Tomcat 5.5.17 JSP Reloading Problem
Hi, I am having a problem with JSP Reloading in Tomcat 5.5.17. It seems any changes I make to the jsp page are not reflected even if I restart the server. I put the context reloadable property to true in context.xml. Even redeployed the page through manager. Deleted the files in the work directory. But still the changes are not reloaded on the jsp page. Please advise if I need to change any properties somewhere. Thanks and Regards Akash.
Re: Tomcat 5.5.17 JSP Reloading Problem
Hi, The default pages that come with tomcat. If you want to change any of them and still get them reloaded. Where are the precompiled jsp for examples stored. Thanks Akash - Original Message - From: "Mark Thomas" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Wednesday, June 14, 2006 1:40 PM Subject: Re: Tomcat 5.5.17 JSP Reloading Problem Akash wrote: > Hi, > > I am having a problem with JSP Reloading in Tomcat 5.5.17. It seems any > changes I make to the jsp page are not reflected even if I restart the > server. I put the context reloadable property to true in context.xml. Even > redeployed the page through manager. Deleted the files in the work > directory. But still the changes are not reloaded on the jsp page. Please > advise if I need to change any properties somewhere. Which JSPs are you trying to edit? Many of those delivered with Tomcat are pre-compiled. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
GZIP support in Tomcat 7
I have following configuration in my server.xml : But still when I am checking for JS/CSS files in browser, the size returned is not less. Can anybody guide as to what I am missing here.
Difference between process kill and shutdown
On our linux boxes, we have multiple users who run tomcat. Currently we are using process kill commands to kill the respective user's tomcat , instead of using shutdown.sh Are there any downsides of using this approach ? Thanks, Akash
Re: Difference between process kill and shutdown
kill -15 On Sun, Mar 2, 2014 at 4:42 AM, Mark Thomas wrote: > On 01/03/2014 12:11, Akash Jain wrote: > > On our linux boxes, we have multiple users who run tomcat. > > > > Currently we are using process kill commands to kill the respective > user's > > tomcat , instead of using shutdown.sh > > Which signal are you sending to shutdown the process? > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat 7 Session Persistence disable not working as expected
As documented in https://tomcat.apache.org/tomcat-5.5-doc/config/manager.html#Disable_Session_Persistence, I added the following code piece to disable session persistence in Tomcat 7. After this change I can see that SESSIONS.ser is not getting created as expected, but even after restarting tomcat, the previous JSESSIONID is still valid. Why is tomcat not invalidating the previous JSESSIONID ?
Re: Tomcat 7 Session Persistence disable not working as expected
Hi Violeta, Its latest version ( 7.0.52 ) On Sun, Mar 9, 2014 at 10:28 PM, Violeta Georgieva wrote: > Hi, > > На понеделник, 10 март 2014 г. Akash Jain > написа: > > As documented in > > > > https://tomcat.apache.org/tomcat-5.5-doc/config/manager.html#Disable_Session_Persistence > , > > I added the following code piece to disable session persistence in > > Tomcat > > 7. > > What is the exact version of Tomcat? > > The correct documentation for Tomcat 7 is [1]. > > Regards, > Violeta > > [1] > > http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html#Disable_Session_Persistence > > > > > > > After this change I can see that SESSIONS.ser is not getting created as > > expected, but even after restarting tomcat, the previous JSESSIONID is > > still valid. Why is tomcat not invalidating the previous JSESSIONID ? > > >
Re: Tomcat 7 Session Persistence disable not working as expected
Christopher, I have changed in server.xml. Below is the server.xml part - WEB-INF/web.xml As indicated above, I write JSESSIONID in "mycookie" cookie. Even after restart, the JSESSIONID is not getting invalidated. Before and after restart of apache, I can keep browsing the site with the same JSESSIONID in cookie.
Exception while running downloaded tomcat
I am getting following error when trying to run tomcat in Mac osx 10.7.5 ( using jdk 1.7 ) Can anybody please guide as to what is wrong ? r 14, 2014 12:04:59 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory /Users/myuser/Downloads/apache-tomcat-7.0.52 2/webapps/docs Mar 14, 2014 12:04:59 AM org.apache.catalina.startup.HostConfig deployDirectory SEVERE: Error deploying web application directory /Users/myuser/Downloads/apache-tomcat-7.0.52 2/webapps/docs java.lang.ExceptionInInitializerError at org.apache.catalina.startup.ContextConfig.createWebXmlDigester(ContextConfig.java:515) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:836) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:382) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:110) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1229) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1875) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: java.lang.NullPointerException at org.apache.tomcat.util.descriptor.DigesterFactory.idFor(DigesterFactory.java:107) at org.apache.tomcat.util.descriptor.DigesterFactory.(DigesterFactory.java:59) ... 18 more Mar 14, 2014 12:04:59 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory /Users/myuser/Downloads/apache-tomcat-7.0.52 2/webapps/examples Mar 14, 2014 12:04:59 AM org.apache.catalina.startup.HostConfig deployDirectory SEVERE: Error deploying web application directory /Users/myuser/Downloads/apache-tomcat-7.0.52 2/webapps/examples java.lang.NoClassDefFoundError: Could not initialize class org.apache.tomcat.util.descriptor.DigesterFactory at org.apache.catalina.startup.ContextConfig.createWebXmlDigester(ContextConfig.java:515) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:836) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:382) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:402) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:110) at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:139) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632) at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1229) at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1875) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Mar 14, 2014 12:04:59 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory /Users/myuser/Downloads/apache-tomcat-7.0.52 2/webapps/host-manager Mar 14, 2014 12:04:59 AM org.apache.catalina.startup.HostConfig deployDirectory SEVERE: Error deploying web application directory /Users/myuser/Downloads/apache-tomcat-7.0.52 2/webapps/host-manager java.lang.NoClassDefFoundError: Could not initialize class org.apache.tomcat.util.descriptor.DigesterFactory at org.apache.catalina.startup.ContextConfig.createWebXmlDigester(ContextConfig.java:515) at org.apache.catalina.startup.ContextConfig.init(ContextConfig.java:836) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:382) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.util.LifecycleBase.setState
Tomcat 7 : Configure redirect url for session timeout
I have following configuration in `web.xml` in tomcat 7. I am wondering if I can add any configurable parameter here, so that if user tries to do any operation post 30 minutes, I redirect the user to our home page. 30 mydomain.mycompany.com true false COOKIE
Re: Tomcat 7 : Configure redirect url for session timeout
Leo, If any request comes after session timeout interval ... why would it go into error ? I want to keep the session timeout and error scenarios different. On Fri, Mar 14, 2014 at 3:34 PM, Leo Donahue wrote: > On Fri, Mar 14, 2014 at 3:04 PM, Akash Jain > wrote: > > > I have following configuration in `web.xml` in tomcat 7. I am wondering > if > > I can add any configurable parameter here, so that if user tries to do > any > > operation post 30 minutes, I redirect the user to our home page. > > > > > > 30 > > > > mydomain.mycompany.com > > true > > false > > > > COOKIE > > > > > > My first thought is you could catch the error in web.xml using an > error-page and error-code 408, and then use a location to redirect? > > > http://tomcat.apache.org/tomcat-7.0-doc/servletapi/javax/servlet/http/HttpServletResponse.html >
Re: Tomcat 7 : Configure redirect url for session timeout
I want to redirect user to / with a query parameter to indicate that session has timed out. On Fri, Mar 14, 2014 at 4:01 PM, Leo Donahue wrote: > >On Fri, Mar 14, 2014 at 3:48 PM, Akash Jain >wrote: > >Leo, > > >If any request comes after session timeout interval ... why would it go > into error ? > > Perhaps because the request/response that was created with a session is no > longer valid after the session timeout. What other option would you have > if not an error-page? >
CSRF protection in Tomcat 7
How can I prevent CSRF protection using Tomcat 7 ? I have heard that tomcat 7 provides CSRF filter http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html But is it thread safe ? Or shall we do a custom protection in our spring 3 application ?
Re: CSRF protection in Tomcat 7
Thanks. Do you know if tomcat 7 inbuilt CSRF has nonce thread safe issue ? On Mon, Mar 24, 2014 at 12:52 PM, Rossen Stoyanchev < rstoyanc...@gopivotal.com> wrote: > Spring Security provides CSRF protection as well: > > http://docs.spring.io/spring-security/site/docs/3.2.2.RELEASE/reference/htmlsingle/#csrf > > > On Mon, Mar 24, 2014 at 3:49 PM, Akash Jain > wrote: > > > How can I prevent CSRF protection using Tomcat 7 ? > > > > I have heard that tomcat 7 provides CSRF filter > > > > > http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html > > > > But is it thread safe ? > > > > Or shall we do a custom protection in our spring 3 application ? > > >
Re: CSRF protection in Tomcat 7
Yes, it uses LinkedHashMap internally which is not thread safe. http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html On Mon, Mar 24, 2014 at 1:09 PM, Daniel Mikusa wrote: > On Mar 24, 2014, at 3:49 PM, Akash Jain wrote: > > > How can I prevent CSRF protection using Tomcat 7 ? > > > > I have heard that tomcat 7 provides CSRF filter > > > http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html > > Yes. The manager application uses it. You could look at the source code, > if you need an example. > > > But is it thread safe ? > > I do not know off the top of my head. Is there a reason that you are > asking? Have you seen something that would indicate that it is not? > > Dan > > > Or shall we do a custom protection in our spring 3 application ? > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: CSRF protection in Tomcat 7
On Mon, Mar 24, 2014 at 1:33 PM, Daniel Mikusa wrote: > On Mar 24, 2014, at 4:24 PM, Akash Jain wrote: > > > Yes, it uses LinkedHashMap internally which is not thread safe. > > > http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html > > First, please don't top post. The convention adopted by this list is to > reply inline or at the bottom. > > I don't see what you mean here. Using LinkedHashMap does not > automatically mean there will be threading issues and the link you've > referenced is not discussing a threading issue. > > Can you explain your concern more? > Version used is 7.0.52 ..its old thread but I want to know if Tomcat's inbuilt CSRF filter is thread safe or not ? As there are other CSRF protection mechanism like spring security's , so if tomcat is good then we need not consider other options. > > Dan > > > > > > > > On Mon, Mar 24, 2014 at 1:09 PM, Daniel Mikusa >wrote: > > > >> On Mar 24, 2014, at 3:49 PM, Akash Jain > wrote: > >> > >>> How can I prevent CSRF protection using Tomcat 7 ? > >>> > >>> I have heard that tomcat 7 provides CSRF filter > >>> > >> > http://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/filters/CsrfPreventionFilter.html > >> > >> Yes. The manager application uses it. You could look at the source > code, > >> if you need an example. > >> > >>> But is it thread safe ? > >> > >> I do not know off the top of my head. Is there a reason that you are > >> asking? Have you seen something that would indicate that it is not? > >> > >> Dan > >> > >>> Or shall we do a custom protection in our spring 3 application ? > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > >> For additional commands, e-mail: users-h...@tomcat.apache.org > >> > >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: CSRF protection in Tomcat 7
On Mon, Mar 24, 2014 at 1:37 PM, Konstantin Kolinko wrote: > 2014-03-25 0:24 GMT+04:00 Akash Jain : > > Yes, it uses LinkedHashMap internally which is not thread safe. > > > http://tomcat.10.x6.nabble.com/CsrfPreventionFilter-LRU-cache-td2113069.html > > > > A 3 years old thread? > > The rules here: > http://tomcat.apache.org/lists.html#tomcat-users > > -> 1. your version = ? > -> 6. don't top-post. > > Version used is 7.0.52 ..its old thread but I want to know if Tomcat's inbuilt CSRF filter is thread safe or not ? As there are other CSRF protection mechanism like spring security's , so if tomcat is good then we need not consider other options. The source code is available (both downloadable and online from svn). > All necessary syncs are there. > > > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/CsrfPreventionFilter.java?annotate=1148471&diff_format=l#l313 > > So you are saying its thread safe as per the diff ? > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat 8 Slow ?
Hi, i recently tried to migrate from tomcat 7.0.53 to 8.0.5 I did some StopWatch ( Spring class) tests to compare the performance impact, and for same configurations, tomcat 8.0.5 showed its slightly slow compared to 7.0.53 Did anyone else also experienced same ? Thanks. Akash
Session fixation & Tomcat 7
Hi, I am trying to resolve session fixation issue with tomcat 7.0.52 We have a Spring MVC application running on it, and the Auth method is provided by another application which writes cookie, and we use the cookie value to check whether the user is valid or not. My application URL patterns are / - Home page /login - Redirect to another application to ask user to authenticate /myaccess/user*** --> All authenticated URL's As I cannot use org.apache.catalina.authenticator.FormAuthenticator here. How can i prevent the session fixation ? Thanks.
Size Based Rolling
HI, How can we make catalina.out and access logs ( AccessLogsValve) roll log based on size instead of daily rolling ? Thanks, Akash
