JSessionId and Google

[Simon]

Hi,

According to the Google "Information for Webmasters" page, it appears 
that Google will not index/crawl pages correctly with the JSessionId 
appended to the URL, ie.:

http://www.stroke-education.com/product/ProductList.do;jsessionid=A2F6590DAC37E55651060DE6922B972D.tomcat36

The guidelines can be found at: 
http://www.google.com/intl/en/webmasters/guidelines.html. The key part 
of the page is:
Allow search bots to crawl your sites without session IDs or arguments 
that track their path through the site. These techniques are useful for 
tracking individual user behavior, but the access pattern of bots is 
entirely different. Using these techniques may result in incomplete 
indexing of your site, as bots may not be able to eliminate URLs that 
look different but actually point to the same page


Search engine rankings are very important for the site (to sell products 
:), and it has not indexed my pages correctly just like it said it 
wouldn't in the paragraph above. I have tried adding a sitemap.xml.gz 
file to help Google along, but to no avail.


The question is, is it possible to disable cookieless session tracking 
for search engine bots? If so how? If not, is it possible to turn off 
cookieless session tracking all together? Yes, unfortunately at the crux 
of it, search engine rankings are more important than users with cookies 
disabled for this particular site.


Thanks, and Kind Regards,
Simon.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Logging per webapp per instance

[Simon]

Hi,

Our webapp is packaged with the log4j framework (1.2.16) and a log4j
configuration that redirect all logs to a file on the server
filesystem. This log file is rotated when it reaches 50M.

Here is the configuration detail :

log4j.rootLogger=INFO, file
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.File=/var/log/webapp.log
log4j.appender.file.MaxFileSize=5KB
log4j.appender.file.MaxBackupIndex=50
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d %-5p %c - %m%n

This configuration file is located inside the webapp.war archive at
/WEB-INF/classes/log4j.properties.

In our production environment, we started with one tomcat instance and
everything was fine. The tomcat version is 5.5.20 and it is running on
the Oracle JVM 1.6.0_23-b05.


Unfortunately, when the infrastructure team added 2 other Tomcat
instances on the same server with the same webapp.war inside, some
logs were lost. The 2 instances are basically a complete copy of the
file tree of the first instance. Thus, there is 3 identical webapps
logging into the same log file simultaneously :
/tomcat/instance-1/webapps/webapp.war => /var/log/webapp.log
/tomcat/instance-2/webapps/webapp.war => /var/log/webapp.log
/tomcat/instance-3/webapps/webapp.war => /var/log/webapp.log

My hypothesis is that as every webapp log to the same log file from a
different JVM (the tomcat instances), there could be some concurrency
issues when the rolling from log4j occurs !!!


I would like that each webapp logs to a particular file without having
a different log4j configuration packaged in the webapp.war archive. My
first idea was to modify the log4j configuration so the webapp will
log to the console (stdout) and then find a way to redirect the stdout
inside a Tomcat instance to a particular file :
/tomcat/instance-1/webapps/webapp.war => stdout => /var/log/webapp-1.log
/tomcat/instance-2/webapps/webapp.war => stdout => /var/log/webapp-2.log
/tomcat/instance-3/webapps/webapp.war => stdout => /var/log/webapp-3.log

I know i could achieve that with the Resin application server through
the use of the  configuration element
(http://caucho.com/resin-4.0/reference.xtp#stdoutlog,
http://caucho.com/resin-4.0/admin/logging.xtp).

Is there a way to mimic this behaviour in Tomcat ?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Logging per webapp per instance

[Simon]

Hi,

I will use the variable substitution solution by changing the
log4j.properties file :

log4j.logFileSuffix=...
log4j.appender.file.File=/var/log/webapp-${logSuffix}.log

The value will be overriden by each instances with
-Dlog4j.logFileSuffix=whatever

Thank you for your help !

Regards,
Simon

2011/12/19 Daniel Mikusa :
> On Mon, 2011-12-19 at 09:05 -0800, Leon Rosenberg wrote:
>> Hello,
>>
>> you can specify the logoutput as relative path:
>> instead of
>> log4j.appender.file.File=/var/log/webapp.log
>> to
>> log4j.appender.file.File=logs/webapp.log
>> and link the local file to the desired destination.
>>
>
> +1
>
> or if you don't want to use relative paths, you could use a variable
> substitution.
>
> Ex:
>
>  log4j.appender.file.File=${catalina.base}/logs/webapp.log
>
>
> Property substitution is not limited to "catalina.base" (it's just easy
> to use since it's defined automatically), Log4J can substitute any
> system property.  So you could define your own.
>
> Ex:
>
> In bin/setenv.sh...
>
>  -Dmy.log.prefix=server1
>
> In log4j.properties...
>
>  log4j.appender.file.File=/var/log/${my.log.prefix}-webapp.log
>
>
> For more details on property substitution.
>
> https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/PropertyConfigurator.html
>
>
> Dan
>
>
>
>> regards
>> Leon
>>
>> On Mon, Dec 19, 2011 at 5:54 PM, Simon  wrote:
>> > Hi,
>> >
>> > Our webapp is packaged with the log4j framework (1.2.16) and a log4j
>> > configuration that redirect all logs to a file on the server
>> > filesystem. This log file is rotated when it reaches 50M.
>> >
>> > Here is the configuration detail :
>> >
>> > log4j.rootLogger=INFO, file
>> > log4j.appender.file=org.apache.log4j.RollingFileAppender
>> > log4j.appender.file.File=/var/log/webapp.log
>> > log4j.appender.file.MaxFileSize=5KB
>> > log4j.appender.file.MaxBackupIndex=50
>> > log4j.appender.file.layout=org.apache.log4j.PatternLayout
>> > log4j.appender.file.layout.ConversionPattern=%d %-5p %c - %m%n
>> >
>> > This configuration file is located inside the webapp.war archive at
>> > /WEB-INF/classes/log4j.properties.
>> >
>> > In our production environment, we started with one tomcat instance and
>> > everything was fine. The tomcat version is 5.5.20 and it is running on
>> > the Oracle JVM 1.6.0_23-b05.
>> >
>> >
>> > Unfortunately, when the infrastructure team added 2 other Tomcat
>> > instances on the same server with the same webapp.war inside, some
>> > logs were lost. The 2 instances are basically a complete copy of the
>> > file tree of the first instance. Thus, there is 3 identical webapps
>> > logging into the same log file simultaneously :
>> > /tomcat/instance-1/webapps/webapp.war => /var/log/webapp.log
>> > /tomcat/instance-2/webapps/webapp.war => /var/log/webapp.log
>> > /tomcat/instance-3/webapps/webapp.war => /var/log/webapp.log
>> >
>> > My hypothesis is that as every webapp log to the same log file from a
>> > different JVM (the tomcat instances), there could be some concurrency
>> > issues when the rolling from log4j occurs !!!
>> >
>> >
>> > I would like that each webapp logs to a particular file without having
>> > a different log4j configuration packaged in the webapp.war archive. My
>> > first idea was to modify the log4j configuration so the webapp will
>> > log to the console (stdout) and then find a way to redirect the stdout
>> > inside a Tomcat instance to a particular file :
>> > /tomcat/instance-1/webapps/webapp.war => stdout => /var/log/webapp-1.log
>> > /tomcat/instance-2/webapps/webapp.war => stdout => /var/log/webapp-2.log
>> > /tomcat/instance-3/webapps/webapp.war => stdout => /var/log/webapp-3.log
>> >
>> > I know i could achieve that with the Resin application server through
>> > the use of the  configuration element
>> > (http://caucho.com/resin-4.0/reference.xtp#stdoutlog,
>> > http://caucho.com/resin-4.0/admin/logging.xtp).
>> >
>> > Is there a way to mimic this behaviour in Tomcat ?
>> >
>> > -
>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> > For additional commands, e-mail: users-h...@tomcat.apache.org
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Logging per webapp per instance

[Simon]

2011/12/21 Konstantin Kolinko :
> 2011/12/20 Christopher Schultz :
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Simon,
>>
>> On 12/19/11 11:54 AM, Simon wrote:
>>> log4j.appender.file.File=/var/log/webapp.log
>>>
>>> Thus, there is 3 identical webapps logging into the same log file
>>> simultaneously :
>>
>> It's more likely that the last one wins: the first 2 logs was probably
>> lost entirely.
>
> FileAppender docs say that Append=true by default. Though I wonder
> what will happen during log rotation.
>
> Anyway entries from three servers in the same log file where they
> cannot be distinguished from each other are of little help.
>
>>
>>> My hypothesis is that as every webapp log to the same log file from
>>> a different JVM (the tomcat instances), there could be some
>>> concurrency issues when the rolling from log4j occurs !!!
>>
>> "Some" issues definitely. You need to change this.
>>
>>> I would like that each webapp logs to a particular file without
>>> having a different log4j configuration packaged in the webapp.war
>>> archive. My first idea was to modify the log4j configuration so the
>>> webapp will log to the console (stdout) and then find a way to
>>> redirect the stdout inside a Tomcat instance to a particular file
>>
>> That sounds awful: a hack (in log4j config) to go to stdout and then
>> another hack (in Tomcat config) to redirect to a file. Yuck.
>>

It is not really a hack in log4j configuration to redirect the logs in
stdout, as it is exactly what does the ConsoleAppender by default...

The idea here is that we (the developpers) can focus on *what* get
logged by configuring the log categories and the log pattern in the
log4.properties file using a simple ConsoleAppender.

Our infrastructure team (responsible for the server configuration and
resources) can focus on *where* the logs go (a file, a rolling file, a
JMS queue, syslog, or whatever the need) in the Tomcat configuration.

This has the other advantage to have a log4.configuration file and a
web application that are not too much dependant of the environment
(Unix file path vs Windows file path for example)...

I guess this why the  feature is available in Resin... At
least it would help in this use case !


>>> Is there a way to mimic this behaviour in Tomcat ?
>>
>> *Sigh* if you have to, you can use the "swallowOutput" attribute on
>> your  definition. Then you have to configure Tomcat's logging
>> system to put the logs where you want them.
>
> That is fragile. It depends on who catches the value of System.out
> first, Tomcat or a logging framework.
>
>>
>> IMO a better idea would be to configure log4j properly. I think you
>> have several options:
>>
>> 1. Modify the log4j.properties file in each WAR file to specify
>>   the proper filename. You said you didn't want to do this.
>>
>> 2. Use a log4j.properties file that is outside your WAR file.
>>   You'll have to figure out how to get your webapp to detect
>>   the right file so that your 3 separate copies don't end up
>>   reading the same file and reproducing the same issue described
>>   above.
>>
>> 3. In your log4j startup code, set a property based upon some
>>   configuration or environment (context path?) that can be used
>>   by log4j during configuration and setup of the logging system.
>>   I personally favor this approach. If you are running in separate
>>   JVMs, I think you can use system properties and have those
>>   replaced by log4j when parsing the configuration file(s).
>>   Read the documentation to be sure.
>>
>> 4. Configure log4j to log to syslog, and have syslog take care of
>>   the file situation. Of course, you'll have to identify each
>>   separate instance of your webapp if you want to be able to
>>   sort-out which log came from which source. So, you still
>>   have to somehow identify these webapps uniquely.
>>
>
> 5. Configure it to write ${catalina.base}/logs.
>
> (That is if all webapps are on different Tomcat instances, as opposed
> to having several different-named webapps on the same Tomcat)
>
> If you want that to be written to /var/logs, you can replace
> ${catalina.base}/logs with a symlink to /var/logs/instance-N/.
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Thank you for your ideas and advices, it will definitely help me a lot !

Regards,

Simon

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat doesn't allow me to login

[Simon Matter]

Hi,

> [root@mtthdoped51 ~]# $CATALINA_HOME/bin/startup.sh
>
> Using CATALINA_BASE:   /opt/tomcat/latest
>
> Using CATALINA_HOME:   /opt/tomcat/latest
>
> Using CATALINA_TMPDIR: /opt/tomcat/latest/temp
>
> Using JRE_HOME:
> /usr/lib/jvm/java-11-openjdk-11.0.24.0.8-2.el9.x86_64
>
> Using CLASSPATH:
> /opt/tomcat/latest/bin/bootstrap.jar:/opt/tomcat/latest/bin/tomcat-juli.jar
>
> Using CATALINA_OPTS:
>
> Tomcat started.
>
> [[cid:image001.png@01DB0BCD.68514780]
>
>
>
> I even took out below from users.xml
>
>
>
> http://tomcat.apache.org/xml
>
>   xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance
>
>   xsi:schemaLocation=http://tomcat.apache.org/xml
> tomcat-users.xsd<http://tomcat.apache.org/xml%20tomcat-users.xsd>
>
>   version="1.0">
>
>
>
> 
>
> 
>
> 
>
>
>
>  roles="manager-gui,manager-script,admin-gui"/>
>
> 
>
>
>
>
>
> Tried all commands
>
>
>
>   159  vi /opt/tomcat/apache-tomcat-10.1.30/conf/tomcat-users.xml

This in one location.

>
>   160  $CATALINA_HOME/bin/shutdown.sh
>
>   161  $CATALINA_HOME/bin/startup.sh
>
>   162  vi /opt/tomcat/apache-tomcat-10.1.30/conf/tomcat-users.xml
>
>   163  vi /opt/tomcat/apache-tomcat-10.1.30/conf/server.xml
>
>   164  keytool -genkey -alias tomcat -keyalg RSA -keystore
> conf/localhost-rsa.jks
>
>   165  vi /opt/tomcat/apache-tomcat-10.1.30/conf/tomcat-users.xml
>
>   166  keytool -genkey -alias tomcat -keyalg RSA -keystore
> /opt/tomcat/apache-tomcat-10.1.30/conf/localhost-rsa.jks
>
>   167  find / -name server.xml -print
>
>   168  vi /opt/config/instance1/conf/server.xml
>
>   169  $CATALINA_HOME/bin/shutdown.sh
>
>   170  $CATALINA_HOME/bin/startup.sh
>
>   171  vi /opt/config/instance1/conf/server.xml
>
>   172  $CATALINA_HOME/bin/shutdown.sh
>
>   173  $CATALINA_HOME/bin/startup.sh
>
>   174  cat  /opt/config/instance1/conf/server.xml
>
>   175  vi /opt/config/instance1/conf/server.xml
>
>   176  ls -l /opt/tomcat/apache-tomcat-10.1.30/conf/localhost-rsa.jks
>
>   177  vi /opt/tomcat/apache-tomcat-10.1.30/conf/tomcat-users.xml
>
>   178  $CATALINA_HOME/bin/shutdown.sh
>
>   179  $CATALINA_HOME/bin/startup.sh
>
>   180  cat  /opt/tomcat/apache-tomcat-10.1.30/conf/tomcat-users.xml
>
>   181  export CATALINA_BASE=/opt/tomcat/apache-tomcat-10.1.30
>
>   182  cat  /opt/tomcat/apache-tomcat-10.1.30/conf/tomcat-users.xml
>
>   183  vi /opt/tomcat/apache-tomcat-10.1.30/conf/tomcat-users.xml
>
>   184  $CATALINA_HOME/bin/shutdown.sh
>
>   185  $CATALINA_HOME/bin/startup.sh
>
>   186  tail -f $CATALINA_BASE/logs/catalina.out
>
>   187  find / -name tomcat-users.xml
>
>   188  vi /opt/config/instance1/conf/tomcat-users.xml

This is another location.

Are you sure that it's picking up the file in the correct location?

Regards,
Simon

>
>   189  $CATALINA_HOME/bin/shutdown.sh
>
>   190  $CATALINA_HOME/bin/startup.sh
>
>   191
> /opt/tomcat/apache-tomcat-10.1.30/webapps/host-manager/META-INF/context.xml
>
>   192  vi
> /opt/tomcat/apache-tomcat-10.1.30/webapps/host-manager/META-INF/context.xml
>
>   193  $CATALINA_HOME/bin/shutdown.sh
>
>   194  $CATALINA_HOME/bin/startup.sh
>
>   195  tail -f $CATALINA_BASE/logs/catalina.out
>
>   196  find / -name tomcat-users.xml
>
>   197  vi /opt/tomcat/apache-tomcat-10.1.30/conf/tomcat-users.xml
>
>   198  $CATALINA_HOME/bin/shutdown.sh
>
>   199  $CATALINA_HOME/bin/startup.sh
>
>   200  find / -name tomcat-users.xml
>
>   201  vi /opt/config/instance1/conf/tomcat-users.xml
>
>   202  $CATALINA_HOME/bin/shutdown.sh
>
>   203  $CATALINA_HOME/bin/startup.sh
>
>   204  vi /opt/config/instance1/conf/tomcat-users.xml
>
>   205  vi /opt/tomcat/apache-tomcat-10.1.30/conf/tomcat-users.xml
>
>   206  $CATALINA_HOME/bin/shutdown.sh
>
>   207  $CATALINA_HOME/bin/startup.sh
>
>   208  reboot
>
>   209  tail -f $CATALINA_BASE/logs/catalina.out
>
>   210  $CATALINA_HOME/bin/startup.sh
>
>   211  tail -f $CATALINA_BASE/logs/catalina.out
>
>   212  history
>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Documentation doubt

[Simon Arame]

Thanks a lot, those answer cleared the doubt I had. Now I understand.

Le sam. 16 nov. 2024, 10 h 11, Christopher Schultz <
ch...@christopherschultz.net> a écrit :

> Simon,
>
> On 11/14/24 3:08 PM, Simon Arame wrote:
> > Hi, simple question to confirm a doubt about
> > https://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Naming
> >
> > the first paragraph states
> >>When autoDeploy or deployOnStartup operations are performed by a
> Host,
> > the name and context path of the web application are derived from the
> > name(s) of the file(s) that define(s) the web application. Consequently,
> > the context path *may not* be defined in a META-INF/context.xml embedded
> in
> > the application
> >
> > Does this means that if an application defines a META-INF/context.xml
> file,
> > it can not have the `path` attribute ?
>
> Well... it CAN, but that name will be ignored.
>
> > Otherwise what would be the cases in which it is ok to have a
> > META-INF/context.xml file inside an application ?
>
> See Mark's response.
>
> -chris
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Documentation doubt

[Simon Arame]

Hi, simple question to confirm a doubt about
https://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Naming

the first paragraph states
>   When autoDeploy or deployOnStartup operations are performed by a Host,
the name and context path of the web application are derived from the
name(s) of the file(s) that define(s) the web application. Consequently,
the context path *may not* be defined in a META-INF/context.xml embedded in
the application

Does this means that if an application defines a META-INF/context.xml file,
it can not have the `path` attribute ?

Otherwise what would be the cases in which it is ok to have a
META-INF/context.xml file inside an application ?

Thank you,
Simon

Re: [EXTERNAL] - Need help tomcat

[Simon Matter]

> Yes I have deleted them and again I have sent a email with screenshot.
> Please check that.
>
> Regards,
> Deepak

Hi,

please note that attachments are not delivered on this mailing list.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Wondering about tomcat-users.xml could not be found

[Simon Matter]

Hi,

> I'm running tomcat9 under Ubuntu 22.04 with an haproxy 2.8 in front of it.
>
> I'm wondering about the following in the logs:
>
> Nov 15 16:19:23 mail tomcat9[832]: Reloading memory user database
> [UserDatabase] from updated source
> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
> Nov 15 16:19:23 mail tomcat9[832]: The specified user database
> [conf/tomcat-users.xml] could not be found
> Nov 15 16:19:33 mail tomcat9[832]: Reloading memory user database
> [UserDatabase] from updated source
> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
> Nov 15 16:19:33 mail tomcat9[832]: The specified user database
> [conf/tomcat-users.xml] could not be found
> Nov 15 16:19:43 mail tomcat9[832]: Reloading memory user database
> [UserDatabase] from updated source
> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
> Nov 15 16:19:43 mail tomcat9[832]: The specified user database
> [conf/tomcat-users.xml] could not be found
> Nov 15 16:19:53 mail tomcat9[832]: Reloading memory user database
> [UserDatabase] from updated source
> [file:/var/lib/tomcat9/conf/tomcat-users.xml]
> Nov 15 16:19:53 mail tomcat9[832]: The specified user database
> [conf/tomcat-users.xml] could not be found
>
>
>
> File /var/lib/tomcat9/conf/tomcat-users.xml is definitely there.
>
> It occurs every 10 seconds.
>
> Don't know who is causing this and why. Permissions? Ownership wrong?
>
> -rw-r- 1 root root   2756 Jan 15  2022 tomcat-users.xml

Is your Tomcat running as root? I hope not, but if it's running as user
tomcat or some other unprivileged user, it won't be able to read your
tomcat-users.xml as long as the user is not member of group root.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat9 not listening to ipv4 port 8080, only ipv6

[Simon Matter]

Hi,

> Christoph,
>
> On 11/28/23 09:53, Christoph Kukulies wrote:
>> That was my connector:
>>
>>   >                 connectionTimeout="2"
>>                 redirectPort="8443" />
>>
>> I triednetstat -tulpn as well and it could be seen there was  no
>> listener under ip4 and port 8080.
>
> If you use the "address" attribute, you can pick the interface you will
> listen to:
>
> "
> [address]
>
> For servers with more than one IP address, this attribute specifies
> which address will be used for listening on the specified port. By
> default, the connector will listen all local addresses. Unless the JVM
> is configured otherwise using system properties, the Java based
> connectors (NIO, NIO2) will listen on both IPv4 and IPv6 addresses when
> configured with either 0.0.0.0 or ::. The APR/native connector will only
> listen on IPv4 addresses if configured with 0.0.0.0 and will listen on
> IPv6 addresses (and optionally IPv4 addresses depending on the setting
> of ipv6v6only) if configured with ::.
> " [1]
>
> You have not specified an "address", so you get the default which should
> be "all local addresses". You only showed your lsof output, so I
> couldn't see which interface you had been bound to.
>

Also, it's a question what the interface config looks like *exactly* at
the time when Tomcat was starting up. On systems running systemd it's easy
to get into troubles with the way systemd parallelizes the system startup.
Systemd service units often need additional tuning to result in reliable
startup order.

Regards,
Simon

>
> [1]
> https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#Standard_Implementation
>
>>> Am 28.11.2023 um 15:15 schrieb Christopher Schultz
>>> mailto:ch...@christopherschultz.net>>:
>>>
>>> Christoph,
>>>
>>> On 11/28/23 08:26, Christoph Kukulies wrote:
>>>> not that I kew of (changes in JVM arguments). I will try your
>>>> suggestion:
>>>> -Djava.net.preferIPv4Stack=true
>>>> and thanks, it helped:
>>>> I put it into /etc/defaults/tomcat9 (under Ubuntu 22.04)
>>>> JAVA_OPTS="-Djava.awt.headless=true -Djava.net.preferIPv4Stack=true"
>>>> and now I have:
>>>> root@mail:/etc/default# lsof -i :8080
>>>> COMMAND   PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
>>>> java    59579 tomcat   37u  IPv4 579485      0t0  TCP *:http-alt
>>>> (LISTEN)
>>>> root@mail:/etc/default#
>>>
>>> So... is that what you wanted?
>>>
>>> What does your  configuration look like?
>>>
>>> Try using netstat instead of lsof. It will show you the network
>>> interface being used as well as the port number and IP stack type.
>>>
>>> -chris
>>>
>>>>> Am 28.11.2023 um 13:58 schrieb Suvendu Sekhar Mondal
>>>>> >>>> <mailto:suv3...@gmail.com> <mailto:suv3...@gmail.com>>:
>>>>>
>>>>> Hello Christoph,
>>>>>
>>>>> On Tue, Nov 28, 2023, 5:55 PM Christoph Kukulies
>>>>> mailto:k...@kukulies.org.invalid>>
>>>>> wrote:
>>>>>
>>>>>> I'm pulling my hairs on a suddenly occured - possibly -
>>>>>> misconfiguration.
>>>>>> But I can't find it out:
>>>>>>
>>>>>> catalina.2023-11-28.log:
>>>>>>
>>>>>>
>>>>>> 28-Nov-2023 13:15:43.742 INFO [main]
>>>>>> org.apache.catalina.startup.VersionLoggerListener.log Server
>>>>>> version name:
>>>>>>  Apache Tomcat/9.0.58 (Ubuntu)
>>>>>> 28-Nov-2023 13:15:43.743 INFO [main]
>>>>>> org.apache.catalina.startup.VersionLoggerListener.log Server built:
>>>>>>  Jan 6 1970 15:09:28 UTC
>>>>>> 28-Nov-2023 13:15:43.744 INFO [main]
>>>>>> org.apache.catalina.startup.VersionLoggerListener.log Server version
>>>>>> number: 9.0.58.0
>>>>>> 28-Nov-2023 13:15:43.744 INFO [main]
>>>>>> org.apache.catalina.startup.VersionLoggerListener.log OS Name:
>>>>>>  Linux
>>>>>> 28-Nov-2023 13:15:43.744 INFO [main]
>>>>>> org.apache.catalina.startup.VersionLoggerListener.log OS Version:
>>>>>>  5.15.0-89-generic
>>>>>> 28-Nov-2023 13:15:43.745 INFO [main]
>>>>>> org.apache.catalina.st

Re: I can't find how to stop TOMCAT during INITIALIZATION phase

[Simon Matter]

Hi,

>
> Our question is:
> 1. It is possible to stop tomcat during initialization phase?
> 2. If yes how and if not are any plans to implement it in future versions?
>
> It seems to me that my solutions for now are:
> 1. sending SIGKILL signal to tomcat (this is very risky to me because
> stopping like this in the middle of something may corrupt data - but this
> situation is any way possible so I have to handle it)
> 2. wait for tomcat initilization procedure to finish and then trigger the
> shutdown since we can do something in our wrapper scripts
> Do you see any other possible solutions?
>

Did you try to terminate the process with SIGUSR1 instead of SIGKILL? I
usually terminate Java processes with SIGUSR1 if SIGTERM is not handled in
time and it still seems to do some cleanup while shutting down.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_jk logging issue

[Simon Matter]

Hi,

> Hi - I'm running mod_jk with an Apache front-end, and I'm having an
> issue with the JkShmFile files.
>
> Every time Apache restarts mod_jk creates two new files
> (jk-runtime-status.PID and jk-runtime-status.PID.lock). These are never
> cleaned up; the log directory simply fills up with these files. This
> happens whether or not I explicitly set JkShmFile in the Apache conf.
>
> Is there some way I can persuade mod_jk to use a single file pair,
> without the PID suffix, or to delete the previous file pair on a
> restart? I'm not doing any load sharing.
>
> I'm on Ubuntu 22.04, Apache 2.4.52. The mod_jk version is possibly
> 1.2.48-1.

Can it be that your application crashes on shutdown? This is usually why
cleanup is not working properly.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_jk logging issue

[Simon Matter]

> Hi Rainer/Simon - I've just had another look at this. With no
> application running (IOW, all Java processes killed), I see this
> behaviour:

Sorry, I was confused because I thought we're talking about files from
Tomcat and not from Apache/mod_jk.

Regards,
Simon

>
>   # systemctl start apache2
>
> This create a number of apache2 processes (generally 7). 2 new mod_jk
> files are created, corresponding to the apache2 process with the lowest
> PID
>
>   # systemctl stop apache2
>
> This does not remove any files (but see below)
>
>   # systemctl restart apache2
>
> This has the same effect as a 'start' followed by a 'stop'. A 'reload',
> as expected, doesn't change the PIDs and has no effect on file creation
> or deletion.
>
> During testing, I did see one occasion on which the current mod_jk files
> were deleted. I though this might be a timeout issue, since the restart
> was carried out after 7 minutes, which was longer  that normal. So, I
> carried out 5 more tests, with the restart after 1, 2, 4, 8, and 11
> minutes, and in all these cases the old files were retained and not
> deleted.
>
> Maybe there's a race condition, or something distribution-specific, in
> the code which registers the cleanup?  I can't do much for a couple of
> days, at least, but I'll have a look when I get a minute.
>
>
> On 19/12/2023 19:03, Rainer Jung wrote:
>> Hi there,
>>
>> Am 19.12.23 um 18:05 schrieb EML:
>>> Hi - I'm running mod_jk with an Apache front-end, and I'm having an
>>> issue with the JkShmFile files.
>>>
>>> Every time Apache restarts mod_jk creates two new files
>>> (jk-runtime-status.PID and jk-runtime-status.PID.lock). These are
>>> never cleaned up; the log directory simply fills up with these files.
>>> This happens whether or not I explicitly set JkShmFile in the Apache
>>> conf.
>>
>> That should no happen. There is a cleanup routine registered, which
>> should delete the files during shutdown. And that's the behavior that
>> I normally observe.
>>
>>> Is there some way I can persuade mod_jk to use a single file pair,
>>> without the PID suffix, or to delete the previous file pair on a
>>> restart? I'm not doing any load sharing.
>>
>> If you must remove the PID, you can patch the code and build it
>> yourself. The ID is added in file common/jk_shm.c in the following line:
>>
>>     sprintf(jk_shmem.filename, "%s.%" JK_PID_T_FMT, fname,
>> getpid());
>>
>> You could replace it by:
>>
>>     sprintf(jk_shmem.filename, "%s", fname);
>>
>> If you compile the code yourself, please us the latest version 1.2.49.
>>
>> As I mentioned, a normal shutdown should already remove the files. A
>> reload should not change the pid and thereby the files. A restart in
>> the sense of stop-then-start should also remove the old files.
>>
>>> I'm on Ubuntu 22.04, Apache 2.4.52. The mod_jk version is possibly
>>> 1.2.48-1.
>>>
>>> Thanks.
>>
>> Regards,
>>
>> Rainer
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Regarding Tomcat is creating the zombie processes

[Simon Matter]

> You will need to provide more details.
>
> A default Tomcat install does not create parent and child processes so
> zombie processes cannot occur.
>
> I'll also note that zombie process do not consume system resources
> (apart from a process ID).
>
> Please provide the steps you used to recreate this issue in a clean
> installation of a standalone Tomcat instance.
>
> Mark
>

As an easy start you could provide us with the Tomcat related process tree
and detailed description of how the lifecycle of Tomcat is managed.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Posting questions

[Simon Matter]

> Refer to attached screenshot.

Attached screenshot? This is a public mailing list so your best option is
to provide information in posted text format, screenshots and other images
most likely won't make it through in a usable way :)

Regards,
Simon

>
> -Original Message-
> From: Jalaj Asher 
> Sent: Friday, January 5, 2024 8:02 PM
> To: Tomcat Users List 
> Subject: RE: Posting questions
>
> [You don't often get email from jalaj.as...@eclinicalworks.com.invalid.
> Learn why this is important at
> https://aka.ms/LearnAboutSenderIdentification ]
>
> Omkar,
> 2 questions
> 1. when you say processes what processes are you seeing being invoked and
> does it stop at 200 processes. May be a screen shot might help 2. does the
> tomcat have read write privilege on all its folders ? If not does giving
> those rights help ?
>
>
>
> -Original Message-
> From: Vaidya, Omkar 
> Sent: Friday, January 5, 2024 4:56 AM
> To: users@tomcat.apache.org
> Subject: Posting questions
>
> Attention! - This email has originated from an External Source outside of
> eClinicalWorks. Always use caution when opening attachments, clicking
> links, or when responding to this email. If you feel this is a phishing
> scam, please use the Phish Alert Report button in Outlook.
>
>
> Hi Team,
>
>
>
> Tomcat Version - 9.0.62
>
> Platform - Linux Platform
>
>
>
>
>
> This is regarding like we have one customer issue where on Linux platform,
> we have configured our IOT-application (Thingworx), which is using Tomcat
> as a server.
>
> So we are able to identify that even when we remove our application,
> Tomcat is creating a zombie (defunct) process, which is creating 200+
> processes under the process table, which ultimately occupy all the OS
> resources and the application goes in a hung state. This issue is also
> reproducible on the Standalone Tomcat server also.
>
> There are two scenarios mentioned below -
>
> 1.If this is relatable to Tomcat can you please suggest any
> article or documentation so that we can stop zombie process creation, if
> this is a known issue or there is only way to clear zombie (defunct)
> process from Processes table of linux.
>
> 2.Also, let us know if this is a Operating System specific
> issue like as it is reproducible only on Linux, So Linux os is the thing
> that creates the zombie (defunct) processes?
>
> we are eagerly waiting for the response.
>
>
>
> Thanks,
>
> Omkar Vaidya.
>
>
> CONFIDENTIALITY NOTICE TO RECIPIENT: This transmission contains
> confidential information belonging to the sender that is legally
> privileged and proprietary and may be subject to protection under the law,
> including the Health Insurance Portability and Accountability Act (HIPAA).
> If you are not the intended recipient of this e-mail, you are prohibited
> from sharing, copying, or otherwise using or disclosing its contents. If
> you have received this e-mail in error, please notify the sender
> immediately by reply e-mail and permanently delete this e-mail and any
> attachments without reading, forwarding or saving them. Thank you.
>
> CONFIDENTIALITY NOTICE TO RECIPIENT: This transmission contains
> confidential information belonging to the sender that is legally
> privileged and proprietary and may be subject to protection under the law,
> including the Health Insurance Portability and Accountability Act (HIPAA).
> If you are not the intended recipient of this e-mail, you are prohibited
> from sharing, copying, or otherwise using or disclosing its contents. If
> you have received this e-mail in error, please notify the sender
> immediately by reply e-mail and permanently delete this e-mail and any
> attachments without reading, forwarding or saving them. Thank you.
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Regarding Tomcat is creating the zombie processes

[Simon Matter]

Hi,

I'm not Mark but still try to provide my help

> Hi Mark,
>
> Thanks for the response. For mainly related to our Thingworx IOT-based
> application, we are using the Tomcat 9.0.62 server. So for that, we are
> getting zombie or defunct processes.
>
> "Please provide the steps you used to recreate this issue in a clean
> installation of a standalone Tomcat instance." -> So for this,  We have
> executed our installer, which itself installs the Tomcat server. So, there
> are no manual steps that we ask the user to execute.

What you were asked is to provide full details about your installer.
That's most likely where we could see why you have this issue.

>
> As per the previous response, "A default Tomcat install does not create
> parent and child processes, so zombie processes cannot occur." -> So we
> have raised a support case with Tomcat to just understand the reason why
> defunct processes are created.

I'm not sure you can "raise a support case with Tomcat" as you do with
commercial companies where you pay for support contracts. At least I was
not aware Apache Tomcat provides such contracts, but I may have missed it.

>
> Is anybody already raised case similar to defunct or related to zombie
> processes. If yes, can you please share which resolution you have provided
> to them to prevent creation of those.

Your best bet may be to openly provide more detailed info so we, as a
community, can help you identifying why you see zombie processes.

Regards,
Simon

>
> Thanks,
> Omkar V.
>
> -Original Message-
> From: Mark Thomas 
> Sent: Friday, January 5, 2024 6:00 PM
> To: users@tomcat.apache.org
> Subject: Re: Regarding Tomcat is creating the zombie processes
>
> [You don't often get email from ma...@apache.org. Learn why this is
> important at https://aka.ms/LearnAboutSenderIdentification ]
>
> You will need to provide more details.
>
> A default Tomcat install does not create parent and child processes so
> zombie processes cannot occur.
>
> I'll also note that zombie process do not consume system resources (apart
> from a process ID).
>
> Please provide the steps you used to recreate this issue in a clean
> installation of a standalone Tomcat instance.
>
> Mark
>
>
> On 05/01/2024 09:48, Vaidya, Omkar wrote:
>> Adding information -
>> Tomcat Version - 9.0.62
>> Platform - Linux Platform
>>
>>
>> From: Vaidya, Omkar 
>> Sent: Friday, January 5, 2024 3:15 PM
>> To: users@tomcat.apache.org
>> Cc: Shriwardhankar, Varun 
>> Subject: Regarding Tomcat is creating the zombie processes
>>
>> Hi Team,
>>
>> This is regarding like we have one customer issue where on Linux
>> platform, we have configured our IOT-application (Thingworx), which is
>> using Tomcat as a server.
>> So we are able to identify that even when we remove our application,
>> Tomcat is creating a zombie (defunct) process, which is creating 200+
>> processes under the process table, which ultimately occupy all the OS
>> resources and the application goes in a hung state. This issue is also
>> reproducible on the Standalone Tomcat server also.
>> There are two scenarios mentioned below -
>> 1.If this is relatable to Tomcat can you please suggest any
>> article or documentation so that we can stop zombie process creation, if
>> this is a known issue or there is only way to clear zombie (defunct)
>> process from Processes table of linux.
>> 2.Also, let us know if this is a Operating System specific
>> issue like as it is reproducible only on Linux, So Linux os is the thing
>> that creates the zombie (defunct) processes?
>> we are eagerly waiting for the response.
>>
>> Thanks,
>> Omkar Vaidya.
>>
>>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: EOL - Tomcat versions

[Simon Matter]

> On 19/01/2024 19:06, Francisco Dellanio Leite Alencar wrote:
>> @Mark Thomas,
>>
>> Is it possible to consider that the minimum support time of Apache
>> Tomcat 9.0.X is until 2027 (10 years since Released)?
>
> I'd say 2027 is a reasonable estimate of the likely EOL date for 9.0.x
> but I'm not going to provide any guarantees on that.
>
> The Tomcat community has committed to providing at least 12 months
> notice of EOL of any major version.
>
> More detail in the thread listed below against 9.0.x.
>
> If long term support is your concern then I'd consider looking at Tomcat
> 10.1.x. It does require Java 11 (Tomcat 9.0.x requires Java 8) but it
> will get you an additional ~3 years support.
>
> I will take the opportunity to point out that what you get with Tomcat
> is already pretty good.
>
> - major versions support for ~10 years including new features, bug
>fixes and security fixes
>
> - monthly releases throughout that ~10 year period (with the odd gap)
>
> - all reproducible bugs reported fixed in the next release (this is the
>one where Tomcat really stands out)
>
> - you can actually talk to the folks the maintain the code
>

I'd like to thank the Tomcat community for all what they're doing. I know
a lot of projects but Tomcat is really at the top of the list for all the
things pointed out above!

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: EOL - Tomcat versions

[Simon Matter]

> Top posting since my comments are not 100% relevant to the issue in
> the thread (i.e. related but not in detail).
>
> It would be nice if Tomcat published EOL's since there are
> applications (like HIPAA webapps [I do remote cardiac monitoring])
> that are automatically declared to be insecure if the underlying
> platform has any EOL'ed components (this why just upgraded from 9.0.35
> to 9.0.85) and in some cases (like HIPAA) have goverment imposed fines
> if there is a breach due to using EOL'ed components.   Thus there is a
> need for known/published EOL dates in such apps.

Isn't it so that for every major version, like 9.0, all but the latest
should be considered EOL? Like for now, 9.0.85 is supported and 9.0.84 and
older should be considered EOL.

Simon

>
> On Fri, Jan 19, 2024 at 6:58 PM Mark Thomas  wrote:
>>
>> On 19/01/2024 19:06, Francisco Dellanio Leite Alencar wrote:
>> > @Mark Thomas,
>> >
>> > Is it possible to consider that the minimum support time of Apache
>> Tomcat 9.0.X is until 2027 (10 years since Released)?
>>
>> I'd say 2027 is a reasonable estimate of the likely EOL date for 9.0.x
>> but I'm not going to provide any guarantees on that.
>>
>> The Tomcat community has committed to providing at least 12 months
>> notice of EOL of any major version.
>>
>> More detail in the thread listed below against 9.0.x.
>>
>> If long term support is your concern then I'd consider looking at Tomcat
>> 10.1.x. It does require Java 11 (Tomcat 9.0.x requires Java 8) but it
>> will get you an additional ~3 years support.
>>
>> I will take the opportunity to point out that what you get with Tomcat
>> is already pretty good.
>>
>> - major versions support for ~10 years including new features, bug
>>fixes and security fixes
>>
>> - monthly releases throughout that ~10 year period (with the odd gap)
>>
>> - all reproducible bugs reported fixed in the next release (this is the
>>one where Tomcat really stands out)
>>
>> - you can actually talk to the folks the maintain the code
>>
>>
>> If you really need 9.0.x and really need guarantees on dates then there
>> are commercial organizations that will sell you that service. Just make
>> sure you pick one that has the skills and in-depth Tomcat knowledge
>> necessary to deliver that support.
>>
>> Mark
>>
>>
>>
>> >
>> > Thanks.
>> >
>> >
>> >
>> > On 2024/01/08 08:42:28 Mark Thomas wrote:
>> >>
>> >>
>> >> On 08/01/2024 06:47, i...@flyingfischer.ch wrote:
>> >>> https://endoflife.date/tomcat
>> >>>
>> >>> Am 08.01.24 um 07:39 schrieb Deshmukh, Kedar:
>> >>>> Hello,
>> >>>>
>> >>>> Could you please throw some light on Tomcat versions and its EOL
>> plan?
>> >>
>> >> See https://tomcat.apache.org/whichversion.html
>> >>
>> >>>> 1.  8.5.X
>> >>
>> >> EOL 31 March 2024
>> >>
>> >>>> 2.  9.0.X
>> >>
>> >> No plans.
>> >> See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0
>> >>
>> >>>> 3.  10.0.X
>> >>
>> >> Already EOL as of 31 October 2022
>> >>
>> >>>> 4.  10.1.X
>> >>
>> >> No plans.
>> >> See https://lists.apache.org/thread/qlzpscgoqct9wspkj5qjkm34s66jswj0
>> >>
>> >> Mark
>> >>
>> >> -
>> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> >> For additional commands, e-mail: users-h...@tomcat.apache.org
>> >>
>> >>
>> > -
>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> > For additional commands, e-mail: users-h...@tomcat.apache.org
>> >
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>
>
> --
> Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

NoClassDefFoundError for SSL operations

[Simon Arame]

We have Tomcat 9.0.81 running under OpenJDK 1.8.0_402-b06

Since the latest OpenJDK upgrade we get some errors when trying to perform
SSL Operations like obtaining the bytes of an HTTPS url or sending an email
through SMTP with TLS on.

Note that with the same jdk, those operations succeed when run directly
with java outside of Tomcat.

The top of the stack traces always has org/bouncycastle/asn1/x9/X9Curve as
"class not found".

Here is the stack trace for a regular smtp email send failed attempt:

java.lang.NoClassDefFoundError: org/bouncycastle/asn1/x9/X9Curve
at org.bouncycastle.asn1.x9.X9ECParameters.toASN1Object(Unknown
Source)
at org.bouncycastle.asn1.ASN1Encodable.getDERObject(Unknown Source)
at org.bouncycastle.asn1.x9.X962Parameters.(Unknown Source)
at org.bouncycastle.jce.provider.JCEECPublicKey.getEncoded(Unknown
Source)
at
org.bouncycastle.jce.provider.JCEECPrivateKey.getPublicKeyDetails(Unknown
Source)
at org.bouncycastle.jce.provider.JCEECPrivateKey.(Unknown
Source)
at
org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator$EC.generateKeyPair(Unknown
Source)
at
sun.security.ssl.ECDHKeyExchange$ECDHEPossession.(ECDHKeyExchange.java:128)
at
sun.security.ssl.ECDHClientKeyExchange$ECDHEClientKeyExchangeProducer.produce(ECDHClientKeyExchange.java:392)
at
sun.security.ssl.ClientKeyExchange$ClientKeyExchangeProducer.produce(ClientKeyExchange.java:65)
at sun.security.ssl.SSLHandshake.produce(SSLHandshake.java:421)
at
sun.security.ssl.ServerHelloDone$ServerHelloDoneConsumer.consume(ServerHelloDone.java:182)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377)
at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422)
at
sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:152)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1401)
at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1309)
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:440)
at
com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:602)
at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:529)
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2135)
at
com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:734)
at javax.mail.Service.connect(Service.java:364)
at javax.mail.Service.connect(Service.java:222)
at javax.mail.Service.connect(Service.java:171)


and the stack trace while trying to obtain an HTTPS url with jersey-client
org/bouncycastle/asn1/x9/X9Curve
at
org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:312)
at
org.glassfish.jersey.client.JerseyInvocation.lambda$invoke$1(JerseyInvocation.java:675)
at
org.glassfish.jersey.client.JerseyInvocation.call(JerseyInvocation.java:697)
at
org.glassfish.jersey.client.JerseyInvocation.lambda$runInScope$3(JerseyInvocation.java:691)
at org.glassfish.jersey.internal.Errors.process(Errors.java:292)
at org.glassfish.jersey.internal.Errors.process(Errors.java:274)
at org.glassfish.jersey.internal.Errors.process(Errors.java:205)
at
org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:390)
at
org.glassfish.jersey.client.JerseyInvocation.runInScope(JerseyInvocation.java:691)
at
org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:674)
at
org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:422)
at
org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:318)


I asked for an upgrade of tomcat from 9.0.81 to to 9.0.86 and am waiting to
see if this will resolve our problems. Any advice or links/reports on that
problem would be appreciated.

Simon

Re: Core Dump File Generation

[Simon Matter]

Hi Mohit,

> Hi All,
>
> We are facing issues on tomcat. Core dump file generating very frequent
> twice to thrice in a month and core file size would be 13GB to 15GB every
> time .Whenever this issue is happening tomcat services stopped

I'm a bit confused, are you talking about a UNIX style core file here or
some kind of dump from Java?

If it's a UNIX style core file then the culprit may be Java and not Tomcat
- because Java should never ever dump a core file if it's running without
errors.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Core Dump File Generation

[Simon Matter]

Hi,

> Hi,
>
> I am talking about java core dump file which is generating on tomcat/bin
> path and the OS is RHEL 6.

What's the exact version of Java running?

Regards,
Simon

>
> Thanks & Regards,
> Mohit Chaudhary
>
>
> -Original Message-
> From: Simon Matter 
> Sent: Wednesday, February 28, 2024 3:03 PM
> To: Tomcat Users List 
> Subject: Re: Core Dump File Generation
>
> [You don't often get email from simon.mat...@invoca.ch. Learn why this is
> important at https://aka.ms/LearnAboutSenderIdentification ]
>
> Hi Mohit,
>
>> Hi All,
>>
>> We are facing issues on tomcat. Core dump file generating very
>> frequent twice to thrice in a month and core file size would be 13GB
>> to 15GB every time .Whenever this issue is happening tomcat services
>> stopped
>
> I'm a bit confused, are you talking about a UNIX style core file here or
> some kind of dump from Java?
>
> If it's a UNIX style core file then the culprit may be Java and not Tomcat
> - because Java should never ever dump a core file if it's running without
> errors.
>
> Regards,
> Simon
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Memory leak in EncodingDetector?

[Simon Niederberger]

Hi

I'm analyzing a memory leak reported by Tomcat, and have narrowed it
down to org.apache.jasper.compiler.EncodingDetector:

private static final XMLInputFactory XML_INPUT_FACTORY;
static {
XML_INPUT_FACTORY = XMLInputFactory.newInstance();
}

This class is called by webapp code on a GET request

at 
org.apache.jasper.compiler.EncodingDetector.(EncodingDetector.java:38)
at 
org.apache.jasper.compiler.ParserController.determineSyntaxAndEncoding(ParserController.java:324)
at 
org.apache.jasper.compiler.ParserController.doParse(ParserController.java:201)
at 
org.apache.jasper.compiler.ParserController.parseDirectives(ParserController.java:128)
at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:207)
...
at 
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:396)
at 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:380)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)

The EncodingDetector class, if not yet loaded, will be loaded in the
common classloader, then continue by loading the XMLInputFactory using
the webapp context, and might end up with a XMLInputFactory
implementation from a webapp-provided JAR. If that happens, the webapp
can't undeploy. (In my case, woodstox WstxInputFactory registers
itself as ServiceProvider for XMLInputFactory)

For completeness: javax.xml.stream.FactoryFinder.findServiceProvider()
is called without classloader (cl = null), and has

if (cl == null) {
//the current thread's context class loader
serviceLoader = ServiceLoader.load(type);
} else {
serviceLoader = ServiceLoader.load(type, cl);
}

I can't find anything online about memory leaks from webapp-provided
XMLInputFactory implementations, but this must be fairly common. Is my
understanding correct, or have I mis-configured something? (I'm mainly
wondering whether any XMLInputFactory-implementing JARs belong in
tomcat/lib, but again I'm not finding anything online confirming that)

Tomcat 10.1.19
JVM 17.0.10+7-Ubuntu-120.04.1
Ubuntu 20.04.6 LTS



Simon

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Memory leak in EncodingDetector?

[Simon Niederberger]

Hi Chris

The whole thing is caused by Maven dependencies which pull in
com.fasterxml.woodstox:woodstox-core. The WstxInputFactory has a

@ServiceProvider(XMLInputFactory.class)

annotation, where ServiceProvider is
org.ehcache.spi.service.ServiceProvider. I didn't manage to trace the
key code section, but I do find that the
javax.xml.stream.FactoryFinder then ends up finding WstxInputFactory
as registered service provider. As WstxInputFactory is not on the
common classpath (it's in WEB-INF/lib), I assume it's the webapp
classloader which is used. Below is the stacktrace where
EncodingDetector clinit happens (I defined a
ch.want.funnel.FunnelApp$DelegatingXMLInputFactory to get
stacktraces):

Currently I'm setting

System.setProperty("javax.xml.stream.XMLInputFactory",
"com.sun.xml.internal.stream.XMLInputFactoryImpl");

to get a XMLInputFactory implementation which is on the common
loader's classpath, so the webapp can be undeployed cleanly.

Best regards
Simon

--

java.lang.RuntimeException: Stracktrace for tracking XMLInputFactory creation
at 
ch.want.funnel.FunnelApp$DelegatingXMLInputFactory.(FunnelApp.java:107)
at 
java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at 
java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
at 
java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at 
java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
at 
java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
at 
java.xml/javax.xml.stream.FactoryFinder.newInstance(FactoryFinder.java:190)
at 
java.xml/javax.xml.stream.FactoryFinder.newInstance(FactoryFinder.java:148)
at java.xml/javax.xml.stream.FactoryFinder.find(FactoryFinder.java:261)
at java.xml/javax.xml.stream.FactoryFinder.find(FactoryFinder.java:223)
at 
java.xml/javax.xml.stream.XMLInputFactory.newInstance(XMLInputFactory.java:166)
at 
org.apache.jasper.compiler.EncodingDetector.(EncodingDetector.java:38)
at 
org.apache.jasper.compiler.ParserController.determineSyntaxAndEncoding(ParserController.java:324)
at 
org.apache.jasper.compiler.ParserController.doParse(ParserController.java:201)
at 
org.apache.jasper.compiler.ParserController.parseDirectives(ParserController.java:128)
at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:207)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:396)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:372)
at org.apache.jasper.compiler.Compiler.compile(Compiler.java:356)
at 
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:603)
at 
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:396)
at 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:380)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:328)
at jakarta.servlet.http.HttpServlet.service(HttpServlet.java:658)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:205)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at 
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:51)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at 
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:110)
at 
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174)
at 
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149)
at 
org.springframework.web.filter.CompositeFilter$VirtualFilterChain.doFilter(CompositeFilter.java:108)
at 
org.springframework.security.web.FilterChainProxy.lambda$doFilterInternal$3(FilterChainProxy.java:231)
at 
org.springframework.security.web.ObservationFilterChainDecorator$FilterObservation$SimpleFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:479)
at 
org.springframework.security.web.ObservationFilterChainDecorator$AroundFilterObservation$SimpleAroundFilterObservation.lambda$wrap$1(ObservationFilterChainDecorator.java:340)
at 
org.springframework.security.web.ObservationFilterChainDecorator.lambda$wrapSecured$0(ObservationFilterChainDecorator.java:82)
at 
org.springframework.security.web.ObservationFilterChainDecorator$VirtualFilterChain.doFilter(Observa

Re: Memory leak in EncodingDetector?

[Simon Niederberger]

Hi Chris

Spring's ObservationFilterChainDecorator is ridiculous, isn't it?

> What if you create an empty jaxp.properties file and make it available to the 
> common ClassLoader (e.g. in lib/empty-jaxp.jar:/jaxp.properties) -- does that 
> prevent the problem?
I think that boils down to what I'm already doing with the system
property, getting to the FactoryFinder before it uses
findServiceProvider(). Haven't tried it, but I'm sure it would work.

imho, Tomcat's EncodingDetector should init with either

XML_INPUT_FACTORY = XMLInputFactory.newDefaultFactory();

to just always use the JVM XMLInputFactory, or then

XML_INPUT_FACTORY =
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
EncodingDetector.class.getClassLoader());

to honor it's own classloader (maybe
EncodingDetector.class.getClassLoader() is the wrong approach,
basically something getTomcatCommonClassloader())

What I just don't get is why there's so little online about others
havingEncodingDetector similar issues. Spring + libs like CXF or
jackson-dataformat-xml are common, both those libs have transitive
dependencies on woodstox-core. Throw in ehcache, also common, and your
webapp won't undeploy if it's the first webapp to load a JSP and thus
clinit EncodingDetector. Maybe the public has just given up on clean
undeploying.

Simon


Mühlegasse 18, 6340 Baar, Switzerland

https://www.want.ch

https://www.funnel.travel





On Wed, Mar 20, 2024 at 7:01 PM Christopher Schultz
 wrote:
>
> Simon,
>
> On 3/20/24 09:59, Simon Niederberger wrote:
> > The whole thing is caused by Maven dependencies which pull in
> > com.fasterxml.woodstox:woodstox-core. The WstxInputFactory has a
> >
> > @ServiceProvider(XMLInputFactory.class)
> >
> > annotation, where ServiceProvider is
> > org.ehcache.spi.service.ServiceProvider. I didn't manage to trace the
> > key code section, but I do find that the
> > javax.xml.stream.FactoryFinder then ends up finding WstxInputFactory
> > as registered service provider. As WstxInputFactory is not on the
> > common classpath (it's in WEB-INF/lib), I assume it's the webapp
> > classloader which is used. Below is the stacktrace where
> > EncodingDetector clinit happens (I defined a
> > ch.want.funnel.FunnelApp$DelegatingXMLInputFactory to get
> > stacktraces):
> >
> > Currently I'm setting
> >
> > System.setProperty("javax.xml.stream.XMLInputFactory",
> > "com.sun.xml.internal.stream.XMLInputFactoryImpl");
> > to get a XMLInputFactory implementation which is on the common
> > loader's classpath, so the webapp can be undeployed cleanly.
>
> So this works, right?
>
> What if you create an empty jaxp.properties file and make it available
> to the common ClassLoader (e.g. in lib/empty-jaxp.jar:/jaxp.properties)
> -- does that prevent the problem?
>
> I'm wondering if Tomcat should simply ship with an empty jaxp.properties
> file to prevent this kind of thing from happening by default. If someone
> wants to bundle an XMLInputFactory into Tomcat's lib/ directory and use
> that, they could remove this file.
>
> BTW that's an impressive stack trace. ;)
>
> -chris
>
> > java.lang.RuntimeException: Stracktrace for tracking XMLInputFactory 
> > creation
> >  at 
> > ch.want.funnel.FunnelApp$DelegatingXMLInputFactory.(FunnelApp.java:107)
> >  at 
> > java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> > Method)
> >  at 
> > java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:77)
> >  at 
> > java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> >  at 
> > java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:499)
> >  at 
> > java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:480)
> >  at 
> > java.xml/javax.xml.stream.FactoryFinder.newInstance(FactoryFinder.java:190)
> >  at 
> > java.xml/javax.xml.stream.FactoryFinder.newInstance(FactoryFinder.java:148)
> >  at 
> > java.xml/javax.xml.stream.FactoryFinder.find(FactoryFinder.java:261)
> >  at 
> > java.xml/javax.xml.stream.FactoryFinder.find(FactoryFinder.java:223)
> >  at 
> > java.xml/javax.xml.stream.XMLInputFactory.newInstance(XMLInputFactory.java:166)
> >  at 
> > org.apache.jasper.compiler.EncodingDetector.(EncodingDetector.java:38)
> >  at 
> > org.apache.jasper.compiler.ParserController

Re: Memory leak in EncodingDetector?

[Simon Niederberger]

Hi Chris

Personally I'd go with

XML_INPUT_FACTORY =
XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
EncodingDetector.class.getClassLoader());

allowing me to place my own JAR in common/lib if I really want to (the
only scenario I can think of is an edge-case where there's a bug in
the JVM XMLInputFactory and no upgrade path is available, so I'd place
my own JAR in common/lib).

> I wonder if there really are any use-cases for applications wanting Tomcat to 
> specify the XMLInputFactory *to be used for JSP*

That sounds pretty far-fetched. Our use case is simply that we deploy
frequently (several times a day) on a Tomcat 10.1 installation, and
have various reasons for not going down the Docker/container/FAT JAR
path. So, making sure we don't have memory leaks is relevant.

Simon





On Thu, Mar 21, 2024 at 1:44 PM Christopher Schultz
 wrote:
>
> Simon,
>
> On 3/20/24 15:36, Simon Niederberger wrote:
> >> What if you create an empty jaxp.properties file and make it available to 
> >> the common ClassLoader (e.g. in lib/empty-jaxp.jar:/jaxp.properties) -- 
> >> does that prevent the problem?
>  >
> > I think that boils down to what I'm already doing with the system
> > property, getting to the FactoryFinder before it uses
> > findServiceProvider(). Haven't tried it, but I'm sure it would work.
>
> The difference is that Tomcat can ship it as a part of the distribution,
> while we shouldn't really be setting system properties like that. It
> might prevent, for example, applications using their own preferred
> implementation.
>
> > imho, Tomcat's EncodingDetector should init with either
> >
> > XML_INPUT_FACTORY = XMLInputFactory.newDefaultFactory();
> >
> > to just always use the JVM XMLInputFactory, or then
> >
> > XML_INPUT_FACTORY =
> > XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
> > EncodingDetector.class.getClassLoader());
> >
> > to honor it's own classloader (maybe
> > EncodingDetector.class.getClassLoader() is the wrong approach,
> > basically something getTomcatCommonClassloader())
>
> Yeah, that's probably better than an empty properties file wrapped in a
> JAR file wrapped in an enigma.
>
> We also have the option of using the JreMemoryLeakPreventionListener for
> this. There are already some XML-related protections in there, though
> this one is not specifically there.
>
> Do you have a preferred technique for fixing this? All of those
> suggestions seem equally reasonable. I think I have a slight preference
> for passing the JSP compiler's ClassLoader in to the factory method:
>
>XML_INPUT_FACTORY =
>  XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
>  EncodingDetector.class.getClassLoader());
>
> If you absolutey need to get your JSP compiler to have a custom
> XMLInputFactory, you can copy the JSP compiler into your application and
> it will use that ClassLoader instead.
>
> > What I just don't get is why there's so little online about others
> > havingEncodingDetector similar issues. Spring + libs like CXF or
> > jackson-dataformat-xml are common, both those libs have transitive
> > dependencies on woodstox-core. Throw in ehcache, also common, and your
> > webapp won't undeploy if it's the first webapp to load a JSP and thus
> > clinit EncodingDetector. Maybe the public has just given up on clean
> > undeploying.
>
> My guess is that most people don't really care too much about clean
> shutdowns of their applications. They either bring their applications up
> and down along with the whole JVM (either standalone or via Docker,
> etc.) or they use an embedded Tomcat where their own application hosts
> Tomcat and they start/stop that.
>
> Or they disable/ignore memory-leak detection log messages. *shrug*
>
> I wonder if there really are any use-cases for applications wanting
> Tomcat to specify the XMLInputFactory *to be used for JSP*. I suspect not.
>
> -chris
>
> > On Wed, Mar 20, 2024 at 7:01 PM Christopher Schultz
> >  wrote:
> >>
> >> Simon,
> >>
> >> On 3/20/24 09:59, Simon Niederberger wrote:
> >>> The whole thing is caused by Maven dependencies which pull in
> >>> com.fasterxml.woodstox:woodstox-core. The WstxInputFactory has a
> >>>
> >>> @ServiceProvider(XMLInputFactory.class)
> >>>
> >>> annotation, where ServiceProvider is
> >>> org.ehcache.spi.service.ServiceProvider. I didn't manage to trace the
> >>> key code section, but I do find that the
> >>> javax.xml.stream.FactoryFind

Re: Memory leak in EncodingDetector?

[Simon Niederberger]

Very cool Chris, thanks for the quick reaction!

Simon out


On Fri, Mar 22, 2024 at 1:41 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Simon,
>
> On 3/21/24 12:39, Simon Niederberger wrote:
> > Hi Chris
> >
> > Personally I'd go with
> >
> > XML_INPUT_FACTORY =
> > XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
> > EncodingDetector.class.getClassLoader());
> >
> > allowing me to place my own JAR in common/lib if I really want to (the
> > only scenario I can think of is an edge-case where there's a bug in
> > the JVM XMLInputFactory and no upgrade path is available, so I'd place
> > my own JAR in common/lib).
> >
> >> I wonder if there really are any use-cases for applications wanting
> Tomcat to specify the XMLInputFactory *to be used for JSP*
> >
> > That sounds pretty far-fetched. Our use case is simply that we deploy
> > frequently (several times a day) on a Tomcat 10.1 installation, and
> > have various reasons for not going down the Docker/container/FAT JAR
> > path. So, making sure we don't have memory leaks is relevant.
>
> Done and done.
>
> Feel free to put the fix in yourself, or grab 10.1.x from GitHub, or wit
> for Tomcat 10.1.21 to be released (10.1.20 has already been rolled and
> the voting will end shortly, so you'll have to wait for the next release).
>
> -chris
>
> > On Thu, Mar 21, 2024 at 1:44 PM Christopher Schultz
> >  wrote:
> >>
> >> Simon,
> >>
> >> On 3/20/24 15:36, Simon Niederberger wrote:
> >>>> What if you create an empty jaxp.properties file and make it
> available to the common ClassLoader (e.g. in
> lib/empty-jaxp.jar:/jaxp.properties) -- does that prevent the problem?
> >>   >
> >>> I think that boils down to what I'm already doing with the system
> >>> property, getting to the FactoryFinder before it uses
> >>> findServiceProvider(). Haven't tried it, but I'm sure it would work.
> >>
> >> The difference is that Tomcat can ship it as a part of the distribution,
> >> while we shouldn't really be setting system properties like that. It
> >> might prevent, for example, applications using their own preferred
> >> implementation.
> >>
> >>> imho, Tomcat's EncodingDetector should init with either
> >>>
> >>> XML_INPUT_FACTORY = XMLInputFactory.newDefaultFactory();
> >>>
> >>> to just always use the JVM XMLInputFactory, or then
> >>>
> >>> XML_INPUT_FACTORY =
> >>> XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
> >>> EncodingDetector.class.getClassLoader());
> >>>
> >>> to honor it's own classloader (maybe
> >>> EncodingDetector.class.getClassLoader() is the wrong approach,
> >>> basically something getTomcatCommonClassloader())
> >>
> >> Yeah, that's probably better than an empty properties file wrapped in a
> >> JAR file wrapped in an enigma.
> >>
> >> We also have the option of using the JreMemoryLeakPreventionListener for
> >> this. There are already some XML-related protections in there, though
> >> this one is not specifically there.
> >>
> >> Do you have a preferred technique for fixing this? All of those
> >> suggestions seem equally reasonable. I think I have a slight preference
> >> for passing the JSP compiler's ClassLoader in to the factory method:
> >>
> >> XML_INPUT_FACTORY =
> >>   XMLInputFactory.newFactory(XMLInputFactory.class.getName(),
> >>   EncodingDetector.class.getClassLoader());
> >>
> >> If you absolutey need to get your JSP compiler to have a custom
> >> XMLInputFactory, you can copy the JSP compiler into your application and
> >> it will use that ClassLoader instead.
> >>
> >>> What I just don't get is why there's so little online about others
> >>> havingEncodingDetector similar issues. Spring + libs like CXF or
> >>> jackson-dataformat-xml are common, both those libs have transitive
> >>> dependencies on woodstox-core. Throw in ehcache, also common, and your
> >>> webapp won't undeploy if it's the first webapp to load a JSP and thus
> >>> clinit EncodingDetector. Maybe the public has just given up on clean
> >>> undeploying.
> >>
> >> My guess is that most people don't really care too much about clean
> >> shutdowns of their applications.

Re: Tomcat 9.0.83 - SSL handshake stops working for Google API calls after a while

[Simon Matter]

Hi,

> Hi,
>
> I am looking for help with a strange issue we are experiencing when trying
> to use Google APIs from a web application that is deployed on Tomcat
> 9.0.83.
>
> After a few hours of the server being up and running, all calls to the
> Google APIs fail because of SSL handshake errors. Attaching the SSL logs
> for your reference.

Without knowing exactly how it would look like, are you 100% sure you're
not running out of entropy for some reason?

At least it doesn't hurt to have available entropy in monitoring some how.

Regards,
Simon

>
> I see some differences in the ClientHello message. When the handshake
> fails, all TLSv1.3 ciphers are ignored, there is no "session id" and
> TLSv1.2 is sent as the only supported version.
>
> The Tomcat connector configuration is as follows:
>  protocol="com.precisionsoftware.tomcat.Http11Nio2Protocol" proxyPort="443"
> SSLEnabled="true"
> connectionTimeout="6"
> maxThreads="300"
> minSpareThreads="50"
> acceptCount="250"
> maxKeepAliveRequests="1"
> maxPostSize="-1"
> relaxedQueryChars='[]|{}^\`"<>'
> enableLookups="true"
> disableUploadTimeout="true"
> URIEncoding="UTF-8"
> compression="force"
> scheme="https"
> secure="true"
> clientAuth="false"
> sslProtocol="TLS"
> sslEnabledProtocols="TLSv1.2+TLSv1.3"
> keyAlias="1"
> keystoreFile="../wildcard_odqad.pfx"
> keystorePass="thepassword"
>
> ciphers="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256"/>
>
> I updated Tomcat to use the most recent native library - 2.0.7 - but that
> did not help. Below an extract from the server log.
>
> 2024-04-11 02:12:47,507 INFO
>  [org.apache.catalina.core.AprLifecycleListener:134] (main) Loaded Apache
> Tomcat Native library [2.0.7] using APR version [1.7.4].
> 2024-04-11 02:12:47,507 INFO
>  [org.apache.catalina.core.AprLifecycleListener:134] (main) APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false], random
> [true], UDS [true].
> 2024-04-11 02:12:47,507 INFO
>  [org.apache.catalina.core.AprLifecycleListener:134] (main) APR/OpenSSL
> configuration: useAprConnector [false], useOpenSSL [true]
> 2024-04-11 02:12:47,514 INFO
>  [org.apache.catalina.core.AprLifecycleListener:370] (main) OpenSSL
> successfully initialized [OpenSSL 3.0.13 30 Jan 2024]
>
> I am not very familiar with the SSL handshake process and do not really
> understand what can make it stop working.
>
> Thanks,
> Marcos
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: ldap administration tool and error LDAP: error code 49 - Invalid Credentials

[Simon Matter]

Hi,

> Hello Experts,
> Is there any DLap admin tool available ? I want to manage IBM and openldap
> with it . trying to reset users password in IBM ldap but it fails with

You could try https://directory.apache.org/studio/

Regards,
Simon

>
>
> "[root@camttvpws002 app]# ldapsearch -x -h //102.85.9.23 -D
> "ldap@seth.local<mailto:ldap@seth.local>" -b "dc=seth,dc=local" -w *
> "sAMAcountName=shekhdho"
>
> ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
>
>
>
>
>
> [root@camttvpws002 ~]# tail -f /app/web/logs/RMA/RMA.log
>
> 2024-06-22 06:34:31,696{ INFO [http-bio-8443-exec-3] (RMAdao.java:5047) -
> after preparing the statement
>
> 2024-06-22 06:34:31,697{ INFO [http-bio-8443-exec-3] (RMAdao.java:5050) -
> application name is:RMA
>
> 2024-06-22 06:34:31,737{ERROR [http-bio-8443-exec-3] (RMAdao.java:5116) -
> The exception occurred is:ORA-00942: table or view does not exist
>
>
>
> 2024-06-22 06:34:31,738{ERROR [http-bio-8443-exec-3]
> (CheckDownTime.java:60) - Exception Occurred :
> java.lang.NullPointerException
>
> 2024-06-22 06:34:31,739{ INFO [http-bio-8443-exec-3] (LoginAction.java:64)
> - Inside Action:- Method:fetchUserInfo
>
> 2024-06-22 06:34:31,739{ INFO [http-bio-8443-exec-3] (LoginAction.java:67)
> - The username is : shekhdho
>
> 2024-06-22 06:34:31,777{ERROR [http-bio-8443-exec-3] (Ldap.java:85) -
> Exception occurred :javax.naming.AuthenticationException: [LDAP: error
> code 49 - Invalid Credentials]
>
> 2024-06-22 06:34:31,778{ INFO [http-bio-8443-exec-3] (LoginAction.java:78)
> - Emailid is : null
>
> 2024-06-22 06:34:31,779{ INFO [http-bio-8443-exec-3]
> (LoginAction.java:120) - Populated to the value for the jsp...
>
>
>
>
>
>
>
>
> Best Regards,
> Shekhar Dhotre.
> Sr. Operations Manager.
> CNGCS-Int Txn, Voice n Mobile
> MMX ,MOVE,MARS Billing , Analytics.
> shekhar.dho...@tatacommunications.com<mailto:shekhar.dho...@tatacommunications.com>
>
>



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Intermittent Missing Content-Type

[Simon Arame]

Greetings folks,

According to JavaServer Pages™ specs v2.3 #JSP4.2, when a JSP page does not
provide the TYPE value of the contentType attribute, "the initial content
type is “text/html” for JSP pages in standard syntax"

With our relatively big web application, we are experiencing an
intermittent issue which is a missing Content-Type header on some JSP pages
and the issue goes away when we use 9.0.90+ or set
org.apache.catalina.connector.RECYCLE_FACADES to true.

Some of our clients are not easily updating their tomcat version so I would
like to know what we are doing wrong maybe in our custom Filter that causes
the occasional missing content-type when facades are not recycled.

I got help from Konstantin Kolinko to locate some historical tomcat code
changes. What I was trying to determine is details about the "recycle"
method of the Request implementation and with Konstantin's help (see
below), I make the reconciliation with the CoyoteRequest and the
CoyoteRequestFacade classes. Now I can see the commit 301781 simply adds
those. Is this coming straight on from a CVS repository ? If yes, can the
CVS repository archive can still be publicly accessed ? At this point, I am
not sure if commit 302827 (
https://svn.apache.org/viewvc?view=revision&revision=302827 ) would explain
what i was searching for. My point is that at 301781 (
https://svn.apache.org/viewvc?view=revision&revision=301781 ), the facade
is only cleared if Constants.SECURITY is true and now since 9.0.90, facades
are cleared by default unless you change the option
org.apache.catalina.connector.RECYCLE_FACADES to false.

So following that logic, I found out what facade recycling was but I don't
know why we rely on it.
The missing content-type occurs when we navigate quickly between jsp pages.

Here are some of the actions we performed in our custom Filter,
1. we are conditionally setting some headers on the Response object.
2. we are conditionally calling the RequestDispatcher.include method to add
a JSP head ( stuffs like  )
3. depending on an external authentication call result we are either
sending a redirect or calling FilterChain.doFilter

Please note that we tried the following without success:
- declaring a default-content-type inside a jsp-property-group as
prescribed by the JavaServer Pages™ Specification v2.3 #JSP.3.3.9

Thank you,
Simon Arame

-- Forwarded message -
From: Konstantin Kolinko 
Date: Thu, Jul 18, 2024 at 2:15 PM
Subject: Re: Earlier Tomcat source code
To: Simon Arame 


чт, 18 июл. 2024 г. в 19:23, Simon Arame :
>
> Hi,
> Thank you for this reply, is it ok if I forward this to the mailing list
with additional questions ?
>

OK.

Best regards,
Konstantin Kolinko

> On Thu, Jul 18, 2024 at 9:43 AM Konstantin Kolinko 
wrote:
>>
>> вт, 16 июл. 2024 г. в 22:44, Simon Arame :
>> >
>> > Hi,
>> >
>> > I recently experienced a problem with tomcat that was fixed by release
9.0.90.
>> >
>> > However, i would like to get a way around the actual proposed fix
which simply changes the default value of property
org.apache.catalina.connector.RECYCLE_FACADES.
>> >
>> > And to understand what's going on, i'm trying to follow the commit
history.
>> > I first stumbled on your message
https://svn.haxx.se/dev/archive-2011-09/0558.shtml that states that tc6 can
not be browsed before 389146/389140
>> > then, i tried to follow the subversion history of the file
org.apache.catalina.connector.Request.java which at revision 302975 changed
from being an interface to being a class. the commit message mentioned it
was copied over from Coyote Adapter, but when I go to coyote subfolder the
Request.java that is there let's say at revision 302974 is the same class
but at an earlier version.
>> >
>> > So i'm trying to fill the gap to understand what happened to that
internal Request class between 302975 and earlier, let's say
https://svn.apache.org/repos/asf/tomcat/connectors/trunk/coyote/src/java/org/apache/coyote/Request.java@301074
...
>> >
>>
>> Regarding looking up the old Tomcat sources
>>
>> 1. If you look at the commit message for r302975,
>> https://svn.apache.org/viewvc?view=revision&revision=302975
>> it mentions "I'm using version number 5.5 for this refactoring, as an
>> indication that this is no longer 5.0.x."
>>
>> Essentially, it looks like a commit that branched off Tomcat 5.5.x,
>> and thus the earlier code is with Tomcat 5.0.x.
>> https://svn.apache.org/viewvc/tomcat/archive/tc5.0.x/trunk/
>>
>>
>> 2. Tomcat consists of several Layers (or Components):
>>
>> Catalina is the container, i.e. Servlet container. It implements the
>> Servlet specification.
>>
>> Coyote is the underlying i

Re: java code cache size question

[Simon Matter]

> Hi, I have a tomcat 9 instance  that runs without specifying options for
> the code cache.
>
> Looking at the servet status I see
>
> Code CacheNon-heap memory 2.43 MiB163.93 MiB  240.00 
> MiB  147.30
> MiB (61%)
>
> So te maximum size is 240MB
>
> Looking at Java documentation it states it should be 48MB if not altered
> by options.

At least for Java 17 this seems to be 240MiB:

-XX:ReservedCodeCacheSize=size
Sets the maximum code cache size (in bytes) for JIT-compiled code.
Append the letter k or K to indicate kilobytes, m or M to indicate
megabytes, or g or G to indicate gigabytes. The default maximum code
cache size is 240 MB; if you disable tiered compilation with the
option -XX:-TieredCompilation, then the default size is 48 MB. This
option has a limit of 2 GB; otherwise, an error is generated. The
maximum code cache size shouldn't be less than the initial code cache
size; see the option -XX:InitialCodeCacheSize.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 9 doesn't shutdown cleanly

[Simon Matter]

Hi,

I'm running an application on Tomcat 9.0.55 on x86_64 Linux with OpenJDK
JRE-11.0.13+8 and have problems shutting down Tomcat in certain ways.

When I shutdown Tomcat via 'catalina.sh stop', it shuts down mostly (most
threads are gone) but send a thread dump to catalina.out and is later
killer by an OS signal.

When shutting down Tomcat via the shutdown listener on port 8005, it also
shuts down mostly but without the thread dump in catalina.out. Sending
SIGTERM later to the still running java process terminates it.

So both methods somehow terminate Tomcat partly but not completely.

When simply sending SIGTERM on the OS level, Tomcat shuts down cleanly and
terminates without issues.

One thing in common is that I always see these messages while shutting down:

30-Nov-2021 13:59:36.985 SEVERE [main]
org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesRmiTargets
Found RMI Target with stub class class
[sun.rmi.registry.RegistryImpl_Stub] and value
[RegistryImpl_Stub[UnicastRef [liveRef:
[endpoint:[157.161.91.47:2071](local),objID:[0:0:0, 0]. This RMI
Target has been forcibly removed to prevent a memory leak.
30-Nov-2021 13:59:36.987 SEVERE [main]
org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesRmiTargets
Found RMI Target with stub class class [com.sun.proxy.$Proxy51] and value
[Proxy[ShopdbCacheSynchronizer,RemoteObjectInvocationHandler[UnicastRef
[liveRef:
[endpoint:[157.161.91.47:1096](local),objID:[-6f4b2f9d:17d70eb1ef4:-7ffd,
-4005526521234186948]]. This RMI Target has been forcibly removed to
prevent a memory leak.
30-Nov-2021 13:59:36.987 SEVERE [main]
org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesRmiTargets
Found RMI Target with stub class class
[sun.rmi.registry.RegistryImpl_Stub] and value
[RegistryImpl_Stub[UnicastRef [liveRef:
[endpoint:[157.161.91.47:1096](local),objID:[0:0:0, 0]. This RMI
Target has been forcibly removed to prevent a memory leak.

Why do the three methods to shutdown Tomcat differ and how can I make
'catalina.sh stop' or the shutdown listener work the same way like sending
the OS signal.

I've tried, beside a lot of other things, to set
skipMemoryLeakChecksOnJvmShutdown="true" in context.xml but it seems to
change nothing at all.

Any help would be much appreciated.

Thanks,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 9 doesn't shutdown cleanly

[Simon Matter]

Hi Chris,

Thank you for the quick reply.

> Simon,
>
> On 11/30/21 08:21, Simon Matter wrote:
>> I'm running an application on Tomcat 9.0.55 on x86_64 Linux with OpenJDK
>> JRE-11.0.13+8 and have problems shutting down Tomcat in certain ways.
>>
>> When I shutdown Tomcat via 'catalina.sh stop', it shuts down mostly
>> (most
>> threads are gone) but send a thread dump to catalina.out and is later
>> killer by an OS signal.
>
> This should only happen if you have CATALINA_PID defined. Are you indeed
> defining that environment variable?
>
> catalina.sh has this code in it, which is probably what you are seeing:
>
>echo "To aid diagnostics a thread dump has been written to
> standard out."
>kill -3 `cat "$CATALINA_PID"`
>

That's true, I have CATALINA_PID defined when the call of "catalina.sh
start" is done. So yes, the script will kill the java process if it
doesn't terminate.

>> When shutting down Tomcat via the shutdown listener on port 8005, it
>> also
>> shuts down mostly but without the thread dump in catalina.out. Sending
>> SIGTERM later to the still running java process terminates it.
>
> Right: when you manually connect to the shutdown port and send
> "SHUTDOWN" (or whatever), it asks Tomcat to shut down but doesn't send a
> signal. You have to do that manually, too.

On a test host, when I send "SHUTDOWN" to the shutdown listener, Tomcat
shuts down and the Java VM terminates.

Only on this host with the application, when I send "SHUTDOWN" to the
shutdown listener, Tomcat shuts down but the Java VM doesn't terminate.

>
>> So both methods somehow terminate Tomcat partly but not completely.
>
> You have one or two of the following issues:
>
> 1. You have a non-daemon thread running
> 2. You have an unusually long shutdown process that just takes "too long"
>
> The good news is that the thread-dup can answer that question: what's in
> the thread dump that is generated when you run "catalina.sh stop"?
>
>> When simply sending SIGTERM on the OS level, Tomcat shuts down cleanly
>> and
>> terminates without issues.
>>
>> One thing in common is that I always see these messages while shutting
>> down:
>>
>> 30-Nov-2021 13:59:36.985 SEVERE [main]
>> org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesRmiTargets
>> Found RMI Target with stub class class
>> [sun.rmi.registry.RegistryImpl_Stub] and value
>> [RegistryImpl_Stub[UnicastRef [liveRef:
>> [endpoint:[157.161.91.47:2071](local),objID:[0:0:0, 0]. This RMI
>> Target has been forcibly removed to prevent a memory leak.
>> 30-Nov-2021 13:59:36.987 SEVERE [main]
>> org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesRmiTargets
>> Found RMI Target with stub class class [com.sun.proxy.$Proxy51] and
>> value
>> [Proxy[ShopdbCacheSynchronizer,RemoteObjectInvocationHandler[UnicastRef
>> [liveRef:
>> [endpoint:[157.161.91.47:1096](local),objID:[-6f4b2f9d:17d70eb1ef4:-7ffd,
>> -4005526521234186948]]. This RMI Target has been forcibly removed to
>> prevent a memory leak.
>> 30-Nov-2021 13:59:36.987 SEVERE [main]
>> org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesRmiTargets
>> Found RMI Target with stub class class
>> [sun.rmi.registry.RegistryImpl_Stub] and value
>> [RegistryImpl_Stub[UnicastRef [liveRef:
>> [endpoint:[157.161.91.47:1096](local),objID:[0:0:0, 0]. This RMI
>> Target has been forcibly removed to prevent a memory leak.
>>
>> Why do the three methods to shutdown Tomcat differ and how can I make
>> 'catalina.sh stop' or the shutdown listener work the same way like
>> sending
>> the OS signal.
>
> What's the difference? You don't want the thread dump in your
> catalina.out? That's supposed to be helpful in debugging why your
> shutdown isn't clean. It sounds like you are saying "help me with my
> unclean shutdown; please get rid of the debugging information that is
> trying to help me!".
>
>> I've tried, beside a lot of other things, to set
>> skipMemoryLeakChecksOnJvmShutdown="true" in context.xml but it seems to
>> change nothing at all.
>
> Tomcat will never kill your non-daemon thread(s) from inside the VM.
> Since you are using a CATALINA_PID environment variable (and, therefore,
> a pid-file), the shutdown process is sending the TERM signal. It's also
> possibly sending a KILL signal, depending on whether or not the TERM
> worked and if -force was supplied on the command-line.

Re: AW: Tomcat 9 doesn't shutdown cleanly

[Simon Matter]

Hi Thomas,

> Hello,
>
> it looks like your application opens several ports for RMI communication.
> One class is mentioned in your first mail: ShopdbCacheSynchronizer

Yes, and it's true that when I'm looking at the shut down Tomcat instance
VM, I see several RMI threads lingering around.

>
> Maybe you can ask the developer guys to check whether these threads /
> ports are terminated / closed cleanly on shutdown event.
> Quite often developers don't care much about shutting down their stuff
> cleanly.

Good guess, that's exactly what I'm trying to do, finding out why we have
the shutdown problems so the "developer guys" can finally fix this issue.

>From how I understand it, we have an internal application server which
initiates RMI connections to the Tomcat instance sitting in the DMZ. My
question is, can we terminate the RMI connections on the Tomcat instance
only and shut down Tomcat, or do we have to close the RMI connections on
the internal appserver which initiated the connections?

Apart from RMI, is there anything in the thread dump which indicates an
issue in out Tomcat app?

Kind regards,
Simon

>
> Greetings,
> Thomas
>
> -Ursprüngliche Nachricht-
> Von: Simon Matter 
> Gesendet: Dienstag, 30. November 2021 15:40
> An: Tomcat Users List 
> Betreff: Re: Tomcat 9 doesn't shutdown cleanly
>
> Hi Chris,
>
> Thank you for the quick reply.
>
>> Simon,
>>
>> On 11/30/21 08:21, Simon Matter wrote:
>>> I'm running an application on Tomcat 9.0.55 on x86_64 Linux with
>>> OpenJDK
>>> JRE-11.0.13+8 and have problems shutting down Tomcat in certain ways.
>>>
>>> When I shutdown Tomcat via 'catalina.sh stop', it shuts down mostly
>>> (most threads are gone) but send a thread dump to catalina.out and is
>>> later killer by an OS signal.
>>
>> This should only happen if you have CATALINA_PID defined. Are you
>> indeed defining that environment variable?
>>
>> catalina.sh has this code in it, which is probably what you are seeing:
>>
>>echo "To aid diagnostics a thread dump has been written to
>> standard out."
>>kill -3 `cat "$CATALINA_PID"`
>>
>
> That's true, I have CATALINA_PID defined when the call of "catalina.sh
> start" is done. So yes, the script will kill the java process if it
> doesn't terminate.
>
>>> When shutting down Tomcat via the shutdown listener on port 8005, it
>>> also shuts down mostly but without the thread dump in catalina.out.
>>> Sending SIGTERM later to the still running java process terminates
>>> it.
>>
>> Right: when you manually connect to the shutdown port and send
>> "SHUTDOWN" (or whatever), it asks Tomcat to shut down but doesn't send
>> a signal. You have to do that manually, too.
>
> On a test host, when I send "SHUTDOWN" to the shutdown listener, Tomcat
> shuts down and the Java VM terminates.
>
> Only on this host with the application, when I send "SHUTDOWN" to the
> shutdown listener, Tomcat shuts down but the Java VM doesn't terminate.
>
>>
>>> So both methods somehow terminate Tomcat partly but not completely.
>>
>> You have one or two of the following issues:
>>
>> 1. You have a non-daemon thread running 2. You have an unusually long
>> shutdown process that just takes "too long"
>>
>> The good news is that the thread-dup can answer that question: what's
>> in the thread dump that is generated when you run "catalina.sh stop"?
>>
>>> When simply sending SIGTERM on the OS level, Tomcat shuts down
>>> cleanly and terminates without issues.
>>>
>>> One thing in common is that I always see these messages while
>>> shutting
>>> down:
>>>
>>> 30-Nov-2021 13:59:36.985 SEVERE [main]
>>> org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesRmiTa
>>> rgets Found RMI Target with stub class class
>>> [sun.rmi.registry.RegistryImpl_Stub] and value
>>> [RegistryImpl_Stub[UnicastRef [liveRef:
>>> [endpoint:[157.161.91.47:2071](local),objID:[0:0:0, 0]. This RMI
>>> Target has been forcibly removed to prevent a memory leak.
>>> 30-Nov-2021 13:59:36.987 SEVERE [main]
>>> org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesRmiTa
>>> rgets Found RMI Target with stub class class [com.sun.proxy.$Proxy51]
>>> and value
>>> [Proxy[ShopdbCacheSynchronizer,RemoteObjectInvocationHandler[UnicastR
>>> ef
>>> [liveRef:
&

Re: AW: AW: Tomcat 9 doesn't shutdown cleanly

[Simon Matter]

Hi,

> Hello Simon,
>
> if you use the Registry to bind Objects / Stubs, you must also call
> "unbind" on shutdown:
> https://docs.oracle.com/javase/7/docs/api/java/rmi/registry/Registry.html
>
> I think the developer who implemented the RMI stub, should also now what
> to unbind.
>
> Greetings,
> Thomas

The issue has been solved now by adding two unbind() where they were
clearly missing. Tomcat shuts down cleanly now with no delay.

Thanks to all who helped!

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Do I Need Network NameSpaces to Solve This Tomcat+Connector/J Problem?

[Simon Matter]

Hi,

> We want to run a large number of tomcat instances on the same server
> without virtualization or containerization. Each instance is executed from
> its own folder tree and listens on its own unique TCP port. Each instance
> will run code that connects to a backend database server to send queries
> that are triggered by JSP calls from users. We've done this successfully
> with up to 120 instances of tomcat running on the same server while
> avoiding the overhead of virtualization and the complexity of containers.
> Based on our experience over the past decade, we know that we could
> potentially host 500 or more separate tomcat instances on the same server
> without running into performance problems. So now we want to make it 500
> parallel instances.
>
>
> Here's the problem. When tomcat initiates an outbound connection (for
> example, with Connector/J to query a backend database) it establishes a
> socket, and the socket has a client port. With thousands of users making
> requests that require the tomcat services to query back end databases, the
> OS can easily run out of available client ports to allocate to sockets. To
> avoid that problem, we can assign multiple IPs to the server and use the
> localSocketAddress property of Connector/J to group tomcats such that only
> a subset of them each use the same source IP. Then each group will have
> its own range of 64,000-ish client ports. I've tested this and it works.
>
>
>
> My question is, is there a better way?

I guess the database is not on the Tomcat host, otherwise you could
connect via unix domain socket to avoid the limitations of TCP port
numbers.

Otherwise I think you could run a db proxy where your Tomcat clients
connect locally via unix domain socket and the proxy relays the queries to
the db backend.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: is too quick to respond

[Simon Matter]

> Not sure about Tomcat, but what IBM Liberty does is:
>
> It "will" try to redeploy the war when it detects a file change - and it
> does fail naturally since the war isn't complete.
>
> BUT - it will keep trying since during the upload, the timestamp and file
> size automatically keeps changing - so at the end, it will succeed in
> deploying the whole war file.

I may be wrong but I thought .war files are zip files. Wouldn't it be
possible to just wait until the file has a consistent content and then
extract it?

Simon

>
> I wish they would have just monitored the file size for a configurable
> "given" time.  And lets say - if the file size or timestamp doesn't change
> for -say - 15 seconds, then go ahead and do the deployment, but as what
> was mentioned earlier, different OS(s) may handle this differently, but
> the JAVA NIO API watchevents point you in the right direction in watching
> a file/folder in a loop for a "create" or "modify" or "delete" event to
> occur and fire off.
>
>thanks,
>   jason
>
> - Original Message -
> From: "chris" 
> To: "users" 
> Sent: Sunday, February 20, 2022 9:22:17 AM
> Subject: Re:  is too quick to respond
>
> John,
>
> On 2/20/22 05:50, John Barrow wrote:
>> Neil,
>>
>> Thanks for your useful feedback. I am still feeling my way as you can
>> probably see from my earlier emails trying to setup a development
>> environment.
>>
>> I did actually think of this but didn't put it in scope for a couple of
>> reasons.
>>
>> Firstly, the Tomcat documentation for readloadable quotes
>>
>> "Set to true if you want Catalina to monitor classes in
>> /WEB-INF/classes/ and /WEB-INF/lib for changes, and automatically
>> reload the web application if a change is detected. This feature is
>> very useful during application development, but it requires
>> significant runtime overhead and is not recommended for use on
>> deployed production applications. That's why the default setting for
>> this attribute is false. You can use the Manager web application,
>> however, to trigger reloads of deployed applications on demand."
>>
>> Therefore, I took it to mean that this flag was geared at development,
>> not production which is what I assume when you would deploy a .war
>> file. So Tomcat would be listening to specific changes in .classes and
>> .jar files that had just been compiled and these are normally small in
>> size. But then I suppose that a single .jar file may be so sized that
>> Tomcat could react while the file was still being written to the disk.
>
> The patch you are currently working on should fix this aspect of the
> overall problem you are trying to solve.
>
>> Secondly, I sort of assumed that since the feature was already in
>> place and handles changes to single files that this check for
>> completeness has already been implemented, but then as I can't get a
>> development environment to run, I don't have enough skills to drill
>> into the sources without it being interactive to help me explore and
>> learn.
>>
>> However, it makes sense that your recommendation is implemented,
>> although I was imagining setting the delay to (say) 500ms to ensure
>> that whatever IDE had time to complete the copying of all the files as
>> that is a small price to pay for automatic refresh. Also by resetting
>> the timer after each event it would have to be quite a large upload
>> for Tomcat to start reacting.
>>
>> Like you, I am not sure how to formally check that a file has
>> completed its copy to the destination. The most common suggestion I
>> hear is to try and change its name and then change it back again and
>> capture the exception which will be raised if the file is locked. I
>> wonder whether attempting to set an attribute (e.g.toggle read-only)
>> would have the same effect (i.e. only allow if file wasn't locked) and
>> be a little more elegant. I would have to try it.
>
> Don't do anything like that; it won't work on various environments. For
> example, Windows obtains exclusive file-locks for even sometimes
> read-only operations. But *NIX does /not/. So you may develop something
> that works on Windows but doesn't work at all anywhere else.
>
> You basically can't check to see if a file is "done uploading"" or
> whatever else may be happening. What you *can* do is check to see if any
> file in the list-of-files-to-be it *too recent* indicating that a
> compile/copy/upload/whatever may still be in p

Using Nashorn in Apache Tomcat

[Simon Besenbäck]

Hi!

I am using Apache 10.0.23 on Windows 10. I want to use Nashorn for
developing JSP's within the Eclipse IDE. Therefore I use OpenJDK 19 and
added the jakarta.ScriptTagLibs.jar to the lib directory. I added
script-jsr223.tld to the META-INF Folder. As far as I know I should be able
to use nashorn if I add the nashorn-core-15.4.jar (downloaded here:
https://search.maven.org/artifact/org.openjdk.nashorn/nashorn-core/15.4/jar)
to the lib directory, but for me it doesn´t work. I either get the Page
without the elements generated by nashorn or I get an Internal Server
Error.

However, I also tried Rhino, by adding rhino-engine-1.7.14.jar and
rhino-runtime-1.7.14.jar to the lib directory and it works. However, if I
try it by only adding the rhino-1.7.14.jar to the lib directory it won't
work either. (Downloaded here:
https://github.com/mozilla/rhino/releases/tag/Rhino1_7_14_Release)

I would be very thankful for any tipps as I really do not know how to get
nashorn working.

Thanks.

Simon

Add the Nashorn Module to Tomcat 10

[Simon Besenbäck]

Hi,

How can one add the Nashorn module to Apache Tomcat 10?

https://openjdk.org/projects/nashorn/
Download of the jar file:
https://search.maven.org/artifact/org.openjdk.nashorn/nashorn-core/15.4/jar

Best Regards,
Simon

Re: Using Nashorn in Apache Tomcat

[Simon Besenbäck]

Am So., 2. Okt. 2022 um 12:34 Uhr schrieb Simon Besenbäck <
simon.besenba...@gmail.com>:

> Hi!
>
> I am using Apache 10.0.23 on Windows 10. I want to use Nashorn for
> developing JSP's within the Eclipse IDE. Therefore I use OpenJDK 19 and
> added the jakarta.ScriptTagLibs.jar to the lib directory. I added
> script-jsr223.tld to the META-INF Folder. As far as I know I should be able
> to use nashorn if I add the nashorn-core-15.4.jar (downloaded here:
> https://search.maven.org/artifact/org.openjdk.nashorn/nashorn-core/15.4/jar)
> to the lib directory, but for me it doesn´t work. I either get the Page
> without the elements generated by nashorn or I get an Internal Server
> Error.
>
> However, I also tried Rhino, by adding rhino-engine-1.7.14.jar and
> rhino-runtime-1.7.14.jar to the lib directory and it works. However, if I
> try it by only adding the rhino-1.7.14.jar to the lib directory it won't
> work either. (Downloaded here:
> https://github.com/mozilla/rhino/releases/tag/Rhino1_7_14_Release)
>
> I would be very thankful for any tipps as I really do not know how to get
> nashorn working.
>
> Thanks.
>
> Simon
>
>
Am Sa., 8. Okt. 2022 um 11:27 Uhr schrieb Simon Besenbäck <
simon.besenba...@gmail.com>:

> Hi,
>
> How can one add the Nashorn module to Apache Tomcat 10?
>
> https://openjdk.org/projects/nashorn/
> Download of the jar file:
> https://search.maven.org/artifact/org.openjdk.nashorn/nashorn-core/15.4/jar
>
> Best Regards,
>
 Simon

Here is the solution to the problem:
https://stackoverflow.com/questions/74025622/how-to-add-the-nashorn-module-to-tomcat-10

Best Regards,
Simon

RE: DB2 database locks

[Simon Matter]

Hi,

> Hello Christopher,
>
> Thankyou !
>
> Seems we are not using the connection pooling from Tomcat side , below are
> the DB configuration parameters on context.xml file, do not see any
> connection pool details here.
>
>  name="jdbc/db2"
> auth="Container"
> type="javax.sql.DataSource"
> driverClassName="com.ibm.db2.jcc.DB2Driver"
> url="jdbc:db2://30.177.13.12:3700/TIREHQ"
> maxActive="200"
> maxIdle="30"
> maxWait="1"
> username="xx"
> password="***" />

Don't forget to change this password!

Regards,
Simon

> 
>> I have one more question , Sorry to bother again .
>
> Can the below parameters can aid us with this issue , as given on the
> below Technote , if yes how we need to determine the timings for these
> parameters.
>
> minEvictableIdleTimeMillis
> timeBetweenEvictionRunsMillis
> validationQuery
> removeAbandoned
> removeAbandonedTimeout
>
> https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0098601
>
>
> Thanks & Regards,
>
> Priyanka Kumawat | Middleware Admin
> T +91.7879364483
> EMail - priyanka.kuma...@dxc.com
> DL - ams-leveraged-webadmin-offsh...@dxc.com
>
> DXC Technology
>
> -Original Message-
> From: Christopher Schultz 
> Sent: 21 October 2022 00:50
> To: Kumawat, Priyanka ; Tomcat Users List
> 
> Subject: Re: DB2 database locks
>
> Priyanka,
>
> On 10/20/22 13:15, Kumawat, Priyanka wrote:
>> Thankyou muck for the explanation for this !!! we have got from below
>> mail that it is likely to be an application coding issue and they
>> needs to fix or use commit etc for long running transactions .
>>
>> The one steps that you have given below to set the "query timeout" ,
>> is this one we can set up on Tomcat side?
> That depends upon how you are obtaining you database connections. If you
> are using a connection pool provided by Tomcat (either tomcat-pool or
> dbcp-pool) then you can configure according to the documentation for
> whichever component you are using (they have similar but different
> configuration styles).
>
> -chris
>
>
> DXC Technology Company -- This message is transmitted to you by or on
> behalf of DXC Technology Company or one of its affiliates. It is intended
> exclusively for the addressee. The substance of this message, along with
> any attachments, may contain proprietary, confidential or privileged
> information or information that is otherwise legally exempt from
> disclosure. Any unauthorized review, use, disclosure or distribution is
> prohibited. If you are not the intended recipient of this message, you are
> not authorized to read, print, retain, copy or disseminate any part of
> this message. If you have received this message in error, please destroy
> and delete all copies and notify the sender by return e-mail. Regardless
> of content, this e-mail shall not operate to bind DXC Technology Company
> or any of its affiliates to any order or other contract unless pursuant to
> explicit written agreement or government initiative expressly permitting
> the use of e-mail for such purpose.
> �Т�ХF�V�7V'67&�&R�R���âW6W'2�V�7V'67&�&TF��6B�6�R��&pФf�"FF�F����6����G2�R���âW6W'2ֆV�F��6B�6�R��&pР



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat is not coming Up

[Simon Matter]

Hi

> Hi team
>
> Our Production Servers are down, Not Coming up When we are trying to start
> the services
>
> In logs we couldn't see Any Errors only I can see Info.
>
>
> Though I can see some changes in this. But we have not made any changes
>
>
>
>
> Old : INFO [main] org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Djava.library.path=/usr/local/apr/lib
>
>
>
> New : INFO [main] org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Xmx3072m
>
>
>
> Old : INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
> based Apache Tomcat Native library [1.2.23] using APR version [1.6.3]
>
>
>
> New : INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
> based Apache Tomcat Native library [1.2.17] using APR version [1.4.8]

You really didn't provide a lot of info but one thing is strange: Tomcat
native and APR are now an older version than before. Are you sure this is
really on the same host? Or was the whole Tomcat environment moved to
another server (VM?) and now things don't work anymore?

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Problems with requests without trailing slash Tomcat 9.0.65

[Simon Matter]

> On 12/01/2023 05:08, Fedor Makarov wrote:
>>
>> lundase and vvsguiden webapps used on different domains
>
> My recommendation would be to configure Tomcat for virtual hosting as
> well. [1]
>
> For example, configure the following hosts in the local hosts file:
>
> lundase-local
> vvsguiden-local
>
> Then the httpd redirects become:
>
> RewriteRule ^(.*)$ http://lundase-local:9090/$1 [P]
>
> and
>
> RewriteRule ^(.*)$ http://vvsguiden-local:9090/$1 [P]
   ^^^
That's a typo and meant to be 9091?

>
> respectively.
>
> And in Tomcat you have:
>
> 
>  
>  
> 
>
> With appropriate ROOT.war files (and any additional web applications)
> deployed in the appropriate webapps-... directory.
>
> If you don't want to go the virtual hosting route, you could have
> multiple Tomcat instances on different ports or multiple 
> elements in one instance e.g.
>
> 
>...
>
>  
>  
>...
>  
>
>
>  
>  
>...
>  
>
> 
>
> Although I do think the virtual hosting approach is the simplest - and
> it maps neatly to the httpd configuration.
>
> Mark
>
> [1] https://tomcat.apache.org/tomcat-9.0-doc/virtual-hosting-howto.html
>
>
>>
>> 
>> <-->ServerName new.vvsguiden-dev.gridnine.com
>> <-->ServerAlias localhost
>> <-->ServerAdmin webmaster@localhost
>> <-->DocumentRoot /var/www/html
>>
>> <-->RewriteEngine on
>>
>> <-->ProxyPreserveHost on
>>
>>          
>>              Order allow,deny
>>              Allow from all
>>              Require all granted
>>          
>>
>>          # static content
>>          RewriteRule ^/fb/(.*)$ /site-binary-data/fb/$1 [L]
>>
>> <-->RewriteRule     ^/vvsguidenapi/(.*)$                            
>>        http://localhost:9090/vvsguidenapi/$1 [NC,P,L]
>> <-->RewriteRule     ^(.*)$                                        
>> http://localhost:9090/vvsguiden/$1 [NC,P,L]
>> <-->
>>
>> 
>> <-->ServerName m.new.lundagrossisten-dev.gridnine.com
>> <-->ServerAdmin webmaster@localhost
>>
>> <-->
>>> Вторник, 10 января 2023, 11:41 +03:00 от Mark Thomas
>>> :
>>>
>>> On 10/01/2023 04:37, Fedor Makarov wrote:

 Also I tried to write a filter to manually redirect, but tomcat
 intercepts the request before it gets into the filter. Can I disable
 this behavior for tomcat and do it manually?
>>>
>>> That isn't the way to solve this problem. The problem is in the reverse
>>> proxy configuration and that is where you need to fix it.
>>>
>>> You previously provided the following set of rules:
>>>
>>> RewriteCond %{REQUEST_URI} ^(/api/|/mapi/|/binary/|/rpc/invoker/)
>>>
>>> RewriteRule ^/rpc/invoker/(.*)$ http://localhost:9090/rpc/invoker/$1
>>> [NC,P,L]
>>> RewriteRule ^/api/(.*)$ http://localhost:9090/api/$1 [NC,P,L]
>>> RewriteRule ^/mapi/(.*)$ http://localhost:9090/mapi/$1 [NC,P,L]
>>> RewriteRule ^(.*)$ http://localhost:9090/lundase/$1 [NC,P,L]
>>>
>>> I'll note that the RewriteCond appears to be unnecessary.
>>>
>>> I'll further note that the NC flag appears to be unnecessary. As is the
>>> L flag (P implies L).
>>>
>>> We can help you fix these rules but when we tried you mentioned
>>> "vvsguiden" but that does not appear in the rewrite rules.
>>>
>>>
>>> mod_rewrite isn't necessarily the best way to configure a reverse proxy
>>> but if that is what you are familiar with, we can work with it. What we
>>> do need, regardless of how the reverse proxy is configured, is a
>>> complete list of the mappings you want to implement.
>>>
>>> To re-iterate Chris's earlier point, trying to change the context path
>>> for an application in a reverse proxy is asking for trouble. It is far
>>> better to reconfigure the contexts in Tomcat so the reverse proxy
>>> doesn't need to change the URI path.
>>>
>>> Based on the paths above, you need to redeploy lundase.war as ROOT.war
>>> and then the rewrite rules become:
>>>
>>> RewriteRule ^(.*)$ http://localhost:9090/$1 [P]
>>>
>>> We need more details for "vvsguiden" to figure out why the above won't
>>> work.
>>>
>>> Mark
>>>
>>>


> Понедельник, 9 января 2023, 11:43 +03:00 от Fedor Makarov <
> ary...@mail.ru.invalid >:
>
>
>
> We have to webapps lundase and vvsguiden therefore, the options you
> have suggested do not look applicable on debug I saw that RequestURI
> in request looks like lundase/lundase/...
>
>> Вторник, 27 декабря 2022, 22:06 +03:00 от Christopher Schultz <
>> ch...@christopherschultz.net >:
>>
>> Fedor,
>>
>> On 12/27/22 05:55, Fedor Makarov wrote:
>>>
>>> proxy for local environment we use the js conf:
>>> proxy: {
>>>      '/api/': {
>>>        target: 'http://localhost:8080/',
>>>        changeOrigin: false,
>>>      },
>>>      '/': {
>>>        target: 'http://localhost:8080/lundase',
>>>        changeOrigin: false
>>>      }
>>>    },
>>>
>>> for normal l

RE: tomcat is not coming Up

[Simon Matter]

> Hi Team,
>
>
> This is the only message we are receiving while starting the services. Can
> some one help on this .
>
> 11-Jan-2023 18:21:58.101 INFO [main]
> org.apache.catalina.startup.VersionLoggerListener.log Command line
> argument: -Djava.io.tmpdir=/srv/tomcats/tomcat1/temp
> 11-Jan-2023 18:21:58.101 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent An older
> version [1.2.17] of the APR based Apache Tomcat Native library is
> installed, while Tomcat recommends a minimum version of [1.2.23]

Maybe the problem is that you have Apache Tomcat Native library 1.2.17
installed/referenced but you should likely have version 1.2.23?

Regards,
Simon

> 11-Jan-2023 18:21:58.101 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
> based Apache Tomcat Native library [1.2.17] using APR version [1.4.8].
> 11-Jan-2023 18:21:58.101 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
> capabilities: IPv6 [true], sendfile [true], accept filters [false], random
> [true].
> 11-Jan-2023 18:21:58.101 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL
> configuration: useAprConnector [false], useOpenSSL [true]
> 11-Jan-2023 18:21:58.105 INFO [main]
> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
> successfully initialized [OpenSSL 1.0.2k-fips  26 Jan 2017]
> LunaNamedSystemMutex: open() failed: Permission denied
>
> Thanks & Regards,
> _[Email_CBE.gif]
> PrabuGanesan
> Consultant|MS-Nordics
> capgemini India Pvt. Ltd. | Bangalore
> Contact: +91 8526554535
> Email:
> prabhu.c.gane...@capgemini.com<mailto:prabhu.c.gane...@capgemini.com>
>
> www.capgemini.com<http://www.capgemini.com/>
> People matter, results count.
> __
> Connect with Capgemini:
> [cid:image003.gif@01D926A1.46D89710]<http://www.capgemini.com/insights-and-resources/blogs>[cid:image004.gif@01D926A1.46D89710]<http://www.twitter.com/capgemini>[cid:image005.gif@01D926A1.46D89710]<http://www.facebook.com/capgemini>[cid:image006.gif@01D926A1.46D89710]<http://www.linkedin.com/company/capgemini>[cid:image007.gif@01D926A1.46D89710]<http://www.slideshare.net/capgemini>[cid:image008.gif@01D926A1.46D89710]<http://www.youtube.com/capgeminimedia>
>
> Please consider the environment and do not print this email unless
> absolutely necessary.
> Capgemini encourages environmental awareness.
>
> From: Hiran CHAUDHURI 
> Sent: 11 January 2023 21:36
> To: Tomcat Users List 
> Subject: RE: tomcat is not coming Up
>
> This mail has been sent from an external source
>
> CONFIDENTIAL & RESTRICTED
>
> If on the old command line the apr libs were referenced but on the new one
> it is not, I believe that could make the process not find the libraries to
> communicate.
> Enough of a reason to terminate with an error, but maybe it is on stderr
> and nowhere in the logs.
>
>
>   *   Check where the jvm's stderr/stdout goes to (could be cron, system,
> syslog, a docker container, ...). If it has an error message, share it
> or act on it.
>   *   Check what caused the changes that you are noticing
>   *   Check what else it may have impacted (e.g. JVM version, keystores,
> startup scripts, ...)
>
> From: Ganesan, Prabu
> mailto:prabhu.c.gane...@capgemini.com.INVALID>>
> Sent: Wednesday, January 11, 2023 16:25
> To: Tomcat Users List
> mailto:users@tomcat.apache.org>>
> Subject: tomcat is not coming Up
>
> EXTERNAL Email. Be careful with links and attachments! If in doubt, click
> the Report Mail button.
>
> Hi team
>
> Our Production Servers are down, Not Coming up When we are trying to start
> the services
>
> In logs we couldn't see Any Errors only I can see Info.
>
>
> Though I can see some changes in this. But we have not made any changes
>
>
>
>
> Old : INFO [main] org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Djava.library.path=/usr/local/apr/lib
>
>
>
> New : INFO [main] org.apache.catalina.startup.VersionLoggerListener.log
> Command line argument: -Xmx3072m
>
>
>
> Old : INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
> based Apache Tomcat Native library [1.2.23] using APR version [1.6.3]
>
>
>
> New : INFO [main]
> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded APR
> based Apache Tomcat Native library [1.2.17] using APR version [1.4.8]
>
>
>
>
>
>
> Could you please confirm. Is this could be the reason to no

RE: tomcat is not coming Up

[Simon Matter]

> Hi team
>
>
> You mean to say, need to use native library version should be version
> 1.2.23??
>
>
> But we have not made any changes in this library is that Possible to  auto
> change in Version?

No, things usually don't change automagically on serious operating systems :)

But, in you old config you had '-Djava.library.path=/usr/local/apr/lib'
and maybe this is where the newer Tomcat native library is installed.
The new config seems to miss this path and it's likely that now Tomcat
uses the older library in one of the standard paths.

Regards,
Simon

>
> Thanks & Regards,
> _
> PrabuGanesan
> Consultant|MS-Nordics
> capgemini India Pvt. Ltd. | Bangalore 
> Contact: +91 8526554535
> Email: prabhu.c.gane...@capgemini.com
>
> www.capgemini.com
> People matter, results count.
> __
> Connect with Capgemini:
>
>  
> Please consider the environment and do not print this email unless
> absolutely necessary.
> Capgemini encourages environmental awareness.
>
> -Original Message-
> From: Simon Matter 
> Sent: 12 January 2023 16:24
> To: Tomcat Users List 
> Subject: RE: tomcat is not coming Up
>
> ***This mail has been sent by an external source***
>
>> Hi Team,
>>
>>
>> This is the only message we are receiving while starting the services.
>> Can some one help on this .
>>
>> 11-Jan-2023 18:21:58.101 INFO [main]
>> org.apache.catalina.startup.VersionLoggerListener.log Command line
>> argument: -Djava.io.tmpdir=/srv/tomcats/tomcat1/temp
>> 11-Jan-2023 18:21:58.101 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent An older
>> version [1.2.17] of the APR based Apache Tomcat Native library is
>> installed, while Tomcat recommends a minimum version of [1.2.23]
>
> Maybe the problem is that you have Apache Tomcat Native library 1.2.17
> installed/referenced but you should likely have version 1.2.23?
>
> Regards,
> Simon
>
>> 11-Jan-2023 18:21:58.101 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded
>> APR based Apache Tomcat Native library [1.2.17] using APR version
>> [1.4.8].
>> 11-Jan-2023 18:21:58.101 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR
>> capabilities: IPv6 [true], sendfile [true], accept filters [false],
>> random [true].
>> 11-Jan-2023 18:21:58.101 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.lifecycleEvent
>> APR/OpenSSL
>> configuration: useAprConnector [false], useOpenSSL [true]
>> 11-Jan-2023 18:21:58.105 INFO [main]
>> org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL
>> successfully initialized [OpenSSL 1.0.2k-fips  26 Jan 2017]
>> LunaNamedSystemMutex: open() failed: Permission denied
>>
>> Thanks & Regards,
>> _[Email_CBE.gi
>> f]
>> PrabuGanesan
>> Consultant|MS-Nordics
>> capgemini India Pvt. Ltd. | Bangalore
>> Contact: +91 8526554535
>> Email:
>> prabhu.c.gane...@capgemini.com<mailto:prabhu.c.gane...@capgemini.com>
>>
>> www.capgemini.com<http://www.capgemini.com/>
>> People matter, results count.
>> __
>> Connect with Capgemini:
>> [cid:image003.gif@01D926A1.46D89710]<http://www.capgemini.com/insights
>> -and-resources/blogs>[cid:image004.gif@01D926A1.46D89710]<http://www.t
>> witter.com/capgemini>[cid:image005.gif@01D926A1.46D89710]<http://www.f
>> acebook.com/capgemini>[cid:image006.gif@01D926A1.46D89710]<http://www.
>> linkedin.com/company/capgemini>[cid:image007.gif@01D926A1.46D89710]> tp://www.slideshare.net/capgemini>[cid:image008.gif@01D926A1.46D89710]
>> <http://www.youtube.com/capgeminimedia>
>>
>> Please consider the environment and do not print this email unless
>> absolutely necessary.
>> Capgemini encourages environmental awareness.
>>
>> From: Hiran CHAUDHURI 
>> Sent: 11 January 2023 21:36
>> To: Tomcat Users List 
>> Subject: RE: tomcat is not coming Up
>>
>> This mail has been sent from an external source
>>
>> CONFIDENTIAL & RESTRICTED
>>
>> If on the old command line the apr libs were referenced but on the new
>> one it is not, I believe that could make the process not find the
>> libraries to communicate.
>> Enough of a reason to terminate with an error, but maybe it is on
>> stderr and nowhere i

Re: AW: AW: Having trouble with Tomcat crashes. Interesting memory numbers in Manager

[Simon Matter]

Hi,

> Hello James,
>
>> -Ursprüngliche Nachricht-
>> Von: James H. H. Lampert 
>> Gesendet: Montag, 6. Februar 2023 18:18
>> An: Tomcat Users List 
>> Betreff: Re: AW: Having trouble with Tomcat crashes. Interesting memory
>> numbers in Manager
>>
>> Thanks, Herr Hoffmann. Your questions were most helpful in determining
>> what information to gather and share. And thanks in advance to anybody
>> else who has any insights.
>>
>> First, I will note that the seemingly non-sequitur nursery-survivor
>> numbers
>> aren't just what we see during a crash; they're what we see when it's
>> running
>> normally.
>>
>> On 2/4/23 6:13 AM, Thomas Hoffmann (Speed4Trade GmbH) wrote:
>> > Could you describe "crash" in a bit more detail?
>>
>> Typically, the signed-on users start to get degraded response times,
>> before it
>> becomes completely unresponsive.
>>
>> > - does the tomcat / java process run but is unresponsive?
>>
>> Yes. Exactly. And shutting it down (and therefore freeing up the port
>> for a
>> restart) takes a fairly sizeable amount of time, and leaves a core dump
>> of
>> approximately 6G size, a Javacore dump of approximately 4M size, and a
>> JIT
>> dump of approximately 20M size.
>>
>> > - does the java process crash itself (then there should be a logfile
>> written)?
>> The job does not generally terminate itself, or even respond to a
>> shutdown
>> request; it has to be forcibly terminated (given that it's running on an
>> AS/400,
>> this would typically be either from WRKACTJOB, or from an ENDJOB
>> command, or from their GUI console equivalents).
>>
>> This may be relevant: even when it is not in this state, the Tomcat
>> server,
>> when being shut down, tends not to respond readily to shutdown
>> requests.
>>
>> > - Is there any OOM message in the logfiles?
>> Not out-of-memory, but there are chronic problems with contacting
>> outside
>> web services (many of them involving Oauth2), and with BIRT reporting.
>>
>> Around the time of the shutdown, I typically see stuff like:
>> Unhandled exception
>> Type=Segmentation error vmState=0x
>> J9Generic_Signal_Number=0004 Signal_Number=000b
>> Error_Value= Signal_Code=0032
>>
>> I am not sure whether this is going into catalina.out before or after
>> the job is
>> forcibly terminated.
>>
>> > - Is the process still alive but CPU at 100% ?
>> Yes.
>>
>> We just had a near-miss as I was typing this: CPU pushing up into the
>> high
>> 80s, and the JVM job for Tomcat eating up most of it, but it backed down
>> to
>> something more normal without my having to intervene, and without any
>> sign of anybody else intervening.
>>
>> One of my colleagues managed to get into manager during the near-miss,
>> and took a screen-shot. The "nursery-allocate" Used was at 400.97M
>> (34%),
>> "nursery-survivor" as I described last week, "tenured-LOA" Used was at
>> zero
>> used, and "tenured-SOA" was showing Initial 2918.40M, Total 3648.00M,
>> Maximum 4864.00M, and Used 1997.72M (41%).
>>
>> --
>> JHHL
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>
> The observations looks like java is running out of memory and the garbage
> collector can't keep up with making memory free again.
> Either the GC uses 100% or the application has some cpu intensive
> procedures. I would guess, that it’s the GC.
> One option would be to open a JMX port on tomcat and use VisualVM to
> connect to the java process and inspect the memory and GC usage.
> When the CPU is eating 100% CPU you might also consider generating a
> thread dump (kill -3) and check if there are any suspicious threads
> running.
>
> Also setting the java options HeapDumpOnOutOfMemoryError and HeapDumpPath
> might help, if the process stops because of OOM.
> If the GC can always free some bytes again, which the application is
> instantly eating again, an OOM might not occur.
>
> You can also add parameters to log some GC statistics, but I never used
> that : https://sematext.com/blog/java-garbage-collection-logs/
>
> Greetings,
> Thomas

I agree here, just one little thing to also keep in mind: I guess the Java
VM here is the IBM J9 flavor which can be a little bit different than the
SUN flavor. So configuration options may differ in details.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Systemd file and umask for tomcat

[Simon Matter]

> Hello,
> today I was struggling with the umask on ubuntu and tomcat.
>
> The normal way to do it in systemd is:
>
> [Service]
> UMask=0022
>
> Unfortunately, this didn’t work and it took me a while to figure out, that
> Catalina.sh
> is overwriting the umask with 0027 if no env-variable was set.
> So for tomcat, I needed to set:
> Environment='UMASK=0022'
>
> Is there any reason, why tomcat has some unexpected logic which overrides
> the systemd settings?

I think Tomcat uses its own way to do things so that it can do it in all
platforms in the same way. Outside of Linux, nobody is using systemd
anyway :)

Therefore I have this in setenv.sh

# Umask for system reserved uid/gid
if [ -z "$UMASK" ]; then
  UMASK="0022"
fi

Regards,
Simon



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: AW: Unable to start application

[Simon Matter]

Hi,

> On 18/03/2023 10:43, Thomas Hoffmann (Speed4Trade GmbH) wrote:
>> Hello,
>>
>>> -Ursprüngliche Nachricht-
>>> Von: Kevin Huntly 
>>> Gesendet: Samstag, 18. März 2023 11:10
>>> An: Tomcat Users List 
>>> Betreff: Re: Unable to start application
>>>
>>> Here are the logs -
>>> https://drive.google.com/file/d/1jBsNaW_bQJ4KcDSvucJ5QWo642He6bgb/view
>>> ?usp=sharing
>>>
>>> The JDBC driver is located under /opt/mysql/, and I added that path to
>>> catalina.properties under the common loader. I did try to move it into
>>> ${catalina.home}/lib, this did not change anything.
>>> 
>>
>>
>> This message looks strange:
>> 18-Mar-2023 06:06:13.305 WARNING [main]
>> org.apache.catalina.startup.ClassLoaderFactory.validateFile Problem with
>> JAR file
>> [/opt/Apache/Tomcat/apache-tomcat-9.0.73/lib/mysql-connector-j-8.0.32.jar],
>> exists: [true], canRead: [false]
>>
>> It seems that it cant load the jdbc driver from that path.
>> Could you download the jar again from the mysql website and replace it?
>> Can you open/unpack the jar without errors?
>
> More likely a permissions problem. That warning is generated before
> Tomcat tries loading the file. It means a call to java.io.File.canRead()
> returned false.
>
> Mark

Since this is on RHEL, it could also be an SELinux problem where access to
the JAR is denied.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Crypto Randomly Not Getting Initialized

[Simon Matter]

Hi,

> I am running Tomcat 9.0.56 in multiple AWS EC2 instances with Amazon
> Linux2 in a production environment.  A couple of years ago, we started
> getting weird errors that the "Crypto Mechanism" failed to initialize. 
> Through a lot of trial and error, and reasons I don't quite remember, we
> put a 2-min delay in rc.local before starting Tomcat, and the problem
> went away.  I'm not a Linux nor a crypto guru.  But we traced it to some
> crypto file that we assumed was not available until later in the Linux
> boot sequence.  Anyway, the 2 minute delay made it go away, for over two
> years.  Then all of a sudden in the last day or so, it's back with a
> vengeance.  It fails with the same crypto error from 2 years ago in
> about 50% of the EC2 boot ups.  I tried bumping the wait to 3 min, and
> no change.
>
> I need help.  Our whole production environment is unstable now since
> every time an ASG brings a new instance online, I've got a 50-50 chance
> that tomcat is going to die (and the health check doesn't catch it, but
> that's a different issue).
>
> There are no errors in the Tomcat boot sequence logs.  But the first
> time and every subsequent time I try to get a connection from the
> DataSource pool, I get the stack dump shown below.
>
> I figure it has to be a timing/race condition.  But I have no clue what
> to do to fix it.  I'm baffled that it worked for two years, and now
> fails every other time I start an instance.  And every instance is
> running copies of the exact same Amazon Machine Image.  The same EC2
> will come up clean 50% of the time the next time it boots.

Could it be that your hosts are running out of entropy on boot?

Maybe there were RNG related changes in the kernel or rng-tools?

Maybe monitor available entropy in /proc/sys/kernel/random/entropy_avail,
it should not go below 100 or so.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Crypto Randomly Not Getting Initialized

[Simon Matter]

Hi,

> Jerry,
>
> On 6/13/23 11:42, Jerry Malcolm wrote:
>> Simon,
>>
>> On 6/13/2023 2:20 AM, Simon Matter wrote:
>>> Hi,
>>>
>>>> I am running Tomcat 9.0.56 in multiple AWS EC2 instances with Amazon
>>>> Linux2 in a production environment.  A couple of years ago, we started
>>>> getting weird errors that the "Crypto Mechanism" failed to initialize.
>>>> Through a lot of trial and error, and reasons I don't quite remember,
>>>> we
>>>> put a 2-min delay in rc.local before starting Tomcat, and the problem
>>>> went away.  I'm not a Linux nor a crypto guru.  But we traced it to
>>>> some
>>>> crypto file that we assumed was not available until later in the Linux
>>>> boot sequence.  Anyway, the 2 minute delay made it go away, for over
>>>> two
>>>> years.  Then all of a sudden in the last day or so, it's back with a
>>>> vengeance.  It fails with the same crypto error from 2 years ago in
>>>> about 50% of the EC2 boot ups.  I tried bumping the wait to 3 min, and
>>>> no change.
>>>>
>>>> I need help.  Our whole production environment is unstable now since
>>>> every time an ASG brings a new instance online, I've got a 50-50
>>>> chance
>>>> that tomcat is going to die (and the health check doesn't catch it,
>>>> but
>>>> that's a different issue).
>>>>
>>>> There are no errors in the Tomcat boot sequence logs.  But the first
>>>> time and every subsequent time I try to get a connection from the
>>>> DataSource pool, I get the stack dump shown below.
>>>>
>>>> I figure it has to be a timing/race condition.  But I have no clue
>>>> what
>>>> to do to fix it.  I'm baffled that it worked for two years, and now
>>>> fails every other time I start an instance.  And every instance is
>>>> running copies of the exact same Amazon Machine Image.  The same EC2
>>>> will come up clean 50% of the time the next time it boots.
>>> Could it be that your hosts are running out of entropy on boot?
>>>
>>> Maybe there were RNG related changes in the kernel or rng-tools?
>>>
>>> Maybe monitor available entropy in
>>> /proc/sys/kernel/random/entropy_avail,
>>> it should not go below 100 or so.
>>>
>>> Regards,
>>> Simon
>>>
>> I haven't done any Linux or other system updates in several weeks. I'll
>> look into the entropy possibility.  Would running out of entropy cause
>> an exception stating that a crypto directory doesn't exist?  I don't
>> know much about Java entropy.  Any ideas what would cause entropy to be
>> good on one boot and bad on the next boot?  Thx.
>
> This isn't about entropy. Focus on the actual error message that the
> system can't find the unlimited policy file for some reason.
>
> -chris

Sorry, I didn't read the errors too carefully :)

I don't know Amazon Linux2 but one question, does it have the directory
/etc/crypto-policies? Apart from this, does systemd somehow fiddling with
crypto stuff while booting? Since systemd parallelizes the whole boot
process many things can (and sometimes do) break and it's difficult to
find it out.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Conclusion - Re: Crypto Randomly Not Getting Initialized

[Simon Matter]

>
> On 6/13/2023 3:46 PM, Jerry Malcolm wrote:
>>
>> On 6/13/2023 12:39 PM, Jerry Malcolm wrote:
>>> Rob,
>>>
>>> On 6/13/2023 11:34 AM, Rob Sargent wrote:
>>>> In /etc/rc.local I have:
>>>>>
>>>>> --
>>>>> sleep 120s
>>>>> systemctl start tomcat9
>>>>>
>>>>> -
>>>>>
>>>>> I put the sleep in back a couple of years ago that for some reason
>>>>> 'fixed' this same random, intermittent crypto file exception.
>>>>>
>>>>>
>>>>
>> One observation even though the error doesn't show up in the log
>> until my first db call, I think the real error has to be occurring
>> during tomcat boot.  If the failure occurs, I continue to get the same
>> "Can't read cryptographic policy directory: unlimited" even hours
>> later after boot every time I send another request to TC.  If I then
>> reboot TC and this time I don't get the failure, that unlimited folder
>> magically becomes available.  There is something happening in TC boot
>> with some sort of crypto initialization that either succeeds or
>> fails.  And the exception when trying to get connections long after TC
>> boot is just hitting whatever problem occurred during boot.  In other
>> words, delaying my calls, even for hours, has no effect on accessing
>> that folder if the problem is present.  Rebooting TC gives it another
>> chance to succeed or fail. Any ideas what TC could be doing on boot
>> that could lock up that folder?
>>
>>
> I never really found a definitive fix for this.  But after all of the
> research and logging and everything, I pretty much concluded that
> there's some kind of timing/race condition between Tomcat boot and Java
> crypto initialization.  Given that, I figured it was highly unlikely
> that two different Java JVM implementations would have the same precise
> implementation code to trigger that race condition.  So as a last ditch
> effort, I replaced my OpenJDK JVM for Tomcat with Amazon's Corretto Java
> JVM.  It's circumstantial evidence at best, and running a production
> environment on fixes that just went away goes against my grain. But if
> the problem goes away, maybe it won't come back. At this time, when
> using Corretto JVM, I have not encountered the Crypto directory error. 
> It's been running on all server instances now for almost 24 hours with
> no problems.  So I guess my suggestion to anyone else that might
> encounter something like this, trying using a different JVM from a
> different provider.  That appears at this time to have worked for me.
>

Maybe you could report this as a bug in the affected JVM? If it's really
coming from the JVM then it would be nice to have it fixed.

Regards,
Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Conclusion - Re: Crypto Randomly Not Getting Initialized

[Simon Matter]

> Jerry,
>
> On 6/15/23 00:41, Jerry Malcolm wrote:
>>
>> On 6/13/2023 3:46 PM, Jerry Malcolm wrote:
>>>
>>> On 6/13/2023 12:39 PM, Jerry Malcolm wrote:
>>>> Rob,
>>>>
>>>> On 6/13/2023 11:34 AM, Rob Sargent wrote:
>>>>> In /etc/rc.local I have:
>>>>>>
>>>>>> --
>>>>>> sleep 120s
>>>>>> systemctl start tomcat9
>>>>>>
>>>>>> -
>>>>>>
>>>>>> I put the sleep in back a couple of years ago that for some reason
>>>>>> 'fixed' this same random, intermittent crypto file exception.
>>>>>>
>>>>>>
>>>>>
>>> One observation even though the error doesn't show up in the log
>>> until my first db call, I think the real error has to be occurring
>>> during tomcat boot.  If the failure occurs, I continue to get the same
>>> "Can't read cryptographic policy directory: unlimited" even hours
>>> later after boot every time I send another request to TC.  If I then
>>> reboot TC and this time I don't get the failure, that unlimited folder
>>> magically becomes available.  There is something happening in TC boot
>>> with some sort of crypto initialization that either succeeds or
>>> fails.  And the exception when trying to get connections long after TC
>>> boot is just hitting whatever problem occurred during boot.  In other
>>> words, delaying my calls, even for hours, has no effect on accessing
>>> that folder if the problem is present.  Rebooting TC gives it another
>>> chance to succeed or fail. Any ideas what TC could be doing on boot
>>> that could lock up that folder?
>>>
>>>
>> I never really found a definitive fix for this.  But after all of the
>> research and logging and everything, I pretty much concluded that
>> there's some kind of timing/race condition between Tomcat boot and Java
>> crypto initialization.  Given that, I figured it was highly unlikely
>> that two different Java JVM implementations would have the same precise
>> implementation code to trigger that race condition.  So as a last ditch
>> effort, I replaced my OpenJDK JVM for Tomcat with Amazon's Corretto Java
>> JVM.  It's circumstantial evidence at best, and running a production
>> environment on fixes that just went away goes against my grain. But if
>> the problem goes away, maybe it won't come back. At this time, when
>> using Corretto JVM, I have not encountered the Crypto directory error.
>> It's been running on all server instances now for almost 24 hours with
>> no problems.  So I guess my suggestion to anyone else that might
>> encounter something like this, trying using a different JVM from a
>> different provider.  That appears at this time to have worked for me.
>
> Yeah, that's certainly a very unsatisfying result, but ... you can't
> argue with results. I'd love to hear if you end up with any further
> information.
>
> -chris

I was asking this before and ask again, how do we know it's not a missing
RNG entropy while the crypto stuff of the Java VM is initialised?

Simon


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

HTTP Status 503 - Servlet admin.login_jsp is currently unavailable

[simon jones]

Hi, can anyone help me with this one?  Thanks!

I've installed tomcat - no probs - manager works great as does the
installation but I can't get the admin working, I know this has been
posted before but I can't find a fix so I'm also providing as much
information as possible with this post.

When I call the admin page I get the following error:

HTTP Status 503 - Servlet admin.login_jsp is currently unavailable




type Status report

message Servlet admin.login_jsp is currently unavailable

description The requested service (Servlet admin.login_jsp is currently
unavailable) is not currently available.





Apache Tomcat/5.5.9

I have my admin files installed in the following locations:

/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localhost/admin.xm
l
/usr/local/jakarta/jakarta-tomcat-5.5.9/webapps/server/webapps/admin/adm
in.xml

thanks

Simon Jones
SAQ Group

Simon Jones
SAQ Group
Tel: 0870 737 7707
VoIP: 4822813 
Fax: 0870 737 7708
[EMAIL PROTECTED]
http://www.saqnet.co.uk AS29219
SAQ Group providers of communications services for UK Business.
DSL : Domains : Email : Hosting : CoLo : Servers : Racks : Transit :
Backups : Managed Networks : Remote Support.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: HTTP Status 503 - Servlet admin.login_jsp is currently unavailable

[simon jones]

Hi David,

Ok looks as thought the files are in the correct place:

cp -r admin /usr/local/jakarta/jakarta-tomcat-5.5.9/server/webapps

There's nothing in tail -f
/usr/local/jakarta/jakarta-tomcat-5.5.9/logs/tomcat.log

When I do a tail and access the admin it doesn't do anything.

 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.startup.HostConfig - Checking context[] redeploy
resource
/usr/local/jakarta/jakarta-tomcat-5.5.9/webapps/ROOT/META-INF/context.xm
l
 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.startup.HostConfig - Checking context[] reload
resource
/usr/local/jakarta/jakarta-tomcat-5.5.9/webapps/ROOT/WEB-INF/web.xml
 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.startup.HostConfig - Checking context[] reload
resource /usr/local/jakarta/jakarta-tomcat-5.5.9/conf/context.xml
 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.startup.HostConfig - Checking context[/manager]
redeploy resource
/usr/local/jakarta/jakarta-tomcat-5.5.9/server/webapps/manager
 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.startup.HostConfig - Checking context[/manager]
redeploy resource
/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localhost/manager.
xml
 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.startup.HostConfig - Checking context[/manager]
reload resource /usr/local/jakarta/jakarta-tomcat-5.5.9/conf/context.xml
 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.startup.HostConfig - Checking context[/manager]
reload resource
/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localhost/manager.
xml
 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.loader.WebappClassLoader - modified()
 DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
org.apache.catalina.loader.WebappClassLoader - modified() 

-Original Message-
From: David Smith [mailto:[EMAIL PROTECTED] 
Sent: 12 July 2006 17:38
To: Tomcat Users List
Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is currently
unavailable

Did you store the admin webapp in server/webapps where it belongs?  Also
check your logs.  There should be an exception trace just before the
place where this was marked as unavailable.

--David

simon jones wrote:

>Hi, can anyone help me with this one?  Thanks!
>
>I've installed tomcat - no probs - manager works great as does the 
>installation but I can't get the admin working, I know this has been 
>posted before but I can't find a fix so I'm also providing as much 
>information as possible with this post.
>
>When I call the admin page I get the following error:
>
>HTTP Status 503 - Servlet admin.login_jsp is currently unavailable
>
>---
>-
>
>
>type Status report
>
>message Servlet admin.login_jsp is currently unavailable
>
>description The requested service (Servlet admin.login_jsp is currently
>unavailable) is not currently available.
>
>
>---
>-
>
>
>Apache Tomcat/5.5.9
>
>I have my admin files installed in the following locations:
>
>/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localhost/admin.x
>m
>l
>/usr/local/jakarta/jakarta-tomcat-5.5.9/webapps/server/webapps/admin/ad
>m
>in.xml
>
>thanks
>
>Simon Jones
>SAQ Group
>
>Simon Jones
>SAQ Group
>Tel: 0870 737 7707
>VoIP: 4822813
>Fax: 0870 737 7708
>[EMAIL PROTECTED]
>http://www.saqnet.co.uk AS29219
>SAQ Group providers of communications services for UK Business.
>DSL : Domains : Email : Hosting : CoLo : Servers : Racks : Transit :
>Backups : Managed Networks : Remote Support.
>
>-
>To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, 
>e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
>
>  
>


-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: HTTP Status 503 - Servlet admin.login_jsp is currently unavailable

[simon jones]

Hi David,

Ok I did as instructed and tried the admin.  Now I get the "Tomcat's
administration web application is no longer installed by default.
Download and install the "admin" package to use it. " error.

No entries in the log either, where next?

Cheers,

Simon 

> -Original Message-
> From: David Smith [mailto:[EMAIL PROTECTED] 
> Sent: 12 July 2006 19:58
> To: Tomcat Users List
> Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is 
> currently unavailable
> 
> I also don't see even one reference to the admin webapp.  
> This tells me something fishy is going on.
> 
> Try this:
> 
> First, I see you copied the admin webapp to server/webapps 
> instead of moving it.  Delete the admin webapp in 
> /usr/local/jakarta/jakarta-tomcat-5.5.9/webapps.  It's just 
> going to be confusing to leave a copy there (for both you and tomcat).
> 
> Second, there should be an admin.xml file in the same archive 
> you got the admin webapp from.  That should be placed in 
> /usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localhos
> t right along side manager.xml.
> 
> Now restart tomcat and take a look for messages related to 
> the admin webapp.
> 
> --David
> 
> simon jones wrote:
> 
> >Hi David,
> >
> >Ok looks as thought the files are in the correct place:
> >
> >cp -r admin /usr/local/jakarta/jakarta-tomcat-5.5.9/server/webapps
> >
> >There's nothing in tail -f
> >/usr/local/jakarta/jakarta-tomcat-5.5.9/logs/tomcat.log
> >
> >When I do a tail and access the admin it doesn't do anything.
> >
> > DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >org.apache.catalina.startup.HostConfig - Checking context[] redeploy 
> >resource 
> >/usr/local/jakarta/jakarta-tomcat-5.5.9/webapps/ROOT/META-INF
> /context.x
> >m
> >l
> > DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >org.apache.catalina.startup.HostConfig - Checking context[] reload 
> >resource 
> >/usr/local/jakarta/jakarta-tomcat-5.5.9/webapps/ROOT/WEB-INF/web.xml
> > DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >org.apache.catalina.startup.HostConfig - Checking context[] reload 
> >resource /usr/local/jakarta/jakarta-tomcat-5.5.9/conf/context.xml
> > DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >org.apache.catalina.startup.HostConfig - Checking context[/manager] 
> >redeploy resource 
> >/usr/local/jakarta/jakarta-tomcat-5.5.9/server/webapps/manager
> > DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >org.apache.catalina.startup.HostConfig - Checking context[/manager] 
> >redeploy resource 
> >/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localho
> st/manager.
> >xml
> > DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >org.apache.catalina.startup.HostConfig - Checking context[/manager] 
> >reload resource 
> >/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/context.xml
> > DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >org.apache.catalina.startup.HostConfig - Checking context[/manager] 
> >reload resource 
> >/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localho
> st/manager.
> >xml
> > DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >org.apache.catalina.loader.WebappClassLoader - modified()  DEBUG 
> >ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >org.apache.catalina.loader.WebappClassLoader - modified()
> >
> >-Original Message-
> >From: David Smith [mailto:[EMAIL PROTECTED]
> >Sent: 12 July 2006 17:38
> >To: Tomcat Users List
> >Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is currently 
> >unavailable
> >
> >Did you store the admin webapp in server/webapps where it belongs?  
> >Also check your logs.  There should be an exception trace 
> just before 
> >the place where this was marked as unavailable.
> >
> >--David
> >
> >simon jones wrote:
> >
> >  
> >
> >>Hi, can anyone help me with this one?  Thanks!
> >>
> >>I've installed tomcat - no probs - manager works great as does the 
> >>installation but I can't get the admin working, I know this 
> has been 
> >>posted before but I can't find a fix so I'm also providing as much 
> >>information as possible with this post.
> >>
> >>When I call the admin page I get the following error:
> >>
> >>HTTP Status 503 - Servlet admin.login_jsp is currently unavailable
> >>
> >>--

RE: HTTP Status 503 - Servlet admin.login_jsp is currently unavailable

[simon jones]

Think it is most likely me having the files in the wrong place by the
looks of it, here's my dirs with file list:

/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localhost 

drwxr-xr-x  2 tomcat nobody 4096 Jul 12 15:27 ./
drwxr-xr-x  3 tomcat nobody 4096 Mar 26  2005 ../
-rw---  1 root   root566 Jul 12 15:27 admin.xml
-rw---  1 tomcat nobody  299 Mar 26  2005 host-manager.xml
-rw---  1 tomcat nobody  454 Mar 26  2005 manager.xml

/usr/src/apache-tomcat-5.5.17/server/webapps/admin

drwxr-xr-x  13 root root 4096 Apr 14 19:09 ./
drwxr-xr-x   3 root root 4096 Jul 10 16:53 ../
-rw-r--r--   1 root root 2151 Apr 14 19:09 admin.css
-rw-r--r--   1 root root  586 Apr 14 19:09 admin.xml
drwxr-xr-x   2 root root 4096 Apr 14 19:09 connector/
drwxr-xr-x   2 root root 4096 Apr 14 19:09 context/
drwxr-xr-x   2 root root 4096 Apr 14 19:09 host/
drwxr-xr-x   2 root root 4096 Jul 10 16:53 images/
drwxr-xr-x   2 root root 4096 Apr 14 19:09 realm/
drwxr-xr-x   2 root root 4096 Apr 14 19:09 resources/
drwxr-xr-x   2 root root 4096 Apr 14 19:09 server/
drwxr-xr-x   2 root root 4096 Apr 14 19:09 service/
-rw-r--r--   1 root root  344 Apr 14 19:09 tree-control-test.css
drwxr-xr-x   2 root root 4096 Apr 14 19:09 users/
drwxr-xr-x   2 root root 4096 Apr 14 19:09 valve/
drwxr-xr-x   3 root root 4096 Jul 10 16:53 WEB-INF/

Simon

> -Original Message-
> From: David Smith [mailto:[EMAIL PROTECTED] 
> Sent: 13 July 2006 12:49
> To: Tomcat Users List
> Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is 
> currently unavailable
> 
> There has to be some messages about the admin webapp.  The 
> only way to not have any is if admin.xml is not stored in the 
> correct place.  Even bad permissions should generate an 
> exception of some sort attempting to read it.  So to recap, 
> here's how your file structure looks and all the permissions 
> are set correctly?:
> 
> /usr/local/jakarta/jakarta-tomcat-5.5.9
> - conf
> - Catalina
> - localhost
> ROOT.xml
> manager.xml
> admin.xml (hopefully the original as provided 
> by the downloaded admin webapp distribution)
> - server
> - lib
> [server jar files here]
> - webapps
> manager
> admin
> - webapps
> - ROOT
> 
> Admittedly I've abbreviated and not included some 
> directories.  Also, do you have a catalina.out log file?  
> What does that show.
> 
> --David
> 
> simon jones wrote:
> 
> >Hi David,
> >
> >Ok I did as instructed and tried the admin.  Now I get the "Tomcat's 
> >administration web application is no longer installed by default.
> >Download and install the "admin" package to use it. " error.
> >
> >No entries in the log either, where next?
> >
> >Cheers,
> >
> >Simon
> >
> >  
> >
> >>-Original Message-
> >>From: David Smith [mailto:[EMAIL PROTECTED]
> >>Sent: 12 July 2006 19:58
> >>To: Tomcat Users List
> >>Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is currently 
> >>unavailable
> >>
> >>I also don't see even one reference to the admin webapp.  
> >>This tells me something fishy is going on.
> >>
> >>Try this:
> >>
> >>First, I see you copied the admin webapp to server/webapps 
> instead of 
> >>moving it.  Delete the admin webapp in 
> >>/usr/local/jakarta/jakarta-tomcat-5.5.9/webapps.  It's just 
> going to 
> >>be confusing to leave a copy there (for both you and tomcat).
> >>
> >>Second, there should be an admin.xml file in the same 
> archive you got 
> >>the admin webapp from.  That should be placed in 
> >>/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localhos
> >>t right along side manager.xml.
> >>
> >>Now restart tomcat and take a look for messages related to 
> the admin 
> >>webapp.
> >>
> >>--David
> >>
> >>simon jones wrote:
> >>
> >>
> >>
> >>>Hi David,
> >>>
> >>>Ok looks as thought the files are in the correct place:
> >>>
> >>>cp -r admin /usr/local/jakarta/jakarta-tomcat-5.5.9/server/webapps
> >>>
> >>>There's nothing in tail -f
> >>>/usr/local/jakarta/jakarta-tomcat-5.5.9/logs/tomcat.log
> >>>
> >>>When I do a tail and access the admin it doesn't do anything.
> >>>
> >>>DEBUG ContainerBackgroundProcessor[StandardEngine[Catalina]]
> >>>org.apache.c

RE: HTTP Status 503 - Servlet admin.login_jsp is currently unavailable

[simon jones]

You sir are a star!  Well spotted, that did the trick.

Thanks very much.

Simon 

> -Original Message-
> From: David Smith [mailto:[EMAIL PROTECTED] 
> Sent: 13 July 2006 13:01
> To: Tomcat Users List
> Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is 
> currently unavailable
> 
> Look at permissions for admin.xml -- root.root and read/write 
> only by owner?  Try doing this:
> 
> (from /usr/local/jakarta/jakarta-tomcat-5.5.9)
> chown tomcat.nobody conf/Catalina/localhost/admin.xml chown 
> -R tomcat.nobody server/webapps/admin
> 
> Then restart tomcat
> 
> --David
> 
> simon jones wrote:
> 
> >Think it is most likely me having the files in the wrong 
> place by the 
> >looks of it, here's my dirs with file list:
> >
> >/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localhost
> >
> >drwxr-xr-x  2 tomcat nobody 4096 Jul 12 15:27 ./ drwxr-xr-x  
> 3 tomcat 
> >nobody 4096 Mar 26  2005 ../
> >-rw---  1 root   root566 Jul 12 15:27 admin.xml
> >-rw---  1 tomcat nobody  299 Mar 26  2005 host-manager.xml
> >-rw---  1 tomcat nobody  454 Mar 26  2005 manager.xml
> >
> >/usr/src/apache-tomcat-5.5.17/server/webapps/admin
> >
> >drwxr-xr-x  13 root root 4096 Apr 14 19:09 ./
> >drwxr-xr-x   3 root root 4096 Jul 10 16:53 ../
> >-rw-r--r--   1 root root 2151 Apr 14 19:09 admin.css
> >-rw-r--r--   1 root root  586 Apr 14 19:09 admin.xml
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 connector/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 context/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 host/
> >drwxr-xr-x   2 root root 4096 Jul 10 16:53 images/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 realm/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 resources/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 server/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 service/
> >-rw-r--r--   1 root root  344 Apr 14 19:09 tree-control-test.css
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 users/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 valve/
> >drwxr-xr-x   3 root root 4096 Jul 10 16:53 WEB-INF/
> >
> >Simon
> >
> >  
> >
> >>-Original Message-
> >>From: David Smith [mailto:[EMAIL PROTECTED]
> >>Sent: 13 July 2006 12:49
> >>To: Tomcat Users List
> >>Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is currently 
> >>unavailable
> >>
> >>There has to be some messages about the admin webapp.  The 
> only way to 
> >>not have any is if admin.xml is not stored in the correct 
> place.  Even 
> >>bad permissions should generate an exception of some sort 
> attempting 
> >>to read it.  So to recap, here's how your file structure 
> looks and all 
> >>the permissions are set correctly?:
> >>
> >>/usr/local/jakarta/jakarta-tomcat-5.5.9
> >>- conf
> >>- Catalina
> >>- localhost
> >>ROOT.xml
> >>manager.xml
> >>    admin.xml (hopefully the original as 
> provided by the 
> >>downloaded admin webapp distribution)
> >>- server
> >>- lib
> >>[server jar files here]
> >>- webapps
> >>manager
> >>admin
> >>- webapps
> >>- ROOT
> >>
> >>Admittedly I've abbreviated and not included some 
> directories.  Also, 
> >>do you have a catalina.out log file?
> >>What does that show.
> >>
> >>--David
> >>
> >>simon jones wrote:
> >>
> >>
> >>
> >>>Hi David,
> >>>
> >>>Ok I did as instructed and tried the admin.  Now I get the 
> "Tomcat's 
> >>>administration web application is no longer installed by default.
> >>>Download and install the "admin" package to use it. " error.
> >>>
> >>>No entries in the log either, where next?
> >>>
> >>>Cheers,
> >>>
> >>>Simon
> >>>
> >>> 
> >>>
> >>>  
> >>>
> >>>>-Original Message-
> >>>>From: David Smith [mailto:[EMAIL PROTECTED]
> >>>>Sent: 12 July 2006 19:58
> >>>>To: Tomcat Users List
> >>>>Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is 
> currently 
> >>>>unavailable
> >>>>
> >>>>I also don't see even one r

RE: HTTP Status 503 - Servlet admin.login_jsp is currently unavailable

[simon jones]

Don't suppose you know how to give customers with jsp enable space
access to the error logs too do you? 

> -Original Message-
> From: David Smith [mailto:[EMAIL PROTECTED] 
> Sent: 13 July 2006 13:01
> To: Tomcat Users List
> Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is 
> currently unavailable
> 
> Look at permissions for admin.xml -- root.root and read/write 
> only by owner?  Try doing this:
> 
> (from /usr/local/jakarta/jakarta-tomcat-5.5.9)
> chown tomcat.nobody conf/Catalina/localhost/admin.xml chown 
> -R tomcat.nobody server/webapps/admin
> 
> Then restart tomcat
> 
> --David
> 
> simon jones wrote:
> 
> >Think it is most likely me having the files in the wrong 
> place by the 
> >looks of it, here's my dirs with file list:
> >
> >/usr/local/jakarta/jakarta-tomcat-5.5.9/conf/Catalina/localhost
> >
> >drwxr-xr-x  2 tomcat nobody 4096 Jul 12 15:27 ./ drwxr-xr-x  
> 3 tomcat 
> >nobody 4096 Mar 26  2005 ../
> >-rw---  1 root   root566 Jul 12 15:27 admin.xml
> >-rw---  1 tomcat nobody  299 Mar 26  2005 host-manager.xml
> >-rw---  1 tomcat nobody  454 Mar 26  2005 manager.xml
> >
> >/usr/src/apache-tomcat-5.5.17/server/webapps/admin
> >
> >drwxr-xr-x  13 root root 4096 Apr 14 19:09 ./
> >drwxr-xr-x   3 root root 4096 Jul 10 16:53 ../
> >-rw-r--r--   1 root root 2151 Apr 14 19:09 admin.css
> >-rw-r--r--   1 root root  586 Apr 14 19:09 admin.xml
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 connector/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 context/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 host/
> >drwxr-xr-x   2 root root 4096 Jul 10 16:53 images/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 realm/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 resources/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 server/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 service/
> >-rw-r--r--   1 root root  344 Apr 14 19:09 tree-control-test.css
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 users/
> >drwxr-xr-x   2 root root 4096 Apr 14 19:09 valve/
> >drwxr-xr-x   3 root root 4096 Jul 10 16:53 WEB-INF/
> >
> >Simon
> >
> >  
> >
> >>-Original Message-
> >>From: David Smith [mailto:[EMAIL PROTECTED]
> >>Sent: 13 July 2006 12:49
> >>To: Tomcat Users List
> >>Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is currently 
> >>unavailable
> >>
> >>There has to be some messages about the admin webapp.  The 
> only way to 
> >>not have any is if admin.xml is not stored in the correct 
> place.  Even 
> >>bad permissions should generate an exception of some sort 
> attempting 
> >>to read it.  So to recap, here's how your file structure 
> looks and all 
> >>the permissions are set correctly?:
> >>
> >>/usr/local/jakarta/jakarta-tomcat-5.5.9
> >>- conf
> >>- Catalina
> >>- localhost
> >>ROOT.xml
> >>manager.xml
> >>admin.xml (hopefully the original as 
> provided by the 
> >>downloaded admin webapp distribution)
> >>- server
> >>- lib
> >>[server jar files here]
> >>- webapps
> >>manager
> >>admin
> >>- webapps
> >>- ROOT
> >>
> >>Admittedly I've abbreviated and not included some 
> directories.  Also, 
> >>do you have a catalina.out log file?
> >>What does that show.
> >>
> >>--David
> >>
> >>simon jones wrote:
> >>
> >>
> >>
> >>>Hi David,
> >>>
> >>>Ok I did as instructed and tried the admin.  Now I get the 
> "Tomcat's 
> >>>administration web application is no longer installed by default.
> >>>Download and install the "admin" package to use it. " error.
> >>>
> >>>No entries in the log either, where next?
> >>>
> >>>Cheers,
> >>>
> >>>Simon
> >>>
> >>> 
> >>>
> >>>  
> >>>
> >>>>-Original Message-
> >>>>From: David Smith [mailto:[EMAIL PROTECTED]
> >>>>Sent: 12 July 2006 19:58
> >>>>To: Tomcat Users List
> >>>>Subject: Re: HTTP Status 503 - Servlet admin.login_jsp is 
> currently 
> >>>>unavailable
> >>>>
> >>>>I 

Password retries

[Simon O'Malley]

Hi List

Has anyone done anything with tomcat authorisation to configure in a maximum
number of retries before an address/account is blocked.

I have setup a secure site and want to only give the user a maximum number
of 3 tries at logging in before denying them the login ability for a
specified period of time.

I.e. let them try 3 times then disable the account for 20 minutes.

Interested in hearing from anyone who has done something along those lines.

I have done a google search and read the doco but couldn't find any mention
to something like this.

Cheers
Simon

Re: Password retries

[Simon O'Malley]

Hi Chris, Maurice

Thanks for the replies.

Was hoping someone would have already done something as I am under a pretty
tight deadline.

Dont think the denyhosts route will be a goer as hosts.deny will only be
writeable as root and dont want to have to run tomcat as root, change
permissions, or step outside the process.
Might look at that for my personal firewall though, good idea that.

Will look at putting something together further down the track to handle
this. Does anyone know if any of the other JWS's handle this issue??

Simon

On 7/29/06, Maurice Yarrow <[EMAIL PROTECTED]> wrote:


Simon, Chris

If you write your own mechanism, you might want to take a look
at the configuration script for "DenyHosts", which is a highly
configurable tool for port blocking (via mods to /etc/hosts.deny)
of sshd upon too-many failed attempts in a given time interval.
This is similar to what you are planning.  Helpful to look at what
they support (look at their "denyhosts.cfg", initially,
denyhosts.cfg-dist) in the way of resetting of failed-count upon
successful ssh login within permitted interval, purging
of denied hosts after configurable interval, etc.

And by the way, I have had their denyhosts stuff running for
nearly a week now, and it has handled sshd port 22 attacks
quite well, which have dwindled significantly as a result.
This has led me to conjecture that the attacks are from a
community of attackers who work kind of like the [EMAIL PROTECTED]
by applying all their cpu resources to a common set of
targets.  Now that their attack tools have had connection-
refused after 5 attempts, their tool has struck my address
off their list as being non-fruitful.  Just a conjecture, anyway.

Maurice Yarrow


Christopher Schultz wrote:

>Simon,
>
>
>
>>Has anyone done anything with tomcat authorisation to configure in a
>>maximum number of retries before an address/account is blocked.
>>
>>
>
>I'm pretty sure that Tomcat's authentication system does not support
>this feature. You could probably write your own authenticator to track
>that kind of thing.
>
>I am going to be adding the same type of feature to an authenticator I
>wrote to be used with securityfilter
>(http://securityfilter.sourceforge.net/). My plan is to use something
>like a synchronized time-sensitive cache of login failures (probably
>something from the commons-collections package such as LRUMap) to store
>login failures (keyed on username). I'll probably do the same thing with
>remote IP address as well (3 failures from the same IP will block future
>logins). The only trick is expiring entries ;)
>
>Let me know if you have any better ideas. I'd love to hear about them.
>
>-chris
>
>
>
>



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JSessionId and Google

[Simon Pink]

Thanks, I could try this, but I was kind of hoping for a more general Tomcat
solution (if there is one). I know Resin has a 'enable-url-rewriting' flag
that you can set in it's config.

I guess the question still is, does anyone definitively know if jsessionid
does have negative impact on Google results/rankings? It does seem that
Google thinks it is a bad idea.

Regards,
Simon.

On 9/20/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote:


couldn't you simply create a HttpServletResponseWrapper object in a
filter, this object could overwrite the method that encodes the URL and
remove the JSESSIONID from it

Filip


Simon wrote:
> Hi,
>
> According to the Google "Information for Webmasters" page, it appears
> that Google will not index/crawl pages correctly with the JSessionId
> appended to the URL, ie.:
>
http://www.stroke-education.com/product/ProductList.do;jsessionid=A2F6590DAC37E55651060DE6922B972D.tomcat36
>
>
> The guidelines can be found at:
> http://www.google.com/intl/en/webmasters/guidelines.html. The key part
> of the page is:
> Allow search bots to crawl your sites without session IDs or arguments
> that track their path through the site. These techniques are useful
> for tracking individual user behavior, but the access pattern of bots
> is entirely different. Using these techniques may result in incomplete
> indexing of your site, as bots may not be able to eliminate URLs that
> look different but actually point to the same page
>
> Search engine rankings are very important for the site (to sell
> products :), and it has not indexed my pages correctly just like it
> said it wouldn't in the paragraph above. I have tried adding a
> sitemap.xml.gz file to help Google along, but to no avail.
>
> The question is, is it possible to disable cookieless session tracking
> for search engine bots? If so how? If not, is it possible to turn off
> cookieless session tracking all together? Yes, unfortunately at the
> crux of it, search engine rankings are more important than users with
> cookies disabled for this particular site.
>
> Thanks, and Kind Regards,
> Simon.
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

jsp:include buffers generated data?

[Simon Kitching]

Hi,

I'm working with JSF, and am having some problems related to jsp:include.

It appears that jsp:include always creates a temporary buffer, stores 
the included data into that buffer, then appends the buffer to the 
original response output stream after the include has completed. This 
causes nasty interactions with JSF tags which tend to output themselves 
directly to the original response stream, and thus appear before the 
surrounding template text and non-JSF tags.


1) Can anyone point me at the implementation of jsp:include?

I guess it's part of jasper. Or maybe tomcat. Either way, I gave not 
been able to find the source to see what it's doing and maybe why..


2) Is this buffering behaviour of jsp:include mandated by the 
JSP/servlet specs, or tomcat-specific?



Thanks,

Simon

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jsp:include buffers generated data?

[Simon Kitching]

Thanks Jacob.

I've looked at the Glassfish stuff dev list, and can't see any info 
related to this. Actually, the dev list is so primitive for this project 
it's clear that Sun still hasn't grasped the concept of running an Open 
Source project, and that most of the design stuff is happening off-list. 
I'm very grateful that Tomcat is run in a better manner! And go Geronimo!


A couple of posts (with suspiciously similar wording) state that the 
problem is "fixed" in the JSF spec, and that it's something to do with 
ViewHandler. However re-reading the spec (section 7.5) multiple times 
still hasn't made me any more enlightened.


There are some hints on those postings that you were the person who came 
up with the solution (or at least part of it), something to do with "EL 
aliasing"? Or was that something else? If you do know how this is 
supposed to work, then perhaps you could give some hints (via your own 
blog or otherwise)?


Otherwise I guess I'll just submit my own approach to MyFaces. Doesn't 
look like JSP2.1 and JSF1.2 support is going to be supported by anything 
other than Glassfish anytime soon anyway.


Regards,

Simon

Jacob Hookom wrote:

This has come up in the JSF RI and was recently corrected with Glassfish,
you might want to check their dev mailing lists

On 11/13/05, Simon Kitching <[EMAIL PROTECTED]> wrote:

Hi,

I'm working with JSF, and am having some problems related to jsp:include.

It appears that jsp:include always creates a temporary buffer, stores
the included data into that buffer, then appends the buffer to the
original response output stream after the include has completed. This
causes nasty interactions with JSF tags which tend to output themselves
directly to the original response stream, and thus appear before the
surrounding template text and non-JSF tags.

1) Can anyone point me at the implementation of jsp:include?

I guess it's part of jasper. Or maybe tomcat. Either way, I gave not
been able to find the source to see what it's doing and maybe why..

2) Is this buffering behaviour of jsp:include mandated by the
JSP/servlet specs, or tomcat-specific?


Thanks,

Simon

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Multiple .war files in single tomcat instance

[Simon Kitching]

Praveen wrote:

Hi - Iam trying to deploy multiple .war files on a
single tomcat instance, but was wondering if theres a
way in tomcat, to use the domain name and pick up the
corresponding war file. 
For eg: I have two war files sample1.war and

sample2.war deployed on a single tomcat instance, and
lets say I have DNS entries sample1.com and
sample2.com to point to this particular instance of
the tomcat server, now when I hit sample1.com, how can
I configure tomcat to pick sample1.war and similarly
for sample2.

Right now in order to hit sample1.war, I type in my
URL "localhost:8080/sample1".

Thanks in advance for any help on this.


This looks like a case for having an Apache HTTPD server in front of 
tomcat. The mod_rewrite httpd module can do this I expect.


Regards,

Simon

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Lifecycle listener class loading problem

[Simon Watson]

I'm trying to implement a lifecycle listener to initialise and, more
importantly, shutdown a resource that I wish to access from multiple
webapps.

If I put my listener class in common/classes then I get an error on startup:
SEVERE: Begin event threw error
java.lang.NoClassDefFoundError: org/apache/catalina/LifecycleListener

If I put the listener class in server/classes then the server starts
up ok but the class can't be used by any webapps. Is there a way
around this?

To describe the bigger picture, I have a singleton class that is
managing a resource via JNI that is required by several webapps. It's
important that I can control the initialisation/shutdown of this
resource. I've tried a shutdownhook and a finalize method but neither
of these are invoked by Tomcat when it shuts down, hence my interest
in a lifecycle listener. Because the resource is used across multiple
webapps, the standard contextlistener approach won't work.

I'm running Tomcat 5.5 as a Windows service.

Any help/suggestions would be much appreciated.

Simon.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Lifecycle listener class loading problem

[Simon Watson]

That's what I'm doing:
"If I put my listener class in common/classes then I get an error on startup:
SEVERE: Begin event threw error
java.lang.NoClassDefFoundError: org/apache/catalina/LifecycleListener"

Putting the  tag in server.xml seems straightforward, and
it's loading my listener class but is unable to load the server
classes it depends on unless I put it in the server/classes directory.

On 4/5/06, Farrow, Marc <[EMAIL PROTECTED]> wrote:
> I am not an expert on this, but here are my thoughts for what it is worth.
> You will need to place the class in the COMMON folder so both your webapps
> and TOMCAT itself can see it.  However, you will have to dig through the docs
> on Tomcat and see what parameter (probably in the server.xml) file you will
> have to set to use your LifeCycleListener class instead of TOMCAT's.
>
> -Original Message-
> From: Simon Watson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, April 05, 2006 12:29 PM
> To: users@tomcat.apache.org
> Subject: Lifecycle listener class loading problem
>
> I'm trying to implement a lifecycle listener to initialise and, more
> importantly, shutdown a resource that I wish to access from multiple
> webapps.
>
> If I put my listener class in common/classes then I get an error on startup:
> SEVERE: Begin event threw error
> java.lang.NoClassDefFoundError: org/apache/catalina/LifecycleListener
>
> If I put the listener class in server/classes then the server starts
> up ok but the class can't be used by any webapps. Is there a way
> around this?
>
> To describe the bigger picture, I have a singleton class that is
> managing a resource via JNI that is required by several webapps. It's
> important that I can control the initialisation/shutdown of this
> resource. I've tried a shutdownhook and a finalize method but neither
> of these are invoked by Tomcat when it shuts down, hence my interest
> in a lifecycle listener. Because the resource is used across multiple
> webapps, the standard contextlistener approach won't work.
>
> I'm running Tomcat 5.5 as a Windows service.
>
> Any help/suggestions would be much appreciated.
>
> Simon.
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Lifecycle listener class loading problem

[Simon Watson]

Again:
"If I put the listener class in server/classes then the server starts
up ok but the class can't be used by any webapps."

I guess what I'm asking is can I configure Tomcat to load my listener
class in a way that my webapps can also have access to.

On 4/5/06, Farrow, Marc <[EMAIL PROTECTED]> wrote:
> Then just for kicks, place it in the server/classes directory and also the
> shared/classes directory.
>
> -----Original Message-
> From: Simon Watson [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, April 05, 2006 1:29 PM
> To: Tomcat Users List
> Subject: Re: Lifecycle listener class loading problem
>
> That's what I'm doing:
> "If I put my listener class in common/classes then I get an error on startup:
> SEVERE: Begin event threw error
> java.lang.NoClassDefFoundError: org/apache/catalina/LifecycleListener"
>
> Putting the  tag in server.xml seems straightforward, and
> it's loading my listener class but is unable to load the server
> classes it depends on unless I put it in the server/classes directory.
>
> On 4/5/06, Farrow, Marc <[EMAIL PROTECTED]> wrote:
> > I am not an expert on this, but here are my thoughts for what it is worth.
> > You will need to place the class in the COMMON folder so both your webapps
> > and TOMCAT itself can see it.  However, you will have to dig through the
> docs
> > on Tomcat and see what parameter (probably in the server.xml) file you will
> > have to set to use your LifeCycleListener class instead of TOMCAT's.
> >
> > -Original Message-
> > From: Simon Watson [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, April 05, 2006 12:29 PM
> > To: users@tomcat.apache.org
> > Subject: Lifecycle listener class loading problem
> >
> > I'm trying to implement a lifecycle listener to initialise and, more
> > importantly, shutdown a resource that I wish to access from multiple
> > webapps.
> >
> > If I put my listener class in common/classes then I get an error on
> startup:
> > SEVERE: Begin event threw error
> > java.lang.NoClassDefFoundError: org/apache/catalina/LifecycleListener
> >
> > If I put the listener class in server/classes then the server starts
> > up ok but the class can't be used by any webapps. Is there a way
> > around this?
> >
> > To describe the bigger picture, I have a singleton class that is
> > managing a resource via JNI that is required by several webapps. It's
> > important that I can control the initialisation/shutdown of this
> > resource. I've tried a shutdownhook and a finalize method but neither
> > of these are invoked by Tomcat when it shuts down, hence my interest
> > in a lifecycle listener. Because the resource is used across multiple
> > webapps, the standard contextlistener approach won't work.
> >
> > I'm running Tomcat 5.5 as a Windows service.
> >
> > Any help/suggestions would be much appreciated.
> >
> > Simon.
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

License query for jstl.jar

[Simon Kitching]

Hi,

File jstl.jar has been checked in here:
 
http://svn.apache.org/repos/asf/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/js
r152/examples/WEB-INF/lib/
and here:
 
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/webapps/examples/WEB-IN
F/lib/

This jar is used for running example code in Tomcat.

However it isn't clear to me whether the license for this jar in fact allows
this to be checked in.
The jar has 
  Implementation-Vendor: Sun Microsystems, Inc.
and
  Implementation-Version: 1.1.0-D13

As it happens, the Apache Taglibs project's JSTL also happens to insert 
  Implementation-Vendor: Sun Microsystems, Inc.
in its builds :-(. However as far as I can tell it doesn't generate an
Implementation-Version entry like the above, so presumably this jarfile is
in fact a real Sun jar. If this is indeed the case, then does Apache
actually have the legal right to directly redistribute this jarfile?

The svn commit that added this jar doesn't state where the file was sourced
from:


r267015 | kinman | 2002-10-29 06:45:44 +1300 (Tue, 29 Oct 2002) | 26 lines

- Patch by Jan Leuhe

attached is a patch for the jakarta-servletapi-5 repository including
the following changes:

- TagVariableInfo.java:
  * Removed constructor that takes the name of a fragment.
  * Removed getFragment().
  * Removed private field "fragment".

- JspFragment.java:
  * Removed Map parameter from invoke().

- Updated the "simpletag" and "tagfiles" examples accordingly.

Please notice that the patch also requires adding JSTL to the
examples.war webapp. This is required because this webapp's tag files
need to use JSTL's  action to set scoped variables before
fragment invocations, now that  and  no longer
have a nested .

PR:
Obtained from:
Submitted by:
Reviewed by:



Regards,

Simon



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: License query for jstl.jar

[Simon Kitching]

 

> -Original Message-
> From: Mark Thomas [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, June 14, 2006 11:32 AM
> To: Tomcat Users List
> Subject: Re: License query for jstl.jar
> 
> Simon Kitching wrote:
> > However it isn't clear to me whether the license for this 
> jar in fact 
> > allows this to be checked in.
> > The jar has
> > Implementation-Vendor: Sun Microsystems, Inc.
> > and
> > Implementation-Version: 1.1.0-D13
> 
> The Servlet expert group used the Apache repository to 
> develop the implementations of the spec so this is fine.

Unfortunately, in order to satisfy both my companies' lawyers and the
client's lawyers I think I would need to show that this jar is indeed built
from ASL-licensed code.

Does anyone have a link to a page from Sun that shows that they did in fact
use the Apache code base to create this jar? Neither the Sun JSTL home page:
  http://java.sun.com/products/jsp/jstl
nor the JSR052 page:
  http://jcp.org/aboutJava/communityprocess/final/jsr052/index2.html
have any such statement.

The Jakarta Taglibs project page does say so, but as the
Implementation-Vendor in the binary file is Sun I don't think this carries
much weight..

Thanks,

Simon



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: License query for jstl.jar

[Simon Kitching]

 

> -Original Message-
> From: Mark Thomas [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, June 14, 2006 12:42 PM
> To: Tomcat Users List
> Subject: Re: License query for jstl.jar
> 
> IANAL...

Understood; I'm grateful for your comments anyway..

> 
> Simon Kitching wrote:
> > Unfortunately, in order to satisfy both my companies' 
> lawyers and the 
> > client's lawyers I think I would need to show that this jar 
> is indeed 
> > built from ASL-licensed code.
> 
> This is *not* ASL licenced code.

Actually, every file I've looked at in the jakarta taglibs project DOES have
the standard ASL2.0 licensing embedded in it, and in addition they all
contain an Apache Foundation copyright statement:
http://svn.apache.org/repos/asf/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/js
r152/src/share/javax/servlet/jsp/ErrorData.java

Of course the license statement is the key to making the code "open source",
but the copyright assignment is a bonus.

> 
> > Does anyone have a link to a page from Sun that shows that 
> they did in 
> > fact use the Apache code base to create this jar? Neither 
> the Sun JSTL home page:
> > http://java.sun.com/products/jsp/jstl
> 
> The
> http://svn.apache.org/repos/asf/tomcat/servletapi/servlet2.4-j
> sp2.0-tc5.x/
> codebase is *not* an Apache codebase. Think of it as Apache 
> providing hosting services for the expert group.

By "Apache code base" I simply mean that the code is licensed under the
ASL2.0.

All the code in the jakarta taglibs standard lib project certainly is, and
I'm pretty sure that it is ASF policy that only ASL-licensed files can be
stored in apache svn or served from apache download sites. I've been
involved with Apache for many years now, and am not aware of any cases to
the contrary.

The problem I have here is that it isn't clear that the jarfile checked in
to tomcat's svn is actually built from the ASL-licensed source in the
jakarta taglibs project. If someone could point me at a Sun webpage that
says "Click here to download the reference implementation of jstl-1.0.1.jar
or visit jakarta.apache.org/taglibs to download the source" then that would
be the key. Unfortunately I just can't find any such page. That's my problem
of course, but any pointers will be greatly appreciated.

> 
> You might want to try the [EMAIL PROTECTED] list.

Yes, I'll do that. I'm personally quite confident there aren't any licensing
problems; however I'm not so confident it actually *says* so anywhere...

Cheers,

Simon



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: License query for jstl.jar

[Simon Kitching]

 

> -Original Message-
> From: Mark Thomas [mailto:[EMAIL PROTECTED] 
> Sent: Wednesday, June 14, 2006 1:23 PM
> To: Tomcat Users List
> Subject: Re: License query for jstl.jar
> 
> Simon Kitching wrote:
> > Actually, every file I've looked at in the jakarta taglibs project 
> > DOES have the standard ASL2.0 licensing embedded in it, and in 
> > addition they all contain an Apache Foundation copyright statement:
> > 
> http://svn.apache.org/repos/asf/tomcat/servletapi/servlet2.4-jsp2.0-tc
> > 5.x/js r152/src/share/javax/servlet/jsp/ErrorData.java
> 
> My apologies, I had forgotten these files carried that licence.
> However, I am confused. This file is part of the servlet 
> spec, it is nothing to do with the Jakarta taglibs which is 
> where this discussion started.

Yep, sorry. Had too many windows open :-;

This is a more appropriate example - still has that valid Apache license:
http://svn.apache.org/repos/asf/jakarta/taglibs/proper/standard/trunk/src/ja
vax/servlet/jsp/jstl/core/ConditionalTagSupport.java


Regards,

Simon



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

JSessionId and Google

[Simon Pink]

Hi there,

It is well noted by Google (and other search engines) that they do not like
session tracking info as part of the URL. This does include JSessionId, and
because Google visits your site as a cookieless user, every page indexed by
them includes JSessionId, this is bad for numerous reasons - but the main
reason is that Google may think you are cheating, as they are indexing the
same page multiple times and it adversely effects your ranking.

It is annoying as Tomcat deals with the URL according to standards, It seems
to be everything else which doesn't. To be more precise, it is the ';' in
the URL which servers such as Apache, and search engines and spiders like
Google don't like much at all. By all rights Google should ignore the
session id but it doesn't.

Anyway, how do I turn this cookie-less tracking off for Tomcat? I would
rather have better ranking (and not be banned) than have a minor percent of
customers not being able to use my site. Or is there another solution that I
have missed here?

Kind Regards,
Simon.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Having trouble making Tomcat available from outside the network

[Simon Renshaw]

Hi,

I installed Tomcat 5.5.12 on a CentOS 4.4 server. I used port 9090. Then
I installed Luntbuild on it. I can access it internally without
problems.

I created a rule in the firewall to forward port 9090 request to the
Linux server. Unfortunately, when trying to access the site from the
outside, I get a page not found error. 

Since that didn't work, I tried with Tomcat 5.5.20 on Windows 2003. I
used port 9191 this time. Also added a rule for 9191. And I got the same
results.

As far as I know, the ports are open on each machine and there are no
software firewalls running.

Is there something I missed when I installed Tomcat?

Thanks!
Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Having trouble making Tomcat available from outside the network

[Simon Renshaw]

There are a lot of log types in /logs. Which one should I check?

The server is behind a firewall and we use NAT. Think this could be the cause? 
I use the firewall to forward HTTP, SMTP, FTP etc request to other servers and 
I'm only having troubles with Tomcat.

I'm really stumped there.

Simon

-Original Message-
From: Robert Harper [mailto:[EMAIL PROTECTED] 
Sent: 13 décembre, 2006 13:32
To: 'Tomcat Users List'
Subject: RE: Having trouble making Tomcat available from outside the network

Did you check the logs on the server running Tomcat to see if the request
was making the trip to the server?

The other thing is the server's IP exposed to the outside world and, if it
is, is it the same IP? Often this is not the case.

Robert S. Harper
Information Access Technology, Inc.
-Original Message-
From: Simon Renshaw [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 13, 2006 11:19 AM
To: users@tomcat.apache.org
Subject: Having trouble making Tomcat available from outside the network

Hi,

I installed Tomcat 5.5.12 on a CentOS 4.4 server. I used port 9090. Then
I installed Luntbuild on it. I can access it internally without
problems.

I created a rule in the firewall to forward port 9090 request to the
Linux server. Unfortunately, when trying to access the site from the
outside, I get a page not found error. 

Since that didn't work, I tried with Tomcat 5.5.20 on Windows 2003. I
used port 9191 this time. Also added a rule for 9191. And I got the same
results.

As far as I know, the ports are open on each machine and there are no
software firewalls running.

Is there something I missed when I installed Tomcat?

Thanks!
Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Having trouble making Tomcat available from outside the network

[Simon Renshaw]

I looked in catalina.out since there is no stdout.log. There are nothing (0 
bytes) in the admin, host-manager and manager logs. The Catalina. logs 
contain startup info. Some weird stuff in the localhost. ones. Talking 
about the Linux version here.

I asked a friend to go to www.domain.com:9090 and there was nothing in the logs 
of the firewall. Damnit!

Not looking good.

Simon


-Original Message-
From: Robert Harper [mailto:[EMAIL PROTECTED] 
Sent: 13 décembre, 2006 13:52
To: 'Tomcat Users List'
Subject: RE: Having trouble making Tomcat available from outside the network

I usually look in the logs I set up for my contexts or in the stdout.log.
You should see some logging from requests having hit filters, if you are
using them. The other thing you could do is start the network monitoring
tool that comes with Win 2003 server, or some similar tool, and watch
activity on the ports in question. If the requests aren't making it to the
server, then the problem is further up the chain.

Do you see the request hitting the firewall?

Robert S. Harper
Information Access Technology, Inc.

-Original Message-----
From: Simon Renshaw [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 13, 2006 11:43 AM
To: Tomcat Users List
Subject: RE: Having trouble making Tomcat available from outside the network

There are a lot of log types in /logs. Which one should I check?

The server is behind a firewall and we use NAT. Think this could be the
cause? I use the firewall to forward HTTP, SMTP, FTP etc request to other
servers and I'm only having troubles with Tomcat.

I'm really stumped there.

Simon

[Robert Harper] snip




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Having trouble making Tomcat available from outside the network

[Simon Renshaw]

Stuff like that:

Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', 
'[Ljava.lang.String;@1f70225')
Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', 
'[Ljava.lang.String;@1add353')
Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', 
'[Ljava.lang.String;@10cff6b')
Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextDestroyed()
Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextDestroyed()
Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', 
'[Ljava.lang.String;@1139ac8')
Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', 
'[Ljava.lang.String;@16f44f')
Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: attributeReplaced('org.apache.catalina.WELCOME_FILES', 
'[Ljava.lang.String;@101a4f3')
Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextDestroyed()
Dec 13, 2006 2:36:54 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextDestroyed()
Dec 13, 2006 2:45:08 PM org.apache.catalina.core.ApplicationContext log
INFO: org.apache.webapp.balancer.BalancerFilter: init(): ruleChain: 
[org.apache.webapp.balancer.RuleChain: 
[org.apache.webapp.balancer.rules.URLStringMatchRule: Target string: News / 
Redirect URL: http://www.cnn.com], 
[org.apache.webapp.balancer.rules.RequestParameterRule: Target param name: 
paramName / Target param value: paramValue / Redirect URL: 
http://www.yahoo.com], [org.apache.webapp.balancer.rules.AcceptEverythingRule: 
Redirect URL: http://jakarta.apache.org]]
Dec 13, 2006 2:45:08 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Dec 13, 2006 2:45:08 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Dec 13, 2006 2:45:08 PM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Dec 13, 2006 2:45:08 PM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()

I cannot use 8080 since that port is already in use on that server.

Yeah, it is a lot of fun :) I'm considering using the pix in another office to 
redirect here. Might work. Or not. 

Is there a way to integrate IIS and Tomcat?

-Original Message-
From: Robert Harper [mailto:[EMAIL PROTECTED] 
Sent: 13 décembre, 2006 15:40
To: 'Tomcat Users List'
Subject: RE: Having trouble making Tomcat available from outside the network

What is the weird stuff?

Have you tried port 8080 that is a normal testing port for 80?

This sounds like a fun one to track down and may be more related to network
than Tomcat.

Robert S. Harper
Information Access Technology, Inc.

-Original Message-
From: Simon Renshaw [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, December 13, 2006 1:24 PM
To: Tomcat Users List
Subject: RE: Having trouble making Tomcat available from outside the network

I looked in catalina.out since there is no stdout.log. There are nothing (0
bytes) in the admin, host-manager and manager logs. The Catalina. logs
contain startup info. Some weird stuff in the localhost. ones. Talking
about the Linux version here.

I asked a friend to go to www.domain.com:9090 and there was nothing in the
logs of the firewall. Damnit!

Not looking good.

Simon


[Robert Harper] snip



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Installing Tomcat and IIS

[Simon Renshaw]

Hi,

Since it looks like my problems with Tomcat are caused by the firewall
we're using, it is time to try Plan B.

Plan B would be to install Tomcat on the same server where IIS is
located and have both of them use port 80. 

I found a tutorial at
http://www.iis-resources.com/modules/AMS/article.php?storyid=485&page=0
that does that. Unfortunately, it is using something that hasn't been
maintained in a year and the article is kinda confusing. Look like it is
missing some information.

Does anybody have experience with that? Pointers would be appreciated.

Thanks,
Simon



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Installing Tomcat and IIS

[Simon Renshaw]

And once it is installed, how is it supposed to work? That part is missing from 
the article :)

-Original Message-
From: LiuYan 刘研 [mailto:[EMAIL PROTECTED] 
Sent: 14 décembre, 2006 23:22
To: users@tomcat.apache.org
Subject: Re: Installing Tomcat and IIS


That article is good, I've integrated Tomcat & IIS successfully by following
that article step by step.

Step 5,6,7 are important
-
Step 5. Create the Tomcat Application Pool
Step 6. Create the Virtual Directory
Step 7. Create and Enable the Tomcat Web Service Extension
-
I have ever omitted step 7, and I can't get it run. Step 7 is important for
IIS6.


Simon Renshaw-2 wrote:
> 
> Hi,
> 
> Since it looks like my problems with Tomcat are caused by the firewall
> we're using, it is time to try Plan B.
> 
> Plan B would be to install Tomcat on the same server where IIS is
> located and have both of them use port 80. 
> 
> I found a tutorial at
> http://www.iis-resources.com/modules/AMS/article.php?storyid=485&page=0
> that does that. Unfortunately, it is using something that hasn't been
> maintained in a year and the article is kinda confusing. Look like it is
> missing some information.
> 
> Does anybody have experience with that? Pointers would be appreciated.
> 
> Thanks,
> Simon
> 
> 
> 
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Installing-Tomcat-and-IIS-tf2821771.html#a7886051
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Installing Tomcat and IIS

[Simon Renshaw]

I normally need to access http://localhost:9191/luntbuild to see my 
application. So in theory with that filter thing installed correctly I should 
be able to access it by going to http://localhost/luntbuild?

But for IIS, /luntbuild does not exist. How does it figure out that it is a 
Tomcat dir?

Also, I'm running a few websites on this server. Does this have an impact on 
the Tomcat/IIS integration?

-Original Message-
From: LiuYan 刘研 [mailto:[EMAIL PROTECTED] 
Sent: 17 décembre, 2006 21:12
To: users@tomcat.apache.org
Subject: RE: Installing Tomcat and IIS


Is the last two paragraphs of that article what you want?
1.start IIS, start Tomcat
2.browse http://localhost/servlets-examples/  or something else to test your
installation



Simon Renshaw-2 wrote:
> 
> And once it is installed, how is it supposed to work? That part is missing
> from the article :)
> 
> -Original Message-
> From: LiuYan 刘研 [mailto:[EMAIL PROTECTED] 
> Sent: 14 décembre, 2006 23:22
> To: users@tomcat.apache.org
> Subject: Re: Installing Tomcat and IIS
> 
> 
> That article is good, I've integrated Tomcat & IIS successfully by
> following
> that article step by step.
> 
> Step 5,6,7 are important
> -
> Step 5. Create the Tomcat Application Pool
> Step 6. Create the Virtual Directory
> Step 7. Create and Enable the Tomcat Web Service Extension
> -
> I have ever omitted step 7, and I can't get it run. Step 7 is important
> for
> IIS6.
> 
> 
> Simon Renshaw-2 wrote:
>> 
>> Hi,
>> 
>> Since it looks like my problems with Tomcat are caused by the firewall
>> we're using, it is time to try Plan B.
>> 
>> Plan B would be to install Tomcat on the same server where IIS is
>> located and have both of them use port 80. 
>> 
>> I found a tutorial at
>> http://www.iis-resources.com/modules/AMS/article.php?storyid=485&page=0
>> that does that. Unfortunately, it is using something that hasn't been
>> maintained in a year and the article is kinda confusing. Look like it is
>> missing some information.
>> 
>> Does anybody have experience with that? Pointers would be appreciated.
>> 
>> Thanks,
>> Simon
>> 
>> 
>> 
>> -
>> To start a new topic, e-mail: users@tomcat.apache.org
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>> 
>> 
>> 
> 
> -- 
> View this message in context:
> http://www.nabble.com/Installing-Tomcat-and-IIS-tf2821771.html#a7886051
> Sent from the Tomcat - User mailing list archive at Nabble.com.
> 
> 
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Installing-Tomcat-and-IIS-tf2821771.html#a7922672
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Need help with JK2 connector/workers2.properties

[Simon Renshaw]

Hi,

I followed the instructions found at
http://tjworld.net/help/kb/0001_iis6-Tomcat5-JK2.html to install the
connector.

I also used the very basic workers2.properties files they provided.

Then I tested it. Going to http://192.168.64.20:9191/jsp-examples/ works
fine but if I try to go to http://192.168.64.20/jsp-examples/ I get a
404.

Any idea what I should check? Pretty stumped here.

Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Need help with JK2 connector/workers2.properties

[Simon Renshaw]

At the point I'm at, I will try this.

Thanks!

-Original Message-
From: Rainer Jung [mailto:[EMAIL PROTECTED] 
Sent: 19 décembre, 2006 14:29
To: Tomcat Users List
Subject: Re: Need help with JK2 connector/workers2.properties

Caldarale, Charles R schrieb:
>> From: Simon Renshaw [mailto:[EMAIL PROTECTED] 
>> Subject: Need help with JK2 connector/workers2.properties
>>
>> I followed the instructions found at
>> http://tjworld.net/help/kb/0001_iis6-Tomcat5-JK2.html to install the
>> connector.
> 
> The mod_jk2 package has been deprecated for well over a year - no
> development, no support.  Suggest reading the real Tomcat documentation:
> http://tomcat.apache.org/connectors-doc/

... and most of the nice features of mod_jk2 have been back-ported to
mod_jk.

> 
>  - Chuck

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Installing Tomcat and IIS

[Simon Renshaw]

Thanks again!

Today I will try to install version 1.2.

Maybe I'll get it to work.

My other sites are OWA and a few Wikis (uses PHP).

-Original Message-
From: LiuYan 刘研 [mailto:[EMAIL PROTECTED] 
Sent: 19 décembre, 2006 21:51
To: users@tomcat.apache.org
Subject: RE: Installing Tomcat and IIS


>I normally need to access http://localhost:9191/luntbuild to see my
application. So in theory with that filter thing installed correctly I
should be able to access it by going to http://localhost/luntbuild?
Yes, that's our goal of integration.

>But for IIS, /luntbuild does not exist. How does it figure out that it is a
Tomcat dir?
Have you configured URI mapping ?
I use jk1.2 (not jk2), I have a uriworkermap.properties file which saved
from my former tomcat installtion.
It seems that new version tomcat does not contained this file. Here is the
original content in uriworkermap.properties file:
# uriworkermap.properties - IIS
#
# This file provides sample mappings for example ajp13w
# worker defined in workermap.properties.minimal
# The general sytax for this file is:
# [URL]=[Worker name]

/servlet-examples/*=ajp13w

# Optionally filter out all .jpeg files inside that context
# For no mapping the url has to start with exclamation (!)

!/servlet-examples/*.jpeg=ajp13w


Maybe you need map the uri of your application (/luntbuild) to 'ajp13'. I
simply mapped all uri (/*) to 'ajp13',.
If you use jk2 which that article used, you can read the last paragraph of
http://www.iis-resources.com/modules/AMS/article.php?storyid=485&page=2

>Also, I'm running a few websites on this server. Does this have an impact
on the Tomcat/IIS integration?
Does your websites use only 1 script language ?
We have 3 websites on the same server, the main website only use ASP, the
other two websites only use JSP, they works ok now.
But when I try to installing 'awstats' which use PERL/CGI, I can't get PERL
and JSP running at the same time.


-- 
View this message in context: 
http://www.nabble.com/Installing-Tomcat-and-IIS-tf2821771.html#a7983783
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Need help with JK2 connector/workers2.properties

[Simon Renshaw]

I tried to get it to work with JK1.2 but I got the same page not found error.

There was no workers.properties and uriworkermap.properties files in Tomcat 
5.5.20 so I had to make my own. This might be the problem.

I put the following in workers.preperties (from Tomcat's site):

  # Define 1 real worker using ajp13
  worker.list=worker1
  # Set properties for worker1 (ajp13)
  worker.worker1.type=ajp13
  worker.worker1.host=localhost
  worker.worker1.port=8009
  worker.worker1.lbfactor=50
  worker.worker1.cachesize=10
  worker.worker1.cache_timeout=600
  worker.worker1.socket_keepalive=1
  worker.worker1.recycle_timeout=300

And in uriworkermap.properties (from a guess):

/jsp-examples/*=worker1 

/servlets-examples/*=worker1

/luntbuild/*=worker1

Is that correct?

I created the jakarta virtual directory and added the filter to the website.

Going to http://192.168.64.20:9191/jsp-examples/ works fine but I get a 404 if 
I try to go to http://192.168.64.20/jsp-examples/.

What am I missing?

Thanks!
Simon


-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] 
Sent: 19 décembre, 2006 14:20
To: Tomcat Users List
Subject: RE: Need help with JK2 connector/workers2.properties

> From: Simon Renshaw [mailto:[EMAIL PROTECTED] 
> Subject: Need help with JK2 connector/workers2.properties
> 
> I followed the instructions found at
> http://tjworld.net/help/kb/0001_iis6-Tomcat5-JK2.html to install the
> connector.

The mod_jk2 package has been deprecated for well over a year - no
development, no support.  Suggest reading the real Tomcat documentation:
http://tomcat.apache.org/connectors-doc/

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Need help with JK2 connector/workers2.properties

[Simon Renshaw]

This?




I use 9191 because 8080 is already in use on the server. Do I need to change it 
to something else?

-Original Message-
From: Martin Gainty [mailto:[EMAIL PROTECTED] 
Sent: 20 décembre, 2006 16:57
To: Tomcat Users List
Subject: Re: Need help with JK2 connector/workers2.properties

could you display the port number specification for your default connector in 
$CATALINA_BASE/conf/server.xml you will see 

To: "Tomcat Users List" 
Sent: Wednesday, December 20, 2006 2:31 PM
Subject: RE: Need help with JK2 connector/workers2.properties


I tried to get it to work with JK1.2 but I got the same page not found error.

There was no workers.properties and uriworkermap.properties files in Tomcat 
5.5.20 so I had to make my own. This might be the problem.

I put the following in workers.preperties (from Tomcat's site):

  # Define 1 real worker using ajp13
  worker.list=worker1
  # Set properties for worker1 (ajp13)
  worker.worker1.type=ajp13
  worker.worker1.host=localhost
  worker.worker1.port=8009
  worker.worker1.lbfactor=50
  worker.worker1.cachesize=10
  worker.worker1.cache_timeout=600
  worker.worker1.socket_keepalive=1
  worker.worker1.recycle_timeout=300

And in uriworkermap.properties (from a guess):

/jsp-examples/*=worker1 

/servlets-examples/*=worker1

/luntbuild/*=worker1

Is that correct?

I created the jakarta virtual directory and added the filter to the website.

Going to http://192.168.64.20:9191/jsp-examples/ works fine but I get a 404 if 
I try to go to http://192.168.64.20/jsp-examples/.

What am I missing?

Thanks!
Simon


-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] 
Sent: 19 décembre, 2006 14:20
To: Tomcat Users List
Subject: RE: Need help with JK2 connector/workers2.properties

> From: Simon Renshaw [mailto:[EMAIL PROTECTED] 
> Subject: Need help with JK2 connector/workers2.properties
> 
> I followed the instructions found at
> http://tjworld.net/help/kb/0001_iis6-Tomcat5-JK2.html to install the
> connector.

The mod_jk2 package has been deprecated for well over a year - no
development, no support.  Suggest reading the real Tomcat documentation:
http://tomcat.apache.org/connectors-doc/

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Need help with JK2 connector/workers2.properties

[Simon Renshaw]

Yes, it is running on 2003. I also created the web extension and it is allowed.

-Original Message-
From: Uhlig, Stefan [mailto:[EMAIL PROTECTED] 
Sent: 21 décembre, 2006 16:05
To: Tomcat Users List
Subject: AW: Need help with JK2 connector/workers2.properties

Do you run a Windows 2003 Server? I had problems with this. In this case, you 
have to add a "Web Service Extension" on IIS, which is pointing to Redirector 
dll, and you have to give status "allowed" in the checkbox.

Stefan

-Ursprüngliche Nachricht-
Von: Simon Renshaw [mailto:[EMAIL PROTECTED] 
Gesendet: Donnerstag, 21. Dezember 2006 19:12
An: Tomcat Users List; Martin Gainty
Betreff: RE: Need help with JK2 connector/workers2.properties

This?




I use 9191 because 8080 is already in use on the server. Do I need to change it 
to something else?

-Original Message-
From: Martin Gainty [mailto:[EMAIL PROTECTED] 
Sent: 20 décembre, 2006 16:57
To: Tomcat Users List
Subject: Re: Need help with JK2 connector/workers2.properties

could you display the port number specification for your default connector in 
$CATALINA_BASE/conf/server.xml you will see 

To: "Tomcat Users List" 
Sent: Wednesday, December 20, 2006 2:31 PM
Subject: RE: Need help with JK2 connector/workers2.properties


I tried to get it to work with JK1.2 but I got the same page not found error.

There was no workers.properties and uriworkermap.properties files in Tomcat 
5.5.20 so I had to make my own. This might be the problem.

I put the following in workers.preperties (from Tomcat's site):

  # Define 1 real worker using ajp13
  worker.list=worker1
  # Set properties for worker1 (ajp13)
  worker.worker1.type=ajp13
  worker.worker1.host=localhost
  worker.worker1.port=8009
  worker.worker1.lbfactor=50
  worker.worker1.cachesize=10
  worker.worker1.cache_timeout=600
  worker.worker1.socket_keepalive=1
  worker.worker1.recycle_timeout=300

And in uriworkermap.properties (from a guess):

/jsp-examples/*=worker1 

/servlets-examples/*=worker1

/luntbuild/*=worker1

Is that correct?

I created the jakarta virtual directory and added the filter to the website.

Going to http://192.168.64.20:9191/jsp-examples/ works fine but I get a 404 if 
I try to go to http://192.168.64.20/jsp-examples/.

What am I missing?

Thanks!
Simon


-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] 
Sent: 19 décembre, 2006 14:20
To: Tomcat Users List
Subject: RE: Need help with JK2 connector/workers2.properties

> From: Simon Renshaw [mailto:[EMAIL PROTECTED] 
> Subject: Need help with JK2 connector/workers2.properties
> 
> I followed the instructions found at
> http://tjworld.net/help/kb/0001_iis6-Tomcat5-JK2.html to install the
> connector.

The mod_jk2 package has been deprecated for well over a year - no
development, no support.  Suggest reading the real Tomcat documentation:
http://tomcat.apache.org/connectors-doc/

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

error-page with exception-type still causes log message with level=ERROR

[Simon Kitching]

Hi All,

I would like to have my servlet throw an exception when a certain 
problem occurs, and use an error-page definition to display an 
appropriate error page:



 
  au.com.nti.tns.workbench.error.WebappInternalError
 
 /my_error_page.jsp



This works fine. However I get an ERROR-level log message for each 
exception thrown:


2007-01-31 17:48:01,875 ERROR 
[org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/workbench].[proxy]] 
   Servlet.service() for servlet proxy threw exception

au.com.nti.tns.workbench.error.WebappInternalError
	at 
au.com.nti.tns.workbench.sitemesh.SiteMeshProxyServlet.execute(SiteMeshProxyServlet.java:168)
	at 
au.com.nti.tns.workbench.sitemesh.SiteMeshProxyServlet.doGet(SiteMeshProxyServlet.java:67)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)


(NB: the servlet in question is called "proxy", the webapp is "/workbench").

I would like to avoid this ERROR in the logs, but do not want to set 
logging to FATAL for the category 
"org.apache.catalina.core.ContainerBase" if I can avoid it. Perhaps 
there is some config option that can be set, or maybe I should make my 
custom exception subclass a special value?


It seems rather odd that even though I have an error-page declaration 
explicitly handling this exception type that an ERROR is still logged.


And yes I could use an http "error code" rather than throwing an 
exception, but I want to pass additional data through to the error page 
from the servlet, and embedding it in the thrown exception seems the 
most natural implementation.


I have searched the catalina source but cannot find where this exception 
is being logged from. Googling this error message and searching the 
email forums turned up nothing either.


I am using JBoss 4.0.5 which includes tomcat 5.5.20.

Thanks in advance,

Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat Custom Connector

[Simon Aquilina]

Hi,
 
I have checked the code in Tomcat again, and although it is very confusing I 
feel I did understand something here and there :) 
 
However I have a question - where is the adapter being set? No Adapter is being 
initialized in the 'JIoEndPoint', 'Http11Protocol' and 'Http11Processor'. I 
also checked the 'server.xml' file and this is not being set! From the API 
documentation I found out the 'CoyoteAdapter'; so is this the default being 
used for Tomcat? Is it the CoyoteAdapter which is responsible to find the 
servlet for which the request is? or? 
 
Thanks for any comments,
Simon J. 
> To: users@tomcat.apache.org> From: [EMAIL PROTECTED]> Subject: Re: Tomcat 
> Custom Connector> Date: Tue, 3 Jun 2008 19:17:03 -0700> > AFAIK, there isn't 
> a lot of documentation. But there isn't that much too > it. You need to 
> implement a ProtocolHandler > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/ProtocolHandler.html)
>  > This class is responsible for managing the transport (e.g. ServerSocket) 
> and > request threads (but the various EndPoint classes in > 
> org.apache.tomcat.util.net may simplify this aspect for you). For best > 
> results, this class may implement ActionHook as well > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/ActionHook.html).>
>  > When a new request comes in, it is the ProtocolHandler's job to initialize 
> a > Request > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/Request.html) 
> > and a Response > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/Response.html) 
> > objects for it, making certain that they get valid InputBuffer > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/InputBuffer.html)
>  > and OutputBuffer > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/OutputBuffer.html)
>  > instances to comunicate with the client. Then within the thread, you hand 
> > the Request and Response off to the service method of the Adapter > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/Adapter.html) 
> > that Tomcat will give to the ProtocolHandler. And that is pretty much it > 
> :).> > Using the standard server.xml (as opposed to Embedding), you would 
> configure > Tomcat to use your Connector with an element like:>  protocol="com.myfirm.mypackage.MyProtocolHandler" ... />> Any other 
> attributes in the  tag will be passed JavaBean style > to the 
> ProtocolHandler to handle init options.> > For the simplest example, look at 
> > org.apache.coyote.memory.MemoryProtocolHandler (but this one is mostly > 
> useful for unit testing).> > "Simon Aquilina" <[EMAIL PROTECTED]> wrote in 
> message > news:[EMAIL PROTECTED]> > Hi,> I am interested in building a custom 
> connector for Tomcat. I have checked > the Tomcat source code and found the 
> source code for the ‘http11’ and ‘ajp’ > connectors. I thought of trying to 
> understand the code of these two > connectors and then try to implement mine 
> based on these. However I am no > expert and was wondering if there is any 
> good documentation/tutorial on how > a connector can be developed for Tomcat 
> (I would later use this connector > with Geronimo).> Just to give you some 
> insight; what I want to achieve is to build a custom > connector so that 
> Tomcat can understand requests made from a 3rd party > clients who cannot 
> communicate using the Http protocol and nor do they > expect data in html 
> format. Additionally some of the clients could > communicate on Bluetooth!> I 
> do not know if the above is even possible but I am willing to try :)> Thanks 
> for any replies,> Regards,Sim085> 
> _> News, 
> entertainment and everything you care about at Live.com. Get it now!> 
> http://www.live.com/getstarted.aspx > > > > > 
> -> To 
> start a new topic, e-mail: users@tomcat.apache.org> To unsubscribe, e-mail: 
> [EMAIL PROTECTED]> For additional commands, e-mail: [EMAIL PROTECTED]> 
_
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx

jk load balancing based upon ip address rather than session id

[Simon Papillon]

Hello,

I'm using jk 1.2.25 with tomcat 5.5.25 and apache 2.0 on one debian
box - 2.4.27-2-386 i686 GNU/Linux

I've set up 3 tomcat instances  that receive requests from  the jk
load balancer worker

I've implemented in the web application, a simple cross domain single
sign on (SSO)  mechanism.   This mechanism ties the different session ids in
any single container together, regardless if they've originated from
different domains, for example:
sub1.mydomain.com
sub2.yourdomain.com
sub3.hisdomain.co.uk

Hence when a user "logs on" this is then reflected in all the
different sessions that they might be in a particular container for
that user, from the serviced domains that they've visited.

This is fine when there is just one container.  But when there are
several all servicing requests in a load balanced context, it doesn't
work, because the session ids from different domains may be directed
to different tomcat instances / containers, which then breaks the
assumption that the SSO mechanism relies upon (that all sessions being
held in a single container).

The tomcat instances aren't in a distributed cluster and I'd like to
keep it that way.

My initial idea is to balance the traffic based upon the ip address
rather than the session id, thus I can be assured that all requests
from a particular ip address will hit the same container, and hence
the single sign on mechanism will work.  I realise that this would
give me a much less granular balancing profile.  I'd much prefer to do
this through the jk load balancer although as an alternative I could
do it through the balancer web app that comes with tomcat and
implement a Rule in java myself.

I'm open to other ideas that get the job done.

I've read the following:
http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html
http://tomcat.apache.org/connectors-doc/reference/workers.html
http://tomcat.apache.org/tomcat-5.5-doc/balancer-howto.html
http://venus.rainbow-it.net/manual/en/mod/mod_proxy.html

I've searched the forums as well,

I had a cheeky look at the source too for shits and giggles, but still no joy.
native/common/jk_lb_worker.c
seems like the "get_most_suitable_worker" function is very much driven
from the session id - I'm no a C programmer :-(

My question is has anyone already done this?  Is there a better way of
doing it that I'm missing, or should I basically just do it through
the balancer web in tomcat app and forego the jk load balancer, or
bite the bullet and make the tomcat containers a cluster.

Any suggestions / help would be very much appreciated
Cheers
Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jk load balancing based upon ip address rather than session id

[Simon Papillon]

Hi Chris,

Thanks for the reply,
>
> Simon,
>
> Simon Papillon wrote:
> | when there are
> | several all servicing requests in a load balanced context, it doesn't
> | work, because the session ids from different domains may be directed
> | to different tomcat instances / containers, which then breaks the
> | assumption that the SSO mechanism relies upon (that all sessions being
> | held in a single container).
> |
> | The tomcat instances aren't in a distributed cluster and I'd like to
> | keep it that way.
>
> Isn't this what "sticky sessions" are for? You get randomly assigned to
> a server for your first request, and each subsequent request goes to
> that same server (unless it goes down, in which case you have to
> switch). This does not require distributable sessions.
>
> Does that not solve your SSO requirement?
>
> - -chris

Forgive me if I'm overlooking something, but as far as I understand
it, the sticky session mechanism is driven off the JSESSIONID that is
assigned by the tomcat container when a client first makes a request
that instigates a session creation, if no JSESSIONID cookie was sent
as part of the request the node is chosen according to the
worker.loadbalancer.method (Request, Session, Traffic, Busyness i
think Request is the default) .   Once a JSESSIONID has been set by a
container  the load balancer will then attach the JVMRoute onto the
end which will then be used by the jk load balancer in future requests
to determine the node to use to service the request.  e.g. if I have
three nodes (tomcatA, tomcatB, tomcatC) I could have the following
scenario...

child.first-domain.com : JSESSIONID = D75AA77AC6FBF43F2C2DDC195DDA6D44.tomcatC
doctor.second-domain.com : JSESSIONID = 5D211C177DFB064DEF731832CF07D693.tomcatA
nurse.third-domain.co.uk : JSESSIONID = E1EC672CAAA3F2F8348C2A23991DF46B.tomcatB

Where my browser has made three seperate requests for three seperate
resources, all serviced by the same group of tomcat containers through
vhosting, behind the load balancer, in which case my SSO mechanism
won't work as future requests on
child.first-domain.com, doctor.second-domain.com and
nurse.third-domain.co.uk will behandled by tomcatC, tomcatA and
tomcatB respectively.

As the SSO mechanism is based on the assumption that all requests from
the same browser are handled by the same container, this will break
the SSO,

Let me know if I'm misunderstanding some fundermental way in which the
jk load balancer works, or if I'm not explaing myself well,
Cheers
Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jk load balancing based upon ip address rather than session id

[Simon Papillon]

Hi Chris,
So just to follow up on your post,

> So, really, it's not that you want to "load balance" based upon IP
> address... you really want to predictably choose a member of the server
> farm based upon some knowledge of the client such that, regardless of
> the domain name used, the initial request (and therefore all the rest)
> go to a particular member.

That's exactly it. I want all requests from the same client to be
channeled through to the same tomcat instance, regardless of the
domain.  Sorry for the confusion.

>
> You may be able to do this, but you'll certainly have to hack mod_jk in
> order to do it.
>
> I believe there is a method in mod_jk that chooses the jvmRoute for the
> first (JSESSIONID-less) request. If you were to modify that algorithm,
> you could achieve your goal, here. I'm a little worried that you might
> implement a fragile algorithm, though, and end up with an unbalanced
> load balancer.

I'll check this out, I think you could be right, it will probably lead
to a lumpy load profile accross the tomcat servers, but I might give
it a go.

> Do you have options other than using SSO?
>
> Come to think of it... how does SSO work when you switch domains with
> even a single server -- that is, without load balancing in the mix? I
> would expect that, since you are switching domains, your browser would
> not send a JSESSIONID cookie to the server, and thus you would not be
> recognized as having an existing session.
>
> ??!
I set a tracking gif on each page pointing to a single domain e.g.
tracker.first-domain.com this is served up by the same container
as an query string argument I pass in the jsessionid for whichever
domain the request is made to.  For example if the domains
have sessions as follows

http://child.first-domain.com : JSESSIONID=1234
http://doctor.second-domain.com : JSESSIONID=ABCD
http://nurse.third-domain.co.uk : JSESSIONID=wxyz

a.jsp on child.first-domain.com

.
http://tracker.first-domain.com/track.gif?sid=1234
.


a.jsp on doctor.second-domain.com

.
http://tracker.first-domain.com/track.gif?sid=ABCD
.

etc for nurse.third-domain.co.uk

the servlet handling the tracker.first-domain.com/track.gif registers
the different domain specific session ids with its own session id and
thus ties them altogether, thus when one of the session ids logs on,
its associated with a tracker session id which can then propogate the
information to the other user sessions.
Its a bit rough and ready, but seems to work, I think the tracker gif
thing ist the most common way that the web analytics tools work.
If you want more info on this I'll happily send you the code its a
couple of java files about 400 lines in total.

Thanks for your reply,
All the best
Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jk load balancing based upon ip address rather than session id

[Simon Papillon]

Ben, Rainer,
That is an excellent idea, and would seem to be a  very elegant
solution, I'll give it a shot.
Thank you both very much.  I really appreciate it.

Cheers
Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jk load balancing based upon ip address rather than session id

[Simon Papillon]

Hi André,

> You could do the authentication and SSO handling at the Apache level, and
> set some "partial domain" cookie at that level, with some cross-domain
> identifier (as long as the domains have a common part of course).
> The browser will later send this cookie back with each request addressed to
> any of the servers that match the partial domain.

Your understanding of it, as far as my understanding is concerned, is
spot on, but like you say in your post ...
"as long as the domains have a common part of course"
Unfortunately in my case that doesn't hold true, its an international
site, and we've got the same domain names for different  tlds e.g.:
mydomain.com
mydomain.com.ar

So right at the top level (com vs / .com.ar), I'm a bit hamstrung
other than that you're completely correct.  I read a few other posts
about trying to ensure that the JSESSIONID cookie sent by TC applies
to the domain name and not the subdomain through TC (rather than doing
it through apache) - this one might be of interest to you:

http://www.nabble.com/Share-session-cookie-across-subdomains-td16787390.html

but regardless in my case this doesn't help me because I'm essentially
using two distinct domains.

Cheers for the comment though
Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jk load balancing based upon ip address rather than session id

[Simon Papillon]

Hi Chris,
>
> Wow, does that really work? That's a tremendously cool hack, if so!
>
It seems to, although it's not yet been tested in anger and there is
scope for dependancy issues if you navigate from one domain directly
to the another expecting a continous session experience.
What I mean is that you need to have one request for a resource on
each domain to ensure that that session id is tied to the tracking id.
 Although I can think of several simple ways to overcome this,
although in my case I don't need to due to the structure business
domain / use cases that the web app models.

> TC should not be respecting the JSESSIONID passed-in if it is invalid.
> Perhaps I'm misunderstanding you, though. Do you have a registry of
> session ids cross-linked in the session of each web application?
>
If I understand you correctly, yes.  I use the session ids as a
convenient session unique ids in my own registry of user login
sessions and a tracking id which happens to be a JSESSIONID.

Cheers
Simon

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat Custom Connector

[Simon Aquilina]

Hi Bill,
 
Thanks again for your reply. Your comments are very helpfull :) I will 
definitly have other questions in the future but for now I think I can move 
forward :)
 
Thanks again,
Simon J.> To: users@tomcat.apache.org> From: [EMAIL PROTECTED]> Subject: Re: 
Tomcat Custom Connector> Date: Fri, 13 Jun 2008 19:51:35 -0700> > The Adapter 
is set in the initialize method of the Connector > 
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/connector/Connector.html).
 > You can pretty much just trust that Tomcat will give you an Adapter instance 
> before the first request comes through, since that is the contract. Yes, > 
the current implementation only will give you an instance of CoyoteAdapter, > 
but programming your ProtocolHandler around this is dangerous, since the > 
contract only promises an instance of Adapter.> > The Adapter is the bridge 
between your ProtocolHandler and the Tomcat > Servlet Container. Once you hand 
off your Request and Response objects to > the Adapter, you can trust that 
Tomcat will handle all of the Servlet-Spec > parts by itself, including finding 
the Servlet to send the request to. At > that point, you are only responsible 
for communicating with the client over > the wire via the InputBuffer and 
OutputBuffer interfaces. For example, the > various AJP/1.3 Connectors > 
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/ajp/AjpProcessor.html)
 > convert the message into AJP/1.3 format before sending it over the wire to > 
Apache httpd.> > Once you have figured out how to initialize the Request and 
Response objects > to look enough like the wire protocol was HTTP, the rest is 
really pretty > easy :). For non-HTTP protocols (e.g. trying to make Tomcat 
look like an > FTP server), this is the hard part.> > "Simon Aquilina" <[EMAIL 
PROTECTED]> wrote in message > news:[EMAIL PROTECTED]> > Hi,> > I have checked 
the code in Tomcat again, and although it is very confusing I > feel I did 
understand something here and there :)> > However I have a question - where is 
the adapter being set? No Adapter is > being initialized in the 'JIoEndPoint', 
'Http11Protocol' and > 'Http11Processor'. I also checked the 'server.xml' file 
and this is not > being set! From the API documentation I found out the 
'CoyoteAdapter'; so is > this the default being used for Tomcat? Is it the 
CoyoteAdapter which is > responsible to find the servlet for which the request 
is? or?> > Thanks for any comments,> Simon J.> > To: users@tomcat.apache.org> 
From: [EMAIL PROTECTED]> Subject: Re: > > Tomcat Custom Connector> Date: Tue, 3 
Jun 2008 19:17:03 -0700> > AFAIK, > > there isn't a lot of documentation. But 
there isn't that much too > it. > > You need to implement a ProtocolHandler > > 
> 
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/ProtocolHandler.html)
 > > > This class is responsible for managing the transport (e.g. ServerSocket) 
> > and > request threads (but the various EndPoint classes in > > > 
org.apache.tomcat.util.net may simplify this aspect for you). For best > > > 
results, this class may implement ActionHook as well > > > 
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/ActionHook.html).>
 > > > When a new request comes in, it is the ProtocolHandler's job to > > 
initialize a > Request > > > 
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/Request.html) > 
> > and a Response > > > 
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/Response.html) > 
> > objects for it, making certain that they get valid InputBuffer > > > 
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/InputBuffer.html)
 > > > and OutputBuffer > > > 
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/OutputBuffer.html)
 > > > instances to comunicate with the client. Then within the thread, you > > 
hand > the Request and Response off to the service method of the Adapter > > > 
(http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/Adapter.html) > 
> > that Tomcat will give to the ProtocolHandler. And that is pretty much it > 
> > :).> > Using the standard server.xml (as opposed to Embedding), you > > 
would configure > Tomcat to use your Connector with an element like:> > > 
> Any > > 
other attributes in the  tag will be passed JavaBean style > > > 
to the ProtocolHandler to handle init options.> > For the simplest > > example, 
look at > org.apache.coyote.memory.MemoryProtocolHandler (but > > t

Embedding custom metadata in a jsp page; access generated Class via reflection?

[Simon Kitching]

Hi,

I need to associate some custom metadata with JSP pages, and access it 
*before* the page is rendered.


The current implementation uses an xml with the same name as the jsp, eg
foo.jsp
foo.xml
so that when I'm about to forward to "foo.jsp" I first look for a 
"foo.xml" file and if present parse it to extract the metadata.


I'd really like to embed that metadata within the jsp page itself - but 
need access to that info *before* the jsp page executes.


(a)
Is it possible to obtain the name of the Class that is generated for a 
jsp, so that I could do introspection on it?


It would then be possible to embed something like this into the page:
<%!
 private static MyMetaData metaData = new MetaData();
 public static MyMetaData getMetaData() { return metaData; }
%>

and look for/invoke the getMetaData method *before* forwarding to the page.

Of course, this also requires that the servlet-class for the jsp has 
actually been generated. Is there a way to guarantee this is done for 
any particular jsp before actually doing a forward?


Note that requiring pre-compilation of all jsps is not an option. This 
metadata stuff is needed for an open-source framework, and it is not 
reasonable to tell every possible user of this framework to precompile 
their jsps.


(b)
If the above is possible, is there a way to generate those static 
members from a custom JSP tag? It would be nicer to be able to do:


and have that define the static members listed above.


Or perhaps someone can suggest an alternate approach to embedding 
metadata that can be accessed before the page renders?


Thanks,
Simon


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Embedding custom metadata in a jsp page; access generated Class via reflection?

[Simon Kitching]

Mikolaj Rydzewski schrieb:


> Simon Kitching wrote:
  
>> Or perhaps someone can suggest an alternate approach to embedding 
>> metadata that can be accessed before the page renders?

> Please provide as with more details, at this point your requirement is 
> a little bit strange. Have you considered using filters?

>
  

Ok, here are some more details.

I'm working on the myfaces orchestra flow project (for JavaServer Faces, aka JSF). It allows one JSF page to 
"call" another JSF page like a subroutine, passing parameters and allows the called page(s) to 
simply "return" to the page that called them, passing back results. This makes navigation between 
pages easier, makes the data passing explicit, and avoids any potential variablename "collisions" 
by setting up a completely clean scope for the called page to run in, with only the passed variables visible.

When a "call" to a page is done, the page from which the call is made must declare metadata about 
what the parameters to be passed are, and what logical "service" the called page provides. The 
called page also needs to declare what input parameters it expects, and what logical service it provides. 
Think of this like a Java method "prototype" (which is also metadata, and can be queried via java 
reflection).

The code where this metadata is needed is in a JSF ViewHandler, which is indirectly 
called from the JSF FacesServlet class, after the user has submitted a form. The metadata 
is used for sanity-checking of the call and setting up of the passed parameters 
(rearrangement of variables in the http session scope etc). Then a forward to the 
"called" page is done.

As described in the original email, this is currently done by looking for a ".xml" file sitting beside each .jsp. It works ok, and for any JSF view mechanism (jsp, facelets, clay, etc). But some people might find embedding the information in the actual page to be nicer to work with. Doing this with Facelets isn't too hard, but embedding the necessary info into a jsp page is straining my jsp knowledge considerably  :-) 


However I think the issue is a generic one, not anything specific to this particular case: I want 
to add "metadata" to a jsp page, just like java annotations provide static metadata about 
a class without needing to create an instance and execute it. I would think that being able to 
"annotate" a jsp would be useful for many purposes.

Regards,
Simon




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Embedding custom metadata in a jsp page; access generated Class via reflection?

[Simon Kitching]

Thanks very much to all who replied!

The suggestions based on requiring jspx as the jsp-file format are 
unfortunately not possible. That's too much to require of users of the 
new framework. And non-xml jsp is really hard to parse. So I think that 
the suggestions involving scanning the .jsp myself are not going to be 
feasable.


And "sordid container-specific hacks" are not really tempting either 
;-). As there doesn't seem to be any reasonably portable solution, I'll 
take Bill and Mikolaj's advice and drop this idea (ie only support 
metadata via companion .xml files).


I might propose the idea of "jsp metadata" to the jsp group for the next 
spec version though. It seems to me that all that is really missing is 
an api something like RequestDispatcher.getServletClass() to get the 
class that will handle the url that the RequestDispatcher wraps. Then it 
would be possible to get the class of the servlet generated from the 
jsp. Hmm..in the case of jsp, this would need to return not the 
"JspServlet" that compiles the jsps, but the generated class, so it's 
not trivial. There's probably a solution somewhere though..


Thanks again,
Simon

Bill Barker schrieb:
As Mikolaj pointed out, there is absolutely no way to do this that will be 
compatible across containers.


And, even for Tomcat only, this isn't going to be easy.  Tomcat (or, more 
correctly Jasper) doesn't publish this information in any form that can be 
reliably read (e.g. JMX).  Partially this is because the class name may 
change if you are running in developement mode (where it re-compiles changed 
JSP pages on the fly).


I can think of various sordid container-specific hacks based on 
getClassLoader().getResources(...), but I'm sure that you can think of them 
too ;).  If this was for one webapp, then I'd just pre-compile all the JSP 
pages before deploying, and have a catalog that maps servlet-path to 
classname.  For a framework, I can't think of anything better than a 
ResponseWrapper that handles requests with reserved query-strings.  But this 
is ugly enough, that personally I'd just stick with the separate .xml file.


"Simon Kitching" <[EMAIL PROTECTED]> wrote in message 
news:[EMAIL PROTECTED]
  

Mikolaj Rydzewski schrieb:



Simon Kitching wrote:

Or perhaps someone can suggest an alternate approach to embedding 
metadata that can be accessed before the page renders?

Please provide as with more details, at this point your requirement 
is a little bit strange. Have you considered using filters?




Ok, here are some more details.

I'm working on the myfaces orchestra flow project (for JavaServer Faces, 
aka JSF). It allows one JSF page to "call" another JSF page like a 
subroutine, passing parameters and allows the called page(s) to simply 
"return" to the page that called them, passing back results. This makes 
navigation between pages easier, makes the data passing explicit, and 
avoids any potential variablename "collisions" by setting up a completely 
clean scope for the called page to run in, with only the passed variables 
visible.


When a "call" to a page is done, the page from which the call is made must 
declare metadata about what the parameters to be passed are, and what 
logical "service" the called page provides. The called page also needs to 
declare what input parameters it expects, and what logical service it 
provides. Think of this like a Java method "prototype" (which is also 
metadata, and can be queried via java reflection).


The code where this metadata is needed is in a JSF ViewHandler, which is 
indirectly called from the JSF FacesServlet class, after the user has 
submitted a form. The metadata is used for sanity-checking of the call and 
setting up of the passed parameters (rearrangement of variables in the 
http session scope etc). Then a forward to the "called" page is done.


As described in the original email, this is currently done by looking for 
a ".xml" file sitting beside each .jsp. It works ok, and for any JSF view 
mechanism (jsp, facelets, clay, etc). But some people might find embedding 
the information in the actual page to be nicer to work with. Doing this 
with Facelets isn't too hard, but embedding the necessary info into a jsp 
page is straining my jsp knowledge considerably  :-)
However I think the issue is a generic one, not anything specific to this 
particular case: I want to add "metadata" to a jsp page, just like java 
annotations provide static metadata about a class without needing to 
create an instance and execute it. I would think that being able to 
"annotate" a jsp would be useful for many purposes.


Regards,
Simon




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat Custom Connector

[Simon Aquilina]

Hi again,

(I posted a similar question to this in the dev mailing list because I 
misunderstood the aim of that mailing list). 

During these last few weeks I did a lot of research on how connectors work in 
Tomcat and I can understand most of it now. However I have a small issue. 

I noticed that the Request class in the Coyote package does not inherit from 
the ServletRequest interface. This made me wonder if internally tomcat actually 
maps the type of Request object to another type of Request object of type 
ServletRequest (at first).

I therefore decided to check the code of the CoyoteAdapter inside the Catalina 
package. Here I found that in the service() method first a Request object of 
type HttpServlet is tried to retrieved from the Request object created in the 
Coyote package. If this is not found then it is created.

Therefor I feel that in order to develop a protocol handler completly http 
independent then I will need to also develop my own implementation of Adapter! 
Is this right? If so how would I tell tomcat to use my Adapter version?

Also howcome this type of design. I am sure that there must be a reason behind 
it. However why isn't the Request object created of type HttpServlet or some 
other type within the Coyote package rather then leave it to the CoyoteAdapter 
within the Catalina package.

Thanks and Regards,
Simon J.



> From: [EMAIL PROTECTED]
> To: users@tomcat.apache.org
> Subject: RE: Tomcat Custom Connector
> Date: Tue, 17 Jun 2008 10:41:54 +0200
> 
> 
> Hi Bill,
>  
> Thanks again for your reply. Your comments are very helpfull :) I will 
> definitly have other questions in the future but for now I think I can move 
> forward :)
>  
> Thanks again,
> Simon J.> To: users@tomcat.apache.org> From: [EMAIL PROTECTED]> Subject: Re: 
> Tomcat Custom Connector> Date: Fri, 13 Jun 2008 19:51:35 -0700> > The Adapter 
> is set in the initialize method of the Connector > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/connector/Connector.html).
>  > You can pretty much just trust that Tomcat will give you an Adapter 
> instance > before the first request comes through, since that is the 
> contract. Yes, > the current implementation only will give you an instance of 
> CoyoteAdapter, > but programming your ProtocolHandler around this is 
> dangerous, since the > contract only promises an instance of Adapter.> > The 
> Adapter is the bridge between your ProtocolHandler and the Tomcat > Servlet 
> Container. Once you hand off your Request and Response objects to > the 
> Adapter, you can trust that Tomcat will handle all of the Servlet-Spec > 
> parts by itself, including finding the Servlet to send the request to. At > 
> that point, you are only responsible for communicating with the client over > 
> the wire via the InputBuffer and OutputBuffer interfaces. For example, the > 
> various AJP/1.3 Connectors > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/ajp/AjpProcessor.html)
>  > convert the message into AJP/1.3 format before sending it over the wire to 
> > Apache httpd.> > Once you have figured out how to initialize the Request 
> and Response objects > to look enough like the wire protocol was HTTP, the 
> rest is really pretty > easy :). For non-HTTP protocols (e.g. trying to make 
> Tomcat look like an > FTP server), this is the hard part.> > "Simon Aquilina" 
> <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED]> > Hi,> > I 
> have checked the code in Tomcat again, and although it is very confusing I > 
> feel I did understand something here and there :)> > However I have a 
> question - where is the adapter being set? No Adapter is > being initialized 
> in the 'JIoEndPoint', 'Http11Protocol' and > 'Http11Processor'. I also 
> checked the 'server.xml' file and this is not > being set! From the API 
> documentation I found out the 'CoyoteAdapter'; so is > this the default being 
> used for Tomcat? Is it the CoyoteAdapter which is > responsible to find the 
> servlet for which the request is? or?> > Thanks for any comments,> Simon J.> 
> > To: users@tomcat.apache.org> From: [EMAIL PROTECTED]> Subject: Re: > > 
> Tomcat Custom Connector> Date: Tue, 3 Jun 2008 19:17:03 -0700> > AFAIK, > > 
> there isn't a lot of documentation. But there isn't that much too > it. > > 
> You need to implement a ProtocolHandler > > > 
> (http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/ProtocolHandler.html)
>  > > > This class is responsible for managing the transport (e.g. 
> ServerSocket) > > and > r

Marking servlet [] as unavailable, again...

[Simon Brooke]

Yes, I've read through previous threads on this subject; I haven't found 
anything which helps me.

Recently I've had a spate of unexplained 'Marking servlet [] as 
unavailable' issues on my development server. It is a development 
server, and so, of course, all the servlets on it are pretty much in 
development; but the tomcat version is Debian's packaging of tomcat5, 
package version 5.0.30-12, and has been installed 'out of the box' with 
the only special configuration I've done to set 

JAVA_HOME=/opt/ibm-java2-i386-50
TOMCAT5_SECURITY=no

in /etc/default/tomcat5. No change has been made to the install since 
2006-05-15, and the 'Marking ... as unavailable' issue has only started 
recently. 

what I'm getting in the localhost log is just:

2007-03-24 14:36:51 StandardContext[/pres]Marking servlet news as 
unavailable

What I'm getting in the catalina log is nothing relevant at all. My 
webapp starts:

24-Mar-2007 14:36:27 org.apache.catalina.core.StandardHostDeployer 
install
INFO: Installing web application at context path /pres from URL 
file:/var/lib/tomcat5/webapps/pres

Then my servlet starts to initialise itself:

24-Mar-2007 14:36:29 org.apache.catalina.startup.Catalina start
INFO: Server startup in 9479 ms
Will parse category article from pathinfo
Looking for class 'uk.co.weft.exceptionhandler.BugzillaExceptionHandler'
Looking for class 'uk.co.weft.pres.server.PrimitiveGenerator'

And then - nothing at all.

Nothing whatever is printed to catalina.out.

I should say this does not affect the majority of my servlets; the 
majority of the servlets in this webapp work perfectly. It's a minority 
of servlets that are affected, and I suspect that the problem may be 
dependency on Xerces; but without more diagnostics it's hard to be 
certain.

What I need to know is how to configure Tomcat so that it will print an 
exception dump somewhere when it is marking things as unavailable.

Thanks

Simon

-- 
Simon Brooke::  [EMAIL PROTECTED]   ::  http://www.weft.co.uk/

Simon Brooke trading as The Web Engineering Factory and Toolworks.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Marking servlet [] as unavailable, again...

[Simon Brooke]

On Sunday 25 March 2007 02:44, Martin Gainty wrote:
> Simon-
>
> something is happening to interfere with the successful completion of
> init() method of your Servlet such as cannot find classes such as
> 'uk.co.weft.exceptionhandler.BugzillaExceptionHandler'
> or one of the init-param in web.xml could be incorrectly spelled or
> not there put in log.debug or System,out.println() statements every
> other statement in your init method so you can see each line being
> executed in your init()

Was the right answer, thanks!

-- 
Simon Brooke::  [EMAIL PROTECTED]   ::  http://www.weft.co.uk/

Simon Brooke trading as The Web Engineering Factory and Toolworks.

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Global Footer Accross All Webapps

[Simon Stone]

I am trying to find a way to put some html text on the bottom of all pages
across all webapps.

So what i would like to acheive is when any page is displayed to a visitor
at the bottom of the page, MY text is added without changing the files
within the webapp's themselves.

Basically a global footer page.

An example of the footer page, would have the following information:-

Powered by Apache Tomcat  http://globalsite.com/images/tomcat.jpg border= 


My current structure is as follows:-

Tomcat
   WebApp1
  index.jsp
  page2.jsp
   WebApp2
  index.jsp
  someotherpage.jsp
   WebApp3
  index.jsp
  anyotherpage.jsp
-- 
View this message in context: 
http://www.nabble.com/Global-Footer-Accross-All-Webapps-tf3606998.html#a10077332
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]