Re: asking advice for tomcat 7 config
On 18/10/2012 12:22, Daniel Barcellos wrote: Hey I'm facing similar problems too and I guess with a good configuration of my server.xml would be a good start point. So could kindly share a good Connector configuration in this mail thread? What would that be the best choice in terms of max min threads keep alived timeout configurations ? It's probably not your connector config that's the problem, if there is one. Most of the time it's your app. Use a profiler, monitor JMX (use VisualVM with the MBeans plugin) and understand what's happening rather than assuming someone else's connector config is good or better. Start a new thread when you've tried this have questions. p Thanks in advance! Sent from my iPhone On 18/10/2012, at 07:05, Romain Van der Keilen romain.vanderkei...@uniway.be wrote: Hi there! Some news for you about my problem. I did all the modifications you suggested, it increased the response time a little bit (2-3 seconds better on a 15 seconds scale). It was already good to take, and helped me to create a healthy configuration. After that, I looked deeper into the database configuration, as I saw in the tests that non db relative actions were responding very fast (50ms for a 1000 users basis). I finally found an OracleDataSource in the Oracle Driver, which reacts far way better than the BasicDataSource I was using before (12s for 150 users for the basic data source, 1.5s for the oracle one, same test). So I think my problems are solved, thanks to you guys! Many thanks for the advices, Romain. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: mercredi 17 octobre 2012 11:49 To: Tomcat Users List Subject: Re: asking advice for tomcat 7 config Pid wrote: ... Executor name=tomcatThreadPool namePrefix=catalina-exec-80- maxThreads=650 minSpareThreads=100 / Connector executor=tomcatThreadPool address=10.10.10.10 port=80 maxHttpHeaderSize=8192 protocol=org.apache.coyote.http11.Http11NioProtocol connectionTimeout=2 redirectPort=443 server=lighthttpd/2.0.0 enableLookups=false acceptorThreadCount=4 socket.directBuffer=false compression=off compressableMimeType=text/html,text/xml,text/plain,text/javascript,text/css,image/jpeg,image/png,image/gif acceptCount=50 bufferSize=4096 / Executor name=stomcatThreadPool namePrefix=catalina-exec-443- maxThreads=650 minSpareThreads=100 / Connector executor=stomcatThreadPool protocol=org.apache.coyote.http11.Http11NioProtocol port=443 SSLEnabled=true scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\keystore\appks server=lighthttpd/2.0.0 enableLookups=false keystorePass=changeit address=10.10.10.10 acceptorThreadCount=4 socket.directBuffer=false compression=off compressableMimeType=text/html,text/xml,text/plain,text/javascript,text/css,image/jpeg,image/png,image/gif acceptCount=50 bufferSize=4096 /Connector You've configured a separate pool for connectors on ports 80 and 443. Why? You've reduced the acceptCount to 50. Why? You are compressing compressed images. Why? There is : compression=off in both connectors though. So I guess that compressableMimeType should be ignored. (It /is/ still questionable to have changed the default of compressableMimeType, to include types which are inherently compressed already.) You are setting acceptorThreadCount=4. Why? Does your app have a database connection pool? What are the sizing parameters for this pool? Also, - for the HTTP connector, connectionTimeout is set to 2 (milliseconds), and keepAliveTimeout is not set. - for the HTTPS connector, neither one is set. That will cause : - for the HTTP connector : - connectionTimeout = 2 ms (20 s.) - keepAliveTimeout = 2 ms - for the HTTPS connector : - connectionTimeout = 6 ms (60 s.) - keepAliveTimeout = 6 ms 1) So it means that if a client connects to the server, but does not send any request line for a while on that connection, the server will allocate a thread to serve the request; this thread will wait up to 20 s (on HTTP) or 60 s. (on HTTPS), before timing out and returning to the pool of available threads. Of course only a malicious client would do that.. 2) it also means that a perfectly non-malicious client can connect to the server, and send a first request on the connection; the server will allocate a thread to handle this request; and then, if the same client has no more requests to send for a while, this thread will nevertheless remain waiting on this connection for 20 s. (HTTP) or 60 s. (HTTPS), just in case the client /would/ send another request on it. During this time, the thread is unavailable to process other client requests. Discarding item (1) for now as being a DOS attack, might (2) not go a long way to explain the symtoms that the OP
Re: asking advice for tomcat 7 config
On 17/10/2012 08:59, Romain Van der Keilen wrote: Hi There, I'm quiet new to this mailing list as I encounter some configuration problems with Tomcat 7.0.30. We are currently developing a web application, and we wish to have a good response time with about 200 parallel sessions. My problem is that starting from 70 users, the system does not respond quietly. At 70 users, we have an average of 4000ms for the response time. At 120 users we are at an average of 2ms and with 200 users we have about 45000ms of response time. All of those numbers were computed with JMeter, using 4 passes. Tomcat is running with the following options: jdk 1.7.0_07 ; server\jvm.dll ; initial memory pool 1024Mb ; maximum memory pool 1250 Mb ; Thread stack size : 1024 kb ; 64 bit version for both java and tomcat The server itself is a Windows Server 2008 Standard edition running on Intel Xeon X5660 @ 2.8Ghz (2 physical processors ; 24 virtual processors ) ; 12Gb Ram When the server is under a big load, what I could see with VisualVM is that the heap size used never exceed 500Mb. When 500Mb is reached, it drops back to about 100Mb. Another thing is that the CPU never works more than 5% of its capabilities. I also took a look at the CPU usage in java classes, and there I saw that 95% of the time goes to org.apache.tomcat.util.threads.TaskQueue.take(). The first class related to my application is the oracle.net.ns.Packet.receive() and is at 0.1% of the CPU time ... I've looked on a lot of forums to try to tune my tomcat configuration, but I haven't found anything that could really help me, this is the reason I ask to you. I've just put you the whole server.xml file after this, hoping you can have a look and tell me if there is some big issue with it... The only thing I changed is the IP of the server. Thanks in advance, Romain Van der Keilen. ?xml version='1.0' encoding='utf-8'? Server port=8885 shutdown=SHUTDOWN !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / !-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -- Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Executor name=tomcatThreadPool namePrefix=catalina-exec-80- maxThreads=650 minSpareThreads=100 / Connector executor=tomcatThreadPool address=10.10.10.10 port=80 maxHttpHeaderSize=8192 protocol=org.apache.coyote.http11.Http11NioProtocol connectionTimeout=2 redirectPort=443 server=lighthttpd/2.0.0 enableLookups=false acceptorThreadCount=4 socket.directBuffer=false compression=off compressableMimeType=text/html,text/xml,text/plain,text/javascript,text/css,image/jpeg,image/png,image/gif acceptCount=50 bufferSize=4096 / Executor name=stomcatThreadPool namePrefix=catalina-exec-443- maxThreads=650 minSpareThreads=100 / Connector executor=stomcatThreadPool protocol=org.apache.coyote.http11.Http11NioProtocol port=443 SSLEnabled=true scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\keystore\appks server=lighthttpd/2.0.0 enableLookups=false keystorePass=changeit address=10.10.10.10 acceptorThreadCount=4 socket.directBuffer=false compression=off compressableMimeType=text/html,text/xml,text/plain,text/javascript,text/css,image/jpeg,image/png,image/gif acceptCount=50 bufferSize=4096 /Connector You've configured a separate pool for connectors on ports 80 and 443. Why? You've reduced the acceptCount to 50. Why? You are compressing compressed images. Why? You are setting acceptorThreadCount=4. Why? Does your app have a database connection pool? What are the sizing parameters for this pool? p Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=10.10.10.10 appBase=D:\Tomcat7\ unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false
Re: Thread related MBean questions
On 16/10/2012 17:52, Shanti Suresh wrote: Greetings. I have some questions on finding the number of active threads in Tomcat. (1) On our QA system, I notice that the currenthreadsBusy MBean is either zero or one for the 8443 and 8080 connectors. ThreadCount != currentThreadsBusy One is the count of threads, one is the threads that are doing work. Why then is ThreadCount = 93 when there is not much going on on QA? Because you've previously done enough work for Tomcat to maintain 93 threads. (2) When I want to graph the thread activity in Tomcat (the thread Pool usage), which is a better counter to look at - currentThreadsBusy or ThreadCount? Depends what you want know. It seems like ThreadCount is what JConsole displays as Live Threads. (3) Why is TotalStartedThreadCount: 264? Is that a cumulative total since Tomcat was restarted? Yes. p --Thread-related MBean snippet:- Name: Catalina:type=ThreadPool,name=http-apr-8443 currentThreadsBusy: 1 ... Name: Catalina:type=ThreadPool,name=http-apr-8080 currentThreadsBusy: 0 ... Name: java.lang:type=Threading DaemonThreadCount: 85 PeakThreadCount: 99 AllThreadIds: Array[long] of length 93 135 119 118 117 ... CurrentThreadCpuTime: 46 CurrentThreadUserTime: 402000 ThreadCount: 93 TotalStartedThreadCount: 264 ThreadCpuTimeSupported: true ... ---end of snippet Thanks! -Shanti -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: tomcat 7 APR Connector problems
On 15 Oct 2012, at 07:42, Andrey Timofeyev andrey.timofe...@gmail.com wrote: Hi Chris, thank you so much for answer, What about your Tomcat configuration: Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on/ You have no other listeners? Service name=Catalina Connector maxPostSize=5242880 enableLookups=false useBodyEncodingForURI=true port=80 maxThreads=1100 disableUploadTimeout=true maxHttpHeaderSize=8192 pollerSize=16768 maxKeepAliveRequests=-1 connectionTimeout=2 asyncTimeout=11 keepAliveTimeout=12 compression=on compressableMimeType=text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/x-javascript address={...} acceptCount=1000/ Connector maxPostSize=5242880 enableLookups=false useBodyEncodingForURI=true port=82 maxThreads=100 disableUploadTimeout=true maxHttpHeaderSize=8192 pollerSize=100 maxKeepAliveRequests=-1 connectionTimeout=2 keepAliveTimeout=120 compression=on compressableMimeType=text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/x-javascript address={...} acceptCount=100/ Connector maxPostSize=5242880 enableLookups=false useBodyEncodingForURI=true port=443 maxThreads=1100 disableUploadTimeout=true maxHttpHeaderSize=8192 pollerSize=32768 maxKeepAliveRequests=-1 connectionTimeout=2 keepAliveTimeout=12 compression=on compressableMimeType=text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/x-javascript address=0.0.0.0 acceptCount=100 scheme=https secure=true SSLEnabled=true SSLCipherSuite=HIGH:MEDIUM:!ADH:!SSLv2 SSLCertificateFile={...} SSLCertificateKeyFile={...} SSLCertificateChainFile={...}/ Engine name=Catalina defaultHost={...} Host name={...} appBase={...} autoDeploy=false unpackWARs=true deployXML=false Context path= allowLinking=true useHttpOnly=false Manager className={customSessionManager} maxActiveSessions=163840 maxInactiveInterval=1800 pathname=/ /Context This Context seems to be missing a docBase, unless you are doing something very bad and publishing the appBase. Defining context in server.xml is not recommended. p Context path=/manager privileged=true docBase={...} Realm className=org.apache.catalina.realm.MemoryRealm pathname=conf/tomcat-users.xml/ Valve className=org.apache.catalina.valves.RemoteAddrValve allow={...}/ /Context Context path=/share docBase={deploy.dir}/res/share/ Context path=/res docBase={deploy.dir}/res/ Context path=/web/gwt docBase={deploy.dir}/web/gwt/ Context path=/web/gwt-alt docBase={deploy.dir}/web/gwt-alt/ /Host /Engine /Service /Server Do you get exceptions or apparent deadlock? Can you generate a thread dump? There are no any deadlock or aniything strange compared to life server (i will generate it one yet time, may be i missed something) Are your client connections long-lived Average client connection live 11 minutes. What does 'ulimit -n' tell you 256k 2012/10/12 Christopher Schultz ch...@christopherschultz.net -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrey, On 10/12/12 11:30 AM, Andrey Timofeyev wrote: Hi, everybody, There is followen problem with tomcat 7.0.29 (With tomcat 6.0.18 there is no such problem): Any other services on the same machine lost connections with remote services, when number of incoming connections to tomcat reach pollerSize. (It seems that all file descriptors is used or something else) As I see in the tomcat 7 latch was added in AprEndpoint, and if connections reach maxLimit
Re: tomcat eclipse and too many connections
On 15 Oct 2012, at 19:01, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 g. rgar, On 10/14/12 6:00 PM, g. rgar wrote: maybe this is related also : http://bugs.mysql.com/bug.php?id=65909 If true then a workaround must be made available There are two other possibilities: 1. You webapp leaks connections While it is possible, your connection pool should be complaining about that. Have you enabled removeAbandoned and logAbandoned for your connections? I highly recommend it -- especially in production. 2. The DataSource is leaking connections on reload I think this is unlikely to be the case, as Tomcat is lazy about DataSource-creation: when you reload your webapp, it actually uses the existing DataSource that was created for the first instance of your webapp. Actually, unless you intentionally grab-and-shutdown the DataSource in a ServletContextListener's destroy() method, the DataSource will not be shut-down on undeploy/reload/etc. 3. App is not really being shutdown, so pool is not closed. p - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlB8ThEACgkQ9CaO5/Lv0PDQIwCgr+apiGpwSA8QgUyFI875VWdS NSYAoJuUBSVrotUmFJluG8BfAS/VDi8h =dxRM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Debug tomcat 6.0
On 11 Oct 2012, at 08:34, vicky007aggar...@yahoo.co.in vicky007aggar...@yahoo.co.in wrote: All, Please don't hijack other people's threads. p How to debug tomcat 6.0 , actually i am a Having issue with tomcat static membership cluster . But i am not seeing any relevant information in catalina.out file. Kindly suggest Thanks Vicky - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: CONFIGURING HOW MUCH MEMORY TOMCAT USES
On 08/10/2012 08:04, CHRISTOS STAVRINOU wrote: Hello, I want to configure the following Initial memory pool Maximum memory pool Thread stack size on tomcat 7 under Centos Linux but I don't know how. The reason I want to increase the values of these parameters is because I get out of memory error when upload files with jsp code. Please help Thank you HELLO. PLEASE READ: http://www.catb.org/esr/faqs/smart-questions.html p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: JDBCRealm conection timeout failure on getPassword
On 7 Oct 2012, at 15:26, Aladin Dajani aladin.daj...@gmail.com wrote: OK So I tried to use DataSourceRealm. Seems simple enough. but I get the following exception: Oct 7, 2012 9:54:51 AM org.apache.catalina.realm.DataSourceRealm open SEVERE: Exception performing authentication javax.naming.NameNotFoundException: Name jdbc is not bound in this Context Here is my configuration. context.xml is unchanged from previous setup (works well for pooled database access within the app) {catalina-base}\conf\context.xml: Resource name=jdbc/MyAppDB auth=Container driverClassName=com.mysql.jdbc.Driver logAbandoned=true maxActive=100 maxIdle=30 maxWait=1 password=password username=user removeAbandoned=true removeAbandonedTimeout=60 type=javax.sql.DataSource url=jdbc:mysql://localhost:3306/databasename / Server.xml replaces the JDBCRealm with the DataSourceRealm as below {catalina-base}\conf\server.xml: Realm className=org.apache.catalina.realm.LockOutRealm Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/MyAppDB userTable=users userNameCol=username userCredCol=password userRoleTable=roles roleNameCol=rolename digest=MD5 / /Realm Have I missed a configuration somewhere ? Yes, define the Resource in GlobalResources in server.xml. p Thanks. On Sun, Oct 7, 2012 at 9:36 AM, Felix Schumacher felix.schumac...@internetallee.de wrote: Aladin Dajani aladin.daj...@gmail.com schrieb: Hello List, My application is configured for JDBCRealm authentication uses a MySQL database. For my own use inside the application, I have setup a connection pool to access the database, However, the configuration of JDBCRealm in server.xml uses astand-alone connection. Since MySQL times-out connections after 8 hours, I get the following error in tomcat logs as I try to log-in after the connection times out: Oct 7, 2012 8:36:51 AM org.apache.catalina.realm.JDBCRealm getPassword SEVERE: Exception performing authentication com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: No operations allowed after connection closed.Connection was implicitly closed by the driver. Users do not notice this error (I presume tomcat's JDBCRealm will create a new connection), but it US disconcerting to have all these exceptions in tomcat logs, especially that when the server goes into production mode, I fear this will have adverse effects. Is it possible to have JDBDRealm use the same connection pool which my application uses (which is setup in tomcat's context.xml so it should be accessible to all applications in tomcat). Have a look at DatasourceRealm. Regards Felix Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JDBCRealm conection timeout failure on getPassword
On 07/10/2012 19:40, Aladin Dajani wrote: Thank you all for your help. I now have DataSourceRealm based authentication up and running with my connection pool. One thing I want to mention is that I was unable to make teh scenarios described in the wiki work until I duplicated the Resource definition in both server.xml and in context.xml. That is unlikely to be accurate unless you are using the datasource for something else. The GlobalResources definition will be the one working. The tomcat/conf/context.xml definition will only be valid for Realms created inside the Context; and will create a separate pool for each application deployed. p I tried several combinations as described in the wiki and outside and this is the one that worked, for now this is what matters to me. Thanks On Sun, Oct 7, 2012 at 11:33 AM, Mark Eggers its_toas...@yahoo.com wrote: On 10/7/2012 8:22 AM, Pid * wrote: On 7 Oct 2012, at 15:26, Aladin Dajani aladin.daj...@gmail.com wrote: OK So I tried to use DataSourceRealm. Seems simple enough. but I get the following exception: Oct 7, 2012 9:54:51 AM org.apache.catalina.realm.**DataSourceRealm open SEVERE: Exception performing authentication javax.naming.**NameNotFoundException: Name jdbc is not bound in this Context Here is my configuration. context.xml is unchanged from previous setup (works well for pooled database access within the app) {catalina-base}\conf\context.**xml: Resource name=jdbc/MyAppDB auth=Container driverClassName=com.mysql.**jdbc.Driver logAbandoned=true maxActive=100 maxIdle=30 maxWait=1 password=password username=user removeAbandoned=true removeAbandonedTimeout=60 type=javax.sql.DataSource url=jdbc:mysql://localhost:**3306/databasename / Server.xml replaces the JDBCRealm with the DataSourceRealm as below {catalina-base}\conf\server.**xml: Realm className=org.apache.**catalina.realm.LockOutRealm Realm className=org.apache.**catalina.realm.**DataSourceRealm dataSourceName=jdbc/MyAppDB userTable=users userNameCol=username userCredCol=password userRoleTable=roles roleNameCol=rolename digest=MD5 / /Realm Have I missed a configuration somewhere ? Yes, define the Resource in GlobalResources in server.xml. p Here's the Wiki document on the various combinations: http://wiki.apache.org/tomcat/**TomcatDataSourceRealmshttp://wiki.apache.org/tomcat/TomcatDataSourceRealms /mde/ Thanks. On Sun, Oct 7, 2012 at 9:36 AM, Felix Schumacher felix.schumacher@**internetallee.de felix.schumac...@internetallee.de wrote: Aladin Dajani aladin.daj...@gmail.com schrieb: Hello List, My application is configured for JDBCRealm authentication uses a MySQL database. For my own use inside the application, I have setup a connection pool to access the database, However, the configuration of JDBCRealm in server.xml uses astand-alone connection. Since MySQL times-out connections after 8 hours, I get the following error in tomcat logs as I try to log-in after the connection times out: Oct 7, 2012 8:36:51 AM org.apache.catalina.realm.**JDBCRealm getPassword SEVERE: Exception performing authentication com.mysql.jdbc.exceptions.**jdbc4.**MySQLNonTransientConnectionExc** eption: No operations allowed after connection closed.Connection was implicitly closed by the driver. Users do not notice this error (I presume tomcat's JDBCRealm will create a new connection), but it US disconcerting to have all these exceptions in tomcat logs, especially that when the server goes into production mode, I fear this will have adverse effects. Is it possible to have JDBDRealm use the same connection pool which my application uses (which is setup in tomcat's context.xml so it should be accessible to all applications in tomcat). Have a look at DatasourceRealm. Regards Felix Thanks. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Tomcat 7.0.30 JAR Scanner ClassCastException
On 03/10/2012 14:44, Jesse Farinacci wrote: Greetings, I am using Apache Tomcat 7.0.30 on IBM Java 6. I have a @WebServlet inside a ROOT.war!/WEB-INF/lib/common-servlets.jar which forwards to a JSP located in common-servlets.jar!/META-INF/resources/some.jsp. When I reference the path for this @WebServlet Tomcat throws the following exception: org.apache.jasper.JasperException: Unable to initialize TldLocationsCache: org.apache.tomcat.util.scan.StandardJarScanner cannot be cast to org.apache.tomcat.JarScanner org.apache.jasper.compiler.TldLocationsCache.init(TldLocationsCache.java:252) org.apache.jasper.compiler.TldLocationsCache.getLocation(TldLocationsCache.java:205) org.apache.jasper.JspCompilationContext.getTldLocation(JspCompilationContext.java:607) org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:409) org.apache.jasper.compiler.Parser.parseDirective(Parser.java:475) org.apache.jasper.compiler.Parser.parseElements(Parser.java:1427) org.apache.jasper.compiler.Parser.parse(Parser.java:138) org.apache.jasper.compiler.ParserController.doParse(ParserController.java:242) org.apache.jasper.compiler.ParserController.parse(ParserController.java:102) org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:198) org.apache.jasper.compiler.Compiler.compile(Compiler.java:373) org.apache.jasper.compiler.Compiler.compile(Compiler.java:353) org.apache.jasper.compiler.Compiler.compile(Compiler.java:340) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at com.acme.web.MyJspDelegatingServlet.doGet(MyJspDelegatingServlet.java:122) org.apache.catalina.core.ApplicationDispatcher.invoke Servlet.service() for servlet org.apache.jasper.servlet.JspServlet threw exception java.lang.ClassCastException: org.apache.tomcat.util.scan.StandardJarScanner incompatible with org.apache.tomcat.JarScanner at org.apache.jasper.compiler.JarScannerFactory.getJarScanner(JarScannerFactory.java:39) at org.apache.jasper.compiler.TldLocationsCache.init(TldLocationsCache.java:243) at org.apache.jasper.compiler.TldLocationsCache.getLocation(TldLocationsCache.java:205) at org.apache.jasper.JspCompilationContext.getTldLocation(JspCompilationContext.java:607) at org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:409) at org.apache.jasper.compiler.Parser.parseDirective(Parser.java:475) at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1427) at org.apache.jasper.compiler.Parser.parse(Parser.java:138) at org.apache.jasper.compiler.ParserController.doParse(ParserController.java:242) at org.apache.jasper.compiler.ParserController.parse(ParserController.java:102) at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:198) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:373) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:353) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:340) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:487) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:412) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:339) at com.acme.web.MyJspDelegatingServlet.doGet(MyJspDelegatingServlet.java:122) I thought perhaps I had an old library somewhere, but grep and md5sum confirms that my deployed Tomcat 7.0.30 has the same libs that Apache is shipping in the official download. I went back to 7.0.29 and see the problem there as well. I haven't gone back farther. Any help on this is appreciated. I make heavy use of modular Servlet 3.0 jar
Re: How to limit the number of sessions per IP address (DOS attacks)
On 30 Sep 2012, at 06:44, Brian Braun brianbr...@gmail.com wrote: Hi, I'm using Tomcat 7.0.22 (+Ubuntu Linux + MySQL). I'm providen a geolocation service. My users invoque a URL in my server (something like http://services.acme.com/locate?ip=..) providing the IP address, and it responds with the geolocation info. This service must admit a very high rate of queries, and it is doing it sucessfully now. This URL doesn't create sessions in order to save resources, and because sessions are not required after all. Each call is treated individually, no need to link them in sessions. In other words, this is a RESTful service. Besides the service URL, I have a website in the form http://www.acme.com(www. instead of services.). This website has a demo page where visitors can type an IP address and see the response (values, format, and an explanation of that). This website DOES create session, because it is necessary given that the user logs in, uses his account, manages his license codes, etc. The problem is that some people are requesting the demo URL at a very high rate, instead of requesting the special service URL that has been designed to provide the service returning a response in XML. Why not just get the demo page to use the REST URL and decommission the old one? p When they request this demo page at a very high rate, a ton of sessions are being created and Tomcat ultimately collapses. Basically, the RAM is exhausted, Tomcats gets slower and slower, and dies at the end. In other words, this is something similar to a DOS attack (Denial Of Service). I need to solve this. I need a way to limit the number of sessions that are being created for the same IP, and in the same host under Tomcat, so if this people start doing this, the app will stop them. It is very import to be able to apply a solution just to the www website, not to the other services. subdomain, so the solution must not be global to the Tomcat engine. What would you recommend as a strategy? Is there some kind of valve that I can use in the server.xml file to solve this? Should I create a filter that does this? Is a filter the best place to implement a solution? Is there a way to inspect the API and get the list of current sessions? Or do I need to build my own list at the application scope, most likely using the events when a session is created or destroyed to update this list? Is there a solution already built? Or do I have to program one from scratch? Note: I want to solve it at the host or context level. Not at the Tomcat engine level, or at the Linux level (IPTables/firewall), or adding Apache HTTPD server before Tomcat. Thanks in advance! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Failure connecting to Hbase remotely from Tomcat 6 Servlet
On 1 Oct 2012, at 14:59, Mouradk mourad...@googlemail.com wrote: Hello, This is my first post so apologies if I am breaking some etiquette. I am not an expert on Hbase and have been flaying through threads of Hbase remote connection but with no luck solving my problem. I am running a Hbase/Hadoop single cluster on an EC2 instance (Ubuntu 10.4). I am also running a servlet on a tomcat6 server in another ec2 instance. The plan is for the servlet to write and read to the remote Hbase instance. The servlet is running a context listener with some java routines (ServletContextListener). Now if I run the java project as a runnable jar instead of a servlet all is fine. It connects to Hbase and writes/reads from table. But on tomcat6 it just freezes when attempting to connect to the Hbase instance. 2012-10-01 11:11:40,751 [Timer-4] INFO com.myApp.foundation.access.HBaseHandler initialise(..) - Initialisation HbaseHandler configuration ... 2012-10-01 11:11:40,763 [Timer-4] DEBUG org.apache.hadoop.conf.Configuration init(..) - java.io.IOException: config() at org.apache.hadoop.conf.Configuration.init(Configuration.java:211) at org.apache.hadoop.conf.Configuration.init(Configuration.java:198) at org.apache.hadoop.hbase.HBaseConfiguration.init(HBaseConfiguration.java:33) at com.myApp.foundation.access.HBaseHandler.initialise(HBaseHandler.java:507) at com.myApp.foundation.access.HBaseHandler.init(HBaseHandler.java:53) at com.myApp.foundation.access.HBaseHandler.getInstance(HBaseHandler.java:500) at com.myApp.foundation.hbase.StorableRow.clinit(StorableRow.java:40) at com.myApp.foundation.entities.Article.storeToHbase(Article.java:257) at com.myApp.task.impl.HBaseArticlePersisterTask.process(HBaseArticlePersisterTask.java:101) at com.myApp.foundation.task.QueueTask.performTask(QueueTask.java:101) at com.myApp.runner.impl.HBasePersisterRunner$1.run(HBasePersisterRunner.java:46) at java.util.TimerThread.mainLoop(Timer.java:512) at java.util.TimerThread.run(Timer.java:462) I don't know HBase, but I'd read this stack as being caused by a config error. 2012-10-01 11:11:40,803 [Timer-4] INFO com.myApp.foundation.access.HBaseHandler initialise(..) - Config resource zookeeper.quorum: ip-10-10-10-10.eu-west-1.compute.internal 2012-10-01 11:11:40,803 [Timer-4] INFO com.myApp.foundation.access.HBaseHandler initialise(..) - Config resource zookeeper.clientPort: 2181 2012-10-01 11:11:40,804 [Timer-4] INFO com.myApp.foundation.access.HBaseHandler initialise(..) - Config resource hbase.master.info.port: 60010 2012-10-01 11:11:40,804 [Timer-4] INFO com.myApp.foundation.access.HBaseHandler initialise(..) - Config resource hbase.master.info.bindAddress: ip-10-10-10-10.eu-west-1.compute.internal I can telnet the HBase instance. In the servlet I included the hbase-site.xml. But as you can see from the log, the zookkeeper.quorum is getting picked up as well as the port number. All necessary ports are open on the Hbase instance. What's in the config before those details? Something is telling me tomcat6 policy configuration is to blame. If you have the Security Manager turned on, turn it off - then you'll know pretty quickly if the policy is a) effective and b) wrong. But I don't see anything in the catalina logs. Are there any other logs I am missing or could guide me to the right logs? Has someone experienced the same problem? Doesn't look like a Tomcat problem. Either a HBase or OS config issue. Have you opened the necessary firewall ports, for example? p Many thanks in advance. Mourad - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Web app deployment Issues
On 30 Sep 2012, at 11:52, ASIYA LABARAN a_laba...@yahoo.com wrote: Hello, I am trying to use tomcat server to deploy a webapp called mifos mfi. I created a folder in the C: (C:\MifosInstall\) where i unzipped the tomcat server 6.0.35. I created environment variables as required namely: JAVA_HOME value: C:\Program Files\Java\jdk1.7.0_07 CATALINA_HOME value: C:\Mifos Install\apache-tomcat-6.0.35-windows-x64\apache-tomcat-6.0.35 CATALINA_OPTS value: -Xms1024M -Xmx1024M -XX:MaxPermSize=256m MIFOS_CONF C:\Mifos Install\mifos-v2.4.1\config Specifically, where did you put the mfi folder? C:\Mifos Install\ I also installed a jdk and set up its environment variables as required and also copied the mifos.war file into the webapps folder (CATALINA_HOME/webapps). I launched the tomcat server by double clicking the startup.bat inside 'CATALINA_HOME/bin/' folder. I do receive an error message (HTTP Status 404) saying the resource you requested is not available. I need help on deploying my webapp. There are log files in CATALINA_HOME/logs. What do they contain? Any interesting messages about the app startup? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6 serious issues on AIX 5.3
On 28 Sep 2012, at 20:00, vincent.soo...@daimler.com vincent.soo...@daimler.com wrote: Post your DBCP configuration and let's see what can be done with it. As above. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: exploting tomcat vulnerability with example
On 19 Sep 2012, at 13:20, Daniel Mikusa dmik...@vmware.com wrote: On Sep 19, 2012, at 5:02 AM, Ragini wrote: Hi all, For my research work I want to have different attacking scenarios which exploits vulnerability of JAVA based applications. This java applications can be just any web-application, desktopapplication or any other. For this, I was thinking to exploit vulnerabilities of tomcat itself (because it is in java). I went through different vulnerabilities of different versions of tomcat on apache tomcat's official site. They have provided information about what is the vulnerability and what is its consequences. But I am looking for some real time example by which I can exhibit the exploitation of tomcat’s vulnerability. The version of the tomcat can be just any. I would like to try vulnerabilities like authentication bypass, information disclosure or some other which really compromises the security. Try looking at Metasploit. +1 p Dan Could anybody please suggest some source where I can get step by step information about exploiting tomcat’s vulnerability with example ? It would be nice if the example web application used for exploitation is also in java. I would really appreciate your any kind of help regarding this. Thanks. Richa. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Updating Tomcat-Server from Version 6.0.16 to 7.0.30
On 19 Sep 2012, at 14:45, Andreas Stadelmeier a...@michlaustderaffe.de wrote: Hello guys, i would like to install the newest stable version of the Apache Tomcat Server. I already got some stuff running on the old Tomcat v.6.0.16 Server. I want to ask you, if it is safe to do this update and if afterwards my v 6 compatible JSP-Files wont cause any problems. Try the latest 6.0.x first, then if your app is fine, try 7.0.x. Things changed in 6 that sometimes catch people out. p Thank you in advance, Andi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Latest Tomcat release question...
On 19 Sep 2012, at 16:45, Tony Anecito adanec...@yahoo.com wrote: Ok does scanning scan the classes inside the library jars the app uses? What would be the point of that? How does Tomcat know which is a special library jar and which is not? (Unless you provide it with a list of jars to ignore.) p Thanks, -Tony --- On Wed, 9/19/12, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: Latest Tomcat release question... To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, September 19, 2012, 7:38 AM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tony, On 9/18/12 7:10 PM, Tony Anecito wrote: Thanks for the heads up about the memory issue. I looked over the release notes before I posted here and did not remember reading that. http://tomcat.apache.org/tomcat-7.0-doc/changelog.html It's bug 53535: http://issues.apache.org/bugzilla/show_bug.cgi?id=53535 I do not use spring either and glad for that but I do use JAX-WS and am working on swithing to JAX-RS and there are quite a few libraries for JAX-RS. This weekend I will look at using 7.0.30. It really comes down to the number of classes that get scanned. Lots od deps = lots of classes (usually). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBZyu8ACgkQ9CaO5/Lv0PC9TwCgw2qRGo/B0HjjQJycPsK1G9hZ v9IAnjKhBC+gZL3iUoHIY5MTR1Ph9v/v =C59w -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Connector for Sun ONE Web Server 7.0 and Tomcat 6.0.x
On 19 Sep 2012, at 16:59, Hassan Schroeder hassan.schroe...@gmail.com wrote: On Wed, Sep 19, 2012 at 8:02 AM, Jay Rao jay...@gmail.com wrote: Is there a Tomcat Connector for Sun ONE Web Server 7.0 and Tomcat 6.0.x running on RedHat Linux 5.7 64-bit ? If not, any idea on when will it would be available please ? My guess: When dead, dreaming Cthulhu wakes in his house at R'lyeh and schedules a Tupperware party. LMAO I could be wrong, though. Or you could pay someone to create one. Or try the 6.x one that is the top result when you google sun one tomcat connector Or ditch Sun ONE and use something current. p -- Hassan Schroeder hassan.schroe...@gmail.com http://about.me/hassanschroeder twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sessions replication
On 19 Sep 2012, at 16:59, Carrillo, Dan dcarri...@idanalytics.com wrote: Hi folks, My sessions are replicating across the cluster as indicated by my session listener debug output. E.g I can see the session created/destroyed messages in each respective log. I have a Service object that is serializable, which contains a String member variable (x) which is not initialized; null. As my load balancer round-robins the requests to each of these servers, each successfully retrieves the service instance from the session. Now, when service.x is set at some point in the workflow, I expect the other members to receive this updated object since it resides in the session. However, I'm finding that it is not, it remains null in all other containers. The tomcat config (http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html) says that ..For each request the entire session is replicated, this allows code that modifies attributes in the session without calling setAttribute or removeAttribute to be replicated. Can someone clarify whether I do in fact need to reset the service object on the session in order for it to replicate? If by this, you are asking whether you can retrieve an object from the session, update it and without adding it back to the session expect these changes to be propagated, then no, you can't. p Thanks! Engine name=Catalina defaultHost=localhost jvmRoute=id2 Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=6 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=231.10.12.6 port=35006 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=8117 selectorTimeout=100 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is there a REAL solution to the BEAST attack (CVE-2011-3389) for Tomcat 7.x
Martin, You know what a turtle is? p On 15 Sep 2012, at 13:30, Martin Gainty mgai...@hotmail.com wrote: Good Morning Brian from what Im seeing this is a Redhat Enterprise 4,5,6 bug which effects any of the secure protocols such as sftp, scp and ssl and you would need to implement the RH patch dsiable TLS 1.0 and implement either TLS 1.1 or TLS 1.2 protocols in its place disable applets disable WebSockets disable Cipher Block Chaining (CBC) ciphers make sure 1/(n-1) split is being implemented replace your JSSE with a JSSE that supports jsse.enableCBCProtection this update from tomas tells the story A mitigation for this flaw was implemented in the Network Security Services (NSS) library. It uses 1/(n-1) record splitting as mentioned in comment #19. This mitigation was added in NSS version 3.13 (which is used in Firefox 9 and later) and is enabled by default upstream. Environment variable NSS_SSL_CBC_RANDOM_IV can be used to disable the mitigation when it causes failures to connect to servers that are intolerant to such record splitting (see comment #23). Setting the environment variable value to 0 disables the mitigation. use FF9 as your corporate browser https://bugzilla.redhat.com/show_bug.cgi?id=737506does anyone from Redhat have anything useful to say on this matter? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te deer mandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Fri, 14 Sep 2012 22:12:30 -0500 Subject: Is there a REAL solution to the BEAST attack (CVE-2011-3389) for Tomcat 7.x From: brianbr...@gmail.com To: users@tomcat.apache.org Hi, Is there a REAL solution to the BEAST attack (CVE-2011-3389) for Tomcat 7.x? For more info about this attack: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389 My toughts and questions, as far as I have investigated this issue: - Disabling the TLS1.0 protocol would be too restrictive, because there are still browser versions in use that don't support TLS1.1 or TLS1.2. - Should we restrict the ciphers in use? If so, which ones should we offer for Tomcat 7.X over JVM1.6 and using a GeoCerts certificate (which means JSSE instead of OpenSSL)? - Will upgrading to the latest JVM (as of today, Sept 14th 2012) solve this issue? Thanks in advace. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Profiling tomcat 7 on ubuntu with java profiler
On 17 Sep 2012, at 13:55, Ragini raginippa...@gmail.com wrote: Hi experts, I profile tomcat with a java profiler. I expect that a Java Profiler is the best way to do that. The profiler runs java agent and profiles the tomcat server. So you said. That's awesome dude. So I have created setenv.sh and put java options to it. so far it is working fine. I start the server, then I run the web application in the browser and then I stop the server by shutdown.sh. After I execute shutdown.sh, my profiler dumps the output. This output shows all the executed java methods in xml format. It actually shows the sequence in which they were executed. Pl find the attached file to see how the profiler generates the output. This was generated by running just one test.jsp page which contains the method addnum. In the output, I have noticed that the main class which is responsible to execute jsp page is Lorg/apache/jsp. Uhhh, which profiler are you using? That doesn't make sense. But I am not sure if there are also other classes which are responsible for this. ... I am curious to know this. In my profiler I have an option by which I can exclude classes which I dont want to profile. I am basically interested in profiling all user defined methods of jsp pages and of java classes. (I want to profile a web application which has java classes and jsp pages as well). Good plan. I would not like to profile the classes of apache which are dependent on time (like threads are time dependent). Uhh, if the committers come up with some Tomcat code that isn't depend on time I extend an immediate offer of unlimited beer. (Before you start, I'll win this one.) The reason for this is, it gives me different profiles for exactly two same runs. Which I strictly don’t want. Sun spots? so I would like to have your opinions on, 1) Are the methods of org/apache/jsp class and time dependent ? Is there any chance that I get different profiles for exactly two same runs ? Unless your Tomcat server is in a Faraday cage for a start, yes. p (I don’t have any option to include the class which needs to be profiled in my profiler. So if I want to test the above I have to specify all other classes except org/apache/jsp in my exclusion list which is very time consuming. If I am sure that methods of apache/jsp/* classes are not time dependent, I can do that. I need your help regarding this. Thanks. Richa tomcat_output.cct.xml.gz - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: R: how to read files in file system
On 18 Sep 2012, at 07:22, Ge Gestione Elaboratori(IBM Business Partner) case...@gmail.com wrote: Excuse me Dan: attached the screenshot. Zeesh. Stop attaching it, paste some info inline in the message and stop being lazy. p paolo -Messaggio originale- Da: Daniel Mikusa [mailto:dmik...@vmware.com] Inviato: martedì 11 settembre 2012 13.51 A: Tomcat Users List Oggetto: Re: how to read files in file system On Sep 11, 2012, at 3:11 AM, IBM partner Gestione Elaboratori wrote: With jsp i can read files in the file system only if there are located under the directory webapps/application/file. If I read a file ,for example, in c:/filename Tomcats signals an error (se atthachment) Again, there is no attachment. The list is probably removing it. Please try pasting the content into your email. Please also include the error that is given. Without that, we can only guess at what is happening. Dan How to read files located everywere in the file system? paoloc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to send some requests to all tomcat cluster nodes from loadbalancer
On 12/09/2012 12:45, Orhan Karasakal wrote: Hi, I have a distrubuted cluster system. I have set up apache server and set loadbalancing (mod_jk) conditions. And also sticky session is true mode. Among nodes, there is no multicasting Is it possible that could I send some special requests (after request header control) or broadcast message to all tomcat cluster nodes ? Is there any rule or method ? Normally every request goes one node but for some special url, I want to send these requests to all cluster nodes. For example for some url, application should not be seen to user. Thanks for your help, Orhan Karasakal That can't be supported by HTTP - how would the protocol handle sending more than one HTTP response back to the requestor? Design an alternative solution that uses a messaging system (perhaps JMS or AMQP), or in which any member can relay the payload of the request to other nodes one at a time. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: How to get heap dump of Tomcat running as windows service.
On 12/09/2012 11:02, Aditi Sinha wrote: Hi, We have web server hosted on Tomcat 7.0.22. Tomcat is running as windows service. When we try to get the heap dump of Tomcat using the following command *jmap -dump:format=b,file=heap.bin pid* we get below error *pid: Not enough storage is available to process this command.* probably because you have set a large heap size. When Tomcat is started manually in console (using command “catalina.bat start”), we are able to take the heap dump. because you are probably not setting a heap size. Is there any workaround which would allow to take heap dump when Tomcat running as windows service? make some more disk space available, sufficient to permit the heap to be written to file. p Thanks Regards, Aditi -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: tomcat 7.0.27 HTTP Status 404 - /manager/status
On 10 Sep 2012, at 07:53, Ch. Fawad Nazir fa...@biome.io wrote: Yes Tomcat run with Root. That's not usually a good thing. How are you starting Tomcat? p I made a copy of tomcat-users.xml to tomcat-users.xml-old before make any changes to original file. Did some changes in tomcat-users.xml ... and after that delete the tomcat-users.xml. And again rename the tomcat-users.xml-old to tomcat-users.xml again and restart the Tomcat. Ch. Fawad Nazir -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, September 10, 2012 11:40 AM To: Tomcat Users List Subject: Re: tomcat 7.0.27 HTTP Status 404 - /manager/status And does Tomcat run as user root ? I am going by your own explanation above. It was working; you only did something to tomcat-users.xml, and it isn't working anymore. Logically thus, it is something that you did to tomcat-users.xml that is the cause. Unless your explanation above is incomplete. It is strange that you would get a 404 not found status as a result of messing about with tomcat-users.xml, but hey that's what you're saying. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat HeapMemoryUsage MBean question
On 7 Sep 2012, at 22:00, Shanti Suresh sha...@umich.edu wrote: Hi Konstantin, True. JMX data can be sensitive. If you're concerned about security do not use the JMXProxy Servlet at all. Configure security on an exposed JMX port and then interact with the JVM by connecting to the port. Scripts written in Groovy, for example, make this pretty easy to do. p I am not a JSP expert. I created the following test.jsp page and have it sitting in webapps/manager/. It doesn't work. I have the error message below the JSP text. Would you have a suggestion for what I might have in this page? -- Start of test.jsp:- !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; html head titleTest JSP/title style type=text/css !-- BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;} H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} PRE, TT {border: 1px dotted #525D76} A {color : black;}A.name {color : black;} -- /style /head body h1Test JSP/h1 p Welcome to Test JSP page. /p jsp:forward page=/jmxproxy/ jsp:param name=get value=java.lang%3Atype%3DMemory / jsp:param name=att value=HeapMemoryUsage / jsp:param name=key value=used / /jsp:forward /body /html --End of test.jsp- On invoking the above JSP page, I get: -Start of HTTP connection output:--- * About to connect() to localhost port 8090 * Trying 127.0.0.1... connected * Connected to localhost (127.0.0.1) port 8090 GET /manager/test.jsp HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: localhost:8090 Accept: */* HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=3FC31B7F279B68E4417186B5DC702D68; Path=/manager/; HttpOnly Content-Type: text/plain;charset=ISO-8859-1 Content-Length: 86 Date: Fri, 07 Sep 2012 20:47:51 GMT Error - javax.management.MalformedObjectNameException: Key properties cannot be empty * Connection #0 to host localhost left intact * Closing connection #0 -End of HTTP Connection output- Thanks. -Shanti On Fri, Sep 7, 2012 at 4:29 PM, Konstantin Kolinko knst.koli...@gmail.comwrote: 2012/9/7 Shanti Suresh sha...@umich.edu: Hi Christopher, Hi Konstantin, On Fri, Sep 7, 2012 at 1:54 PM, Christopher Schultz ch...@christopherschultz.net wrote: I personally think that's a bad idea: just set some simple username and password and have your client use it: any decent command-line HTTP client should support HTTP BASIC authentication. Sure. I can do that. It just leaves the set operations vulnerable too though. I can use digested passwords too, but still my scripts will need to be hard-coded with the password. That's good. Sure :-) Thanks. Log it as an enhancement request in Bugzilla. I proposed this kind of thing a few months ago though I can't seem to find the thread at the moment. It was mildly rejected due to lack of interest, but but it seems we have a real use-case where a user wants this capability. Oh, most certainly, there is a definite use-case for this feature. And others will use it heavily once you have the capability. It just doesn't seem like a good plan to have the get and set secured the same way. With get you can view someone's password. With set you can change it, or change assigned roles. (with certain Realm implementations). There is not much difference. I think allowing generic get or generic set is a bad idea. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tuning session replication on clusters
On 5 Sep 2012, at 20:51, llow...@oreillyauto.com llow...@oreillyauto.com wrote: I have a small cluster of 3 nodes running tomcat 6.0.24 with openJDK 1.6.0_20 on Ubuntu 10.04 LTS. You should really consider upgrading Java. While you're at it, try Tomcat 7.0.30 in your lab and have a look at BackupManager (instead of DeltaManager) as Dan suggested. p I have roughly 5,000-6,000 sessions at any given time, and when I restart one of the nodes I am finding that not all sessions are getting replicated , even when I have the state transfer timeout set to 60 seconds. It seems that only sessions that have been touched recently are replicated, even if the session is still otherwise valid. I did one test where I created about 1,500 sessions and then took out one node, When I brought it back online, it only replicated the 4-5 sessions that were from active users on the test cluster. It did not replicated the idle sessions that were still valid that my prior test had created. I am wanting to tune my settings, but I am unsure where would be the best place to start. Should I start with the threads available to the NIO Receiver, or would I be better off focusing on a different set of attributes first, such as the send or receive timeout values? Any tips or pointers as to which setting might be the most productive would be greatly appreciated. Lee Lowder O'Reilly Auto Parts Web Systems Administrator (417) 862-2674 x1858 This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Facing Memory leak - 64 bit Tomcat 6.0.35 with windows 2008 R2(64 bit JVM 1.6.0_33)
edited for my amusement. On 5 Sep 2012, at 17:16, PJ Delsh pjdelsh...@hotmail.com wrote: Shailendra, I'm not an expert, Really? Once we fixed the leaks, Tomcat was stable. Quel surprise. After months of searching, we think the issue was having system.exit(0) in our code. A classic blunder. After which you conclude: The truth is that Tomcat is not written well enough to run on Windows. Hilarious, but unfounded inaccurate. Of course you could prove me wrong by pointing out which bits of Tomcat are not written well enough to run on Windows? Tomcat is not like IIS. Developing for Tomcat on Windows is fine, but running production apps in Tomcat on Windows is a bad idea. I am aware of substantial Tomcat deployments on Windows that run just fine under a decent amount of load. p Date: Wed, 5 Sep 2012 11:13:09 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Facing Memory leak - 64 bit Tomcat 6.0.35 with windows 2008 R2(64 bit JVM 1.6.0_33) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shailendra, On 9/5/12 2:50 AM, Shailendra Singh wrote: We are using 64 bit Tomcat 6.0.35 with windows 2008 R2 (64 bit JVM 1.6.0_33) and facing memory leak issues(OutOfMemoryError ) after a short interval of time( ~30 minutes). We deploy a web application on this version of tomcat and while working with the GUI part of the application we face memory leak, but same application works fine on this windows server for 32 bit JVM. Please help us if this is an issue with 64 bit Tomcat version or with 64bit JVM or with its combination. kindly let us know a solution or any work around or for this. You've asked this question three times now and have apparently been ignoring every reply you get. Please stop asking if you are going to ignore our questions and advice. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBHbAUACgkQ9CaO5/Lv0PCknACeIwxou02m0hz1Y9HtZTAmzMot A/YAniXDFbzzs+ApHFFXBxL9vtIoXuoN =NjrU -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Access Tomcat cluster info thru MBean
On 29/08/2012 13:22, Mark Thomas wrote: On 29/08/2012 08:29, Awdhesh Kumar wrote: I am working with Tomcat 7.0.X. Just to be clear, do you mean Tomcat 7.0.x built from tc7.0.x/trunk in svn or do you mean some unknown Tomcat 7 version? Perhaps the OP really does mean the (until now, highly secret classified) 7.0.X release. p Mark -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, August 29, 2012 12:57 PM To: Tomcat Users List Subject: Re: Access Tomcat cluster info thru MBean Awdhesh Kumar awdh...@adobe.com wrote: I am running my Tomcat is running in clustered mode with four instances configured to same machine. In the application, I need to retrieve information regarding all the running instances of this cluster (nodes) through MBean. Information like instance IP, instance name are my primary requirement. Have tried to retrieve Cluster Mbean by querying [b]*:type=Cluster,* [/b], It returns basic cluster information but it does not contain any information of the instances. If someone can suggest me a way to achieve this will be nice. Regards Awdhesh Tomcat version? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Facing Memory leak - 64 bit Tomcat 6.0.35 with windows 2008 R2(64 bit JVM 1.6.0_33)
On 30/08/2012 15:13, Christopher Schultz wrote: Shailendra, On 8/30/12 1:54 AM, Shailendra Singh wrote: We are using 64 bit Tomcat 6.0.35 with windows 2008 R2 (64 bit JVM 1.6.0_33) and facing memory leak issues(OutOfMemoryError ) after a short interval of time( ~30 minutes). We deploy a web application on this version of tomcat and while working with the GUI part of the application we face memory leak, but same application works fine on this windows server for 32 bit JVM. So you run out of memory when using 64-bit JVM but not on 32-bit JVM? Please help us if this is an issue with 64 bit Tomcat version or with 64bit JVM or with its combination. kindly let us know a solution or any work around or for this. Tomcat is almost entirely architecture-agnostic (except for the service runner and optional APR/native library which hardly consume any memory at all, and are unlikely to be the problem, here). What kind of OOME are you getting? Heap? PermGen? My knee-jerk reaction is that you simply need a bigger heap than usual when moving from 32-bit to 64-bit JVM because the word-length has doubled. Given that there is no real information about the environment (e.g. memory assigned, used, etc) that's a fair guess. p -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: How-to-achieve-url-maxtry-filter-in-apache-tomcat
On 28 Aug 2012, at 05:00, rathinasamy@snovabits.net rathinasamy@snovabits.net wrote: No It can't be responsible for removing the url, since the url path will not come through my application it is directly hitting the tomcat port. That makes no sense. If it's your app then you can intercept it and do as you please. I deployed my application as a war file in server through that app created a folder in: tomcat_server_home/webapps/root/club/dely/ios/.. Do you mean root or ROOT? So how can I control it through app, My app's work is to generate a folder like structure in tomcat home path build the url return the url to user. By adding a Servlet Filter with a path that maps to the same URL space as the resource URLs. If the Filter has access to the URL and counter, again as previously described, then it can pass requests through transparently, increment the counter and then refuse access by returning a 404 instead of a response after the expiry time or counter is exceeded. Look at the Tomcat examples and read the Servlet Spec - don't just rely on Google and people on the list doing your work for you if you want to understand this. p On 8/27/2012 6:38 PM, Pid wrote: On 27/08/2012 08:17, rathinasamy@snovabits.net wrote: Hi, Many thanks for your reply. I am asking something which should be done in apache tomcat configurations, Since I have not able to control that maxtry concept through my application (it is out of my app control) There's no Tomcat or Servlet config to do this. Through my app just generate a url to access a video file at run time, may be the user can copy that url and paste it in outside browsers - here I have to control the usage of using my url which I have given to the user. If your app is generating the URL, why can't it also be responsible for removing it? That url is something looks like (http://localhost:8080/Club/dely/ios/item/42/23/cc.mp4) it should accessed via apache tomcat, so I am asking here for anyway to expire the url path in apache tomcat using filters like: init-param param-nameExpiresByType image/param-name param-valueaccess plus 2 minutes/param-value /init-param init-param But it expires image after 2 minutes, I need to expires some url pattern after 2 access. Thank you again for spending your time in this. Write a filter that blocks that URL after 3 accesses or 2 minutes (perhaps using the suggestion by Joseph). p Regards, Rathinasamy. On 8/27/2012 12:34 PM, Joseph wrote: Have u tried to use regex to filter URL ,use concurrent hash map and atomic int to count? 在 2012-8-27,13:30,rathinasamy@snovabits.net rathinasamy@snovabits.net 写道: Hi everyone, Please give me some ideas to achieve maxtry concept. I want to destroy the url path after some amount of access. For eg., if I give maxtry = 2 for the run time generated url (http://localhost:8080/Club/dely/ios/item/42/23/cc.mp4), After the two times access of the above url for the third time that url path will not be able to access for anyone. _My environment is:_ Apache-tomcat-7.0.25* *Windows 7 32 bit Operating system How to achieve this using apache filter? Thanks in advance, Rathinasamy. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How-to-achieve-url-maxtry-filter-in-apache-tomcat
On 27/08/2012 08:17, rathinasamy@snovabits.net wrote: Hi, Many thanks for your reply. I am asking something which should be done in apache tomcat configurations, Since I have not able to control that maxtry concept through my application (it is out of my app control) There's no Tomcat or Servlet config to do this. Through my app just generate a url to access a video file at run time, may be the user can copy that url and paste it in outside browsers - here I have to control the usage of using my url which I have given to the user. If your app is generating the URL, why can't it also be responsible for removing it? That url is something looks like (http://localhost:8080/Club/dely/ios/item/42/23/cc.mp4) it should accessed via apache tomcat, so I am asking here for anyway to expire the url path in apache tomcat using filters like: init-param param-nameExpiresByType image/param-name param-valueaccess plus 2 minutes/param-value /init-param init-param But it expires image after 2 minutes, I need to expires some url pattern after 2 access. Thank you again for spending your time in this. Write a filter that blocks that URL after 3 accesses or 2 minutes (perhaps using the suggestion by Joseph). p Regards, Rathinasamy. On 8/27/2012 12:34 PM, Joseph wrote: Have u tried to use regex to filter URL ,use concurrent hash map and atomic int to count? 在 2012-8-27,13:30,rathinasamy@snovabits.net rathinasamy@snovabits.net 写道: Hi everyone, Please give me some ideas to achieve maxtry concept. I want to destroy the url path after some amount of access. For eg., if I give maxtry = 2 for the run time generated url (http://localhost:8080/Club/dely/ios/item/42/23/cc.mp4), After the two times access of the above url for the third time that url path will not be able to access for anyone. _My environment is:_ Apache-tomcat-7.0.25* *Windows 7 32 bit Operating system How to achieve this using apache filter? Thanks in advance, Rathinasamy. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Support for Windows 8 and Windows Server 2012
On 24 Aug 2012, at 07:33, Geet Chandra gee...@gmail.com wrote: Hi, Does anybody know about Tomcat (6.x or 7.x) support for Windows 8 and Windows Server 2012. If it is there, then which version, if not when can we expect. Why not try the latest Tomcat 7 and let us know if it works? p -- Thanks Regards Geet - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ClassCastException org.apache.jasper.runtime.ELContextImpl cannot be cast to org.apache.jasper.el.ELContextImpl
On 20 Aug 2012, at 23:28, Dale Ogilvie dale_ogil...@trimble.com wrote: So, I ran with JVM option -verbose:class Then I requested a jsp from app1 and the console printed: ... [Loaded javax.el.ExpressionFactory from file:/C:/apache-tomcat-7.0.27/lib/el-api.jar] [Loaded org.apache.jasper.runtime.JspApplicationContextImpl from file:/C:/sandpit-28/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/app2/WEB-INF/lib/jsp-2.1-6.1.14.jar] [Loaded javax.el.ELContext from file:/C:/apache-tomcat-7.0.27/lib/el-api.jar] [Loaded org.apache.jasper.runtime.ELContextImpl from file:/C:/sandpit-28/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/app2/WEB-INF/lib/jsp-2.1-6.1.14.jar] ... This seems to indicate that the class is being loaded by app1 from app2/WEB-INF/lib/jsp-2.1-6.1.14.jar. No? Where is that dependency JSP jar from? It should not be in WEB-INF/lib if it's providing JSP functionality. p Dale Т�ХF�V�7V'67�R�R���âW6W'2�V�7V'67�TF��6B�6�R��pФf�FF�F����6����G2�R���âW6W'2ֆV�F��6B�6�R��pР - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6 configuration using unpackWARS no longer works in Tomcat 7
On 10 Aug 2012, at 20:44, Ian Long (Opterus) ian.l...@opterus.com wrote: Hi Mark, Thanks for the info. I would rather not rename the WAR file or add the context.xml to it, because it is deployed in multiple ways on different severs and in development environments etc. Why must it be called ROOT.war, the Tomcat 6 way seems more flexible? It's been ROOT.war for a long time and ths is the preferred way of doing it. 6 had broader but less clear and more error prone possible alternatives. p Cheers, Ian Long Chief Software Architect, Opterus Inc. Email: ian.l...@opterus.com Phone: 416-840-8495 x666 Mobile: 416-817-9206 Web: http://www.opterus.com On Friday, 10 August, 2012 at 3:38 PM, Mark Thomas wrote: On 10/08/2012 20:20, Ian Long (Opterus) wrote: Any help is greatly appreciated! 1. Remove the docBase from the context.xml file 2. Package the context.xml file in the WAR 3. rename the WAR to ROOT.war 4. Place the WAR in the appBase Mark P.S. If you want to add some name/version to the WAR, name it ROOT##SomeMarkerOfYourChoice.war - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org (mailto:users-unsubscr...@tomcat.apache.org) For additional commands, e-mail: users-h...@tomcat.apache.org (mailto:users-h...@tomcat.apache.org) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: is this idea even possible in tomcat?
On 11 Aug 2012, at 20:42, Elias Kopsiaftis yemi...@gmail.com wrote: I posted about this a bit earlier, and I was told WebSockets were a better approach, but I am wondering is what I am trying to do even possible? My idea is to create a program that allows two users to connect through the server, and send images and text to each other. for the server, i have two servlets, one that uses comet, and one that does not. the regular servlet listens for requests, and broadcasts them to all the available connections. the comet servlet listens for connections, and once a connection is made, stores the response in a singleton that both the regular servlet and comet servlet have access to. the way its supposed to work is that the comet servlet stores the response to all connected, the regular servlet listens for messages, and once it receives one, gets a reference to the singleton, goes through all its responses, and sends the message to each connection. i can get my client to connect to the comet servlet just fine, via the tomcat logs, but i cant get it to connect at all to the regular servlet and i dont know why. when i print out the url used to connect to the regular servlet and use the browser, i am not getting any server errors, so it looks like it connects just fine, but none of my print statements in the inputservlet ever get executed, meaning it never processes. now i am wondering, is this idea even possible with the technology available in comet? None of the above sounds like a good idea. Use Comet/WebSockets and a message broker - the pattern you are looking for is called publish-subscribe. For open source brokers you can either use something like Apache ActiveMQ or RabbitMQ. p --bcaec550b36ca57b5304c702a778-- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: need help debugging why a simple app install fails
On 9 Aug 2012, at 13:56, my koseli mykos...@gmail.com wrote: Hi, I am using tomcat6 in ubuntu Ubuntu 10.04.4 LTS and running into problem when installing a very simple app. When I do ant build, deploy it seems to work but when I do ant install -v I get failed to build with output below. I cant find the reason this is failing. Is it possible to get some help on debugging this? Detected Java version: 1.6 in: /usr/lib/jvm/java-6-openjdk/jre Detected OS: Linux parsing buildfile /home/user/springapp2/build.xml with URI = file:/home/user/springapp2/build.xml Project base dir set to: /home/user/springapp2 parsing buildfile jar:file:/usr/share/ant/lib/ant.jar!/org/apache/tools/ant/antlib.xml with URI = jar:file:/usr/share/ant/lib/ant.jar!/org/apache/tools/ant/antlib.xml from a zip file [property] Loading /home/user/springapp2/build.properties Build sequence for target(s) `install' is [install] Complete build sequence is [install, reload, start, build, deploy, list, usage, stop, deploywar, ] install: [install] FAIL - Failed to deploy application at context path /springapp2 BUILD FAILED /home/user/springapp2/build.xml:106: FAIL - Failed to deploy application at context path /springapp2 at org.apache.catalina.ant.AbstractCatalinaTask.execute(AbstractCatalinaTask.java:258) at org.apache.catalina.ant.AbstractCatalinaTask.execute(AbstractCatalinaTask.java:146) at org.apache.catalina.ant.InstallTask.execute(InstallTask.java:114) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) at org.apache.tools.ant.Task.perform(Task.java:348) at org.apache.tools.ant.Target.execute(Target.java:390) at org.apache.tools.ant.Target.performTasks(Target.java:411) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1360) at org.apache.tools.ant.Project.executeTarget(Project.java:1329) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41) at org.apache.tools.ant.Project.executeTargets(Project.java:1212) at org.apache.tools.ant.Main.runBuild(Main.java:801) at org.apache.tools.ant.Main.startAnt(Main.java:218) at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280) at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109) Total time: 0 seconds What do the Tomcat logs say about the error? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.29 vs. Groovy with Java 7
On 16 Aug 2012, at 17:10, Jess Holle je...@ptc.com wrote: It appears that when one installs the groovy-all-2.0.1-indy.jar in a Tomcat web app, BCEL chokes on the Java 7 specific byte-code therein ala org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte tag in constant pool: 15 at org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:131) at org.apache.tomcat.util.bcel.classfile.ConstantPool.init(ConstantPool.java:60) at org.apache.tomcat.util.bcel.classfile.ClassParser.readConstantPool(ClassParser.java:209) at org.apache.tomcat.util.bcel.classfile.ClassParser.parse(ClassParser.java:119) at org.apache.catalina.startup.ContextConfig.processAnnotationsStream(ContextConfig.java:2066) ... Is there an update planned to make org.apache.tomcat.util.bcel savvy to Java 7 or replace it with ASM (which is fully Java 7 savvy)? [Please!] Until then, can I completely exclude this jar from annotation scanning? Yes! p -- Jess Holle - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ClassCastException org.apache.jasper.runtime.ELContextImpl cannot be cast to org.apache.jasper.el.ELContextImpl
On 07/08/2012 00:24, Dale Ogilvie wrote: Daniel Mikusa [mailto:dmik...@vmware.com] wrote: You would be using a shared class loader if you are placing JAR files used by multiple deployed web applications into the $CATALINA_BASE/lib or $CATALINA_HOME/lib directory. Are you placing any JAR files into those folders? We have placed three JDBC driver jars in $CATALINA_HOME/lib. I presume this is irrelevant to this issue. The class in question org.apache.jasper.runtime.ELContextImpl only appears to be in a jar located in app2/WEB-INF/lib, yet it is being loaded for app1. I have verified that the class is NOT in $CATALINA_HOME/lib. If we remove app2 from tomcat, the ClassCastException disappears from app1. Further, removing the jar containing org.apache.jasper.runtime.ELContextImpl from app2 also resolves the issue. There does seem to be a problem that app2 is sharing classes with app1 from app2/WEB-INF/lib. How can this happen? Tomcat blocks some JARs from being loaded from a webapp lib - the Servlet APIs - maybe the Tomcat JARs should go on the list. This might be construed as a bug, or at least an enhancement request. p Maybe try adding the JVM option -verbose:class to bin/setenv.sh. This option will cause the JVM to log when a class is loaded and from where it was loaded. I'll look into that. Dan Thanks. Dale - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: TOMCAT with multiple sites (one on https, others on http)
On 03/08/2012 17:35, Massimo Chirivì - Ict Consultant wrote: *this is my server.xml, * *the sites on the http is ok, but the site on the https is not ok?* *thank you for help* Are you just repeating the same question over over? Have you read the documents provided previously? What version of Tomcat are you using? What *exactly* does 'not ok' mean? Are there any errors in the log files? Can you describe the symptoms of the error? Have you ever read comprehended: http://www.catb.org/esr/faqs/smart-questions.html p ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443 / Connector port=8009 protocol=AJP/1.3 redirectPort=443 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=www.site1.it debug=0 unpackWARs=true Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=virtual_log1. suffix=.txt timestamp=true/ Context path= docBase=/webapps/site1 debug=0 reloadable=true/ Context definitions in server.xml is very strongly discouraged and considered poor practice. Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=virtual_log. suffix=.txt pattern=common/ /Host Host name=www.site2.net debug=0 unpackWARs=true Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=virtual_log29. suffix=.txt timestamp=true/ There is no logger in Tomcat 7.0. Context path= docBase=/webapps/site2 debug=0 reloadable=true/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=virtual_log. suffix=.txt pattern=common/ /Host /Engine /Service Service name=Catalinassl Engine name=Catalinassl defaultHost=localhost Connector port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true clientAuth=false sslProtocol=TLS keyAlias=bancomed keystoreFile=C:\Program Files\Java\jre1.5.0_15\bin\site3.jks keypass= / Host name=www.site3.net debug=0 unpackWARs=true Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=virtual_log29. suffix=.txt timestamp=true/ There is no logger in Tomcat 7.0. Context path= docBase=/webapps/site3 debug=0 reloadable=true/ Context definitions in server.xml is very strongly discouraged and considered poor practice. Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=virtual_log. suffix=.txt pattern=common/ /Host /Engine /Service /Server Massimo Chirivì 2012/2/12 Caldarale, Charles R chuck.caldar...@unisys.com From: mchirivi@gmail.com [mailto:mchirivi@gmail.com] On Behalf Of Massimo Chirivì - Ict Consultant Subject: Re: TOMCAT with multiple sites (one on https, others on http) i have a server with TOMCAT and i want to configure multiple sites, i can configure one site on https and others sites on http? 1) Read the servlet spec, especially section 13, security. 2) Read the Tomcat doc for SSL and Connector: http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html http://tomcat.apache.org/tomcat-7.0-doc/config/http.html 3) Read the Wiki for virtual hosts: http://wiki.apache.org/tomcat/HowTo#How_do_I_set_up_Tomcat_virtual_hosts_in_a_development_environment.3F - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. -- [key:62590808] signature.asc Description: OpenPGP
[OT] Re: Warning: js modified in the future- not able to find the files
On 01/08/2012 04:35, Kiran Badi wrote: Hi All, I have TC 7.0.11/7.0.27 and Apache 2.2 all sitting in the C://Program Files/Apache Software Foundation folder. I came across a strange issue today where in close to 10+ Javascript files were missing from the folder. Below is the way I do things I use dreamweaver for designing the page and under apache server, I drop all js/css/html files.Once design is finalised,I move those HTML/JS/CSS files to Netbeans+ TC 7.0.11 environment for building serverside code, and once its ready, I create the build and then I deploy it in TC 7.0.27. Today for some reasons close to 10 + same js files were missing from all servers, I am lost as how to recover those files now, I came across this message while rebuilding the project today, Warning: modified in the future. Warning: js modified in the future. Warning: js\lib modified in the future. I dont know as what is cause of this,but I know nothing has changed from my system today.There is nothing in event logs My environment is Win7 Home premium 32 bit,I am totally at the loss now as most of my client side functionality is gone and I am still assessing the damage to java code. Just wanted to check if there exists any way to get back those files. That's not a Tomcat problem. Check the clocks on everything that is writing to the file system. p - Kiran - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: PDF Download problem tomcat = 7.0.27
On 01/08/2012 08:54, André Warnier wrote: Konstantin Kolinko wrote: 2012/8/1 Jose María Zaragoza demablo...@gmail.com: The Content-Length header in the above 206 response is not from Tomcat. Tomcat's DefaultServlet does not calculate the whole size of the parts and does not set content-length, and the file size is much more than fits into the buffer. So it would use Transfer-Encoding: chunked in its response and not the one that you cited. There must be some proxy in the way that buffers the data and sends them as one response instead of chunks. HTTPD? Was there some option in it that disables chunked encoding when interacting with IE? Well, i don't know so much, but that doesn't have to do with chunked encoding, but Partial Content support, right ? And partial content is requested by client (IE) if Content-length is very big ( I guess ... ) Maybe, IE requests a PDF file (GET) and if it sees a Content-length very big , cuts downloading and re-send a GET request with a range of bytes. Chrome looks to perform something like that behaviour 1. I suspect that the content is requested not by IE, but by the Adobe Acrobat plugin. The User-Agent header says that it was IE6, but it is hard to imagine why the browser by itself would request that strange bytes range, asking for the tail of the file first. So there is something else that uses the browser to perform the request. +1 Talking about PDF files, there is a possible good reason for such a behaviour. A PDF file is not just a sequential text-like file. It is more like an indexed file containing tables of pointers which points to more or less randomly organised chunks of data inside the file. And, as per Adobe PDF 1.7 reference : 3.4.4 File Trailer The trailer of a PDF file enables an application reading the file to quickly find the cross-reference table and certain special objects. Applications should read a PDF file from its end. The last line of the file contains only the end-of-file marker, %%EOF. (See implementation note 18 in Appendix H.) The two preceding lines contain the keyword startxref and the byte offset from the beginning of the file to the beginning of the xref keyword in the last cross-reference section. etc.. ... And Note 18 in Appendix H essentially says that Acrobat reader is tolerant with respect to the above, and accepts a PDF if the %%EOF marker is located within the last 1024 bytes of the file. So, it is not beyond belief to imagine that a smart browser PDF plugin would first request the last chunk of the file, in order to retrieve pointers to the contents of the first page of the PDF, so that it could quickly retrieve the range of bytes corresponding to this first page, so that it could quickly display this first page into the browser window, while later retrieving the rest on-demand (as the user scrolls). (*) And if this is not the real explanation for the behaviour we are seeing, at least it is a clever one. Now how this all works in conjunction with the behaviour of HTTP proxies/gateways with respect to Range requests and buffering, is left as an exercise for the reader. (Who can start by trying to understand http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35) But that there would exist a couple of obscure bugs somewhere in there, which show up only in very specific circumstances, is not beyond belief either. (*) The attentive reader will have noticed that there is a possible flaw in this explanation : in the case at hand, the browser/plugin requests 2 chunks of bytes in the Range request : the end-of-file chunk, but also a chunk in the middle. How does it already know which second Range to request ? The PDF plugin is a PITA. It *does* request ranges, which can be a little painful; I found this out the hard way with some dynamically rendered PDFs. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Best practice for redeployments
On 30/07/2012 22:57, llow...@oreillyauto.com wrote: All, I have 70-80 apps that are spread out across 3 different clusters (based on usage, availability needs etc) Currently, each night we wipe out the wars and then redeploy them with fresh copies from the end points of our promotion paths (one for test and one for prod). What's the general consensus for the best practice for this? Do people generally only redeploy whatever has changed? Are nightly tomcat restarts even needed (or recommended), or should we just hot-deploy things at fixed times (based on traffic patterns) but only if something is needing to be updated? Any recommendations or thoughts or suggestions would be greatly appreciated. I'm sure there is some room for improvement in how we do things, but I was wondering what was considered a standard practice in this area. Lee Lowder In future please start a completely new email, rather than replying to an existing email* just editing the subject/body (which is call thread hijacking). p * Re: Best practice for redeployments -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Permanent servlet in TC7
On 26/07/2012 22:38, Christopher Schultz wrote: Chip, On 7/26/12 3:19 PM, Chip McVey wrote: In TC7, is there a way to tell Tomcat to never unload a given servlet unless Tomcat itself is being shutdown? I want a single servlet instance that I can know will exist for the life of the tomcat process without being unloaded reloaded (unless someone manually instructs Tomcat to do so, of course). Yes, I know I'm not supposed to do this and that the servlet spec says a container is allowed to unload a server any time as long as a request is not in process. I still would like to know if there's some Tomcat specific way to tell TC7 to never unload the servlet. And yes, I realize even if there is such a way that future versions of Tomcat may remove this capability. :) You have said both servlet and server: which did you mean? Do you need a particular web application to stay loaded? That's easy: simply don't undeploy it. Do you need a single (or multiple) servlet(s) to stay loaded all the time? That's also easy: I don't believe Tomcat ever actually unloads a servlet. (You can easily test this by implementing the destroy() method and emitting some kind of log). What is it about the servlet that it needs to stay loaded? Servlets aren't really supposed to have any state, so unloading and re-loading the servlet shouldn't represent anything traumatic to your web application. If you have to have some kind of data loaded all the time, consider moving that data into the ServletContext (aka application) attributes: then the servlet can be unloaded and re-loaded at will and the data will persist. +1 - ServletContextListener p -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: tomcat 7.0.29 build fails with dbcp target enabled; ok if disabled.
On 25 Jul 2012, at 08:06, k9...@operamail.com k9...@operamail.com wrote: On Tue, Jul 24, 2012, at 06:11 PM, Caldarale, Charles R wrote: Tomcat 7 must be built with JDK 6 due to incompatibilities introduced by Sun/Oracle in JRE 7. Once built, you may run Tomcat 7 under JRE/JDK 7. Tomcat 8 will be buildable with JDK 7. As JDK7 is our stanrard fare, is there a Tomcat 8 roadmap / release schedule available? Why compile from source when there are pre built binaries that run on Java 7? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Certificate chain does not seem to work and no errors in the tomcat logs
On 23/07/2012 19:42, Sivasubramaniam, Latha wrote: This issue got resolved, the private key was not present in the JKS file. Once we got the pfx file from the customer and pointed to that in the server.xml file, application started working. When we imported the certificate (.cer file), keytool utility did not complain the private key is not present. Also when browser makes a request there was no error messages/no indication in the tomcat, there was no response from the tomcat server. Any comments on this please. Was Tomcat running? p -Latha -Original Message- From: Sivasubramaniam, Latha Sent: Wednesday, July 18, 2012 1:56 PM To: 'Tomcat Users List' Cc: Samala, Praveen; Pandurangan Krishnakumar Subject: RE: Certificate chain does not seem to work and no errors in the tomcat logs We tried with Firefox, that did not work either. -Original Message- From: Sivasubramaniam, Latha Sent: Wednesday, July 18, 2012 1:55 PM To: 'Tomcat Users List' Cc: Samala, Praveen; Pandurangan Krishnakumar Subject: RE: Certificate chain does not seem to work and no errors in the tomcat logs Connector string Connector port=9883 protocol=org.apache.coyote.http11.Http11NioProtocol maxHttpHeaderSize=8192 SSLEnabled=true maxThreads=800 enableLookups=false disableUploadTimeout=true acceptCount=200 scheme=https secure=true clientAuth=false URIEncoding=UTF-8 keystoreFile=D:\Program Files (x86)\Aspect Software\Real-Time Reporting Server\SunJVM\jre\lib\security\keystorertrself2048.jks keystorePass=changeit keystoreType=JKS / Thanks, Latha -Original Message- From: Sivasubramaniam, Latha Sent: Wednesday, July 18, 2012 9:26 AM To: Tomcat Users List Cc: Samala, Praveen; Pandurangan Krishnakumar Subject: RE: Certificate chain does not seem to work and no errors in the tomcat logs Thanks for your response Christopher. We have requested customer to install firefox. We are using SSL and I will get the connector configuration once I get access to the system. Log level is changed to FINE in the logging.properties but we don't seem to get anything related to the certificate and the same when we start tomcat. I will check the log contents and post if the relevant lines. Thanks, Latha -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, July 18, 2012 8:40 AM To: Tomcat Users List Subject: Re: Certificate chain does not seem to work and no errors in the tomcat logs Latha, On 7/17/12 8:20 PM, Sivasubramaniam, Latha wrote: I am having issues with the SSL certificate chain the https requests from the IE8 browser does not get any response. Following are the details and any help is appreciated. This is in one of our customer implementation. Tomcat version: 6.0.29 OS: Windows 2008 Browser: IE8 Ceritificate key size: 2048 and the server certificate is 4th level in the chain. What about other web browsers? Is it only MSIE8 that is giving you problems, or can you not connect from any browser/client? I have tried following different things. * Imported chain and the server certificate to my keystore and set keystore properties in the server.xml Please post your Connector configuration. Also, are you using APR for SSL? When you imported the certificate chain, did you import all 4 certificates? (You may not need the top-level CA one, as it was probably already trusted by the JVM). * Imported certificate chain to cacerts and imported server certificate to my own keystore and speficied keystore properties in the server.xml * Imported certificate chain to my own trusted keystore in addition to the cacerts and server certificate to another keystore, specified both trustkeystore and keystore properties in the server.xml None of the above is working. I generated selfsigned certificate and that is working. That is good to know. We have windows based components using the same certificate on the same server, certificates imported on to the windows certmgr and those components are working. But the same certificate is not working on the Java based components. I do not see any errors in the tomcat logs. Do you get any output at all when you launch Tomcat? How can I get additional logging to see what is happening? Is there any known issue with the certificate chain ( I did not find any in the bug list) You can change the log level from INFO to DEBUG or FINE. Look at conf/logging.properties. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail:
Re: Forms authentication without cookies in 6.0.33
On 20 Jul 2012, at 03:38, Brett Mason b.ma...@adinstruments.com wrote: Hi there, We have an application which uses the forms authentication provided by Servlet specification and is configured store session IDs in the URL rather than using cookies. This configuration has been working as expected under Tomcat 6.0.32 and earlier. On upgrading to Tomcat 6.0.33 or 6.0.35 this combination no longer works as expected. Specifically, when a user initially submits the login form they are immediately returned back to the form-login-page. Submitting the login form a second time allows them to log in. The only difference I have been able to spot between the first and second form submission is for the second submission the request attribute javax.servlet.forward.request_uri now has the jsessionid appended to the URL. After a bit of reading I'm not sure if this change is a bug, perhaps introduced by the changes to path parameter handling as mentioned in these threads: http://markmail.org/thread/2yzusfukitalkhyx http://tomcat.markmail.org/thread/ykx72wcuzcmiyujz Or if we are using an unsupported configuration which is suggested by section SRV.12.5.3.1 of the Servlet specification v2.5. Could someone please clarify if Tomcat supports forms authentication without cookies? If it is intended to be a supported configuration I'm happy to submit a bug report and can provided a simple standalone test app to reproduce the problem. Form auth should work regardless of where the session id lives. Is the login form an HTML or JSP page? A session must be created before you can login, it sounds like Tomcat isn't seeing one during the first login. p Thanks, Brett. Environment details: - Windows 7 64-bit, Oracle JVM 1.6.0u32 1.7.0u4. - Debian 5 32-bit, Oracle JVM 1.6.0u32. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat7 deployment url change - please maintain backwards compatibility
On 13 Jul 2012, at 18:04, Tim Pizey tim.pi...@gmail.com wrote: Hi André, On 13 July 2012 17:32, André Warnier wrote: Tim Pizey wrote: I only joined this list this morning, and am appalled by the lack of constructive responses. Tim, this is probably a wrong initial impression, due to the way in which you phrased your initial message to the list, which sounded quite aggressive and condescending even to me who is not a Tomcat developer. This list is generally very helpful and polite, even to real Tomcat beginners. Consulting the list archives would demonstrate this. But the phrase Please maintain backwards compatibility by supplying a default of html to the the manager url, you will save a lot of people a lot of pointless work. undoubtedly rubbed a few people here the wrong way, considering that Tomcat is open-source and free software, made mostly by volunteers on their own time. It rubbed them all the more the wrong way since they also take the time to write extensive documentation and put it on-line, and you did not seem to have even read it before posting the above phrase. Now you have a choice : you either continue with the same tone, and it will be a frustrating experience for everyone (but first of all for you, because you would end up just being ignored), or we reset the relationship and you might get answers and/or helpful comments. Of which by the way you already did get some, despite your unnecessarily aggressive tone. I did read the instructions, for example I joined the user list, rather than posting a feature request on JIRA. Feeding back to developers through the list takes effort, there is nothing aggressive about my feedback. Getting user feedback is a privilege, increasingly people are not bothering, preferring to use a forum like Stack Overflow where negative responses, knee jerk RTFM etc can be costly. What other mechanism should I have used to make this feedback? Please also bare in mind that this is not for me, I have had to reconfigure all my poms, I feed this back for the good of your project. That does sound a little condescending. Konstantin points out that you are rather late to the party on this topic. I don't recall the list being deluged with complaints about the change. Tomcat adoption has continued to accelerate during the above period. Given this, it rather seems like the project has survived the change... p hope this helps Tim -- Tim Pizey - http://pizey.net/~timp - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat building problems: Apache Tomcat 5.5 Servelet/JSP container
On 11/07/2012 22:26, Wei, Mingzhen wrote: Konstantin, I followed the RUNNING.TXT after installing the binary release of Tomcat 5.5. But I cannot find the catalina.bat and catalina.sh for more environmental variables to set. Why tomcat is such a pain for installation? It's not. You're making it harder. Seriously, just download the actual binaries: http://tomcat.apache.org/download-70.cgi http://tomcat.apache.org/download-60.cgi http://tomcat.apache.org/download-55.cgi Those are for Tomcat 7.0, 6.0 and 5.5. p Thanks for your help. -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Tuesday, July 10, 2012 10:57 AM To: Tomcat Users List Subject: Re: Tomcat building problems: Apache Tomcat 5.5 Servelet/JSP container 2012/7/10 Wei, Mingzhen w...@mst.edu: Konstantin Kolinko, Could you tell me the point in more detail? I am new with Tomcat and need it badly to be able to run another application. Do you mean I need to try the combination of ant5.5 download + Ant 1.8.4 and JDK 1.4.2_19? 1. Why are you trying to build it from source? Why the existing binary releases are not good enough for you? 2. Have you read the BUILDING.txt file? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Vhost-specific configuration for deployed apps?
On 11/07/2012 16:12, Dave Shevett wrote: Hi folks, this has come up in the list archives a couple times, but I'm having a devil of a time getting it working right. I'm trying to set a basic set of properties to a deployed app into Tomcat. Note that this app is being deployed via the tomcat manager (in fact it's coming from Jenkins), and is in a VHost. The problem is I can't find the magic combination to get a couple basic config params (in this case database connection details) on a per-vhost basis to be available to the app. Right now I have a Spring PPC loading properties: bean id=propertyPlaceholderConfigurer class=org.springframework.beans.factory.config.PropertyPlaceholderConfigurer property name=location valueclasspath:congo.properties/value /property /bean which loads 'congo.properties' off the classpath. This is working, but I think Tomcat does not have separate classpaths for each vhost, so I can't just drop 'congo.properties' into Catalina/hostname/ and have it referenced for JUST that vhost, is that correct? Correct. If you really need separate host configs, use split CATALINA_HOST, CATALINA_BASE - see RUNNING.txt in your distribution. Then you can refer to a resource inside Spring: util:properties id=appProps location=file:${catalina.base}/conf/app.properties/ context:property-placeholder properties-ref=appProps/ p I can't build config parameters into the app, since the app needs to be generic (a .war file). I need to pass parameters into the applicationContext.xml on a per-vhost basis, with the results here: bean id=com.stonekeep.congo.database.Pool class=com.mchange.v2.c3p0.ComboPooledDataSource destroy-method=close property name=driverClass value=com.mysql.jdbc.Driver/ property name=testConnectionOnCheckout value=true/ property name=jdbcUrl value=${congo.jdbcurl} / property name=user value=${congo.user} / property name=password value=${congo.password} / /bean I've thought about using Context blocks in the vhost, or in the Host block for the vhost, but I can't figure out the proper mojo to get those Context parameters into the Spring applicationContext. My Spring is weak, I do apologize, but would really appreciate any help. Thanks! -d - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Speeding up RMI calls
On 09/07/2012 16:55, Andrew Kujtan wrote: Tomcat Version: 7.0.27 OS: Windows XP/7 I'm fixing an issue we are having with a webapp that does some communication over RMI with a remote server. Calls that would be instant in similar applications not inside the tomcat container are taking more than 30 seconds when called from tomcat. After debugging I've found that when an RMI call is made, the classlist containing all the jars in the webapp lib folders is being serialized with the data. Which wouldn't be a problem normally, except the webapp has 300 jars in its lib folder. In the other similar applications, are there 300+ jars on the classpath too? p The only solution I have found is to create a custom WebAppClassloader that returns a zero length URL array on the getURLs() call. We don't do any dynamic class loading so breaking that is not a problem. My question is, is there any other way to resolve this, like a configuration property? If not, are there any problems that I am going to introduce by overriding this method? Can I override the classloader for just this webapp or am I stuck doing it for the entire tomcat instance? Thanks, Andrew Kujtan -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Client Authentication using SSL
On 12/07/2012 20:10, Burghard W.V. Britzke wrote: ?! Yep, I have no idea what they're on about either. :P p Am 12.07.2012 um 19:22 schrieb Puneet Dewan: The below way I used to deploy the war and able to use it :) -- Forwarded message -- From: Puneet Dewan puneet.dewan.open...@gmail.com Date: Thu, Jul 12, 2012 at 10:19 PM Subject: Re: Client Authentication using SSL To: Tomcat Users List users@tomcat.apache.org Excellent suggestions and the link at the bottom . On my local machine using keystore and keypass was not working while I was configuring a WAR on https. I made use of truststoreFile and truststorePass in connector tag. e.g Connector SSLEnabled=true acceptCount=100 connectionTimeout=2 executor=tomcatThreadPool keyAlias=tomcat keystoreFile=${catalina.base}/conf/tomcat.keystore keystorePass=changeme truststoreFile=${catalina.base}/conf/tomcat.keystore truststorePass=changeme maxKeepAliveRequests=15 port=8443 protocol=org.apache.coyote.http11.Http11Protocol redirectPort=8443 scheme=https secure=true/ On Wed, Jul 11, 2012 at 10:05 PM, Jeffrey Janner jeffrey.jan...@polydyne.com wrote: Looking into implemented two-factor Auth for Tomcat with first factor being our current userid/password form. I figured that the second factor could be Client Authentication using SSL, as it seems readily available in Tomcat. Aside from the wonderful Tomcat documentation on configuring the connector element, does anyone else have any suggested reading on the subject? Any gotchas I should look for? Jeffrey Janner __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: [EXTERNAL] Re: Re: Re: General Architecture Question for multiple websites on a single RedHat server
On 11/07/2012 13:21, Simon, Leonard wrote: Mark, I really do appreciate your time in assisting, It's these up front sessions that could lead to consulting gigs later on. There's something to look forward to. Free consultations pay off in the end. Not very often they don't. p signature.asc Description: OpenPGP digital signature
Re: soap location address
On 06/07/2012 20:00, Toman, Chuck [Stock] wrote: How do you dynamically change soap location for WSDL files? Are you asking this question on the right mailing list? This list is for questions about Apache Tomcat. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: tomcat filters
On 5 Jul 2012, at 01:51, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 7/2/12 6:15 PM, Pid wrote: On 02/07/2012 18:34, Varrun Ramani wrote: Hi I am in the process developing a web application firewall(WAF) for tomcat similar to what mod security does, and am planning to use the filter API already present in tomcat to intercept requests and do the filtering. Are there any existing efforts at doing this for tomcat? Quite a few yes. Acegi Security (now called Spring Security) for example. Forgive my ignorance, for I've never used Spring [anything]... does ACEGI/SpringSecurity provide features like mod_security, or is it a replacement for container-managed J2EE security (or both)? Bit of both and more. p - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/05PUACgkQ9CaO5/Lv0PCYYgCgt0kEVBouJW+C82IdECGowzw/ ghsAoJJuzr2+9PqGrmWuHqO+anyPUPCP =szuF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat filters
On 02/07/2012 18:34, Varrun Ramani wrote: Hi I am in the process developing a web application firewall(WAF) for tomcat similar to what mod security does, and am planning to use the filter API already present in tomcat to intercept requests and do the filtering. Are there any existing efforts at doing this for tomcat? Quite a few yes. Acegi Security (now called Spring Security) for example. p Thanks, Varrun - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: General Architecture Question for multiple websites on a single RedHat server
On 02/07/2012 22:34, Mark Eggers wrote: - Original Message - From: Simon, Leonard leonard.si...@hsn.net To: users@tomcat.apache.org Cc: Sent: Monday, July 2, 2012 1:32 PM Subject: General Architecture Question for multiple websites on a single RedHat server Our goals are as follows: The operating system will be RHEL 6.X. We want to run Apache and Tomcat on a single server running five websites using different ports for each. Our goal is to manage each web server independently, i.e., separate shutdown and startup scripts and hopefully different log files for each web server. We noticed the bundled Apache/Tomcat with RedHat might only give us a standard install. Is there a way to do an alternate path install? Thanks and look forward to some ideas on how to accomplish this. 1. Don't use the distribution package - download from tomcat.apache.org 2. Use CATALINA_HOME / CATALINA_BASE - see RUNNING.txt for pointers 3. Create an unprivileged user for running the Tomcats 4. Create a template server init script for starting and stopping (version, status, etc) Tomcat 5. Copy the template init script to each named service (tomcat1, tomcat2, tomcat3, etc.) 6. Optionally place service-specific parameters in an /etc/sysconfig subdirectory 7. Add the services with chkconfig 8. Start and stop each service separately Don't forget to change the relevant ports in each server.xml file. An ant script with the xmltask add-on is quite handy for doing this. You can then write a properties file with configuration specifics for each CATALINA_BASE, run the ant tasks to create the CATALINA_BASE, service support files, etc., and then install. The properties files then become a nice base document for all of the Tomcat servers that you've installed. Alternatively, if all of your web sites have similar uptime / control / access requirements, you can run all 5 sites using a combination of named virtual hosts on Apache HTTPD and virtual hosts on Tomcat. Or a combination of the above . . . It all depends on your requirements. +1 p . . . . just my two cents. /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: AprLifecycleListener initialization issue
On 22/06/2012 09:12, Francesco wrote: ( i found a lot easyer to manage tomcat inside a big servlet than viceversa) So what's the Servlet running in? p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Fine tune or disable JMX activity
On 22/06/2012 16:09, Jacopo Cappellato wrote: Hi all, I am a committer of the Apache OFBiz project; OFBiz uses Tomcat 7.0.28 in embedded mode. While doing some profiling with Java VisualVM I have noticed that a lot of object (java.util.TreeMap$Entry) are created even when there is no traffic; they don't represent a memory leak because a garbage collection removes them all, but the still grow at a very high pace; they seem to be generated by JMX support in Tomcat. Can you explain a little about how you concluded that Tomcat's JMX support is responsible? p Is it possible? Is there a way to disable JMX related activity (if not needed, of course)? I am worried that this could cause an unnecessary waste of server resources (more frequent GCs etc...). Thanks in advance, Jacopo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Fine tune or disable JMX activity
On 22/06/2012 16:30, Jacopo Cappellato wrote: On Jun 22, 2012, at 5:11 PM, Pid wrote: On 22/06/2012 16:09, Jacopo Cappellato wrote: Hi all, I am a committer of the Apache OFBiz project; OFBiz uses Tomcat 7.0.28 in embedded mode. While doing some profiling with Java VisualVM I have noticed that a lot of object (java.util.TreeMap$Entry) are created even when there is no traffic; they don't represent a memory leak because a garbage collection removes them all, but the still grow at a very high pace; they seem to be generated by JMX support in Tomcat. Can you explain a little about how you concluded that Tomcat's JMX support is responsible? I am actually not sure if Tomcat is responsible for this (it could actually be completely unrelated); I think it is related to JMX because I have found that most of the objects are created in the following stack: https://cwiki.apache.org/confluence/download/attachments/27850262/profiler-snapshot.png There's no Tomcat code in that tree. How many bytes is it using, am I reading that correctly? Is there an issue with this at all? p Is it possible? Is there a way to disable JMX related activity (if not needed, of course)? I am worried that this could cause an unnecessary waste of server resources (more frequent GCs etc...). Thanks in advance, Jacopo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Creating separate log for each request
On 20/06/2012 22:39, Lahiru Gunathilake wrote: Hi Caldarale, Its not a website.. I am hosting a middleware which will be used by scientist to run their application in the Grid. So Ideal scenario is like 2--30 requests per day but they are long running and very time consuming (Some jobs would take 2,3 days or one week to finish), so the logs are very important. If there are only a few requests per day how can it be that hard to search the log file? p Lahiru On Wed, Jun 20, 2012 at 5:35 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Lahiru Gunathilake [mailto:glah...@gmail.com] Subject: Creating separate log for each request I am using slf4j for my logging and everything works fine and all the logs comes to catalina.out. Which means that things are seriously broken or incredibly badly configured. Logging should *never* go to catalina.out in a properly configured system. I simply want to create a separate log for each http request come to my tomcat instance. You can't be serious. How much traffic does your website get? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Confusing tomcat error - can't find javax.servlet.http.HttpSessionAttributeListener
On 20/06/2012 18:57, Cassano, Chris wrote: Hi, I'm getting a fatal error when I start tomcat. Now I would think that servlet-api.jar is missing from the tomcat classpath but if I do -verbose:class I can clearly see tomcat using other classes from that jar so I know it's already included: [Loaded javax.servlet.http.HttpServletRequest from file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%206.0/lib/servlet-api.jar] The exact error I'm getting is: java.lang.Error: Unresolved compilation problems: The import javax.servlet.http.HttpSessionAttributeListener cannot be resolved The import javax.servlet.http.HttpSessionBindingEvent cannot be resolved HttpSessionAttributeListener cannot be resolved to a type HttpSessionBindingEvent cannot be resolved to a type HttpSessionBindingEvent cannot be resolved to a type HttpSessionBindingEvent cannot be resolved to a type HttpSessionBindingEvent cannot be resolved to a type The file that gives this error has import javax.servlet.http.*; at the top so it appears that I've already imported the necessary classes. How can I fix this fatal error? Why does tomcat see javax.servlet.http.HttpServletRequest but not javax.servlet.http.HttpSessionAttributeListener? I'm using Tomcat version 6.0 on Windows XP SP3. 6.0.what? Have you accidentally put the Servlet API jar in your apps WEB-INF/lib? p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: tomcat 7 embed config img path
On 19/06/2012 21:08, avri shpigel wrote: Dear tomcat helper, I am using embedd tomcat 7.0.27 inside my java code. I am using minimal tomcat config as proposed in http://java.dzone.com/articles/embedded-tomcat-minimal I would like to add images in my code using html command img src=aaa.gif / I also want to know where to put my index.jsp as my home page reply. My question: what is the additional minimal tomcat config requred to define the path where to put my images and my home page? In that example there is a File, instead of passing . which will likely result in publishing the current system ${user.dir} as the ROOT application, specify whichever directory you want to use. Note, you'll also have to register the JSPServlet manually if you want to serve parsed JSPs. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Confusing tomcat error - can't find javax.servlet.http.HttpSessionAttributeListener
On 21/06/2012 13:17, Cassano, Chris wrote: The Tomcat version number is 6.0.33 and I just checked the WEB-INF/lib folder and I don't see servlet-api.jar. Thanks Chris Cassano Emprise Corporation (http://www.emprisecorporation.com) (860) 464-8555 -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Thursday, June 21, 2012 7:09 AM To: Tomcat Users List Subject: Re: Confusing tomcat error - can't find javax.servlet.http.HttpSessionAttributeListener On 20/06/2012 18:57, Cassano, Chris wrote: Hi, I'm getting a fatal error when I start tomcat. Now I would think that servlet-api.jar is missing from the tomcat classpath but if I do -verbose:class I can clearly see tomcat using other classes from that jar so I know it's already included: [Loaded javax.servlet.http.HttpServletRequest from file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%206.0/lib/servlet-api.jar] The exact error I'm getting is: java.lang.Error: Unresolved compilation problems: The import javax.servlet.http.HttpSessionAttributeListener cannot be resolved The import javax.servlet.http.HttpSessionBindingEvent cannot be resolved HttpSessionAttributeListener cannot be resolved to a type HttpSessionBindingEvent cannot be resolved to a type HttpSessionBindingEvent cannot be resolved to a type HttpSessionBindingEvent cannot be resolved to a type HttpSessionBindingEvent cannot be resolved to a type The file that gives this error has import javax.servlet.http.*; at the top so it appears that I've already imported the necessary classes. How can I fix this fatal error? Why does tomcat see javax.servlet.http.HttpServletRequest but not javax.servlet.http.HttpSessionAttributeListener? I'm using Tomcat version 6.0 on Windows XP SP3. 6.0.what? Have you accidentally put the Servlet API jar in your apps WEB-INF/lib? p Are there any other messages in your log files? Can you post the full stacktrace please? In which file is the code? A Servlet class or a JSP? p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: mixing authentication schemes
On 21/06/2012 20:34, Aggarwal, Ajay wrote: Sorry about the poor formatting of my message. Research OAuth. p -Original Message- From: Aggarwal, Ajay [mailto:ajay.aggar...@stratus.com] Sent: Thursday, June 21, 2012 3:27 PM To: users@tomcat.apache.org Subject: mixing authentication schemes CURRENT ENVIRONMENT Our device is managed via a tomcat 6 based web-server that runs on the device. We have a proprietary XML/JSON API that web based UI client uses to talk to web-server. We are NOT using container managed security. Instead our application has implemented its own authentication. Essentially client uses a proprietary login request and after a successful authentication, server marks the HTTP session as authenticated. NEW SITUATION Now we are looking to build a new multi-device management application, which would have its own UI and server. As the name implies this application is for managing multiple devices. How should this multi-device service authenticate itself with the individual devices? We do not want user to enter credentials for each device every time this service wants to talk to a managed device. We also do not want to store each managed device's credentials with the multi-device service. One of the possibility is to use SSL certificate based authentication. So multi-device application can authenticate itself with individual devices using a SSL certificate. We only need to import multi-device application's certificate into each managed device's trust-store once. QUESTIONS Few questions for those of you who have dealt with this type of 3-tier applications Q1. How to get above scheme working in tomcat, such that the existing device specific UI clients can continue to authenticate using proprietary login request, whereas multi-device application uses SSL certificate based authentication? Q2. What are some of the other suggestions and/or best practices that you would recommend to solve this problem? Thanks. -Ajay - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Javamail exception in tomcat 7.0.11
On 19 Jun 2012, at 06:24, Kiran Badi ki...@poonam.org wrote: Hi All, I have send mail servlet, which looks something like below, protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String emailRecipient = request.getParameter(name); // String emailRecipient = xxx; try { Message msg = new MimeMessage(this.session); Unfortunately you've completely omitted the code for setting the session object, so we can only guess why it's not working. p msg.setFrom(new InternetAddress(xxx)); System.out.println( remoteAddr is + emailRecipient + '); for (int i = 0; i 10; i++) { msg.setRecipients(Message.RecipientType.TO, InternetAddress.parse(emailRecipient, false)); } msg.setSubject(Test email); msg.setText(Hello This is test mail); msg.setSentDate(new Date()); Transport.send(msg); *(This is line number 60)* System.out.println(Message sent OK.); } catch (Exception ex) { Logger.getLogger(MailSendingServlet.class.getName()).log(Level.SEVERE, null, ex); } } } and I have javamail reference declared in context.xml something like this one, Resource name=mail/ourstorymailsession auth=Container type=javax.mail.Session mail.smtp.host=smtp.gmail.com mail.smtp.port=465 mail.smtp.auth=true mail.smtp.user=sender userid password= mail.smtp.starttls.enable=true mail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory mail.debug=true / and web.xml something like resource-ref description My site mail server /description res-ref-namemail/mysitemailsession/res-ref-name res-typejavax.mail.Session/res-type res-authContainer/res-auth res-sharing-scopeShareable/res-sharing-scope /resource-ref With this setting now I am getting below exception, avax.mail.MessagingException: Could not connect to SMTP host: localhost, port: 25; nested exception is: java.net.ConnectException: Connection refused: connect at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934) at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638) at javax.mail.Service.connect(Service.java:295) at javax.mail.Service.connect(Service.java:176) at javax.mail.Service.connect(Service.java:125) at javax.mail.Transport.send0(Transport.java:194) at javax.mail.Transport.send(Transport.java:124) at indianads.MailSendingServlet.doPost(MailSendingServlet.java:60) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:498) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662) Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351) at
Re: iis not looking for jsp in tomcat webapps folder
On 18/06/2012 10:10, Vijaya wrote: file=c:/tomcat-5.5.16/conf/jk2.shm So... tomcat-5.5.16 AND jk2? I had to blow the dust of the 5.x security page... http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.16,_5.0.SVN just sayin' p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Decompression of gzip'd request body
On 15/06/2012 12:58, JF wrote: Tomcat v7.0.6, Windows Server 2008 SP2 Also, probably a good idea to upgrade that Tomcat sometime this decade. p I note that tomcat's connector's can be configured to automatically handle compression of 'large' respones using gzip. Tomcat can also be deployed behind Apache so that it can unzip/deflate requests. There used to be a GzipInputFilter; http://marc.info/?l=tomcat-devm=108073098630505w=2 http://marc.info/?l=tomcat-devm=108073098630505w=2 Is there a recommended way using tomcat to support decompression of gzip'd HTTP requests when not deploying behind Apache (apart from writing my own decompression filter), and why was the support for automatic decompression of requests removed? I am interested in - HTTP 1.1 requests with NOTransfer-Encoding set and Content-Encoding of the entity body ( not multipart ) set to gzip principally. I note that - HTTP 1.1 requests with Transfer-Encoding: gzip seems to be unsupported by tomcat. Thankyou for your time. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Accessing Tomcat Thread Pool
On 15/06/2012 01:05, Oguz Kologlu wrote: On 15/06/2012, at 4:35 AM, Christopher Schultz wrote: Oguz, On 6/14/12 6:24 AM, Oguz Kologlu wrote: I've seen this question bounce around some threads but there's really no good answer. I'd like to use the Tomcat 7 thread pool as worker threads for Quartz Scheduler. Why would you want to dip-into the request-processor pool instead of maintaining a separate one? To conserve shared resources between web apps. Why? What shared resource? That's not a thread pool - it's a resource pool. Similarly Tomcat has a built in DB connection pool / the DBCP is often a shared resource. If you're really describing a shared pool of resources (that are not plain threads), then use commons-pool hook it up to whatever resource it is you're really trying to manage. p Hmm. I think perhaps I can configure a common thread pool and expose it via JNDI to the web apps. http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html#Generic_JavaBean_Resources Oz Is there a way to access the thread pool from a web app? You can't. Any other suggestions? Use your own thread pool. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Java process killed by oom-killer in Ubuntu
On 12/06/2012 14:50, Christopher Schultz wrote: Pid, On 6/12/12 5:47 AM, Pid wrote: On 11/06/2012 20:15, Christopher Schultz wrote: Also, your previously-posted configuration seems a little insane: Xms6g -Xmx6g -XX:NewSize=4G -XX:MaxNewSize=4G -XX:SurvivorRatio=6 -XX:MaxPermSize=512M -XX:-UseConcMarkSweepGC -XX:+UseStringCache -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/home/example/logs -Xmx6g and NewSize=4G? Plus 0.5G for PermGen? I think you'll run into trouble setting the NewSize that large. There's a reason that the NewRatio works the way it does. Sun advice always used to be keep the eden size between 1/4th and 1/3rd the maximum heap size. You are specifying 2/3rd the max heap. +1 I don't know what happens during a collection if the survisor space is too small for all the objects being promoted from eden... does the MM just randomly promote objects to the old space? I don't know either for certain, but I'd not be surprised if Bad Things Happened. I think you'd probably see a bunch of full collections in the run up to that situation your performance would fall off a cliff. You might get an OOM before it got there, depending on the GC algo in play. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Map domain names to different paths of a single webapp ?
On 13/06/2012 05:12, Oguz Kologlu wrote: You can do this but not in Tomcat itself. You'll need to use something like Apache web server to handle different sub domain and direct them to Tomcat. That's an imprecise potentially misleading answer. Please see the other answer in this thread. p If it's only one site running you could use the defaultHost attribute to direct the request when it doesn't find a matching Host element Oz On 13/06/2012, at 1:58 PM, Albert Kam wrote: I have checked the tuckey urlRewriter, and it seems cool, but doesnt seem to fit my needs. Anyway, you warnings make a lot of sense to me, so thanks there ! On Wed, Jun 13, 2012 at 2:29 AM, André Warnier a...@ice-sa.com wrote: Albert Kam wrote: Dear Tomcat Users ! Let's say that i have this simple webapp using Tomcat 7, and let's say the context name is albertzoo http://albertzoo.com albertzoo is not the context here, it's a Host. If you want that application to respond to the URL http://albertzoo.com/; (thus the context /), you will have to use the ROOT webapp. And then, i would like a niche site for monkeys with it's own domain : http://albertzoomonkeys.com albertzoomonkeys.com is the host. The context is /. which is actually the same as : http://albertzoo.com/monkeys In this one (barring tricks), monkeys is the context. But if the user is accessing through albertzoomonkeys.com, i dont want them to see the albertzoo.com/monkeys in their browser unless you do an external redirect, they should not see that. Is it possible to do with a single webapp context, or do i have to have different contexts(virtual hosts) for these different domains ? I think that technically, you could monkey around to achieve that. But it is probably a lot more trouble than it's worth (risks of double deployment, a mess when you undeploy or want to manage your apps etc..). Probably much better to use two separate Host, each with its own appBase (/webapps) directory; in one of them, you deploy your application as the ROOT (default) application (see the FAQ for that); in the other, you deploy *a copy* of the same application as monkeys (and, supposedly, some other animals application as ROOT). The only inconvenient is that when you update the monkeys application, you'll have to copy it to both places. But that will be much easier to manage, than to try some clever overlapping scheme which is going to come back and hit you somewhere.. Alternatively, if you feel adventurous, you could try a single Host with an Alias, and play with the URLrewrite filter (see www.tuckey.org) and internal redirects, but... you have been warned. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Do not pursue the past. Do not lose yourself in the future. The past no longer is. The future has not yet come. Looking deeply at life as it is in the very here and now, the practitioner dwells in stability and freedom. (Thich Nhat Hanh) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Exclude url from authorized access-web.xml
On 14/06/2012 15:06, Rahul R wrote: Hi All, I have an issue with allowing access to a page which is secured using active directory authentication. I want some pages/content to be excluded from this. Following is my web.xml file under conf of tomcat. [code=java] security-constraint web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint --! These are the groups in AD -- role-nameEngineering/role- name role-nameMigration Expert/role-name role-nameDevelopers/role-name /auth-constraint /security-constraint security-constraint web-resource-collection url-pattern/update/*/url-pattern /web-resource-collection /security-constraint login-config auth-methodBASIC/auth-method realm-nameServices Portal/realm-name /login-config [/code] As per my understanding, this should allow url's with a content update and allow other pages only with AD credentials. But this is not working for me now. Its asking for the credentials even for the url with update. Tomcat Version:7 Env:Linux Url:http://myserver.com:8080/solar/index.jsp. Here its asking the credentials, its fine and as expected. url with update in the address: http://myserver.com:8080/solar/site/update. When I access this url, its still asking for the credentials. This: /solar/site/update does not match this pattern: url-pattern/update/*/url-pattern the pattern would have to be: url-pattern/site/update/*/url-pattern p I am not really sure why this is happening. Could anyone here can help me on this? -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: tomcat cluster for stateless web application
On 12 Jun 2012, at 18:22, Albert Kam moonblade.w...@gmail.com wrote: I've noticed that in the documentation, it says a lot about session replication. I wonder what can be omitted in the configurations for a stateless java webapp setup (without any sessions), to hopefully get a simpler configuration or even gain more efficiency, bypassing the replication altogether ? Well, start by not configuring the cluster. That should be enough. p -- Do not pursue the past. Do not lose yourself in the future. The past no longer is. The future has not yet come. Looking deeply at life as it is in the very here and now, the practitioner dwells in stability and freedom. (Thich Nhat Hanh) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: post redirect get to the same tomcat instance in a tomcat cluster ?
On 12 Jun 2012, at 18:17, Albert Kam moonblade.w...@gmail.com wrote: Hi all ! Is it possible to do POST submit to the tomcat-A, redirect happens, and then GET to the same tomcat-A again in a tomcat cluster ? And, in hope to make things easier, all the tomcat servers in the cluster are stateless wihout any sessions You contradict this statement below by saying it does use s This needs arise because each tomcat servers will have it's own spring context (a kind of state, but not a per-user-session), and i am making use of flash attribute feature detailed in here : http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/mvc.html#mvc-flash-attributes Here are the relevant quotes from the page : Flash attributes provide a way for one request to store attributes intended for use in another. This is most commonly needed when redirecting — for example, the Post/Redirect/Get pattern. Flash attributes are saved temporarily before the redirect (typically in the session) to be made available to the request after the redirect and removed immediately. Flash attribute support is always on and does not need to enabled explicitly although if not used, it never causes HTTP session creation. On each request there is an input FlashMap with attributes passed from a previous request (if any) and an output FlashMap with attributes to save for a subsequent request. Both FlashMap instances are accessible from anywhere in Spring MVC through static methods in RequestContextUtils. -- Do not pursue the past. Do not lose yourself in the future. The past no longer is. The future has not yet come. Looking deeply at life as it is in the very here and now, the practitioner dwells in stability and freedom. (Thich Nhat Hanh) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: post redirect get to the same tomcat instance in a tomcat cluster ?
On 13/06/2012 13:13, Pid * wrote: On 12 Jun 2012, at 18:17, Albert Kam moonblade.w...@gmail.com wrote: Hi all ! Is it possible to do POST submit to the tomcat-A, redirect happens, and then GET to the same tomcat-A again in a tomcat cluster ? And, in hope to make things easier, all the tomcat servers in the cluster are stateless wihout any sessions You contradict this statement below by saying it does use s (Oops. Fat finger + touch screen...) You contradict this statement below by saying it does use sessions, below. Just because you are not directly using a session, it does not mean that a framework isn't doing so behind the scenes. If there's no need to replicate sessions, you can still use the sticky-session mechanism to pin a session to a node. See server.xml, Engine.jvmRoute in the docs. p This needs arise because each tomcat servers will have it's own spring context (a kind of state, but not a per-user-session), and i am making use of flash attribute feature detailed in here : http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/mvc.html#mvc-flash-attributes Here are the relevant quotes from the page : Flash attributes provide a way for one request to store attributes intended for use in another. This is most commonly needed when redirecting — for example, the Post/Redirect/Get pattern. Flash attributes are saved temporarily before the redirect (typically in the session) to be made available to the request after the redirect and removed immediately. Flash attribute support is always on and does not need to enabled explicitly although if not used, it never causes HTTP session creation. On each request there is an input FlashMap with attributes passed from a previous request (if any) and an output FlashMap with attributes to save for a subsequent request. Both FlashMap instances are accessible from anywhere in Spring MVC through static methods in RequestContextUtils. -- Do not pursue the past. Do not lose yourself in the future. The past no longer is. The future has not yet come. Looking deeply at life as it is in the very here and now, the practitioner dwells in stability and freedom. (Thich Nhat Hanh) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: HttpOnly
On 12/06/2012 15:11, Christopher Schultz wrote: Paul, On 6/12/12 9:03 AM, Paul Singleton wrote: On 12/06/2012 06:57, Caldarale, Charles R wrote: From: N.s.Karthik [mailto:nskarthi...@gmail.com] Subject: HttpOnly Tomcat 6.0.10 For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. Sorry, but there is simply no excuse for using a version of Tomcat that's over five years old. There may be a sound business rationale for using old versions of software. Maybe, but only if that version hasn't been updated - and even then the risk associated with that software increases over time, not decreases. Tomcat 5.5.9, for example, works as well now as it did when it was judged ready to be a stable release. What a pointless statement. Software doesn't degrade over time. The issue is not whether it works 'as well as it did' (it can't work any other way) it's whether it works as well as it was _supposed to_. If there are no bugs or missing features in it which affect the security or functionality of an application, then there is no benefit from upgrading What a bizarre statement, given the context you set is a release that happened in March 2005. 7 years ago. You are absolutely right. Feel free to read the find documentation on the Tomcat site about all the security vulnerabilities that have been fixed since 6.0.10 (and 5.5.9 for that matter). +1 but there will be costs and risks: * downtime and manpower for the upgrade Should I infer that a typical upgrade will take a long time a lot of people? Or are you saying that this is a small risk, 1 person and a few seconds? (A seven year window is probably enough to squeeze a couple of updates in.) * recommissioning/retesting: unless *all* acceptance tests are automated, this can be far more expensive than deploying the upgrade Yes, I sort of agree. Deploying the upgrade should be completely inexpensive; by comparison, the testing process should be more expensive, yes. You are right about this, too. But there are certainly risks to not upgrading as well. I'll leave those as an exercise for the reader. * risk of introducing new bugs in new code That is a comparison between: a) measurable risk of impact on your application from known bugs b) *perceived* risk of impact on your application from unknown/unidentified bugs You cannot measure b), you can only address a). Unless your webapp needs modifications to run under a new version of Tomcat (which should never be the case when staying on a major-version number line), you shouldn't be introducing any new bugs into any code. Unless you mean bugs in Tomcat, which are always a possibility. So I guess you're saying that it's better to stick with the devil you know? If that's what he's saying, then the argument is in favour of upgrading to address the bugs you *do* know about, surely? In general, older software is better understood and less risky than new software, and if it meets requirements, is preferable. Older software is only less risky if it's been debugged patched. Which means updating it regularly. Would you say that the businesses of the world circa late 1999 felt that their venerable Cobol apps presented less risk that newly written ones? Or that they presented more risk, because it wasn't clear what would happen to them when the clock flipped over to 2000? Or that they presented more risk because it was harder to find people with the right skill set to debug said applications? p In general, yes. I this case, no, for at least 2 reasons: 1. Many security, stability, and performance updates between 6.0.10 and 6.0.35. 2. Volunteer support on this forum doesn't care to support truly ancient versions of software that is freely available. If the OP wants to go purchase a support contract for Tomcat 6.0.10, he or she can certainly do that. -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Jakarta ISAP Redirector
On 13 Jun 2012, at 18:18, DeMarco, Alex alex.dema...@suny.edu wrote: I hope this is the right place to post this question. We have the latest Jakarta Plugin installed with IIS 7.5. Do you know, does the plugin specifically block /services requests on wsdl's No, it doesn't. If I go here: http://myural/myapp/services I get a page not available Please post your config. p However, if I am locally on the page the services listing does load. Also, if I go here from my desk: http://myural/myapp/services/someservicename?wsdl It works fine. In fact all the wsdl's work I just cannot display the services list remotely. Thanks in advance. - Alex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HttpOnly
On 12 Jun 2012, at 05:58, N.s.Karthik nskarthi...@gmail.com wrote: Hi Spec JDK1.6 Tomcat 6.0.10 O/s Win / Linux(r-Hat) Browser : Crome 19.0.x / IE8 For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET. That's a really old version, I'd be more worried about the slew of other bugs that have been found fixed since 6.0.10 was released. p I have Googled / Yahooed for the same. HttpOnly 1 form suggested to use Filters and set Cookie Headers as alternative for Handling HttpOnly How ever with this setting we are able to see multiple Cookies being set *HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Set-Cookie: JSESSIONID=A0A4EFD9A28E2C24D925B519EA9EC4F6; Path=/ABCD; HttpOnly Set-Cookie: JSESSIONID=D29822A1FD77C84907D67708C4DACC04; Path=/ABCD Content-Type: text/html Content-Length: 2333 Date: Tue, 12 Jun 2012 04:46:29 GMT* Please some body explain me Why this is happening and how to prevent this for Cross scripting Hack ??? with regards karthik -- View this message in context: http://tomcat.10.n6.nabble.com/HttpOnly-tp4982369.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Java process killed by oom-killer in Ubuntu
On 11/06/2012 20:15, Christopher Schultz wrote: Jorge, On 6/11/12 3:01 PM, Jorge Medina wrote: There is not much running in the machine other than Tomcat. The JVM actually starts fine, using about 8GB (6GB of heap, + code + threads etc) but it keeps growing. In about 2 days it runs out of memory. (The JVM process has reached more than 15GB). I would be very interested in seeing where all that memory is going. It sounds like it's not going to the heap, otherwise you'd be getting OOME and crashing in a different way. Any luck using lsof? ... or VisualVM with the Memory Pools plugin? Also, your previously-posted configuration seems a little insane: Xms6g -Xmx6g -XX:NewSize=4G -XX:MaxNewSize=4G -XX:SurvivorRatio=6 -XX:MaxPermSize=512M -XX:-UseConcMarkSweepGC -XX:+UseStringCache -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/home/example/logs -Xmx6g and NewSize=4G? Plus 0.5G for PermGen? I think you'll run into trouble setting the NewSize that large. There's a reason that the NewRatio works the way it does. Sun advice always used to be keep the eden size between 1/4th and 1/3rd the maximum heap size. You are specifying 2/3rd the max heap. p Have you tried using -XX:+UseCompressedOops? I wonder if you are getting killed with half-empty 64-bit pointers. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Java process killed by oom-killer in Ubuntu
On 7 Jun 2012, at 23:03, Daniel Mikusa dmik...@vmware.com wrote: - Original Message - Only 52 java threads. It used to fluctuate more (we made some changes to the app to perform a task in a single thread rather than spawning multiple threads, but the crash still occurs) . The number of threads is always below 100. jstack -F 21370 | grep ^Thread | wc -l ps -T -p 21370 (This gives me 63) I don't seem to specify the -Xss option: In some applications with a large number of threads (particularly when running on 64-bit hardware) this setting can cause a problems. The default value is pretty large (I think it's 1M on 64-bit systems). Since most apps don't need that large of a value, an easy performance tuning step is to lower the value of -Xss. Since you don't have very many threads, it seems unlikely that this is causing your problem though. That being said, you could try explicitly setting a value for the thread stack size. Finding the right values takes some testing though. I usually start with something like 192k and run a few application tests. If I see any stack overflow exceptions then I increase the value and rerun the tests. Repeat until there are no stack overflow exceptions. On a different note, what is the specific version of the JVM that you are running? If it's not the latest, you could always try upgrading to the latest version. You need to hook up the VisualVM + Memory Pools plugin. This will show you where the memory is being consumed, if it's by the JVM. p Xms6g -Xmx6g -XX:NewSize=4G -XX:MaxNewSize=4G -XX:SurvivorRatio=6 -XX:MaxPermSize=512M -XX:-UseConcMarkSweepGC -XX:+UseStringCache -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/home/example/logs -Jorge On Thu, Jun 7, 2012 at 12:07 PM, Daniel Mikusa dmik...@vmware.com wrote: - Original Message - I am using MongoDB through the Java driver allowing up to 100 connections to the MongoDB server. I also use DBCP with a max size of 50 JDBC connections. My webapp uses about 150 JAR files. There is no native libraries loaded from my webapp as far as I know. All the app is pure Java code. (Nevertheless, Tomcat is using the Tomcat Native Library) Is there a way I can monitor the number of file descriptors in use by the app? I have monitored the number of threads, but I haven't seen anything unusual. How many threads have you observed? Total threads, not just threads for the connector. Also, what is the value you are using for thread stack size? -Xss Dan (but it could be that the burst is too fast to get catch by the monitoring tool) -Jorge On Thu, Jun 7, 2012 at 11:44 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jorge, On 6/6/12 5:33 PM, Jorge Medina wrote: The web application uses Spring/Postgres/Mongo. Are you using MongoDB in-process or anything weird like that? Or are you connecting through some socket-based (or other) API? It looks like a memory leak in native code, not java code; so my usual java toolset is not useful. If what you are observing is accurate (non-heap memory grows, heap stays reasonable) then it will definitely be more difficult to track-down. Tomcat runs behind nginx in a EC2 instance. The application uses Sun (now Oracle) JDK 1.6. Any suggestions on what should I look at? What do your Connectors look like? How many JDBC connections do you have in your connection pool (which you are hopefully using!)? How about the same equivalent for MongoDB? Does your webapp keep lots of files open? Do you have an unusually-large number of JAR files in your webapp? Do you have any native libraries in use within your webapp? What are all the non-default system properties that you are setting at JVM launch time (you can easily see this from a 'ps' list)? Two things that can eat-up native memory fast in a JVM are file descriptors and threads, so let's start there. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/Q9ooACgkQ9CaO5/Lv0PDPyQCfVtddxMDOgQbjmMGC3gvnK+Qq aZMAnjVu67+9Sm2bdYzAd91ZOrYo3DFI =r+vl -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: check tomcat (6.0.32) log settings automatically
On 08/06/2012 20:09, Su Zhang wrote: Hello, We want to check the log settings (e.g.attributes need to be logged) of tomcat server and then evaluate the security level for the application. Tomcat log config and application log config are two different things. I am evaluating over a well-built system so what I can obtain is only its binary code and configuration files. Is there any way we can infer the log settings automatically? Examine the application for log configuration files. E.g. This is a typical example, for an app that uses Log4J. myapp/WEB-INF/classes/log4j.properties p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: getting frustrated with web sockets
On 06/06/2012 15:54, Ravi wrote: Mark / Chris, Essentially, if I want to use websockets, you are asking me to rewrite my app + rewrite grails + rewrite hibernate + rewrite apache http utilities + rewrite several other web libraries I use. I don't they're asking you to do that at all. I do not think this is a reasonable option. I think you may misunderstand the place WebSocket has it's intended purpose. Have you read the WebSocket Spec? It's quite readable. p On 6/5/2012 9:04 PM, Christopher Schultz wrote: Mark, On 6/5/12 5:42 PM, Mark Thomas wrote: WebSocket != HTTP and you simply can't replace one with the other. +1 You can't just shout websocket and make a webapp work better with no other changes. It's not just like adding transport encryption by adding an s to the protocol name, it's a completely different protocol that just happens to use HTTP to bootstrap itself. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Request for Aliases or Alias as element inside Context
On 04/06/2012 20:03, Christopher Schultz wrote: Esmond, On 6/3/12 9:23 PM, Esmond Pitt wrote: I have a large and growing number of requirements for aliases, and the existing (new for Tomcat 7) aliases= attribute is unwieldy for me. The line is already 289 characters long ;-( It would be a lot more convenient if aliases could be specified individually via a repeatable nested Alias entry, something like: Context Alias aliasPath=/xyz docBase=/real_path/ ... /Context Please file an enhancement request in bugzilla: https://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%207 Don't use docBase though, that'll confuse matters. p -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: ROOT.xml problem
On 03/06/2012 14:20, Stefan Mayr wrote: So you have a third-party app which needs to be called in the /corda context. There seems no way to make it accessible as ROOT applications. I think you just need a redirect pointing to your applications location. Steps: 1. remove everything you did to make it work as ROOT; back to the working /corda version 2. Create a redirect in your ROOT context @Kevin /you/ asked us how to remove the '/corda' bit of the URL. Like Stefan says, if you need that, then go back to how you had the app before. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: getting frustrated with web sockets
On 02/06/2012 03:38, Ravi wrote: I am trying to build an android app that connects to tomcat web sockets. I need a few java classes that can interact with tomcat websockets. I have tried 3 different implementations (strumsoft, jwebsockets and something else also) but neither one can talk to tomcat correctly. The issue seems to be protocol incompatibility between tomcat as server and any existing java websockets client. I even compiled jwebsockets swing based test client and that also cannot talk to tomcat. Surprisingly all javascript based clients can talk to tomcat, only java based cannot. So having done all that research, I wonder if somebody can help me identify java classes that will work with tomcat. Does tomcat have a client jar I can use? http://tomcat.apache.org/tomcat-7.0-doc/web-socket-howto.html p Help! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: ROOT.xml problem
On 01/06/2012 22:22, Kevin Marx wrote: I know there is a way to do this without renaming things to ROOT, that's what I'm looking for. Why make your life so difficult, what's wrong with just calling it ROOT.war? /baffled If you're really desperate to see that it's called 'corda', call the app: ROOT##corda.war p signature.asc Description: OpenPGP digital signature
Re: tomcat jdbc pool, creating a pool of pools, single connection memory footprint
On 30 May 2012, at 23:19, André Warnier a...@ice-sa.com wrote: On Wed, May 30, 2012 at 10:07 AM, Christopher Schultz ch...@christopherschultz.net wrote: .. If my environment and requirements match yours, you'd need 1 * max_pool_size * 66KiB at peak usage. That's about 640MiB for each connection you want in 10k pools. For a (uniform) max pool size of 4, you'll need more than 2GiB of heap space just for connection pools. Is that acceptable? Taking the same hypothetical case and figures : Assuming that you need a total of (1 * 4 connections) = 4 connections. File handles anyone? Web connections n x 10k + db connections m x 10k = ? Assuming that it takes 10ms to set up one such connection, and that once it is there, you don't do anything with it and just let it be for now. Assuming we ignore such things like bandwidth, other things happening on that host etc.. It then takes a total of (10 ms * 4) = 40 ms = 400s = ~ 6.5 minutes just to set up these connections. Is that acceptable ? What I mean is that once you start playing with such numbers, you may want to look at other aspects than just required memory.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat jdbc pool, creating a pool of pools, single connection memory footprint
On 31 May 2012, at 00:49, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 5/30/12 6:18 PM, André Warnier wrote: Taking the same hypothetical case and figures : Assuming that you need a total of (1 * 4 connections) = 4 connections. Assuming that it takes 10ms to set up one such connection, and that once it is there, you don't do anything with it and just let it be for now. Assuming we ignore such things like bandwidth, other things happening on that host etc.. It then takes a total of (10 ms * 4) = 40 ms = 400s = ~ 6.5 minutes just to set up these connections. Is that acceptable ? What I mean is that once you start playing with such numbers, you may want to look at other aspects than just required memory.. There's also the issue of open filehandles, etc. My development environment is limited to 10240 filehandles per process (though of course that can be changed). Opening 10,000 connections would use most of those, leaving very few left to accept incoming requests from clients, etc. Ah, beat me to it. p It would be easier if all databases were hosted by a single instance of MySQL -- then you could use Tomcat-pool's feature of being able to provide credentials when obtaining connections from the pool -- and get the right database. That way, a much smaller number of connections could be maintained with roughly the same semantics. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk/GsecACgkQ9CaO5/Lv0PC7HACeNXMp5KZpAHGfhK73/MPFcGOn eIwAoJ7g4P/Nz2DBgNHBhwkq0jO3HMCu �CE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat full GC every 2 minutes for first 6 hours after war reload
On 29/05/2012 20:50, Kevin wrote: On 5/29/12 11:09 AM, Christopher Schultz ch...@christopherschultz.net wrote: Kevin, (FYI these are always a PITA to diagnose...) On 5/29/12 11:03 AM, Kevin wrote: We have a cluster of tomcat servers being used on a very high volume website. We've noticed that for the first 5-6 hours after an application re-load that Full GC will run every 2 minutes pausing the application for anywhere between 5 and 20 seconds. After 5-6 hours the full GC will no longer run until tomcat is reloaded. This behavior is repeatable. We discounted our EhCache settings as potential issue because tomcat can be killed without this issue showing up. It's not until we actually reload the WAR with changes (clearing the work directory) and restart tomcat that this issue shows up. Traffic level isn't a factor we'll go through our peak hours with no problem. All good things to know. The servers are all dual quad core with 32GB of RAM running Centos 5 and tomcat 6.0.18. We've attempted every suggested GC setting change suggested on the net and by developers and system administrators. Did you try looking at what the cause might be, or just blindly apply suggestions to see if something would stick? Initially we looked closely at it trying to solve the problem as time wore on we tried anything. This has been going on for months now. Our java opts are being played with on a daily basis however here are the settings that correspond to the sample GC log below: -server -Xmx27g -Xms27g -XX:+DisableExplicitGC -XX:+UseConcMarkSweepGC -XX:+PrintTenuringDistribution -Dsun.rmi.dgc.client.gcInterval=90 -Dsun.rmi.dgc.server.gcInterval=90 -XX:NewSize=8g -XX:SurvivorRatio=16 -verbose:gc -XX:+PrintGCTimeStamps -XX:+PrintGCDetails A new size of 8GiB seems high to me, but I've never run with a total heap size of anything nearly as large as 27GiB, so maybe that's a reasonable size. My opinion here is probably irrelevant. 215.501: [GC 215.504: [ParNew Desired survivor size 238583808 bytes, new threshold 15 (max 15) - age 1: 50457968 bytes, 50457968 total : 7456799K-111048K(7922624K), 0.0617110 secs] 8614906K-1269155K(27845568K), 0.0661400 secs] [Times: user=0.68 sys=0.00, real=0.07 secs] Odd that user+sys real. Hmm. [...] 316.456: [GC 316.459: [ParNew Desired survivor size 238583808 bytes, new threshold 15 (max 15) - age 1: 41430416 bytes, 41430416 total - age 3: 22728376 bytes, 64158792 total - age 5: 19599960 bytes, 83758752 total - age 6: 21847616 bytes, 105606368 total - age 7: 27667592 bytes, 133273960 total - age 8: 10904 bytes, 133284864 total - age 9: 31824256 bytes, 165109120 total : 7650333K-215213K(7922624K), 0.1332630 secs] 8808440K-1373320K(27845568K), 0.1380590 secs] [Times: user=1.45 sys=0.01, real=0.14 secs] 1.45 seconds for a full-GC isn't anywhere near the 5s-20s claimed above. Have you been able to actually instrument a 5s-20s GC-pause? Or, are you saying that your webapp appears to stall for that long and those observances coincide with full-GC runs? 343.376: [Full GC 343.378: [CMS: 1158107K-1312570K(19922944K), 3.4129290 secs] 2884580K-1312570K(27845568K), [CMS Perm : 83964K-47203K(83968K)], 3.4168600 secs] [Times: user=3.87 sys=0.02, real=3.41 secs] Also relatively short. They fluctuate. **Last Full GC** 20517.892: [GC 20517.898: [ParNew Desired survivor size 238583808 bytes, new threshold 15 (max 15) - age 1: 33948208 bytes, 33948208 total - age 2: 88280 bytes, 34036488 total - age 3: 19872472 bytes, 53908960 total - age 4: 16072608 bytes, 69981568 total - age 5: 15718712 bytes, 85700280 total - age 6: 15771016 bytes, 101471296 total - age 7: 16895976 bytes, 118367272 total - age 8: 24233728 bytes, 142601000 total : 7618727K-200950K(7922624K), 0.1728420 secs] 16794482K-9376705K(27845568K), 0.1822350 secs] [Times: user=2.21 sys=0.01, real=0.18 secs] Note that the above is not a Full GC. This one /is/: 20526.469: [Full GC 20526.475: [CMS: 9175755K-9210800K(19922944K), 33.1161300 secs] 13632232K-9210800K(27845568K), [CMS Perm : 83967K-53332K(83968K)], 33.1254170 secs] [Times: user=33.12 sys=0.02, real=33.12 secs] Okay, that one's a doosey. It's weird that it looks like after the full GC, the heap has *lost* some space (CMS: 9175755K-9210800K). Can you watch the logs and take a heap dump (which may take a LONG time with such a big heap, so be prepared for another long pause) after one of these full GCs? It would be better to get a heap dump both before AND after the full GC, but that can ruin your performance if you enable those automated GC options. We can run this after our next code release in two days. Any help would be greatly appreciated. Are you populating huge caches on startup or anything like that? Generational GC performance is related to the number
Re: tomcat full GC every 2 minutes for first 6 hours after war reload
On 29/05/2012 16:03, Kevin wrote: Hi We have a cluster of tomcat servers being used on a very high volume website. We've noticed that for the first 5-6 hours after an application re-load that Full GC will run every 2 minutes pausing the application for anywhere between 5 and 20 seconds. After 5-6 hours the full GC will no longer run until tomcat is reloaded. This behavior is repeatable. We discounted our EhCache settings as potential issue because tomcat can be killed without this issue showing up. It's not until we actually reload the WAR with changes (clearing the work directory) and restart tomcat that this issue shows up. Traffic level isn't a factor we'll go through our peak hours with no problem. The servers are all dual quad core with 32GB of RAM running Centos 5 and tomcat 6.0.18. We've attempted every suggested GC setting change suggested on the net and by developers and system administrators. Our java opts are being played with on a daily basis however here are the settings that correspond to the sample GC log below: Exactly which version of Java are you using? -server -Xmx27g -Xms27g -XX:+DisableExplicitGC -XX:+UseConcMarkSweepGC -XX:+PrintTenuringDistribution -Dsun.rmi.dgc.client.gcInterval=90 -Dsun.rmi.dgc.server.gcInterval=90 -XX:NewSize=8g -XX:SurvivorRatio=16 -verbose:gc -XX:+PrintGCTimeStamps -XX:+PrintGCDetails You are doing a hot deployment with a 27G heap? How big is permgen? Are you completely sure the application doesn't have any memory leaks? Have you tried running your application on a more recent version of Tomcat? p 215.501: [GC 215.504: [ParNew Desired survivor size 238583808 bytes, new threshold 15 (max 15) - age 1: 50457968 bytes, 50457968 total : 7456799K-111048K(7922624K), 0.0617110 secs] 8614906K-1269155K(27845568K), 0.0661400 secs] [Times: user=0.68 sys=0.00, real=0.07 secs] 215.577: [GC 215.579: [ParNew Desired survivor size 238583808 bytes, new threshold 15 (max 15) - age 1: 66288 bytes, 66288 total - age 2: 50219144 bytes, 50285432 total : 114868K-66525K(7922624K), 0.0381810 secs] 1272975K-1224632K(27845568K), 0.0413630 secs] [Times: user=0.46 sys=0.00, real=0.04 secs] 236.177: [GC 236.180: [ParNew Desired survivor size 238583808 bytes, new threshold 15 (max 15) - age 1: 45071064 bytes, 45071064 total - age 2: 26112 bytes, 45097176 total - age 3: 34785960 bytes, 79883136 total : 7523165K-110355K(7922624K), 0.0921350 secs] 8681272K-1268462K(27845568K), 0.0969290 secs] [Times: user=0.95 sys=0.01, real=0.10 secs] ... 316.456: [GC 316.459: [ParNew Desired survivor size 238583808 bytes, new threshold 15 (max 15) - age 1: 41430416 bytes, 41430416 total - age 3: 22728376 bytes, 64158792 total - age 5: 19599960 bytes, 83758752 total - age 6: 21847616 bytes, 105606368 total - age 7: 27667592 bytes, 133273960 total - age 8: 10904 bytes, 133284864 total - age 9: 31824256 bytes, 165109120 total : 7650333K-215213K(7922624K), 0.1332630 secs] 8808440K-1373320K(27845568K), 0.1380590 secs] [Times: user=1.45 sys=0.01, real=0.14 secs] 338.851: [GC 338.854: [ParNew Desired survivor size 238583808 bytes, new threshold 15 (max 15) - age 1: 40678840 bytes, 40678840 total - age 2: 27075936 bytes, 67754776 total - age 4: 20399720 bytes, 88154496 total - age 6: 19271008 bytes, 107425504 total - age 7: 21655032 bytes, 129080536 total - age 8: 27118800 bytes, 156199336 total - age 9: 10904 bytes, 156210240 total - age 10: 31747808 bytes, 187958048 total : 7671853K-285541K(7922624K), 0.1456470 secs] 8829960K-1443648K(27845568K), 0.1503540 secs] [Times: user=1.62 sys=0.01, real=0.15 secs] 343.376: [Full GC 343.378: [CMS: 1158107K-1312570K(19922944K), 3.4129290 secs] 2884580K-1312570K(27845568K), [CMS Perm : 83964K-47203K(83968K)], 3.4168600 secs] [Times: user=3.87 sys=0.02, real=3.41 secs] **Last Full GC** 20517.892: [GC 20517.898: [ParNew Desired survivor size 238583808 bytes, new threshold 15 (max 15) - age 1: 33948208 bytes, 33948208 total - age 2: 88280 bytes, 34036488 total - age 3: 19872472 bytes, 53908960 total - age 4: 16072608 bytes, 69981568 total - age 5: 15718712 bytes, 85700280 total - age 6: 15771016 bytes, 101471296 total - age 7: 16895976 bytes, 118367272 total - age 8: 24233728 bytes, 142601000 total : 7618727K-200950K(7922624K), 0.1728420 secs] 16794482K-9376705K(27845568K), 0.1822350 secs] [Times: user=2.21 sys=0.01, real=0.18 secs] 20526.469: [Full GC 20526.475: [CMS: 9175755K-9210800K(19922944K), 33.1161300 secs] 13632232K-9210800K(27845568K), [CMS Perm : 83967K-53332K(83968K)], 33.1254170 secs] [Times: user=33.12 sys=0.02, real=33.12 secs] **Log samples after Full GC no longer runs** 74412.335: [GC 74412.340: [ParNew Desired survivor size 238583808 bytes,
Re: After going to Tomcat 6 I get log4j problems. Why?
On 25/05/2012 10:03, Hermes Flying wrote: Hi, I have upgraded from Tomcat 5.5 to Tomcat 6.0.35 I am getting java.lang.NoClassDefFoundError: org.apache.commons.logging.LogFactory I didn't have this problem before. Note that I have commons-logging already in my web apps WEB-INF\lib And this exception is from a class (custom class) running from a jar in %TOMCAT_HOME%\lib If I drop commons-logging in %TOMCAT_HOME%\lib the exception does not happen BUT now I get exceptions in log4j from inside my web app. I tried also deleting the commons-logging from %TOMCAT_HOME%\webapps\myApp\WEB-INF\lib but no success. Any idea what is the problem here? Please start a new thread, rather than hijacking an existing thread, by editing a subject/body. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: mod_jk not working !!
On 25 May 2012, at 19:21, Mark Eggers its_toas...@yahoo.com wrote: From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Friday, May 25, 2012 9:57 AM Subject: Re: mod_jk not working !! -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 5/25/12 12:41 PM, Caldarale, Charles R wrote: From: Mark Eggers [mailto:its_toas...@yahoo.com] Subject: Re: mod_jk not working !! I'll try to give a few general directions. much useful content snipped Again, start simply. 1. Stock Apache HTTPD installation (and verify) 2. Stock Apache Tomcat installation (and verify) 3. mod_jk installation (and verify) 4. Second Apache Tomcat installation (and verify both) 5. Cluster I'd suggest that your entire e-mail should be put in the Wiki. +1, though maybe in smaller pieces linked by a top-level page. - -chris If this goes up on the Wiki, then smaller pages organized by task would be good. It would probably help if the Wiki pages had a lot of detail, and cross-reference the appropriate documentation on the Tomcat web site as well. I've been meaning to write this up for some time, so maybe I'll get started on it this weekend. Since this is going to take a bit of time, is there a place on the Tomcat Wiki that I can write but not have it published (may be a developer list question). If not, then I'll write locally and then do a cut / paste. However, it would be nice to have feedback during the writing process. It's coherent. Just put it up, worry about the tweaking later. p /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: After going to Tomcat 6 I get log4j problems. Why? (RE:)
On 25/05/2012 21:40, Hermes Flying wrote: Creating a new Thread as Pid recommended: Concerning the questions posed by Konstantin Kolinko: You do not say what jars are exactly where and what actual configuration (server.xml and logging) you have. I am not sure I follow: you mean the version? I have log4j in the WEB-INF\xml, and commons-logging and commons-logging-api as well No problem up to Tomcat 5.5. Does this answer your question? Placing custom jars into %TOMCAT_HOME%\lib is usually a bad idea. The custom jar provides an SSLImplementation to be hooked in the connectors. When it tries to log I get exception. No problem in Tomcat 5.5. This exception goes away if I move commons-logging in %TOMCAT_HOME%\lib BUT then I have exceptions in my web application (even if I delete the commons-logging from WEB-INF\lib) Has something changed in the logging in Tomcat 6? How can I resolve this problems? Thank you! I'd suspect that one of them is the culprit. 2012/5/25 Hermes Flying flyingher...@yahoo.com: Hi, I have upgraded from Tomcat 5.5 to Tomcat 6.0.35 I am getting java.lang.NoClassDefFoundError: org.apache.commons.logging.LogFactory I didn't have this problem before. Tomcat 5.5 != Tomcat 6.0 http://tomcat.apache.org/migration.html p Note that I have commons-logging already in my web apps WEB-INF\lib And this exception is from a class (custom class) running from a jar in %TOMCAT_HOME%\lib If I drop commons-logging in %TOMCAT_HOME%\lib the exception does not happen BUT now I get exceptions in log4j from inside my web app. I tried also deleting the commons-logging from %TOMCAT_HOME%\webapps\myApp\WEB-INF\lib but no success. Any idea what is the problem here? Your description is too generic to say. You do not say what jars are exactly where and what actual configuration (server.xml and logging) you have. See 1) Class Loading page in documentation. Placing custom jars into %TOMCAT_HOME%\lib is usually a bad idea. I'd suspect that one of them is the culprit. 2) Logging page in documentation. Compare it with your configuration. It might be that you config matches some of the steps for enabling log4j described there, but not all of them. Note that using log4j in Tomcat is not the default configuration. 3) Apache Commons Logging documentation http://commons.apache.org/logging/guide.html Especially how commons-logging switches between java.util.logging and log4j (preferring the latter if it is available). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Isapi redirector log file is always empty - IIS 7.5 - Tomcat 7.0.26 - Isapi 1.2.30 - Win2008 R2
On 18/05/2012 00:58, ann ramos wrote: Hi, I have set up our system to do SSO. The setup works fine because whenever the user access the system, they are automatically logged in to the system. Following are the steps that I used to set up Isapi: 1. Manually created the folders Apache Software Foundation\Jakarta Isapi Redirector. Then inside those folders I created a sub folder bin, conf and log. 2. I manually created the registry entries. The set up works because the system functions as SSO. The only thing is that my isapi_redirect.log is always empty even though I set the log_level to debug. I tried searching the internet but I'm not getting anywhere. I would appreciate any thoughts and ideas that you can share so I can resolve my problem. Thanks and regards. Peeves Small note, next time please start an entirely new thread - rather than replying to an existing one* and just editing the subject body. p * RE: Tomcat 4.0 Tomcat 6.0 AuthenticatorBase -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: TC7: trigger seeding of SecureRandom
On 21/05/2012 08:18, Jamie wrote: Hi There We've just upgraded out web app to TC7. It seems the following is being outputted repeatedly on the console for each page load: trigger seeding of SecureRandom done seeding SecureRandom Can you post the full information from the log file, including the lines before and after these entries? p Closer inspection reveals, the Tomcat class SessionIdGenerator using SecureRandom. Is this normal? Why would SecureRandom have to be seeded so often? I am also worried about the Tomcat console log filling up over time. Thanks Jamie - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: aliases attribute tomcat7
On 17/05/2012 07:11, Michael Ravits wrote: Hey Pidster, This is the tag I've used: Context aliases=/img/images=/home/michaelr/images,/img/thumbs=/home/michaelr/thumbs/Context It could have been a permissions problem but I gather that if docBase works, this must work as well permission wise. Thanks, Michael 2012/5/17, Pid p...@pidster.com: On 17/05/2012 06:41, Michael Ravits wrote: Hi Everybody, I just can't get this to work. Installed Tomcat 7.0.21 on ubuntu 11 using apt-get. I deployed ROOT.war and then went on to configure aliases. Tried adding the attribute in: Obvious question: what exactly did you try? p $CATALINA_BASE/conf/Catalina/localhost/ROOT.xml This applies to the default context and seems to work OK on my install. Can you try using a fresh download from Apache? $CATALINA_BASE/conf/Catalina/localhost/context.xml This would only work for an application called '/context'. If your app is called something else, it won't work. $CATALINA_BASE/conf/Catalina/localhost/context.xml.default $CATALINA_BASE/conf//context.xml I don't know if it works in the default context, but I'd assume not - or at least that it's not such a good idea to set it for all Contexts. p But nothing seems to work.. In the mean while I've resorted to adding: $CATALINA_BASE/conf/Catalina/localhost/img.xml With docBase attribute pointing at the right place and it works. But it seems to me that aliases is more appropriate. Does anyone know what I'm doing wrong? How should I debug this? Thanks, Michael - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: I have /subapp/a and /subapp/b. Can i have different sessions for them?
On 18 May 2012, at 20:38, Teo teomina...@gmail.com wrote: Hi, first time posting on a mailing list, hope i'm not breaking any rules of some sort. My problem is pretty simple but it seems a lot of people have trouble understanding it in other forums. Okay... Let's say i have 2 main entry points into my application: /subapp/a and /subapp/b. Ok They are part of the same webapp but they are somehow different and i want to distinguish between them. Ok Having a separate session for each of them would be the greatest thing but is this possible for Tomcat? Yes, if they are separate applications. This is a Servlet Spec requirement. The path of the session cookie (JSESSIONID) is automatically put at the root context path (so /subapp in this example). The word root has a special meaning, be precise please. It usually means ROOT - the default application whose path is '/'. I don't think that's what you intend. And i don't want to have multiple wars or multiple Tomcats... Why not? Work with the technology instead of against it. If you name your app: myapp#subappA.war The context cookie path will be /myapp/subappA Problem solved. p I would like this in Tomcat 7 btw... I'm trying to avoid changing Tomcat itself so i tried to extend/wrap the usual response classes/interfaces but no luck because Tomcat writes the Set-Cookie header directly into the coyote response header... Any help would be appreciated, been wrestling with this for some days... Thanks, Teo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: aliases attribute tomcat7
On 17/05/2012 06:41, Michael Ravits wrote: Hi Everybody, I just can't get this to work. Installed Tomcat 7.0.21 on ubuntu 11 using apt-get. I deployed ROOT.war and then went on to configure aliases. Tried adding the attribute in: Obvious question: what exactly did you try? p $CATALINA_BASE/conf/Catalina/localhost/ROOT.xml $CATALINA_BASE/conf/Catalina/localhost/context.xml $CATALINA_BASE/conf/Catalina/localhost/context.xml.default $CATALINA_BASE/conf//context.xml But nothing seems to work.. In the mean while I've resorted to adding: $CATALINA_BASE/conf/Catalina/localhost/img.xml With docBase attribute pointing at the right place and it works. But it seems to me that aliases is more appropriate. Does anyone know what I'm doing wrong? How should I debug this? Thanks, Michael - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: tomcat slowing down
On 17 May 2012, at 07:42, Christian Kaufhold kaufhol...@googlemail.com wrote: Hi Mikolaj, thanks I will do that, do you know a free tool to generate request for the simulation of about 30 clients being connected? JMeter p Am 16.05.2012 um 21:49 schrieb Mikolaj Rydzewski: On 05/16/2012 05:35 PM, Christian Kaufhold wrote: its not intentional but the myfaces App runs on the server for years now and should not cause the problem I recently deployed a wicket app and now the server is slowing down when we have about 10 users or so. So there are two different applications? Myfaces (which used to work for a long time) and wicket (which takes server down)? I'd separate them first to have clear environment for investigation. Then enable GC logging, attach jvisualvm, deploy psi probe (http://code.google.com/p/psi-probe/), etc. -- Mikolaj Rydzewskim...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multiple tomcat Instances on Same Server and One Apache Instance
On 15/05/2012 23:32, Miguel González Castaños wrote: On 15/05/2012 17:22, André Warnier wrote: Vickie Troy-McKoy wrote: ... Thank you Andre for your help. After I configured it as you specified, the behavior was the same as before I inquired on this forum. Well, it doesn't sound as if we really helped a lot then, or am I misunderstanding this too ? :-) Note also for the record (and maybe a later enquiry) that it should not really be necessary to have 2 separate Apache httpd instances. At least if we now understand properly what you are really trying to achieve.. Just wondering. With a 64 bits OS, how much RAM can you handle in a JVM and therefore with each instance of Tomcat? For a 12 Gb of RAM machine, it would be wise if you want to have this kind of setup (Apache and two Tomcat instances in the same machine) if you need more than 400-500 concurrent users? If this is a new question, please post it in a completely* new thread, rather than hijacking someone else's. p * ie, no editing of subject body from a reply to an existing thread. -- [key:62590808] signature.asc Description: OpenPGP digital signature