. How can I figure out what it is actually doing ? I mean, which is the easiest standard tool or procedure not requiring a degree in quantum physics, and which could give me at least a rough idea of which webapp or internal tomcat process is keeping that CPU busy all the time ? I have a nagging feeling that someone is going to tell me to take thread dumps. If so, maybe they would also kindly point out a place where I could find some instructions as to how to interpret such a thing ? Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: j_security_check with https
Hello, I'm not going to bother responding to the many posts that said the solution I mentioned was wrong, instead I'll just provide the example of how to do it, since it works. . lines removed . package blah; . lines removed . public final class SomeFilterClass implements Filter { . lines removed . public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse rsp = (HttpServletResponse) response; rsp.sendRedirect(req.getRequestURI()); filterChain.doFilter(request, response); } . lines removed . } = And below is what the web.xml looks like: = lines removed . filter filter-nameSomeFilterClass/filter-name filter-classblah.SomeFilterClass/filter-class /filter filter-mapping filter-nameSomeFilterClass/filter-name url-pattern/ssl/*/url-pattern dispatcherFORWARD/dispatcher dispatcherINCLUDE/dispatcher dispatcherERROR/dispatcher /filter-mapping . lines removed . security-constraint web-resource-collection web-resource-nameRequiresLogin/web-resource-name url-pattern/html/*/url-pattern /web-resource-collection auth-constraint role-namesomerole/role-name /auth-constraint /security-constraint security-constraint web-resource-collection web-resource-nameRequiresSSL/web-resource-name url-pattern/ssl/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint security-role role-namesomerole/role-name /security-role login-config auth-methodFORM/auth-method form-login-config form-login-page/ssl/login.jsp/form-login-page form-error-page/ssl/login-error.jsp/form-error-page /form-login-config /login-config . lines removed . = Of course you'll need to change the login/security constraint URLs and role name to match those in your environment. For anyone who stated the earlier statements were incorrect, I encourage you to provide another better working example. This one works for me and is used by other industry professionals. Regards, Justin Here is an example: Date: Wed, 7 Jan 2009 09:35:33 +0100 From: rc4...@googlemail.com To: users@tomcat.apache.org Subject: Re: j_security_check with https Hi Justin, On Wed, Jan 7, 2009 at 4:13 AM, Justin Randall ran...@hotmail.com wrote: Create a Filter subclass with the sole purpose of having its doFilter method call sendRedirect on the HttpServletResponse object. Map this Filter to the same URL pattern you use for SSL and make sure to use the dispatcher tags for FORWARD, INCLUDE, ERROR, and whatever other RequestDispatcher operations you want to ensure use SSL. You've got any example using this solution? Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Keep in touch and up to date with friends and family. Make the connection now. http://www.microsoft.com/windows/windowslive/
RE: j_security_check with https
Howdy, First, to clear an incorrect point made... There is a point of switching back to HTTP after HTTPS. From a server load perspective having to perform SSL computations for every single HTTP request can be a serious performance bottleneck. As for the security aspect, transmission of the username/password should be done over HTTPS, as this is considered private/confidential data and can be used to establish future authenticated sessions, however unless you are in a location where eavesdropping attacks are a risk, there is no need for encryption as the session ID is either a hashed string in a cookie, or the servlet is making use of URL re-writing, both of which are only temporary passes until the HttpSession has been invalidated. Second, to answer the question regarding actions redirect to HTTP... The reason the redirects are not going to HTTPS is because of the RequestDispatcher. When Tomcat sees that you are trying to access a resource for which login is required, it FOWARDs the request to the login form. The security constraints defined in web.xml are for when requests are made directly for those resources. What this means is that your configuration to make sure that the login pages use SSL only come into affect when the browser requests them directly. Requests that have been FORWARDed by the RequestDispatcher totally bypass the SSL constraints. What is the solution? Create a Filter subclass with the sole purpose of having its doFilter method call sendRedirect on the HttpServletResponse object. Map this Filter to the same URL pattern you use for SSL and make sure to use the dispatcher tags for FORWARD, INCLUDE, ERROR, and whatever other RequestDispatcher operations you want to ensure use SSL. Hope this helps. Justin Date: Tue, 6 Jan 2009 19:01:24 -0200 From: diegogus...@gmail.com To: users@tomcat.apache.org Subject: Re: j_security_check with https this didnt work security-constraint web-resource-collection web-resource-nameUsuario/web-resource-name url-pattern/login/*/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint if i try myAPP/login/login.jsp work, but when i try an action and has restrict access, and havent user logged, tomcat redirect to login page with http !!! 2009/1/6 Caldarale, Charles R chuck.caldar...@unisys.com: From: Diego Armando Gusava [mailto:diegogus...@gmail.com] Subject: Re: j_security_check with https when u login, your username and password will be transport https, but after that, you are in http! u dont need https because, you are only reading messages(emails) And what does that have to do with the behavior of a servlet container? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Keep in touch and up to date with friends and family. Make the connection now. http://www.microsoft.com/windows/windowslive/
RE: Form Based Authenticattion - j_security_check does not redirect from http to https
Hello, Have you tried adding j_security_check to your web.xml for patterns which should be redirected to SSL? Regards, Justin Date: Tue, 9 Dec 2008 00:17:36 -0800 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Form Based Authenticattion - j_security_check does not redirect from http to https Hi, I am using Apache Tomcat Version 5.5.2. I am running it on Windows XP Professional Service Pack 2. I have a form based authentication for my application: […] login-config auth-methodFORM/auth-method realm-nameAuthentication Area/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/login.jsp?action=error/form-error-page /form-login-config /login-config […] Also, I have redirected all my requests for port-80 to port-443. So, whenever I try to open a page in http, it automatically gets redirected to https. This is working fine for all the pages. Except, when I open the http://localhost/APP_NAME/j_security_check page it does not get redirected and stays on http. This is the only page showing this deviation in behavior. For example, the http://localhost/APP_NAME/security_check page gets redirected to https, and the same goes for my login page and all other pages in my app. Is this a known issue or is there a configuration that I am unaware of. Thanks a lot. -- View this message in context: http://www.nabble.com/Form-Based-Authenticattion---j_security_check-does-not-redirect-from-http-to-https-tp20910454p20910454.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _
RE: Form Based Authenticattion - j_security_check does not redirect from http to https
Hi again, I thought about this a little more and I think what you're experiencing might be as a result of the RequestDispatcher. When the RequestDispatcher fowards to a URL resource, it overrides the SSL/Authentication constraints you have setup. There is a way of getting around this (which also adds an additional layer of maintenance programming security in your code) by using Filters. Basically, in your web.xml you define a filter for your SSL protected pages: filter filter-nameMyFilterClass/filter-name filter-classmy.package.MyFilterClass/filter-class /filter filter-mapping filter-nameMyFilterClass/filter-name url-pattern/ssl/*/url-pattern dispatcherFORWARD/dispatcher dispatcherINCLUDE/dispatcher dispatcherERROR/dispatcher /filter-mapping Below is a sample implementation of the doFilter that takes care of the redirecting: public void doFilter(ServletRequest request, ServletResponse response, FilterChain arg2) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse rsp = (HttpServletResponse) response; rsp.sendRedirect(req.getRequestURI()); } I hope this helps! Justin From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: RE: Form Based Authenticattion - j_security_check does not redirect from http to https Date: Tue, 9 Dec 2008 03:28:10 -0500 Hello, Have you tried adding j_security_check to your web.xml for patterns which should be redirected to SSL? Regards, Justin Date: Tue, 9 Dec 2008 00:17:36 -0800 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Form Based Authenticattion - j_security_check does not redirect from http to https Hi, I am using Apache Tomcat Version 5.5.2. I am running it on Windows XP Professional Service Pack 2. I have a form based authentication for my application: […] login-config auth-methodFORM/auth-method realm-nameAuthentication Area/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/login.jsp?action=error/form-error-page /form-login-config /login-config […] Also, I have redirected all my requests for port-80 to port-443. So, whenever I try to open a page in http, it automatically gets redirected to https. This is working fine for all the pages. Except, when I open the http://localhost/APP_NAME/j_security_check page it does not get redirected and stays on http. This is the only page showing this deviation in behavior. For example, the http://localhost/APP_NAME/security_check page gets redirected to https, and the same goes for my login page and all other pages in my app. Is this a known issue or is there a configuration that I am unaware of. Thanks a lot. -- View this message in context: http://www.nabble.com/Form-Based-Authenticattion---j_security_check-does-not-redirect-from-http-to-https-tp20910454p20910454.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ _
RE: Form Based Authenticattion - j_security_check does not redirect from http to https
Hello, Are you using other filters? If you are you will need the method to look like the below: public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse rsp = (HttpServletResponse) response; rsp.sendRedirect(req.getRequestURI()); filterChain.doFilter(request, response); } However, from the looks of your stack trace the problem is with your login.jsp?action=error page. You need to review your code to figure out where and how it is trying to create an HttpSession (presumably in the login error page) after a failed login attempt. Regards, Justin Date: Tue, 9 Dec 2008 02:29:53 -0800 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: RE: Form Based Authenticattion - j_security_check does not redirect from http to https Justin Randall-5 wrote: Hi again, I thought about this a little more and I think what you're experiencing might be as a result of the RequestDispatcher. When the RequestDispatcher fowards to a URL resource, it overrides the SSL/Authentication constraints you have setup. There is a way of getting around this (which also adds an additional layer of maintenance programming security in your code) by using Filters. Basically, in your web.xml you define a filter for your SSL protected pages: filter filter-nameMyFilterClass/filter-name filter-classmy.package.MyFilterClass/filter-class /filter filter-mapping filter-nameMyFilterClass/filter-name url-pattern/ssl/*/url-pattern dispatcherFORWARD/dispatcher dispatcherINCLUDE/dispatcher dispatcherERROR/dispatcher /filter-mapping Below is a sample implementation of the doFilter that takes care of the redirecting: public void doFilter(ServletRequest request, ServletResponse response, FilterChain arg2) throws IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse rsp = (HttpServletResponse) response; rsp.sendRedirect(req.getRequestURI()); } I tried this but I got the following exception and the j_security_check page on http doesn't get redirected: java.lang.IllegalStateException: Cannot create a session after the response has been committed at org.apache.catalina.connector.Request.doGetSession(Request.java:2221) at org.apache.catalina.connector.Request.getSession(Request.java:2031) at org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:832) at javax.servlet.http.HttpServletRequestWrapper.getSession(HttpServletRequestWrapper.java:216) at org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:545) at org.apache.catalina.core.ApplicationHttpRequest.getSession(ApplicationHttpRequest.java:494) at org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:136) at org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:113) at org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:105) at org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:62) at org.apache.jsp.login_jsp._jspService(login_jsp.java:33) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:98) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:331) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:329) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:265) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at com.solidcore.bl.servlet.TagFilter.doFilter(TagFilter.java:110) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:691) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:469) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:403) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301) at org.apache.catalina.authenticator.FormAuthenticator.forwardToErrorPage(FormAuthenticator.java:337
RE: Tomcat 6.0.18 Servlet Loading/Reloading
Hi Chuck, Thanks for the response. I guess perhaps I was not clear enough in my configuration or description of the issue. Each Servlet in the application has load-on-startupX/load-on-startup where X represents the numeric order in which I've assigned them to start. Also what I did mention previously is that init is NOT called when I browse to the URI, however the Servlet is loaded as my System.out.println statements in doGet/doPost are being output to catalina.out and they also show that init was never called (by checking parameters that should have been initialized by init. Lastly, the reason I say init' methods is that there IS more than one, and Tomcat calls both of them when initializing a Servlet. If you think this is incorrect, make sure to @Override both init and init(ServletConfig config) and have different logging statements. You will see both of them being executed when Tomcat loads the Servlet. I hope this helps better clarify the situation. Justin. From: [EMAIL PROTECTED] To: users@tomcat.apache.org Date: Wed, 3 Dec 2008 20:46:50 -0600 Subject: RE: Tomcat 6.0.18 Servlet Loading/Reloading From: Justin Randall [mailto:[EMAIL PROTECTED] Subject: RE: Tomcat 6.0.18 Servlet Loading/Reloading Basically when I restart Tomcat, it doesn't call any of the init methods of the Servlet Unless you have load-on-startup set for the servlet in your webapp's WEB-INF/web.xml, that is correct behavior for a Tomcat restart. The init() method (there can only be one per servlet) should be called upon first reference to a URL that matches a url-pattern element inside one of your servlet-mapping elements. If load-on-startup is set, the init() method will be called at Tomcat restart for each such servlet. however all of the initialization which was to be performed by the init methods was never done. You keep using the word methods when there is only one init() method for a given servlet; why is that? When I copy the existing war file from the webapps directory to another location, update the modify timestamp and then move it back into the webapps directory, the init methods are then called and the application works properly. This is also correct behavior for initial or re-deployment. Although the spec doesn't require it, Tomcat calls the init() methods to verify webapp viability at these times. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _
Tomcat 6.0.18 Servlet Loading/Reloading
Hello, I have a very strange issue with Tomcat 6.0.18 and I'm not sure what information to provide to help debug further. I have an installation of Tomcat 6.0.18 which fails to properly initialize servlets upon restart. If I deploy a new application.war file while Tomcat is running (even if it is the same war file with different modify timestamp) everything loads up just fine. Below are the system details: - Tomcat: Tomcat version 6.0.18 with APR 1.1.14 - Java: JDK 1.6u10 - RedHat Enteprise Linux 5 It seems that Servlet X, for example, does load to a point, because it returns a value, however the log4j subsystem is not initialized at all (providing me with no debug info at all) and catalina.out/err show no signs of trouble. Below is a snippet of restarting Tomcat. = Dec 3, 2008 7:08:36 PM org.apache.coyote.http11.Http11AprProtocol pause INFO: Pausing Coyote HTTP/1.1 on http-80 Dec 3, 2008 7:08:37 PM org.apache.catalina.core.StandardService stop INFO: Stopping service Catalina Dec 3, 2008 7:08:37 PM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextDestroyed() Dec 3, 2008 7:08:37 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextDestroyed() Dec 3, 2008 7:08:37 PM org.apache.coyote.http11.Http11AprProtocol destroy INFO: Stopping Coyote HTTP/1.1 on http-80 Dec 3, 2008 7:08:43 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.14. Dec 3, 2008 7:08:43 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Dec 3, 2008 7:08:43 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 Dec 3, 2008 7:08:43 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 562 ms Dec 3, 2008 7:08:43 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Dec 3, 2008 7:08:43 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.18 Dec 3, 2008 7:08:44 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextInitialized() Dec 3, 2008 7:08:44 PM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextInitialized() Dec 3, 2008 7:08:44 PM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 Dec 3, 2008 7:08:44 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 1432 ms AbandonedObjectPool is used ([EMAIL PROTECTED]) LogAbandoned: false RemoveAbandoned: true RemoveAbandonedTimeout: 60 = Then once I move a new .war file into the webapps directory: = Dec 3, 2008 7:20:25 PM org.apache.catalina.startup.HostConfig checkResources INFO: Undeploying context [/thewebapplication] Dec 3, 2008 7:20:25 PM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive thewebapplication.war = Has anyone else ever experienced this before and can provide some help? Kind regards, Justin _
RE: Tomcat 6.0.18 Servlet Loading/Reloading
I've been doing some more testing and added a bunch of System.out.println statements to the init, init(ServletConfig), and doPost/doGet methods so that I could see what my application was doing without log4j initialized. Basically when I restart Tomcat, it doesn't call any of the init methods of the Servlet, however it does load it partially. When I actually browse to the URL of the Servlet, I can see my System.out.println statements being output to catalina.out, however all of the initialization which was to be performed by the init methods was never done. When I copy the existing war file from the webapps directory to another location, update the modify timestamp and then move it back into the webapps directory, the init methods are then called and the application works properly. From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Tomcat 6.0.18 Servlet Loading/Reloading Date: Wed, 3 Dec 2008 19:22:15 -0500 Hello, I have a very strange issue with Tomcat 6.0.18 and I'm not sure what information to provide to help debug further. I have an installation of Tomcat 6.0.18 which fails to properly initialize servlets upon restart. If I deploy a new application.war file while Tomcat is running (even if it is the same war file with different modify timestamp) everything loads up just fine. Below are the system details: - Tomcat: Tomcat version 6.0.18 with APR 1.1.14 - Java: JDK 1.6u10 - RedHat Enteprise Linux 5 It seems that Servlet X, for example, does load to a point, because it returns a value, however the log4j subsystem is not initialized at all (providing me with no debug info at all) and catalina.out/err show no signs of trouble. Below is a snippet of restarting Tomcat. = Dec 3, 2008 7:08:36 PM org.apache.coyote.http11.Http11AprProtocol pause INFO: Pausing Coyote HTTP/1.1 on http-80 Dec 3, 2008 7:08:37 PM org.apache.catalina.core.StandardService stop INFO: Stopping service Catalina Dec 3, 2008 7:08:37 PM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextDestroyed() Dec 3, 2008 7:08:37 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextDestroyed() Dec 3, 2008 7:08:37 PM org.apache.coyote.http11.Http11AprProtocol destroy INFO: Stopping Coyote HTTP/1.1 on http-80 Dec 3, 2008 7:08:43 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.14. Dec 3, 2008 7:08:43 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Dec 3, 2008 7:08:43 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 Dec 3, 2008 7:08:43 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 562 ms Dec 3, 2008 7:08:43 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Dec 3, 2008 7:08:43 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.18 Dec 3, 2008 7:08:44 PM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextInitialized() Dec 3, 2008 7:08:44 PM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextInitialized() Dec 3, 2008 7:08:44 PM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 Dec 3, 2008 7:08:44 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 1432 ms AbandonedObjectPool is used ([EMAIL PROTECTED]) LogAbandoned: false RemoveAbandoned: true RemoveAbandonedTimeout: 60 = Then once I move a new .war file into the webapps directory: = Dec 3, 2008 7:20:25 PM org.apache.catalina.startup.HostConfig checkResources INFO: Undeploying context [/thewebapplication] Dec 3, 2008 7:20:25 PM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive thewebapplication.war = Has anyone else ever experienced this before and can provide some help? Kind regards, Justin _ _
Basic question on requiring a login
Hi Tomcat users, Maybe I'm not googling with the right keywords, but I can't seem to find a simple answer to this... I have a standard Tomcat 6.0.10 installation (no Apache httpd front end or anything). All the contents of the webapps directory have been removed, and a single web app has been deployed -- my root application (ROOT.war). Very simple, and all's working great. Here's the part I need help with: Now I want Tomcat to require a login panel before anyone can access the application. How to I get Tomcat to force a login panel when users access the root web app? (Basically I'm looking for the same sort of functionality you get with Apache .htaccess files etc but without the extra complexity of integrating with Apache httpd). Any tips or pointers greatly appreciated! Thanks! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: building mod_jk failing
Hello, I am trying to build mod_jk on Solaris 10 x86, which unfortunately is not available in binary form. I dlded Apache source and built using: $ PATH=$PATH:/usr/sfw/bin:/usr/ccs/bin $ export PATH SH_LIBS $ ./configure --with-included-apr --prefix=/usr/local/apache/httpd-2.2.8 --enable-so --enable-mods -shared=ssl --enable-ssl --enable-module=rewrite --enable-shared=rewrite I then dlded mod_jk source, cd native, then tried to build using the apxs from the Apache i just built from source. I am getting a general error which is not helping me to identify the problem. Where can i look to get more information? thanks # ./configure --with-apxs=/local/apache/apache2.2.8/bin/apxs : bad interpreter: No such file or directory smime.p7s Description: S/MIME cryptographic signature
RE: building mod_jk failing
Thank you that helped. I got gnumake installed and configure worked fine. (had to chmod 700 configure and scripts/build/instdso.sh) Now getting this warning, otherwise .so being created ok: Warning! dlname not found in /local/home/ixops3/tomcat-connectors-1.2.26-src/tomcat-connectors-1.2.26-src /native/apache-2.0/mod_jk.la. However, apache is not liking it... httpd: Syntax error on line 412 of /local/apache/apache2.2.8/conf/httpd.conf: Cannot load /local/apache/apache2.2.8/modules/mod_jk.so into server: ld.so.1: httpd: fatal: /local/apache/apache2.2.8/modules/mod_jk.so: wrong ELF data format: ELFDATA2MSB Thanks - j PS - it was Re since I had posted this before I became a user, and forwarded once I joined -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: 10 March 2008 17:53 To: Tomcat Users List Subject: Re: building mod_jk failing Justin Vassallo wrote: Hello, I am trying to build mod_jk on Solaris 10 x86, which unfortunately is not available in binary form. I dlded Apache source and built using: $ PATH=$PATH:/usr/sfw/bin:/usr/ccs/bin $ export PATH SH_LIBS $ ./configure --with-included-apr --prefix=/usr/local/apache/httpd-2.2.8 --enable-so --enable-mods -shared=ssl --enable-ssl --enable-module=rewrite --enable-shared=rewrite I then dlded mod_jk source, cd native, then tried to build using the apxs from the Apache i just built from source. I am getting a general error which is not helping me to identify the problem. Where can i look to get more information? thanks # ./configure --with-apxs=/local/apache/apache2.2.8/bin/apxs : bad interpreter: No such file or directory Not sure, why your mail subject starts with Re:, I couldn't find any previous mails in this thread. configure is a shell script. From the error I would guess, that you downloaded the zip source and not the tarball format. The zip file contains DOS files, so configure and many other files have DOS line endings and using those shell scripts gives an error, because /bin/sh^M is not an existing shell. If I'm right about the zip download, simply choose the .tar.gz download, which should work. Are we talking about mod_jk 1.2.26? Please also make sure, that you are using the make/gmake in /usr/sfw/bin and not the Solaris make in /usr/ccs/bin. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
Re: URL Redirects from Root?
Yes, thank you. I think I seen this before, but forgot until you pointed it out. Coo! On Jan 18, 2008 12:58 PM, Hassan Schroeder [EMAIL PROTECTED] wrote: On Jan 16, 2008 2:22 PM, Justin Stanczak [EMAIL PROTECTED] wrote: Anyone have suggestions on setting up redirect for the ROOT folder? http://tuckey.org/urlrewrite/ should take care of it :-) -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- All that is necessary for the triumph of evil is that good men do nothing. - Edmund Burke
Re: URL Redirects from Root?
Just bumping this. Not sure if it got through. I got an email error. On Jan 16, 2008 5:22 PM, Justin Stanczak [EMAIL PROTECTED] wrote: Anyone have suggestions on setting up redirect for the ROOT folder? What I have is an old IIS server that I'm moving to Linux Tomcat. The IIS has all kinds of redirects. My first thought was to just create folders and index.jsp pages with a redirect tag, but is there a better way? -- All that is necessary for the triumph of evil is that good men do nothing. - Edmund Burke -- All that is necessary for the triumph of evil is that good men do nothing. - Edmund Burke
URL Redirects from Root?
Anyone have suggestions on setting up redirect for the ROOT folder? What I have is an old IIS server that I'm moving to Linux Tomcat. The IIS has all kinds of redirects. My first thought was to just create folders and index.jsp pages with a redirect tag, but is there a better way? -- All that is necessary for the triumph of evil is that good men do nothing. - Edmund Burke
upgrade to 5.5.25 causes java permissions issues
HI, I upgraded from 5.5.15 to 5.5.25 and now I'm getting errors relating to java security (I'm using security manager). It appears as if my catalina.policy is not longer being recognized, because I have clearly outlined the permissions for the webapps, like java.lang.RuntimePermission setContextClassLoader etc..., but I get access denied errors for all my existing permissions. Has the security configuration changed at all? Thanks -- Justin Kennedy Maritime Source, Inc. http://maritimesource.ca 506-696-1564 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Sessions counter on Web Application Manager
Good Afternoon, I recently took note of the Sessions counter on the Tomcat Web Application Manager for one of the applications that i have deployed to the server and the fact that the counter never decreases until the session times out. Despite the fact that my application calls Session.invalidate when the user logs out, the session counter never decreases. Could anyone give me some information around this counter and why it doesnt decrease when you invalidate the session. Thanks Kind Regards Justin Madex
Re: Replying to threads
Well, I suppose it depends on your email client. But on almost all clients, open the message (or thread response which you wish to add to) and click the 'Reply' button in your email client. Then write your response to the dialog occuring, and click send. Of course you have to be a member of the group. But since you got this message sent to the list, you are. So go ahead and try respond to this message. Justin - Original Message From: Andrew Friebel [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Thursday, November 9, 2006 6:53:56 PM Subject: Replying to threads This is going to seem like a real stupid question, but there seems to be no obvious way for me to reply to responses on threads. I have tried to use users-help and users-info email addresses to get this information, but they keep giving me automatic responses. How do I reply to a given thread? Regards, Andrew - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Include Directive Misbehaving: Feedback for Mark Thomas
Mark Thomas, To start on a positive note, I 've never found an open source project with real help as accessable, as reliable, as knowledgeable, or as patient as I have with Tomcat. I have access to amazing support/discussion groups, with immediate communications to developers and document writers. It's better than any product I've ever paid for. I know you spend a LOT of time with end users. Thanks a million. You really make tomcat work for us. With your pointers I've been able to glean the info I needed and I've fixed my problem. I don't think there is any wrong info on the doc pages. But either I am not seeing everything there is to read, or there is a lack of explanation about contexts. I mean, really, I've been using tomcat for a few years and I learned the whole thing alone. Just me, a book, tomcat, and this list (I guess that's not really alone). And frankly, there is no reasonable explanation of what a context is. I feel like the documentation might be assuming I know more than I do. Me and anybody else who has very few resources to become introduced to tomcat. Where am I looking on the site? Well, I go to the tomcat page and click Configuration in the Reference section of links. I click on Context under the Containters section of links. The definition of a context there is VERY VAGUE. And although it lists the elements of a context, it gives NO EXAMPLES and no explanation of how to create a context, and what a context does. It says what a context is, but not what it does. Please consider revising the context page to make it clearer. If I had a firmer understanding, I would volunteer a revision myself. Justin - Original Message From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, November 7, 2006 10:27:38 PM Subject: Re: Include Directive Misbehaving Justin Jaynes wrote: Oh snap! That's exactly what's happening. Can you point me to a good document that expalins how to set up contexts? I've got everything set up exactly as you described. Any good reading for a comprehensive (or even rudimetry) understanding would be greatly appreciated. The on-line docs should have what you need. If we can id places where changes are needed then I'll get them incorporated. If you can explain it in a reasonable length that is appropriate to this forum (and convenient to your time), it would also be greatly appreciated. The short version is: - a context's docBase should never be the same as a host's appBase A suitable directory structure for multiple hosts could be: $CATALINA_HOME\host1-webapps - Host1 appBase $CATALINA_HOME\host1-webapps\ROOT - Default context for Host1 $CATALINA_HOME\host1-webapps\app1 - Application on Host1 $CATALINA_HOME\host1-webapps\app2 - Application on Host1 $CATALINA_HOME\host2-webapps - Host2 appBase $CATALINA_HOME\host2-webapps\ROOT - Default context for Host2 $CATALINA_HOME\host2-webapps\app3 - Application on Host2 etc for as many hosts and applications as you like The explanation in the doc on the tomcat.apache.org site seems to only cover what I am using, which treats every director as a webapp. Definatly not what I want. Which page(s) are you looking at? If the docs tell you to do this they need to be changed. I can't see anything like this but I could easily be missing the obvious. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Include Directive
Chris, Using /header.jsp which is of course an absolute path, I get virtually the same error. Only /../header.jsp changes to /header.jsp Still doesn't work. You also suggested this: %@ include file=%= request.getContextPath() %/header.jsp % I tried it but the code inside the quotes does not get evaluated. Justin - Original Message From: Christopher Schultz [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, November 7, 2006 6:14:58 AM Subject: Re: Include Directive -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Justin, The index.jsp file in the main directory contains the code %@ include file=header.jsp % and it works great. In the admin directory the index.jsp file contains this code %@ include file=../header.jsp % obviously referencing to the parent directory, where the header.jsp file sits. I don't want to have to copy it to the child directory and maintain two copies of it. But when I do this, I get an error every time. What am I doing wrong? You can find the error below. It's a good idea to start your include directives with a '/', making your paths relative to the context path (the webapp base URI, if you will). As you can see, Tomcat is adding a leading '/' for you, which makes the path into nonsense: File /../header.jsp not found /../header.jsp would actually be located one directory above your webapp's root directory, which is illegal. Consider using /header.jsp as the include's location. There is another thread from the last 24 hours or so with someone asking about changing context paths. This is the best way to do this: %@ include file=%= request.getContextPath() %/header.jsp % Not sure if that compiles (I haven't touched JSP in years), but it's the general idea. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFUIbR9CaO5/Lv0PARAiNSAJ9T4mX3Vz5nMvdNN/RfyS25CmpKVQCdENMF f09sh+IY0kXEb/MPD39Qi+Y= =44Mk -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Include Directive Misbehaving
To further complicate this problem, I have tried more experimenting and am becoming more frustrated. The original situation remains below. Now if I add a sub-directory to the admin subdirectoy, the directory structure looks like this: [main host directory (/host)] index.jsp header.jsp (ROOT VERSION, with a notation I can see in the html distinguishable from others) [admin sub directory (/host/admin) index.jsp header.jsp (ADMIN VERSION, with a notation) [user sub directory (/host/admin/user)] [justin sub directory (/host/admin/user/justin)] index.jsp As you can see, I have copied the header.jsp to the sub-directory admin and have altered its contets so I can identify which header.jsp is being used--namely that in the root directory or in the admin directory. Then in the index.jsp file in the justin subdirectory, I use the code %@ include file=../../../header.jsp % to reach the ROOT header.jsp to be included. But instead, the output in the browser uses the file from the ADMIN directory. So I figured I should just add ../ once more to move one more level up. so I did. %@ include file=../../../../header.jsp % But it used the ADMIN version again. %@ include file=../../../../../../../../header.jsp % actually does too. What is the problem here? And trying to go less instead of more, %@ include file=../../header.jsp % this also works but uses the ADMIN version. Which is the expected behavior FOR ONCE. But then even less %@ include file=../header.jsp % gives this error: org.apache.jasper.JasperException: /sites/14/index.jsp(8,0) File /sites/14/../header.jsp not found org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) Can someone try to reproduce this error? I believe that Tomcat 5.5 and 6.0 do not behave properly in this reguard. Unless I am making a mistake. If that is the case, please guide me out of it. Justin When I enter the same - Original Message From: Justin Jaynes [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Monday, November 6, 2006 10:01:00 PM Subject: Include Directive Hello, I am trying to eliminate unnecessary duplication of code by using include directives. Currently my directory structure is like this: [main app directory] index.jsp header.jsp footer.jsp [admin subdirectory] index.jsp The index.jsp file in the main directory contains the code %@ include file=header.jsp % and it works great. In the admin directory the index.jsp file contains this code %@ include file=../header.jsp % obviously referencing to the parent directory, where the header.jsp file sits. I don't want to have to copy it to the child directory and maintain two copies of it. But when I do this, I get an error every time. What am I doing wrong? You can find the error below. Justin HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: /index.jsp(4,0) File /../header.jsp not found org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jasper.JasperException: /index.jsp(4,0) File /../header.jsp not found org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:39) org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:405) org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:86) org.apache.jasper.compiler.Parser.processIncludeDirective(Parser.java:339) org.apache.jasper.compiler.Parser.parseIncludeDirective(Parser.java:372) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:484) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1556) org.apache.jasper.compiler.Parser.parse(Parser.java:126) org.apache.jasper.compiler.ParserController.doParse(ParserController.java:211) org.apache.jasper.compiler.ParserController.parse(ParserController.java:100) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:155) org.apache.jasper.compiler.Compiler.compile(Compiler.java:295) org.apache.jasper.compiler.Compiler.compile(Compiler.java:276) org.apache.jasper.compiler.Compiler.compile(Compiler.java:264) org.apache.jasper.JspCompilationContext.compile
Re: Include Directive Misbehaving
Oh snap! That's exactly what's happening. Can you point me to a good document that expalins how to set up contexts? I've got everything set up exactly as you described. Any good reading for a comprehensive (or even rudimetry) understanding would be greatly appreciated. If you can explain it in a reasonable length that is appropriate to this forum (and convenient to your time), it would also be greatly appreciated. The explanation in the doc on the tomcat.apache.org site seems to only cover what I am using, which treats every director as a webapp. Definatly not what I want. Justin - Original Message From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, November 7, 2006 9:30:07 PM Subject: Re: Include Directive Misbehaving Justin Jaynes wrote: To further complicate this problem, I have tried more experimenting and am becoming more frustrated. I have just tested all combinations of files and included files for three levels of directories and everything is working as it should. Just a guess but... Is it possible your contexts are not correctly deployed? If your host's appBase and your web application's docBase point to the same directory and autoDeploy is enabled you will have all sorts of odd behaviour since by default *every* directory in a host's appBase gets deployed as a web application. HTH, Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Include Directive
Hello, I am trying to eliminate unnecessary duplication of code by using include directives. Currently my directory structure is like this: [main app directory] index.jsp header.jsp footer.jsp [admin subdirectory] index.jsp The index.jsp file in the main directory contains the code %@ include file=header.jsp % and it works great. In the admin directory the index.jsp file contains this code %@ include file=../header.jsp % obviously referencing to the parent directory, where the header.jsp file sits. I don't want to have to copy it to the child directory and maintain two copies of it. But when I do this, I get an error every time. What am I doing wrong? You can find the error below. Justin HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: /index.jsp(4,0) File /../header.jsp not found org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:512) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jasper.JasperException: /index.jsp(4,0) File /../header.jsp not found org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:39) org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:405) org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:86) org.apache.jasper.compiler.Parser.processIncludeDirective(Parser.java:339) org.apache.jasper.compiler.Parser.parseIncludeDirective(Parser.java:372) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:484) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1556) org.apache.jasper.compiler.Parser.parse(Parser.java:126) org.apache.jasper.compiler.ParserController.doParse(ParserController.java:211) org.apache.jasper.compiler.ParserController.parse(ParserController.java:100) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:155) org.apache.jasper.compiler.Compiler.compile(Compiler.java:295) org.apache.jasper.compiler.Compiler.compile(Compiler.java:276) org.apache.jasper.compiler.Compiler.compile(Compiler.java:264) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:563) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:305) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Cycling Missing File Error
Hello Tomcat Users et. al. I've been developing with tomcat for a few years now, and I've never had this problem until I decided to restructure some code to save time by consolidating files with similar content AT DIFFERENT LEVELS in the DIRECTORY TREE. Now these files I have been using, I was already including in each of my jsp's as a header.inc or a header.jsp by using the %@ include file=header.inc % directive and they'd been working great. Now I decided I only wanted them at one directory level so I could maintain them easier. So is a child directory I used the directive %@ include file=../header.jsp %. But when I made these changes, some bizarre behavior started. At first I thought it was random, but then I checked closer and the error occurs at a regular interval. When I would load my page, sometimes it would load properly, and other times, I would get a 500 error as seen below. So I tried reloading the page four times a second to see if the occurance was random. It was not. The error occured once in 12 page reloads over a period of three seconds, and the pattern continued that way for some time, in a very precise manner. This happens on pages both in the application root which sit directly beside the header.jsp file to be included, and on pages in the child directory. What would be causing this? I run SuSE linux and KDE. I've tried in multiple browsers to avoid cacheing errors. Stack trace below: type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: /sites/14/index.jsp(8,0) File /header.jsp not found org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:375) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause org.apache.jasper.JasperException: /sites/14/index.jsp(8,0) File /header.jsp not found org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:39) org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:405) org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:86) org.apache.jasper.compiler.Parser.processIncludeDirective(Parser.java:339) org.apache.jasper.compiler.Parser.parseIncludeDirective(Parser.java:372) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:484) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1552) org.apache.jasper.compiler.Parser.parse(Parser.java:126) org.apache.jasper.compiler.ParserController.doParse(ParserController.java:211) org.apache.jasper.compiler.ParserController.parse(ParserController.java:100) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:155) org.apache.jasper.compiler.Compiler.compile(Compiler.java:295) org.apache.jasper.compiler.Compiler.compile(Compiler.java:276) org.apache.jasper.compiler.Compiler.compile(Compiler.java:264) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:563) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:303) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) note The full stack trace of the root cause is available in the Apache Tomcat/5.5.17 logs. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cpu 100% java
Ben, For various reasons, I've had to send this response using your original message. I've included below some of the feedback provided by Chris since I'm pretty sure I'v read the entire thread so far... I've run into this type of issue many times as well, memory management definitely is not automatic in Java, at least not for admins. [Hide Quoted Text] Think the Java that is hogging the cpu is something different. I run /Library/Tomcat/bin/startup.sh (with ram settings) PID COMMAND %CPU TIME #TH #PRTS #MREGS RPRVT RSHRD RSIZE VSIZE 1792 java27.9% 0:08.83 12 255 191 47.9M+ 13.1M 35.6M+ 469M+ (using -Xms128m -Xmx256m) This application looks to not be using much of the heap. What you see is that the system is using only about 50MB of memory. According to http://www.mozilla.org/projects/footprint/OSX_opt_mem_usage.txt however, the numbers add up the opposite (the document says that 47+13=3D3D35, but it looks more like 13+35=3D3D48) The VSIZE question--when the JVM starts, it places a hold on the memory it thinks is needed. So if you allocate a maximum heap of 256MB + the permanent size of 128MB (which I realize you haven't set and I don't recall the default) + extra overhead memory =3D3D 469MB of VSIZE. Note that the JVM needs memory, as Chris mentioned, of HEAP + PERMSIZE + (THREADMEMORY * NUM THREADS). To check memory usage, you'll want to add the following to your startup parameters (plus any others you want): -verbose:gc -Xloggc:/tmp/garbage.log -XX:+PrintGCTimeStamps -XX:PrintGCDetai= =3D ls The above will tell you how much memory is being allocated and how often the system is doing garbage collection. Details for reading and understanding the log files can be found at http://java.sun.com/docs/hotspot/gc5.0/gc_tuning_5.html (jvm 1.5) http://java.sun.com/docs/hotspot/gc1.4.2/ (jvm 1.4.2) I've seen weird issues with the different garbage collectors as well, for example we have an application in BEA WebLogic on a Sun server where using the ConcMarkSweep collector caused a core dump. I've also seen JVM's on Linux hard lock in the middle of a GC and the CPU spike to 100% utilization. Only a kill -9 would kill the process. [Hide Quoted Text] but this one is still around PID COMMAND %CPU TIME #TH #PRTS #MREGS RPRVT RSHRD RSIZE VSIZE 1775 java98.8% 0:56.40 21 597 243 88.3M 9.94M 77.8M 288M (one that hogs cpu, the problem process from the start) I do /Library/Tomcat/bin/shutdown.sh and I only have the pid 1775 (hog one) other java is gone now. I haven't used a Mac in about 8 mo, so I don't recall the details of the startup / shutdown for Tomcat, however this could be due to the high load the shutdown command cannot communicate with the Tomcat instance. Also note that the above instance is using much more REAL memory (88MB) than the first instance, but has much less total allocated memory (288MB). It's highly likely that the application is defaulting to a heap size of something like or 9MB. Since this is the instance causing problems, you'll probably want to use the above JVM arguments for this instance. Note that you probably cannot put the -Xloggc:/tmp/garbage.log into a shared startup script. Any instance started with that script would write to the same file, destroying / contaminating your data. [Hide Quoted Text] Two Java programs: Ran by Appserve java -Djava.endorsed.dirs=3D3D/Library/Tomcat/common/endorsed -classpath /Library/Java/Home/lib/tools.jar:/Library/Tomcat/bin/bootstrap.jar -Dcatalina.base=3D3D/Library/Tomcat/blojsom_root -Dcatalina.home=3D3D/Library/Tomcat -Djava.io.tmpdir=3D3D/Library/Tomcat/blojsom_root/temp org.apache.catalina.startup.Bootstrap start (weblogs use this one, seems to be the problem one, any idea where the config is for this one?) Ran by Root /System/Library/Frameworks/JavaVM.framework/Versions/1.4/Home/bin/java -Xms128m -Xmx256m -Djava.endorsed.dirs=3D3D/Library/Tomcat/common/endorsed so this one is using the ram change -Xms128m -Xmx256m other is not. It's tough to tell what's going on with this: PID COMMAND %CPU TIME #TH #PRTS #MREGS RPRVT RSHRD RSIZE VSIZE 825 java 102.4% 2:43:34 61 371 98.0M 872K 85.1M- 308M RSIZE (resident size, IIRC) is 85.1M - 308M? WTF does that mean? If the 308M is spurious, then your Java process was using 85MB which suggests that your heap size was probably more like 64MB or somewhere in there. Increasing it to 128/256 as you have above ought to give you some more room to move around in. Does this help the problem? -chris Ben This message was sent using IMP, the Internet Messaging Program. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem starting Tomcat in Netbeans
Dear all, I've tried to search for it but couldn't find an answer. Please try to help me. I've created an application and deployed and run successfully in the first PC. I copied everything over, installed everything as the first PC. 1) I've the mysql-connector-java-3.1.12-bin.jar in the common/lib. 2) Added this to the server.xml: Context Resource name=jdbc/MySQLDB auth=Container type=javax.sql.DataSource username=root password=password driverClassName= com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/transport maxActive=8 maxIdle=4/ /Context 3) Added this to the web.xml descriptionMySQL Connection/description resource-ref descriptionDB Connection/description res-ref-namejdbc/MySQLDB/res-ref-name res-type javax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref 4) Set the environment variable: CLASSPATH=C:\Program Files\netbeans- 5.0\enterprise2\jakarta-tomcat-5.5.9\common lib Now when i deploy and start the application on the Tomcat, Tomcat logs give me this error: May 28, 2006 10:46:10 PM org.apache.catalina.mbeans.ServerLifecycleListenercreateMBeans SEVERE: createMBeans: Throwable java.lang.NullPointerException at org.apache.catalina.mbeans.MBeanUtils.createObjectName( MBeanUtils.java:1079) at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java :496) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans( ServerLifecycleListener.java:569) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans( ServerLifecycleListener.java:365) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans( ServerLifecycleListener.java:534) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans( ServerLifecycleListener.java:497) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans( ServerLifecycleListener.java:659) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans( ServerLifecycleListener.java:627) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans( ServerLifecycleListener.java:277) at org.apache.catalina.mbeans.ServerLifecycleListener.lifecycleEvent (ServerLifecycleListener.java:128) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent( LifecycleSupport.java:119) at org.apache.catalina.core.StandardServer.start(StandardServer.java :676) at org.apache.catalina.startup.Catalina.start(Catalina.java:537) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke( NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke( DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409) java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke( NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke( DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409) Caused by: java.lang.NullPointerException at java.util.Hashtable.put(Hashtable.java:393) at org.apache.catalina.core.StandardContext.resourcesStart( StandardContext.java:3741) at org.apache.catalina.core.StandardContext.start( StandardContext.java:3925) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java :1012) at org.apache.catalina.core.StandardHost.start(StandardHost.java :718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java :1012) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java :442) May 28, 2006 10:46:11 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina May 28, 2006 10:46:11 PM org.apache.catalina.core.StandardEngine start at org.apache.catalina.core.StandardService.start( StandardService.java:450) INFO: Starting Servlet Engine: Apache Tomcat/5.5.9 at org.apache.catalina.core.StandardServer.start(StandardServer.java :683) May 28, 2006 10:46:11 PM org.apache.catalina.core.StandardHost start at org.apache.catalina.startup.Catalina.start(Catalina.java:537) INFO: XML validation disabled ... 6 more Thanks in advance! -- Regards, Justin See
Re: IIS 6 + Apache tomcat 5.5.15 + SQL Server 2000 ? ( Windows 20 03 Server )
We have used both JTDS and JDBC to connect Tomcat to SQL2000. JTDS seems to be more memory efficient. It is also far stricter in how data types are cast. Stored Procedures that worked fine with JDBC sometimes did not properly with JTDS. I think the issue (I am not doing the java work) is that the variable types in preparing the statement must be strictly correct... i.e. JTDS will not truncate a string that is too long for the var type but JDBC will. Justin -Original Message- From: Phil Wilson [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 10:32 AM To: Tomcat Users List Subject: Re: IIS 6 + Apache tomcat 5.5.15 + SQL Server 2000 ? ( Windows 2003 Server ) I know ... it's not a good Combo IIS 6 + Apache tomcat 5.5.15 + SQL Server 2000 ? ( Windows 2003 Server ) but... let's crash and burn ;) Hi, I've done this combo before using the jTDS driver from http://jtds.sourceforge.net/ If you notice, all of the examples on the URL you give are very very similar, and off the top of my head I can't remember any massive differences between the SQL Server 2000 config and MySQL, so just try the MySQL config (with the correct driverClassName and JDBC URL of course) and see how far you get. Good luck! Phil Checking in the web site i see that i can install the Apache-Tomcat and that works properly ( First time i work with Windows 2003 ). What i'm not plenty sure ... I'm going to face problems if i want to stablish JDBC conectivity with a SQL Server 2000 Database. I just see , Mysql ,Oracle and PostgreSQL Conectivity. http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-exampl es-howto.html Regards and Thx In Advance. Sergio Gonzalez Ramos. - LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performance tricks with multiple tomcat instances
-Original Message- From: Leon Rosenberg [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 10:28 AM To: Tomcat Users List Subject: Re: Performance tricks with multiple tomcat instances On 3/9/06, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote: If I were to add my two cents, I would say the OS scheduler, the bus, memory access all will play their part. ie, I think you will get more juice out of 8 single CPU machines each running a tomcat, than one machine with 8 CPU's, as your 8cpu machine will not have 8 parallel buses, 8 drives, 8 everything etc. Of course, but it also means 8 HE rack space, 16 power cables, 8 switch ports etc. It also means 8 systems to backup, to install and to administrate. We are trying to find a configuration between n-one cpu servers and 1 n-cpu server which is best from the manageability point of view and has optimal tco. Personally I don't believe that anything with more than 2 cpu's will ever pay out, but we have to test it :-) I have never been a big fan of single CPU machines for threaded applications. It it too easy for a single slow thread to botteneck the whole system. Going beyond 2 CPUs however is expensive and I think that it is best reserved for applications that - Cannot easily run across load balanced servers, such as a database - Are written to take advantage threading in a way that will truly benefit from having more than 2 CPUs. (i.e, we have an app where one thread is reading data from the network and populating a queue, a thread pool is parsing the queue data and another thread pool is processing the parsed data so having more CPUs would allow us to increase the size of the thread pools and thus make the app run faster). If these two criteria are not met (and there are probably a few more I am missing) then I think it is better to have more less powerful machines which provided redundancy. I have to say that I am always surpised to read when people are setting application servers (such as Tomcat) to maxthreads of 1000. If I had 1000 processes running at the same time on any of my application servers it would melt never finish any of them. It is more realistic to have 5 - 10 threads processing at any given time and to allow requests to queue (though one must test to find the sweet spot). Just my $.02 Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Is this tomcat or my app?
Fairly regularly I have a page resquest visible on the 'Server Status' of the Tomcat Manager that never ends. I have tomcat set to timeout sockets after 120 seconds, and have mod_jk set to do the same. It always stalls at 4192K sent (is this a magic number?). I tried increasing the output buffer size and have set JKOptions +FlushPackets on the off chance that it would make a difference but it does not seem to. The stack trace obtained through jconsole is below. Can anyone shed any light on this? Could my application be causing this problem? This page has been running for 10209703ms at the moment and while restarting Apache will cause it to exit, I am getting really tired of restarting apache all the time to resolve these issues. Anyone, anyone... Bueller, Bueller? Thank, Justin Name: TP-Processor24 State: RUNNABLE Total blocked: 3,049 Total waited: 75,144 Stack trace: java.net.SocketOutputStream.socketWrite0(Native Method) java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) java.net.SocketOutputStream.write(SocketOutputStream.java:136) org.apache.jk.common.ChannelSocket.send(ChannelSocket.java:506) org.apache.jk.server.JkCoyoteHandler.doWrite(JkCoyoteHandler.java:260) org.apache.coyote.Response.doWrite(Response.java:551) org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java: 361) org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:403) org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:323) org.apache.catalina.connector.OutputBuffer.writeBytes(OutputBuffer.java:392) org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:381) org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.ja va:76) com.seccas.servlet.GetMessagePartServlet.execute(GetMessagePartServlet.java: 226) com.seccas.servlet.GetMessagePartServlet.doGet(GetMessagePartServlet.java:31 ) javax.servlet.http.HttpServlet.service(HttpServlet.java:689) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:252) org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:173) org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:214) org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:178) org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126 ) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105 ) org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :107) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:306) org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:385) org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:745) org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:675) org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:868) org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:684) java.lang.Thread.run(Thread.java:595) -- Justin Greene SECCAS, LLC. 212-242-9308 x 101 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Performance tricks with multiple tomcat instances
-Original Message- From: Leon Rosenberg [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 3:06 PM To: Tomcat Users List Subject: Re: Performance tricks with multiple tomcat instances On 3/9/06, Justin Greene [EMAIL PROTECTED] wrote: -Original Message- From: Leon Rosenberg [mailto:[EMAIL PROTECTED] Sent: Thursday, March 09, 2006 10:28 AM To: Tomcat Users List Subject: Re: Performance tricks with multiple tomcat instances On 3/9/06, Filip Hanik - Dev Lists [EMAIL PROTECTED] wrote: If I were to add my two cents, I would say the OS scheduler, the bus, SNIP I have to say that I am always surpised to read when people are setting application servers (such as Tomcat) to maxthreads of 1000. If I had 1000 processes running at the same time on any of my application servers it would melt never finish any of them. It is more realistic to have 5 - 10 threads processing at any given time and to allow requests to queue (though one must test to find the sweet spot). I would say, you are right, but if you want to support http 1.1 keepalives 1.5 threads per user are blocked simply waiting for incoming requests, so how are you supposed to server 500 users with 75 threads? 500 users != 500 concurrent connections (threads). You can likely handle many users being logged in at the same time with very few threads if you take they do not all click a URL at the same time, and even if they did, you would not want to service them all at the same time as your system could not handle it. We set our keepalives pretty short, only a few seconds. If another request does not come in quickly, then it costs a little overhead to create a new connection. Oh well. Try taking an application that has some load and watching the # of active threads in the 'Manager'. We typically have 20 or 30 clients logged in at a time but only see a single active thread at any given time as it only takes milliseconds to service most requests (if we are writing our code well). Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Workes.properties socket_timeout clarification
The docs state: socket_timeout default 0 Socket timeout in seconds used for communication channel between JK and remote host. If remote host does not respond inside that timeout the JK will generate an error, and retry again. If set to value zero (default) the JK will wait for infinite on all socket operations. How does this differ from reply_timout? Any feedback would be appreciated. Thanks, Justin -- Justin Greene SECCAS, LLC. 212-242-9308 x 101 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem with mod_jk/apache 1.3.34 Windows
) java.io.DataInputStream.readFully(DataInputStream.java:176) java.io.DataInputStream.readFully(DataInputStream.java:152) net.sourceforge.jtds.jdbc.SharedSocket.readPacket(SharedSocket.java:826) net.sourceforge.jtds.jdbc.SharedSocket.getNetPacket(SharedSocket.java:707) net.sourceforge.jtds.jdbc.ResponseStream.getPacket(ResponseStream.java:466) net.sourceforge.jtds.jdbc.ResponseStream.read(ResponseStream.java:103) net.sourceforge.jtds.jdbc.ResponseStream.peek(ResponseStream.java:88) net.sourceforge.jtds.jdbc.TdsCore.wait(TdsCore.java:3870) net.sourceforge.jtds.jdbc.TdsCore.executeSQL(TdsCore.java:1042) net.sourceforge.jtds.jdbc.JtdsStatement.executeSQL(JtdsStatement.java:478) net.sourceforge.jtds.jdbc.JtdsPreparedStatement.execute(JtdsPreparedStatemen t.java:478) org.apache.tomcat.dbcp.dbcp.DelegatingPreparedStatement.execute(DelegatingPr eparedStatement.java:168) ...SNIP In both cases, restarting apache resolves the issue. Any thoughts that anyone has would be greatly appreciated. I am running out of things to try on the troubleshooting side. We are also pursuing whether our code could somehow be contibuting to this... Some sort of session synchronization issue or something. Thanks, Justin -- Justin Greene SECCAS, LLC. 212-242-9308 x 101 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with mod_jk/apache 1.3.34 Windows
-Original Message- From: Mladen Turk [mailto:[EMAIL PROTECTED] Sent: Monday, March 06, 2006 12:33 PM To: Tomcat Users List Subject: Re: Problem with mod_jk/apache 1.3.34 Windows Justin Greene wrote: SNIP Do not use cachesize with values higher then 1 on Apache 2.x prefork or Apache 1.3.x! I believe that this only applies to Non-Windows installations. (correct me if I am wrong here) Apache 1.3.34 on Windows is multi-threaded and you must set the cachesize = webserver child processes. This change resolved the 'Server Busy Page' issue. I believe that by only having 1 thread essentially causes it to run in Right. cachesize=MaxClients on Windows. On Apache2 it's set by querying the mpm if omitted. It would be nice if the docs reflected this :-) Apache 1.3.x on Windows for production? I must admit, you guys are very brave ;) Been running for years and have found it quite stable, however our use is very specific, static files, mod_jk and mod_[old version of cold fusion]. Very little room for anything to go wrong here. The cold fusion mod (v4.1.something) is not available for apache 2 mod so we are a little stuck on 1.3.34 at the moment. Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk errors - are these normal?
-Original Message- From: michael thomas [mailto:[EMAIL PROTECTED] Sent: Monday, March 06, 2006 4:42 PM To: Tomcat Users List Subject: TomcatUsers: Re: mod_jk errors - are these normal? --- Sven K�hler [EMAIL PROTECTED] wrote: [Wed Mar 01 20:00:42 2006] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (961): Can't receive the response message from tomcat, network problems or tomcat is down (10.0.0.9:8009), err=-113 [Wed Mar 01 20:00:42 2006] [error] ajp_get_reply::jk_ajp_common.c (1503): Tomcat is down or refused connection. No response has been sent to the client (yet) SNIP 2. It seems like people who have apache and tomcat running on the same server can get away without any errors. We are running on the same server (windows) and get these error contantly... Actually, our read: [Mon Mar 06 16:32:22 2006] [error] jk_ajp_common.c (961): Can't receive the response message from tomcat, network problems or tomcat is down (127.0.0.1:8009), err=-54 [Mon Mar 06 16:32:22 2006] [error] jk_ajp_common.c (1503): Tomcat is down or refused connection. No response has been sent to the client (yet) Which is subely different. Anyone have a reference to what the various 'err=' codes mean? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JMX via SSH tunnel does not work?
We had issues using jconsole remotely a while back (jdk 1.5.0_02) that we were never able to solve. If memory serves, jconsole opens a connection on the specified port to that Java instance. An additional port or two (I can't remember) are then opened and the ports that are used are somewhat random making it very difficult to do this through anything that needs to port forward or needs ports opened. I do not remember if the additional ports are opened by jconsole or the other way, but you can see it by connecting locally and checking netstat for connections to/from the jconsole process. The only solution here is to be able to specify the additional ports, but at the time there was no way to do this. I have not looked into the jconsole or JMX options since so I do not know if this was added. Justin -Original Message- From: Andreas Schildbach [mailto:[EMAIL PROTECTED] Sent: Monday, March 06, 2006 4:57 PM To: users@tomcat.apache.org Subject:Re: JMX via SSH tunnel does not work? Hello Mikolaj, I have set up the JMX server of JDK 1.5.0_06/Tomcat 5.5.15. It works fine locally, I'm testing with jconsole. However, if I tunnel the JMX port over SSH, it does not work. I can connect to the port, but there is no flow of data. jconsole is hanging around for a minute, and then the connect dialog pops up. What is going wrong here? http://forum.java.sun.com/thread.jspa?threadID=565139tstart=30 http://forum.java.sun.com/thread.jspa?threadID=289869messageID=124228 8 I understand the problem, but do not know how to solve it. Can you give an example how the java.rmi.server.hostname and java.rmi.server.useLocalHostname properties on the client and the server should be set in this case? Regards, Andreas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]