How to prevent Tomcat redirect my request
Hi all, I deployed a web application foo.war into tomcat 5.x . When I used httpclient to send post request to http://localhost:8080/foo;, I always get the http 302 redirect response . How can I prevent Tomcat to reply redirect response and directly adding the slash to my request url http://localhost:8080/foo/; to get what I want . I see web browser can automcatically resend the request to redirected location but httpclient can not. Is there configurations for that ? Could anyone shed some lights ? Thanks Jim
Re: How to add multiple SSL Certificates to Tomcat Server
Hi, Are you talking about importing multiple certificates in tomcat keystore? If yes, you can use keytool.exe to import certificates inside tomcat keystore. The sample is given below: keytool -genkey -v -alias cert1 -import -v -file C:/cert/cert1.cer -keystore C:/cert/tomcat.keystore -storepass password The pre-requisite is that the keystore file(tomcat.keystore in this case) should be present and password is tomcat keystore password. Here, we're importing 'cert1.cer' in tomcat keystore using the alias cert1. You can import another certificate, say 'cert2.cer' by specifying another alias, say cert2 in the above command. Hope that helps!! Regards, Sameek Bhaumik From: Suneel Saguturu [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Thursday, 20 November, 2008 1:04:50 PM Subject: How to add multiple SSL Certificates to Tomcat Server All- I am facing one problem, i.e. I have to configure two SSL certificates to JBoss server, I know they are internally using Tomcat for web container. Is it possible to add multiple Certificates to one server instance itself? If so, then how? Please help on this... any help is appreciated. Thanks in advance... Thanks Regards, - Suneel Saguturu. Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
Re: Hard limits in Tomcat?
Dear Leon, Oh, don't be so dramatic. There is a whole world out there of smaller companies that have one or two Tomcat servers in production, running on the cheapest shared server environment they could find. This product targets companies that have two or three developers, one of whom has been pressed into doing the admin role on the side. yes, but why should they give their very sensitive data into the hand of someone? You understand that tomcat operation profile provides perfect opportunity for a potential attacker or competitor? Especially when there are tools which does the same without giving the data away. I see, so you are saying that Tomcat's JMX stats are very sensitive. Is that true in all cases? For each and every running instance of Tomcat? This is basically the same discussion as is currently raging between using internal mail servers and using Google's. I note that both you and I are using Google mail. Some company policies forbid the use of external mail systems precisely for the reasons you suggest. I've even worked at companies that firewalled hotmail.com to keep their employees off of it. Other companies decide to outsource all of their mail services to Google for the convenience and savings it offers. I apologize if the operational model of Java-monitor startled you. That was not my intention. It works this way because that takes the care and feeding of the monitoring platform away from the user. Some people like that while others, such as yourself, prefer not to work like this. Why dont you just supply another web/app which collects the data locally in the customers environment? Well, it's kind'a hard to send out an e-mail message that your app server has died, when the monitor is running inside that very same server. Also, I have plans for rules processing that should help predict server death. I'm not sure everyone will want to have the overhead of such processing in their operational environment. I'm not asking anyone to switch away from their existing tools. I'm certainly not suggesting that you use it, as Java-monitor is clearly not suited for your environment. -- Kees Jan http://java-monitor.com/forum/ [EMAIL PROTECTED] 06-51838192 Human beings make life so interesting. Do you know that in a universe so full of wonders, they have managed to invent boredom. Quite astonishing... -- Terry Partchett - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to prevent Tomcat redirect my request
Dear Jim, I deployed a web application foo.war into tomcat 5.x . When I used httpclient to send post request to http://localhost:8080/foo;, I always get the http 302 redirect response . How can I prevent Tomcat to reply redirect response and directly adding the slash to my request url http://localhost:8080/foo/; to get what I want . I see web browser can automcatically resend the request to redirected location but httpclient can not. Is there configurations for that ? Could anyone shed some lights ? I usually use httpunit, not httpclient. The advantage is that it does all the cookies, 302 responses and lord knows what else in the HTTP protocol, allowing me to focus on the logic instead of the protocol. Maybe that's an alternative route for you, if Tomcat cannot be stopped from redirecting your app. -- Kees Jan http://java-monitor.com/forum/ [EMAIL PROTECTED] 06-51838192 Rule 1 for being in a hole: stop digging. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to add multiple SSL Certificates to Tomcat Server
Hi, Thanks for replying fast I already installed but I want to validate the user requests based on URL (domain name)... I have 2 certificates installed I am able to use only one of them, let's say 1. Myhome.com 2. Myoffice.com. If any request comes to myhome.com then I want to throw myhome.com related certificate otherwise myoffice.com related certificate. I was able to achieve the same thing with multiple virtual IP’s, but my admin wants by domain name. Hope I am able to explain my problem… Thanks Regards, - Suneel Saguturu. -Original Message- From: Sameek Bhaumik [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2008 2:53 PM To: Tomcat Users List Subject: Re: How to add multiple SSL Certificates to Tomcat Server Hi, Are you talking about importing multiple certificates in tomcat keystore? If yes, you can use keytool.exe to import certificates inside tomcat keystore. The sample is given below: keytool -genkey -v -alias cert1 -import -v -file C:/cert/cert1.cer -keystore C:/cert/tomcat.keystore -storepass password The pre-requisite is that the keystore file(tomcat.keystore in this case) should be present and password is tomcat keystore password. Here, we're importing 'cert1.cer' in tomcat keystore using the alias cert1. You can import another certificate, say 'cert2.cer' by specifying another alias, say cert2 in the above command. Hope that helps!! Regards, Sameek Bhaumik From: Suneel Saguturu [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Thursday, 20 November, 2008 1:04:50 PM Subject: How to add multiple SSL Certificates to Tomcat Server All- I am facing one problem, i.e. I have to configure two SSL certificates to JBoss server, I know they are internally using Tomcat for web container. Is it possible to add multiple Certificates to one server instance itself? If so, then how? Please help on this... any help is appreciated. Thanks in advance... Thanks Regards, - Suneel Saguturu. Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
Re: How to prevent Tomcat redirect my request
Great thanks , Kees. I will try httpunit . I still want to know if it is possible to stop Tomcat from redirecting. If yes, that will be zero code effort for our current implementation. Thanks Jim On Thu, Nov 20, 2008 at 5:51 PM, Kees Jan Koster [EMAIL PROTECTED] wrote: Dear Jim, I deployed a web application foo.war into tomcat 5.x . When I used httpclient to send post request to http://localhost:8080/foo;, I always get the http 302 redirect response . How can I prevent Tomcat to reply redirect response and directly adding the slash to my request url http://localhost:8080/foo/; to get what I want . I see web browser can automcatically resend the request to redirected location but httpclient can not. Is there configurations for that ? Could anyone shed some lights ? I usually use httpunit, not httpclient. The advantage is that it does all the cookies, 302 responses and lord knows what else in the HTTP protocol, allowing me to focus on the logic instead of the protocol. Maybe that's an alternative route for you, if Tomcat cannot be stopped from redirecting your app. -- Kees Jan http://java-monitor.com/forum/ [EMAIL PROTECTED] 06-51838192 Rule 1 for being in a hole: stop digging. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlets / JSP can't connect to MySQL in Ubuntu Server
Krapacs Ambrose wrote:
Well I thought that I had tried turning off the security manager but I
couldn't remember how I did it. I tried again by modifying
/etc/init.d/tomcat and set TOMCAT_SECURITY to no. I executed the JSP
again and EVERY TEST SUCCESSFULLY CONNECTED! Wow, finally!
So now I guess I need to determine the proper way to do this because I'm
guessing that disabling the security mangager is not smart. I really do
not know anything about the tomcat security manager so I'm not sure how
to properly allow this in security manager without disabling it
completely.
So, you see, in the end it was a TCP/IP connection issue.
But it was not at the level of your MySQL server, but at the source :
your JVM would not let your webapp do a connect to that port.
Now here comes a complication : finding where in the configuration you
need to change this thing.
That depends a bit on where you got your Tomcat from.
In the end, you should find a file named like
(tomcat_dir)/conf/catalina.policy, which contains the permissions
given to different webapps.
You should find enough examples in there to guess what you need to add
to make it work. (*)
But, the file catalina.policy may be a file that is re-created each
time you start Tomcat, from bits and pieces located somewhere else.
So check you Tomcat startup script carefully, and see whether it is
doing something like that. It may be that different bits related to
permissions are located in a series of files under /etc/tomcat/policy.d
for example. If so, then add a new file there, with the required
permissions, and it will be picked up and concatenated with the others
at the next startup, into a new catalina.policy file.
(And re-enable the security manager of course).
Maybe someone else will want to comment on the usefulness criteria of
the security manager. It does slow things down, so you may not
necessarily want to enable it.
(*) something like :
grant codeBase file:/var/lib/tomcat/webapps/yourwebapp/WEB-INF/classes/- {
permission java.net.SocketPermission localhost, connect,resolve;
permission java.net.SocketPermission *:3636, connect,resolve;
};
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to prevent Tomcat redirect my request
jim ma wrote: I still want to know if it is possible to stop Tomcat from redirecting. If yes, that will be zero code effort for our current implementation. Why is it a problem for you to use http://localhost:8080/foo/ URL? -- Mikolaj Rydzewski [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Native 6 Remote Debugging (JPDA) - SOLVED
Hi there, to those who might be trapped in the same pitfall: remote-debugging wth tomcat-native works perfectly. The issue was resolved by removin a proxy-setting within Eclipse (Ganymede): Obviously Eclipse doesn't accept information of hosts to for which the proxy has to be bypassed. Cheers Gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to prevent Tomcat redirect my request
Mikolaj Rydzewski wrote: jim ma wrote: I still want to know if it is possible to stop Tomcat from redirecting. If yes, that will be zero code effort for our current implementation. Why is it a problem for you to use http://localhost:8080/foo/ URL? I agree with the above, but in case it is not an option, you may want to look at something like this : http://www.tuckey.org/urlrewrite/ It does many more things, but I guess it can rewrite /foo into /foo/ internally too. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is it possible to hide tomcat resource from outside?
Christopher Schultz-2 wrote: Is it possible to hide an url pattern on the outside, but have it available when accessing from the server machine? There are ways to do this, but the best way depends on what you want to actually happen when someone requests a URL from /admin. So, let me know and I'll make a recommendation. I would like to serve an ordinary 404 error. To the external user, that pattern should behave as if it didn't exist. I think that can be achieved in Tomcat, but I can't find how :( -- View this message in context: http://www.nabble.com/Is-it-possible-to-%22hide%22-tomcat-resource-from-outside--tp20349038p20598970.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CometProcessor questions
Hi Filip, Hum... I need a CometProcessor (long-polling) for data push, even if requests/responses are encoded in AMF3. Everything is based on subscription to topics (Consumer) messages publication (Producer) and, while it could work with a standard servlet (polling), it won't be efficient. Anyway: my code mostly work, I'm just experiencing unexpected behaviors on (rather) heavy load: some events are invalid (getHttpRequest throws a NPE) and I'm wondering what should be done with those events (I currently try to close them). I'm also wondering what should be done when a TIMEOUT is received when a previous BEGIN event is used for writing a response: for example, after a 20s (APR timeout), it is possible (but rare) that a message is received (from another client) and dispatched so a previous BEGIN event (long-polling again) is used when writing the response. In that case, is the BEGIN event still valid? And what about the CLIENT_DISCONNECT event? I'm sorry to ask the same questions again but I would love some answers ;-) I'll try Tomcat trunk when I'll have some time. Regards, Franck. hi Franck, Franck Wolff wrote: Hi Filip, Ok, my (partly) mistake. I've missread this comment: ///GET method or application/x-www-form-urlencoded/ in BayeuxServlet.checkBayeux... Anyway, I can't change everything now and I need to read the request input stream (I'm getting AMF3 binary data), not to get a request parameter as in: if you need to stream up data, no need to do that using Bayeux, just use a regular servlet for that. String message = cometEvent.getHttpServletRequest().getParameter(Bayeux.MESSAGE_PARAMETER); When you speak about patches in the trunk, does it apply to comet support in general or the Bayeux impl, and what issue is it intented to fix? Will it be available in 6.0.19 and (approximatively) when? both, some fixes are for the Comet behavior and Bayeux will exist as an independent module. There are a few fixes already applied in the 6.0.x branch, and a couple of more are pending, waiting for review Filip Thanks for your reply, Franck. it only does POST, no GET messages, there is a patch pending (and one already applied) for 6.0 when it comes to comet, so testing with trunk would be best Filpi Franck Wolff wrote: Hi again, I just checked the Bayeux in Tomcat and it cannot work for me: it seems to only support GET request (am I wrong?)... Regards, Franck. Hi, Thanks for your reply! I didn't know about this Bayeux impl in Tomcat, so I developed my own implementation (that is not strictly conforming to the spec, just very close). I'm going to check this module and see if I can get some hints. What about the CLIENT_DISCONNECT event sub type? Any hints? Regards, Franck. hi Franck, are you using this Bayeux impl? http://svn.apache.org/viewvc/tomcat/trunk/modules/bayeux/ or do you have your own? Filip Franck Wolff wrote: Hi, I'm developing Tomcat/Comet support for Granite Data Service http://www.graniteds.org (Flex clients) and I've got few questions about CometEvents processing. Basically, my implementation is based on the Bayeux protocol (long-polling only) and two connections (command/tunnel) are opened for each clients (producer/consumer). I use a thread pool in order to dispatch received messages to each consumer subscribed to the relevant topic. Here are my questions: 1. What should happen exactly if Tomcat send a timeout event when the current event (ie: a previous BEGIN event whose request input stream was fully read when it was received) is used for writing a response? Is this previous BEGIN still valid and may be used to write the response? If not, should it be close right away and may I use the timeout event instead or should I wait for a next BEGIN event? Is it the same event instance whose type/subtype has changed? 2. Tomcat send me sometime (rather rare but it happens) invalid END events (getHttpServletRequest() issues a NullPointerException). I'm just trying by now to close them and it don't affect my application behavior but I'm wondering why those invalid event aren't thrown away by Tomcat from the beginning and what should be done exactly with them? 3. I'm never receiving any ERROR event except for TIMEOUTs. I would be of course very interested in CLIENT_DISCONNECT events but I couldn't find any case where Tomcat would send me this handful event... I was expecting this event to be raised when the client app is closed or the net connection broken but Tomcat just stops sending me TIMEOUT events. It may be useful to say that I'm using APR and not NIO... 3. Would it be possible to use the Tomcat pool thread for sending the responses instead of creating and managing my own thread pool (I'm using standard Runnable objects submitted to my own pool but I could submit them to any other thread pool as well)? 4. Under stress tests (12 clients sending 10 messages/sec. while listening for the same
RE: please help me how to configure SSL 2 way on tamcat webser by using .net client. can anybody solve this problem
Do we have any solution ssl 2 way configuration on tamcat webserver through .Net Client -Original Message- From: Chandra Madhumanchi (cmadhuma) Sent: Wednesday, November 19, 2008 11:16 AM To: users@tomcat.apache.org Subject: please help me how to configure SSL 2 way on tamcat webser by using .net client. Hi when i am validating client certificate by using .net class(sslStream) http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.as px i am getting error like SSPI failed. Actually in server.xml i configure clientAuth as True. !-- Define a SSL HTTP/1.1 Connector on port 8443 -- Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=true sslProtocol=TLS keystoreFile=server.keystore keystorePass=123456 / Do i need to do any other settings come out the problem. Could you please provide any sample solution how to validate client certificate on tamcat webserver through .Net client. Regards Chandra Madhumanchi http://www.cisco.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is it possible to hide tomcat resource from outside?
espinchi wrote: Christopher Schultz-2 wrote: Is it possible to hide an url pattern on the outside, but have it available when accessing from the server machine? There are ways to do this, but the best way depends on what you want to actually happen when someone requests a URL from /admin. So, let me know and I'll make a recommendation. I would like to serve an ordinary 404 error. To the external user, that pattern should behave as if it didn't exist. I think that can be achieved in Tomcat, but I can't find how :( I'm beginning to sound as if I had a sales commission on that module, but I really like it.. Also, there might be a better method, but what I'm thinking of would be based on this module : http://www.tuckey.org/urlrewrite/ You can test from where the request is coming, and in case it is not from inside, re-direct it to some standard html page that you would create on your server, and would look like a 404 response. I mean that it would not actually be a 404 response (it would be a normal 200 OK response), but the content of the page would be sorry, this URL could not be found. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is it possible to hide tomcat resource from outside?
That's cool, but a little overkill for some use cases. For instance, in a portlet-based portal application, you might have individual portlets registered to the patterns /PortletInvoker/MyPortletName. We need the portal to access them, but a user shouldn't be able to access a portlet directly from a URL like http://myserver/PortletInvoker/MyPortletName;, so I'd like to serve a 404 before that portlet (ie, the servlet that manages it) is hit. Is there any simple solutions to this problem in Tomcat? Thanks! awarnier wrote: I'm beginning to sound as if I had a sales commission on that module, but I really like it.. Also, there might be a better method, but what I'm thinking of would be based on this module : http://www.tuckey.org/urlrewrite/ You can test from where the request is coming, and in case it is not from inside, re-direct it to some standard html page that you would create on your server, and would look like a 404 response. I mean that it would not actually be a 404 response (it would be a normal 200 OK response), but the content of the page would be sorry, this URL could not be found. -- View this message in context: http://www.nabble.com/Is-it-possible-to-%22hide%22-tomcat-resource-from-outside--tp20349038p20599645.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlets / JSP can't connect to MySQL in Ubuntu Server
On Nov 20, 2008, at 5:16 , André Warnier wrote:
So, you see, in the end it was a TCP/IP connection issue.
But it was not at the level of your MySQL server, but at the
source : your JVM would not let your webapp do a connect to that
port.
Now here comes a complication : finding where in the configuration
you need to change this thing.
That depends a bit on where you got your Tomcat from.
In the end, you should find a file named like (tomcat_dir)/conf/
catalina.policy, which contains the permissions given to different
webapps.
You should find enough examples in there to guess what you need to
add to make it work. (*)
But, the file catalina.policy may be a file that is re-created
each time you start Tomcat, from bits and pieces located somewhere
else.
So check you Tomcat startup script carefully, and see whether it is
doing something like that. It may be that different bits related to
permissions are located in a series of files under /etc/tomcat/
policy.d for example. If so, then add a new file there, with the
required permissions, and it will be picked up and concatenated with
the others at the next startup, into a new catalina.policy file.
(And re-enable the security manager of course).
Maybe someone else will want to comment on the usefulness criteria
of the security manager. It does slow things down, so you may not
necessarily want to enable it.
(*) something like :
grant codeBase file:/var/lib/tomcat/webapps/yourwebapp/WEB-INF/
classes/- {
permission java.net.SocketPermission localhost,
connect,resolve;
permission java.net.SocketPermission *:3636, connect,resolve;
};
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
I have to say that I do not think Tomcat is doing the right thing in
this particular situation. There should be some sort of security
exception being thrown indicating that the socket connection was being
block by tomcat's security manager. I did play around a little bit
with the policy files in my /var/lib/tomcat6/conf/policy.d directory
and I believe I found where I need to do this because I found an
example policy very similar to what you suggested. I got it to work
without too much trouble but then I ran into other security problems
with my application reading and writing files within its WEB-INF
directory so I will have to spend some more time with the tomcat docs
and figure out what permissions my application requires. After days of
troubleshooting this I'm more than happy with turning off the security
manager and spending some time learning how to actually configure it
properly.
Thanks again!
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
returning error messages from tomcat to http clients?
Hi, I'm encountering the following problem and just wanted to find out if there is a way to disable this in tomcat? In my web app in tomcat, I do the following - response.setError(My error message); but when tomcat returns the response, it detects that the connecting client is using http and then embeds the error message in html - is there a way to stop this and just get tomcat to return my error message? Thanks, Padraig O'Dowd - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat virtual host
Hi, I deployed my webapp svn.war on webapps directory of tomcat 6. I configured localy a virtual host with tomcat 6, but it does not work. This url works : http://localhost:8080/svn/ But when i use the virtual host, it does not works : http://mysvn:8080/ This is a part of server.xml : ... Host name=mysvn appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=mysvn_log. suffix=.txt pattern=combined resolveHosts=false/ /Host ... Help please. Thank's - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL setup question
I'm having a problem setting up SSL with Tomcat. The situation is this: I have a system running IBM's Netcool/Portal software. We added SSL to the Portal a while back. I created a certificate for the machine. However, Netcool/Portal does not create a keystore file - you simply copy the certificate as a text file into a specific directory and it works from there. Netcool/Portal has its own version of the JDK. Now, on the same machine, I have installed a current JDK (v1.6) and my own installation of Tomcat (v6.0.16). Runs just fine on port 8080. I want to add SSL capability to the Tomcat setup so I can talk to it using https. I created a keystore file using the certificate we generated for Netcool, as follows: keytool -importcert -v -trustcacerts -alias tomcat -keystore path_to_keystore/keystore.kdb -file /opt/netcool/portal/path_to_cert/server.crt Then, keytool -list -keystore ./keystore.kdb Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Nov 20, 2008, trustedCertEntry, Certificate fingerprint (MD5): 11:87:A8:7C:BB:55:AC:68:46:34:4F:45:7D:62:9C:AF So I have a keystore. I set up the tomcat server.xml file: Connector port=7443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false keystoreFile=/usr/path_to_keystore/keystore.kdb keystorePass=password sslProtocol=TLS / And when I start Tomcat, I get an infinite loop in the log file that looks like: Nov 20, 2008 1:40:17 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Nov 20, 2008 1:40:17 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-7443 Nov 20, 2008 1:40:17 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 886 ms Nov 20, 2008 1:40:17 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Nov 20, 2008 1:40:17 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.16 Nov 20, 2008 1:40:18 PM com.sun.faces.config.ConfigureListener contextInitialize d INFO: Initializing Sun's JavaServer Faces implementation (1.2_04-b20-p03) for co ntext '/NCAdmin' Nov 20, 2008 1:40:20 PM org.apache.catalina.core.StandardContext addApplicationL istener INFO: The listener listeners.ContextListener is already configured for this co ntext. The duplicate definition has been ignored. Nov 20, 2008 1:40:20 PM org.apache.catalina.core.StandardContext addApplicationL istener INFO: The listener listeners.SessionListener is already configured for this co ntext. The duplicate definition has been ignored. Nov 20, 2008 1:40:20 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Nov 20, 2008 1:40:20 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-7443 Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No avai lable certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo cketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java: 310) at java.lang.Thread.run(Thread.java:619) Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No avai lable certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo cketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java: 310) at java.lang.Thread.run(Thread.java:619) Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No avai lable certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo cketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java: 310) at java.lang.Thread.run(Thread.java:619) Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed I'm not an SSL expert, so I'm not sure where to look. Am I missing an intermediate certificate somewhere? Or have I configured the keystore incorrectly? I'd appreciate any pointers or suggestions for getting this running. Thanks very much, nbc NAME: Neil B. Cohen (Verisign Inc.) PHONE: 703-948-4471 DOMAIN: [EMAIL PROTECTED]
RE: tomcat virtual host
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] I deployed my webapp svn.war on webapps directory of tomcat 6. I configured localy a virtual host with tomcat 6, but it does not work. This url works : http://localhost:8080/svn/ But when i use the virtual host, it does not works : http://mysvn:8080/ This is a part of server.xml : ... Host name=mysvn appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=mysvn_log. suffix=.txt pattern=combined resolveHosts=false/ /Host ... What Connectors do you have configured? What does not work - *exactly* what are the symptoms? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat virtual host
I suspect he needs to rename svn.war to ROOT.war -- David Sent from my iPod On Nov 20, 2008, at 8:47 AM, Peter Crowther [EMAIL PROTECTED] wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] I deployed my webapp svn.war on webapps directory of tomcat 6. I configured localy a virtual host with tomcat 6, but it does not work. This url works : http://localhost:8080/svn/ But when i use the virtual host, it does not works : http://mysvn:8080/ This is a part of server.xml : ... Host name=mysvn appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=mysvn_log. suffix=.txt pattern=combined resolveHosts=false/ /Host ... What Connectors do you have configured? What does not work - *exactly* what are the symptoms? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to prevent Tomcat redirect my request
On Thu, Nov 20, 2008 at 6:19 PM, Mikolaj Rydzewski [EMAIL PROTECTED] wrote: jim ma wrote: I still want to know if it is possible to stop Tomcat from redirecting. If yes, that will be zero code effort for our current implementation. Why is it a problem for you to use http://localhost:8080/foo/ URL? Because I would like to let tomcat server http://localhost:8080/foo successfully and do not reply a redirect response and resend that redirected location . It is more efficient , right ? -- Mikolaj Rydzewski [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to prevent Tomcat redirect my request
On Thu, Nov 20, 2008 at 6:48 PM, André Warnier [EMAIL PROTECTED] wrote: Mikolaj Rydzewski wrote: jim ma wrote: I still want to know if it is possible to stop Tomcat from redirecting. If yes, that will be zero code effort for our current implementation. Why is it a problem for you to use http://localhost:8080/foo/ URL? I agree with the above, but in case it is not an option, you may want to look at something like this : http://www.tuckey.org/urlrewrite/ It does many more things, but I guess it can rewrite /foo into /foo/ internally too. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlets / JSP can't connect to MySQL in Ubuntu Server
Krapacs Ambrose wrote: [...] I have to say that I do not think Tomcat is doing the right thing in this particular situation. There should be some sort of security exception being thrown indicating that the socket connection was being block by tomcat's security manager. Indeed. I was a bit surprised also that this turned out to be the problem, because it seems to me that when I had similar issues in the past (due to the security manager), the exception in the logfile did say clearly that it was due to a permission problem. But your own logfile did not. Maybe the JDBC driver is catching the original exception and showing it as something else ? (I don't know this stuff enough to be sure of that, but I imagine it's possible). - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to prevent Tomcat redirect my request
On Thu, Nov 20, 2008 at 6:48 PM, André Warnier [EMAIL PROTECTED] wrote: Mikolaj Rydzewski wrote: jim ma wrote: I still want to know if it is possible to stop Tomcat from redirecting. If yes, that will be zero code effort for our current implementation. Why is it a problem for you to use http://localhost:8080/foo/ URL? I agree with the above, but in case it is not an option, you may want to look at something like this : http://www.tuckey.org/urlrewrite/ It does many more things, but I guess it can rewrite /foo into /foo/ internally too. I just debugged the code. It returns http status code 302 and redirected location http://localhost:8080/foo/ before reach the code related to url rewrite configuration in web.xml . - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat virtual host
Can you be a bit more specific about the problem ? it does not work does not help much. [EMAIL PROTECTED] wrote: Hi, I deployed my webapp svn.war on webapps directory of tomcat 6. I configured localy a virtual host with tomcat 6, but it does not work. This url works : http://localhost:8080/svn/ But when i use the virtual host, it does not works : http://mysvn:8080/ This is a part of server.xml : ... Host name=mysvn appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=mysvn_log. suffix=.txt pattern=combined resolveHosts=false/ /Host ... Help please. Thank's - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlets / JSP can't connect to MySQL in Ubuntu Server
On Thu, Nov 20, 2008 at 07:37, Krapacs Ambrose [EMAIL PROTECTED] wrote: I have to say that I do not think Tomcat is doing the right thing in this particular situation. There should be some sort of security exception being thrown indicating that the socket connection was being block by tomcat's security manager. Unfortunately, the exception is coming from MySQL, not Tomcat, and it's a MySQL exception type, not the standard SecurityException. There's no way for Tomcat to know that this particular exception was caused by a SecurityManager violation. -- Len - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: returning error messages from tomcat to http clients?
The simple way is returning the http OK 200 status code instead of 500 , and set the error message to response body. Does it work for you ? On Thu, Nov 20, 2008 at 9:20 PM, Padraig O'Dowd [EMAIL PROTECTED] wrote: Hi, I'm encountering the following problem and just wanted to find out if there is a way to disable this in tomcat? In my web app in tomcat, I do the following - response.setError(My error message); but when tomcat returns the response, it detects that the connecting client is using http and then embeds the error message in html - is there a way to stop this and just get tomcat to return my error message? Thanks, Padraig O'Dowd - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to prevent Tomcat redirect my request
jim ma wrote: On Thu, Nov 20, 2008 at 6:48 PM, André Warnier [EMAIL PROTECTED] wrote: Mikolaj Rydzewski wrote: jim ma wrote: I still want to know if it is possible to stop Tomcat from redirecting. If yes, that will be zero code effort for our current implementation. Why is it a problem for you to use http://localhost:8080/foo/ URL? I agree with the above, but in case it is not an option, you may want to look at something like this : http://www.tuckey.org/urlrewrite/ It does many more things, but I guess it can rewrite /foo into /foo/ internally too. I just debugged the code. It returns http status code 302 and redirected location http://localhost:8080/foo/ before reach the code related to url rewrite configuration in web.xml . Yes, that's true of course. Stupid me. Urlrewrite is a servlet filter, so it will not see the request before it has been directed to the webapp, and thus the redirect will happen before. Duh. I guess you would need some kind of re-directing Valve for that. Now, about what Mikolaj wrote before (using the /foo/ URL) I think you misunderstand what he is saying. What he meant is probably this : You seem to be using a http client that is not a browser, but some kind of program or module. Can you not make sure that this program or module does not send URLs like /foo, but itself transforms them into /foo/ at the source ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat virtual host
I deployed my webapp svn.war on webapps directory of tomcat 6. I configured localy a virtual host with tomcat 6, but it does not work. This url works : http://localhost:8080/svn/ But when i use the virtual host, it does not works : http://mysvn:8080/ This is a part of server.xml : ... Host name=mysvn appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=mysvn_log. suffix=.txt pattern=combined resolveHosts=false/ /Host ... What Connectors do you have configured? What does not work - *exactly* what are the symptoms? When i tape http://mysvn:8080/ in browser to access to my web application, i have this : Internet Explorer cannot display the web page but when i tape http://localhost:8080/svnrepository; i access correctely to my application. Find file attached server.xml any idea ? Thank's ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS / -- !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3
RE: tomcat virtual host
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] When i tape http://mysvn:8080/ in browser to access to my web application, i have this : Internet Explorer cannot display the web page but when i tape http://localhost:8080/svnrepository; i access correctely to my application. Find file attached server.xml any idea ? I agree with the other response: rename your war to ROOT.war, so that it is the root web application. By the way, it is worth changing only one thing at once in your URL when testing. You are changing two. Does http://localhost:8080/ work? Does http://mysvn:8080/svnrepository work? - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat virtual host
I agree with the other response: rename your war to ROOT.war, so that it is the root web application. By the way, it is worth changing only one thing at once in your URL when testing. You are changing two. Does http://localhost:8080/ work? Does http://mysvn:8080/svnrepository work? But if i do this, how can i access de tomcat manager ? with other name, but the examples will work ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Http]ServletResponseWrapper.getOutputStream()
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Micheal,
Your comment about calling getResponse().getOutputStream() and ignoring
the result got me to thinking...
You know what? I just realized that I've been leading you down the wrong
path: you must manage the buffers separately because of the you can
only call either getOutputStream OR getWriter rule.
I think you can still make it work with a unified buffer, but you have
to be more careful. Let's be less careful and more straightforward.
Basically, you'll have to duplicate your efforts to wrap the Writer the
same way you did the OutputStream: create a WriterWrapper and cache that
information. I'd recommend using a StringWriter as a backing class,
since you don't have to worry too much about the character encoding at
that point (because Writers always use characters, not bytes).
Anyhow, you definitely /should/ call getResponse().getOutputStream() (or
getWriter(), whichever the case may be) when your getOutputStream()
method is invoked: you definitely want the state handling to be done by
the wrapped request, because you never know what has happened to the
request before your filters gets its hands on it.
Keep reading for more.
Michael Ludwig wrote:
So, when this code is called from an include call to the request
dispatcher, it doesn't appear in your filter's captured output? Or, it
doesn't appear in the final response sent to the browser (or both)?
Both.
Okay, but only when using Writer, right? OutputStream works properly?
You might want to flush() before close() but that shouldn't matter too
much.
Closing the stream would flush it, wouldn't it?
It should, but it doesn't hurt to be tidy. I seem to remember C library
routines that would truncate output if you didn't explicitly flush the
buffers.
You could even add a method to your wrapper that will tell you which
style of output is being used on the response: output stream versus
writer. Then, you could avoid the try/catch which will make your code
run a bit faster. Faster filters are always better than slow ones ;)
Try/catch can't be that much of a problem, can it? Isn't it just a fancy
way of conditional branching with information attached? As a language
feature, I assume it doesn't entail a performance hit?
See Chuck's response for performance considerations. IMO, since you have
the opportunity to avoid the exception, you may as well take it.
// http://marc.info/?l=tomcat-userm=109913615025298
public void flushBuffer() throws IOException {
this.buffer.flush();
}
Flushing a ByteArrayOutputStream doesn't do anything. What you really
want to do is flush all the OutputStream and Writer objects you've
created when calls to getOutputStream and getWriter come in.
Okay.
Oh, and then call getResponse().flushBuffer(), too. The caller expects
that the flush goes all the way back to the real client response.
public void write( byte[] b) throws IOException {
new Throwable().printStackTrace();
this.buffer.write( b);
}
Do you get stack traces printing from this method?
No.
public void write( byte[] b, int off, int len) throws IOException {
new Throwable().printStackTrace();
this.buffer.write( b, off, len);
}
How about this one?
Yes.
That's good. I guess the caller is preferring to use sections of a byte
buffer instead of just a bare one. That's not surprising, and shouldn't
itself be an indication of a problem. If you look at the code for
DefaultServlet, you probably will see calls to write(byte[], int, int)
and none to write(byte[]).
Thanks for this suggestion [of using TeeOutputStream]. My intent is simply to
understand servlets.
On hitting this include oddity, I just decided to track it down,
thinking I would learn from it. (Which I'm doing thanks to your help.)
Learning is always good. Hopefully you'll lurk on the list from here on
out. :)
So, can you walk me through what actually happens when you use this,
again? I think we've become lost in the details.
Yes, a lot of details. I'm going to report back with a revised version
based on your suggestions, and probably further investigation.
The problem is manifest in that the file included via
RequestDispatcher.include() and then processed by Tomcat's
DefaultServlet does not appear in either the buffer substituted
in my response wrapper nor the output when the output method
chosen is PrintWriter rather than ServletOutputStream. With SOS,
everything seems to work fine.
Okay, good. I think my first suggestion (stop using a unified buffer) is
the right way to do things: you'll handle each type of output strategy
separately and I believe you'll have better results. You should post
your entire filter next time, if only so André can see it ;)
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkklfMwACgkQ9CaO5/Lv0PC9jACgrgIZad3hhYirKE2UsSQOmU09
U9MAnjpquAJb5pXh3ehBvVBtMOgYGlqC
Re: returning error messages from tomcat to http clients?
Thanks, but I need to return the proper error code. So that wont work. On Thu, 2008-11-20 at 22:25 +0800, jim ma wrote: The simple way is returning the http OK 200 status code instead of 500 , and set the error message to response body. Does it work for you ? On Thu, Nov 20, 2008 at 9:20 PM, Padraig O'Dowd [EMAIL PROTECTED] wrote: Hi, I'm encountering the following problem and just wanted to find out if there is a way to disable this in tomcat? In my web app in tomcat, I do the following - response.setError(My error message); but when tomcat returns the response, it detects that the connecting client is using http and then embeds the error message in html - is there a way to stop this and just get tomcat to return my error message? Thanks, Padraig O'Dowd - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is it possible to hide tomcat resource from outside?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 espinchi, espinchi wrote: That's cool, but a little overkill for some use cases. Like what? Just because a tool can do way more than you need it to do doesn't mean it's less useful for the task at hand. For instance, in a portlet-based portal application, you might have individual portlets registered to the patterns /PortletInvoker/MyPortletName. We need the portal to access them, but a user shouldn't be able to access a portlet directly from a URL like http://myserver/PortletInvoker/MyPortletName;, so I'd like to serve a 404 before that portlet (ie, the servlet that manages it) is hit. Is there any simple solutions to this problem in Tomcat? The simpler solution is to write your own Filter (or Valve, I suppose, if you want to lock yourself into using Tomcat) that replicates the capability you're looking for. I suppose if your portlet uses FORWARD or INCLUDE to gather this information rather than a loopback request, you can even write a filter that simply unconditionally returns 404 and map it only to the REQUEST type of dispatcher. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkklfZwACgkQ9CaO5/Lv0PBdSwCdEehPtVD/JhkzCtIh67M11TDM J78AmwVUV6hCoSv48hKojAd0P48YueCI =L+C8 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlets / JSP can't connect to MySQL in Ubuntu Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Krapacs, Krapacs Ambrose wrote: I have to say that I do not think Tomcat is doing the right thing in this particular situation. There should be some sort of security exception being thrown indicating that the socket connection was being block by tomcat's security manager. There was (from your original post): com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure Last packet sent to the server was 0 ms ago.(jdbc:mysql://localhost?user=invuserpassword=admin)) org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:852) org.apache.jasper.runtime.PageContextImpl.access$1100(PageContextImpl.java:71) org.apache.jasper.runtime.PageContextImpl$12.run(PageContextImpl.java:768) java.security.AccessController.doPrivileged(Native Method) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:766) org.apache.jsp.install_jsp._jspService(install_jsp.java:141) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:616) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:537) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) Note the CommunicationsException being thrown from the doAsPrivilege() method: that's a dead giveaway that it's a security error (at least to those of us who have seen them before). You're right: the error message could have been a bit better, but it's no shock that's what happened. I did play around a little bit with the policy files in my /var/lib/tomcat6/conf/policy.d directory and I believe I found where I need to do this because I found an example policy very similar to what you suggested. I got it to work without too much trouble but then I ran into other security problems with my application reading and writing files within its WEB-INF directory so I will have to spend some more time with the tomcat docs and figure out what permissions my application requires. After days of troubleshooting this I'm more than happy with turning off the security manager and spending some time learning how to actually configure it properly. SecurityManagers are such a pain in the ass IMO. If you're writing your own applications and deploying them yourself, I say give up on the SecurityManager because you're not protecting yourself from anyone but yourself. SecurityManagers are best used when either untrusted or partially-trusted code will be running in your Tomcat instance. I'm sure a lot of folks will disagree with me on this one, but the SecurityManager is more trouble than it's worth if you ask me. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkklfwAACgkQ9CaO5/Lv0PA5JQCglwxr+H2oT9nofNh9531p82r8 EMoAoLmNKRJGM/1GC7prMzgOYtNOr2Dz =Wkon -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat virtual host
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: tomcat virtual host But if i do this, how can i access de tomcat manager ? with other name, but the examples will work ? By using their URLs? http://mysvn:8080/manager/html http://mysvn:8080/examples - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
j_secuity check and https
Hi All, I want to use j_security check with https on port 8443. I only want to secure the login pages and not the whole application. so .. these pages need to be secured when accessed: /secure/login.jsp /secure/loginerr.jsp everything else is secured by form based quthentication and uses an ldap realm. so.. i have set up in my web xml security-constraint web-resource-collection web-resource-name Security/web-resource-name description/description url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint description/description role-nameperson/role-name /auth-constraint /security-constraint security-role descriptionAll users who can login should be able to use this application/description role-nameperson/role-name /security-role login-config auth-methodFORM/auth-method form-login-config form-login-page/secure/login.jsp/form-login-page form-error-page/secure/loginerr.jsp/form-error-page /form-login-config /login-config security-constraint web-resource-collection web-resource-name Security/web-resource-name description/description url-pattern/secure/*/url-pattern url-pattern/j_security_check/url-pattern url-pattern/secure/j_security_check/url-pattern url-pattern/j_security_check/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint The problem is when i hit the application where i have form authentication connection to LDAP, it uses the /secure/login.jsp page, because j_security check redirects to this page. but it is not forced at https, because the url pattern doesn't match. So how can I forced the login.jsp page to be https! I don't want my ldap user password floating around out there. -- View this message in context: http://www.nabble.com/j_secuity-check-and-https-tp20603453p20603453.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlets / JSP can't connect to MySQL in Ubuntu Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Christopher Schultz wrote: There was (from your original post): com.mysql.jdbc.exceptions.jdbc4.CommunicationsException: Communications link failure Steps to reproduce this conclusion: 1. Turn off brain. 2. Open mouth. Sorry about that. I spouted complete nonsense in that last post. The exception was being thrown within the doHandlePageException method, which is pretty much where it will always be thrown, no matter what. Len is absolutely right: the exception is being thrown by MySQL, so it's their error message. Was there a root cause printed with this stack trace? That certainly would have helped. I checked the source for Connector/J 5.1.6 and that exception is only thrown in a single place: SQLError.java:1070. When that exception is created, the underlying exception is, in fact, passed up to java.lang.Throwable via the initCause method. So, there should have been a caused by line in that stack trace. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkklgpgACgkQ9CaO5/Lv0PC1/ACcCSetD4FrO8FIHLFSCd/WGdbl 4OIAn0V6fdrx8C7tbnv+AnnqgcvEM+Iq =cBJ4 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL setup question
the infinite loop is fixed in 6.0.18, the system will still not start, since the JVM you're running with doesn't support the type of cipher that you're keystore is trying to use search http://tomcat.markmail.org for the same error, it's been answered before Filip Neil B. Cohen wrote: I'm having a problem setting up SSL with Tomcat. The situation is this: I have a system running IBM's Netcool/Portal software. We added SSL to the Portal a while back. I created a certificate for the machine. However, Netcool/Portal does not create a keystore file - you simply copy the certificate as a text file into a specific directory and it works from there. Netcool/Portal has its own version of the JDK. Now, on the same machine, I have installed a current JDK (v1.6) and my own installation of Tomcat (v6.0.16). Runs just fine on port 8080. I want to add SSL capability to the Tomcat setup so I can talk to it using https. I created a keystore file using the certificate we generated for Netcool, as follows: keytool -importcert -v -trustcacerts -alias tomcat -keystore path_to_keystore/keystore.kdb -file /opt/netcool/portal/path_to_cert/server.crt Then, keytool -list -keystore ./keystore.kdb Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry tomcat, Nov 20, 2008, trustedCertEntry, Certificate fingerprint (MD5): 11:87:A8:7C:BB:55:AC:68:46:34:4F:45:7D:62:9C:AF So I have a keystore. I set up the tomcat server.xml file: Connector port=7443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false keystoreFile=/usr/path_to_keystore/keystore.kdb keystorePass=password sslProtocol=TLS / And when I start Tomcat, I get an infinite loop in the log file that looks like: Nov 20, 2008 1:40:17 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Nov 20, 2008 1:40:17 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-7443 Nov 20, 2008 1:40:17 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 886 ms Nov 20, 2008 1:40:17 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Nov 20, 2008 1:40:17 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.16 Nov 20, 2008 1:40:18 PM com.sun.faces.config.ConfigureListener contextInitialize d INFO: Initializing Sun's JavaServer Faces implementation (1.2_04-b20-p03) for co ntext '/NCAdmin' Nov 20, 2008 1:40:20 PM org.apache.catalina.core.StandardContext addApplicationL istener INFO: The listener listeners.ContextListener is already configured for this co ntext. The duplicate definition has been ignored. Nov 20, 2008 1:40:20 PM org.apache.catalina.core.StandardContext addApplicationL istener INFO: The listener listeners.SessionListener is already configured for this co ntext. The duplicate definition has been ignored. Nov 20, 2008 1:40:20 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Nov 20, 2008 1:40:20 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-7443 Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No avai lable certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo cketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java: 310) at java.lang.Thread.run(Thread.java:619) Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No avai lable certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo cketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java: 310) at java.lang.Thread.run(Thread.java:619) Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed java.net.SocketException: SSL handshake errorjavax.net.ssl.SSLException: No avai lable certificate or key corresponds to the SSL cipher suites which are enabled. at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESo cketFactory.java:150) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java: 310) at java.lang.Thread.run(Thread.java:619) Nov 20, 2008 1:40:20 PM org.apache.tomcat.util.net.JIoEndpoint$Acceptor run SEVERE: Socket accept failed I'm not an SSL expert, so I'm not
Re: CometProcessor questions
Franck Wolff wrote: Hi Filip, Hum... I need a CometProcessor (long-polling) for data push, even if requests/responses are encoded in AMF3. you can do this, that's ok. Not as efficent as using send file, which you could write your own long poll servlet to do (see DefaultServlet.java how to initiate a send file) Everything is based on subscription to topics (Consumer) messages publication (Producer) and, while it could work with a standard servlet (polling), it won't be efficient. Anyway: my code mostly work, I'm just experiencing unexpected behaviors on (rather) heavy load: some events are invalid (getHttpRequest throws a NPE) and I'm wondering what should be done with those events (I currently try to close them). I'm also wondering what should be done when a TIMEOUT is received when a previous BEGIN event is used for writing a response: for example, after a 20s (APR timeout), it is possible (but rare) that a message is received (from another client) and dispatched so a previous BEGIN event (long-polling again) is used when writing the response. In that case, is the BEGIN event still valid? shouldn't be, you could use the NIO connector and control the timeout behaviour using CometEvent.setTimeout And what about the CLIENT_DISCONNECT event? disconnect is just a subtype, its would be captured by a CometEvent.EventType.ERROR or CometEvent.EventType.END event. a client disconnect really means nothing in the bayeux world though, the client has to explicitly send a I'm done message or the server has to have a separate timeout, unrelated to socket events. I'm sorry to ask the same questions again but I would love some answers ;-) I'll try Tomcat trunk when I'll have some time. please do, its easy to build ant download ant and the tomcat build is in output/build Regards, Franck. hi Franck, Franck Wolff wrote: Hi Filip, Ok, my (partly) mistake. I've missread this comment: ///GET method or application/x-www-form-urlencoded/ in BayeuxServlet.checkBayeux... Anyway, I can't change everything now and I need to read the request input stream (I'm getting AMF3 binary data), not to get a request parameter as in: if you need to stream up data, no need to do that using Bayeux, just use a regular servlet for that. String message = cometEvent.getHttpServletRequest().getParameter(Bayeux.MESSAGE_PARAMETER); When you speak about patches in the trunk, does it apply to comet support in general or the Bayeux impl, and what issue is it intented to fix? Will it be available in 6.0.19 and (approximatively) when? both, some fixes are for the Comet behavior and Bayeux will exist as an independent module. There are a few fixes already applied in the 6.0.x branch, and a couple of more are pending, waiting for review Filip Thanks for your reply, Franck. it only does POST, no GET messages, there is a patch pending (and one already applied) for 6.0 when it comes to comet, so testing with trunk would be best Filpi Franck Wolff wrote: Hi again, I just checked the Bayeux in Tomcat and it cannot work for me: it seems to only support GET request (am I wrong?)... Regards, Franck. Hi, Thanks for your reply! I didn't know about this Bayeux impl in Tomcat, so I developed my own implementation (that is not strictly conforming to the spec, just very close). I'm going to check this module and see if I can get some hints. What about the CLIENT_DISCONNECT event sub type? Any hints? Regards, Franck. hi Franck, are you using this Bayeux impl? http://svn.apache.org/viewvc/tomcat/trunk/modules/bayeux/ or do you have your own? Filip Franck Wolff wrote: Hi, I'm developing Tomcat/Comet support for Granite Data Service http://www.graniteds.org (Flex clients) and I've got few questions about CometEvents processing. Basically, my implementation is based on the Bayeux protocol (long-polling only) and two connections (command/tunnel) are opened for each clients (producer/consumer). I use a thread pool in order to dispatch received messages to each consumer subscribed to the relevant topic. Here are my questions: 1. What should happen exactly if Tomcat send a timeout event when the current event (ie: a previous BEGIN event whose request input stream was fully read when it was received) is used for writing a response? Is this previous BEGIN still valid and may be used to write the response? If not, should it be close right away and may I use the timeout event instead or should I wait for a next BEGIN event? Is it the same event instance whose type/subtype has changed? 2. Tomcat send me sometime (rather rare but it happens) invalid END events (getHttpServletRequest() issues a NullPointerException). I'm just trying by now to close them and it don't affect my application behavior but I'm wondering why those invalid event aren't thrown away by Tomcat from the beginning and what should be done exactly with them? 3. I'm never receiving any ERROR event except for
Re: tomcat virtual host
- Mail Original - De: Charles R Caldarale [EMAIL PROTECTED] À: Tomcat Users List users@tomcat.apache.org Envoyé: Jeudi 20 Novembre 2008 16:23:40 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: RE: tomcat virtual host From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: tomcat virtual host But if i do this, how can i access de tomcat manager ? with other name, but the examples will work ? By using their URLs? http://mysvn:8080/manager/html http://mysvn:8080/examples But, if a want to add a second application web , for example mysvn2 and i do not remove the mysvn, that is why I would like to use the virtual host. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat virtual host
Inside your webappsdir (which is defined in the appBase attribute inside the host element) you either create directories for each webapp or place *.war files directly in it.The ROOT directory (or war) corresponds with no ulrpath. For every new application you are adding you either add a war or a directory inside the webappsdir Every host can have it's own appBase. Hope this helps. Regards, Serge Fonville On Thu, Nov 20, 2008 at 5:07 PM, [EMAIL PROTECTED] wrote: - Mail Original - De: Charles R Caldarale [EMAIL PROTECTED] À: Tomcat Users List users@tomcat.apache.org Envoyé: Jeudi 20 Novembre 2008 16:23:40 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: RE: tomcat virtual host From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: tomcat virtual host But if i do this, how can i access de tomcat manager ? with other name, but the examples will work ? By using their URLs? http://mysvn:8080/manager/html http://mysvn:8080/examples But, if a want to add a second application web , for example mysvn2 and i do not remove the mysvn, that is why I would like to use the virtual host. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat virtual host
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: tomcat virtual host But, if a want to add a second application web , for example mysvn2 and i do not remove the mysvn, that is why I would like to use the virtual host. Sorry, but your question does not make any sense to me. I don't see anything stopping you from adding as many virtual hosts as you want. If you need a different default webapp for each virtual host, then each Host will have to specify a different appBase attribute. Any webapps that you want to be visible on multiple virtual hosts will either need to be deployed under each appBase, or have a Context element in conf/Catalina/[host]/[appName].xml that provides a docBase attribute pointing to the location of the webapp. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat virtual host
Sorry, but your question does not make any sense to me. I don't see anything stopping you from adding as many virtual hosts as you want. If you need a different default webapp for each virtual host, then each Host will have to specify a different appBase attribute. Any webapps that you want to be visible on multiple virtual hosts will either need to be deployed under each appBase, or have a Context element in conf/Catalina/[host]/[appName].xml that provides a docBase attribute pointing to the location of the webapp. - Chuck I configured localy a virtual host with tomcat 6 This url works : http://localhost:8080/svn/ But when i use the virtual host, it does not works : http://mysvn:8080/ Find file attached server.xml please : Thank's ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS / -- !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !--
Re: please help me how to configure SSL 2 way on tamcat webser by using .net client. can anybody solve this problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chandra, Chandra Madhumanchi (cmadhuma) wrote: Do we have any solution ssl 2 way configuration on tamcat webserver through .Net Client If you're just trying to connect to Tomcat using SSL from a .Net client, there's no special configuration when using a non-.Net client. when i am validating client certificate by using .net class(sslStream) http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.as px i am getting error like SSPI failed. This list isn't the best one to ask .Net questions. Generally, the client certificate is delivered FROM the client (your .Net code) to the server (Tomcat). Is Tomcat giving you the error, or is .Net giving you the error? Please post the entire stack trace of the exception you are getting, as well as any message you are getting in a log file. like SSPI failed is not very precise. clientAuth=true keystoreFile=server.keystore This looks okay. Does your keystore have the client's certificate in it? What about a certificate that has signed the client's certificate? Perhaps a dump of your keystore would be helpful, too. Can you get this to work through a web browser? Honestly, the .Netedness of the client is irrelevant. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkklkrwACgkQ9CaO5/Lv0PBb4wCcCGOCla20G8qrta2kwN+B589R zKsAoMIXymYXlmGB1bZxVWqnhmSHbBBZ =d71m -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to add multiple SSL Certificates to Tomcat Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Suneel, Suneel Saguturu wrote: I am facing one problem, i.e. I have to configure two SSL certificates to JBoss server, I know they are internally using Tomcat for web container. Is it possible to add multiple Certificates to one server instance itself? If so, then how? You need two different Host elements in server.xml, each binding to a separate IP address. That also means that your machine needs to have two IP addresses configured. The SSL handshake occurs before the HTTP headers are sent, so you can't switch SSL certificates based upon the hostname the client is using to connect (because it hasn't been sent yet). Note that this is not a problem with Tomcat: this is a universal issue with all web servers. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkklk2AACgkQ9CaO5/Lv0PDgiQCfU1/cGXdUxRFVnxZsffOAcFau ddEAmwWmn4OoQkBogH1aRSnEKPMHZd8r =C/BF -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat virtual host
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: tomcat virtual host I configured localy a virtual host with tomcat 6 This url works : http://localhost:8080/svn/ But when i use the virtual host, it does not works : http://mysvn:8080/ What do you mean by does not work? Do you get a 404 status, or does something else happen? Is the DNS name mysvn defined on the machine your browser is running on? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat virtual host
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: tomcat virtual host I configured localy a virtual host with tomcat 6 This url works : http://localhost:8080/svn/ But when i use the virtual host, it does not works : http://mysvn:8080/ What do you mean by does not work? Do you get a 404 status, or does something else happen? Is the DNS name mysvn defined on the machine your browser is running on? Internet Explorer could not display this web page i test this in local machine, so i do not use a DNS. - Chuck - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat virtual host
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: tomcat virtual host status, or does something else happen? Is the DNS name mysvn defined on the machine your browser is running on? Internet Explorer could not display this web page i test this in local machine, so i do not use a DNS. I'll repeat the question: Is the DNS name mysvn defined on the machine your browser is running on? How do you expect IE to evaluate the name mysvn? It must either be known to the DNS servers configured in your TCP/IP stack, or declared locally in C:\WINDOWS\system32\drivers\etc\hosts (the exact path to the hosts file varies depending on the version of Windows you're using). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CometProcessor questions
I'm not doing file streaming... A typical usage of my implementation is a Flex based chat application with very small requests/responses. The important thing for me is: I want the request thread to be reused for other incoming requests and, as far as I understand long-polling issues (keeping the request thread busy while waiting for something to send), this exactly what Tomcat CometProcessor (or Jetty Continuation, or Grizzly CometEngine, etc.) may offer. Maybe I'm missing something, but send file is not very suitable for chat applications... Regards, Franck. Franck Wolff wrote: Hi Filip, Hum... I need a CometProcessor (long-polling) for data push, even if requests/responses are encoded in AMF3. you can do this, that's ok. Not as efficent as using send file, which you could write your own long poll servlet to do (see DefaultServlet.java how to initiate a send file) Everything is based on subscription to topics (Consumer) messages publication (Producer) and, while it could work with a standard servlet (polling), it won't be efficient. Anyway: my code mostly work, I'm just experiencing unexpected behaviors on (rather) heavy load: some events are invalid (getHttpRequest throws a NPE) and I'm wondering what should be done with those events (I currently try to close them). I'm also wondering what should be done when a TIMEOUT is received when a previous BEGIN event is used for writing a response: for example, after a 20s (APR timeout), it is possible (but rare) that a message is received (from another client) and dispatched so a previous BEGIN event (long-polling again) is used when writing the response. In that case, is the BEGIN event still valid? shouldn't be, you could use the NIO connector and control the timeout behaviour using CometEvent.setTimeout And what about the CLIENT_DISCONNECT event? disconnect is just a subtype, its would be captured by a CometEvent.EventType.ERROR or CometEvent.EventType.END event. a client disconnect really means nothing in the bayeux world though, the client has to explicitly send a I'm done message or the server has to have a separate timeout, unrelated to socket events. I'm sorry to ask the same questions again but I would love some answers ;-) I'll try Tomcat trunk when I'll have some time. please do, its easy to build ant download ant and the tomcat build is in output/build Regards, Franck. hi Franck, Franck Wolff wrote: Hi Filip, Ok, my (partly) mistake. I've missread this comment: ///GET method or application/x-www-form-urlencoded/ in BayeuxServlet.checkBayeux... Anyway, I can't change everything now and I need to read the request input stream (I'm getting AMF3 binary data), not to get a request parameter as in: if you need to stream up data, no need to do that using Bayeux, just use a regular servlet for that. String message = cometEvent.getHttpServletRequest().getParameter(Bayeux.MESSAGE_PARAMETER); When you speak about patches in the trunk, does it apply to comet support in general or the Bayeux impl, and what issue is it intented to fix? Will it be available in 6.0.19 and (approximatively) when? both, some fixes are for the Comet behavior and Bayeux will exist as an independent module. There are a few fixes already applied in the 6.0.x branch, and a couple of more are pending, waiting for review Filip Thanks for your reply, Franck. it only does POST, no GET messages, there is a patch pending (and one already applied) for 6.0 when it comes to comet, so testing with trunk would be best Filpi Franck Wolff wrote: Hi again, I just checked the Bayeux in Tomcat and it cannot work for me: it seems to only support GET request (am I wrong?)... Regards, Franck. Hi, Thanks for your reply! I didn't know about this Bayeux impl in Tomcat, so I developed my own implementation (that is not strictly conforming to the spec, just very close). I'm going to check this module and see if I can get some hints. What about the CLIENT_DISCONNECT event sub type? Any hints? Regards, Franck. hi Franck, are you using this Bayeux impl? http://svn.apache.org/viewvc/tomcat/trunk/modules/bayeux/ or do you have your own? Filip Franck Wolff wrote: Hi, I'm developing Tomcat/Comet support for Granite Data Service http://www.graniteds.org (Flex clients) and I've got few questions about CometEvents processing. Basically, my implementation is based on the Bayeux protocol (long-polling only) and two connections (command/tunnel) are opened for each clients (producer/consumer). I use a thread pool in order to dispatch received messages to each consumer subscribed to the relevant topic. Here are my questions: 1. What should happen exactly if Tomcat send a timeout event when the current event (ie: a previous BEGIN event whose request input stream was fully read when it was received) is used for writing a response? Is this previous BEGIN still valid and may be used to write the response? If not,
Re: j_secuity check and https
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Snaglefrac, Snaglefrac wrote: I want to use j_security check with https on port 8443. I only want to secure the login pages and not the whole application. Then you need to configure your security-constraints appropriately. so .. these pages need to be secured when accessed: /secure/login.jsp /secure/loginerr.jsp everything else is secured by form based quthentication and uses an ldap realm. If everything else will be secured by form-based auth, then what should secure the above two URLs? Any resource that is protected will be protected using the same authentication type: you can't use BASIC for one set of URLs and FORM for another set of URLs in the same webapp. url-pattern/j_security_check/url-pattern url-pattern/secure/j_security_check/url-pattern url-pattern/j_security_check/url-pattern Note that you can't secure j_security_check: this URL is special and will be handled by the container whether you list it in your security-constraints or not. The problem is when i hit the application where i have form authentication connection to LDAP, it uses the /secure/login.jsp page, because j_security check redirects to this page. You can't change how this works. but it is not forced at https, because the url pattern doesn't match. So how can I forced the login.jsp page to be https! I don't want my ldap user password floating around out there. Have you tried setting your form-login-page to use an HTTPs URL? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkklu3EACgkQ9CaO5/Lv0PBh+QCgwvyFvjzDimyIXaQN3FJwLu3C Ch8AoJoUl9+Fpz88zwJ6gg5rzg3sVYcv =s8/t -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.lang.Exception: Socket bind failed: [730048]
Well, I have had this application for many years and usually restarting the whole server fixes anything, but not this time. I figure something is holding on to port 80, but I am not able to find out or terminate it. I have a bad feeling there might be a security breach or something. Thanks, -Toby On Wed, Nov 19, 2008 at 2:59 PM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Toby Kurien [mailto:[EMAIL PROTECTED] Subject: java.lang.Exception: Socket bind failed: [730048] I have attached a log file of the errors I am getting while trying to start Tomcat. Nov 19, 2008 12:55:22 PM org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:576) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:116) The error indicates something else is already using port 80, thereby preventing Tomcat from accessing it. Since you also have an AJP connector, you may be running Tomcat behind IIS or some other web server that handles port 80 and forwards requests to AJP on 8009. If you don't expect anything else to be using port 80, then something has crept in that's usurping Tomcat. (Or you may just be trying to run the same Tomcat twice.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.lang.Exception: Socket bind failed: [730048]
On Thu, Nov 20, 2008 at 11:47 AM, Toby Kurien [EMAIL PROTECTED] wrote: Well, I have had this application for many years and usually restarting the whole server fixes anything, but not this time. I figure something is holding on to port 80, but I am not able to find out or terminate it. I have a bad feeling there might be a security breach or something. I have no idea what tools are available on a Windows server, but for a simple check -- what do you see when you telnet to port 80? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.lang.Exception: Socket bind failed: [730048]
The command netstat -ao will tell you which process is listening on port 80, and Task Manager will show which program is running in that process. -- Len On Thu, Nov 20, 2008 at 14:47, Toby Kurien [EMAIL PROTECTED] wrote: Well, I have had this application for many years and usually restarting the whole server fixes anything, but not this time. I figure something is holding on to port 80, but I am not able to find out or terminate it. I have a bad feeling there might be a security breach or something. Thanks, -Toby On Wed, Nov 19, 2008 at 2:59 PM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Toby Kurien [mailto:[EMAIL PROTECTED] Subject: java.lang.Exception: Socket bind failed: [730048] I have attached a log file of the errors I am getting while trying to start Tomcat. Nov 19, 2008 12:55:22 PM org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:576) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:116) The error indicates something else is already using port 80, thereby preventing Tomcat from accessing it. Since you also have an AJP connector, you may be running Tomcat behind IIS or some other web server that handles port 80 and forwards requests to AJP on 8009. If you don't expect anything else to be using port 80, then something has crept in that's usurping Tomcat. (Or you may just be trying to run the same Tomcat twice.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat virtual host
Caldarale, Charles R wrote: From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Subject: Re: tomcat virtual host status, or does something else happen? Is the DNS name mysvn defined on the machine your browser is running on? Internet Explorer could not display this web page i test this in local machine, so i do not use a DNS. mtail, The gurus here are flying high, and a bit intimidating sometimes. So allow me to try, since for once I can maybe be useful here. It is not enough to define a virtual host in Tomcat. Your browser must also know where that virtual host is (on which machine). Even if this all happens on one single machine, the browser does not know who mysvn is, unless you give him a way to find out. So let's start at the beginning. 1) When you type in your browser a URL like http://mysvn:8080/something.html the first thing the browser has to do, is to find an IP address that corresponds to the hostname mysvn. That is because, on the Internet, machines find one another via IP addresses (like 123.23.34.102), and not by names (like mysvn). Names are only something for humans, easier to remember than numbers. 2) There are 2 places where the browser can find a translation of a host name into a host IP address, and it will try them in this order : (a) : in the local hosts file. Under Windows, it is usually c:/windows/system32/drivers/etc/hosts and under Unix, it is usually /etc/hosts (b) : using the DNS system. That means, the browser knows the IP address of a DNS server, which is another computer which has access to a long list of translations between host names and host IP addresses, and it will ask that server. So, the browser will first try (a). If the browser is looking for the IP address of mysvn, and if there is a line in (a) like 1.2.3.4 mysvn then the browser is happy : it now knows that the server IP address of mysvn is 1.2.3.4, and it can stop looking. If the browser does not find a translation in (a), then it will ask (b) (the DNS system) for a translation. If the DNS system also does not know, then it will send back I don't know, and your browser will say Cannot display that page, because it cannot even find the IP address of the server to which it should be talking. 3) When the browser has obtained a translation for mysvn into an IP address, then (and only then) it can go one step further : It can now compose a HTTP request and send it to that IP address 1.2.3.4. This HTTP request will look like this : GET /something.html HTTP/1.1 The browser will also add a second line to that request, like Host: mysvn 4) If all the above happened correctly, then the Tomcat listening at the IP address 1.2.3.4 will receive the request from the browser. It is very important that you understand this : Tomcat only receives the request if the browser has sent it to the correct IP address of the host where the Tomcat server runs. That is true even if this all happens on one single machine. If your browser could not get an IP address for mysvn, or if it got the wrong one, then Tomcat never even sees the request. 5) But let's suppose that everything above went fine, and that Tomcat receives the request. Tomcat now looks at the second line of the request, the one that says : Host: mysvn That is when the Tomcat virtual hosts come into play (but not before). Tomcat will now look if it has a Host named mysvn. If it has one, it will use that Host configuration to answer the request. (If Tomcat has no such Host, then it will use its default host to answer the request anyway.) 6) Now there can still be an error : If the browser asked for the page /something.html, and Tomcat does not find that page in the document area of that virtual Host, then Tomcat will return an error not found to the browser, and the browser will also say Cannot display that page. But the point is, this is another kind of error, and it happens later. Your problem is probably due to the first reason : your browser cannot even find an IP address for the server mysvn. It cannot find it, because it looks first in your local hosts file, and there is no line there with mysvn. Then it asks the DNS system, and the DNS system also does not know the IP address of mysvn. On the other hand, when your browser tries to find the address of localhost, then it *does* find it in the local hosts file, and that is why your URL http://localhost:8080 works fine. -- note -- The IP address 127.0.0.1 is special : it always means this machine. So if you do ping 127.0.0.1 on any computer, that computer will always ping itself. Or if you ask your browser http://127.0.0.1 the browser will try to contact a HTTP server on this same machine. Similarly, on almost every computer, there is a line in the local hosts file, like this : 127.0.0.1 localhost That means that whenever a program on this machine is trying to get the address of the host localhost, it will always find the response
Re: [Http]ServletResponseWrapper.getOutputStream()
Caldarale, Charles R schrieb am 19.11.2008 um 19:45:37 (-0600): Try/catch can't be that much of a problem, can it? Isn't it just a fancy way of conditional branching with information attached? Sorry, but no. The throwing of an exception causes the current block to terminate abruptly and transfer control to JVM-generated code that searches a catch block table for the address of the failure, and then does further searches looking for a matching exception type. If no match is found, the current stack frame is popped off, and the process repeats with the calling method's catch block table. Although modern JITs are better at doing this than pre-HotSpot ones, it's still a lot more expensive than a simple test. Thanks a lot for this clarification. I was unaware of this. It seems to have been true for more than eight years ... Well, probably since Java's inception. Exceptions in Java: Nothing exceptional about them - JavaWorld http://www.javaworld.com/javaworld/jw-08-2000/jw-0818-exceptions.html (pages 4 and 5 on the performance aspect) In short, expending the Java VM to handle a thrown exception requires more effort, i.e., abrupt method completion is significantly more expensive (performance-wise) than a normal method completion. So Christopher's suggestion to add method and property to detect which one of getWriter() and getOutputStream() was called makes sense for situations where I have many nested filters and have them all detect the PW/SOS issue by calling my method in order to avoid risking an exception. Michael Ludwig - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CometProcessor questions
for very small responses you don't need send file, and can just write the response out to the servlet output stream on an async thread while the request thread is used to do other stuff in the contains Filip Franck Wolff wrote: I'm not doing file streaming... A typical usage of my implementation is a Flex based chat application with very small requests/responses. The important thing for me is: I want the request thread to be reused for other incoming requests and, as far as I understand long-polling issues (keeping the request thread busy while waiting for something to send), this exactly what Tomcat CometProcessor (or Jetty Continuation, or Grizzly CometEngine, etc.) may offer. Maybe I'm missing something, but send file is not very suitable for chat applications... Regards, Franck. Franck Wolff wrote: Hi Filip, Hum... I need a CometProcessor (long-polling) for data push, even if requests/responses are encoded in AMF3. you can do this, that's ok. Not as efficent as using send file, which you could write your own long poll servlet to do (see DefaultServlet.java how to initiate a send file) Everything is based on subscription to topics (Consumer) messages publication (Producer) and, while it could work with a standard servlet (polling), it won't be efficient. Anyway: my code mostly work, I'm just experiencing unexpected behaviors on (rather) heavy load: some events are invalid (getHttpRequest throws a NPE) and I'm wondering what should be done with those events (I currently try to close them). I'm also wondering what should be done when a TIMEOUT is received when a previous BEGIN event is used for writing a response: for example, after a 20s (APR timeout), it is possible (but rare) that a message is received (from another client) and dispatched so a previous BEGIN event (long-polling again) is used when writing the response. In that case, is the BEGIN event still valid? shouldn't be, you could use the NIO connector and control the timeout behaviour using CometEvent.setTimeout And what about the CLIENT_DISCONNECT event? disconnect is just a subtype, its would be captured by a CometEvent.EventType.ERROR or CometEvent.EventType.END event. a client disconnect really means nothing in the bayeux world though, the client has to explicitly send a I'm done message or the server has to have a separate timeout, unrelated to socket events. I'm sorry to ask the same questions again but I would love some answers ;-) I'll try Tomcat trunk when I'll have some time. please do, its easy to build ant download ant and the tomcat build is in output/build Regards, Franck. hi Franck, Franck Wolff wrote: Hi Filip, Ok, my (partly) mistake. I've missread this comment: ///GET method or application/x-www-form-urlencoded/ in BayeuxServlet.checkBayeux... Anyway, I can't change everything now and I need to read the request input stream (I'm getting AMF3 binary data), not to get a request parameter as in: if you need to stream up data, no need to do that using Bayeux, just use a regular servlet for that. String message = cometEvent.getHttpServletRequest().getParameter(Bayeux.MESSAGE_PARAMETER); When you speak about patches in the trunk, does it apply to comet support in general or the Bayeux impl, and what issue is it intented to fix? Will it be available in 6.0.19 and (approximatively) when? both, some fixes are for the Comet behavior and Bayeux will exist as an independent module. There are a few fixes already applied in the 6.0.x branch, and a couple of more are pending, waiting for review Filip Thanks for your reply, Franck. it only does POST, no GET messages, there is a patch pending (and one already applied) for 6.0 when it comes to comet, so testing with trunk would be best Filpi Franck Wolff wrote: Hi again, I just checked the Bayeux in Tomcat and it cannot work for me: it seems to only support GET request (am I wrong?)... Regards, Franck. Hi, Thanks for your reply! I didn't know about this Bayeux impl in Tomcat, so I developed my own implementation (that is not strictly conforming to the spec, just very close). I'm going to check this module and see if I can get some hints. What about the CLIENT_DISCONNECT event sub type? Any hints? Regards, Franck. hi Franck, are you using this Bayeux impl? http://svn.apache.org/viewvc/tomcat/trunk/modules/bayeux/ or do you have your own? Filip Franck Wolff wrote: Hi, I'm developing Tomcat/Comet support for Granite Data Service http://www.graniteds.org (Flex clients) and I've got few questions about CometEvents processing. Basically, my implementation is based on the Bayeux protocol (long-polling only) and two connections (command/tunnel) are opened for each clients (producer/consumer). I use a thread pool in order to dispatch received messages to each consumer subscribed to the relevant topic. Here are my questions: 1. What should happen exactly if Tomcat send a timeout event
tomcat 6 clustering issue
Hi, I have a tomcat cluster ( with tomcat 1 and tomcat 2 ) with a hardware load balancer infront. Session replication only works in some scenario and does not in others. Here is the scenario where it works... 1) Start tomcat 1 2) access the web application ( session gets created in tomcat 1 ) 3) Start tomcat 2 ( session gets replicated onto tomcat 2 ) 4) kill tomcat 1 5) access the web application ( works fine ) N here is the scenario where it does not work 1) Start tomcat 1 2) Start tomcat 2 3) create atleast once session on tomcat 1 and tomcat 2 by accessing the web application 4) kill any tomcat.. lets say tomcat 1 5) try to access the session that got created in tomcat1 ( logs out from the we application...session attributes are lost ) and also gives the below warning on tomcat 1 Tribes-MembershipReceiver] [WARN] org.apache.catalina.tribes.membership.McastService - Error receiving mcast package. Sleeping 500ms java.net.SocketException: socket closed at java.net.PlainDatagramSocketImpl.receive0(Native Method) at java.net.PlainDatagramSocketImpl.receive(PlainDatagramSocketImpl.java:136) at java.net.DatagramSocket.receive(DatagramSocket.java:712) at org.apache.catalina.tribes.membership.McastServiceImpl.receive(McastServiceImpl.java:314) at org.apache.catalina.tribes.membership.McastServiceImpl$ReceiverThread.run(McastServiceImpl.java:414) 2008-11-20 17:08:29.999 [Tribes-MembershipReceiver] [WARN] org.apache.catalina.tribes.membership.McastService - Error receiving mcast package. Sleeping 500ms java.net.SocketException: socket closed at java.net.PlainDatagramSocketImpl.receive0(Native Method) at java.net.PlainDatagramSocketImpl.receive(PlainDatagramSocketImpl.java:136) at java.net.DatagramSocket.receive(DatagramSocket.java:712) at org.apache.catalina.tribes.membership.McastServiceImpl.receive(McastServiceImpl.java:314) at org.apache.catalina.tribes.membership.McastServiceImpl$ReceiverThread.run(McastServiceImpl.java:414) 2008-11-20 17:08:29.999 [main] [INFO] org.apache.coyote.http11.Http11Protocol - Stopping Coyote HTTP/1.1 on http-8080 I have my logs configured to debug level and all the messages I see from tribes show that the session is being replicated successfully. Please let me know if any of those logs are needed for better understanding. I am also monitoring tomcats with JConsole and it shows that the sessions are getting replicated. Thanks for your help Rohit
Re: [Http]ServletResponseWrapper.getOutputStream()
Michael Ludwig schrieb am 20.11.2008 um 01:58:20 (+0100): String s = !-- Huhu -- + wrapper.toString(); ( (HttpServletResponse) res).setHeader( Zeichen, Integer.toString( s.length())); Note that this may not be correct: other filters could be adding content, and Content-Length is in bytes, not characters. If you are using anything other than ASCII, then this will not be correct. Very true. Or partly true. I wrote Zeichen (characters), not Oktette (octets, or bytes), so str.length() is alright. :-) Unless I have to deal with Unicode surrogate pairs (which fortunately I don't). In that exotic case, str.codePointCount() would be required. John O'Conner's Blog: How long is your String? http://weblogs.java.net/blog/joconner/archive/2005/08/how_long_is_you.html In addition to ASCII, the string.length() approach should also work for 8-bit encoding schemes like ISO-8859-1. SUN simplified like this in their Filters tutorial. response.setContentLength(caw.toString().length()); http://java.sun.com/products/servlet/Filters.html When I have to handle Content-Length myself, for outputting, say, Käsekuchen, and I may have chosen UTF-8, looks like I have to use: str.getBytes( response.getCharacterEncoding()).length But as you wrote, unbeknownst to it, my filter may itself be subject to filtering, so it may not know the definitive answer. It should probably only set the Content-Length if there is none set yet and else only apply the delta of what it adds or takes away to the value already set. Or rather, this should be handled per webapp as suitable, and there is no general rule. Michael Ludwig - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on Performance Tuning
Currently we are running Java 1.5 with 64 bit version on the superdome server with Redhat O/S. But we have not specified the -server option in the JAVA_OPTS. Is it must to have -server option specified when you are using a 64 bit Java. The CPU utilization nags me very much. The performance of the application pages/transactions are meeting our targets except the cpu target. We have the same application running on Weblogic/Apache/Oracle on Solaris O/S in which the CPU for 100 virtual user is 50-60%. To identify the surge in CPU, I tested the following scenario's yday. 2 users - Single Tomcat - 12-18% of CPU 4 users - Single Tomcat - 20-30% of CPU 6 users - Single Tomcat - 40-50% of CPU More than 6 users - Single/Double Tomcat - CPU utilization is 70-80%. Even if I test with 25/50/100 users the CPU maintains at 70%. We have max threads as 40 and I increased to 60 but did not find any difference in CPU. My application is an internet based one which currently has half a million page views everyday. In the near future it may exceed one million. I cannot test more than 100 users as we do not have license for more than 100 users. Is it a normal behavior of the tomcat ? On Wed, Nov 19, 2008 at 11:01 PM, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vasanth, Vasanth Kumar ravi wrote: We did many rounds of load/performance testing with 50 Virtual users, to find bottlenecks with the application, major problem found was CPU utilization. 1. We did load testing with 1 apache and 1 tomcat, the CPU was arnd 70% 2. We did load testing with 2 apache and 2 tomcat, the CPU was arnd 70% 3. We did load testing with 2 apache and 3 tomcat, the CPU was arnd 70% 4. We did load testing with 2 apache and 4 tomcat, the CPU was arnd 70% Was your load test designed to test your peak load expectations? IMO, 70% CPU utilization means that you have appropriately sized your hardware for your demand. I would call that a successful capacity planning job: you even have a bit of room to grow before adding more hardware. Are you just upset that you are using such a high percentage of your CPU? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkkKmYACgkQ9CaO5/Lv0PAwsgCghztrPqEqZr8qOgU9D/wQICcd oFsAoKeDf44p9qPHOr0jlEA3LA1lEUhc =lcEb -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- RegardsThanks, Vasanth Kumar Ravi
RE: Question on Performance Tuning
From: Vasanth Kumar ravi [mailto:[EMAIL PROTECTED] Subject: Re: Question on Performance Tuning But we have not specified the -server option in the JAVA_OPTS. Is it must to have -server option specified when you are using a 64 bit Java. Typically, 64-bit JVMs run only in -server mode, so you don't have to specify anything. Do java -version from a shell window to verify. To identify the surge in CPU, I tested the following scenario's yday. Fine, but what about the profiling we suggested you do? Without that data, everything else is just speculation. Run a profiler, and find out what's using up the CPU cycles. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question on Performance Tuning
Chuck We tried using the jprobe to profile the application.Now we are trying out lighter profiler as the jprobe was a heavy one. But found nothing suspicious. java version 1.5.0_16 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_16-b02) Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_16-b02, mixed mode) On Fri, Nov 21, 2008 at 9:49 AM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Vasanth Kumar ravi [mailto:[EMAIL PROTECTED] Subject: Re: Question on Performance Tuning But we have not specified the -server option in the JAVA_OPTS. Is it must to have -server option specified when you are using a 64 bit Java. Typically, 64-bit JVMs run only in -server mode, so you don't have to specify anything. Do java -version from a shell window to verify. To identify the surge in CPU, I tested the following scenario's yday. Fine, but what about the profiling we suggested you do? Without that data, everything else is just speculation. Run a profiler, and find out what's using up the CPU cycles. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- RegardsThanks, Vasanth Kumar Ravi
Re: java.lang.Exception: Socket bind failed: [730048]
Telnet does not work and netstat does not show anything suspicious. Only the webserver listening on port 80. I would like to know if I can kill any process from netstat or otherwise (other than from Task Manager, as that doesn't show anything useful). For now, I am already rebuilding a new server with Tomcat 6.0 and I would like to know if there are any tools to monitor this from happening again. I feel Tomcat 6.0 doesn't even have the admin webapp, but not so sure. Let me know where I can find it. Also any tools to monitor activity, sessions, RAM usage, jdbc connections, connection pools would be very helpful. Thanks, -Toby On Thu, Nov 20, 2008 at 3:28 PM, Len Popp [EMAIL PROTECTED] wrote: The command netstat -ao will tell you which process is listening on port 80, and Task Manager will show which program is running in that process. -- Len On Thu, Nov 20, 2008 at 14:47, Toby Kurien [EMAIL PROTECTED] wrote: Well, I have had this application for many years and usually restarting the whole server fixes anything, but not this time. I figure something is holding on to port 80, but I am not able to find out or terminate it. I have a bad feeling there might be a security breach or something. Thanks, -Toby On Wed, Nov 19, 2008 at 2:59 PM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Toby Kurien [mailto:[EMAIL PROTECTED] Subject: java.lang.Exception: Socket bind failed: [730048] I have attached a log file of the errors I am getting while trying to start Tomcat. Nov 19, 2008 12:55:22 PM org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:576) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:116) The error indicates something else is already using port 80, thereby preventing Tomcat from accessing it. Since you also have an AJP connector, you may be running Tomcat behind IIS or some other web server that handles port 80 and forwards requests to AJP on 8009. If you don't expect anything else to be using port 80, then something has crept in that's usurping Tomcat. (Or you may just be trying to run the same Tomcat twice.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to prevent Tomcat redirect my request
On Thu, Nov 20, 2008 at 10:24 PM, André Warnier [EMAIL PROTECTED] wrote: jim ma wrote: On Thu, Nov 20, 2008 at 6:48 PM, André Warnier [EMAIL PROTECTED] wrote: Mikolaj Rydzewski wrote: jim ma wrote: I still want to know if it is possible to stop Tomcat from redirecting. If yes, that will be zero code effort for our current implementation. Why is it a problem for you to use http://localhost:8080/foo/ URL? I agree with the above, but in case it is not an option, you may want to look at something like this : http://www.tuckey.org/urlrewrite/ It does many more things, but I guess it can rewrite /foo into /foo/ internally too. I just debugged the code. It returns http status code 302 and redirected location http://localhost:8080/foo/ before reach the code related to url rewrite configuration in web.xml . Yes, that's true of course. Stupid me. Urlrewrite is a servlet filter, so it will not see the request before it has been directed to the webapp, and thus the redirect will happen before. Duh. I guess you would need some kind of re-directing Valve for that. I also try to add a rewrite Valve to StandardEngine. And it is also does not work . Before reach that Valve, tomcat already replied that redirect response. Now, about what Mikolaj wrote before (using the /foo/ URL) I think you misunderstand what he is saying. What he meant is probably this : You seem to be using a http client that is not a browser, but some kind of program or module. Can you not make sure that this program or module does not send URLs like /foo, but itself transforms them into /foo/ at the source ? Yes , I can do that . If I get 302 response and write some code to resend quest to the redirected location, then I can always get what I want . It is not efficient , you know. It needs to talk to tomcat server twice . Is there shortcut way to do that ?
RE: java.lang.Exception: Socket bind failed: [730048]
From: Toby Kurien [mailto:[EMAIL PROTECTED] Subject: Re: java.lang.Exception: Socket bind failed: [730048] Only the webserver listening on port 80. If there's some webserver (which one - IIS?) listening on port 80, then Tomcat can't use that port, so it won't be able to initialize as you have it currently configured. I would like to know if I can kill any process from netstat or otherwise (other than from Task Manager, as that doesn't show anything useful). TaskManager is pretty much the only way for Windows (and it does show a lot of useful things, such as the PID number). For now, I am already rebuilding a new server with Tomcat 6.0 and I would like to know if there are any tools to monitor this from happening again. If you want Tomcat to use port 80, then don't start anything else that uses port 80. I feel Tomcat 6.0 doesn't even have the admin webapp, It's gone - it had serious internal problems, and no one was interested in maintaining it. Also any tools to monitor activity, sessions, RAM usage, jdbc connections, connection pools would be very helpful. Look at LambdaProbe, JConsole, and JVisualVM, for freebies that do monitoring on the fly. MoSKito (http://moskito.anotheria.net/) is useful for gathering data to be processed later. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to prevent Tomcat redirect my request
From: jim ma [mailto:[EMAIL PROTECTED] Subject: Re: How to prevent Tomcat redirect my request If I get 302 response and write some code to resend quest to the redirected location The point everyone's trying to make is that you should send the correct URL the *first* time, rather than sending one that doesn't comply with the HTTP spec and letting Tomcat correct it for you. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 6 clustering issue
this message 2008-11-20 17:08:29.999 [main] [INFO] org.apache.coyote.http11.Http11Protocol - Stopping Coyote HTTP/1.1 on http-8080 tells us that you stopped the tomcat instance Filip rohit aman wrote: Hi, I have a tomcat cluster ( with tomcat 1 and tomcat 2 ) with a hardware load balancer infront. Session replication only works in some scenario and does not in others. Here is the scenario where it works... 1) Start tomcat 1 2) access the web application ( session gets created in tomcat 1 ) 3) Start tomcat 2 ( session gets replicated onto tomcat 2 ) 4) kill tomcat 1 5) access the web application ( works fine ) N here is the scenario where it does not work 1) Start tomcat 1 2) Start tomcat 2 3) create atleast once session on tomcat 1 and tomcat 2 by accessing the web application 4) kill any tomcat.. lets say tomcat 1 5) try to access the session that got created in tomcat1 ( logs out from the we application...session attributes are lost ) and also gives the below warning on tomcat 1 Tribes-MembershipReceiver] [WARN] org.apache.catalina.tribes.membership.McastService - Error receiving mcast package. Sleeping 500ms java.net.SocketException: socket closed at java.net.PlainDatagramSocketImpl.receive0(Native Method) at java.net.PlainDatagramSocketImpl.receive(PlainDatagramSocketImpl.java:136) at java.net.DatagramSocket.receive(DatagramSocket.java:712) at org.apache.catalina.tribes.membership.McastServiceImpl.receive(McastServiceImpl.java:314) at org.apache.catalina.tribes.membership.McastServiceImpl$ReceiverThread.run(McastServiceImpl.java:414) 2008-11-20 17:08:29.999 [Tribes-MembershipReceiver] [WARN] org.apache.catalina.tribes.membership.McastService - Error receiving mcast package. Sleeping 500ms java.net.SocketException: socket closed at java.net.PlainDatagramSocketImpl.receive0(Native Method) at java.net.PlainDatagramSocketImpl.receive(PlainDatagramSocketImpl.java:136) at java.net.DatagramSocket.receive(DatagramSocket.java:712) at org.apache.catalina.tribes.membership.McastServiceImpl.receive(McastServiceImpl.java:314) at org.apache.catalina.tribes.membership.McastServiceImpl$ReceiverThread.run(McastServiceImpl.java:414) 2008-11-20 17:08:29.999 [main] [INFO] org.apache.coyote.http11.Http11Protocol - Stopping Coyote HTTP/1.1 on http-8080 I have my logs configured to debug level and all the messages I see from tribes show that the session is being replicated successfully. Please let me know if any of those logs are needed for better understanding. I am also monitoring tomcats with JConsole and it shows that the sessions are getting replicated. Thanks for your help Rohit - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.lang.Exception: Socket bind failed: [730048]
would like to know if I can kill any process from netstat or otherwise (other than from Task Manager, as that doesn't show anything useful). Cud be IIS interference to Tomcat. Try the following Start -- Control Panel -- Administrative Tools --Services -- I Find the process named IIS Admin and right click to Stop it. jus my 2 cents. On Fri, Nov 21, 2008 at 10:36 AM, Toby Kurien [EMAIL PROTECTED] wrote: Telnet does not work and netstat does not show anything suspicious. Only the webserver listening on port 80. I would like to know if I can kill any process from netstat or otherwise (other than from Task Manager, as that doesn't show anything useful). For now, I am already rebuilding a new server with Tomcat 6.0 and I would like to know if there are any tools to monitor this from happening again. I feel Tomcat 6.0 doesn't even have the admin webapp, but not so sure. Let me know where I can find it. Also any tools to monitor activity, sessions, RAM usage, jdbc connections, connection pools would be very helpful. Thanks, -Toby On Thu, Nov 20, 2008 at 3:28 PM, Len Popp [EMAIL PROTECTED] wrote: The command netstat -ao will tell you which process is listening on port 80, and Task Manager will show which program is running in that process. -- Len On Thu, Nov 20, 2008 at 14:47, Toby Kurien [EMAIL PROTECTED] wrote: Well, I have had this application for many years and usually restarting the whole server fixes anything, but not this time. I figure something is holding on to port 80, but I am not able to find out or terminate it. I have a bad feeling there might be a security breach or something. Thanks, -Toby On Wed, Nov 19, 2008 at 2:59 PM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Toby Kurien [mailto:[EMAIL PROTECTED] Subject: java.lang.Exception: Socket bind failed: [730048] I have attached a log file of the errors I am getting while trying to start Tomcat. Nov 19, 2008 12:55:22 PM org.apache.coyote.http11.Http11AprProtocol init SEVERE: Error initializing endpoint java.lang.Exception: Socket bind failed: [730048] Only one usage of each socket address (protocol/network address/port) is normally permitted. at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:576) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:116) The error indicates something else is already using port 80, thereby preventing Tomcat from accessing it. Since you also have an AJP connector, you may be running Tomcat behind IIS or some other web server that handles port 80 and forwards requests to AJP on 8009. If you don't expect anything else to be using port 80, then something has crept in that's usurping Tomcat. (Or you may just be trying to run the same Tomcat twice.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- RegardsThanks, Vasanth Kumar Ravi
Re: How to unsubscribe to this tomact mailing service
To unsubscribe, e-mail: [EMAIL PROTECTED] On Wed, Nov 19, 2008 at 2:26 PM, devendra gawde [EMAIL PROTECTED] wrote: Be the first one to try the new Messenger 9 Beta! Go to http://in.messenger.yahoo.com/win/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- RegardsThanks, Vasanth Kumar Ravi
Re: Tomcat Hanging Intermittently
have tomcat server with apache (mod_jk) and mysql running on my box. Initially there were no issues with the server. But from past one month, the tomcat application hangs and websites also doesn't open. Though when i run nmap localhost, it shows me 8080 and ajp13 services running. Check the cpu/memory utilized in the server. Check your GC logs, if you have one. Did u get any OOM errors in yout tomcat log files or any other exceptions while accessing the website. I have notices that in last 1 month serveral websites have been hosted on the box. Earlier around 6-10 websites were hosted but now it has increased to 20. Is it putting load on the server. Check the cpu/memory utilized in the server. - to find the cause. I am facing another issue. Most of the websites have .war files deployed, so whenever i restarts the tomcat, it takes 90 seconds to start the tomcat. Time duration has also incereased as the no. websites have increased. All depends on your mem/cpu aavailable for use . On Fri, Nov 14, 2008 at 8:58 PM, Gaurav Pruthi [EMAIL PROTECTED] wrote: Dear All, I have tomcat server with apache (mod_jk) and mysql running on my box. Initially there were no issues with the server. But from past one month, the tomcat application hangs and websites also doesn't open. Though when i run nmap localhost, it shows me 8080 and ajp13 services running. I have notices that in last 1 month serveral websites have been hosted on the box. Earlier around 6-10 websites were hosted but now it has increased to 20. Is it putting load on the server. I am facing another issue. Most of the websites have .war files deployed, so whenever i restarts the tomcat, it takes 90 seconds to start the tomcat. Time duration has also incereased as the no. websites have increased. Kindly provide me some solution so that i don't have to face any downtime in future. Thanks, Gaurav Pruthi -- RegardsThanks, Vasanth Kumar Ravi
