which apache
Hello I have installed Tomcat and Apache, and both of them works fine, however , tomcat has been installed as standalone and just listen to Apache that came with Tomcat, how I can change it, so Tomcat works with my desired Apache. Thanks for your help - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
decompile java class
Hello I am trying to decompile the java class file with javap command but it returns my-class-name.class contains some-other-package so I am unable to decompile it . is any one has experience with javap command ? how can I decompile a class that cotains other package or classes. I am aware of other decompilers, but I can not use them. thanks for help - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: decompile java class
Thanks Mohsen for your reply, but I can not download and use jad or other decompilers, please let me know if you know how to decompile the java class that contains another class. Thanks Mohsen Saboorian wrote: Use JAD instead. It is quite simple and fast. http://www.kpdus.com/jad.html On 7/26/06, Tomcat <[EMAIL PROTECTED]> wrote: Hello I am trying to decompile the java class file with javap command but it returns my-class-name.class contains some-other-package so I am unable to decompile it . is any one has experience with javap command ? how can I decompile a class that cotains other package or classes. I am aware of other decompilers, but I can not use them. thanks for help - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
decompile java class
Hello would you pleas help me with this , when I am trying to decompile a class file with javap -c myclass.class I am receiving following error : Error: Binary file myclass contains com.cnsw.reveiw.conf how can I decompile the class file that contain another class , also I want to use it with javap and not other tools. Thanks for help - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
difference between thread and session
Hello what is the difference between thread and session in tomcat ? I was thinking that they are the same, but in server setting of tomcat manager it shows different thread number to session number in application list. Thanks for help - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Multiple apache web servers single Tomcat, how many Connectors are needed?
Hello, Hopefully someone can clarify a setup query I have as after lots of searching I cannot find a definitive answer. Although I'm configuring a much more complex system the problem I have boils down to this. I want to configure two Apache instances running on separate servers to talk to a single Tomcat instance (on its own server) but need clarification on the number of Connectors I need to define on the Tomcat side (server.xml). Is it a Connector listening on individual ports for each web server or one Connetor for all web servers? Apache 2.0.59 mod_jk 1.2.18 Tomcat 5.5.17 Thanks in advance J - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Data source realm, using primary keys (not varchar)?
Hi I'm trying to learn authentication and authorization within a web application, and I think I know the basic stuff an maybe a bit more. I just read the Tomcat howto guide on realm, and especially data source realm. But I think their data base example is a bit strange. They have a table user_roles that consists of a user_name and a role_name. The odd thing is, these fields are not foreign keys, but varchars! This is really not good database design. What if I for some reason want to change a username? I should only have to change the username field in the users table. The same thing goes with the rolename, although a changed rolename would a demand a change in the authorization code within the web application, but as far as the database is concerned I should only have to make the change in a single table. I would like something like this: create table users ( user_id int not null primary key, user_name varchar(15) not null, user_pass varchar(15) not null, ); create table roles ( role_id int not null primary key, role_name varchar(15) not null, ); create table user_roles ( user_roles_id int not null primary key, user_id int not null, role_id int not null, ); Is this possible? I still want to use the built in authentication and authorization. If it is possible, how do I configure it in tomcat? http://tomcat.apache.org/tomcat-5.0-doc/realm-howto.html#DataSourceRealm Regards /Jimi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat-apache ajp13 connection problem (answer time)
hello there, i have two servers inside the dmz, one with redhat 9 the other with fedora core 4. the box running with fedora core has tomcat 5.5.9 and apache 2.0.54. the connection is made with ajp13. the redhat 9 has an older apache and java version. these two servers run separated, so each one has all it needs on its system. there are multiple virtual hosts and web applications on each server. accessing such a web application from localhost works well, the same when beeing inside the dmz and using a testclient. now the problem, requests from outside the dmz work still well for the redhat 9 installation, fedora core 4 however has answer times between page and image loads that are from multiple seconds to minutes! i have looked at all known log files, but got no errors at all, there is simply a wait time between multiple requests and i dont see why. running tomcat on port 80 as standalone however works correctly from outside the dmz. apache as standalone too. however as soon as the ajp13 connector connects the two, from outside the dmz requests slow down. has anybody an idea where i might have a closer look too to get this problem solved ? thanks a lot, stephan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat-apache ajp13 connection problem (answer time)
no, none at all. there is the network switch followed by the firewall. Quoting Prasad <[EMAIL PROTECTED]>: > Any load balancers exist in your enviornment ?? > [EMAIL PROTECTED] wrote: > > >hello there, > > > >i have two servers inside the dmz, one with redhat 9 the other with > >fedora core 4. the box running with fedora core has tomcat 5.5.9 > >and apache 2.0.54. the connection is made with ajp13. > >the redhat 9 has an older apache and java version. > >these two servers run separated, so each one has all it > >needs on its system. > > > >there are multiple virtual hosts and web applications on each server. > >accessing such a web application from localhost works well, the > >same when beeing inside the dmz and using a testclient. > >now the problem, requests from outside the dmz work still well > >for the redhat 9 installation, fedora core 4 however has answer > >times between page and image loads that are from multiple seconds > >to minutes! > > > >i have looked at all known log files, but got no errors at all, there > >is simply a wait time between multiple requests and i dont see why. > > > >running tomcat on port 80 as standalone however works correctly from > >outside the dmz. apache as standalone too. however as soon as the > >ajp13 connector connects the two, from outside the dmz requests slow > >down. > > > >has anybody an idea where i might have a closer look too to get this > >problem solved ? > > > >thanks a lot, > > > >stephan > > > > > > > > > > > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Context files disapearring
Hello, I am using Tomcat 5.5.16 and every now and then, my context.xml files get deleted from the $TOMCAT_HOME/conf/Catalina/localhost directory. This seems to be random and it is becoming very frustrating. Does anyone know what's causing this to happen? and how the problem can be fixed? Thanks. Aladin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Context files disapearring
Thanks for the response. I've never seen it happen randomly either... but what can I say? I shutdown my server yesterday (as in powered it off) and when I restarted it, all the context files were gone including the manager.xml. Any thoughts?? Aladin > [EMAIL PROTECTED] wrote: >> I am using Tomcat 5.5.16 and every now and then, my context.xml files >> get >> deleted from the $TOMCAT_HOME/conf/Catalina/localhost directory. This >> seems to be random and it is becoming very frustrating. >> >> Does anyone know what's causing this to happen? and how the problem can >> be >> fixed? > > I've never seen this happen randomly. I only see this happen upon undeploy > of > the correspondent webapp - and that's the way things are designed > (AFAICT). > > Regards > mks > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Context files disapearring
I'm running tomcat on Linux machine (FC2) and it is installed in: /usr/local/jakarta/tomcat Aladin > Sounds to me like some other process is responsible for this. Out of > curiosity, what platform are you on (Windows, Linux, etc., ...) and > where is tomcat installed? > > --David > > [EMAIL PROTECTED] wrote: > >>Thanks for the response. I've never seen it happen randomly either... >> but >>what can I say? >> >>I shutdown my server yesterday (as in powered it off) and when I >> restarted >>it, all the context files were gone including the manager.xml. >> >>Any thoughts?? >> >>Aladin >> >> >> >> >> >>>[EMAIL PROTECTED] wrote: >>> >>> >>>>I am using Tomcat 5.5.16 and every now and then, my context.xml files >>>>get >>>>deleted from the $TOMCAT_HOME/conf/Catalina/localhost directory. This >>>>seems to be random and it is becoming very frustrating. >>>> >>>>Does anyone know what's causing this to happen? and how the problem can >>>>be >>>>fixed? >>>> >>>> >>>I've never seen this happen randomly. I only see this happen upon >>> undeploy >>>of >>>the correspondent webapp - and that's the way things are designed >>>(AFAICT). >>> >>>Regards >>> mks >>> >>>- >>>To unsubscribe, e-mail: [EMAIL PROTECTED] >>>For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> >> >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
crossContext breaking class hierarchy?
Hello,
I am experiencing a problem with Tomcat and class hierarchies. In
particular when an object (which implements interface X) is shared among
serveral contexts I am unable to cast the object back into interface X.
Here is the setup (for simplicity I'll illustrate this with 2 contexts):
* Interface "ClassInterface" is distributed across all applications in a
.jar.
Application A in context a
--
- Implements ClassInterface and adds an instance of the class in it's
context:
ClassInterface i = new ClassInterfaceImplementation();
getServletContext().setAttribute("some.key", i);
Application B in context b
--
- Tries to cast the object in the context back into a ClassInterface but
fails with a classCastException: ClassInterfaceImplementation
ServletContext context = (ServletContext)
getServletContext.getContext("/a");
ClassInterface i = (ClassInterface) context.getAttribute("some.key");
-- EXCEPTION IS THROWN --
java.lang.ClassCastException: ClassInterfaceImplementation
Has anybody experienced this before? Does setting an attribute in the
context mess things up with the class hierarchy?
Thanks.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: crossContext breaking class hierarchy?
My interface is only in the 2 context specific locations:
Application A context a: /WEB-INF/lib/interface.jar
Application B context b: /WEB-INF/lib/interface.jar
It is not in the Tomcat common or shared lib folders; I've verified this
just in case I had a brain cramp.
> I've seen this with Oracle jdbc objects. If you have classes12.jar in
> your
> WEB-INF/lib directory, and a copy in common/lib (for the Tomcat
> Datasource)
> then you will have TWO oracle.jdbc.XX classes loaded, one in the common
> classloader and on in your web app's classloader and although they are
> both
> oracle.jdbc.XX, they are not the SAME class object (instance).
>
> So, be certain your interface X is not in two visible places. Or if it
> is,
> you cannot cast objects from one classloader to the other.
>
> Tim
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 06, 2006 10:10 AM
> To: users@tomcat.apache.org
> Subject: crossContext breaking class hierarchy?
>
> Hello,
>
> I am experiencing a problem with Tomcat and class hierarchies. In
> particular when an object (which implements interface X) is shared among
> serveral contexts I am unable to cast the object back into interface X.
>
> Here is the setup (for simplicity I'll illustrate this with 2 contexts):
>
> * Interface "ClassInterface" is distributed across all applications in a
> .jar.
>
> Application A in context a
> --
> - Implements ClassInterface and adds an instance of the class in it's
> context:
>
> ClassInterface i = new ClassInterfaceImplementation();
> getServletContext().setAttribute("some.key", i);
>
> Application B in context b
> --
> - Tries to cast the object in the context back into a ClassInterface but
> fails with a classCastException: ClassInterfaceImplementation
>
> ServletContext context = (ServletContext)
> getServletContext.getContext("/a");
> ClassInterface i = (ClassInterface) context.getAttribute("some.key");
> -- EXCEPTION IS THROWN --
> java.lang.ClassCastException: ClassInterfaceImplementation
>
>
> Has anybody experienced this before? Does setting an attribute in the
> context mess things up with the class hierarchy?
>
> Thanks.
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: crossContext breaking class hierarchy?
Problem sovled. Thanks Tim you got me thinking on the right path.
I put the interface.jar in the tomcat shared/lib rather than in the
individual context's lib folder.
This worked because the jar in the shared/lib folder is common to each of
the context's classloader. Putting the interface.jar in each context
reflects having two different interfaces (because of the different
classloaders).
> My interface is only in the 2 context specific locations:
>
> Application A context a: /WEB-INF/lib/interface.jar
> Application B context b: /WEB-INF/lib/interface.jar
>
> It is not in the Tomcat common or shared lib folders; I've verified this
> just in case I had a brain cramp.
>
>
>
>> I've seen this with Oracle jdbc objects. If you have classes12.jar in
>> your
>> WEB-INF/lib directory, and a copy in common/lib (for the Tomcat
>> Datasource)
>> then you will have TWO oracle.jdbc.XX classes loaded, one in the common
>> classloader and on in your web app's classloader and although they are
>> both
>> oracle.jdbc.XX, they are not the SAME class object (instance).
>>
>> So, be certain your interface X is not in two visible places. Or if it
>> is,
>> you cannot cast objects from one classloader to the other.
>>
>> Tim
>>
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>> Sent: Thursday, April 06, 2006 10:10 AM
>> To: users@tomcat.apache.org
>> Subject: crossContext breaking class hierarchy?
>>
>> Hello,
>>
>> I am experiencing a problem with Tomcat and class hierarchies. In
>> particular when an object (which implements interface X) is shared among
>> serveral contexts I am unable to cast the object back into interface X.
>>
>> Here is the setup (for simplicity I'll illustrate this with 2 contexts):
>>
>> * Interface "ClassInterface" is distributed across all applications in a
>> .jar.
>>
>> Application A in context a
>> --
>> - Implements ClassInterface and adds an instance of the class in it's
>> context:
>>
>> ClassInterface i = new ClassInterfaceImplementation();
>> getServletContext().setAttribute("some.key", i);
>>
>> Application B in context b
>> --
>> - Tries to cast the object in the context back into a ClassInterface but
>> fails with a classCastException: ClassInterfaceImplementation
>>
>> ServletContext context = (ServletContext)
>> getServletContext.getContext("/a");
>> ClassInterface i = (ClassInterface) context.getAttribute("some.key");
>> -- EXCEPTION IS THROWN --
>> java.lang.ClassCastException: ClassInterfaceImplementation
>>
>>
>> Has anybody experienced this before? Does setting an attribute in the
>> context mess things up with the class hierarchy?
>>
>> Thanks.
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Spam Score
At 02:38 PM 7/22/2008, you wrote: What is the tomcat mailing list spam score, and why am I unable to send my email to post a question? Patrick Well, your first message that made it in looked like this: X-ASF-Spam-Status: No, hits=4.1 required=10.0 tests=DNS_FROM_RFC_BOGUSMX,HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org So, apparently your mail server has a bdefective MX record, you don't use SPF and your first message was in HTML. Your second message, that made it to the group was not HTML. Go fix that DNS! That's a BIG strike against your getting any mail anywhere! I probably would have scored you higher for that! Cheers! Received-SPF: pass (athena.apache.org: local policy) Received: from [67.91.25.34] (HELO barracuda.sim-gtech.com) (67.91.25.34) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2008 18:29:27 + MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="_=_NextPart_001_01C8EC2A.25F5E661" -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: need mod_jk for apache http server 2.0.63 - urgent
At 04:57 PM 10/3/2008, you wrote: Hi, I need mod_jk or the comcat connector. I dont know where to get it from. I searched on google but could not find. Basically i would like to connect from tomcat 5.5.9 to apache http server 2.0.63 installed on solaris 10 machine. Could some body tell me where to get it. Thanks, srinivas jonnalagadda http://tomcat.apache.org/download-connectors.cgi or DIRECT Download (sorry, I'd never do this) http://apache.osuosl.org/tomcat/tomcat-connectors/jk/source/jk-1.2.26/tomcat-connectors-1.2.26-src.tar.gz Cheers, Glenn -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Applet not initiated
Hello When I am trying to open a very simple applet on my browser it returns "applet not initiated" or "failed to load applet". class file is located in tomcat WEB_INF/classes and I am calling it from ROOT directory and through index.html file. thanks for help Adam - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Applet not initiated
Hello Rashmi, Thanks for response, I put the class file in ROOT directory, the same place that my html file exist , but still the same problem. is it possible classpath should include that class location so computer's jvm recognize the place that class is exist ? and also I found some document that it says codebase tag should cotnain the directory that class are located and code tag should contain the class name but without class. your help will be highly appreciated. Rashmi Rubdi wrote: Place your Applet's class file anywhere but the WEB-INF folder, because WEB-INF folder is protected from client/browser's access, applet classes can't be accessed if they are under WEB-INF. Also use jsp:plugin tag , if you are accessing the Applet from a JSP file. -Rashmi On 3/25/07, Tomcat <[EMAIL PROTECTED]> wrote: class file is located in tomcat WEB_INF/classes and I am calling it from ROOT directory and through index.html file. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session time out
Hello Does application WEB-INF/web.xml override default conf/web.xml setting? specifically session time out , but want to know if other setting is overriden. and can we disable this through server.xml ? Thanks Adam - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session time out
Hello Martin, my main question was : Does application WEB-INF/web.xml override default conf/web.xml setting? I mean in a container containing several applications, can each of them set session time out in their /WEB-INF/web.xml and is that over ride the default setting which is set in /conf/web.xml Cheers Adam Martin Gainty wrote: On the http://tomcat.apache.org/tomcat-5.5-doc/cluster-howto.html also a tcpSelectorTimeout on the Receiver which I believe defaults to 100 sec web.xml (webapp) specific 30 HTH M This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: "Tomcat" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Monday, April 30, 2007 10:27 AM Subject: session time out Hello Does application WEB-INF/web.xml override default conf/web.xml setting? specifically session time out , but want to know if other setting is overriden. and can we disable this through server.xml ? Thanks Adam - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Suspected mod_jk connection problems
Hello All, I have a server that is not too heavily trafficked (yet!) that, to the user appears to hang on pages. This appears to be happening most often to users outside my network, as it has not been encountered by our developers unless they are working from home. I am not seeing any network issues, internally, but I do see these errors in my jk.log quite a lot: [error] ajp_service::jk_ajp_common.c (1659): Client connection aborted or network problems I've looked this error up in my search engines with no hits. Any suggestions on what to look for or how to clear this up? Configuration: CentOS 4.4 Apache 2.0.52 Jakarta-Tomcat 5.5.7 mod_jk-1.2.8 Thanks, Glenn - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Suspected mod_jk connection problems
Hello All, I have a server that is not too heavily trafficked (yet!) that, to the user appears to hang on pages. This appears to be happening most often to users outside my network, as it has not been encountered by our developers unless they are working from home. I am not seeing any network issues, internally, but I do see these errors in my jk.log quite a lot: [error] ajp_service::jk_ajp_common.c (1659): Client connection aborted or network problems I've looked this error up in my search engines with no hits. Any suggestions on what to look for or how to clear this up? Configuration: CentOS 4.4 Apache 2.0.52 Jakarta-Tomcat 5.5.7 mod_jk-1.2.8 Thanks, Glenn At 05:41 PM 5/17/2007, you wrote: I used to work with a Sys Admin whose expertise was chaing the sys admin password when asked about issues such as interconnecting thru Pix he would say let me get back to you..it sounds like this sys admin is working for you now Anyway here is a quick tutorial on configuring pix http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch02_:_Introduction_to_Networking You'll have to do some fun things like setting up arp tables and such This will guarantee that IP x.x.x.x:PortX will be forwarded to y.y.y.y:PortY the other thing that you can do is open up your subnet mask which is probably set to something massively restrictive like 255.255.255.254 HTH/ I am the systems administrator. I generally build/install maintain the systems that my developers deploy on. Since this looks more like a network problem (to management), I've been tasked to solve the problem. However, it looks more like a Tomcat connector problem since I have not found any obvious network errors. One important note: I am using multiple virtual ethernet ports to support multiple SSL certs on this machine and I think that this could be part of the problem. This is a single Apache/mod_jk/Tomcat server with Apache handling port 80 and Tomcat on port 8009. I am also seeing: mod_jk: Error flushing \n errors in my Apache error log. I have read that updating the mod_jk may solve this problem, but I have not tied the two problems as a cause/effect of the other. Any further comments or suggestions would be kindly appreciated. Thanks, Glenn - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: I've been trying to unsubscribe from this list for years.
At 11:48 PM 5/17/2007, you wrote: When you send an email to [EMAIL PROTECTED] add the word Unsubscribe to the email's subject and body, that worked for me when I was trying to switch my e-mails. I think it sends you an additional e-mail to confirm unsubscription, reply to that one as well. Then you should receive a final email with something like "good bye" in the subject. -Rashmi On 5/17/07, Keith Adams <[EMAIL PROTECTED]> wrote: No matter how many times I send a blank email to: [EMAIL PROTECTED], like the one I sent at 11.19 Eastern this morning, nothing happens. I use a rule to delete them permanently when I'm in Outlook, but when I use my company's web outlook, it can only move them to the deleted-items folder, which rapidly fills up, making it very hard for me to find things in there if I need to. Please help. Thanks, Keith I had a broken mail account that was subscribed to this list and that I could not reply from. I successfully unsubscribed yesterday by sending to: [EMAIL PROTECTED] I replied from a different account and it worked! Cheers! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
war file name
Hello there is a directive in server.xml or context file, which force us having war file name be the same as context file or the same as name of directory which war file unpacked, would you please let me know which directive it is. Thanks Adam - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Sending Mail from a Java WebApplication does not work
At 01:30 PM 10/4/2007, you wrote: Gabe, That is great. yes, It is sending mails to junk folder. Thanks a lot lol. How can I avoid it ? why does gmail treats this mail as spam? We were palnning to move our application to a new server. I had written a build script using perl. Every thing went fine and build was successfull. We were trying to test it for user registration and no mails for ever. My PM will eat my head if it moves to junk folder. HELP! We send through the localhost sendmail to the mail server that serves mail for the host's domain. Sendmail is already set to only relay localhost on later 8.12 versions and up, making this setup easy. The mail server for the domain needs to be modified to accept mail from your application server. Your mail may be getting flagged for lack of RDNS (PTR record for the MX server). A lot of ISPs will flag or refuse your mail if you do not have MX and PTR records for your server. AOL immediately comes to mind. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Best Linux distribution
Agreed! At 06:19 AM 11/15/2007, you wrote: And that is the correct answer. On Nov 15, 2007 5:54 AM, Peter Crowther <[EMAIL PROTECTED]> wrote: > > From: Andrew Hole [mailto:[EMAIL PROTECTED] > > In your opinion what is the best LINUX distribution for a server with > > an instance of Tomcat and an J2EE application of medium load? > > The one with which your organisation already has experience. Familiarity and ease of admin is king here. > > - Peter > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ajp advantages over http connector
Hello is there any advantage using ajp over http connector ? what are those advantages? Cheers Adam - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I unsubscribe ?
My old account was unsubscribed and deleted in a few minutes. Then I created a new account and resubscribed the new account. It took all of 1 hour from start to finish. The old account was getting spammed to DETH! Now I use it to harvest my block list! Get yourself an email client that will let you read your mail headers! You have no idea what you are missing! At 02:30 PM 7/12/2007, you wrote: Hi, can you unsubscribe me too. -Siraj Sunitha Kumar (sunithak) wrote: > Hi Mark., > could you also unsubscribe me? > thnx > -sunitha > > -Original Message- > From: Mark Thomas [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 11, 2007 5:25 AM > To: Tomcat Users List; [EMAIL PROTECTED] > Subject: Re: How do I unsubscribe ? > > [EMAIL PROTECTED] wrote: > >> Hi, >> >> Is there an alternative way to unsubscribe from this user group ? I >> have sent numerous blank emails to >> [EMAIL PROTECTED], but it seems to have no effect, >> > > An e-mail to [EMAIL PROTECTED] will do the trick and one of us will > manually unsubscribe you. > > I have just done this for your address. > > Mark > > - > To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > This electronic mail message and any attachments may contain information which is privileged, sensitive and/or otherwise exempt from disclosure under applicable law. The information is intended only for the use of the individual or entity named as the addressee above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution (electronic or otherwise) or forwarding of, or the taking of any action in reliance on, the contents of this transmission is strictly prohibited. If you have received this electronic transmission in error, please notify us by telephone, facsimile, or e-mail as noted above to arrange for the return of any electronic mail or attachments. Thank You. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Legal Risk of Using Tomcat
At 01:19 PM 9/7/2007, you wrote: > My guess was different: that they were concerned about using > software > that might later be claimed to be covered by somebody else's patent, > like M$ has been threatening with Linux. If my guess is > correct, then I > seriously doubt there's anything to worry about there, because Tomcat > has been written as open source from the beginning, and > nobody has ever > claimed patent rights over it. > You are right - I think this is the primary concern. Yes, most likely the M$ vs. Linux and the whole SCO vs Linux and Novell deal. It is rather dicey. Tomcat on Windows would pretty much CYA. However, Tomcat on Linux is quite nice and IMHO, more secure (or rather secure-able!). More tunable as far as performance too! Cheers! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: pls unsubscribe my name from tomcat users group
Please use a mail client that you can read email headers in. The unsubscribe address is in your email header from the listgroup. List-Unsubscribe: <mailto:[EMAIL PROTECTED]> Cheers! At 12:19 PM 3/7/2008, you wrote: pls unsubscribe [EMAIL PROTECTED] from tomcat uers group - Share files, take polls, and discuss your passions - all under one roof. Click here. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.6/1316 - Release Date: 3/6/2008 6:58 PM -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.516 / Virus Database: 269.21.6/1316 - Release Date: 3/6/2008 6:58 PM -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
multiple truststores
Hi all, I am trying to get to work two web applications with client-side SSL Authentication. I have set up two connectors (port 443, 444) each with its own truststore. Everything works fine so far, only the last step is mising. People getting a connection through port 443 should only be able to use "Web Application 1". People getting a connection through port 444 should only be able to use "Web Application 2". How can i configure this? I hope I wont need to hae two tomcat instances running for this. Thank you and wish you nice WE, Aron Katona - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
requested resource not available
I am running Tomcat 5.5.26, Java 1.6.0_13, and Centos 5.2 64 bit. I am really stumped, getting "The requested resource not available". I Googled and found quite items on this topic and everything points to an incorrect path. I have checked all the paths I can find, and am not finding the problem. I have another box with this successfully installed and as far as I can tell the 2 installations are identical, except one works and one does not. Any ideas? Please let me know, thanks for your help, Brad - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: requested resource not available
Thank you for your help, Chuck. I get the message when trying to access the application through a browser. I did try with and without the firewall enabled on the server, and nothing changed. I am not sure I have Tomcat logging set up correctly, so I have not learned anything there. I am brand new to Tomcat, as you can probably tell. Brad On Tue, 12 May 2009 14:34:10 -0500 "Caldarale, Charles R" wrote: >> From: tom...@nym.hush.com [mailto:tom...@nym.hush.com] >> Subject: requested resource not available >> >> I am running Tomcat 5.5.26, Java 1.6.0_13, and Centos 5.2 64 >bit. > >Thanks for telling us that; an amazing number of people fail to do >so. > >> I am really stumped, getting "The requested resource not >> available". > >When you do what? Where is that message displayed? Have you >looked in the Tomcat logs? > >If the message is being displayed by a browser, is there a >firewall blocking the access? > > - Chuck > > >THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE >PROPRIETARY MATERIAL and is thus for use only by the intended >recipient. If you received this in error, please contact the >sender and delete the e-mail and its attachments from all >computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: requested resource not available
Ok, I did that and here is what I got: [r...@li54-122 bin]# less ../logs/localhost_access_log.2009-05- 12.txt 70.249.74.9 - - [12/May/2009:16:17:00 -0400] "GET / HTTP/1.1" 200 347 70.249.74.9 - - [12/May/2009:16:17:00 -0400] "GET /pentaho/ HTTP/1.1" 404 979 On Tue, 12 May 2009 15:11:15 -0500 "Caldarale, Charles R" wrote: >> From: tom...@nym.hush.com [mailto:tom...@nym.hush.com] >> Subject: RE: requested resource not available >> >> I am not sure I have Tomcat logging set up correctly, >> so I have not learned anything there. > >For a standard Tomcat installation (downloaded from >tomcat.apache.org), there's really nothing to set up; the log >files will be in Tomcat's logs directory. If you're using a 3rd- >party repackaged version of Tomcat, there's no telling where the >log files might be. > >Assuming you can find the logs, try updating conf/server.xml to >remove the comment markers around the AccessLogValve and restart >Tomcat. The logs will then show whether or not the request is >even reaching Tomcat. > > - Chuck > > >THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE >PROPRIETARY MATERIAL and is thus for use only by the intended >recipient. If you received this in error, please contact the >sender and delete the e-mail and its attachments from all >computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: requested resource not available
Those are the requests I expected to see, they do correspond to the URLs I entered in the browser. I am deploying a preconfigured version of Pentaho that I found here: http://sourceforge.net/project/showfiles.php?group_id=140317&package _id=160028&release_id=648414 I deployed this exact same package on my development box with no problems. The preconfigured installation of Tomcat does appear (to me at least) to follow the deployment guidelines on the link you sent. On Tue, 12 May 2009 15:28:50 -0500 "Caldarale, Charles R" wrote: >> From: tom...@nym.hush.com [mailto:tom...@nym.hush.com] >> Subject: RE: requested resource not available >> >> [r...@li54-122 bin]# less ../logs/localhost_access_log.2009-05- >> 12.txt >> 70.249.74.9 - - [12/May/2009:16:17:00 -0400] "GET / HTTP/1.1" >200 >> 347 >> 70.249.74.9 - - [12/May/2009:16:17:00 -0400] "GET /pentaho/ >> HTTP/1.1" 404 979 > >Are those the requests you expected to see? Do they correspond to >the URLs you submitted from the browser? > >Do you have a webapp named pentaho deployed? If so, does it have >a welcome page under its first-level directory? If not, do you >have a servlet mapping for it that should have handled all >requests? > >Have you followed the guidelines for webapp deployment described >in the doc? >http://tomcat.apache.org/tomcat-5.5-doc/appdev/index.html > > - Chuck > > >THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE >PROPRIETARY MATERIAL and is thus for use only by the intended >recipient. If you received this in error, please contact the >sender and delete the e-mail and its attachments from all >computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 6.0.20 "unable to create new native thread"
Hi all, we have a problem with our tomcat 6.0.20 which throws occasionally the following exception: java.lang.OutOfMemoryError: unable to create new native thread Information about the system: - Win2003 Server Standard Edition 32 bit - 2GB RAM - Apache 2.2.13 with open SSL and mod_jk 1.2.28 for the communication with tomcat - 2 instances of tomcat 6.0.20 on different ports. No redundancy / clustering. Each tomcat serves different webapps. - JDK 1.6.0_06 Only one tomcat throws the above noted exception. Configuration-Details: - Tomcat 1 (with the problem) - MaxPermSize=256m - JvmMs 128 - JvmMx 768 - maxThreads for HTTP: 450 - maxThreads for jk: 3000 - Tomcat 2 (no problem yet) - MaxPermSize=256m - JvmMs 128 - JvmMx 512 - MaxThreads for HTTP: 800 - MaxThreads for jk: 450 When Tomcat 1 was throwing the exception the server status was showing the following: - mem Free 116 MB - mem Total 242 MB - mem Max 739 MB - current Thread jk355 - busy Threadjk333 - current Thread HTTP 5 - busy ThreadHTTP 3 - all connections shown by netstat -an (not filtered): 4595 - connections in state close_wait: 3152 The tomcat was not totally stuck. Already connected sessions seemed to have no problem, but new sessions (new login) threw the exception and did could not be created. The Taskmanager shows that all in all 1.39 GB of RAM are used - much below the 2GB Limit. On the other hand: Shouldn't windows start to swap if the ram is full? In which memory-area does windows handle the memory which is used for the threads? Is it shown in the taskmanager? Can the OS take the mem which is still unused by the JVM (memMax-memTotal) for handling threads or is it reserved for the JVM after starting tomcat? Due to problems with one of our webapps which sometimes does not close the threads completely (they stuck in close_wait-state) we increased the max threads of windows: http://publib.boulder.ibm.com/infocenter/pvcvoice/51x/index.jsp?topic=/com.ibm.websphere.wvs.doc/wvs/tun_conwin.html maxUserPorts have been set to about 30k if i remember correctly. Does anyone have an idea to get rid of the exception? kind regards, Andreas -- "Feel free" - 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat latency
Hello: I have a problem where a simple wget call to docs/config/valve.html can sometimes take up to 15 seconds to process. I have a script that does a wget call to valve.html every 5 seconds. Most of the time it's fast. However, today in the past 6 hours I had 13 cases where it took over 3 seconds for wget to return valve.html. This is happening across 7 servers pretty consistently and I can't figure out why. Any suggestions to help me narrow down the problem? I'm going to modify the script to check disk i/o and load when the problem happens. Normally these numbers are sane with upwards of ~60% disk utilization load of ~2. Dual processor Intel(R) Xeon(R) CPU X5680 @ 3.33GHz. The stats right now. top - 22:42:34 up 26 days, 7:17, 1 user, load average: 1.64, 1.31, 1.03 Tasks: 115 total, 1 running, 114 sleeping, 0 stopped, 0 zombie Cpu(s): 11.7%us, 1.1%sy, 0.0%ni, 56.3%id, 30.7%wa, 0.0%hi, 0.2%si, 0.0%st Mem: 8197432k total, 8146536k used,50896k free, 3212k buffers Swap: 18723708k total, 397296k used, 18326412k free, 683448k cached iostat -xd Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util sda 4.2229.23 77.111.75 1833.10 247.79 26.39 1.04 13.16 5.60 44.20 sdb 0.00 0.000.000.00 0.00 0.00 39.37 0.002.83 2.39 0.00 Ubuntu 9.10 /opt/tomcat6/bin/version.sh Using CATALINA_BASE: /opt/tomcat6 Using CATALINA_HOME: /opt/tomcat6 Using CATALINA_TMPDIR: /opt/tomcat6/temp Using JRE_HOME: /usr/lib/jvm/java-6-sun/jre Server version: Apache Tomcat/6.0.20 Server built: May 14 2009 01:13:50 Server number: 6.0.20.0 OS Name:Linux OS Version: 2.6.31-14-server Architecture: amd64 JVM Version:1.6.0_22-b04 JVM Vendor: Sun Microsystems Inc. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: starting tomcat
Check this file C:\Users\francesco\.keystore exist or not ? 在 2014年6月11日,下午9:30,Francesco Viscomi 写道: > C:\Users\francesco\.keystore
Re: Tomcat available memory
On 11.12.2015 11:17, Yogesh Patel wrote: In Tomcat's JVM settings following parameters are configured : -verbose:gc -XX:+PrintGCDateStamps -XX:+PrintGC -Xloggc:logs/gc.log which prints log in file like below: 2015-12-11T15:42:06.779+0530: 5.662: [GC [PSYoungGen: 115711K->26741K(218624K)] 159969K->71550K(283136K), 0.0305672 secs] [Times: user=0.02 sys=0.02, real=0.03 secs] I want to print like below in log file: Free memory: 244.47 MB Total memory: 512.00 MB Max memory: 910.50 MB What parameters need to set in JVM option of Tomcat to achieve this? You need to look at the options for the JVM that you are using. That is not within the scope of Tomcat. It is not Tomcat writing this, it is the JVM. And it is not "Tomcat's JVM", it is the "JVM vendor's JVM" (Oracle, IBM or whatever). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.30 Session lost
On 08.01.2016 10:07, Thomas Scheffler wrote: Hi, I have a very rare problem regarding session handling. It is reproducible only on a single server environment. Of cause this is the productive server. I use container authentication and for simplicity 'tomcat-user.xml'. Login is done via HttpServletRequest.login() method, whenever I need to access user and role information. The HttpServletRequest is saved in a ThreadLocal during request processing. While that normally does the job. There is one servlet that produces simple thumbnails that triggers a problem. Session handling is done via Cookies. A search result page lists several thumbnail images and the browser tries to load them (of cause) in parallel. After the first thumbnail is loaded, the sessionId suddenly changes. As the browser now submitting the "false" sessionId, new sessions are created and the browser gets that new sessionId in the response. The session from the first request is lost at that point and so are the login credentials. Why are sessionIds changing during the request? Here are the logs I produce via a Servlet Filter: [snip] Hi Thomas. It is a bit difficult to figure out where the problem really is, without having the full picture of what is going on (your web.xml configuration, the order and precise timing in which requests really happen etc.). But one thing I would really focus on, is the general overall logic of the application, to see if the order in which things happen is really consistent with the authentication method that you are using. For example, if the initial call to the first page (the one which contains the document links) does not immediately trigger a session authentication, and in the meantime the browser starts making multiple quasi-simultaneous requests for the links present in that page, then things would get out of sync, since when the authentication does happen, the session-id /will/ change (check Wikipedia for "web session fixation"). That would overwrite the session-id cookie, perhaps in the middle of the calls still being made to retrieve the document links mentioned in the page. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.0.30 Session lost
Thomas, On 11.01.2016 11:30, Thomas Scheffler wrote: Am 08.01.16 um 17:02 schrieb Christopher Schultz: Tomcat will change the session identifier when the user authenticates. If you are creating a session before login, you'll see that the session id changes when authentication is successful. This is to protect against session-fixation attacks. I re-login the user, if tomcat returns "null" on HttpRequest.getUserPrincipal(). I noticed that the sessionId changes. But if I am required to re-login the user on parallel requests, it depends on magic what sessionId is given after all responses are delivered to the browser. You can see in the logs, that requested sessions are suddenly invalid. I would not require an other call to the login method if servlet container returns a user once it is authenticated in a session. Can you explain why the changing session id breaks your application? Are you storing session ids somewhere and just not updating the session id list when the session id changes? It should be possibly to listen for that event and update your session id list. Or maybe there's a better way to accomplish your goal rather than keeping your own session id list. (I'm guessing you have a session id list because it would best explain the behavior you are describing here.) I do not save the http session id anywhere. The browser saves it in a cookie. The cookie is changing rapidly because the UserPrincipaö is not returned from the request. Here is something I would prefer: 1. Every request that belongs to a given session returns a non null object when calling getUserPrincipal() after the login() method returns successfully. 2. As you have no control over the net and do not know in which order the browser receives its packets, you can not invalidate a sessionId in a snap. Tomcat has to gracefully invalidate it somehow. An example: 1. Client logs in 2. Server responds with SID=SID1 3. Client request 2 resources in parallel 4. Server receives first request and handles it, returning SID=SID2 5. Server receives second request (with SID=SID2), which belongs to invalid session. Code is creating a new session than. Server response with SID=SID3 6. Client will use SID3 in future requests which belongs to the new session and not the original session where the user is logged in. I think that the crux of the issue, is a proper understanding of how the HTTP protocol's Basic Authentication works, in its basic form. Remember, HTTP is old, and at the beginning, it did not envision "sessions", nor "simultaneous" requests. The basic idea was : - client connects to, and sends one request to the server - server processes request, and sends response to the client - server closes connection, and forgets everything about the request just processed Then the next request from a client comes in, etc.. Everything else aftwerward, was built on the basic schema above, as "patches", to allow for authentication, "sessions" composed of multiple requests/responses, "persistent connections", "cookies" etc.. But the basic logic remains the same to this day. For Basic authentication, the basic schema is as follows : 1) client establishes a connection to the server 2) client sends a request on that connection, for some server "resource" 3) the server checks if that resource is submitted to some form of authentication/authorization/access control. 3.1) if not, the server returns the resource to the client, and the request/response cycle is finished. 3.2) if yes (AAA required), the server checks if the request contains some form of authentication/authorization. 3.2.1) if yes (auth provided), the server checks if this authentication/authorization matches the requirements for this resource. 3.2.1.1) if yes, the server returns the resource, and the request/response is finished. 3.2.1.2) if not, the server returns a "forbidden" response, and the request/response is finished. 3.2.2) if not (no auth provided), the server returns a response "authorization required" to the client, and the request/response is finished. In a case like 3.2.2, the client must repeat the request, this time /with/ an authentication as required by 3.2 above. Whenever the server returns a response to the client, it can include a "set cookie" in that response. The next time that the client sends a request to that same server, it will then include this cookie, and maybe seeing this cookie will allow the server to respond "yes" to the question at 3.2 above. The above is the basic schema, as included in the HTTP protocol. There are many other schemes that work, but you have to know that if you differ from the schema above, then you are no longer within the strict HTTP protocol, and the responsibility of making sure that your alternative scheme works in all circumstances, is
Re: Tomcat 8.0.30 Session lost
On 12.01.2016 12:06, Thomas Scheffler wrote: Am 11.01.16 um 22:05 schrieb Mark Thomas: Found on http://www.tomcatexpert.com/blog/2011/04/25/session-fixation-protection the description how to switch the "feature" off. I will file two bugs soon describing the issues I had. Hopefully they will be fixed. 1.) if using HttpServetRequest.login(String, String) further request in the session are loosing the users Principal. 2.) After changing sessionId, old sessionIds should still be valid for a short period of time of to the same client. The second request will get closed as INVALID on security grounds. If the old ID is valid for any period of time it makes a session fixation attack possible. You might as well disable changing the session ID on authentication. For the first the description above isn't clear enough to be sure exactly what you are asking for. However, based on the second request and what I have read of this thread I suspect that request will get closed as INVALID or WONTFIX. Hi Mark, if you choose to use login() and this modifies the session ID. Further calls to login() should either: 1.) are not required as every request belonging to the same session are already authenticated. After login() other request of the same session will not return 'null' on getRemoteUser() or getUserPrincipal() 2.) are not required, as authenticate() use the information provided by the first login() call. 3.) do not modify the session ID as the same user was authenticated before and the session is therefor safe to session fixation attacks If login() modifies the session and the session does not track the authentication information, session tracking is not deterministic due to side effects for multiple requests at a time. Fixing either #1, #2 or #3 does not harm security at all but will fix this bug in Tomcat. I also tried to use authenticate() on the request, but instead of using the last login() credentials it forced the use of Basic Authentication. So really I do not see a option left on the developer side, how to use login() in a reliable manner. Thomas, what I was trying to explain to you previously, is this : Any "serious" webserver software is written so that it conforms to the rules defined in the HTTP protocol specification (RFC 2616/2617 and related). That is the case for Tomcat, for Apache httpd, and all other webservers. In addition, Tomcat being a java servlet engine, also adheres to the rules defined in the Java Servlet Specification. The HTTP specification and the Java Servlet Specification (https://java.net/downloads/servlet-spec/Final/servlet-3_1-final.pdf) have things to say about /some/ authentication schemes. When they do, the corresponding webservers / servlet engines respect these things, and applications should do the same. When the specs do not say anything about a particular aspect of user authentication e.g., then the webserver and the applications are free to do what they want, as long as what they do does not violate another aspect of the specs. There is no specification which dictates exactly what should happen in terms of authentication, for multiple simultaneous requests by a client, for webserver resources that require authentication. There is also no specification which dictates exactly in what order such simultaneous requests should be processed, nor exactly how long the processing of each individual request should take. That is because, at the very basic level, HTTP 1.1 is such that multiple requests, even if they originate from the same client over a short period of time, are still seen as individual, separate requests, from the webserver point of view; and according to the protocol specs, the webserver could even "delegate" each of these requests to separate distinct processes in the background (think of a front-end proxy with a load-balancer for example), and each of these background processes would know nothing about any other parallel process handling one of these requests for the same client at the same time. (For example, one of these processes would never know that some other related process is "just about" at the point of issuing a new session-id to that same client). That is just the way it is, and you are not going to be able to get every producer of webserver code, and of browser code, to change this in a way that suits your own idea of how things should happen. (It is not forbidden to try, but it will be a long process, much longer than changing your application). So, if you want your HTTP-based application to be portable across different webservers and configurations, it is /you/ who must make sure, in the design and logic of your application, that a case such as the one you encounter, cannot happen. One way of doing this would be to design your application in such a way as to /force/ a client to always go through a first call to a page which triggers
Re: [EXTERNAL] Re: Problem starting Tomcat 7.0.59 as a Windows Service
On 12.01.2016 18:29, Mark Thomas wrote:
On 12/01/2016 17:10, McDermott, Becky wrote:
I am definitely not a Java/Tomcat expert so I appreciate the info. I have 10GB
of RAM and only 1.2 GB is in use when I try to start the tomcat service.
OK. You should be OK then but you never know. One thing to try is lower
settings to see if you can find when the problem starts. The error code
JVMJ9VM015W is the one for not enough system memory available.
I downloaded from:
http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.59/bin/?cm_mc_uid=36937329763514476995925&cm_mc_sid_5020=1450452120
And downloaded/extracted "apache-tomcat-7.0.59-windows-x64.zip"
Good. That means you will only have the 64-bit service wrapper.
Also, when I go to the location of my jre (C:\Program
Files\IBM\JazzTeamServer_601\server\jre\bin) and run: java -version
I get:
java version "1.7.0"
Java(TM) SE Runtime Environment (build pwa6470_27sr3fp10-20150708_01(SR3 FP10))
IBM J9 VM (build 2.7, JRE 1.7.0 Windows Server 2012 amd64-64 Compressed Referenc
es 20150630_255653 (JIT enabled, AOT enabled)
J9VM - R27_Java727_SR3_20150630_2236_B255653
JIT - tr.r13.java_20150623_94888.01
GC - R27_Java727_SR3_20150630_2236_B255653_CMPRSS
J9CL - 20150630_255653)
JCL - 20150628_01 based on Oracle jdk7u85-b15
That looks good.
The fact that I can start Tomcat from the command line scripts is indicating to
me that the memory settings are ok for my server. The server.start.bat file
that IBM provides (which I successfully run from the command line) has the
exact same memory settings that I'm providing to the Windows service.
When you entered the settings in the service UI, did you use new lines
between each setting? I have a vague memory of them either being
required or not allowed. With line wrapping it can be hard to tell what
is what. I'm not near a Windows box at the moment so I can't test that.
Don't know if that helps, but on my laptop I have an old tomcat 6 installed, and in the
GUI "Javba options" box it shows up like this :
-Dcatalina.base=C:\apache-tomcat-6.0.24
-Dcatalina.home=C:\apache-tomcat-6.0.24
-Djava.endorsed.dirs=C:\apache-tomcat-6.0.24\endorsed
-Djava.io.tmpdir=C:\apache-tomcat-6.0.24\temp
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=C:\apache-tomcat-6.0.24\conf\logging.properties
-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=1093
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
-Djava.rmi.server.hostname=127.0.0.1
(looks like one option per line, with CR/LF at the end of each)
Mark
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Tuesday, January 12, 2016 9:57 AM
To: Tomcat Users List
Subject: Re: [EXTERNAL] Re: Problem starting Tomcat 7.0.59 as a Windows Service
On 12/01/2016 16:04, McDermott, Becky wrote:
I used the Java options provided by IBM. Since Tomcat will successfully start
using the startup batch files, I assume that these settings are fine. I've
tried playing with the settings and cannot get it to work either. I seems like
it's some sort of weird Windows thing.
I have successfully configured these services before with prior version of
IBM's CLM. The difference in those previous versions was that Tomcat came
bundled with t heir product. For this latest IBM version, Tomcat was not
bundled and they provided instructions for downloading it from Apache and
instructions for where to install it.
I have escalated the issue with IBM's support and since they are providing the JVM, it is
probably their issue but wanted to put it out to the larger community to see if anyone
has ever had this issue before. A user on the user forums said that the memory error in
the Tomcat log file is a red herring and that it is giving that memory allocation error
because the JVM didn't actually start. So, the issue seems more connected to the error
in the Windows Event viewer ("cannot open file").
Nope. The Tomcat log file has the useful information. Ignore the event viewer.
4G of heap + 1G of native + whatever else the JVM needs is an awful lot.
Are you sure there is enough free RAM on the box?
Also, as Chris indicated, check that you are using the 64-bit version of the
service runner and a 64-bit JVM.
Exactly which Tomcat download did you use?
Mark
-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, January 12, 2016 8:59 AM
To: Tomcat Users List
Subject: [EXTERNAL] Re: Problem starting Tomcat 7.0.59 as a Windows
Service
Becky,
On 1/12/16 10:42 AM, McDermott, Becky wrote:
I am integrating Tomcat with the IBM CLM 6.0.1 collaboration tools. Per IBM's
installation instructions, I downloaded and extracted Tomcat 7.0.59 to my
server.
I am successfully able to start the Tomcat server from
Re: File size >= 2GB not uploaded in application [Tomcat 7.0.54 Struts: 2.3.24 JAVA: openJDK 1.7.79]
maybe a stupid question nowadays, but : is the platform on which you are running this 32-bit, or 64-bit ? (OS and JVM) On 13.01.2016 04:56, Rahul Singh wrote: Hi, Define "Not successful"? Exceptions thrown? File truncated? Upload never starts? Never finishes? Not successful : Request Never finishes, we have trace the HttpServlet request object and request.getContentLength return 0 in case when file size is >=2GB, No exception thrown, as well as when file size is less than 2GB, then request.getContentLength return the correct value of file size in byte. Regards, Rahul Kumar Singh From: David kerber Sent: Tuesday, January 12, 2016 6:07 PM To: Tomcat Users List Subject: Re: File size >= 2GB not uploaded in application [Tomcat 7.0.54 Struts: 2.3.24 JAVA: openJDK 1.7.79] On 1/12/2016 12:01 AM, Rahul Singh wrote: Hello Apache Tomcat team, Sending again with some corrections, File upload in my application(Tomcat 7.0.54 Struts: 2.3.24 JAVA: openJDK 1.7.79) is not successful for greater than 2 gb. After previous discussion here on previous thread, I migrated my application to struts 2.3.24 as the only possible solution in form of jakarta-stream parser for large size uploads (greater than 2gb). But after successfully migrating to struts 2.3.24 from 2.1.8, file upload greater than 2 gb still not supported. I want to use jakarta-streams for this purpose.Following is the code snippet: In struts.xml: In JSP: === Alongwith with configuring server.xml with maxPostSize element and mutipart-config in web.xml But still the file upload request for greater than 2 gb not successful. Define "Not successful"? Exceptions thrown? File truncated? Upload never starts? Never finishes? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
property replacement in WEB-INF/web.xml
Hi gurus.
Under tomcat 8 and Linux, I am deploying an externally-provided web application, which in
its web.xml configuration file, has a parameter like this :
logroot
/var/log/tomcat8
This works, but I would like to make this more "generic", and would like to replace the
above param-value by something like this :
logroot
${CATALINA_BASE}/logs
with CATALINA_BASE being the well-known environment value set prior to starting (the JVM
which runs) Tomcat (and "${CATALINA_BASE}/logs" being actually a link which points to
"/var/log/tomcat8" in this case).
Can I do this ? and if yes, what is the exact way to do this right ?
(In a log4j configuration file, I can use "${env:CATALINA_BASE}" for this, but this is not
available under Tomcat, or is it ?)
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: File size >= 2GB not uploaded in application [Tomcat 7.0.54 Struts: 2.3.24 JAVA: openJDK 1.7.79]
Hi.
I have not followed this thread in details, but did you check this :
http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#Common_Attributes
--> maxPostSize
The maximum size in bytes of the POST which will be handled by the container FORM URL
parameter parsing. The limit can be disabled by setting this attribute to a value less
than zero. If not specified, this attribute is set to 2097152 (2 megabytes). Note that the
FailedRequestFilter can be used to reject requests that exceed this limit.
Note: the size above might relate to the *encoded* size of the file, as it is transmitted
over the WWW (possibly encoded as Base64 e.g.), which may mean that an original 1 MB file
translates to more than 1 MB bytes while being uploaded.
Note also : maybe "Struts" is setting this to some other default value..
Another question : did you check the Tomcat logs ?
On 14.01.2016 10:52, Rahul Singh wrote:
Hello Christopher ,
Thanks for your input,
ServletRequest.getContentLength is declared to return an int value (32-bit):
* Integer.MAX_VALUE = 2^31 - 1 = 2147483647
* 2GiB = 2 * 1024 * 1024 * 1024 = 2147483648
* 2147483648 > 2147483647
Therefore, request.getContentLength cannot be used to fetch
content-lengths over 2GiB - 1byte.
Yes above is already investigated, BTW thanks .
You have to use
ServletRequest.getContentLengthLong (new in servlet 3.1)
for this we have to upgrade tomcat 8, currently we are using tomcat 7.0.54.
or call
HttpServletRequest.getHeader("Content-Length") as a String and parse it
yourself.
OK, but where we need to do this, in init() method or in doFilter() method, but
FYI, the request(upload file >2GB) is not reached to doFilter().
Apart from above thread we want to share more information so that tomcat team
help us to get out from this issue.
For my struts project the doFilter() fails to get any request from the file
upload form in cases the size of the file is greater than 2gb.
Below is the code fragment:
Filter is as follows:
public void doFilter(ServletRequest req, ServletResponse res, FilterChain
chain) throws IOException, ServletException
{
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
HttpSession session = request.getSession(false);
request.setCharacterEncoding("UTF-8");
/*
do the other business work example request response monitoring and
logging
*/
chain.doFilter(request, response);
}
jsp is :
For my jsp the form is submitted as a XMLHttpRequest via the underlying
javascipt.
Now when I upload a a file (lesser than 2gb) ,in my dofilter() method I have
checked the uri and request length for the request.
They are as expected via the action called in the jsp form and the file size.
The file upload works fine in this case. But in case where the file size is
greater than 2gb ,
in my doFilter() method no request is available for the file upload action
called by the form submit(for file size greater than 2 gb).
Thus the upload does not proceed further in such cases.
I am using servlet 3.0.
What do I need to do to support larger than 2 gb file uploads, so that the
request reaches the doFilter() method?
From: Christopher Schultz
Sent: Wednesday, January 13, 2016 8:11 PM
To: Tomcat Users List
Subject: Re: File size >= 2GB not uploaded in application [Tomcat 7.0.54
Struts: 2.3.24 JAVA: openJDK 1.7.79]
Rahul,
On 1/12/16 10:56 PM, Rahul Singh wrote:
Hi,
Define "Not successful"? Exceptions thrown? File truncated? Upload
never starts? Never finishes?
Not successful :
Request Never finishes, we have trace the HttpServlet request object
and request.getContentLength return 0 in case when file size is >=2GB,
No exception thrown, as well as when file size is less than 2GB, then
request.getContentLength return the correct value of file size in
byte.
ServletRequest.getContentLength is declared to return an int value (32-bit):
* Integer.MAX_VALUE = 2^31 - 1 = 2147483647
* 2GiB = 2 * 1024 * 1024 * 1024 = 2147483648
* 2147483648 > 2147483647
Therefore, request.getContentLength cannot be used to fetch
content-lengths over 2GiB - 1byte. You have to use
ServletRequest.getContentLengthLong (new in servlet 3.1) or call
HttpServletRequest.getHeader("Content-Length") as a String and parse it
yourself.
-chris
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-un
Re: Tomcat 8.0.18 is not getting started
On 19.01.2016 13:53, Anand wrote: I am trying to install Tomcat 8.0.18 from location: http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.18/bin/apache-tomcat-8.0.18-windows-x64.zip JDK Used from below location http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html jdk-8u66-windows-x64.exe Environment - Windows 7, JDK 1.8 I am not modifying any files(like wevb.xml) during startup and also not added any 3rd party jars in tomcat lib directory. Tomcat is unable to start, fails with below error: Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server version:Apache Tomcat/8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server built: Jan 23 2015 11:56:07 UTC Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server number: 8.0.18.0 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Name: Windows 7 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Version:6.1 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Architecture: amd64 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Java Home: C:\Program Files\Java\jdk1.8.0_66\jre Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Version: 1.8.0_66-b18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Vendor:Oracle Corporation Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_BASE: C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_HOME: C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.util.logging.config.file=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18\conf\logging.properties Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.endorsed.dirs=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18\endorsed Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.base=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.home=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.io.tmpdir=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18\temp Jan 18, 2016 4:28:05 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Loaded APR based Apache Tomcat Native library 1.1.32 using APR version 1.5.1. Jan 18, 2016 4:28:05 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jan 18, 2016 4:28:06 PM org.apache.catalina.core.AprLifecycleListener initializeSSL INFO: OpenSSL successfully initialized (OpenSSL 1.0.1j 15 Oct 2014) Jan 18, 2016 4:28:06 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-apr-8080"] Jan 18, 2016 4:28:06 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["ajp-apr-8009"] Jan 18, 2016 4:28:06 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1621 ms Jan 18, 2016 4:28:06 PM org.apache.catalina.startup.Catalina start SEVERE: The required Server component failed to start so Tomcat is unable to start. org.apache.catalina.LifecycleException: Failed to start component [StandardServer[8005]] at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154) at org.apache.catalina.startup.Catalina.start(Catalina.java:625) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:497) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:351) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:485) Caused by: java.lang.NoSuchMethodError: org.apache.naming.NamingContext.setExceptionOnFailedWrite(Z)V at org.apache.catalina.core.NamingContextLis
Re: Tomcat 8.0.18 is not getting started
On 19.01.2016 14:36, Anand wrote: I tried to start the tomcat from command line by executing the startup.bat. Ok. Again, I am not the ultimate expert, but the key error below seems to be around Caused by: java.lang.NoSuchMethodError: org.apache.naming.NamingContext.setExceptionOnFailedWrite(Z)V I don't know exactly what that means, but since you are on Windows 7, I would first make sure that you are not experiencing some conflict with "User Account Control" or similar, and that the directories where Tomcat needs to write (as it is started in a command window, under the user account which you use to login into Windows), can actually be written by this Tomcat (the "logs" directory, and the "work" directory for instance). (This may not be the ultimate reason for the error, but it may be a triggering factor). On Tue, Jan 19, 2016 at 6:40 PM, André Warnier (tomcat) wrote: On 19.01.2016 13:53, Anand wrote: I am trying to install Tomcat 8.0.18 from location: http://archive.apache.org/dist/tomcat/tomcat-8/v8.0.18/bin/apache-tomcat-8.0.18-windows-x64.zip JDK Used from below location http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html jdk-8u66-windows-x64.exe Environment - Windows 7, JDK 1.8 I am not modifying any files(like wevb.xml) during startup and also not added any 3rd party jars in tomcat lib directory. Tomcat is unable to start, fails with below error: Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server version:Apache Tomcat/8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server built: Jan 23 2015 11:56:07 UTC Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Server number: 8.0.18.0 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Name: Windows 7 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: OS Version:6.1 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Architecture: amd64 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Java Home: C:\Program Files\Java\jdk1.8.0_66\jre Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Version: 1.8.0_66-b18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: JVM Vendor:Oracle Corporation Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_BASE: C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: CATALINA_HOME: C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.util.logging.config.file=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18\conf\logging.properties Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.endorsed.dirs=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18\endorsed Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.base=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Dcatalina.home=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18 Jan 18, 2016 4:28:05 PM org.apache.catalina.startup.VersionLoggerListener log INFO: Command line argument: -Djava.io.tmpdir=C:\Tomcat\apache-tomcat-8.0.18-windows-x64\apache-tomcat-8.0.18\temp Jan 18, 2016 4:28:05 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Loaded APR based Apache Tomcat Native library 1.1.32 using APR version 1.5.1. Jan 18, 2016 4:28:05 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jan 18, 2016 4:28:06 PM org.apache.catalina.core.AprLifecycleListener initializeSSL INFO: OpenSSL successfully initialized (OpenSSL 1.0.1j 15 Oct 2014) Jan 18, 2016 4:28:06 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["http-apr-8080"] Jan 18, 2016 4:28:06 PM org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler ["ajp-apr-8009"] Jan 18, 2016 4:28:06 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1621 ms Jan 18, 2016 4:28:06 PM org.apache.catalina.startup.Cata
Re: switching between Java8 and Java 7 under tomcat7 leads to error
On 26.01.2016 10:19, Christoph P.U. Kukulies wrote:
Am 26.01.2016 um 09:36 schrieb Christoph P.U. Kukulies:
Am 25.01.2016 um 19:34 schrieb George Sexton:
On 1/25/2016 3:52 AM, Christoph P.U. Kukulies wrote:
Thanks. Will give that a try.
How can I tell, which java engine Tomcat is actually using?
At a CMD prompt I'm getting:
C:\> java -version
java version "1.8.0_71"
Java(TM) SE Runtime Environment (build 1.8.0_71-b15)
Java HotSpot(TM) 64-Bit Server VM (build 25.71-b15, mixed mode)
If you have a utility that shows what open files the Tomcat process has, that
would
work. Alternatively, get the Manager application running and see what
information it
provides under the Server Status screen.
That made me ask myself, whether the parameters and settings I can see and set
through
the manager (tomcat6w.exe) are those that the
Windows7 service really "sees" at startup.
Would like to have added -Xmx768m to the startup parameters. Looking into the
registry
HKLM\System\CurrentControlSet\Services\tomcat6
I can only see the ImagePath that is started ("c:\Program
Files\Apache_Group\Tomcat_6.0.39\bin\tomcat6.exe" //RS//Tomcat6), the paramters
Key is empty.
Or does tomcat6w write these parameters elsewhere?
Thanks.
Sorry, discard my question above. I forgot for the moment that -Xmx is a Java
parameter,
not Tomcat.
Nonetheless would be interesting to know, where the configurator puts its
parameter
settings and
how one can control whether the jvm parameters are really effective.
--
Christoph
Maybe time to read the FAQ ?
http://wiki.apache.org/tomcat/FAQ/Windows#Q11
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk Connector for Apache 2.2 and Windows 64-bit
Hi. On the page http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/, the following mod_jk binaries are available : tomcat-connectors-1.2.40-windows-i386-httpd-2.0.x.zip 2014-04-14 21:40 130K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-httpd-2.2.x.zip 2014-04-14 21:40 130K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-httpd-2.4.x.zip 2014-04-14 21:40 130K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-iis.zip 2014-04-14 21:40 176K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-iplanet.zip 2014-04-14 21:40 141K ZIP compressed archive tomcat-connectors-1.2.40-windows-x86_64-httpd-2.4.x.zip 2014-04-14 21:40 158K ZIP compressed archive tomcat-connectors-1.2.40-windows-x86_64-iis.zip 2014-04-14 21:40 216K ZIP compressed archive However, I am looking for a "x86_64-httpd-2.2.x" version. (Windows, Apache 2.2 64-bit). Any idea where I could find ditto ? (In a pinch, we could de-install the Apache 64-bit and re-install a 32-bit version, but we'd rather not have to do that) Thanks for any info André - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk Connector for Apache 2.2 and Windows 64-bit
2016-01-28 15:00 GMT+03:00 André Warnier (tomcat) : Hi. On the page http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/, the following mod_jk binaries are available : tomcat-connectors-1.2.40-windows-i386-httpd-2.0.x.zip 2014-04-14 21:40 130K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-httpd-2.2.x.zip 2014-04-14 21:40 130K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-httpd-2.4.x.zip 2014-04-14 21:40 130K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-iis.zip 2014-04-14 21:40 176K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-iplanet.zip 2014-04-14 21:40 141K ZIP compressed archive tomcat-connectors-1.2.40-windows-x86_64-httpd-2.4.x.zip 2014-04-14 21:40 158K ZIP compressed archive tomcat-connectors-1.2.40-windows-x86_64-iis.zip 2014-04-14 21:40 216K ZIP compressed archive However, I am looking for a "x86_64-httpd-2.2.x" version. (Windows, Apache 2.2 64-bit). Any idea where I could find ditto ? (In a pinch, we could de-install the Apache 64-bit and re-install a 32-bit version, but we'd rather not have to do that) You may try here: http://www.apachelounge.com/download/win64/ The Tomcat committers no longer provide binaries for mod_jk (the dev environment was lost). E.g. 1.2.41 was a sources-only release. It is known that apachelounge.com builds mod_jk for their builds of httpd. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk Connector for Apache 2.2 and Windows 64-bit
On 28.01.2016 14:44, Konstantin Kolinko wrote: 2016-01-28 15:00 GMT+03:00 André Warnier (tomcat) : Hi. On the page http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/, the following mod_jk binaries are available : tomcat-connectors-1.2.40-windows-i386-httpd-2.0.x.zip 2014-04-14 21:40 130K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-httpd-2.2.x.zip 2014-04-14 21:40 130K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-httpd-2.4.x.zip 2014-04-14 21:40 130K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-iis.zip 2014-04-14 21:40 176K ZIP compressed archive tomcat-connectors-1.2.40-windows-i386-iplanet.zip 2014-04-14 21:40 141K ZIP compressed archive tomcat-connectors-1.2.40-windows-x86_64-httpd-2.4.x.zip 2014-04-14 21:40 158K ZIP compressed archive tomcat-connectors-1.2.40-windows-x86_64-iis.zip 2014-04-14 21:40 216K ZIP compressed archive However, I am looking for a "x86_64-httpd-2.2.x" version. (Windows, Apache 2.2 64-bit). Any idea where I could find ditto ? (In a pinch, we could de-install the Apache 64-bit and re-install a 32-bit version, but we'd rather not have to do that) You may try here: http://www.apachelounge.com/download/win64/ The Tomcat committers no longer provide binaries for mod_jk (the dev environment was lost). E.g. 1.2.41 was a sources-only release. It is known that apachelounge.com builds mod_jk for their builds of httpd. I think that I hit the send button too quickly before.. I wanted to say thanks, I did indeed find what I was looking for on apachelounge. André - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk Connector for Apache 2.2 and Windows 64-bit
On 28.01.2016 15:55, Konstantin Kolinko wrote: 2016-01-28 16:44 GMT+03:00 Konstantin Kolinko : 2016-01-28 15:00 GMT+03:00 André Warnier (tomcat) : Hi. On the page http://apache.lauf-forum.at/tomcat/tomcat-connectors/jk/binaries/windows/, the following mod_jk binaries are available : [...] You may try here: http://www.apachelounge.com/download/win64/ The Tomcat committers no longer provide binaries for mod_jk (the dev environment was lost). E.g. 1.2.41 was a sources-only release. It is known that apachelounge.com builds mod_jk for their builds of httpd.. For a reference, Christopher summed up the situation here, (2015-08, "[ANN] Apache Tomcat Connectors 1.2.41 released" thread) http://tomcat.markmail.org/message/lyxmf5zof5csf6bn Ok, understood. Thanks for the reference. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP communication
On 28.01.2016 18:38, Maxim Neshcheret wrote: I have a problem with my java application related to HTTP communication. Application description: 1. Client – server. Server is running in servlet container. We use Tomcat. Client use java HTTP library to communicate with the server. 2. When client establish connection to the server it sends GET request (keepalive) and server creates AsyncContext for the client with 10 days timeout. 3. After connection established server periodically sends data to the client using AsyncContext and on the client side there is special thread which reads and processes the data. [ snip ...] Usually this code works fine but it there is no data from server to client for 1 day and after 24 hours (can be 16 or 12) data appears, server cannot send data to the client. In the log there is no error. It is written that everything flushed but client still waiting for data in “final String line = reader.readLine();” When 2nd portion of data is sent by the server, then during flush I see the following error 2016-01-26 00:00:00,051|INFO |GWNotify-2/50 |ClientAbort 2016-01-26 00:00:00,051|TRACE|GWNotify-2/50 |ClientAbortException:java.io.IOException: APR error: -32 org.apache.catalina.connector.ClientAbortException: java.io.IOException: APR error: -32 [snip ...] Hi. I am unqualified to check your code, but a first question would be : where is the Client, and where is the Server and what is the connection between them like ? And the reason for the question is : it is not at all unusual, that any kind of network connection would be interrupted at some point over a 24-hour period, specially if nothing is sent over that connection for a long time. When a connection "disappears", TCP sends no signal to either the client or the server, and an error will only be caught, if one of the parties tries to write to the (now gone) connection (which seems to be what happens above, when the server tries to write to the Client, and gets a "client is no longer there" exception). If you want to avoid this, you will have to handle this in your code. You cannot just expect the connection to be alive no matter what. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset - Errors
On 01.02.2016 17:55, Bomma, Nithun wrote: Hello, We are using Tomcat 6.x for one of our application. It was working fine until today morning and all of sudden we tomcat application was not responding and was throwing below errors: Feb 1, 2016 9:00:16 AM com.microsoft.sqlserver.jdbc.SQLServerConnection Prelogin WARNING: ConnectionID:96869 Prelogin error: host MSSENTCLUSQL01P.amtrak.ad.nrpc port 1433 Error sending prelogin request: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Feb 1, 2016 9:00:22 AM com.microsoft.sqlserver.jdbc.SQLServerConnection Prelogin WARNING: ConnectionID:96899 Prelogin error: host MSSENTCLUSQL01P.amtrak.ad.nrpc port 1433 Error sending prelogin request: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Feb 1, 2016 9:00:29 AM org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2 Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Feb 1, 2016 9:04:25 AM com.microsoft.sqlserver.jdbc.TDSChannel enableSSL INFO: java.security path: /usr/java/jdk1.6.0_17/jre/lib/security Security providers: [SUN version 1.6, SunRsaSign version 1.5, SunJSSE version 1.6, SunJCE version 1.6, SunJGSS version 1.0, SunSASL version 1.5, XMLDSig version 1.0, SunPCSC version 1.6] SSLContext provider info: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1) SSLContext provider services: [SunJSSE: KeyFactory.RSA -> sun.security.rsa.RSAKeyFactory aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1] , SunJSSE: KeyPairGenerator.RSA -> sun.security.rsa.RSAKeyPairGenerator aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1] , SunJSSE: Signature.MD2withRSA -> sun.security.rsa.RSASignature$MD2withRSA aliases: [1.2.840.113549.1.1.2, OID.1.2.840.113549.1.1.2] , SunJSSE: Signature.MD5withRSA -> sun.security.rsa.RSASignature$MD5withRSA aliases: [1.2.840.113549.1.1.4, OID.1.2.840.113549.1.1.4] , SunJSSE: Signature.SHA1withRSA -> sun.security.rsa.RSASignature$SHA1withRSA aliases: [1.2.840.113549.1.1.5, OID.1.2.840.113549.1.1.5, 1.3.14.3.2.29, OID.1.3.14.3.2.29] , SunJSSE: Signature.MD5andSHA1withRSA -> com.sun.net.ssl.internal.ssl.RSASignature , SunJSSE: KeyManagerFactory.SunX509 -> com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509 , SunJSSE: KeyManagerFactory.NewSunX509 -> com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$X509 , SunJSSE: TrustManagerFactory.SunX509 -> com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl$SimpleFactory , SunJSSE: TrustManagerFactory.PKIX -> com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl$PKIXFactory aliases: [SunPKIX, X509, X.509] , SunJSSE: SSLContext.SSL -> com.sun.net.ssl.internal.ssl.SSLContextImpl , SunJSSE: SSLContext.SSLv3 -> com.sun.net.ssl.internal.ssl.SSLContextImpl , SunJSSE: SSLContext.TLS -> com.sun.net.ssl.internal.ssl.SSLContextImpl , SunJSSE: SSLContext.TLSv1 -> com.sun.net.ssl.internal.ssl.SSLContextImpl , SunJSSE: SSLContext.Default -> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl , SunJSSE: KeyStore.PKCS12 -> com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore ] java.ext.dirs: /usr/java/jdk1.6.0_17/jre/lib/ext:/usr/java/packages/lib/ext Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Connection reset". Feb 1, 2016 9:04:38 AM org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2 After 6 Minutes, we started getting OutOfmemory Errors. SEVERE: Caught exception (java.lang.OutOfMemoryError: GC overhead limit exceeded) executing org.apache.jk.common.ChannelSocket$SocketAcceptor@a03fd6a, terminating thread Caught exception org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object Caught exception org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object Caught exception org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Feb 1, 2016 9:11:29 AM com.microsoft.sqlserver.jdbc.TDSChannel enableSSL Can you please me understand what caused this issue? Maybe : from the looks of it, your tomcat uses some (non-tomcat) mechanism to connect to an external Microsoft SQL Server, and that is not working (anymore). It does not see
Re: com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset - Errors
On 01.02.2016 18:16, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nithin, On 2/1/16 11:55 AM, Bomma, Nithun wrote: We are using Tomcat 6.x for one of our application. It was working fine until today morning and all of sudden we tomcat application was not responding and was throwing below errors: Feb 1, 2016 9:00:16 AM com.microsoft.sqlserver.jdbc.SQLServerConnection Prelogin WARNING: ConnectionID:96869 Prelogin error: host MSSENTCLUSQL01P.amtrak.ad.nrpc port 1433 Error sending prelogin request: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Feb 1, 2016 9:00:22 AM com.microsoft.sqlserver.jdbc.SQLServerConnection Prelogin WARNING: ConnectionID:96899 Prelogin error: host MSSENTCLUSQL01P.amtrak.ad.nrpc port 1433 Error sending prelogin request: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Feb 1, 2016 9:00:29 AM org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2 Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Feb 1, 2016 9:04:25 AM com.microsoft.sqlserver.jdbc.TDSChannel enableSSL INFO: java.security path: /usr/java/jdk1.6.0_17/jre/lib/security Security providers: [SUN version 1.6, SunRsaSign version 1.5, SunJSSE version 1.6, SunJCE version 1.6, SunJGSS version 1.0, SunSASL version 1.5, XMLDSig version 1.0, SunPCSC version 1.6] SSLContext provider info: Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1) SSLContext provider services: [SunJSSE: KeyFactory.RSA -> sun.security.rsa.RSAKeyFactory aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1] , SunJSSE: KeyPairGenerator.RSA -> sun.security.rsa.RSAKeyPairGenerator aliases: [1.2.840.113549.1.1, OID.1.2.840.113549.1.1] , SunJSSE: Signature.MD2withRSA -> sun.security.rsa.RSASignature$MD2withRSA aliases: [1.2.840.113549.1.1.2, OID.1.2.840.113549.1.1.2] , SunJSSE: Signature.MD5withRSA -> sun.security.rsa.RSASignature$MD5withRSA aliases: [1.2.840.113549.1.1.4, OID.1.2.840.113549.1.1.4] , SunJSSE: Signature.SHA1withRSA -> sun.security.rsa.RSASignature$SHA1withRSA aliases: [1.2.840.113549.1.1.5, OID.1.2.840.113549.1.1.5, 1.3.14.3.2.29, OID.1.3.14.3.2.29] , SunJSSE: Signature.MD5andSHA1withRSA -> com.sun.net.ssl.internal.ssl.RSASignature , SunJSSE: KeyManagerFactory.SunX509 -> com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509 , SunJSSE: KeyManagerFactory.NewSunX509 -> com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$X509 , SunJSSE: TrustManagerFactory.SunX509 -> com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl$SimpleFactory , SunJSSE: TrustManagerFactory.PKIX -> com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl$PKIXFactory aliases: [SunPKIX, X509, X.509] , SunJSSE: SSLContext.SSL -> com.sun.net.ssl.internal.ssl.SSLContextImpl , SunJSSE: SSLContext.SSLv3 -> com.sun.net.ssl.internal.ssl.SSLContextImpl , SunJSSE: SSLContext.TLS -> com.sun.net.ssl.internal.ssl.SSLContextImpl , SunJSSE: SSLContext.TLSv1 -> com.sun.net.ssl.internal.ssl.SSLContextImpl , SunJSSE: SSLContext.Default -> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl , SunJSSE: KeyStore.PKCS12 -> com.sun.net.ssl.internal.pkcs12.PKCS12KeyStore ] java.ext.dirs: /usr/java/jdk1.6.0_17/jre/lib/ext:/usr/java/packages/lib/ext Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "Connection reset". Feb 1, 2016 9:04:38 AM org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2 No description of the underlying error. :( I would imagine someone finally disabled SSLv3 on the database server, so you have to use a higher protocol to connect to it? After 6 Minutes, we started getting OutOfmemory Errors. SEVERE: Caught exception (java.lang.OutOfMemoryError: GC overhead limit exceeded) executing org.apache.jk.common.ChannelSocket$SocketAcceptor@a03fd6a, terminating thread Caught exception org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object Caught exception org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object Caught exception org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object Caught exception com.microsoft.sqlserver.jdbc.SQLServerException: Connection reset Perhaps the SQL Server driver doesn't clean-up its resources when it gets a fa
Re: Http 403: access to requested resource denied
On 03.02.2016 19:07, David kerber wrote: On 2/3/2016 12:50 PM, prashant sharma wrote: On 3 Feb 2016 17:42, "David kerber" wrote: On 2/3/2016 12:23 PM, prashant sharma wrote: On 3 Feb 2016 16:38, "Mark Eggers" wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quick note - please post at the bottom or inline. See item 6 of the Tomcat users mailing list here: http://tomcat.apache.org/lists.html On 2/3/2016 8:20 AM, prashant sharma wrote: That's true. But we are not doing any authn/authz in our application. Its just a simple webapp that exposes 1 endpoint (put method). Any body should be able to hit that end point. It works fine if I place my war outside tomcat installation directory and create a context from Catalina/localhost. But if I place my war inside webapps then it gives http 403 when I hit my endpoint. Regards, Prashant 07440456543 On 3 Feb 2016 16:11, "David kerber" wrote: 403 is an authentication/authorization error, which means the logged-in user doesn't have permissions to the requested resource. On 2/3/2016 11:05 AM, prashant sharma wrote: Hi, Can someone pls provide any inputs on below. Thanks Regards, Prashant 07440456543 On 2 Feb 2016 18:02, "prashant sharma" wrote: Hi, I am using apache tomcat 7.0.57 and jdk 7 on windows 7. I have deployed a simple web application inside tomcat webapps folder by placing the war file directly in webapps. This is a basic application which exposes an endpoint with put request method. When I try to access this endpoint I get 403 access forbidden error. However If I place war file outside tomcat and point it by creating context.xml in conf/Catalina/localhost I am able to access my endpoint. Can someone pls tell what's wrong with the first approach and why its not working in that Regards, Prashant 07440456543 With your put method, are you trying to write to a file within the web application? . . . just my two cents This put method updates a record in database. The same webapp(endpoint) works when I place war outside tomcat. Check the permissions on the directories where you are placing the .war file. .war file is places under tomcat webapps folder. Yes, I know. You need to check the permissions that are set on that directory. If that is really what is happening, maybe some warnings are in order here : 1) from a security point of view, it does not seem to me a very good idea to allow a PUT to add (or overwrite) files in the webapps directory. What if someone uses this to upload a malicious webapp there ? 2) from a portability point of view, the webapps directory is not guaranteed to be writeable. It may not even be a filesystem. Maybe there is something more subtle going on here : Have a look at the HTTP RFC and its description of a PUT : https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.6 I am not saying that that /is/ how the actual code works, but in function of that description, it seems to me that a webserver would be entitled to map the given PUT URI into the "URI space", and from there into the filesystem, and check if that filesystem location is indeed writeable. In any case, it seems to me dubious to use a PUT, to update a record in a database. A POST would probably be more appropriate here. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Http 403: access to requested resource denied
On 03.02.2016 22:17, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 2/3/16 1:50 PM, André Warnier (tomcat) wrote: On 03.02.2016 19:07, David kerber wrote: On 2/3/2016 12:50 PM, prashant sharma wrote: On 3 Feb 2016 17:42, "David kerber" wrote: On 2/3/2016 12:23 PM, prashant sharma wrote: On 3 Feb 2016 16:38, "Mark Eggers" wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Quick note - please post at the bottom or inline. See item 6 of the Tomcat users mailing list here: http://tomcat.apache.org/lists.html On 2/3/2016 8:20 AM, prashant sharma wrote: That's true. But we are not doing any authn/authz in our application. Its just a simple webapp that exposes 1 endpoint (put method). Any body should be able to hit that end point. It works fine if I place my war outside tomcat installation directory and create a context from Catalina/localhost. But if I place my war inside webapps then it gives http 403 when I hit my endpoint. Regards, Prashant 07440456543 On 3 Feb 2016 16:11, "David kerber" wrote: 403 is an authentication/authorization error, which means the logged-in user doesn't have permissions to the requested resource. On 2/3/2016 11:05 AM, prashant sharma wrote: Hi, Can someone pls provide any inputs on below. Thanks Regards, Prashant 07440456543 On 2 Feb 2016 18:02, "prashant sharma" wrote: Hi, I am using apache tomcat 7.0.57 and jdk 7 on windows 7. I have deployed a simple web application inside tomcat webapps folder by placing the war file directly in webapps. This is a basic application which exposes an endpoint with put request method. When I try to access this endpoint I get 403 access forbidden error. However If I place war file outside tomcat and point it by creating context.xml in conf/Catalina/localhost I am able to access my endpoint. Can someone pls tell what's wrong with the first approach and why its not working in that Regards, Prashant 07440456543 With your put method, are you trying to write to a file within the web application? . . . just my two cents This put method updates a record in database. The same webapp(endpoint) works when I place war outside tomcat. Check the permissions on the directories where you are placing the .war file. .war file is places under tomcat webapps folder. Yes, I know. You need to check the permissions that are set on that directory. If that is really what is happening, maybe some warnings are in order here : 1) from a security point of view, it does not seem to me a very good idea to allow a PUT to add (or overwrite) files in the webapps directory. What if someone uses this to upload a malicious webapp there ? Re-read his post: he's not writing to the filesystem. Something else is wrong. 2) from a portability point of view, the webapps directory is not guaranteed to be writeable. It may not even be a filesystem. +1, not probably not relevant. Maybe there is something more subtle going on here : Have a look at the HTTP RFC and its description of a PUT : https://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.6 I am not saying that that /is/ how the actual code works, but in function of that description, it seems to me that a webserver would be entitled to map the given PUT URI into the "URI space", and from there into the filesystem, and check if that filesystem location is indeed writeable. In any case, it seems to me dubious to use a PUT, to update a record in a database. A POST would probably be more appropriate here. The only weird thing to me is the fact that this works when the OP deploys the same application in a different way. We do not know the webapp. We do not know the URI to which this is being PUT. We don't know what security rules are (or are not) implemented at the JVM or container level. We do know that there is a PUT handler implemented, because a) it works in one case (deployed outside of webapps) b) when it does not work (in webapps), the error code returned is not 405 (not implemented), but 403 (forbidden) Let's presume that the PUT URI does not change, no matter where the webapp is actually deployed. Let's presume that the application's security-constraints do not change either. I would also suppose that we know that when the example DAV application (which handles PUTs) is deployed inside the webapps directory, it does not return a 403 for allowed PUT URI's. Given the above, I can only imagine that it is the OP's application itself, which is returning the 403 in one case. The application could be trying to write to another file somewhere, and return a 403 when it cannot. To really know why it does, would require a knowledge of the application, which we don't have. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Having Java websocket server in tomcat handle ISO8859_1
On 08.02.2016 19:41, Jason Ricles wrote: I have an application that sends binary websocket messages between a class and the web application using a websocket server written in java. The data being sent from the java class is encoded in a binary buffer with the bytes in ISO8859_1. However, when I receive the bytes on the websocket server and the web application end they are junk (such as -121, -116, etc.) and not encoded the correct way that they need to be. I was reading that this might be caused by something being set in my websocket server and web application to use UTF-8 for the default and not ISO8859_1. Is there any way I can change my websocket server and my web application which uses JavaScript to use ISO8859_1 instead of UTF-8? Now is it Java, or JavaScript ? (earlier you say "sent from the java class"..) For a proper "correct" solution, the client sending text data to the server should tell the server what character set/encoding is used for that data (via some kind of "header" for example). This way, the server could always read that text data and decode it in the proper way. If you are /sure/ that this server socket, now and in the future, will only ever receive text data from this particular version of your client java/javascript code, and that text will always be encoded as iso-8859-1, then you should at least make sure that the server code which is reading and decoding this data, does it as iso-8859-1, which is not the default character set for java. But by doing so, you are only moving the problem further in the future, because as far as it looks right now, the usage of Unicode/UTF-8 will increase, and the usage of iso-8859-x character sets will decrease over time. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Having Java websocket server in tomcat handle ISO8859_1
On 08.02.2016 20:27, Jason Ricles wrote: The message is built and sent in a javaclass connected to a websocket server for the web application also written in java then the message is passed to the webpage which uses javascript 1) on this list, do not "top post". See : http://tomcat.apache.org/lists.html#tomcat-users #6 2) this is now very confusing. Are you talking about data flowing from the server to a bowser client, or from a browser client to the server, or both, and in what order ? (maybe a little ASCII-graphic schema would help) Anyway, if you are sending/receiving text data "disguised" as binary data, then you are responsible for making sure that both ends know which character set/encoding is being used, and *program* the proper encoding/decoding at both ends. What you are seeing in the buffer right now is not junk. It is exactly what was written by the side doing the writing. The problem is that the side doing the reading, does not know how this data is encoded, so it does not "understand" it properly. For a websocket, there is no Tomcat setting (that I know of) that will change that. You will have to do this in your applications (on both server and client sides). And if you instead want to exchange text data, then as far as I know (per RFC 6455) it MUST be encoded as UTF-8. See https://tools.ietf.org/html/rfc6455#section-5.6 On Mon, Feb 8, 2016 at 2:25 PM, André Warnier (tomcat) wrote: On 08.02.2016 19:41, Jason Ricles wrote: I have an application that sends binary websocket messages between a class and the web application using a websocket server written in java. The data being sent from the java class is encoded in a binary buffer with the bytes in ISO8859_1. However, when I receive the bytes on the websocket server and the web application end they are junk (such as -121, -116, etc.) and not encoded the correct way that they need to be. I was reading that this might be caused by something being set in my websocket server and web application to use UTF-8 for the default and not ISO8859_1. Is there any way I can change my websocket server and my web application which uses JavaScript to use ISO8859_1 instead of UTF-8? Now is it Java, or JavaScript ? (earlier you say "sent from the java class"..) For a proper "correct" solution, the client sending text data to the server should tell the server what character set/encoding is used for that data (via some kind of "header" for example). This way, the server could always read that text data and decode it in the proper way. If you are /sure/ that this server socket, now and in the future, will only ever receive text data from this particular version of your client java/javascript code, and that text will always be encoded as iso-8859-1, then you should at least make sure that the server code which is reading and decoding this data, does it as iso-8859-1, which is not the default character set for java. But by doing so, you are only moving the problem further in the future, because as far as it looks right now, the usage of Unicode/UTF-8 will increase, and the usage of iso-8859-x character sets will decrease over time. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Having Java websocket server in tomcat handle ISO8859_1
On 08.02.2016 23:31, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 2/8/16 3:43 PM, Mark Thomas wrote: On 08/02/2016 18:41, Jason Ricles wrote: I have an application that sends binary websocket messages between a class and the web application using a websocket server written in java. The data being sent from the java class is encoded in a binary buffer with the bytes in ISO8859_1. However, when I receive the bytes on the websocket server and the web application end they are junk (such as -121, -116, etc.) and not encoded the correct way that they need to be. The bytes are transmitted as unsigned on the wire (as required by the WebSocket spec). Java handles them as signed. You need to convert them. Something like (untested): char c = b & 0xFF; I had to read this something like 10 times before I convinced myself that this was correct. For those who want to know what this makes any kind of sense (because, at first glance, it does not make any sense), I'll explain it. For starters, Java uses signed byte primitives but /unsigned/ char primitives. For those coming from the C world, that may be confusing. bytes are 8 (signed) bits and chars are 16 (unsigned) bits. But Java doesn't have any defined arithmetic operations (including bitwise) for anything smaller than an int (32 signed bytes), so the above assignment is actually more like this: byte b = 0xab; // e.g. char c = (char) ( ((int)b) & 0xff ) So, first b is widened from 8 bits to 32 bits -- with a sign-extension. That means that -1 is still -1, it's just represented by a different bit pattern: instead of . Next, the bitwise && is performed, which zeros-out everything but the bottom 8-bits (now we have ). Then, that value is cast to char which does practically nothing. In the above example (-1), we get a final value of 255 for c, which is exactly what you'd expect for an unsigned char whose signed value is -1. I think the only surprise thing there is that Java widens all types to 32-bit signed int to perform these operations. Without that fact, the above assignment doesn't make much sense. In C, that line of code would do absolutely nothing at all. Would a simpler way to say this not be that in Java, a char is a 16-bit integer whose value happens to be the corresponding character's Unicode codepoint ? Of course his all takes us further away from the OP's original description of the issue, which said "The data being sent from the java class is encoded in a binary buffer with the bytes in ISO8859_1." Which basically doesn't make sense, unless the data in question is originallly text. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Having Java websocket server in tomcat handle ISO8859_1
On 09.02.2016 15:06, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 2/8/16 6:25 PM, André Warnier (tomcat) wrote: On 08.02.2016 23:31, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 2/8/16 3:43 PM, Mark Thomas wrote: On 08/02/2016 18:41, Jason Ricles wrote: I have an application that sends binary websocket messages between a class and the web application using a websocket server written in java. The data being sent from the java class is encoded in a binary buffer with the bytes in ISO8859_1. However, when I receive the bytes on the websocket server and the web application end they are junk (such as -121, -116, etc.) and not encoded the correct way that they need to be. The bytes are transmitted as unsigned on the wire (as required by the WebSocket spec). Java handles them as signed. You need to convert them. Something like (untested): char c = b & 0xFF; I had to read this something like 10 times before I convinced myself that this was correct. For those who want to know what this makes any kind of sense (because, at first glance, it does not make any sense), I'll explain it. For starters, Java uses signed byte primitives but /unsigned/ char primitives. For those coming from the C world, that may be confusing. bytes are 8 (signed) bits and chars are 16 (unsigned) bits. But Java doesn't have any defined arithmetic operations (including bitwise) for anything smaller than an int (32 signed bytes), so the above assignment is actually more like this: byte b = 0xab; // e.g. char c = (char) ( ((int)b) & 0xff ) So, first b is widened from 8 bits to 32 bits -- with a sign-extension. That means that -1 is still -1, it's just represented by a different bit pattern: instead of . Next, the bitwise && is performed, which zeros-out everything but the bottom 8-bits (now we have ). Then, that value is cast to char which does practically nothing. In the above example (-1), we get a final value of 255 for c, which is exactly what you'd expect for an unsigned char whose signed value is -1. I think the only surprise thing there is that Java widens all types to 32-bit signed int to perform these operations. Without that fact, the above assignment doesn't make much sense. In C, that line of code would do absolutely nothing at all. Would a simpler way to say this not be that in Java, a char is a 16-bit integer whose value happens to be the corresponding character's Unicode codepoint ? If you want to be pedantic (and I know you do!), this time I hesitated.. a Java character is a subset of Unicode codepoints. Unicode specifies more than 2^16 codepoints (or, at least, the range exceeds what 2^16 addresses covers). If you want to use actual Unicode codepoints, you need to use Java int -- which is why String.codePointAt returns int and not char. Well, I was planning to add a proviso about Unicode characters that were not part of the Basic Multilingual Plane (and thus with Codepoints above 2exp16-1), but I figured that the matter was already confusing enough. I found a old but good article about this topic : http://www.javaworld.com/article/2076571/java-se/an-in-depth-look-at-java-s-character-type.html And this must be the bible : https://docs.oracle.com/javase/7/docs/api/java/lang/Character.html Of course his all takes us further away from the OP's original description of the issue, which said "The data being sent from the java class is encoded in a binary buffer with the bytes in ISO8859_1." Which basically doesn't make sense, unless the data in question is originallly text. Of course it makes no sense at all. Binary is binary and character encoding is a property of text. Perhaps what he meant was that it wasn't XML or some fancy Web 2.0 thingy. But of course, he's using Websocket which is, by definition, Web 2.0. Welcome to the new binary! Text-encoding of binary data across a text-based channel. Or something like that. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAla58lQACgkQ9CaO5/Lv0PC+lACgo1yaNVCR0irOrk5hUSw3iury +BIAoLQElOEZylktC5u8ZIo5GaurP855 =a2zc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Async servlet timeout behaviour
On 11.02.2016 12:07, Thomas Boniface wrote: Hi, I'm using async servlet with a timeout configured to 300ms naive question : is that not awfully short, if this relates to some over-the-Internet communication ? but I can observe in live environnement some big differences with the actual applied timeout 700ms or more for instance. I was wondering how are triggered onTimeout events to AsyncListeners, is there a limited number of thread handling this ? Could this be explained by too many onTimeout occuring concurrently on a busy server ? I also wonder what can be done or not while in the onTimeout thread, can I still do some asynchronous operation (retrieving content from http request) and is writing to the reponse from this thread, as long as I ensured this done in a thread safe way, ok ? Thanks, Thomas - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is there a way for code running on Tomcat 7+ to determine the URL of the Web App it's running under?
Sorry, I lost the original message, so I can't respond in-thread. I only saw the last message, but to that, isn't this what the Op is asking for : http://tomcat.apache.org/tomcat-7.0-doc/servletapi/javax/servlet/http/HttpServletRequest.html No matter which jar these things are in, if these methods get called, they should return the current URI which the client called to trigger the current webapp, no ? (I'm talking of getRequestURL() and siblings). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is there a way for code running on Tomcat 7+ to determine the URL of the Web App it's running under?
On 12.02.2016 20:08, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 2/12/16 1:11 PM, André Warnier (tomcat) wrote: Sorry, I lost the original message, so I can't respond in-thread. I only saw the last message, but to that, isn't this what the Op is asking for : http://tomcat.apache.org/tomcat-7.0-doc/servletapi/javax/servlet/http/ HttpServletRequest.html No matter which jar these things are in, if these methods get called, they should return the current URI which the client called to trigger the current webapp, no ? (I'm talking of getRequestURL() and siblings). Mark's response accurately points out that anything the library does to try to determine which application it's running under can relatively easily be subverted by the application itself. For your example above, it would be easy to simply wrap the HttpServletRequest object and override "getRequestURL" and friends. If you don't trust the code calling you, then you can't trust anything up the stack. Ok, sorry, I have not really followed the thread since the beginning. I did not realise that there was a question of not trusting the *code* of the webapps themselves. I though it was only not trusting the client (browser or whatever). But let me then push the question one level deeper, at the Java level : is there a way by which some code about to call a method, could find out if this method is "the genuine article", or has been overridden by a wrapper for instance ? (And I do realise that this is not really applicable here, it is more by curiosity) I mean, the JVM of course must know; but is there a way by which the code can ask the JVM about this ? Or alternatively, can the code "force" the JVM to execute the real method of the original parent (in this case HttpServletRequest) instead of a perhaps wrapper object's method ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is there a way for code running on Tomcat 7+ to determine the URL of the Web App it's running under?
On 12.02.2016 20:49, Dougherty, Gregory T., M.S. wrote: You can honestly tell who¹s calling you, since you can throw an exception, catch it, then look at the stack trace. If you have an object, you can get its class, you can get what methods it implements, and you can get its parent class and recurse. So that should let you figure out which class will be implementing the emthod you¹re calling, unless I¹m totally confused. I can be confused easily too, in matters Java. But let's just speculate, and someone undoubtedly would correct me if I'm wrong. Since 1) you do not necessarily trust the code which is (directly) calling you. But you would trust it if you were sure that it is the original Tomcat code. 2) if I remember correctly, a HttpServletRequest object is immutable, so nobody can have modified the original data of the request, as it came in and was parsed by Tomcat. 3) What they could do however, is wrap the original object into another, and override the methods so that they would return other data than the original when you call getRequestURL 4) but you can climb up the object hierarchy, until you find the original (Tomcat) HttpServletRequest object and its methods yes ? Then I would imagine that there must be a way for you to retrieve the data as provided by the original HttpServletRequest getRequestURL, no ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is there a way for code running on Tomcat 7+ to determine the URL of the Web App it's running under?
On 12.02.2016 21:00, Leo Donahue wrote: On Feb 11, 2016 4:56 PM, "Dougherty, Gregory T., M.S." < dougherty.greg...@mayo.edu> wrote: I would like to have a jar file in tomcat/lib that can be called from any of the running web apps. I need for the code in the jar to behave differently depending on which web app called it. I would agree with what the others are saying here. It seems you are trying to authorize an entire web app instead of authoring the user of the web app. If the jar simply needs to take action based on a role of some kind, then could you not tie in a ldap user with appropriate role? I do not know either what the ultimate use case of the OP is. But I could imagine for example some webapps allowing to upload a file, and this jar containing a "saveFile" method which saves the file to a different server directory, depending on which webapp called it (but without relying for this on a parameter passed by the webapp or its configuration, and just relying on the URL having been used to call that webapp). (Of course there are other ways to achieve this, but this is just as a non-AAA example). Gregory, it may be time to tell us something about what you /really/ want to achieve here. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is there a way for code running on Tomcat 7+ to determine the URL of the Web App it's running under?
On 15.02.2016 11:06, Christoph Nenning wrote:
Perhaps I¹m naïve, but I was looking for a Tomcat provided
³getCurrentURL
()² call, and assumed that nothing else could have that. :-)
Thank you for the SecurityManager suggestion, I hadn¹t thought about
that.
I¹ll look in to how much of a pain that is.
You can rebuild the url with several methods of HttpServletRequest like:
- getScheme()
- getServerPort()
- getContextPath()
- getServletPath()
- getPathInfo()
To figure out the host name you can use the Host header:
getHeader("Host")
Regards,
Christoph
Christoph,
to save the OP (and Mark, and Christopher) some re-explaining, here is a
summary :
- the above is known
- but the question here is that the above cannot be trusted, because the webapp cannot be
trusted, and the webapp could have "wrapped" the original HttpServletRequest with another
object, which could have its own methods overriding the above and returning falsified
responses.
Granted, this is a bit nitpicking, but this being done as part of some security scheme
(the validity of which is not the point of this summary), one needs to take this into
consideration.
André
On 2/11/16, 5:33 PM, "Mark Thomas" wrote:
On 11/02/2016 22:56, Dougherty, Gregory T., M.S. wrote:
I would like to have a jar file in tomcat/lib that can be called from
any of the running web apps. I need for the code in the jar to behave
differently depending on which web app called it. It is not in this
case possible for the code to ³trust² the caller to tell it the URL of
the caller.
Is it possible for that code to independently determine the URL of
the
caller?
If you can't trust the caller to tell you the URL, you can't trust that
the caller isn't going to tinker with whatever mechanism you do use to
determine the URL.
You'd have a better chance of doing this if you ran under a
SecurityManager but unless you write an application from the start with
the intention of running it under a SecurityManager it is usually a lot
of additional effort to update the app so it runs correctly.
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
This Email was scanned by Sophos Anti Virus
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Block urls using X-forwaed-for
On 15.02.2016 13:03, Dhanushka Parakrama wrote: Hi Guys I have a Tomcat instance behind the load balancer (LB) , LB will pass the client ip address to backed tomcat instance using *X-forward-for* header . I basically want to filter user traffic based on the *X-forwaed-for* header in tomcat instance i have configured the following filter in tomcat , but it not working Remote Address Filter org.apache.catalina.filters.RemoteIpFilter allow localhost|205\.97\.96\.\d+|::1|0:0:0:0:0:0:0:1 Remote Address Filter /mgt/* Do you guys have any advice how to achieve it . Maybe have a look at : http://tuckey.org/urlrewrite/ ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Close_wait state
On 18.02.2016 16:50, Elias, Michael wrote: Hi - We are running tomcat version 7.0.50. Starting 2 days ago are application stopped responding to requests. Our investigation showed us that we are not closing connections. We see after 300 tcp sessions, for the tomcat PID, in CLOSE_WAIT state out app stops responding. Restarting the app clears the state. We took tcpdumps between our web layer and our tomcat layer. What we see in a successful connection is, after the response, tomcat sends a FIN, web ACK's, then web sends a FIN and Tomcat ACK's.. connection closes In a bad connection, tomcat does not send its FIN after the response, after 3 minutes, the WEB sends a FIN and tomcat ACK's. the connection goes into CLOSE_WAIT and stays in that state until restart of tomcat. Any help would be greatly appreciated. I have a question, and a story to this : Question : what happens to your connections in CLOSE_WAIT, if you force Tomcat (or rather, its JVM) to do a GC (garbage collection) ? (There are probably different ways to do that, but I know only one and it is lengthy to set up. Maybe someone has a quick suggestion ?) Story : One case in the past in which I had a similar issue, was with a webapp which : - created an object which itself created a TCP connection to some external process - used that object (its methods) to access that connection - and when the time came to close this connection, it just "forgot" the object, and left it to the JVM to cleanup when it destroyed the object And the JVM ended up with hundreds of connections in the CLOSE_WAIT state, up to a point (under Linux) where the entire TCP stack became unresponsive. My interpretation of what happened then is : Because in Java the garbage collection is asynchronous with the rest and only happens when needed, this unreferenced object could stay on the heap for quite a while. (As a matter of fact, the more comfortable the heap, the longer it stays). And because the JVM, to create a socket, uses ultimately some native code and some underlying native socket structure, this underlying OS-level socket remained also, in its CLOSE_WAIT state, for a long time after the original java object and wrapped connection had long ceased to be used by the webapp. A GC cleared that, because it finally eliminates and destroys unreferenced objects, and their linked native structures at the same time, which has the effect of finally closing the connection properly. So a GC magically deleted these hundreds of CLOSE_WAIT connections. Maybe your case is similar ? The proper solution of course is to make sure that the webapp properly closes the underlying connection before it drops the object that encapsulates it. An unproper and temporary (but in the meantime working) solution for me - because we had no access to the bad code - was to write a script which ran regularly, and forced the Tomcat JVM to do a GC. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Sessions number issue
On 19.02.2016 17:40, David kerber wrote: On 2/19/2016 11:20 AM, Qadeer Khan wrote: Anyone, please throw some insight on the following issue You need to do the research and answer the questions that Mark asked in your other thread. Since you're using jboss, this may well be a jboss problem, rather than tomcat. What I do not really understand here, is that the (partial) information provided so far seems to at least indicate that this is a JBOSS site and a RedHat customer; that RedHat does the development and support of JBOSS and has several JBOSS support forums available; and that the OP works for RedHat, as a Senior Consultant no less. So why does the OP not contact his own support resources first ? I mean, it is not that we don't /want/ to help (Tomcat 6-7 being used by JBOSS and all that), but would the above not be a logical first step ? [snip] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: context doesnt pick up
On 20.02.2016 23:40, Me Self wrote: Hi All When I put the context in server.xml it works fine, but if I put the same context tag in a xml file under /conf/Catalina/localhost/test.xml then tomcat doesn't pick it up. I would rather want to use the latter. The test.xml is Its a set up where the tomcat user has no write access to /webapps only read. The war has been exploded to /webapps/test. Auto deployment is disabled. In server.xml I have autoDeploy="false" deployOnStartup="false", unpackWARS="false". The tomcat user only has read access to /conf/Catalina/localhost/test.xml. Its tomcat 8 on linux. What Am I missing? Maybe also : if it is really like above, then your test.xml is invalid XML. The tag is not closed. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Sessions number issue
On 20.02.2016 18:44, George Sexton wrote:
On 2/20/2016 10:09 AM, Qadeer Khan wrote:
And I have no idea what questions I have to answer here! other than application
sessions
are being created by users and session field is remaining as zero.
Seriously, you should try responding to Mark's question here:
http://marc.info/?l=tomcat-user&m=145530442623563&w=2
In general, I went through the archives and read all of the threads.
First, you're not reporting a version of tomcat.
Second, you haven't verified the code is creating sessions by inspecting it.
Third, as asked, you haven't verified that users are even connecting to the
server you're
looking at.
You are not going to get a satisfactory outcome. You should really read this
web page:
http://www.catb.org/esr/faqs/smart-questions.html
and re-submit your question from the beginning, supplying all of the necessary
details.
In your particular case, you should document at minimum:
On server A running Apache Tomcat x.x.x, a request to URL ... creates an
incrementing
session.
On sever B running Apache Tomcat x.x.x, a request to URL does not create an
incrementing
session does not create a new session. I have verified by inspection of the
access logs
that the request is going to the expected web application instance.
If you can do this, you'll probably get more help.
Plus, the OP seems to be disregarding previous hints he's been given, such as
Christopher's earlier post about mismatched installed code versions.
Qadeer Khan, this is a high-quality support list. And on this list we do try to help
people with their Tomcat problems. But one condition is that they also try to help
themselves, and do not just expect answers to be spoon-fed to them.
On clicking on the session number which is a '0' displays following error
message:
An error occurred at line: 109 in the jsp file: /WEB-INF/jsp/sessionsList.jsp
DeltaSession cannot be resolved to a type
106:Session currentSession = (Session) iter.next();
107:String currentSessionId =
JspHelper.escapeXml(currentSession.getId());
108:String type;
109:if (currentSession instanceof DeltaSession) {
110:if (((DeltaSession) currentSession).isPrimarySession()) {
111:type = "Primary";
112:} else {
An error occurred at line: 110 in the jsp file: /WEB-INF/jsp/sessionsList.jsp
DeltaSession cannot be resolved to a type
107:String currentSessionId =
JspHelper.escapeXml(currentSession.getId());
108:String type;
109:if (currentSession instanceof DeltaSession) {
110:if (((DeltaSession) currentSession).isPrimarySession()) {
111:type = "Primary";
112:} else {
113:type = "Backup";
And my questions was why this could be happening and how could this be fixed
Thanks
- Original Message -
From: "Christopher Schultz"
To: "Tomcat Users List"
Sent: Saturday, February 20, 2016 11:03:22 AM
Subject: Re: Sessions number issue
Qadeer,
On 2/19/16 9:50 PM, Qadeer Khan wrote:
Thanks so much for the help. I thought it were the open forum for any
one needing support for Tomcat related questions.
It is, but you aren't answering any of our followup questions. It's
making it literally impossible to help you.
-chris
- Original Message -
From: "André Warnier (tomcat)"
To: users@tomcat.apache.org
Sent: Friday, February 19, 2016 3:08:48 PM
Subject: Re: Sessions number issue
On 19.02.2016 17:40, David kerber wrote:
On 2/19/2016 11:20 AM, Qadeer Khan wrote:
Anyone, please throw some insight on the following issue
You need to do the research and answer the questions that Mark asked in your
other
thread.
Since you're using jboss, this may well be a jboss problem, rather than tomcat.
What I do not really understand here, is that the (partial) information
provided so far
seems to at least indicate that this is a JBOSS site and a RedHat customer;
that RedHat
does the development and support of JBOSS and has several JBOSS support forums
available;
and that the OP works for RedHat, as a Senior Consultant no less.
So why does the OP not contact his own support resources first ?
I mean, it is not that we don't /want/ to help (Tomcat 6-7 being used by JBOSS
and all
that), but would the above not be a logical first step ?
[snip]
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
Re: Tomcat memory
On 22.02.2016 03:44, Gokul.Baskaran wrote: Thanks again, to make things clear. When I meant default, what is the default min and max that is given to an application if there nothing defined in the JVM ? In how many different ways do you need to be told this ? Re-read the previous answers that you already received. All the information is there. In my case, the Tomcat is running on windows and I don't have setenv.bat or sentenv.sh or even catalina.bat and catalina.conf does not have the OPT config for min and max. HTH Thank you -Gokul -Original Message- From: Olaf Kock [mailto:tom...@olafkock.de] Sent: Sunday, February 21, 2016 3:04 PM To: Tomcat Users List Subject: Re: Tomcat memory grep mx bin/* found only settings in setenv.sh in my installation - this lets me state that there are no defaults: setenv.sh is not contained in the distribution but will be read in case it's found in the file system. Thus there's no tomcat default that I'm aware of. Anybody who distributes tomcat with a setenv.sh might have a sensible default for their embedded application, but the raw distribution AFAIK has none. Safe assumption should be: Whatever the JVM thinks is appropriate is the default. Create a setenv.sh or setenv.bat and set CATALINA_OPTS to the desired value, e.g. "-Xms 2048m -Xmx2048m" (but there will probably be more settings, e.g. for tuning the garbage collector... (apologies in case this goes out after the problem has long been solved: I'm in a hotel that blocks SMTP and have to find a way to send mail from here) Olaf Am 21.02.2016 um 18:23 schrieb Gokul.Baskaran: Question was for Java 7 It is a Tomcat / Application question as well, as memory default can be configured in the application config. I totally agree that the best practice is to set the Xms and -Xmx. As am going to change the config, I would curious to know if the tomcat ui or the catalina does not have a Xms and -Xmx, would it default to 400MB? I read this in another forum. -Gokul -Original Message- From: Olaf Kock [mailto:tom...@olafkock.de] Sent: Sunday, February 21, 2016 3:14 AM To: Tomcat Users List Subject: Re: Tomcat memory This is rather a Java than a tomcat question: The JVM allocates memory based on whatever default your current JVM version decides (you don't mention what version of Java you're on) From a text on http://docs.oracle.com/javase/7/docs/technotes/guides/vm/gc-ergonomics .html that's linked from my Java's manpage: *initial heap size* Larger of 1/64th of the machine's physical memory on the machine or some reasonable minimum. Before J2SE 5.0, the default initial heap size was a reasonable minimum, which varies by platform. You can override this default using the |-Xms| command-line option. *maximum heap size* Smaller of 1/4th of the physical memory or 1GB. Before J2SE 5.0, the default maximum heap size was 64MB. You can override this default using the |-Xmx| command-line option. *Note:* The boundaries and fractions given for the heap size are correct for J2SE 5.0. They are likely to be different in subsequent releases as computers get more powerful. Note that this is from JavaSE7 and even mentions 5 - with more power there comes more initial and maximum memory defaults. I'm not aware of the actual development of the default memory - mostly because I consider it good practice to know what an application uses and provide it explicitly, rather than relying on defaults. (and frankly, on the applications that I see, the default typically is not even enough - let alone a good basis for tuning) While we're at it: For production systems I consider it good practice to set -Xms and -Xmx to the same value. Reason: If you don't have enough memory available, you want to know this when the process starts, not days later when it tries to allocate "the rest" - typically sunday night at 3am. Olaf Am 21.02.2016 um 03:39 schrieb Gokul.Baskaran: Hi, I am currently running tomcat 7 in Windows 2012. The current JVM Heap memory parameters are set to empty, does the JVM Heap memory utilize the entire memory of the OS or does it default to a specific memory number? Thank you -Gokul - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ---
Re: Tomcat7/8 - Leap year compliant
On 22.02.2016 11:40, Shree, Shubha wrote: Hi , As 2016 is a Leap year, can you please confirm is Tomcat7 and Tomcat8 leap year compliant so that there should not be any impact on the applications running on tomcat 7/8 . Maybe you could define "leap year compliant" for us, so that we could determine what kind of answer is required here ? But maybe first of all, navigate to the Apache Tomcat homepage on the web. http://tomcat.apache.org/ You may want start by reading the first section, "Apache Tomcat", and try to reflect on what it means, in the context of your question. Another useful read may be : http://www.catb.org/esr/faqs/smart-questions.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat memory
On 22.02.2016 13:02, Gokul.Baskaran wrote: The answer I expected is the JVM grows as much as to the available system memory of there are m min and max set. Gokul, Well, no. And because these messages get archived and searched later by other people, they may get the wrong conclusion and therefore I will try again. Re-read your last question. And then re-read your question before that one. And then re-read your question before that one. The problem here is not that you are not being given the information that you want. The problem is that each time you ask your question, you ask it in a different way, and each time somehow in a way that confuses people as to what exactly you want to know. And the reason why it is confusing is that in your succesive questions you keep on talking about "application memory" in various ways, but it is not clear what you are referring to as "application". For the OS, the JVM is an application. For the JVM, Tomcat is the application. And for Tomcat, the web applications (webapps) are the applications. The JVM is one process that is running on a machine, under an OS. That OS probably imposes limits on how much resources (including memory) a given process is allowed to use. If a process tries to use more than this, it will be killed with an "out of memory" error. It is unlikely that this per-process limit is "the available system memory". The OS will kill the process before it uses all of that. The JVM itself (of which there are various models on the market) uses memory in various ways, for various purposes. One of these purposes is to manage a Heap, which it makes available to Java applications which run inside the JVM. But the JVM also uses memory for other reasons, such as a stack, and for the code of the JVM itself. For any given JVM, there are (probably) parameters which tell the JVM how much memory it should set aside initially for the Heap, and then also for how big it should let the Heap grow as a maximum. For the Oracle JVMs, these parameters are "-Xms" and "-Xmx". By default (if these parameters are not set), the JVM uses some default values, which /vary/ depending on the specific JVM and on the circumstances under which it is running (the total available machine memory, for example). For the Oracle JVM, someone already quoted to you the relevant documentation. For other JVM's, you need to look at the relevant JVM documentation. (You never indicated which JVM you are using). The JVM runs java applications (of which Tomcat - the whole Tomcat - is one). These Java applications cannot set the amount of memory that they will use in the Heap of the JVM, other than indirectly (if they are well-written, the minimum necessary; if they are not well-written, who knows). There is no Tomcat-level configuration option, that allows one to set how much Heap space Tomcat can use within the JVM Heap. Then within Tomcat, there are "web applications" running. Individual web applications also cannot set how much Heap they will use, because is not "their" Heap, it is the "Tomcat Heap", which itself is not really the Tomcat Heap, it is the JVM's Heap. That Heap is used by /all/ web applications at the same time. (That is a bit of an approximation, but ultimately it boils down to that). So if one of the web applications within Tomcat starts to do things which result in filling-up the Heap, and if the JVM cannot clean-up or increase the Heap anymore, there will be problems, not only with that web application, but for all web applications and for the whole Tomcat. Is that clear, and does it answer your ultimate question ? On Feb 22, 2016, at 2:43 AM, André Warnier (tomcat) wrote: On 22.02.2016 03:44, Gokul.Baskaran wrote: Thanks again, to make things clear. When I meant default, what is the default min and max that is given to an application if there nothing defined in the JVM ? In how many different ways do you need to be told this ? Re-read the previous answers that you already received. All the information is there. In my case, the Tomcat is running on windows and I don't have setenv.bat or sentenv.sh or even catalina.bat and catalina.conf does not have the OPT config for min and max. HTH Thank you -Gokul -Original Message- From: Olaf Kock [mailto:tom...@olafkock.de] Sent: Sunday, February 21, 2016 3:04 PM To: Tomcat Users List Subject: Re: Tomcat memory grep mx bin/* found only settings in setenv.sh in my installation - this lets me state that there are no defaults: setenv.sh is not contained in the distribution but will be read in case it's found in the file system. Thus there's no tomcat default that I'm aware of. Anybody who distributes tomcat with a setenv.sh might have a sensible default for their embedded application, but the raw distribution AFAIK has none. Safe assumption sh
Re: Tomcat memory
On 22.02.2016 17:49, Gokul.Baskaran wrote: Andre, Thanks for getting granular. Let me explain to the items which could have sounded to be confusing.. The JVM in discussion is Oracle JVM. OS is the 64bit Windows 2012. - OS has 6GB - OS should not impose a limit on memory (Only in this specific case, as OS is 64bit and total amount of memory available is 6GB) unless the memory consumption by other processes does not get impacted or grows near 5GB - 6GB limit. From my earlier posts --- i. It is a Tomcat / Application question as well, as memory default can be configured in the application config. - Big typo error, it should have been Cannot be configured. Well yes, that "typo" was a big source of confusion, because everyone was quite puzzled about how a java web application would be able to set its Heap-size.. ii. Thanks again, to make things clear. When I meant default, what is the default min and max that is given to an application if there nothing defined in the JVM ? - I meant the JVM heap memory given to the application, which is configured in the tomcat instance. There you go again, with "given to an application".. But I'll let it pass this time, or we'll never conclude this thread. With respect to the Oracle documentation, if the -Xms and Xmx are not set. The max will be set to 1/4th which is around 1.5GB of 6 GB . To your point on "There is no Tomcat-Level configuration option" - If I have 2 tomcat instance on the same OS (Tomcat 1 and Tomcat 2). I can define Xms and Xmx in catalina.sh or setenv.sh in each of the tomcat instances. For example, if Tomcat 1 is configured to have 1GB, JVM heap size for Tomcat 1 will have 1GB and if Tomcat 2 is configured to 2 GB, then JVM heap size for Tomcat 2 will get 2GB. Just a little thing here again : the "-Xms" and "-Xmx" options are /not Tomcat options/. They are /JVM command-line options/. And from the OS perspective, you do not have 2 Tomcat instances, you have 2 JVM instances. Think of it this way : at the moment you start the JVM, what you are starting is a OS-level process that is a "virtual machine". This virtual machine just happens to be one that is specialised for running java code, instead of machine code. This virtual machine organises its own memory in a number of areas, and one of these is the Heap. By the "-Xms/-Xmx" command-line parameters of the JVM, you are telling it how big that Heap should be, and the JVM will ask the OS for corresponding chunks of memory. And /then/, once the JVM has started and has allocated memory to the Heap, then you are asking this JVM to run a java class that happens to be the class which starts loading Tomcat code and running it. And whatever Tomcat and the Tomcat webapps do after that, they have no influence anymore on how much memory is allocated to the Heap (except that by creating lots of objects with abandon, they could give a hard time to the JVM in managing the Heap and keeping some workroom available in there). And now I think that I can see where the confusion starts maybe on your side : you are running this under Windows as a Service, and when you look in the Task Manager, what you see running is a process named "tomcat7.exe", and not "java.exe". And to explain that, you need to read this : http://wiki.apache.org/tomcat/FAQ/Windows#Q11 Yes, it is clear and thanks for explaining. -Gokul -Original Message- From: André Warnier (tomcat) [mailto:a...@ice-sa.com] Sent: Monday, February 22, 2016 8:37 AM To: users@tomcat.apache.org Subject: Re: Tomcat memory On 22.02.2016 13:02, Gokul.Baskaran wrote: The answer I expected is the JVM grows as much as to the available system memory of there are m min and max set. Gokul, Well, no. And because these messages get archived and searched later by other people, they may get the wrong conclusion and therefore I will try again. Re-read your last question. And then re-read your question before that one. And then re-read your question before that one. The problem here is not that you are not being given the information that you want. The problem is that each time you ask your question, you ask it in a different way, and each time somehow in a way that confuses people as to what exactly you want to know. And the reason why it is confusing is that in your succesive questions you keep on talking about "application memory" in various ways, but it is not clear what you are referring to as "application". For the OS, the JVM is an application. For the JVM, Tomcat is the application. And for Tomcat, the web applications (webapps) are the applications. The JVM is one process that is running on a machine, under an OS. That OS probably imposes limits on how much resources (including memory) a given process is allowed to use. If a process tr
Re: HTTP CONNECT method not being accepted by Tomcat 7
On 24.02.2016 22:39, Christopher Schultz wrote: Mark, On 2/24/16 8:44 AM, mark.lo...@cyrenllc.com wrote: Hi, I have written a PKI proxy servlet to support a tool that needs access to my customer’s secured web site, but the application does not support client certificate security. The Servlet works great when called from a browser, where the proxy uses a B2B certificate for access and forwards the response to the browser as expected. That seemed like a good prototype, however, when I went to test against the tool I found that it was not making a GET request, but rather a CONNECT request. I extended my code to accept the CONNECT, however the request never seems to get past the front door Tomcat. None of my code is ever called, so I have to assume that I have a setting wrong in Tomcat. Everything I can find online discusses how you shouldn’t have a Tunneling proxy in your infrastructure, but this is all in a secured environment, not on the internet, so this is not an issue and has been approved. Is there something I’m missing? Technically, CONNECT is not a tunnelling protocol, since it uses a plaintext HTTP request to negotiate with the server and then just sends a binary blob through as the payload (e.g. a TLS connection can be sent from a proxy to an origin server so that it includes all of the certificate information, etc.). The CONNECT protocol basically only adds the overhead of another (non-TLS) HTTP header to the conversation. Anyway, it looks like this is what you are looking for: https://bz.apache.org/bugzilla/show_bug.cgi?id=57830 Right? -chris Chris, just a naive question (after reading the bz thread that you mention above, but not really up-to-date with the details of the CONNECT protocol) : Could not the setup of an Apache httpd server as front-end proxy to Tomcat be a solution for the OP ? Presumably, this front-end would interpret the CONNECT request and make a connection to Tomcat, and then pass the rest of the request (which presumably is the GET) to Tomcat. No ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP CONNECT method not being accepted by Tomcat 7
On 24.02.2016 23:30, André Warnier (tomcat) wrote: On 24.02.2016 22:39, Christopher Schultz wrote: Mark, On 2/24/16 8:44 AM, mark.lo...@cyrenllc.com wrote: Hi, I have written a PKI proxy servlet to support a tool that needs access to my customer’s secured web site, but the application does not support client certificate security. The Servlet works great when called from a browser, where the proxy uses a B2B certificate for access and forwards the response to the browser as expected. That seemed like a good prototype, however, when I went to test against the tool I found that it was not making a GET request, but rather a CONNECT request. I extended my code to accept the CONNECT, however the request never seems to get past the front door Tomcat. None of my code is ever called, so I have to assume that I have a setting wrong in Tomcat. Everything I can find online discusses how you shouldn’t have a Tunneling proxy in your infrastructure, but this is all in a secured environment, not on the internet, so this is not an issue and has been approved. Is there something I’m missing? Technically, CONNECT is not a tunnelling protocol, since it uses a plaintext HTTP request to negotiate with the server and then just sends a binary blob through as the payload (e.g. a TLS connection can be sent from a proxy to an origin server so that it includes all of the certificate information, etc.). The CONNECT protocol basically only adds the overhead of another (non-TLS) HTTP header to the conversation. Anyway, it looks like this is what you are looking for: https://bz.apache.org/bugzilla/show_bug.cgi?id=57830 Right? -chris Chris, just a naive question (after reading the bz thread that you mention above, but not really up-to-date with the details of the CONNECT protocol) : Could not the setup of an Apache httpd server as front-end proxy to Tomcat be a solution for the OP ? Presumably, this front-end would interpret the CONNECT request and make a connection to Tomcat, and then pass the rest of the request (which presumably is the GET) to Tomcat. No ? Added reference : http://httpd.apache.org/docs/current/mod/mod_proxy_connect.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cors-Filter
On 25.02.2016 22:59, RICHARD DOUST wrote: Hi, I’m running Tomcat 7.0. Can’t find the version.bat file, so I don’t know more than that. It’s installed on a Windows computer running Windows Server 2003 DataCenter Edition. (How’s that for refusing to upgrade?) Anyway, it’s a client’s box. I’m trying to migrate an application to JavaScript from GWT, but that’s beside the point. The problem is, I’m unable to send an XMLHttpRequest to this Tomcat instance via https. The site is being served by the same domain, but via http. I get: Failed to load resource: Origin http://www.domain.com is not allowed by Access-Control-Allow-Origin. https://www.domain.com/application/api/request XMLHttpRequest cannot load https://www.domain.com/application/api/reqeuest. Origin http://www.domain.com is not allowed by Access-Control-Allow-Origin. This is an excerpt my web.xml file for the war: CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins http://www.domain.com, http://beta.domain.com:8080, http://localhost:8080 cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT CorsFilter /api/* I’d like to debug this, but I don’t know how to go about it. Am I suffering from a basic misunderstanding? Does cors not allow http to https? Anyway, any help would be appreciated. Honestly, I don't know much about CORS, but I looked at the specs, here : http://tools.ietf.org/html/rfc6454 (*) and it seems to me indeed that in 3.2, Q: Why not just use the host?, it indeed says that the scheme "http" or "https", is part of the origin. I interpret this as meaning that if the HTML page was obtained from "http://www.domain.com";, a call made from within it, to "https://www.domain.com"; would not qualify as "from the same origin". Further in 3.2.1, it gives some examples : Each of the following resources has a different origin from the others. http://example.com/ http://example.com:8080/ http://www.example.com/ https://example.com:80/ https://example.com/ http://example.org/ (*) pointed at by the on-line Tomcat documentation : https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter -> cors.allowed.origins -> "origin" - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cors-Filter
Hi. On this list, it is preferred to not top-post, but respond in-line or below the previous intervention. Re : http://tomcat.apache.org/lists.html#tomcat-users -> important -> 6 It makes it easier to follow the conversation, and for people with small screens, to avoid scrolling up and down all the time. So I have re-positioned your answer below. On 26.02.2016 09:08, RICHARD DOUST wrote: On Feb 26, 2016, at 2:42 AM, André Warnier (tomcat) wrote: On 25.02.2016 22:59, RICHARD DOUST wrote: Hi, I’m running Tomcat 7.0. Can’t find the version.bat file, so I don’t know more than that. It’s installed on a Windows computer running Windows Server 2003 DataCenter Edition. (How’s that for refusing to upgrade?) Anyway, it’s a client’s box. I’m trying to migrate an application to JavaScript from GWT, but that’s beside the point. The problem is, I’m unable to send an XMLHttpRequest to this Tomcat instance via https. The site is being served by the same domain, but via http. I get: Failed to load resource: Origin http://www.domain.com is not allowed by Access-Control-Allow-Origin. https://www.domain.com/application/api/request XMLHttpRequest cannot load https://www.domain.com/application/api/reqeuest. Origin http://www.domain.com is not allowed by Access-Control-Allow-Origin. This is an excerpt my web.xml file for the war: CorsFilter org.apache.catalina.filters.CorsFilter cors.allowed.origins http://www.domain.com, http://beta.domain.com:8080, http://localhost:8080 cors.allowed.methods GET,POST,HEAD,OPTIONS,PUT CorsFilter /api/* I’d like to debug this, but I don’t know how to go about it. Am I suffering from a basic misunderstanding? Does cors not allow http to https? Anyway, any help would be appreciated. Honestly, I don't know much about CORS, but I looked at the specs, here : http://tools.ietf.org/html/rfc6454 (*) and it seems to me indeed that in 3.2, Q: Why not just use the host?, it indeed says that the scheme "http" or "https", is part of the origin. I interpret this as meaning that if the HTML page was obtained from "http://www.domain.com";, a call made from within it, to "https://www.domain.com"; would not qualify as "from the same origin". Further in 3.2.1, it gives some examples : Each of the following resources has a different origin from the others. http://example.com/ http://example.com:8080/ http://www.example.com/ https://example.com:80/ https://example.com/ http://example.org/ (*) pointed at by the on-line Tomcat documentation : https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter -> cors.allowed.origins -> "origin" There's no doubt in my mind that this is considered a cross-domain request. The question is, why is it not being allowed given the configuration. The domain that requested the original page (via http) is specifically set to be allowed to access the site in a cross-domain scenario. Ok, sorry to have misunderstood your question. I'm new at this CORS stuff.. My question is, why doesn't it work, or, how can I debug it? I guess I'm going to have to figure out how to get the code for org.apache associated with the jar file so that I can see the source in Eclipse and set a breakpoint. I have read elsewhere that any http page that attempts to mix in https content is as insecure as the page that uses http exclusively, being subject to man in the middle attacks and that once you need https everything needs to be https There is a short explanation for this view in the same RFC, at 3.2. Origin -> Q: Why not just use the host? , but in a large SPA, that seems to me to mean a lot of potentially unnecessary overhead. This is another debate. In my heart, I tend to agree with you. But then, it seems that even high-traffic sites are switching to HTTPS overall, so I guess it does not have such a fearsome impact on performance anymore. I'd like to know what some experts think. I guess I'd better leave it to them then, and keep watching this thread to learn more about CORS.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication
On 04.03.2016 07:16, Chanchal Kariwala wrote: I am using Tomcat 8.0.32 and I have followed the guide given at - https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server) - https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w Windows AD Auth is working i.e. when I access the site, I am asked for credentials and when I enter the correct credentials, the restricted resource is displayed. However my question is why the browser is asking for credentials? Why isn't it accessing TGT Cache in the OS to fetch the user's credentials? I have enabled Integrated Windows Auth in IE Settings. I have added the site in Intranet Sites and set "Logon by Current User" in Custom Level setting for Intranet. Hi. The real *key* to debugging such issues, is to use some plugin or add-on to the browser, to enable the capture and visualisation of the HTTP dialog back and forth between the browser and the server. Since you are using IE, I suggest "Fiddler2". Install it, close your browser, re-open the browser, start Fiddler2 in capture mode, and then do an access to the webserver. When prompted for an id/pw, enter them. Then stop Fiddler2 and examine the HTTP exchanges, starting with your initial request to the webserver. You are correct in thinking that, normally, the login should happen automatically in the background, and you should never see this browser login dialog. WIA authentication is a multiple-step process between the browser and the webserver, and in the background between the webserver and a Domain Controller. That the login dialog appears in your case, means : 1) that the integrated WIA failed 2) that the Domain is configured to allow HTTP Basic authentication in a second step, after WIA fails. That is the login dialog that you see. So, something is not working as it should in the WIA step. But to know exactly what, requires examining the HTTP exchanges. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication
On 04.03.2016 10:11, Chanchal Kariwala wrote: I tries what you asked and I have observed the following 1. Browser sends a request for the resource Server replies with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers Fine. 2. Browser sends a new request with the following in Request Headers Authorization: Negotiate YHkGBisGAQUFAqBvMG2gMDAuBgorBg Also seems fine. (But difficult to tell, as these tokens are "opaque" by design). Server replies again with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers But this does not seem ok. It seems that the browser and server are failing to agree on an authentication method, and dropping down to HTTP Basic. 3. At this point the browser shows HTTP Basic Auth form and sends the following in Headers Authorization: Negotiate YIIK1QYGKwYBBQUCoIIKyTCCCsWgMDAuBgkqhkiC9xIBAgIGCSqGS (*Really huge value, much much longer than the first one*) Now the Server replies with HTTP 200 and the following in headers WWW-Authenticate: Negotiate oYHzMIHwoAMKAQChCwYJKoZIhvcSAQICom0 Set-Cookie: JSESSIONID=541FE2EDD35690BBDE99..; Path=/webapp/; HttpOnly So yes WIA is failing.. Can you help me out with the next step in debugging? I think at this point, you need to go to your Windows network sysadmins, with the information above, and ask them what is going on. There are just too many possible reasons, in the Windows Domain environment, why this could fail. (browser, browser version, workstation OS version, browser settings, Domain Controller settings, Domain networkn policies, membership of Domain or not, etc.). Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 1:20 PM, André Warnier (tomcat) wrote: On 04.03.2016 07:16, Chanchal Kariwala wrote: I am using Tomcat 8.0.32 and I have followed the guide given at - https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server) - https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w Windows AD Auth is working i.e. when I access the site, I am asked for credentials and when I enter the correct credentials, the restricted resource is displayed. However my question is why the browser is asking for credentials? Why isn't it accessing TGT Cache in the OS to fetch the user's credentials? I have enabled Integrated Windows Auth in IE Settings. I have added the site in Intranet Sites and set "Logon by Current User" in Custom Level setting for Intranet. Hi. The real *key* to debugging such issues, is to use some plugin or add-on to the browser, to enable the capture and visualisation of the HTTP dialog back and forth between the browser and the server. Since you are using IE, I suggest "Fiddler2". Install it, close your browser, re-open the browser, start Fiddler2 in capture mode, and then do an access to the webserver. When prompted for an id/pw, enter them. Then stop Fiddler2 and examine the HTTP exchanges, starting with your initial request to the webserver. You are correct in thinking that, normally, the login should happen automatically in the background, and you should never see this browser login dialog. WIA authentication is a multiple-step process between the browser and the webserver, and in the background between the webserver and a Domain Controller. That the login dialog appears in your case, means : 1) that the integrated WIA failed 2) that the Domain is configured to allow HTTP Basic authentication in a second step, after WIA fails. That is the login dialog that you see. So, something is not working as it should in the WIA step. But to know exactly what, requires examining the HTTP exchanges. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication
On 04.03.2016 14:40, George Stanchev wrote: It does not look like HTTP Basic. Did you try different browsers? IE, Chrome, FF? Do you get same behavior with all? Is the user logging in member of the domain your IWA is set up to? Did you try /un/-checking the "Enable WIA authentication" checkbox in IE ? (I know it sounds counter-intuitive, but try it). If you set up a 3rd party IWA provider (such as Waffle), does it act the same on all 3 browsers? There was a recent issue with Waffle that one of my developers submitted that was dealing with similar issues [1]. You might want to go over that thread to see it can give you pointers. [1] https://github.com/dblock/waffle/issues/268 -Original Message- From: Chanchal Kariwala [mailto:chanchal.kariw...@seclore.com] Sent: Friday, March 04, 2016 2:52 AM To: Tomcat Users List Subject: Re: Windows Authentication But how does the browser decide on Basic Auth? Usually 401 Response contains WWW-Authenticate: Basic realm="MyREALM" to indicate Basic Auth Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 3:16 PM, André Warnier (tomcat) wrote: On 04.03.2016 10:11, Chanchal Kariwala wrote: I tries what you asked and I have observed the following 1. Browser sends a request for the resource Server replies with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers Fine. 2. Browser sends a new request with the following in Request Headers Authorization: Negotiate YHkGBisGAQUFAqBvMG2gMDAuBgorBg Also seems fine. (But difficult to tell, as these tokens are "opaque" by design). Server replies again with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers But this does not seem ok. It seems that the browser and server are failing to agree on an authentication method, and dropping down to HTTP Basic. 3. At this point the browser shows HTTP Basic Auth form and sends the following in Headers Authorization: Negotiate YIIK1QYGKwYBBQUCoIIKyTCCCsWgMDAuBgkqhkiC9xIBAgIGCSqGS (*Really huge value, much much longer than the first one*) Now the Server replies with HTTP 200 and the following in headers WWW-Authenticate: Negotiate oYHzMIHwoAMKAQChCwYJKoZIhvcSAQICom0 Set-Cookie: JSESSIONID=541FE2EDD35690BBDE99..; Path=/webapp/; HttpOnly So yes WIA is failing.. Can you help me out with the next step in debugging? I think at this point, you need to go to your Windows network sysadmins, with the information above, and ask them what is going on. There are just too many possible reasons, in the Windows Domain environment, why this could fail. (browser, browser version, workstation OS version, browser settings, Domain Controller settings, Domain networkn policies, membership of Domain or not, etc.). Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 1:20 PM, André Warnier (tomcat) wrote: On 04.03.2016 07:16, Chanchal Kariwala wrote: I am using Tomcat 8.0.32 and I have followed the guide given at - https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server) - https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w Windows AD Auth is working i.e. when I access the site, I am asked for credentials and when I enter the correct credentials, the restricted resource is displayed. However my question is why the browser is asking for credentials? Why isn't it accessing TGT Cache in the OS to fetch the user's credentials? I have enabled Integrated Windows Auth in IE Settings. I have added the site in Intranet Sites and set "Logon by Current User" in Custom Level setting for Intranet. Hi. The real *key* to debugging such issues, is to use some plugin or add-on to the browser, to enable the capture and visualisation of the HTTP dialog back and forth between the browser and the server. Since you are using IE, I suggest "Fiddler2". Install it, close your browser, re-open the browser, start Fiddler2 in capture mode, and then do an access to the webserver. When prompted for an id/pw, enter them. Then stop Fiddler2 and examine the HTTP exchanges, starting with your initial request to the webserver. You are correct in thinking that, normally, the login should happen automatically in the background, and you should never see this browser login dialog. WIA authentication is a multiple-step process between the browser and the webserver, and in the background between the webserver and a Domain Controller. That the login dialog appears in your case, means : 1) that the integrated WIA failed 2) that the Domain is configured to allow HTTP Basic authentication in a second step, after WIA fails. That is the login dialog that you see. So, something is not working as it should in the WIA step. But
Re: Tomcat Training
On 04.03.2016 17:58, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, On 3/3/16 11:39 AM, Brookbanks, Paul wrote: Could someone in the Toronto, Ontario, Canada area recommend a place that provides tomcat administrative training. I would consider online training but prefer an “in-class” environment. Specific need: Multiple instance installation, management, and monitoring. Come to ApacheCon NA in Vancouver, BC in May: http://events.linuxfoundation.org/events/apachecon-north-america I'll (likely) be giving a talk on monitoring Apache Tomcat and (separately) working with Tomcat's new container-managed authentication framework. I'm not sure about any other presentations, specifically, but there will likely be more Tomcat-related material at the conference. There's also the "hallway track" where you can corner various knowledgeable people and ask about how to do particular things. Recently, the Tomcat community (actually, just markt) has been presenting semi-regular webinars that are about 20 minutes long. Have a look at this page for more information: http://tomcat.apache.org/presentations.html One of the items not specifically on that list is "how to do multi-instance installation", though it will certainly be covered under "how to set up Tomcat so as to make upgrades easier". I'd be willing to do that presentation... I just need some time to get it together and we can schedule a webinar for it. In a quite recent post, Mark also provided a link to a presentation he made in the past about front-end/back-end configurations, which may be relevant. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication
On 07.03.2016 06:10, Chanchal Kariwala wrote: The article which suggested that NTLM is being used by Winlogon instead of Kerberos : http://stackoverflow.com/questions/5597573/how-to-find-if-ntlm-or-kerberos-is-used-from-www-authenticate-negotiate-header So the token browser sends on first 401 starts from YHkG... And the second token begins with YIIK1QYG Check also this one : https://blogs.msdn.microsoft.com/friis/2009/12/31/things-to-check-when-kerberos-authentication-fails-using-iisie/ Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Mon, Mar 7, 2016 at 10:19 AM, Chanchal Kariwala < chanchal.kariw...@seclore.com> wrote: In response to *George Stanchev*, I tried with Chrome and IE 11, same behavior in both. And yes I tried waffle, but in another webapp. Waffle does not prompt for the credentials.. In response to *André Warnier*, I tired that to no avail :( In response to *Felix Schumacher*, It is not a problem with the webapp. I have tried both of what you asked. Tomcat Keytab is authenticated successfully. And KRB debug shows success for the keytab. So here are my additional findings over the weekend. Background - My test AD is virtual. My Domain Controller and client are VMS. 1. *Windows Logon was using NTLM instead of Kerberos* Some article led me to the following assumption : When the browser receives WWW-Authenticate: Negotiate, it asks for the token from the OS Cache. The OS Cache provides it a token that was obtained via NTLM. The Server does not accept that since it specifically wants Kerberos. And hence the browser asks for Credentials again and this time the user is authenticated via Kerberos. And this token is accepted by the Server. 2. *Windows Logon by IP Address uses NTLM* I access the client machine (with tomcat) using RDP via the IP Address. The following question on StackExchange indicates that in such a scenario NTLM is used to logon to the system. See : http://serverfault.com/questions/357975/is-it-possible-to-switch-to-kerberos-only-windows-domain 3. *Kerberos Event Logging* The next thing I was trying to figure was why Windows logon was using NTLM. The above link suggests that there was no way of forcing LSA to use Kerberos only. So now I am looking at the System events, which might suggest which protocol is being used. Also I enabled Kerberos event logging to see if there were any Kerberos Errors. See : https://support.microsoft.com/en-us/kb/262177 Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Sat, Mar 5, 2016 at 3:57 PM, Felix Schumacher < felix.schumac...@internetallee.de> wrote: Am 04.03.2016 um 10:11 schrieb Chanchal Kariwala: I tries what you asked and I have observed the following 1. Browser sends a request for the resource Server replies with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers 2. Browser sends a new request with the following in Request Headers Authorization: Negotiate YHkGBisGAQUFAqBvMG2gMDAuBgorBg Server replies again with HTTP 401 and WWW-Authenticate: Negotiate in Response Headers 3. At this point the browser shows HTTP Basic Auth form and sends the following in Headers Authorization: Negotiate YIIK1QYGKwYBBQUCoIIKyTCCCsWgMDAuBgkqhkiC9xIBAgIGCSqGS (*Really huge value, much much longer than the first one*) Now the Server replies with HTTP 200 and the following in headers WWW-Authenticate: Negotiate oYHzMIHwoAMKAQChCwYJKoZIhvcSAQICom0 Set-Cookie: JSESSIONID=541FE2EDD35690BBDE99..; Path=/webapp/; HttpOnly So yes WIA is failing.. Can you help me out with the next step in debugging? You can enable debugging for kerberos in the jvm and you can enable debug logs for the SpnegoAuthenticator in tomcat to get more information. To enable debug log messages in the jvm add -Dsun.security.krb5.debug=true to CATALINA_OPTS. The log messages will appear in catalina.out and are quite verbose. To enable debug log messages for SpnegoAuthenticator, add org.apache.catalina.authenticator.SpnegoAuthenticator.level = FINE to conf/logging.properties in your CATALINA_BASE directory. Regards, Felix Thanks, Chanchal R. Kariwala Product Engineer Seclore Technology chanchal.kariw...@seclore.com www.seclore.com On Fri, Mar 4, 2016 at 1:20 PM, André Warnier (tomcat) wrote: On 04.03.2016 07:16, Chanchal Kariwala wrote: I am using Tomcat 8.0.32 and I have followed the guide given at - https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html#Tomcat_instance_(Windows_server) - https://dzone.com/articles/do-not-publish-configuring-tomcat-single-sign-on-w Windows AD Auth is working i.e. when I access the site, I am asked for credentials and when I enter the correct credentials, the restricted resource is displayed. However my question is why the browser is asking for credentials? Why isn't it accessing TGT Cache in th
Re: Windows Authentication
On 07.03.2016 11:39, André Warnier (tomcat) wrote: On 07.03.2016 06:10, Chanchal Kariwala wrote: The article which suggested that NTLM is being used by Winlogon instead of Kerberos : http://stackoverflow.com/questions/5597573/how-to-find-if-ntlm-or-kerberos-is-used-from-www-authenticate-negotiate-header So the token browser sends on first 401 starts from YHkG... And the second token begins with YIIK1QYG Check also this one : https://blogs.msdn.microsoft.com/friis/2009/12/31/things-to-check-when-kerberos-authentication-fails-using-iisie/ As you see, there are a lot of things to check, one by one. That is because WIA (and Kerberos) are very fiddly, and even one little setting or circumstance can result in the thing not working (as in your case). P.S. The mere volume of articles on this subject in Google (e.g. "kerberos and wia" or "kerberos and IE") 1) by itself makes it difficult to know which one to read and believe 2) indicates that this is a complex subject, with which a lot of people have problems This list here is about Tomcat issues. There is an SPNEGO authentication Valve in Tomcat, and there are certainly some people on this list with some knowledge of WIA/Kerberos, but such issues are probably not their main focus, or their main area of expertise. You may have a bit more luck (or at least find more people focused on Windows authentication) on the Samba list for example. Maybe try here : https://lists.samba.org/mailman/listinfo/samba and supply all your previous information again, including the captured headers. That would definitely increase your chances of receiving a helpful response. It is not that we don't /want/ to help, but there are just too many external factors and settings which can play a role, that it is a bit overwhelming to try this one step remote from the problem. If you do in the end identify a specific problem with the Tomcat SPNEGO Valve, don't hesitate to come back and ask for help here again. Also, if you do find the solution, please post a short message to this list, so that maybe other people here with a similar issue could in the future find the solution in the list archives. (I presume you have already searched these archives for similar issues ?) Another thing, at a different level : if your main aim is to solve this issue quickly, then have a look at Jespa (https://www.ioplex.com/). I can testify that Jespa works fautlessly in several installations which I did. And just reading the User Manual may already give you some useful tips. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Advice on Cluster in one machine
On 08.03.2016 14:19, Edwin Quijada wrote: Hi! I am new using Tomcat so I have a question about performance. I have installed a cluster with 2 tomcats and apache webserver like proxy in front of Tomcat cluster but this whole thing is in one server, somebody tell me that is not useful beacuse is in the same server that is better give more resources to one tomcat and not split the resources in two. Somebody here can give any advice about this configuration what do you think about this ? In this server I have websockets in cluster and I am having problems with websockets in cluster Any advice ? Hi. If you *really* want to test which of the configurations provides the best results with your particular caseload, then you will have a lot of work ahead of you to build a representative workload and an appropriate test/measurement framework. Non-authoritative advice : Intuitively, just the fact of having a front-end and a cluster configuration all on the same server, will already introduce a significant overhead which a simpler configuration would not have. Intuitively thus, I would recommend to try the simplest configuration first, and only if you see problems, then measure what the problem is, and come back for help here. No need to over-complicate your setup and maintenance before then. Unless you need it also for something else, forget the httpd front-end and the clustered Tomcats, and have a single Tomcat act directly as the webserver/websocket server. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Understanding how to controlling what data is written to log4j appenders
On 08.03.2016 15:15, Joleen Barker wrote: Thank you for the idea. Worst case scenario, that is what I would have to do but I'm hoping someone that may have more experience than myself with be able to see that one thing I am missing. Another pair of eyes is always a good thing. Unfortunately Joleen, you are here encountering the typical "irresistible force against unmovable object" paradigm. Every programmer in the world suffers from hubris and laziness. Java and Tomcat programmers are no different. Logging is boring, and it is thus not something that the average program author thinks about very much or spends a lot of time on, until their supposedly perfect opus (here the hubris element) crashes badly, and they are at a loss to explain where or why. And when that happens, rather than going through the code again, and insert the simple and explicit logging statements which could have been there in the first place, they would much rather "delegate" the work to some outside agent, whose setup is preferably to be done by someone else (here the laziness element). And since this external logging agent has no idea of the logic of the piece of code it is supposed to log things about, perforce it has to be some quite complex opus itself, with a lot of cryptic configuration elements telling it where to insert itself, what to pick up and where to send it. Hence something like log4j (which is in itself an admirable piece of work, and may well be an opus of a magnitude and complexity similar to Tomcat, say. Ok, not quite; it's jar file is only about 1/3 the size of the Tomcat jars). So anyway, in the same way that no normal programmer really likes going through the code of someone else and attempting to understand it, not many people like to go through the log4j configuration file of someone else (which pretty much looks like its own programming language). So unless you find a really empathic soul here, it looks like you may now be pretty much on your own now, or to say this more canonically : the implementation details are left as an exercise to the reader. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Need Help: - jk doesn't work after upgrade to 1.2.40 from 1.2.23
On 12.03.2016 15:04, ZHAO Eric wrote: Hello, I am new to Tomcat Connectors, we are trying to upgrade the existing mod_jk 1.2.23 to 1.2.40 for IPV6 configuration. But we always got the following error in jk.log with 1.2.40, we don't know if anything need to adjust after upgrade to the new version: [Thu Mar 10 17:45:10.790 2016] [13878:140261127514080] [debug] jk_translate::mod_jk.c (3855): missing uri map for IBM001OAM01:/sso/lsm/lsm.jnlp [Thu Mar 10 17:45:10.790 2016] [13878:140261127514080] [debug] jk_map_to_storage::mod_jk.c (4023): missing uri map for IBM001OAM01:/sso/lsm/lsm.jnlp Can some one help me out from this issue? Appreciated in advance, the following are the setting, we don't have uriworkermapping.properties file. Here is our setting for mod_jk: mod_jk.conf: LoadModule jk_module /usr/lib64/httpd/modules/mod_jk.so JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /var/log/jk.log # JkLogLevel debug JkLogLevel warning JkMount /MIBS ajp12 JkMount /MIBS/* ajp12 ... JkMount /sso csajboss JkMount /sso/* csajboss workers.properties: worker.list=ajp12,soapnbi,csajboss,csawebsso,loadbalancer,cfmaplayer1,cfmaplayer2,cfmaplayer3 worker.ajp12.port=8007 worker.ajp12.host=localhost worker.ajp12.type=ajp12 # Added for SOAP NBI worker.soapnbi.port=8009 worker.soapnbi.host=localhost worker.soapnbi.type=ajp13 # Added for CSA - JBOSS worker.csajboss.port=8011 worker.csajboss.host=c04s02h02IBM2 worker.csajboss.type=ajp13 #// next are lb related. Does this happen in an Apache httpd VirtualHost ? If yes, make sure that you re-read the configuration documentation at http://tomcat.apache.org/connectors-doc/reference/apache.html and in particular, the sections about JkMount and JkMountCopy. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [COMMERCIAL] Re: Need Help: - jk doesn't work after upgrade to 1.2.40 from 1.2.23
Hi Eric.
A couple of things :
1) Martin is right, in the sense that if a "worker" is mentioned in the loadbalancer
configuration ("balance_workers"), then normally you should /not/ also list it in the list
of individual "workers" in the "worker.list" directive.
2) I am not even sure that you really have a problem : the logfile part that you are
showing, shows "[debug]" lines with the "Missing URI map.." messages.
These are not errors (otherwise they would be marked "[error]"), they are trace messages
allowing you to figure out what is going on when debugging a problem.
A "missing URI map" just indicates that mod_jk is trying to match the URI of the current
request with one of the "JkMount" URI's, and failing *for the worker which it is now
trying to match*. That does not necessarily mean that it will fail to match this URI with
some other worker.
3) the debug messages show a prefix like "IBM001OAM01:". What does that correspond to ? I
do not see this name in the JkMount directives that you show, nor in the part of
workers.properties that you show.
4) I am a bit puzzled by this section :
>>> worker.ajp12.port=8007
>>> worker.ajp12.host=localhost
>>> worker.ajp12.type=ajp12
What is this type "ajp12" ? As far as I know, this does not exist, see
http://tomcat.apache.org/connectors-doc/reference/workers.html
Mandatory Directives -> type
And finally, do you have a problem, and what is it ?
What really happens when you try to access a URI like
"http://(hostname)/sso/lsm/lsm.jnlp" ?
And could you provide a *complete* list of your (Jk*) configuration directives, and a
complete content of the workers.properties file ?
And maybe a short description as to what you are trying to achieve.
From what you provided so far, it is not very clear which URI's you want to
"load-balance" and which not.
The fact that "it worked before" is no guarantee that what you had before was entirely
correct.
On 14.03.2016 11:47, Martin Knoblauch wrote:
Hi Eric,
there are two things different from *my* working "mod_jk/1.2.41" setup:
a) I have only the "JkMount /xxx/* xxx" line in my configuration
b) in the workers list I have only the loadbalancer and the management
workers listed, not the individual ones. Not sure how relevant this is
Martin
On Mon, Mar 14, 2016 at 8:24 AM, ZHAO Eric
wrote:
Dear Andre,
Thanks for your response!
We didn't use Virtual Host in our setting. I re-read the documentation
and didn't find anything wrong with the setting, also this setting worked
before. Do you have several minutes to check the setting in our server for
mod_jk? Appreciate for your time.
Best Regards,
Eric.
-Original Message-
From: André Warnier (tomcat) [mailto:a...@ice-sa.com]
Sent: Saturday, March 12, 2016 10:18 PM
To: users@tomcat.apache.org
Subject: [COMMERCIAL] Re: Need Help: - jk doesn't work after upgrade to
1.2.40 from 1.2.23
On 12.03.2016 15:04, ZHAO Eric wrote:
Hello,
I am new to Tomcat Connectors, we are trying to upgrade the existing
mod_jk 1.2.23 to 1.2.40 for IPV6 configuration.
But we always got the following error in jk.log with 1.2.40, we don't
know if anything need to adjust after upgrade to the new version:
[Thu Mar 10 17:45:10.790 2016] [13878:140261127514080] [debug]
jk_translate::mod_jk.c (3855): missing uri map for
IBM001OAM01:/sso/lsm/lsm.jnlp [Thu Mar 10 17:45:10.790 2016]
[13878:140261127514080] [debug] jk_map_to_storage::mod_jk.c (4023):
missing uri map for IBM001OAM01:/sso/lsm/lsm.jnlp
Can some one help me out from this issue? Appreciated in advance, the
following are the setting, we don't have uriworkermapping.properties file..
Here is our setting for mod_jk:
mod_jk.conf:
LoadModule jk_module /usr/lib64/httpd/modules/mod_jk.so
JkWorkersFile /etc/httpd/conf/workers.properties
JkLogFile /var/log/jk.log
# JkLogLevel debug
JkLogLevel warning
JkMount /MIBS ajp12
JkMount /MIBS/* ajp12
...
JkMount /sso csajboss
JkMount /sso/* csajboss
workers.properties:
worker.list=ajp12,soapnbi,csajboss,csawebsso,loadbalancer,cfmaplayer1,
cfmaplayer2,cfmaplayer3
worker.ajp12.port=8007
worker.ajp12.host=localhost
worker.ajp12.type=ajp12
# Added for SOAP NBI
worker.soapnbi.port=8009
worker.soapnbi.host=localhost
worker.soapnbi.type=ajp13
# Added for CSA - JBOSS
worker.csajboss.port=8011
worker.csajboss.host=c04s02h02IBM2
worker.csajboss.type=ajp13
#// next are lb related.
Does this happen in an Apache httpd VirtualHost ?
If yes, make sure that you re-read the configuration documentation at
http://tomcat.apache.org/connectors-doc/reference/apache.html
and in particular, the sections about JkMount and JkMountCopy.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
Daniel, first of all, stop top-posting (this applies to both of you). This is not the style of posting desired on this list. See http://tomcat.apache.org/lists.html#tomcat-users, #6. Secondly, the original poster (lyallex) wants to run Tomcat under Linux, without a front-end, as a webserver, listening on port 80, but running as a user which is not root. This is a legitimate way of running Tomcat, and it is not for you to tell him to run it otherwise. Presumably, he knows what he is doing, under his circumstances. Tomcat by itself cannot do that, because it cannot by itself start as root, bind to port 80, and then switch users. The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this, which is why the OP wants to use it. But he has problems configuring this to run under systemd. And this was his question : how to run Tomcat as non-root under a JVM under jsvc under systemd, listening on port 80. I have not yet tried it myself, so I cannot really help. But I have a feeling that the information that you have provided earlier, can be extrapolated to the configuration which lyallex wants. So thank you for providing that information, and let's leave it at that. There is no need and no point in transforming this conversation into a flame now. On 19.03.2016 21:33, Daniel Savard wrote: I still don't see how the number of concurrent sessions is related to the port number. The default ports for Tomcat are 8080 and 8443. For huge websites, usually you have a load balancer as a front-end anyway. You then get the capability to distribute the workload on more than one instance of Tomcat and/or servers, so, sticking on a single port isn't desirable since many instances on a single server cannot run on the same port. You get the capability to eliminate any single-point of failure as well as getting the capability to implement a non-stop environment making a Tomcat cluster. - Daniel Savard 2016-03-19 15:40 GMT-04:00 Lyallex : On 19 March 2016 at 19:19, Daniel Savard wrote: I see what you were trying to achieve, however I don't see much interest in that. Really, I've been running a successful commercial web site for the last 4 years using Tomcat as a standalone web server and servlet container using exactly this solution. 1000 concurrent sessions pose no problem I mentioned this in my first post, sorry if you missed it. 1) Obviously, if you were expecting systemd to solve that problem, you were wrong and it is a sane behavir of systemd to not allow that neither No, you misunderstood. I was trying to start jsvc from a systemd service file Please read more carefully.I never suggested that systemd would solve the problem 2) Your solution to your problem is lying on jsvc alone. 3) I believe is bad security practice to insist to bind on privileged ports for process that don't need that level of privilege. Btw, even if you switch to another user to run the code, you actually are binding to port 80 as root. Maybe you can explain us why you want to do such a thing and using any other unprivileged port isn't a solution to your problem. What is the default port for non.-encrypted http traffic to a web server? Anyway, I see no reason to start a slanging match, I have better things to do. It's all working quite nicely now anyway, thank you for your input. To learn about jsvc see http://commons.apache.org/proper/commons-daemon/jsvc.html You'll need an up to date ANSI C compiler (I use gcc) Lyallex Regards, - Daniel Savard 2016-03-19 12:10 GMT-04:00 Lyallex : It's the simplest way to find out which port you have Tomcat listening on *NIX based systems don't allow non root uses bind to ports < 1024 jsvc http://commons.apache.org/proper/commons-daemon/jsvc.html solves this problem, nobody seems to have grasped that this is what I was asking about. I know of no way to start the container, on port 80 using either startup.sh or catalina.sh using start, run or anything else. If I'm wrong then I would love to see how it's done. CentOS Linux release 7.2.1511 (Core) On 19 March 2016 at 13:46, Daniel Savard wrote: Why? What is the point? The server.xml has nothing to do with integration with systemd. - Daniel Savard 2016-03-19 1:40 GMT-04:00 Lyallex : Would you mind posting your server.xml, here is the relevant bit from mine. On 18 March 2016 at 23:35, Daniel Savard wrote: I believe all distros have over engineered the scripts to start Tomcat. Forget all the scripts from your distro, learn the signification of the environment variables from the catalina.sh script shipped with the default Tomcat version. Define your variables in a file, this file is not a script, so you cannot reuse a previously defined variable, feed your systemd service definition file wi
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
On 19.03.2016 22:06, Lyallex wrote: ... I have it working now, I'd be glad to advise if required Yes, please describe your solution. With the increasing footprint of systemd, I am sure that this information will be helpful to other tomcat users, when they search the list archives. It could probably usefully be made into a FAQ article too. http://wiki.apache.org/tomcat/FAQ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat port listening as SYSTEM
On 28.03.2016 16:37, SUSIL SAHU wrote: netstat -ab | grep -B 1 "java" | grep "8080" | grep "LISTEN" How about netstat -ab | grep -A 1 "8080" | grep -A 1 "LISTEN" | grep -B 1 "java\.exe" - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Windows Services issue
On 07.04.2016 00:14, Saurav Maulick wrote: Hi All, I am using tomcat 5.5.28. Before anything else, you do realise that Tomcat 5.5 was archived in 2012, do you ? And that the people developing Tomcat, as well as the experts available on this users list, are volunteers who do this on their own time ? The current released version is Tomcat 8.0.33. I am pointing this out, to stress the fact that not many people here - if any - would even still have a running version of Tomcat 5.5 (and java 1.4), where they could even start looking at your issue. I would suggest that you first update to a more recent version of Tomcat (and Java), and retry it all, to see if the problem still exists. Look here : http://tomcat.apache.org/whichversion.html I have a problem, when we run the tomcat`s node from console it is working fine, but when we run it from windows services we have found that application is not able to handle UTF8 encoding. I have tried to build windows services both from tsm2.0 software and command prompt. At the command prompt, I am using the below code- tomcat5.exe //IS//OTISTomcatInstance9 --DisplayName="OTISTomcatInstance9" --Install="D:\apache-tomcat-5.5.28\bin\tomcat5.exe" --Jvm=auto --StartMode=jvm --StopMode=jvm --StartClass=org.apache.catalina.startup.Bootstrap --StartParams=start --StopClass=org.apache.catalina.startup.Bootstrap --StopParams=stop --StartParams "-config;D:\Apache TomcatInstances\OTISTomcatInstance9\conf\server.xml;start" --Startup Auto --Description "OTISTomcatInstance9" --StdOutput "D:\Apache TomcatInstances\OTISTomcatInstance9\logs\OTISTomcatInstance9_out.log" --StdError "D:\Apache TomcatInstances\OTISTomcatInstance9\logs\OTISTomcatInstance9_err.log" --Jvm "D:\j2sdk1.4.2_15\jre\bin\server\jvm.dll" --JvmSs 640 --JvmMx 768 --JvmMs 512 --Classpath "D:\apache-tomcat-5.5.28\bin\bootstrap.jar" --JavaHome "D:\j2sdk1.4.2_15\jre" --JvmOptions "-Djava.endorsed.dirs=D:\apache-tomcat-5.5.28\common\endorsed;-Dcatalina.home=D:\apache-tomcat-5.5.28;-Djava.home=D:\j2sdk1.4.2_15\jre;-Xrs;-Djava.io.tmpdir=D:\Apache TomcatInstances\OTISTomcatInstance9\temp;-Dcatalina.base=D:\Apache TomcatInstances\OTISTomcatInstance9;-Dfile.encoding=UTF8" Please guide me. Thanks in advance - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Windows Services issue
On 10.04.2016 22:14, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Saurav, On 4/7/16 11:24 AM, Saurav Maulick wrote: On Thu, Apr 7, 2016 at 6:11 AM, André Warnier (tomcat) wrote: On 07.04.2016 00:14, Saurav Maulick wrote: Hi All, I am using tomcat 5.5.28. Before anything else, you do realise that Tomcat 5.5 was archived in 2012, do you ? And that the people developing Tomcat, as well as the experts available on this users list, are volunteers who do this on their own time ? The current released version is Tomcat 8.0.33. I am pointing this out, to stress the fact that not many people here - if any - would even still have a running version of Tomcat 5.5 (and java 1.4), where they could even start looking at your issue. I would suggest that you first update to a more recent version of Tomcat (and Java), and retry it all, to see if the problem still exists. Look here : http://tomcat.apache.org/whichversion.html I know that current Tomcat version is 8.0.33, but upgrading tomcat is not possible for our application as our application code is not Java 1.7 comparable and updating code involves lots of time and money. I've rarely seen an application that didn't compile with few or zero changes with an updated version of Java. Same thing with the servlet spec (although some questionable decisions from the servlet EG lead to slightly different behavior). Have you simply tried deploying your existing web application on Tomcat 6, 7, or even 8? It's practically free to try (just spending your own time), so why not give it a try? Tomcat 5.5 and the JVM you are likely running it on have publicly-known vulnerabilities and weaknesses and missing features that are likely making its continued use a risk for both you and your clients. On the internet I didn`t find much help about creating windows services (apart from https://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html) hence I request in this forum. Also, I believe below settings are same for all the Tomcat versions. Yes, the settings are the same for (almost) all Tomcat versions. I have a problem, when we run the tomcat`s node from console it is working fine, but when we run it from windows services we have found that application is not able to handle UTF8 encoding. Specifically, what does "not able to handle UTF8 encoding" mean in your case? The JVM handles the actual encoding, and it does a pretty good job. What is it that's not working? I addition to Christopher's question above, some info : Assuming that you are using a standard "Tomcat as Windows Service" installation, the main difference between running Tomcat as a Service and running it in a console is : - in a console, Tomcat runs as the user under which you are logged-in for that console session - as a Service, Tomcat will run under the special Windows "LocalSystem" (or "LocalService") user account. (unless you have manually changed this under the Windows Service Manager) If the behaviour in those 2 cases is different, then I would first look at the "environment variables" differences between these 2 cases. (In the console, enter the "set" command to see those). Another difference is this : a) read : http://wiki.apache.org/tomcat/FAQ/Windows#Q11 (really read this, to understand what you are doing) b) run the "tomcat5w.exe" program, and check the Java tab. Verify that the Java Options listed there, are really the same as the ones which are used when you run Tomcat from a console. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Replacing default servlet using url-mapping
On 13.04.2016 13:26, Mark Thomas wrote: On 13/04/2016 12:12, Rune Stilling wrote: Hi list I have a question regarding the servlet-mapping property in web.xml. Normally a url would look like this: http://host:port/context/servlet-path As many others I have tried to setup my servlet so that it matches the following: http://host:port/ I’m trying to obtain this by using the following url-mapping: ServletAdaptor / You'll need to deploy your application to the root context (i.e. as ROOT.war) else you will always have a context path in the URL. Maybe also read this for details : http://wiki.apache.org/tomcat/HowTo#How_do_I_make_my_web_application_be_the_Tomcat_default_application.3F I have read the answers on these two links: http://stackoverflow.com/questions/4140448/difference-between-and-in-servlet-mapping-url-pattern <http://stackoverflow.com/questions/4140448/difference-between-and-in-servlet-mapping-url-pattern> http://stackoverflow.com/questions/10874188/jax-rs-application-on-the-root-context-how-can-it-be-done <http://stackoverflow.com/questions/10874188/jax-rs-application-on-the-root-context-how-can-it-be-done> It’s still not clear to me why this doesn’t work (using Tomcat 7.0) You need to read section 12 of the servlet specification carefully. I’ve have turned on Jersey tracing and this is what I get (on a url like this http://localhost:8080/emner/81.20.00): X-Jersey-Tracing-004:MATCH [ / 1,00 ms | %] Matching path [/] What’s puzzling to me is that it seems that for some reason my path gets stripped away before reaching the servlet. I would have expected something like this instead: X-Jersey-Tracing-004:MATCH [ / 19,39 ms | %] Matching path [/emner/81.20.00] At a guess, "/emner" is the context path. Is it so in Tomcat, that when you use the url-pattern “/“ that the rest of path is ignored when interpreting the original url? No. "/" is the default servlet. Is it different using other containers? No. Could be related to this: http://bluxte.net/musings/2006/03/29/servletpath-and-pathinfo-servlet-api-weirdness <http://bluxte.net/musings/2006/03/29/servletpath-and-pathinfo-servlet-api-weirdness> Yes. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 uses high CPU
On 13.04.2016 13:55, Josep M Beleta wrote: > >Could I find a workaround? Maybe for the meantime, you could try another Connector protocol ? http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#Common_Attributes -> protocol Note: I am not an expert, and not sure that in this particular case it would help. But it is very quickly done, and it may provide some additional insight into the issue. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8 uses high CPU
On 14.04.2016 03:21, David Kerber wrote: On 4/13/2016 6:04 PM, Josep M Beleta wrote: Following André suggestion I replaced the connector protocols, both for HTTP and AJP ports, to force NIO.2. Now Tomcat is working for seven hours without any problem. My findings until now are: 1. It is not a Tomcat related problem, WildFly 10 has the same behavior. The WildFly high CPU threads also calls sun.nio.ch.WindowsSelectorImpl$SubSelector.poll0(Native Method). 2. When switching from NIO to NIO.2 the problem goes away. 3. It seems clearly a Java 8 for Windows problem that happens in several versions. I tested 1.8.0_66, 1.8.0_71 and 1.8.0_77. 4. Perhaps the problem is related to Windows 2008 R2 or VMWare ESXi. On a Windows 10 machine it works like a charm. 5. I cannot imagine what triggered the problem, no change in WIndows or ESX was made. The only thing that changed was that some new applications were installed when the problem started to show, but after that I removed all the applications. In the case of WildFly no application was never started. I'll try to fill a bug in the Oracle site if there is not any other suggestion. My money would be on VMWare. I would think that if it occurred in a bare metal windows installation, it would have been reported before now. Hmm. With the number of Windows servers which must by now be running under Vmware, I think that this may be a bit of a dangerous assumption. On the bright side : it does not look like a Tomcat issue, so Mark will be happy. And there is an easy workaround in Tomcat, so Tomcat users will be happy too. On the other side : I haven't done the boolean matrix, but it at least looks like the issue is somewhere ar the murky border between an Oracle JVM, a Microsoft OS, and a Vmware hypervisor. Delicious. I wish everyone good luck to get it it (a) acknowledged and (b) fixed. Thanks again to all. Josep 2016-04-13 17:06 GMT+02:00 Josep M Beleta : I'll try it. Thanks a lot. 2016-04-13 15:24 GMT+02:00 André Warnier (tomcat) : On 13.04.2016 13:55, Josep M Beleta wrote: Could I find a workaround? Maybe for the meantime, you could try another Connector protocol ? http://tomcat.apache.org/tomcat-8.5-doc/config/http.html#Common_Attributes -> protocol Note: I am not an expert, and not sure that in this particular case it would help. But it is very quickly done, and it may provide some additional insight into the issue. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
