ConnectionPool question

[Josh Gooding]

I wrote some code on top of the Tomcat's ConnectionPool class.  In regular
Java based programming if I close a ResultSet with connection.close(), this
frees up both the statement and resultset's memory associated with the
connection if it was still open.  If I close a connection with Tomcat's
ConnectionPool, does it also close the statement and resultset's associated
with that particular connection or do I need to manually close them?

I know best practice is to not rely on anything to be closed automatically,
but I inherited a code base and I am looking at making some pretty
significant changes to fix some problems, and this is one of them.

Thanks in advance,

- Josh

Re: ConnectionPool question

[Josh Gooding]

I have been reading it and ALMOST chimed in, but decided to read farther
first.  While I asked a question about it on the sun forums and got slammed
for a class I wrote and posted about why a ConnectionPool would ever have to
implement ServletContextListener.  basically I was told to write in
accordance with what the API's contract is,/ not implementation specific
behaviors.

Thank goodness I archive the tomcat udev / user listing in my Gmail.

The main problem I was having was similar to what he was.  I was able to
solve my problem by the following:

maxActive="-1" maxIdle="5" maxWait="15"
removeAbandoned="true" removeAbandonedTimeout="15"
testWhileIdle="false" timeBetweenEvictionRunsMillis="900"/>

I changed up 4 parameters in the context.xml file.  maxWait,
removeAbandonedTimeout, testWhileIdle, and timeBetweenEvictionRunsMIllis.
The problem was despite me closing the rs's in the program, MySQL & Tomcat
was still seeing the connections as active and would keep them open.

I started by trying to tweak the wait timeout settings in the my.ini file,
but that really caused some jams especially if the connections would
timeout, then for some reason go to become active again, Tomcat would throw
me an error, so changing the settings on MySQL was not the answer.  The
problem was with how Tomcat was handling the time frame for recycling
connections.  I cut the time that tomcat held on to the closed connections
and the problem remarkably went away.  I could also monitor this from the
MySQL Administrator panel in real time when I ran heavy load queries to the
DB.  Now every 15 seconds after a close, the connection is returned to the
pool.  That seems to be about perfect, just long enough to run gc() and
continue on.

It took me about a day to figure out, but I did.

On Fri, Oct 30, 2009 at 12:58 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Josh,
>
> On 10/29/2009 9:17 PM, Josh Gooding wrote:
> > I wrote some code on top of the Tomcat's ConnectionPool class.  In
> regular
> > Java based programming if I close a ResultSet with connection.close(),
> this
> > frees up both the statement and resultset's memory associated with the
> > connection if it was still open.  If I close a connection with Tomcat's
> > ConnectionPool, does it also close the statement and resultset's
> associated
> > with that particular connection or do I need to manually close them?
>
> This is a good question that was partially discussed over the past few
> days (see the thread "DBCP woes (running out of cursors)." for the whole
> sordid mess, but here's a quote from me:
>
> "
> Technically speaking, the JDBC specification requires that calling
> Connection.close() also close any Statement (and therefore ResultSet)
> objects that were opened as well. The lines become blurred a bit when
> you're talking about pooled connections, because Connection.close()
> doesn't really get called... it's a grey area in the spec if you ask me,
> but I'd prefer that a pooled connection act like a non-pooled connection
> in this case, but there's no "recycle" or "reset" method in the
> java.sql.Connection class, and calling Connection.close() on the actual
> connection is not appropriate (since it's pooled) so there may be no way
> to actually implement this mimicry.
> "
>
> > I know best practice is to not rely on anything to be closed
> automatically,
> > but I inherited a code base and I am looking at making some pretty
> > significant changes to fix some problems, and this is one of them.
>
> At the risk of being doubly-self-referential:
> http://blog.christopherschultz.net/?p=68
>
> Fortunately, clean JDBC code doesn't need to be all that messy (uh...
> right).
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrqcmgACgkQ9CaO5/Lv0PBc/QCdHPc6AFdcLPhxYDU6hpL+mFEP
> s9gAoJJznfRIoDhFPvm98R8Q9kx6n7Tr
> =puM5
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: ConnectionPool question

[Josh Gooding]

AHH, I will read the API for the StatementFinalizer.  I was looking at
something to do that.  Thank you Filip!

On Fri, Oct 30, 2009 at 9:53 AM, Filip Hanik - Dev Lists  wrote:

> hi Josh, calling Connection.close() does not close statements and
> resultsets.
> There is an interceptor you can configure called StatementFinalizer that
> does exactly that during the close call.
>
> Filip
>
>
>
> On 10/29/2009 07:17 PM, Josh Gooding wrote:
>
>> I wrote some code on top of the Tomcat's ConnectionPool class.  In regular
>> Java based programming if I close a ResultSet with connection.close(),
>> this
>> frees up both the statement and resultset's memory associated with the
>> connection if it was still open.  If I close a connection with Tomcat's
>> ConnectionPool, does it also close the statement and resultset's
>> associated
>> with that particular connection or do I need to manually close them?
>>
>> I know best practice is to not rely on anything to be closed
>> automatically,
>> but I inherited a code base and I am looking at making some pretty
>> significant changes to fix some problems, and this is one of them.
>>
>> Thanks in advance,
>>
>> - Josh
>>
>>
>>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: ConnectionPool question

[Josh Gooding]

Hey what API holds the statementFinalizer?

On Fri, Oct 30, 2009 at 9:57 AM, Josh Gooding wrote:

> AHH, I will read the API for the StatementFinalizer.  I was looking at
> something to do that.  Thank you Filip!
>
>
> On Fri, Oct 30, 2009 at 9:53 AM, Filip Hanik - Dev Lists <
> devli...@hanik.com> wrote:
>
>> hi Josh, calling Connection.close() does not close statements and
>> resultsets.
>> There is an interceptor you can configure called StatementFinalizer that
>> does exactly that during the close call.
>>
>> Filip
>>
>>
>>
>> On 10/29/2009 07:17 PM, Josh Gooding wrote:
>>
>>> I wrote some code on top of the Tomcat's ConnectionPool class.  In
>>> regular
>>> Java based programming if I close a ResultSet with connection.close(),
>>> this
>>> frees up both the statement and resultset's memory associated with the
>>> connection if it was still open.  If I close a connection with Tomcat's
>>> ConnectionPool, does it also close the statement and resultset's
>>> associated
>>> with that particular connection or do I need to manually close them?
>>>
>>> I know best practice is to not rely on anything to be closed
>>> automatically,
>>> but I inherited a code base and I am looking at making some pretty
>>> significant changes to fix some problems, and this is one of them.
>>>
>>> Thanks in advance,
>>>
>>> - Josh
>>>
>>>
>>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: ConnectionPool question

[Josh Gooding]

On Fri, Oct 30, 2009 at 11:33 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

>
> Heh. Obviously, someone hasn't worked in the real world. Did he realize
> that writing to the contract in this case could potentially bring-down
> the database server?
>
>
Eh, I just let it go.  I'm beyond the fact that I know the code I wrote and
inherited is wacked.  It's not worth starting an internet flame war,
especially over a programming topic on the sun board.  I respect the other
people on there too much to make the guy look like an. well we all get
the point.


> > Thank goodness I archive the tomcat udev / user listing in my Gmail.
>
> You can always search the archives on markmail, too. There's no need to
> keep your own archive.
>

I don't "actively" archive them, I have them auto sorted and split into
categories.  I have 7GB+ of storage, so all of my Tomcat / PHP / C++ / etc
mails are all sent to different folders and marked accordingly.  I knew
about markmail,


>
> > The main problem I was having was similar to what he was.  I was able to
> > solve my problem by the following:
> >
> > maxActive="-1" maxIdle="5" maxWait="15"
> > removeAbandoned="true" removeAbandonedTimeout="15"
> > testWhileIdle="false" timeBetweenEvictionRunsMillis="900"/>
>
> 900ms is a /very/ short time for an eviction run. Given that you have a
> 15-second timeout, I would probably make your eviction runs somewhere in
> that range rather than in the sub-second range. Do you really want your
> DataSource waking up every second to check all the connections?
>

OOPS, good catch, should have been 54000ms (15 sec) I forgot to x by another
60 in there.


>
> > I changed up 4 parameters in the context.xml file.  maxWait,
> > removeAbandonedTimeout, testWhileIdle, and timeBetweenEvictionRunsMIllis.
> > The problem was despite me closing the rs's in the program, MySQL &
> Tomcat
> > was still seeing the connections as active and would keep them open.
>
> Well, you have to close all your resources, not just ResultSets. Closing
> a ResultSet does not close the connection (nor does it return it to the
> pool, which may have been your whole problem).
>
> > I started by trying to tweak the wait timeout settings in the my.ini
> file,
> > but that really caused some jams especially if the connections would
> > timeout, then for some reason go to become active again, Tomcat would
> throw
> > me an error, so changing the settings on MySQL was not the answer.
>
> You really ought to use validationQuery="/* ping */ SELECT 1" as well.
> Any connection that has been closed while sitting in the pool will be
> re-checked before it's given-out to the caller. That means that you
> shouldn't get connection exceptions being thrown when this kind of thing
> happens.
>

I need to look into this to see how I need to implement it.  (there is a
nice example down lower in this "thread")


>
> > The
> > problem was with how Tomcat was handling the time frame for recycling
> > connections.  I cut the time that tomcat held on to the closed
> connections
> > and the problem remarkably went away.  I could also monitor this from the
> > MySQL Administrator panel in real time when I ran heavy load queries to
> the
> > DB.  Now every 15 seconds after a close, the connection is returned to
> the
> > pool.  That seems to be about perfect, just long enough to run gc() and
> > continue on.
>
> Heh. I highly recommend reviewing you code: abandoned expirations and
> evictions can get you by in a pinch, but it's no way to live long-term.
> Fix your resource leaks and your server(s) will thank you by increasing
> their throughput.
>

Oh this code BLEEDS resources.  The only semi annoyance is that the methods
that get RS's are usually returned like:
return
ConnectionPool.getConnection().createStatement().executeQuery(sqlCode);

This is not bad, but there is NO PLACE in the code that actively closes all
of the resources.  Sometimes the code is LUCKY to have a call that is to
rs.close(); but I am more than positive that there is no statement /
connection closing going on. The hardest part is that everything is mixed
into the presentation layer.  I'll fix the DAO first, then move to more
back-end fixing.  Thanks for the 411 about the StatementFinalize and the
Millis timeout.  The millis has been changed to 54000 (15 seconds), and I'll
look up more info about the StatementFinalize and the validationQuery.

This biggest problem I'm having is that I'm the only coder in a .NET shop
(they all run IIS and code in .NET only) and no one has experience with TC
except me.  Honestly if it wasn't for this list and the sun forums, I'd be
sunk on most things Tomcat / java wise.  This list with the members have
been an invaluable asset to my learning Tomcat.



>
> Good luck,
> - -chris
>

Thanks, Josh

Re: ConnectionPool question

[Josh Gooding]

eptor.StatementFinalizer");
>DataSource datasource = new DataSource();
>datasource.setPoolProperties(p);
>
>Connection con = null;
>try {
>  con = datasource.getConnection();
>  Statement st = con.createStatement();
>  ResultSet rs = st.executeQuery("select * from user");
>  int cnt = 1;
>  while (rs.next()) {
>  System.out.println((cnt++)+". Host:"
> +rs.getString("Host")+
>" User:"+rs.getString("User")+"
> Password:"+rs.getString("Password"));
>  }
>  rs.close();
>  st.close();
>} finally {
>  if (con!=null) try {con.close();}catch (Exception ignore)
> {}
>
>}
>}
>
>}
>
>
> On 10/30/2009 09:54 AM, Filip Hanik - Dev Lists wrote:
>
>>
>>
>> http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/interceptor/StatementFinalizer.java?view=log
>>
>> Filip
>>
>> On 10/30/2009 08:34 AM, Josh Gooding wrote:
>>
>>> Hey what API holds the statementFinalizer?
>>>
>>> On Fri, Oct 30, 2009 at 9:57 AM, Josh Gooding>> >wrote:
>>>
>>>  AHH, I will read the API for the StatementFinalizer.  I was looking
>>>> at
>>>> something to do that.  Thank you Filip!
>>>>
>>>>
>>>> On Fri, Oct 30, 2009 at 9:53 AM, Filip Hanik - Dev Lists<
>>>> devli...@hanik.com>  wrote:
>>>>
>>>>  hi Josh, calling Connection.close() does not close statements and
>>>>> resultsets.
>>>>> There is an interceptor you can configure called StatementFinalizer
>>>>> that
>>>>> does exactly that during the close call.
>>>>>
>>>>> Filip
>>>>>
>>>>>
>>>>>
>>>>> On 10/29/2009 07:17 PM, Josh Gooding wrote:
>>>>>
>>>>>  I wrote some code on top of the Tomcat's ConnectionPool class.  In
>>>>>> regular
>>>>>> Java based programming if I close a ResultSet with connection.close(),
>>>>>> this
>>>>>> frees up both the statement and resultset's memory associated with the
>>>>>> connection if it was still open.  If I close a connection with
>>>>>> Tomcat's
>>>>>> ConnectionPool, does it also close the statement and resultset's
>>>>>> associated
>>>>>> with that particular connection or do I need to manually close them?
>>>>>>
>>>>>> I know best practice is to not rely on anything to be closed
>>>>>> automatically,
>>>>>> but I inherited a code base and I am looking at making some pretty
>>>>>> significant changes to fix some problems, and this is one of them.
>>>>>>
>>>>>> Thanks in advance,
>>>>>>
>>>>>> - Josh
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> -
>>>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>>>
>>>>>
>>>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: ConnectionPool question

[Josh Gooding]

I also found this tid bit lying around.  It get's a connection, but doesn't
close the statement.

public static void closeResources(ResultSet rs) throws
AardvarkResourceException {
try {
Statement s = rs.getStatement();
if (s != null) { // ResultSets produced by metadata queries do
not have associated statements
Connection c = s.getConnection();
//s.close();
//c.close();
ConnectionPool.recycleConnection(c);
}
rs.close();
} catch (SQLException e) {
throw new AardvarkResourceException("Error closing resources
associated with ResultSet", e);
}
}

It still doesn't close the statement, but closes the connection leaving the
statement hanging I'll fix and make sure to use it.

Re: ConnectionPool question

[Josh Gooding]

Hey Filip, I do not have /jdbc/pool/DataSourceFactory in my
tomcat-dbcp.jar.  Is there some other place I should look?

My jar's structure goes as:

org/apache/tomcat/

dbcp
jocl
pool

Under the dbcp I have a DataSourceConnectionFactory.class (which I am making
an assumption that is what it is.)

On Fri, Oct 30, 2009 at 12:12 PM, Filip Hanik - Dev Lists <
devli...@hanik.com> wrote:

> look at jdbc-pool.html it has all the info, here are examples out of it
>
> Configuration
>
>
>   auth="Container"
>  type="javax.sql.DataSource"
>  factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
>  testWhileIdle="true"
>  testOnBorrow="true"
>  testOnReturn="false"
>  validationQuery="SELECT 1"
>  validationInterval="3"
>  timeBetweenEvictionRunsMillis="3"
>  maxActive="100"
>  minIdle="10"
>  maxWait="1"
>  initialSize="10"
>  removeAbandonedTimeout="60"
>  removeAbandoned="true"
>  logAbandoned="true"
>  minEvictableIdleTimeMillis="3"
>  jmxEnabled="true"
>  jdbcInterceptors=
>
> "org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer"
>  username="root"
>  password="password"
>  driverClassName="com.mysql.jdbc.Driver"
>  url="jdbc:mysql://localhost:3306/mysql"/>
>
>
>
>
> Code:
>
> import java.sql.Connection;
>import java.sql.ResultSet;
>import java.sql.Statement;
>
>import org.apache.tomcat.jdbc.pool.DataSource;
>import org.apache.tomcat.jdbc.pool.PoolProperties;
>
>public class SimplePOJOExample {
>
>public static void main(String[] args) throws Exception {
>PoolProperties p = new PoolProperties();
>p.setUrl("jdbc:mysql://localhost:3306/mysql");
>p.setDriverClassName("com.mysql.jdbc.Driver");
>p.setUsername("root");
>p.setPassword("password");
>p.setJmxEnabled(true);
>p.setTestWhileIdle(false);
>p.setTestOnBorrow(true);
>p.setValidationQuery("SELECT 1");
>p.setTestOnReturn(false);
>p.setValidationInterval(3);
>p.setTimeBetweenEvictionRunsMillis(3);
>p.setMaxActive(100);
>p.setInitialSize(10);
>p.setMaxWait(1);
>p.setRemoveAbandonedTimeout(60);
>p.setMinEvictableIdleTimeMillis(3);
>p.setMinIdle(10);
>p.setLogAbandoned(true);
>p.setRemoveAbandoned(true);
>
>  
> p.setJdbcInterceptors("org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;"+
>
>  "org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer");
>DataSource datasource = new DataSource();
>datasource.setPoolProperties(p);
>
>Connection con = null;
>try {
>  con = datasource.getConnection();
>  Statement st = con.createStatement();
>  ResultSet rs = st.executeQuery("select * from user");
>  int cnt = 1;
>  while (rs.next()) {
>  System.out.println((cnt++)+". Host:"
> +rs.getString("Host")+
>    " User:"+rs.getString("User")+"
> Password:"+rs.getString("Password"));
>  }
>  rs.close();
>  st.close();
>} finally {
>  if (con!=null) try {con.close();}catch (Exception ignore)
> {}
>
>}
>}
>
>}
>
>
> On 10/30/2009 09:54 AM, Filip Hanik - Dev Lists wrote:
>
>>
>>
>> http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/java/org/apache/tomcat/jdbc/pool/interceptor/StatementFinalizer.java?view=log
>>
>> Filip
>>
>> On 10/30/2009 08:34 AM, Josh Gooding wrote:
>>
>>> Hey what API holds the statementFinalizer?
>>>
>>> On Fri, Oct 30, 2009 at 9:57 AM, Josh Gooding>> >wrote:
>>

Re: ConnectionPool question

[Josh Gooding]

Barry I changed the code to this:

public static void closeResources(ResultSet rs) throws
AardvarkResourceException {
Statement s = null;
Connection c = null;

try {
s = rs.getStatement();
if (s != null) {
c = s.getConnection();
}
rs.close();
}
catch (SQLException e) {
throw new AardvarkResourceException("Error closing resources
associated with ResultSet", e);
}
finally
{
if(null != rs) try { rs.close(); }
catch (SQLException sqle)
{ sqle.printStackTrace(); }

if(null != s) try { s.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }

if(null != c)
try { c.close(); } catch (SQLException sqle)
{ sqle.printStackTrace(); }
}
}

No luck using the DataSoruceConnectionFactory though. I am using 6.0.18.

On Fri, Oct 30, 2009 at 4:28 PM, Propes, Barry L wrote:

> Where does it close the connection? Looks like it gets it, but the close
> part is commented out. The rs gets closed, but the connection gets recycled.
> Theoretically.
>
> Seems like you put a finally block down there to try catching/closing the
> wayward connection.
>
>
> -----Original Message-
> From: Josh Gooding [mailto:josh.good...@gmail.com]
> Sent: Friday, October 30, 2009 1:43 PM
> To: Tomcat Users List
> Subject: Re: ConnectionPool question
>
> I also found this tid bit lying around.  It get's a connection, but doesn't
> close the statement.
>
>public static void closeResources(ResultSet rs) throws
> AardvarkResourceException {
>try {
>Statement s = rs.getStatement();
>if (s != null) { // ResultSets produced by metadata queries do
> not have associated statements
>Connection c = s.getConnection();
>//s.close();
>//c.close();
>ConnectionPool.recycleConnection(c);
>}
>rs.close();
>} catch (SQLException e) {
>throw new AardvarkResourceException("Error closing resources
> associated with ResultSet", e);
>}
>}
>
> It still doesn't close the statement, but closes the connection leaving the
> statement hanging I'll fix and make sure to use it.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: ConnectionPool question

[Josh Gooding]

Yes, but the code for the AardvarkResourceException is a little strange.

public class AardvarkResourceException extends Exception {

//TODO: eventually change this to a logging exception
public AardvarkResourceException() {
}

public AardvarkResourceException(String message) {
super(message);
}

public AardvarkResourceException(Throwable cause) {
super(cause);
}

public AardvarkResourceException(String message, Throwable cause) {
super(message, cause);
}
}

I could just throw the error and not worry about the custom
ResourceException.  I don't understand the added value of this class.  I
think the other dev was trying to get fancy instead of using the time he had
wisely.

On Fri, Oct 30, 2009 at 4:40 PM, Propes, Barry L wrote:

> THIS looks MUCH better.
>
> Initializing the connections and statements to null outside, then going in
> to do the conns and subsequently closing with the try/catch/finally block
> like you have.
>
> What did the stack trace show?
>
> I am still on the dinosaur 4 version, getting ready to very soon upgrade to
> TC 6.
>
> My Data Source reference in the web.xml looks like this
>
>   type="javax.sql.DataSource"/>
>
>
> Yours, being on TC6, is likely different, and I think might have to be
> established in the META-INF file. I only have mine one place in the WEB-INF
> folder.
>
> Is the AardvarkResource a previously designated DB datasource class,
> written by the previous developer?
>
>
>
> -Original Message-
> From: Josh Gooding [mailto:josh.good...@gmail.com]
> Sent: Friday, October 30, 2009 3:32 PM
> To: Tomcat Users List
> Subject: Re: ConnectionPool question
>
> Barry I changed the code to this:
>
> public static void closeResources(ResultSet rs) throws
> AardvarkResourceException {
>Statement s = null;
>Connection c = null;
>
>try {
>s = rs.getStatement();
>if (s != null) {
>c = s.getConnection();
>}
>rs.close();
>}
>catch (SQLException e) {
>throw new AardvarkResourceException("Error closing resources
> associated with ResultSet", e);
>}
>finally
>{
>if(null != rs) try { rs.close(); }
>catch (SQLException sqle)
>{ sqle.printStackTrace(); }
>
>if(null != s) try { s.close(); } catch (SQLException sqle)
>{ sqle.printStackTrace(); }
>
>if(null != c)
>try { c.close(); } catch (SQLException sqle)
>{ sqle.printStackTrace(); }
>}
>}
>
> No luck using the DataSoruceConnectionFactory though. I am using 6.0.18.
>
> On Fri, Oct 30, 2009 at 4:28 PM, Propes, Barry L  >wrote:
>
> > Where does it close the connection? Looks like it gets it, but the
> > close part is commented out. The rs gets closed, but the connection gets
> recycled.
> > Theoretically.
> >
> > Seems like you put a finally block down there to try catching/closing
> > the wayward connection.
> >
> >
> > -Original Message-
> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Sent: Friday, October 30, 2009 1:43 PM
> > To: Tomcat Users List
> > Subject: Re: ConnectionPool question
> >
> > I also found this tid bit lying around.  It get's a connection, but
> > doesn't close the statement.
> >
> >public static void closeResources(ResultSet rs) throws
> > AardvarkResourceException {
> >try {
> >Statement s = rs.getStatement();
> >if (s != null) { // ResultSets produced by metadata queries
> > do not have associated statements
> >Connection c = s.getConnection();
> >//s.close();
> >//c.close();
> >ConnectionPool.recycleConnection(c);
> >}
> >rs.close();
> >} catch (SQLException e) {
> >throw new AardvarkResourceException("Error closing
> > resources associated with ResultSet", e);
> >}
> >}
> >
> > It still doesn't close the statement, but closes the connection
> > leaving the statement hanging I'll fix and make sure to use it.
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: ConnectionPool question

[Josh Gooding]

Filip I grabbed the tomcat-jdbc.jar file and included it under the /lib
folder in my tomcat installation.  I modified my context.xml's resource tag
to the following:



 and I am getting a tomcat startup exception:

WARNING: Unexpected exception resolving reference
java.lang.IllegalArgumentException
at java.util.concurrent.ArrayBlockingQueue.(Unknown Source)
at
org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:367)
at
org.apache.tomcat.jdbc.pool.ConnectionPool.(ConnectionPool.java:132)
at
org.apache.tomcat.jdbc.pool.DataSourceProxy.createPool(DataSourceProxy.java:95)
at
org.apache.tomcat.jdbc.pool.DataSourceFactory.createDataSource(DataSourceFactory.java:443)
at
org.apache.tomcat.jdbc.pool.DataSourceFactory.getObjectInstance(DataSourceFactory.java:204)
at
org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:140)
at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source)
at org.apache.naming.NamingContext.lookup(NamingContext.java:793)
at org.apache.naming.NamingContext.lookup(NamingContext.java:140)
at org.apache.naming.NamingContext.lookup(NamingContext.java:781)
at org.apache.naming.NamingContext.lookup(NamingContext.java:153)
at
org.apache.catalina.core.NamingContextListener.addResource(NamingContextListener.java:1024)
at
org.apache.catalina.core.NamingContextListener.createNamingContext(NamingContextListener.java:633)
at
org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingContextListener.java:237)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4252)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at
org.apache.catalina.core.StandardService.start(StandardService.java:516)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Oct 30, 2009 4:59:03 PM org.apache.catalina.core.NamingContextListener
addResource
WARNING: Failed to register in JMX: javax.naming.NamingException

Is there another setting that I need or am missing??

Re: ConnectionPool question

[Josh Gooding]

Chris,

I was looking at that earlier, wondering why it was put in there in the
first place.  It just doesn't fit in.  Sometimes you just hate to inherit
someone else's mess.

While there is another school of thought telling me to re-write the entire
DAO (which I could be willing to later on) for right now, I want to just
tweak and get it to work more efficiently on the server.  I think this is a
HUGE improvement over what was there and what actually was going on.  Thank
you sir!

On Fri, Oct 30, 2009 at 5:14 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Josh,
>
> On 10/30/2009 4:31 PM, Josh Gooding wrote:
> > public static void closeResources(ResultSet rs) throws
> > AardvarkResourceException {
> > Statement s = null;
> > Connection c = null;
> >
> > try {
> > s = rs.getStatement();
> > if (s != null) {
> > c = s.getConnection();
> > }
> > rs.close();
> > }
> > catch (SQLException e) {
> > throw new AardvarkResourceException("Error closing resources
> > associated with ResultSet", e);
> > }
> > finally
> > {
> > if(null != rs) try { rs.close(); }
> > catch (SQLException sqle)
> > { sqle.printStackTrace(); }
> >
> > if(null != s) try { s.close(); } catch (SQLException sqle)
> > { sqle.printStackTrace(); }
> >
> > if(null != c)
> > try { c.close(); } catch (SQLException sqle)
> > { sqle.printStackTrace(); }
> > }
> > }
>
> I think the finally block does everything you want. You don't really
> even need the try portion... I would further simplify it to:
>
> public static void closeResources(ResultSet rs)
>   // No 'throws' clause... no reason to throw an exception
>  // here because there's nothing you can do about it: just log it.
> {
>   Statement s = null;
>   Connection conn = null;
>   try
>   {
>  s = rs.getStatement();
>   }
>catch (SQLException sqle)
>   {
>  sqle.printStackTrace();
>   }
>
>   if(null != s)
>   {
>  try
>  {
>  c = s.getConnection();
>   }
>  catch (SQLException sqle)
>  {
> sqle.printStackTrace();
>  }
>   }
>
>   if(null != rs) try { rs.close(); }
>   catch (SQLException sqle)
>   { sqle.printStackTrace(); }
>
>   if(null != s) try { s.close(); } catch (SQLException sqle)
>   { sqle.printStackTrace(); }
>
>   if(null != c)
>   try { c.close(); } catch (SQLException sqle)
>   { sqle.printStackTrace(); }
> }
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrrV1EACgkQ9CaO5/Lv0PDhpQCfSABY67rM0YjoEjXn5H/jT1tQ
> ZJIAoLfPGl3Ewk90y6E11sglZkSDaAWH
> =Lcer
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Will tomcat allow me to configur access to a single folder?

[Josh Gooding]

Unlike Apache HTTPD, can Tomcat be configured to allow access to a single
directory?  I am looking at writing a bit of code to be able to upload spare
files to a section on the webserver, and then be able to view them and d/l
them.  Writing the code for the upload is not hard, but just wondering since
I have a .com, if I had say domain.com/external site dump/  Can I configure
tomcat so that everytime someone went to the /external site dump section, it
would ask for credentials?  Is this just a simple realm configuration?

Thanks.

- Josh

Re: ConnectionPool question

[Josh Gooding]

It seems as though you cannot set the maxActive to "-1" as you can in the
javax.sql.ConnectionPool for unlimited.

On Mon, Nov 2, 2009 at 4:36 AM, Konstantin Kolinko
wrote:

> 2009/10/31 Josh Gooding :
> >(...)
> >  and I am getting a tomcat startup exception:
> >
> > WARNING: Unexpected exception resolving reference
> > java.lang.IllegalArgumentException
> >at java.util.concurrent.ArrayBlockingQueue.(Unknown Source)
> >at
> > org.apache.tomcat.jdbc.pool.ConnectionPool.init(ConnectionPool.java:367)
>
> Line 367 in ConnectorPool.java is
>
>busy = new
> ArrayBlockingQueue(properties.getMaxActive(),false);
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Will tomcat allow me to configur access to a single folder?

[Josh Gooding]

What I was saying is that in httpd, you can configure httpd to do what I
want, but I was unsure if you could in tomcat.  Since I'm not using httpd, I
just wanted to see if I can configure access to a specific folder in
Tomcat.  I am setting up a backup site for a group of people on my domain.
That's all.



On Mon, Nov 2, 2009 at 4:03 AM, André Warnier  wrote:

> Josh Gooding wrote:
>
>> Unlike Apache HTTPD, can Tomcat be configured to allow access to a single
>> directory?
>>
> Huh ?
>
> Which Apache http documentation have you been reading ?
> Not this one :
> http://httpd.apache.org/docs/2.2/howto/auth.html
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Will tomcat allow me to configur access to a single folder?

[Josh Gooding]

Basically this is a dump for back up files, that's all.  I have a website at
the .com level, would I have to put in another entry in the server.xml for
this and then populate the (dump) directory with the WEB-INF / META-INF
resources?  I think I can configure the login with a file instead of having
to have a JDBC connection to a database.

On Mon, Nov 2, 2009 at 10:51 AM, André Warnier  wrote:

> Josh Gooding wrote:
>
>> What I was saying is that in httpd, you can configure httpd to do what I
>> want, but I was unsure if you could in tomcat.  Since I'm not using httpd,
>> I
>> just wanted to see if I can configure access to a specific folder in
>> Tomcat.  I am setting up a backup site for a group of people on my domain.
>> That's all.
>>
>>  Josh Gooding wrote:
>>>
>>>  Unlike Apache HTTPD, can Tomcat be configured to allow access to a
>>>> single
>>>> directory?
>>>>
>>>>  So, you really meant :
> Q: Can Tomcat, like httpd, be configured to allow access to a single
> directory ?
> A: yes.
> :-)
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat 6.0.20 on 64bit Window2003 - 64bit Service CAN'T start

[Josh Gooding]

Did you copy over the 64 bit tomcat files to the tomcat directory?  Not the
64 bit java files.

On Mon, Nov 2, 2009 at 5:05 PM, tiffany.d...@inovis.com <
tiffany.d...@inovis.com> wrote:

> I installed Tomcat 6.0.20 on 64bit Window2003. I installed 64 bit tomcat
> service (64 bit tomcat6.exe and 64bit tomcat6w.exe). I set variable name of
> JRE_HOME to the path of my 64bit JRE 6.0. However the 64 bit Service can't
> start and logs below.
>
>
> [2009-11-02 10:31:40] [info] Procrun (2.0.3.0) started
> [2009-11-02 10:31:40] [info] Running Service...
> [2009-11-02 10:31:40] [info] Starting service...
> [2009-11-02 10:31:40] [986  prunsrv.c] [error] Failed creating java
> [2009-11-02 10:31:40] [1260 prunsrv.c] [error] ServiceStart returned 1
> [2009-11-02 10:31:40] [info] Run service finished.
> [2009-11-02 10:31:40] [info] Procrun finished.
>
>
> Tiffany
>

Re: Tomcat 6.0.20 on 64bit Window2003 - 64bit Service CAN'T start

[Josh Gooding]

EDIT:  Don't install tomcat as a service.  I've always had trouble running
the 64 bit service.

On Mon, Nov 2, 2009 at 5:19 PM, Josh Gooding  wrote:

> Did you copy over the 64 bit tomcat files to the tomcat directory?  Not the
> 64 bit java files.
>
>
> On Mon, Nov 2, 2009 at 5:05 PM, tiffany.d...@inovis.com <
> tiffany.d...@inovis.com> wrote:
>
>> I installed Tomcat 6.0.20 on 64bit Window2003. I installed 64 bit tomcat
>> service (64 bit tomcat6.exe and 64bit tomcat6w.exe). I set variable name of
>> JRE_HOME to the path of my 64bit JRE 6.0. However the 64 bit Service can't
>> start and logs below.
>>
>>
>> [2009-11-02 10:31:40] [info] Procrun (2.0.3.0) started
>> [2009-11-02 10:31:40] [info] Running Service...
>> [2009-11-02 10:31:40] [info] Starting service...
>> [2009-11-02 10:31:40] [986  prunsrv.c] [error] Failed creating java
>> [2009-11-02 10:31:40] [1260 prunsrv.c] [error] ServiceStart returned 1
>> [2009-11-02 10:31:40] [info] Run service finished.
>> [2009-11-02 10:31:40] [info] Procrun finished.
>>
>>
>> Tiffany
>>
>
>

Re: Tomcat 6.0.20 on 64bit Window2003 - 64bit Service CAN'T start

[Josh Gooding]

Really?  I've never got it to work except through a batch starting.  It
really could be a plethora of things.  (I'd rather have it as that anyways
:P)

Not a big deal to me, I did get it working :)

On Mon, Nov 2, 2009 at 8:20 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: Tomcat 6.0.20 on 64bit Window2003 - 64bit Service CAN'T
> > start
> >
> > EDIT:  Don't install tomcat as a service.  I've always had trouble
> > running the 64 bit service.
>
> Really?  Once the modes of tomcat6.exe and the designated JVM match, there
> shouldn't be any problem.  Works fine on my 64-bit systems as a service.
>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: ConnectionPool question

[Josh Gooding]

If I close the RS, can I still use the MD?

On Tue, Nov 3, 2009 at 3:13 PM, Elli Albek  wrote:

> No, you do not need to close the XXXMetaData classes.
>
> E
>
> On Tue, Nov 3, 2009 at 12:02 PM, Josh Gooding  >wrote:
>
> > One more question on bleeding resources.  When closing RS / statement /
> > connections.  Do I have to do anything with the MetaData if I got that as
> > well?  (I.E Do I explicitly have to close the metadata as well?)
> >
> > Josh
> >
> > On Tue, Nov 3, 2009 at 2:01 PM, Josh Gooding 
> > wrote:
> >
> > > Elle,
> > >
> > > I am going to dig into this code and check it out.  I want to know more
> > > about how to use threadlocal and filters.  (Sorry I'm not as
> experienced
> > in
> > > Tomcat as some for you gurus here).
> > >
> > > The code looks promising and I like the 2nd option due to the fact that
> > > each HTTP req. only has one connection (which should drop the overhead
> > > immensely) however for right now, I just want to fix the bleeding issue
> > > (which it seems that I have caught a good portion of them), so I'll use
> > my
> > > legacy code, but during a "minor" code release, I can definitely look
> > into
> > > rolling this out.  I am getting a ton of "abandoned" connection
> warnings
> > in
> > > the console window, so I need to find out where these are coming from
> > now.
> > >
> > > I don't know where to begin thanking you guys but thank you.  I've
> gotten
> > > more mentoring here on this listing than I have in 2 years at my
> current
> > > employer.  Thank you all again.
> > >
> > > - Josh
> > >
> > >
> > > On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz <
> > > ch...@christopherschultz.net> wrote:
> > >
> > >> -BEGIN PGP SIGNED MESSAGE-
> > >> Hash: SHA1
> > >>
> > >> Elli,
> > >>
> > >> On 11/2/2009 4:08 AM, Elli Albek wrote:
> > >> > I think you can have a solution without changing your code.
> > >> >
> > >> > Try something like this:
> > >> >
> > >> > getConnection() static method should get the connection, and add it
> to
> > a
> > >> > list that you keep in threadlocal.
> > >> >
> > >> > recycleConnection() should close the connection and remove the
> > >> connection
> > >> > object from thread local.
> > >> >
> > >> > Add a servlet filter that closes all connections in thread local.
> The
> > >> filter
> > >> > calls next filter, and in a finally block get the connections from
> > >> thread
> > >> > local, close all of them, and clear the list in thread local.
> > >>
> > >> This is a horrible, nasty hack and it's entirely brilliant!
> > >>
> > >> I would change Elli's implementation just slightly, and actually write
> > >> your own DataSource implementation that piggybacks on another one.
> > >> Basically, you just wrap the DataSource that Tomcat provides either
> by:
> > >>
> > >> a. Using JNDI to look-up the Tomcat-created JNDI DataSource and just
> > >>   writing the plumbing code to pass everything through
> > >> b. Actually subclass the DataSource class(es) provided by Tomcat and
> > >>   use /those/ in your  configuration.
> > >>
> > >> I would also not make any of this static... there's just no reason to
> do
> > >> so, especially if your DataSource object is in the JNDI context.
> > >>
> > >> Although the /real/ solution is to fix the code, I really like this
> > >> solution for a couple of reasons:
> > >>
> > >> 1. It requires no wrapping of Connection, Statement, etc. objects
> > >>   (which is entirely miserable if you've ever had to do it)
> > >> 2. It requires no changes to your code whatsoever (if you use my
> > >>   DataSource-wrapping suggestion above)
> > >> 3. You won't end up closing your connection, statement, result set,
> etc.
> > >>   too early because your code has completed execution (unless you
> > >>   are using JDBC resources across requests, which is another story)
> > >>
> > >> What this won't help, unfortunately is:
> > >>
> > >> * Closing your ResultSet

Re: ConnectionPool question

[Josh Gooding]

Elle,

I am going to dig into this code and check it out.  I want to know more
about how to use threadlocal and filters.  (Sorry I'm not as experienced in
Tomcat as some for you gurus here).

The code looks promising and I like the 2nd option due to the fact that each
HTTP req. only has one connection (which should drop the overhead immensely)
however for right now, I just want to fix the bleeding issue (which it seems
that I have caught a good portion of them), so I'll use my legacy code, but
during a "minor" code release, I can definitely look into rolling this out.
I am getting a ton of "abandoned" conenction warnings in the console window,
so I need to find out where these are coming from now.

I don't know where to begin thanking you guys but thank you.  I've gotten
more mentoring here on this listing than I have in 2 years at my current
employer.  Thank you all again.

- Josh

On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Elli,
>
> On 11/2/2009 4:08 AM, Elli Albek wrote:
> > I think you can have a solution without changing your code.
> >
> > Try something like this:
> >
> > getConnection() static method should get the connection, and add it to a
> > list that you keep in threadlocal.
> >
> > recycleConnection() should close the connection and remove the connection
> > object from thread local.
> >
> > Add a servlet filter that closes all connections in thread local. The
> filter
> > calls next filter, and in a finally block get the connections from thread
> > local, close all of them, and clear the list in thread local.
>
> This is a horrible, nasty hack and it's entirely brilliant!
>
> I would change Elli's implementation just slightly, and actually write
> your own DataSource implementation that piggybacks on another one.
> Basically, you just wrap the DataSource that Tomcat provides either by:
>
> a. Using JNDI to look-up the Tomcat-created JNDI DataSource and just
>   writing the plumbing code to pass everything through
> b. Actually subclass the DataSource class(es) provided by Tomcat and
>   use /those/ in your  configuration.
>
> I would also not make any of this static... there's just no reason to do
> so, especially if your DataSource object is in the JNDI context.
>
> Although the /real/ solution is to fix the code, I really like this
> solution for a couple of reasons:
>
> 1. It requires no wrapping of Connection, Statement, etc. objects
>   (which is entirely miserable if you've ever had to do it)
> 2. It requires no changes to your code whatsoever (if you use my
>   DataSource-wrapping suggestion above)
> 3. You won't end up closing your connection, statement, result set, etc.
>   too early because your code has completed execution (unless you
>   are using JDBC resources across requests, which is another story)
>
> What this won't help, unfortunately is:
>
> * Closing your ResultSet and Statement objects (though this can be
>  solved by wrapping the Connection, Statement, etc. objects handed-
>  out by your DataSource. Yes, it's miserable.)
>
> > This will allow you to keep your legacy code. As far as I remember DBCP
> has
> > an option to close the result sets and statements when you close the
> > connection. If not this will partly work.
>
> I don't believe commons-dbcp has this capability at all. I'm willing to
> read any documentation to the contrary, though.
>
> > Version 2: Advanced
> >
> > Keep the actual connection in thread local. You will have one connection
> per
> > HTTP request. getConnection() should be something like
> >
> > public static /* NOT synchronized */ Connection getConnection(){
> >
> > Connection c = ...// get the connection from thread local
> >
> > if (c != null)
> >
> > return c;
> >
> > Connection c = ...// get the connection from JNDI/DBCP
> >
> > // put connection in thread local
> >
> > return c;
> >
> > }
>
> I like this technique, too. You just have to decide if it's acceptable
> for your webapp to re-use connections. I can't imagine why that would be
> a problem, but it's worth considering before you blindly do it. This
> optimization can save you from deadlock (though you're killing-off
> connections after 15 seconds anyway) and should significantly improve
> the performance of your webapp because you won't be bleeding so many
> connections: you're limited to bleeding one connection per request
> instead of potentially dozens.
>
> > recycleConnection(){
> >
> > // empty, connection will be recycled by filter.
> >
> > }
>
> I would actually allow recycleConnection to close the connection, and
> have the filter call recycleConnection. That way, as you improve your
> webapp's code, the connections will be closed as soon as possible
> instead of waiting until the request is (mostly) finished.
>
> Again, Elli, a great suggestion!
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enig

Re: ConnectionPool question

[Josh Gooding]

nevermind.  I get:

javax.servlet.ServletException:
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException:
No operations allowed after connection closed.

Guess that answers my question.


On Tue, Nov 3, 2009 at 3:24 PM, Josh Gooding  wrote:

> If I close the RS, can I still use the MD?
>
>
> On Tue, Nov 3, 2009 at 3:13 PM, Elli Albek  wrote:
>
>> No, you do not need to close the XXXMetaData classes.
>>
>> E
>>
>> On Tue, Nov 3, 2009 at 12:02 PM, Josh Gooding > >wrote:
>>
>> > One more question on bleeding resources.  When closing RS / statement /
>> > connections.  Do I have to do anything with the MetaData if I got that
>> as
>> > well?  (I.E Do I explicitly have to close the metadata as well?)
>> >
>> > Josh
>> >
>> > On Tue, Nov 3, 2009 at 2:01 PM, Josh Gooding 
>> > wrote:
>> >
>> > > Elle,
>> > >
>> > > I am going to dig into this code and check it out.  I want to know
>> more
>> > > about how to use threadlocal and filters.  (Sorry I'm not as
>> experienced
>> > in
>> > > Tomcat as some for you gurus here).
>> > >
>> > > The code looks promising and I like the 2nd option due to the fact
>> that
>> > > each HTTP req. only has one connection (which should drop the overhead
>> > > immensely) however for right now, I just want to fix the bleeding
>> issue
>> > > (which it seems that I have caught a good portion of them), so I'll
>> use
>> > my
>> > > legacy code, but during a "minor" code release, I can definitely look
>> > into
>> > > rolling this out.  I am getting a ton of "abandoned" connection
>> warnings
>> > in
>> > > the console window, so I need to find out where these are coming from
>> > now.
>> > >
>> > > I don't know where to begin thanking you guys but thank you.  I've
>> gotten
>> > > more mentoring here on this listing than I have in 2 years at my
>> current
>> > > employer.  Thank you all again.
>> > >
>> > > - Josh
>> > >
>> > >
>> > > On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz <
>> > > ch...@christopherschultz.net> wrote:
>> > >
>> > >> -BEGIN PGP SIGNED MESSAGE-
>> > >> Hash: SHA1
>> > >>
>> > >> Elli,
>> > >>
>> > >> On 11/2/2009 4:08 AM, Elli Albek wrote:
>> > >> > I think you can have a solution without changing your code.
>> > >> >
>> > >> > Try something like this:
>> > >> >
>> > >> > getConnection() static method should get the connection, and add it
>> to
>> > a
>> > >> > list that you keep in threadlocal.
>> > >> >
>> > >> > recycleConnection() should close the connection and remove the
>> > >> connection
>> > >> > object from thread local.
>> > >> >
>> > >> > Add a servlet filter that closes all connections in thread local.
>> The
>> > >> filter
>> > >> > calls next filter, and in a finally block get the connections from
>> > >> thread
>> > >> > local, close all of them, and clear the list in thread local.
>> > >>
>> > >> This is a horrible, nasty hack and it's entirely brilliant!
>> > >>
>> > >> I would change Elli's implementation just slightly, and actually
>> write
>> > >> your own DataSource implementation that piggybacks on another one.
>> > >> Basically, you just wrap the DataSource that Tomcat provides either
>> by:
>> > >>
>> > >> a. Using JNDI to look-up the Tomcat-created JNDI DataSource and just
>> > >>   writing the plumbing code to pass everything through
>> > >> b. Actually subclass the DataSource class(es) provided by Tomcat and
>> > >>   use /those/ in your  configuration.
>> > >>
>> > >> I would also not make any of this static... there's just no reason to
>> do
>> > >> so, especially if your DataSource object is in the JNDI context.
>> > >>
>> > >> Although the /real/ solution is to fix the code, I really like this
>> > >> solution for a couple of reasons:
>> > >>
>> &

Re: ConnectionPool question

[Josh Gooding]

One more question on bleeding resources.  When closing RS / statement /
connections.  Do I have to do anything with the MetaData if I got that as
well?  (I.E Do I explicitly have to close the metadata as well?)

Josh

On Tue, Nov 3, 2009 at 2:01 PM, Josh Gooding  wrote:

> Elle,
>
> I am going to dig into this code and check it out.  I want to know more
> about how to use threadlocal and filters.  (Sorry I'm not as experienced in
> Tomcat as some for you gurus here).
>
> The code looks promising and I like the 2nd option due to the fact that
> each HTTP req. only has one connection (which should drop the overhead
> immensely) however for right now, I just want to fix the bleeding issue
> (which it seems that I have caught a good portion of them), so I'll use my
> legacy code, but during a "minor" code release, I can definitely look into
> rolling this out.  I am getting a ton of "abandoned" connection warnings in
> the console window, so I need to find out where these are coming from now.
>
> I don't know where to begin thanking you guys but thank you.  I've gotten
> more mentoring here on this listing than I have in 2 years at my current
> employer.  Thank you all again.
>
> - Josh
>
>
> On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Elli,
>>
>> On 11/2/2009 4:08 AM, Elli Albek wrote:
>> > I think you can have a solution without changing your code.
>> >
>> > Try something like this:
>> >
>> > getConnection() static method should get the connection, and add it to a
>> > list that you keep in threadlocal.
>> >
>> > recycleConnection() should close the connection and remove the
>> connection
>> > object from thread local.
>> >
>> > Add a servlet filter that closes all connections in thread local. The
>> filter
>> > calls next filter, and in a finally block get the connections from
>> thread
>> > local, close all of them, and clear the list in thread local.
>>
>> This is a horrible, nasty hack and it's entirely brilliant!
>>
>> I would change Elli's implementation just slightly, and actually write
>> your own DataSource implementation that piggybacks on another one.
>> Basically, you just wrap the DataSource that Tomcat provides either by:
>>
>> a. Using JNDI to look-up the Tomcat-created JNDI DataSource and just
>>   writing the plumbing code to pass everything through
>> b. Actually subclass the DataSource class(es) provided by Tomcat and
>>   use /those/ in your  configuration.
>>
>> I would also not make any of this static... there's just no reason to do
>> so, especially if your DataSource object is in the JNDI context.
>>
>> Although the /real/ solution is to fix the code, I really like this
>> solution for a couple of reasons:
>>
>> 1. It requires no wrapping of Connection, Statement, etc. objects
>>   (which is entirely miserable if you've ever had to do it)
>> 2. It requires no changes to your code whatsoever (if you use my
>>   DataSource-wrapping suggestion above)
>> 3. You won't end up closing your connection, statement, result set, etc.
>>   too early because your code has completed execution (unless you
>>   are using JDBC resources across requests, which is another story)
>>
>> What this won't help, unfortunately is:
>>
>> * Closing your ResultSet and Statement objects (though this can be
>>  solved by wrapping the Connection, Statement, etc. objects handed-
>>  out by your DataSource. Yes, it's miserable.)
>>
>> > This will allow you to keep your legacy code. As far as I remember DBCP
>> has
>> > an option to close the result sets and statements when you close the
>> > connection. If not this will partly work.
>>
>> I don't believe commons-dbcp has this capability at all. I'm willing to
>> read any documentation to the contrary, though.
>>
>> > Version 2: Advanced
>> >
>> > Keep the actual connection in thread local. You will have one connection
>> per
>> > HTTP request. getConnection() should be something like
>> >
>> > public static /* NOT synchronized */ Connection getConnection(){
>> >
>> > Connection c = ...// get the connection from thread local
>> >
>> > if (c != null)
>> >
>> > return c;
>> >
>> > Connection c = ...// get the connection from JNDI/DBCP
>> >
>> >

Re: ConnectionPool question

[Josh Gooding]

HOLY MOLY I am getting a TON of abandoned connection warnings now.  I
see I have logAbandoned="true".  My Catalina log grew fast!  Now here is a
question, everytime I recycle a connection (close RS, statement, and the
connection) does it place it back into the pool or is that what the
abandoned connection messages are for letting me know they were abandoned
and put back into the pool?

On Tue, Nov 3, 2009 at 4:06 PM, Josh Gooding  wrote:

> nevermind.  I get:
>
> javax.servlet.ServletException: 
> com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException:
>
>
> No operations allowed after connection closed.
>
> Guess that answers my question.
>
>
> On Tue, Nov 3, 2009 at 3:24 PM, Josh Gooding wrote:
>
>> If I close the RS, can I still use the MD?
>>
>>
>> On Tue, Nov 3, 2009 at 3:13 PM, Elli Albek  wrote:
>>
>>> No, you do not need to close the XXXMetaData classes.
>>>
>>> E
>>>
>>> On Tue, Nov 3, 2009 at 12:02 PM, Josh Gooding >> >wrote:
>>>
>>> > One more question on bleeding resources.  When closing RS / statement /
>>> > connections.  Do I have to do anything with the MetaData if I got that
>>> as
>>> > well?  (I.E Do I explicitly have to close the metadata as well?)
>>> >
>>> > Josh
>>> >
>>> > On Tue, Nov 3, 2009 at 2:01 PM, Josh Gooding 
>>> > wrote:
>>> >
>>> > > Elle,
>>> > >
>>> > > I am going to dig into this code and check it out.  I want to know
>>> more
>>> > > about how to use threadlocal and filters.  (Sorry I'm not as
>>> experienced
>>> > in
>>> > > Tomcat as some for you gurus here).
>>> > >
>>> > > The code looks promising and I like the 2nd option due to the fact
>>> that
>>> > > each HTTP req. only has one connection (which should drop the
>>> overhead
>>> > > immensely) however for right now, I just want to fix the bleeding
>>> issue
>>> > > (which it seems that I have caught a good portion of them), so I'll
>>> use
>>> > my
>>> > > legacy code, but during a "minor" code release, I can definitely look
>>> > into
>>> > > rolling this out.  I am getting a ton of "abandoned" connection
>>> warnings
>>> > in
>>> > > the console window, so I need to find out where these are coming from
>>> > now.
>>> > >
>>> > > I don't know where to begin thanking you guys but thank you.  I've
>>> gotten
>>> > > more mentoring here on this listing than I have in 2 years at my
>>> current
>>> > > employer.  Thank you all again.
>>> > >
>>> > > - Josh
>>> > >
>>> > >
>>> > > On Mon, Nov 2, 2009 at 3:40 PM, Christopher Schultz <
>>> > > ch...@christopherschultz.net> wrote:
>>> > >
>>> > >> -BEGIN PGP SIGNED MESSAGE-
>>> > >> Hash: SHA1
>>> > >>
>>> > >> Elli,
>>> > >>
>>> > >> On 11/2/2009 4:08 AM, Elli Albek wrote:
>>> > >> > I think you can have a solution without changing your code.
>>> > >> >
>>> > >> > Try something like this:
>>> > >> >
>>> > >> > getConnection() static method should get the connection, and add
>>> it to
>>> > a
>>> > >> > list that you keep in threadlocal.
>>> > >> >
>>> > >> > recycleConnection() should close the connection and remove the
>>> > >> connection
>>> > >> > object from thread local.
>>> > >> >
>>> > >> > Add a servlet filter that closes all connections in thread local.
>>> The
>>> > >> filter
>>> > >> > calls next filter, and in a finally block get the connections from
>>> > >> thread
>>> > >> > local, close all of them, and clear the list in thread local.
>>> > >>
>>> > >> This is a horrible, nasty hack and it's entirely brilliant!
>>> > >>
>>> > >> I would change Elli's implementation just slightly, and actually
>>> write
>>> > >> your own DataSource implementation that piggybacks on another 

Re: ConnectionPool question

[Josh Gooding]

Chris,

I would imagine that you are correct, unless I store the RSMD in anther
object (like a Map or AL).

Now that I have started closing my resources something strange has actually
happened now.  I've hit the connectionpool limit faster.

I was digging and realized that I changed my context.xml file for the new
DataSourceFactory, but there is a watched resource in my web.xml that is
still pointing to javax.sql.DataSource.  should this be changed to the
tomcat's DataSourceFactory as well?

Here's the snippet from the context.xml:


javax.sql.DataSource
jdbc/RealmDB
Container


Do I need to change the  to the tomcat's DataSource?

On Wed, Nov 4, 2009 at 11:47 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Josh,
>
> On 11/3/2009 3:24 PM, Josh Gooding wrote:
> > If I close the RS, can I still use the MD?
>
> I see you've already answered this, but note the error is that the
> Connection is closed, not the ResultSet.
>
> I would expect that ResultSetMetaData requires that the ResultSet itself
> still be "open" in order to use it.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkrxsBUACgkQ9CaO5/Lv0PA9FgCgoK27dFtvbyyF4A6M/LrxviWX
> OCoAn0Uxn21O6woqtRZMbZKGOcLlHpQS
> =WlcR
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: ConnectionPool question

[Josh Gooding]

Barry, that's a normal console message when using the DataSource.  :)

Alright.  I have a question.  I've finished up the ConnectionPool wrapper
class that I found and is being used.  I don't need it to run, but I figured
it's there why not modify it to handle EVERYTHING dealing with connections.
While I have a getConnection(), I have also created many recycleConnection
methods that close abandoned Statements, Connections, ResultSets, and
DatabaseMetaData's.

So my ConnectionPool class is here
http://www.realissuesforrealpeople.com/ConnectionPool.java

and my DatabaseTransaction class is here
http://www.realissuesforrealpeople.com/DatabaseTransaction.java - Thanks for
the template for the Transaction Mr. Schultz btw.

I haven't worked on the filter as of yet, however, I am being told that the
ConnectionPool wrapper is a horrible idea and that I will end up with
problems with it.  As well as the DatabaseTransaction class.  Can anyone
forsee any issues with either that I am not forseeing?  My ability to use
the force is broken at the moment.  I"m looking at the filter as of right
now.  I"ve never implemented one however.

On Thu, Nov 5, 2009 at 4:03 PM, Propes, Barry L wrote:

> Oh yeahgood point..I likely don't have many (I have a few) DB errors
> printing tighto the console.
>
> Fortunately, I've shored that area up greatly.
>
>
>
> -Original Message-
> From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
> Sent: Thursday, November 05, 2009 2:52 PM
> To: Tomcat Users List
> Subject: RE: ConnectionPool question
>
> > From: Propes, Barry L [mailto:barry.l.pro...@citi.com]
> > Subject: RE: ConnectionPool question
> >
> > When I FIRST make a DB query through one of my JSPs/servlets, I get
> > this msg printed to the console.
> >
> > AbandonedObjectPool is used
> > (org.apache.commons.dbcp.abandonedobjectp...@b32627)
> >LogAbandoned: true
> >RemoveAbandoned: true
> >RemoveAbandonedTimeout: 30
>
> The above message is displayed by the constructor for the pool, directly to
> System.out, when the DataSource is being instantiated.  It simply says that
> your config is using the abandoned pool mechanism, and not an indication
> that you actually have any abandoned connections at this time.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: [OT] ConnectionPool question

[Josh Gooding]

I'm glad I amuse all of you :P

Chris,

the reason there are multiple recycleConnection methods is because if a RS
is passed to the front presentation layer, I have to have a way to close it,
I have to be able to get the statement and connection somehow, and I don't
want that in my code.

>From everything that everyone here has said, to semi fix this right:

1 - Each method that calls the DB for a RS needs to get it's own connection
and close the resources itself (keeping it in the same scope)

2 - The CP wrapper that is here, CAN be used, but could end up causing more
problems in the long run.

Hey again, thanks for everything you all have said.  I feel slightly more
confident now in fixing this conundrum.  :)

- Josh

On Sat, Nov 7, 2009 at 3:17 AM, Elli Albek  wrote:

> Chris, as long as we are having fun its all good. I think this
> question is something many developers ask. I have seen it here and in
> other forums.
>
> You are correct, everything is wrapped. The connection wrapper spawns
> statment wrappers which spawn result set wrappers, and everything is
> tracked in parent child relationships.
>
> E
>
> On Fri, Nov 6, 2009 at 5:54 PM, Christopher Schultz
>  wrote:
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA1
> >
> > Elli,
> >
> > Okay, I think we've hijacked Josh's thread enough to at least mark it as
> > off topic. :)
> >
> > On 11/5/2009 10:37 PM, Elli Albek wrote:
> >> Christopher Schultz wrote:
> >>> Pooled connections are almost certainly not behaving this way. This has
> >>> been discussed at least twice in the last week or two, and, I believe,
> >>> already once in this thread.
> >>
> >> This is certainly not the case for my DBCP library (1.2.2). I just
> >> stepped through the source code: Calling connection.close() is closing
> >> result sets and statements.
> >
> > I'm not sure how calling Connection.close (where the Connection object
> > is one from DBCP) would possibly be able to close ResultSet and
> > Statement objects created by the underlying connection.
> >
> > Unless, I suppose, they decided to wrap /everything/ and register all
> > the ResultSet and Statement objects handed-out by the underlying
> > Connection for the purposes of (possibly) closing them later. I should
> > really read the source :)
> >
> >> Below is the DBCP code that keeps track of open statements/result sets
> >> and closes them when the connection is closed (BDCP 1.2.2).
> >
> > Yup: it looks like they do wrap/register everything and then close it
> > for you. It's nice that they followed the spec, here :)
> >
> > - -chris
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: [OT] ConnectionPool question

[Josh Gooding]

Chris,

I AM going to use Elli's suggestion.  It's going to take some time, but I
don't have to worry, once it's done, it'll be done correctly.

Not only did I get yelled at for having the audacity to write up procedures
for the developers on my team (assuming I ever get a another team), but I
told my company that the procedures I wrote up needed to be used on ALL dev
teams.  I thought 99% of it was common sense, but I guess not.

On Tue, Nov 10, 2009 at 3:40 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Josh,
>
> On 11/10/2009 9:18 AM, Josh Gooding wrote:
> > the reason there are multiple recycleConnection methods is because if a
> RS
> > is passed to the front presentation layer, I have to have a way to close
> it,
> > I have to be able to get the statement and connection somehow, and I
> don't
> > want that in my code.
>
> I was assuming that you were going to use Elli's suggestion to use a
> ThreadLocal to capture any allocated Connection objects, and just close
> everything at the end of the request processing.
>
> If you're going to do that, you can be lazy about it and just always
> close everything.
>
> >>From everything that everyone here has said, to semi fix this right:
> >
> > 1 - Each method that calls the DB for a RS needs to get it's own
> connection
> > and close the resources itself (keeping it in the same scope)
>
> This is, of course, recommended technique.
>
> > 2 - The CP wrapper that is here, CAN be used, but could end up causing
> more
> > problems in the long run.
>
> Well, yes and no. "Yes" in the sense that you shouldn't encourage the
> kind of coding behavior that's been exhibited in the past: by writing
> such a wrapper and clean-up code, you (might) encourage laziness and
> make the problem worse rather than better. "No" in the sense that I
> don't believe this solution is actually going to exacerbate the actual
> problem itself.
>
> Good luck,
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.10 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkr5z7AACgkQ9CaO5/Lv0PCM5ACfdA3MPnJ/YEeUwIeuNjh9akH7
> 2X4AoKyfvWVdOv59FJtxMrw4nyLxsrk9
> =WWP3
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: [OT] ConnectionPool question

[Josh Gooding]

Yup,

No wonder my shop is in so much trouble.  No procedures, no brainstorming,
no project management, no best practices, just a "shoot from the hip,
Git-R-Done" attitude.

I liked that so much it's now hanging in my cube :)

- Josh

On Wed, Nov 11, 2009 at 3:33 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: [OT] ConnectionPool question
> >
> > Not only did I get yelled at for having the audacity to write up
> > procedures for the developers on my team
>
> "But we've always done it that way..."
>
> "A long habit of not thinking a thing wrong, gives it a superficial
> appearance of being right."
>   - Thomas Paine, 1776
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

Just a follow up on this, I did manage to get the virtual hosting and
everything working.

Windows server wise, I used the DNS tools v in Win2K3 Srinstead of the hosts
file.  For some reason the HOSTS file isn't working correctly.  This is an
issue for another time.

What I did to get Tomcat working was pretty much what is in the docs once I
re-re-re-read them.  I used the virtual hosting and it looked like the
problem I was having is that instead of using $CATALINA_HOME/[directory
name]/ROOT, I was leaving the ROOT directory out and putting it into just
the directory name (which coincidentally is how I have it under the webapps
directory -> $CATALINA_HOME/webapps/[software directory])

In my server.xml file, I have narrowed down the  parameters down to
the base minimum (removed 90% of the comments from the file) and came up
with this:


  
  
  
   abc.test.com

   abc.test.com
  


Notice the absolute basic  parameters, since I don't have a WAR to
deploy, I can get away from all of the extra "hubub" about auto deploy.
However the Alias coincides with the sub-domain that I had set up on
Server2K3.  I've also created an xyz company as well with complete separate
schemas for each of the companies using a custom context.xml in the META-INF
directory to test and it works.  Now I just need to create a script or admin
panel that I can go in and set one up automatically.


On Wed, Jun 3, 2009 at 2:58 PM, Josh Gooding  wrote:

> You sir are a gentleman and a scholar!  Thank you for all of the tips, they
> are greatly appreciated!  I think you have answered just about all of my
> questions I have as of right now.  I have Win Server 2K3 R2 and a box to
> play with.  I am going to try to get everything up and running this
> weekend.  Hopefully I'll be able to get this and the MySQL tweak running in
> under a day or so.
>
> Again thank you so much.  If I have any more questions, I'll toss them up
> here.
>
> - Josh
>
>
> On Wed, Jun 3, 2009 at 12:59 PM, Caldarale, Charles R <
> chuck.caldar...@unisys.com> wrote:
>
>> > From: Josh Gooding [mailto:josh.good...@gmail.com]
>> > Subject: Re: Just a few questions on my Tomcat Configuration
>> >
>> > I use virtual hosting to create /abcapps and /xyzapps and install the
>> > "program" in each directory.
>>
>> The proper term is webapp, not "program".  A webapp has a spec-defined
>> directory structure that must be adhered to for proper operation of the
>> webapp.  Browse through the various webapps that come with Tomcat to get an
>> idea of the layout, read the servlet spec for the details.
>>
>> > In the  section, bind the sub-domain to them
>>
>> Also set the appBase attribute of each  to point to the specific
>> sub-domain directories.  Note that the default webapp for a  must be
>> named ROOT (case sensitive).  One of your  elements must be declared
>> as the defaultHost for the surrounding ; this is the one used when
>> the URL does not match any of the  name attributes (including
>> references via IP address).
>>
>> > then I should be able to login per subdomain
>>
>> Depends on what you mean by login.  If it's just accessing the web site,
>> yes; if you mean authentication, you'll need to configure the appropriate
>> security mechanism.  This is usually done with a , which can be
>> placed inside an , , or , as needed.
>>
>> > (since I have files being uploaded to the server).
>>
>> Do not attempt to write files into the appBase directory - keep them
>> outside of Tomcat's directory structure.
>>
>> > It's all housed in the Server.xml file right?
>>
>>  elements are not.  (Watch out for your capitalization; many file
>> names are case-sensitive, even on Windows.  That should be server.xml, not
>> Server.xml.)
>>
>> > One more quick note, is there a way that I can break out certain
>> > sections of the server.xml file into a seperate .properties file?
>>
>> Not that I'm aware of, although various XML inclusion mechanisms might
>> work (haven't tried).  You can resolve attribute values from system
>> properties, using the ${prop.name} notation.  Anything to do with
>> specific webapps should not be in server.xml.
>>
>> > can I do the same thing in the server.xml file since it is
>> > a core file that tomcat relies on for it's configuration?
>>
>> And is thus not intended to be updated frequently.  The contents of
>> server.xml are only read when Tomcat starts up; changes mad after the fact
>> won't be honored until the next Tomcat restart.
>>
>>  - Chuck
>>
>>
>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
>> MATERIAL and is thus for use only by the intended recipient. If you received
>> this in error, please contact the sender and delete the e-mail and its
>> attachments from all computers.
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

As for the transcription error? it is just that, I fat fingered some
keystrokes and it sent it in the middle of an edit.  I was going to take out
the second abc and edit it to say xyz and have the 2nd  reflect that.

Not sure if I follow how you can have more than one webapp for any given
.  Would you just have multiple  params, or would you have
just more than one  with the same alias's and info except different
appBases?  Or am I off base?

Here is a question for you.  In a nut shell, I wrote software to be
installed on a standalone PC or on a network server.  I am modifying the
server (and adding an admin panel to the software) to run for multiple
companies (now on a web server at a .com).  I figured that the easiest way
to keep everything straight and neat would be to bind each instance of the
software to a sub-domain.  Each sub-domain will have it's own schema, file
storage, and instance of the software that is bound to it.  So I have
created the $CATALINA_HOME/[sub-domain]/ROOT directories and added the
host.  Am I going about this the right way?

On Tue, Jun 16, 2009 at 10:00 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

>
> Not sure I'm following you.  Each webapp (you can have many for any given
> ) should be in a directory or .war file directly under the 's
> appBase directory.  ROOT is simply a special name for the default webapp for
> the .
> > 
> >>  resourceName="UserDatabase"/>
> >> unpackWARs="true" autoDeploy="true"
> > xmlValidation="false" xmlNamespaceAware="false" />
> >   
> >abc.test.com
> > 
> >abc.test.com
> >   
> > 
>
> I hope the above is a transcription error, since you have an extra,
> unclosed  element.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

On Wed, Jun 17, 2009 at 12:02 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: Just a few questions on my Tomcat Configuration
>
> No, the appBase attribute defines where *all* of the  webapps go,
> each in its own directory or .war file immediately under the appBase
> directory.  Again, look at what Tomcat has in its default distribution;
> under the webapps directory, you'll find docs, examples, host-manager,
> manager, and ROOT.  Each one of those is a separate, independent webapp,
> with ROOT being the default for the ; ROOT is used when the URL
> doesn't match any of the others.
>
>
> >This alternative scheme uses only one , and deploys the webapp under
> a different >name for each sub.  This allows you to add or remove subs on
> the fly, without taking >Tomcat down.  Your current scheme requires
> restarting Tomcat whenever you want to add >or a remove a subdomain.


This is what I was trying to figure out.  How can I add one on the fly
without restarting Tomcat each time I add / remove a subdomain.

>
>
>  - Chuck
>

UGH!  what an idiot I've been.  I did this, didn't have to mess with the
 and tied everything to a sub directory.  :: bangs head on desk ::
This would have been S much faster if I had not been so stubborn and
hell bent on using subdomains  It took my install procedure from 8 steps
to 4 and now takes a mere few seconds rather than a few minutes of my
time

Thanks again!  You are the man

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

Oh I love a good theory!  Maybe each company would have a customized few
pages each with their own directories, tied to their own schema, etc, but
point to the core application in another directory.  Everyone would see
their own front ends, but use a common "framework" in the backend maybe?
That is something that I am willing to work on looking into though as a
different phase of the current project.  Are those API's part of teh
standard Tomcat docs?

- Josh

On Wed, Jun 17, 2009 at 11:28 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: Just a few questions on my Tomcat Configuration
> >
> > This is what I was trying to figure out.  How can I add one on the fly
> > without restarting Tomcat each time I add / remove a subdomain.
>
> It's theoretically possible, since the APIs exist for Tomcat running
> embedded.  However, I don't know of any reasonably easy to use mechanism
> that makes use of said APIs.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat window appears briefly, does not startup - Windows XP

[Josh Gooding]

Don't know if this was already answered, but make sure you have your logging
set for "debug" logging.  I know by default, it is not set to that.  That
may help get you something in the logs.

- Josh

2009/6/16 Martin Gainty 

>
> Tim-
>
> what do the logs say?
>
> Martin Gainty
> __
> Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité
>
> Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene
> Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte
> Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht
> dient lediglich dem Austausch von Informationen und entfaltet keine
> rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von
> E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
> destinataire prévu, nous te demandons avec bonté que pour satisfaire
> informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie
> de ceci est interdite. Ce message sert à l'information seulement et n'aura
> pas n'importe quel effet légalement obligatoire. Étant donné que les email
> peuvent facilement être sujets à la manipulation, nous ne pouvons accepter
> aucune responsabilité pour le contenu fourni.
>
>
>
>
> > Subject: Tomcat window appears briefly, does not startup - Windows XP
> > Date: Tue, 16 Jun 2009 18:04:31 -0400
> > From: timothy.ruc...@teradata.com
> > To: users@tomcat.apache.org
> >
> > Startup.bat in CATALINA_HOME/bin runs without error, but Tomcat does not
> > startup
> >
> > Tim Rucker
> > Professional Services Americas
> > Teradata
> > * E-Mail: timothy.ruc...@teradata.com 
> > * SMS: iPhone 
> > * Virtual Office: (614) 314-4427
> >
> >
>
> _
> Bing™  brings you maps, menus, and reviews organized in one place.   Try it
> now.
>
> http://www.bing.com/search?q=restaurants&form=MLOGEN&publ=WLHMTAG&crea=TEXT_MLOGEN_Core_tagline_local_1x1

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

Once again (sigh) .

I just got out of my management meeting, they want to know if it can be done
the "other" way, with all companies sharing the core code.  I'm not exactly
sure on how I'd even begin to do this.  While I made a good point that A -
it's more secure, and B - it is the better way of doing things, they did
countered.  If we wanted to upgrade the software, it's better to upgrade one
single install, than to upgrade 50 - 100 clients which takes a large amount
of time.  It then becomes a logistical issue.  All that aside, would you
have any clue as to how would I go about starting something like that?  I'm
going to check the docs more closely, however, I am not confident that I
will find anything like that in there.

- Josh

On Wed, Jun 17, 2009 at 10:10 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: Just a few questions on my Tomcat Configuration
> >
> > Maybe each company would have a customized few pages each with
> > their own directories, tied to their own schema, etc, but point
> > to the core application in another directory.  Everyone would
> > see their own front ends, but use a common "framework" in the
> > backend maybe?
>
> That's quite a bit more than I was referring to, and I find it unlikely
> that any company would want its processing to be shared with others in the
> same webapp.  Better to have separate deployments for each, even if the
> underlying webapp is identical in each instance.
>
> > Are those API's part of teh standard Tomcat docs?
>
> The ones I referred to for adding and removing  elements dynamically
> are part of the Embedded class:
> http://tomcat.apache.org/tomcat-6.0-doc/api/index.html
>
> The doc states that components can be added and removed on the fly, even
> after the start() method has been invoked.  I've never tried it.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

This is where my inexperience in tomcat will shine through.

Scrapped all xxx.test.com sub-d's and went with test.com/[company id] as the
way to go.  It prevented me from having to edit the server.xml file and
restart tomcat each and everytime that a company is added / subtracted.  You
are correct, the app  [except database access (each co. get's it's own
schema, and it's own file storage directory) and a few files (context.xml
and web.xml)] is the exact same for everyone.

All front ends (that the user views) can be the exact same for right now.
Servlet filters though aren't they defined in the server.xml file?  If they
are that defeats the purpose of everything being created without a restart.
Am I off base myself here?  I'm looking in the docs for filters but not
coming up with much.  Any advice?

- Josh

On Mon, Jun 22, 2009 at 3:54 PM, Pid  wrote:

> (Late arrival, skimmed the thread, apologies if I'm off the mark).
>
> Given the assumption of different data per user/client/company, is the
> app identical for each company, bar aesthetic changes like images?
>
>
> If so, with minor tweaks to your HTML, a servlet Filter which processes
> the HttpRequestServlet.getServerName() field (to get the subdomain)
> could look up the URL of a CSS file in a client DB, which is then
> included in the document head.
>
> CSS is plenty powerful enough to make all the visual changes you'd need,
> if the underlying HTML is the same.  All subdomains would need to run on
> the default host, but that would save you the effort of hard coding
> Hosts each time.
>
> You could also extend this to look up a more complex client object,
> (still based on server host name), with config info, perhaps even a
> unique DB name for use elsewhere.
>
> Or not.
>
>
> p
>
>
>
>
> Josh Gooding wrote:
> > Once again (sigh) .
> >
> > I just got out of my management meeting, they want to know if it can be
> done
> > the "other" way, with all companies sharing the core code.  I'm not
> exactly
> > sure on how I'd even begin to do this.  While I made a good point that A
> -
> > it's more secure, and B - it is the better way of doing things, they did
> > countered.  If we wanted to upgrade the software, it's better to upgrade
> one
> > single install, than to upgrade 50 - 100 clients which takes a large
> amount
> > of time.  It then becomes a logistical issue.  All that aside, would you
> > have any clue as to how would I go about starting something like that?
>  I'm
> > going to check the docs more closely, however, I am not confident that I
> > will find anything like that in there.
> >
> > - Josh
> >
> > On Wed, Jun 17, 2009 at 10:10 PM, Caldarale, Charles R <
> > chuck.caldar...@unisys.com> wrote:
> >
> >>> From: Josh Gooding [mailto:josh.good...@gmail.com]
> >>> Subject: Re: Just a few questions on my Tomcat Configuration
> >>>
> >>> Maybe each company would have a customized few pages each with
> >>> their own directories, tied to their own schema, etc, but point
> >>> to the core application in another directory.  Everyone would
> >>> see their own front ends, but use a common "framework" in the
> >>> backend maybe?
> >> That's quite a bit more than I was referring to, and I find it unlikely
> >> that any company would want its processing to be shared with others in
> the
> >> same webapp.  Better to have separate deployments for each, even if the
> >> underlying webapp is identical in each instance.
> >>
> >>> Are those API's part of teh standard Tomcat docs?
> >> The ones I referred to for adding and removing  elements
> dynamically
> >> are part of the Embedded class:
> >> http://tomcat.apache.org/tomcat-6.0-doc/api/index.html
> >>
> >> The doc states that components can be added and removed on the fly, even
> >> after the start() method has been invoked.  I've never tried it.
> >>
> >>  - Chuck
> >>
> >>
> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> >> MATERIAL and is thus for use only by the intended recipient. If you
> received
> >> this in error, please contact the sender and delete the e-mail and its
> >> attachments from all computers.
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
> >
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

P,

Sorry, I'm not sure why GMail included you as well.  It should only have
gone to the tomcat users listing.

I didn't realize that it was a servlet spec item and a non-tomcat item.  I
have downloaded SS 2.4 final.  That has info on it.

I've done a ton of mappings in the web.xml file already for the servlets
that already exist for this.  If it's more mappings that I need, it
shouldn't be an issue.  I'll need to read closely then on how filters work.
Thanks again for everything again.

On Mon, Jun 22, 2009 at 4:40 PM, Pid  wrote:

> Josh Gooding wrote:
> > This is where my inexperience in tomcat will shine through.
> >
> > Scrapped all xxx.test.com sub-d's and went with 
> > test.com/[company<http://test.com/%5Bcompany>id] as the
> > way to go.  It prevented me from having to edit the server.xml file and
> > restart tomcat each and everytime that a company is added / subtracted.
>  You
> > are correct, the app  [except database access (each co. get's it's own
> > schema, and it's own file storage directory) and a few files (context.xml
> > and web.xml)] is the exact same for everyone.
> >
> > All front ends (that the user views) can be the exact same for right now.
> > Servlet filters though aren't they defined in the server.xml file?  If
> they
> > are that defeats the purpose of everything being created without a
> restart.
> > Am I off base myself here?  I'm looking in the docs for filters but not
> > coming up with much.
>
>
> Any advice?
>
> 1. Just reply to the list, I'm on it, I don't need a separate copy too.
>
> 2. It's Servlet Spec stuff, not Tomcat.  Implement javax.servlet.Filter
> and add mappings* in each web.xml.  Make sure it's the first one in the
> web.xml if other Filters or Servlets rely on anything it does.
>
> Filters are extremely useful, if used carefully.  Do extra reading about
> how they work.
>
> E.g.  use getServerName() as a key for an object, set it as a request
> attribute and then retrieve it in the HTML.
>
>  @Override
>  public void doFilter(ServletRequest req, ServletResponse res,
> FilterChain chain) throws IOException, ServletException {
>
>  HttpServletRequest hreq = (HttpServletRequest) req;
>  HttpServletResponse hres = (HttpServletResponse) res;
>
>  // do stuff
>
>  ClientConfig config = yourFuncToGetConfig(hreq);
>  hreq.setAttribute("clientconfig", config);
>
>  // do other stuff
>
>  chain.doFilter(hreq, hres);
>
>  }
>
> ... and in your html, assuming your ClientConfig object has a
> getCssUrl()...
>
>
>   type="text/css" />
>
> etc.
>
> p
>
>
>
> * Filter mappings are an exercise for the reader. GIYF.
>
>
>
> > - Josh
> >
> > On Mon, Jun 22, 2009 at 3:54 PM, Pid  wrote:
> >
> >> (Late arrival, skimmed the thread, apologies if I'm off the mark).
> >>
> >> Given the assumption of different data per user/client/company, is the
> >> app identical for each company, bar aesthetic changes like images?
> >>
> >>
> >> If so, with minor tweaks to your HTML, a servlet Filter which processes
> >> the HttpRequestServlet.getServerName() field (to get the subdomain)
> >> could look up the URL of a CSS file in a client DB, which is then
> >> included in the document head.
> >>
> >> CSS is plenty powerful enough to make all the visual changes you'd need,
> >> if the underlying HTML is the same.  All subdomains would need to run on
> >> the default host, but that would save you the effort of hard coding
> >> Hosts each time.
> >>
> >> You could also extend this to look up a more complex client object,
> >> (still based on server host name), with config info, perhaps even a
> >> unique DB name for use elsewhere.
> >>
> >> Or not.
> >>
> >>
> >> p
> >>
> >>
> >>
> >>
> >> Josh Gooding wrote:
> >>> Once again (sigh) .
> >>>
> >>> I just got out of my management meeting, they want to know if it can be
> >> done
> >>> the "other" way, with all companies sharing the core code.  I'm not
> >> exactly
> >>> sure on how I'd even begin to do this.  While I made a good point that
> A
> >> -
> >>> it's more secure, and B - it is the better way of doing things, they
> did
> >>> countered.  If we wanted to upgrade the software, it's better to
> upgrade
> >> one
> >>> sing

Trying to run Tomcat on Win Server 2K3 returns error

[Josh Gooding]

I am installing Tomcat 6.0.18 on a Windows 2K3 x64 box.  The service will
not start.  I am only getting the jakarta_service log and it says the
following:

[2009-07-10 19:25:32] [info] Procrun (2.0.4.0) started
[2009-07-10 19:25:32] [info] Service Tomcat6 name Apache Tomcat 6
[2009-07-10 19:25:32] [info] Service Tomcat6 installed
[2009-07-10 19:25:32] [info] Procrun finished.
[2009-07-10 19:25:33] [info] Procrun (2.0.4.0) started
[2009-07-10 19:25:33] [info] Updating service...
[2009-07-10 19:25:33] [info] Service Tomcat6 updated
[2009-07-10 19:25:33] [info] Update service finished.
[2009-07-10 19:25:33] [info] Procrun finished.
[2009-07-10 19:25:33] [info] Procrun (2.0.4.0) started
[2009-07-10 19:25:33] [info] Updating service...
[2009-07-10 19:25:33] [info] Service Tomcat6 updated
[2009-07-10 19:25:33] [info] Update service finished.
[2009-07-10 19:25:33] [info] Procrun finished.
[2009-07-10 19:25:36] [info] Procrun (2.0.4.0) started
[2009-07-10 19:25:36] [info] Running Service...
[2009-07-10 19:25:36] [info] Starting service...
[2009-07-10 19:25:36] [174  javajni.c] [error] %1 is not a valid Win32
application.
[2009-07-10 19:25:36] [994  prunsrv.c] [error] Failed creating java
C:\Program Files\Java\jre6\bin\server\jvm.dll
[2009-07-10 19:25:36] [1269 prunsrv.c] [error] ServiceStart returned 1
[2009-07-10 19:25:36] [info] Run service finished.
[2009-07-10 19:25:36] [info] Procrun finished.
[2009-07-10 19:25:47] [info] Procrun (2.0.4.0) started
[2009-07-10 19:25:47] [info] Running Service...
[2009-07-10 19:25:47] [info] Starting service...
[2009-07-10 19:25:47] [174  javajni.c] [error] %1 is not a valid Win32
application.
[2009-07-10 19:25:47] [994  prunsrv.c] [error] Failed creating java
C:\Program Files\Java\jre6\bin\server\jvm.dll
[2009-07-10 19:25:47] [1269 prunsrv.c] [error] ServiceStart returned 1
[2009-07-10 19:25:47] [info] Run service finished.
[2009-07-10 19:25:47] [info] Procrun finished.

Is there some special instructions that I am not finding to install this on
a win 2k3 x64 server?

Re: Trying to run Tomcat on Win Server 2K3 returns error

[Josh Gooding]

t/y seemed to work  :) you the man!

On Fri, Jul 10, 2009 at 2:38 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Trying to run Tomcat on Win Server 2K3 returns error
> >
> > I am installing Tomcat 6.0.18 on a Windows 2K3 x64 box.
>
> Assuming you're using a 64-bit JDK, you need to use the 64-bit version of
> tomcat6.exe, which is available here:
>
> http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_18/res/procrun/amd64/
>
> Just replace the 32-bit one in the bin directory.  You do not need the
> 64-bit version of tomcat6w.exe, but you can use it if you want.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Need some SSL Config help.

[Josh Gooding]

Hello again.

Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1 db, I
need to clamp the server down tight using SSL.  I've already created my
keystore file and I am able to get the server to serve on port 443 (by going
to http://localhost:443).  I can get it to Subsequent attempts to serve as
https://localhost are proving not to be fruitful.

I have a webserver (tomcat) that is in development status that I want to
clamp down.  I am using a realm to login using j_security_check to login to
the software.  Right now what I want to do is install the Apache webserver
and get it talking to tomcat (not hard).  I created my keystore file and I
know it works because I've tested it.  What I need to know are these things
(btw, if they are in the docs, please just say so and I'll look harder)

If I want to use SSL for each person logging into the instance (which is
using Tomcat to serve) do I need to have SSL on both Apache webserver and
Tomcat, just the webserver, or just tomcat?

Right now for example, if I go to http://server.com/[companyid] I get a
simple login / pwd (using j_sec_chk).  I'm using a realm configuration in my
It's not using SSL.  Following Tomcat's instructions, I have SSL configured
on my test server, and it seems to run if I go to
http://test.com:443/index.jsp. I get the default tomcat page.  However if I
go to https://test.com/index.jsp, I get "cannot connect or website not
responding"  I can't remember which one.  Is this a simple configuration
thing or will this solve itself if I install the webserver and connect tc
and apache web?

Second, since I am using j_security_check for login, are there native
classes in tomcat that will allow me to utilize j_sec_chk and SSL?  Is there
another method of logging in that I should use?  I can write my own custom
classes, but I am not really clear on if there is something better that is
native.  i'm looking at needing a 3 strikes and your locked out
functionality across SSL.  This is a simple yes there is a better way and
it's part of tomcat, or write your custom code.  I'm not looking for the
typical "please do it for me" requests that I normally see on dev / user
lists.

Since each company has exactly ONE html page (which is only a welcome page),
I honestly don't see the need to install the webserver except the fact that
it is the right way of doing things.  Is my thinking off on this?

For some reason, my brain is becoming like a sponge for tomcat
configuration.  So forgive me for asking a ton of questions.  I'm reading
both the tomcat documentation and an O'Reilly book on tomcat, and I want to
get good enough at this that I can configure it in any environment.  I
really enjoy tomcat and become knowledgeable enough that I don't fel like
such a newbie asking questions.  Any insight or direction would be greatly
appreciated.

Warm regards,

Josh

Re: Need some SSL Config help.

[Josh Gooding]

One more thing.  Here is my server.xml information that is relative:





On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding wrote:

> Hello again.
>
> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1 db, I
> need to clamp the server down tight using SSL.  I've already created my
> keystore file and I am able to get the server to serve on port 443 (by going
> to http://localhost:443).  I can get it to Subsequent attempts to serve as
> https://localhost are proving not to be fruitful.
>
> I have a webserver (tomcat) that is in development status that I want to
> clamp down.  I am using a realm to login using j_security_check to login to
> the software.  Right now what I want to do is install the Apache webserver
> and get it talking to tomcat (not hard).  I created my keystore file and I
> know it works because I've tested it.  What I need to know are these things
> (btw, if they are in the docs, please just say so and I'll look harder)
>
> If I want to use SSL for each person logging into the instance (which is
> using Tomcat to serve) do I need to have SSL on both Apache webserver and
> Tomcat, just the webserver, or just tomcat?
>
> Right now for example, if I go to 
> http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D>I get a 
> simple login / pwd (using j_sec_chk).  I'm using a realm
> configuration in my It's not using SSL.  Following Tomcat's instructions, I
> have SSL configured on my test server, and it seems to run if I go to
> http://test.com:443/index.jsp. I get the default tomcat page.  However if
> I go to https://test.com/index.jsp, I get "cannot connect or website not
> responding"  I can't remember which one.  Is this a simple configuration
> thing or will this solve itself if I install the webserver and connect tc
> and apache web?
>
> Second, since I am using j_security_check for login, are there native
> classes in tomcat that will allow me to utilize j_sec_chk and SSL?  Is there
> another method of logging in that I should use?  I can write my own custom
> classes, but I am not really clear on if there is something better that is
> native.  i'm looking at needing a 3 strikes and your locked out
> functionality across SSL.  This is a simple yes there is a better way and
> it's part of tomcat, or write your custom code.  I'm not looking for the
> typical "please do it for me" requests that I normally see on dev / user
> lists.
>
> Since each company has exactly ONE html page (which is only a welcome
> page), I honestly don't see the need to install the webserver except the
> fact that it is the right way of doing things.  Is my thinking off on this?
>
> For some reason, my brain is becoming like a sponge for tomcat
> configuration.  So forgive me for asking a ton of questions.  I'm reading
> both the tomcat documentation and an O'Reilly book on tomcat, and I want to
> get good enough at this that I can configure it in any environment.  I
> really enjoy tomcat and become knowledgeable enough that I don't fel like
> such a newbie asking questions.  Any insight or direction would be greatly
> appreciated.
>
> Warm regards,
>
> Josh
>

Re: Need some SSL Config help.

[Josh Gooding]

Thanks all, I appreciate the input.  I used
http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html to attempt to
configure SSL.  I'll read up on APR.

On Sat, Jul 25, 2009 at 6:14 AM, Mark Thomas  wrote:

> Josh Gooding wrote:
> > One more thing.  Here is my server.xml information that is relative:
> >
> >  > SSLEngine="on" SSLRandomSeed="builtin" />
>
> Looks like you are trying to use the APR connector.
>
> >  > minSpareThreads="5" maxSpareThreads="75"
> Neither of those two attributes are valid for Tomcat 6. Get rid of them.
>  It looks like you have copied this from a previous Tomcat version. I'd
> strongly suggest checking all of your configuration against the docs.
>
> > enableLookups="true" disableUploadTimeout="true"
> > acceptCount="100"  maxThreads="200"
> > scheme="https" secure="true"
> > keystoreFile="C:\Documents and Settings\Zeus\.keystore"
> > keystorePass="likeIdpostit"
> These are the JSSE SSL configuration attributes. You are trying to use
> APR. That won't work. The docs could make this clearer. You want
> http://tomcat.apache.org/tomcat-6.0-doc/apr.html
>
> Mark
>
> > clientAuth="false" sslProtocol="TLS"/>
> >
> > On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding  >wrote:
> >
> >> Hello again.
> >>
> >> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1
> db, I
> >> need to clamp the server down tight using SSL.  I've already created my
> >> keystore file and I am able to get the server to serve on port 443 (by
> going
> >> to http://localhost:443).
>
> That means your connector is not configured correctly as it is serving
> http rather than https.
>
>
>  I can get it to Subsequent attempts to serve as
> >> https://localhost are proving not to be fruitful.
> >>
> >> I have a webserver (tomcat) that is in development status that I want to
> >> clamp down.  I am using a realm to login using j_security_check to login
> to
> >> the software.  Right now what I want to do is install the Apache
> webserver
> >> and get it talking to tomcat (not hard).  I created my keystore file and
> I
> >> know it works because I've tested it.  What I need to know are these
> things
> >> (btw, if they are in the docs, please just say so and I'll look harder)
> >>
> >> If I want to use SSL for each person logging into the instance (which is
> >> using Tomcat to serve) do I need to have SSL on both Apache webserver
> and
> >> Tomcat, just the webserver, or just tomcat?
> >>
> >> Right now for example, if I go to 
> >> http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D>
> <http://server.com/%5Bcompanyid%5D>I get a simple login / pwd (using
> j_sec_chk).  I'm using a realm
> >> configuration in my It's not using SSL.  Following Tomcat's
> instructions, I
> >> have SSL configured on my test server, and it seems to run if I go to
> >> http://test.com:443/index.jsp. I get the default tomcat page.  However
> if
> >> I go to https://test.com/index.jsp, I get "cannot connect or website
> not
> >> responding"  I can't remember which one.  Is this a simple configuration
> >> thing or will this solve itself if I install the webserver and connect
> tc
> >> and apache web?
> >>
> >> Second, since I am using j_security_check for login, are there native
> >> classes in tomcat that will allow me to utilize j_sec_chk and SSL?  Is
> there
> >> another method of logging in that I should use?  I can write my own
> custom
> >> classes, but I am not really clear on if there is something better that
> is
> >> native.  i'm looking at needing a 3 strikes and your locked out
> >> functionality across SSL.  This is a simple yes there is a better way
> and
> >> it's part of tomcat, or write your custom code.  I'm not looking for the
> >> typical "please do it for me" requests that I normally see on dev / user
> >> lists.
> >>
> >> Since each company has exactly ONE html page (which is only a welcome
> >> page), I honestly don't see the need to install the webserver except the
> >> fact that it is the right way of doing things.  Is my thinking off on
> this?
> >>
> >> For some reason, my brain is becoming like a sponge for tomcat
> >> configuration.  So forgive me for asking a ton of questions.  I'm
> reading
> >> both the tomcat documentation and an O'Reilly book on tomcat, and I want
> to
> >> get good enough at this that I can configure it in any environment.  I
> >> really enjoy tomcat and become knowledgeable enough that I don't fel
> like
> >> such a newbie asking questions.  Any insight or direction would be
> greatly
> >> appreciated.
> >>
> >> Warm regards,
> >>
> >> Josh
> >>
> >
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Need some SSL Config help.

[Josh Gooding]

Just an update.  I decided to change up what I was doing.  Instead of
starting with SSL on tomcat, I ported Apache and Tomcat to work together on
my local test server.  Now I am going to do the APR.  Do I need to configure
SSL on both Apache and Tomcat or just Tomcat?

On Mon, Jul 27, 2009 at 12:08 AM, Josh Gooding wrote:

> Thanks all, I appreciate the input.  I used
> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html to attempt to
> configure SSL.  I'll read up on APR.
>
> On Sat, Jul 25, 2009 at 6:14 AM, Mark Thomas  wrote:
>
>> Josh Gooding wrote:
>> > One more thing.  Here is my server.xml information that is relative:
>> >
>> > > > SSLEngine="on" SSLRandomSeed="builtin" />
>>
>> Looks like you are trying to use the APR connector.
>>
>> > > > minSpareThreads="5" maxSpareThreads="75"
>> Neither of those two attributes are valid for Tomcat 6. Get rid of them.
>>  It looks like you have copied this from a previous Tomcat version. I'd
>> strongly suggest checking all of your configuration against the docs.
>>
>> > enableLookups="true" disableUploadTimeout="true"
>> > acceptCount="100"  maxThreads="200"
>> > scheme="https" secure="true"
>> > keystoreFile="C:\Documents and Settings\Zeus\.keystore"
>> > keystorePass="likeIdpostit"
>> These are the JSSE SSL configuration attributes. You are trying to use
>> APR. That won't work. The docs could make this clearer. You want
>> http://tomcat.apache.org/tomcat-6.0-doc/apr.html
>>
>> Mark
>>
>> > clientAuth="false" sslProtocol="TLS"/>
>> >
>> > On Fri, Jul 24, 2009 at 10:25 PM, Josh Gooding > >wrote:
>> >
>> >> Hello again.
>> >>
>> >> Now that I have deployed my project on Tomcat 6.0.18 with a MySQL 5.1
>> db, I
>> >> need to clamp the server down tight using SSL.  I've already created my
>> >> keystore file and I am able to get the server to serve on port 443 (by
>> going
>> >> to http://localhost:443).
>>
>> That means your connector is not configured correctly as it is serving
>> http rather than https.
>>
>>
>>  I can get it to Subsequent attempts to serve as
>> >> https://localhost are proving not to be fruitful.
>> >>
>> >> I have a webserver (tomcat) that is in development status that I want
>> to
>> >> clamp down.  I am using a realm to login using j_security_check to
>> login to
>> >> the software.  Right now what I want to do is install the Apache
>> webserver
>> >> and get it talking to tomcat (not hard).  I created my keystore file
>> and I
>> >> know it works because I've tested it.  What I need to know are these
>> things
>> >> (btw, if they are in the docs, please just say so and I'll look harder)
>> >>
>> >> If I want to use SSL for each person logging into the instance (which
>> is
>> >> using Tomcat to serve) do I need to have SSL on both Apache webserver
>> and
>> >> Tomcat, just the webserver, or just tomcat?
>> >>
>> >> Right now for example, if I go to 
>> >> http://server.com/[companyid]<http://server.com/%5Bcompanyid%5D>
>> <http://server.com/%5Bcompanyid%5D>I get a simple login / pwd (using
>> j_sec_chk).  I'm using a realm
>> >> configuration in my It's not using SSL.  Following Tomcat's
>> instructions, I
>> >> have SSL configured on my test server, and it seems to run if I go to
>> >> http://test.com:443/index.jsp. I get the default tomcat page.  However
>> if
>> >> I go to https://test.com/index.jsp, I get "cannot connect or website
>> not
>> >> responding"  I can't remember which one.  Is this a simple
>> configuration
>> >> thing or will this solve itself if I install the webserver and connect
>> tc
>> >> and apache web?
>> >>
>> >> Second, since I am using j_security_check for login, are there native
>> >> classes in tomcat that will allow me to utilize j_sec_chk and SSL?  Is
>> there
>> >> another method of logging in that I should use?  I can write my own
>> custom
>> >> classes, but I am not really clear on if there is something better that
>> is
>> >> native.  i'm looking 

Re: Need some SSL Config help.

[Josh Gooding]

wait a sec here.  I'm a little confused.  Let me ask it this way.  I have a
Login.jsp file that takes uname / pwd and uses j_security_check for
authentication.  That is the only thing that I want HTTPS on.  Everything
else is not important.

I have setup Apache (httpd) and am forwarding the 1 html file in the server
via it and the rest is built on JSP so tomcat is serving them.  So which
server do I configure for HTTPS?  My thoughts would be the tomcat since it
is the one serving JSP, or course, I'm still really learning about SSL & how
to make it play with Tomcat so I don't want to say I'm clueless, but I'm
having a hard time here.  I have the docs and an OReilly book here, but
there seem to be many options on how to configure SSL.  The SSL Cert that we
have came with the server package we bought.  It is signed by Geo-Trust(?),
so naturally we want to use that one instead of generating our own.

Any thoughts?  Again I am sorry if it seems I'm being thick skulled, i'm
just rather more new with SSL than anything.

Thanks agan

- Josh

On Wed, Jul 29, 2009 at 4:24 AM, Wesley Acheson wrote:

> I thought that you only had to set up on apache (httpd server).  Thats the
> way I got it working.
>
> see
>
> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#SSL%20and%20Tomcatrelevenat
> excet below
> *SSL and Tomcat*
>
> *It is important to note that configuring Tomcat to take advantage of
> secure
> sockets is usually only necessary when running it as a stand-alone web
> server.* When running Tomcat primarily as a Servlet/JSP container behind
> another web server, such as Apache or Microsoft IIS, it is usually
> necessary
> to configure the primary web server to handle the SSL connections from
> users. Typically, this server will negotiate all SSL-related functionality,
> then pass on any requests destined for the Tomcat container only after
> decrypting those requests. Likewise, Tomcat will return cleartext
> responses,
> that will be encrypted before being returned to the user's browser. In this
> environment, Tomcat knows that communications between the primary web
> server
> and the client are taking place over a secure connection (because your
> application needs to be able to ask about this), but it does not
> participate
> in the encryption or decryption itself.
>
>
>
>
> On Mon, Jul 27, 2009 at 6:18 PM, Serge Fonville  >wrote:
>
> > > Just an update.  I decided to change up what I was doing.  Instead of
> > > starting with SSL on tomcat, I ported Apache and Tomcat to work
> together
> > on
> > > my local test server.  Now I am going to do the APR.  Do I need to
> > configure
> > > SSL on both Apache and Tomcat or just Tomcat?
> >
> > If all connections go via httpd. just httpd. otherwise both
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
> >
>

Re: Need some SSL Config help.

[Josh Gooding]

Update:

So after re-re-reading the docs, since TC is not my standalone webserver, I
should configure Apache (httpd) for SSL.  That seems to be what I am
reading.

On Tue, Aug 4, 2009 at 3:43 PM, Josh Gooding  wrote:

> wait a sec here.  I'm a little confused.  Let me ask it this way.  I have a
> Login.jsp file that takes uname / pwd and uses j_security_check for
> authentication.  That is the only thing that I want HTTPS on.  Everything
> else is not important.
>
> I have setup Apache (httpd) and am forwarding the 1 html file in the server
> via it and the rest is built on JSP so tomcat is serving them.  So which
> server do I configure for HTTPS?  My thoughts would be the tomcat since it
> is the one serving JSP, or course, I'm still really learning about SSL & how
> to make it play with Tomcat so I don't want to say I'm clueless, but I'm
> having a hard time here.  I have the docs and an OReilly book here, but
> there seem to be many options on how to configure SSL.  The SSL Cert that we
> have came with the server package we bought.  It is signed by Geo-Trust(?),
> so naturally we want to use that one instead of generating our own.
>
> Any thoughts?  Again I am sorry if it seems I'm being thick skulled, i'm
> just rather more new with SSL than anything.
>
> Thanks agan
>
> - Josh
>
>
> On Wed, Jul 29, 2009 at 4:24 AM, Wesley Acheson 
> wrote:
>
>> I thought that you only had to set up on apache (httpd server).  Thats the
>> way I got it working.
>>
>> see
>>
>> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#SSL%20and%20Tomcatrelevenat
>> excet below
>> *SSL and Tomcat*
>>
>> *It is important to note that configuring Tomcat to take advantage of
>> secure
>> sockets is usually only necessary when running it as a stand-alone web
>> server.* When running Tomcat primarily as a Servlet/JSP container behind
>> another web server, such as Apache or Microsoft IIS, it is usually
>> necessary
>> to configure the primary web server to handle the SSL connections from
>> users. Typically, this server will negotiate all SSL-related
>> functionality,
>> then pass on any requests destined for the Tomcat container only after
>> decrypting those requests. Likewise, Tomcat will return cleartext
>> responses,
>> that will be encrypted before being returned to the user's browser. In
>> this
>> environment, Tomcat knows that communications between the primary web
>> server
>> and the client are taking place over a secure connection (because your
>> application needs to be able to ask about this), but it does not
>> participate
>> in the encryption or decryption itself.
>>
>>
>>
>>
>> On Mon, Jul 27, 2009 at 6:18 PM, Serge Fonville > >wrote:
>>
>> > > Just an update.  I decided to change up what I was doing.  Instead of
>> > > starting with SSL on tomcat, I ported Apache and Tomcat to work
>> together
>> > on
>> > > my local test server.  Now I am going to do the APR.  Do I need to
>> > configure
>> > > SSL on both Apache and Tomcat or just Tomcat?
>> >
>> > If all connections go via httpd. just httpd. otherwise both
>> >
>> > -
>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> > For additional commands, e-mail: users-h...@tomcat.apache.org
>> >
>> >
>>
>
>

Re: Need some SSL Config help.

[Josh Gooding]

*Andre wrote:

The above is assuming that you would want all accesses which eventually go
to Tomcat, to be under SSL from the client point of view.
The idea is : SSL creates an overhead (encryption).  If the link between
Apache and Tomcat is secure (such as, they both run on the same host, or
they run on separate hosts, but both inside of your secure network), then
you do not want to have an additional overhead by encrypting/decrypting the
communications between Apache and Tomcat.*

This is true.

Next question then.  Is there a way to make just the login page (login.jsp)
go through the SSL and nothing more?



On Tue, Aug 4, 2009 at 4:18 PM, André Warnier  wrote:

> Josh Gooding wrote:
>
>> Update:
>>
>> So after re-re-reading the docs, since TC is not my standalone webserver,
>> I
>> should configure Apache (httpd) for SSL.  That seems to be what I am
>> reading.
>>
>
> Yes.
>
> Client -> SSL -> Apache -> Ap/To Connector -> non-SSL -> Tomcat
>(e.g. mod_jk)AJP Connector
>
> The above is assuming that you would want all accesses which eventually go
> to Tomcat, to be under SSL from the client point of view.
> The idea is : SSL creates an overhead (encryption).  If the link between
> Apache and Tomcat is secure (such as, they both run on the same host, or
> they run on separate hosts, but both inside of your secure network), then
> you do not want to have an additional overhead by encrypting/decrypting the
> communications between Apache and Tomcat.
>
> Second point of interest :
> if, in the Tomcat  which accepts the requests from Apache, you
> set the attribute "tomcatAuthentication=false", then Tomcat will "believe"
> the user-id it gets from Apache, as being already authenticated by Apache,
> and will use it within Tomcat as the user-id.
>
> Now you have thus moved the authentication issue back to Apache.
>
> Let's forget SSL for a minute.
> Under Apache, you want to protect access to some or all areas of the server
> (including the requests which you are going to forward to Tomcat), in such a
> way that the user must be authenticated to access these areas.
> There are different methods under Apache to force the user to authenticate.
>  If you want to do it via your own login page though, then you will have to
> find an Apache add-on module which allows you to do that, because it is not
> built-in.
> This, you should enquire about on the Apache httpd user's list.
>
> Let's now re-add SSL.
>
> In addition to the above, you would like the login dialog (login page and
> client response to that login page) to happen under SSL, and the rest of the
> conversation not.
> That is not so easy as it may sound however.
> So, when you enquire about a login page authentication method (on the
> Apache httpd user's forum), you should make sure that you specify this
> requirement clearly.
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Need some SSL Config help.

[Josh Gooding]

nevermind, I think I made some headway on this and will ask this over on the
httpd list.  Thank you for getting me this far, I really appreciate it.


On Wed, Aug 5, 2009 at 8:50 AM, Josh Gooding  wrote:

> *Andre wrote:
>
> The above is assuming that you would want all accesses which eventually go
> to Tomcat, to be under SSL from the client point of view.
> The idea is : SSL creates an overhead (encryption).  If the link between
> Apache and Tomcat is secure (such as, they both run on the same host, or
> they run on separate hosts, but both inside of your secure network), then
> you do not want to have an additional overhead by encrypting/decrypting the
> communications between Apache and Tomcat.*
>
> This is true.
>
> Next question then.  Is there a way to make just the login page (login.jsp)
> go through the SSL and nothing more?
>
>
>
>
> On Tue, Aug 4, 2009 at 4:18 PM, André Warnier  wrote:
>
>> Josh Gooding wrote:
>>
>>> Update:
>>>
>>> So after re-re-reading the docs, since TC is not my standalone webserver,
>>> I
>>> should configure Apache (httpd) for SSL.  That seems to be what I am
>>> reading.
>>>
>>
>> Yes.
>>
>> Client -> SSL -> Apache -> Ap/To Connector -> non-SSL -> Tomcat
>>(e.g. mod_jk)AJP Connector
>>
>> The above is assuming that you would want all accesses which eventually go
>> to Tomcat, to be under SSL from the client point of view.
>> The idea is : SSL creates an overhead (encryption).  If the link between
>> Apache and Tomcat is secure (such as, they both run on the same host, or
>> they run on separate hosts, but both inside of your secure network), then
>> you do not want to have an additional overhead by encrypting/decrypting the
>> communications between Apache and Tomcat.
>>
>> Second point of interest :
>> if, in the Tomcat  which accepts the requests from Apache, you
>> set the attribute "tomcatAuthentication=false", then Tomcat will "believe"
>> the user-id it gets from Apache, as being already authenticated by Apache,
>> and will use it within Tomcat as the user-id.
>>
>> Now you have thus moved the authentication issue back to Apache.
>>
>> Let's forget SSL for a minute.
>> Under Apache, you want to protect access to some or all areas of the
>> server (including the requests which you are going to forward to Tomcat), in
>> such a way that the user must be authenticated to access these areas.
>> There are different methods under Apache to force the user to
>> authenticate.  If you want to do it via your own login page though, then you
>> will have to find an Apache add-on module which allows you to do that,
>> because it is not built-in.
>> This, you should enquire about on the Apache httpd user's list.
>>
>> Let's now re-add SSL.
>>
>> In addition to the above, you would like the login dialog (login page and
>> client response to that login page) to happen under SSL, and the rest of the
>> conversation not.
>> That is not so easy as it may sound however.
>> So, when you enquire about a login page authentication method (on the
>> Apache httpd user's forum), you should make sure that you specify this
>> requirement clearly.
>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

moving webapps directory to another location

[Josh Gooding]

Hello folks, I am running Tomcat 6.0.18 on a dedicated server at a hosting
company.  I have ported Apache HTTPD and Tomcat to talk to each other quite
nicely.  I have ran into a small dilemma.  I noticed that I have a 20GB
windows / program partition and a 500GB data partition.  Am I able to create
a directory on the data partition and have Tomcat host out of it instead of
the default webapps folder?  If so that is just a server.xml configuration
I'm assuming?

- Josh

slight problem with Tomcat and Httpd working together.

[Josh Gooding]

Interesting situation I have going on here

When running Tomcat 6.0.18 as the webserver I have 2 hosts configured one as
the .com and it is serving from the webapps folder just fine, the other is
serving to a subdomain perfectly.  I couldn't be happier in how it is
running.

Here is where it get's tricky.  Since Tomcat is not the most efficient at
serving static HTML pages I decided to install httpd v 2.2.11 (w/ SSL) and
get it working this evening on my dedicated server.  I have Tomcat and Httpd
talking to each other because when I goto the main .com, I get the under
construction page that is hosted in htdocs/, when I goto (for example)
abcapps in tomcat, it forwards correctly and everything is fine.  All my
tomcat configuration gets forwarded correctly (time to convert the horrible
code to taglibs!!), When I go to my subdomain (http://subd.domain.com) I get
the default under construction page (now hosted in the htdocs folder moved
from $CATALINA_HOME/ROOT).

Somewhere along the way did something get crossed and I am not sure what it
is, which is why I posted this to both user groups, so sorry if it annoys
some of you out there.

I'm rather quick to rule out my server.xml configuration due to it working
perfectly under tomcat alone.

Here's the snippet of my httpd.conf file that should matter :

LoadModule jk_module "C:\Program Files (x86)\Apache Software
Foundation\Apache2.2\modules\mod_jk.so"
JkWorkersFile "C:\Program
Files\apache-tomcat-6.0.18\conf\workers.properties"
JkLogFile "C:\Program Files\apache-tomcat-6.0.18\logs\from_httpd_mod_jk.log"
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"

#Send servlet for context /examples to worker named ajp13

JkMount /* ajp13

#Send JSP's for context /examples/* to worker named ajp13

JkMount /*/* ajp13

Since I have virtual hosting on tomcat serving to a subdomain, do I have to
do anything with virtual hosting on httpd to forward subdomain to httpd?
Any insight would be very much appreciated.  If you need more information,
please let me know and I'll provide.

Warmest regards,

Josh

Re: slight problem with Tomcat and Httpd working together.

[Josh Gooding]

Chris,

My thanks to you and Chuck for clarifying that.  The reason that I set up
httpd on the machine is for PHP and other possible languages.  I was trying
to be a little more future thinking, however, since PHP is no longer an
option for these guys, I'll just nix the httpd server and move back into a
solid tomcat install.

Moving onto the APR questions I have and SSL.  Let me ask this.  Does anyone
have / use gmail?  If so, next time you log in, watch what happens.  You log
in via SSL, yet when you view everything else your in standard HTML.

I downloaded the APR for Tomcat.  Dumb question, is there already a binary
distribution someplace?  If not, what do I use to compile them?  I read
something about a Win32 Developer Studio?  It looks like I might need Visual
Studio, which I can do, but is there a way to do this in Eclipse?

P.S.  I ditched Apache 2.2 for now.  I just moved my old server.xml into the
conf directory and stopped the httpd service.

Re: slight problem with Tomcat and Httpd working together.

[Josh Gooding]

Even better, I got what I was looking for.  Where do I put the DLL that I
want to use?  in wondows or in what tomcat directory?

On Tue, Aug 11, 2009 at 10:27 AM, Josh Gooding wrote:

> Chris,
>
> My thanks to you and Chuck for clarifying that.  The reason that I set up
> httpd on the machine is for PHP and other possible languages.  I was trying
> to be a little more future thinking, however, since PHP is no longer an
> option for these guys, I'll just nix the httpd server and move back into a
> solid tomcat install.
>
> Moving onto the APR questions I have and SSL.  Let me ask this.  Does
> anyone have / use gmail?  If so, next time you log in, watch what happens.
> You log in via SSL, yet when you view everything else your in standard HTML.
>
> I downloaded the APR for Tomcat.  Dumb question, is there already a binary
> distribution someplace?  If not, what do I use to compile them?  I read
> something about a Win32 Developer Studio?  It looks like I might need Visual
> Studio, which I can do, but is there a way to do this in Eclipse?
>
> P.S.  I ditched Apache 2.2 for now.  I just moved my old server.xml into
> the conf directory and stopped the httpd service.
>
>

Re: slight problem with Tomcat and Httpd working together.

[Josh Gooding]

NVM chuck, I believe it's in the native docs.  I looked at the link right
after you posted.  I couldn't find the native link on apaches site.

T/Y sir


On Tue, Aug 11, 2009 at 10:46 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: slight problem with Tomcat and Httpd working together.
> >
> > I downloaded the APR for Tomcat.  Dumb question, is there already a
> > binary distribution someplace?
>
> For Windows, yes; it's in the docs:
> http://tomcat.apache.org/native-doc/
>
> The 32- and 64-bit DLLs are here:
> http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: slight problem with Tomcat and Httpd working together.

[Josh Gooding]

HEY!!! It's in there and working.

Aug 11, 2009 10:58:47 AM org.apache.catalina.core.AprLifecycleListener init
INFO: Loaded APR based Apache Tomcat Native library 1.1.14.
Aug 11, 2009 10:58:47 AM org.apache.catalina.core.AprLifecycleListener init
INFO: APR capabilities: IPv6 [false], sendfile [true], accept filters
[false], random [true].

Now if I have an SSL cert from Geo-trust / Verisign / whatever, do I still
have to install OpenSSL?  It's currently residing in the path, I'm just
going to read up in the docs and see what the next steps to do are.

Thank you guys So much.  I really appreciate all of your help.

On Tue, Aug 11, 2009 at 10:51 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: slight problem with Tomcat and Httpd working together.
> >
> > Where do I put the DLL that I want to use?
>
> In Tomcat's bin directory.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: slight problem with Tomcat and Httpd working together.

[Josh Gooding]

Excellent, and just for the record, for those who read this on the archives,
be SURE you get the correct version of the binaries for your version of
Tomcat (32-bit / 64 bit).  Tomcat is running on a dual core opteron (64-bit
production server) and has been modified to run with the 64 bit tomcat6.exe
and tomcat6w.exe, however it will not recognize the 32-bit library as I
expected.

Everything is running very smoothly now.  I modded the  to move the
sites onto the data drive.  So instead of installing and uploading files to
the 20GB partition, they all upload to the 500GB partition.  Now the only
thing I have to do is grab the Geo-trust cert and configure to use.

I thank you so much for all the help you've given me so far.

I do have one more question however.  I've been reading this O'Reilly book
and the docs @ tomcat and I am having some trouble understanding what the
docBase is.  I understand what the appBase is but I don't understand why the
docBase and appBase cannot be the same declaration or why it is recommended
that anything in your appBase shouldn't start with the same string that is
defined in your docBase.  I have my docBase set to ROOT on the data drive
and the appBase is just defined as :/webapps/  It seems to work, just
a little confusing not knowing why I am configuring the docBase when there
is really no clear concise "This is what the docBase is, does, and means"
that I can find.

Can you point me to a good resource for reading up on what the docBase is?

On Tue, Aug 11, 2009 at 11:28 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: slight problem with Tomcat and Httpd working together.
> >
> > HEY!!! It's in there and working.
>
> Congratulations.
>
> > INFO: Loaded APR based Apache Tomcat Native library 1.1.14.
>
> That version is out of date; the current one  is here:
> http://www.apache.org/dist/tomcat/tomcat-connectors/native/1.1.16/binaries/
>
> > Now if I have an SSL cert from Geo-trust / Verisign / whatever, do I
> > still have to install OpenSSL?
>
> No, it's built into tcnative-1.dll, so you've already got it.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Need some SSL Config help.

[Josh Gooding]

ok back to the topic at hand here.  I have removed httpd from my server,
installed APR, and have gotten my cert file from my hosting company.  it is
in pfx format.  Now I found some information on the net:

http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html

It was saying that I can just use the pfx file with tomcat 5.5, so I put the
file in my $CATALINA_HOME directory just as a test, modified my server.xml
file to accept SSL:

**

*and blamo I get these exceptions:*

*Aug 11, 2009 4:13:50 PM org.apache.coyote.http11.Http11AprProtocol init
SEVERE: Error initializing endpoint
java.lang.Exception: No Certificate file specified or invalid file format
at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method)
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:684)
at
org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:107)
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1058)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
Aug 11, 2009 4:13:50 PM org.apache.catalina.startup.Catalina load
SEVERE: Catalina.start
LifecycleException:  Protocol handler initialization failed:
java.lang.Exception: No Certificate file specified or invalid file format
at
org.apache.catalina.connector.Connector.initialize(Connector.java:1060)
at
org.apache.catalina.core.StandardService.initialize(StandardService.java:677)
at
org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795)
at org.apache.catalina.startup.Catalina.load(Catalina.java:530)
at org.apache.catalina.startup.Catalina.load(Catalina.java:550)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:260)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:412)
*
*and these to boot says it cannot bind to port 443 (or 8443 either)*

*Aug 11, 2009 4:13:51 PM org.apache.coyote.http11.Http11AprProtocol start
SEVERE: Error starting endpoint
java.lang.Exception: Socket bind failed: [730048] Only one usage of each
socket address (protocol/network address/port) is normally permitted.
at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:612)
at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:717)
at
org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137)
at org.apache.catalina.connector.Connector.start(Connector.java:1131)
at
org.apache.catalina.core.StandardService.start(StandardService.java:531)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Aug 11, 2009 4:13:51 PM org.apache.catalina.startup.Catalina start
SEVERE: Catalina.start:
LifecycleException:  service.getName(): "Catalina";  Protocol handler start
failed: java.lang.Exception: Socket bind failed: [730048] Only one usage of
each socket address (protocol/network address/port) is normally permitted.
at org.apache.catalina.connector.Connector.start(Connector.java:1138)
at
org.apache.catalina.core.StandardService.start(StandardService.java:531)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apa

Re: Need some SSL Config help.

[Josh Gooding]

Ah, I am semi starting to understand now.  I was able to use openssl to
convert my pfx to a pem file which is part of the battle.  From what I have
read in the docs, I needed a .crt file as well, which I used the .txt file
that the hosting co provided to me.  It's nothing but a plain text PGP
signature in a text file.  So I navigated to https://(domain).com and low
and behold it works :).

Next few questions:

#1 - I have deployed an application that uses a realm and has a Login.jsp
page.  The Login.jsp is required and you cannot navigate anywhere in the
application until you have logged in.  How can I make the Login.jsp page
fall under the SSL, then drop off after the authentication?

https://www.(domain.com)/company1/Login.jsp ~~> [successful authentication!]
~~> http://www.(domain.com)/company1/Main.jsp  (Kind of like how my gmail
works)

#2 - Right now when I go to https://(domain).com/company1/ it drops the
HTTPS.  I don't want that.  Any pointers?

Thanks again

- Josh

On Tue, Aug 11, 2009 at 10:35 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Josh,
>
> On 8/11/2009 4:47 PM, Josh Gooding wrote:
> > ok back to the topic at hand here.  I have removed httpd from my server,
> > installed APR, and have gotten my cert file from my hosting company.  it
> is
> > in pfx format.  Now I found some information on the net:
> >
> > http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html
> >
> > It was saying that I can just use the pfx file with tomcat 5.5, so I put
> the
> > file in my $CATALINA_HOME directory just as a test, modified my
> server.xml
> > file to accept SSL:
> >
> > * > port="443" maxThreads="200"
> > scheme="https" secure="true" SSLEnabled="true"
> > keystoreFile="C:/Program
> > Files/[*]/apache-tomcat-6.0.18/[*].com.pfx"
> > keystorePass="[*]" keystoreType="pkcs12"
> > clientAuth="false" sslProtocol="TLS" />*
> >
> > *and blamo I get these exceptions:*
>
> Not surprising. Read the documentation for the APR connector:
> http://tomcat.apache.org/tomcat-5.5-doc/apr.html
>
> Specifically, search for the term "certificate".
>
> First of all, your SSL configuration is completely wrong for use with
> APR. You don't use keystoreFile, keystorePass, and keystoreType. Even if
> you did, telling Java that the keystore is actually a PKCS12 keystore
> while providing it is a PFX-encoded SSL certificate should have tipped
> you off that something was amiss.
>
> If you were previously following the standard SSL documentation
> (http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html), you should
> have seen this note at the top of the file:
>
> "
> IMPORTANT NOTE: This Howto refers to usage of JSSE. When using APR,
> Tomcat will use OpenSSL, which uses a different configuration.
> "
>
> What you want is SSLCertificateFile and friends. SSLCertificateFile is
> documented to only accept certificates in PEM format. Check out this
> page for some tricks to converting your certificate files using openssl:
> http://eoc.eu-eela.eu/doku.php?id=manipulate_your_certificate
>
> There is also a Java tool that can do thing like this called Portecle
> (http://portecle.sourceforge.net/) if you don't have openssl handy.
>
> > *and these to boot says it cannot bind to port 443 (or 8443 either)*
> >
> > *Aug 11, 2009 4:13:51 PM org.apache.coyote.http11.Http11AprProtocol start
> > SEVERE: Error starting endpoint
> > java.lang.Exception: Socket bind failed: [730048] Only one usage of each
> > socket address (protocol/network address/port) is normally permitted.
>
> Do you have multiple  elements specified? If so, check all
> the port numbers. If not, make sure that Tomcat isn't already running.
> If it's not, make sure Apache httpd isn't running :) Finally, make sure
> IIS isn't running or using those ports.
>
> > So it looks like I cannot use a pfx file with tomcat 6.0.18.
>
> You should be able to, just not with the APR connector because openssl
> doesn't grok PKCS12/PFX.
>
> > Am I able to use the pfx file with tomcat 6?
>
> Yes, just not with the APR connector.
>
> > The socket bind issue I have no clue, it
> > looks like something is already running on port 443, but that is
> > impossible.
>
> Really? Try running 'netstat' to find out who is bound to port 443 (or
> 8443).
>
> > I only have the tomcat server running, IIS is di

Re: slight problem with Tomcat and Httpd working together.

[Josh Gooding]

> I understand what the appBase is
>
> Perhaps you don't; the appBase attribute of a  is the /default/
> deployment directory for its webapps; individual webapps are typically
> located *under* the appBase directory.
>
> > I don't understand why the docBase and appBase cannot be the
> > same declaration
>
> Because they are quite different; appBase points to the directory under
> which a *collection* of webapps resides, docBase points to an *individual*
> webapp.


*I kind of figured that one, that the appBase is where the collection of
deployable packages resides.*

> why it is recommended that anything in your appBase shouldn't
> start with the same string that is defined in your docBase.

I haven't read the O'Reilly book so I don't know if it contains confusing or
> irrelevant information.  The real point here is that you can easily get
> double deployments if you start putting in values for docBase; it's normally
> not used these days.


*This isn't in the O'Reilly book, I found this in multiple places on the
net, it was coupled with the double deployment information.*

>
> > I have my docBase set to ROOT on the data drive
> > and the appBase is just defined as :/webapps/
>
> You seem not to be aware that one can have many webapps running under one
> instance of Tomcat; ROOT is simply the default one.  Note that if your
>  element is in your webapp's META-INF/context.xml file, it is
> illegal to set the docBase (or path) attributes.  The docBase attribute
> should only be used when the webapp is located *outside* of the 
> appBase directory, and the  element is in
> conf/Catalina/[host]/[appName].xml.


*Wait a sec, illegal as in (will throw an exception) or just bad practice? I
understand the idea of each  can have it's own different appBase
declaration.  This cleared up the issue of "when" the docBase attribute
should be set, but my conf/Catalina/[host]/[appName.xml] doesn't exist.  I
have a  defined in my server.xml's  for the deployments being
hosted outside of $CATALINA_HOME/webapps directory, and each of those has
their own context.xml defined in the META-INF directory of the project.  Are
you saying that, that is wrong?  I'll post the xml configurations if you
want to look at it, but if it is wrong, it's working like expected.
*

>
> > there is really no clear concise "This is what the docBase is,
> > does, and means" that I can find.
>
> To quote from the Tomcat doc:
>
> "The Document Base (also known as the Context Root) directory for this web
> application, or the pathname to the web application archive file (if this
> web application is being executed directly from the WAR file). You may
> specify an absolute pathname for this directory or WAR file, or a pathname
> that is relative to the appBase directory of the owning Host.
>

*I'm sorry if I am being thick this is very cryptic to me.*

>
>
> "The value of this field must not be set when the Context is configured
> using a META-INF/context.xml file as it will be inferred by the automatic
> deployment process."
>
>  - Chuck
>

*As usual Chuck, thanks for taking the time and trying to explain things for
me.  From what I am seeing tomcat isn't that bad, it just can be a little
more than tricky to configure, and you can get some really interesting
errors when things aren't configured properly.

- Josh
*

Re: Need some SSL Config help.

[Josh Gooding]

Thanks Chris, I appreciate it!


On Fri, Aug 14, 2009 at 10:30 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Josh,
>
> On 8/13/2009 2:38 PM, Josh Gooding wrote:
> > So I navigated to https://(domain).com and low and behold it works :).
>
> Glad it's working for you.
>
> > Next few questions:
>
> Well, it's your thread, so I guess hijacking isn't that big of a deal...
>
> > #1 - I have deployed an application that uses a realm and has a Login.jsp
> > page.  The Login.jsp is required and you cannot navigate anywhere in the
> > application until you have logged in.  How can I make the Login.jsp page
> > fall under the SSL, then drop off after the authentication?
>
> This has been covered in the past. Please search the archives for things
> like "https authentication" and other things. You can even include my
> name in that search, since I've given some IMHO relatively comprehensive
> responses.
>
> > #2 - Right now when I go to https://(domain).com/company1/ it drops the
> > HTTPS.  I don't want that.  Any pointers?
>
> Uh... you are probably building a URL somewhere in your webapp that
> redirects to an explicitly non-secure URL. Search your webapp for
> "sendRedirect", or whatever is appropriate if you are using a web
> application framework that includes similar capabilities.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.9 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkqFdQ8ACgkQ9CaO5/Lv0PCjnQCgmado+nZVj3+hBB8JjNRxMOb/
> PyQAn2ETb6KifsLdCVU3cvY+nMUCUFTC
> =q3UN
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: slight problem with Tomcat and Httpd working together.

[Josh Gooding]

Chuck,

On this:

> each of those has their own context.xml defined in the META-INF
> directory of the project.

> And those will be ignored, since you have them in server.xml.

Something that I am not understanding.  If the context.xml files are truly
ignored how can each of the companies be able to login?
Each company has their own DB/DB user/ and password defined in the
 tag.  I think I either did something REALLY weird on my tomcat or
otherwise.

You're saying if I create the conf/Catalina/[host]/[appName].xml I can add
them on the fly?

Next Q.

would it be something like conf/Catalina/localhost/xyzcompany.xml?  Isn't
this for JAAS type realm? Means I have to switch my JDBC realm type to JAAS
which I know nothing about. Could be a good time to learn it, but I'd rather
keep the JDBC realm authentication if possible.

I just changed the files (without changing the realm type) and it looks like
nothing is going to work / authenticate.  I am getting JAAS errors

:Aug 26, 2009 10:07:46 AM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
java.lang.SecurityException: Unable to locate a login configuration
at
com.sun.security.auth.login.ConfigFile.(ConfigFile.java:93):

Let me ask this

I know best practice is keeping the webapps directory inside of
$CATALINA_HOME.  In my situation, that's just not possible.  I have a JDBC
realm configured for authentication (not JAAS).  I have my webapps stored on
a physically separate drive for backup and restore reasons.  What would I
have to change in my configuration to be able to serve new projects under
the new displaced webapps folder, keeping my JDBC realm configuration, and
without having to restart tomcat each time I add one.  Is it possible?

It seems as though when I used the webapps folder in $CATALINA_HOME I could
add and remove folders in the webapps folder and I didn't have to restart
tomcat each time.
- J


On Thu, Aug 13, 2009 at 5:33 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: slight problem with Tomcat and Httpd working together.
> >
> > *Wait a sec, illegal as in (will throw an exception) or just bad
> > practice?
>
> Illegal in that predictable behavior cannot be guaranteed.  Tomcat is
> pretty good about ignoring invalid attributes, but it's not perfect in that
> regard, and problems may result.
>
> > I have a  defined in my server.xml's  for the
> > deployments being hosted outside of $CATALINA_HOME/webapps
> > directory
>
> That isn't illegal, but is extremely bad practice, since you can't modify
> them without restarting Tomcat.  By placing the  elements in
> conf/Catalina/[host]/[appName].xml, you can modify them as needed while
> Tomcat is running.
>
> > each of those has their own context.xml defined in the META-INF
> > directory of the project.
>
> And those will be ignored, since you have them in server.xml.
>
> > Are you saying that, that is wrong?
>
> Yup.
>
>  - Chuck
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: slight problem with Tomcat and Httpd working together.

[Josh Gooding]

Wait a sec.  The only  element I have defined in my server.xml file
is here:







So I understand why they are not being ignored.  I still figure that I
should be able to deploy a new project on the fly though and not have to
restart tomcat.

On Wed, Aug 26, 2009 at 10:29 AM, Josh Gooding wrote:

> Chuck,
>
> On this:
>
> > each of those has their own context.xml defined in the META-INF
> > directory of the project.
>
> > And those will be ignored, since you have them in server.xml.
>
> Something that I am not understanding.  If the context.xml files are truly
> ignored how can each of the companies be able to login?
> Each company has their own DB/DB user/ and password defined in the
>  tag.  I think I either did something REALLY weird on my tomcat or
> otherwise.
>
> You're saying if I create the conf/Catalina/[host]/[appName].xml I can add
> them on the fly?
>
> Next Q.
>
> would it be something like conf/Catalina/localhost/xyzcompany.xml?  Isn't
> this for JAAS type realm? Means I have to switch my JDBC realm type to JAAS
> which I know nothing about. Could be a good time to learn it, but I'd rather
> keep the JDBC realm authentication if possible.
>
> I just changed the files (without changing the realm type) and it looks
> like nothing is going to work / authenticate.  I am getting JAAS errors
>
> :Aug 26, 2009 10:07:46 AM org.apache.catalina.realm.JAASRealm authenticate
> SEVERE: Unexpected error
> java.lang.SecurityException: Unable to locate a login configuration
> at
> com.sun.security.auth.login.ConfigFile.(ConfigFile.java:93):
>
> Let me ask this
>
> I know best practice is keeping the webapps directory inside of
> $CATALINA_HOME.  In my situation, that's just not possible.  I have a JDBC
> realm configured for authentication (not JAAS).  I have my webapps stored on
> a physically separate drive for backup and restore reasons.  What would I
> have to change in my configuration to be able to serve new projects under
> the new displaced webapps folder, keeping my JDBC realm configuration, and
> without having to restart tomcat each time I add one.  Is it possible?
>
> It seems as though when I used the webapps folder in $CATALINA_HOME I could
> add and remove folders in the webapps folder and I didn't have to restart
> tomcat each time.
> - J
>
>
> On Thu, Aug 13, 2009 at 5:33 PM, Caldarale, Charles R <
> chuck.caldar...@unisys.com> wrote:
>
>> > From: Josh Gooding [mailto:josh.good...@gmail.com]
>> > Subject: Re: slight problem with Tomcat and Httpd working together.
>> >
>> > *Wait a sec, illegal as in (will throw an exception) or just bad
>> > practice?
>>
>> Illegal in that predictable behavior cannot be guaranteed.  Tomcat is
>> pretty good about ignoring invalid attributes, but it's not perfect in that
>> regard, and problems may result.
>>
>> > I have a  defined in my server.xml's  for the
>> > deployments being hosted outside of $CATALINA_HOME/webapps
>> > directory
>>
>> That isn't illegal, but is extremely bad practice, since you can't modify
>> them without restarting Tomcat.  By placing the  elements in
>> conf/Catalina/[host]/[appName].xml, you can modify them as needed while
>> Tomcat is running.
>>
>> > each of those has their own context.xml defined in the META-INF
>> > directory of the project.
>>
>> And those will be ignored, since you have them in server.xml.
>>
>> > Are you saying that, that is wrong?
>>
>> Yup.
>>
>>  - Chuck
>>
>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: slight problem with Tomcat and Httpd working together.

[Josh Gooding]

You know Chuck, it would probably work if I put Auto-deploy to "true"
instead of false.  (tried and it works).

On Wed, Aug 26, 2009 at 10:32 AM, Josh Gooding wrote:

> Wait a sec.  The only  element I have defined in my server.xml
> file is here:
>
> 
>  unpackWARs="true" autoDeploy="false"
> xmlValidation="false" xmlNamespaceAware="false" >
>
> 
> 
>
> So I understand why they are not being ignored.  I still figure that I
> should be able to deploy a new project on the fly though and not have to
> restart tomcat.
>
>
> On Wed, Aug 26, 2009 at 10:29 AM, Josh Gooding wrote:
>
>> Chuck,
>>
>> On this:
>>
>> > each of those has their own context.xml defined in the META-INF
>> > directory of the project.
>>
>> > And those will be ignored, since you have them in server.xml.
>>
>> Something that I am not understanding.  If the context.xml files are truly
>> ignored how can each of the companies be able to login?
>> Each company has their own DB/DB user/ and password defined in the
>>  tag.  I think I either did something REALLY weird on my tomcat or
>> otherwise.
>>
>> You're saying if I create the conf/Catalina/[host]/[appName].xml I can add
>> them on the fly?
>>
>> Next Q.
>>
>> would it be something like conf/Catalina/localhost/xyzcompany.xml?  Isn't
>> this for JAAS type realm? Means I have to switch my JDBC realm type to JAAS
>> which I know nothing about. Could be a good time to learn it, but I'd rather
>> keep the JDBC realm authentication if possible.
>>
>> I just changed the files (without changing the realm type) and it looks
>> like nothing is going to work / authenticate.  I am getting JAAS errors
>>
>> :Aug 26, 2009 10:07:46 AM org.apache.catalina.realm.JAASRealm authenticate
>> SEVERE: Unexpected error
>> java.lang.SecurityException: Unable to locate a login configuration
>> at
>> com.sun.security.auth.login.ConfigFile.(ConfigFile.java:93):
>>
>> Let me ask this
>>
>> I know best practice is keeping the webapps directory inside of
>> $CATALINA_HOME.  In my situation, that's just not possible.  I have a JDBC
>> realm configured for authentication (not JAAS).  I have my webapps stored on
>> a physically separate drive for backup and restore reasons.  What would I
>> have to change in my configuration to be able to serve new projects under
>> the new displaced webapps folder, keeping my JDBC realm configuration, and
>> without having to restart tomcat each time I add one.  Is it possible?
>>
>> It seems as though when I used the webapps folder in $CATALINA_HOME I
>> could add and remove folders in the webapps folder and I didn't have to
>> restart tomcat each time.
>> - J
>>
>>
>> On Thu, Aug 13, 2009 at 5:33 PM, Caldarale, Charles R <
>> chuck.caldar...@unisys.com> wrote:
>>
>>> > From: Josh Gooding [mailto:josh.good...@gmail.com]
>>> > Subject: Re: slight problem with Tomcat and Httpd working together.
>>> >
>>> > *Wait a sec, illegal as in (will throw an exception) or just bad
>>> > practice?
>>>
>>> Illegal in that predictable behavior cannot be guaranteed.  Tomcat is
>>> pretty good about ignoring invalid attributes, but it's not perfect in that
>>> regard, and problems may result.
>>>
>>> > I have a  defined in my server.xml's  for the
>>> > deployments being hosted outside of $CATALINA_HOME/webapps
>>> > directory
>>>
>>> That isn't illegal, but is extremely bad practice, since you can't modify
>>> them without restarting Tomcat.  By placing the  elements in
>>> conf/Catalina/[host]/[appName].xml, you can modify them as needed while
>>> Tomcat is running.
>>>
>>> > each of those has their own context.xml defined in the META-INF
>>> > directory of the project.
>>>
>>> And those will be ignored, since you have them in server.xml.
>>>
>>> > Are you saying that, that is wrong?
>>>
>>> Yup.
>>>
>>>  - Chuck
>>>
>>>
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>

php 5 and tomcat 6

[Josh Gooding]

Hey gang,

Does anyone know where the last release of PECL was that had the tomcat
files in it for getting PHP to run with Tomcat?  Looks like the version of
PHP I have (5.2.11) doesn't include the PECL libraries and from what I have
read, the PECL are currently not released.  I seem to be coming up a bit
short with the pecl.php.net as well since it doesn't include the dll pack
for what I am looking for.

TIA,

Josh

Re: php 5 and tomcat 6

[Josh Gooding]

Chris,

I think you're right about it being a PHP question, I was just inquiring if
someone here had the PECL dll files that I need.

Here is what I was looking at:

http://tojackwu.blogspot.com/2008/10/php-5-on-tomcat-6-installation.html

Ziggy - I'm aware of liferay.  Off the top of your head do you know if it is
DLL based or is it via CGI?  If you don't it's not big deal, don't look it
up, I just wondered if you had a quick and dirty answer.

Tom, as for why would I not install httpd?  Had it, configured it, had it
running, and then... removed it.  It is nothing more than another layer in
the mix.  I have SSH configured correctly via my tomcat installation,
everything is customized to where I need it to be, and my tomcat is ironclad
as of now.  My attitude is the old KISS mentality.  Why would I want to add
another "possible" issue or layer in the mix?  Then I'd have 2 web servers
running, and the list of what issues could possibly happen more than
doubles.  Tomcat's performance is just as good as httpd, why would I run and
have to cross configure 2 webservers when 1 will do just fine?

Security?  Not worried, this is a pet project of mine.  If I can get a
drupal installation running via a tomcat / php port, I'll be happy.  If
someone hacks it, i'm not worried.

Ken - Thanks for the heads up on the other org.  I'll look into that as
well.

- Josh

On Thu, Sep 24, 2009 at 6:53 PM, Ken Bowen  wrote:

> Argh.  Sorry for the list spam.  Was sending this to someone interested.
>
>
> On Sep 24, 2009, at 5:28 PM, Ken Bowen wrote:
>
>  Sorry for dropping the link.
>> The reference showed up in this:
>>
>> http://quercus.caucho.com/casestudies/Caucho_LiveProcess_casestudy.pdf
>>
>> The company is:  http://www.liveprocess.com/
>>
>>
>> On Sep 24, 2009, at 1:36 PM, Hassan Schroeder wrote:
>>
>>  On Thu, Sep 24, 2009 at 8:40 AM, Tommy Pham  wrote:
>>>
>>>  Only way to get PHP running in Tomcat is through CGI.

>>>
>>> Not true: 
>>>
>>> --
>>> Hassan Schroeder  hassan.schroe...@gmail.com
>>> twitter: @hassan
>>>
>>> -
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Apache Tomcat, IIS, ISAPI

[Josh Gooding]

Joerg,

If you want your JSP's protected you can configure that in your web.xml
file.  I can't fully remember (someone jump in here) but I used role's in
tomcat and put the jsp files in a seperate directory, then I added
declarations in my web.xml file for it. Here is the snippets from my
web.xml:  (If you look down through the role-name tags certain roles can
access certain JSP's.  All the JSP's are locked from the gen-public inside
of a "Private" folder.




CompanySecret
/admin/*
DELETE
GET
POST
PUT


admin

   



CompanySecret
/trainer/*
DELETE
GET
POST
PUT


trainer





CompanySecret
/Private/*
DELETE
GET
POST
PUT









CompanySecret
/Main.jsp
/AutocompleteQuery
DELETE
GET
POST
PUT


trainer
manager
admin
user





CompanySecret
/CompanyOverview.jsp
DELETE
GET
POST
PUT


trainer
manager
admin



Hope this helps you.

- Josh


On Fri, Sep 25, 2009 at 5:46 AM, Buchner, Joerg [T0I] (VW Sachsen) <
joerg.buch...@volkswagen.de> wrote:

> Hi Rainer,
>
> yes, the JSP's should be served by Tomcat!
>
> But Tomcat should not work as WebService,
> Tomcat is only an Engine behind IIS.
>
> The protection of the JSP Files should be realized in the NTFS ACL's...
>
> Regards,
> Jörg
>
>
>
>
> -Ursprüngliche Nachricht-
> Von: Rainer Jung [mailto:rainer.j...@kippdata.de]
> Gesendet: Freitag, 25. September 2009 09:07
> An: Tomcat Users List
> Betreff: Re: Apache Tomcat, IIS, ISAPI
>
> On 25.09.2009 08:06, Buchner, Joerg [T0I] (VW Sachsen) wrote:
> > Hi,
> >
> > i've got an Problem.
> > We have an Microsoft IIS 6.0 with an Apache Tomcat 5.5.27 with IIS ISAPI
> 1.2.28.
> > (AMD64).
> >
> > The Website use Integrated Windows Authentication.
> >
> > The SourceCode Files on the server are protected by ActiveDirectory
> Groups.
> >
> > All works fine.
> >
> > But now the problem.
> >
> > If a user request a html File then the IIS check the NTFS
> Filesystempermissions.
> > That means, only users have access, which are in the security group on
> the file system.
> >
> > But, if the same user request a jsp File, then there is no check on the
> Filesystempermissons.
> >
> > That is not OK.
> > I'ld like to protect my JSP Files with NTFS Rights.
> >
> > Can anybody help me?
>
> The JSPs should be served by Tomcat, right? So IIS doesn't need to be
> able to see them or allowed to actually read them.
>
> So do you want to protect them in Tomcat?
>
> Regards,
>
> Rainer
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

configuring multiple domain's and forwarding on Tomcat 6 questions.

[Josh Gooding]

My Tomcat configuration as of right now is set to serve on a .com domain.  I
recently bought 2 more domains and want to host a different .com but use the
same installation of tomcat that I am using currently.  Is this just another
 declaration or would I need another declaration?  Also what
about forwarding from .net to .com, is it the same thing?

Thanks in advance

- Josh

Re: configuring multiple domain's and forwarding on Tomcat 6 questions.

[Josh Gooding]

Scott,

I have my Context config's in the META-INF folder of the first .com's
appBase directory.  It's under \appBase\META-INF.  Is this wrong?

There is no httpd involved in the system, only Tomcat (and I'm trying to
find the PECL dll's to get PHP to work ;) )

This should be all I have to add correct?



- Josh

On Sat, Sep 26, 2009 at 10:20 PM, Scott Dunbar  wrote:

> Josh,
> The second .com would just be another Host entry in server.xml.  Don't
> forget to add any Context configs in conf/Catalina/www..com
> just like your first domain.
>
> As far as forwarding the .net to the .com, there are two ways of doing
> that.  If Tomcat is fronted by Apache httpd, you'll want something like:
>
> 
>   ServerName www..net
>   Redirect permanent / http://www..com/
> 
>
> in your httpd.conf.  If you use this method Tomcat doesn't need to know
> about the .net side at all.
>
> If you're not using Apache, a simple way to do it is to create an index.jsp
> in the .net appBase that does something like:
>
> <%
>   response.sendRedirect( response.encodeRedirectURL( "http://www. domain>.com/" ) );
> %>
>
> This, however, doesn't correctly handle a redirect from something like
> http://www..net/blah/blah/blah to http://www. domain>.com/blah/blah/blah.  To do it "correctly" I would implement a
> "global" (matching the URL /*) filter on the .net side that
> sends a redirect to the .com side.
>
> Lastly, it is possible to add any number of Alias entries within a Host
> container.  The upside is that it is very easy - have the Host name be
> "www..com" and an Alias entry for ".com",
> "www..net" and ".net".  The downside is that your
> site will look and behave exactly the same for any of these host names.
>  There may be SEO issues associated with having 4 host names look exactly
> the same though I'll admit I'm not positive of this.
>
>
>
>
>
> Josh Gooding wrote:
>
>> My Tomcat configuration as of right now is set to serve on a .com domain.
>>  I
>> recently bought 2 more domains and want to host a different .com but use
>> the
>> same installation of tomcat that I am using currently.  Is this just
>> another
>>  declaration or would I need another declaration?  Also what
>> about forwarding from .net to .com, is it the same thing?
>>
>> Thanks in advance
>>
>> - Josh
>>
>>
>>
>
>
> --
> Scott Dunbar
> Xigole Systems, Inc.
> Enterprise consulting, development, and hosting
> 303·667·6343
>

Re: configuring multiple domain's and forwarding on Tomcat 6 questions.

[Josh Gooding]

Then there must be something messed up with my domain and what it is
pointing to.  It has a different IP address than my server.  I pointed the
IP address of the domain to the static IP address of my server that I am
already running and serving on Tomcat.

Realistically I should be seeing something then, I think I might have to
call the company I got the domain from to get it pointing to the right
server IP.

On Sat, Sep 26, 2009 at 11:50 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: configuring multiple domain's and forwarding on Tomcat 6
> > questions.
> >
> > I have my Context config's in the META-INF folder of the first .com's
> > appBase directory.  It's under \appBase\META-INF.  Is this wrong?
>
> Probably.  In the above, is "appBase" an actual directory name, or is it
> referring to the value of the appBase attribute of the  element?  I
> suspect it's the latter, in which case your structure should really be this:
>
> D:\JGSite\
>  ROOT\  (the default webapp for this )
>(first-level .html files, such as index.html)
>(other first-level resources)
>WEB-INF\
>  web.xml  (containing servlet mappings for your webapp, etc.)
>  lib\  (containing webapp .jar files)
>  classes\  (containing webapp classes)
>META-INF\
>  context.xml  (containing the  element)
>
> You may deploy additional webapps for the  at the same level as ROOT
> as either expanded directories or .war files.
>
> > This should be all I have to add correct?
> >  > unpackWARs="true" autoDeploy="true"
> > xmlValidation="false" xmlNamespaceAware="false" />
>
> You probably don't even have to add that.  If you have only one webapp for
> one domain, you can simply replace the default Tomcat ROOT webapp with your
> own.  If you don't want to disturb the webapps distributed with Tomcat, then
> an additional  is one way to segregate your webapps from the standard
> ones.  For a production environment, you probably want to remove all of the
> Tomcat webapps other than manager.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Questions on "Single Sign On"?

[Josh Gooding]

To my knowledge the Single Sign on in Tomcat is a way for all of your back
end applications in your VH to recognize that you have logged in to one
place, and all of the apps belonging to that VH will be logged into.

What I am trying to do is restrict the login from users to one single
session.  (i.e. if you are logged in once, you cannot log in again unless
your session expires or you log out.)  Is this possible with what is
included with Tomcat or is this going to take some custom code?  Either way
us fine, i'm just trying to use the server to handle as much of the work
load as possible and lessen the actual coding load.

Thanks in advance,

- Josh

Re: Questions on "Single Sign On"?

[Josh Gooding]

I know doing this at the application level is probably going to be a little
messy and that's ok for now.  Since this is for a video training program,
yes the requirement is appropriate.  As for handling browser crashes, I'll
have to set the timeout to an appropriate time,  (1/2 hour or so) but if you
are watching videos and testing, or reading docs, you can chew up 1/2 hour
easily so I haven't really thought it through fully yet.  At the moment, I
am using Tomcat's Realm's authentication due to the different roles
throughout the program.

Key pairs to the DB is more overhead than I would like to see, and I'd only
like to use that if all else fails.  That seems to be, no offense, a bit of
resource wasting.

What do you mean that valves are going kaput?  Is that for the TC7 release?


Andre, your talking about something like Active Directory for Windows
Domain's to use with say Communicator, Outlook, etc, across windows
environments with domain authentication?  I understand what the Tomcat's and
most org's SSO means, but I am trying to translate into something that I can
talk about and not have a huge amount of keystrokes in typing.

It's looking more and more like a custom code job (for the most part).  I'll
continue to do some research on this, but I think that coding is going to be
the most direct route so far.

Thanks everyone.  I appreciate the input.

- Josh



On Mon, Oct 12, 2009 at 9:50 AM, Pid  wrote:

> On 12/10/2009 14:37, Peter Crowther wrote:
>
>> 2009/10/12 Josh Gooding:
>>
>>> To my knowledge the Single Sign on in Tomcat is a way for all of your
>>> back
>>> end applications in your VH to recognize that you have logged in to one
>>> place, and all of the apps belonging to that VH will be logged into.
>>>
>>
>> Correct.
>>
>>  What I am trying to do is restrict the login from users to one single
>>> session.  (i.e. if you are logged in once, you cannot log in again unless
>>> your session expires or you log out.)  Is this possible with what is
>>> included with Tomcat or is this going to take some custom code?
>>>
>>
>> You'll need custom code.
>>
>> Are you sure this is an appropriate requirement?  In particular, how
>> do you plan to handle (say) a browser or client crash that loses the
>> in-memory session cookie?  The user can neither log out from the old
>> session nor log into a new session until the server times out the
>> session.
>>
>
> The OP could just set a new key value in the session each time a user logs
> in, and ensure that any user with an old, invalid key is logged out on their
> next request.
>
> You would need to compare the key in the session, on each request, to the
> key associated with the user in storage somewhere, which is an additional
> overhead.
>
> A Filter in each app would be suitable, (or a Valve though these will soon
> be going the way of the Dodo, so they're probably not a good long term
> choice).
>
>
>
> p
>
>
>
>  - Peter
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Questions on "Single Sign On"?

[Josh Gooding]

Well upon clicking "logout" the following occurs:

session.removeAttribute("User");
session.invalidate();
response.sendRedirect("EULA.jsp");

If I close the browser window, and reopen it without clicking the logout
button, I can still get back into my active session.  How would I invalidate
the session upon closing the browser window?


On Mon, Oct 12, 2009 at 11:02 AM, Andre-John Mas  wrote:

>
> On 12-Oct-2009, at 10:51, Christopher Schultz wrote:
>
>  -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Perter,
>>
>> On 10/12/2009 9:37 AM, Peter Crowther wrote:
>>
>>> 2009/10/12 Josh Gooding :
>>>
>>>> To my knowledge the Single Sign on in Tomcat is a way for all of your
>>>> back
>>>> end applications in your VH to recognize that you have logged in to one
>>>> place, and all of the apps belonging to that VH will be logged into.
>>>>
>>>
>>> Correct.
>>>
>>>  What I am trying to do is restrict the login from users to one single
>>>> session.  (i.e. if you are logged in once, you cannot log in again
>>>> unless
>>>> your session expires or you log out.)  Is this possible with what is
>>>> included with Tomcat or is this going to take some custom code?
>>>>
>>>
>>> You'll need custom code.
>>>
>>> Are you sure this is an appropriate requirement?  In particular, how
>>> do you plan to handle (say) a browser or client crash that loses the
>>> in-memory session cookie?
>>>
>>
>> Also, if the client "loses" their session cookie, how will the OP
>> uniquely identify the client in order to apply this policy?
>>
>
> The only solution I can think of is a non-session cookie that the web
> application
> deals with itself. If it can't find it mapped to the users session-id in
> the application
> context, then the user is considered logged out. The catch is if the user
> opens up
> a new browser this will kill the existing session, so you would have to
> back this up
> with a dialogue warning the user that they are already logged in and
> logging in again
> will log out the other session.
>
> What is important is to balance the needs of single sign on and the
> security provided
> to the user of closing their browser, and thus ending their session.
>
> André
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Questions on "Single Sign On"?

[Josh Gooding]

On Mon, Oct 12, 2009 at 11:03 AM, André Warnier  wrote:

> Josh Gooding wrote:
> ...
>
>>
>> Andre, your talking about something like Active Directory for Windows
>> Domain's to use with say Communicator, Outlook, etc, across windows
>> environments with domain authentication?
>>
> Yes, although Windows domain authentication is not the only game in town.


** I know Andre, it was just the first thing that popped into my head.  The
shop I work for is a Microjunk shop and I am the only dinosaur who codes on
OS platforms here after I leave they can claim to be an all .NET shop.
However, i'm the only one working on programs that are making the company
money... :: shrug :: anywho.  I know there are others, WIndows is just one
of the most commonly recognized.  You also have raduis, NIS, and if I am not
mistaken even LDAP.

>
>
> I understand what the Tomcat's and
>
>> most org's SSO means, but I am trying to translate into something that I
>> can
>> talk about and not have a huge amount of keystrokes in typing.
>>
>>  And I suggest that you to think this through from the beginning, and not
> rush into a Tomcat-only authentication, if your users for instance are going
> to get weary very quickly to have to login (again!) each time they want to
> access this application on this host.
> The other snag is if in order to do your type of authentication you need to
> have your own store of user-id's and passwords.  User-id's are usually OK
> (they can be the same as the user's usual login), but to get a network admin
> to give you the users passwords, so that you can store them in your own
> Tomcat-only store, is going to be more tricky.
> (Users do not, as a rule, like to have to remember several passwords).
>
> There are basically two types of authentication usable in Tomcat : the
> container-based authentication of which mainly question so far, and the
> "servlet filter" based authentication mechanisms.
> These consist of wrapping all your to-be-protected webapps in a servlet
> filter, which authenticates each request before it even gets to your webapp.
>  Servlet filters are defined at the Servlet Spec level, so are portable.  To
> the webapp, it is transparent.  It just finds an authenticated user whenever
> it runs.  The filter itself determines what kind of authentication happens,
> using which back-end etc..
> Here are two examples :
> http://securityfilter.sourceforge.net/
> http://www.ioplex.com
> Reading their docs should give you some material to think about.
>
> There exists a 3rd way : if you have a webserver in front of Tomcat (IIS or
> Apache), they can do the user authentication, and via mod_jk (*) pass an
> authenticated user-id to Tomcat (roles is another story).
>
> (* : plus, for Apache only, mod_proxy_ajp)
>
> In any case, I don't really think that you will need to create new code.
>  There are enough ready-to-use solutions floating around that this should be
> unnecessary. And, as some people already indirectly pointed out, coding AAA
> and doing it right can be very tricky.
>

** I already removed httpd from the server and am very reluctant to
reconfigure / install it.  I'll look into those and check.  Thanks man, this
project is really opening my eyes to a lot of other things that I would have
never thought of.

> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Questions on "Single Sign On"?

[Josh Gooding]

Ugh... tabs said it all.  I didn't take into consideration about them.

On Mon, Oct 12, 2009 at 11:41 AM, Andre-John Mas  wrote:

>
> On 12-Oct-2009, at 11:24, Josh Gooding wrote:
>
>  Well upon clicking "logout" the following occurs:
>>
>> session.removeAttribute("User");
>> session.invalidate();
>> response.sendRedirect("EULA.jsp");
>>
>> If I close the browser window, and reopen it without clicking the logout
>> button, I can still get back into my active session.  How would I
>> invalidate
>> the session upon closing the browser window?
>>
>
> What browser are you using, and how are you reopening the window? If you
> exit
> your browser the session should be invalidated, though:
>  - Firefox maintains its state if you make it remember the open
> tabs/windows
>  - IE will open a separate application instance only if it is launched via
>the desktop icon. Selecting 'New Window' form the file menu will simply
>create a new window in the same instance.
>
>
> André
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Questions on "Single Sign On"?

[Josh Gooding]

Andre,

I am using a realm for this.  I decided that the best route to go on this is
if a user is actively logged in and tries to log in again (while already
authenticated) to invalidate the 'other' session and continue on, that way
of the browser dies, they can still get in.  I have however not clue one on
how to do this.  What is put in the session upon authentication that I could
have my code look for to invalidate the "other" live session?

- Josh

On Mon, Oct 12, 2009 at 10:01 AM, André Warnier  wrote:

> Josh Gooding wrote:
>
>> To my knowledge the Single Sign on in Tomcat is a way for all of your back
>> end applications in your VH to recognize that you have logged in to one
>> place, and all of the apps belonging to that VH will be logged into.
>>
>>  Well, "kind of"..
>
>  What I am trying to do is restrict the login from users to one single
>> session.  (i.e. if you are logged in once, you cannot log in again unless
>> your session expires or you log out.)  Is this possible with what is
>> included with Tomcat or is this going to take some custom code?  Either
>> way
>> us fine, i'm just trying to use the server to handle as much of the work
>> load as possible and lessen the actual coding load.
>>
>>  It really depends on what kind of "login" (or rather, user
> authentication) you have set up.
> If you are using Tomcat's integrated (or container-based) authentication
> mechanism, then as far as I know the authenticated user-id is something that
> will be stored in the session data.  As long as the session is valid, the
> user will not be asked to re-authenticate.  As soon as the session is
> invalidated and they try to access a webapp that is submitted to AAA, they
> will be asked to login again.  This is true for all webapps that are in the
> same "realm".
> It is fairly well explained here :
> http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Single%20Sign%20On
>
> The keys here are which kind of AAA you are using, the Realm of your
> webapps, the session and its associated cookie.
>
> Note that this kind of SSO is Tomcat-specific, and valid only for a single
> Tomcat.
> What many of my customers understand by SSO is a bit different : it means
> that they wish to login once in the morning when they turn on their
> workstation, and never again during the day.  They then want this single
> login to be valid, automatically, for all servers and applications they
> access during the day, whether they are running under Tomcat or not (but
> also the ones running under Tomcat).
> That's a different story.
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: doubts about tomcat form based authentication

[Josh Gooding]

The way I solved the issue was removing he user from the tomcat role table.
Tomcat itself will then not allow you to login.  I am using a Realm
authentication as well.  In the user table I specified what "role" the user
had (either plain user, manager, admin, or a trainer), then based off of
that, the tomcat role table was populated at "create new user" time.  It
will throw your 403 error (which mine does)

- Josh

On Tue, Oct 20, 2009 at 7:18 PM, Nirvann  wrote:

>
> Sorry guys to have bothered you with my silly mistake. Actually, I had
> configured 403 error page in web.xml file but the page was not at proper
> location. Hence I was getting 404 file not found. Now I can access the role
> error page for authorization error. Thanks a lot for all your insights.
>
> regards,
> nirvan.
> --
> View this message in context:
> http://www.nabble.com/doubts-about-tomcat-form-based-authentication-tp25970503p25984106.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Just a few questions on my Tomcat Configuration

[Josh Gooding]

I have tomcat running on a dedicated Windows server (this is a web server).
I have been reading apache's site on Virtual Hosts for tomcat and I have a
few questions.

Here is how I need to get the software up and running.

1 instance of tomcat to serve on port 80 across all sub-domains (not an
issue)
1 instance of MySQL serving on port 3306 across all sub-domains (not an
issue)

Create a virtual host for each company, by following the instructions in the
virtual hosting section of the docs.  I do have a question though.  My /conf
directory is not exactly the same as what it is calling for (Approach #2).
Should I go ahead and mirror my /conf directory to have the same structure
as what the doc's are calling for?

Bind each virtual host to the corresponding sub-domain (not a clue on how to
do this)

Any information would be greatly appreciated.  Thank you all in advance!

- Josh

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

Sorry about that Chuck, I'm a little new to this here...

Tomcat version is 6.0.18.

My /conf directory is the standard windows installation directory structure
it contains no other sud-directories, just my config files.  If I modify the
directory and add the recomended structure, will Tomcat pick it up, or is it
different because this is the Win32 installation?

also there is a way in Tomcat to do a contextual reload of the xml files
automatically as soon as they change, but I forget how.  Any takers on this?


On Tue, Jun 2, 2009 at 11:47 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Just a few questions on my Tomcat Configuration
> >
> > I have tomcat running on a dedicated Windows server (this
> > is a web server).
>
> Tomcat version?  Always tell us that - we're not mind readers.
>
> > My /conf directory is not exactly the same as what it is
> > calling for (Approach #2).
>
> What's different?  Again, we can't read your mind.  Choice of the two
> approaches is up to you; some find it easier keeping  elements
> inside each webapp (in META-INF/context.xml), some prefer to keep them
> separate from the webapp itself by placing them in
> conf/Catalina/[host]/[appName].xml.
>
> > Bind each virtual host to the corresponding sub-domain (not
> > a clue on how to do this)
>
> Use the sub-domain as the name attribute on the associated .
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

On Wed, Jun 3, 2009 at 10:36 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
> > Subject: RE: Just a few questions on my Tomcat Configuration
> >
> > Tomcat will create the subdirectories as needed, such as when you
> > deploy a .war file that has an context.xml file in its META-INF
> > directory.  It won't create them until needed.
>

Will this happen even if I do not deploy the project via a .war file?  I
might have to see about upgrading the project to 6.0.20.


Thank you so much Chuck for clearing up some things for me.  The help is
greatly appreciated!'

Warmest Regards,

- Josh

>
>
> I see that 6.0.20 now copies the META-INF/context.xml file into
> conf/Catalina/[host]/[appName].xml file even when deployment is via a
> directory.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

Excellent.  So let me see if I have everything straight here:

I use virtual hosting to create /abcapps and /xyzapps and install the
"program" in each directory.  In the  section, bind the sub-domain to
them and then I should be able to login per subdomain and have everything
completely seperate (since I have files being uploaded to the server).  It's
all housed in the Server.xml file right?

One more quick note, is there a way that I can break out certain sections of
the server.xml file into a seperate .properties file?  I have some of the
properties broken out of the web.xml, but can I do the same thing in the
server.xml file since it is a core file that tomcat relies on for it's
configuration?

Thanks again!

On Wed, Jun 3, 2009 at 11:25 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: Just a few questions on my Tomcat Configuration
> >
> > Will this happen even if I do not deploy the project via a .war file?
>
> Not on 6.0.18 (and I haven't actually tried 6.0.20 yet).  But it doesn't
> really matter - you can create the necessary directories yourself; Tomcat
> will use them if they exist.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Just a few questions on my Tomcat Configuration

[Josh Gooding]

You sir are a gentleman and a scholar!  Thank you for all of the tips, they
are greatly appreciated!  I think you have answered just about all of my
questions I have as of right now.  I have Win Server 2K3 R2 and a box to
play with.  I am going to try to get everything up and running this
weekend.  Hopefully I'll be able to get this and the MySQL tweak running in
under a day or so.

Again thank you so much.  If I have any more questions, I'll toss them up
here.

- Josh

On Wed, Jun 3, 2009 at 12:59 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: Just a few questions on my Tomcat Configuration
> >
> > I use virtual hosting to create /abcapps and /xyzapps and install the
> > "program" in each directory.
>
> The proper term is webapp, not "program".  A webapp has a spec-defined
> directory structure that must be adhered to for proper operation of the
> webapp.  Browse through the various webapps that come with Tomcat to get an
> idea of the layout, read the servlet spec for the details.
>
> > In the  section, bind the sub-domain to them
>
> Also set the appBase attribute of each  to point to the specific
> sub-domain directories.  Note that the default webapp for a  must be
> named ROOT (case sensitive).  One of your  elements must be declared
> as the defaultHost for the surrounding ; this is the one used when
> the URL does not match any of the  name attributes (including
> references via IP address).
>
> > then I should be able to login per subdomain
>
> Depends on what you mean by login.  If it's just accessing the web site,
> yes; if you mean authentication, you'll need to configure the appropriate
> security mechanism.  This is usually done with a , which can be
> placed inside an , , or , as needed.
>
> > (since I have files being uploaded to the server).
>
> Do not attempt to write files into the appBase directory - keep them
> outside of Tomcat's directory structure.
>
> > It's all housed in the Server.xml file right?
>
>  elements are not.  (Watch out for your capitalization; many file
> names are case-sensitive, even on Windows.  That should be server.xml, not
> Server.xml.)
>
> > One more quick note, is there a way that I can break out certain
> > sections of the server.xml file into a seperate .properties file?
>
> Not that I'm aware of, although various XML inclusion mechanisms might work
> (haven't tried).  You can resolve attribute values from system properties,
> using the ${prop.name} notation.  Anything to do with specific webapps
> should not be in server.xml.
>
> > can I do the same thing in the server.xml file since it is
> > a core file that tomcat relies on for it's configuration?
>
> And is thus not intended to be updated frequently.  The contents of
> server.xml are only read when Tomcat starts up; changes mad after the fact
> won't be honored until the next Tomcat restart.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you received
> this in error, please contact the sender and delete the e-mail and its
> attachments from all computers.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: server to client notification

[Josh Gooding]

Hello Jackson,

Can you give us an example on a situation you are looking to have
notification for please.  It might help better answer your question.

Warm regards,

- Josh

On Thu, Jun 4, 2009 at 3:21 AM, Jackose  wrote:

>
> Hi All,
>   I want to know whether there is any way to invoke a page or send
> notification from server to client. I am using tomcat 5. If possible, could
> you please explain me how to do it with a sample example.
>
> Awaiting for your response.
>
> Thanks,
> Jackson
> --
> View this message in context:
> http://www.nabble.com/server-to-client-notification-tp23865023p23865023.html
> Sent from the Tomcat - User mailing list archive at Nabble.com.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Grabbing the user's info

[Josh Gooding]

Hey guys,

Question.  I'm developing an application that resides on a network.  I
wondered if (and how) there was a way to use the users network
authentication as a valid authentication into this application?

- Josh

Upgrading Tomcat need some info

[Josh Gooding]

Hey group,

I've been tasked here at work to upgrade Tomcat from 5.5 to 6.0 since I'm
the Tomcat guru here.  Does anyone know, if I take the 5.5 configuration
(server and context.xml) and drop them into 6.0, will the 6.0 server start
or are there things that have to be changed over?  Also were there any
ConnectionPool changes between v6 and 7?  IIRC there were some changes but
darned if I can remember the specifics.  Is there a place that I can go to
look through the changes?  I implemented TC6 with 7's connection pool a few
years back, and I cannot remember the reason why or if there were
improvements.Any information would be greatly appreciated!

- Josh

Re: Upgrading Tomcat need some info

[Josh Gooding]

Konstantin -

>
> > 1. Have you seen the following page?
>
> > http://tomcat.apache.org/migration.html
>
> I'm getting there, I'm still perusing the change logs to see what the
> major differences in between 5.5 and 6 are and from 6 to 7.  The
> application was written in 1.6.  Despite the fact that we are a "bleeding
> edge" facility, I'd still have to test and try out TC7 pretty heavily to
> give it my ok.
>
> >2. A bad idea.
>
> >The recommended way is to start from default configuration and port
> >necessary changes from older version (reading the docs in the
> >process).
>


> >3. ConnectionPool comes from Apache Commons Pool + Apache Commons DBCP
> projects.
>
> >Tomcat 7 comes with two pool implementation. One is DBCP one (default).
>
> >Another is newer one, "Tomcat JDBC pool". Its documentation is
> >included into Tomcat User's guide.
>
> >If you are satisfied with the old one, there is no need to change.
>

> >Anyway each connection pool instance can be configured to use
> >different pool implementation independently. (Or a 3rd party pool
> >implementation).
>

I've put 6.0.35 on a staging server and I'll be running the "feeds" I get
in tandem through it to see if I get any memory improvement over the 5.5
server.  So as I am thumbing through thr old 5.5 server.xml file I notice
something that i've not encountered with 6.x yet.  in the 
declaration, there is a ciphers attribute as well as a compression one.  Do
these carry over to 6.x?

Glassfish overriding Tomcat 6.0.24 installation?

[Josh Gooding]

Hey guys (and gals).

Interesting enough, I installed the Jave EE 5 JDK for windows.  I then
installed Tomcat 6.0.24, when I navigate to htp://localhost:8080 (which
should be the default of Tomcat) I am getting the glassfish junk.  How can I
remove the glassfish?  I don't believe that there is an option to not
install glassfish.  Any help would be greatly appreciated.

- Josh

Re: Glassfish overriding Tomcat 6.0.24 installation?

[Josh Gooding]

Thanks David, I did that and it seemed to work.  :: thumbs up ::

- Josh

On Thu, May 27, 2010 at 2:02 PM, David Smith wrote:

> On 5/27/2010 1:44 PM, Josh Gooding wrote:
> > Hey guys (and gals).
> >
> > Interesting enough, I installed the Jave EE 5 JDK for windows.  I then
> > installed Tomcat 6.0.24, when I navigate to htp://localhost:8080 (which
> > should be the default of Tomcat) I am getting the glassfish junk.  How
> can I
> > remove the glassfish?  I don't believe that there is an option to not
> > install glassfish.  Any help would be greatly appreciated.
> >
> > - Josh
> >
>
> Drop Java EE 5 and install a current version of the java SDK.
>
> --David
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

unable to set MaxPermSize past 128MB

[Josh Gooding]

Hey one more wild question for this sunday evening (I hope)

I just upgraded to 6.0.35 running on Win2K3 32 bit platform.  I used the
Win installer.  I tried setting the Initial Pool to 512MB and the MaxPool
to 1536MB of ram, however when I pass in the -XX:MaxPermSize:256m in the
config -> Java -> Java Options section, Tomcat appears to start in the
services, but the monitor shows that the service is not started.

Also in the log: 2012-02-05 21:08:40 Commons Daemon procrun stdout
initialized
Error occurred during initialization of VM - Could not reserve enough space
for object heap

However when I bring the MaxPermSize down to 128m, It initializes just
fine.  Obviously I'm missing something here.  Any insight?  I'd like to
increase the MPS parameter to either 256 or 368m.  Thanks in advance as
always!

- Josh

Re: unable to set MaxPermSize past 128MB

[Josh Gooding]

your kidding me right?  Why is tweaking the JVM for this so hard?

On Sun, Feb 5, 2012 at 11:19 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: David Dabbs [mailto:dmda...@gmail.com]
> > Subject: RE: unable to set MaxPermSize past 128MB
>
> > > I just upgraded to 6.0.35 running on Win2K3 32 bit platform.
>
> > I believe you need to specify
> >-XX:MaxPermSize=256m
> > and not
> >-XX:MaxPermSize:256m
>
> Even when the OP gets the syntax right, it's extremely unlikely that the
> stated combination of heap and PermGen size will be available on a 32-bit
> Windows platform.  The sum of -Xmx and MaxPermSize, plus code, stacks,
> non-Java heap, etc., must all fit within the virtual space of the process,
> which is normally 2 MB.  The values will have to be experimented with to
> find exactly what will work and what won't.  The total available space will
> also vary with the exact JVM version and sometimes even which patches have
> been applied to Windows.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: unable to set MaxPermSize past 128MB

[Josh Gooding]

well because this is for an 15K member organization, and that is a MAJOR
change.  I'm in charge of the web project, not the hardware, and as much as
I've fought that battle, the best I've gotten was virtualization still on a
32-bit OS.  I ordered 2 new 2K8 64b systems (still virtualized :: stroke
::) but they should take care of all the users.  If I had my way it'd be
different, but you know how corporate world is.  Just like the military
hurry up and wait.  :)

I DID manage to get everything running mostly optimally.  Here's what I did:

in the environment variables I set JAVA_OPTS = -XX:MaxPermSize=256m
-Xms=256M -Xmx=1536M.  Now Tomcat runs FAST and with about 3000 users, it's
still blazing along using about 150MB on each of the 4 boxes.  Much better
than 500MB per box, with 1500 users.  If it needs more ram, I change the
variables and bounce the TC Server.  No biggie.

Thanks again Charles!

- Josh



On Sun, Feb 5, 2012 at 11:37 PM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:

> > From: Josh Gooding [mailto:josh.good...@gmail.com]
> > Subject: Re: unable to set MaxPermSize past 128MB
>
> > your kidding me right?  Why is tweaking the JVM for this so hard?
>
> Why are you still running on ancient hardware and software?  Use a 64-bit
> OS and a 64-bit JVM and you don't have to be concerned with the inherent
> limits of 32-bit environments.
>
>  - Chuck
>
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail and
> its attachments from all computers.
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

JMX enabled - not able to monitor connection pooling

[Josh Gooding]

Using: Toncat 6.0.35 AND 7.0. in a Win32 Environment.  My JMX
params are as follows:  -Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=6969
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false

This is only on my dev box, so I am no so much worried about security at
this point, I just want to get it working for now, I'll work on the
security as the next piece, where I move it over to SSL and having
authentication for a production box.

In TC7, I have enabled JMX, and in Hyperic I'm able to monitor the extras
except the one thing I need to.  I also checked in JConsole, just to make
sure it wasn't an initial id10t error.  I want to be able to monitor the
connection pool. Is there an option that I have to enable to be able to
monitor connection pooling in Tomcat via JMX and Hyperic?  I checked the
Hyp. forums to no real avail.  This user group seems to be better with
information so I just wanted to see if anyone else out there is using
Hyperic, monitoring CP's, and what they did to get it working.  As always
thanks in advance.

Warmest Regards,

Josh

Tomcat 5.5 context.xml question.

[Josh Gooding]

Wow, has it really been that long since I've asked questions here?  On to
the meat and potatoes...

I have a tomcat 5.5.23 installation here that I am trying to do some
changes too and I am a bit lost..  Let me try to explain what I want to
do.  The application has both a context defined in the server.xml and in
the context.xml file in the META-INF directory.  I've currently removed the
context in the server.xml and moved it into it's own context.xml file.

I have removed all context references in the server.xml so it looks like
this now :
























It's pretty simple and elegant.  Not hard to follow.  So in my project,
I've created a META-INF/context.xml file with the following declaration:











again, not hard to follow.  this project is packaged up in the WebEMR.war
and resides under the $CATALINA_HOME/webapps/billing-1.0.4 directory

I have deleted everything under the $CATALINA_HOME/work directory and also
the $CATALINA_HOME/conf/[Engine] directory.  The war successfully builds,
and I had it deploys with the server.xml configuration below, when the
contexts are defined within it.  According to the docs, your supposed to
remove the path="" and docBase="" attributes from the new context
declaration within the context.xml file, so I have done that.  When I start
up tomcat, nothing outputs to catalina.out, so I attached log4j to the
server and I get this little gem of a message:

DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.startup.HostConfig - Checking context[/billing-1.0.4]
redeploy resource /opt/tomcat/webapps/billing-1.0.4/META-INF/context.xml.

There's something missing there it appears that the WebEMR.war is not
being deployed and it is looking for the files at the billing-1.0.4
directory.  I've got to be missing something, but for the life of me I
cannot figure out what it is.  Can someone give me some insight please?

This is the working server.xml file.  With this one, the WebEMR.war is
sitting in $CATALINA_HOME/webapps/billing-1.0.4/.  It deploys out to
$CATALINA_HOME/webapps/1.0.4































Warmest regards and thanks in advance!

- Josh

Re: Tomcat 5.5 context.xml question.

[Josh Gooding]

Yeah you see what I'm given to work with.  The sever.xml will be cleaned
up, but i'm trying to get this fixed to upgrade to 6.0.35 or 7.

So let me ask this, given that billing-1.0.4 is a branch that contains 4
war files.  Am I able to deploy say billing-1.0.5 on the fly without having
to restart tomcat from a CI server like hudson?  If I have hudson (as the
TC user) make a new directory in tomcat's webapps folder while it was still
running and push the 4 wars?

The current solution they have, they have locked a single branch to each
tomcat server (dumb dumb dumb) and I'm trying to give them access to EVERY
development server they have for multiple branches.  So I want to have
webapps/billing-1.0.4/WebEMR.war, foo.war, bar.war, thing.war.  Then also
have billing-1.0.5/WebEMR.war, foo.war, etc.  It just has to be dynamic
enough to not need restarted everytime I need to add a new branch to the
server.

I want it to be localhost:8080/billing-1.0.4/WebEMR, to
locahost:8080/billing-x.n.y/WebEMR

>According to your configuration (the "appBase" attribute of ),
>every subdirectory and every war file in the $CATALINA_HOME/webapps/
>is a web application.
>
>So "billing-1.0.4" is a web application and WebEMR.war is just a
>static resource in it, that you can download via
>http://localhost:8080/billing-1.0.4/WebEMR.war<http://localhost:8080/billing-1.0.4/WebEMR.war>
>
>If you want the application to be exposed as
.>http://localhost:8080/1.0.4/ <http://localhost:8080/1.0.4/>, rename the
war to the same name as the
>path you are looking for (1.0.4) and place it directly into webapps
>directory.  That would be
>
>$CATALINA_HOME/webapps/1.0.4.
>war
>
>Tomcat will autodeploy it (which involves unpacking it into
>$CATALINA_HOME/webapps/1.0.4).
>
>Best regards,
>Konstantin Kolinko


On Fri, Aug 24, 2012 at 2:58 PM, Konstantin Kolinko
wrote:

> 2012/8/24 Josh Gooding :
> >
> > 
> >
>
> All those debug="" attributes... - Tomcat 5.5 does not support them.
> See "Configuration Reference" chapters of documentation, where these
> attributes are not mentioned. (Well, nothing fatal - they will be just
> silently ignored).
>
> > 
> >  > value="30"/>
>
> Sample value?
>
> > 
> >
> > 
> >
> >  > enableLookups="false" redirectPort="8443"
> debug="0"
> > protocol="AJP/1.3" />
> >
> >  > maxThreads="150" minSpareThreads="25"
> > maxSpareThreads="75"
> > enableLookups="false" redirectPort="8443"
> > acceptCount="100"
> > connectionTimeout="2"
> > disableUploadTimeout="true" />
>
> Do you need both connectors?
>
> >
> >  debug="0">
> >
> >  appBase="webapps"
> > deployOnStartup="true" unpackWARs="true"
> > autoDeploy="true"
> > xmlValidation="false"
> > xmlNamespaceAware="false" />
> > 
> > 
> > 
> >
> > It's pretty simple and elegant.  Not hard to follow.  So in my project,
> > I've created a META-INF/context.xml file with the following declaration:
> >
> > 
> >
> > 
> It'd be better to use DataSourceRealm instead of JDBCRealm.
>
> >...
> > 
> >
> > again, not hard to follow.  this project is packaged up in the WebEMR.war
> > and resides under the $CATALINA_HOME/webapps/billing-1.0.4 directory
> >
>
> According to your configuration (the "appBase" attribute of ),
> every subdirectory and every war file in the $CATALINA_HOME/webapps/
> is a web application.
>
> So "billing-1.0.4" is a web application and WebEMR.war is just a
> static resource in it, that you can download via
> http://localhost:8080/billing-1.0.4/WebEMR.war
>
> If you want the application to be exposed as
> http://localhost:8080/1.0.4/, rename the war to the same name as the
> path you are looking for (1.0.4) and place it directly into webapps
> directory.  That would be
>
>  $CATALINA_HOME/webapps/1.0.4.war
>
> Tomcat will autodeploy it (which involves unpacking it into
> $CATALINA_HOME/webapps/1.0.4).
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat 5.5 context.xml question.

[Josh Gooding]

Mark, Konstantin, thank you very much.  As usual I highly appreciate it.


On Fri, Aug 24, 2012 at 4:05 PM, Mark Thomas  wrote:

> On 24/08/2012 20:53, Josh Gooding wrote:
> > Yeah you see what I'm given to work with.  The sever.xml will be cleaned
> > up, but i'm trying to get this fixed to upgrade to 6.0.35 or 7.
> >
> > So let me ask this, given that billing-1.0.4 is a branch that contains 4
> > war files.  Am I able to deploy say billing-1.0.5 on the fly without
> having
> > to restart tomcat from a CI server like hudson?  If I have hudson (as the
> > TC user) make a new directory in tomcat's webapps folder while it was
> still
> > running and push the 4 wars?
> >
> > The current solution they have, they have locked a single branch to each
> > tomcat server (dumb dumb dumb) and I'm trying to give them access to
> EVERY
> > development server they have for multiple branches.  So I want to have
> > webapps/billing-1.0.4/WebEMR.war, foo.war, bar.war, thing.war.  Then also
> > have billing-1.0.5/WebEMR.war, foo.war, etc.  It just has to be dynamic
> > enough to not need restarted everytime I need to add a new branch to the
> > server.
> >
> > I want it to be localhost:8080/billing-1.0.4/WebEMR, to
> > locahost:8080/billing-x.n.y/WebEMR
>
> Rename the WAR to billing-x.n.y#WebEMR.war and place it directly in the
> webapps directory. Providing autoDeploy is enabled (it is by default) it
> should just work.
>
> See
> http://tomcat.apache.org/tomcat-5.5-doc/config/context.html#Introduction
> for why this works. (Search for #)
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Question on realm configuration in TC 6 / 7

[Josh Gooding]

It seems that I have run into something that seems a bit strange.  I have
configured 4 separate web applications to each have their own context.xml
files.  I have also configured one of the web applications to have a
realm.  It seems to me, when you configure a realm, tomcat forces you to
put what ever jdbc driver jar that you need, to be put into the
$CATALINA_HOME/lib directory?  If this is not how it works, then I'm
missing some piece of configuration knowledge.  If it is, isn't it a bit
counter intuitive in keeping each individual applications jars in the
context's own WEB-INF/lib folder?

I'm curious about how this is supposed to work.

- Josh

Re: Question on realm configuration in TC 6 / 7

[Josh Gooding]

Daniel,

I have deployed the context.xml to the META-INF location per web
application, in the server.xml files I have set the copyXML attribute on
the  declaration to true.  I do not configure context's anywhere but
there.

- Josh

On Mon, Oct 1, 2012 at 10:46 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Josh,
>
> On 9/29/12 5:41 PM, Josh Gooding wrote:
> > It seems that I have run into something that seems a bit strange.
> > I have configured 4 separate web applications to each have their
> > own context.xml files.  I have also configured one of the web
> > applications to have a realm.  It seems to me, when you configure a
> > realm, tomcat forces you to put what ever jdbc driver jar that you
> > need, to be put into the $CATALINA_HOME/lib directory?  If this is
> > not how it works, then I'm missing some piece of configuration
> > knowledge.  If it is, isn't it a bit counter intuitive in keeping
> > each individual applications jars in the context's own WEB-INF/lib
> > folder?
>
> That has been my experience when configuring the Realm from within the
> . IMO, the context should have its resources resolved using
> the WebappClassLoader for that context, but there is a bit of a
> chicken-in-an-egg situation with reading the context deployment
> descriptor which can configure the ClassLoaders.
>
> > I'm curious about how this is supposed to work.
>
> This is a situation not covered by the servlet spec, so "how it is
> supposed to work" is whatever the Tomcat devs decide, and can change
> over time.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlBprLYACgkQ9CaO5/Lv0PBUoACfd7MJv91JugFAXPbg405GgHAf
> oEQAoJjV1t4bRcCmj6wUzh2oJAvVZDtf
> =Mi5d
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat 7.0.30 CMA, clustering, and SSO

[Josh Gooding]

Haha, Scott you're here too?

On Thu, Oct 25, 2012 at 2:06 PM, Scott Carlson wrote:

> We've setup TC 7.0.32 with Clustering and Tomcat Container Managed
> Authentication.   HTTPSessions and SSOSessions are clustered across the
> wire.  With logging turned way up, I can see the synchronization and I can
> see the sessions in the Tomcat Manager.
>
> When I "kill -9" one of the tomcats, I'm automatically swapped to the other
> leg, and I'm still logged in.  So it "works", unless I do a catalina.sh
> shutdown.  In that case, the SSO session is expired from the other leg.
>  The HTTPSession is still there, but because the SSO session is expired,
> I'm forced to login again.  This doesn't seem correct.  The DeltaSession
> looks at the notifyCluster parameter before sending a message to expire the
> HTTPSession, but the ClusterSingleSignOn valve has already sent its message
> to expire the SSO session by then.  So the SSO is missing for the session.
>
> When shutting down, the stack trace looks like this (with some relevant
> parameters replaced in line)  isExpireSessionsOnShutdown() == false
> ClusterSingleSignOn.deregister(SSOID) line: 274
> ClusterSingleSignOn(SingleSignOn).sessionEvent(SessionEvent) line: 247
>
> DeltaSession(StandardSession).fireSessionEvent(Session.SESSION_DESTROYED_EVENT,
> null) line: 1752
> DeltaSession(StandardSession).expire(true) line: 844
> DeltaSession.expire(true, false) line: 462
> DeltaManager.stopInternal() line: 967
> DeltaManager(LifecycleBase).stop() line: 232
> StandardContext.stopInternal() line: 5474
> StandardContext(LifecycleBase).stop() line: 232
>
>
> When doing a normal session invalidation (for logout), it ends up doing the
> same thing, which is correct.
> ClusterSingleSignOn.deregister(SSOID) line: 276
> ClusterSingleSignOn(SingleSignOn).sessionEvent(SessionEvent) line: 247
>
>
> DeltaSession(StandardSession).fireSessionEvent(Session.SESSION_DESTROYED_EVENT,
> null) line: 1752
> DeltaSession(StandardSession).expire(true) line: 844
> DeltaSession.expire(true, true) line: 462
> DeltaSession.expire(true) line: 444
> DeltaSession(StandardSession).expire() line: 742
> DeltaSession(StandardSession).invalidate() line: 1253
> StandardSessionFacade.invalidate() line: 190
>
> So I can't just change the DeltaSession to ignore that event.  I can't just
> have expire not call the super, or the HTTPSessionListeners would not be
> called.
>
> I think this is a bug, but I don't see even a good fix for it.  Ideas? If
> this does look like a bug, I can log an issue for it.
>
>
> Relevant server.xml here:
>  autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
>  className="org.apache.catalina.ha.authenticator.ClusterSingleSignOn" />
>  channelSendOptions="8">
>/>
>className="org.apache.catalina.tribes.group.GroupChannel">
>  
>   
>filter="" statistics="true" />
>className="org.apache.catalina.ha.session.JvmRouteBinderValve" />
>className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"
> />
>className="org.apache.catalina.ha.session.ClusterSessionListener" />
> 
> 
>
> The context XML just has a JDBCRealm realm configuration.
>

Tomcat 7 manager quirk?

[Josh Gooding]

Hey group,

I'm working with Tomcat 7's manager application for text deployments.  I am
having a bit of a quirky issue here.  I am deploying a web application that
is approx 75MB as a war file that uses Tomcat's ROOT context.

Is there a way that I can get tomcat to NOT start auto-deploying
immediately when the manager is invoked with a deploy / update command?
Something like a check to see if the web application has fully uploaded?
Is there currently a work around for this?

When I run the command: curl -k --upload-file ROOT.war
https://[manageruser]:[pwd]@[fqd
name]:8443/manager/text/deploy?path=/ROOT&war=ROOT.war&update=true, I get
many different exceptions.

 If I go to push the webapp as a new application, I an riddled with
multiple exceptions:

SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Invalid or unreadable WAR file : error
in opening zip file
at
org.apache.naming.resources.WARDirContext.setDocBase(WARDirContext.java:141)

SEVERE: Exception fixing docBase for context []
java.util.zip.ZipException: error in opening zip file
at java.util.zip.ZipFile.open(Native Method)

 and of course how could I forget

SEVERE: Error deploying web application archive
/opt/apache-tomcat-7.0.30/webapps/ROOT.war
java.lang.IllegalArgumentException: addChild:  Child name '' is not unique.

A simple restart fixes this... but that's really counter intuitive and very
invasive.



Obviously there is something that I am doing wrong, but I can't figure it
out.  What I see happening is that TC is getting the file, and instead of
waiting for the entire file (the web app is 75MB), tries to immediately
redeploy it.

1 - Is there a way to force tomcat to wait until the uploading of the
application is complete?
2 - If so, how?

Re: Tomcat 7 manager quirk?

[Josh Gooding]

Igor,

I figured it out.  If you set the deployOnStartup attribute to true, but
the autoDeploy attribute to false, the war files that are in the webapps
folder at the time of startup will load.  Then you can run the manager via
script (command line).  Simply pass the undeploy command to the manager to
the context you want to remove and let it finish. It will remove the war
and the application directory.  Then I ran the command to deploy again via
curl.  This time it waited until the entire war was uploaded before it
deployed it.

It took me a while to figure out it was a combination of deployOnStartup
and autoDeploy.  Of course there was ZERO incling that this was the problem
and I had to re-re-re-read the docs very carefully to figure this out.
Finally decided to try a hunch and it actually paid off.  It might be a
good idea to add this to the wiki or some place with common trouble
shooting problems.

Just my $.02.

- Josh

On Fri, Oct 26, 2012 at 6:37 PM, Igor Cicimov  wrote:

> On 27/10/2012 5:27 AM, "Josh Gooding"  wrote:
> >
> > Hey group,
> >
> > I'm working with Tomcat 7's manager application for text deployments.  I
> am
> > having a bit of a quirky issue here.  I am deploying a web application
> that
> > is approx 75MB as a war file that uses Tomcat's ROOT context.
> >
> > Is there a way that I can get tomcat to NOT start auto-deploying
> > immediately when the manager is invoked with a deploy / update command?
> > Something like a check to see if the web application has fully uploaded?
> > Is there currently a work around for this?
> >
> > When I run the command: curl -k --upload-file ROOT.war
> > https://[manageruser]:[pwd]@[fqd
> > name]:8443/manager/text/deploy?path=/ROOT&war=ROOT.war&update=true, I get
> > many different exceptions.
> >
>
> I dont think its tomcat fault it is you telling it to deploy with the above
> command while the upload is still in progress. You should search for some
> kind of delay or timeout in curl or find other way of doing this.
>
> >  If I go to push the webapp as a new application, I an riddled with
> > multiple exceptions:
> >
> > SEVERE: Error starting static Resources
> > java.lang.IllegalArgumentException: Invalid or unreadable WAR file :
> error
> > in opening zip file
> > at
> >
>
> org.apache.naming.resources.WARDirContext.setDocBase(WARDirContext.java:141)
> >
> > SEVERE: Exception fixing docBase for context []
> > java.util.zip.ZipException: error in opening zip file
> > at java.util.zip.ZipFile.open(Native Method)
> >
> >  and of course how could I forget
> >
> > SEVERE: Error deploying web application archive
> > /opt/apache-tomcat-7.0.30/webapps/ROOT.war
> > java.lang.IllegalArgumentException: addChild:  Child name '' is not
> unique.
> >
> > A simple restart fixes this... but that's really counter intuitive and
> very
> > invasive.
> >
> >
> >
> > Obviously there is something that I am doing wrong, but I can't figure it
> > out.  What I see happening is that TC is getting the file, and instead of
> > waiting for the entire file (the web app is 75MB), tries to immediately
> > redeploy it.
> >
> > 1 - Is there a way to force tomcat to wait until the uploading of the
> > application is complete?
> > 2 - If so, how?
>

Re: Delete catalina.out

[Josh Gooding]

Chris,

Moved this to the user list instead of the dev group.  Hmmm strangely
enough, I tried this on a CentOS system, I believe it forced me to be root
over the tomcat user. I can re-check that shortly.  I know it recreates the
file  next time without any discourse, if I run the startup
script as the tomcat user.

:: update :: I figured out WHY it forced me to be root.  Someone *(may or
may not have been me) ran the /etc/init.d/tomcat start script as the root
user, not as the tomcat user which I believe would cause this behavior.

- Josh

On Sat, Nov 17, 2012 at 8:13 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Josh,
>
> On 11/15/12 2:45 PM, Josh Gooding wrote:
> > That is the tomcat default log file.  Nothing server wise will happen if
> > you delete if that is your concern.  It just removes that particular log
> > file.  I believe that you have to either be root and/or have the server
> > stopped to remove the file however.
>
> On a *NIX system, neither of the above statements are true: you may
> delete the file while a process holds a file handle to the file (the
> file will no longer be accessible to any other process -- at least under
> its old name) without harm.
>
> I'm not sure what will happen on win32. You'll either fail to delete the
> file or get the *NIX-style behavior.
>
> Once deleted, the file will be re-created when Tomcat next launches, as
> long as the Tomcat process has "create" privileges for the
> CATALINA_BASE/logs directory.
>
> -chris
>
>

Re: Delete catalina.out

[Josh Gooding]

Chris,

Yes I certainly agree with that.  The init.d script should sudo -u tomcat
the catalina.sh script.  I believe that I have fixed all of them to
correctly run as the tomcat user.

- Josh

On Mon, Nov 19, 2012 at 3:43 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Josh,
>
> On 11/17/12 11:37 PM, Josh Gooding wrote:
> > Moved this to the user list instead of the dev group.  Hmmm
> > strangely enough, I tried this on a CentOS system, I believe it
> > forced me to be root over the tomcat user.
>
> It all depends upon the file permissions of catalina.out and the
> directory in which it resides. Deleting catalina.out certainly does
> not require root access in all cases, but I'm sure there are cases
> where root is required (e.g. because you are running Tomcat as root).
>
> > I can re-check that shortly.  I know it recreates the file
> >  next time without any discourse, if I run the
> > startup script as the tomcat user.
> >
> > :: update :: I figured out WHY it forced me to be root.  Someone
> > *(may or may not have been me) ran the /etc/init.d/tomcat start
> > script as the root user, not as the tomcat user which I believe
> > would cause this behavior.
>
> You should write your /etc/init.d scripts in such a way that they run
> under the proper user no matter who invokes them. For instance, if you
> want to run Tomcat as 'tomcat' then your init.d script should probably
> do "sudo -u tomcat $CATALINA_BASE/bin/catalina.sh start" or something
> to that effect.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with undefined - http://www.enigmail.net/
>
> iEYEARECAAYFAlCqmfEACgkQ9CaO5/Lv0PD8BgCgrexYyS13j84h9SJx4S2/eZl1
> ZYUAn0N5SEsmWRJSuO8ezspEbYDl5+f0
> =7zTN
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

tomcat7-maven-plugin

[Josh Gooding]

I didn't want to come here to ask as I always hate to bother anyone, but
maybe I should have come here first.  I'm coming up short on answers and
ideas.  I'm having an issue with using maven and the tomcat7 plugin.

Maven version -3.0.4
Tomcat version - 7.0.29
.jdk version - 1.6
tomcat7-maven-plugin version - 2.0

Hey group,  I am having an issue here with using the tomcat7-maven-plugin
in conjunction with the tomcat 7 manager.  here's what I have so far.

tomcat-users.xml -








in my M2_HOME/conf/settings.xml: (note not in my .m2/ directory)
(I'll get to this definition in a minute)
  
org.apache.tomcat.maven
  



  LocalTomcatServer
  localTomcatAdmin
  password

  

now for the last piece, in my pom-deploy.xml (parent) I have this:


 org.apache.tomcat.maven
 tomcat7-maven-plugin
 2.0
 
  LocalTomcatServer
  /TripTixRX
  8080
 


I have verified that the manager works with the applied credentials, I can
login and supply the credentials to my local /manager/html.

The problem is that when I deploy through maven as mvn tomcat7:deploy and
returns me the dreaded 401 - Unauthorized page with the same credentials.
It's almost like maven is not parsing the configuration for the plugin
maybe?

At this point I don't know what to do.  I've turned on verbose output in
maven and it shows what appears that the plugin is attempting to upload the
war file twice and returns the 401 page.


I also have a question as to getting this to work initially.  I added the
org.apache.tomcat.maven to my conf/settings.xml
to get the tomcat7 plugin to download and work, is this normal or should I
not have to define it here?  I mean having to change and version maven
settings.xml files seems a bit counter intuitive for preserving maximum
portability right, or am I looking at this from the wrong angle?

Any information anyone can provide as to where to look or what could be
causing this issue, I would be greatly appreciated.

Warmest regards,

- Josh