Re: asking advice for tomcat 7 config

[Pid]

On 18/10/2012 12:22, Daniel Barcellos wrote:
 Hey
 
 I'm facing similar problems too and I guess with a good configuration of my 
 server.xml would be a good start point.
 
 So could kindly share a good Connector configuration in this mail thread? 
 What would that be the best choice in terms of max min threads keep alived 
 timeout configurations ?

It's probably not your connector config that's the problem, if there is
one.  Most of the time it's your app.

Use a profiler, monitor JMX (use VisualVM with the MBeans plugin) and
understand what's happening rather than assuming someone else's
connector config is good or better.

Start a new thread when you've tried this  have questions.


p


 Thanks in advance!
 
 Sent from my iPhone
 
 On 18/10/2012, at 07:05, Romain Van der Keilen 
 romain.vanderkei...@uniway.be wrote:
 
 Hi there!

 Some news for you about my problem.
 I did all the modifications you suggested, it increased the response time a 
 little bit (2-3 seconds better on a 15 seconds scale). It was already good 
 to take, and helped me to create a healthy configuration.
 After that, I looked deeper into the database configuration, as I saw in the 
 tests that non db relative actions were responding very fast (50ms for a 
 1000 users basis).
 I finally found an OracleDataSource in the Oracle Driver, which reacts far 
 way better than the BasicDataSource I was using before (12s for 150 users 
 for the basic data source, 1.5s for the oracle one, same test).

 So I think my problems are solved, thanks to you guys!

 Many thanks for the advices,

 Romain.

 -Original Message-
 From: André Warnier [mailto:a...@ice-sa.com] 
 Sent: mercredi 17 octobre 2012 11:49
 To: Tomcat Users List
 Subject: Re: asking advice for tomcat 7 config

 Pid wrote:
 ...


Executor  name=tomcatThreadPool namePrefix=catalina-exec-80- 
 maxThreads=650 minSpareThreads=100 /
Connector executor=tomcatThreadPool address=10.10.10.10 port=80 
 maxHttpHeaderSize=8192 
 protocol=org.apache.coyote.http11.Http11NioProtocol
   connectionTimeout=2 redirectPort=443 
 server=lighthttpd/2.0.0 enableLookups=false acceptorThreadCount=4 
 socket.directBuffer=false 
   compression=off 
 compressableMimeType=text/html,text/xml,text/plain,text/javascript,text/css,image/jpeg,image/png,image/gif
   acceptCount=50 bufferSize=4096 /


Executor  name=stomcatThreadPool namePrefix=catalina-exec-443- 
 maxThreads=650 minSpareThreads=100 /
Connector executor=stomcatThreadPool 
 protocol=org.apache.coyote.http11.Http11NioProtocol port=443 
 SSLEnabled=true scheme=https secure=true
clientAuth=false sslProtocol=TLS 
 keystoreFile=D:\keystore\appks server=lighthttpd/2.0.0
enableLookups=false keystorePass=changeit address=10.10.10.10 
 acceptorThreadCount=4 socket.directBuffer=false
compression=off 
 compressableMimeType=text/html,text/xml,text/plain,text/javascript,text/css,image/jpeg,image/png,image/gif
acceptCount=50 bufferSize=4096 
/Connector

 You've configured a separate pool for connectors on ports 80 and 443.  Why?

 You've reduced the acceptCount to 50.  Why?

 You are compressing compressed images.  Why?

 There is : compression=off in both connectors though.
 So I guess that compressableMimeType should be ignored.

 (It /is/ still questionable to have changed the default of 
 compressableMimeType, to include types which are inherently compressed 
 already.)


 You are setting acceptorThreadCount=4.  Why?


 Does your app have a database connection pool?
 What are the sizing parameters for this pool?


 Also,

 - for the HTTP connector, connectionTimeout is set to 2 (milliseconds), 
 and keepAliveTimeout is not set.
 - for the HTTPS connector, neither one is set.
 That will cause :
 - for the HTTP connector :
   - connectionTimeout = 2 ms (20 s.)
   - keepAliveTimeout =  2 ms
 - for the HTTPS connector :
   - connectionTimeout = 6 ms (60 s.)
   - keepAliveTimeout =  6 ms

 1) So it means that if a client connects to the server, but does not send 
 any request line for a while on that connection, the server will allocate a 
 thread to serve the request; this thread will wait up to 20 s (on HTTP) or 
 60 s. (on HTTPS), before timing out and returning to the pool of available 
 threads.
 Of course only a malicious client would do that..

 2) it also means that a perfectly non-malicious client can connect to the 
 server, and send a first request on the connection; the server will allocate 
 a thread to handle this request; and then, if the same client has no more 
 requests to send for a while, this thread will nevertheless remain waiting 
 on this connection for 20 s. (HTTP) or 60 s. 
 (HTTPS), just in case the client /would/ send another request on it.
 During this time, the thread is unavailable to process other client requests.

 Discarding item (1) for now as being a DOS attack, might (2) not go a long 
 way to explain the symtoms that the OP

Re: asking advice for tomcat 7 config

[Pid]

On 17/10/2012 08:59, Romain Van der Keilen wrote:
 Hi There,
 
 I'm quiet new to this mailing list as I encounter some configuration problems 
 with Tomcat 7.0.30.
 We are currently developing a web application, and we wish to have a good 
 response time with about 200 parallel sessions. My problem is that starting 
 from 70 users, the system does not respond quietly. At 70 users, we have an 
 average of 4000ms for the response time. At 120 users we are at an average of 
 2ms and with 200 users we have about 45000ms of response time. All of 
 those numbers were computed with JMeter, using 4 passes.
 
 Tomcat is running with the following options: jdk 1.7.0_07 ; server\jvm.dll ; 
 initial memory pool 1024Mb ; maximum memory pool 1250 Mb ; Thread stack size 
 : 1024 kb ; 64 bit version for both java and tomcat
 The server itself is a Windows Server 2008 Standard edition running on Intel 
 Xeon X5660 @ 2.8Ghz (2 physical processors ; 24 virtual processors ) ; 12Gb 
 Ram
 
 When the server is under a big load, what I could see with VisualVM is that 
 the heap size used never exceed 500Mb. When 500Mb is reached, it drops back 
 to about 100Mb. Another thing is that the CPU never works more than 5% of its 
 capabilities.
 I also took a look at the CPU usage in java classes, and there I saw that 95% 
 of the time goes to org.apache.tomcat.util.threads.TaskQueue.take(). The 
 first class related to my application is the oracle.net.ns.Packet.receive() 
 and is at 0.1% of the CPU time ...
 
 I've looked on a lot of forums to try to tune my tomcat configuration, but I 
 haven't found anything that could really help me, this is the reason I ask to 
 you. I've just put you the whole server.xml file after this, hoping you can 
 have a look and tell me if there is some big issue with it... The only thing 
 I changed is the IP of the server.
 
 Thanks in advance,
 
 Romain Van der Keilen.
 
 
 ?xml version='1.0' encoding='utf-8'?
 Server port=8885 shutdown=SHUTDOWN
 
   !--APR library loader. Documentation at /docs/apr.html --
   Listener className=org.apache.catalina.core.AprLifecycleListener 
 SSLEngine=on /
   !--Initialize Jasper prior to webapps are loaded. Documentation at 
 /docs/jasper-howto.html --
   Listener className=org.apache.catalina.core.JasperListener /
   !-- Prevent memory leaks due to use of particular java/javax APIs--
   Listener 
 className=org.apache.catalina.core.JreMemoryLeakPreventionListener /
   !-- JMX Support for the Tomcat server. Documentation at 
 /docs/non-existent.html --
   Listener 
 className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener /
   Listener 
 className=org.apache.catalina.core.ThreadLocalLeakPreventionListener /
 
   GlobalNamingResources
 Resource name=UserDatabase auth=Container
   type=org.apache.catalina.UserDatabase
   description=User database that can be updated and saved
   factory=org.apache.catalina.users.MemoryUserDatabaseFactory
   pathname=conf/tomcat-users.xml /
   /GlobalNamingResources
 
   Service name=Catalina
   
   Executor  name=tomcatThreadPool namePrefix=catalina-exec-80- 
 maxThreads=650 minSpareThreads=100 /
   Connector executor=tomcatThreadPool address=10.10.10.10 port=80 
 maxHttpHeaderSize=8192 protocol=org.apache.coyote.http11.Http11NioProtocol
connectionTimeout=2 redirectPort=443 
 server=lighthttpd/2.0.0 enableLookups=false acceptorThreadCount=4 
 socket.directBuffer=false 
  compression=off 
 compressableMimeType=text/html,text/xml,text/plain,text/javascript,text/css,image/jpeg,image/png,image/gif
  acceptCount=50 bufferSize=4096 /  
 
  
   Executor  name=stomcatThreadPool namePrefix=catalina-exec-443- 
 maxThreads=650 minSpareThreads=100 /
 Connector executor=stomcatThreadPool 
 protocol=org.apache.coyote.http11.Http11NioProtocol port=443 
 SSLEnabled=true scheme=https secure=true
   clientAuth=false sslProtocol=TLS 
 keystoreFile=D:\keystore\appks server=lighthttpd/2.0.0
   enableLookups=false keystorePass=changeit 
 address=10.10.10.10 acceptorThreadCount=4 socket.directBuffer=false
   compression=off 
 compressableMimeType=text/html,text/xml,text/plain,text/javascript,text/css,image/jpeg,image/png,image/gif
   acceptCount=50 bufferSize=4096 
   /Connector

You've configured a separate pool for connectors on ports 80 and 443.  Why?

You've reduced the acceptCount to 50.  Why?

You are compressing compressed images.  Why?

You are setting acceptorThreadCount=4.  Why?


Does your app have a database connection pool?
What are the sizing parameters for this pool?


p


 Engine name=Catalina defaultHost=localhost
 
   Realm className=org.apache.catalina.realm.UserDatabaseRealm 
 resourceName=UserDatabase/
 
   Host name=10.10.10.10 appBase=D:\Tomcat7\ unpackWARs=true 
 autoDeploy=true xmlValidation=false  xmlNamespaceAware=false
  

Re: Thread related MBean questions

[Pid]

On 16/10/2012 17:52, Shanti Suresh wrote:
 Greetings.
 
 I have some questions on finding the number of active threads in Tomcat.
 (1) On our QA system, I notice that the currenthreadsBusy MBean is
 either zero or one for the 8443 and 8080 connectors.  

 ThreadCount != currentThreadsBusy

One is the count of threads, one is the threads that are doing work.


 Why then is ThreadCount = 93 when there is not much going on on QA?

Because you've previously done enough work for Tomcat to maintain 93
threads.


 (2) When I want to graph the thread activity in Tomcat (the thread
 Pool usage), which is a better counter to look at - currentThreadsBusy
 or ThreadCount?

Depends what you want know.


 It seems like ThreadCount is what JConsole displays as Live Threads.
 (3) Why is TotalStartedThreadCount: 264?  Is that a cumulative total
 since Tomcat was restarted?

Yes.


p

 --Thread-related MBean snippet:-
 
 Name: Catalina:type=ThreadPool,name=http-apr-8443
 currentThreadsBusy: 1
 ...
 
 Name: Catalina:type=ThreadPool,name=http-apr-8080
 currentThreadsBusy: 0
 ...
 
 Name: java.lang:type=Threading
 DaemonThreadCount: 85
 PeakThreadCount: 99
 AllThreadIds: Array[long] of length 93
   135
   119
   118
   117
 ...
 
 CurrentThreadCpuTime: 46
 CurrentThreadUserTime: 402000
 ThreadCount: 93
 TotalStartedThreadCount: 264
 ThreadCpuTimeSupported: true
 ...
 ---end of snippet
 
 Thanks!
 
  -Shanti
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: tomcat 7 APR Connector problems

[Pid *]

On 15 Oct 2012, at 07:42, Andrey Timofeyev andrey.timofe...@gmail.com wrote:

 Hi Chris,

 thank you so much for answer,

 What about your Tomcat configuration:
 Server port=8005 shutdown=SHUTDOWN
Listener className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on/

You have no other listeners?


Service name=Catalina
Connector
   maxPostSize=5242880
   enableLookups=false
   useBodyEncodingForURI=true
   port=80
   maxThreads=1100
   disableUploadTimeout=true
   maxHttpHeaderSize=8192
   pollerSize=16768
   maxKeepAliveRequests=-1
   connectionTimeout=2
   asyncTimeout=11
   keepAliveTimeout=12
   compression=on

 compressableMimeType=text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/x-javascript
   address={...}
   acceptCount=1000/
Connector
   maxPostSize=5242880
   enableLookups=false
   useBodyEncodingForURI=true
   port=82
   maxThreads=100
   disableUploadTimeout=true
   maxHttpHeaderSize=8192
   pollerSize=100
   maxKeepAliveRequests=-1
   connectionTimeout=2
   keepAliveTimeout=120
   compression=on

 compressableMimeType=text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/x-javascript
   address={...}
   acceptCount=100/
Connector
   maxPostSize=5242880
   enableLookups=false
   useBodyEncodingForURI=true
   port=443
   maxThreads=1100
   disableUploadTimeout=true
   maxHttpHeaderSize=8192
   pollerSize=32768
   maxKeepAliveRequests=-1
   connectionTimeout=2
   keepAliveTimeout=12
   compression=on

 compressableMimeType=text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/x-javascript
   address=0.0.0.0
   acceptCount=100 scheme=https secure=true
   SSLEnabled=true
   SSLCipherSuite=HIGH:MEDIUM:!ADH:!SSLv2
   SSLCertificateFile={...}
   SSLCertificateKeyFile={...}
   SSLCertificateChainFile={...}/
Engine name=Catalina defaultHost={...}
Host name={...}
  appBase={...}
  autoDeploy=false
  unpackWARs=true
  deployXML=false


Context path= allowLinking=true useHttpOnly=false
Manager className={customSessionManager}
 maxActiveSessions=163840
 maxInactiveInterval=1800
 pathname=/
/Context

This Context seems to be missing a docBase, unless you are doing
something very bad and publishing the appBase.

Defining context in server.xml is not recommended.


p


Context path=/manager
 privileged=true
 docBase={...}
Realm
 className=org.apache.catalina.realm.MemoryRealm
 pathname=conf/tomcat-users.xml/
Valve
 className=org.apache.catalina.valves.RemoteAddrValve
   allow={...}/
/Context
Context path=/share docBase={deploy.dir}/res/share/
Context path=/res docBase={deploy.dir}/res/
Context path=/web/gwt docBase={deploy.dir}/web/gwt/
Context path=/web/gwt-alt
 docBase={deploy.dir}/web/gwt-alt/
/Host
/Engine
/Service
 /Server

 Do you get exceptions or apparent deadlock? Can you generate a thread
 dump?
 There are no any deadlock or aniything strange compared to life server (i
 will generate it one yet time, may be i missed something)

 Are your client connections long-lived
 Average client connection live 11 minutes.

 What does 'ulimit -n' tell you
 256k

 2012/10/12 Christopher Schultz ch...@christopherschultz.net

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Andrey,

 On 10/12/12 11:30 AM, Andrey Timofeyev wrote:
 Hi, everybody,

 There is followen problem with tomcat 7.0.29 (With tomcat 6.0.18
 there is no such problem):

 Any other services on the same machine lost connections with
 remote services, when number of incoming connections to tomcat
 reach pollerSize. (It seems that all file descriptors is used or
 something else)

 As I see in the tomcat 7  latch was added in AprEndpoint, and if
 connections reach maxLimit 

Re: tomcat eclipse and too many connections

[Pid *]

On 15 Oct 2012, at 19:01, Christopher Schultz
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 g. rgar,

 On 10/14/12 6:00 PM, g. rgar wrote:
 maybe this is related also :
 http://bugs.mysql.com/bug.php?id=65909

 If true then a workaround must be made available

 There are two other possibilities:

 1. You webapp leaks connections

 While it is possible, your connection pool should be complaining about
 that. Have you enabled removeAbandoned and logAbandoned for your
 connections? I highly recommend it -- especially in production.

 2. The DataSource is leaking connections on reload

 I think this is unlikely to be the case, as Tomcat is lazy about
 DataSource-creation: when you reload your webapp, it actually uses the
 existing DataSource that was created for the first instance of your
 webapp. Actually, unless you intentionally grab-and-shutdown the
 DataSource in a ServletContextListener's destroy() method, the
 DataSource will not be shut-down on undeploy/reload/etc.

3. App is not really being shutdown, so pool is not closed.


p



 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

 iEYEARECAAYFAlB8ThEACgkQ9CaO5/Lv0PDQIwCgr+apiGpwSA8QgUyFI875VWdS
 NSYAoJuUBSVrotUmFJluG8BfAS/VDi8h
 =dxRM
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Debug tomcat 6.0

[Pid *]

On 11 Oct 2012, at 08:34, vicky007aggar...@yahoo.co.in
vicky007aggar...@yahoo.co.in wrote:

 All,

Please don't hijack other people's threads.


p


 How to debug tomcat 6.0 , actually i am a Having issue with tomcat static 
 membership cluster . But i am not seeing any relevant information in 
 catalina.out file.

 Kindly suggest

 Thanks
 Vicky
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: CONFIGURING HOW MUCH MEMORY TOMCAT USES

[Pid]

On 08/10/2012 08:04, CHRISTOS STAVRINOU wrote:
 Hello,
 
 I want to configure the following
 
 Initial memory pool
 
 Maximum memory pool
 
 Thread stack size
 
 on tomcat 7 under Centos Linux but I don't know how.
 
 The reason I want to increase the values of these parameters is because I get 
 out of memory error when upload files with jsp code.
 
 Please help
 
 Thank you

HELLO.  PLEASE READ:

 http://www.catb.org/esr/faqs/smart-questions.html


p

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: JDBCRealm conection timeout failure on getPassword

[Pid *]

On 7 Oct 2012, at 15:26, Aladin Dajani aladin.daj...@gmail.com wrote:

 OK So I tried to use DataSourceRealm.  Seems simple enough. but I get the
 following exception:

 Oct 7, 2012 9:54:51 AM org.apache.catalina.realm.DataSourceRealm open
 SEVERE: Exception performing authentication
 javax.naming.NameNotFoundException: Name jdbc is not bound in this Context

 Here is my configuration.  context.xml is unchanged from previous setup
 (works well for pooled database access within the app)

 {catalina-base}\conf\context.xml:
Resource
 name=jdbc/MyAppDB
 auth=Container
 driverClassName=com.mysql.jdbc.Driver
 logAbandoned=true
 maxActive=100
 maxIdle=30
 maxWait=1
 password=password
 username=user
 removeAbandoned=true
 removeAbandonedTimeout=60
 type=javax.sql.DataSource
 url=jdbc:mysql://localhost:3306/databasename
 /

 Server.xml replaces the JDBCRealm with the DataSourceRealm as below

 {catalina-base}\conf\server.xml:
  Realm className=org.apache.catalina.realm.LockOutRealm
 Realm className=org.apache.catalina.realm.DataSourceRealm
 dataSourceName=jdbc/MyAppDB
 userTable=users
 userNameCol=username
 userCredCol=password
 userRoleTable=roles
 roleNameCol=rolename
digest=MD5
 /
  /Realm

 Have I missed a configuration somewhere ?

Yes, define the Resource in GlobalResources in server.xml.


p





 Thanks.
 On Sun, Oct 7, 2012 at 9:36 AM, Felix Schumacher 
 felix.schumac...@internetallee.de wrote:



 Aladin Dajani aladin.daj...@gmail.com schrieb:

 Hello List,

 My application is configured for JDBCRealm authentication uses a MySQL
 database.
 For my own use inside the application, I have setup a connection pool
 to
 access the database,  However, the configuration of JDBCRealm in
 server.xml
 uses astand-alone connection.  Since MySQL times-out connections after
 8
 hours, I get the following error in tomcat logs as I try to log-in
 after
 the connection times out:

 Oct 7, 2012 8:36:51 AM org.apache.catalina.realm.JDBCRealm getPassword
 SEVERE: Exception performing authentication
 com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException:
 No
 operations allowed after connection closed.Connection was implicitly
 closed
 by the driver.

 Users do not notice this error (I presume tomcat's JDBCRealm will
 create a
 new connection), but it US disconcerting to have all these exceptions
 in
 tomcat logs, especially that when the server goes into production mode,
 I
 fear this will have adverse effects.

 Is it possible to have JDBDRealm use the same connection pool which my
 application uses (which is setup in tomcat's context.xml so it should
 be accessible to all applications in tomcat).

 Have a look at DatasourceRealm.

 Regards
 Felix

 Thanks.



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JDBCRealm conection timeout failure on getPassword

[Pid]

On 07/10/2012 19:40, Aladin Dajani wrote:
 Thank you all for your help.  I now have DataSourceRealm based
 authentication up and running with my connection pool.
 
 One thing I want to mention is that I was unable to make teh scenarios
 described in the wiki work until I duplicated the Resource definition in
 both server.xml and in context.xml. 

That is unlikely to be accurate unless you are using the datasource for
something else.  The GlobalResources definition will be the one working.

The tomcat/conf/context.xml definition will only be valid for Realms
created inside the Context; and will create a separate pool for each
application deployed.


p


I tried several combinations as
 described in the wiki and outside and this is the one that worked, for now
 this is what matters to me.
 
 Thanks
 
 
 
 On Sun, Oct 7, 2012 at 11:33 AM, Mark Eggers its_toas...@yahoo.com wrote:
 
 On 10/7/2012 8:22 AM, Pid * wrote:

 On 7 Oct 2012, at 15:26, Aladin Dajani aladin.daj...@gmail.com wrote:

  OK So I tried to use DataSourceRealm.  Seems simple enough. but I get the
 following exception:

 Oct 7, 2012 9:54:51 AM org.apache.catalina.realm.**DataSourceRealm open
 SEVERE: Exception performing authentication
 javax.naming.**NameNotFoundException: Name jdbc is not bound in this
 Context

 Here is my configuration.  context.xml is unchanged from previous setup
 (works well for pooled database access within the app)

 {catalina-base}\conf\context.**xml:
 Resource
 name=jdbc/MyAppDB
 auth=Container
 driverClassName=com.mysql.**jdbc.Driver
 logAbandoned=true
 maxActive=100
 maxIdle=30
 maxWait=1
 password=password
 username=user
 removeAbandoned=true
 removeAbandonedTimeout=60
 type=javax.sql.DataSource
 url=jdbc:mysql://localhost:**3306/databasename
 /

 Server.xml replaces the JDBCRealm with the DataSourceRealm as below

 {catalina-base}\conf\server.**xml:
   Realm className=org.apache.**catalina.realm.LockOutRealm
 Realm className=org.apache.**catalina.realm.**DataSourceRealm
 dataSourceName=jdbc/MyAppDB
 userTable=users
 userNameCol=username
 userCredCol=password
 userRoleTable=roles
 roleNameCol=rolename
 digest=MD5
 /
   /Realm

 Have I missed a configuration somewhere ?


 Yes, define the Resource in GlobalResources in server.xml.


 p


 Here's the Wiki document on the various combinations:

 http://wiki.apache.org/tomcat/**TomcatDataSourceRealmshttp://wiki.apache.org/tomcat/TomcatDataSourceRealms

 /mde/


 Thanks.
 On Sun, Oct 7, 2012 at 9:36 AM, Felix Schumacher 
 felix.schumacher@**internetallee.de felix.schumac...@internetallee.de
 wrote:



 Aladin Dajani aladin.daj...@gmail.com schrieb:

  Hello List,

 My application is configured for JDBCRealm authentication uses a MySQL
 database.
 For my own use inside the application, I have setup a connection pool
 to
 access the database,  However, the configuration of JDBCRealm in
 server.xml
 uses astand-alone connection.  Since MySQL times-out connections after
 8
 hours, I get the following error in tomcat logs as I try to log-in
 after
 the connection times out:

 Oct 7, 2012 8:36:51 AM org.apache.catalina.realm.**JDBCRealm
 getPassword
 SEVERE: Exception performing authentication
 com.mysql.jdbc.exceptions.**jdbc4.**MySQLNonTransientConnectionExc**
 eption:
 No
 operations allowed after connection closed.Connection was implicitly
 closed
 by the driver.

 Users do not notice this error (I presume tomcat's JDBCRealm will
 create a
 new connection), but it US disconcerting to have all these exceptions
 in
 tomcat logs, especially that when the server goes into production mode,
 I
 fear this will have adverse effects.

 Is it possible to have JDBDRealm use the same connection pool which my
 application uses (which is setup in tomcat's context.xml so it should
 be accessible to all applications in tomcat).


 Have a look at DatasourceRealm.

 Regards
 Felix


 Thanks.



 --**--**-
 To unsubscribe, e-mail: 
 users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Tomcat 7.0.30 JAR Scanner ClassCastException

[Pid]

On 03/10/2012 14:44, Jesse Farinacci wrote:
 Greetings,
 
 I am using Apache Tomcat 7.0.30 on IBM Java 6. I have a @WebServlet
 inside a ROOT.war!/WEB-INF/lib/common-servlets.jar which forwards to a
 JSP located in common-servlets.jar!/META-INF/resources/some.jsp. When
 I reference the path for this @WebServlet Tomcat throws the following
 exception:
 
 org.apache.jasper.JasperException: Unable to initialize
 TldLocationsCache: org.apache.tomcat.util.scan.StandardJarScanner
 cannot be cast to org.apache.tomcat.JarScanner
   
 org.apache.jasper.compiler.TldLocationsCache.init(TldLocationsCache.java:252)
   
 org.apache.jasper.compiler.TldLocationsCache.getLocation(TldLocationsCache.java:205)
   
 org.apache.jasper.JspCompilationContext.getTldLocation(JspCompilationContext.java:607)
   org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:409)
   org.apache.jasper.compiler.Parser.parseDirective(Parser.java:475)
   org.apache.jasper.compiler.Parser.parseElements(Parser.java:1427)
   org.apache.jasper.compiler.Parser.parse(Parser.java:138)
   
 org.apache.jasper.compiler.ParserController.doParse(ParserController.java:242)
   
 org.apache.jasper.compiler.ParserController.parse(ParserController.java:102)
   org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:198)
   org.apache.jasper.compiler.Compiler.compile(Compiler.java:373)
   org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
   org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
   
 org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646)
   
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
   org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
   org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
 at 
 com.acme.web.MyJspDelegatingServlet.doGet(MyJspDelegatingServlet.java:122)
 
  org.apache.catalina.core.ApplicationDispatcher.invoke
 Servlet.service() for servlet org.apache.jasper.servlet.JspServlet
 threw exception
  java.lang.ClassCastException:
 org.apache.tomcat.util.scan.StandardJarScanner incompatible with
 org.apache.tomcat.JarScanner
 at 
 org.apache.jasper.compiler.JarScannerFactory.getJarScanner(JarScannerFactory.java:39)
 at 
 org.apache.jasper.compiler.TldLocationsCache.init(TldLocationsCache.java:243)
 at 
 org.apache.jasper.compiler.TldLocationsCache.getLocation(TldLocationsCache.java:205)
 at 
 org.apache.jasper.JspCompilationContext.getTldLocation(JspCompilationContext.java:607)
 at 
 org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:409)
 at org.apache.jasper.compiler.Parser.parseDirective(Parser.java:475)
 at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1427)
 at org.apache.jasper.compiler.Parser.parse(Parser.java:138)
 at 
 org.apache.jasper.compiler.ParserController.doParse(ParserController.java:242)
 at 
 org.apache.jasper.compiler.ParserController.parse(ParserController.java:102)
 at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:198)
 at org.apache.jasper.compiler.Compiler.compile(Compiler.java:373)
 at org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
 at org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
 at 
 org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:646)
 at 
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
 at 
 org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
 at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
 at 
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
 at 
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
 at 
 org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:749)
 at 
 org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:487)
 at 
 org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:412)
 at 
 org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:339)
 at 
 com.acme.web.MyJspDelegatingServlet.doGet(MyJspDelegatingServlet.java:122)
 
 I thought perhaps I had an old library somewhere, but grep and md5sum
 confirms that my deployed Tomcat 7.0.30 has the same libs that Apache
 is shipping in the official download. I went back to 7.0.29 and see
 the problem there as well. I haven't gone back farther.
 
 Any help on this is appreciated. I make heavy use of modular Servlet
 3.0 jar 

Re: How to limit the number of sessions per IP address (DOS attacks)

[Pid *]

On 30 Sep 2012, at 06:44, Brian Braun brianbr...@gmail.com wrote:

 Hi,

 I'm using Tomcat 7.0.22 (+Ubuntu Linux + MySQL).

 I'm providen a geolocation service. My users invoque a URL in my server
 (something like http://services.acme.com/locate?ip=..) providing the IP
 address, and it responds with the geolocation info. This service must admit
 a very high rate of queries, and it is doing it sucessfully now. This URL
 doesn't create sessions in order to save resources, and because sessions
 are not required after all. Each call is treated individually, no need to
 link them in sessions. In other words, this is a RESTful service.

 Besides the service URL, I have a website in the form
 http://www.acme.com(www. instead of services.). This website has a
 demo page where
 visitors can type an IP address and see the response (values, format, and
 an explanation of that). This website DOES create session, because it is
 necessary given that the user logs in, uses his account, manages his
 license codes, etc.

 The problem is that some people are requesting the demo URL at a very high
 rate, instead of requesting the special service URL that has been designed
 to provide the service returning a response in XML.

Why not just get the demo page to use the REST URL and decommission the old one?


p


 When they request this
 demo page at a very high rate, a ton of sessions are being created and
 Tomcat ultimately collapses. Basically, the RAM is exhausted, Tomcats gets
 slower and slower, and dies at the end. In other words, this is something
 similar to a DOS attack (Denial Of Service).
 I need to solve this. I need a way to limit the number of sessions that are
 being created for the same IP, and in the same host under Tomcat, so if
 this people start doing this, the app will stop them.
 It is very import to be able to apply a solution just to the www website,
 not to the other services. subdomain, so the solution must not be global
 to the Tomcat engine.

 What would you recommend as a strategy?
 Is there some kind of valve that I can use in the server.xml file to solve
 this?
 Should I create a filter that does this? Is a filter the best place to
 implement a solution?
 Is there a way to inspect the API and get the list of current sessions? Or
 do I need to build my own list at the application scope, most likely using
 the events when a session is created or destroyed to update this list?
 Is there a solution already built? Or do I have to program one from scratch?

 Note: I want to solve it at the host or context level. Not at the Tomcat
 engine level, or at the Linux level (IPTables/firewall), or adding Apache
 HTTPD server before Tomcat.

 Thanks in advance!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Failure connecting to Hbase remotely from Tomcat 6 Servlet

[Pid *]

On 1 Oct 2012, at 14:59, Mouradk mourad...@googlemail.com wrote:

 Hello,

 This is my first post so apologies if I am breaking some etiquette.

 I am not an expert on Hbase and have been flaying through threads of Hbase 
 remote connection but with no luck solving my problem.

 I am running a Hbase/Hadoop single cluster on an EC2 instance (Ubuntu 10.4). 
 I am also running a servlet on a tomcat6 server in another ec2 instance. The 
 plan is for the servlet to write and read to the remote Hbase instance. The 
 servlet is running a context listener with some java routines 
 (ServletContextListener).

 Now if I run the java project as a runnable jar instead of a servlet all is 
 fine. It connects to Hbase and writes/reads from table. But on tomcat6 it 
 just freezes when attempting to connect to the Hbase instance.

 2012-10-01 11:11:40,751 [Timer-4] INFO  
 com.myApp.foundation.access.HBaseHandler  initialise(..) - Initialisation 
 HbaseHandler configuration ...
 2012-10-01 11:11:40,763 [Timer-4] DEBUG org.apache.hadoop.conf.Configuration  
 init(..) - java.io.IOException: config()
at org.apache.hadoop.conf.Configuration.init(Configuration.java:211)
at org.apache.hadoop.conf.Configuration.init(Configuration.java:198)
at 
 org.apache.hadoop.hbase.HBaseConfiguration.init(HBaseConfiguration.java:33)
at 
 com.myApp.foundation.access.HBaseHandler.initialise(HBaseHandler.java:507)
at com.myApp.foundation.access.HBaseHandler.init(HBaseHandler.java:53)
at 
 com.myApp.foundation.access.HBaseHandler.getInstance(HBaseHandler.java:500)
at com.myApp.foundation.hbase.StorableRow.clinit(StorableRow.java:40)
at com.myApp.foundation.entities.Article.storeToHbase(Article.java:257)
at 
 com.myApp.task.impl.HBaseArticlePersisterTask.process(HBaseArticlePersisterTask.java:101)
at com.myApp.foundation.task.QueueTask.performTask(QueueTask.java:101)
at 
 com.myApp.runner.impl.HBasePersisterRunner$1.run(HBasePersisterRunner.java:46)
at java.util.TimerThread.mainLoop(Timer.java:512)
at java.util.TimerThread.run(Timer.java:462)

I don't know HBase, but I'd read this stack as being caused by a config error.


 2012-10-01 11:11:40,803 [Timer-4] INFO  
 com.myApp.foundation.access.HBaseHandler  initialise(..) - Config resource 
 zookeeper.quorum: ip-10-10-10-10.eu-west-1.compute.internal

 2012-10-01 11:11:40,803 [Timer-4] INFO  
 com.myApp.foundation.access.HBaseHandler  initialise(..) - Config resource 
 zookeeper.clientPort: 2181

 2012-10-01 11:11:40,804 [Timer-4] INFO  
 com.myApp.foundation.access.HBaseHandler  initialise(..) - Config resource 
 hbase.master.info.port: 60010

 2012-10-01 11:11:40,804 [Timer-4] INFO  
 com.myApp.foundation.access.HBaseHandler  initialise(..) - Config resource 
 hbase.master.info.bindAddress: ip-10-10-10-10.eu-west-1.compute.internal

 I can telnet the HBase instance. In the servlet I included the 
 hbase-site.xml. But as you can see from the log, the zookkeeper.quorum is 
 getting picked up as well as the port number. All necessary ports are open on 
 the Hbase instance.

What's in the config before those details?


 Something is telling me tomcat6 policy configuration is to blame.

If you have the Security Manager turned on, turn it off - then you'll
know pretty quickly if the policy is a) effective and b) wrong.


 But I don't see anything in the catalina logs. Are there any other logs I am 
 missing or could guide me to the right logs?

 Has someone experienced the same problem?

Doesn't look like a Tomcat problem. Either a HBase or OS config issue.
Have you opened the necessary firewall ports, for example?


p

 Many thanks in advance.

 Mourad

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Web app deployment Issues

[Pid *]

On 30 Sep 2012, at 11:52, ASIYA LABARAN a_laba...@yahoo.com wrote:

 Hello,

 I am trying to use tomcat server to deploy a webapp called mifos mfi. I 
 created a folder in the C: (C:\MifosInstall\) where i unzipped the tomcat 
 server 6.0.35.
 I created environment variables as required namely:

 JAVA_HOME
 value:  C:\Program Files\Java\jdk1.7.0_07

 CATALINA_HOME
 value: C:\Mifos Install\apache-tomcat-6.0.35-windows-x64\apache-tomcat-6.0.35

 CATALINA_OPTS
 value: -Xms1024M -Xmx1024M -XX:MaxPermSize=256m

 MIFOS_CONF
 C:\Mifos Install\mifos-v2.4.1\config


 Specifically, where did you put the mfi folder?
 C:\Mifos Install\

 I also  installed a jdk and set up its environment variables as required and 
 also copied the mifos.war file into the webapps folder 
 (CATALINA_HOME/webapps).
 I launched the tomcat server by double clicking the startup.bat inside 
 'CATALINA_HOME/bin/' folder.

 I do receive an error message (HTTP Status 404) saying the resource you 
 requested is not available.


 I need help on deploying my webapp.

There are log files in CATALINA_HOME/logs.

What do they contain? Any interesting messages about the app startup?


p

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 serious issues on AIX 5.3

[Pid *]

On 28 Sep 2012, at 20:00, vincent.soo...@daimler.com
vincent.soo...@daimler.com wrote:

 Post your DBCP configuration and let's see what can be
 done with it.

As above.


p

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: exploting tomcat vulnerability with example

[Pid *]

On 19 Sep 2012, at 13:20, Daniel Mikusa dmik...@vmware.com wrote:

 On Sep 19, 2012, at 5:02 AM, Ragini wrote:

 Hi all,

 For my research work I want to have different attacking scenarios which 
 exploits vulnerability of JAVA based applications. This java applications 
 can be just any web-application, desktopapplication or any other.

 For this, I was thinking to exploit vulnerabilities of tomcat itself 
 (because it is in java). I went through different vulnerabilities of 
 different versions of tomcat on apache tomcat's official site. They have 
 provided information about what is the vulnerability and what is its 
 consequences.

 But I am looking for some real time example by which I can exhibit the 
 exploitation of tomcat’s vulnerability. The version of the tomcat can be 
 just any. I would like to try vulnerabilities like authentication bypass, 
 information disclosure or some other which really compromises the security.

 Try looking at Metasploit.

+1


p

 Dan


 Could anybody please suggest some source where I can get step by step 
 information about exploiting tomcat’s vulnerability with example ? It would 
 be nice if the example web application used for exploitation is also in java.

 I would really appreciate your any kind of help regarding this.

 Thanks.

 Richa.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Updating Tomcat-Server from Version 6.0.16 to 7.0.30

[Pid *]

On 19 Sep 2012, at 14:45, Andreas Stadelmeier a...@michlaustderaffe.de wrote:

 Hello guys,

 i would like to install the newest stable version of the Apache Tomcat
 Server. I already got some stuff running on the old Tomcat v.6.0.16
 Server.
 I want to ask you, if it is safe to do this update and if afterwards
 my v 6 compatible JSP-Files wont cause any problems.

Try the latest 6.0.x first, then if your app is fine, try 7.0.x.
Things changed in 6 that sometimes catch people out.


p


 Thank you in advance,

 Andi

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Latest Tomcat release question...

[Pid *]

On 19 Sep 2012, at 16:45, Tony Anecito adanec...@yahoo.com wrote:

 Ok does scanning scan the classes inside the library jars the app uses? What 
 would be the point of that?

How does Tomcat know which is a special library jar and which is not?
(Unless you provide it with a list of jars to ignore.)


p





 Thanks,
 -Tony

 --- On Wed, 9/19/12, Christopher Schultz ch...@christopherschultz.net wrote:


 From: Christopher Schultz ch...@christopherschultz.net
 Subject: Re: Latest Tomcat release question...
 To: Tomcat Users List users@tomcat.apache.org
 Date: Wednesday, September 19, 2012, 7:38 AM


 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Tony,

 On 9/18/12 7:10 PM, Tony Anecito wrote:
 Thanks for the heads up about the memory issue. I looked over the
 release notes before I posted here and did not remember reading
 that.

 http://tomcat.apache.org/tomcat-7.0-doc/changelog.html

 It's bug 53535:
 http://issues.apache.org/bugzilla/show_bug.cgi?id=53535

 I do not use spring either and glad for that but I do use JAX-WS
 and am working on swithing to JAX-RS and there are quite a few
 libraries for JAX-RS. This weekend I will look at using 7.0.30.

 It really comes down to the number of classes that get scanned. Lots
 od deps = lots of classes (usually).

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

 iEYEARECAAYFAlBZyu8ACgkQ9CaO5/Lv0PC9TwCgw2qRGo/B0HjjQJycPsK1G9hZ
 v9IAnjKhBC+gZL3iUoHIY5MTR1Ph9v/v
 =C59w
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Connector for Sun ONE Web Server 7.0 and Tomcat 6.0.x

[Pid *]

On 19 Sep 2012, at 16:59, Hassan Schroeder hassan.schroe...@gmail.com wrote:

 On Wed, Sep 19, 2012 at 8:02 AM, Jay Rao jay...@gmail.com wrote:
 Is there a Tomcat Connector for Sun ONE Web Server 7.0 and Tomcat 6.0.x
 running on RedHat Linux 5.7 64-bit ?

 If not, any idea on when will it would be available please ?

 My guess: When dead, dreaming Cthulhu wakes in his house at
 R'lyeh and schedules a Tupperware party.

LMAO

 I could be wrong, though.

Or you could pay someone to create one.
Or try the 6.x one that is the top result when you google sun one
tomcat connector
Or ditch Sun ONE and use something current.


p


 --
 Hassan Schroeder  hassan.schroe...@gmail.com
 http://about.me/hassanschroeder
 twitter: @hassan

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: sessions replication

[Pid *]

On 19 Sep 2012, at 16:59, Carrillo, Dan dcarri...@idanalytics.com wrote:

 Hi folks,
 My sessions are replicating across the cluster as indicated by my session 
 listener debug output.  E.g I can see the session created/destroyed messages 
 in each respective log.
 I have a Service object that is serializable, which contains a String member 
 variable (x) which is not initialized; null.  As my load balancer 
 round-robins the requests to each of these servers, each successfully 
 retrieves the service instance from the session.  Now, when service.x is set 
 at some point in the workflow, I expect the other members to receive this 
 updated object since it resides in the session.  However, I'm finding that it 
 is not, it remains null in all other containers.

 The tomcat config 
 (http://tomcat.apache.org/tomcat-6.0-doc/cluster-howto.html) says that ..For 
 each request the entire session is replicated, this allows code that modifies 
 attributes in the session without calling setAttribute or removeAttribute to 
 be replicated.

 Can someone clarify whether I do in fact need to reset the service object on 
 the session in order for it to replicate?

If by this, you are asking whether you can retrieve an object from the
session, update it and without adding it back to the session expect
these changes to be propagated, then no, you can't.


p



 Thanks!

 Engine name=Catalina defaultHost=localhost jvmRoute=id2
Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster
 channelSendOptions=6

  Manager className=org.apache.catalina.ha.session.DeltaManager
   expireSessionsOnShutdown=false
   notifyListenersOnReplication=true/

  Channel className=org.apache.catalina.tribes.group.GroupChannel
  Membership 
 className=org.apache.catalina.tribes.membership.McastService
   address=231.10.12.6
   port=35006
   frequency=500
   dropTime=3000/
  Receiver 
 className=org.apache.catalina.tribes.transport.nio.NioReceiver
   address=auto
   port=8117
   selectorTimeout=100
   maxThreads=6/

Sender 
 className=org.apache.catalina.tribes.transport.ReplicationTransmitter
  Transport 
 className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/
/Sender
Interceptor 
 className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/
Interceptor 
 className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/
Interceptor 
 className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/
  /Channel

  Valve className=org.apache.catalina.ha.tcp.ReplicationValve
 
 filter=.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;/
  ClusterListener 
 className=org.apache.catalina.ha.session.ClusterSessionListener/
/Cluster

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Is there a REAL solution to the BEAST attack (CVE-2011-3389) for Tomcat 7.x

[Pid *]

Martin,

You know what a turtle is?


p

On 15 Sep 2012, at 13:30, Martin Gainty mgai...@hotmail.com wrote:


 Good Morning Brian

 from what Im seeing this is a Redhat Enterprise 4,5,6 bug which effects any 
 of the secure protocols such as sftp, scp and ssl  and you would need to 
 implement the RH patch
 dsiable TLS 1.0 and implement either TLS 1.1 or TLS 1.2 protocols in its place
 disable applets
 disable WebSockets
 disable Cipher Block Chaining (CBC) ciphers
 make sure  1/(n-1) split is being implemented
 replace your JSSE with a JSSE that supports  jsse.enableCBCProtection

 this update from tomas tells the story
 A mitigation for this flaw was implemented in the Network Security Services 
 (NSS) library.
 It uses 1/(n-1) record splitting as mentioned in comment #19.
 This mitigation was added in NSS version 3.13 (which is used in Firefox 9 and 
 later) and is enabled by default upstream.
 Environment variable NSS_SSL_CBC_RANDOM_IV can be used to disable the 
 mitigation when it causes failures to connect to servers that are intolerant 
 to such record splitting (see comment #23).  Setting the environment variable 
 value to 0 disables the mitigation.
 use FF9 as your corporate browser
 https://bugzilla.redhat.com/show_bug.cgi?id=737506does anyone from Redhat 
 have anything useful to say on this matter?
 Martin Gainty
 __
 Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

 Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
 sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
 oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich 
 dem Austausch von Informationen und entfaltet keine rechtliche 
 Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen 
 wir keine Haftung fuer den Inhalt uebernehmen.
 Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
 destinataire prévu, nous te deer mandons avec bonté que pour satisfaire 
 informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie 
 de ceci est interdite. Ce message sert à l'information seulement et n'aura 
 pas n'importe quel effet légalement obligatoire. Étant donné que les email 
 peuvent facilement être sujets à la manipulation, nous ne pouvons accepter 
 aucune responsabilité pour le contenu fourni.


 Date: Fri, 14 Sep 2012 22:12:30 -0500
 Subject: Is there a REAL solution to the BEAST attack (CVE-2011-3389) for 
 Tomcat 7.x
 From: brianbr...@gmail.com
 To: users@tomcat.apache.org

 Hi,

 Is there a REAL solution to the BEAST attack (CVE-2011-3389) for Tomcat
 7.x?
 For more info about this attack:
 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389

 My toughts and questions, as far as I have investigated this issue:

 - Disabling the TLS1.0 protocol would be too restrictive, because there are
 still browser versions in use that don't support TLS1.1 or TLS1.2.
 - Should we restrict the ciphers in use? If so, which ones should we offer
 for Tomcat 7.X over JVM1.6 and using a GeoCerts certificate (which means
 JSSE instead of OpenSSL)?
 - Will upgrading to the latest JVM (as of today, Sept 14th 2012) solve this
 issue?

 Thanks in advace.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Profiling tomcat 7 on ubuntu with java profiler

[Pid *]

On 17 Sep 2012, at 13:55, Ragini raginippa...@gmail.com wrote:

 Hi experts,

 I profile tomcat with a java profiler.

I expect that a Java Profiler is the best way to do that.

 The profiler runs java agent and
 profiles the tomcat server.

So you said. That's awesome dude.

 So I have created setenv.sh and put java
 options to it. so far it is working fine. I start the server, then I run
 the web application in the browser and then I stop the server by
 shutdown.sh. After I execute shutdown.sh, my profiler dumps the output.
 This output shows all the executed java methods in xml format. It
 actually shows the sequence in which they were executed. Pl find the
 attached file to see how the profiler generates the output. This was
 generated by running just one test.jsp page which contains the method
 addnum.

 In the output, I have noticed that the main class which is responsible
 to execute jsp page is Lorg/apache/jsp.

Uhhh, which profiler are you using? That doesn't make sense.


 But I am not sure if there are also other classes which are responsible for 
 this.

...


 I am curious to know this. In my profiler I have an option by which I can 
 exclude classes
 which I dont want to profile.

 I am basically interested in profiling all user defined methods of jsp
 pages and of java classes. (I want to profile a web application which
 has java classes and jsp pages as well).

Good plan.

 I would not like to profile the classes of apache which are dependent on time 
 (like threads are time dependent).

Uhh, if the committers come up with some Tomcat code that isn't depend
on time I extend an immediate offer of unlimited beer. (Before you
start, I'll win this one.)


 The reason for this is, it gives me different profiles for
 exactly two same runs. Which I strictly don’t want.

Sun spots?

 so I would like to have your opinions on,

 1) Are the methods of org/apache/jsp class and time dependent ? Is there
 any chance that I get different profiles for exactly two same runs ?

Unless your Tomcat server is in a Faraday cage for a start, yes.


p

 (I don’t have any option to include the class which needs to be profiled
 in my profiler. So if I want to test the above I have to specify all
 other classes except org/apache/jsp in my exclusion list which is very
 time consuming. If I am sure that methods of apache/jsp/* classes are
 not time dependent, I can do that.





 I need your help regarding this.

 Thanks.

 Richa
 tomcat_output.cct.xml.gz

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: R: how to read files in file system

[Pid *]

On 18 Sep 2012, at 07:22, Ge Gestione Elaboratori(IBM Business
Partner) case...@gmail.com wrote:

 Excuse me Dan:
 attached the screenshot.

Zeesh.
Stop attaching it, paste some info inline in the message and stop being lazy.


p

 paolo

 -Messaggio originale-
 Da: Daniel Mikusa [mailto:dmik...@vmware.com]
 Inviato: martedì 11 settembre 2012 13.51
 A: Tomcat Users List
 Oggetto: Re: how to read files in file system

 On Sep 11, 2012, at 3:11 AM, IBM partner Gestione Elaboratori wrote:

 With jsp i can read files in the file system only if there are located
 under
 the directory webapps/application/file.

 If I read a file ,for example, in c:/filename Tomcats signals an error
 (se
 atthachment)

 Again, there is no attachment.  The list is probably removing it.  Please
 try pasting the content into your email.

 Please also include the error that is given.  Without that, we can only
 guess at what is happening.

 Dan

 How to read files located everywere in the file system?



 paoloc



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to send some requests to all tomcat cluster nodes from loadbalancer

[Pid]

On 12/09/2012 12:45, Orhan Karasakal wrote:
 Hi,
 
 I have a distrubuted cluster system. I have set up apache server and set
 loadbalancing (mod_jk) conditions. And also sticky session is true mode. Among
 nodes, there is no multicasting
 
 Is it possible that could I send some special requests (after request
 header control) or broadcast message to all tomcat cluster nodes ? Is there
 any rule or method ?
 
 Normally every request goes one node but for some special url, I want to
 send these requests to all cluster nodes. For example for some url,
 application should not be seen to user.
 
 Thanks for your help,
 Orhan Karasakal

That can't be supported by HTTP - how would the protocol handle sending
more than one HTTP response back to the requestor?

Design an alternative solution that uses a messaging system (perhaps JMS
or AMQP), or in which any member can relay the payload of the request to
other nodes one at a time.


p


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: How to get heap dump of Tomcat running as windows service.

[Pid]

On 12/09/2012 11:02, Aditi Sinha wrote:
 Hi,
 
 
 
 We have web server hosted on Tomcat 7.0.22. Tomcat is running as windows
 service.
 
 When we try to get the heap  dump of Tomcat using the following command
 
 
 
 *jmap -dump:format=b,file=heap.bin pid*
 
 
 
 we get below error
 
 
 
 *pid: Not enough storage is available to process this command.*

probably because you have set a large heap size.

 When Tomcat is started manually in console (using command “catalina.bat
 start”), we are able to take the heap dump.

because you are probably not setting a heap size.

 Is there any workaround which would allow to take heap dump when Tomcat
 running as windows service?

make some more disk space available, sufficient to permit the heap to be
written to file.


p

 Thanks  Regards,
 
 Aditi
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: tomcat 7.0.27 HTTP Status 404 - /manager/status

[Pid *]

On 10 Sep 2012, at 07:53, Ch. Fawad Nazir fa...@biome.io wrote:

 Yes Tomcat run with Root.

That's not usually a good thing.
How are you starting Tomcat?


p

 I made a copy of tomcat-users.xml to tomcat-users.xml-old before make any
 changes to original file. Did some changes in tomcat-users.xml ... and after
 that delete the tomcat-users.xml. And again rename the tomcat-users.xml-old
 to tomcat-users.xml again and restart the Tomcat.



 Ch. Fawad Nazir

 -Original Message-
 From: André Warnier [mailto:a...@ice-sa.com]
 Sent: Monday, September 10, 2012 11:40 AM
 To: Tomcat Users List
 Subject: Re: tomcat 7.0.27 HTTP Status 404 - /manager/status



 And does Tomcat run as user root ?


 I am going by your own explanation above.  It was working; you only did
 something to tomcat-users.xml, and it isn't working anymore.  Logically
 thus, it is something that you did to tomcat-users.xml that is the cause.
 Unless your explanation above is incomplete.
 It is strange that you would get a 404 not found status as a result of
 messing about with tomcat-users.xml, but hey that's what you're saying.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat HeapMemoryUsage MBean question

[Pid *]

On 7 Sep 2012, at 22:00, Shanti Suresh sha...@umich.edu wrote:

 Hi Konstantin,

 True.  JMX data can be sensitive.


If you're concerned about security do not use the JMXProxy Servlet at all.
Configure security on an exposed JMX port and then interact with the
JVM by connecting to the port. Scripts written in Groovy, for example,
make this pretty easy to do.


p




 I am not a JSP expert.  I created the following test.jsp page and have it
 sitting in webapps/manager/.  It doesn't work.  I have the error message
 below the JSP text.  Would you have a suggestion for what I might have in
 this page?

 -- Start of test.jsp:-

 !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01//EN 
 http://www.w3.org/TR/html4/strict.dtd;
 html
 head
  titleTest JSP/title
  style type=text/css
!--
BODY
 {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;font-size:12px;}
H1
 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;}
PRE, TT {border: 1px dotted #525D76}
A {color : black;}A.name {color : black;}
--
  /style
 /head
 body
   h1Test JSP/h1
   p
Welcome to Test JSP page.
   /p

 jsp:forward page=/jmxproxy/
 jsp:param name=get value=java.lang%3Atype%3DMemory /
 jsp:param name=att value=HeapMemoryUsage /
 jsp:param name=key value=used /
 /jsp:forward

 /body

 /html

 --End of test.jsp-

 On invoking the above JSP page, I get:

 -Start of HTTP connection output:---
 * About to connect() to localhost port 8090
 *   Trying 127.0.0.1... connected
 * Connected to localhost (127.0.0.1) port 8090
 GET /manager/test.jsp HTTP/1.1
 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5
 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
 Host: localhost:8090
 Accept: */*

  HTTP/1.1 200 OK
  Server: Apache-Coyote/1.1
  Set-Cookie: JSESSIONID=3FC31B7F279B68E4417186B5DC702D68; Path=/manager/;
 HttpOnly
  Content-Type: text/plain;charset=ISO-8859-1
  Content-Length: 86
  Date: Fri, 07 Sep 2012 20:47:51 GMT
 Error - javax.management.MalformedObjectNameException: Key properties
 cannot be empty
 * Connection #0 to host localhost left intact
 * Closing connection #0

 -End of HTTP Connection output-

 Thanks.

  -Shanti

 On Fri, Sep 7, 2012 at 4:29 PM, Konstantin Kolinko
 knst.koli...@gmail.comwrote:

 2012/9/7 Shanti Suresh sha...@umich.edu:
 Hi Christopher, Hi Konstantin,

 On Fri, Sep 7, 2012 at 1:54 PM, Christopher Schultz 
 ch...@christopherschultz.net wrote:


 I personally think that's a bad idea: just set some simple username
 and password and have your client use it: any decent command-line HTTP
 client should support HTTP BASIC authentication.


 Sure.  I can do that.  It just leaves the set operations vulnerable too
 though.  I can use digested passwords too, but still my scripts will need
 to be hard-coded with the password.



 That's good.

 Sure :-)  Thanks.



 Log it as an enhancement request in Bugzilla. I proposed this kind of
 thing a few months ago though I can't seem to find the thread at the
 moment. It was mildly rejected due to lack of interest, but but it
 seems we have a real use-case where a user wants this capability.


 Oh, most certainly, there is a definite use-case for this feature.  And
 others will use it heavily once you have the capability.  It just doesn't
 seem like a good plan to have the get and set secured the same way.


 With get you can view someone's password.
 With set you can change it, or change assigned roles.

 (with certain Realm implementations).

 There is not much difference.  I think allowing generic get or
 generic set is a bad idea.

 Best regards,
 Konstantin Kolinko

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tuning session replication on clusters

[Pid *]

On 5 Sep 2012, at 20:51, llow...@oreillyauto.com
llow...@oreillyauto.com wrote:


 I have a small cluster of 3 nodes running tomcat 6.0.24 with openJDK
 1.6.0_20 on Ubuntu 10.04 LTS.

You should really consider upgrading Java.
While you're at it, try Tomcat 7.0.30 in your lab and have a look at
BackupManager (instead of DeltaManager) as Dan suggested.


p




 I have roughly 5,000-6,000 sessions at any given time, and when I restart
 one of the nodes I am finding that not all sessions are getting
 replicated , even when I have the state transfer  timeout set to 60
 seconds.

 It seems that only sessions that have been touched recently are replicated,
 even if the session is still otherwise valid. I did one test where I
 created about 1,500 sessions and then took out one node, When I brought it
 back online, it only replicated the 4-5 sessions that were from active
 users on the test cluster. It did not replicated the idle sessions that
 were still valid that my prior test had created.

 I  am wanting to tune my settings, but I am unsure where would be the best
 place to start. Should I start with the threads available to the NIO
 Receiver, or would I be better off focusing on a different set of
 attributes first, such as the send or receive timeout values?

 Any tips or pointers as to which setting might be the most productive would
 be greatly appreciated.

 Lee Lowder
 O'Reilly Auto Parts
 Web Systems Administrator
 (417) 862-2674 x1858

 This communication and any attachments are confidential, protected by 
 Communications Privacy Act 18 USCS � 2510, solely for the use of the intended 
 recipient, and may contain legally privileged material. If you are not the 
 intended recipient, please return or destroy it immediately. Thank you.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Facing Memory leak - 64 bit Tomcat 6.0.35 with windows 2008 R2(64 bit JVM 1.6.0_33)

[Pid *]

edited for my amusement.

On 5 Sep 2012, at 17:16, PJ Delsh pjdelsh...@hotmail.com wrote:

 Shailendra,  I'm not an expert,

Really?

 Once we fixed the leaks, Tomcat was stable.

Quel surprise.

 After months of searching, we think the issue was having system.exit(0) in 
 our code.

A classic blunder. After which you conclude:

 The truth is that Tomcat is not written well enough to run on Windows.

Hilarious, but unfounded  inaccurate. Of course you could prove me
wrong by pointing out which bits of Tomcat are not written well enough
to run on Windows?


 Tomcat is not like IIS. Developing for Tomcat on Windows is fine, but running 
 production apps in Tomcat on Windows is a bad idea.

I am aware of substantial Tomcat deployments on Windows that run just
fine under a decent amount of load.


p


 Date: Wed, 5 Sep 2012 11:13:09 -0400
 From: ch...@christopherschultz.net
 To: users@tomcat.apache.org
 Subject: Re: Facing Memory leak - 64 bit Tomcat 6.0.35 with windows 2008 
 R2(64 bit JVM 1.6.0_33)

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Shailendra,

 On 9/5/12 2:50 AM, Shailendra Singh wrote:
 We are using 64 bit Tomcat 6.0.35 with windows 2008 R2 (64 bit JVM
 1.6.0_33) and facing memory leak issues(OutOfMemoryError ) after a
 short interval of time( ~30 minutes).

 We deploy a web application on this version of tomcat and while
 working with the GUI part of the application we face memory leak,
 but same application works fine on this windows server for 32 bit
 JVM.

 Please help us if this is an issue with 64 bit Tomcat version or
 with 64bit JVM or with its combination. kindly let us know a
 solution or any work around or for this.

 You've asked this question three times now and have apparently been
 ignoring every reply you get. Please stop asking if you are going to
 ignore our questions and advice.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

 iEYEARECAAYFAlBHbAUACgkQ9CaO5/Lv0PCknACeIwxou02m0hz1Y9HtZTAmzMot
 A/YAniXDFbzzs+ApHFFXBxL9vtIoXuoN
 =NjrU
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Access Tomcat cluster info thru MBean

[Pid]

On 29/08/2012 13:22, Mark Thomas wrote:
 On 29/08/2012 08:29, Awdhesh Kumar wrote:
 I am working with Tomcat 7.0.X.
 
 Just to be clear, do you mean Tomcat 7.0.x built from tc7.0.x/trunk in
 svn or do you mean some unknown Tomcat 7 version?

Perhaps the OP really does mean the (until now, highly secret 
classified) 7.0.X release.


p

 Mark
 

 -Original Message-
 From: Mark Thomas [mailto:ma...@apache.org] 
 Sent: Wednesday, August 29, 2012 12:57 PM
 To: Tomcat Users List
 Subject: Re: Access Tomcat cluster info thru MBean

 Awdhesh Kumar awdh...@adobe.com wrote:

 I am running my Tomcat is running in clustered mode with four instances 
 configured to same machine.  In the application, I need to retrieve 
 information  regarding all the running instances of this cluster
 (nodes) through MBean.
 Information like instance IP, instance name are my primary requirement.

 Have tried to retrieve Cluster Mbean by  querying [b]*:type=Cluster,* 
 [/b],  It returns basic cluster information but it does not contain any 
 information of the instances.

 If someone can suggest me a way to achieve this will be nice.


 Regards
 Awdhesh

 Tomcat version?

 Mark

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Facing Memory leak - 64 bit Tomcat 6.0.35 with windows 2008 R2(64 bit JVM 1.6.0_33)

[Pid]

On 30/08/2012 15:13, Christopher Schultz wrote:
 Shailendra,
 
 On 8/30/12 1:54 AM, Shailendra Singh wrote:
 We are using 64 bit Tomcat 6.0.35 with windows 2008 R2 (64 bit JVM 
 1.6.0_33) and facing memory leak issues(OutOfMemoryError ) after a 
 short interval of time( ~30 minutes).
 
 We deploy a web application on this version of tomcat and while 
 working with the GUI part of the application we face memory leak,
 but same application works fine on this windows server for 32 bit
 JVM.
 
 So you run out of memory when using 64-bit JVM but not on 32-bit JVM?
 
 Please help us if this is an issue with 64 bit Tomcat version or
 with 64bit JVM or with its combination. kindly let us know a
 solution or any work around or for this.
 
 Tomcat is almost entirely architecture-agnostic (except for the
 service runner and optional APR/native library which hardly consume
 any memory at all, and are unlikely to be the problem, here).
 
 What kind of OOME are you getting? Heap? PermGen?
 
 My knee-jerk reaction is that you simply need a bigger heap than usual
 when moving from 32-bit to 64-bit JVM because the word-length has doubled.

Given that there is no real information about the environment (e.g.
memory assigned, used, etc) that's a fair guess.


p

 -chris
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: How-to-achieve-url-maxtry-filter-in-apache-tomcat

[Pid *]

On 28 Aug 2012, at 05:00, rathinasamy@snovabits.net
rathinasamy@snovabits.net wrote:

 No It can't be responsible for removing the url, since the url path will
 not come through my application it is directly hitting the tomcat port.

That makes no sense.
If it's your app then you can intercept it and do as you please.


 I deployed my application as a war file in server  through that app
 created a folder in:

 tomcat_server_home/webapps/root/club/dely/ios/..

Do you mean root or ROOT?


 So how can I control it through app, My app's work is to generate a
 folder like structure in tomcat home path  build the url  return the
 url to user.

By adding a Servlet Filter with a path that maps to the same URL space
as the resource URLs.

If the Filter has access to the URL and counter, again as previously
described, then it can pass requests through transparently, increment
the counter and then refuse access by returning a 404 instead of a
response after the expiry time or counter is exceeded.

Look at the Tomcat examples and read the Servlet Spec - don't just
rely on Google and people on the list doing your work for you if you
want to understand this.


p


 On 8/27/2012 6:38 PM, Pid wrote:
 On 27/08/2012 08:17, rathinasamy@snovabits.net wrote:
 Hi,

 Many thanks for your reply.

 I am asking something which should be done in apache tomcat configurations, 
 Since I have not able to control that maxtry concept through my application
 (it is out of my app control)
 There's no Tomcat or Servlet config to do this.

 Through my app just generate a url to access a video file at run time,  
 may be the user can copy that url and paste it in outside browsers - here I 
 have to control
 the usage of using my url which I have given to the user.
 If your app is generating the URL, why can't it also be responsible for
 removing it?

 That url is something looks like 
 (http://localhost:8080/Club/dely/ios/item/42/23/cc.mp4)  it should 
 accessed via apache tomcat, so I am asking here for anyway to
 expire the url path in apache tomcat using filters

 like:

  init-param
 param-nameExpiresByType image/param-name
 param-valueaccess plus 2 minutes/param-value
  /init-param
  init-param

 But it expires image  after 2 minutes, I need to expires some url pattern 
 after 2 access.

 Thank you again for spending your time in this.
 Write a filter that blocks that URL after 3 accesses or 2 minutes
 (perhaps using the suggestion by Joseph).


 p


 Regards,
 Rathinasamy.


 On 8/27/2012 12:34 PM, Joseph wrote:
 Have u tried to use regex to filter URL ,use concurrent hash map and 
 atomic int to count?

 在 2012-8-27，13:30，rathinasamy@snovabits.net 
 rathinasamy@snovabits.net 写道：

 Hi everyone,

 Please give me some ideas to achieve maxtry concept.

 I want to destroy the url path after some amount of access.

 For eg., if I give maxtry = 2 for the run time generated url 
 (http://localhost:8080/Club/dely/ios/item/42/23/cc.mp4), After the two 
 times access of the above url for the third time that url path will not 
 be able to access for anyone.

 _My environment is:_

 Apache-tomcat-7.0.25*
 *Windows 7
 32 bit Operating system

 How to achieve this using apache filter?

 Thanks in advance,
 Rathinasamy.
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How-to-achieve-url-maxtry-filter-in-apache-tomcat

[Pid]

On 27/08/2012 08:17, rathinasamy@snovabits.net wrote:
 Hi,
 
 Many thanks for your reply.
 
 I am asking something which should be done in apache tomcat configurations, 
 Since I have not able to control that maxtry concept through my application 
 (it is out of my app control)

There's no Tomcat or Servlet config to do this.

 Through my app just generate a url to access a video file at run time,  may 
 be the user can copy that url and paste it in outside browsers - here I have 
 to control
 the usage of using my url which I have given to the user.

If your app is generating the URL, why can't it also be responsible for
removing it?

 That url is something looks like 
 (http://localhost:8080/Club/dely/ios/item/42/23/cc.mp4)  it should accessed 
 via apache tomcat, so I am asking here for anyway to 
 expire the url path in apache tomcat using filters 
 
 like:
 
  init-param
 param-nameExpiresByType image/param-name
 param-valueaccess plus 2 minutes/param-value
  /init-param
  init-param
 
 But it expires image  after 2 minutes, I need to expires some url pattern 
 after 2 access.
 
 Thank you again for spending your time in this.

Write a filter that blocks that URL after 3 accesses or 2 minutes
(perhaps using the suggestion by Joseph).


p


 Regards,
 Rathinasamy.
 
 
 On 8/27/2012 12:34 PM, Joseph wrote:
 Have u tried to use regex to filter URL ,use concurrent hash map and atomic 
 int to count?

 在 2012-8-27，13:30，rathinasamy@snovabits.net 
 rathinasamy@snovabits.net 写道：

 Hi everyone,

 Please give me some ideas to achieve maxtry concept.

 I want to destroy the url path after some amount of access.

 For eg., if I give maxtry = 2 for the run time generated url 
 (http://localhost:8080/Club/dely/ios/item/42/23/cc.mp4), After the two 
 times access of the above url for the third time that url path will not be 
 able to access for anyone.

 _My environment is:_

 Apache-tomcat-7.0.25*
 *Windows 7
 32 bit Operating system

 How to achieve this using apache filter?

 Thanks in advance,
 Rathinasamy.
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Support for Windows 8 and Windows Server 2012

[Pid *]

On 24 Aug 2012, at 07:33, Geet Chandra gee...@gmail.com wrote:

 Hi,

 Does anybody know about Tomcat (6.x or 7.x) support for Windows 8 and
 Windows Server 2012.
 If it is there, then which version, if not when can we expect.

Why not try the latest Tomcat 7 and let us know if it works?


p

 --
 Thanks  Regards
 Geet

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ClassCastException org.apache.jasper.runtime.ELContextImpl cannot be cast to org.apache.jasper.el.ELContextImpl

[Pid *]

On 20 Aug 2012, at 23:28, Dale Ogilvie dale_ogil...@trimble.com wrote:

 So, I ran with JVM option -verbose:class
 Then I requested a jsp from app1 and the console printed:

 ...
 [Loaded javax.el.ExpressionFactory from 
 file:/C:/apache-tomcat-7.0.27/lib/el-api.jar]
 [Loaded org.apache.jasper.runtime.JspApplicationContextImpl from 
 file:/C:/sandpit-28/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/app2/WEB-INF/lib/jsp-2.1-6.1.14.jar]
 [Loaded javax.el.ELContext from file:/C:/apache-tomcat-7.0.27/lib/el-api.jar]
 [Loaded org.apache.jasper.runtime.ELContextImpl from 
 file:/C:/sandpit-28/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/app2/WEB-INF/lib/jsp-2.1-6.1.14.jar]
 ...

 This seems to indicate that the class is being loaded by app1 from 
 app2/WEB-INF/lib/jsp-2.1-6.1.14.jar. No?

Where is that dependency JSP jar from?
It should not be in WEB-INF/lib if it's providing JSP functionality.


p




 Dale

 Т�ХF�V�7V'67�R�R���âW6W'2�V�7V'67�TF��6B�6�R��pФf�FF�F����6����G2�R���âW6W'2ֆV�F��6B�6�R��pР

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6 configuration using unpackWARS no longer works in Tomcat 7

[Pid *]

On 10 Aug 2012, at 20:44, Ian Long (Opterus) ian.l...@opterus.com wrote:

 Hi Mark,

 Thanks for the info.

 I would rather not rename the WAR file or add the context.xml to it, because 
 it is deployed in multiple ways on different severs and in development 
 environments etc.

 Why must it be called ROOT.war, the Tomcat 6 way seems more flexible?

It's been ROOT.war for a long time and ths is the preferred way of doing it.
6 had broader but less clear and more error prone possible alternatives.


p



 Cheers,
 Ian Long
 Chief Software Architect, Opterus Inc.

 Email: ian.l...@opterus.com
 Phone: 416-840-8495 x666
 Mobile: 416-817-9206
 Web: http://www.opterus.com


 On Friday, 10 August, 2012 at 3:38 PM, Mark Thomas wrote:

 On 10/08/2012 20:20, Ian Long (Opterus) wrote:
 Any help is greatly appreciated!


 1. Remove the docBase from the context.xml file
 2. Package the context.xml file in the WAR
 3. rename the WAR to ROOT.war
 4. Place the WAR in the appBase

 Mark

 P.S. If you want to add some name/version to the WAR, name it
 ROOT##SomeMarkerOfYourChoice.war



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
 (mailto:users-unsubscr...@tomcat.apache.org)
 For additional commands, e-mail: users-h...@tomcat.apache.org 
 (mailto:users-h...@tomcat.apache.org)





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: is this idea even possible in tomcat?

[Pid *]

On 11 Aug 2012, at 20:42, Elias Kopsiaftis yemi...@gmail.com wrote:

 I posted about this a bit earlier, and I was told WebSockets were a better
 approach, but I am wondering is what I am trying to do even possible? My
 idea is to create a program that allows two users to connect through the
 server, and send images and text to each other. for the server, i have two
 servlets, one that uses comet, and one that does not. the regular servlet
 listens for requests, and broadcasts them to all the available connections.
 the comet servlet listens for connections, and once a connection is made,
 stores the response in a singleton that both the regular servlet and comet
 servlet have access to. the way its supposed to work is that the comet
 servlet stores the response to all connected, the regular servlet listens
 for messages, and once it receives one, gets a reference to the singleton,
 goes through all its responses, and sends the message to each connection. i
 can get my client to connect to the comet servlet just fine, via the tomcat
 logs, but i cant get it to connect at all to the regular servlet and i dont
 know why. when i print out the url used to connect to the regular servlet
 and use the browser, i am not getting any server errors, so it looks like
 it connects just fine, but none of my print statements in the inputservlet
 ever get executed, meaning it never processes. now i am wondering, is this
 idea even possible with the technology available in comet?

None of the above sounds like a good idea.
Use Comet/WebSockets and a message broker - the pattern you are
looking for is called publish-subscribe. For open source brokers you
can either use something like Apache ActiveMQ or RabbitMQ.


p



 --bcaec550b36ca57b5304c702a778--

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: need help debugging why a simple app install fails

[Pid *]

On 9 Aug 2012, at 13:56, my koseli mykos...@gmail.com wrote:


 Hi,

 I am using tomcat6 in ubuntu Ubuntu 10.04.4 LTS and running into problem
 when installing a very simple app.

 When I do ant build, deploy it seems to work but when I do ant install -v
 I get failed to build with output below. I cant find the reason this is
 failing. Is it possible to get some help on debugging this?

 Detected Java version: 1.6 in: /usr/lib/jvm/java-6-openjdk/jre

 Detected OS: Linux
 parsing buildfile /home/user/springapp2/build.xml with URI =
 file:/home/user/springapp2/build.xml
 Project base dir set to: /home/user/springapp2
 parsing buildfile
 jar:file:/usr/share/ant/lib/ant.jar!/org/apache/tools/ant/antlib.xml with
 URI = jar:file:/usr/share/ant/lib/ant.jar!/org/apache/tools/ant/antlib.xml
 from a zip file
 [property] Loading /home/user/springapp2/build.properties
 Build sequence for target(s) `install' is [install]
 Complete build sequence is [install, reload, start, build, deploy, list,
 usage, stop, deploywar, ]
 install:
  [install] FAIL - Failed to deploy application at context path /springapp2
 BUILD FAILED
 /home/user/springapp2/build.xml:106: FAIL - Failed to deploy application
 at context path /springapp2
 at
 org.apache.catalina.ant.AbstractCatalinaTask.execute(AbstractCatalinaTask.java:258)
 at
 org.apache.catalina.ant.AbstractCatalinaTask.execute(AbstractCatalinaTask.java:146)
 at org.apache.catalina.ant.InstallTask.execute(InstallTask.java:114)
 at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
 sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
 at
 sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
 at java.lang.reflect.Method.invoke(Method.java:616)
 at
 org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106)
 at org.apache.tools.ant.Task.perform(Task.java:348)
 at org.apache.tools.ant.Target.execute(Target.java:390)
 at org.apache.tools.ant.Target.performTasks(Target.java:411)
 at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1360)
 at org.apache.tools.ant.Project.executeTarget(Project.java:1329)
 at
 org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41)
 at org.apache.tools.ant.Project.executeTargets(Project.java:1212)
 at org.apache.tools.ant.Main.runBuild(Main.java:801)
 at org.apache.tools.ant.Main.startAnt(Main.java:218)
 at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280)
 at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109)
 Total time: 0 seconds


What do the Tomcat logs say about the error?


p

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 7.0.29 vs. Groovy with Java 7

[Pid *]

On 16 Aug 2012, at 17:10, Jess Holle je...@ptc.com wrote:

 It appears that when one installs the groovy-all-2.0.1-indy.jar in a Tomcat 
 web app, BCEL chokes on the Java 7 specific byte-code therein ala

   org.apache.tomcat.util.bcel.classfile.ClassFormatException: Invalid byte 
 tag in constant pool: 15
   at 
 org.apache.tomcat.util.bcel.classfile.Constant.readConstant(Constant.java:131)
   at 
 org.apache.tomcat.util.bcel.classfile.ConstantPool.init(ConstantPool.java:60)
   at 
 org.apache.tomcat.util.bcel.classfile.ClassParser.readConstantPool(ClassParser.java:209)
   at 
 org.apache.tomcat.util.bcel.classfile.ClassParser.parse(ClassParser.java:119)
   at 
 org.apache.catalina.startup.ContextConfig.processAnnotationsStream(ContextConfig.java:2066)
...

 Is there an update planned to make org.apache.tomcat.util.bcel savvy to Java 
 7 or replace it with ASM (which is fully Java 7 savvy)? [Please!]

 Until then, can I completely exclude this jar from annotation scanning?

Yes!


p


 --
 Jess Holle


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ClassCastException org.apache.jasper.runtime.ELContextImpl cannot be cast to org.apache.jasper.el.ELContextImpl

[Pid]

On 07/08/2012 00:24, Dale Ogilvie wrote:
 Daniel Mikusa [mailto:dmik...@vmware.com] wrote:
 
 You would be using a shared class loader if you are placing JAR files used 
 by multiple deployed web applications into the
 $CATALINA_BASE/lib or $CATALINA_HOME/lib directory.  Are you placing any JAR 
 files into those folders?  
 
 We have placed three JDBC driver jars in $CATALINA_HOME/lib. I presume this 
 is irrelevant to this issue. The class in question 
 org.apache.jasper.runtime.ELContextImpl only appears to be in a jar located 
 in app2/WEB-INF/lib, yet it is being loaded for app1. I have verified that 
 the class is NOT in $CATALINA_HOME/lib. If we remove app2 from tomcat, the 
 ClassCastException disappears from app1. Further, removing the jar containing 
 org.apache.jasper.runtime.ELContextImpl  from app2 also resolves the issue.
 
 There does seem to be a problem that app2 is sharing classes with app1 from 
 app2/WEB-INF/lib. How can this happen?

Tomcat blocks some JARs from being loaded from a webapp lib - the
Servlet APIs - maybe the Tomcat JARs should go on the list.
This might be construed as a bug, or at least an enhancement request.


p

 Maybe try adding the JVM option -verbose:class to bin/setenv.sh.  This 
 option will cause the JVM to log when a class is loaded and from where it 
 was loaded.
 
 I'll look into that. 
 
 Dan
 
 Thanks.
 
 Dale
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: TOMCAT with multiple sites (one on https, others on http)

[Pid]

On 03/08/2012 17:35, Massimo Chirivì - Ict Consultant wrote:
 *this is my server.xml, *
 *the sites on the http is ok, but the site on the https is not ok?*
 *thank you for help*

Are you just repeating the same question over  over?

Have you read the documents provided previously?

What version of Tomcat are you using?

What *exactly* does 'not ok' mean?

Are there any errors in the log files?

Can you describe the symptoms of the error?

Have you ever read  comprehended:

 http://www.catb.org/esr/faqs/smart-questions.html


p


 ?xml version='1.0' encoding='utf-8'?
 
 Server port=8005 shutdown=SHUTDOWN
 
   Listener className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on /
   Listener className=org.apache.catalina.core.JasperListener /
   Listener className=org.apache.catalina.mbeans.ServerLifecycleListener
 /
   Listener
 className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener /
 
   GlobalNamingResources
 Resource name=UserDatabase auth=Container
   type=org.apache.catalina.UserDatabase
   description=User database that can be updated and saved
   factory=org.apache.catalina.users.MemoryUserDatabaseFactory
   pathname=conf/tomcat-users.xml /
   /GlobalNamingResources
 
   Service name=Catalina
 
 
 Connector port=80 protocol=HTTP/1.1
connectionTimeout=2
redirectPort=443 /
 
 Connector port=8009 protocol=AJP/1.3 redirectPort=443 /
 
 
 Engine name=Catalina defaultHost=localhost
 
   Realm className=org.apache.catalina.realm.UserDatabaseRealm
  resourceName=UserDatabase/
 
   Host name=localhost  appBase=webapps
 unpackWARs=true autoDeploy=true
 xmlValidation=false xmlNamespaceAware=false
   /Host
 
   Host name=www.site1.it debug=0 unpackWARs=true
 Logger className=org.apache.catalina.logger.FileLogger
  directory=logs  prefix=virtual_log1. suffix=.txt
 timestamp=true/
 Context path= docBase=/webapps/site1 debug=0
 reloadable=true/

Context definitions in server.xml is very strongly discouraged and
considered poor practice.


 Valve className=org.apache.catalina.valves.AccessLogValve
  directory=logs  prefix=virtual_log. suffix=.txt
  pattern=common/
   /Host
 
 
 Host name=www.site2.net debug=0 unpackWARs=true 
 Logger className=org.apache.catalina.logger.FileLogger
  directory=logs  prefix=virtual_log29. suffix=.txt
 timestamp=true/

There is no logger in Tomcat 7.0.


 Context path= docBase=/webapps/site2 debug=0
 reloadable=true/
 Valve className=org.apache.catalina.valves.AccessLogValve
  directory=logs  prefix=virtual_log. suffix=.txt
  pattern=common/
 /Host
 
 /Engine
   /Service
 
 
   Service name=Catalinassl
 
 Engine name=Catalinassl defaultHost=localhost
 Connector port=443 maxHttpHeaderSize=8192 maxThreads=150
 minSpareThreads=25 maxSpareThreads=75 enableLookups=false
 disableUploadTimeout=true acceptCount=100 scheme=https secure=true
 SSLEnabled=true clientAuth=false sslProtocol=TLS keyAlias=bancomed
 keystoreFile=C:\Program Files\Java\jre1.5.0_15\bin\site3.jks
 keypass= /
 
   Host name=www.site3.net debug=0 unpackWARs=true
 Logger className=org.apache.catalina.logger.FileLogger
  directory=logs  prefix=virtual_log29. suffix=.txt
 timestamp=true/

There is no logger in Tomcat 7.0.

 Context path= docBase=/webapps/site3 debug=0
 reloadable=true/

Context definitions in server.xml is very strongly discouraged and
considered poor practice.


 Valve className=org.apache.catalina.valves.AccessLogValve
  directory=logs  prefix=virtual_log. suffix=.txt
  pattern=common/
 /Host
   /Engine
 
   /Service
 
 
 
 /Server
 
 Massimo Chirivì
 
 
 
 
 
 2012/2/12 Caldarale, Charles R chuck.caldar...@unisys.com
 
 From: mchirivi@gmail.com [mailto:mchirivi@gmail.com] On Behalf Of
 Massimo Chirivì - Ict Consultant
 Subject: Re: TOMCAT with multiple sites (one on https, others on http)

 i have a server with TOMCAT and i want to configure multiple sites,
 i can configure one site on https and others sites on http?

 1) Read the servlet spec, especially section 13, security.

 2) Read the Tomcat doc for SSL and Connector:
 http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html
 http://tomcat.apache.org/tomcat-7.0-doc/config/http.html

 3) Read the Wiki for virtual hosts:

 http://wiki.apache.org/tomcat/HowTo#How_do_I_set_up_Tomcat_virtual_hosts_in_a_development_environment.3F

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail and
 its attachments from all computers.


 


-- 

[key:62590808]



signature.asc
Description: OpenPGP 

[OT] Re: Warning: js modified in the future- not able to find the files

[Pid]

On 01/08/2012 04:35, Kiran Badi wrote:
 Hi All,
 
 I have TC 7.0.11/7.0.27 and Apache 2.2 all sitting in the C://Program
 Files/Apache Software Foundation folder.
 
 I came across a strange issue today where in close to 10+ Javascript
 files were missing from the folder.
 
 Below is the way I do things
 I use dreamweaver for designing the page and under apache server, I drop
 all js/css/html files.Once design is finalised,I move those HTML/JS/CSS
 files to Netbeans+ TC 7.0.11 environment for building serverside code,
 and once its ready, I create the  build  and then I deploy it in TC 7.0.27.
 
 Today for some reasons close to 10 + same js files were missing from all
 servers, I am lost as how to recover those files now,
 
 I came across this message while rebuilding the project today,
 
 Warning:  modified in the future.
 Warning: js modified in the future.
 Warning: js\lib modified in the future.
 
 I dont know as what is cause of this,but I know nothing has changed from
 my system today.There is nothing in event logs
 
 My environment is Win7 Home premium 32 bit,I am totally at the loss now
 as most of my client side functionality is gone and I am still assessing
 the damage to java code.
 
 Just wanted to check if there exists any way to get back those files.

That's not a Tomcat problem.
Check the clocks on everything that is writing to the file system.


p

 - Kiran
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: PDF Download problem tomcat = 7.0.27

[Pid]

On 01/08/2012 08:54, André Warnier wrote:
 Konstantin Kolinko wrote:
 2012/8/1 Jose María Zaragoza demablo...@gmail.com:
 The Content-Length header in the above 206 response is not from Tomcat.

 Tomcat's DefaultServlet does not calculate the whole size of the parts
 and does not set content-length, and the file size is much more than
 fits into the buffer.
 So it would use  Transfer-Encoding: chunked  in its response and not
 the one that you cited.
 There must be some proxy in the way that buffers the data and sends
 them as one response instead of chunks. HTTPD? Was there some option
 in it that disables chunked encoding when interacting with IE?

 Well, i don't know so much, but that doesn't have to do with chunked
 encoding, but Partial Content support, right ?
 And partial content is requested by client (IE) if Content-length is
 very big ( I guess ... )
 Maybe, IE requests a PDF file (GET) and  if it sees a Content-length
 very big , cuts downloading and re-send a GET request with a range of
 bytes.

 Chrome looks to perform something like that behaviour


 1. I suspect that the content is requested not by IE, but by the Adobe
 Acrobat plugin.

 The User-Agent header says that it was IE6,  but it is hard to
 imagine why the browser by itself would request that strange bytes
 range, asking for the tail of the file first. So there is something
 else that uses the browser to perform the request.

 +1
 Talking about PDF files, there is a possible good reason for such a
 behaviour.
 
 A PDF file is not just a sequential text-like file.  It is more like an
 indexed file containing tables of pointers which points to more or less
 randomly organised chunks of data inside the file. And, as per Adobe PDF
 1.7 reference :
 
 3.4.4 File Trailer
 The trailer of a PDF file enables an application reading the file to
 quickly find the cross-reference table and certain special objects.
 Applications should read a PDF file from its end. The last line of the
 file contains only the end-of-file marker, %%EOF. (See implementation
 note 18 in Appendix H.) The two preceding lines contain the keyword
 startxref and the byte offset from the beginning of the file to the
 beginning of the xref keyword in the last cross-reference section.
 etc..
 ...
 And Note 18 in Appendix H essentially says that Acrobat reader is
 tolerant with respect to the above, and accepts a PDF if the %%EOF
 marker is located within the last 1024 bytes of the file.
 
 So, it is not beyond belief to imagine that a smart browser PDF plugin
 would first request the last chunk of the file, in order to retrieve
 pointers to the contents of the first page of the PDF, so that it could
 quickly retrieve the range of bytes corresponding to this first page, so
 that it could quickly display this first page into the browser window,
 while later retrieving the rest on-demand (as the user scrolls). (*)
 
 And if this is not the real explanation for the behaviour we are seeing,
 at least it is a clever one.
 
 Now how this all works in conjunction with the behaviour of HTTP
 proxies/gateways with respect to Range requests and buffering, is left
 as an exercise for the reader.
 (Who can start by trying to understand
 http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35)
 But that there would exist a couple of obscure bugs somewhere in there,
 which show up only in very specific circumstances, is not beyond belief
 either.
 
 
 (*) The attentive reader will have noticed that there is a possible flaw
 in this explanation : in the case at hand, the browser/plugin requests 2
 chunks of bytes in the Range request : the end-of-file chunk, but also a
 chunk in the middle.  How does it already know which second Range to
 request ?

The PDF plugin is a PITA.

It *does* request ranges, which can be a little painful; I found this
out the hard way with some dynamically rendered PDFs.


p

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Best practice for redeployments

[Pid]

On 30/07/2012 22:57, llow...@oreillyauto.com wrote:
 All,
 
 I have  70-80 apps that are spread out across 3 different clusters (based
 on usage, availability needs etc)
 
 Currently, each night we wipe out the wars and then redeploy them with
 fresh copies from the end points of our promotion paths (one for test and
 one for prod).
 
 What's the general consensus for the best practice for this?
 
 Do people generally only redeploy whatever has changed?
 
 Are nightly  tomcat restarts even needed (or recommended), or should we
 just hot-deploy things at fixed times (based on traffic patterns) but only
 if something is needing to be updated?
 
 Any recommendations or thoughts or suggestions would be greatly
 appreciated. I'm sure there is some room for improvement in how we do
 things, but I was wondering what was considered a standard practice in
 this area.
 
 Lee Lowder

In future please start a completely new email, rather than replying to
an existing email* just editing the subject/body (which is call thread
hijacking).


p


* Re: Best practice for redeployments

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Permanent servlet in TC7

[Pid]

On 26/07/2012 22:38, Christopher Schultz wrote:
 Chip,
 
 On 7/26/12 3:19 PM, Chip McVey wrote:
 In TC7, is there a way to tell Tomcat to never unload a given
 servlet unless Tomcat itself is being shutdown?  I want a single
 servlet instance that I can know will exist for the life of the
 tomcat process without being unloaded  reloaded (unless someone
 manually instructs Tomcat to do so, of course).
 
 Yes, I know I'm not supposed to do this and that the servlet
 spec says a container is allowed to unload a server any time as
 long as a request is not in process.  I still would like to know if
 there's some Tomcat specific way to tell TC7 to never unload the
 servlet. And yes, I realize even if there is such a way that future
 versions of Tomcat may remove this capability.  :)
 
 You have said both servlet and server: which did you mean?
 
 Do you need a particular web application to stay loaded? That's easy:
 simply don't undeploy it.
 
 Do you need a single (or multiple) servlet(s) to stay loaded all the
 time? That's also easy: I don't believe Tomcat ever actually unloads a
 servlet. (You can easily test this by implementing the destroy()
 method and emitting some kind of log).
 
 What is it about the servlet that it needs to stay loaded? Servlets
 aren't really supposed to have any state, so unloading and re-loading
 the servlet shouldn't represent anything traumatic to your web
 application.
 
 If you have to have some kind of data loaded all the time, consider
 moving that data into the ServletContext (aka application)
 attributes: then the servlet can be unloaded and re-loaded at will and
 the data will persist.

+1

- ServletContextListener


p

 -chris
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: tomcat 7.0.29 build fails with dbcp target enabled; ok if disabled.

[Pid *]

On 25 Jul 2012, at 08:06, k9...@operamail.com k9...@operamail.com wrote:



 On Tue, Jul 24, 2012, at 06:11 PM, Caldarale, Charles R wrote:
 Tomcat 7 must be built with JDK 6 due to incompatibilities introduced by
 Sun/Oracle in JRE 7.  Once built, you may run Tomcat 7 under JRE/JDK 7.
 Tomcat 8 will be buildable with JDK 7.

 As JDK7 is our stanrard fare, is there a Tomcat 8 roadmap / release
 schedule available?

Why compile from source when there are pre built binaries that run on Java 7?


p





 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Certificate chain does not seem to work and no errors in the tomcat logs

[Pid]

On 23/07/2012 19:42, Sivasubramaniam, Latha wrote:
 This issue got resolved, the private key was not present in the JKS file. 
 Once we got the pfx file from the customer and pointed to that in the 
 server.xml file, application started working. When we imported the 
 certificate (.cer file), keytool utility did not complain the private key is 
 not present. Also when browser makes a request there was no error messages/no 
 indication in the tomcat, there was no response from the tomcat server.  Any 
 comments on this please.

Was Tomcat running?


p

 -Latha
 
 
 -Original Message-
 From: Sivasubramaniam, Latha 
 Sent: Wednesday, July 18, 2012 1:56 PM
 To: 'Tomcat Users List'
 Cc: Samala, Praveen; Pandurangan Krishnakumar
 Subject: RE: Certificate chain does not seem to work and no errors in the 
 tomcat logs
 
 We tried with Firefox, that did not work either.
 
 -Original Message-
 From: Sivasubramaniam, Latha
 Sent: Wednesday, July 18, 2012 1:55 PM
 To: 'Tomcat Users List'
 Cc: Samala, Praveen; Pandurangan Krishnakumar
 Subject: RE: Certificate chain does not seem to work and no errors in the 
 tomcat logs
 
 Connector string
 
 
 Connector port=9883 protocol=org.apache.coyote.http11.Http11NioProtocol 
 maxHttpHeaderSize=8192 SSLEnabled=true maxThreads=800 
 enableLookups=false disableUploadTimeout=true acceptCount=200 
 scheme=https secure=true clientAuth=false URIEncoding=UTF-8 
 keystoreFile=D:\Program Files (x86)\Aspect Software\Real-Time Reporting 
 Server\SunJVM\jre\lib\security\keystorertrself2048.jks 
 keystorePass=changeit keystoreType=JKS /
 
 Thanks,
 Latha
 
 -Original Message-
 From: Sivasubramaniam, Latha
 Sent: Wednesday, July 18, 2012 9:26 AM
 To: Tomcat Users List
 Cc: Samala, Praveen; Pandurangan Krishnakumar
 Subject: RE: Certificate chain does not seem to work and no errors in the 
 tomcat logs
 
 Thanks for your  response Christopher. 
 
 We have requested customer to install firefox.  We are using SSL and I will 
 get the connector configuration once I get access to the system. 
 Log level is changed to FINE in the logging.properties but we don't seem to 
 get anything related to the certificate and the same when we start tomcat. I 
 will check the log contents and post if the relevant lines.
 
 Thanks,
 Latha
 
 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net]
 Sent: Wednesday, July 18, 2012 8:40 AM
 To: Tomcat Users List
 Subject: Re: Certificate chain does not seem to work and no errors in the 
 tomcat logs
 
 Latha,
 
 On 7/17/12 8:20 PM, Sivasubramaniam, Latha wrote:
 I am having issues with the SSL certificate chain the https requests 
 from the IE8 browser does not get any response.  Following are the 
 details and any help is appreciated. This is in one of our customer 
 implementation.
 
 Tomcat version: 6.0.29 OS: Windows 2008 Browser: IE8 Ceritificate key
 size: 2048 and the server certificate is 4th level in the chain.
 
 What about other web browsers? Is it only MSIE8 that is giving you problems, 
 or can you not connect from any browser/client?
 
 I have tried following different things.
 
 * Imported chain and the server certificate to my keystore 
 and set keystore properties in the server.xml
 
 Please post your Connector configuration. Also, are you using APR for SSL?
 
 When you imported the certificate chain, did you import all 4 certificates? 
 (You may not need the top-level CA one, as it was probably already trusted by 
 the JVM).
 
 * Imported certificate chain to cacerts and imported
 server certificate to my own keystore and speficied keystore 
 properties in the server.xml
 
 * Imported certificate chain to my own trusted keystore in 
 addition to the cacerts and server certificate to another keystore, 
 specified both trustkeystore and keystore properties in the server.xml
 
 None of the above is working.
 
 I generated selfsigned certificate and that is working.
 
 That is good to know.
 
 We have windows based components using the same certificate on the 
 same server, certificates imported on to the windows certmgr and those 
 components are working. But the same certificate is not working on the 
 Java based components.
 
 I do not see any errors in the tomcat logs.
 
 Do you get any output at all when you launch Tomcat?
 
 How can I get additional logging to see what is happening? Is there 
 any known issue with the certificate chain ( I did not find any in the 
 bug list)
 
 You can change the log level from INFO to DEBUG or FINE. Look at 
 conf/logging.properties.
 
 -chris
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: 

Re: Forms authentication without cookies in 6.0.33

[Pid *]

On 20 Jul 2012, at 03:38, Brett Mason b.ma...@adinstruments.com wrote:

 Hi there,

 We have an application which uses the forms authentication provided by
 Servlet specification and is configured store session IDs in the URL rather
 than using cookies. This configuration has been working as expected under
 Tomcat 6.0.32 and earlier.

 On upgrading to Tomcat 6.0.33 or 6.0.35 this combination no longer works as
 expected. Specifically, when a user initially submits the login form they
 are immediately returned back to the form-login-page. Submitting the login
 form a second time allows them to log in. The only difference I have been
 able to spot between the first and second form submission is for the second
 submission the request attribute javax.servlet.forward.request_uri now
 has the jsessionid appended to the URL.

 After a bit of reading I'm not sure if this change is a bug, perhaps
 introduced by the changes to path parameter handling as mentioned in these
 threads:
  http://markmail.org/thread/2yzusfukitalkhyx
  http://tomcat.markmail.org/thread/ykx72wcuzcmiyujz

 Or if we are using an unsupported configuration which is suggested by
 section SRV.12.5.3.1 of the Servlet specification v2.5.


 Could someone please clarify if Tomcat supports forms authentication
 without cookies? If it is intended to be a supported configuration I'm
 happy to submit a bug report and can provided a simple standalone test app
 to reproduce the problem.

Form auth should work regardless of where the session id lives.

Is the login form an HTML or JSP page? A session must be created
before you can login, it sounds like Tomcat isn't seeing one during
the first login.


p




 Thanks,
 Brett.


 Environment details:
 - Windows 7 64-bit, Oracle JVM 1.6.0u32  1.7.0u4.
 - Debian 5 32-bit, Oracle JVM 1.6.0u32.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat7 deployment url change - please maintain backwards compatibility

[Pid *]

On 13 Jul 2012, at 18:04, Tim Pizey tim.pi...@gmail.com wrote:

 Hi André,

 On 13 July 2012 17:32, André Warnier  wrote:
 Tim Pizey wrote:

 I only joined this list this morning, and am appalled by the lack of
 constructive responses.

 Tim,
 this is probably a wrong initial impression, due to the way in which you
 phrased your initial message to the list, which sounded quite aggressive and
 condescending even to me who is not a Tomcat developer.

 This list is generally very helpful and polite, even to real Tomcat
 beginners. Consulting the list archives would demonstrate this.

 But the phrase


 Please maintain backwards compatibility by supplying a default of html
 to the the manager url, you will save a lot of people a lot of pointless
 work.

 undoubtedly rubbed a few people here the wrong way, considering that Tomcat
 is open-source and free software, made mostly by volunteers on their own
 time.
 It rubbed them all the more the wrong way since they also take the time to
 write extensive documentation and put it on-line, and you did not seem to
 have even read it before posting the above phrase.

 Now you have a choice : you either continue with the same tone, and it will
 be a frustrating experience for everyone (but first of all for you, because
 you would end up just being ignored), or we reset the relationship and you
 might get answers and/or helpful comments. Of which by the way you already
 did get some, despite your unnecessarily aggressive tone.

 I did read the instructions, for example I joined the user list,
 rather than posting a feature request on JIRA.

 Feeding back to developers through the list takes effort, there is
 nothing aggressive about my
 feedback.

 Getting user feedback is a privilege, increasingly people are not
 bothering, preferring to use a forum like Stack Overflow where
 negative responses, knee jerk RTFM etc can be costly.

 What other mechanism should I have used to make this feedback?

 Please also bare in mind that this is not for me, I have had to
 reconfigure all my poms,
 I feed this back for the good of your project.

That does sound a little condescending.

Konstantin points out that you are rather late to the party on this
topic. I don't recall the list being deluged with complaints about the
change.
Tomcat adoption has continued to accelerate during the above period.

Given this, it rather seems like the project has survived the change...


p







 hope this helps
 Tim






 --
 Tim Pizey - http://pizey.net/~timp

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat building problems: Apache Tomcat 5.5 Servelet/JSP container

[Pid]

On 11/07/2012 22:26, Wei, Mingzhen wrote:
 Konstantin, 
 
 I followed the RUNNING.TXT after installing the binary release of Tomcat 5.5. 
 But I cannot find the catalina.bat and catalina.sh for more environmental 
 variables to set. 
 
 Why tomcat is such a pain for installation? 

It's not.  You're making it harder.

Seriously, just download the actual binaries:

 http://tomcat.apache.org/download-70.cgi
 http://tomcat.apache.org/download-60.cgi
 http://tomcat.apache.org/download-55.cgi

Those are for Tomcat 7.0, 6.0 and 5.5.


p


 Thanks for your help. 
 
 -Original Message-
 From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] 
 Sent: Tuesday, July 10, 2012 10:57 AM
 To: Tomcat Users List
 Subject: Re: Tomcat building problems: Apache Tomcat 5.5 Servelet/JSP 
 container
 
 2012/7/10 Wei, Mingzhen w...@mst.edu:
 Konstantin Kolinko,

 Could you tell me the point in more detail? I am new with Tomcat and need it 
 badly to be able to run another application.

 Do you mean I need to try the combination of ant5.5 download + Ant 1.8.4 and 
 JDK 1.4.2_19?
 
 1. Why are you trying to build it from source?
 Why the existing binary releases are not good enough for you?
 
 2. Have you read the BUILDING.txt file?
 
 
 Best regards,
 Konstantin Kolinko
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Vhost-specific configuration for deployed apps?

[Pid]

On 11/07/2012 16:12, Dave Shevett wrote:
 Hi folks, this has come up in the list archives a couple times, but I'm
 having a devil of a time getting it working right.
 
 I'm trying to set a basic set of properties to a deployed app into
 Tomcat.  Note that this app is being deployed via the tomcat manager (in
 fact it's coming from Jenkins), and is in a VHost.
 
 The problem is I can't find the magic combination to get a couple basic
 config params (in this case database connection details) on a per-vhost
 basis to be available to the app.
 
 Right now I have a Spring PPC loading properties:
 bean id=propertyPlaceholderConfigurer
 class=org.springframework.beans.factory.config.PropertyPlaceholderConfigurer
 
   property name=location
   valueclasspath:congo.properties/value
   /property
 /bean
 
 which loads 'congo.properties' off the classpath. This is working, but I
 think Tomcat does not have separate classpaths for each vhost, so I
 can't just drop 'congo.properties' into Catalina/hostname/ and have it
 referenced for JUST that vhost, is that correct?

Correct.

If you really need separate host configs, use split CATALINA_HOST,
CATALINA_BASE - see RUNNING.txt in your distribution.

Then you can refer to a resource inside Spring:

  util:properties id=appProps
location=file:${catalina.base}/conf/app.properties/
  context:property-placeholder properties-ref=appProps/


p

 I can't build config parameters into the app, since the app needs to be
 generic (a .war file).  I need to pass parameters into the
 applicationContext.xml on a per-vhost basis, with the results here:
 
   bean id=com.stonekeep.congo.database.Pool
 class=com.mchange.v2.c3p0.ComboPooledDataSource
 destroy-method=close
 property name=driverClass value=com.mysql.jdbc.Driver/
 
 property name=testConnectionOnCheckout value=true/
 
 property name=jdbcUrl value=${congo.jdbcurl} /
 property name=user value=${congo.user} /
 property name=password value=${congo.password} /
   /bean
 
 I've thought about using Context blocks in the vhost, or in the Host
 block for the vhost, but I can't figure out the proper mojo to get those
 Context parameters into the Spring applicationContext.
 
 My Spring is weak, I do apologize, but would really appreciate any help.
 
 Thanks!
 
   -d
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Speeding up RMI calls

[Pid]

On 09/07/2012 16:55, Andrew Kujtan wrote:
 Tomcat Version: 7.0.27
 
 OS: Windows XP/7
 
  
 
 I'm fixing an issue we are having with a webapp that does some
 communication over RMI with a remote  server. Calls that would be
 instant in similar applications not inside the tomcat container are
 taking more than 30 seconds when called from tomcat. After debugging
 I've found that  when an RMI call is made, the classlist containing all
 the jars in the webapp lib folders is being serialized with the data.
 Which wouldn't be a problem normally, except the webapp has 300 jars in
 its lib folder.

In the other similar applications, are there 300+ jars on the classpath too?


p

 The only solution I have found is to create a custom WebAppClassloader
 that returns a zero length URL array on the getURLs() call. We don't do
 any dynamic class loading so breaking that is not a problem.
 
 My question is, is there any other way to resolve this, like a
 configuration property? If not, are there any problems that I am going
 to introduce by overriding this method? Can I override the classloader
 for just this webapp or am I stuck doing it for the entire tomcat
 instance?
 
  
 
 Thanks,
 
 Andrew Kujtan
 
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Client Authentication using SSL

[Pid]

On 12/07/2012 20:10, Burghard W.V. Britzke wrote:
 ?!

Yep, I have no idea what they're on about either.

:P


p


 Am 12.07.2012 um 19:22 schrieb Puneet Dewan:
 
 The below way I used to deploy the war and able to use it :)


 -- Forwarded message --
 From: Puneet Dewan puneet.dewan.open...@gmail.com
 Date: Thu, Jul 12, 2012 at 10:19 PM
 Subject: Re: Client Authentication using SSL
 To: Tomcat Users List users@tomcat.apache.org


 Excellent suggestions and the link at the bottom .
 On my local machine using keystore and keypass was not working while I was
 configuring a WAR on https.
 I made use of truststoreFile and truststorePass in connector tag.
 e.g

  Connector SSLEnabled=true
 acceptCount=100
   connectionTimeout=2
   executor=tomcatThreadPool
   keyAlias=tomcat
   keystoreFile=${catalina.base}/conf/tomcat.keystore
   keystorePass=changeme

   truststoreFile=${catalina.base}/conf/tomcat.keystore
   truststorePass=changeme
 maxKeepAliveRequests=15
   port=8443
   protocol=org.apache.coyote.http11.Http11Protocol
   redirectPort=8443
   scheme=https
   secure=true/



 On Wed, Jul 11, 2012 at 10:05 PM, Jeffrey Janner 
 jeffrey.jan...@polydyne.com wrote:

 Looking into implemented two-factor Auth for Tomcat with first factor
 being our current userid/password form.
 I figured that the second factor could be Client Authentication using SSL,
 as it seems readily available in Tomcat.
 Aside from the wonderful Tomcat documentation on configuring the
 connector element, does anyone else have any suggested reading on the
 subject?
 Any gotchas I should look for?

 Jeffrey Janner
 __

 Confidentiality Notice:  This Transmission (including any attachments) may
 contain information that is privileged, confidential, and exempt from
 disclosure under applicable law.  If the reader of this message is not the
 intended recipient you are hereby notified that any dissemination,
 distribution, or copying of this communication is strictly prohibited.

 If you have received this transmission in error, please immediately reply
 to the sender or telephone (512) 343-9100 and delete this transmission from
 your system.

 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: [EXTERNAL] Re: Re: Re: General Architecture Question for multiple websites on a single RedHat server

[Pid]

On 11/07/2012 13:21, Simon, Leonard wrote:
 Mark,
 I really do appreciate your time in assisting,
 It's these up front sessions that could lead to consulting gigs later on.

There's something to look forward to.


 Free consultations pay off in the end.

Not very often they don't.


p



signature.asc
Description: OpenPGP digital signature

Re: soap location address

[Pid]

On 06/07/2012 20:00, Toman, Chuck [Stock] wrote:
 How do you dynamically change soap location for WSDL files?

Are you asking this question on the right mailing list?
This list is for questions about Apache Tomcat.


p


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: tomcat filters

[Pid *]

On 5 Jul 2012, at 01:51, Christopher Schultz
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Pid,

 On 7/2/12 6:15 PM, Pid wrote:
 On 02/07/2012 18:34, Varrun Ramani wrote:
 Hi

 I am in the process developing a web application firewall(WAF)
 for tomcat similar to what mod security does, and am planning to
 use the filter API already present in tomcat to intercept
 requests and do the filtering. Are there any existing efforts at
 doing this for tomcat?

 Quite a few yes.  Acegi Security (now called Spring Security) for
 example.

 Forgive my ignorance, for I've never used Spring [anything]... does
 ACEGI/SpringSecurity provide features like mod_security, or is it a
 replacement for container-managed J2EE security (or both)?

Bit of both and more.


p



 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAk/05PUACgkQ9CaO5/Lv0PCYYgCgt0kEVBouJW+C82IdECGowzw/
 ghsAoJJuzr2+9PqGrmWuHqO+anyPUPCP
 =szuF
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat filters

[Pid]

On 02/07/2012 18:34, Varrun Ramani wrote:
 Hi
 
 I am in the process developing a web application firewall(WAF) for
 tomcat similar to what mod security does, and am planning to use the
 filter API already present in tomcat to intercept requests and do the
 filtering. Are there any existing efforts at doing this for tomcat?

Quite a few yes.  Acegi Security (now called Spring Security) for example.


p

 Thanks,
 Varrun
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: General Architecture Question for multiple websites on a single RedHat server

[Pid]

On 02/07/2012 22:34, Mark Eggers wrote:
 - Original Message -
 
 From: Simon, Leonard leonard.si...@hsn.net
 To: users@tomcat.apache.org
 Cc: 
 Sent: Monday, July 2, 2012 1:32 PM
 Subject: General Architecture Question for multiple websites on a single 
 RedHat server

 Our goals are as follows:

 The operating system will be RHEL 6.X.

 We want to run Apache and Tomcat on a single server running five websites
 using different ports for each.

 Our goal is to manage each web server independently, i.e., separate
 shutdown and startup scripts and hopefully  different log files for each
 web server.

 We noticed the bundled Apache/Tomcat with RedHat might only give us a
 standard install. Is there a way to do an alternate path install?

 Thanks and look forward to some ideas on how to accomplish this.

 
 1. Don't use the distribution package - download from tomcat.apache.org
 2. Use CATALINA_HOME / CATALINA_BASE - see RUNNING.txt for pointers
 3. Create an unprivileged user for running the Tomcats
 4. Create a template server init script for starting and stopping (version, 
 status, etc) Tomcat
 5. Copy the template init script to each named service (tomcat1, tomcat2, 
 tomcat3, etc.)
 6. Optionally place service-specific parameters in an /etc/sysconfig 
 subdirectory
 7. Add the services with chkconfig
 8. Start and stop each service separately
 
 Don't forget to change the relevant ports in each server.xml file. An ant 
 script with the xmltask add-on is quite handy for doing this. You can then 
 write a properties file with configuration specifics for each CATALINA_BASE, 
 run the ant tasks to create the CATALINA_BASE, service support files, etc., 
 and then install. The properties files then become a nice base document for 
 all of the Tomcat servers that you've installed.
 
 Alternatively, if all of your web sites have similar uptime / control / 
 access requirements, you can run all 5 sites using a combination of named 
 virtual hosts on Apache HTTPD and virtual hosts on Tomcat.
 
 Or a combination of the above . . . It all depends on your requirements.

+1


p

 . . . . just my two cents.
 /mde/
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: AprLifecycleListener initialization issue

[Pid]

On 22/06/2012 09:12, Francesco wrote:
 ( i found a lot easyer to manage tomcat inside a big servlet than viceversa)

So what's the Servlet running in?


p


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Fine tune or disable JMX activity

[Pid]

On 22/06/2012 16:09, Jacopo Cappellato wrote:
 Hi all,
 
 I am a committer of the Apache OFBiz project; OFBiz uses Tomcat 7.0.28 in 
 embedded mode.
 While doing some profiling with Java VisualVM I have noticed that a lot of 
 object (java.util.TreeMap$Entry) are created even when there is no traffic; 
 they don't represent a memory leak because a garbage collection removes them 
 all, but the still grow at a very high pace; they seem to be generated by JMX 
 support in Tomcat.

Can you explain a little about how you concluded that Tomcat's JMX
support is responsible?


p


 Is it possible? Is there a way to disable JMX related activity (if not 
 needed, of course)? I am worried that this could cause an unnecessary waste 
 of server resources (more frequent GCs etc...).
 
 Thanks in advance,
 
 Jacopo
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Fine tune or disable JMX activity

[Pid]

On 22/06/2012 16:30, Jacopo Cappellato wrote:
 
 On Jun 22, 2012, at 5:11 PM, Pid wrote:
 
 On 22/06/2012 16:09, Jacopo Cappellato wrote:
 Hi all,

 I am a committer of the Apache OFBiz project; OFBiz uses Tomcat 7.0.28 in 
 embedded mode.
 While doing some profiling with Java VisualVM I have noticed that a lot of 
 object (java.util.TreeMap$Entry) are created even when there is no traffic; 
 they don't represent a memory leak because a garbage collection removes 
 them all, but the still grow at a very high pace; they seem to be generated 
 by JMX support in Tomcat.

 Can you explain a little about how you concluded that Tomcat's JMX
 support is responsible?

 
 I am actually not sure if Tomcat is responsible for this (it could actually 
 be completely unrelated); I think it is related to JMX because I have found 
 that most of the objects are created in the following stack:
 
 https://cwiki.apache.org/confluence/download/attachments/27850262/profiler-snapshot.png

There's no Tomcat code in that tree.

How many bytes is it using, am I reading that correctly?
Is there an issue with this at all?


p


 Is it possible? Is there a way to disable JMX related activity (if not 
 needed, of course)? I am worried that this could cause an unnecessary waste 
 of server resources (more frequent GCs etc...).

 Thanks in advance,

 Jacopo
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



 -- 

 [key:62590808]



 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Creating separate log for each request

[Pid]

On 20/06/2012 22:39, Lahiru Gunathilake wrote:
 Hi  Caldarale,
 
 Its not a website.. I am hosting a middleware which will be used by
 scientist to run their application in the Grid. So Ideal scenario is like
 2--30 requests per day but they are long running and very time consuming
 (Some jobs would take 2,3 days or one week to finish), so the logs are very
 important.

If there are only a few requests per day how can it be that hard to
search the log file?


p

 Lahiru
 
 On Wed, Jun 20, 2012 at 5:35 PM, Caldarale, Charles R 
 chuck.caldar...@unisys.com wrote:
 
 From: Lahiru Gunathilake [mailto:glah...@gmail.com]
 Subject: Creating separate log for each request

 I am using slf4j for my logging and everything works fine and all
 the logs comes to catalina.out.

 Which means that things are seriously broken or incredibly badly
 configured.  Logging should *never* go to catalina.out in a properly
 configured system.

 I simply want to create a separate log for each http request
 come to my tomcat instance.

 You can't be serious.  How much traffic does your website get?

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail and
 its attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Confusing tomcat error - can't find javax.servlet.http.HttpSessionAttributeListener

[Pid]

On 20/06/2012 18:57, Cassano, Chris wrote:
 Hi, I'm getting a fatal error when I start tomcat. Now I would think that 
 servlet-api.jar is missing from the tomcat classpath but if I do 
 -verbose:class I can clearly see tomcat using other classes from that jar so 
 I know it's already included:
 
 [Loaded javax.servlet.http.HttpServletRequest from 
 file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%206.0/lib/servlet-api.jar]
 
 
 The exact error I'm getting is:
 
 java.lang.Error: Unresolved compilation problems:
 The import javax.servlet.http.HttpSessionAttributeListener cannot be 
 resolved
 The import javax.servlet.http.HttpSessionBindingEvent cannot be resolved
 HttpSessionAttributeListener cannot be resolved to a type
 HttpSessionBindingEvent cannot be resolved to a type
 HttpSessionBindingEvent cannot be resolved to a type
 HttpSessionBindingEvent cannot be resolved to a type
 HttpSessionBindingEvent cannot be resolved to a type
 
 
 The file that gives this error has import javax.servlet.http.*; at the top so 
 it appears that I've already imported the necessary classes. How can I fix 
 this fatal error? Why does tomcat see javax.servlet.http.HttpServletRequest 
 but not javax.servlet.http.HttpSessionAttributeListener?
 I'm using Tomcat version 6.0 on Windows XP SP3.

6.0.what?

Have you accidentally put the Servlet API jar in your apps WEB-INF/lib?


p



-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: tomcat 7 embed config img path

[Pid]

On 19/06/2012 21:08, avri shpigel wrote:
 Dear tomcat helper,
 I am using embedd tomcat 7.0.27 inside my java code.
 I am using minimal tomcat config as proposed in
 http://java.dzone.com/articles/embedded-tomcat-minimal
 I would like to add images in my code using html command img
 src=aaa.gif /

 I also want to know where to put my index.jsp as my home page reply.
 

 My question: what is the additional minimal tomcat config requred to
 define the path where to put my images and my home page?

In that example there is a File, instead of passing . which will
likely result in publishing the current system ${user.dir} as the ROOT
application, specify whichever directory you want to use.

Note, you'll also have to register the JSPServlet manually if you want
to serve parsed JSPs.


p


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Confusing tomcat error - can't find javax.servlet.http.HttpSessionAttributeListener

[Pid]

On 21/06/2012 13:17, Cassano, Chris wrote:
 The Tomcat version number is 6.0.33 and I just checked the WEB-INF/lib folder 
 and I don't see servlet-api.jar.  
 
 Thanks
 
 Chris Cassano
 Emprise Corporation (http://www.emprisecorporation.com)
 (860) 464-8555
 
 
 -Original Message-
 From: Pid [mailto:p...@pidster.com] 
 Sent: Thursday, June 21, 2012 7:09 AM
 To: Tomcat Users List
 Subject: Re: Confusing tomcat error - can't find 
 javax.servlet.http.HttpSessionAttributeListener
 
 On 20/06/2012 18:57, Cassano, Chris wrote:
 Hi, I'm getting a fatal error when I start tomcat. Now I would think that 
 servlet-api.jar is missing from the tomcat classpath but if I do 
 -verbose:class I can clearly see tomcat using other classes from that jar so 
 I know it's already included:

 [Loaded javax.servlet.http.HttpServletRequest from 
 file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%206.0/lib/servlet-api.jar]


 The exact error I'm getting is:

 java.lang.Error: Unresolved compilation problems:
 The import javax.servlet.http.HttpSessionAttributeListener cannot be 
 resolved
 The import javax.servlet.http.HttpSessionBindingEvent cannot be resolved
 HttpSessionAttributeListener cannot be resolved to a type
 HttpSessionBindingEvent cannot be resolved to a type
 HttpSessionBindingEvent cannot be resolved to a type
 HttpSessionBindingEvent cannot be resolved to a type
 HttpSessionBindingEvent cannot be resolved to a type


 The file that gives this error has import javax.servlet.http.*; at the top 
 so it appears that I've already imported the necessary classes. How can I 
 fix this fatal error? Why does tomcat see 
 javax.servlet.http.HttpServletRequest but not 
 javax.servlet.http.HttpSessionAttributeListener?
 I'm using Tomcat version 6.0 on Windows XP SP3.
 
 6.0.what?
 
 Have you accidentally put the Servlet API jar in your apps WEB-INF/lib?
 
 
 p

Are there any other messages in your log files?

Can you post the full stacktrace please?

In which file is the code?  A Servlet class or a JSP?


p





-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: mixing authentication schemes

[Pid]

On 21/06/2012 20:34, Aggarwal, Ajay wrote:
 Sorry about the poor formatting of my message.

Research OAuth.


p

 -Original Message-
 From: Aggarwal, Ajay [mailto:ajay.aggar...@stratus.com] 
 Sent: Thursday, June 21, 2012 3:27 PM
 To: users@tomcat.apache.org
 Subject: mixing authentication schemes
 
 CURRENT ENVIRONMENT
 
  
 
 Our device is managed via a tomcat 6 based web-server that runs on the
 device. We have a proprietary XML/JSON API that web based UI client uses
 to talk to web-server. We are NOT using container managed security.
 Instead our application has implemented its own authentication.
 Essentially client uses a proprietary login request and after a
 successful authentication, server marks the HTTP session as
 authenticated.
 
  
 
 NEW SITUATION
 
  
 
 Now we are looking to build a new multi-device management application,
 which would have its own UI and server. As the name implies this
 application is for managing multiple devices. 
 
  
 
 How should this multi-device service authenticate itself with the
 individual devices? We do not want user to enter credentials for each
 device every time this service wants to talk to a managed device. We
 also do not want to store each managed device's credentials with the
 multi-device service.
 
  
 
 One of the possibility is to use SSL certificate based authentication.
 So multi-device application can authenticate itself with individual
 devices using a SSL certificate.  We only need to import multi-device
 application's certificate into each managed device's trust-store once.
 
  
 
 QUESTIONS
 
  
 
 Few questions for those of you who have dealt with this type of 3-tier
 applications
 
  
 
 Q1. How to get above scheme working in tomcat, such that the existing
 device specific UI clients can continue to authenticate using
 proprietary login request, whereas multi-device application uses SSL
 certificate based authentication?
 
  
 
 Q2. What are some of the other suggestions and/or best practices that
 you would recommend to solve this problem?
 
  
 
 Thanks.
 
  
 
 -Ajay
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Javamail exception in tomcat 7.0.11

[Pid *]

On 19 Jun 2012, at 06:24, Kiran Badi ki...@poonam.org wrote:

 Hi All,

 I have send mail servlet, which looks something like below,

 protected void doPost(HttpServletRequest request, HttpServletResponse 
 response) throws ServletException, IOException {
   String emailRecipient = request.getParameter(name);
//   String emailRecipient = xxx;
try {
Message msg = new MimeMessage(this.session);

Unfortunately you've completely omitted the code for setting the
session object, so we can only guess why it's not working.


p


msg.setFrom(new InternetAddress(xxx));
System.out.println( remoteAddr is  + emailRecipient + ');
for (int i = 0; i  10; i++) {
msg.setRecipients(Message.RecipientType.TO, 
 InternetAddress.parse(emailRecipient, false));
}

msg.setSubject(Test email);
msg.setText(Hello This is test mail);
msg.setSentDate(new Date());
Transport.send(msg); *(This is line number 60)*
System.out.println(Message sent OK.);
} catch (Exception ex) {
 
 Logger.getLogger(MailSendingServlet.class.getName()).log(Level.SEVERE, null, 
 ex);
}
}
 }

 and I have javamail reference declared in context.xml something like this one,

 Resource name=mail/ourstorymailsession
auth=Container
type=javax.mail.Session
mail.smtp.host=smtp.gmail.com
mail.smtp.port=465
mail.smtp.auth=true
mail.smtp.user=sender userid
password=
mail.smtp.starttls.enable=true

 mail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory
mail.debug=true /

 and web.xml something like
 resource-ref
 description
   My site mail server
 /description
 res-ref-namemail/mysitemailsession/res-ref-name
 res-typejavax.mail.Session/res-type
 res-authContainer/res-auth
 res-sharing-scopeShareable/res-sharing-scope
 /resource-ref

 With this setting now I am getting below exception,

 avax.mail.MessagingException: Could not connect to SMTP host: localhost, 
 port: 25;
  nested exception is:
java.net.ConnectException: Connection refused: connect
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
at javax.mail.Service.connect(Service.java:295)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.mail.Transport.send0(Transport.java:194)
at javax.mail.Transport.send(Transport.java:124)
at indianads.MailSendingServlet.doPost(MailSendingServlet.java:60)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:641)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at 
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304)
at 
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at 
 org.netbeans.modules.web.monitor.server.MonitorFilter.doFilter(MonitorFilter.java:393)
at 
 org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at 
 org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at 
 org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at 
 org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164)
at 
 org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:498)
at 
 org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at 
 org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at 
 org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:562)
at 
 org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at 
 org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:394)
at 
 org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
at 
 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
at 
 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:166)
at 
 org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:302)
at 
 java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at 
 java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
 Caused by: java.net.ConnectException: Connection refused: connect
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:351)
at 

Re: iis not looking for jsp in tomcat webapps folder

[Pid]

On 18/06/2012 10:10, Vijaya wrote:

 file=c:/tomcat-5.5.16/conf/jk2.shm

So... tomcat-5.5.16 AND jk2?


I had to blow the dust of the 5.x security page...

http://tomcat.apache.org/security-5.html#Fixed_in_Apache_Tomcat_5.5.16,_5.0.SVN


just sayin'


p

-- 

[key:62590808]





signature.asc
Description: OpenPGP digital signature

Re: Decompression of gzip'd request body

[Pid]

On 15/06/2012 12:58, JF wrote:
 Tomcat v7.0.6,  Windows Server 2008 SP2

Also, probably a good idea to upgrade that Tomcat sometime this decade.


p

 I note that tomcat's connector's can be configured to automatically
 handle compression of 'large' respones using gzip.
 Tomcat can also be deployed behind Apache so that it can unzip/deflate
 requests.
 There used to be a GzipInputFilter;
 http://marc.info/?l=tomcat-devm=108073098630505w=2
 http://marc.info/?l=tomcat-devm=108073098630505w=2
 Is there a recommended way using tomcat to support decompression of
 gzip'd HTTP requests when not deploying behind Apache (apart from
 writing my own decompression filter), and why was the support for
 automatic decompression of requests removed?
 
 I am interested in
 - HTTP 1.1 requests with NOTransfer-Encoding set and Content-Encoding of
 the entity body ( not multipart ) set to gzip
 principally.
 
 I note that
 - HTTP 1.1 requests with Transfer-Encoding: gzip
 seems to be unsupported by tomcat.
 
 Thankyou for your time.
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Accessing Tomcat Thread Pool

[Pid]

On 15/06/2012 01:05, Oguz Kologlu wrote:
 
 On 15/06/2012, at 4:35 AM, Christopher Schultz wrote:
 
 Oguz,
 
 On 6/14/12 6:24 AM, Oguz Kologlu wrote:
 I've seen this question bounce around some threads but there's
 really no good answer.

 I'd like to use the Tomcat 7 thread pool as worker threads for
 Quartz Scheduler.
 
 Why would you want to dip-into the request-processor pool instead of
 maintaining a separate one?
 
 To conserve shared resources between web apps. 

Why?  What shared resource?  That's not a thread pool - it's a resource
pool.

 Similarly Tomcat has a built in DB connection pool / the DBCP is often a 
 shared resource.

If you're really describing a shared pool of resources (that are not
plain threads), then use commons-pool  hook it up to whatever resource
it is you're really trying to manage.


p

 Hmm. I think perhaps I can configure a common thread pool and expose it via 
 JNDI to the web apps.
 
 http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html#Generic_JavaBean_Resources
 
 
 Oz
 
 
 
 Is there a way to access the thread pool from a web app?
 
 You can't.
 
 Any other suggestions?
 
 Use your own thread pool.
 
 -chris

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 
 

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Java process killed by oom-killer in Ubuntu

[Pid]

On 12/06/2012 14:50, Christopher Schultz wrote:
 Pid,
 
 On 6/12/12 5:47 AM, Pid wrote:
 On 11/06/2012 20:15, Christopher Schultz wrote:
 Also, your previously-posted configuration seems a little
 insane:

 Xms6g -Xmx6g -XX:NewSize=4G -XX:MaxNewSize=4G
 -XX:SurvivorRatio=6 -XX:MaxPermSize=512M
 -XX:-UseConcMarkSweepGC -XX:+UseStringCache 
 -XX:+HeapDumpOnOutOfMemoryError 
 -XX:HeapDumpPath=/home/example/logs

 -Xmx6g and NewSize=4G? Plus 0.5G for PermGen?
 
 I think you'll run into trouble setting the NewSize that large. 
 There's a reason that the NewRatio works the way it does.
 
 Sun advice always used to be keep the eden size between 1/4th and
 1/3rd the maximum heap size.  You are specifying 2/3rd the max
 heap.
 
 +1
 
 I don't know what happens during a collection if the survisor space is
 too small for all the objects being promoted from eden... does the MM
 just randomly promote objects to the old space?

I don't know either for certain, but I'd not be surprised if Bad Things
Happened.

I think you'd probably see a bunch of full collections in the run up to
that situation  your performance would fall off a cliff.  You might get
an OOM before it got there, depending on the GC algo in play.


p



-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Map domain names to different paths of a single webapp ?

[Pid]

On 13/06/2012 05:12, Oguz Kologlu wrote:
 You can do this but not in Tomcat itself. You'll need to use something like 
 Apache web server
 to handle different sub domain and direct them to Tomcat.

That's an imprecise  potentially misleading answer.
Please see the other answer in this thread.


p

 If it's only one site running you could use the defaultHost attribute to 
 direct the request when it doesn't find a matching Host  element
 
 Oz
 
 
 
 On 13/06/2012, at 1:58 PM, Albert Kam wrote:
 
 I have checked the tuckey urlRewriter, and it seems cool, but doesnt
 seem to fit my needs.
 Anyway, you warnings make a lot of sense to me, so thanks there !

 On Wed, Jun 13, 2012 at 2:29 AM, André Warnier a...@ice-sa.com wrote:
 Albert Kam wrote:

 Dear Tomcat Users !

 Let's say that i have this simple webapp using Tomcat 7, and let's say
 the context name is albertzoo
 http://albertzoo.com


 albertzoo is not the context here, it's a Host.
 If you want that application to respond to the URL http://albertzoo.com/;
 (thus the context /), you will have to use the ROOT webapp.



 And then, i would like a niche site for monkeys with it's own domain :
 http://albertzoomonkeys.com


 albertzoomonkeys.com is the host. The context is /.


 which is actually the same as :
 http://albertzoo.com/monkeys


 In this one (barring tricks), monkeys is the context.



 But if the user is accessing through albertzoomonkeys.com, i dont want
 them to see the albertzoo.com/monkeys in their browser


 unless you do an external redirect, they should not see that.



 Is it possible to do with a single webapp context, or do i have to
 have different contexts(virtual hosts) for these different domains ?


 I think that technically, you could monkey around to achieve that.  But it
 is probably a lot more trouble than it's worth (risks of double deployment,
 a mess when you undeploy or want to manage your apps etc..).

 Probably much better to use two separate Host, each with its own appBase
 (/webapps) directory;
 in one of them, you deploy your application as the ROOT (default)
 application (see the FAQ for that); in the other, you deploy *a copy* of the
 same application as monkeys (and, supposedly, some other animals
 application as ROOT).
 The only inconvenient is that when you update the monkeys application,
 you'll have to copy it to both places.  But that will be much easier to
 manage, than to try some clever overlapping scheme which is going to come
 back and hit you somewhere..

 Alternatively, if you feel adventurous, you could try a single Host with
 an Alias, and play with the URLrewrite filter (see www.tuckey.org) and
 internal redirects, but... you have been warned.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




 -- 
 Do not pursue the past. Do not lose yourself in the future.
 The past no longer is. The future has not yet come.
 Looking deeply at life as it is in the very here and now,
 the practitioner dwells in stability and freedom.
 (Thich Nhat Hanh)

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Exclude url from authorized access-web.xml

[Pid]

On 14/06/2012 15:06, Rahul R wrote:
 Hi All,
 
 I have an issue with allowing access to a page which is secured using
 active directory authentication. I want some pages/content to be excluded
 from this. Following is my web.xml file under conf of tomcat.
 
 
 [code=java]
 
 security-constraint
 web-resource-collection
 web-resource-nameProtected
 Area/web-resource-name
 url-pattern/*/url-pattern
 /web-resource-collection
 
 auth-constraint
 --! These are the groups in AD --
 role-nameEngineering/role-
 name
 role-nameMigration Expert/role-name
 role-nameDevelopers/role-name
 
 /auth-constraint
 /security-constraint
 
   security-constraint
web-resource-collection
   url-pattern/update/*/url-pattern
/web-resource-collection
   /security-constraint
 
 login-config
 auth-methodBASIC/auth-method
 realm-nameServices Portal/realm-name
 /login-config
 
 [/code]
 
 As per my understanding, this should allow url's with a content update
 and allow other pages only with AD credentials. But this is not working for
 me now. Its asking for the credentials even for the url with update.
 
 Tomcat Version:7
 Env:Linux
 Url:http://myserver.com:8080/solar/index.jsp. Here its asking the
 credentials, its fine and as expected.
 
 url with update in the address: http://myserver.com:8080/solar/site/update.
 When I access this url, its still asking for the credentials.

This:
 /solar/site/update

does not match this pattern:
 url-pattern/update/*/url-pattern


the pattern would have to be:
 url-pattern/site/update/*/url-pattern


p

 I am not really sure why this is happening. Could anyone here can help me
 on this?
 
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: tomcat cluster for stateless web application

[Pid *]

On 12 Jun 2012, at 18:22, Albert Kam moonblade.w...@gmail.com wrote:

 I've noticed that in the documentation, it says a lot about session 
 replication.

 I wonder what can be omitted in the configurations for a stateless
 java webapp setup (without any sessions),
 to hopefully get a simpler configuration or even gain more efficiency,
 bypassing the replication altogether ?

Well, start by not configuring the cluster. That should be enough.


p



 --
 Do not pursue the past. Do not lose yourself in the future.
 The past no longer is. The future has not yet come.
 Looking deeply at life as it is in the very here and now,
 the practitioner dwells in stability and freedom.
 (Thich Nhat Hanh)

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: post redirect get to the same tomcat instance in a tomcat cluster ?

[Pid *]

On 12 Jun 2012, at 18:17, Albert Kam moonblade.w...@gmail.com wrote:

 Hi all !

 Is it possible to do POST submit to the tomcat-A, redirect happens,
 and then GET to the same tomcat-A again in a tomcat cluster ?
 And, in hope to make things easier, all the tomcat servers in the
 cluster are stateless wihout any sessions

You contradict this statement below by saying it does use s

 This needs arise because each tomcat servers will have it's own spring
 context (a kind of state, but not a per-user-session),
 and i am making use of flash attribute feature detailed in here :
 http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/mvc.html#mvc-flash-attributes

 Here are the relevant quotes from the page :

 Flash attributes provide a way for one request to store attributes
 intended for use in another. This is most commonly needed when
 redirecting — for example, the Post/Redirect/Get pattern. Flash
 attributes are saved temporarily before the redirect (typically in the
 session) to be made available to the request after the redirect and
 removed immediately.

 Flash attribute support is always on and does not need to enabled
 explicitly although if not used, it never causes HTTP session
 creation. On each request there is an input FlashMap with attributes
 passed from a previous request (if any) and an output FlashMap with
 attributes to save for a subsequent request. Both FlashMap instances
 are accessible from anywhere in Spring MVC through static methods in
 RequestContextUtils.

 --
 Do not pursue the past. Do not lose yourself in the future.
 The past no longer is. The future has not yet come.
 Looking deeply at life as it is in the very here and now,
 the practitioner dwells in stability and freedom.
 (Thich Nhat Hanh)

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: post redirect get to the same tomcat instance in a tomcat cluster ?

[Pid]

On 13/06/2012 13:13, Pid * wrote:
 On 12 Jun 2012, at 18:17, Albert Kam moonblade.w...@gmail.com wrote:
 
 Hi all !

 Is it possible to do POST submit to the tomcat-A, redirect happens,
 and then GET to the same tomcat-A again in a tomcat cluster ?
 And, in hope to make things easier, all the tomcat servers in the
 cluster are stateless wihout any sessions
 
 You contradict this statement below by saying it does use s

(Oops. Fat finger + touch screen...)

You contradict this statement below by saying it does use sessions,
below.  Just because you are not directly using a session, it does not
mean that a framework isn't doing so behind the scenes.

If there's no need to replicate sessions, you can still use the
sticky-session mechanism to pin a session to a node.

See server.xml, Engine.jvmRoute in the docs.


p


 This needs arise because each tomcat servers will have it's own spring
 context (a kind of state, but not a per-user-session),
 and i am making use of flash attribute feature detailed in here :
 http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/mvc.html#mvc-flash-attributes

 Here are the relevant quotes from the page :

 Flash attributes provide a way for one request to store attributes
 intended for use in another. This is most commonly needed when
 redirecting — for example, the Post/Redirect/Get pattern. Flash
 attributes are saved temporarily before the redirect (typically in the
 session) to be made available to the request after the redirect and
 removed immediately.

 Flash attribute support is always on and does not need to enabled
 explicitly although if not used, it never causes HTTP session
 creation. On each request there is an input FlashMap with attributes
 passed from a previous request (if any) and an output FlashMap with
 attributes to save for a subsequent request. Both FlashMap instances
 are accessible from anywhere in Spring MVC through static methods in
 RequestContextUtils.

 --
 Do not pursue the past. Do not lose yourself in the future.
 The past no longer is. The future has not yet come.
 Looking deeply at life as it is in the very here and now,
 the practitioner dwells in stability and freedom.
 (Thich Nhat Hanh)

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: HttpOnly

[Pid]

On 12/06/2012 15:11, Christopher Schultz wrote:
 Paul,
 
 On 6/12/12 9:03 AM, Paul Singleton wrote:
 On 12/06/2012 06:57, Caldarale, Charles R wrote:
 From: N.s.Karthik [mailto:nskarthi...@gmail.com] Subject:
 HttpOnly

 Tomcat 6.0.10

 For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy
 in INTRANET.

 Sorry, but there is simply no excuse for using a version of
 Tomcat that's over five years old.
 
 There may be a sound business rationale for using old versions of 
 software.

Maybe, but only if that version hasn't been updated - and even then the
risk associated with that software increases over time, not decreases.


 Tomcat 5.5.9, for example, works as well now as it did when it was 
 judged ready to be a stable release.

What a pointless statement.  Software doesn't degrade over time.

The issue is not whether it works 'as well as it did' (it can't work any
other way) it's whether it works as well as it was _supposed to_.


 If there are no bugs or missing features in it which affect the 
 security or functionality of an application, then there is no
 benefit from upgrading

What a bizarre statement, given the context you set is a release that
happened in March 2005.  7 years ago.


 You are absolutely right. Feel free to read the find documentation on
 the Tomcat site about all the security vulnerabilities that have been
 fixed since 6.0.10 (and 5.5.9 for that matter).

+1


 but there will be costs and risks:
 
 * downtime and manpower for the upgrade

Should I infer that a typical upgrade will take a long time  a lot of
people?  Or are you saying that this is a small risk, 1 person and a few
seconds?

(A seven year window is probably enough to squeeze a couple of updates in.)


 * recommissioning/retesting: unless *all* acceptance tests are 
 automated, this can be far more expensive than deploying the 
 upgrade

Yes, I sort of agree.  Deploying the upgrade should be completely
inexpensive; by comparison, the testing process should be more
expensive, yes.


 You are right about this, too. But there are certainly risks to not
 upgrading as well. I'll leave those as an exercise for the reader.
 
 * risk of introducing new bugs in new code

That is a comparison between:

 a) measurable risk of impact on your application from known bugs

 b) *perceived* risk of impact on your application from
unknown/unidentified bugs

You cannot measure b), you can only address a).


 Unless your webapp needs modifications to run under a new version of
 Tomcat (which should never be the case when staying on a major-version
 number line), you shouldn't be introducing any new bugs into any code.
 Unless you mean bugs in Tomcat, which are always a possibility.
 
 So I guess you're saying that it's better to stick with the devil you
 know?

If that's what he's saying, then the argument is in favour of upgrading
to address the bugs you *do* know about, surely?


 In general, older software is better understood and less risky
 than new software, and if it meets requirements, is preferable.

Older software is only less risky if it's been debugged  patched.
Which means updating it regularly.

Would you say that the businesses of the world circa late 1999 felt that
their venerable Cobol apps presented less risk that newly written ones?

Or that they presented more risk, because it wasn't clear what would
happen to them when the clock flipped over to 2000?

Or that they presented more risk because it was harder to find people
with the right skill set to debug said applications?


p

 In general, yes. I this case, no, for at least 2 reasons:
 
 1. Many security, stability, and performance updates between 6.0.10
and 6.0.35.
 2. Volunteer support on this forum doesn't care to support truly
ancient versions of software that is freely available.
 
 If the OP wants to go purchase a support contract for Tomcat 6.0.10,
 he or she can certainly do that.






-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Jakarta ISAP Redirector

[Pid *]

On 13 Jun 2012, at 18:18, DeMarco, Alex alex.dema...@suny.edu wrote:

 I hope this is the right place to post this question.



 We have the latest Jakarta Plugin installed with IIS 7.5.



 Do you know, does the plugin specifically block  /services requests on
 wsdl's

No, it doesn't.

 If I go here:

 http://myural/myapp/services

 I get a page not available

Please post your config.


p




 However, if I am locally on the page the services listing does load.



 Also,  if I go here from my desk:



 http://myural/myapp/services/someservicename?wsdl



 It works fine.  In fact all the wsdl's work I just cannot display the
 services list remotely.



 Thanks in advance.



 -  Alex














-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: HttpOnly

[Pid *]

On 12 Jun 2012, at 05:58, N.s.Karthik nskarthi...@gmail.com wrote:

 Hi

 Spec
 JDK1.6
 Tomcat 6.0.10
 O/s Win / Linux(r-Hat)
 Browser : Crome 19.0.x / IE8

 For some specific Reason We use Tomcat 6.0.10 for Dev/Deploy in INTRANET.

That's a really old version, I'd be more worried about the slew of
other bugs that have been found  fixed since 6.0.10 was released.


p


 I have Googled / Yahooed for the same. HttpOnly

 1 form suggested to use Filters and set Cookie Headers as alternative for
 Handling HttpOnly

 How ever with this setting we are able to see multiple Cookies being set

 *HTTP/1.1 200 OK
 Server: Apache-Coyote/1.1
 Set-Cookie: JSESSIONID=A0A4EFD9A28E2C24D925B519EA9EC4F6; Path=/ABCD;
 HttpOnly
 Set-Cookie: JSESSIONID=D29822A1FD77C84907D67708C4DACC04; Path=/ABCD
 Content-Type: text/html
 Content-Length: 2333
 Date: Tue, 12 Jun 2012 04:46:29 GMT*


 Please some body explain me Why this is happening and how to prevent this
 for Cross scripting Hack ???


 with regards
 karthik


 --
 View this message in context: 
 http://tomcat.10.n6.nabble.com/HttpOnly-tp4982369.html
 Sent from the Tomcat - User mailing list archive at Nabble.com.

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Java process killed by oom-killer in Ubuntu

[Pid]

On 11/06/2012 20:15, Christopher Schultz wrote:
 Jorge,
 
 On 6/11/12 3:01 PM, Jorge Medina wrote:
 There is not much running in the machine other than Tomcat. The JVM
 actually starts fine, using about 8GB (6GB of heap, + code +
 threads etc) but it keeps growing. In about 2 days it runs out of
 memory. (The JVM process has reached more than 15GB).
 
 I would be very interested in seeing where all that memory is going.
 It sounds like it's not going to the heap, otherwise you'd be getting
 OOME and crashing in a different way.
 
 Any luck using lsof?

... or VisualVM with the Memory Pools plugin?


 Also, your previously-posted configuration seems a little insane:
 
 Xms6g -Xmx6g -XX:NewSize=4G -XX:MaxNewSize=4G -XX:SurvivorRatio=6
 -XX:MaxPermSize=512M -XX:-UseConcMarkSweepGC -XX:+UseStringCache
 -XX:+HeapDumpOnOutOfMemoryError
 -XX:HeapDumpPath=/home/example/logs
 
 -Xmx6g and NewSize=4G? Plus 0.5G for PermGen?

I think you'll run into trouble setting the NewSize that large.
There's a reason that the NewRatio works the way it does.

Sun advice always used to be keep the eden size between 1/4th and 1/3rd
the maximum heap size.  You are specifying 2/3rd the max heap.


p


 Have you tried using -XX:+UseCompressedOops? I wonder if you are
 getting killed with half-empty 64-bit pointers.
 
 -chris
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Java process killed by oom-killer in Ubuntu

[Pid *]

On 7 Jun 2012, at 23:03, Daniel Mikusa dmik...@vmware.com wrote:

 - Original Message -
 Only 52 java threads.  It used to fluctuate more (we made some
 changes
 to the app to perform a task in a single thread rather than spawning
 multiple threads, but the crash still occurs) . The number of threads
 is always below 100.

 jstack -F 21370 | grep ^Thread | wc -l
 ps -T -p 21370   (This gives me 63)

 I don't seem to specify the -Xss option:

 In some applications with a large number of threads (particularly when 
 running on 64-bit hardware) this setting can cause a problems.  The default 
 value is pretty large (I think it's 1M on 64-bit systems).  Since most apps 
 don't need that large of a value, an easy performance tuning step is to lower 
 the value of -Xss.

 Since you don't have very many threads, it seems unlikely that this is 
 causing your problem though.

 That being said, you could try explicitly setting a value for the thread 
 stack size.  Finding the right values takes some testing though.  I usually 
 start with something like 192k and run a few application tests.  If I see any 
 stack overflow exceptions then I increase the value and rerun the tests.  
 Repeat until there are no stack overflow exceptions.


 On a different note, what is the specific version of the JVM that you are 
 running?  If it's not the latest, you could always try upgrading to the 
 latest version.

You need to hook up the VisualVM + Memory Pools plugin.

This will show you where the memory is being consumed, if it's by the JVM.


p






 Xms6g -Xmx6g -XX:NewSize=4G -XX:MaxNewSize=4G -XX:SurvivorRatio=6
 -XX:MaxPermSize=512M -XX:-UseConcMarkSweepGC -XX:+UseStringCache
 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/home/example/logs

 -Jorge






 On Thu, Jun 7, 2012 at 12:07 PM, Daniel Mikusa dmik...@vmware.com
 wrote:
 - Original Message -
 I am using MongoDB through the Java driver allowing up to 100
 connections to the MongoDB server.
 I also use DBCP with a max size of 50 JDBC connections.
 My webapp uses about 150 JAR files.
 There is no native libraries loaded from my webapp as far as I
 know.
 All the app is pure Java code.  (Nevertheless, Tomcat is using the
 Tomcat Native Library)

 Is there a way I can monitor the number of file descriptors in use
 by
 the app?

 I have monitored the number of threads, but I haven't seen
 anything
 unusual.

 How many threads have you observed?  Total threads, not just
 threads for the connector.

 Also, what is the value you are using for thread stack size?  -Xss

 Dan



 (but it could be that the burst is too fast to get catch by
 the monitoring tool)

 -Jorge







 On Thu, Jun 7, 2012 at 11:44 AM, Christopher Schultz
 ch...@christopherschultz.net wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Jorge,

 On 6/6/12 5:33 PM, Jorge Medina wrote:
 The web application uses Spring/Postgres/Mongo.

 Are you using MongoDB in-process or anything weird like that? Or
 are
 you connecting through some socket-based (or other) API?

 It looks like a memory leak in native code, not java code; so
 my
 usual java toolset is not useful.

 If what you are observing is accurate (non-heap memory grows,
 heap
 stays reasonable) then it will definitely be more difficult to
 track-down.

 Tomcat runs behind nginx in a EC2 instance. The application
 uses
 Sun (now Oracle) JDK 1.6.

 Any suggestions on what should I look at?

 What do your Connectors look like? How many JDBC connections
 do
 you
 have in your connection pool (which you are hopefully using!)?
 How
 about the same equivalent for MongoDB?

 Does your webapp keep lots of files open? Do you have an
 unusually-large number of JAR files in your webapp? Do you have
 any
 native libraries in use within your webapp?

 What are all the non-default system properties that you are
 setting
 at
 JVM launch time (you can easily see this from a 'ps' list)?

 Two things that can eat-up native memory fast in a JVM are file
 descriptors and threads, so let's start there.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAk/Q9ooACgkQ9CaO5/Lv0PDPyQCfVtddxMDOgQbjmMGC3gvnK+Qq
 aZMAnjVu67+9Sm2bdYzAd91ZOrYo3DFI
 =r+vl
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 

Re: check tomcat (6.0.32) log settings automatically

[Pid]

On 08/06/2012 20:09, Su Zhang wrote:
 Hello,
 
 We want to check the log settings (e.g.attributes need to be logged) of
 tomcat server and then evaluate the security level for the application.

Tomcat log config and application log config are two different things.


 I am evaluating over a well-built system so what I can obtain is only its
 binary code and configuration files. Is there any way we can infer the log
 settings automatically?

Examine the application for log configuration files.

E.g.  This is a typical example, for an app that uses Log4J.

 myapp/WEB-INF/classes/log4j.properties


p


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: getting frustrated with web sockets

[Pid]

On 06/06/2012 15:54, Ravi wrote:
 
 Mark / Chris,
 
 Essentially, if I want to use websockets, you are asking me to rewrite
 my app + rewrite grails + rewrite hibernate + rewrite apache http
 utilities + rewrite several other web libraries I use.

I don't they're asking you to do that at all.


 I do not think this is a reasonable option.

I think you may misunderstand the place WebSocket has  it's intended
purpose.
Have you read the WebSocket Spec?  It's quite readable.


p

 On 6/5/2012 9:04 PM, Christopher Schultz wrote:
 Mark,
 
 On 6/5/12 5:42 PM, Mark Thomas wrote:
 WebSocket != HTTP and you simply can't replace one with the other.
 
 +1
 
 You can't just shout websocket and make a webapp work better with no
 other changes. It's not just like adding transport encryption by
 adding an s to the protocol name, it's a completely different
 protocol that just happens to use HTTP to bootstrap itself.
 
 -chris

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Request for Aliases or Alias as element inside Context

[Pid]

On 04/06/2012 20:03, Christopher Schultz wrote:
 Esmond,
 
 On 6/3/12 9:23 PM, Esmond Pitt wrote:
 I have a large and growing number of requirements for aliases, and
 the existing (new for Tomcat 7) aliases= attribute is unwieldy for
 me. The line is already 289 characters long ;-(
 
 It would be a lot more convenient if aliases could be specified
 individually via a repeatable nested Alias entry, something
 like:
 
 Context Alias aliasPath=/xyz docBase=/real_path/ ... 
 /Context
 
 Please file an enhancement request in bugzilla:
 https://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%207

Don't use docBase though, that'll confuse matters.


p



 -chris
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 

-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: ROOT.xml problem

[Pid]

On 03/06/2012 14:20, Stefan Mayr wrote:
 
 So you have a third-party app which needs to be called in the /corda
 context. There seems no way to make it accessible as ROOT applications.
 
 I think you just need a redirect pointing to your applications location.
 
 Steps:
 1. remove everything you did to make it work as ROOT; back to the
 working /corda version
 2. Create a redirect in your ROOT context

@Kevin /you/ asked us how to remove the '/corda' bit of the URL.

Like Stefan says, if you need that, then go back to how you had the app
before.


p


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: getting frustrated with web sockets

[Pid]

On 02/06/2012 03:38, Ravi wrote:
 
 I am trying to build an android app that connects to tomcat web sockets.
 
 I need a few java classes that can interact with tomcat websockets. I
 have tried 3 different implementations
 (strumsoft, jwebsockets and something else also) but neither one can
 talk to tomcat correctly.
 
 The issue seems to be protocol incompatibility between tomcat as server
 and any existing java websockets client.
 
 I even compiled jwebsockets swing based test client and that also cannot
 talk to tomcat. Surprisingly all javascript based clients can talk to
 tomcat, only java based cannot.
 
 
 So having done all that research, I wonder if somebody can help me
 identify java classes that will work with tomcat. Does tomcat have a
 client jar I can use?

http://tomcat.apache.org/tomcat-7.0-doc/web-socket-howto.html


p

 Help!
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: ROOT.xml problem

[Pid]

On 01/06/2012 22:22, Kevin Marx wrote:

 I know there is a way to do this without renaming things to ROOT, that's what 
 I'm looking for.

Why make your life so difficult, what's wrong with just calling it
ROOT.war?  /baffled

If you're really desperate to see that it's called 'corda', call the
app: ROOT##corda.war


p



signature.asc
Description: OpenPGP digital signature

Re: tomcat jdbc pool, creating a pool of pools, single connection memory footprint

[Pid *]

On 30 May 2012, at 23:19, André Warnier a...@ice-sa.com wrote:

 On Wed, May 30, 2012 at 10:07 AM, Christopher Schultz 
 ch...@christopherschultz.net wrote:
 ..

 If my environment and requirements match yours, you'd need 1 *
 max_pool_size * 66KiB at peak usage. That's about 640MiB for each
 connection you want in 10k pools. For a (uniform) max pool size of 4,
 you'll need more than 2GiB of heap space just for connection pools.

 Is that acceptable?


 Taking the same hypothetical case and figures :

 Assuming that you need a total of (1 * 4 connections) = 4 connections.

File handles anyone?
Web connections n x 10k + db connections m x 10k = ?


 Assuming that it takes 10ms to set up one such connection, and that once it 
 is there, you don't do anything with it and just let it be for now.
 Assuming we ignore such things like bandwidth, other things happening on that 
 host etc..
 It then takes a total of (10 ms * 4) = 40 ms = 400s = ~ 6.5 minutes
 just to set up these connections.

 Is that acceptable ?

 What I mean is that once you start playing with such numbers, you may want to 
 look at other aspects than just required memory..

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat jdbc pool, creating a pool of pools, single connection memory footprint

[Pid *]

On 31 May 2012, at 00:49, Christopher Schultz
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 André,

 On 5/30/12 6:18 PM, André Warnier wrote:
 Taking the same hypothetical case and figures :

 Assuming that you need a total of (1 * 4 connections) = 4
 connections. Assuming that it takes 10ms to set up one such
 connection, and that once it is there, you don't do anything with
 it and just let it be for now. Assuming we ignore such things like
 bandwidth, other things happening on that host etc.. It then takes
 a total of (10 ms * 4) = 40 ms = 400s = ~ 6.5 minutes just
 to set up these connections.

 Is that acceptable ?

 What I mean is that once you start playing with such numbers, you
 may want to look at other aspects than just required memory..

 There's also the issue of open filehandles, etc. My development
 environment is limited to 10240 filehandles per process (though of
 course that can be changed). Opening 10,000 connections would use most
 of those, leaving very few left to accept incoming requests from
 clients, etc.

Ah, beat me to it.


p

 It would be easier if all databases were hosted by a single instance
 of MySQL -- then you could use Tomcat-pool's feature of being able to
 provide credentials when obtaining connections from the pool -- and
 get the right database. That way, a much smaller number of connections
 could be maintained with roughly the same semantics.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
 Comment: GPGTools - http://gpgtools.org
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAk/GsecACgkQ9CaO5/Lv0PC7HACeNXMp5KZpAHGfhK73/MPFcGOn
 eIwAoJ7g4P/Nz2DBgNHBhwkq0jO3HMCu
 �CE
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat full GC every 2 minutes for first 6 hours after war reload

[Pid]

On 29/05/2012 20:50, Kevin wrote:
 
 
 On 5/29/12 11:09 AM, Christopher Schultz ch...@christopherschultz.net
 wrote:
 
 Kevin,
 
 (FYI these are always a PITA to diagnose...)
 
 On 5/29/12 11:03 AM, Kevin wrote:
 We have a cluster of tomcat servers being used on a very high
 volume website. We've noticed that for the first 5-6 hours after an
 application re-load that Full GC will run every 2 minutes pausing
 the application for anywhere between 5 and 20 seconds. After 5-6
 hours the full GC will no longer run until tomcat is reloaded.
 This behavior is repeatable.

 We discounted our EhCache settings as potential issue because
 tomcat can be killed without this issue showing up.  It's not until
 we actually reload the WAR with changes (clearing the work
 directory) and restart tomcat that this issue shows up.  Traffic
 level isn't a factor we'll go through our peak hours with no
 problem.
 
 All good things to know.
 
 The servers are all dual quad core with 32GB of RAM running Centos
 5 and tomcat 6.0.18.  We've attempted every suggested GC setting
 change suggested on the net and by developers and system
 administrators.
 
 Did you try looking at what the cause might be, or just blindly apply
 suggestions to see if something would stick?
 
 Initially we looked closely at it trying to solve the problem as time wore
 on we tried anything.  This has been going on for months now.
 
 
 
 Our java opts are being played with on a daily basis however here
 are the settings that correspond to the sample GC log below:


 -server -Xmx27g -Xms27g  -XX:+DisableExplicitGC
 -XX:+UseConcMarkSweepGC -XX:+PrintTenuringDistribution
 -Dsun.rmi.dgc.client.gcInterval=90
 -Dsun.rmi.dgc.server.gcInterval=90 -XX:NewSize=8g
 -XX:SurvivorRatio=16 -verbose:gc -XX:+PrintGCTimeStamps
 -XX:+PrintGCDetails
 
 A new size of 8GiB seems high to me, but I've never run with a total
 heap size of anything nearly as large as 27GiB, so maybe that's a
 reasonable size. My opinion here is probably irrelevant.
 
 215.501: [GC 215.504: [ParNew Desired survivor size 238583808
 bytes, new threshold 15 (max 15) - age   1:   50457968 bytes,
 50457968 total : 7456799K-111048K(7922624K), 0.0617110 secs]
 8614906K-1269155K(27845568K), 0.0661400 secs] [Times: user=0.68
 sys=0.00, real=0.07 secs]
 
 Odd that user+sys  real. Hmm.
 
 [...]
 
 316.456: [GC 316.459: [ParNew Desired survivor size 238583808
 bytes, new threshold 15 (max 15) - age   1:   41430416 bytes,
 41430416 total - age   3:   22728376 bytes,   64158792 total - age
 5:   19599960 bytes,   83758752 total - age   6:   21847616 bytes,
 105606368 total - age   7:   27667592 bytes,  133273960 total - age
 8:  10904 bytes,  133284864 total - age   9:   31824256 bytes,
 165109120 total : 7650333K-215213K(7922624K), 0.1332630 secs]
 8808440K-1373320K(27845568K), 0.1380590 secs] [Times: user=1.45
 sys=0.01, real=0.14 secs]
 
 1.45 seconds for a full-GC isn't anywhere near the 5s-20s claimed
 above. Have you been able to actually instrument a 5s-20s GC-pause?
 Or, are you saying that your webapp appears to stall for that long and
 those observances coincide with full-GC runs?
 
 343.376: [Full GC 343.378: [CMS: 1158107K-1312570K(19922944K),
 3.4129290 secs] 2884580K-1312570K(27845568K), [CMS Perm :
 83964K-47203K(83968K)], 3.4168600 secs] [Times: user=3.87
 sys=0.02, real=3.41 secs]
 
 Also relatively short.
 
 They fluctuate. 
 
 
 **Last Full GC**

 20517.892: [GC 20517.898: [ParNew Desired survivor size 238583808
 bytes, new threshold 15 (max 15) - age   1:   33948208 bytes,
 33948208 total - age   2:  88280 bytes,   34036488 total - age
 3:   19872472 bytes,   53908960 total - age   4:   16072608 bytes,
 69981568 total - age   5:   15718712 bytes,   85700280 total - age
 6:   15771016 bytes,  101471296 total - age   7:   16895976 bytes,
 118367272 total - age   8:   24233728 bytes,  142601000 total :
 7618727K-200950K(7922624K), 0.1728420 secs]
 16794482K-9376705K(27845568K), 0.1822350 secs] [Times: user=2.21
 sys=0.01, real=0.18 secs]
 
 Note that the above is not a Full GC. This one /is/:
 
 20526.469: [Full GC 20526.475: [CMS:
 9175755K-9210800K(19922944K), 33.1161300 secs]
 13632232K-9210800K(27845568K), [CMS Perm :
 83967K-53332K(83968K)], 33.1254170 secs] [Times: user=33.12
 sys=0.02, real=33.12 secs]
 
 Okay, that one's a doosey.
 
 It's weird that it looks like after the full GC, the heap has *lost*
 some space (CMS: 9175755K-9210800K). Can you watch the logs and
 take a heap dump (which may take a LONG time with such a big heap, so
 be prepared for another long pause) after one of these full GCs?
 
 It would be better to get a heap dump both before AND after the full
 GC, but that can ruin your performance if you enable those automated
 GC options.
 
 We can run this after our next code release in two days.
 
 
 Any help would be greatly appreciated.
 
 Are you populating huge caches on startup or anything like that?
 Generational GC performance is related to the number 

Re: tomcat full GC every 2 minutes for first 6 hours after war reload

[Pid]

On 29/05/2012 16:03, Kevin wrote:
 Hi
 
 We have a cluster of tomcat servers being used on a very high volume
 website. We've noticed that for the first 5-6 hours after an application
 re-load that Full GC will run every 2 minutes pausing the application for
 anywhere between 5 and 20 seconds. After 5-6 hours the full GC will no
 longer run until tomcat is reloaded.  This behavior is repeatable.

 We discounted our EhCache settings as potential issue because tomcat can
 be killed without this issue showing up.  It's not until we actually
 reload the WAR with changes (clearing the work directory) and restart
 tomcat that this issue shows up.  Traffic level isn't a factor we'll go
 through our peak hours with no problem.
 
 
 The servers are all dual quad core with 32GB of RAM running Centos 5 and
 tomcat 6.0.18.  We've attempted every suggested GC setting change
 suggested on the net and by developers and system administrators.  Our
 java opts are being played with on a daily basis however here are the
 settings that correspond to the sample GC log below:

Exactly which version of Java are you using?


 -server -Xmx27g -Xms27g  -XX:+DisableExplicitGC -XX:+UseConcMarkSweepGC
 -XX:+PrintTenuringDistribution  -Dsun.rmi.dgc.client.gcInterval=90
 -Dsun.rmi.dgc.server.gcInterval=90 -XX:NewSize=8g -XX:SurvivorRatio=16
 -verbose:gc -XX:+PrintGCTimeStamps -XX:+PrintGCDetails

You are doing a hot deployment with a 27G heap?

How big is permgen?

Are you completely sure the application doesn't have any memory leaks?

Have you tried running your application on a more recent version of Tomcat?


p


 215.501: [GC 215.504: [ParNew
 Desired survivor size 238583808 bytes, new threshold 15 (max 15)
 - age   1:   50457968 bytes,   50457968 total
 : 7456799K-111048K(7922624K), 0.0617110 secs]
 8614906K-1269155K(27845568K), 0.0661400 secs] [Times: user=0.68 sys=0.00,
 real=0.07 secs]
 
 215.577: [GC 215.579: [ParNew
 Desired survivor size 238583808 bytes, new threshold 15 (max 15)
 - age   1:  66288 bytes,  66288 total
 - age   2:   50219144 bytes,   50285432 total
 : 114868K-66525K(7922624K), 0.0381810 secs]
 1272975K-1224632K(27845568K), 0.0413630 secs] [Times: user=0.46 sys=0.00,
 real=0.04 secs]
 
 236.177: [GC 236.180: [ParNew
 Desired survivor size 238583808 bytes, new threshold 15 (max 15)
 - age   1:   45071064 bytes,   45071064 total
 - age   2:  26112 bytes,   45097176 total
 - age   3:   34785960 bytes,   79883136 total
 : 7523165K-110355K(7922624K), 0.0921350 secs]
 8681272K-1268462K(27845568K), 0.0969290 secs] [Times: user=0.95 sys=0.01,
 real=0.10 secs]
 
 ...
 
 316.456: [GC 316.459: [ParNew
 Desired survivor size 238583808 bytes, new threshold 15 (max 15)
 - age   1:   41430416 bytes,   41430416 total
 - age   3:   22728376 bytes,   64158792 total
 - age   5:   19599960 bytes,   83758752 total
 - age   6:   21847616 bytes,  105606368 total
 - age   7:   27667592 bytes,  133273960 total
 - age   8:  10904 bytes,  133284864 total
 - age   9:   31824256 bytes,  165109120 total
 : 7650333K-215213K(7922624K), 0.1332630 secs]
 8808440K-1373320K(27845568K), 0.1380590 secs] [Times: user=1.45 sys=0.01,
 real=0.14 secs]
 
 338.851: [GC 338.854: [ParNew
 Desired survivor size 238583808 bytes, new threshold 15 (max 15)
 - age   1:   40678840 bytes,   40678840 total
 - age   2:   27075936 bytes,   67754776 total
 - age   4:   20399720 bytes,   88154496 total
 - age   6:   19271008 bytes,  107425504 total
 - age   7:   21655032 bytes,  129080536 total
 - age   8:   27118800 bytes,  156199336 total
 - age   9:  10904 bytes,  156210240 total
 - age  10:   31747808 bytes,  187958048 total
 : 7671853K-285541K(7922624K), 0.1456470 secs]
 8829960K-1443648K(27845568K), 0.1503540 secs] [Times: user=1.62 sys=0.01,
 real=0.15 secs]
 343.376: [Full GC 343.378: [CMS: 1158107K-1312570K(19922944K), 3.4129290
 secs] 2884580K-1312570K(27845568K), [CMS Perm : 83964K-47203K(83968K)],
 3.4168600 secs] [Times: user=3.87 sys=0.02, real=3.41 secs]
 
 **Last Full GC**
 
 20517.892: [GC 20517.898: [ParNew
 Desired survivor size 238583808 bytes, new threshold 15 (max 15)
 - age   1:   33948208 bytes,   33948208 total
 - age   2:  88280 bytes,   34036488 total
 - age   3:   19872472 bytes,   53908960 total
 - age   4:   16072608 bytes,   69981568 total
 - age   5:   15718712 bytes,   85700280 total
 - age   6:   15771016 bytes,  101471296 total
 - age   7:   16895976 bytes,  118367272 total
 - age   8:   24233728 bytes,  142601000 total
 : 7618727K-200950K(7922624K), 0.1728420 secs]
 16794482K-9376705K(27845568K), 0.1822350 secs] [Times: user=2.21
 sys=0.01, real=0.18 secs]
 
 20526.469: [Full GC 20526.475: [CMS: 9175755K-9210800K(19922944K),
 33.1161300 secs] 13632232K-9210800K(27845568K), [CMS Perm :
 83967K-53332K(83968K)], 33.1254170 secs] [Times: user=33.12 sys=0.02,
 real=33.12 secs]
 
 
 
 **Log samples after Full GC no longer runs**
 
 74412.335: [GC 74412.340: [ParNew
 Desired survivor size 238583808 bytes, 

Re: After going to Tomcat 6 I get log4j problems. Why?

[Pid]

On 25/05/2012 10:03, Hermes Flying wrote:
 Hi,
 
 I have upgraded from Tomcat 5.5 to Tomcat 6.0.35
 I am getting java.lang.NoClassDefFoundError: 
 org.apache.commons.logging.LogFactory
 I didn't have this problem before.
 Note that I have commons-logging already in my web apps WEB-INF\lib
 And this exception is from a class (custom class) running from a jar in 
 %TOMCAT_HOME%\lib
 If I drop commons-logging in %TOMCAT_HOME%\lib the exception does not happen 
 BUT now I get exceptions in log4j from inside my web app.
 I tried also deleting the commons-logging from 
 %TOMCAT_HOME%\webapps\myApp\WEB-INF\lib but no success.
 
 Any idea what is the problem here?

Please start a new thread, rather than hijacking an existing thread, by
editing a subject/body.


p



-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: mod_jk not working !!

[Pid *]

On 25 May 2012, at 19:21, Mark Eggers its_toas...@yahoo.com wrote:

 
 From: Christopher Schultz ch...@christopherschultz.net
 To: Tomcat Users List users@tomcat.apache.org
 Sent: Friday, May 25, 2012 9:57 AM
 Subject: Re: mod_jk not working !!

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Chuck,

 On 5/25/12 12:41 PM, Caldarale, Charles R wrote:
 From: Mark Eggers [mailto:its_toas...@yahoo.com] Subject: Re:
 mod_jk not working !!


 I'll try to give a few general directions.

 much useful content snipped

 Again, start simply.

 1. Stock Apache HTTPD installation (and verify) 2. Stock Apache
 Tomcat installation (and verify) 3. mod_jk installation (and
 verify) 4. Second Apache Tomcat installation (and verify both) 5.
 Cluster

 I'd suggest that your entire e-mail should be put in the Wiki.

 +1, though maybe in smaller pieces linked by a top-level page.

 - -chris


 If this goes up on the Wiki, then smaller pages organized by task would be 
 good.

 It would probably help if the Wiki pages had a lot of detail, and 
 cross-reference the appropriate documentation on the Tomcat web site as well.

 I've been meaning to write this up for some time, so maybe I'll get started 
 on it this weekend.

 Since this is going to take a bit of time, is there a place on the Tomcat 
 Wiki that I can write but not have it published (may be a developer list 
 question). If not, then I'll write locally and then do a cut / paste. 
 However, it would be nice to have feedback during the writing process.

It's coherent. Just put it up, worry about the tweaking later.


p




 /mde/

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: After going to Tomcat 6 I get log4j problems. Why? (RE:)

[Pid]

On 25/05/2012 21:40, Hermes Flying wrote:
 Creating a new Thread as Pid recommended:
 Concerning the questions posed by Konstantin Kolinko:
 You do not say what jars are exactly where and what actual
 configuration (server.xml and logging) you have.
 I am not sure I follow: you mean the version? I have log4j in the 
 WEB-INF\xml, and commons-logging and commons-logging-api as well
 No problem up to Tomcat 5.5. Does this answer your question?
 
 
 Placing custom jars into %TOMCAT_HOME%\lib is usually a bad idea.
 The custom jar provides an SSLImplementation to be hooked in the 
 connectors. When it tries to log I get exception. No problem in Tomcat 5.5.
 This exception goes away if I move commons-logging in %TOMCAT_HOME%\lib BUT 
 then I have exceptions in my web application (even if I delete the 
 commons-logging from WEB-INF\lib)
 
 Has something changed in the logging in Tomcat 6?
 How can I resolve this problems?
 
 Thank you!
 
 
 
 
 I'd suspect that one of them is the culprit.
 2012/5/25 Hermes Flying flyingher...@yahoo.com:
 Hi,

 I have upgraded from Tomcat 5.5 to Tomcat 6.0.35
 I am getting java.lang.NoClassDefFoundError: 
 org.apache.commons.logging.LogFactory
 I didn't have this problem before.

Tomcat 5.5 != Tomcat 6.0

 http://tomcat.apache.org/migration.html


p

 Note that I have commons-logging already in my web apps WEB-INF\lib
 And this exception is from a class (custom class) running from a jar in 
 %TOMCAT_HOME%\lib

 If I drop commons-logging in %TOMCAT_HOME%\lib the exception does not happen 
 BUT now I get exceptions in log4j from inside my web app.
 I tried also deleting the commons-logging from 
 %TOMCAT_HOME%\webapps\myApp\WEB-INF\lib but no success.

 Any idea what is the problem here?
 
 Your description is too generic to say.
 
 You do not say what jars are exactly where and what actual
 configuration (server.xml and logging) you have.
 
 See
 1) Class Loading page in documentation.
 
 Placing custom jars into %TOMCAT_HOME%\lib is usually a bad idea.
 
 I'd suspect that one of them is the culprit.
 
 2) Logging page in documentation.
 
 Compare it with your configuration.  It might be that you config
 matches some of the steps for enabling log4j described there, but
 not all of them. Note that using log4j in Tomcat is not the default
 configuration.
 
 3) Apache Commons Logging documentation
 http://commons.apache.org/logging/guide.html
 
 Especially how commons-logging switches between java.util.logging and
 log4j (preferring the latter if it is available).
 
 Best regards,
 Konstantin Kolinko
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: Isapi redirector log file is always empty - IIS 7.5 - Tomcat 7.0.26 - Isapi 1.2.30 - Win2008 R2

[Pid]

On 18/05/2012 00:58, ann ramos wrote:
 Hi,
 
 I have set up our system to do SSO.  The setup works fine because whenever 
 the user access the system, they are automatically logged in to the system.
 
 Following are the steps that I used to set up Isapi:
 1. Manually created the folders Apache Software Foundation\Jakarta Isapi 
 Redirector.  Then inside those folders I created a sub folder bin, conf and 
 log.
 2. I manually created the registry entries.  The set up works because the 
 system functions as SSO.
 
 The only thing is that my isapi_redirect.log is always empty even though I 
 set the log_level to debug. 
 
 I tried searching the internet but I'm not getting anywhere.
 
 I would appreciate any thoughts and ideas that you can share so I can resolve 
 my problem.  
 
 Thanks and regards.
 
 Peeves
 

Small note, next time please start an entirely new thread - rather than
replying to an existing one* and just editing the subject  body.


p

* RE: Tomcat 4.0   Tomcat 6.0 AuthenticatorBase


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: TC7: trigger seeding of SecureRandom

[Pid]

On 21/05/2012 08:18, Jamie wrote:
 Hi There
 
 We've just upgraded out web app to TC7. It seems the following is being
 outputted repeatedly on the console for each page load:
 
 trigger seeding of SecureRandom
 done seeding SecureRandom

Can you post the full information from the log file, including the lines
before and after these entries?


p


 Closer inspection reveals, the Tomcat class SessionIdGenerator using
 SecureRandom.
 
 Is this normal? Why would SecureRandom have to be seeded so often? I am
 also worried about the Tomcat console log filling up over time.
 
 Thanks
 
 Jamie
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: aliases attribute tomcat7

[Pid]

On 17/05/2012 07:11, Michael Ravits wrote:
 Hey Pidster,
 
 This is the tag I've used:
 
 Context 
 aliases=/img/images=/home/michaelr/images,/img/thumbs=/home/michaelr/thumbs/Context
 
 It could have been a permissions problem but I gather that if docBase
 works, this must work as well permission wise.
 
 Thanks,
 Michael
 
 2012/5/17, Pid p...@pidster.com:
 On 17/05/2012 06:41, Michael Ravits wrote:
 Hi Everybody,

 I just can't get this to work.
 Installed Tomcat 7.0.21 on ubuntu 11 using apt-get.
 I deployed ROOT.war and then went on to configure aliases.
 Tried adding the attribute in:

 Obvious question: what exactly did you try?


 p

 $CATALINA_BASE/conf/Catalina/localhost/ROOT.xml

This applies to the default context and seems to work OK on my install.
Can you try using a fresh download from Apache?


 $CATALINA_BASE/conf/Catalina/localhost/context.xml

This would only work for an application called '/context'.
If your app is called something else, it won't work.


 $CATALINA_BASE/conf/Catalina/localhost/context.xml.default
 $CATALINA_BASE/conf//context.xml

I don't know if it works in the default context, but I'd assume not - or
at least that it's not such a good idea to set it for all Contexts.


p

 But nothing seems to work..

 In the mean while I've resorted to adding:

 $CATALINA_BASE/conf/Catalina/localhost/img.xml

 With docBase attribute pointing at the right place and it works.
 But it seems to me that aliases is more appropriate.

 Does anyone know what I'm doing wrong?
 How should I debug this?

 Thanks,
 Michael

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



 --

 [key:62590808]


 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: I have /subapp/a and /subapp/b. Can i have different sessions for them?

[Pid *]

On 18 May 2012, at 20:38, Teo teomina...@gmail.com wrote:

 Hi,

 first time posting on a mailing list, hope i'm not breaking any rules of
 some sort. My problem is pretty simple but it seems a lot of people have
 trouble understanding it in other forums.

Okay...


 Let's say i have 2 main entry
 points into my application: /subapp/a and /subapp/b.

Ok

 They are part of the
 same webapp but they are somehow different and i want to distinguish
 between them.

Ok


 Having a separate session for each of them would be the
 greatest thing but is this possible for Tomcat?

Yes, if they are separate applications.
This is a Servlet Spec requirement.


 The path of the session
 cookie (JSESSIONID) is automatically put at the root context path (so
 /subapp in this example).

The word root has a special meaning, be precise please. It usually
means ROOT - the default application whose path is '/'.
I don't think that's what you intend.


 And i don't want to have multiple wars or
 multiple Tomcats...

Why not?  Work with the technology instead of against it.

If you name your app:

 myapp#subappA.war

The context  cookie path will be

 /myapp/subappA

Problem solved.


p


 I would like this in Tomcat 7 btw... I'm trying to
 avoid changing Tomcat itself so i tried to extend/wrap the usual response
 classes/interfaces but no luck because Tomcat writes the Set-Cookie header
 directly into the coyote response header...

 Any help would be appreciated, been wrestling with this for some days...

 Thanks,
 Teo

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: aliases attribute tomcat7

[Pid]

On 17/05/2012 06:41, Michael Ravits wrote:
 Hi Everybody,
 
 I just can't get this to work.
 Installed Tomcat 7.0.21 on ubuntu 11 using apt-get.
 I deployed ROOT.war and then went on to configure aliases.
 Tried adding the attribute in:

Obvious question: what exactly did you try?


p

 $CATALINA_BASE/conf/Catalina/localhost/ROOT.xml
 $CATALINA_BASE/conf/Catalina/localhost/context.xml
 $CATALINA_BASE/conf/Catalina/localhost/context.xml.default
 $CATALINA_BASE/conf//context.xml
 
 But nothing seems to work..
 
 In the mean while I've resorted to adding:
 
 $CATALINA_BASE/conf/Catalina/localhost/img.xml
 
 With docBase attribute pointing at the right place and it works.
 But it seems to me that aliases is more appropriate.
 
 Does anyone know what I'm doing wrong?
 How should I debug this?
 
 Thanks,
 Michael
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature

Re: tomcat slowing down

[Pid *]

On 17 May 2012, at 07:42, Christian Kaufhold kaufhol...@googlemail.com wrote:

 Hi Mikolaj,

 thanks I will do that,
 do you know a free tool to generate request for the simulation
 of about 30 clients being connected?

JMeter


p




 Am 16.05.2012 um 21:49 schrieb Mikolaj Rydzewski:

 On 05/16/2012 05:35 PM, Christian Kaufhold wrote:
 its not intentional but the myfaces App runs on the server for years now
 and should not cause the problem
 I recently deployed a wicket app and now
 the server is slowing down when we have about 10 users or so.


 So there are two different applications? Myfaces (which used to work for a 
 long time) and wicket (which takes server down)?
 I'd separate them first to have clear environment for investigation. Then 
 enable GC logging, attach jvisualvm, deploy psi probe 
 (http://code.google.com/p/psi-probe/), etc.

 --
 Mikolaj Rydzewskim...@ceti.pl


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Multiple tomcat Instances on Same Server and One Apache Instance

[Pid]

On 15/05/2012 23:32, Miguel González Castaños wrote:
 On 15/05/2012 17:22, André Warnier wrote:
 Vickie Troy-McKoy wrote:
 ...

 Thank you Andre for your help.  After I configured it as you
 specified, the behavior was the same as before I inquired on this forum. 

 Well, it doesn't sound as if we really helped a lot then, or am I
 misunderstanding this too ?
 :-)

 Note also for the record (and maybe a later enquiry) that it should
 not really be necessary to have 2 separate Apache httpd instances.  At
 least if we now understand properly what you are really trying to
 achieve..
 
 Just wondering. With a 64 bits OS, how much RAM can you handle in a JVM
 and therefore with each instance of Tomcat? For a 12 Gb of RAM machine,
 it would be wise if you want to have this kind of setup (Apache and two
 Tomcat instances in the same machine) if you need more than 400-500
 concurrent users?

If this is a new question, please post it in a completely* new thread,
rather than hijacking someone else's.


p

* ie, no editing of subject  body from a reply to an existing thread.


-- 

[key:62590808]



signature.asc
Description: OpenPGP digital signature