Re: Using PHP4 with Tomcat5.5

[Martin]

Andre-

I found this link helpful..
http://hi.baidu.com/kuch/blog/item/d8c41ef44231c16bdcc474ac.html

make sure your
/net/php/servlet.properties contains this library specification e.g.
library=php5srvlt

and
/net/php/reflect.properties contains this library specification e.g.
library=php5srvlt

where php5srvlt.dll is located in the folder which java_opts environment 
variable specifies thru java.library.path e.g.

SET JAVA_OPTS=-Djava.library.path=F:\PHP
export JAVA_OPTS

HTH
Martin


- Original Message - 
From: "André Warnier" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Monday, June 16, 2008 2:50 PM
Subject: Re: Using PHP4 with Tomcat5.5





Jonathan Mast wrote:



[...]


How difficult is it to set up apache on windows?

Not difficult at all.

  It doesn't come as a

binary as i recall,
Wrong, it does. Download the appropriate msi installer from the Apache 
website, save it, double-click on it, and there you go.


http://mirror.serversupportforum.de/apache/httpd/binaries/win32/apache_2.2.9-win32-x86-openssl-0.9.8h-r2.msi



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Running on Mac OS 10.4

[Martin]

Walter-

org/apache/catalina/startup/Bootstrap is located in 
$TOMCAT_HOME/bin/bootstrap.jar


FWIW
Martin
- Original Message - 
From: "Walter Thompson" <[EMAIL PROTECTED]>

To: 
Sent: Saturday, June 21, 2008 5:08 PM
Subject: Running on Mac OS 10.4


We are trying to run Tomcat 6.0.16 on Mac OS 10.4.11. Installed using
download, followed instructions. Tomcat welcome page doesn't display.

Also getting error Message: Exception in thread "main"
java.lang.NoClassDefFoundError: org/apache/catalina/startup/Bootstrap.

Does anyone have a clue what is causing the problem?

Thanks for any help!

Walter Thompson


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat Connection Pooling - wait_timeout

[Martin]

Thomas/Chris

I see autoReconnect functionality in mysql-connector-java-5.1.6.tar.gz 
driver distro located at

http://ftp.plusline.de/mysql/Downloads/Connector-J/
here is the testcase which extercises the 5.1.6 functionality:
 Properties props = new Driver().parseURL(BaseTestCase.dbUrl, null);
 props.setProperty("autoReconnect", "true");

I dont see autoreconnect supported in mysql-connector-java-3.0.15-ga-bin.jar
$MYSQL_HOME/mysql-connector-3.0.15-GA>grep -S -l autoreconnect *.*
http://drc-dev.ohiolink.edu/browser/fedora-core/trunk/lib/mysql-connector-java-3.0.15-ga-bin.jar?rev=56

FWIW
Martin-
- Original Message - 
From: "Christopher Schultz" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Saturday, June 21, 2008 11:33 AM
Subject: Re: Tomcat Connection Pooling - wait_timeout



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Thomas,

Thomas Haines wrote:
| mysql connector 5.1.6

Is that a pre-release version, or did 5.1 become GA recently?

| ERROR (21-06-08 07:59) [servlets.ViewEmail]
| com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: The last packet
| successfully received from the server was 46859 seconds ago.The last
| packet sent successfully to the server was 46859 seconds ago, which  is
| longer than the server configured value of 'wait_timeout'. You should
| consider either expiring and/or testing connection validity before use
| in your application, increasing the server configured values for client
| timeouts, or using the Connector/J connection property
| 'autoReconnect=true' to avoid this problem.

That's strange... the error message says "use autoReconnect" but the
driver documentation says "don't use autoReconnect anymore". In either
case, you're better off setting a "validationQuery" attribute in your
 that can check for good connections (like 'SELECT 1').

| a) downgrade to MySQL Connector/J 5.0.8 and see if this fixes it;

This may fix your problem, but probably not. The problem with
autoReconnect is that it doesn't fix your current connection for the
current query -- your first post-disconnect query will fail, and then
the next one will succeed.

| b) add a while (!verified && attempts<2) type loop in getConnection()
| method to query the DB using a minimal query and then catch the first
| dead connection.

Using 'validationQuery' achieves the same goal without modifying your
code (which is always nice).

| I'm not overly keen on introducing the additional overhead of querying
| the DB just to check if it is valid every time a request is made for a
| connection.  Does anyone have any thoughts on how I might debug/solve
| this issue?

I think your options are to use a validationQuery (like just about
everyone else) or to create connections from scratch whenever you need
them. 'SELECT 1' overhead is very low.

I seem to recall that newer versions of the MySQL driver could ping the
server or something like that to keep connections alive. Check the
documentation for your driver version to see if there's anything like 
that.


| I've searched widely on Google to no avail.  Interestingly,
| there is another instance of tomcat communicating with MySQL on the
| machine, exactly the same configuration, that doesn't suffer these
| woes.

What are the differences? Is it possible that the db connection just
never times out (because it gets light, regular traffic)?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhdH0AACgkQ9CaO5/Lv0PAmTgCdHxlVgNyVGczY+DrUrLOdGTUC
U5EAnAyth71m1i2BWZtkyGkb+4cFjABP
=ytap
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Running on Mac OS 10.4

[Martin]

please confirm this entry in $TOMCAT_HOME/bin/catalina.sh

CLASSPATH="$CLASSPATH":"$CATALINA_HOME"/bin/bootstrap.jar:

pls confirm $CATALINA_HOME"/bin/bootstrap.jar exists

Martin
- Original Message - 
From: "Walter Thompson" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Saturday, June 21, 2008 5:29 PM
Subject: RE: Running on Mac OS 10.4


1) .zip

2) java is 1.5

3) yes, using startup.sh

Walter 


-Original Message-
From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] 
Sent: Saturday, June 21, 2008 4:22 PM

To: Tomcat Users List
Subject: RE: Running on Mac OS 10.4


From: Walter Thompson [mailto:[EMAIL PROTECTED]
Subject: Running on Mac OS 10.4

We are trying to run Tomcat 6.0.16 on Mac OS 10.4.11. Installed using 
download, followed instructions.


Which download - the .tar or .zip?  Which instructions?


Also getting error Message: Exception in thread "main"
java.lang.NoClassDefFoundError: org/apache/catalina/startup/Bootstrap.


Are you using the startup.sh script?  What JRE/JDK do you have
installed?

- Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Update tomcat service (of version 5.5)

[Martin]

also have the option of starting with
%CATALINA_HOME%/bin/startup.bat

BTW: errno 6 is invalid handle indicating you are attempting to acquire 
occupied resource (which is most probably already acquired)


Martin
- Original Message - 
From: "Caldarale, Charles R" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Sunday, June 22, 2008 11:52 AM
Subject: RE: Update tomcat service (of version 5.5)



From: Hacham, Lital [mailto:[EMAIL PROTECTED]
Subject: RE: Update tomcat service (of version 5.5)

Since I want to perform this automatically from my code I'm
running the command from the command line.


The current doc for procrun (http://commons.apache.org/daemon/procrun.html) 
has separate parameters for minimum and maximum heap sizes: --JvmMS 
and --JvmMx; this appears to be what the launcher expects, rather than using 
++JvmOptions.  However, I had no problem using either method on my Windows 
box.



"Tomcat\bin\tomcat5.exe" //US//serviceName -Startup Auto
++JvmOptions -Xms512m;-Xmx1024m


The above has unnecessary quotes around the executable, and is missing the 
double hyphen before Startup; also, "Auto" should be "auto" according to the 
docs, but it didn't seem to make a difference on my system.


This works for my setup:
tomcat5.exe //US//Tomcat5 --Startup auto --JvmMs 512 --JvmMx 1024

Are you sure you have the service name correct?

- Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: server resources

[Martin]

assuming you'll want to manage multiple resources such as DB 
connection(pools) and/or webservices and/or JMS Messaging Queues

havent heard about  PHP's ability to multi-thread?

anyone?
Martin
- Original Message - 
From: "Johnny Kewl" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Monday, June 23, 2008 7:28 PM
Subject: Re: server resources




- Original Message - 
From: "Marcos Molina" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Monday, June 23, 2008 11:49 PM
Subject: server resources



Hi people!

I´m working with tomcat for years, in intranet envoiroment.
And now i need to put some works in anothers servers, and then i talk 
about tomcat with another people, but most servers admins tell me that 
TomCat need too much resoruces from machines. Is that right ??

Thanks for your response.

Marcos


Marcos, you can find the answer for yourself... google for "Java vs PHP"
You'll find a healthy dose of pro, cons, bias, prejudice, hatred, 
groupies, and marketing?


Java is heavier on a machine... its got to load up the JVM.
... that initial hit is probably in the order of 200 megs versus 50... 
then its what the app does.


PHP is more widely used, its easier for easy stuff.
But if a SP tells me that I got to learn another language, vs buying 
another 500 m chip, or hosting our box... I'd just change my SP ;) 
Retraining staff costs a hell of a lot more.
Find a SP that specializes in hosting Tomcat... from the sounds of things 
your SP doesnt know Java.


Actually TC should do that... list all TC friendly SP's.

Then if you talking to a .Net SP... Tomcats really going to suck... its 
free ;)


Google, for the swings and balances... the answer depends very much on the 
fan club you talking to ;)


---
HARBOR : http://www.kewlstuff.co.za/index.htm
The most powerful application server on earth.
The only real POJO Application Server.
See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
---


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [Logging] Facility Specific Properties

[Martin]

Found this helpful
http://tomcat.apache.org/tomcat-5.5-doc/logging.html
default logging is commons-logging with known limitation to Engines and 
Hosts
this limitation of JDK Logging appears to be the genesis of per-web 
application logging as the configuration is per-VM


to overcome these limitations as well as the ability to configure in 
Appenders (socket/file etc) replace with Log4j

http://logging.apache.org/log4j/1.2/index.html

FWIW
Martin
- Original Message - 
From: "Christopher Schultz" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Monday, June 23, 2008 8:17 PM
Subject: Re: [Logging] Facility Specific Properties



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Ole,

Ole Ersoy wrote:
| I hope the mappings are all inclusive from java.util.logging's
| perspective so that if I set the a level to INFO I get info, plus
| possibly some other level's that are greater than INFO?  In other words
| something that should be mapped to info, does not end up corresponding
| to say FINE, and is thus left out?

Yes. The level chosen really means "this level and above" -- it's not
specifically that level and that level only.

| I would think that it's always appropriate to use commons logging within
| Tomcat and anything (java.util.logging, log4j, or commons-logging) goes
| for webapps?

Tomcat uses commons-logging internally and then your choice of "real"
loggers to actually do the job. In your webapps, you can use (that is,
write into your own code) commons-logging or log4j or Java's logging or
whatever you want.

If you use commons-logging and the same logger across all web
applications, you get the benefit of all logging for the entire server
(internals + webapps) being set up in one place.

If you separate them (which I recommend), you get the benefit of logging
configuration for a particular application being bundled with that
application (which sort of follows the "self-contained" principle of
applications.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkhgPRcACgkQ9CaO5/Lv0PBtSwCfQl+hau6bgp+XSgI35PexhHBm
SJAAn2Ku7yDaCgflfP3Zsu0F37LEbPBW
=F9Fn
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jsp compile question

[Martin]

download TC-5.5.20 src distro
inside
$TOMCAT_HOME\src\apache-tomcat-5.5.2x-src\jasper\src\bin
http://tomcat.apache.org/download-55.cgi

look for jspc.bat

Martin
- Original Message - 
From: "Jq" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Tuesday, July 29, 2008 5:25 PM
Subject: Re: jsp compile question



That would be great. I'll have to find where this is set up on the
target site.

Thanks.



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: is it possible more than 1 tomcat in single system?

[Martin]

If this happens on the front end
this sounds like a misconfiguration

try setting min and max heap params for your JVM e.g.
-Xms256m -Xmx512m -XX:MaxPermSize=512m -XX:+PrintGCDetails 
XX:+UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled


On the back end
use stack variables as they fall out of scope they are freed
be careful on allocations for anything which uses Collector

finally if you dont need the memory (and you can spare 1-2 sec delay) dont 
be afraid to call Runtime.gc()

to recycle the discarded memory
http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Runtime.html#gc()

Martin
- Original Message - 
From: "Christian Andersson" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Thursday, July 31, 2008 8:02 AM
Subject: Re: is it possible more than 1 tomcat in single system?





Peter Crowther skrev:

From: Edi [mailto:[EMAIL PROTECTED]
consider, i had 4 java application running in one tomcat, if
one application
crashes, all the other 3 application gets crashes. right?



Correct.  But it's not always that simple :-).

It's your choice how you want to split up your applications between 
different containers (Tomcats in this case) to trade off memory use vs 
reliability.  You might get a *less* reliable system by splitting up the 
applications into separate Tomcat instances, though.  Each Tomcat runs in 
its own JVM, and each is allocated a maximum memory size.  If you are not 
careful when tuning the system, you might find that one application in 
one Tomcat/JVM runs out of memory although there is plenty of spare 
memory in the system.  If you put them all into one Tomcat/JVM, the 
applications all use the same (larger) memory pool.


And what happens if you get one "rough" application stealing all the 
memory? probably all your applications will stop functioning..


For me it is always better to have 1 application crash, then >1

it is also easier to see which application is the guilty one if only that 
application crashes..




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: 503 under load

[Martin]

The response can request retry-after # seconds via response.setHeader
response.setHeader("Retry-After", "5"); 


M-
- Original Message - 
From: <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Wednesday, May 07, 2008 2:43 PM
Subject: 503 under load



Hi,

We've started to stress test a new website, and are seeing 503's 
interspersed when we are under load.  We are running Apache - Tomcat 
combination.


Could someone give me an idea of what can cause this, and where to start 
looking?


cheers,

David



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: retrieving two different objects from session (should be thesame)

[Martin]

are you proposing synchronized access to facade object

?
M-
- Original Message - 
From: "Christopher Schultz" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Thursday, May 08, 2008 10:33 AM
Subject: Re: retrieving two different objects from session (should be 
thesame)




-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Chuck,

Caldarale, Charles R wrote:
| Are you properly synchronizing accesses to the session for concurrent
| requests?

Silly question how do you do this?

The result of HttpServletRequest.getSession gives you a SessionFacade
which is not guaranteed to be the same as the one given to another
thread accessing the same session (right?). You could synchronize using
an object stored /in/ the session, but then you have to worry about that
object being replaced, etc.

AFAICT, there is no reliable way to synchronize access to the session
other than what the container is already required to provide.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgjD0QACgkQ9CaO5/Lv0PBDbwCfVU8ZRJXVbQzUsLOVbVfz5CrW
usMAoLl5GH9TP3Qs1u/a9cNfOC4OJi7o
=1EnL
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: error 1067

[Martin]

Jim-

Can you start at command line
%CATALINA_HOME%\bin\startup.bat

?
M-

- Original Message - 
From: "jim murray" <[EMAIL PROTECTED]>

To: 
Sent: Friday, May 09, 2008 2:37 PM
Subject: error 1067



I just had to restore my OS (windows XP) and re-install Apache 6.
When I start the service I get an error 1067 and it wont start.
Help anyone?

Prior to the restore it worked fine.

jim murray



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Vista tomcat6.exe "Access denied"

[Martin]

permission errors caused by not ensuring the binary has assigned rights such 
as execute,read and write
My guess is you installed the binary as Admin and are attempting to run the 
binary under another permission setting perhaps another user with lesser 
permission


Anyone else?
M-
- Original Message - 
From: "Mark Thomas" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Tuesday, May 13, 2008 2:02 PM
Subject: Re: Vista tomcat6.exe "Access denied"



Alexander Diedler wrote:

Hello,
I have a Windows Vista Business PC and my Account is members of the local 
Administrator Group.
After the Installation and a reboot, I get the Error "Access Denied" when 
Vista tries to Start the Tomcat6w.exe.

Any idea?


When starting a new thread (ie sending a message to the list about a
new topic) please do not reply to an existing message and change the
subject line. This is known as thread hijacking and to many of the
list archiving services and mail clients used by list subscribers this
makes your new message appear as part of the old thread. This makes it
harder for other users to find relevant information when searching the
lists.

It should also be noted that many list subscribers automatically
ignore any messages that hijack another thread.

The correct procedure is to create a new message with a new subject.
This will start a new thread.

Thanks,

Mark


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Moving a site

[Martin]

Turn on god permissions on that folder..

Martin
- Original Message - 
From: "David Smith" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Thursday, May 22, 2008 3:01 PM
Subject: Re: Moving a site



>


SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Document base C:\Program
Files\Apache Software Foundation\Tomcat 5.5\webapps\SalesPortal does not
exist or is not a readable directory



Can you post more of this ... like say a root cause?  Also can you verify 
the existence of the webapp folder and check to be sure the tomcat service 
has permission to read it?


--David

Rick Simpson wrote:


All 3 remaining hairs will thank you.
Tomcat 5.5 Java JDK 1.6.0 Sever 2003

May 22, 2008 11:53:05 AM org.apache.catalina.core.StandardContext stop
INFO: Container
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/SalesPor
tal] has not been started
May 22, 2008 11:53:12 AM org.apache.catalina.core.StandardContext stop
INFO: Container
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/SalesPor
tal] has not been started
May 22, 2008 11:54:45 AM org.apache.catalina.core.StandardContext stop
INFO: Container
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/SalesPor
tal] has not been started
May 22, 2008 11:54:45 AM org.apache.catalina.startup.HostConfig
checkResources
INFO: Undeploying context [/SalesPortal]
May 22, 2008 11:55:24 AM org.apache.catalina.core.StandardContext
resourcesStart
SEVERE: Error starting static Resources
java.lang.IllegalArgumentException: Document base C:\Program
Files\Apache Software Foundation\Tomcat 5.5\webapps\SalesPortal does not
exist or is not a readable directory
-Original Message-
From: David Smith [mailto:[EMAIL PROTECTED] Sent: Thursday, May 22, 2008 
2:36 PM

To: Tomcat Users List
Subject: Re: Moving a site

So you decided to take our hair as well .. :-)

Specifics please:

Tomcat version:
Java version:
OS:


Any relevant excerpts from the logs:

--David


===
This e-mail is intended only for the use of the addressees.  Any copying, 
forwarding, printing or other use of this e-mail by persons other than the 
addressees is not authorized.  This e-mail may contain information that is 
privileged, confidential and exempt from disclosure.  If you are not the 
intended recipient, please notify us immediately by return e-mail 
(including the original message in your reply) and then delete and discard 
all copies of the e-mail.



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Many web applications

[Martin]

Is there a reason why you would want 10,000 separate and distinct webapps

Can you envision a component-based architecture which would utilise n number 
of struts-taglibs for view

n number of interceptors for controller layer and
n number of DB procedures?

in this way webapp2 can use the same
taglibs
interceptors
DBProcedures
as webapp1?

http://struts.apache.org/

Martin
- Original Message - 
From: "Jakob Hemicke Greve" <[EMAIL PROTECTED]>

To: 
Sent: Monday, May 26, 2008 2:53 AM
Subject: Many web applications


Hi All,



We are having a architectural discussion and I can't seem to find any
similar cases so I'll just jump into my question:



What are the consequences for a tomcat system if you would want to
deploy 100's 1000's or maybe even 10,000's of different web applications
(Or even more - like a million)?



Is it at all possible?



Thank you in advance!



Regards

Jakob Greve



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jsp run on tomcat at godaddy.com

[Martin]

Nope.. Nothing to do with godaddy being bad (whatever thats supposed to 
mean..?)


do is a struts webapp
you need to supply ./WEB-INF/struts-config.xml to diagnose
send support emails to [EMAIL PROTECTED]

Martin
- Original Message - 
From: "tamnle123" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, May 28, 2008 8:18 PM
Subject: Re: jsp run on tomcat at godaddy.com




Thanks Hassan, Yes, this is jscripts. Someone oversea compile and setup
everything for me so I wasn't sure how things suppose to work. Although I
try to setup the same with tomcat on my PC and it work just fine but I did
use .war on my PC, now on host server I tried to extract everything out of
.war ro root that the different. Godaddy support just bad, they said
index.jsp is wrong, it doesn't know where home.do is!!! I don't know it
either but I suppose they know better. I tried to fix index.jsp with
/WEB-INF/home.do and /pages/home.do and /home.do but ie still complain 
that

page not found.


Hassan Schroeder-2 wrote:


On Wed, May 28, 2008 at 4:12 PM, tamnle123 <[EMAIL PROTECTED]> wrote:


That what they said, I can create .war file under root (/) and it will
explosed when tomcat service restart. I also extract everything under
.war
to root directory but sill not working, godaddy doesn't required home
directory, here is my index,.jsp on root and I am not sure If I do this
right...


Bizarre. Anyway, is this supposed to be JavaScript? If so, why?
Are you trying to keep out spiders and other non-JS user agents?

Or to put it another way, why not just use a JSP forward (or include),
or add 'home.do' to the list of welcome pages?


document.location.href="<%=request.getContextPath()%>home.do";


And this should be <%=request.getContextPath()%>/home.do.

Regardless, have you looked in the logs?

--
Hassan Schroeder  [EMAIL PROTECTED]

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





--
View this message in context: 
http://www.nabble.com/jsp-run-on-tomcat-at-godaddy.com-tp17520071p17524831.html

Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Code Injection Tomcat 6

[Martin]

which security breach does your algorithm seek to detect or prevent.. 
HTML/JavaScript code injection?

http://aranea.zuavra.net/index.php/66/#ig-4

?
Martin-
- Original Message - 
From: "Peter Stavrinides" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Thursday, May 29, 2008 5:58 AM
Subject: Re: Code Injection Tomcat 6



Hi Chris,

The crunch of your argument:

I would argue that your data protection should occur at the business
layer.

...

Adding a single layer of "security" should not be considered a
replacement for code and security reviews, unit testing, and user-level
testing.


Unfortunately, you did not understand or have missed the point... its not 
about forgoing coded checks, the key point here is to manage data security 
in a more efficient way.



Really? I wasn't aware that converting '<' to < was that much of a
bottleneck.
You naively assume the vendors point of view here, encoding output is not 
always sufficient!



data is now more complex

Is it? The same attack vectors exist today than did several years ago,
and the mitigations for those vectors are still the same.
Are you kidding? If you cannot see this then there is little point to this 
discussion and so many projects out there are simply a waste of time!


Peter

- Original Message -
From: "Christopher Schultz" <[EMAIL PROTECTED]>
To: "Tomcat Users List" 
Sent: Tuesday, 27 May, 2008 9:27:33 PM GMT +02:00 Athens, Beirut, 
Bucharest, Istanbul

Subject: Re: Code Injection Tomcat 6

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Peter,

Peter Stavrinides wrote:
| The one problem though is that these arcane methods we have been
| using (encoding output, coding some validation checks, using prepared
| statements etc..) are not scalable enough

Really? I wasn't aware that converting '<' to < was that much of a
bottleneck. In fact, this is certainly scalable because if you think
it's taking too much time on a single server, you can scale horizontally.

| data is now more complex

Is it? The same attack vectors exist today than did several years ago,
and the mitigations for those vectors are still the same.

| new technologies (AJAX,COMET,JSON,SOAP etc) are adding layers, and
| add significantly to the problem.

I respectfully disagree. A new interface (i.e. swapping SOAP for HTTP)
should not change your business logic in the slightest (which is where
any taint checking should occur). The same is true for presentation
logic: if you are using SOAP, yous SOAP library ought to be converting
any output such that special characters (such as '<') are not dangerous.
The same can be said for web-page generation. If you are emitting web
pages, then your output technology should handle this for you (JSP, for
instance, does handle this for you if you follow the rules).

Adding a single layer of "security" should not be considered a
replacement for code and security reviews, unit testing, and user-level
testing.

| Preventing data interception is not
| so straightforward any more, without something available at the web
| server end of things, any security solutions we implement will always
| have holes and scalability issues.

I would argue that your data protection should occur at the business
layer, which should be insulated from the HTTP layer in the first place.
In that case, installing a prophylactic at the HTTP level would expose
your business logic to vectors that do not include HTTP (such as COMET
or SOAP).

| Security is somewhat of a moving
| target, I think we have to move on from these techniques... only when
| you have experienced a problem, do you feel compelled to give it the
| attention it requires. My query is not based on paranoia, I want a
| better way of managing the problem in the enterprise.

Actually, in this situation, paranoia is your friend. It's a good
motivator to review your systems to make sure that they react properly
when given potentially damaging inputs. That's what unit testing is for.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkg8UpUACgkQ9CaO5/Lv0PAklgCgvBeaMpQsc+U1dqRTlwKES06t
xE8AmwV2YNKNWPxfJzECrsBT9KrsR0qY
=bc6/
-END PGP SIGNATURE-

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Missing jar in 5.5.26 - Looking for the easiest way out

[Martin]

Hi Mark-

the error seems to come from commons-fileupload package..
I would ping the maintainers and build manager for commons-fileupload at
http://commons.apache.org/fileupload/mail-lists.html

Thanks!
- Original Message - 
From: "Mark Smits" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, May 29, 2008 8:51 AM
Subject: Missing jar in 5.5.26 - Looking for the easiest way out



One of our customers installed 5.5.26 and got into trouble when trying to
upload a war file. The following exception occurs:

java.lang.NoClassDefFoundError:
org/apache/commons/io/output/DeferredFileOutputStream
at
org.apache.commons.fileupload.DefaultFileItemFactory.createItem(DefaultFileItemFactory.java:103)

We are still using a Tomcat 5.0.xx version. There DeferredFileOutputStream
is part of commons-fileupload and it seems the class has been moved to
commons-io, which is not in the 5.5.26 installation set (in the zip file 
at

least). I checked the zip for 5.5.25 and there the DFOS class is still in
commons-fileupload.

Should I recommend downloading and installing 5.5.25 or can I just 
download

commons-io and put it next to commons-fileupload. Or do I have to change
some classpath as well somewhere.

Using the Tomcat server as standalone server.




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Tomcat 5.5 and Connection Pooling

[Martin]

Looks like your container is attempting to serialize/deserialize
Do those classes implement Serializable?

(also..keep in mind A no-arg constructor must be accessible to any subclass 
that is serializable.)


Martin
- Original Message - 
From: "Mike" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, May 29, 2008 1:21 PM
Subject: Tomcat 5.5 and Connection Pooling



Hello,



   I'm trying to set up connection pooling for Tomcat 5.5 but it
doesn't work.  When I start Tomcat, it shows in the Catalina log this:



SEVERE: Exception loading sessions from persistent storage

java.io.WriteAbortedException: writing aborted;
java.io.NotSerializableException: javax.naming.InitialContext

   at java.io.ObjectInputStream.readObject0(Unknown Source)

   at java.io.ObjectInputStream.defaultReadFields(Unknown Source)

   at java.io.ObjectInputStream.readSerialData(Unknown Source)

   at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)

   at java.io.ObjectInputStream.readObject0(Unknown Source)

   at java.io.ObjectInputStream.readObject(Unknown Source)

   at
org.apache.catalina.session.StandardSession.readObject(StandardSession.java:
1402)

   at
org.apache.catalina.session.StandardSession.readObjectData(StandardSession.j
ava:931)

   at
org.apache.catalina.session.StandardManager.doLoad(StandardManager.java:394)

   at
org.apache.catalina.session.StandardManager.load(StandardManager.java:321)

   at
org.apache.catalina.session.StandardManager.start(StandardManager.java:637)

   at
org.apache.catalina.core.ContainerBase.setManager(ContainerBase.java:432)

   at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4160)

   at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:7
60)

   at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)

   at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)

   at
org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)

   at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889
)

   at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)

   at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)

   at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)

   at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor
t.java:120)

   at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)

   at
org.apache.catalina.core.StandardHost.start(StandardHost.java:736)

   at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)

   at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)

   at
org.apache.catalina.core.StandardService.start(StandardService.java:448)

   at
org.apache.catalina.core.StandardServer.start(StandardServer.java:700)

   at 
org.apache.catalina.startup.Catalina.start(Catalina.java:552)


   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

   at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

   at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown
Source)

   at java.lang.reflect.Method.invoke(Unknown Source)

   at
org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)

   at
org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)

Caused by: java.io.NotSerializableException: javax.naming.InitialContext

   at java.io.ObjectOutputStream.writeObject0(Unknown Source)

   at java.io.ObjectOutputStream.defaultWriteFields(Unknown 
Source)


   at java.io.ObjectOutputStream.writeSerialData(Unknown Source)

   at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown
Source)

   at java.io.ObjectOutputStream.writeObject0(Unknown Source)

   at java.io.ObjectOutputStream.writeObject(Unknown Source)

   at
org.apache.catalina.session.StandardSession.writeObject(StandardSession.java
:1478)

   at
org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.
java:948)

   at
org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:51
7)

   at
org.apache.catalina.session.StandardManager.unload(StandardManager.java:463)

   at
org.apache.catalina.session.StandardManager.stop(StandardManager.java:667)

   at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4360)

   at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:893)

   at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1191)

   at
org.apache.catalina.startup.HostConfig.stop(HostConfig

Re: Tomcat 5.5 and Database Connection Pooling

[Martin]

Hi Mike-

TC 4.1 uses JDK 1.4 so check the signature of the JDBC-ODBC Bridge e.g.
javap JDBCODBC.class

TC 5.5 of course uses JDK 1.5 which wont work the old JDK1.4 unless you load 
in the 1.4 compat package

http://tomcat.apache.org/download-55.cgi

intersolv is no more since DataDirect bought them out
and I could'nt find JDBC-ODBC drivers anywhere from DataDirect.com
http://www.datadirect.com/developer/jdbc/basics/index.ssp

Will your DB allow you to go in with a straight JDBC driver?

Anyone else?
Martin
- Original Message - 
From: "Mike" <[EMAIL PROTECTED]>

To: 
Sent: Thursday, May 29, 2008 3:05 PM
Subject: Tomcat 5.5 and Database Connection Pooling



Hello,



   When I clean out the work directory, it doesn't show the
serializable error message.  However, the second time I run it, it does 
show

it.

I was able to have the JDBC-ODBC Bridge work in Tomcat 4.1, so why 
shouldn't

it work with 5.5?



Mike











-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: log4j problem

[Martin]

Hi John-

set your log4j.properties rootLogger to be OFF
log4j.rootLogger=OFF, logfile

options are
change your level to ALL The ALL has the lowest possible rank and is 
intended to turn on all logging.
DEBUG  The DEBUG Level designates fine-grained 
informational events that are most useful to debug an application
ERROR  The ERROR level designates error events that 
might still allow the application to continue running
FATAL   The FATAL level designates very severe error 
events that will presumably lead the application to abort
INFO  The INFO level designates informational 
messages that highlight the progress of the application at coarse-grained 
level
TRACE   The TRACE Level designates finer-grained 
informational events than the DEBUG
OFF   The OFF has the highest possible rank and 
is intended to turn off logging.


http://www.jdocs.com/log4j/1.2.13/api-index.html?m=class&p=org.apache.log4j&c=PropertyConfigurator&render=classic

HTH
Martin

- Original Message - 
From: "John Pedersen" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Saturday, May 31, 2008 3:24 PM
Subject: log4j problem



Hi,

I'm still trying to fix the problem with the welcome file not working, but
my logging going wrong has trumped that little problem.

I had it working fine using log4j - here's my properties file:

log4j.rootLogger=info, logfile
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d %p [%c] - <%m>%n
log4j.appender.logfile=org.apache.log4j.RollingFileAppender
log4j.appender.logfile.File=C:/Tomcat 6.0/logs/sf.log
log4j.appender.logfile.MaxFileSize=1024KB
# Keep three backup files
log4j.appender.logfile.MaxBackupIndex=3
log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
#Pattern to output : date priority [category] - line_separator
log4j.appender.logfile.layout.ConversionPattern=%d{ABSOLUTE} %5p 
%c{1}:%L -

%m%n

log4j.logger.com.starfriend=DEBUG

org.apache.catalina.startup.ContextConfig = SEVERE
org.apache.catalina.startup.HostConfig = SEVERE
org.apache.catalina.session.ManagerBase = SEVERE
org.apache.catalina.core.AprLifecycleListener=SEVERE
log4j.logger.org.apache.catalina=SEVERE

This gave me just the logging I was after. After a reload, all that good, 
as

expected logging disappeared, and now I just get DEBUG output such as:

20:13:10,722 DEBUG WebappClassLoader:1238 -
loadClass(com.starfriend.astro.drawings.DrawingsController, false)
20:13:10,723 DEBUG WebappClassLoader:1254 -   Returning class from cache

and

DEBUG HostConfig:1088 - Checking context[/host-manager] reload resource
C:\Tomcat 6.0\conf\web.xml
20:20:34,881 DEBUG HostConfig:1088 - Checking context[/host-manager] 
reload

resource C:\Tomcat 6.0\webapps\host-manager\META-INF\context.xml
20:20:34,883 DEBUG WebappClassLoader:704 - modified()
20:20:34,941 DEBUG ManagerBase:680 - Start expire sessions StandardManager
at 1212261634941 sessioncount 0
20:20:34,942 DEBUG ManagerBase:688 - End expire sessions StandardManager
processingTime 1 expired sessions: 0

Mb's of the stuff.

I've had this problem before and it went away without my finding out the
cause. Now that same issue is back. I have reloaded, stopped and started
Tomcat, looked all around for files that shouldn't be there, but no luck.
Has anyone come across this error before?

Thanks,

John




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to run own java application within Tomcat

[Martin]

Slobodanka-

if you want to dynamically create and access TC entities (engines,connectors 
etc) from outside TC environment

you would need to implement TC embedded server
http://www.vsj.co.uk/articles/display.asp?id=319

HTH
Martin
- Original Message - 
From: "Slobodanka Dimitrijevic" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Tuesday, June 03, 2008 4:18 PM
Subject: RE: How to run own java application within Tomcat


Hi Johnny,

Thanks for the answer but I think I didn't explain my problem correctly.

I need the following situation:
1. a java application has to run continiously outside tomcat (when tomcat 
crashes the application must be still running). This application runs in its 
own virtual machine (VM1).


2. I have also Axis2 webservices that have to have access to the objects in 
VM1. These webservices run inside Tomcat. However Tomcat runs in its own 
virtual machine (VM2). So I have a problem.


Question:
How to be able to run the java appplication (outside tomcat), and the Axis2 
webservices (inside tomcat), in the same virtual machine



thanks in advance
Slobodanka



Van: Johnny Kewl [mailto:[EMAIL PROTECTED]
Verzonden: di 3-6-2008 15:57
Aan: Tomcat Users List
Onderwerp: Re: How to run own java application within Tomcat




- Original Message -
From: "Slobodanka Dimitrijevic" <[EMAIL PROTECTED]>
To: "Tomcat Users List" 
Sent: Tuesday, June 03, 2008 11:34 AM
Subject: RE: How to run own java application within Tomcat



Hi Johnny,
Thanks for your mail. Can you please tell me :

1. where should I stop Java executable inside Tomcat directory
structure?

2. which configuration file and what should I configure inside Tomecat
if I want to run executable java application during sturtup of Tomcat?

Thanks in advance,
Slobodanka Dimitrijevic


=

Slobodanka just try this and you'll get the idea

I use NB but could be done with any IDE...

1) Make a Java application... normal Java application with some classes in
it.
Compile it and (if its NB its an executable) double click on the JAR file
(in the DIST folder)
It will run.

2) Now make a web project based on TC, in the libraries "select the
application" that you made before.
Make a little web page that uses one of the classes in the application
Compile it it will give you a WAR file and inside that war file... will
be your application.

Now you got one war file with the application in it... and the application
can run on its own as well, which is what I think you asking?

So if a user unzips the war file... they can run the application.
So now you have 2 in one.

You'll get the idea by just seeing where you application is used in the war.
So outside its a normal application, but inside the War its being used like
a library.

The web app has extra stuff, like web.xml and yada yada... but it doesnt
care, to it the application JAR is just a lib.

Then you play from there decide what classes you want to put where.

Its a design thing... not some web xml that you set.

Jars are zip files... they can be applications or libs... or a mix.

You cant just drop an application into tomcat and expect it to appear in a
web page... but you can share stuff.

The trick... make a application JAR the use that as a lib in TC NB
will pack it for you... no thinking required ;)

-

The POJO Application Server is a completely different animal, and you'll
have to ask specific questions in their mailing list for that.
But that does literally allow you to drop the application into it, and the
UI side of that application (not a web service) literally jumps out of the
browser.
But the applications have to be designed for that.

Either way... there is some design to do.

Hope that helps


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



"The Maritime Information & Service Provider"


This e-mail is confidential and may also be privileged. It is intended for 
use by the addressee only.
If you are not the intended addressee, we request that you notify us 
immediately and delete this e-mail,
and any attachment(s), without copying, forwarding, disclosing or using it 
in any other way. Royal
Dirkzwager will not be liable for damage relating to the communication by 
e-mail of data or documents.









-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] 



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Does HTTPRequest.getParameter() return encoded or decoded?

[Martin]

ApplicationHttpRequest does return encoded
here is why..

package org.apache.catalina.core;

class ApplicationHttpRequest extends HttpServletRequestWrapper
{
public String getParameter(String name)
{
parseParameters();
..which calls...

 /** Parses the parameters of this request. If parameters are present in 
both the query string and the request content, they are merged. */

void parseParameters()
{
if (parsedParams)
{
return;
}
   parameters = new HashMap();
   parameters = copyMap(getRequest().getParameterMap());
   mergeParameters();
..   which calls...

private void mergeParameters()
{
   if ((queryParamString == null) || (queryParamString.length() < 1))
   return;

   HashMap queryParameters = new HashMap();
   String encoding = getCharacterEncoding();
   if (encoding == null)
   encoding = "ISO-8859-1";
   try {
   RequestUtil.parseParameters
   (queryParameters, queryParamString, encoding);
   } catch (Exception e) {
   ;
   }
   Iterator keys = parameters.keySet().iterator();
   while (keys.hasNext()) {
   String key = (String) keys.next();
   Object value = queryParameters.get(key);
   if (value == null) {
   queryParameters.put(key, parameters.get(key));
   continue;
   }
   queryParameters.put
   (key, mergeValues(value, parameters.get(key)));
   }
   parameters = queryParameters;
   }

HTH
Martin--
- Original Message - 
From: "Mark H. Wood" <[EMAIL PROTECTED]>

To: 
Sent: Wednesday, June 04, 2008 4:09 PM
Subject: Does HTTPRequest.getParameter() return encoded or decoded?



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Moving from a very old Tomcat to a new Tomcat.

[Martin]

if your client doesnt want to write cookies
URL-rewrite is the answer
http://tuckey.org/urlrewrite/

Apache analog is mod_rewrite

HTH
Martin
- Original Message - 
From: "André Warnier" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Thursday, June 05, 2008 7:56 PM
Subject: Re: Moving from a very old Tomcat to a new Tomcat.





Bill Davidson wrote:

Christopher Schultz wrote:

Are you using cookies or URL-rewriting (or both) for your application?
Can you use a tool like LiveHTTPHeaders to observe the headers being
exchanged during the interaction described above?

We are using cookies to track sessions.  I don't think we're using URL
rewriting.  Servlets and jsp's are handed off to Tomcat.  Everything else
is Apache httpd.

We seem to be losing the cookie when a page being served from the SSL
virtual host forwards to a page that is not SSL (back in the regular host 
on

port 80).  No cookie means the server doesn't know that the browser is
attached to the session it created for the user.


This may not be the cause of your problem, but I remember vaguely that 
there can be a flag in a cookie saying "for SSL only".  If such was the 
case, the browser may just decide to not send the cookie anymore, even to 
the same host, once you switch back to a non-SSL connection.


"losing the cookie" is also maybe a misnomer here.  The entity that "has 
the cookie" and decides to send it or not is the browser.  The only way 
the server can tell the browser to "lose a cookie", is by resending the 
same cookie with an expiration date in the past.  That should cause the 
browser to delete the cookie and not send it anymore.


What I mean is : to "set a cookie in the browser", the server sends a 
"Set-Cookie" HTTP header to the browser, along with some normal result 
page.  It does this once (or more, but once is enough).  After that, the 
browser will always send back the cookie with each request to the same
server, as a "Cookie:" HTTP header, until this cookie expires.  When the 
expiration date/time of the cookie is reached, the browser purges the 
cookie from its memory, and that is when it stops sending it.
There is no "Unset-Cookie" or "Stop-sending-this-cookie" HTTP header that 
the server can send to the browser.




My lack of Apache skills is no doubt showing.  Is there a way to have
Apache 2.2 serve both 80 (clear) and 443 (SSL) from the primary
host instead of a virtual host?  I'm guessing that the switch from the
virtual host to the main host (both with the same hostname and IP but
listening on different ports) is what's causing the cookie to get lost.


As far as I know, a cookie is not port-specific.  Host or domain-specific 
yes, but port not.








-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Configuring Apache with Tomcat using mod_jk connector

[Martin]

do you have the JKMount directive in your %APACHE_HOME%/conf/httpd.conf ?

# send all requests ending in .jsp to ajp13
JkMount /*.jsp ajp13

http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html

HTH
Martin-
- Original Message - 
From: "Thanuja Danda" <[EMAIL PROTECTED]>

To: 
Sent: Saturday, June 07, 2008 10:27 AM
Subject: Configuring Apache with Tomcat using mod_jk connector



Hi All,

I have an issue configuring Apache/2.2.8 (True 64 Unix) integration with
Tomcat 5.0.28 using mod_jk/1.2.26. Both Apache and Tomcat are running on 
the

same machine. While configuring, I followed the instructions from
http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html. I
checked for both servers, they both are up and running. Apache is 
listening
on port 80 and Tomcat is running on 2004. But when I used the URL to 
access

the "testapp" context on Tomcat using the URL (of Apache):
http://mtte0303/testapp/test.jsp, the Apache is not sending the request to
Tomcat. But when I access the tomcat URL: 
http://mtte0303/testapp/test.jsp,

it's working.

Please help me solving this issue.

Below is the Configuration I have made:

httpd.conf is configured as below:

LoadModule jk_module modules/mod_jk.so
JkWorkersFile /usr/apache/tomcat/conf/jk/workers.properties
JkShmFile /usr/apache/logs/mod_jk.shm
JkLogFile /usr/apache/logs/mod_jk.log
JkLogLevel debug
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkMount /testapp/servlet/ worker1
JkMount /testapp/*.jsp worker1

workers.properties is configured as below:
---
# Define some properties
workers.tomcat_home=/usr/apache/tomcat
workers.java_home=/usr/opt/java141
ps=/
worker.list=worker1
# Set properties for worker1(ajp13)
worker.worker1.type=ajp13
worker.worker1.host=localhost
worker.worker1.port=2004
worker.worker1.connection_pool_timeout=600
worker.worker1.socket_keepalive=1
worker.worker1.socket_timeout=60

I am getting the following error messages in mod_jk.log when I access the
above URL.

[Sat Jun 07 08:14:19 2008] [628367:3223019520] [debug] jk_shm.c (457):
Attached shared memory [7] size=28672 free=28672 addr=0x18000
[Sat Jun 07 08:14:19 2008] [628367:3223019520] [debug] jk_shm.c (471):
Reseting the shared memory for child 7
[Sat Jun 07 08:14:19 2008] [628367:3223019520] [debug] jk_shm.c (262):
Duplicated shared memory lock /usr/apache/logs/mod_jk.shm.629169.lock
[Sat Jun 07 08:14:19 2008] [628367:3223019520] [debug] mod_jk.c (2730):
Attached shm:/usr/apache/logs/mod_jk.shm.629169 (28672 bytes)
[Sat Jun 07 08:14:19 2008] [628367:3223019520] [debug] mod_jk.c (2740):
Initialized mod_jk/1.2.26
[Sat Jun 07 08:14:49 2008] [629470:3223019520] [debug] mod_jk.c (3033):
missing uri map for mtte0303:/testapp/index.jsp
[Sat Jun 07 08:14:49 2008] [629470:3223019520] [debug] mod_jk.c (3190):
missing uri map for mtte0303:/testapp/index.jsp

Please let me know where is the mistake ?

Thanks in advance.

Please note: Apache is also configure with  mod_ssl/2.2.8 OpenSSL/0.9.8g

Regards
Thanuja




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem in starting tomcat

[Martin]

Do you have Native POSIX Thread Library installed?
Identification of this subsystem features as well as which package you 
should download are available at

http://linux-sxs.org/internet_serving/c140.html

also be aware of the environmental parameters that tomcat uses
an example is located at

# you could also override JAVA_HOME as illustrated here
# Where your java installation lives
JAVA_HOME="/usr/lib/jvm/java"
JRE_HOME="/usr/lib/jvm/java"

# Where your tomcat installation lives
# That change from previous RPM where TOMCAT_HOME
# used to be /var/tomcat.
# Now /var/tomcat will be the base for webapps only
CATALINA_HOME="/usr/share/tomcat5"
JASPER_HOME="/usr/share/tomcat5"
CATALINA_TMPDIR="/usr/share/tomcat5/temp"

/* Be aware that TC may only execute under elevated privs under sudo as in 
this example */

sudo - tomcat -c $CATALINA_HOME/bin/startup.sh

HTH
Martin
- Original Message - 
From: "Raghavan_sat" <[EMAIL PROTECTED]>

To: 
Sent: Monday, June 09, 2008 9:23 AM
Subject: Problem in starting tomcat




Hi,
  I downloaded apache-tomcat-5.5.23.tar.gz and extracted it. Am using jdk
1.6.0_05.
When i start tomcat it starts fine and no error is been shown in the
catalina.out. But when i open the browser and load http://localhost:8080/
its showing a blank page. The OS is Fedora 8. What should i do to make it
work
--
View this message in context: 
http://www.nabble.com/Problem-in-starting-tomcat-tp17732711p17732711.html

Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Session lost when switching from https to http after upgrade to Tomcat 6

[Martin]

If you're in a secure location that disallows cookies..you can always try 
url-rewrite


Tomcat
http://tuckey.org/urlrewrite/

Caucho
http://www.caucho.com/resin/doc/rewrite-tags.xtp

Apache mod_rewrite
http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html

HTH
Martin
- Original Message - 
From: "Bill Davidson" <[EMAIL PROTECTED]>

To: "Tomcat Users List" 
Sent: Monday, June 09, 2008 7:10 PM
Subject: Re: Session lost when switching from https to http after upgrade to 
Tomcat 6




BTW, I forgot to thank everyone for helping me to understand
what this problem better.  Understanding that the cookie was
being created by Tomcat with the secure flag and that the flag
was causing the problem was the key.

Thanks everyone.

--Bill Davidson


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

problems with welcome files

[martin]

Hi,
i have installed apache http 2.2.14 and tomcat 6.0.24. I deployed
railo
3.1.2.001 final (cfml engine). I have to
use Windows XP and i have
administrative privileges.

This is my httpd-vhost.conf:

   ServerName railo
   DirectoryIndex index.cfm index.html
   ProxyRequests Off
   
   Order deny,allow
   Allow from all
   
   ProxyPass / ajp://railo:8009/
   ProxyPassReverse / ajp://railo:8009/



I added this to tomcats server.xml:
 
   
 


Railo has the following in its web.xml

 index.cfm
   index.cfml


Everytime i try to access a directory which contains an index.cfm file i get
a HTTP 500 error (FileNotFoundException) from Tomcat.
I.E.
http://railo/coldbox/dashboard/index.cfm   This works.
http://railo/coldbox/dashboard   Does not work. I get this:

HTTP Status 500 -
--
*type* Exception report
*message*
*description* *The server encountered an internal error () that prevented it
from fulfilling this request.*
*exception*
java.io.FileNotFoundException: C:\webapps\viss-dev\coldbox\dashboard
(Zugriff verweigert)
   java.io.FileInputStream.open(Native Method)
   java.io.FileInputStream.(Unknown Source)

 
railo.commons.io.res.type.file.FileResource.getInputStream(FileResource.java:198)
   railo.commons.io.IOUtil.copy(IOUtil.java:153)

 railo.runtime.engine.CFMLEngineImpl.serviceFile(CFMLEngineImpl.java:288)
   railo.loader.servlet.FileServlet.service(FileServlet.java:32)
   javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
*note* *The full stack trace of the root cause is available in the Apache
Tomcat/6.0.24 logs.*
--
Apache Tomcat/6.0.24

WTF is wrong?

RE: RE: problems with welcome files

[martin]

>> From: martin [mailto:mrt...@googlemail.com]
>> Subject: problems with welcome files
>>
>> i have installed apache http 2.2.14 and tomcat 6.0.24.

>Step 1: Get httpd out of the game; test with Tomcat's HTTP 
first.  When that works, add httpd back in.

Ok, httpd is not running anymore

>> I added this to tomcats server.xml:
>>  
>>
>>  

>Step 2: the above gets you the railo webapp deployed twice, once as
default, once as railo.  Remove the  element and rename the railo
directory to ROOT (case sensitive, even on Windows).

Ok, applied the changes

>Step 3: make sure the name "railo" is defined in your DNS box or hosts
file, or add an  to the above  for usable domain name.

Added this Alias
 127.0.0.1

>> Railo has the following in its web.xml
>> 
>>  index.cfm
>>index.cfml
>> 

> What else is in its web.xml?  (In particular, servlet mappings.)


CFMLServlet
*.cfm


CFMLServlet
*.cfml


CFMLServlet
*.cfc


AMFServlet
/flashservices/gateway/*


FileServlet
/


>> http://railo/coldbox/dashboard/index.cfm   This works.
>> http://railo/coldbox/dashboard   Does not work. I get this:

>First fix your deployment problems as described above.

Ok, without httpd running
http://railo:8080/coldbox/dashboard/index.cfm   This works.
http://railo:8080/coldbox/dashboard   Does not work. I get the same error.

I have configured the railo server and added a mapping
"/"  mapps to "C:/webapps/viss-dev/"

In this directory lies an index.cfm (It
works!)
When i access http://railo:8080/ the index.cfm is shown, but when i try to
access a subdirectory that also contains an index.cfm i get this
FileNotFoundException.
Martin

> - Chuck

mod_jk restarting during uploads of large files

[martin]

Hi
I have a problem when uploading files to tomcat through mod_jk.  When  
uploading smaller files (<100kb) everything seems to work fine, but  
when uploading files of about 1.5Mb it seems as if the server is  
restarting and causing a 503 error.  I've tried modifying timeouts in  
both apache and tomcat, still i get this output on the catalina.err  
file: (sorry for long log files)



04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already scheduled
04/07/2011 15:19:32 7210 jsvc.exec error: Service killed by signal 9
Jul 4, 2011 3:19:35 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal  
performance in production environments was not found on the  
java.library.path:  
/usr/local/jdk/jre/lib/i386/client:/usr/local/jdk/jre/lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib

Jul 4, 2011 3:19:35 PM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Jul 4, 2011 3:19:35 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 426 ms
Jul 4, 2011 3:19:35 PM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Jul 4, 2011 3:19:35 PM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/5.5.33
Jul 4, 2011 3:19:35 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Jul 4, 2011 3:19:35 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Jul 4, 2011 3:19:36 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Jul 4, 2011 3:19:36 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Jul 4, 2011 3:19:36 PM org.apache.catalina.core.StandardHost start
INFO: XML validation disabled
Jul 4, 2011 3:19:37 PM org.apache.coyote.http11.Http11BaseProtocol start
INFO: Starting Coyote HTTP/1.1 on htt

Re: mod_jk restarting during uploads of large files

[martin]

Yeh, I've worked out what was happening, seems that tomcat was being  
killed by the system running out of memory, which was happening  
without any log messages on the system at all, which was rather  
unhelpful and left me completely stumped for a while.  However adding  
extra swap space and memory seem to fix the problem.


Thanks anyway for the reply

Quoting Rainer Jung :


It seems it is not a mod_jk problem. mod_jk never shuts down Tomcat, but
obviously your Tomcat shuts down during processing the request.

I would

- update Tomcat *and* the service wrapper (jdvc) to the most recent
patch update (e.g. Tomcat 5.5.33).

- run Tomcat once without the service wrapper to decide, whether the
problem comes from the wrapper or from Tomcat respectively your web
application.

Regards,

Rainer

On 04.07.2011 18:27, mar...@alt-v.co.uk wrote:

Hi
I have a problem when uploading files to tomcat through mod_jk.  When
uploading smaller files (<100kb) everything seems to work fine, but when
uploading files of about 1.5Mb it seems as if the server is restarting
and causing a 503 error.  I've tried modifying timeouts in both apache
and tomcat, still i get this output on the catalina.err file: (sorry for
long log files)


04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:31 7211 jsvc.exec error: Shutdown or reload already
scheduled
04/07/2011 15:19:32 7210 jsvc.exec error: Service killed by signal 9
Jul 4, 2011 3:19:35 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path:
/usr/local/jdk/jre/lib/i386/client:/usr/local/jdk/jre/lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib

Jul 4, 2011 3:19:35 PM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Jul 4, 2011 3:19:35 PM org.apache.catalina.startup.Catalina load
INFO: Initialization proce

Session init problem since moving to new server/tomcat

[Martin]

Recently we moved our application from an old ubuntu to a newer centos 
box. We upgraded our JAVA version, tomcat (from v5 to latest v6) and 
basically all server components. Local tests of our application showed 
no problems with these newer versions, in fact it has been developed 
with these since quite some time.


But now we seem to have a problem with our session management/creation, 
however only on the new live server, not locally.


Whenever a user visits a page (the login page) for the very first time 
(no JSESSIONID-Cookie), the first login form submit does not work. Our 
live application obviously encounters some kind of unexpected stuff. The 
followup form submit works as expected. The JSESSIONID is created on the 
first page load btw.


The person who wrote this part of our application has gone AWOL and 
locally we cannot reproduce this.


Do you guys have any idea what could be responsible for this? I 
obviously copied all the tomcat settings from the older version and I 
cannot find anything worthy in the logs.


Thanks,
Martin




http://www.gleichklang-mail.de: Der Email-Zugang für ökologisch und sozial 
denkende Menschen!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Session init problem since moving to new server/tomcat

[Martin]

Thank you Christopher for your in depth annotations. We just downgraded 
from v6.0.34 to .20 and the problem has vanished. We obviously have some 
changes to do before we can upgrade to v7 as far as the session handling 
is concerned. Your post will help us along the way. Thanks again.


Martin

Am 2013-11-08 16:22, schrieb Christopher Schultz:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Martin,

On 11/8/13, 9:59 AM, Martin wrote:

Recently we moved our application from an old ubuntu to a newer
centos box. We upgraded our JAVA version, tomcat (from v5 to latest
v6) and basically all server components.


I would highly recommend that you upgrade directly to 7.0.x... moving
from Tomcat 6 to Tomcat 7 is much easier than the transition from 5.0
to 6.0. Make the investment, now. Tomcat 8 is just around the corner
which means that Tomcat 6's days are numbered (though it may still
have 1000 days left in its lifetime).


Local tests of our application showed no problems with these newer
versions, in fact it has been developed with these since quite
some time.

But now we seem to have a problem with our session
management/creation, however only on the new live server, not
locally.

Whenever a user visits a page (the login page) for the very first
time (no JSESSIONID-Cookie), the first login form submit does not
work. Our live application obviously encounters some kind of
unexpected stuff. The followup form submit works as expected. The
JSESSIONID is created on the first page load btw.


What does your login  look like? Often, users forget to encode
the session id in the URL for the form like this:



It would be better to do this:

" />

That way, Tomcat will get the session identifier whether cookies are
in use or not.


The person who wrote this part of our application has gone AWOL
and locally we cannot reproduce this.

Do you guys have any idea what could be responsible for this? I
obviously copied all the tomcat settings from the older version and
I cannot find anything worthy in the logs.


Some things have changed from Tomcat 5 to Tomcat 6 and later,
especially with session-handling during login. For example, Tomcat 
now

switches session-ids after a successful login in order to protect
against session-fixation attacks. Also, Tomcat now requires (though
I'm not sure if this is different from the Tomcat 5 days) a session 
to

be in place in order to show the login screen because it needs to
store the original request somewhere for a post-authentication 
redirect.


Are you using the "standard" spec-defined login process:

1. User requests a protected page
2. Container challenges user for credentials
3. User provides valid credentials
4. Container sends the user to the originally-requested resource

?

Or, are you using what I call a drive-by login where you just have 
the

login page showing in index.jsp or whatever with a login button? This
last one won't work the way you expect it to work, because the spec
(stupidly, IMO) didn't include a standard way for containers to 
handle

"unsolicited" logins.

These days (Servlet 3.0, which means Tomcat 7 and later), you can
write your own login-handler for these drive-by logins.

(Actually, looking at the documentation for HttpServletRequest.login,
it seems like this might not actually work (or if it does, it might
violate the spec) since it says that getAuthType must return null in
order for login() to be successful. That sounds to me like either the
container is in total control, or the webapp is in total control. 
Hmm.)


- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.15 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSfQHIAAoJEBzwKT+lPKRY9OcQAMMMAIpVuFtUhwWv9sTbs0uK
fnDB/VXVytAsYcbu4rVrgqiculcGP/2CkhZI2nle43FoPNZkMMbnJAr2AczYdV69
MTEoBOeY5rPQiUKs89KCKUN6V0kQkkv+cBQOaMzbGDBYd7vMgpONh9LXKuZjMkKC
iBpWdTRz1H79+82VpfGO7obVp+k3QXS4hLI/rMT3o01vacfQXJc6C0+vvmlFLTGH
QCyU0NfRbeT2MPGBmCUabjLpf7S/kRv2d1l26Az6AYOZHm/s/Ee9+yyZ+MuXOsJk
wEOX7/+jDcshQd1R+tiQdEyFJGCqKOgGbRJ5AwVRXyWXjgEUXj3YzXAmK7NrBF39
bu8WQib8y8kOiIo7ME1YF+qNs6eXDqdeEyf9l2zh19L0P7jn43Y3vWvOaqI34kML
9BBsh32f6KD5BpW3fQ9WgG8Ssk+9TK/w6AkQvG7RYhSzuiQykJslvuYNrWCFR+Nf
r8rDbqnLrcWPJ5RT19vyitJHIvNEIm3RKA/+bEfVQwBFMS4FEgiOqknEUU8m8VZD
1SxB8eXR2wfOA9H4BsSh7fmTFCneDZv8+h2Hntuf9IKe9fB4G8lU1RThH2gXl8rB
tOSix5WKKadvuss42tpKtsOI2IaSObcK163pdZIc0QUHOFMZC/15wimRlGrW0vbL
bF36rsMYpfhFG8naSZq5
=mhI6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






http://www.gleichklang-mail.de: Der Email-Zugang für ökologisch und sozial 
denkende Menschen!

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

How to setup Apache web server for a Tomcat deployed Spring application

[Martin Moore]

Hello,

I have a situation where I want to call an Tomcat deployed Spring
application remotely without adding the port number (8080), I had tried to
use 80 in Connector but wasn't able to connect to it when outside the LAN.
So I resorted to creating a proxy server using Apache2 Web Server (along
side the Tomcat application server).

Unfortunately when I call the app using name1.domain.com/app/login it times
out and fails.
Following are the configuration for Apache2 and Tomcat:
In server.xml (Tomcat V8)
http://qadat.qfls.idealab.unical.it/>com"
   proxyPort="80"
  />

httpd.conf (under conf/ in Apache2)
...
LoadModule proxy_module modules/mod_proxy.so
...
ServerName  name1.domain. com:80


   ProxyPass /app/login http://localhost:8080/app/login

   ProxyPassReverse /app/login http://localhost:8080/app/login



To note that on the local machine tomcat returns the app through
http://localhost:8080/app/login 

How to make the app requests proxied so that name1.domain.
com/app/login works and calls the
localhost:8080/app/login to return the Tomcat Spring app

To note that DocumentRoot was added and then removed and that the app
resides in webapps/ROOT

Thanks.

Migrating from TC9 to TC10. Can the jakartaConverter log problem cases?

[Martin Knoblauch]

Hi,

 I am in the process of migrating a large application from Tomcat9 to
Tomcat10. While we have fixed the javax->jakarta issues in our code
directly, we still need to specify jakartaConverter=TOMCAT to make the
application work correctly.

My question is now: does the converter log its work somewhere? How to
enable it? Sorry if this is a stupid question.

Thanks in advance
Martin
-- 
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de

Ignoring invalid If-None-Match header instead of status 400?

[Jiřička , Martin]

Hi,

I was investigating an issue with our single-page app that is using
Tomcat on server side. The app sometimes did not load in browser. It
turned out Chrome can requests client application bundle with header
like this:

If-None-Match: W/"101052-1724152266000"-gzip

Default servlet rejects such request with HTTP Status 400 – Bad Request.

To test it I installed Tomcat 9.0.93 and queried default ROOT application:

$ curl -sw '%{http_code}\n' --output /dev/null -H 'If-None-Match:
W/"101052-1724152266000"-gzip' localhost:8080/tomcat.css
400

Problematic part is "-gzip", without it it works:

$ curl -sw '%{http_code}\n' --output /dev/null -H 'If-None-Match:
W/"101052-1724152266000"' localhost:8080/tomcat.css
200

I have no idea whether the header is RFC-valid or not, but since it is
used by major browser/s and status 400 can break things, is there some
option how to silently ignore invalid(?) If-None-Match?

Thanks
Martin

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Ignoring invalid If-None-Match header instead of status 400?

[Jiřička , Martin]

> It might be worth tracking down what is generating the invalid ETag. It
> is possible that the browser is just echoing back an invalid ETag it
> originally received.

Oh, you are right, Chrome just repeats invalid ETag it got from
server. This is root of the problem. I am stupid I did not check that.

Thank you very much, Mark!

Martin

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat testing

[Martin Grigorov]

HI,

On Wed, Dec 8, 2021 at 11:20 AM Mark Thomas  wrote:

> On 08/12/2021 08:44, Hiran CHAUDHURI wrote:
> > Hello there.
> >
> > My organization requires that Tomcat releases - especially patches - get
> tested before we propagate them into production environments.
> > For sure similar tests are run by the ASF before releasing the software
> at all.
> >
> > Is there a way to run the very same tests within our organization? Where
> can I find out what automatic testing is already performed? Or would I have
> to develop a test suite from scratch?
>
> https://github.com/apache/tomcat/blob/main/BUILDING.txt


Here is what we do at Travis CI:
-
https://github.com/apache/tomcat/blob/2c5cea02157c3730ca498e0e26422dcaea5b8d4b/.travis.yml
-
https://github.com/apache/tomcat/blob/2c5cea02157c3730ca498e0e26422dcaea5b8d4b/.travis/antTest.sh


>
>
> Section 7.
>
> There is also the various CI systems:
> https://tomcat.apache.org/ci.html
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

About granting permissions to Tomcat JVM

[Martin Moore]

Hello,

I am facing a problem using Tomcat V8 with my J2ee app that deletes (using
file.delete() Java 8) a file from disk (Windows). The file is actually
deleting only on application level meaning that the application does not
see the file anymore but if i open the folder i still see the file which is
then locked by Java process. I only get the file to be removed physically
when i close the Tomcat instance.

Does this problem relate to permissions in catalina.policy ?
How to solve this?

Re: About granting permissions to Tomcat JVM

[Martin Moore]

Hello Mark,

I don't know if the SecurityManager is enabled or not (how to disable it
btw?)
I set the env var CATALINA_HOME to be C:/Program Files/Apache-Tomcat-8/
The files in question are stored in Desktop/SomeFolder

Thanks.

Le dim. 9 oct. 2022 à 08:00, Mark Thomas  a écrit :

> On 08/10/2022 17:36, Martin Moore wrote:
> > Hello,
> >
> > I am facing a problem using Tomcat V8 with my J2ee app that deletes
> (using
> > file.delete() Java 8) a file from disk (Windows). The file is actually
> > deleting only on application level meaning that the application does not
> > see the file anymore but if i open the folder i still see the file which
> is
> > then locked by Java process. I only get the file to be removed physically
> > when i close the Tomcat instance.
> >
> > Does this problem relate to permissions in catalina.policy ?
>
> Unlikely.
>
> Are you using a SecurityManager?
>
> > How to solve this?
>
> Where, exactly, are you storing these files? Where, exactly, are
> CATALINA_HOME and CATALINA_BASE?
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: About granting permissions to Tomcat JVM

[Martin Moore]

the ProcessExplorer shows that a Java process is running on the file and
this only after actually performing the delete from Java.

Le dim. 9 oct. 2022 à 15:23, Thomas Hoffmann (Speed4Trade GmbH)
 a écrit :

> Hello,
> this might be a behavior of the underlying OS.
> If the file is locked, it is marked for deletion and when the file lock is
> released, the file is physically deleted.
>
> Maybe you can check with ProcessExplorer from MS whether there is an open
> file handle on this file.
>
> Greetings,
> Thomas
>
> > -Ursprüngliche Nachricht-
> > Von: Martin Moore 
> > Gesendet: Sonntag, 9. Oktober 2022 09:56
> > An: Tomcat Users List ; ma...@apache.org
> > Betreff: Re: About granting permissions to Tomcat JVM
> >
> > Hello Mark,
> >
> > I don't know if the SecurityManager is enabled or not (how to disable it
> > btw?)
> > I set the env var CATALINA_HOME to be C:/Program Files/Apache-Tomcat-8/
> > The files in question are stored in Desktop/SomeFolder
> >
> > Thanks.
> >
> > Le dim. 9 oct. 2022 à 08:00, Mark Thomas  a écrit :
> >
> > > On 08/10/2022 17:36, Martin Moore wrote:
> > > > Hello,
> > > >
> > > > I am facing a problem using Tomcat V8 with my J2ee app that deletes
> > > (using
> > > > file.delete() Java 8) a file from disk (Windows). The file is
> > > > actually deleting only on application level meaning that the
> > > > application does not see the file anymore but if i open the folder i
> > > > still see the file which
> > > is
> > > > then locked by Java process. I only get the file to be removed
> > > > physically when i close the Tomcat instance.
> > > >
> > > > Does this problem relate to permissions in catalina.policy ?
> > >
> > > Unlikely.
> > >
> > > Are you using a SecurityManager?
> > >
> > > > How to solve this?
> > >
> > > Where, exactly, are you storing these files? Where, exactly, are
> > > CATALINA_HOME and CATALINA_BASE?
> > >
> > > Mark
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
> > >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: About granting permissions to Tomcat JVM

[Martin Moore]

About the methods i use in the application along with file.delete() (which
is what this post is about)
I use File[] files = new File("C:\\SomeFolder").listFiles();
file.getName();
file.lastModified()
Path path = Paths.get(fileName);
Would any of these cause the lock on the file ?

Le dim. 9 oct. 2022 à 16:03, Thomas Hoffmann (Speed4Trade GmbH)
 a écrit :

>
> > -Ursprüngliche Nachricht-----
> > Von: Martin Moore 
> > Gesendet: Sonntag, 9. Oktober 2022 15:37
> > An: thomas.hoffm...@speed4trade.com.invalid; Tomcat Users List
> > 
> > Betreff: Re: About granting permissions to Tomcat JVM
> >
> > the ProcessExplorer shows that a Java process is running on the file and
> this
> > only after actually performing the delete from Java.
>
>
> Some possibilities for file locking.
> - the upload process didn’t close the streams properly
> - You use http2 and sendfile
> - You are using a MappedByteBuffer before deletion:
> https://bugs.openjdk.org/browse/JDK-4724038
>
> ... just some ideas which cause file locking ...
>
> > Le dim. 9 oct. 2022 à 15:23, Thomas Hoffmann (Speed4Trade GmbH)
> >  a écrit :
> >
> > > Hello,
> > > this might be a behavior of the underlying OS.
> > > If the file is locked, it is marked for deletion and when the file
> > > lock is released, the file is physically deleted.
> > >
> > > Maybe you can check with ProcessExplorer from MS whether there is an
> > > open file handle on this file.
> > >
> > > Greetings,
> > > Thomas
> > >
> > > > -Ursprüngliche Nachricht-
> > > > Von: Martin Moore 
> > > > Gesendet: Sonntag, 9. Oktober 2022 09:56
> > > > An: Tomcat Users List ; ma...@apache.org
> > > > Betreff: Re: About granting permissions to Tomcat JVM
> > > >
> > > > Hello Mark,
> > > >
> > > > I don't know if the SecurityManager is enabled or not (how to
> > > > disable it
> > > > btw?)
> > > > I set the env var CATALINA_HOME to be C:/Program
> > > > Files/Apache-Tomcat-8/ The files in question are stored in
> > > > Desktop/SomeFolder
> > > >
> > > > Thanks.
> > > >
> > > > Le dim. 9 oct. 2022 à 08:00, Mark Thomas  a écrit
> :
> > > >
> > > > > On 08/10/2022 17:36, Martin Moore wrote:
> > > > > > Hello,
> > > > > >
> > > > > > I am facing a problem using Tomcat V8 with my J2ee app that
> > > > > > deletes
> > > > > (using
> > > > > > file.delete() Java 8) a file from disk (Windows). The file is
> > > > > > actually deleting only on application level meaning that the
> > > > > > application does not see the file anymore but if i open the
> > > > > > folder i still see the file which
> > > > > is
> > > > > > then locked by Java process. I only get the file to be removed
> > > > > > physically when i close the Tomcat instance.
> > > > > >
> > > > > > Does this problem relate to permissions in catalina.policy ?
> > > > >
> > > > > Unlikely.
> > > > >
> > > > > Are you using a SecurityManager?
> > > > >
> > > > > > How to solve this?
> > > > >
> > > > > Where, exactly, are you storing these files? Where, exactly, are
> > > > > CATALINA_HOME and CATALINA_BASE?
> > > > >
> > > > > Mark
> > > > >
> > > > > --
> > > > > --- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > > > >
> > > > >
> > >
> > > -
> > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > > For additional commands, e-mail: users-h...@tomcat.apache.org
> > >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

Re: About granting permissions to Tomcat JVM

[Martin Moore]

@thomas.hoffm...@speed4trade.com.invalid
  how to use the debugger in this
case ?any documentation pls ?
@Rob Sargent i posted most of the methods used in the app, but yes JVM is
holding off on deleting the file...

Le dim. 9 oct. 2022 à 17:31, Thomas Hoffmann (Speed4Trade GmbH)
 a écrit :

> Hello,
>
> > About the methods i use in the application along with file.delete()
> (which is
> > what this post is about) I use File[] files = new
> > File("C:\\SomeFolder").listFiles();
> > file.getName();
> > file.lastModified()
> > Path path = Paths.get(fileName);
> > Would any of these cause the lock on the file ?
>
> They don't look suspicious to me. What you could do is, use the debugger
> to go step by step.
> In parallel, use the ProcessExplorer to see at which point the file handle
> appears.
> Maybe it is more hidden in some other routines which might use a
> MappedByteBuffer to read or write.
>
>
> >
> > Le dim. 9 oct. 2022 à 16:03, Thomas Hoffmann (Speed4Trade GmbH)
> >  a écrit :
> >
> > >
> > > > -Ursprüngliche Nachricht-
> > > > Von: Martin Moore 
> > > > Gesendet: Sonntag, 9. Oktober 2022 15:37
> > > > An: thomas.hoffm...@speed4trade.com.invalid; Tomcat Users List
> > > > 
> > > > Betreff: Re: About granting permissions to Tomcat JVM
> > > >
> > > > the ProcessExplorer shows that a Java process is running on the file
> > > > and
> > > this
> > > > only after actually performing the delete from Java.
> > >
> > >
> > > Some possibilities for file locking.
> > > - the upload process didn’t close the streams properly
> > > - You use http2 and sendfile
> > > - You are using a MappedByteBuffer before deletion:
> > > https://bugs.openjdk.org/browse/JDK-4724038
> > >
> > > ... just some ideas which cause file locking ...
> > >
> > > > Le dim. 9 oct. 2022 à 15:23, Thomas Hoffmann (Speed4Trade GmbH)
> > > >  a écrit :
> > > >
> > > > > Hello,
> > > > > this might be a behavior of the underlying OS.
> > > > > If the file is locked, it is marked for deletion and when the file
> > > > > lock is released, the file is physically deleted.
> > > > >
> > > > > Maybe you can check with ProcessExplorer from MS whether there is
> > > > > an open file handle on this file.
> > > > >
> > > > > Greetings,
> > > > > Thomas
> > > > >
> > > > > > -Ursprüngliche Nachricht-
> > > > > > Von: Martin Moore 
> > > > > > Gesendet: Sonntag, 9. Oktober 2022 09:56
> > > > > > An: Tomcat Users List ;
> > > > > > ma...@apache.org
> > > > > > Betreff: Re: About granting permissions to Tomcat JVM
> > > > > >
> > > > > > Hello Mark,
> > > > > >
> > > > > > I don't know if the SecurityManager is enabled or not (how to
> > > > > > disable it
> > > > > > btw?)
> > > > > > I set the env var CATALINA_HOME to be C:/Program
> > > > > > Files/Apache-Tomcat-8/ The files in question are stored in
> > > > > > Desktop/SomeFolder
> > > > > >
> > > > > > Thanks.
> > > > > >
> > > > > > Le dim. 9 oct. 2022 à 08:00, Mark Thomas  a
> > > > > > écrit
> > > :
> > > > > >
> > > > > > > On 08/10/2022 17:36, Martin Moore wrote:
> > > > > > > > Hello,
> > > > > > > >
> > > > > > > > I am facing a problem using Tomcat V8 with my J2ee app that
> > > > > > > > deletes
> > > > > > > (using
> > > > > > > > file.delete() Java 8) a file from disk (Windows). The file
> > > > > > > > is actually deleting only on application level meaning that
> > > > > > > > the application does not see the file anymore but if i open
> > > > > > > > the folder i still see the file which
> > > > > > > is
> > > > > > > > then locked by Java process. I only get the file to be
> > > > > > > > removed physically when i close the Tomcat instance.
> > > > > > > >
> > > > > > > > Does this problem relate to permissions 

Re: About granting permissions to Tomcat JVM

[Martin Moore]

@Rob  this is the command:   %CATALINA_HOME%\bin\startup.bat


Le dim. 9 oct. 2022 à 21:30, Rob Sargent  a écrit :

>
>
> > On Oct 9, 2022, at 8:54 AM, Martin Moore 
> wrote:
> >
> > @thomas.hoffm...@speed4trade.com.invalid
> >   how to use the debugger in
> this
> > case ?any documentation pls ?
> > @Rob Sargent i posted most of the methods used in the app, but yes JVM is
> > holding off on deleting the file...
>
> I think this might be a config issue. What is the full Java command with
> variables expanded
>
> >
> >> Le dim. 9 oct. 2022 à 17:31, Thomas Hoffmann (Speed4Trade GmbH)
> >>  a écrit :
> >>
> >> Hello,
> >>
> >>> About the methods i use in the application along with file.delete()
> >> (which is
> >>> what this post is about) I use File[] files = new
> >>> File("C:\\SomeFolder").listFiles();
> >>> file.getName();
> >>> file.lastModified()
> >>> Path path = Paths.get(fileName);
> >>> Would any of these cause the lock on the file ?
> >>
> >> They don't look suspicious to me. What you could do is, use the debugger
> >> to go step by step.
> >> In parallel, use the ProcessExplorer to see at which point the file
> handle
> >> appears.
> >> Maybe it is more hidden in some other routines which might use a
> >> MappedByteBuffer to read or write.
> >>
> >>
> >>>
> >>> Le dim. 9 oct. 2022 à 16:03, Thomas Hoffmann (Speed4Trade GmbH)
> >>>  a écrit :
> >>>
> >>>>
> >>>>> -Ursprüngliche Nachricht-
> >>>>> Von: Martin Moore 
> >>>>> Gesendet: Sonntag, 9. Oktober 2022 15:37
> >>>>> An: thomas.hoffm...@speed4trade.com.invalid; Tomcat Users List
> >>>>> 
> >>>>> Betreff: Re: About granting permissions to Tomcat JVM
> >>>>>
> >>>>> the ProcessExplorer shows that a Java process is running on the file
> >>>>> and
> >>>> this
> >>>>> only after actually performing the delete from Java.
> >>>>
> >>>>
> >>>> Some possibilities for file locking.
> >>>> - the upload process didn’t close the streams properly
> >>>> - You use http2 and sendfile
> >>>> - You are using a MappedByteBuffer before deletion:
> >>>> https://bugs.openjdk.org/browse/JDK-4724038
> >>>>
> >>>> ... just some ideas which cause file locking ...
> >>>>
> >>>>> Le dim. 9 oct. 2022 à 15:23, Thomas Hoffmann (Speed4Trade GmbH)
> >>>>>  a écrit :
> >>>>>
> >>>>>> Hello,
> >>>>>> this might be a behavior of the underlying OS.
> >>>>>> If the file is locked, it is marked for deletion and when the file
> >>>>>> lock is released, the file is physically deleted.
> >>>>>>
> >>>>>> Maybe you can check with ProcessExplorer from MS whether there is
> >>>>>> an open file handle on this file.
> >>>>>>
> >>>>>> Greetings,
> >>>>>> Thomas
> >>>>>>
> >>>>>>> -Ursprüngliche Nachricht-
> >>>>>>> Von: Martin Moore 
> >>>>>>> Gesendet: Sonntag, 9. Oktober 2022 09:56
> >>>>>>> An: Tomcat Users List ;
> >>>>>>> ma...@apache.org
> >>>>>>> Betreff: Re: About granting permissions to Tomcat JVM
> >>>>>>>
> >>>>>>> Hello Mark,
> >>>>>>>
> >>>>>>> I don't know if the SecurityManager is enabled or not (how to
> >>>>>>> disable it
> >>>>>>> btw?)
> >>>>>>> I set the env var CATALINA_HOME to be C:/Program
> >>>>>>> Files/Apache-Tomcat-8/ The files in question are stored in
> >>>>>>> Desktop/SomeFolder
> >>>>>>>
> >>>>>>> Thanks.
> >>>>>>>
> >>>>>>> Le dim. 9 oct. 2022 à 08:00, Mark Thomas  a
> >>>>>>> écrit
> >>>> :
> >>>>>>>
> >>>>>>>> On 08/10/2022 17:36, Martin Moore wrote:
> >>>>>>>>> Hello,
> >>&

CVE-2021-43980 completely fixed?

[Martin Garbe]

Hello all,

we use tomcat 9.0.62 in our environment and most likely hit the bug from 
CVE-2021-43980 (which should be fixed in this version).

Why do we think that we hit this bug?

  *
Since we refactored some e2e tests one test regularly fails because the client 
receives packets that should never be received by this client. The received 
packets belong to another TCP connection.
  *
We did a wireshark dump and can confirm that the packets were sent by tomcat. 
For a period of 4msec some packets are routed "into the wrong TCP connection" 
by tomcat.
  *
The bug seems to be triggered by some special timing + parallel processing 
situation.
  *
In the first step we assumed to hit a bug in AWS environment or TCP/IP stack 
but then found the bug report for tomcat.
  *   We used tomcat 9.0.60 when hitting the bug. By upgrading to 9.0.62 the 
bug kept appearing. Even 9.0.70 the bug exists.
  *
We replaced tomcat with undertow and all e2e tests run fine.

>From our point of view, we have an environment/configuration which triggers 
>this bug very often 100%).
If you need anybody to test further fixes, then we can help you. Please let us 
know.

Best regards,
Martin Garbe

Re: [mod_jk] Is it possible to set the value of a specific attribute via HTTP?

[Martin Knoblauch]

On 6/29/23 17:06, Rainer Jung wrote:
>
> > Since I try to push people into mod_proxy, I am hesitant to implement
> > more and more features which keep people from switching ;)
>
>
Hi Rainer,

 so, what do you suggest for the mod_jk retirement?
mod_proxy+mod_proxy_ajp, or just proxy to the HTTPS port? Is there an
equivalent to jkmanager with mod_proxy?

Thanks
Martin
-- 
------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de

Re: Version Question

[Martin Grigorov]

Hi,

On Sat, Mar 21, 2020, 00:37  wrote:

> Good afternoon Mark and group.
>
> There is a question as to WHAT are the correct versions released. Are
> these 7.0.103, 8.5.53, and 9.0.33 as shown on tomcat.apache.org, OR is it
> 7.0.104, 8.5.54 and 9.0.34 as shown on ci.apache.org?
>

The first.
CI lists the currently developed versions.

Martin


> Thank you,
>
>
> Dream * Excel * Explore * Inspire
> Jon McAlexander
> Asst Vice President
>
> Middleware Product Engineering
> Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions
>
> Upcoming PTO: 11/8, 11/11, 11/15, 11/22, 11/28, 11/29, 12/2, 12/6, 12/13,
> 12/20 - 12/31
>
> 8080 Cobblestone Rd | Urbandale, IA 50322
> MAC: F4469-010
> Tel 515-988-2508 | Cell 515-988-2508
>
> jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com>
>
>
> This message may contain confidential and/or privileged information. If
> you are not the addressee or authorized to receive this for the addressee,
> you must not use, copy, disclose, or take any action based on this message
> or any information herein. If you have received this message in error,
> please advise the sender immediately by reply e-mail and delete this
> message. Thank you for your cooperation.
>
>

Re: Tomcat Wiki Source Code Download

[Martin Grigorov]

Hi,

On Tue, Mar 24, 2020 at 9:12 AM Brian Burch  wrote:

> I'm quite baffled!
>
> http://tomcat.apache.org/source.html gives me the url:-
>
> http://svn.apache.org/repos/asf/tomcat/site
>
> I made a clean "svn checkout" and referred to the README.txt about the
> source files being xml formatted. I have all the html files, but the
> instructions tell me the real source is the xml. There are a lot of xml
> files, but not for Logging.
>
> Unfortunately, even after trying:-
>
> svn update --set-depth infinity xdocs jk-xdocs native-xdocs
>
> The directory tree does contain several xml files related to logging
> with Tomcat 5, but not the page I want to update.
>
> When I browse:-
>
> http://svn.apache.org/repos/asf/tomcat/site/trunk/xdocs/
>
> There are quite a few xml files, but not the one I would like to modify
> - Logging.xml.
>
> What have I misunderstood?
>

$ grep -rnH 'Apache Tomcat uses JULI' .


./docs/tomcat-9.0-doc/logging.html:38:  The internal logging for Apache
Tomcat uses JULI, a packaged renamed fork
./docs/tomcat-8.5-doc/logging.html:38:  The internal logging for Apache
Tomcat uses JULI, a packaged renamed fork
./docs/tomcat-10.0-doc/logging.html:38:  The internal logging for
Apache Tomcat uses JULI, a packaged renamed fork
./docs/tomcat-8.0-doc/logging.html:38:  The internal logging for Apache
Tomcat uses JULI, a packaged renamed fork

grep also does not find the text in any .xml file. Only in .html.

Martin


> Brian
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: invoke jmxproxy servlet using argument with a , is not a possible

[Martin Grigorov]

Hi,

On Mon, Mar 23, 2020 at 7:08 PM Arnaud Yahoo 
wrote:

> Hello
>
> I am trying to invoke a mbean through jmxproxy servlet. Arguments are
> separated with , so when one argument itself is containing a coma, it
> breaks the invocation.
>
> It seems there is no way to escape ,.
>
> For example trying to save a context configuration fails :
>
> curl -u user:pass -G "http://localhost:8080/manager/jmxproxy/";
> --data-urlencode "invoke=Catalina:type=StoreConfig" --data-urlencode
> "op=storeContext" --data-urlencode
> "ps=Catalina:j2eeType=WebModule,name=//localhost/myContext,J2EEApplication=none,J2EEServer=none,true,true"
>
>

https://github.com/apache/tomcat/blob/b9aff64f78740235a5565004423be40cadc740ac/java/org/apache/catalina/manager/JMXProxyServlet.java#L240
splits
the parameters by comma and in your case it finds 5 parameters, while
StoreConfig#storeContext(String, boolean, boolean) expects 3 parameters.
Without improvements in the parsing code I think your case is not supported
at the moment.

Martin


>
> of course it works from jconsole.
>
> (By the way as an alternative I tried
>
> curl -u user:pass
> http://localhost:8080/manager/text/save?path=/myContext but it fails with
>
> FAIL - Encountered exception [javax.management.MBeanException: Cannot
> find operation store] )
>
> Arnaud
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Support with error in launcher.log

[Martin Grigorov]

Hi,

On Mon, Mar 30, 2020 at 1:02 PM Luigi Tagliafierro 
wrote:

> Hi everybody,
>
> we are experiencing an error :  The bitbucket log
> (/var/atlassian/bitbucket_home/log/launcher.log) constantly repeats this
> error:
>
> "java.lang.IllegalArgumentException: An invalid domain [.code.doxee.com]
> was specified for this cookie" .
>

Is there a stacktrace with this error ?
It would be good to see which class/method throws this exception.


> The error has been present in the log for some time and continues to be.
>
> We contacted the support of atlassian, who after an analysis suggested
> that we ask you about the error in question.
> Here the link to the discussion, *and all the info, tests and steps we
> took before contacting you* :
> https://getsupport.atlassian.com/servicedesk/customer/portal/24/SSP-42041
>
> Our Tomcat version is: 8.5.29
>

Please try with a more recent version of Tomcat, e.g. 8.5.53.


>
> In attachment there is the complete error.
>
> We are waiting for an answer that can help you analyze or solve the
> problem,
>
> Thanks a lot,
> Regards,
>
> Luigi
>
>
> [image: signature_1607051054]
>
>
>
> *Luigi Tagliafierro*
>
> *IX Team*
>
>
> doxee.com 
>
> find us on:
>
> [image: signature_1049012399] [image:
> signature_145818931] [image:
> signature_816293899] 
>
>
>
>
>
> Questa email ed ogni eventuale allegato sono confidenziali.
>
> Se non siete il destinatario della presente ogni suo utilizzo è vietato.
>
> Le chiediamo di segnalare l’accaduto al  mittente e di cancellare il
> messaggio.
>
> Questo messaggio è inviato da Doxee e non ha natura personale, le
> informazioni contenute possono essere note al mittente o da altri suoi
> collaboratori.
>
>
>
> This e-mail and any attachments are confidential.
>
> If you are not the intended recipient, you are hereby notified that any
> use or distribution of this e-mail is strictly prohibited.
>
> Please contact the sender and delete this message from your system.
>
> We apologize for any inconvenience this may cause.
>
> This message is forwarded from Doxee and is not of a personal nature; the
> information contained herein may be known by the sender and other employees
> in the company.
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 9.31 PUT/POST Request receiving Partial Data

[Martin Grigorov]

Hi,

On Tue, Mar 31, 2020 at 8:17 PM 
wrote:

> -Original Message-
> > From: Bhavesh Mistry 
> > Sent: Wednesday, February 26, 2020 7:51 PM
> > To: Tomcat Users List 
> > Subject: Re: Tomcat 9.31 PUT/POST Request receiving Partial Data
>
> > The response get truncated after 16321 bytes.  Please let me know what
> is best way to wait and in > order to consume entire request payload.
>
> > Thanks,
> > Bhavesh
>
> > On Wed, Feb 26, 2020 at 4:34 PM Bhavesh Mistry <
> mistry.p.bhav...@gmail.com>
> > wrote:
>
> > Hi Tomcat Team,
> >
> > I have servlet filter for all requests to cache the entire PUT/POST
> > Payload.   When content is large 4KB or more, I am getting partial
> content
> > when I read from HttpServletRequest.getInputStream().  But I but 10
> > seconds wait before consuming the input stream, I am getting entire
> > content.  Can you please let me know what is the correct way to wait
> > for the entire content is ready to consume from the tomcat servlet
> request input stream?
> >
> >
> > Filter Code:
> > If I put Thread.sleep(10) at begin of filter, I am getting full
> > content.
> >
> > @Override
> > protected void doFilterInternal(HttpServletRequest httpServletRequest,
> HttpServletResponse httpServletResponse, FilterChain filterChain) throws
> ServletException, IOException {
> > CachedBodyHttpServletRequest cachedBodyHttpServletRequest = new
> CachedBodyHttpServletRequest(httpServletRequest);
> > filterChain.doFilter(cachedBodyHttpServletRequest,
> > httpServletResponse); }
> >
> > // Wrapper to cache content.
> >
> > public CachedBodyHttpServletRequest(HttpServletRequest request) throws
> IOException {
> > super(request);
> > ServletInputStream inputStream = request.getInputStream();
> > final int len = request.getContentLength();
> > if (len >= 0) {
> > cachedBody = new byte[len];
> > ByteStreams.readFully(inputStream, cachedBody);
> > } else {
> > cachedBody = ByteStreams.toByteArray(inputStream);
> > }
> > }
> >
> >
> > Thanks,
> >
> > Bhavesh
> >
>
> I have a team reporting the same issue with 9.0.31. Reverting to 9.0.30
> resolves their issue. Here are some details:
>
> STEPS done to identify cause :-
> 1.  We have tried to increase maxSwallowSize , connectionTimeout ,
> socket.appWriteBufSize="24576" on tomcat 9.0.31 but issue still persisted
> 2.  We tried to roll back java upgrade from 1.8.0.242 to 1.8.0.231 but
> issue still persisted
> 3.  Enabled SSL debug log to verify if request gets dropped at but it
> was not very helpful .
> 4.  FINALLY when we rolledback tomcat upgrade to 9.0.30 , same request
> worked fine .
>
> We were basically getting 400 error for few requests while smaller request
> always succeeds while larger request (100kb-180kb) frequently gets dropped
> or partially processed.
> Now we are using the 9.0.30 version until its resolved from tomcat side .
>

Have you tried 9.0.33 ?
I believe this is fixed in .33.

Martin

Re: Configure Tomcat for specific Urls on specific Port

[Martin Grigorov]

Hi,

On Mon, Apr 6, 2020 at 9:32 AM Vijay Roy  wrote:

> Hi  Team ,
>
> We are using tomcat in one of our projects and we have tomcat ports 8080
> and 8081 opened by the following configurations.
>
>server=""
>connectionTimeout="2"
>redirectPort="8443" maxHttpHeaderSize="16384"/>
> server=""
>connectionTimeout="2"
>redirectPort="8443" maxHttpHeaderSize="16384"/>
>
> Now we want to allow only specific url on each port. For eg  urls
> contaning text /request1 should be allowed to access only on port 8080 and
> if  /request1 is sent to port 8081 it should be blocked and vice versa.
>
> Could you please let us know what are the configurations that are required
> if we have configure this behavior in our tomcat.


You could use a simple Servlet Filter that uses #getLocalPort() and
#getRequestURI() to implement simple authorization strategy.
There is nothing Tomcat specific in it. You can reuse it on any Servlet
container.

Regards,
Martin


>
>
> Tomcat Version Used :- 8.5.24
> OS Name:Linux
> OS Version: 3.10.0-1062.12.1.el7.x86_64
>
> Thanks & Regards
> Vijay
>

Re: javax.servlet.ServletContainerInitializer defined in jar not loading on Tomcat 8.5.51 and above

[Martin Grigorov]

Hi,

On Tue, Apr 7, 2020 at 9:01 AM Jackson Ong <83cl...@gmail.com> wrote:

> We have an webapp running fine on Tomcat 8.5.50 and below and we used a
> custom WebappClassLoader to load jars (common path for jars), but it failed
> to load on Tomcat 8.5.51 and above. Upon checking, we noticed that
>

Which versions of "above" you have tried ?
Because there was a regression with SCI recently that have been fixed in
8.5.53 (I think. Better check the changelogs).
8.5.54 is being tested at the moment and if no issues are found it will be
released in the next few days.

Martin


> javax.servlet.ServletContainerInitializer that we defined in the jar is not
> being loaded.
>
> From org.apache.catalina.startup.WebappServiceLoader source code of Tomcat
> 8.5.51, the classLoader was changed from servletContext.getClassloader()
> (Tomcat 8.5.50 line 97) to context.getParentClassLoader() (Tomcat 8.5.51
> line 144)
>
> However placing the jar at WEB-INF/lib it was able to load
> javax.servlet.ServletContainerInitializer. The problem is when the jar is
> outside of WEB-INF/lib or common path (/opt/client/libraries/test.jar).
>
> Thanks
>

Re: Is ARM64 architecture officially supported ?

[Martin Grigorov]

Hi Emilio,

On Fri, Apr 17, 2020 at 2:14 PM Emilio Fernandes <
emilio.fernande...@gmail.com> wrote:

> Hola Tomcat community!
>
> We consider using AWS Graviton [1] based instances which use ARM64
> processors for our backend services.
> I've googled around and found [2] saying that Tomcat is being tested on
> ARM64 architecture at TravisCI! This is great!
> Does this mean that Tomcat is officially supported on ARM64 ? I was not
> able to find any specific documentation listing which platforms are
> officially supported.
>
> Does anyone from the community have any experience with Tomcat/HTTPD on
> ARM64 in production ?
>

I work a lot with ARM64 servers lately!
So far we didn't face any issue related to ARM64 & Tomcat in our
application!
I've introduced the testing on TravisCI that you have found. In addition
for my daily job we have created a nightly test setup:
- build and test Tomcat 9.x (as at Travis)
- run some smoke tests with our application
- run some performance tests on x86_64 and ARM64 VMs with similar hardware
specs. The results for both architectures are very similar. One thing that
still bothers me is that the throughput on HTTPS is 3 times less than HTTP.
It must be something in our setup, I believe. The SSL handshake should
happen once per connection and then the connection should be reused with
keep-alive.
Once I feel more certain what is happening I will probably write a blog to
share our experience.

Regards,
Martin


>
> Gracias,
> Emilio
>
> 1. https://aws.amazon.com/ec2/graviton/
> 2. https://tomcat.apache.org/ci.html#TravisCI
>

Re: Is ARM64 architecture officially supported ?

[Martin Grigorov]

Hi Michael,

On Sun, Apr 19, 2020 at 9:08 PM Michael Osipov  wrote:

> Am 2020-04-19 um 19:51 schrieb Martin Grigorov:
> > Hi Emilio,
> >
> > On Fri, Apr 17, 2020 at 2:14 PM Emilio Fernandes <
> > emilio.fernande...@gmail.com> wrote:
> >
> >> Hola Tomcat community!
> >>
> >> We consider using AWS Graviton [1] based instances which use ARM64
> >> processors for our backend services.
> >> I've googled around and found [2] saying that Tomcat is being tested on
> >> ARM64 architecture at TravisCI! This is great!
> >> Does this mean that Tomcat is officially supported on ARM64 ? I was not
> >> able to find any specific documentation listing which platforms are
> >> officially supported.
> >>
> >> Does anyone from the community have any experience with Tomcat/HTTPD on
> >> ARM64 in production ?
> >>
> >
> > I work a lot with ARM64 servers lately!
> > So far we didn't face any issue related to ARM64 & Tomcat in our
> > application!
> > I've introduced the testing on TravisCI that you have found. In addition
> > for my daily job we have created a nightly test setup:
> > - build and test Tomcat 9.x (as at Travis)
> > - run some smoke tests with our application
> > - run some performance tests on x86_64 and ARM64 VMs with similar
> hardware
> > specs. The results for both architectures are very similar. One thing
> that
> > still bothers me is that the throughput on HTTPS is 3 times less than
> HTTP.
>
> OpenSSL or SunJSSE?
>

Both.
With OpenSSL it is slightly faster than with JSSE, but again around 3 times
slower than HTTP.

Here are some details:
Tomcat: 9.x nightly build
tcnative: nightly build from master branch
JDK: AdoptJDK 14
OpenSSL 1.1.1  11 Sep 2018 (this comes from Ubuntu 18.04 repos. I will try
with a newer build)
JMeter: 5.2.1
The application is Spring Boot 2.2.6 with REST GET/PUT/POST/DELETE
endpoints that simply sets/gets data to/from Memcached. No usage of Spring
Security! No redirects from HTTP to HTTPS!

Let me know if you need more information!

Re: Losing session between calls from mobile phone

[Martin Grigorov]

Hi,

On Tue, Apr 28, 2020 at 2:23 AM AJ Chen  wrote:

> My web application using tomcat 6 can track user session (cookie by
> default) for mobile and PC users in dev environment. But when deployed on
> cloud server, it fails to track session for some mobile users. meaning,
> servlet always creates a new session upon user request.
>
> Any idea why this happens?
>

Most probably there is a proxy in front of Tomcat in the cloud environment
which does not properly forward the JSESSIONID cookie.

Martin


>
> aj
>

Re: Apache tomcat 9.0.6 Compatibility with Adopt openJDK

[Martin Grigorov]

Hi,

On Tue, Apr 28, 2020 at 5:12 AM Reddy, Tippana Krishnanandan <
tire...@deloitte.com> wrote:

> Hi everyone,
>
> We are using Tomcat 9.0.6 . I want to know if we have any document which
> shows the compatibility of Tomcat with Adopt openJDK.
>

Any JDK 1.8+ should be OK.
But as any other software there might be bugs in any part.
You are recommended to use latest patch versions of both Tomcat and
AdoptJDK though. Tomcat 9.0.6 is a bit old.

Martin


>
> Thanks in Advance
>
> Regards,
> Krishna
>
>
> This message (including any attachments) contains confidential information
> intended for a specific individual and purpose, and is protected by law. If
> you are not the intended recipient, you should delete this message and any
> disclosure, copying, or distribution of this message, or the taking of any
> action based on it, by you is strictly prohibited.
>
> Deloitte refers to a Deloitte member firm, one of its related entities, or
> Deloitte Touche Tohmatsu Limited ("DTTL"). Each Deloitte member firm is a
> separate legal entity and a member of DTTL. DTTL does not provide services
> to clients. Please see www.deloitte.com/about to learn more.
>
> v.E.1
>

Re: Losing session between calls from mobile phone

[Martin Grigorov]

On Tue, Apr 28, 2020 at 9:11 AM AJ Chen  wrote:

> Anyway to fix it? thanks. -aj
>

First you need to investigate whether there is a proxy.
Then what kind of proxy.
Then where is its configuration.
Then consult with its manual and see whether there is something
wrong/missng.


>
>
> On Mon, Apr 27, 2020 at 10:54 PM Martin Grigorov 
> wrote:
>
> > Hi,
> >
> > On Tue, Apr 28, 2020 at 2:23 AM AJ Chen  wrote:
> >
> > > My web application using tomcat 6 can track user session (cookie by
> > > default) for mobile and PC users in dev environment. But when deployed
> on
> > > cloud server, it fails to track session for some mobile users. meaning,
> > > servlet always creates a new session upon user request.
> > >
> > > Any idea why this happens?
> > >
> >
> > Most probably there is a proxy in front of Tomcat in the cloud
> environment
> > which does not properly forward the JSESSIONID cookie.
> >
> > Martin
> >
> >
> > >
> > > aj
> > >
> >
>

Re: Issue with AJP listener

[Martin Grigorov]

Hi,

On Tue, Apr 28, 2020 at 1:06 PM Satya Kishore Thumu
 wrote:

> Hi,
> We are using apache before Tomcat as front end and using modjk for
> connection between apache and Tomcat. After upgrading tomcat(to 7.0.100 as
> we have other dependencies we can't use latest as of now), i'm unable to
> use ajp.host as "localhost" in IPv6 and works only with ::1. Need help if
> there is any configuration that can be done to use localhost even in IPv6
> environment.
>

The only way I am aware of is to have two  entries - one for
IPv4 (with "localhost") and another for IPv6 (for "::1"). Both listening on
the same port.

Martin


>
> Thank you,
> Kishore
>

Re: Issue with AJP listener

[Martin Grigorov]

On Tue, Apr 28, 2020 at 3:39 PM Satya Kishore Thumu
 wrote:

> *@Naga Ramesh*,
> we are using apache 2.4.41 and AJP connector 2.4.48.
>
> worker.ajp13.port=8009
> worker.ajp13.host=localhost
> These are entries that we use on Tomcat server.xml and use the same
> entries for apache.
>
> *@martin* Till we upgraded to tomcat 7.0.100, we were able to use
> localhost both for IPv4 env and IPv6 as well.
> I tried digging up a little into tomcat 7.x code could not find exactly
> what changed the behaviour.
>

Check the changelog for .100:
https://tomcat.apache.org/tomcat-7.0-doc/changelog.html#Tomcat_7.0.100_(violetagg)
It is in Coyote section: Change the default bind address for the AJP/1.3
connector to be the loopback address. (markt)
This is a fix for a security issue. Until .99 Tomcat bound on all network
interfaces. Since .100 it binds by default on "localhost" (IPv4) only. You
can use 0.0.0.0 to bind on all again but this is highly NOT recommended!
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100


> Thank you,
> Kishore
>
>
> On Tue, Apr 28, 2020 at 4:12 PM Martin Grigorov 
> wrote:
>
>> Hi,
>>
>> On Tue, Apr 28, 2020 at 1:06 PM Satya Kishore Thumu
>>  wrote:
>>
>> > Hi,
>> > We are using apache before Tomcat as front end and using modjk for
>> > connection between apache and Tomcat. After upgrading tomcat(to 7.0.100
>> as
>> > we have other dependencies we can't use latest as of now), i'm unable to
>> > use ajp.host as "localhost" in IPv6 and works only with ::1. Need help
>> if
>> > there is any configuration that can be done to use localhost even in
>> IPv6
>> > environment.
>> >
>>
>> The only way I am aware of is to have two  entries - one for
>> IPv4 (with "localhost") and another for IPv6 (for "::1"). Both listening
>> on
>> the same port.
>>
>> Martin
>>
>>
>> >
>> > Thank you,
>> > Kishore
>> >
>>
>

Re: suspected memory leak in io.netty.buffer.PoolChunk

[Martin Grigorov]

Hi,

On Thu, Apr 30, 2020 at 10:04 AM Ragavendhiran Bhiman (rabhiman)
 wrote:

> Hi All,
>
> When I analysed the heap dump the primary suspect shows that 54.21%
> occupied by the from io.netty.buffer.PoolChunk memory leak.
>

io.netty.* is from Netty project (https://netty.io/index.html)
It seems your application uses it, and probably doesn't close some Netty
resource.
Apache Tomcat itself does NOT use Netty!

I recommend you to use Eclipse MAT (https://www.eclipse.org/mat/) to
analyze the heap dump and see what keeps references to these PoolChunk
instances.


> Kindly help me to proceed further to solve the problem.
> Apache used version is 8.5.29.
>
> Thanks & Regards,
> Raghav
>
> On 29/04/20, 6:53 PM, "Ragavendhiran Bhiman (rabhiman)" <
> rabhi...@cisco.com> wrote:
>
> This question is from 8.5.29 version.
>
> On 29/04/20, 6:52 PM, "Ragavendhiran Bhiman (rabhiman)"
>  wrote:
>
> Hi,
>
> I am seeing a continuous memory leak from
> io.netty.buffer.PoolChunk, Kindly advice how to go ahead and trace the
> problem?
>
> Thanks a lot.
>
> Regards,
> Raghavendran
> +91 8220757651.
>
>
>

Re: Issue with AJP listener

[Martin Grigorov]

Hi,

On Thu, Apr 30, 2020 at 11:15 AM Mark Thomas  wrote:

> On 29/04/2020 18:11, Christopher Schultz wrote:
> > Mark,
> >
> > On 4/28/20 13:33, Mark Thomas wrote:
> >> On 28/04/2020 16:30, Satya Kishore Thumu wrote:
> >>> Hi Chris, Post the Ghostcat changes tomcat now listens only on
> >>> ipv4 by default, what if somebody is using on IPv6, Tomcat starts
> >>> to listen on mapped IPv4 address which I think is not
> >> correct.
> >>> I know that we can use ::1 in IPv6. Is there a way tomcat can
> >>> listen on both loopback addresses when
> >> available.
> >
> >> Not that I am aware of with the Java API.
> >
> > I think we had discussed the possibility of looking for a "magic"
> > value in the address="..." field to go back to the previous behavior.
> > The problem is that any reasonable string you can choose can also be a
> > valid hostname that should, arguably, be used to resolve the IP
> > address of the interface (e.g. "localhost").
>
> There is the empty string. We could use that as equivalent to the
> wildcard address (listen on all interfaces).
>

The suggestion we discussed few weeks back was to have a special value for
"address" that would mean "localhost both IPv4 & IPv6", e.g.
"tomcat:localhost".
If this special value is used then Tomcat can create two Connector
instances, one for 127.0.0.1 and another for ::1, and use the rest of the
Connector settings for both of them.


>
> There is no option I am aware of (before or after the AJP changes) that
> would allow listening on just 127.0.0.1 and ::1
>
> > I think the only practical way to do this would be to add another
> > attribute like bindOnAllInterfaces="true" where we ignore the
> > "address" attribute. Or maybe "address" always wins, but
> > bindOnAllInterfaces="false" is the default.
>
> I'm not a fan of another attribute unless we really have to.
>
> > Because it is possible to bind to all interfaces, right? Just don't
> > specify a specific interface when creating the server socket?
>
> Yes.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Getting 404 error while accessing URL after deployment

[Martin Grigorov]

Hi,

On Mon, May 4, 2020 at 5:02 PM Megha Agrawal  wrote:

> Hi
>
> I am trying to deploy my project on the tomcat server and access the URL
> using browser. Project is deploying successfully on the server but unable
> to access URL related to that project. Also, logs are not generating for
> the deployment and request. Therefore unable to find the reason for the
> problem.
>

Where did you look for the logs ?
Please check your Tomcat configuration. If there are errors during the
deployment they must be written to logs/catalina.out.


>
> I am using the following configurations:
> Tomcat version: 9.0.34
> Operating system: Windows 10 (64-bit)
> IDE: Eclipse (Version: 2019-03 (4.11.0), Build id: 20190314-1200)
> Java: JDK-8
>
> The same project is running fine on other machines and also other projects
> are running fine on this server.
> Please look into this issue and provide some details about it.
>
> Thanks and regards
> Megha Agrawal
>

Re: RST on TCP level sent by Tomcat

[Martin Grigorov]

Hi Arshiya,

On Mon, May 18, 2020 at 2:15 PM Arshiya Shariff
 wrote:

> Hi Mark,
> Thank you for the quick response.
>
> Please provide us a little more clarity on the 3rd query :
>
> 3. We see that RST is sent by tomcat on receiving http2 request, when
> does this happen ?
> >>> When things go wrong. E.g. when the client sends a request to a
> connection that has been closed.
>
>  Why does tomcat not send GOAWAY on connection close, upon next request
> from client it sends RST ?
>
> Also, Can you please send us the references to the timeout related fixes
> in 9.0.35 (since 9.0.22).
>

Please consult with the changelog for 9.x:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html


>
> Thanks and Regards
> Arshiya Shariff
>
>
>
> -Original Message-
> From: Mark Thomas 
> Sent: Monday, May 18, 2020 4:17 PM
> To: users@tomcat.apache.org
> Subject: Re: RST on TCP level sent by Tomcat
>
> On 18/05/2020 11:01, Arshiya Shariff wrote:
> > Hi Team,
> >
> > Can you please help us with the below queries :
>
> There have been various timeout related fixes since 9.0.22. Please upgrade
> to 9.0.35 and re-test.
>
> > 1. When does a http2 connection close ? We see that the
> > keepAliveTimeout is
> > 20 seconds by default, but it is not closing the connection on
> > keepAliveTimeout.
>
> Please re-test with 9.0.35.
>
> > 2. How to keep the connections alive / How to enable ping frames to be
> > sent to the other end to keep the connection alive ?
>
> There is no standard API to send an HTTP/2 ping. If you want to keep the
> connections alive for longer, use a longer keep-alive setting.
>
> > 3. We see that RST is sent by tomcat on receiving http2 request, when
> > does this happen ?
>
> When things go wrong. E.g. when the client sends a request to a connection
> that has been closed.
>
> > 4. What are the recommended ipv4.tcp settings for these kind of
> scenarios ?
>
> There are no recommended settings.
>
> Mark
>
>
> >
> >
> >
> > Embedded Tomcat : 9.0.22
> >
> > Java Version : 1.8.0.201
> >
> > Hardware  : Red Hat Enterprise Linux Server
> release
> > 7.4
> >
> >
> >
> > Thanks and Regards
> >
> > Arshiya Shariff
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Query Related to org.apache.catalina.security.SecurityListener

[Martin Grigorov]

Hi,

On Mon, May 18, 2020 at 7:38 PM Kushagra Bindal 
wrote:

> Hi,
>
> We are planning to upgrade from apache tomcat from 8.5.24 to 8.5.53
> version. During this process I found that in catalina.sh file below line
> which was commented in 8.5.24 version
>
> # Uncomment the following line to make the umask available when using the
> # org.apache.catalina.security.SecurityListener
> #JAVA_OPTS="$JAVA_OPTS
> -Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`"
>
> Has now been uncommented into 8.5.53 version.
>
> # Make the umask available when using the
> org.apache.catalina.security.SecurityListener
> JAVA_OPTS="$JAVA_OPTS
> -Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`"
>
> Is there any specific reason behind this?
>

https://github.com/apache/tomcat/commit/b9a64cf7bd75e9c80d2913b818393ea89ec14ddc
This is the commit.
It is like this since 8.5.30


>
> --
> Regards,
> Kushagra
>

Re: Tomcat 8.5 appends null characters

[Martin Grigorov]

Hi,

On Tue, May 19, 2020 at 3:32 PM Tuukka Ilomäki 
wrote:

> Dear collective wisdom,
> as the EOL of Tomcat 7 is looming, we are migrating our legacy app from
> Tomcat 7.0 to Tomcat 8.5. We deploy exactly the same war in both versions.
> For some reason Tomcat 8.5 adds null characters to the end of JavaScript
> files. For instance, jQuery file served by Tomcat 8.5 ends with “})( window
> ); �” where five last characters are bytes 00. Tomcat 7.0 serves the
> same file correctly. In case it matters, the issue occurs in both windows
> 10 and windows server 2016 environments.
>
> I assume this has something to do with character encoding. Original
> js-file is cp1252. I have perused Tomcat 8 migration guide and Tomcat
> encoding FAQ and experimented with the various options but so far with no
> luck. Any advice is greatly appreciated.
>

I'd advise you to convert your files to UTF-8.
Or tell Tomcat to write responses in your preferred encoding.


>
> Tuukka
>
>

Re: Query Related to org.apache.catalina.security.SecurityListener

[Martin Grigorov]

Hi Kushagra,

On Tue, May 19, 2020 at 3:14 PM Kushagra Bindal 
wrote:

> Thanks Martin!
>
> If I will keep on commenting this line, then what will be the impact of the
> same on the application.
>
> Please let me know so that we can plan it accordingly.
>

Look at
https://github.com/apache/tomcat/blob/master/java/org/apache/catalina/security/SecurityListener.java
It is used only at start time.
If Tomcat starts fine then all is good! If it throws an Error then you will
need to fix the issue.


>
>
> Regards
> Kushagra
>
> On Tue, May 19, 2020, 11:55 AM Martin Grigorov 
> wrote:
>
> > Hi,
> >
> > On Mon, May 18, 2020 at 7:38 PM Kushagra Bindal <
> bindal.kusha...@gmail.com
> > >
> > wrote:
> >
> > > Hi,
> > >
> > > We are planning to upgrade from apache tomcat from 8.5.24 to 8.5.53
> > > version. During this process I found that in catalina.sh file below
> line
> > > which was commented in 8.5.24 version
> > >
> > > # Uncomment the following line to make the umask available when using
> the
> > > # org.apache.catalina.security.SecurityListener
> > > #JAVA_OPTS="$JAVA_OPTS
> > > -Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`"
> > >
> > > Has now been uncommented into 8.5.53 version.
> > >
> > > # Make the umask available when using the
> > > org.apache.catalina.security.SecurityListener
> > > JAVA_OPTS="$JAVA_OPTS
> > > -Dorg.apache.catalina.security.SecurityListener.UMASK=`umask`"
> > >
> > > Is there any specific reason behind this?
> > >
> >
> >
> >
> https://github.com/apache/tomcat/commit/b9a64cf7bd75e9c80d2913b818393ea89ec14ddc
> > This is the commit.
> > It is like this since 8.5.30
> >
> >
> > >
> > > --
> > > Regards,
> > > Kushagra
> > >
> >
>

Re: Vulnerability flagged in Nessus Scan

[Martin Grigorov]

Hi,

On Wed, Jun 3, 2020 at 5:53 AM FANG YAP  wrote:

> Resend
>
> On Wed, 3 Jun 2020, 10:10 FANG YAP,  wrote:
>
> > Hi Tomcat,
> >
> > Nessus scanned and found issue in Apache Tomcat Port 8080
> >
> > Port: 8080
> > Plugin Text:
> > The server is not configured to return a custom page in the event of a
> > client requesting a non-existent resource. This may result in a potential
> > disclosure of sensitive information about the server to attacker.
> >
> > Apache Tomcat Version: 8.5.43
> > JDK 8: 1.8.0_212 (Will be upgrading to latest soon to latest 1.8.0_251)
>

To configure custom error pages and thus to suppress this issue you can:
1) use ErrorReportValve


2) configure error-page elements in your application web.xml -
https://stackoverflow.com/a/7066536/497381


> >
> > Your assistance would be greatly appreciated
> >
> > Rgs,
> > Fang
> >
>

Re: Vulnerability flagged in Nessus Scan

[Martin Grigorov]

On Wed, Jun 3, 2020 at 11:14 AM FANG YAP  wrote:

> Hello Martin,
>
> It is to say that I have to declare something like this in web.xml file?
>
> 
> java.lang.Exception
> /error.jsp
>

Better use the error-code ones from the StackOverflow link I gave you.
Your approach will cover only error code 500 (for Exceptions, but not for
java.lang.Error) and won't cover NotFound (404) and the others.
I guess Nessus won't be totally happy with your approach.


>
> Regards with Thanks,
>
> Fang
>
> On Wed, 3 Jun 2020, 15:56 Martin Grigorov,  wrote:
>
> > Hi,
> >
> > On Wed, Jun 3, 2020 at 5:53 AM FANG YAP  wrote:
> >
> > > Resend
> > >
> > > On Wed, 3 Jun 2020, 10:10 FANG YAP,  wrote:
> > >
> > > > Hi Tomcat,
> > > >
> > > > Nessus scanned and found issue in Apache Tomcat Port 8080
> > > >
> > > > Port: 8080
> > > > Plugin Text:
> > > > The server is not configured to return a custom page in the event of
> a
> > > > client requesting a non-existent resource. This may result in a
> > potential
> > > > disclosure of sensitive information about the server to attacker.
> > > >
> > > > Apache Tomcat Version: 8.5.43
> > > > JDK 8: 1.8.0_212 (Will be upgrading to latest soon to latest
> 1.8.0_251)
> > >
> >
> > To configure custom error pages and thus to suppress this issue you can:
> > 1) use ErrorReportValve
> > <
> >
> https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Error_Report_Valve
> > >
> >
> > 2) configure error-page elements in your application web.xml -
> > https://stackoverflow.com/a/7066536/497381
> >
> >
> > > >
> > > > Your assistance would be greatly appreciated
> > > >
> > > > Rgs,
> > > > Fang
> > > >
> > >
> >
>

Re: Should Tomcat 10 enable response compression by default?

[Martin Grigorov]

On Tue, Jun 9, 2020 at 11:26 PM Manuel Dominguez Sarmiento 
wrote:

> I would not change this default. GZIP (or other kinds) of response
> compression are better addressed as servlet filters. Having the Tomcat
> feature is good, but IMHO it should only be enabled by those who need it.
>
> At least in our case we have our own code to deal with this, considering
> proxying, CDN, buggy browsers, etc.
>

I think the same - it should be opt-in feature.

My 2c.

Martin


>
> *Manuel Dominguez Sarmiento*
>
> On 09/06/2020 17:20, Mark Thomas wrote:
> > Hi all,
> >
> > An enhancement has been opened to enable response compression by default:
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=64431
> >
> > In short, the proposal is to change the default for the Connector's
> > compression attribute from "off" to "on".
> >
> > This would be for Tomcat 10 onwards only.
> >
> > The following would be unchanged:
> > - compressibleMimeType
> > - compressionMinSize
> > - noCompressionStrongETag
> >
> > It would be helpful to know what the range of views of the user
> > community are on this proposal.
> >
> > So, thoughts?
> >
> > Mark
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
>

Re: Junk characters in SOAP request after upgrade to tomcat 9.0.31

[Martin Grigorov]

Hi,

On Fri, Jun 12, 2020 at 8:17 AM Naveen Kumar  wrote:

> Hi All,
>
> Can someone please help on this ? It is in production and affecting many
> customers. Upgrading tomcat is a big task.
> Any pointers will be really appreciated.
>

You say "If I upgrade tomcat to 9.0.35, the error disappears." - this is
the right solution - upgrade to the latest release. We make releases
because there are bug fixes and improvements.

If you just want to know which particular commit caused the regression you
experience in 9.0.31 then you have two options:
1) read the changelogs and try to figure out
2)  'git bisect' Tomcat sources:
git clone https://github.com/apache/tomcat
git bisect start
git bisect good tag/9.0.24
git bisect bad tag/9.0.31
ant clean
ant
deploy your app and test


>
> Thanks
> Naveen
>
> On Wed, Jun 10, 2020 at 4:24 PM Naveen Kumar  wrote:
>
> > Hi Luis,
> >
> > Thanks for your suggestion.
> > But I am wondering what has changed in 9.0.31. Because my webapp works
> > perfectly fine in 9.0.24 and 9.0.35.
> >
> > Thanks
> > Naveen
> >
> > On Wed, Jun 10, 2020 at 2:52 PM Luis Rodríguez Fernández <
> > uo67...@gmail.com> wrote:
> >
> >> Hello Naveen,
> >>
> >> Recently we have had a similar issue migrating a webapp from another
> >> application server to tomcat. We solved it specifying
> >> UTF-8 in the
> >> web.xml descriptor.
> >>
> >> You can read here [1] the long story :)
> >>
> >> Hope it helps,
> >>
> >> Luis
> >>
> >> [1]
> https://cwiki.apache.org/confluence/display/TOMCAT/Character+Encoding
> >>
> >>
> >> El mié., 10 jun. 2020 a las 11:08, Naveen Kumar ()
> >> escribió:
> >>
> >> > Hi All,
> >> >
> >> > I have a webapp A which has few SOAP services and I consume those
> >> services
> >> > from webapp B.
> >> > I started getting below error since I upgraded the tomcat to 9.0.31
> >> (from
> >> > 9.0.24):
> >> > com.sun.xml.ws.transport.http.HttpAdapter.invokeAsync Couldn't create
> >> SOAP
> >> > message due to exception: XML reader error:
> >> > javax.xml.stream.XMLStreamException: java.io.EOFException: Unexpected
> >> EOF
> >> >
> >> > Then I wrote a filter at webapp A to intercept the request and I could
> >> see
> >> > that some junk characters are added in the SOAP request.
> >> >
> >> > If I upgrade tomcat to 9.0.35, the error disappears.
> >> >
> >> > Problematic request:
> >> > LoggingFilter.doFilter - The servlet  request soap mapping  body is:à
> >>  8Ï
> >> > S(http://schemas.xmlsoap.org/soap/envelope/ð??? Envelope??? Body8Ï
> ns13
> >> >
> >> > Correct request:
> >> > The servlet  request soap mapping  body is: >> > encoding='UTF-8'?> >> >
> >> > Does anyone know what could be the possible reason for this?
> >> >
> >> > Thanks in advance.
> >> > - Naveen
> >> >
> >>
> >>
> >> --
> >>
> >> "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail
> better."
> >>
> >> - Samuel Beckett
> >>
> >
>

Re: [ANN] New committer: Raymond Augé

[Martin Grigorov]

Welcome Raymond!

On Thu, Jul 2, 2020, 17:40 Mark Thomas  wrote:

> On behalf of the Tomcat committers I am pleased to announce that
> Raymond Augé (rotty3000) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.
>
> Kind regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Tomcat relicts from previous installation - ubuntu

[Martin Grigorov]

Hi Christoph,

On Thu, Jul 9, 2020 at 12:48 PM Christoph Kukulies 
wrote:

> I’m resurrecting tomcat on a server (Ubuntu 18.04.4) on which I had been
> running tomcat7 some time ago.
> At the moment, when the system has started up, I’m seeing a process:
>
> root@kuku:~# ps ax | grep -i tomcat
>  1092 ?Sl 0:08 /usr/lib/jvm/java-1.11.0-openjdk-i386/bin/java
> -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties
> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
> -Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom
> -Djdk.tls.ephemeralDHKeySize=2048
> -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
> -Dorg.apache.catalina.security.SecurityListener.UMASK=0027 -Xms512M
> -Xmx1024M -server -XX:+UseParallelGC -Dignore.endorsed.dirs= -classpath
> /usr/share/tomcat/bin/bootstrap.jar:/usr/share/tomcat/bin/tomcat-juli.jar
> -Dcatalina.base=/usr/share/tomcat -Dcatalina.home=/usr/share/tomcat
> -Djava.io.tmpdir=/usr/share/tomcat/temp
> org.apache.catalina.startup.Bootstrap start
>  2079 pts/0S+ 0:00 grep --color=auto -i tomcat
> root@kuku:~#
>
>
>
> Since I have no tomcat service script in /etc/init.d I have no idea at the
> moment, who or which script is starting this java process.
>

Most probably it is systemd.
Try with: systemctl status tomcat

If this is the case you can stop it with: systemctl stop tomcat
and disable it so it does not start on the next reboot with: systemctl
disable tomcat


>
> Any clues?
>
> Christoph
>
>
>
>
>

Re: Tomcat relicts from previous installation - ubuntu

[Martin Grigorov]

On Thu, Jul 9, 2020, 19:13 Christoph Kukulies  wrote:

> Is it an Ubuntu peculiarity that a tomcat.service gets installed? I
> assume, I’m getting this automatically when doing an
> apt-get install tomcat8, right?
>

Yes. All distros do that.
You can download the tar.gz file from https://tomcat.apache.org if you
prefer to manage it yourself.


> —
> Christoph
>
> Am 09.07.2020 um 15:19 schrieb calder :
>
> On Thu, Jul 9, 2020, 06:59 Christoph Kukulies  wrote:.
>
>
> might try:
> user@machine:~ /> ps systemctl status 
> so in your example
> user@machine:~ /> ps systemctl status 1092
>
>
> systemctl status 1092
>
>
>
> worked (without the „ps“) :)
>
>
> sorry about that ... somehow fat-fingered that in : /
>
>
>

Re: Rewrite Valve Problem

[Martin Grigorov]

Hi Jerry,

On Tue, Jul 21, 2020 at 2:39 AM Jerry Malcolm 
wrote:

>
> On 7/20/2020 5:00 PM, Mark Thomas wrote:
> > On 20/07/2020 22:43, Jerry Malcolm wrote:
> >
> > 
> >
> >>> Do you have a ROOT web application deployed? If not, this could be
> >>> https://bz.apache.org/bugzilla/show_bug.cgi?id=64593
> >> Mark, I do not have a root context.  So that very likely is the
> >> problem.  Not 100% sure why the thought is that there should always be a
> >> root context.  But I'm sure there are good reasons.  Easy enough to
> >> create one.  I'll let you know.
> > Generally, I'd expect to see a ROOT context so there is something there
> > to handle requests that don't map to any other context. It is easier to
> > deploy custom 404 error pages if you have a ROOT context for example.
> >
> > That said, it isn't necessary and we do treat stuff not working without
> > a ROOT context as a bug.
> >
> > All you need to fix BZ 64593 is a directory called ROOT in webapps.
>
> Wow.  4 little letters I've been using TC for over 15 years without
> a ROOT.  Probably because I never routed anything through mod_jk that
> didn't match a known context.   I have no problem if you want to treat
> not having a ROOT context as a bug,   But please give an error message
>

As explained earlier by Mark this was a bug and it is fixed for the next
release.
Using a dummy ROOT folder is a workaround until the next release.


> in startup and/or provide an error message if/when rewrite valve fails
> because there is no ROOT context defined.  Thank you for explaining
> what's happening.  There is not a chance I would have correlated my
> symptoms in 100 years to not having a ROOT context.  I really do
> appreciate the help.   All working now
>
> Jerry
>
> > Mark
> >
> > -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Memory leak in the PKCS11 how to fix the problem

[Martin Grigorov]

Hi Ragavendhiran,

On Sat, Jul 18, 2020 at 3:55 PM Ragavendhiran Bhiman (rabhiman)
 wrote:

> Hello All,
>
>
>
> I am seeing the memory leaks from tomcat apache in the following SSL path
> using PKCS11. Attached the flame graph of memory possible memory leaks in
> this area.
>
> Please check the attached flame graph of the memory trace. On simply a
> long run the memory keep on allocated in these back traces only causing the
> memory leak, and the polling of the async profiler for more than 6hours
> shows this clearly. Could you please help how to fix this problem?
>
> (open this svg graph in browser only)
>
>
>
> Note: If C_DestroyObject is not called because of finalizer accumulation
> is also tested by inducing the gc using the jmap command still could see
> the memory never gone down after the Full GC collection as well. Expecting
> your advice on the same.
>

With AsyncProfiler '-e alloc' you can see what part of the code is
responsible for making most of the memory allocations, but it doesn't tell
you whether those objects leak or not. AsyncProfiler helps you to identify
the top allocations and if you manage to reduce them then you will reduce
the GC runs and the time they take.
To debug memory leaks you need to take a heap dump, e.g. with 'jmap
-dump:live,format=b,file=heap.bin ' and analyze it. I'd recommend you
to use Eclipse MAT to do that.

Also in your flame graph I see that Netty is responsible for 49.04% of
the allocated objects and Tomcat for just 25.32%.


>
> Regards,
>
> Raghav
>
> Infrastructure engineer,
>
> Cisco ISE.
>
>
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Memory leak in the PKCS11 how to fix the problem

[Martin Grigorov]

On Wed, Jul 22, 2020, 16:58 Ragavendhiran Bhiman (rabhiman)
 wrote:

> Sorry Martin,
>
> My answers are inline.
>

Take a heap dump and analyze it!


> Thanks & Regards,
> Raghav
>
> On 22/07/20, 7:20 PM, "Ragavendhiran Bhiman (rabhiman)"
>  wrote:
>
> Hello Martin,
>
> Thanks for your reply
>
>
> https://www.dropbox.com/sh/o6zra7pf2o1xpge/AAA1J7BaVdPDF7s3RjPmy0xBa?dl=0
>
> Here is the link I have shared the flame graph.
> Also kindly check my answers in red as well.
>
> Thanks & Regards,
> Raghav
>
>
> On 22/07/20, 2:33 PM, "Martin Grigorov"  wrote:
>
> Hi Ragavendhiran,
>
> On Sat, Jul 18, 2020 at 3:55 PM Ragavendhiran Bhiman (rabhiman)
>  wrote:
>
> > Hello All,
> >
> >
> >
> > I am seeing the memory leaks from tomcat apache in the following
> SSL path
> > using PKCS11. Attached the flame graph of memory possible memory
> leaks in
> > this area.
> >
> > Please check the attached flame graph of the memory trace. On
> simply a
> > long run the memory keep on allocated in these back traces only
> causing the
> > memory leak, and the polling of the async profiler for more than
> 6hours
> > shows this clearly. Could you please help how to fix this
> problem?
> >
> > (open this svg graph in browser only)
> >
> >
> >
> > Note: If C_DestroyObject is not called because of finalizer
> accumulation
> > is also tested by inducing the gc using the jmap command still
> could see
> > the memory never gone down after the Full GC collection as well.
> Expecting
> > your advice on the same.
> >
>
> With AsyncProfiler '-e alloc' you can see what part of the code is
> responsible for making most of the memory allocations, but it
> doesn't tell
> you whether those objects leak or not. AsyncProfiler helps you to
> identify
> the top allocations and if you manage to reduce them then you will
> reduce
> the GC runs and the time they take.
> To debug memory leaks you need to take a heap dump, e.g. with 'jmap
> -dump:live,format=b,file=heap.bin ' and analyze it. I'd
> recommend you
> to use Eclipse MAT to do that.
>
>  "Yes with async profiler and just leaving the server without
> any sequence of action the memory started growing (RSS grows) when I
> profiled during that sequence there is no other memory allocation happening
> except this one.
> That’s why I am suspecting this flow clearly. Samples are only through
> this flow only".
>
> Also in your flame graph I see that Netty is responsible for
> 49.04% of
> the allocated objects and Tomcat for just 25.32%.
>
>
> >
> > Regards,
> >
> > Raghav
> >
> > Infrastructure engineer,
> >
> > Cisco ISE.
> >
> >
> >
> >
> >
> >
> -
> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>

Re: Error in stopping application tomcat !!

[Martin Grigorov]

On Wed, Jul 22, 2020, 15:55 Kushagra Bindal 
wrote:

> Hi Christopher,
>
> Did you get a chance to look into this?
>
> Please help us in resolving this issue.
>
> On Sat, Jul 18, 2020 at 11:26 AM Kushagra Bindal <
> bindal.kusha...@gmail.com>
> wrote:
>
> > Hi Chris,
> >
> > Additionally when trying to stop running application, we are getting
> below
> > error.
> >
> > Sat Jul 18 05:49:40 UTC 2020
> > **
> > *  Stopping the Web Server
> > **
> > Sat Jul 18 05:49:40 UTC 2020
> > ./wfc: line 28: /usr/local/nginx/nginx: No such file or directory
> > ./wfc: line 233: /usr/local/nginx/nginx: No such file or directory
> >
> > Sat Jul 18 05:49:40 UTC 2020
> > *  Nginx has been stopped
> > **
> > *  Shutdown the wfc Server gracefully
> > **
> > # *
> > # Tomcat shutdown with wait time: 30
> > # *
> > Using CATALINA_BASE:   /usr/local/xyz/tomcat
> > Using CATALINA_HOME:   /usr/local/xyz/tomcat
> > Using CATALINA_TMPDIR: /usr/local/xyz/tomcat/temp
> > Using JRE_HOME:/usr/local/xyz/jdk
> > Using CLASSPATH:
> >
> /usr/local/xyz/tomcat/bin/bootstrap.jar:/usr/local/xyz/tomcat/bin/tomcat-juli.jar
> > Using CATALINA_PID:/usr/local/xyz/tomcat/tomcat.pid
> > Tomcat did not stop in time.
> > To aid diagnostics a thread dump has been written to standard out.
>

Anything interesting in this thread dump?


> Killing Tomcat with the PID: 4280
> > The Tomcat process has been killed.
> > # *
> > # Tomcat shutdown result: 0
> > # *
> >
> >
> >
> > Whereas below error that I mentioned earlier is coming when application
> is
> > in INPROGRESS and not yet come into running state and when we stop the
> same
> > it is throwing below error.
> >
> > On Sat, Jul 18, 2020 at 10:17 AM Kushagra Bindal <
> > bindal.kusha...@gmail.com> wrote:
> >
> >>  Hi Chris,
> >>
> >> To stop tomcat we are using the below command.
> >>
> >> bin/shutdown.sh -$sleeptime -force
> >>
> >> Where in our case sleeptime is set to 30.
> >>
> >> Please find the attached server.xml which we are using in our
> application.
> >>
> >> Also I have copy-paste the complete content below in this email as well.
> >>
> >>
> 
> >>
> >> 
> >> 
> >>className="org.apache.catalina.startup.VersionLoggerListener"
> >> />
> >>>> SSLEngine="on" />
> >>>> className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
> >>>> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
> />
> >>>> className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"
> />
> >>   
> >>  >>   type="org.apache.catalina.UserDatabase"
> >>   description="User database that can be updated and saved"
> >>
> >> factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
> >>   pathname="conf/tomcat-users.xml" />
> >>  >>   type="javax.sql.DataSource"
> >>   username="db_username_stub"
> >>   password="db_password_stub"
> >>   factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
> >>   url="READ_WRITE_URL_STUB"
> >>   driverClassName="com.edb.Driver"
> >>   initialSize="5"
> >>   maxWait="3"
> >>   maxActive="50"
> >>   maxIdle="20"
> >>   minIdle="5"
> >>   maxAge="720"
> >>   validationQuery="SELECT 1; COMMIT;"
> >>  initSQL="ALTER SESSION SET statement_timeout=360; ALTER SESSION SET
> >> idle_in_transaction_session_timeout=366; COMMIT;"
> >>   poolPreparedStatements="true"
> >>   testWhileIdle="false"
> >>   testOnBorrow="true"
> >>   testOnReturn="false"
> >>   validationInterval="12"
> >>   timeBetweenEvictionRunsMillis="15000"
> >>   removeAbandonedTimeout="300"
> >>   removeAbandoned="false"
> >>   logAbandoned="false"
> >>   minEvictableIdleTimeMillis="12"
> >>   jmxEnabled="true"
> >>
> >>
> jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;
> >>
> >> org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;
> >>
> >> org.apache.tomcat.jdbc.pool.interceptor.StatementCache(max=4000)" />
> >>  >>   type="javax.sql.DataSource"
> >>   username="db_username_stub"
> >>   password="db_password_stub"
> >>   factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
> >>   url="READ_ONLY_URL_STUB"
> >>   driverClassName="com.edb.Driver"
> >>   

Re: Error in stopping application tomcat !!

[Martin Grigorov]

Hi,

On Thu, Jul 23, 2020 at 6:35 AM Kushagra Bindal 
wrote:

> Hi Martin,
>
> These are the only two behaviors right now which I am getting on a
> regular basis.
> 1. During startup of the application and then shutdown
> 2. Running application and then shutdown.
>
> Please let me know if anything specific is further needed from my end which
> I can provide to have a better clarity.
>
> I have shared the server.xml and command which we are using in stopping the
> tomcat.
>
>
> On Thu, Jul 23, 2020 at 2:49 AM Martin Grigorov 
> wrote:
>
> > On Wed, Jul 22, 2020, 15:55 Kushagra Bindal 
> > wrote:
> >
> > > Hi Christopher,
> > >
> > > Did you get a chance to look into this?
> > >
> > > Please help us in resolving this issue.
> > >
> > > On Sat, Jul 18, 2020 at 11:26 AM Kushagra Bindal <
> > > bindal.kusha...@gmail.com>
> > > wrote:
> > >
> > > > Hi Chris,
> > > >
> > > > Additionally when trying to stop running application, we are getting
> > > below
> > > > error.
> > > >
> > > > Sat Jul 18 05:49:40 UTC 2020
> > > > **
> > > > *  Stopping the Web Server
> > > > **
> > > > Sat Jul 18 05:49:40 UTC 2020
> > > > ./wfc: line 28: /usr/local/nginx/nginx: No such file or directory
> > > > ./wfc: line 233: /usr/local/nginx/nginx: No such file or directory
> > > >
> > > > Sat Jul 18 05:49:40 UTC 2020
> > > > *  Nginx has been stopped
> > > > **
> > > > *  Shutdown the wfc Server gracefully
> > > > **
> > > > #
> *
> > > > # Tomcat shutdown with wait time: 30
> > > > #
> *
> > > > Using CATALINA_BASE:   /usr/local/xyz/tomcat
> > > > Using CATALINA_HOME:   /usr/local/xyz/tomcat
> > > > Using CATALINA_TMPDIR: /usr/local/xyz/tomcat/temp
> > > > Using JRE_HOME:/usr/local/xyz/jdk
> > > > Using CLASSPATH:
> > > >
> > >
> >
> /usr/local/xyz/tomcat/bin/bootstrap.jar:/usr/local/xyz/tomcat/bin/tomcat-juli.jar
> > > > Using CATALINA_PID:/usr/local/xyz/tomcat/tomcat.pid
> > > > Tomcat did not stop in time.
> > > > To aid diagnostics a thread dump has been written to standard out.
> > >
> >
> > Anything interesting in this thread dump?
>

Tomcat does not stop properly in time and a thread dump is written to the
stdout.
Please share the thread dump. Use some pastebin service!


> >
> >
> > > Killing Tomcat with the PID: 4280
> > > > The Tomcat process has been killed.
> > > > #
> *
> > > > # Tomcat shutdown result: 0
> > > > #
> *
> > > >
> > > >
> > > >
> > > > Whereas below error that I mentioned earlier is coming when
> application
> > > is
> > > > in INPROGRESS and not yet come into running state and when we stop
> the
> > > same
> > > > it is throwing below error.
> > > >
> > > > On Sat, Jul 18, 2020 at 10:17 AM Kushagra Bindal <
> > > > bindal.kusha...@gmail.com> wrote:
> > > >
> > > >>  Hi Chris,
> > > >>
> > > >> To stop tomcat we are using the below command.
> > > >>
> > > >> bin/shutdown.sh -$sleeptime -force
> > > >>
> > > >> Where in our case sleeptime is set to 30.
> > > >>
> > > >> Please find the attached server.xml which we are using in our
> > > application.
> > > >>
> > > >> Also I have copy-paste the complete content below in this email as
> > well.
> > > >>
> > > >>
> > >
> >
> 
> > > >>
> > > >> 
> > > >> 
> > > >>> > className="org.apache.catalina.startup.VersionLoggerListener"
> > > >> />
> > > >>className="org.apache.catalina.core.AprLifecycleListener"
> > > >> SSLEngine="on"

Re: Error in stopping application tomcat !!

[Martin Grigorov]

On Thu, Jul 23, 2020 at 3:10 PM Kushagra Bindal 
wrote:

> Hi Martin,
>
> Due to our environment I was not able to use pastebin service. I have
> taken different Thread dump during shutdown and attaching the same with
> this email.
>
> Please review the same and let me know, what is the probable root cause of
> the problem and what could be the fix of the same.
>

You have many AMQP (RabbitMQ) listener threads which are not daemons.
It seems your application does not notify Spring Framework that it needs to
destroy its application context or the beans with
type org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer
are not notified to stop for some other
reason.


>
> On Thu, Jul 23, 2020 at 3:22 PM Martin Grigorov 
> wrote:
>
>> Hi,
>>
>> On Thu, Jul 23, 2020 at 6:35 AM Kushagra Bindal <
>> bindal.kusha...@gmail.com>
>> wrote:
>>
>> > Hi Martin,
>> >
>> > These are the only two behaviors right now which I am getting on a
>> > regular basis.
>> > 1. During startup of the application and then shutdown
>> > 2. Running application and then shutdown.
>> >
>> > Please let me know if anything specific is further needed from my end
>> which
>> > I can provide to have a better clarity.
>> >
>> > I have shared the server.xml and command which we are using in stopping
>> the
>> > tomcat.
>> >
>> >
>> > On Thu, Jul 23, 2020 at 2:49 AM Martin Grigorov 
>> > wrote:
>> >
>> > > On Wed, Jul 22, 2020, 15:55 Kushagra Bindal <
>> bindal.kusha...@gmail.com>
>> > > wrote:
>> > >
>> > > > Hi Christopher,
>> > > >
>> > > > Did you get a chance to look into this?
>> > > >
>> > > > Please help us in resolving this issue.
>> > > >
>> > > > On Sat, Jul 18, 2020 at 11:26 AM Kushagra Bindal <
>> > > > bindal.kusha...@gmail.com>
>> > > > wrote:
>> > > >
>> > > > > Hi Chris,
>> > > > >
>> > > > > Additionally when trying to stop running application, we are
>> getting
>> > > > below
>> > > > > error.
>> > > > >
>> > > > > Sat Jul 18 05:49:40 UTC 2020
>> > > > > **
>> > > > > *  Stopping the Web Server
>> > > > > **
>> > > > > Sat Jul 18 05:49:40 UTC 2020
>> > > > > ./wfc: line 28: /usr/local/nginx/nginx: No such file or directory
>> > > > > ./wfc: line 233: /usr/local/nginx/nginx: No such file or directory
>> > > > >
>> > > > > Sat Jul 18 05:49:40 UTC 2020
>> > > > > *  Nginx has been stopped
>> > > > > **
>> > > > > *  Shutdown the wfc Server gracefully
>> > > > > **
>> > > > > #
>> > *
>> > > > > # Tomcat shutdown with wait time: 30
>> > > > > #
>> > *
>> > > > > Using CATALINA_BASE:   /usr/local/xyz/tomcat
>> > > > > Using CATALINA_HOME:   /usr/local/xyz/tomcat
>> > > > > Using CATALINA_TMPDIR: /usr/local/xyz/tomcat/temp
>> > > > > Using JRE_HOME:/usr/local/xyz/jdk
>> > > > > Using CLASSPATH:
>> > > > >
>> > > >
>> > >
>> >
>> /usr/local/xyz/tomcat/bin/bootstrap.jar:/usr/local/xyz/tomcat/bin/tomcat-juli.jar
>> > > > > Using CATALINA_PID:/usr/local/xyz/tomcat/tomcat.pid
>> > > > > Tomcat did not stop in time.
>> > > > > To aid diagnostics a thread dump has been written to standard out.
>> > > >
>> > >
>> > > Anything interesting in this thread dump?
>> >
>>
>> Tomcat does not stop properly in time and a thread dump is written to the
>> stdout.
>> Please share the thread dump. Use some pastebin service!
>>
>>
>> > >
>> > >
>> > > > Killing Tomcat with the PID: 4280
>> > > > > The Tomcat process has been killed.
>> > > > > #
>> > *
>> > > > &

Re: Error in stopping application tomcat !!

[Martin Grigorov]

On Thu, Jul 23, 2020, 15:52 Kushagra Bindal 
wrote:

> Thanks Martin.
>
> But with the old version i.e. 8.5.24 it is working smoothly. So, what could
> be the problem? Or some specific property/configuration changes that need
> to be made around this?
>

You will have to consult with the changelogs for all the versions in
between.


> On Thu, Jul 23, 2020 at 6:00 PM Martin Grigorov 
> wrote:
>
> > On Thu, Jul 23, 2020 at 3:10 PM Kushagra Bindal <
> bindal.kusha...@gmail.com
> > >
> > wrote:
> >
> > > Hi Martin,
> > >
> > > Due to our environment I was not able to use pastebin service. I have
> > > taken different Thread dump during shutdown and attaching the same with
> > > this email.
> > >
> > > Please review the same and let me know, what is the probable root cause
> > of
> > > the problem and what could be the fix of the same.
> > >
> >
> > You have many AMQP (RabbitMQ) listener threads which are not daemons.
> > It seems your application does not notify Spring Framework that it needs
> to
> > destroy its application context or the beans with
> > type
> > org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer
> > are not notified to stop for some other
> > reason.
> >
> >
> > >
> > > On Thu, Jul 23, 2020 at 3:22 PM Martin Grigorov 
> > > wrote:
> > >
> > >> Hi,
> > >>
> > >> On Thu, Jul 23, 2020 at 6:35 AM Kushagra Bindal <
> > >> bindal.kusha...@gmail.com>
> > >> wrote:
> > >>
> > >> > Hi Martin,
> > >> >
> > >> > These are the only two behaviors right now which I am getting on a
> > >> > regular basis.
> > >> > 1. During startup of the application and then shutdown
> > >> > 2. Running application and then shutdown.
> > >> >
> > >> > Please let me know if anything specific is further needed from my
> end
> > >> which
> > >> > I can provide to have a better clarity.
> > >> >
> > >> > I have shared the server.xml and command which we are using in
> > stopping
> > >> the
> > >> > tomcat.
> > >> >
> > >> >
> > >> > On Thu, Jul 23, 2020 at 2:49 AM Martin Grigorov <
> mgrigo...@apache.org
> > >
> > >> > wrote:
> > >> >
> > >> > > On Wed, Jul 22, 2020, 15:55 Kushagra Bindal <
> > >> bindal.kusha...@gmail.com>
> > >> > > wrote:
> > >> > >
> > >> > > > Hi Christopher,
> > >> > > >
> > >> > > > Did you get a chance to look into this?
> > >> > > >
> > >> > > > Please help us in resolving this issue.
> > >> > > >
> > >> > > > On Sat, Jul 18, 2020 at 11:26 AM Kushagra Bindal <
> > >> > > > bindal.kusha...@gmail.com>
> > >> > > > wrote:
> > >> > > >
> > >> > > > > Hi Chris,
> > >> > > > >
> > >> > > > > Additionally when trying to stop running application, we are
> > >> getting
> > >> > > > below
> > >> > > > > error.
> > >> > > > >
> > >> > > > > Sat Jul 18 05:49:40 UTC 2020
> > >> > > > > **
> > >> > > > > *  Stopping the Web Server
> > >> > > > > **
> > >> > > > > Sat Jul 18 05:49:40 UTC 2020
> > >> > > > > ./wfc: line 28: /usr/local/nginx/nginx: No such file or
> > directory
> > >> > > > > ./wfc: line 233: /usr/local/nginx/nginx: No such file or
> > directory
> > >> > > > >
> > >> > > > > Sat Jul 18 05:49:40 UTC 2020
> > >> > > > > *  Nginx has been stopped
> > >> > > > > **
> > >> > > > > *  Shutdown the wfc Server gracefully
> > >> > > > > **
> > >> > > > > #
> > >> >
> *
> > >> > > > > # Tomcat shutdown with wait time: 30
> > >> > > > > #
> > >> >
> ***

Re: Best practices for profiling

[Martin Grigorov]

Hi,

On Sun, Aug 2, 2020 at 1:09 AM calder  wrote:

> On Sat, Aug 1, 2020, 15:16 Aryeh Friedman 
> wrote:
>
> > On Sat, Aug 1, 2020 at 3:28 PM calder  wrote:
> >
> > > On Sat, Aug 1, 2020 at 12:53 PM Aryeh Friedman <
> aryeh.fried...@gmail.com
> > >
> > > wrote:
> > > >
> > > > What are the best practices for (open source) profiling a JSP (no
> > taglibs
> > >
> > > There's no "one rule" for this
> > >
> > > > or any EE outside of JSP and JDBC) webapp running on a remote machine
> > all
> > > > the way down the method level (our main user is complaining about
> > > > performance and we have done all the easy fixes that can be done
> > without
> > > > profiling).   I have played with VisualVM and while it was helpful in
> > > > finding the grosser high level stuff it was not the best for
> > pinpointing
> > > > specific bottlenecks in the actual code.
> > >
> >
> >
> > > [1] We prefer to not profile / debug in a client's environment,
> > > because there may be "too much going on elsewhere".
> > >
> >
> > Ours is a custom web app (remote cardiac monitoring/record keeping) that
> > has only one production server and thus might make the choices narrower.
> > The primary problem is it runs just fine on our development machines
> (even
> > under stress tests) because we have more efficent setup then what their
> > hosting company is willing to provide (we already use VM's and have them
> > backed by local SSD's w/ traditional file systems but the hosting company
> > insists on doing networked object storage [which is impossible to model
> > outside of that environment]).   When not loaded outside of peak business
> > hours it also runs just fine on the hosting company.   Thus it comes down
> > to a problem only when it is under a production load and the client is
> not
> > willing to pay for a duplicate setup at the hosting firm (nor would it
> let
> > us see it under load).   Our main goal in profiling is to identify which
> > classes/methods that are the bottlenecks.   We are fairly sure it is
> > backend I/O driven and just need to see which of the I/O calls are the
> big
> > offenders so we can work out ways of avoiding making them.
> >
> > As to debugging except for confirming the bug in production and/or using
> > its logs to pinpoint the bug we do not do debugging in production.
> >
>
> You'll probably want to look at an APM type, such as AppDynamics
>

Before doing this I'd suggest you to try something simpler: ask them to
provide you with thread dumps while the system is under load.
I.e. whenever they feel the system is slow someone who has access to Tomcat
should take several thread dumps (e.g. 3-5 seconds between each dump). They
could use jstack, jcmd, kill -3, VisualVM ...
>From the stack traces you could figure out which methods are busiest and
what kind of network calls are being done

Re: Date of EOL and EOS for Tomcat8.5

[Martin Grigorov]

Hi,

On Wed, Aug 5, 2020 at 5:59 PM Rajat Gupta  wrote:

> Hi,
>
> Please let us know the date of End Of Service and End Of Life for Tomcat
> *8.5*
>

It is not known yet.
At the moment there is a date set only for 7.0.x:
https://tomcat.apache.org/tomcat-70-eol.html
Newer versions will live several years longer.


> Thank you!
>

Welcome!
You have missed to add few mailing lists in CC!


>
> Best regards,
> Rajat Gupta
>

How to upload Files larger than 2GB

[Martin Knoblauch]

Hi,

 our customer has the following setup:

Apache/HTTPD(2.4.43)->mod_jk(1.2.48)->Tomcat(9.0.12).

 The application hosted by Tomcat has a REST interface that allows file
upload using POST requests. The problem now is that we get a 500 response
when we try to upload files larger than 2 GB. But this happens only when
using the full path from Apache to Tomcat. When we try the upload directly
via the Tomcat HTTP port all is good

This leaves me with the question where the problem is. Is it the Tomcat AJP
part, is it mod_jk or is it HTTPD? From the logs I have the impression the
file never appears on the Tomcat side.

So I found the LimitRequestBody directive for HTTPD. But the description
leaves me wondering. It says "This directive specifies the number of bytes
from 0 (meaning unlimited) to 2147483647 (2GB) that are allowed in a
request body." Means "unlimited" really no limit, or is it 2GB. Anyway, I
set it to 0 with no success.

Then looking at the Tomcat configuration. The HTTP connector (working)
looks like this:



Which makes me wonder why it works. It should bail out at 200 MB. The AJP
connector looks like:

   

I upped the maxPostSize to 20GB, but it did not help.

Any advice is highly welcome. Just not

- Don't use HTTP for uploading large files. It is the mechanism the
application offers
- Don't allow upload of large files. Unfortunately it is a valid use-case.

Thanks in advance
Martin
-- 
------
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de

Re: How to upload Files larger than 2GB

[Martin Knoblauch]

Hi Mark,

 thanks for the reply. The mentioning of "Chunked" helped me solve the
problem. Our perl based REST client clearly tried to send the file as one
buffer. Fortunately changing that was on line of code.



> >
> > Then looking at the Tomcat configuration. The HTTP connector (working)
> > looks like this:
> >
> >  >connectionTimeout="2"
> >maxPostSize="209715200"
> >redirectPort="8443" />
> >
> > Which makes me wonder why it works. It should bail out at 200 MB.
>
> That limit only applies to the automated processing of request bodies as
> per section 3.1.1 of the Servlet 4.0 specification.
>
> If the application (or a library it uses) reads the request body
> directly, there is no limit. The application is meant to provide
> whatever limits it considers appropriate.
>
>
Thanks for clarifying that.


> I wonder if httpd/mod_jk is trying cache the entire request body before
> forwarding. How is the request sent? With chunked-encoding or with a
> content-length? Does switching to the other one help?
>
>
 Apparently with content-length. Changing to "chunked" solved it.

Thanks again
Martin
-- 
--
Martin Knoblauch
email: k n o b i AT knobisoft DOT de
www: http://www.knobisoft.de

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

[Martin Grigorov]

Hi,

On Wed, Aug 26, 2020 at 7:53 AM Pratik Shrestha  wrote:

> Thanks for reply,
>
> Hi Peter - it complains on port 8443 which belongs to Tomcat.
>
> Hi Mark - Yes. making HTTP request on HTTPS is wrong. But this security
> vulnerability is given to us by Qualys scan. It tries to post plain HTTP
> request on HTTPS port and then gets error message "Bad Request. This 
> combination
> of host and port requires TLS." which is security loop hole for Qualys.
> This is behaviour of Apache HTTP server also. But in Apache though, we can
> get rid of this by using "ErrorDocument 400" directive. Do we have similar
> in Tomcat? I have already tried using
>
> 
>400
>/error.jsp
>  
>

This won't work because Tomcat stops the request earlier and doesn't pass
it to your application.
I haven't tried it but it may work with a custom Valve, extending
ErrorReportValve.


>
> Not sure, but my idea was to add redirect code on error.jsp page. But
> above never works. It never reaches error.jsp page. Just sticks in default
> error message page mentioned above.
>
> Btw..you can see the result from Qualys attached.
>

What is the desired behavior expected by Qualys ?
Because at the moment Tomcat returns a text/html error page and you try to
"fix" it by returning a custom text/html error page. I don't see how this
will change the Qualys report.


>
> Thanks again guys for getting back.
>
> Regards,
> Pratik
>
> On Tue, Aug 25, 2020 at 5:36 PM Mark Thomas  wrote:
>
>> On 25/08/2020 11:14, Pratik Shrestha wrote:
>> > Hi all,
>> >
>> > Tomcat version: 9.0.37
>> >
>> > Our website is running on Tomcat. We did Qualys vulnerability scan on
>> our
>> > site. Scan shows below vulnerability.
>> >
>> > Insecure transport
>> > Group: Information Disclosure
>> > CWE CWE-319
>> > OWASP A3 Sensitive Data Exposure
>> > WASC WASC-4 INSUFFICIENT TRANSPORT LAYER PROTECTION
>> >
>> > Please note
>> > 1. HTTP port is not enabled.
>> > 2. We have only opened HTTPS port 8443. But when we connect this HTTPS
>> port
>> > with HTTP (http://www.oursite.com:8443/), we get an error "Bad
>> Request. This
>> > combination of host and port requires TLS."
>> > 3. Due to the above error message, we get this vulnerability error from
>> > Qualys.
>> > 4. We have already enabled HSTS.
>> > 5. We have enabled Rewrite Valve also to direct all HTTP to HTTPS. But
>> it
>> > never works. It is like, Tomcat doesn't care about Rewrite or HSTS. It
>> just
>> > finds someone is accessing HTTPS port with HTTP protocol and then just
>> > throws error 400 'Bad Request'
>> > 6. Note that Tomcat version 7 used to send the error 'ERR_EMPTY_RESP'
>> which
>> > should still be okay.
>> >
>> > We already tried to find the fix for this issue on the web but in vain.
>> >
>> > Kindly help if anyone has found a way to fix it.
>>
>> Fix what?
>>
>> If you make an HTTP request to an HTTPS port, Tomcat provides a helpful
>> error message.
>>
>> I don't see any security issues here.
>>
>> (And before anyone claims the request sent in the clear is insecure I'll
>> point out that the request is sent in the clear irrespective of whether
>> Tomcat responds with an HTTP/1.1 clear text error message or a cryptic
>> TLS failure).
>>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 9 : Unable to specify wildcard care name in Host

[Martin Grigorov]

On Tue, Aug 25, 2020 at 3:01 PM Tom Chiverton  wrote:

> I'd like to propose some changes to the docs, but can not locate their
> source to submit a request.
>

https://github.com/apache/tomcat/blob/master/webapps/docs/config/host.xml
This is for Tomcat 10.x (master branch).


>
> For instance, in https://tomcat.apache.org/tomcat-9.0-doc/config/host.html
>
> "If the name takes the form of |*.domainname| (e.g. |*.apache.org|) then
> it will be treated as a match for any host in that domain unless a host
> that has an exactly matching name is found."
>
> would be clearer as
>
> "The name can not contain a wildcard (e.g. |*.apache.org|), this is only
> valid in an Alias."
>
> And then in
> https://tomcat.apache.org/tomcat-9.0-doc/config/host.html#Host_Name_Aliases
>
> "Aliases may also use the wildcard form (|*.domainname|) permitted for
> the *name* attribute of a *Host*."
>
> to
>
> "Aliases may also use the wildcard form (|*.domainname|), unlike for the
> name attribute of a Host**."
>
> On 24/08/2020 13:14, Tom Chiverton wrote:
> > Am I mis-reading the docs ?
>
>
> __
> This email has been scanned by the Symantec Email Security.cloud service.
> For more information please visit http://www.symanteccloud.com
> __

Re: Release date of latest Tomcat version - 9.0.38

[Martin Grigorov]

Hi,

On Wed, Sep 2, 2020, 17:46 Arshiya Shariff
 wrote:

> Hi ,
> Thank you for your response .
> Is there a way I can track when the version is released for Voting (or)
> will I get notified in the Users list ?
>

You need to subscribe to the dev@ mailing list.



> Thanks and Regards
> Arshiya Shariff
>
> -Original Message-
> From: Mark Thomas 
> Sent: Wednesday, September 2, 2020 12:03 AM
> To: users@tomcat.apache.org
> Subject: Re: Release date of latest Tomcat version - 9.0.38
>
> On 01/09/2020 14:01, Christopher Schultz wrote:
> > Arshiya,
> >
> > On 9/1/20 08:13, Arshiya Shariff wrote:
> >> Hi all,
> >
> >> The following reported issue - "HTTP/2 Stream.receivedData method
> >> throwing continuous NullPointerException in the logs" has been fixed
> >> in the latest tomcat.
> >> https://bz.apache.org/bugzilla/show_bug.cgi?id=64671
> >
> >> Can you please share us the release date of tomcat version 9.0.38 .
> >> We are waiting for the release dates so we can plan accordingly.
> > There are no promises about release schedule.
> >
> > Mark, however, has fairly consistently been rolling releases around
> > the beginning of each month. If you read the developers list, you'll
> > see there was a conversation started last week about the next batch of
> > releases.
>
> I'm expecting to tag the next round of releases in a few days. I am
> currently waiting for the Commons Daemon 1.2.3 release (it was delayed by
> an issue with the code signing service) and the Tomcat Native 1.2.25
> release (vote should hopefully complete shortly).
>
> If the Commons Daemon release slips then the Tomcat release will probably
> slip.
>
> > Once a release candidate has been announced (look for [VOTE] threads),
> > you can help by testing the release:
>
> Big +1
>
> >   1. Run the test suite (ant test)
> >   2. Run the release-candidate on your own application
> >
> > Your vote is not binding, but if you find a problem, we will likely
> > stop the release to fix it.
>
> Indeed. We've done that a few times. Much better to test the release
> during the vote (when we can fix it and re-roll the release) rather than
> once it is released (when you have to wait for the next release in ~1
> month). The number of times people have downloaded a new release and found
> an issue that they could have caught if they tested during the vote...
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: HTTP2: Connections abruptly closed by sending GOAWAY

[Martin Grigorov]

Hi,

On Wed, Sep 9, 2020 at 3:31 PM Arshiya Shariff
 wrote:

> Thank you for the response Mark .
>
>
>
> Hi All,
>
>
>
> Can you please help us understand this behavior .
>
> The following is the sequence of events that is happening for a few
> streams .
>
> Initially when the stream is opened , it processes fine , but beyond some
> time tomcat does not process the headers, for which the client is sending
> RST_STREAM (ERROR: NO_ERROR) and then tomcat closes the stream with GOAWAY
> (An error occurred during processing that was fatal to the connection).
>
>
>
>
Your images didn't make it thru the mailing list.
https://markmail.org/message/c5pz2bmuaeodrlhr
Please use some image bin and give us the url.

> Please help us analyze under which cases this happens .
>
> Embedded tomcat:9.0.22
>
>
>
> Thanks and Regards
>
> Arshiya Shariff
>
>
>
>
>
> -Original Message-
> From: Mark Thomas 
> Sent: Monday, September 7, 2020 10:21 PM
> To: users@tomcat.apache.org
> Subject: Re: HTTP2: Connections abruptly closed by sending GOAWAY
>
>
>
> On 07/09/2020 09:29, Arshiya Shariff wrote:
>
> > Hi All,
>
> > Tomcat is closing connections abruptly by sending GOAWAY with reason
>
> > Connection [5309], Stream [57,359], An error occurred during processing
> that was fatal to the connection .
>
> >
>
> > Just trying to understand in what scenarios this happens. Can you please
> help us.
>
>
>
> An unhandled InterruptedIOException during I/O.
>
>
>
> I/O exception writing an intermediate 100 response for a request with an
> expectation.
>
>
>
> I/O exception trying to initiate a push request.
>
>
>
> I/O exception committing, flushing or closing a stream.
>
>
>
> So, generally, any I/O exception that indicates the connection between the
> client and the server is broken.
>
>
>
> Mark
>
>
>
> -
>
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
>

Re: How to Set Content Security Policy headers in Tomcat 8.5.x

[Martin Grigorov]

Hi,

On Wed, Sep 9, 2020 at 8:54 PM Nitin Kadam  wrote:

> Hi All,
>
> Need to set the *Content security policy* header for Tomcat Web server
> (8.5..x) which hosted on Windows server 2012, As per the internal security
> team same is not a complaint
> can you please help me setting CSP filters for my Tomcat application
> hosted on windows server.
>

You can use javax.servlet.Filter to add such custom headers.
See
https://github.com/apache/tomcat/blob/53c304ad1f65a09c921c40e03a115de438f6c68a/java/org/apache/catalina/filters/HttpHeaderSecurityFilter.java
for
inspiration.
More about Filters you can read in the web, e.g.
https://www.tutorialspoint.com/servlets/servlets-writing-filters.htm


>
> below the screenshot from securityheaders.com
>
> [image: image.png]
>
> --
> Regards
> Nitin Kadam
>
>

Re: Tomcat Processing Timer Question

[Martin Grigorov]

Hi,

On Sat, Sep 12, 2020, 02:57 Eric Robinson  wrote:

> I'm not sure what you mean by measuring at the load balancer level. We're
> using the jasper logs and those only exist on the tomcat server itself. I
> must be misunderstanding your meaning.
>

He meant to use the LB's logs for the same.
What software do you use for load balancing?


> Get Outlook for Android
>
> 
> From: Christopher Schultz 
> Sent: Thursday, September 10, 2020 3:11:43 PM
> To: users@tomcat.apache.org 
> Subject: Re: Tomcat Processing Timer Question
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Eric,
>
> On 9/10/20 15:29, Eric Robinson wrote:
> > Chris --
> >
> >
> >> You should also look at worker-thread availability. When you see
> >>  these "high latency" (which is usually a term reserved for I/O
> >> characterization) events, do you have:>> 1. Available worker
> >> threads (from the executor thread pool) 2. Any other
> >> shared/limited resource (e.g. DB connection pool)
> >>
> >
> > Good thought. I should mention that the hosted application is
> > canned, and is the same for all tomcat instances, with only minor
> > variations in version between them. User workflow is also similar.
> > Over the years we've developed a good feel for expected
> > performance and resource utilization based on the user count per
> > instance. So when one instance exhibits anomalous performance, we
> > tend to go right to networking issues.
> >
> >> Also, are you seeing the otherwise unexpected slowness on each
> >> Tomcat node, or are you seeing it at the
> >> load-balancer/multiplexer level?
> >>
> >
> > We run multi-tenanted servers, with many instances of tomcat on
> > each server. We've never seen issues at the load-balancer.
>
> What I mean is, are you measuring the request at the Tomcat level, or at
> the load-balancer level? If you are watching at the lb, then your lb
> might pick a "busy" Tomcat and the request has to "wait in line" before
> processing even begins. If you sample at the Tomcat level, you'll see no
> discernible slowdown because the time "waiting in line" does not count.
>
> > Very occasionally, there might be a problem at the server level.
> > When that happens, all instances on that server may become
> > sluggish. What I'm talking about in this thread are cases where
> > only one instance on a server is showing slowness in its jasper
> > logs. Also, we typically do not see the same slowness when we test
> > the application locally from the same network. I've had my eye on
> > TCP retransmits as a possible culprit for a while, but I just
> > didn't know for sure if my understanding of the tomcat processing
> > timer is correct.
> I hope we've cleared that up for you, then.
>
> You might also want to read about "buffer bloat" if you aren't already
> familiar with that term.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9aiH4ACgkQHPApP6U8
> pFiFfBAAvuUbRXK+iDDy7lLsw6eplMFrXXDbkxzwtSNafvdGlDWmcPWwdazZwhQ+
> TJ0pzkUwf3/RBslu/oORJYelYKhpUJLodj0Y85ZtbuKBcU2JpKk1uueJ/aqnmVFK
> 9yep3ReYdggEXQ3JNb1VeI4ASdEhFWoFw8pc6DAcJZ4K2JaUtGKrtoWG8n+oEXos
> kmthl9Dm9ge3edLimd7TPTx11iODi6pX3ddJ+uRh7qmvXZp4wVyX8W+hkKiOhUQM
> hokUd8RruXQm6wut5m+JSO6eLHqkKUBiLspzlz1x/Y4cuaqAlC8Pl5y9NFTuLK3e
> gFJeDmBUthN2y5h9KNKW5r+Gf9bKpuv1+kw7CIaNoFv2JxCGTmfL3VKM+Bp/rh7J
> 1SbshsTW6ffo5hKRNJUJKvxry3uUvzrss0AYe338tJ1QA+sHuXHsN8ZVtY3b+51O
> HBOYf3pgIPsSd6zXkjaSRoOAhVc9G5sbJHx8ycQt+yAyVvXEUwrqeeRbsJeADk2s
> reaizm9WvO2kHSqP93ANNYe1QJ+rw9b5og0uoCE8x9eO+czRHbJ7LFF6/rvX+6Pn
> TIYB7AHyV8P3PHpHtBGIgaNfnvIYbqx/hzxJpLlpNEcS2zARfi1YCnuNtbiH0KU/
> AKkBx5FnZvwclCA3qK2oqBnSEcBUFz2yobq4wAy//qwgL2gEFNc=
> =mcpm
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
> Disclaimer : This email and any files transmitted with it are confidential
> and intended solely for intended recipients. If you are not the named
> addressee you should not disseminate, distribute, copy or alter this email.
> Any views or opinions presented in this email are solely those of the
> author and might not represent those of Physician Select Management.
> Warning: Although Physician Select Management has taken reasonable
> precautions to ensure no viruses are present in this email, the company
> cannot accept responsibility for any loss or damage arising from the use of
> this email or attachments.
>

Re: Tomcat v9 - Insecure transport vulnerability reported by Qualys

[Martin Grigorov]

hi,

On Tue, Sep 15, 2020 at 8:20 AM Pratik Shrestha  wrote:

> Hi Guys,
>
> Just wanted to know if anyone found an idea on fixing it or a workaround.
>

Did you find what is the expected behavior by Qualis ?


>
> Thanks
>
> Pratik.
>
> On Fri, Aug 28, 2020 at 10:46 AM Pratik Shrestha 
> wrote:
>
> > Hi Chris
> >
> >
> >
> >
> > *This wasn't the case for httpd for many years. I don't know what itdoes
> > these days, but it used to reply with a nice "400 Bad Request"error just
> > like Tomcat is doing. The difference is that httpd has richconfiguration
> > options to allow you to override that behavior. *
> >
> > Correct. By default HTTP also gives 400 Bad Request message. But we can
> > override this behavior by using ErrorDocument directive to redirect to
> > https URL. Currently in Tomcat this feature is not available. Tomcat has
> > RewriteValve but it does not work in this case.
> >
> > On Fri, Aug 28, 2020 at 12:30 AM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA256
> >>
> >> Merka,
> >>
> >> On 8/27/20 06:32, Phoenix, Merka wrote:
> >> > I think what the Qualys scan is trying to flag is that the server
> >> > (Tomcat) is listening for both secured and unsecured traffic on
> >> > the _same_ TCP port when the server should be listening for just
> >> > one of the two options (unsecured or secured), not both.
> >> This actually might be a semi-legitimate test. If the client says "Our
> >> policy is to only communicate using encrypted connections" and the
> >> test says "well, here's a non-encrypted connection right here!" then
> >> it makes some small amount of sense. In that case, it's all driven by
> >> policy, and the policy can say "we have a carve-out for TLS handshake
> >> failures" and then allow that particular test to pass.
> >>
> >> > The error message returned by the Tomcat service, while certainly
> >> > helpful to the remote client, is returning more information than
> >> > it should (from a security-viewpoint).
> >> Not really.
> >>
> >> > If the default behavior for Tomcat is to return this "helpful"
> >> > message for misconfigured clients, would it be reasonable for the
> >> > Connector to have an option (attribute) for turning off this
> >> > feature and simply reject with a TLS error any unsecured traffic on
> >> > the port? This would address the security concern without imposing
> >> > too much "bloat" to the Tomcat side.
> >> I think this might actually be better/easier than implementing a
> >> redirect. It's a simple flag that says "return nice errors on
> >> plaintext-over-TLS connection attempts" (or similar) and the only
> >> thing that changes is that we STOP trying to be nice to the client if
> >> the setting is set to "fail" versus "be-nice".
> >>
> >> > For most other web servers (Apache httpd, NGINX, etc.) that offer
> >> > https, the normal behavior is that when an http client tries to
> >> > speak http to server expecting https, the client sees some garbled
> >> > text (the server's TLS response to the connection attempt).
> >> This wasn't the case for httpd for many years. I don't know what it
> >> does these days, but it used to reply with a nice "400 Bad Request"
> >> error just like Tomcat is doing. The difference is that httpd has rich
> >> configuration options to allow you to override that behavior.
> >>
> >> - -chris
> >> -BEGIN PGP SIGNATURE-
> >> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> >>
> >> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9H7ZkACgkQHPApP6U8
> >> pFgOng/8DtMJkQc+MYLRm1iuCD7GZ2f2S7oQ59vFeCGAbmkiUjESvQ42QRGqIMy8
> >> 47giFc3ERm84DxyyyU7O/YDFxinOnCrC/v9A6RzpYKlZBSOq9Oy6732xTUAqGGIw
> >> +3QGPXvyjE2Vcg1iavW+7cUKN1Q9R1NGcDRRBpBL0KRQMA3NV9pxGU71/In8TQvi
> >> VZ51f7VTNXaJ2l+w6G23XBJkKQk3csFixevVzr4Xr56FLfqPxUc3m6QNu4BaHmgb
> >> c95hceV/N7tkR9yHdaRtahpZq0lhGqXbNXfqjf7kElSkRmeAZ3MSsdnFD4fBHThn
> >> xvz204xffSE71Z4W24W9gx23+Bg0y2EfPRo1CWC93rEvNRKMK6ILzLczTRA0w6QW
> >> 9zP1XC+VwC25LQOGFDgFukQVupPYiMoNSb6DRey5ZUhur6v25nevwbhM0QsAm/oO
> >> oZpreKaUMy+ZoixwGhaZ+UFiZRav7DRLSj85BjK9PqcP4VdPzFR9MarvMqLPxRoq
> >> YxL/jNet4L+29Z2tDkZv4gfGJqI7oWkfXUsBFBjj5JgXrqE94Q8PzAK87pLeU80y
> >> p3IL4krovHbu01j1fE3/aDotEvBu/wxWTCWze9+vL09a82PuTT2pihyCVqFuP9rS
> >> kP0DtVTfbaUMyD2dryjyw4q1NdLYht4y/HHkyU/3cPopCbxEopU=
> >> =4F4z
> >> -END PGP SIGNATURE-
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: users-h...@tomcat.apache.org
> >>
> >>
>

Low throughput with HTTP2

[Martin Grigorov]

Hi,

I am running some load tests on Tomcat and I've noticed that when HTTP2 is
enabled the throughput drops considerably.

Here are the steps to reproduce:

1) Enable HTTP2, e.g. by commenting out this connector:
https://github.com/apache/tomcat/blob/d381d87005fa89d1f19d9091c0954f317c135d9d/conf/server.xml#L103-L112

2) Download Vegeta load tool from:
https://github.com/tsenart/vegeta/releases/

3) Run the load tests:

3.1) HTTP/1.1
echo -e '{"method": "GET", "url": "http://localhost:8080/examples/"}' |
vegeta attack -format=json  -rate=0 -max-workers=1000 -duration=10s |
vegeta encode > /tmp/http1.json; and vegeta report -type=json
/tmp/http1.json | jq .

3.2) HTTP2
echo -e '{"method": "GET", "url": "https://localhost:8443/examples/"}' |
vegeta attack -format=json -http2 -rate=0 -max-workers=1000 -insecure
-duration=10s | vegeta encode > /tmp/http2.json; and vegeta report
-type=json /tmp/http2.json | jq .

As explained at https://github.com/tsenart/vegeta#-rate -rate=0 means that
Vegeta will try to send as many requests as possible with the configured
number of workers.
I use '-insecure' because I use self-signed certificate.

On my machine I get around 14-15K reqs/sec for HTTP1.1 with only responses
with code=200 .
But for HTTP2 Tomcat starts returning such kind of errors:

 "errors": [
"Get \"https://localhost:8443/examples/\": http2: server sent GOAWAY
and closed the connection; LastStreamID=9259, ErrCode=PROTOCOL_ERROR,
debug=\"Stream [9,151] has been closed for some time\"",
"http2: server sent GOAWAY and closed the connection;
LastStreamID=9259, ErrCode=PROTOCOL_ERROR, debug=\"Stream [9,151] has been
closed for some time\"",
"Get \"https://localhost:8443/examples/\": http2: server sent GOAWAY
and closed the connection; LastStreamID=239, ErrCode=PROTOCOL_ERROR,
debug=\"Stream [49] has been closed for some time\""
  ]

when I ask for more than 2000 reqs/sec, i.e. -rate=2000/1s


All the access logs look like:

127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
1126
127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
1126
127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
1126
127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
1126
127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
1126
127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
1126

i.e. there are no error codes, just 200.
Vegeta reports the error with status code = 0. I think this just means that
it didn't get a proper HTTP response but just TCP error.
There are no errors in catalina.out.

Are there any settings I can tune to get better throughput with HTTP2 ?

Tomcat 10.0.0-M8.

Regards,
Martin

Re: Low throughput with HTTP2

[Martin Grigorov]

On Tue, Sep 15, 2020 at 2:37 PM Martin Grigorov 
wrote:

> Hi,
>
> I am running some load tests on Tomcat and I've noticed that when HTTP2 is
> enabled the throughput drops considerably.
>
> Here are the steps to reproduce:
>
> 1) Enable HTTP2, e.g. by commenting out this connector:
>
> https://github.com/apache/tomcat/blob/d381d87005fa89d1f19d9091c0954f317c135d9d/conf/server.xml#L103-L112
>
> 2) Download Vegeta load tool from:
> https://github.com/tsenart/vegeta/releases/
>
> 3) Run the load tests:
>
> 3.1) HTTP/1.1
> echo -e '{"method": "GET", "url": "http://localhost:8080/examples/"}' |
> vegeta attack -format=json  -rate=0 -max-workers=1000 -duration=10s |
> vegeta encode > /tmp/http1.json; and vegeta report -type=json
> /tmp/http1.json | jq .
>
> 3.2) HTTP2
> echo -e '{"method": "GET", "url": "https://localhost:8443/examples/"}' |
> vegeta attack -format=json -http2 -rate=0 -max-workers=1000 -insecure
> -duration=10s | vegeta encode > /tmp/http2.json; and vegeta report
> -type=json /tmp/http2.json | jq .
>
> As explained at https://github.com/tsenart/vegeta#-rate -rate=0 means
> that Vegeta will try to send as many requests as possible with the
> configured number of workers.
> I use '-insecure' because I use self-signed certificate.
>
> On my machine I get around 14-15K reqs/sec for HTTP1.1 with only responses
> with code=200 .
> But for HTTP2 Tomcat starts returning such kind of errors:
>
>  "errors": [
> "Get \"https://localhost:8443/examples/\": http2: server sent GOAWAY
> and closed the connection; LastStreamID=9259, ErrCode=PROTOCOL_ERROR,
> debug=\"Stream [9,151] has been closed for some time\"",
> "http2: server sent GOAWAY and closed the connection;
> LastStreamID=9259, ErrCode=PROTOCOL_ERROR, debug=\"Stream [9,151] has been
> closed for some time\"",
> "Get \"https://localhost:8443/examples/\": http2: server sent GOAWAY
> and closed the connection; LastStreamID=239, ErrCode=PROTOCOL_ERROR,
> debug=\"Stream [49] has been closed for some time\""
>   ]
>
> when I ask for more than 2000 reqs/sec, i.e. -rate=2000/1s
>
>
> All the access logs look like:
>
> 127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
> 1126
> 127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
> 1126
> 127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
> 1126
> 127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
> 1126
> 127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
> 1126
> 127.0.0.1 - - [15/Sep/2020:13:59:24 +0300] "GET /examples/ HTTP/2.0" 200
> 1126
>
> i.e. there are no error codes, just 200.
> Vegeta reports the error with status code = 0. I think this just means
> that it didn't get a proper HTTP response but just TCP error.
> There are no errors in catalina.out.
>
> Are there any settings I can tune to get better throughput with HTTP2 ?
>
> Tomcat 10.0.0-M8.
>

Forgot to mention that I've also tested with JMeter +
https://github.com/Blazemeter/jmeter-http2-plugin but there it fails with
OOM if I use more than 2000 virtual users. Increasing the memory still does
not give such good results as Vegeta for HTTP/1.1. Also JMeter uses
sequential model.

For comparison, I've also tested with a simple Golang based HTTP2 server:

http2-server.go:
==
package main

import (
"fmt"
"log"
"net/http"
"os"
)

func main() {

port := 8080
if port == "" {
  log.Fatal("Please specify the HTTP port as environment variable, e.g.
env PORT=8081 go run http-server.go")
}

tls_root := "/path/to/certs/"
srv := &http.Server{Addr: ":" + port, Handler: http.HandlerFunc(handle)}
log.Fatal(srv.ListenAndServeTLS(tls_root + "server.crt", tls_root +
"server.key"))
}

func handle(w http.ResponseWriter, r *http.Request) {
//log.Printf("Got connection: %s", r.Proto) // prints HTTP/2.0
fmt.Fprintf(w, "Hello World")
}
==

Here Vegeta makes around 13K reqs/sec without error responses.

To run this app do: go run http2-server.go


> Regards,
> Martin
>

Re: Low throughput with HTTP2

[Martin Grigorov]

Hi Mark,

On Tue, Sep 15, 2020 at 3:34 PM Mark Thomas  wrote:

> On 15/09/2020 12:46, Martin Grigorov wrote:
> > On Tue, Sep 15, 2020 at 2:37 PM Martin Grigorov 
> > wrote:
> >
> >> Hi,
> >>
> >> I am running some load tests on Tomcat and I've noticed that when HTTP2
> is
> >> enabled the throughput drops considerably.
> >>
> >> Here are the steps to reproduce:
> >>
> >> 1) Enable HTTP2, e.g. by commenting out this connector:
> >>
> >>
> https://github.com/apache/tomcat/blob/d381d87005fa89d1f19d9091c0954f317c135d9d/conf/server.xml#L103-L112
> >>
> >> 2) Download Vegeta load tool from:
> >> https://github.com/tsenart/vegeta/releases/
> >>
> >> 3) Run the load tests:
> >>
> >> 3.1) HTTP/1.1
> >> echo -e '{"method": "GET", "url": "http://localhost:8080/examples/"}' |
> >> vegeta attack -format=json  -rate=0 -max-workers=1000 -duration=10s |
> >> vegeta encode > /tmp/http1.json; and vegeta report -type=json
> >> /tmp/http1.json | jq .
> >>
> >> 3.2) HTTP2
> >> echo -e '{"method": "GET", "url": "https://localhost:8443/examples/"}'
> |
> >> vegeta attack -format=json -http2 -rate=0 -max-workers=1000 -insecure
> >> -duration=10s | vegeta encode > /tmp/http2.json; and vegeta report
> >> -type=json /tmp/http2.json | jq .
> >>
> >> As explained at https://github.com/tsenart/vegeta#-rate -rate=0 means
> >> that Vegeta will try to send as many requests as possible with the
> >> configured number of workers.
> >> I use '-insecure' because I use self-signed certificate.
> >>
> >> On my machine I get around 14-15K reqs/sec for HTTP1.1 with only
> responses
> >> with code=200 .
> >> But for HTTP2 Tomcat starts returning such kind of errors:
> >>
> >>  "errors": [
> >> "Get \"https://localhost:8443/examples/\": http2: server sent
> GOAWAY
> >> and closed the connection; LastStreamID=9259, ErrCode=PROTOCOL_ERROR,
> >> debug=\"Stream [9,151] has been closed for some time\"",
> >> "http2: server sent GOAWAY and closed the connection;
> >> LastStreamID=9259, ErrCode=PROTOCOL_ERROR, debug=\"Stream [9,151] has
> been
> >> closed for some time\"",
> >> "Get \"https://localhost:8443/examples/\": http2: server sent
> GOAWAY
> >> and closed the connection; LastStreamID=239, ErrCode=PROTOCOL_ERROR,
> >> debug=\"Stream [49] has been closed for some time\""
> >>   ]
> >>
> >> when I ask for more than 2000 reqs/sec, i.e. -rate=2000/1s
>
> That indicates that the client has sent a frame associated with a stream
> that the server closed previously and that that stream has been removed
> from the Map of known streams to make room for new ones. See
> Http2UpgardeHandler.pruneClosedStreams()
>
> It looks like the client is making assumptions about server behaviour
> that go beyond the requirements of RFC 7540, section 5.3.4.
>

This is possible!
I've just tested with two more HTTP2 impls:

1) Node.js

http2-server.js
===
const http2 = require('http2');
const fs = require('fs');

const server = http2.createSecureServer({
key: fs.readFileSync('/path/to/server.key'),
cert: fs.readFileSync('/path/to/server.crt')
});
server.on('error', (err) => console.error(err));

server.on('stream', (stream, headers) => {
// stream is a Duplex
stream.respond({
'content-type': 'text/plain; charset=utf-8',
':status': 200
});
stream.end('Hello world!');
});

server.listen(18080);
===

run with: node http2-server.js

Runs fine with -rate=0 and gives around 8K reqs/sec

2) Rust

Cargo.toml
===
[package]
name = "my-http2-server"
version = "0.0.1"
publish = false
authors = ["Martin Grigorov "]
license = "MIT/Apache-2.0"
description = "Load test HTTP/2 "
repository = "https://github.com/martin-g/http2-server-rust";
keywords = ["http2"]
edition = "2018"

[dependencies]
actix-web = { version = "3", features = ["openssl"] }
openssl = { version = "0.10", features = ["v110"] }
===

src/mai

Re: Low throughput with HTTP2

[Martin Grigorov]

Hi Chris,

On Tue, Sep 15, 2020 at 5:09 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Martin,
>
> On 9/15/20 07:37, Martin Grigorov wrote:
> > I am running some load tests on Tomcat and I've noticed that when
> > HTTP2 is enabled the throughput drops considerably.
> >
> > Here are the steps to reproduce:
> >
> > 1) Enable HTTP2, e.g. by commenting out this connector:
> > https://github.com/apache/tomcat/blob/d381d87005fa89d1f19d9091c0954f31
> 7c135d9d/conf/server.xml#L103-L112
> <https://github.com/apache/tomcat/blob/d381d87005fa89d1f19d9091c0954f317c135d9d/conf/server.xml#L103-L112>
> >
> >  2) Download Vegeta load tool from:
> > https://github.com/tsenart/vegeta/releases/
> >
> > 3) Run the load tests:
> >
> > 3.1) HTTP/1.1 echo -e '{"method": "GET", "url":
> > "http://localhost:8080/examples/"}' | vegeta attack -format=json
> > -rate=0 -max-workers=1000 -duration=10s | vegeta encode >
> > /tmp/http1.json; and vegeta report -type=json /tmp/http1.json | jq
> > .
> >
> > 3.2) HTTP2 echo -e '{"method": "GET", "url":
> > "https://localhost:8443/examples/"}' | vegeta attack -format=json
> > -http2 -rate=0 -max-workers=1000 -insecure -duration=10s | vegeta
> > encode > /tmp/http2.json; and vegeta report -type=json
> > /tmp/http2.json | jq .
>
> You are using HTTP with 1.1 and HTTPS with h2. Maybe you are seeing
> CPU slowdown for the (probably double encryption) taking place on the
> same host?
>

I've tested against HTTPS without H2 - it makes 13K reqs/sec here, i.e. 2-3
K less than HTTP.
The above numbers are when I use the examples' index.html page as a target.
When I use

=
package load.servlet;

import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;

@WebServlet(urlPatterns = PlainTextServlet.URL_PATTERN)
public class PlainTextServlet extends HttpServlet {

  static final String URL_PATTERN = "/servlet/plaintext";
  private static final String CONTENT_TYPE = "text/plain;charset=UTF-8";
  private static final byte[] CONTENT = "Hello
world!".getBytes(StandardCharsets.UTF_8);
  private static final int CONTENT_LENGTH = CONTENT.length;

  @Override
  protected void doGet(final HttpServletRequest req, final
HttpServletResponse resp) throws IOException {
resp.setContentType(CONTENT_TYPE);
resp.setContentLength(CONTENT_LENGTH);
resp.getOutputStream().write(CONTENT);
  }
}
=

I can get 33-35 K reqs/sec with HTTP



>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9gyyIACgkQHPApP6U8
> pFiNUxAAnUQVU73nNitIyn6zD9t4JfkLIv/AKTlds4/W/p6TRtIQgTX7nIJjGDfw
> BOKznCHmieMJon4rMZ3d8GFhmUP8CawQlJHpqABeITBzLZZ5x9fuOf22G6HJb3r+
> +k0qDoKzFTWlJuWLwaLZHy6fO9ugi4OPAW0G0efa2T6sTDZzImGnjmoZ5PWBExoz
> mXmYWnZeP7R+3QkAWUYArJh9yPEJyIb9nFX1YKZ1l5Erzrn0F9uEYFgWT/UkQoKM
> L65AMh/qEvzJhP2wHOLm4NfAiNO4OgTmo+nm4F/SIMGFNURPFi2sl/jTUHVAzEa4
> mAqlJqX1swimyjjsunlfhbU/bApvVFsYSPuSYcZmLN1lkmaQOAuWHnZdd4e9h+tt
> rhoKXipk8OairYzwQsPVnzCTHaiAhOXJ3MSE966YwlvhSMOoqDsN3y7ySrboresD
> iC0cDo+43/wR3IQlOJYFxcFX+tI2Y29ZjrX/IwnJXuVyU095YZWmRFC2JgRfzBtI
> toM2ofpqnSBaS22ZBTbqp+q1QxRZfC3r0vuvuiXK620QRcbk1Ya0+U17LOIEYnuY
> URY94kL80upiADQMIdryq4ubRAma2t0s5c6JuO/QqsXVjJfawlRGQA5arORgfE2J
> yDCscyyFCHitEGTglIJUXW/KfFPtraWnON3TSCm7dQ55EmInxpc=
> =76Zf
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Low throughput with HTTP2

[Martin Grigorov]

Hi Remy,

On Tue, Sep 15, 2020 at 6:16 PM Rémy Maucherat  wrote:

> On Tue, Sep 15, 2020 at 5:08 PM Martin Grigorov 
> wrote:
>
> > Hi Mark,
> >
> > On Tue, Sep 15, 2020 at 3:34 PM Mark Thomas  wrote:
> >
> > > On 15/09/2020 12:46, Martin Grigorov wrote:
> > > > On Tue, Sep 15, 2020 at 2:37 PM Martin Grigorov <
> mgrigo...@apache.org>
> > > > wrote:
> > > >
> > > >> Hi,
> > > >>
> > > >> I am running some load tests on Tomcat and I've noticed that when
> > HTTP2
> > > is
> > > >> enabled the throughput drops considerably.
> > > >>
> > > >> Here are the steps to reproduce:
> > > >>
> > > >> 1) Enable HTTP2, e.g. by commenting out this connector:
> > > >>
> > > >>
> > >
> >
> https://github.com/apache/tomcat/blob/d381d87005fa89d1f19d9091c0954f317c135d9d/conf/server.xml#L103-L112
> > > >>
> > > >> 2) Download Vegeta load tool from:
> > > >> https://github.com/tsenart/vegeta/releases/
> > > >>
> > > >> 3) Run the load tests:
> > > >>
> > > >> 3.1) HTTP/1.1
> > > >> echo -e '{"method": "GET", "url": "http://localhost:8080/examples/
> "}'
> > |
> > > >> vegeta attack -format=json  -rate=0 -max-workers=1000 -duration=10s
> |
> > > >> vegeta encode > /tmp/http1.json; and vegeta report -type=json
> > > >> /tmp/http1.json | jq .
> > > >>
> > > >> 3.2) HTTP2
> > > >> echo -e '{"method": "GET", "url": "https://localhost:8443/examples/
> > "}'
> > > |
> > > >> vegeta attack -format=json -http2 -rate=0 -max-workers=1000
> -insecure
> > > >> -duration=10s | vegeta encode > /tmp/http2.json; and vegeta report
> > > >> -type=json /tmp/http2.json | jq .
> > > >>
> > > >> As explained at https://github.com/tsenart/vegeta#-rate -rate=0
> means
> > > >> that Vegeta will try to send as many requests as possible with the
> > > >> configured number of workers.
> > > >> I use '-insecure' because I use self-signed certificate.
> > > >>
> > > >> On my machine I get around 14-15K reqs/sec for HTTP1.1 with only
> > > responses
> > > >> with code=200 .
> > > >> But for HTTP2 Tomcat starts returning such kind of errors:
> > > >>
> > > >>  "errors": [
> > > >> "Get \"https://localhost:8443/examples/\": http2: server sent
> > > GOAWAY
> > > >> and closed the connection; LastStreamID=9259,
> ErrCode=PROTOCOL_ERROR,
> > > >> debug=\"Stream [9,151] has been closed for some time\"",
> > > >> "http2: server sent GOAWAY and closed the connection;
> > > >> LastStreamID=9259, ErrCode=PROTOCOL_ERROR, debug=\"Stream [9,151]
> has
> > > been
> > > >> closed for some time\"",
> > > >> "Get \"https://localhost:8443/examples/\": http2: server sent
> > > GOAWAY
> > > >> and closed the connection; LastStreamID=239, ErrCode=PROTOCOL_ERROR,
> > > >> debug=\"Stream [49] has been closed for some time\""
> > > >>   ]
> > > >>
> > > >> when I ask for more than 2000 reqs/sec, i.e. -rate=2000/1s
> > >
> > > That indicates that the client has sent a frame associated with a
> stream
> > > that the server closed previously and that that stream has been removed
> > > from the Map of known streams to make room for new ones. See
> > > Http2UpgardeHandler.pruneClosedStreams()
> > >
> > > It looks like the client is making assumptions about server behaviour
> > > that go beyond the requirements of RFC 7540, section 5.3.4.
> > >
> >
> > This is possible!
> > I've just tested with two more HTTP2 impls:
> >
> > 1) Node.js
> >
> > http2-server.js
> > ===
> > const http2 = require('http2');
> > const fs = require('fs');
> >
> > const server = http2.createSecureServer({
> > key: fs.readFileSync('/path/to/server.key'),
> > cert: fs.readFileSync('/path/to/server.c

Re: tomcat warnings. [EXTERNAL]

[Martin Grigorov]

On Thu, Sep 17, 2020, 16:07 Beard, Shawn 
wrote:

> Yes its 9.0.31.0
>

The last 0 makes me think that you have installed Tomcat by using your OS
package manager.
Try with stock Tomcat downloaded from Apache servers.


> [mwuser@usilg01-tcd003 ~]$ ./version.sh
> Using CATALINA_BASE:   /path/to/catalina_base
> Using CATALINA_HOME:   /path/to/catalina_home
> Using CATALINA_TMPDIR: /path/to/catalina_base/temp
> Using JRE_HOME:/
> Using CLASSPATH:   /path/to/catalina_base
> /bin/bootstrap.jar:/usr/apache/tomcat/tomcat-current/bin/tomcat-juli.jar
> Server version: Apache Tomcat/9.0.31
> Server built:   Feb 5 2020 19:32:12 UTC
> Server number:  9.0.31.0
> OS Name:Linux
> OS Version: 3.10.0-957.21.3.el7.x86_64
> Architecture:   amd64
> JVM Version:1.8.0_212-b04
> JVM Vendor: Oracle Corporation
>
> I do have 3 connectors, one of them is the AJP connector, could the
> warning be coming from them?
>

Remove the problematic attributes from each connector one by one and see
when the warnings will disappear.


> Below is all 3 connectors:
>
> connectionTimeout="2"
>Server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>redirectPort="9443"
>
>  
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />
>
> protocol="org.apache.coyote.http11.Http11Nio2Protocol"
>connectionTimeout="2"
>Server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>scheme="https"
>secure="true"
>SSLEnabled="true"
>sslEnabledProtocols="+TLSv1.2"
>keystoreFile="/path/to/tuststore/TomcatTrustStore.p12"
>truststoreFile="/path/to/keystore/TomcatTrustStore.p12"
>keystorePass="XXX"
>truststorePass="XX"
>
> ciphers="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
>
>  
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />
>
> address="hostname"
>secretRequired="false"
>connectionTimeout="2"
>server=" "
>maxHttpHeaderSize="8192"
>maxThreads="500"
>minSpareThreads="30"
>enableLookups="false"
>disableUploadTimeout="true"
>acceptCount="150"
>redirectPort="9443"
>scheme="https"
>secure="true"
>
>  
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
>compression="on"
>compressionMinSize="2048"
>noCompressionUserAgents="gozilla,traviata" />
>
>
>
> Shawn Beard
> Sr. Systems Engineer
> BTS
> +1-515-564-2528
>
> -Original Message-
> From: Mark Thomas 
> Sent: Thursday, September 17, 2020 3:19 AM
> To: users@tomcat.apache.org
> Subject: Re: tomcat warnings. [EXTERNAL]
>
> ** CAUTION: External message
>
>
> On 16/09/2020 20:45, Beard, Shawn wrote:
> >  >protocol="HTTP/1.1"
> >connectionTimeout="2"
> >Server=" "
> >maxHttpHeaderSize="8192"
> >maxThreads="500"
> >minSpareThreads="30"
> >enableLookups="false"
> >disableUploadTimeout="true"
> >acceptCount="150"
> >redirectPort="9444"
> >
> compressibleMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/javascript,application/x-font-woff,application/font-woff,application/pdf"
> >compression="on"
> >compressionMinSize="2048"
> >   

Re: Low throughput with HTTP2

[Martin Grigorov]

Hi,

On Wed, Sep 16, 2020 at 10:24 AM Martin Grigorov 
wrote:

> Hi Remy,
>
> On Tue, Sep 15, 2020 at 6:16 PM Rémy Maucherat  wrote:
>
>> On Tue, Sep 15, 2020 at 5:08 PM Martin Grigorov 
>> wrote:
>>
>> > Hi Mark,
>> >
>> > On Tue, Sep 15, 2020 at 3:34 PM Mark Thomas  wrote:
>> >
>> > > On 15/09/2020 12:46, Martin Grigorov wrote:
>> > > > On Tue, Sep 15, 2020 at 2:37 PM Martin Grigorov <
>> mgrigo...@apache.org>
>> > > > wrote:
>> > > >
>> > > >> Hi,
>> > > >>
>> > > >> I am running some load tests on Tomcat and I've noticed that when
>> > HTTP2
>> > > is
>> > > >> enabled the throughput drops considerably.
>> > > >>
>> > > >> Here are the steps to reproduce:
>> > > >>
>> > > >> 1) Enable HTTP2, e.g. by commenting out this connector:
>> > > >>
>> > > >>
>> > >
>> >
>> https://github.com/apache/tomcat/blob/d381d87005fa89d1f19d9091c0954f317c135d9d/conf/server.xml#L103-L112
>> > > >>
>> > > >> 2) Download Vegeta load tool from:
>> > > >> https://github.com/tsenart/vegeta/releases/
>> > > >>
>> > > >> 3) Run the load tests:
>> > > >>
>> > > >> 3.1) HTTP/1.1
>> > > >> echo -e '{"method": "GET", "url": "http://localhost:8080/examples/
>> "}'
>> > |
>> > > >> vegeta attack -format=json  -rate=0 -max-workers=1000
>> -duration=10s |
>> > > >> vegeta encode > /tmp/http1.json; and vegeta report -type=json
>> > > >> /tmp/http1.json | jq .
>> > > >>
>> > > >> 3.2) HTTP2
>> > > >> echo -e '{"method": "GET", "url": "
>> https://localhost:8443/examples/
>> > "}'
>> > > |
>> > > >> vegeta attack -format=json -http2 -rate=0 -max-workers=1000
>> -insecure
>> > > >> -duration=10s | vegeta encode > /tmp/http2.json; and vegeta report
>> > > >> -type=json /tmp/http2.json | jq .
>> > > >>
>> > > >> As explained at https://github.com/tsenart/vegeta#-rate -rate=0
>> means
>> > > >> that Vegeta will try to send as many requests as possible with the
>> > > >> configured number of workers.
>> > > >> I use '-insecure' because I use self-signed certificate.
>> > > >>
>> > > >> On my machine I get around 14-15K reqs/sec for HTTP1.1 with only
>> > > responses
>> > > >> with code=200 .
>> > > >> But for HTTP2 Tomcat starts returning such kind of errors:
>> > > >>
>> > > >>  "errors": [
>> > > >> "Get \"https://localhost:8443/examples/\": http2: server sent
>> > > GOAWAY
>> > > >> and closed the connection; LastStreamID=9259,
>> ErrCode=PROTOCOL_ERROR,
>> > > >> debug=\"Stream [9,151] has been closed for some time\"",
>> > > >> "http2: server sent GOAWAY and closed the connection;
>> > > >> LastStreamID=9259, ErrCode=PROTOCOL_ERROR, debug=\"Stream [9,151]
>> has
>> > > been
>> > > >> closed for some time\"",
>> > > >> "Get \"https://localhost:8443/examples/\": http2: server sent
>> > > GOAWAY
>> > > >> and closed the connection; LastStreamID=239,
>> ErrCode=PROTOCOL_ERROR,
>> > > >> debug=\"Stream [49] has been closed for some time\""
>> > > >>   ]
>> > > >>
>> > > >> when I ask for more than 2000 reqs/sec, i.e. -rate=2000/1s
>> > >
>> > > That indicates that the client has sent a frame associated with a
>> stream
>> > > that the server closed previously and that that stream has been
>> removed
>> > > from the Map of known streams to make room for new ones. See
>> > > Http2UpgardeHandler.pruneClosedStreams()
>> > >
>> > > It looks like the client is making assumptions about server behaviour
>> > > that go beyond the requirements of RFC 7540, section 5.3.4.
>> > >
>&

Re: Low throughput with HTTP2

[Martin Grigorov]

On Fri, Sep 18, 2020 at 10:48 AM Martin Grigorov 
wrote:

> Hi,
>
> On Wed, Sep 16, 2020 at 10:24 AM Martin Grigorov 
> wrote:
>
>> Hi Remy,
>>
>> On Tue, Sep 15, 2020 at 6:16 PM Rémy Maucherat  wrote:
>>
>>> On Tue, Sep 15, 2020 at 5:08 PM Martin Grigorov 
>>> wrote:
>>>
>>> > Hi Mark,
>>> >
>>> > On Tue, Sep 15, 2020 at 3:34 PM Mark Thomas  wrote:
>>> >
>>> > > On 15/09/2020 12:46, Martin Grigorov wrote:
>>> > > > On Tue, Sep 15, 2020 at 2:37 PM Martin Grigorov <
>>> mgrigo...@apache.org>
>>> > > > wrote:
>>> > > >
>>> > > >> Hi,
>>> > > >>
>>> > > >> I am running some load tests on Tomcat and I've noticed that when
>>> > HTTP2
>>> > > is
>>> > > >> enabled the throughput drops considerably.
>>> > > >>
>>> > > >> Here are the steps to reproduce:
>>> > > >>
>>> > > >> 1) Enable HTTP2, e.g. by commenting out this connector:
>>> > > >>
>>> > > >>
>>> > >
>>> >
>>> https://github.com/apache/tomcat/blob/d381d87005fa89d1f19d9091c0954f317c135d9d/conf/server.xml#L103-L112
>>> > > >>
>>> > > >> 2) Download Vegeta load tool from:
>>> > > >> https://github.com/tsenart/vegeta/releases/
>>> > > >>
>>> > > >> 3) Run the load tests:
>>> > > >>
>>> > > >> 3.1) HTTP/1.1
>>> > > >> echo -e '{"method": "GET", "url": "
>>> http://localhost:8080/examples/"}'
>>> > |
>>> > > >> vegeta attack -format=json  -rate=0 -max-workers=1000
>>> -duration=10s |
>>> > > >> vegeta encode > /tmp/http1.json; and vegeta report -type=json
>>> > > >> /tmp/http1.json | jq .
>>> > > >>
>>> > > >> 3.2) HTTP2
>>> > > >> echo -e '{"method": "GET", "url": "
>>> https://localhost:8443/examples/
>>> > "}'
>>> > > |
>>> > > >> vegeta attack -format=json -http2 -rate=0 -max-workers=1000
>>> -insecure
>>> > > >> -duration=10s | vegeta encode > /tmp/http2.json; and vegeta report
>>> > > >> -type=json /tmp/http2.json | jq .
>>> > > >>
>>> > > >> As explained at https://github.com/tsenart/vegeta#-rate -rate=0
>>> means
>>> > > >> that Vegeta will try to send as many requests as possible with the
>>> > > >> configured number of workers.
>>> > > >> I use '-insecure' because I use self-signed certificate.
>>> > > >>
>>> > > >> On my machine I get around 14-15K reqs/sec for HTTP1.1 with only
>>> > > responses
>>> > > >> with code=200 .
>>> > > >> But for HTTP2 Tomcat starts returning such kind of errors:
>>> > > >>
>>> > > >>  "errors": [
>>> > > >> "Get \"https://localhost:8443/examples/\": http2: server sent
>>> > > GOAWAY
>>> > > >> and closed the connection; LastStreamID=9259,
>>> ErrCode=PROTOCOL_ERROR,
>>> > > >> debug=\"Stream [9,151] has been closed for some time\"",
>>> > > >> "http2: server sent GOAWAY and closed the connection;
>>> > > >> LastStreamID=9259, ErrCode=PROTOCOL_ERROR, debug=\"Stream [9,151]
>>> has
>>> > > been
>>> > > >> closed for some time\"",
>>> > > >> "Get \"https://localhost:8443/examples/\": http2: server sent
>>> > > GOAWAY
>>> > > >> and closed the connection; LastStreamID=239,
>>> ErrCode=PROTOCOL_ERROR,
>>> > > >> debug=\"Stream [49] has been closed for some time\""
>>> > > >>   ]
>>> > > >>
>>> > > >> when I ask for more than 2000 reqs/sec, i.e. -rate=2000/1s
>>> > >
>>> > > That indicates that the client has sent a frame associated with a
>>> stream
>>> > > that the server closed previously and tha