Cluster session sync question (from documentation)
I have a question about the section from the documentation below: Distributed locking and pages using frames Tomcat does not keep session instances in sync across the cluster. The implementation of such logic would be to much overhead and cause all kinds of problems. If your client accesses the same session simultanously using multiple requests, then the last request will override the other sessions in the cluster. How, for example, would a client be able to access the same session simultaneously? (Because for non-simultaneous requests, wouldn't each request's changes to the session be replicated to all nodes in the cluster before the next request?) Could someone give examples of the unwanted consequences of this overriding of existing sessions from new requests? I'm just not really wrapping my head around this. Thanks. -- View this message in context: http://www.nabble.com/Cluster-session-sync-question-%28from-documentation%29-tp23411578p23411578.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cluster session sync question (from documentation)
Let me see if I understand this correctly, in the case of non-sticky sessions. Request 1 goes to node 1. Am I correct in saying that as long as Request 2 reaches node 2 before the session from node 1 has fully replicated over, the the inconsistent session problem exists? Am I also correct in thinking that depending on the order of replication completion (whether the session from node 1 replicates over to node 2 first or vice-versa), the session that persists would be either the session from node 1 or from node 2, but absolutely not both? Since it seems that sticky sessions are the way to go to ensure greater application consistency, this leads to the question that with all the benefits of sticky sessions, using what criteria would anyone decide against using them? What's the tradeoff here? Thanks. Caldarale, Charles R wrote: From: lightbulb432 [mailto:veerukrish...@hotmail.com] Subject: Cluster session sync question (from documentation) How, for example, would a client be able to access the same session simultaneously? If a page includes multiple resources (e.g., frames, pictures), a browser will normally generate at least two requests in parallel for those resources. If those parallel requests are for dynamic content, it's up to the servlets involved to synchronize updates to the common session object. That's relatively easy in a non-clustered environment, but much trickier with clustering - unless using sticky sessions in your load balancer. With sticky sessions configured in your load balancer, the concurrent request problem devolves to the same one you already have in a non-clustered environment. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Cluster-session-sync-question-%28from-documentation%29-tp23411578p23413085.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cluster session sync question (from documentation)
I just thought of something with regards to multiple requests from a given page - let's assume the browser doesn't generate multiple requests for dynamic content by way of frames or images. Are AJAX requests treated any differently from regular requests, whereby multiple AJAX requests from one page would somehow always be routed to one node even in the absence of sticky sessions? (Or could all those AJAX requests still end up modifying different session instances on different nodes, even though all requests were from the same page? Because that's a very likely scenario for most rich web applications these days.) I ask this out of curiosity, I suppose - after all, it seems like sticky sessions are the way to go and that would preclude the above issue completely. Caldarale, Charles R wrote: From: lightbulb432 [mailto:veerukrish...@hotmail.com] Subject: RE: Cluster session sync question (from documentation) Request 1 goes to node 1. Am I correct in saying that as long as Request 2 reaches node 2 before the session from node 1 has fully replicated over, the the inconsistent session problem exists? That's my understanding - which is why the doc says to use sticky sessions. the session that persists would be either the session from node 1 or from node 2, but absolutely not both? Correct. using what criteria would anyone decide against using them? What's the tradeoff here? Potential performance imbalance is the only thing I can think of. If one of your clients creates a lot of requests, they'll all have to be processed on a single node, leaving the others relatively idle. I doubt that this is much of a concern in the real world. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Cluster-session-sync-question-%28from-documentation%29-tp23411578p23413346.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Add URLClassLoader search path to default context classloader
In a web application that loads resources expecting them to be available on the classpath (e.g. ResourceBundle.getInstance(resource)), is there a way to alter what locations the web context classloader includes? I'd like to add a URL to the search path of the web context classloader, so that in the above example, resource.properties from some URL is seen by the web application. I know that URLs can be made available to a classloader by using URLClassLoader. However, I don't know how I can include the search path of that classloader in the web application's classloader provided by Tomcat. How can I do this? Thanks. -- View this message in context: http://www.nabble.com/Add-URLClassLoader-search-path-to-default-context-classloader-tp14458477p14458477.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to store classpath resources outside of WAR
Similar to how you can specify an mycontext.xml in conf/Catalina/localhost to specify the context without having to modify prepackaged WAR files, can you so something like place files in context-specific folders (i.e. conf/Catalina/localhost/mycontext/resource1.properties) that would be accessible from the classpath of the web app? If it doesn't exist, would it be a good feature request? It would accomplish multiple things: - Wouldn't expose the classpath resources to more web applications than intended (which would be the case if you put it in CATALINA_HOME/lib). - Would allow deployers to not have to modify the web.xml and place the classpath resource in WEB-INF/classes or WEB-INF/lib. - Would prevent developers from having to code using absolute filenames. First of all, is a feature similar to what I'm suggesting available in Tomcat? If not, what do you think of such a feature request? Thanks. lightbulb432 wrote: When deploying a WAR file whose code uses information stored in classpath configuration resources, where should you store these configuration files if outside of the WAR file? If you want to keep these configuration files outside of the WAR file to make for easier deployment in multiple environments, isn't the only other classpath available to Tomcat within its own lib folder? And in that case, the configuration file would be available in all contexts. So where should such a file be stored (i.e. available to the webapp as a resource but not available to all contexts)? Thanks. -- View this message in context: http://www.nabble.com/-OT--Where-to-store-classpath-resources-outside-of-WAR-tp14399810p14445789.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Where to store classpath resources outside of WAR
When deploying a WAR file whose code uses information stored in classpath configuration resources, where should you store these configuration files if outside of the WAR file? If you want to keep these configuration files outside of the WAR file to make for easier deployment in multiple environments, isn't the only other classpath available to Tomcat within its own lib folder? And in that case, the configuration file would be available in all contexts. So where should such a file be stored (i.e. available to the webapp as a resource but not available to all contexts)? Thanks. -- View this message in context: http://www.nabble.com/-OT--Where-to-store-classpath-resources-outside-of-WAR-tp14399810p14399810.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
log4j when using Bootstrap not command-line startup
I'm running Tomcat not from the command-line but from the Bootstrap class's start() method. When I start it using the command-line, a logs/tomcat.log is created in CATALINA_BASE, but not when I start from the Bootstrap class. In fact, I get the log4j:WARN Please initialize the log4j system properly. log message in the output. What is the catalina.bat file doing differently that makes properly initializes log4j? There are a few things relating to setting java.util.logging properties, but that shouldn't make a difference because I'm using log4j. I'm using Tomcat 6 and following the directions at http://tomcat.apache.org/tomcat-6.0-doc/logging.html for log4j. I imagine I've followed those directions properly because the logs are appearing when I run it from the command-line. And ideas of what might be causing this, or what should I try next? Thanks. -- View this message in context: http://www.nabble.com/log4j-when-using-Bootstrap-not-command-line-startup-tp14356626p14356626.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: log4j when using Bootstrap not command-line startup
Placing log4j's JAR into jre/lib/ext didn't cause the logs to appear. (I should mention that the logs I'm trying to control with log4j are Tomcat's internal logs, rather than web application logs.) The following command from the command line outputs the log as expected, as does calling startup.bat, or catalina.bat run: java -cp tomcathome\bin\bootstrap.jar -Dcatalina.base=path/to/catalina/base -Dcatalina.home=path/to/catalina/home org.apache.catalina.startup.Bootstrap start The logs aren't created, however, when starting Tomcat from within an IDE (Eclipse), in the following two cases: - The Tomcat plugin that points to the same tomcathome as in the command-line snippet above - The main method of a class that uses the Bootstrap class, in the following way: Bootstrap bootstrap = new Bootstrap(); bootstrap.setCatalinaHome(System.getenv(CATALINA_HOME)); bootstrap.setCatalinaBase(System.getenv(CATALINA_BASE)); bootstrap.init(new String[] { -config, path/to/server.xml }); bootstrap.start(); mgainty wrote: Lightbulb- to quote- http://www.slf4j.org/nlog4j/TROUBLESHOOT.html#noAppenders Log4j does not have a default logging target. It is the user's responsibility to ensure that all categories can inherit an appender. This can be easily achieved by attaching an appender to the root category. If you place log4j.jar in the jre/lib/ext /**COMMONS-LOGGING.PROPERTIES located on classpath (WEB-INF/CLASSES) */ commons-logging.properties has these entries for Log4J org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jF actory org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JCategory Log /***LOG4j.PROPERTIES located on classpath (WEB-INF/CLASSES) ***/ log4j.properties has these entries log4j.rootLogger = WARN, stdout log4j.appender.stdout = org.apache.log4j.ConsoleAppender log4j.appender.stdout.Threshold = WARN log4j.appender.stdout.Target = System.out log4j.appender.stdout.layout = org.apache.log4j.PatternLayout log4j.appender.stdout.layout.ConversionPattern = %d{ISO8601} %-5p [%F:%L] : %m%n HTH M- - Original Message - From: lightbulb432 [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Saturday, December 15, 2007 7:06 PM Subject: log4j when using Bootstrap not command-line startup I'm running Tomcat not from the command-line but from the Bootstrap class's start() method. When I start it using the command-line, a logs/tomcat.log is created in CATALINA_BASE, but not when I start from the Bootstrap class. In fact, I get the log4j:WARN Please initialize the log4j system properly. log message in the output. What is the catalina.bat file doing differently that makes properly initializes log4j? There are a few things relating to setting java.util.logging properties, but that shouldn't make a difference because I'm using log4j. I'm using Tomcat 6 and following the directions at http://tomcat.apache.org/tomcat-6.0-doc/logging.html for log4j. I imagine I've followed those directions properly because the logs are appearing when I run it from the command-line. And ideas of what might be causing this, or what should I try next? Thanks. -- View this message in context: http://www.nabble.com/log4j-when-using-Bootstrap-not-command-line-startup-tp 14356626p14356626.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/log4j-when-using-Bootstrap-not-command-line-startup-tp14356626p14359040.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
What gets reloaded on Tomcat automatic reload
When a context is set with reloadable=true and a change is made to one of the appropriate folders, causing a context reload, what is and isn't undeployed and redeployed? I ask because, surprisingly, a static variable kept its state across the automatic reload. Is this expected behavior? I thought it would be a completely fresh, new deployment that's the equivalent of stopping and restarting the server, with regards to the context with which you're working. However, stopping and restarting the server does, of course, clear the static variable's state, but that's not the case with the automatic reload - or am I probably just doing something wrong? Thanks. -- View this message in context: http://www.nabble.com/What-gets-reloaded-on-Tomcat-automatic-reload-tp14306781p14306781.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: See command-line output with startup errors in Windows
I'm getting the output I expect if I don't comment out the first line in catalina.bat. However, if I comment out @echo off as you suggested, I get output where every line in the batch file seems to be executing on its own line, executing as a command - why might this be happening? e.g. commandline set CMD_LINE_ARGS= If catalina.bat run accomplishes the same thing, what's the purpose of startup.bat? Are there cases where you would want to use it? -- View this message in context: http://www.nabble.com/See-command-line-output-with-startup-errors-in-Windows-tp14246312p14246394.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Specify context path when context.xml is in META-INF
Is there a way, when you have your context.xml in META-INF rather than specifying the Context element in server.xml or elsewhere, to customize the context path? I'd like to use context.xml in META-INF because of the benefits of this approach, but there seems to be no way to change the context path, which is always the name of the folder underneath appBase. For example, if appBase contains a folder called webroot, then the context will be called webroot. (It's not possible to change the name of this folder for some internal reasons.) The documentation seems to indicate that a path attribute cannot be present in the Context element when context.xml is in META-INF - is there another way to achieve the effect I've described? If not, is there a strong reason why context.xml in META-INF couldn't read and use the path attribute of Context? Thanks. -- View this message in context: http://www.nabble.com/Specify-context-path-when-context.xml-is-in-META-INF-tp14246199p14246199.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
See command-line output with startup errors in Windows
When starting Tomcat from the command-line in Windows using the startup command, the first command-line window opens up another one. This second window displays an error message but closes too quickly to tell what the error message read. If I place a pause statement after :end in the last line of either startup.bat or catalina.bat, the output of the first window is paused, but not the second. How can I view the output in the second command-line window (I'm not talking about any kind of command-line output redirection) - is there somewhere I can put a pause statement to view the output? Thanks. -- View this message in context: http://www.nabble.com/See-command-line-output-with-startup-errors-in-Windows-tp14246312p14246312.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Specify context path when context.xml is in META-INF
Based on what I've read, I've learned that the least ideal approach is to place the context information in server.xml. What I don't know, though, is how the remaining options stack up to each other. What are the tradeoffs (apart from the path naming issue) of placing context.xml in META-INF versus as conf/Catalina/[host]/[appname].xml? For what reasons is one approach better than the other? I don't have as much experience deploying to Tomcat as some of you might, so I'm hoping you could outline the advantages and disadvantages of either approach. Caldarale, Charles R wrote: From: lightbulb432 [mailto:[EMAIL PROTECTED] Subject: Specify context path when context.xml is in META-INF Is there a way, when you have your context.xml in META-INF rather than specifying the Context element in server.xml or elsewhere, to customize the context path? No - the path is taken from the name of the .war file or directory. The only way to accomplish what you want is to place the Context element in the conf/Catalina/[host]/[appname].xml location, in which case the [appname] is the path. The application should not be placed in the Host appBase in this case, or you risk double deployment. If not, is there a strong reason why context.xml in META-INF couldn't read and use the path attribute of Context? Primarily to avoid ambiguities and extra, unwanted deployments. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Specify-context-path-when-context.xml-is-in-META-INF-tp14246199p14246383.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Application state in ServletContext
There's a requirement to allow code anywhere throughout the application to store and access application-wide state by using a class as shown below. The code cannot directly touch the ServletContext class, but may do so through an interface (shown below). public class ApplicationState { private static MapString,Object stateValues; public static Object getStateValue(String key) { return stateValues.get(key); // return servletContext.getAttribute(key); } } However, I noticed that because the class above is being initialized in a context listener, would you even need to bother using ServletContext? Can't I just take advantage of the fact that the class is being loaded by the application's classloader, and therefore all code within the application (and not other applications) will be able to access the static state of this class? Are there any tradeoffs with using my proposed approach over backing the above class with a ServletContext? Anything to do with the way Tomcat loads classes? Would the answer be different if that class weren't initialized in a context listener, but rather with the first access of ApplicationState happening in a servlet? Thanks. -- View this message in context: http://www.nabble.com/Application-state-in-ServletContext-tf4708314.html#a13457524 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Race condition with values displayed across redirects
Redirects are used so that users don't encounter the resubmit warning by the browser when they refresh the page, and so that page refreshes don't result in the POST being resent to the server. While it's a smaller consideration when messages for invalid values are displayed, it's a bigger consideration in cases where you're displaying a success message (and must do a redirect for usability reasons - e.g. seeing a new URL as opposed to the servlet's URL, no browser warnings on refresh) - then you would use the redirect. Passing the message in the request parameter (suggested by Mark) doesn't seem like the ideal solution, because (assuming a parameterized message based on submitted POST values) you'd need to pass the actual message in the query string. Not only would you have an ugly URL, but also someone could visit that page with their own message by changing the query string. Is there an ideal way to tell servlet S (one way I can think of is request attributes - anything else?) not to execute its filter when a redirect has been performed (i.e. to perform no further execution of its thread because the request has redirected away from it)? That way, am I correct to say you have a good solution - no race condition, no messages in query string, and you can use redirects as desired? Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, Mark Thomas wrote: lightbulb432 wrote: I have a question about whether there is a race condition with the following technique for displaying messages across redirects. Yes there is. If you submit a form with an invalid value on page P1 and the receiving servlet S redirects to another page P2, you'd like page P2 to contain a message saying You entered an invalid value. You can only put the value in the session (not the request, because it's a redirect, not a forward), with session.setAttribute(message,You entered an invalid value). Why not pass the information to P2 using a request parameter on the redirect? Or, better yet, why use a redirect at all? Then you don't have to mess with the session. Most post/validate/error flows I've seen all execute within the same request. Don't respond with a redirect; just redisplay the input form with the error messages attached. Then you don't have to worry about cleaning-up the session. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHBQtm9CaO5/Lv0PARAuSDAKChcVQ0+gSaJFR2AiS0mkUSx/DQkACfQTiz tuGGrkCrYACJNp9QH6r87Ro= =Kl2o -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Race-condition-with-values-displayed-across-redirects-tf4565759.html#a13043900 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Race condition with values displayed across redirects
I know people like to avoid those, but get real: refreshing a failed POST ought to re-POST the data (that will fail again). You should really only redirect on success. Agreed, it's a much bigger consideration on success than failure. But once you figure out a good way of approaching the issue on success, I imagine it'd be just as easily applicable on failure? Passing the message in the request parameter (suggested by Mark) doesn't seem like the ideal solution, because (assuming a parameterized message based on submitted POST values) you'd need to pass the actual message in the query string. Not only would you have an ugly URL, but also someone could visit that page with their own message by changing the query string. Oh, no! Someone could mount an XSS attack on themselves! :p :) Good call - I guess the ugly URL would be the main reason here, if any. Is there an ideal way to tell servlet S (one way I can think of is request attributes - anything else?) not to execute its filter when a redirect has been performed (i.e. to perform no further execution of its thread because the request has redirected away from it)? That way, am I correct to say you have a good solution - no race condition, no messages in query string, and you can use redirects as desired? Um, dispatcher? So would the following be a good way of approaching this using filter mappings (where the filter is as described in the OP)? - No filter on all servlets that can, upon success or failure, redirect to another page - Filters on all JSPs with a ${message} anywhere in their markup In what ways could I use the dispatcher element to enhance the setup further? Thanks. -- View this message in context: http://www.nabble.com/Race-condition-with-values-displayed-across-redirects-tf4565759.html#a13044760 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Implementing HttpSession
Rather than using Tomcat's own HttpSession, I may be implementing HttpSession to write to shared storage or to the client. (Or if for no other reason, then to learn something.) Do you know of any HttpSession implementations that are publicly available, as the task of storing session state in places other than web server memory is common enough that I'd hope others have already done so? A quick web search didn't reveal anything too exciting. There are a couple of methods I'm having trouble understanding how to implement. The first is isNew(). Looking through the StandardSession code, I can't tell exactly when to set this to true and false - all I know is that initially upon session creation on the server (e.g. in ManagerBase.createSession()), the new property is set to true. In what cases is it set to false, and how would a web application developer use this method? How can you tell Tomcat to use your implementation of HttpSession, so that when you call request.getSession(), it returns that object? In the above case, would Tomcat take care of calling setMaxInactiveInterval and providing a value for getServletContext()? Thanks. -- View this message in context: http://www.nabble.com/Implementing-HttpSession-tf4565627.html#a13032004 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Race condition with values displayed across redirects
I have a question about whether there is a race condition with the following technique for displaying messages across redirects. If you submit a form with an invalid value on page P1 and the receiving servlet S redirects to another page P2, you'd like page P2 to contain a message saying You entered an invalid value. You can only put the value in the session (not the request, because it's a redirect, not a forward), with session.setAttribute(message,You entered an invalid value). In page P2, you'd display ${message}. But to ensure that the message doesn't remain in the method upon every access to page P2, including when valid information is submitted, you'd create a filter that applies to servlet S with the following code: chain.doFilter(request,response); session.removeAttribute(message); This method seems to work, but is there a race condition? My understanding is that when a servlet does a redirect, the redirect occurs in a new thread and the rest of the current servlet execution continues (including filters) to completion in the current thread. Couldn't the filter on servlet S complete execution (and remove the message attribute) before page P2 renders, thereby leaving ${message} empty? Thanks. -- View this message in context: http://www.nabble.com/Race-condition-with-values-displayed-across-redirects-tf4565759.html#a13032386 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet Redeployment in Production
Christopher Schultz-2 wrote: What does Tomcat do when, in production, a new version of a WAR file that's currently being accessed is deployed? I've heard generally that you don't enable the auto-deployment feature in production, but assume you're aiming for a five-nines environment and the requirement is hot redeployment of the application. I would argue that autodeploy doesn't help much in this case, but we'll stick with that assumption for this discussion. I realize it wouldn't help for things like database changes, but what about changes to the structure of the HttpSession map, or the cookie structure, or something that has to do at the web application? I'd start with org.apache.catalina.StandardContext (and, specifically, the reload method), since that's the thing being reloaded. Where could I find the code where Tomcat stores its definitive list of all the current, active HttpSessions? (Where's the structure that Tomcat adds a newly created HttpSession to, and from which it removes timed-out or invalidated HttpSessions, and the code that manipulates it?) -- View this message in context: http://www.nabble.com/Servlet-Redeployment-in-Production-tf4429878.html#a12758041 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Servlet Redeployment in Production
What does Tomcat do when, in production, a new version of a WAR file that's currently being accessed is deployed? I've heard generally that you don't enable the auto-deployment feature in production, but assume you're aiming for a five-nines environment and the requirement is hot redeployment of the application. So here's the scenario: users are accessing a given context continually. An administrator literally drops into the webapps folder a new WAR file with the same name as the context above. What happens from a technical perspective, in terms of synchronization, consistency of existing sessions that were on the old webapp, and much more? Before spoiling the surprise for me, can anyone point me to the relevant classes/methods in the Tomcat source code to take a look at? (Then when I can't figure it out, I'll come back and ask you to spoil the surprise :) I'd like to get better at looking through a code base and figuring these things out, so hopefully someone can guide me in this. Thanks. -- View this message in context: http://www.nabble.com/Servlet-Redeployment-in-Production-tf4429878.html#a12637399 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Concurrency with HttpSession
I'm not talking about EJBs, but rather about any Tomcat-specific passivation that is done for HttpSessions that haven't been accessed in a while (just a memory use optimization). Regarding my question in general, I'm wondering (maybe this is more of a serialization question in general), if the container decides to serialize to disk a session with 10 attributes, and the following happens, wouldn't it result in an inconsistent serialized session? The container's thread finishes writing the first 5 attributes to disk, then a request's thread updates two session attributes (one from the first 5, one from the next 5), then the container writes the next 5 attributes to disk. You'd have an inconsistent serialized view, right? With only one of the two attribute updates reflected in the session. Sure, you'd assume that once a request accesses the session, the passivation would stop. Nonetheless, what thread-safety issues might arise with Tomcat in this case and others? I'm asking more for learning than any particular issue I'm having. mgainty wrote: I found this doc applicable You can pass the HttpSession as parameter to an EJB method, only if all objects in session are serializable. This has to be consider as passed-by-value, that means that it's read-only in the EJB. If anything is altered from inside the EJB, it won't be reflected back to the HttpSession of the Servlet Container More to the point of your test scenario: The pass-by-reference can be used between EJBs Remote Interfaces, as they are remote references. While it is possible to pass an HttpSession as a parameter to an EJB object, it is considered to be bad practice in terms of object-oriented design. This is because you are creating an unnecessary coupling between back-end objects (EJBs) and front-end objects (HttpSession). In any case could you post an the aforementioned where the session attributes are being modified so we can look at it.. Thanks/ M-- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Friday, September 07, 2007 10:33 PM Subject: Re: Concurrency with HttpSession lightbulb432 [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm reading some book concurrency books that talk about potential thread safety issues with HttpSession. Specific cases follow: - When the web container passivates an HttpSession while a user's request modifies it Should be rare, but I don't see anything in the TC code to prevent it from happening on edge cases. If someone can construct an example, I'd be more than happy to look into it. - When the web container replicates an HttpSession while a user's request modifies it I believe that with pessimistic locking, this shouldn't happen. But I'm not an expert on the TC replication code :). - When multiple quick, successive requests from the same user access the same HttpSession Could somebody explain how Tomcat deals with the first two, and what steps web application developers need to take to avoid concurrency problems with all three cases above? Is it guaranteed that the passivated/replicated object is always a consistent view of the HttpSession? Thanks. -- View this message in context: http://www.nabble.com/Concurrency-with-HttpSession-tf4403264.html#a12561600 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Concurrency-with-HttpSession-tf4403264.html#a12575563 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Concurrency with HttpSession
I'm reading some book concurrency books that talk about potential thread safety issues with HttpSession. Specific cases follow: - When the web container passivates an HttpSession while a user's request modifies it - When the web container replicates an HttpSession while a user's request modifies it - When multiple quick, successive requests from the same user access the same HttpSession Could somebody explain how Tomcat deals with the first two, and what steps web application developers need to take to avoid concurrency problems with all three cases above? Is it guaranteed that the passivated/replicated object is always a consistent view of the HttpSession? Thanks. -- View this message in context: http://www.nabble.com/Concurrency-with-HttpSession-tf4403264.html#a12561600 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Single-sign on without form-based authentication
Views would definitely allow me to keep the two tables separate, but then I'd have to authenticate against the two source tables separately (i.e. each application would point to the source table rather than to the view). If pointing both applications to the common view, then doesn't the original problem exist? But that requirement is only justification for authenticating with more than two credentials. From a technical point of view, what would you have to override to get this to work? In a previous post, I said the following: I took a look at JAASRealm and its authenticate method only takes two parameters (username and credentials, which is really just a single password string). Is it possible to pass my other credentials to the JAASRealm so that I can pass everything at one time (username, password, other credentials) to the stored procedure, rather than - if I've interepreted this correctly - authenticating once through the JAAS username/password, then again through my stored procedure to cancel out the previous authentication. So if not JAASRealm, perhaps I need to look at something else to customize? I could of course implement my own authentication, but if I can get around this one shortcoming of the credentials concept being considered a password String rather than a generic Collection of multiple Objects, then I think I might be able to use Tomcat authentication. Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lb, lightbulb432 wrote: The requirement doesn't accept having two tables (i.e. userTableA and userTableB), partly because increased maintenance, the possibility of table definitions going out of sync, etc. CREATE VIEW, anyone? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG1sVh9CaO5/Lv0PARAjCcAJ4gF601g5wChd1FQ1TodzPjKuQmpACgsEqq nD8wKTUJVWYkc5eGnA/mXt8= =FMuk -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Single-sign-on-without-form-based-authentication-tf3805975.html#a12410535 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Single-sign on without form-based authentication
Wow, those are good suggestions. I was thinking about the String concatenation, but didn't think it was worth considering further until you just mentioned it. So let me see if I have this straight: Anytime I want to use more than two credentials, I have to provide my own Realm implementation. But the only time I need to do the String concatentation is when at least one of the additional credentials (i.e. beyond username and password) is provided at request-time by the user, rather than at deployment-time? So for the example you gave with the appId property on my Realm implementation, I wouldn't need to do String concatentation because the user is only providing two credentials? But if the user were specifying what application they wanted to log into, then I'd have to concatenate that before passing to the authenticate method because Realm hasn't been instantiated with that information? If your HTML form has a j_username, j_password and myThirdCredential, where would you concatenate j_password and myThirdCredential? I'm guessing you'd also have to override the servlet pointed to by j_security_check - if I'm correct, how would you override this? (My guess is the servlet class pointed to by the text j_security_check is hardcoded somewhere within Tomcat?) Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lb, lightbulb432 wrote: Views would definitely allow me to keep the two tables separate, but then I'd have to authenticate against the two source tables separately (i.e. each application would point to the source table rather than to the view). If pointing both applications to the common view, then doesn't the original problem exist? Don't do that. Create separate views for each of your applications, and use the app-appropriate view for authentication. If you think this sounds like too much trouble, you're right. Just remember that Tomcat implements the simplest thing that could possibly work wrt authentication. If you don't like it, you can always override the authentication mechanism with something else (securityfilter!) or hand-roll your own realm. I took a look at JAASRealm and its authenticate method only takes two parameters (username and credentials, which is really just a single password string). Is it possible to pass my other credentials to the JAASRealm so that I can pass everything at one time (username, password, other credentials) to the stored procedure, rather than - if I've interepreted this correctly - authenticating once through the JAAS username/password, then again through my stored procedure to cancel out the previous authentication. Uh, you could always pass a concatenated credential which includes more than just the password. For instance: JAASRealm.authenticate(username, appId + : + hash(password)); Then, in your stored procedure, tear apart the credential and use part of it as the app identifier. Or, put the appId into the username. Whatever you want to do. There are lots of options. So if not JAASRealm, perhaps I need to look at something else to customize? I could of course implement my own authentication, but if I can get around this one shortcoming of the credentials concept being considered a password String rather than a generic Collection of multiple Objects, then I think I might be able to use Tomcat authentication. You can still use Tomcat's authentication mechanism... you just might have to use your own Realm implementation. Frankly, the org.apache.catalina.Realm interface is baffling to me. One option is to create a Realm that extends JDBCRealm (or, better yet, DataSourceRealm) and override the authentication method to do your own SQL queries, but keep all the configuration options provided by the superclass. You can even add a configuration option by adding a mutator and accessor to specify the app's id. Then you can do something like this in your context.xml: Realm className=package.to.your.Realm // extends JDBCRealm driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/authority connectionName=test connectionPassword=test userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name appId=application-1 / Just make sure you have setAppId and getAppId methods on your Realm implementation, and then use them when you build your SQL query to verify a login. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG1wuQ9CaO5/Lv0PARAh6IAKCIY9aMp59xFxXHIj9z4eCfF+SYngCeMfDF O1Gr8CyGEsukK3BFtBw5voQ= =Tzs2 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe
Re: Single-sign on without form-based authentication
Here's the case where three credentials are necessary: there is a requirement to host multiple applications on a single database, and data such as users are in a single, shared table. Therefore, someone logging into app A would enter username and password of user1 and pass1, and someone else logging into app B could also enter username as password user1 and pass1, but still be two separate entities. In the single database, the authentication table would have [User,Pass,App] as (user1,pass1,A), and (user1,pass1,B), which are two different and unrelated records. So even though the users are only entering two credentials into their respective applications' user interfaces, the application itself authenticates with Tomcat using three credentials. How could I make this work? The requirement doesn't accept having two tables (i.e. userTableA and userTableB), partly because increased maintenance, the possibility of table definitions going out of sync, etc. Thanks. Gregor Schneider wrote: however, i do not see any sense at all passing more tha two credentials (user, pass) to authenticate therefore, i suggest first thing you should do is to re-think the design of your application. -- View this message in context: http://www.nabble.com/Single-sign-on-without-form-based-authentication-tf3805975.html#a12374143 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication and authorization questions
Great response. Follow-up questions below: Christopher Schultz-2 wrote: When you login using form-based authentication, where invalid login attempts redirect to the form-error-page, how do you add a custom message to that page saying Login Failed? I ask because common practice is to send the user to the same login page rather than a different page. You can do whatever you want, since you get to control the pages for login and login-error. But if the login and login-error pages are the same page (meaning that when someone fails an access check they get redirected to the login-error page, which is actually the login page where they must re-enter their credentials) how could you put information into the request or session scope to be accessed by the page? In my login/login-error page, I could have a ${loginFailedMessage} printed in bold, red text, but where would I set this text in the first place for a generic message like Login failed? The loginFailedMessage variable wouldn't be set when the login page is accessed through a GET, but would be when forwarded/redirected to by Tomcat upon login failure. In fact, how could I add all sorts of state to the request so that the message could read Login failed for page ${failedPageName} or some other parameterized text? In fact, I don't much care for the TC implementation of the whole authentication thing anyway, so I have opted to dump it and use securityfilter instead. Primarily, it allows me to do direct logins (submit to j_security_check even when no protected resource has been requested), and I can write my own authenticator that isn't tied to Tomcat's implementation in any way. That allows me to switch TC versions or to another vendor entirely without changing a single thing in my implementation. But that's just me. I agree completely. I've been having a lot of problems with Tomcat authentication and authorization, and would like to use a custom solution. The only thing that deters me, and which applies to securityfilter as well, is the lack of SSO across contexts. Although I don't see an immediate need for SSO across contexts, I wouldn't want to have to rewrite an entire security architecture if the need arises. (And it may well arise if you decide to split up a large website's modules into different contexts.) The securityfilter projects says they're looking into SSO, but the project looks inactive enough that I'm not going to hold my breath. I tried looking for other Java servlet security products or projects, but nothing really came up. Any thoughts on this all? -- View this message in context: http://www.nabble.com/Authentication-and-authorization-questions-tf4345698.html#a12398683 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Session replication vs stateless
That sounds about right. Don't forget that you can't be stateless if you need logins of some type (unless you use BASIC auth, which looks ugly from a user point of view). Why is this? Others who answered to this thread and discussions in general around web applications describe statelessness as an option for fully-functional webapps, which I imagine includes login functionality. I'm not convinced you can reasonably do authenticated transactions (using Tomcat's auth) without stateful connections. You can hack around with storing login cookies or doing your own auth management, but I like the simplicity of using J2EE auth. Could you describe the limitations of statelessness as it relates to Tomcat's authorization? If you use your own custom login functionality then I see how there's no problem (just check the cookie or database for the current session ID for the right credentials, then allow access), but is the same mechanism not possible or available when trying to use the Tomcat or standard Servlet authentication mechanism? Pretty much nothing, unless you get lots of people who login and then walk away from their computers, and for some reason all of the walk-aways get assigned to one server, while all the other (active) users end up on another server. Then, you'd have one server with lots of load and one that's basically idle. This is unlikely, though. What's Tomcat's algorithm for load-balancing while taking into account session affinity? I remember in the response to another of my threads on this list people saying that it's generally outdated to use connectors and front Tomcat with Apache. I just want to confirm that it's the connector mechanism by which load balancing is possible with Tomcat, right? On what machine is the connector software usually on? If you have 5 machines with Tomcat on each, would you have the load balancer on one of those, on a dedicated machine, or would you have some other setup? What's generally done in production for high-availability sites? -- View this message in context: http://www.nabble.com/-OT--Session-replication-vs-stateless-tf4325727.html#a12369222 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Authentication and authorization questions
I have several questions about authentication and authorization in Tomcat below, so answer only what you can :) Thanks. Where does Tomcat authentication fit into the request processing lifecycle? Does it happen before even the very first filter gets called? What happens just before and just after authentication? Where does the role-based authorization fit into this process? When you login using form-based authentication, where invalid login attempts redirect to the form-error-page, how do you add a custom message to that page saying Login Failed? I ask because common practice is to send the user to the same login page rather than a different page. Is it configuration whether Tomcat uses redirects or forwards after successful or unsuccessful attempts? What's the default for both? How can you use JDBCRealm or DataSourceRealm with foreign keys from roles table to user table, rather than requiring the roles table to duplicate whatever field (e.g. username, email address) will actually be entered into the login screen? I ask because using simple text-matching rather than using the primary key of the user table seems a bit inefficient, but more importantly it may be disallowed from data standards in some organizations. Thanks. -- View this message in context: http://www.nabble.com/Authentication-and-authorization-questions-tf4345698.html#a12380709 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Session replication vs stateless
Thanks for your response. So it sounds like session replication is out for sure - you confirmed my initial feelings about it. Let me see if I have my options straight - stateless app tier and no session affinity, or stateful app tier (i.e. HttpSessions) with session affinity? The former allows you to forward the next request to any available web server because of no session affinity and to have failure without relogin, both of which seem like huge pluses. However, the downside is having to maintain that state elsewhere - either in the database (which as you pointed out is messy) or being sent back and forth to the client. Which of these options seems better at first glance to you? If I were to go with a stateful app tier (i.e. HttpSession with session affinity but no session replication), what's the overhead of session affinity? I realize that if there's no requirement for failure without relogin then this option could be better, but from a pure performance perspective, how big is the overhead caused by session affinity having to be resolved upon every request? Is there ever a benefit, from a Tomcat perspective or other, to having a stateless app tier but WITH session affinity, or would that be completely useless? Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lightbulb, lightbulb432 wrote: How are you designing your current applications, and what implications has the choice that you might not have expected - would you do anything differently if you could? (For the record, I am not using session replication.) It all comes down to what is most important for your application. If it is unacceptable to have users re-login if the server to which their session is tied (session affinity: no replication), then session replication is one of your only options. If it's okay to have users re-login when they switch servers due to failover, I'd highly recommend it since session replication is pretty heavy in terms of network use. Why waste all that time passing session information around? I ask because I'm still unsure about whether to decrease memory usage by increasing database usage (or bandwidth usage if sending state back to the client) by going stateless at the application tier. You don't necessarily have to go stateless. Using a session is fins as long as it's okay for users to re-login when they switch servers. Stateless Are there any people using stateless application tiers with transactions that are inherently stateful, such as wizard-type screens or other business processes or workflows? How'd that turn out? I have some flows that are sort-of stateless (that is, I have lots of hidden input elements on those pages). I use those for when I want the wizard to be able to continue in the middle if the session times out when a user is halfway through the flow. Yes, the user has to login again, but they pick-up the flow where they left off. Did you choose to move this state to the client (through cookies) or to the database? I don't like using the database for scratch work. First of all, it ties up valuable database resources. Second, it pollutes your schema with what amounts to temporary data. Lastly, you have to clean up after that scratch data at some point so you don't fill up your database with useless junk. I think it's easier to simply allow aborted transactions (meaning multi-page flows) to die along with the session under which they were running. With session replication between 2 machines, are you effectively reducing the capacity of each server, at least in terms of memory, by 50%? No. You're only reducing the amount of memory available for sessions by half. You can help yourself out a lot by using objects with transient fields so you don't transmit huge objects across the network and waste memory on a server that might not get used. Instead, use lazy instantiation to reconstitute those objects from the database (or wherever) when they are needed. Only replicate what is absolutely necessary to recover your state. (This only works well when you are also using session affinity). Hopefully I'm looking at it the wrong way, because it not, I'm not really liking the session replication idea if I'm decreasing hardware usage by half. I'd have to say that I would rarely recommend session replication just because the memory, CPU, and network overhead doesn't outweigh the minor (and hopefully rare) inconvenience of having to re-login when you switch servers. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGz0z39CaO5/Lv0PARAr9OAKCiB/sk56z7e4kBkPoqHL7QI8wv+ACeO9AA rsWsRUE4t5JhIbB+dSyS9kg= =Wypn -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL
Re: Use JMX to manage applications
In addition to my questinos below, is mbeans-descriptors.xml a Tomcat-specific file or part of JMX in general? I can't tell - it seems to appear in links like the following: http://commons.apache.org/modeler/apidocs/org/apache/commons/modeler/package-summary.html But its DTD is under commons.apache.org - so is this specific to an Apache JMX implementation, part of JMX, or something else? lightbulb432 wrote: The following link describes using JMX with Tomcat. Step #4 talks about the mbeans-descriptors.xml file, but it seems to make no difference when using it. If I don't include elements in that file that I do in MBean interface, it still works in JConsole properly - and the descriptions entered don't seem to show up in JConsole either. http://oss.wxnet.org/mbeans.html Also, things like the writeable property and the type property that are specified in this file could easily be determined from the MBean interface, from return types, whether a getter has a corresponding setter, etc. Then what is the use of this file if updating it to keep in sync with the MBean interface makes no difference? Is it necessary to begin with? Thanks. lightbulb432 wrote: How, from a web application deployed to Tomcat, can you customize the behavior of your web application based on attributes specified in an MBean? The link http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html talks a lot about Ant tasks, but that's not really what I'm looking to do. How can you get programmatic access to MBeans? And how do you deploy MBeans to Tomcat? I'm pretty confused here...hopefully someone can clarify. Thanks. -- View this message in context: http://www.nabble.com/Use-JMX-to-manage-applications-tf3978363.html#a12319486 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Session replication vs stateless
Although the debate between session replication vs stateless can't be definitively solved and depends on the application, I'd like to hear about your experiences with both. How are you designing your current applications, and what implications has the choice that you might not have expected - would you do anything differently if you could? I ask because I'm still unsure about whether to decrease memory usage by increasing database usage (or bandwidth usage if sending state back to the client) by going stateless at the application tier. Stateless Are there any people using stateless application tiers with transactions that are inherently stateful, such as wizard-type screens or other business processes or workflows? How'd that turn out? Did you choose to move this state to the client (through cookies) or to the database? Session replication For session replication in Tomcat 6, what's the ideal replication group size in general? Would you ever want to set it to more than 2 instances? (Because for any more, then you'd have a lot more overhead in transferring state back and forth to even more other instances...) With session replication between 2 machines, are you effectively reducing the capacity of each server, at least in terms of memory, by 50%? Hopefully I'm looking at it the wrong way, because it not, I'm not really liking the session replication idea if I'm decreasing hardware usage by half. Thanks. -- View this message in context: http://www.nabble.com/-OT--Session-replication-vs-stateless-tf4325727.html#a12319704 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Use JMX to manage applications
What is the preferred API for accessing MBeans from within servlets or JSPs? MBeanServerConnection jmxServerConnection = JMXConnectorFactory.connect(new JMXServiceURL(urlForJMX),null).getMBeanServerConnection(); jmxServerConnection.getAttribute(new ObjectName(Application:Name=Server,Type=Server),myAttribute); OR MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); AttributeList list = server.getAttributes(new ObjectName(Application:Name=Server,Type=Server),myAttribute); They both have roughly the same amount of code and do the same thing, so I'm wondering which is the preferred way. Unfortunately, you can't really abstract away the mechanism of getting the MBeanServer because one uses a MBeanServer while the other way uses the MBeanServerConnection object from which to perform other methods. The only tradeoff I can see is that the first way requires knowing the JMX connection URL which may need to be changed if, for example, the JXM port number is changed. However, the second way may return multiple MBeanServers, right? In the second way, would you ever expect a List with more than one MBeanServer to be returned? If so, how would that happen, and how would your code deal with it? Thanks. lightbulb432 wrote: How, from a web application deployed to Tomcat, can you customize the behavior of your web application based on attributes specified in an MBean? The link http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html talks a lot about Ant tasks, but that's not really what I'm looking to do. How can you get programmatic access to MBeans? And how do you deploy MBeans to Tomcat? I'm pretty confused here...hopefully someone can clarify. Thanks. -- View this message in context: http://www.nabble.com/Use-JMX-to-manage-applications-tf3978363.html#a12297804 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Use JMX to manage applications
The following link describes using JMX with Tomcat. Step #4 talks about the mbeans-descriptors.xml file, but it seems to make no difference when using it. If I don't include elements in that file that I do in MBean interface, it still works in JConsole properly - and the descriptions entered don't seem to show up in JConsole either. http://oss.wxnet.org/mbeans.html Also, things like the writeable property and the type property that are specified in this file could easily be determined from the MBean interface, from return types, whether a getter has a corresponding setter, etc. Then what is the use of this file if updating it to keep in sync with the MBean interface makes no difference? Is it necessary to begin with? Thanks. lightbulb432 wrote: How, from a web application deployed to Tomcat, can you customize the behavior of your web application based on attributes specified in an MBean? The link http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html talks a lot about Ant tasks, but that's not really what I'm looking to do. How can you get programmatic access to MBeans? And how do you deploy MBeans to Tomcat? I'm pretty confused here...hopefully someone can clarify. Thanks. -- View this message in context: http://www.nabble.com/Use-JMX-to-manage-applications-tf3978363.html#a12301485 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat with 8 GB memory
When I asked this question I had in mind a few potential downsides to one 8 GB Tomcat. One is memory leaks: if Tomcat starts to leak memory (not sure if this happens too often, if ever, but I'm speaking purely hypothetically) then you'd rather not want your single Tomcat to eat up all the memory. If you had two Tomcat instances running the exact same application, then the memory leak is only affecting up to 4 GB? The other is high-availability - if you have a huge 8 GB box and it's because you decide not to have 4 x 2 GB smaller boxes, then you definitely cannot get high-availability against hardware issues - but say you're pushing out an upgrade to the application (i.e. the WAR file). If you have two Tomcats, couldn't you bring one down while the other continues to serve requests, push out the upgrade, bring it back up, then do the same with the other application? With only one instance, you must have downtime right? The last is at the following link, several performance graphs for Linux show a slight or sharp decrease in performance for a given Tomcat instance beyond a certain number of users! Why is this? Wouldn't these diminishing returns, if true, severly cripple one 8 GB instance serving 2*n users compared to two 4 GB instances serving only n users? http://www.webperformanceinc.com/library/reports/windows_vs_linux_part1/index.html Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lightbulb, lightbulb432 wrote: If you have a gigantic server with something like 8 GB of memory, what would be the best way to run Tomcat 6 on it? One instance, multiple instances, or divide it up into two or more virtualized servers each with one instance? Unless you have concerns about stability of TC6 or your own application, one big JVM with a ton of threads would be my recommendation. Virtualization or multiple TC instances only adds overhead with no other real benefit. (If you run multiple applications, multiple TC instances might make sense). Is Tomcat meant to run as one instance with that much memory, or is it optimized for a different amount of memory? Tomcat shouldn't care. I think that thread synchronization is faster than full context switching, but that can be very sensitive to the platform, OS, and tuning parameters you might have (in the OS). Java is perfectly happy to run with 8GB. I realize with the options I mentioned above there are implications regarding high-availability and performance, but I'm not sure exactly what they'd be. Perhaps someone with more knowledge of this kind of stuff could comment. If you trust your operating system (I would trust any UNIX and UNIX-like OS, and Windows is somewhat dependable if you don't ask it to do too many things), then a single instance of the OS on a lot of hardware is just fine: go for it. If you are concerned about your OS's stability, then by all means run multiple instances of the OS and load balance between. From a strict performance standpoint, less is more, so stick to one OS and one Tomcat instance on that big, fat machine. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGqOyq9CaO5/Lv0PARAlTDAJwKFLgizNh/MatDmEupjdLvLvvDWgCfbHSj XLO50tctVgV5w+N/qwYYZEQ= =DJLh -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Tomcat-with-8-GB-memory-tf4149367.html#a11817605 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat with 8 GB memory
If you have a gigantic server with something like 8 GB of memory, what would be the best way to run Tomcat 6 on it? One instance, multiple instances, or divide it up into two or more virtualized servers each with one instance? Is Tomcat meant to run as one instance with that much memory, or is it optimized for a different amount of memory? I realize with the options I mentioned above there are implications regarding high-availability and performance, but I'm not sure exactly what they'd be. Perhaps someone with more knowledge of this kind of stuff could comment. Thanks. -- View this message in context: http://www.nabble.com/Tomcat-with-8-GB-memory-tf4149367.html#a11804198 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
What to put in Linux filesystem for Tomcat?
What is the minimum set of folders and files needed for Tomcat to run on Linux? I ask because if you dedicate a server for Tomcat and nothing else, you must want to minimize the size of the filesystem, disable/delete all extra services, and more to increase the performance and decrease memory utilization of Linux, correct? I'd like to put something together, but don't know where to begin. Do any of you run Tomcat on a Linux machine that is dedicated only for Tomcat? If so, could you please comment on what's necessary and what is extraneous to Tomcat on Linux? Potentially how small could you make your OS filesystem size, not including the size of your WARs and the Tomcat JARs themselves? I realize this might be leaning towards more of a Linux question than a Tomcat question, but who knows Tomcat better than Tomcat users! Your help is greatly appreciated. Thanks. -- View this message in context: http://www.nabble.com/What-to-put-in-Linux-filesystem-for-Tomcat--tf4133218.html#a11755211 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: Character encoding
That was a really great set of answers, thanks! These follow-ups are somewhat off-topic to Tomcat, but you really know this stuff well so I hope you don't mind addressing them: POST requests always use the request's body encoding, which is specified in the HTTP header (and can be overridden by using request.setCharacterEncoding). Some broken clients don't provide the character encoding of the request, which makes things difficult sometimes. What determines what's specified in the HTTP header for the value of the encoding? Is it purely up to the user agent, or can Tomcat provide hints based on previous requests how to encode it - or is it something up to the end user to set in their browser (in IE, View - Encoding)? In what cases would you call request.setCharacterEncoding to override the value specified by the user agent? Shouldn't you trust the user agent rather than trying to guess? (Or is this only used in cases where the user agent is broken, like you said - but then how would you know you're dealing with a broken client to begin with...aah, complicated!) You shouldn't have to worry about cookie encoding, since you can always call request.getCookies() and get them correctly interpreted for you. What do you mean by this? Does it mean (pardon the surely messed up use of the API below) in your response.addCookie(), you add a cookie where the value has cookie.setValue(new String(charByteArray,UTF-8)) then you read it back using responseCookie.getValue().getBytes(UTF-8)? (Where UTF-8 is whatever encoding you're using internally in your application.) Finally, what's the default encoding used by the response when response.setCharacterEncoding(myEncoding) isn't called? Am I correct to assume that if that default is not the default Java String encoding of UTF-16, then you MUST call convert all the Strings you've outputted to that encoding? (...because the HTTP header expects whatever the default is, but Java is outputting UTF-16 encoded text to the actual response bytes) Am I speaking rubbish here, or am I thinking about these concepts in the right way? Thanks a lot. P.S. How did you learn all of that?! Christopher Schultz-2 wrote: Lightbulb, lightbulb432 wrote: Why is the URIEncoding attribute specified on the connector rather than on a host, for example? Because the host doesn't handle connections... the connectors do. Does this mean that the number of virtual hosts that can listen on the same port on the same box are limited by whether they all use the same encodings in their URIs? Yes, all virtual hosts listening on the same port will have to have the same encoding. Fortunately, UTF-8 works for all languages that I know of. Now that I think about it, wouldn't it be at the context level, not even at the host level? If you had a connector-per-context, yes, but that's no the case. In Tomcat 6, should the useBodyEncodingForURI be used if not needing compatibility with 4.1, as the documentation mentions? I would highly recommend following that recommendation. To see if I have things straight, is HttpServletRequest's get/setCharacterEncoding used for both the request parameters from a GET request AND the contents of the POST? No. GET requests have request parameters encoded as part of the URL, which is affected by the Connector's URIEncoding parameter. POST requests always use the request's body encoding, which is specified in the HTTP header (and can be overridden by using request.setCharacterEncoding). Some broken clients don't provide the character encoding of the request, which makes things difficult sometimes. How are multipart POST requests dealt with? Typically, each part of a multipart request contains its own character encoding, so a multipart POST would follow the encoding for the part you're reading at the time. And HttpServletResponse's get/setCharacterEncoding is used for the contents of the response header and the meta tags? Only for the header field, not META tags. If you want to emit META tags, you'll have to do them yourself. Does it also encode the page content itself? Nope. If you change the character encoding for a response after the response has already had some data written to it, I think you'll send an incorrect header. For instance: response.setCharacterEncoding(ISO-8859-1); PrintWriter out = response.getOutputWriter(); response.setCharacterEncoding(Big5); out.print(abcdef); out.flush(); Your client will not receive a sane response. Setting the character encoding only sets the HTTP response header and configures the response's Writer, if used, but only /before/ calling getWriter the first time. What about the encoding of cookies for both incoming requests and outgoing responses? See the HTTP spec, section 4.2 (Message Headers). It references RFC 822 (ARPA Internet text messages) which does not actually specify a character encoding. From what I can see, low ASCII
Character encoding
Why is the URIEncoding attribute specified on the connector rather than on a host, for example? Does this mean that the number of virtual hosts that can listen on the same port on the same box are limited by whether they all use the same encodings in their URIs? Now that I think about it, wouldn't it be at the context level, not even at the host level? In Tomcat 6, should the useBodyEncodingForURI be used if not needing compatibility with 4.1, as the documentation mentions? To see if I have things straight, is HttpServletRequest's get/setCharacterEncoding used for both the request parameters from a GET request AND the contents of the POST? How are multipart POST requests dealt with? And HttpServletResponse's get/setCharacterEncoding is used for the contents of the response header and the meta tags? Does it also encode the page content itself? What about the encoding of cookies for both incoming requests and outgoing responses? Thanks. -- View this message in context: http://www.nabble.com/Character-encoding-tf4031134.html#a11450938 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HttpSession questions
I did notice the getServletContext() of the servlet classes, but in this case the code is in a custom class that was forwarded to by the servlet - I don't have access to the servlet in this class. If however, I were to change my code and pass the return value of Servlet's getServletContext() to my class, would a session still be created, as happens using the request.getSession().getServletContext() approach? Out of curiosity, why is there a getServletContext() on HttpSession? Pardon my ignorance, but that just doesn't seem right - if it's there as convenience, then shouldn't it be on the HttpServletRequest class as well? If that's just the way it is, then that's fine... But is there some design reason you can think of that the method is in the session but not request object? Am I missing something here? Caldarale, Charles R wrote: From: lightbulb432 [mailto:[EMAIL PROTECTED] Subject: HttpSession questions Why is it that you need an HttpSession in order to get a ServletContext? You don't - since your code is in a class that extends HttpServlet, just call getServletContext() directly; it's defined under javax.servlet.GenericServlet. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/HttpSession-questions-tf4008885.html#a11385434 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Filters and getLastModified
Could somebody explain when in the request process getLastModified is called on a servlet? Is it before everything - all servlets, filters, listeners, anything else? If you have multiple filters, how does this fit into the process - are they all guaranteed to see the process through before the getLastModified call occurs on the servlet? (i.e. Can you count on the filtering to have occurred before the code in your getLastModified runs?) I ask in the case that your getLastModified is more than a simple file system last modified timestamp check, and where you're using some kind of controller servlet rather than servlet-per-path - in which case your one getLastModified method in the controller servlet could become complex, having to deal with multiple getLastModified semantics of multiple pages that map to one servlet? With what request methods is it called (GET, POST, etc...)? The servlet spec gives only a slight indication that it's for GETs, but doesn't really elaborate. Thanks. -- View this message in context: http://www.nabble.com/Filters-and-getLastModified-tf4006572.html#a11378442 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Where to find session cookies
How can I configure Tomcat to use permanent cookies as opposed to session cookies? One of the reasons I'd like to know is to see the behavior of method isNew() of HttpSession, which I can do if I'm able to disable cookies. As the Javadoc for HttpSession says: A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Fargusson.Alan wrote: Session cookies are not stored on disk. This is why they are more secure then cookies (non-session). Since they only exist in RAM (ok, maybe in swap files) nobody else using that machine can find them, and they go away when the browser ends. -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 29, 2007 12:15 PM To: users@tomcat.apache.org Subject: Where to find session cookies When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, or am I just doing something else wrong? I do have cookies enabled, so it's not writing the session id to the URL, either. Thanks. -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a10860700 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a11311838 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: In-Process Tomcat
Any web application that needs to scale wouldn't use httpd (or anything else) in front of tomcat, so the question in- or out-process tomcat doesn't matter. From 5 high performance application I know the details of, 1 is still using apache in front; more out of habbit, rather than by need. Others are using a hw loadbalancer in front of x tomcat servers, and some servers for static content (which can be apache httpd, but is mostly something different) which are parallel to the tomcat servers. So the loadbalancer decides which server to ask for specific content type. You're actually the first person I've heard to say that apps that need to scale would not use HTTPD. I've read the exact opposite on multiple occassions, but as I'm a relative newbie to Tomcat I'm hoping people on this mailing list can correct me. Could you expand on your point further? How would hardware load balancers go about handling sticky sessions? Or would you have to design for a stateless web tier so that any Tomcat instance will do upon the next request? You mention that when you use a static content server, it's generally something other that HTTPD. Is there a particular reason for that? What static servers have you generally seen in use apart from HTTPD - are there things that just work better in the setup you described than others? -- View this message in context: http://www.nabble.com/In-Process-Tomcat-tf3972772.html#a11288104 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Multiple instances vs multiple hosts
In production, for organizations that run multiple web applications, would they run it on different instances of Tomcat (1 instance per web application or group of related web applications), or all web applications as different hosts on one instance of Tomcat? (Not taking into account clustering, where everything in whatever setup is chosen would be duplicated.) What are the tradeoffs in terms of performance, resource usage, maintainability, etc, and what are your comments based on past experience? What's common in production and what isn't as much? Thanks. -- View this message in context: http://www.nabble.com/Multiple-instances-vs-multiple-hosts-tf3976746.html#a11288124 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: In-Process Tomcat
You mention that when you use a static content server, it's generally something other that HTTPD. Is there a particular reason for that? What static servers have you generally seen in use apart from HTTPD - are there things that just work better in the setup you described than others? http://lighttpd.net/ Without using hardware load balancers, how could you implement the architecture whereby (as you described) lighttpd serves static content, Tomcat serves dynamic content, but with the two sets of servers (lighttpd and Tomcat) in parallel rather than lighttpd fronting Tomcat? Would you be required to, in your JSPs, include all links to static content using http://staticserver.site.com/...? What are all the available options to implement this setup? Thanks. -- View this message in context: http://www.nabble.com/In-Process-Tomcat-tf3972772.html#a11290376 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Use JMX to manage applications
How, from a web application deployed to Tomcat, can you customize the behavior of your web application based on attributes specified in an MBean? The link http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html talks a lot about Ant tasks, but that's not really what I'm looking to do. How can you get programmatic access to MBeans? And how do you deploy MBeans to Tomcat? I'm pretty confused here...hopefully someone can clarify. Thanks. -- View this message in context: http://www.nabble.com/Use-JMX-to-manage-applications-tf3978363.html#a11293522 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Is ThreadLocal safe to use in servlets
To conserve resources when multiple Connector elements are configured. No point in having a multitude of idle threads when some Connectors are only lightly used or the usage pattern varies with time. Is it safe to assume that this is the way to go, or are there ever, ever any times when it would be less desirable to go this route than the default thread-pool-per-connector element? (I ask in terms of performance or other production characteristics, rather than the initial extra few minutes to configure that element and figure out how to correctly use it...?) Also, using this method can threads only be shared between Connectors associated with a single Engine (because Executor is a child of Service, not Server), rather than being shared between every request to all web applications on this instance of Tomcat? I have another question about using ThreadLocal as an instance variable in a threadsafe Singleton. If the Singleton has 5 instance methods, each of which requires use of the value stored in the ThreadLocal, I see one option: - Start each method with a call to a private method that returns the value in the ThreadLocal void method1of5() { String myString = getStringFromThreadLocal(); myString.doStuff(); } Is there another alternative, which would reduce the duplication of that first line for each of the five methods? One thing I thought of (though it's not possible, but maybe you can suggest other alternatives) is to somehow have an instance variable that stores the value of that call, that each method could use directly? String myString = getStringFromThreadLocal(); void method1of5() { myString.doStuff(); } Of course this isn't possible the way I've shown, because the myString instance variable is only initialized once, and shared between all users of the Singleton. (Though it does simplify each of the 5 methods, making them oblivious to the fact that they're dealing with ThreadLocals, and that's what I'm hoping you might be able to suggest a way of doing...) -- View this message in context: http://www.nabble.com/Is-ThreadLocal-safe-to-use-in-servlets-tf3858168.html#a11276599 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
In-Process Tomcat
I read a few things that explained the difference (in configurations where you must front Tomcat with Apache HTTPD) between in-process Tomcat and out-of-process Tomcat, and have a couple of questions. It said that in-process Tomcat will reduce latency (which I understand) but decrease both stability and scalability - why will it decrease both of these things? How can you set up an in-process Tomcat? I couldn't find anything related at http://tomcat.apache.org/connectors-doc/ or by doing a web search. Do both options make use of the mod_jk connector to HTTPD, and it's just a matter of configuring it appropriately, or does Tomcat somehow have to be compiled into Apache, or something else? In general, what conflicts arise from an integrated Tomcat and HTTPD setup, whether in-process or not? Both Tomcat and HTTPD have configuration related to URL rewriting, authorization/authentication, logging, etc. In general terms, what's the most reasonable way to configure your integrated setup so that the resulting installation doesn't leave security holes, or break due to URL rewriting, or any other results? An strategies or best practices here? -- View this message in context: http://www.nabble.com/In-Process-Tomcat-tf3972772.html#a11276703 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: In-Process Tomcat
Thanks for your detailed response. See questions below. In-process Tomcat is to have Tomcat running in the same process space as Apache HTTPD, IIS, or other web server. Since most of the web servers are implemented in C/C++, you will have to use JNI to integrate with Java-based Tomcat, and create a mod_tomcat like module for Httpd. So there's no standard prepackaged installation of the two combined, or no standard connector plugin or something that's distributed with either Tomcat or HTTPD, which is why I'd have to create it myself? Is the in-process approach that uncommon? Definitely the in-process setup improves performance, since communication between Tomcat and web server occurs via memory-based data exchange. It will be less stable since if something went wrong with the Tomcat, it would affect the web server directly. It will also be less scalable, since this setup won't support high-availability and clustering of Tomcat servers. Why does the in-process approach render high-availability and clustering impossible? From a technical/implementation perspective, what is it about the in-process approach that causes this specific functionality to not be possible? In any case, if clustering features don't work then it's definitely no surprise that any web application that needs to scale wouldn't use this approach...unless it is being used in some way by such web applications in production - anybody know? -- View this message in context: http://www.nabble.com/In-Process-Tomcat-tf3972772.html#a11281236 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Port-based virtual hosting
The question's more of a general one to help me understand some elements in server.xml. Maybe I'll start with this question first, though: If you somehow have multiple contexts (within the same Host or Service, or within different ones in your Tomcat instance) that point to the same WAR file or docBase, are there multiple instances of that web application running, or are the multiple entry points to that application (based on it being specified in multiple hosts) really pointing to the same instance of that webapp? If this doesn't make sense, I can clarify. Thanks. Caldarale, Charles R wrote: From: lightbulb432 [mailto:[EMAIL PROTECTED] Subject: Port-based virtual hosting Is there any functional difference between the two options - if they're both even possible? Which would you go with? - 1 Service element with 5 HTTP connectors (each on a different port) and one Engine with 5 Hosts (Host name=application.com:8080, Host name=application.com:8081, etc...) - 5 Service elements, each with 1 HTTP connector and one Engine with only 1 Host Not sure I understand your requirements. Are you trying to implement multiple virtual hosts that are segregated by port number rather than DNS name? Your first option is not likely to work, since the port number is stripped off before comparison with the Host name is done. (Also, since the Host name is used as a directory name in the underlying file system, the colon won't be allowed on many platforms.) The first option would use less resources than the second one, but I think it would require that you write a Valve to forward each request to the proper Host. I think the second one will work without any additional coding (but I haven't tried it). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Port-based-virtual-hosting-tf3970665.html#a11281403 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is ThreadLocal safe to use in servlets
You mention the use of filters, which leads me to the question of where is it safe to start using a request-scoped object stored in a ThreadLocal? Would it be safe to use in a filter, listener, or only once request processing gets to the servlet? A different way of asking this question is where/when does Tomcat start the Thread that handles a given request, and what is executed in the context of that thread? (e.g. filters, listeners, other things, servlets of course) Thanks. Leon Rosenberg-3 wrote: they are absolutely perfect to reduce parameter pumping through many layers of code. But you should set and reset them properly, best in a filter. regards Leon On 6/2/07, lightbulb432 [EMAIL PROTECTED] wrote: Are ThreadLocal variables safe to use with servlets? There are some cases where it could really simplify my code if used correctly, but first I want to make sure there aren't any horrible problems with doing so. (I've read that the implementation of ThreadLocals has gotten much better with the last few releases of Java.) Has anyone had experience using them successfully, or even unsuccessfully? If so, please share your insights. Thanks. -- View this message in context: http://www.nabble.com/Is-ThreadLocal-safe-to-use-in-servlets-tf3858168.html#a10930638 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Is-ThreadLocal-safe-to-use-in-servlets-tf3858168.html#a11269789 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Is ThreadLocal safe to use in servlets
Thanks for that great answer! I'm hoping you could help clarify my understanding and answer some more questions that your response brought up... Based on the behavior you specified of ThreadLocals sticking around after the webapp is undeployed, is it correct to say that the thread pool you mentioned is global to ALL webapps in Tomcat, rather than multiple thread pools, one for each webapp in the same Tomcat instance? Is it also correct to say that this could be a security problem, where a user in another webapp could inadvertently see something left around in a ThreadLocal from another user in the same webapp - or from another user in a different webapp? Do you see any problems with creating one or more ThreadLocals as the first operation in the first filter defined for a webapp, and closing them (i.e. nulling them out) as the last operation in that same filter? This would thereby ensure that the ThreadLocal is there for the entire scope of the request. Do the garbage collection problems you mentioned apply in this case? (This next question is more to see whether my thought process is correct rather than to bash the servlet spec or Tomcat.) I can understand how any context listener methods aren't guaranteed to be called in the same thread as a request, because it's a completely unrelated concept. But am I correct to say that it's a limitation that session listeners (both attribute-binding and creational listener methods) aren't guaranteed to be run in the same thread as the request that created it? After all, each of those operations happens directly because of and in a given request, so wouldn't it be a better design for those methods to be called by the same thread? That way, you could use ThreadLocals to obtain values in the session listeners that are inserted elsewhere in the same request that created/invalidated a session, or bound/unbound a session attribute. Caldarale, Charles R wrote: From: lightbulb432 [mailto:[EMAIL PROTECTED] Subject: Re: Is ThreadLocal safe to use in servlets A different way of asking this question is where/when does Tomcat start the Thread that handles a given request, and what is executed in the context of that thread? (e.g. filters, listeners, other things, servlets of course) Tomcat utilizes a thread pool for processing requests; the same thread is used for the duration of the request through the entire filter/servlet chain (required by the servlet spec), including data base and other external resource access. However, since the threads are pooled, you can't count on ever seeing the same thread twice in a given servlet, so ThreadLocal objects are best created and destroyed during individual request handling; trying to keep them around longer runs the risk of their continuing to exist even after a webapp has been stopped or undeployed, resulting in garbage collection problems. Since Listeners are not associated with a specific request, there's no guarantee that the thread running through any Listener code will ever be used for a request for the associated webapp, and there's no guarantee it won't. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Is-ThreadLocal-safe-to-use-in-servlets-tf3858168.html#a11270259 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Is ThreadLocal safe to use in servlets
Thanks again. This has been a very enlightening thread (no pun intended). Caldarale, Charles R wrote: Normally, there's a thread pool per Connector. Tomcat 6 introduces the ability to share thread pools across multiple Connectors, via the Executor element. (I haven't tried it.) When might an advanced Tomcat user need to play with this Executor element? In what ways could you potentially make use of sharing a thread pool between all connector versus for only a single connector? What kinds of requirements would make someone place an Executor element in their server.xml? Yes, that's another reason to restrict the lifetime to that of a single request. Exposure across webapps would be difficult to exploit unless the class definition of the object cached via ThreadLocal were visible to both webapps. Good point. If the same class definition were in fact placed in the classpath of both applications, wouldn't this still not work though - because they'd be loaded by the web context-specific classloaders and therefore not be the same class? (i.e. because they'd fail the instanceof test) If that's the case, would it work if the class were placed in the CATALINA_HOME/lib instead? -- View this message in context: http://www.nabble.com/Is-ThreadLocal-safe-to-use-in-servlets-tf3858168.html#a11270711 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Port-based virtual hosting
Was just thinking about this, and am curious to know (though it's pretty trivial)... Is there any functional difference between the two options - if they're both even possible? Which would you go with? - 1 Service element with 5 HTTP connectors (each on a different port) and one Engine with 5 Hosts (Host name=application.com:8080, Host name=application.com:8081, etc...) Service Connector/ Connector/ Connector/ Connector/ Connector/ Engine Host/ Host/ Host/ Host/ Host/ /Engine /Service - 5 Service elements, each with 1 HTTP connector and one Engine with only 1 Host (i.e. the following repeated 5 times) Service Connector/ Engine Host/ /Engine /Service I'm just trying to wrap my head around the server.xml file, and I believe asking questions like this (though they may seem to be pretty pointless) will help me understand better. Thanks. -- View this message in context: http://www.nabble.com/Port-based-virtual-hosting-tf3970665.html#a11270800 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Save sessions across restarts
During development, I'd like my sessions to stick around while I reload the context or restart the container, so that when I make a change to a servlet, for example, that requires a context reload, I don't have to relogin in the application. I notice the saveOnRestart attribute, which is supposed to be enabled by default. Why is it that I must relogin every time? Do I need to make some other change to the default server.xml or web.xml, which I haven't done? (Haven't done anything with regards to manager or store configuration elements.) Thanks. -- View this message in context: http://www.nabble.com/Save-sessions-across-restarts-tf3937140.html#a11166675 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Directory listings on a per-context level
I've set listings to true on TOMCAT_BASE/conf/web.xml's DefaultServlet, but that allows directories to be seen for all contexts. Is there a way to set directory listings for certain contexts but not others? Thanks. -- View this message in context: http://www.nabble.com/Directory-listings-on-a-per-context-level-tf3915251.html#a11101399 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ServletContextListener
Can requests potentially arrive at a servlet before the ServletContextListener's contextInitialized method has completed? I ask because the method occurs as a notification once the servlet context is ready to accept requests. Is there a chance, then, that a request could begin being served while your contextInitialized method is being carried out (especially if it's long-running)? Is contextInitialized suitable only for things like logging the fact that a context is ready, or can it be used for setup that MUST occur before the first request is accepted? If not the latter, what can be used to serve this function? -- View this message in context: http://www.nabble.com/ServletContextListener-tf3894944.html#a11042104 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Is ThreadLocal safe to use in servlets
Are ThreadLocal variables safe to use with servlets? There are some cases where it could really simplify my code if used correctly, but first I want to make sure there aren't any horrible problems with doing so. (I've read that the implementation of ThreadLocals has gotten much better with the last few releases of Java.) Has anyone had experience using them successfully, or even unsuccessfully? If so, please share your insights. Thanks. -- View this message in context: http://www.nabble.com/Is-ThreadLocal-safe-to-use-in-servlets-tf3858168.html#a10930638 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Connection Pool and Connections
When using the tomcat-dbcp DataSource, when my web application code gets a connection: myConnection = myDataSource.getConnection(); then executes multiple separate statements myStatement1 = myConnection.createStatement(); myStatement1.execute(); myStatement2 = myConnection.createStatement(); myStatement2.execute(); then close the connection myConnection.close(); Is it possible that myStatement1 and myStatement2 would be run using different physical database connections, or are they absolutely guaranteed to be executed using the same connection? Or is connection pooling only for not actually closing the physical database connection on myConnection.close(), instead returning it to the connection pool? A different way of asking this is does connection pooling pool connections within an application connection (myDataSource.getConnection() and myConnection.close()), or between application connections? If this question doesn't make sense, I can clarify. Thanks a lot. -- View this message in context: http://www.nabble.com/Connection-Pool-and-Connections-tf3853952.html#a10918685 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Where to find session cookies
When testing my application that uses sessions, I don't seem to see a cookie with domain localhost in my browser's cookies folder. Does Tomcat use some internal folder to put its cookies, or am I just doing something else wrong? I do have cookies enabled, so it's not writing the session id to the URL, either. Thanks. -- View this message in context: http://www.nabble.com/Where-to-find-session-cookies-tf3835973.html#a10860700 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Questions about Contexts
How are extremely large web applications divided up into contexts (as I’d imagine these applications don’t reside within just a single WAR)? Let’s say you have different functional areas, like user registration, search, file management, etc, could each of those be divided up into its own context, or is that too fine-grained? Do any of you manage applications that, while logically being one application, are actually deployed to multiple contexts? If so, could you share some of your experiences in doing this – the benefits and limitations: not only with single sign-on (which Tomcat makes easy), but things like session management, concurrency to the data layer, and things that I can’t even think of… Or is dividing up one WAR into multiple WARs or the other way around as simple as cutting and pasting the appropriate JSPs/Servlets/JavaBeans and tweaking the web.xml files accordingly? I’d imagine there’s much else that needs to be watched out for. Thanks. -- View this message in context: http://www.nabble.com/Questions-about-Contexts-tf3836951.html#a10863826 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Excluding JSP compiler from Tomcat
In your production environment have you disabled or excluded the actual Tomcat piece that does the JSP compilation, to decrease the size and memory usage (no matter how small) of the production Tomcat install? The part of the JSP spec that I referred to in my original post seemed to indicate that it might be possible depending on your container. As Tomcat is the RI, I'm wondering whether this capability is available. Lakshmi Venkataraman wrote: In our development environment we compile JSPs on the fly. In our production environment we have precompiled JSP classes. In the PRODUCTION environment, webapps/WEB-INF/web.xml have servlet and servlet-mapping defined for every JSP page. For example: servlet servlet-nameMyAppJsp1/servlet-name servlet-classjsp.myAppJsp1/servlet-class /servlet servlet-mapping servlet-nameMyAppJsp1/servlet-name url-pattern/jsp/MyAppJsp1.jsp/url-pattern /servlet-mapping The precompiled JSP classes are placed inside WEB-INF/classes/jsp. I guess you can also probably archive these files in a WAR file. --Lakshmi -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Friday, May 25, 2007 10:31 AM To: users@tomcat.apache.org Subject: Excluding JSP compiler from Tomcat The JSP spec says that if you precompile JSPs you can reduce the JSP container footprint by excluding the JSP compiler. How can this be done in Tomcat? Thanks. -- View this message in context: http://www.nabble.com/Excluding-JSP-compiler-from-Tomcat-tf3817429.html# a10807251 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Excluding-JSP-compiler-from-Tomcat-tf3817429.html#a10809085 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Single-sign on without form-based authentication
Thanks for pointing me to that class. How can I specify my overriden version in a configuration file or programmatically so that it can be used? Also, I was looking into how to solve the problem from my original post, and came across the concept multiple times of providing my own Realm implementation. Could somebody describe the difference between your suggestion and implementing Realm? Are they mutually exclusive concepts? Are they unrelated to each other completely? Thanks. Gregor Schneider wrote: You could call the authenticate()-method from Tomcat's FormAuthenticator: http://tomcat.apache.org/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/authenticator/FormAuthenticator.html#authenticate(org.apache.catalina.HttpRequest,%20org.apache.catalina.HttpResponse,%20org.apache.catalina.deploy.LoginConfig) However, this will work in Tomcat only, and I'd rather implement a formbased login than to frickle (German expression for a quick dirty solution) my own solution. cheers Gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Single-sign-on-without-form-based-authentication-tf3805975.html#a10785065 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Reloadable attribute not working
I tried looking through the startup.bat file for standalone Tomcat and still cannot seem to figure out what the difference is between what that file is doing to startup Tomcat properly, and what I'm doing wrong with embedded Tomcat from my class below. (It's calling the same startup classes that I'd be calling, right?) Any thoughts? lightbulb432 wrote: I know the cause of the problem - my use of embedded tomcat. When I tried it with the standalone Tomcat, it works fine. What I'm confused about, then, is how to fix the following code to make it work like standalone Tomcat. I'm using Tomcat 6. I'd be very surprised if this I'm not doing something wrong and this is a limitation of embedded Tomcat. public static void main(String[] args) { Bootstrap bootstrap = new Bootstrap(); bootstrap.setCatalinaHome(path1); bootstrap.setCatalinaBase(path2); try { bootstrap.init(new String[] {-config,conf/server.xml}); bootstrap.start(); Thread.sleep(1000); } catch (Exception e) { e.printStackTrace(); } } Also, nothing is appearing underneath CATALINA_BASE/work/Catalina/localhost/myapp, regardless of the number of servlets or JSPs I've deployed and accessed, and regardless of whether it's with standalone or embedded Tomcat. Caldarale, Charles R wrote: From: lightbulb432 [mailto:[EMAIL PROTECTED] Subject: RE: Reloadable attribute not working There's no folders under CATALINA_BASE/conf Not having run an embedded Tomcat, I don't know if that's normal or not. I'm using the invoker servlet - could that be a reason, or does it have nothing to do with this? Don't know - the invoker servlet should never be used. It's only there for compatiblity. Also, could it be why no .java and .class files are generated in my work directory? They're only generated for .jsp files; do you have any in your webapps? What other effects might one expect using the invoker servlet? Security holes all over the place. It's really a bad idea. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Reloadable-attribute-not-working-tf3781575.html#a10785088 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Single-sign on without form-based authentication
I'll try to avoid the hack method if possible. Let me clarify the two requirements that my authentication process must meet. It must use an existing stored procedure that will return a login success/fail response, and it needs additional credentials (username, password, and at least one other field, if not more.) Which of the two suggestions should I be looking at? (JAASRealm or FormAuthenticator?) I can't tell the conceptual difference between these classes, and which can solve my problem. Also, is it correct to say that both suggestions are Tomcat-specific? (Realms and FormAuthenticator.) Thanks. Gregor Schneider wrote: in $CATALINA_HOME/server/lib/catalina.jar there's a file catalina.properties. There your will find the following entries: BASIC=org.apache.catalina.authenticator.BasicAuthenticator CLIENT-CERT=org.apache.catalina.authenticator.SSLAuthenticator DIGEST=org.apache.catalina.authenticator.DigestAuthenticator FORM=org.apache.catalina.authenticator.FormAuthenticator NONE=org.apache.catalina.authenticator.NonLoginAuthenticator Replace either Basic or FormAuthenticator with your own, put your jar into $CATALINA_HOME/server/lib, restart - voilá had to do that once, however, it's a bad hack On 5/24/07, lightbulb432 [EMAIL PROTECTED] wrote: implementation. Could somebody describe the difference between your suggestion and implementing Realm? Are they mutually exclusive concepts? Are they unrelated to each other completely? http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#JAASRealm That would be a better solution, though, however, I'm not sure if that could work with the architecture you described in your former post. cheers gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Single-sign-on-without-form-based-authentication-tf3805975.html#a10787517 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Single-sign on without form-based authentication
Is it correct to say that you lose the ability to have single-sign on across multiple contexts if you go with a custom login solution (e.g. checking login form fields in a servlet and, if correct, setting a “login” session attribute to true) as opposed to standard form-based authentication? How can I programmatically customize the form-based authentication, so that I can retain my current login mechanism while still telling Tomcat to use these credentials at a web container level rather than just at the web application level? I’d imagine there’d be ways to customize this, as developers would like to perhaps customize the login process (requiring more than just a j_username and j_password). How can I do this? Thanks. -- View this message in context: http://www.nabble.com/Single-sign-on-without-form-based-authentication-tf3805975.html#a10770906 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Reloadable attribute not working
I know the cause of the problem - my use of embedded tomcat. When I tried it with the standalone Tomcat, it works fine. What I'm confused about, then, is how to fix the following code to make it work like standalone Tomcat. I'm using Tomcat 6. I'd be very surprised if this I'm not doing something wrong and this is a limitation of embedded Tomcat. public static void main(String[] args) { Bootstrap bootstrap = new Bootstrap(); bootstrap.setCatalinaHome(path1); bootstrap.setCatalinaBase(path2); try { bootstrap.init(new String[] {-config,conf/server.xml}); bootstrap.start(); Thread.sleep(1000); } catch (Exception e) { e.printStackTrace(); } } Also, nothing is appearing underneath CATALINA_BASE/work/Catalina/localhost/myapp, regardless of the number of servlets or JSPs I've deployed and accessed, and regardless of whether it's with standalone or embedded Tomcat. Caldarale, Charles R wrote: From: lightbulb432 [mailto:[EMAIL PROTECTED] Subject: RE: Reloadable attribute not working There's no folders under CATALINA_BASE/conf Not having run an embedded Tomcat, I don't know if that's normal or not. I'm using the invoker servlet - could that be a reason, or does it have nothing to do with this? Don't know - the invoker servlet should never be used. It's only there for compatiblity. Also, could it be why no .java and .class files are generated in my work directory? They're only generated for .jsp files; do you have any in your webapps? What other effects might one expect using the invoker servlet? Security holes all over the place. It's really a bad idea. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Reloadable-attribute-not-working-tf3781575.html#a10710782 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Reloadable attribute not working
When I update a servlet class and it gets compiled automatically into WEB-INF/classes, my context does not reload automatically. It is only when I restart Tomcat that the changes to the servlet are viewable. I am using Tomcat 6 and have set reloadable to true in context.xml in my META-INF/context.xml file. I'm running Tomcat 6 embedded, where I use the Bootstrap class to start the server initially. Why might this not be working? Thanks. -- View this message in context: http://www.nabble.com/Reloadable-attribute-not-working-tf3781575.html#a10694472 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat-dbcp from Maven
The tomcat-dbcp library doesn't seem to be available from the Maven repository for Tomcat at http://tomcat.apache.org/dev/dist/m2-repository or repo1.maven.org...am I just missing another maven repository that I should be looking at, or must I manually install this JAR into my own local repository? Also, when will the latest version of the JARs (later than 6.0.10) be uploaded to the repository at http://tomcat.apache.org/dev/dist/m2-repository - what's the process for deciding when it's appropriate to upload Tomcat releases to the Maven repositories for Tomcat? Thanks. -- View this message in context: http://www.nabble.com/tomcat-dbcp-from-Maven-tf3782721.html#a10697671 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Reloadable attribute not working
There's no folders under CATALINA_BASE/conf, but I have a guess as to what's going on and perhaps you could comment. I'm using the invoker servlet - could that be a reason, or does it have nothing to do with this? Also, could it be why no .java and .class files are generated in my work directory? What other effects might one expect using the invoker servlet? Caldarale, Charles R wrote: From: lightbulb432 [mailto:[EMAIL PROTECTED] Subject: Reloadable attribute not working I am using Tomcat 6 and have set reloadable to true in context.xml in my META-INF/context.xml file. Does a conf/Catalina/[host]/[appname].xml file exist? (I don't actually know if embedded uses a conf directory.) Such a file would override the one in META-INF/context.xml in a non-embedded Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Reloadable-attribute-not-working-tf3781575.html#a10698303 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
What changes require a redeploy?
I noticed that in my exploded WAR file, if I make changes to a Facelet (similar to JSP) or stylesheet while Tomcat is running, I see the change when I navigate to that page in my browser. What changes are automatically picked up, and what requires a redeploy? Things include changes to the server's web.xml, server.xml, libraries, and the context's web.xml, faces-config.xml, Java classes, etc. Could somebody please describe what the mechanism going on here is, that allows for immediate updating in some cases but not others? Thanks. -- View this message in context: http://www.nabble.com/What-changes-require-a-redeploy--tf3764471.html#a10641404 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What changes require a redeploy?
Thanks again for your thorough answer. Do contexts that are deployed as exploded (as opposed to archived) WARs not produce a work folder then? I deploy with exploded WARs and don't see a work folder anywhere, but I'm not sure whether that's how it's supposed to be - it could be somewhere but I just don't know where to find it, as my folder structure (Tomcat home, Tomcat base, application files, etc) is all over my filesystem. Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lightbulb, lightbulb432 wrote: When you mention the configuration to automatically reload the context, do you mean WatchedResource? If you set reloadable to true in the context configuration, that should take care of WEB-INF/lib and WEB-INF/classes, and they don't need to be specified in WatchedResource - is this correct? I think these resources are automatically watched. You can certainly configure others. The default context.xml file (at least, I /think/ it's the default) found in $TOMCAT_HOME/conf/context.xml in my TC 5.5.23 specifies WEB-INF/web.xml file as a watched resource, but does not mention the lib or classes directories. Let me amend my earlier statement about TC's reloading of the context when a class changes: TC will only trigger a context reload when a class that has /already been loaded/ is changed. I believe that if you replace an as-yet-unused class with a newer version, TC does nothing. You could think about it like TC adding a WatchedResource for every class file it ever has to load. Note that this is completely the opposite of what you were originally asking about: re-loading a specific resource without re-loading the entire context (a la JSP). Also, for static content like stylesheets that are within the WAR, a change to the stylesheet was immediately viewable in the browser - I found that surprising. Does Tomcat not do something like caching its static content and resources so that even if you change a file, that change isn't represented in the work folder? I don't believe Tomcat does any significant static content caching in its default configuration. I'm sure you can configure it to do some caching, though I'm not sure how useful that is. Reading bytes off the disk is pretty fast. The reason Tomcat caches class files (really it's Java that is keeping those in memory) is that re-loading a class is time consuming. Same thing with JSPs... compilation is a time-consuming process, and so re-loading a JSP for every request would be silly. Changes to JSP source files typically trigger a re-load of that particular JSP /only/. This is mainly a benefit to developers so that a .jsp file change doesn't require a re-load of the entire context. Context loading and configuration is time-consuming and should be avoided in production whenever possible. (I thought the concept of a work folder was essentially a cache... - if not, what is its purpose?) The work folder basically contains just the exploded WAR file. A WAR file is compressed using ZIP-style compression. Reading things out of a WAR file is time-consuming since the file must be opened, decompressed (to a certain extent), the TOC needs to be read, the target data located, then loaded and decompressed, etc. It's much faster to rely on the filesystem to locate files by path and then serve the bytes directly. You can (I think) avoid the work directory entirely by specifying unpackWARs=false in your Host configuration. I think this will serve only to slow down your webapp (but save some disk space, I suppose). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGS0s19CaO5/Lv0PARAq2iAJ0R+79ChlAcz4IH76VqKvTvG57gBQCfYNxa 99rxk/iAN4TsCIm7RLTpIpQ= =QR8a -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/What-changes-require-a-redeploy--tf3764471.html#a10652074 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: What changes require a redeploy?
Thanks for your thorough answer. What should be considered when making a decision between running with unpackWARs to true (running out of the exploded WAR in appBase) or false (forcing it to run out of the work directory)? What are the tradeoffs or considerations, in terms of performance, maintenance, etc? In either case a work directory is still generated, right? - So what's the advantage to setting unpackWARs to true in a production environment? Caldarale, Charles R wrote: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: What changes require a redeploy? I think these resources are automatically watched. You can certainly configure others. This is dependent on the reloadable attribute of the Context element; the lib and classes directories are monitored only if the value is true, which is not the default. Note that setting it to true results in measurable overhead. You could think about it like TC adding a WatchedResource for every class file it ever has to load. Again, only if reloadable is true for the Context. I don't believe Tomcat does any significant static content caching in its default configuration. This is a function of the DefaultServlet. It does do some caching, but this can be overridden by the browser. Look at the serveResource() method in org/apache/catalina/servlets/DefaultServlet.java. I'm sure you can configure it to do some caching I'm not aware of any config params for that, nor did a quick scan of the code reveal any (doesn't mean they're not hiding somewhere). The reason Tomcat caches class files (really it's Java that is keeping those in memory) is that re-loading a class is time consuming. The real reason is that classes have state, and so cannot be safely changed without removing all references to both the classes and instantiated objects. Also, some JVMs load .jar files into memory, and won't notice that you've updated the one on disk. The work folder basically contains just the exploded WAR file. Only when unpacking the WAR is inhibited by Host or Context attributes or the .war is deployed in some location other than the Host's appBase directory; by default, a .war in appBase is unpacked into the appBase directory. You can (I think) avoid the work directory entirely by specifying unpackWARs=false in your Host configuration. No, this forces use of the work directory; setting unpackWARs to true allows the unpacking to occur in the appBase directory. Nothing is run directly out of a .war file. The work directory is also used to hold translated and compiled JSPs and serialized sessions. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/What-changes-require-a-redeploy--tf3764471.html#a10653201 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and Maven2
I looked at the embedded distribution, and can't tell what JARs are required for a basic Bootstrap embedded setup. In the lib folder there are 16 JARs...are they all required? At the following link I can't tell whether there's one Maven project that is the one I'm looking for, or whether I'll have to specify many different artifacts as dependencies (i.e. is there one artifact that lists as its own dependencies everything that's needed for an embedded distribution?) http://repo1.maven.org/maven2/tomcat/ David Smith-2 wrote: This is partially going to depend on what feature you use (or don't use). I would download the embedded tomcat .zip and take a look at the jars provided in server/lib, common/lib and bin directories. --David lightbulb432 wrote: I'd like to use Tomcat for in-place development, which can be done by using the Tomcat JARs itself. Of course the scope dependency would be something like provided for when the app is actually deployed, but for the purposes of development what JARs are needed to run an embedded bootstrap Tomcat? Thanks. David Smith-2 wrote: Could you post more details? Most Maven project only ever need the servlet api (and optionally jsp api) declared in dependencies as: dependency groupIdjavax.servlet/groupId artifactIdservlet-api/artifactId version2.4/version scopeprovided/scope /dependency dependency groupIdjavax.servlet/groupId artifactIdjsp-api/artifactId version2.0/version scopeprovided/scope /dependency I can't imagine a need for tomcat specific jars in any project. --David lightbulb432 wrote: I'd like to obtain Tomcat JARs using Maven, but I don't know which of its JARs from the following URL are required: http://tomcat.apache.org/dev/dist/m2-repository/org/apache/tomcat/ Which of those JARs are required for Tomcat? Could somebody who uses Maven with Tomcat comment on how they use it for obtaining Tomcat JARs? Thanks. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- David Smith Network Operations Supervisor Department of Entomology Cornell University 2132 Comstock Hall Ithaca, NY 14853 Phone: (607) 255-9571 Fax: (607) 255-0940 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Which-Tomcat-JARs-are-required--tf3716344.html#a10607347 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat 6
Thanks for your response. How can I get Tomcat running from my Java code, now that bootstrap.jar is not in the Tomcat distribution for 6? I'm used to the pre-Tomcat 6 API of the Bootstrap class...has this changed in the latest version? (Bootstrap isn't available in any of Tomcat 6's JARs.) Could somebody point me to the documentation that explains how to take advantage of this with Tomcat 6? Bill Barker-2 wrote: lightbulb432 [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Why is there no embedded Tomcat download for Tomcat 6, while there is for Tomcat 5.5? In TC 6 (at least with the default configuration) there really isn't much difference between embedded and regular TC (except, of course for the bootstrap.jar in regular TC). What's the difference between regular and embedded Tomcat, in terms of functionality and what the distributions come with? Regular TC is configured using server.xml, and embedded is configured using your Java/JMX code. -- View this message in context: http://www.nabble.com/Embedded-Tomcat-6-tf3736013.html#a10457545 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Embedded-Tomcat-6-tf3736013.html#a10616561 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded Tomcat 6
Why is there no embedded Tomcat download for Tomcat 6, while there is for Tomcat 5.5? What's the difference between regular and embedded Tomcat, in terms of functionality and what the distributions come with? -- View this message in context: http://www.nabble.com/Embedded-Tomcat-6-tf3736013.html#a10457545 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Seamless transition between application updates
You describe a good solution. Is there a way to have multiple versions of an application on one server, as opposed to having to divide up versions of the application per server? I ask because if your users tend to have long sessions, then in the Tomcat cluster you'd like to disable you could be waiting hours for all those sessions to die, in which case you're wasting hardware and overburdening the version of the server with your new application. I'm hoping there's a way to do this... Thanks. Tim Lucia wrote: At my company, we have a weekly application update. Sometimes it is more frequent than that. We have Apache/httpd + mod_jk and three clustered Tomcats. Updating the Tomcats one at a time causes no loss of service as the other two pick up. Of course we do this during the periods of lowest usage, and you cannot get away with incompatible session attribute changes. I have an ant deploy rule which iterates over a list of Tomcat hosts and undeploys-the-old/deploys-the-new using the Tomcat manager / deploy tasks. One alternative is to use mod_jk (or load balancer / traffic router of your choice) to partition the Tomcats in to 2 clusters: TC1 and TC2 TC1 has V2.0.5 of /yourapp TC2 has V2.0.6 of /yourapp Enable/start the workers on TC2 Disable each worker on TC1 and wait for the count to go to zero Upgrade TC1 to V2.0.7 of /yourapp Move traffic from TC2 to TC1 I've tested the latter and it worked during testing, but we've not had sufficient need to make use of it in production. HTH, Tim -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Thursday, April 26, 2007 1:03 AM To: users@tomcat.apache.org Subject: Seamless transition between application updates What are the strategies you might use to update an application running on multiple Tomcat instances (clustered with Apache mod_jk) with a seamless transition for somebody who's using the application at the time the application is redeployed? I've always wondered how web applications that cannot afford downtime do it. In my naive understanding I'd simply shut off all servers, redeploy the updated applications, then turn all the servers back on. In this case, it's pretty straightforward to understand what would happen. However, users would experience downtime (or at least a non-seamless transition). In environments that have requirements not to make users relogin everytime a change is made, how would applications that provide smaller, more frequent updates survive? How would you go about doing this, specifically, in a clustered Tomcat environment? What things should I keep in mind when figuring out how to best do this? Problems that I foresee include someone who's POSTing from his current page to a just-updated version of a servlet on Tomcat...in this case, what the user expects to happen might not be what is expected, due to the servlet update. In the best case the user has to relogin due to an error. In the worst case the operation goes through successfully but modifies the data in some unexpected way. Your insight on this matter is greatly appreciated. -- View this message in context: http://www.nabble.com/Seamless-transition- between-application-updates-tf3649567.html#a10194118 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Seamless-transition-between-application-updates-tf3649567.html#a10434931 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Multiple Tomcat 6 instances with catalina.base
What can I do to get multiple Tomcat instances running under Tomcat 6? I've installed Tomcat, set CATALINA_HOME environment variable, and in my startup script I say the following: startup -Dcatalina.base=pathToBaseDir Right now the baseDir that I point to in the startup script is completely empty. I was hoping that Tomcat would populate it with some defaults, but I guess not. What do I need to copy over - the following, or any more/less? - conf - logs - temp - webapp - work Also, when I execute the startup script as mentioned before, the logs in CATALINA_HOME are populated and the server starts up successfully, regardless of the fact that I told it to use another catalina.base. Shouldn't it be giving an error rather than silently reverting to the CATALINA_HOME files? -- View this message in context: http://www.nabble.com/Multiple-Tomcat-6-instances-with-catalina.base-tf3725226.html#a10425155 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Context Descriptors
The following regarding Context Descriptors is in the documentation for Tomcat 6. I'm wondering why the included contexts such as /examples, /docs, /host-manager, and ROOT (/) don't have Context Descriptors generated as described below. The locations for Context Descriptors are; $CATALINA_HOME/conf/[enginename]/[hostname]/context.xml $CATALINA_HOME/webapps/[webappname]/META-INF/context.xml If a Context Descriptor is not provided for a Context, Tomcat automatically creates one and places it in (1) with a filename of [webappname].xml although if manually created, the filename need not match the web application name as Tomcat is concerned only with the Context configuration contained within the Context Descriptor file(s). The only one that I see one for is /manager, which leads to my next question. Why, under /manager, do I see the following in /manager/manager.xml: Context docBase=${catalina.home}/server/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false !-- Link to the user database we will get roles from -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context And the following in /manager/META-INF/context.xml? Why the presence of two context descriptors? Context antiResourceLocking=false privileged=true / And finally, why do I see the docBase as ${catalina.home}/server/webapps/manager in the previous manager.xml, when the default Tomcat 6 installation doesn't even have a server directory? What confuses me is how it still works even when that directory isn't there or created. -- View this message in context: http://www.nabble.com/Context-Descriptors-tf3725427.html#a10425763 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Which Tomcat JARs are required?
I'd like to obtain Tomcat JARs using Maven, but I don't know which of its JARs from the following URL are required: http://tomcat.apache.org/dev/dist/m2-repository/org/apache/tomcat/ Which of those JARs are required for Tomcat? Could somebody who uses Maven with Tomcat comment on how they use it for obtaining Tomcat JARs? Thanks. -- View this message in context: http://www.nabble.com/Which-Tomcat-JARs-are-required--tf3716344.html#a10396273 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Which Tomcat JARs are required?
I'd like to use Tomcat for in-place development, which can be done by using the Tomcat JARs itself. Of course the scope dependency would be something like provided for when the app is actually deployed, but for the purposes of development what JARs are needed to run an embedded bootstrap Tomcat? Thanks. David Smith-2 wrote: Could you post more details? Most Maven project only ever need the servlet api (and optionally jsp api) declared in dependencies as: dependency groupIdjavax.servlet/groupId artifactIdservlet-api/artifactId version2.4/version scopeprovided/scope /dependency dependency groupIdjavax.servlet/groupId artifactIdjsp-api/artifactId version2.0/version scopeprovided/scope /dependency I can't imagine a need for tomcat specific jars in any project. --David lightbulb432 wrote: I'd like to obtain Tomcat JARs using Maven, but I don't know which of its JARs from the following URL are required: http://tomcat.apache.org/dev/dist/m2-repository/org/apache/tomcat/ Which of those JARs are required for Tomcat? Could somebody who uses Maven with Tomcat comment on how they use it for obtaining Tomcat JARs? Thanks. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Which-Tomcat-JARs-are-required--tf3716344.html#a10397688 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Application auto-redeploy
How can I tell Tomcat to automatically redeploy an application when any file within it is updated? I realize that this happens for new WARs or JSP updates without needing an application redeploy. But what I'm asking is if I update a Java class file within an application's folder, how can I tell Tomcat to undeploy that application and redeploy that application, rather than having to do these steps manually? Thanks. -- View this message in context: http://www.nabble.com/Application-auto-redeploy-tf3716809.html#a10397770 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Keep session alive
Is it possible for a Tomcat session keep the session alive for a certain period of time (say, 2 hours), but remove all objects within it after a default period of time (like half an hour)? This way the user doesn't have to re-login as per your usual session timeout but their session state doesn't eat up Tomcat memory. -- View this message in context: http://www.nabble.com/Keep-session-alive-tf3662662.html#a10234242 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Keep session alive
What would the cookie store? Username and password, just username, or something else? How can this be done in such a way as to prevent the user from changing the value within the cookie? Could you elaborate on what you meant by sessions not working when the browser caches a page? If a user submits a form in a cached page, wouldn't they still be directed to their same session on the server? (Whether the session ID is stored in URL, cookie, or hidden form field.) Thanks. Rashmi Rubdi-2 wrote: On 4/28/07, lightbulb432 [EMAIL PROTECTED] wrote: Is it possible for a Tomcat session keep the session alive for a certain period of time (say, 2 hours), The session timeout interval is adjustable, see session-config under conf/web.xml Max inactive interval can also be specified in HttpSession object, with setMaxInactiveInterval(int interval) Additionally HttpSessionListener captures the event when the session is about to be invalidated -- according to JavaEE 5 API. but remove all objects within it after a default period of time (like half an hour)? This way the user doesn't have to re-login as per your usual session timeout but their session state doesn't eat up Tomcat memory. I would consider setting a Cookie instead of storing login info in HttpSession in this case. One drawback with sessions is that, a session will not work if the web page gets cached by the browser. So, in order to keep the session alive, it is also important to prevent the caching of a page. -Regards Rashmi - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Keep-session-alive-tf3662662.html#a10234725 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Measurement and monitoring
A lot of industry-standard measurement and monitoring tools/applications seem, from my uninformed perspective, to not integrate with Java but rather things like PHP, Perl, etc. As I’m sure some of you manage large web applications that require such measurement and monitoring, how do you go about doing so from Tomcat? Examples of pieces of software include RRDTool, in particular. How might you use such programs and things built on top of it from within a Java/Tomcat environment? Is it possible? Thanks. -- View this message in context: http://www.nabble.com/Measurement-and-monitoring-tf3653083.html#a10205159 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Seamless transition between application updates
What are the strategies you might use to update an application running on multiple Tomcat instances (clustered with Apache mod_jk) with a seamless transition for somebody who's using the application at the time the application is redeployed? I've always wondered how web applications that cannot afford downtime do it. In my naive understanding I'd simply shut off all servers, redeploy the updated applications, then turn all the servers back on. In this case, it's pretty straightforward to understand what would happen. However, users would experience downtime (or at least a non-seamless transition). In environments that have requirements not to make users relogin everytime a change is made, how would applications that provide smaller, more frequent updates survive? How would you go about doing this, specifically, in a clustered Tomcat environment? What things should I keep in mind when figuring out how to best do this? Problems that I foresee include someone who's POSTing from his current page to a just-updated version of a servlet on Tomcat...in this case, what the user expects to happen might not be what is expected, due to the servlet update. In the best case the user has to relogin due to an error. In the worst case the operation goes through successfully but modifies the data in some unexpected way. Your insight on this matter is greatly appreciated. -- View this message in context: http://www.nabble.com/Seamless-transition-between-application-updates-tf3649567.html#a10194118 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Sticky sessions not changing servers
I realize that sticky sessions always send requests from the same session to the same Tomcat instance. However, if my sample application isn't using a session (i.e. no cookies, URL rewriting, or hidden form fields), wouldn't every request be seen as a new session and distributed among Tomcats on a per-request basis (because in this case a session only lasts one request from the point of view of the servers). Of course once I've enabled some sort of session handling, then I'd expect to see the behavior I see now. Correct me if I've misunderstood, but this is why I believe I'm not seeing expected behavior and am likely doing something wrong. Also, how might I view the load balancing of different sessions in action? I've cleared cookies and opened up a new browser window (even though I don't think it's necessary in this case because I'm not using sessions), but it still goes back to the same server. Any thoughts? Thanks. Tim Lucia wrote: Sticky sessions means exactly that. Stick the session to a particular tomcat. If you shut down that tomcat, it should fail over to the other tomcat(s) if you have properly set up your cluster. If you use synchronous replication you don't need sticky sessions as all tomcats should have the session updates before the response is sent. Tim -Original Message- From: lightbulb432 [mailto:[EMAIL PROTECTED] Sent: Saturday, April 21, 2007 5:49 PM To: users@tomcat.apache.org Subject: Sticky sessions not changing servers I've configured mod_jk and have sticky sessions, but every request is going to the exact same Tomcat instance and not the other instance. I've tried setting the loadbalancer method to both Request and Busyness, but they both do the same thing. It works as expected when sticky sessions are disabled. Does this have to do with the fact that my Tomcat WAR isn't doing anything with cookies? Really the WAR in each Tomcat instance only has static pages and images, not really any dynamic stuff going on. Nonetheless, why am I not seeing even split in the jkstatus page of the sticky session requests when I create a new request? For example, if I open up a new browser window and delete browser cookies and make the same request, it still goes to the same instance. How else can I tell my setup that it's a new session that shouldn't remain sticky to the previous Tomcat instance? Thanks a lot. -- View this message in context: http://www.nabble.com/Sticky-sessions-not- changing-servers-tf3624620.html#a10121415 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Sticky-sessions-not-changing-servers-tf3624620.html#a10127879 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Sticky sessions not changing servers
I've configured mod_jk and have sticky sessions, but every request is going to the exact same Tomcat instance and not the other instance. I've tried setting the loadbalancer method to both Request and Busyness, but they both do the same thing. It works as expected when sticky sessions are disabled. Does this have to do with the fact that my Tomcat WAR isn't doing anything with cookies? Really the WAR in each Tomcat instance only has static pages and images, not really any dynamic stuff going on. Nonetheless, why am I not seeing even split in the jkstatus page of the sticky session requests when I create a new request? For example, if I open up a new browser window and delete browser cookies and make the same request, it still goes to the same instance. How else can I tell my setup that it's a new session that shouldn't remain sticky to the previous Tomcat instance? Thanks a lot. -- View this message in context: http://www.nabble.com/Sticky-sessions-not-changing-servers-tf3624620.html#a10121415 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Trailing slash added
I want to get rid of the trailing slash for style issues (really a small concern) and also to learn about customization within Tomcat as well as URL rewriting. Regarding URL rewriting, did you mean the following? rule noteTesting trailing slash./note from(.*)//from to$1/to /rule Perhaps that works rather than a to value of (.*) Are you sure about what you said: URL Rewriting will not help in eliminating the trailing slash because it's the browser that does the URL translation. The way I interpreted Len's comments were that it's the server that does the URL creation/translation, and the browser that does URL resolution...two different concepts... Rashmi Rubdi wrote: Could you explain to us, why you want to get rid of the trailing slash ? Could anyone please expand a little more on what's meant by the two statements below? Len Popp wrote: It doesn't matter if it's done by URLRewriteFilter or some other method because it's the browser that interprets the relative URLs, not the server. URLRewriteFilter is an application that allows you to rewrite URLs, that means, for example if you have a URL like http://localhost:8080/page.jsp?param1=499amp;param2=333 , with URL rewriting you can represent it anyway you want with a regular expession pattern that means you can represent it like this http://localhost:8080/page/499/333/ , or any other pattern. But what Len is saying (and I verified that he's right), is that URL Rewriting will not help in eliminating the trailing slash because it's the browser that does the URL translation. I tried URL rewriting with this pattern to test your case: rule noteTesting trailing slash./note from(.*)//from to(.*)/to /rule When I tried http://localhost:8080 , instead of http://localhost:8080/ it didn't work, just showed a blank screen. I had to delete the URL rewriting rule, only after that it worked. If the containing page's URL looks like a file when it's really a directory, the browser will get them wrong. -- Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Trailing-slash-added-tf2970832.html#a8413297 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Trailing slash added
Could anyone please expand a little more on what's meant by the two statements below? Len Popp wrote: It doesn't matter if it's done by URLRewriteFilter or some other method because it's the browser that interprets the relative URLs, not the server. If the containing page's URL looks like a file when it's really a directory, the browser will get them wrong. -- View this message in context: http://www.nabble.com/Trailing-slash-added-tf2970832.html#a8378938 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Trailing slash added
I noticed that Tomcat adds a trailing slash automatically when it detects that the requested resource points to an existing directory. While I know that Apache web server offers plenty of configuration options to control and customize this behavior, I'm unfamiliar with similar customization capability within Tomcat. (Where is this trailing slash behavior specified for Tomcat? Or is it a compiled-in setting function that cannot be changed?) How can I customize this and other Apache-like settings? Is the only option to front Tomcat with Apache? -- View this message in context: http://www.nabble.com/Trailing-slash-added-tf2970832.html#a8312974 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]