Re: Tomcat Configuration in Eclipse
ados1...@gmail.com wrote: It appears apparent that Tomcat is running as a service on my Windows. Right-click on the My computer icon and choose Manage In the panel that appears, navigate to services (on the left side) When you click on that, on the right side appears a list of services installed on your PC. In that list, you should find Apache Tomcat. Right-click on that item, and in the pop-up menu, choose stop.(*) That should stop the service. Now right-click on the item again, and choose Properties. One of those properties is startup, which gives you a choice of automatic, Manual or disabled. Pick Manual. Now Tomcat will not start automatically anymore at each reboot. If you want it to run later as a service, there are 2 ways : - either follow the procedure above again, and instead of stop (at the place marked by *) choose start. - or, open a command window, and enter : net start Apache Tomcat Another tip : If you open a command window, and enter just net start, you will get a list of running services, with their names according to Windows. The name that appears as Apache Tomcatxxx is the name to use with these net start and net stop commands. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I have a problem with Apache, Tomcat
Caldarale, Charles R wrote: From: nohacks [mailto:philipfwil...@gmail.com] Subject: Re: I have a problem with Apache, Tomcat I am not using Apache to server any Static content. That begs the question: why do you have httpd in the game at all? I knew you'd say that, I was about to do the same. But I think that the answer is balancer. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I have a problem with Apache, Tomcat
Pid wrote: nohacks wrote: Apache has better Security and Load balancing for the tomcat cluster. I'm passing out hard hats sandbags for anyone who wants one. Do you also have some flame-retardant and anti-troll spells (or dwarfs) in your inventory ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem Accessing resource files in Tomcat 6.0.18
Hi, my code looks like this: ... final Resource resource = iterator.next(); final Context cx = ContextFactory.getGlobal().enterContext(); final StringBuilder stringBuilder = new StringBuilder(); final String resourcePath = resource.getURI().getPath(); logger.debug(Trying to load resource {}, resourcePath); try { final InputStream resourceStream = this.getClass().getClassLoader().getResourceAsStream(resourcePath); if (resourceStream == null) { throw new RuntimeException(Failed to get resource as stream: + resourcePath); } final BufferedReader br = new BufferedReader(new InputStreamReader(resourceStream)); String line; while ((line = br.readLine()) != null) { stringBuilder.append(line).append(\n); } } catch (IOException e) { e.printStackTrace(); } ... and in springs application context file: bean id=dwtHelper class=com.mycompany.DWTHelper init-method=init property name=javascriptResourceList list valuefile:/configure.js/value valuefile:/dojo.js.uncompressed.js/value valuefile:/dwt.js.uncompressed.js/value valuefile:/template_dwt_parser.js/value /list /property /bean thanks for taking time to help, Jacob George Sexton wrote: Are you using getResourceAsStream()? Do your paths start with / ? Jacob Bergöö wrote: Hi All, I have a problem when I deploy my war file on Tomcat 6.0.18 that does not occur when I deploy the same war file on my Jetty web server. My war file contains a jar artifact that when Spring is initialized reads a couple of js files and process them using Rhino on the server side. This works fine when I develop it because I am using Jetty when I run it local on my machine, but when I try to run it on our development server that runs a Tomcat then It suddenly does not work. In What way are Tomcat treating this resources differently than Jetty? What do I need to do to fix this? Thanks for any suggestions, Jacob -- George Sexton MH Software, Inc. Voice: +1 303 438 9585 URL: http://www.mhsoftware.com/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Problem-Accessing-resource-files-in-Tomcat-6.0.18-tp23389326p23401115.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Trouble Implementing CometProcessor
Hi All, Im trying to implement the comet chat example that is provided in tomcat docs. its said that when a servlet implements CometProcessor interface then when this servlet is called instead of calling the service method the event method will be invoked. but after implementing the interface if i call the servlet from browser with something like http://localhost/app/chat;, event method was not invoked instead request goes to service method. could anyone please let me know what shd be the client URL so that the event method will be invoked instead of service method. Thank you, bala.
Re: I have a problem with Apache, Tomcat
On 05.05.2009 22:17, nohacks wrote: 1) Which component should respond to this request, Apache or Tomcat? Tomcat should answer all. I am not using Apache to server any Static content. OK, and I assume you actually checked, that it *is* Tomcat that produces the answer in the 404 case. I forgot: Do you have the same problem, when using Tomcat directly via the HTTP connector without Apache? If so, we should debug it without Apache, because then it doesn't have to do with Apache. 2)Which part of your webapps is expected to serve the content for Tomcat /a4j_3_2_2-SNAPSHOTorg/richfaces/renderkit/html/css/basic_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf We are using JSF and JBoss Richfaces. or there is some servlet, which should answer that request dynamically and is not configured right, resp. the servlet producing the page which contains this link produces garbage in the page. I dont think it is garbage, but you never know right. hahah. I see it returns a 200 here.. 78.124.0.12 - - [04/May/2009:10:26:27 -0400] GET /a4j_3_2_2-SNAPSHOTorg/richfaces/renderkit/html/css/basic_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf HTTP/1.1 2001254 http://www.myAppName.com/login.jsf; Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; FDM; .NET CLR 2.0.50727) The missing space after the 200 is due to a copy and paste error? It is somewhat misleading, when the most important information in the line (the status code) is corrupt. Can you call the URL directly, without going through the login.jsf by simply entering the long URL into the browser address line? The next thing would be to redo the same request, but making sure, that there is no session cookie send. So before sending the request and before each of the following tests, clean up all cookies in your browser. Especially that means do not go via the login page (which will likely set the cookie), always use the troubling URL direct. Do you also get a 200, when doing the same request without session cookie? Then simply add a ;jsessionid=123 at the end of the URL, redo the test (without cookie) to check what happens, if you use a session id for a non-existing session. If you can then reproduce the problem I would assume, that the 404 is produced by the JSF component itself. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trouble Implementing CometProcessor
I just created a simple example implementing the CometProcessor interface and seems the request is calling event method. i just need to work furthour on this. sorry for the trouble. Thank you, bala. On Wed, May 6, 2009 at 12:43 PM, balachandra maddina chandu2...@gmail.comwrote: Hi All, Im trying to implement the comet chat example that is provided in tomcat docs. its said that when a servlet implements CometProcessor interface then when this servlet is called instead of calling the service method the event method will be invoked. but after implementing the interface if i call the servlet from browser with something like http://localhost/app/chat;, event method was not invoked instead request goes to service method. could anyone please let me know what shd be the client URL so that the event method will be invoked instead of service method. Thank you, bala.
Change thread name of HTTP worker threads at Runtime
Hi, I occassionally have to analyse thread dumps of tomcat servers which serve up to 25 instances of the same (quite complex) web service application. All custom threads have names that contain the instance id, but it is impossible to see which HTTP processor threads serve which application instance. Now we came up with the idea to rename the threads at the beginning of the request processing (to current-name + application-id), and rename them back totheir base name after the request is processed. As these threads are managed by Tomcat, I am wondering: is this a bad idea? Anything in Tomcat (or Java) that could cause a problem if we do that? Also, is this better implemented in the servlets (almost all our relevant requests go to servlets, the are hardly any JSP) or as a filter? Filter seems a better idea, but I never developed one, so I might overlook some characteristic that makes this unsuitable to do in a filter. We want to implement this first on Tomcat 5.0, but migrate to Tomcat 6.0 later this year. Any notable differences in this regard? TIA for any thoughts on this. Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
invalid certificate
Hi, I generated a new certificate according to http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html First step: keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/.keystore Second step: in servers.xml: Connector protocol=org.apache.coyote.http11.Http11Protocol port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/usr/local/tomcat/.keystore keystorePass=password clientAuth=false sslProtocol=TLS/ I am getting an error that the certificate is not valid when I access the https URL: The error message is: uses an invalid security certificate When I list the certificate: Valid from: Wed May 06 11:52:13 MEST 2009 until: Tue Aug 04 11:52:13 MEST 2009 Can you please shed some light on this? thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: invalid certificate
Melanie: Your certificate is invalid, as your navigator does not know the Certificate Authority who issued your server certificate (In this case, you). It's not related to expiration dates. You can find nice guides (using openssl :( ) here: http://www.tc.umn.edu/~brams006/selfsign.html and here: http://marc.info/?l=tomcat-userm=106293430225790w=2 that can help you to understand the process, and of course with the problem you are having Best, Toni -Original Message- From: Melanie Pfefer [mailto:melanie_pfe...@yahoo.co.uk] Sent: miércoles, 06 de mayo de 2009 12:04 To: users@tomcat.apache.org Subject: invalid certificate Hi, I generated a new certificate according to http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html First step: keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/.keystore Second step: in servers.xml: Connector protocol=org.apache.coyote.http11.Http11Protocol port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/usr/local/tomcat/.keystore keystorePass=password clientAuth=false sslProtocol=TLS/ I am getting an error that the certificate is not valid when I access the https URL: The error message is: uses an invalid security certificate When I list the certificate: Valid from: Wed May 06 11:52:13 MEST 2009 until: Tue Aug 04 11:52:13 MEST 2009 Can you please shed some light on this? thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_proxy_ajp keepalive
Hello, question about keepalive for mod_proxy (via ProxyPass directive) AJP connections: This flag will tell the Operating System to send KEEP_ALIVE messages on inactive connections (interval depends on global OS settings, generally 120ms) (http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass) A send keepalive message interval of 120ms seems very short for me. On Linux there is a default time of 7200 s to wait on a idle tcp connection and then send keepalive messages in an interval of 75 s, according to http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html Can someone please get this clearer?
Re: Change thread name of HTTP worker threads at Runtime
Hi, At the company I work we are doing this for a couple of years already with Tomcat 4, 5 and now 6. Works very well. And makes threaddumps more easy to read. A filter is very ease to make. public class ThreadNameFilter implements javax.servlet.Filter { public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fc) throws IOException, ServletException { HttpServletRequest httpReq = (HttpServletRequest)req; final Thread curThr = Thread.currentThread(); final String oldName = curThr.getName(); try { curThr.setName(httpReq.getRequestURI()); fc.doFilter(req, resp); } finally { curThr.setName(oldName); } } Something like this. Ronald. Op woensdag, 6 mei 2009 11:58 schreef Rainer Frey (Inxmail GmbH) : Hi, I occassionally have to analyse thread dumps of tomcat servers which serve up to 25 instances of the same (quite complex) web service application. All custom threads have names that contain the instance id, but it is impossible to see which HTTP processor threads serve which application instance. Now we came up with the idea to rename the threads at the beginning of the request processing (to current-name + application-id), and rename them back totheir base name after the request is processed. As these threads are managed by Tomcat, I am wondering: is this a bad idea? Anything in Tomcat (or Java) that could cause a problem if we do that? Also, is this better implemented in the servlets (almost all our relevant requests go to servlets, the are hardly any JSP) or as a filter? Filter seems a better idea, but I never developed one, so I might overlook some characteristic that makes this unsuitable to do in a filter. We want to implement this first on Tomcat 5.0, but migrate to Tomcat 6.0 later this year. Any notable differences in this regard? TIA for any thoughts on this. Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: invalid certificate
Hi Antonio, So you mean this error cannot be fixed? All self-signed certificates have this problem when a browser accesses the page using ssl? thanks --- On Wed, 6/5/09, Antonio Vidal Ferrer antonio.vi...@globalia-sistemas.com wrote: From: Antonio Vidal Ferrer antonio.vi...@globalia-sistemas.com Subject: RE: invalid certificate To: 'Tomcat Users List' users@tomcat.apache.org Date: Wednesday, 6 May, 2009, 1:37 PM Melanie: Your certificate is invalid, as your navigator does not know the Certificate Authority who issued your server certificate (In this case, you). It's not related to expiration dates. You can find nice guides (using openssl :( ) here: http://www.tc.umn.edu/~brams006/selfsign.html and here: http://marc.info/?l=tomcat-userm=106293430225790w=2 that can help you to understand the process, and of course with the problem you are having Best, Toni -Original Message- From: Melanie Pfefer [mailto:melanie_pfe...@yahoo.co.uk] Sent: miércoles, 06 de mayo de 2009 12:04 To: users@tomcat.apache.org Subject: invalid certificate Hi, I generated a new certificate according to http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html First step: keytool -genkey -alias tomcat -keyalg RSA -keystore /usr/local/tomcat/.keystore Second step: in servers.xml: Connector protocol=org.apache.coyote.http11.Http11Protocol port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/usr/local/tomcat/.keystore keystorePass=password clientAuth=false sslProtocol=TLS/ I am getting an error that the certificate is not valid when I access the https URL: The error message is: uses an invalid security certificate When I list the certificate: Valid from: Wed May 06 11:52:13 MEST 2009 until: Tue Aug 04 11:52:13 MEST 2009 Can you please shed some light on this? thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: invalid certificate
From: Melanie Pfefer [mailto:melanie_pfe...@yahoo.co.uk] So you mean this error cannot be fixed? All self-signed certificates have this problem when a browser accesses the page using ssl? If the browser doesn't trust the root certificate that certifies the self-signed cert, it will give at least a warning and in some cases an error. This is a good thing, as otherwise I could create a self-signed certificate that said my web server was https://www.paypal.com, trick your browser into visiting my server, and you wouldn't see a warning. Think of a certificate as being ID for that web server. A certificate signed by a root certificate authority (CA) that's trusted by the browser is like a passport - slow and expensive to get, but almost everybody trusts it as ID. A self-signed certificate is like a letter you've signed as proof of your own identity - fast and cheap to get, but not very good for proving who you are. Is your web application being used on the Internet, or within the company? If it's on the Internet, you really don't have a choice - if you want SSL and no warnings, you'll have to get a certificate signed by a well-known certificate authority, and you'll have to pay the money for that. If it's on your internal network, the alternative is to add your company root CA to the browsers' trust list, then use an internally-generated cert. You still can't use a *self-signed* cert as they're always one-offs, but you can generate one from your company CA if you have it. Clearly if you don't have a company CA, you can't do this! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: what is mod_jk parameter connection_pool_timeout in mod_proxy / mod_proxy_ajp / apache httpd?
I need to either close the ajp connections or send keepalive messages because there is a firewall with a timeout of 1h between the mod_proxy_ajp (Apache 2.2.9) and the JBoss Server with ajp connector and Valve className=org.jboss.web.tomcat.service.jca.CachedConnectionValve cachedConnectionManagerObjectName=jboss.jca:service=CachedConnectionManager transactionManagerObjectName=jboss:service=TransactionManager / in server.xml. Setting BalancerMember ajp://hostname status=-H ping=3 smax=0 ttl=600 did not help, even setting disablereuse did not help. After 1h idle time the connections are broken. A restart of the Apache solves the problem. Apache error log: [Wed May 06 08:45:20 2009] [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive hea der [Wed May 06 08:45:20 2009] [error] ajp_read_header: ajp_ilink_receive failed [Wed May 06 08:45:20 2009] [error] (120006)APR does not understand this error code: proxy: read response failed from x.x.x.x:8009 (x.x.x.x) 2009/4/27 Rainer Jung rainer.j...@kippdata.de Because I use mpm-prefork as mentioned, default smax=max=1. Does it make sense to set smax to 0 to get a ttl for the one and only connection? I would say yes, it does make sense. So zero connections will be created on demand? Is it bad not to have a ttl for the one and only connection? When will that connection be closed without ttl? When Tomcat connectionTimeout triggers? Yes, but then you rely on httpd to correctly detect the closed connection. Usually you do that via activating cping/cpong. I would use a ttl value as a kind of double safety net. Whether closing idle connections or not is also related to - what kind of connection pool is the backend using (relation to backend threads, and how precious your thread resources are) - are there other systems influencing idle connections between the web server and the backend (like a firewall dropping idle connections)
comet with httpclient
Hi All, Is it possible to use HttpClient as a client to comet servlet when i tried a simple HttpClient the response is never returned back. below is my comet client code... HttpClient httpclient = new DefaultHttpClient(); HttpGet httpget = new HttpGet(http://localhost:8080/serverpush/comet;); ResponseHandlerString responseHandler = new BasicResponseHandler(); String responseBody = httpclient.execute(httpget, responseHandler); httpclient.getConnectionManager().shutdown(); if the above implementation is not preferred then what is the preferred client for a comet servlet. could somebody point me to a link or doc on comet client please. any help would be very much appreciated Thank you, bala.
Re: what is mod_jk parameter connection_pool_timeout in mod_proxy / mod_proxy_ajp / apache httpd?
Not 100% sure, whether this is part of the problem, but the changelog contains: Changes with Apache 2.2.10 *) Allow for smax to be 0 for balancer members so that all idle connections are able to be dropped should they exceed ttl. PR 43371 [Phil Endecott spam_from_apache_bugzilla chezphil.org, Jim Jagielski] Since mod_proxy_ajp and mod_proxy_balancer are rapidly improving, seriously try the latest (2.2.11). Regards, Rainer On 06.05.2009 14:41, Arne Riecken wrote: I need to either close the ajp connections or send keepalive messages because there is a firewall with a timeout of 1h between the mod_proxy_ajp (Apache 2.2.9) and the JBoss Server with ajp connector and Valve className=org.jboss.web.tomcat.service.jca.CachedConnectionValve cachedConnectionManagerObjectName=jboss.jca:service=CachedConnectionManager transactionManagerObjectName=jboss:service=TransactionManager / in server.xml. Setting BalancerMember ajp://hostname status=-H ping=3 smax=0 ttl=600 did not help, even setting disablereuse did not help. After 1h idle time the connections are broken. A restart of the Apache solves the problem. Apache error log: [Wed May 06 08:45:20 2009] [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive hea der [Wed May 06 08:45:20 2009] [error] ajp_read_header: ajp_ilink_receive failed [Wed May 06 08:45:20 2009] [error] (120006)APR does not understand this error code: proxy: read response failed from x.x.x.x:8009 (x.x.x.x) 2009/4/27 Rainer Jung rainer.j...@kippdata.de Because I use mpm-prefork as mentioned, default smax=max=1. Does it make sense to set smax to 0 to get a ttl for the one and only connection? I would say yes, it does make sense. So zero connections will be created on demand? Is it bad not to have a ttl for the one and only connection? When will that connection be closed without ttl? When Tomcat connectionTimeout triggers? Yes, but then you rely on httpd to correctly detect the closed connection. Usually you do that via activating cping/cpong. I would use a ttl value as a kind of double safety net. Whether closing idle connections or not is also related to - what kind of connection pool is the backend using (relation to backend threads, and how precious your thread resources are) - are there other systems influencing idle connections between the web server and the backend (like a firewall dropping idle connections) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: comet with httpclient
code Servlet to implement CometProcessor http://www.mbaworld.com/docs/aio.html Martin __ Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Wed, 6 May 2009 18:37:23 +0530 Subject: comet with httpclient From: chandu2...@gmail.com To: users@tomcat.apache.org Hi All, Is it possible to use HttpClient as a client to comet servlet when i tried a simple HttpClient the response is never returned back. below is my comet client code... HttpClient httpclient = new DefaultHttpClient(); HttpGet httpget = new HttpGet(http://localhost:8080/serverpush/comet;); ResponseHandlerString responseHandler = new BasicResponseHandler(); String responseBody = httpclient.execute(httpget, responseHandler); httpclient.getConnectionManager().shutdown(); if the above implementation is not preferred then what is the preferred client for a comet servlet. could somebody point me to a link or doc on comet client please. any help would be very much appreciated Thank you, bala. _ Hotmail® has a new way to see what's up with your friends. http://windowslive.com/Tutorial/Hotmail/WhatsNew?ocid=TXT_TAGLM_WL_HM_Tutorial_WhatsNew1_052009
Re: I have a problem with Apache, Tomcat
Thanks for all of your time on this problem. I found the issue..!!! It was a page caching issue with the browser. It seems the page was cached and so not creating a new session for the Post button on Login. I put the following in my login page and now it works great. The new session is created. META Http-Equiv=Cache-Control Content=no-cache META Http-Equiv=Pragma Content=no-cache META Http-Equiv=Expires Content=-1 This forces the page to go back to server and get new session id. Because old session id was expired. I followed the logs from Browser, Apache, ModJk, LB, Tomcat, App. It all works for now. I might also use the Apache. CacheDisable Directive http://httpd.apache.org/docs/2.2/mod/mod_cache.html#cachedisable Thanks Again. Phil Rainer Jung-3 wrote: On 05.05.2009 22:17, nohacks wrote: 1) Which component should respond to this request, Apache or Tomcat? Tomcat should answer all. I am not using Apache to server any Static content. OK, and I assume you actually checked, that it *is* Tomcat that produces the answer in the 404 case. I forgot: Do you have the same problem, when using Tomcat directly via the HTTP connector without Apache? If so, we should debug it without Apache, because then it doesn't have to do with Apache. 2)Which part of your webapps is expected to serve the content for Tomcat /a4j_3_2_2-SNAPSHOTorg/richfaces/renderkit/html/css/basic_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf We are using JSF and JBoss Richfaces. or there is some servlet, which should answer that request dynamically and is not configured right, resp. the servlet producing the page which contains this link produces garbage in the page. I dont think it is garbage, but you never know right. hahah. I see it returns a 200 here.. 78.124.0.12 - - [04/May/2009:10:26:27 -0400] GET /a4j_3_2_2-SNAPSHOTorg/richfaces/renderkit/html/css/basic_classes.xcss/DATB/eAF7sqpgb-jyGdIAFrMEaw__.jsf HTTP/1.1 2001254 http://www.myAppName.com/login.jsf; Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; FDM; .NET CLR 2.0.50727) The missing space after the 200 is due to a copy and paste error? It is somewhat misleading, when the most important information in the line (the status code) is corrupt. Can you call the URL directly, without going through the login.jsf by simply entering the long URL into the browser address line? The next thing would be to redo the same request, but making sure, that there is no session cookie send. So before sending the request and before each of the following tests, clean up all cookies in your browser. Especially that means do not go via the login page (which will likely set the cookie), always use the troubling URL direct. Do you also get a 200, when doing the same request without session cookie? Then simply add a ;jsessionid=123 at the end of the URL, redo the test (without cookie) to check what happens, if you use a session id for a non-existing session. If you can then reproduce the problem I would assume, that the 404 is produced by the JSF component itself. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/I-have-a-problem-with-Apache%2C-Tomcat-tp23322605p23407036.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: get Mod_jk precedence over mod_rewrite in Apache2
thanks for answers, JkUnMount forward to my apache2, and mod_rewrite does its job then. Thanks to the list ! Christophe Dumonet Centre de Ressources Informatiques Institut Francais de Mecanique Avancee (IFMA) Campus des Cezeaux BP 265 63175 AUBIERE Cedex Tel : +33 - 4.73.28.80.64 Fax : +33 - 4.73.28.81.00 Mail : christophe.dumo...@ifma.fr Rainer Jung a écrit : On 05.05.2009 16:13, André Warnier wrote: christophe.dumo...@ifma.fr wrote: ... Suggestion : instead of using the JkMount/JkUnMount way of configuring your forwarded URLs, use the way described here : http://tomcat.apache.org/connectors-doc/reference/apache.html in the section : Using SetHandler and Environment Variables In other words, instead of JkMount /myapp worker1 JkMount /myapp/* worker1 (JkUnMount /myapp/*.gif worker1) use Location /myapp SetHandler jakarta-servlet (SetEnvIf REQUEST_URI ^/myapp/.+\.gif no-jk) ... /Location If you want to use this recipe, be sure to use version 1.2.28 of mod_jk. Version 1.2.27 had a problem with this type of confguration, when no JkMount was used at all. Versions before 1.2.27 have a known security related issue, so 1.2.28 is best. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: what is mod_jk parameter connection_pool_timeout in mod_proxy / mod_proxy_ajp / apache httpd?
Thank You very much, that seems to be the point for me. With mpm-prefork there is only one connection and if that cannot be closed due to timeout, I have a problem with firewall dropping. I posted already on this list on howto configure ajp keepalive, as an alternative. But on the other hand it seems not to be very wise to hold every connection open forever? I think we will use the Apache that comes with the distribution, and that's 2.2.9, su upgrading is not an option. So I think we switch back to mod_jk. 2009/5/6 Rainer Jung rainer.j...@kippdata.de Not 100% sure, whether this is part of the problem, but the changelog contains: Changes with Apache 2.2.10 *) Allow for smax to be 0 for balancer members so that all idle connections are able to be dropped should they exceed ttl. PR 43371 [Phil Endecott spam_from_apache_bugzilla chezphil.org, Jim Jagielski] Since mod_proxy_ajp and mod_proxy_balancer are rapidly improving, seriously try the latest (2.2.11). Regards, Rainer On 06.05.2009 14:41, Arne Riecken wrote: I need to either close the ajp connections or send keepalive messages because there is a firewall with a timeout of 1h between the mod_proxy_ajp (Apache 2.2.9) and the JBoss Server with ajp connector and Valve className=org.jboss.web.tomcat.service.jca.CachedConnectionValve cachedConnectionManagerObjectName=jboss.jca:service=CachedConnectionManager transactionManagerObjectName=jboss:service=TransactionManager / in server.xml. Setting BalancerMember ajp://hostname status=-H ping=3 smax=0 ttl=600 did not help, even setting disablereuse did not help. After 1h idle time the connections are broken. A restart of the Apache solves the problem. Apache error log: [Wed May 06 08:45:20 2009] [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive hea der [Wed May 06 08:45:20 2009] [error] ajp_read_header: ajp_ilink_receive failed [Wed May 06 08:45:20 2009] [error] (120006)APR does not understand this error code: proxy: read response failed from x.x.x.x:8009 (x.x.x.x) 2009/4/27 Rainer Jung rainer.j...@kippdata.de Because I use mpm-prefork as mentioned, default smax=max=1. Does it make sense to set smax to 0 to get a ttl for the one and only connection? I would say yes, it does make sense. So zero connections will be created on demand? Is it bad not to have a ttl for the one and only connection? When will that connection be closed without ttl? When Tomcat connectionTimeout triggers? Yes, but then you rely on httpd to correctly detect the closed connection. Usually you do that via activating cping/cpong. I would use a ttl value as a kind of double safety net. Whether closing idle connections or not is also related to - what kind of connection pool is the backend using (relation to backend threads, and how precious your thread resources are) - are there other systems influencing idle connections between the web server and the backend (like a firewall dropping idle connections) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem Accessing resource files in Tomcat 6.0.18
I've never used getResourceAsStream() from a class loader. The one thing I can point out is that by specification, the ServletContext.getResourceAsStream() requires that the file name start with /. If you're getting Tomcat's class loader that would explain the problem. Jacob Bergöö wrote: Hi, my code looks like this: ... final Resource resource = iterator.next(); final Context cx = ContextFactory.getGlobal().enterContext(); final StringBuilder stringBuilder = new StringBuilder(); final String resourcePath = resource.getURI().getPath(); logger.debug(Trying to load resource {}, resourcePath); try { final InputStream resourceStream = this.getClass().getClassLoader().getResourceAsStream(resourcePath); if (resourceStream == null) { throw new RuntimeException(Failed to get resource as stream: + resourcePath); } final BufferedReader br = new BufferedReader(new InputStreamReader(resourceStream)); String line; while ((line = br.readLine()) != null) { stringBuilder.append(line).append(\n); } } catch (IOException e) { e.printStackTrace(); } ... and in springs application context file: bean id=dwtHelper class=com.mycompany.DWTHelper init-method=init property name=javascriptResourceList list valuefile:/configure.js/value valuefile:/dojo.js.uncompressed.js/value valuefile:/dwt.js.uncompressed.js/value valuefile:/template_dwt_parser.js/value /list /property /bean thanks for taking time to help, Jacob George Sexton wrote: Are you using getResourceAsStream()? Do your paths start with / ? Jacob Bergöö wrote: Hi All, I have a problem when I deploy my war file on Tomcat 6.0.18 that does not occur when I deploy the same war file on my Jetty web server. My war file contains a jar artifact that when Spring is initialized reads a couple of js files and process them using Rhino on the server side. This works fine when I develop it because I am using Jetty when I run it local on my machine, but when I try to run it on our development server that runs a Tomcat then It suddenly does not work. In What way are Tomcat treating this resources differently than Jetty? What do I need to do to fix this? Thanks for any suggestions, Jacob -- George Sexton MH Software, Inc. Voice: +1 303 438 9585 URL: http://www.mhsoftware.com/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- George Sexton MH Software, Inc. Voice: +1 303 438 9585 URL: http://www.mhsoftware.com/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem Accessing resource files in Tomcat 6.0.18
Hi again, I solved it. I just changed the final InputStream resourceStream = this.getClass().getClassLoader().getResourceAsStream(resourcePath); to final InputStream resourceStream = this.getClass().getResourceAsStream(resourcePath); and then it works! Thanks to this article [1] I managed to solve it. Thanks for the help, Jacob [1] http://www.javaworld.com/javaworld/javaqa/2003-08/01-qa-0808-property.html?page=2 -- View this message in context: http://www.nabble.com/Problem-Accessing-resource-files-in-Tomcat-6.0.18-tp23389326p23407801.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check/j_username/j_password issue in Tomcat Version 6.0.18
What two versions? The version in which I can retrieve the j_username/j_password values is 5.5.27. This doesn't work in version 6.0.18. When using Tomcat Version 6.0.18, I monitored the app using a proxy(Charles Proxy), I see the j_username and j_password in the request but when I do a request.getParameter(j_username) or request.getParameter(j_password) in a jsp I'm getting a null value back. Thanks, Sanjay. From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, May 5, 2009 10:40:41 PM Subject: RE: j_security_check/j_username/j_password issue in Tomcat Version 6.0.18 From: Sanjay Manchiganti [mailto:ms4san...@yahoo.com] Subject: j_security_check/j_username/j_password issue in Tomcat Version 6.0.18 Did anything change in terms of j_securitycheck / container managed security between these two versions of tomcat? What two versions? The only one you mention is 6.0.18; I don't think much changed between 6.0.18 and 6.0.18. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: invalid certificate
Also, you can have the browser 'install' the certificate from your self-signed system - and it will no longer give you the error. This is only useful if you _know_ the certificate is valid (as in, you are the one who created it). Otherwise, you get into some serious security issues if you just start 'installing' certificates where you don't know the Certifying Authority. -- Robin D. Wilson Director of Web Development KingsIsle Entertainment, Inc. WORK: 512-623-5913 CELL: 512-426-3929 www.KingsIsle.com -Original Message- From: Peter Crowther [mailto:peter.crowt...@melandra.com] Sent: Wednesday, May 06, 2009 6:55 AM To: 'Tomcat Users List' Subject: RE: invalid certificate From: Melanie Pfefer [mailto:melanie_pfe...@yahoo.co.uk] So you mean this error cannot be fixed? All self-signed certificates have this problem when a browser accesses the page using ssl? If the browser doesn't trust the root certificate that certifies the self-signed cert, it will give at least a warning and in some cases an error. This is a good thing, as otherwise I could create a self-signed certificate that said my web server was https://www.paypal.com, trick your browser into visiting my server, and you wouldn't see a warning. Think of a certificate as being ID for that web server. A certificate signed by a root certificate authority (CA) that's trusted by the browser is like a passport - slow and expensive to get, but almost everybody trusts it as ID. A self-signed certificate is like a letter you've signed as proof of your own identity - fast and cheap to get, but not very good for proving who you are. Is your web application being used on the Internet, or within the company? If it's on the Internet, you really don't have a choice - if you want SSL and no warnings, you'll have to get a certificate signed by a well-known certificate authority, and you'll have to pay the money for that. If it's on your internal network, the alternative is to add your company root CA to the browsers' trust list, then use an internally-generated cert. You still can't use a *self-signed* cert as they're always one-offs, but you can generate one from your company CA if you have it. Clearly if you don't have a company CA, you can't do this! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: what is mod_jk parameter connection_pool_timeout in mod_proxy / mod_proxy_ajp / apache httpd?
On 06.05.2009 16:37, Arne Riecken wrote: Thank You very much, that seems to be the point for me. With mpm-prefork there is only one connection and if that cannot be closed due to timeout, I have a problem with firewall dropping. I posted already on this list on howto configure ajp keepalive, as an alternative. But on the other hand it seems not to be very wise to hold every connection open forever? I think we The problem with keep alive is, that it is not enough to configure the application (mod_proxy) to set the keep-live socket option for each backend connection. You also have to tune your tcp stack on the apache system to reduce the time interval the system waits, before it starts to send the keep alive packets. Usually this time interval is 2 hours and thus to long for most firewalls. will use the Apache that comes with the distribution, and that's 2.2.9, su upgrading is not an option. So I think we switch back to mod_jk. Although of course I like people using mod_jk, you could also compile mod_proxy and mod_proxy_* from a newer Apache httpd version against your 2.2.9 and only exchange the proxy modules. This should work, at least I'm not aware of any module API incompatibilities. It might be somewaht more tedious to find out how to do this exactly, than to build mod_jk, because for mod_jk the build is always done against an already installed Apache httpd. Regards, Rainer 2009/5/6 Rainer Jung rainer.j...@kippdata.de Not 100% sure, whether this is part of the problem, but the changelog contains: Changes with Apache 2.2.10 *) Allow for smax to be 0 for balancer members so that all idle connections are able to be dropped should they exceed ttl. PR 43371 [Phil Endecott spam_from_apache_bugzilla chezphil.org, Jim Jagielski] Since mod_proxy_ajp and mod_proxy_balancer are rapidly improving, seriously try the latest (2.2.11). Regards, Rainer On 06.05.2009 14:41, Arne Riecken wrote: I need to either close the ajp connections or send keepalive messages because there is a firewall with a timeout of 1h between the mod_proxy_ajp (Apache 2.2.9) and the JBoss Server with ajp connector and Valve className=org.jboss.web.tomcat.service.jca.CachedConnectionValve cachedConnectionManagerObjectName=jboss.jca:service=CachedConnectionManager transactionManagerObjectName=jboss:service=TransactionManager / in server.xml. Setting BalancerMember ajp://hostname status=-H ping=3 smax=0 ttl=600 did not help, even setting disablereuse did not help. After 1h idle time the connections are broken. A restart of the Apache solves the problem. Apache error log: [Wed May 06 08:45:20 2009] [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive hea der [Wed May 06 08:45:20 2009] [error] ajp_read_header: ajp_ilink_receive failed [Wed May 06 08:45:20 2009] [error] (120006)APR does not understand this error code: proxy: read response failed from x.x.x.x:8009 (x.x.x.x) 2009/4/27 Rainer Jung rainer.j...@kippdata.de Because I use mpm-prefork as mentioned, default smax=max=1. Does it make sense to set smax to 0 to get a ttl for the one and only connection? I would say yes, it does make sense. So zero connections will be created on demand? Is it bad not to have a ttl for the one and only connection? When will that connection be closed without ttl? When Tomcat connectionTimeout triggers? Yes, but then you rely on httpd to correctly detect the closed connection. Usually you do that via activating cping/cpong. I would use a ttl value as a kind of double safety net. Whether closing idle connections or not is also related to - what kind of connection pool is the backend using (relation to backend threads, and how precious your thread resources are) - are there other systems influencing idle connections between the web server and the backend (like a firewall dropping idle connections) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Using Multiple JVM instances
Hi Chuck, The jakarta_service_20090505.log was just saying 'Attempting to start the service'. Anyway I figured out the problem. The JMX remoting port was the same in both the JVMs which was causing the issue where no 2 JVMs could run in parallel. Lesson learnt : When running multiple JVMs on the same machine, all port numbers should be mutullay exclusive. Caldarale, Charles R wrote: From: kareem_s_m [mailto:kareemud...@gmail.com] Subject: RE: Using Multiple JVM instances But nothing is written to them That's not what your screenshot shows: the jakarta_service_20090505.log file for JVM2 has a non-zero size. What's in it? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Using-Multiple-JVM-instances-tp23394165p2349.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Requesting a SSL client certificate using ACTION_REQ_SSL_CERTIFICATE
Hello. I have a specific page in my site that uses ssl client certificates for authentication and the application itself does the cert validation. As the rest of the site does not use them I have clientAuth=false in my connector otherwise the browsers keep asking for client certificates. I installed a custom security provider to accept all certificates and built a Valve that requests a SSL renegotiation to try and get a certificate: req.getCoyoteRequest().action(ActionCode.ACTION_REQ_SSL_CERTIFICATE, null); Using APR no certificate is requested from the client (probably because of bug 46950). Without APR a SSL renegotiation occurs and a certificate is requested. If a certificate is presented everything works fine and my application sees it, if the client does not send a certificate the connection is promptly closed and the request never makes it to my application to display some kind of error message. This exception is printed to the logs: javax.net.ssl.SSLProtocolException: handshake alert: no_certificate at com .sun .net .ssl .internal.ssl.ServerHandshaker.handshakeAlert(ServerHandshaker.java: 1167) at com .sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java: 1675) at com .sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java: 932) at com .sun .net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java: 746) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75) at java.io.InputStream.read(InputStream.java:85) at org.apache.tomcat.util.net.jsse.JSSESupport.handShake(JSSESupport.java: 162) at org .apache .tomcat .util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:138) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java: 1099) at org.apache.coyote.Request.action(Request.java:350) at pt.sapo.tomcat.valve.SSLClientRequestor.invoke(SSLClientRequestor.java: 31) This happens because the code in JSSESupport::handshake() sets the needClientAuth flag when clientAuth != want: if( ssl.getWantClientAuth() ) { log.debug(No client cert sent for want); } else { ssl.setNeedClientAuth(true); } If I set clientAuth=want in my connector this process works but then the browser always asks for a certificate which is not what I want. Wouldn't it be better to just set the want flag in the SSLSocket instead of need? Best regards, André Cruz
Tomcat generate pages with links like /image/hotel3455.jpg;jsessionid=0D42C72326D97D8E32C950562B8DDA46
Hi. My tomcat periodically generate pages with links like /image/hotel3455.jpg;jsessionid=0D42C72326D97D8E32C950562B8DDA46 And send me cookie with JSESSIONID even for images request http://mysite.com//image/hotel3455.jpg. Is this ok? How can i prevent session generation for static content kind of images? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Cluster session sync question (from documentation)
I have a question about the section from the documentation below: Distributed locking and pages using frames Tomcat does not keep session instances in sync across the cluster. The implementation of such logic would be to much overhead and cause all kinds of problems. If your client accesses the same session simultanously using multiple requests, then the last request will override the other sessions in the cluster. How, for example, would a client be able to access the same session simultaneously? (Because for non-simultaneous requests, wouldn't each request's changes to the session be replicated to all nodes in the cluster before the next request?) Could someone give examples of the unwanted consequences of this overriding of existing sessions from new requests? I'm just not really wrapping my head around this. Thanks. -- View this message in context: http://www.nabble.com/Cluster-session-sync-question-%28from-documentation%29-tp23411578p23411578.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jk-to-tomcat multiple retries
We were finally allowed to upgrade to Tomcat 5.5.27 and that seemed to have done away with the symptoms (I'm reluctant so say that upgrading fixed the problem, since I don't even know what it was in the first place ;-) Thanks for the help, everyone. d. The chunk length message seems pretty weird. Looks like a protocol corruption. Those indicate, that you should really try a TC update. Concerining your restriction can't update before any other options are exhausted: there will never be any other options exhausted. But after some options are taken, the rest get more and more expensive, risky and with a low chance of success. To me this look likes some weird error condition in Tomcat has hit an obscure bug in JK whereby it doesn't clear the response buffer between retries. Has anyone encountered this issue before or is just willing to land a helping hand in troubleshooting? Not encountered this before, and I think noone reported a similar observation. Concerning retries: Could you provide your full configuration (e.g. retries for an ajp13 worker is something very different from retries of a load balancer worker). Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jk-to-tomcat multiple retries
Thanks for letting us know. On 06.05.2009 19:32, Dmitry Beransky wrote: We were finally allowed to upgrade to Tomcat 5.5.27 and that seemed to have done away with the symptoms (I'm reluctant so say that upgrading fixed the problem, since I don't even know what it was in the first place ;-) Thanks for the help, everyone. d. The chunk length message seems pretty weird. Looks like a protocol corruption. Those indicate, that you should really try a TC update. Concerining your restriction can't update before any other options are exhausted: there will never be any other options exhausted. But after some options are taken, the rest get more and more expensive, risky and with a low chance of success. To me this look likes some weird error condition in Tomcat has hit an obscure bug in JK whereby it doesn't clear the response buffer between retries. Has anyone encountered this issue before or is just willing to land a helping hand in troubleshooting? Not encountered this before, and I think noone reported a similar observation. Concerning retries: Could you provide your full configuration (e.g. retries for an ajp13 worker is something very different from retries of a load balancer worker). Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: IIS 6 Tomcat Connector isapi_redirect-1.2.28.dll not being called 404 2 1260 error
Hello Leo: Thanks for the suggestion. There is no other program listening on the port. Take care, Dianne -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Tuesday, May 05, 2009 6:51 PM To: 'Tomcat Users List' Subject: RE: IIS 6 Tomcat Connector isapi_redirect-1.2.28.dll not being called 404 2 1260 error Just a thought. By chance do you have another tomcat running on this server that would be listening on port 8009 or some other web server/container? Something installed via 3rd party maybe, like a disk management web app or the like? I had this problem once, then realized that we had a 3rd party app using an embedded tomcat that was already listening on port 8009. If that is your case, then you'll have to change your tomcat to listen on some other port than 8009. Leo -Original Message- From: FOREBACK Dianne [mailto:dianne.foreb...@na.vallourec.com] Sent: Monday, May 04, 2009 2:09 PM To: 'Tomcat Users List' Subject: RE: IIS 6 Tomcat Connector isapi_redirect-1.2.28.dll not being called 404 2 1260 error I also deleted the registry keys for this setup, deleted the virtual directory, took off the web extensions, removed the filter and tried setting up again. Still no progress. Thank you very much for the reply. I have followed the instructions including step 9. The IIS default website is not in the default IIS location. Wondering if this causes a problem? Thanks again, Dianne -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Sunday, May 03, 2009 6:22 PM To: Tomcat Users List Subject: Re: IIS 6 Tomcat Connector isapi_redirect-1.2.28.dll not being called 404 2 1260 error On 01.05.2009 22:46, FOREBACK Dianne wrote: I cannot get IIS 6 to use the Tomcat connector to redirect requests. I followed the directions in http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html configuring the registry by hand. This should be a relatively simple task but I am obviously overlooking something. The following environment is being used, Tomcat 6.0, JDK 6.0.18, JRE 1.6.0_13, Apache Tomcat Connectors isapi_redirect-1.2.28.dll which I downloaded and did not rebuild, IIS 6 on Windows Server 2003. I've triple checked the registry settings and can open every single directory. The isapi.log file is not being created. (It appears that the dll is not being called.) Yes, as long as the log file is not created when you try to access a URL on the web server, the plugin is not loaded. The filter does show as being loaded (green) with high priority. IIS log file gives a 404 error. Tomcat is working fine. The uriworkermap.properties contains the following entries and I've tried testing a .jsp example going through the IIS port. It does pull up when I use Tomcat directly. /localhost/examples/*=ajp13 /localhost/examples=ajp13 The workers.properties file contains worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 I've searched and am at a loss. Any help is very much appreciated. Did you also follow all steps under Configuring the ISAPI Redirector on the documentation page you used? Including step 9 (allowing the web service extension)? Page http://tomcat.apache.org/connectors-doc/reference/iis.html; also contains a simplified way of setting the redirector properties without using the registry: put a file isapi_redirect.properties into the same directory, where your isapi_redirect.dll resides (the file name needs to be the same as that of the dll except for the suffix). The docs page describes its contents. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This e-mail, and any files transmitted with it, may contain confidential and/or privileged material and is intended only for the person or entity to which it is addressed. If you are not the intended recipient, any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information is prohibited. If you have received this email in error, please notify the sender immediately and delete this material from all known records. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This e-mail, and any files transmitted with it, may contain confidential and/or privileged material and is intended only for the person or entity to which it is addressed. If you are not the intended recipient, any
RE: Tomcat generate pages with links like /image/hotel3455.jpg;jsessionid=0D42C72326D97D8E32C950562B8DDA46
From: J Channel [mailto:jchann...@gmail.com] Subject: Tomcat generate pages with links like /image/hotel3455.jpg;jsessionid=0D42C72326D97D8E32C950562B8DDA46 My tomcat periodically generate pages with links like /image/hotel3455.jpg;jsessionid=0D42C72326D97D8E32C950562B8DDA46 And send me cookie with JSESSIONID even for images request http://mysite.com//image/hotel3455.jpg. Is this ok? Yup - that's fine; works as designed. How can i prevent session generation for static content kind of images? Just because content is static doesn't necessarily mean it's public, so the session id is required. Why do you care? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cluster session sync question (from documentation)
From: lightbulb432 [mailto:veerukrish...@hotmail.com] Subject: Cluster session sync question (from documentation) How, for example, would a client be able to access the same session simultaneously? If a page includes multiple resources (e.g., frames, pictures), a browser will normally generate at least two requests in parallel for those resources. If those parallel requests are for dynamic content, it's up to the servlets involved to synchronize updates to the common session object. That's relatively easy in a non-clustered environment, but much trickier with clustering - unless using sticky sessions in your load balancer. With sticky sessions configured in your load balancer, the concurrent request problem devolves to the same one you already have in a non-clustered environment. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cluster session sync question (from documentation)
Let me see if I understand this correctly, in the case of non-sticky sessions. Request 1 goes to node 1. Am I correct in saying that as long as Request 2 reaches node 2 before the session from node 1 has fully replicated over, the the inconsistent session problem exists? Am I also correct in thinking that depending on the order of replication completion (whether the session from node 1 replicates over to node 2 first or vice-versa), the session that persists would be either the session from node 1 or from node 2, but absolutely not both? Since it seems that sticky sessions are the way to go to ensure greater application consistency, this leads to the question that with all the benefits of sticky sessions, using what criteria would anyone decide against using them? What's the tradeoff here? Thanks. Caldarale, Charles R wrote: From: lightbulb432 [mailto:veerukrish...@hotmail.com] Subject: Cluster session sync question (from documentation) How, for example, would a client be able to access the same session simultaneously? If a page includes multiple resources (e.g., frames, pictures), a browser will normally generate at least two requests in parallel for those resources. If those parallel requests are for dynamic content, it's up to the servlets involved to synchronize updates to the common session object. That's relatively easy in a non-clustered environment, but much trickier with clustering - unless using sticky sessions in your load balancer. With sticky sessions configured in your load balancer, the concurrent request problem devolves to the same one you already have in a non-clustered environment. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Cluster-session-sync-question-%28from-documentation%29-tp23411578p23413085.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cluster session sync question (from documentation)
From: lightbulb432 [mailto:veerukrish...@hotmail.com] Subject: RE: Cluster session sync question (from documentation) Request 1 goes to node 1. Am I correct in saying that as long as Request 2 reaches node 2 before the session from node 1 has fully replicated over, the the inconsistent session problem exists? That's my understanding - which is why the doc says to use sticky sessions. the session that persists would be either the session from node 1 or from node 2, but absolutely not both? Correct. using what criteria would anyone decide against using them? What's the tradeoff here? Potential performance imbalance is the only thing I can think of. If one of your clients creates a lot of requests, they'll all have to be processed on a single node, leaving the others relatively idle. I doubt that this is much of a concern in the real world. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to make request parameters available to a login.jsp?
I've suggested a patch to issues.apache.org which might be helpful if Sid wants to implement his own Valve. My patch is a new valve, which diverts the call to a pre-defined URL if j_security_check is called (I had to circumvent the fact that after j_security_check Tomcat is always forwarding to the last request being stored - that doesn't work when dealing i.e. with frames. The benefit for the OP: Since it's a Valve, it's pretty easy to evaluate the url originally requested - not sure, if the parameters are in there but I believe so. Since this Valve is pretty straight forward and lean, it shouldn't be a problem to adapt it so that it might meet Sid's needs. You can find the patch here: https://issues.apache.org/bugzilla/show_bug.cgi?id=46902 Cheers Gregor -- just because your paranoid, doesn't mean they're not after you... gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 @ http://pgp.mit.edu:11371/ skype:rc46fi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cluster session sync question (from documentation)
I just thought of something with regards to multiple requests from a given page - let's assume the browser doesn't generate multiple requests for dynamic content by way of frames or images. Are AJAX requests treated any differently from regular requests, whereby multiple AJAX requests from one page would somehow always be routed to one node even in the absence of sticky sessions? (Or could all those AJAX requests still end up modifying different session instances on different nodes, even though all requests were from the same page? Because that's a very likely scenario for most rich web applications these days.) I ask this out of curiosity, I suppose - after all, it seems like sticky sessions are the way to go and that would preclude the above issue completely. Caldarale, Charles R wrote: From: lightbulb432 [mailto:veerukrish...@hotmail.com] Subject: RE: Cluster session sync question (from documentation) Request 1 goes to node 1. Am I correct in saying that as long as Request 2 reaches node 2 before the session from node 1 has fully replicated over, the the inconsistent session problem exists? That's my understanding - which is why the doc says to use sticky sessions. the session that persists would be either the session from node 1 or from node 2, but absolutely not both? Correct. using what criteria would anyone decide against using them? What's the tradeoff here? Potential performance imbalance is the only thing I can think of. If one of your clients creates a lot of requests, they'll all have to be processed on a single node, leaving the others relatively idle. I doubt that this is much of a concern in the real world. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Cluster-session-sync-question-%28from-documentation%29-tp23411578p23413346.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Form-based Container Security with SSL
Hi, We had a small web application on tomcat 5.5. We use tomcat realm (MD5 digest) with the form-based login. I have a few questions on this. 1. When we use http, does the form-based login page send the username and password plainly or in the digested form? 2. We set up the ssl in 8443 port. All links in our application are relative link without the specified scheme. So currently all the links (including login page) go either through normal http or encrypted https. Is there anyway to limit the ssl only for the login page alone and make sure login page always go through ssl? Rest pages are really fairly low-risk stuff and we do not worry about the leak on them. Our site (http://sulfite.lis.illinois.edu:8080/InformProjectDev, https://sulfite.lis.illinois.edu:8443/InformProjectDev) Thanks. Sincerely Zhu, Guojun - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cluster session sync question (from documentation)
From: lightbulb432 [mailto:veerukrish...@hotmail.com] Subject: RE: Cluster session sync question (from documentation) Are AJAX requests treated any differently from regular requests, whereby multiple AJAX requests from one page would somehow always be routed to one node even in the absence of sticky sessions? The routing is strictly up to the load balancer - the client only knows one IP:port address (the LB), and the nodes behind the LB can't reroute requests (or at least can't reroute them easily). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Cluster session sync question (from documentation)
Caldarale, Charles R wrote: From: lightbulb432 [mailto:veerukrish...@hotmail.com] Subject: RE: Cluster session sync question (from documentation) Request 1 goes to node 1. Am I correct in saying that as long as Request 2 reaches node 2 before the session from node 1 has fully replicated over, the the inconsistent session problem exists? That's my understanding - which is why the doc says to use sticky sessions. the session that persists would be either the session from node 1 or from node 2, but absolutely not both? Correct. using what criteria would anyone decide against using them? What's the tradeoff here? Potential performance imbalance is the only thing I can think of. If one of your clients creates a lot of requests, they'll all have to be processed on a single node, leaving the others relatively idle. I doubt that this is much of a concern in the real world. I can think of another : by using sticky sessions, you are forcing the load-balancer to keep track of which session belongs to which back-end, and to look up this table at each request. I could imagine that this could get tiresome.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Weekly restart of Tomcat service
We currently have a 3rd party application that isn't stable and we have to restart Tomcat at least once a week to keep the application running. We have nagged the 3rd party vendor so much about other application fixes that asking them to fix this would require some information and statistics that indicate it is a coding or configuration issue. Has anyone had any experience in regards to gathering performance stats for Tomcat or can you help me determine the best way to get the information I need to give to the vendor? I would appreciate any advice or help I can get. Signed, DBA, not the server admin and the only one willing to dive into the issue to find a solution. Brandy Jack I/S Dept Database Management ofc: (918) 615-7743 cel: (918) 527-4027 The information in this e-mail from QuikTrip Corporation is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying is strictly prohibited. If you receive this e-mail in error, please immediately notify the sender via reply e-mail and delete this communication. QuikTrip Corporation
Re: Weekly restart of Tomcat service
On Wed, May 6, 2009 at 1:35 PM, Jack, Brandy bj...@quiktrip.com wrote: We currently have a 3rd party application that isn't stable and we have to restart Tomcat at least once a week to keep the application running. We have nagged the 3rd party vendor so much about other application fixes that asking them to fix this would require some information and statistics that indicate it is a coding or configuration issue. What happens if you /don't/ restart? Aren't there log messages that would be enough to convince them there's a problem? Has anyone had any experience in regards to gathering performance stats for Tomcat Here's one from lambdaprobe running on my production server (on Tomcat 6.0.x) -- UP for 328 days 19 hours 34 minutes One example of *not* requiring weekly restarts :-) FWIW, -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Weekly restart of Tomcat service
If we don't restart, the users cannot access the application. It is java based (I think) and they blame it on the SQL server (of course) which is an entirely different server. I am looking in the tomcat log files from days past. But I'm not sure which log files contain the errors I should be looking for. Is it the catalina files or the stderr files? Brandy Jack I/S Dept Database Management ofc: (918) 615-7743 cel: (918) 527-4027 -Original Message- From: Hassan Schroeder [mailto:hassan.schroe...@gmail.com] Sent: Wednesday, May 06, 2009 3:49 PM To: Tomcat Users List Subject: Re: Weekly restart of Tomcat service On Wed, May 6, 2009 at 1:35 PM, Jack, Brandy bj...@quiktrip.com wrote: We currently have a 3rd party application that isn't stable and we have to restart Tomcat at least once a week to keep the application running. We have nagged the 3rd party vendor so much about other application fixes that asking them to fix this would require some information and statistics that indicate it is a coding or configuration issue. What happens if you /don't/ restart? Aren't there log messages that would be enough to convince them there's a problem? Has anyone had any experience in regards to gathering performance stats for Tomcat Here's one from lambdaprobe running on my production server (on Tomcat 6.0.x) -- UP for 328 days 19 hours 34 minutes One example of *not* requiring weekly restarts :-) FWIW, -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information in this e-mail from QuikTrip Corporation is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying is strictly prohibited. If you receive this e-mail in error, please immediately notify the sender via reply e-mail and delete this communication. QuikTrip Corporation - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Configuration in Eclipse
Interesting Things are happening with my Tomcat. Points to Note: 1. I am installing tomcat version 6.x and than running it by clicking startup.bat file and it is running fine as when I check in browser typing http://localhost:8080/ it shows me the Apache Foundation Welcome pages saying that Installation works fine. 2. Interesting thing to note is that when I stop my server using shutdown.bat file than it work fine but now if I start my server using eclipse than it starts but when I go to browser to check Apache Foundation Welcome Page than it is not there and I get message as under and it is confusing. Apache Tomcat/6.0.18 - Error report Apache Tomcat/6.0.18 - Error report HTTP Status 404 - / -- *type* Status report *message* */* *description* *The requested resource (/) is not available.* -- Apache Tomcat/6.0.18 Any guidance would be appreciated. On Wed, May 6, 2009 at 12:37 AM, André Warnier a...@ice-sa.com wrote: ados1...@gmail.com wrote: It appears apparent that Tomcat is running as a service on my Windows. Right-click on the My computer icon and choose Manage In the panel that appears, navigate to services (on the left side) When you click on that, on the right side appears a list of services installed on your PC. In that list, you should find Apache Tomcat. Right-click on that item, and in the pop-up menu, choose stop.(*) That should stop the service. Now right-click on the item again, and choose Properties. One of those properties is startup, which gives you a choice of automatic, Manual or disabled. Pick Manual. Now Tomcat will not start automatically anymore at each reboot. If you want it to run later as a service, there are 2 ways : - either follow the procedure above again, and instead of stop (at the place marked by *) choose start. - or, open a command window, and enter : net start Apache Tomcat Another tip : If you open a command window, and enter just net start, you will get a list of running services, with their names according to Windows. The name that appears as Apache Tomcatxxx is the name to use with these net start and net stop commands. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Cluster session sync question (from documentation)
AJAX requests would each be treated as separate requests - and (unless you are using sticky sessions) they could get routed to any node. They could also fire off independently within the code javascript code on the page - depending on how they are coded. -- Robin D. Wilson Director of Web Development KingsIsle Entertainment, Inc. WORK: 512-623-5913 CELL: 512-426-3929 www.KingsIsle.com -Original Message- From: lightbulb432 [mailto:veerukrish...@hotmail.com] Sent: Wednesday, May 06, 2009 2:04 PM To: users@tomcat.apache.org Subject: RE: Cluster session sync question (from documentation) I just thought of something with regards to multiple requests from a given page - let's assume the browser doesn't generate multiple requests for dynamic content by way of frames or images. Are AJAX requests treated any differently from regular requests, whereby multiple AJAX requests from one page would somehow always be routed to one node even in the absence of sticky sessions? (Or could all those AJAX requests still end up modifying different session instances on different nodes, even though all requests were from the same page? Because that's a very likely scenario for most rich web applications these days.) I ask this out of curiosity, I suppose - after all, it seems like sticky sessions are the way to go and that would preclude the above issue completely. Caldarale, Charles R wrote: From: lightbulb432 [mailto:veerukrish...@hotmail.com] Subject: RE: Cluster session sync question (from documentation) Request 1 goes to node 1. Am I correct in saying that as long as Request 2 reaches node 2 before the session from node 1 has fully replicated over, the the inconsistent session problem exists? That's my understanding - which is why the doc says to use sticky sessions. the session that persists would be either the session from node 1 or from node 2, but absolutely not both? Correct. using what criteria would anyone decide against using them? What's the tradeoff here? Potential performance imbalance is the only thing I can think of. If one of your clients creates a lot of requests, they'll all have to be processed on a single node, leaving the others relatively idle. I doubt that this is much of a concern in the real world. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Cluster-session-sync-question-%28from-documentation%29-tp23411578p23413346.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Weekly restart of Tomcat service
On Wed, May 6, 2009 at 1:52 PM, Jack, Brandy bj...@quiktrip.com wrote: If we don't restart, the users cannot access the application. They get a 404, or ___? It is java based (I think) and they blame it on the SQL server (of course) which is an entirely different server. If I were you I'd install Lambda Probe http://www.lambdaprobe.org/d/index.htm and use it to follow DB connection pool and memory usage, etc. at least. An exhausted connection pool can make it seem like the app has simply stopped... I am looking in the tomcat log files from days past. But I'm not sure which log files contain the errors I should be looking for. Is it the catalina files or the stderr files? Depends on how logging is set up, which is pretty flexible. Do tail -f on all of the ones with current timestamps and wait for the app to go to sleep again :-) FWIW, -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Weekly restart of Tomcat service
From: Jack, Brandy [mailto:bj...@quiktrip.com] Subject: RE: Weekly restart of Tomcat service If we don't restart, the users cannot access the application. If you can reproduce the problem in a test environment, that would help. Regardless, take a thread dump of Tomcat when the situation occurs; the mechanism to do so varies by platform and JVM (you didn't bother to tell us that, or even the version of Tomcat you're using). On a reasonable recent JVM, the easiest way to get a thread dump is with the jstack tool from the JDK. But I'm not sure which log files contain the errors I should be looking for. Any and all of them may contain useful information. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Weekly restart of Tomcat service
Sorry, I'm new to this. The tomcat version seems to be 5.5.26. It is running on Windows Server 2003 SP2. Can I get a thread dump from the command line on the server? Brandy Jack I/S Dept Database Management ofc: (918) 615-7743 cel: (918) 527-4027 -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Wednesday, May 06, 2009 4:35 PM To: Tomcat Users List Subject: RE: Weekly restart of Tomcat service From: Jack, Brandy [mailto:bj...@quiktrip.com] Subject: RE: Weekly restart of Tomcat service If we don't restart, the users cannot access the application. If you can reproduce the problem in a test environment, that would help. Regardless, take a thread dump of Tomcat when the situation occurs; the mechanism to do so varies by platform and JVM (you didn't bother to tell us that, or even the version of Tomcat you're using). On a reasonable recent JVM, the easiest way to get a thread dump is with the jstack tool from the JDK. But I'm not sure which log files contain the errors I should be looking for. Any and all of them may contain useful information. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information in this e-mail from QuikTrip Corporation is confidential and may be legally privileged. It is intended solely for the addressee. Access to this e-mail by anyone else is unauthorized. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing or copying is strictly prohibited. If you receive this e-mail in error, please immediately notify the sender via reply e-mail and delete this communication. QuikTrip Corporation - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Connector Issue - Tomcat 6.0/IIS 6.0
Following are the versions of software I have installed on Windows2003 Server SP2 Tomcat-6.0.18 Java - Version 6 Update 13 IIS - 6.0 Tomcat Connector - 1.2.28 I have done the configuration consulting the tomcat site.Here is how isapi_redirect.properties looks like: extension_uri=/jakarta/isapi_redirect.dll log_file=c:\Tomcat\logs\iis_redirect.log log_level=debug worker_file=C:\Tomcat\conf\workers.properties worker_mount_file=C:\Tomcat\conf\uriworkermap.properties Workers.properties worker.list=ajp13 worker.ajp13.host=localhost worker.ajp13.port = 8009 worker.ajp13.type = ajp13 uriworkermap.properties /examples/*=ajp13 When I try to access a jsp page using IIS(http://localhost/examples/jsp/jsp2/el/basic-arithmetic.jsp) I get a Http Status 404 eror from Tomcat The IIS_Redirect log with 400 error is here(I am just pasting a few lines that are relevant, the redirect calls happen fine) [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_util.c (455): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S.000 %Y] ' [Wed May 06 16:31:04.662 2009] [9352:9452] [info] jk_isapi_plugin.c (2398): Starting Jakarta/ISAPI/isapi_redirector/1.2.28 [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2416): Detected IIS version 6.0 [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2418): Using ini file C:\Tomcat\ISAPI\isapi_redirect.properties. [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2424): Using log file c:\Tomcat\logs\iis_redirect.log. [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2425): Using log level 1. [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2426): Using extension uri /jakarta/isapi_redirect.dll. [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2427): Using worker file C:\Tomcat\conf\workers.properties. [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2428): Using worker mount file C:\Tomcat\conf\uriworkermap.properties. [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2430): Using rewrite rule file . [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2432): Using uri select 3. [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2433): Using no chunked encoding. ... [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_map.c (490): Adding property '/examples/*' with value 'ajp13' to map. [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_uri_worker_map.c (1101): Loading urimaps from C:\Tomcat\conf\uriworkermap.properties with reload check interval 60 seconds [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_uri_worker_map.c (719): wildchar rule '/examples/*=ajp13' source 'uriworkermap' was added [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_uri_worker_map.c (171): [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_worker.c (242): creating worker ajp13 [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_worker.c (146): about to create instance ajp13 of ajp13 ... [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_uri_worker_map.c (171): uri map dump after extension stripping: index=0 file='C:\Tomcat\conf\uriworkermap.properties' reject_unsafe=0 reload=60 modified=1241645359 checked=1241645464 [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_uri_worker_map.c (176): generation 0: size=0 nosize=0 capacity=0 .. [Wed May 06 16:31:04.677 2009] [9352:9452] [debug] jk_ajp_common.c (2246): processing ajp13 with 2 retries [Wed May 06 16:31:04.677 2009] [9352:9452] [debug] jk_ajp_common.c (1461): (ajp13) all endpoints are disconnected. ... [Wed May 06 16:31:04.677 2009] [9352:9452] [debug] jk_ajp_common.c (1217): received from ajp13 pos=0 len=82 max=8192 ... [Wed May 06 16:31:04.662 2009] [9352:9452] [debug] jk_isapi_plugin.c (2060): [/jakarta/isapi_redirect.dll] is not a servlet url . [Wed May 06 16:31:04.677 2009] [9352:9452] [debug] jk_ajp_common.c (660): status = 404 [Wed May 06 16:31:04.677 2009] [9352:9452] [debug] jk_ajp_common.c (1806): AJP13 protocol: Reuse is OK [Wed May 06 16:31:04.677 2009] [9352:9452] [debug] jk_isapi_plugin.c (2189): service() returned OK [Wed May 06 16:31:04.677 2009] [9352:9452] [debug] jk_ajp_common.c (743): (ajp13) resetting endpoint with sd = 620 [Wed May 06 16:31:04.677 2009] [9352:9452] [debug] jk_ajp_common.c (2850): recycling connection pool slot=0 for worker ajp13 The IIS log from W3SVC shows that the get was o.k.(Code 200) #Software: Microsoft Internet Information Services 6.0 #Version: 1.0 #Date: 2009-05-06 21:31:04 #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2009-05-06 21:31:04 W3SVC1 127.0.0.1 GET /examples/jsp/jsp2/el/basic-arithmetic.jsp - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.4506.2152;+.NET+CLR+3.5.30729) 200 0 0
Tomcat DBCP: Getting java.sql.SQLException: Closed Statement
We are getting below exception in production randomly..Using Spring(2.5) JDBC for all our DB related functionality.We don't handle any DB resources directly.everything thru Spring JDBC template. This app was running fine in Weblogic but after migrating to Tomcat 6+ DBCP we are seeing the below exception. We also looked our code base for any threading or concurrency issues..we were not able spot any issues. I have observed one more thing..why checkOpen in DelegatingPreparedStatement didn't catch this but OracleStatement thinks the statement is closed. If anbody else faced this issue before please share your solutions. Caused by: org.springframework.jdbc.UncategorizedSQLException: PreparedStatementCallback; uncategorized SQLException for SQL [INSERT INTO AUDIT_TRAIL ( DEAL_ID , AUDIT_TRAIL_ID ) VALUES ( ?,? ) ]; SQL state [null]; error code [17009]; Closed Statement; nested exception is java.sql.SQLException: Closed Statement at org.springframework.jdbc.support.SQLStateSQLExceptionTranslator.translate(SQLStateSQLExceptionTranslator.java:124) at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.translate(SQLErrorCodeSQLExceptionTranslator.java:322) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:607) at org.springframework.jdbc.core.JdbcTemplate.update(JdbcTemplate.java:792) at org.springframework.jdbc.core.JdbcTemplate.update(JdbcTemplate.java:815) at org.springframework.jdbc.object.SqlUpdate.update(SqlUpdate.java:168) at com.dao.DealXAuditTrailDaoBase.insertDealXAuditTrailVoBase(Unknown Source) at com.deal.DealTO.insertAuditTrail(DealTO.java:183) at com.deal.DealTO.processAuditTrail(DealTO.java:168) at com.deal.DealTO.update(DealTO.java:110) at com.deal.DealTO$$FastClassByCGLIB$$fba55fe6.invoke(generated) at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149) at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:700) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149) at com.businessrules.SpexBusinessRuleValidator.invoke(SpexBusinessRuleValidator.java:64) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:106) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:635) at com.deal.DealTO$$EnhancerByCGLIB$$54d9c9a4.update(generated) at com.entity.EntityGeneralInfoController.copyFieldsToDeal(EntityGeneralInfoController.java:1158) at com.entity.EntityGeneralInfoController.doSave(EntityGeneralInfoController.java:429) ... 30 more Caused by: java.sql.SQLException: Closed Statement at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:125) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:162) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:227) at oracle.jdbc.driver.OracleStatement.ensureOpen(OracleStatement.java:3249) at oracle.jdbc.driver.OraclePreparedStatement.executeInternal(OraclePreparedStatement.java:2867) at oracle.jdbc.driver.OraclePreparedStatement.executeUpdate(OraclePreparedStatement.java:2957) at org.apache.tomcat.dbcp.dbcp.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:102) at org.apache.tomcat.dbcp.dbcp.DelegatingPreparedStatement.executeUpdate(DelegatingPreparedStatement.java:102) at org.springframework.jdbc.core.JdbcTemplate$2.doInPreparedStatement(JdbcTemplate.java:798) at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:591) Resource name=oracleDS auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@x:1521:x username= password= initialSize=2 maxActive=30 maxIdle=30 maxWait=3000 minIdle=0 testOnBorrow=true testOnReturn=false testWhileIdle=false poolPreparedStatements=true maxOpenPreparedStatements=10 removedAbandoned=true removeAbandonedTimeout=60 logAbandoned=true validationQuery=select count(*) from dual/ -- View this message in context:
RE: Weekly restart of Tomcat service
From: Jack, Brandy [mailto:bj...@quiktrip.com] Subject: RE: Weekly restart of Tomcat service The tomcat version seems to be 5.5.26. It is running on Windows Server 2003 SP2. JVM version? Can I get a thread dump from the command line on the server? Yes, if you're running on a 1.5 or newer JVM, and have a JDK installed. Use jps to find the process id Tomcat is using, then jstack to take a thread dump. Taking a thread dump in a normally running situation will give you an idea of what things should look like, so you can compare it to what you get when the server becomes unresponsive. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Problem Accessing resource files in Tomcat 6.0.18
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jacob, On 5/6/2009 3:00 AM, Jacob Bergöö wrote: final Resource resource = iterator.next(); final Context cx = ContextFactory.getGlobal().enterContext(); final StringBuilder stringBuilder = new StringBuilder(); final String resourcePath = resource.getURI().getPath(); [...] Looks like you've been reading a Java Performance Tips book circa 1997. What's with all those final references, there? Or are you using a lot of anonymous classes? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoCOh8ACgkQ9CaO5/Lv0PDQmACdGcpsrEuRWUJqkWZwJ1sevwDr vBkAoJVoBS1MR44kPIjeKHJL5T4S917e =Brc7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat generate pages with links like /image/hotel3455.jpg;jsessionid=0D42C72326D97D8E32C950562B8DDA46
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 J, On 5/6/2009 1:20 PM, J Channel wrote: Hi. My tomcat periodically generate pages with links like /image/hotel3455.jpg;jsessionid=0D42C72326D97D8E32C950562B8DDA46 And send me cookie with JSESSIONID even for images request http://mysite.com//image/hotel3455.jpg. Is this ok? How can i prevent session generation for static content kind of images? It's not the jpg file that's generating the session, it's the JSP file you're using to reference it. Add session=false to your %...@page directive and these extra sessions should go away. If you're using a servlet instead, make sure you are calling request.getSession(false) and then checking for null if you are sometimes using sessions. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoCO+EACgkQ9CaO5/Lv0PA5wwCgrkjvrKh4iAi6QXN5rEJOkhcv rfgAn0jw7V2Z7rWLnvdzr0v7P3/qO5+T =bt9O -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Form-based Container Security with SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Guojun, On 5/6/2009 3:05 PM, Guojun Zhu wrote: We had a small web application on tomcat 5.5. We use tomcat realm (MD5 digest) with the form-based login. I have a few questions on this. 1. When we use http, does the form-based login page send the username and password plainly or in the digested form? Your web browser will send the credentials in cleartext. The only digest being used here is the one used to hash the password before it is checked against your database (all on the server side). If you want the password sent securely, you'll need to either use HTTPS or use DIGEST authentication, which uses HTTP Auth instead of forms. I prefer HTTPS + form over DIGEST, FWIW. 2. We set up the ssl in 8443 port. All links in our application are relative link without the specified scheme. So currently all the links (including login page) go either through normal http or encrypted https. Is there anyway to limit the ssl only for the login page alone and make sure login page always go through ssl? Rest pages are really fairly low-risk stuff and we do not worry about the leak on them. Are you comfortable with the possibility of session hijacking? If so, there is a way to do this that I outlined a few weeks ago. Hmm... I can't seem to find it in the archives; I'll give you the short-short version. Try something like this: web.xml: form-login-page/login.jsp/form-login-page ... security-constraint web-resource-collection url-pattern/login.jsp/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint security-constraint login.jsp: % Cookie mySessionCookie = ...; if(mySessionCookie.isSecure()) { // We don't want a secure session cookie. Kill it, // redirect to non-secure page and bounce back. session.invalidate(); response.sendRedirect(response.encodeRedirectURL(BOUNCE_PAGE)); } % Your bounce page should simply create a session and redirect to https://yourhost/login.jsp. You should probably create a filter that watches every URL except your login page and drives everything back to HTTP if it finds HTTPS in use. This may interfere with the container's ability to store and re-play requests for protected resources /after/ a successful login. YMMV. If you can't get it working using this suggestion, feel free to hire me to do it for you ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoCPzoACgkQ9CaO5/Lv0PAPnwCcC9jIfZ9oc60imAgaw01sfcjJ MlEAoIsyPZ9f6dXGo5IInzLXOMxh7vs0 =9YPw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to make request parameters available to a login.jsp?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gregor, On 5/6/2009 2:56 PM, Gregor Schneider wrote: I've suggested a patch to issues.apache.org which might be helpful if Sid wants to implement his own Valve. My patch is a new valve, which diverts the call to a pre-defined URL if j_security_check is called (I had to circumvent the fact that after j_security_check Tomcat is always forwarding to the last request being stored - that doesn't work when dealing i.e. with frames. I'm confused about some of your code (please forgive any formatting problems): + if (started) { + + [SNIPPED debug statements] + + if (aRequest.getRequestURI().startsWith(protectedPath) + !aRequest.getRequestURI().startsWith(redirectAfterAuth) + !aRequest.getRequestURI().startsWith( + /j_security_check, 10)) { + if (aRequest.getAuthType() == null) { + aRequest.getSession().invalidate(); + aResponse.sendRedirect(redirectAfterAuth); + } else { + if (nextValve != null) { + nextValve.invoke(aRequest, aResponse); + } + } + } else { + if (nextValve != null) { + nextValve.invoke(aRequest, aResponse); + } + } + } else { + log.debug(LoginValve starting); + if (nextValve != null) { + getNext().invoke(aRequest, aResponse); + } + } A few questions: 1. Why can't the redirectAfterAuth path be within the protected space? 2. Why do you check to see if the request URI /startsWith/ the redirectAfterAuth instead of being equal to it? 3. Why are you checking to see if characters 10 - 16 of the request URI are y_check. Why not check for the whole j_security_check string? Why not check the /end/ of the request URI for j_security_check, since the URI for j_security_check is not required to be /j_security_check but pretty much */j_security_check? 4. Why are killing the session if the authtype is null? 5. Why does your valve pass-through any requests before the component has started? Is there a valid use case where NOT performing these checks and redirects is appropriate? It appears that your valve does nothing but murder the session and redirect the user if authtype=null and you are requesting a resource from a particular URI space. This does not seem particularly useful. Maybe I'm missing something subtle. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoCQmEACgkQ9CaO5/Lv0PAuRwCdFUK6/DCK29UonliRDAY97Gu3 TLEAn0KpNqaJseJTOapk9kl7qrUVIqTS =41Y+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat DBCP: Getting java.sql.SQLException: Closed Statement
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ashoknan, On 5/6/2009 5:43 PM, ashoknan wrote: This app was running fine in Weblogic but after migrating to Tomcat 6+ DBCP we are seeing the below exception. Which version of TC 6 are you using? Are you using the stock DBCP or Filip's new-fangled DBCP? We also looked our code base for any threading or concurrency issues..we were not able spot any issues. Famous last words. I have observed one more thing..why checkOpen in DelegatingPreparedStatement didn't catch this but OracleStatement thinks the statement is closed. What makes you say that DelegatingPreparedStatement.checkOpen is being called and seeing an incorrect state? I suspect you (or the Spring folks?) are unwrapping the pooled statement at some point to expose its Oracle-ness, and then you are (incorrectly) closing the underlying statement instead of closing the wrapping (pooled) statement as you should be. org.springframework.jdbc.object.SqlUpdate.update(SqlUpdate.java:168) at com.dao.DealXAuditTrailDaoBase.insertDealXAuditTrailVoBase(Unknown Source) This code (yours?) is calling SqlUpdate.update. What does your code look like around here? Are you using any transactions? at com.deal.DealTO.insertAuditTrail(DealTO.java:183) at com.deal.DealTO.processAuditTrail(DealTO.java:168) at com.deal.DealTO.update(DealTO.java:110) The code around here might be useful to see, too. validationQuery=select count(*) from dual/ That's a weird one. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoCRHkACgkQ9CaO5/Lv0PD01gCdH7IHL1q8iXbTmRp9HVyciRNi wJQAnjvN+vEcyoW7TWOGnD0G04506cCO =aFGJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Form-based Container Security with SSL
Redirect prefix With redirect-prefix, instead of executing baz action's execute() method (by default it isn't overriden in struts.xml to be something else), it will get redirected to, in this case to www.google.com. Internally it uses ServletRedirectResult to do the task. s:form action=quot;bazquot; s:textfield label=quot;Enter your namequot; name=quot;person.namequot;/ s:submit value=quot;Create personquot;/ s:submit name=quot;redirect:www.google.comquot; value=quot;Cancelquot;/ /s:form struts handles all of those contingencies via actionmapper mapping an action/namespace to handle some known URL http://struts.apache.org/2.0.14/docs/actionmapper.html (implementing actionmapper doesnt prevent you from giving chris money) Martin __ Disclaimer and Confidentiality/Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité This message is confidential. If you should not be the intended receiver, then we ask politely to report. Each unauthorized forwarding or manufacturing of a copy is inadmissible. This message serves only for the exchange of information and has no legal binding effect. Due to the easy manipulation of emails we cannot take responsibility over the the contents. Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Wed, 6 May 2009 21:54:02 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Form-based Container Security with SSL -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Guojun, On 5/6/2009 3:05 PM, Guojun Zhu wrote: We had a small web application on tomcat 5.5. We use tomcat realm (MD5 digest) with the form-based login. I have a few questions on this. 1. When we use http, does the form-based login page send the username and password plainly or in the digested form? Your web browser will send the credentials in cleartext. The only digest being used here is the one used to hash the password before it is checked against your database (all on the server side). If you want the password sent securely, you'll need to either use HTTPS or use DIGEST authentication, which uses HTTP Auth instead of forms. I prefer HTTPS + form over DIGEST, FWIW. 2. We set up the ssl in 8443 port. All links in our application are relative link without the specified scheme. So currently all the links (including login page) go either through normal http or encrypted https. Is there anyway to limit the ssl only for the login page alone and make sure login page always go through ssl? Rest pages are really fairly low-risk stuff and we do not worry about the leak on them. Are you comfortable with the possibility of session hijacking? If so, there is a way to do this that I outlined a few weeks ago. Hmm... I can't seem to find it in the archives; I'll give you the short-short version. Try something like this: web.xml: form-login-page/login.jsp/form-login-page ... security-constraint web-resource-collection url-pattern/login.jsp/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint security-constraint login.jsp: % Cookie mySessionCookie = ...; if(mySessionCookie.isSecure()) { // We don't want a secure session cookie. Kill it, // redirect to non-secure page and bounce back. session.invalidate(); response.sendRedirect(response.encodeRedirectURL(BOUNCE_PAGE)); } % Your bounce page should simply create a session and redirect to https://yourhost/login.jsp. You should probably create a filter that watches every URL except your login page and drives everything back to HTTP if it finds HTTPS in use. This may interfere with the container's ability to store and re-play requests for protected resources /after/ a successful login. YMMV. If you can't get it working using this suggestion, feel free to hire me to do it for you ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG
SSL Mysterious Self Signed Certificate
Hi I have an issue whereby on a windows installation of Tomcat; I have a mysterious seflt signed certificate displayed within the browser. Despite the fact that I have created a new keystore and imported the relevant root certs and SSL cert and then redirected server.xml to point to the keystore Any ideas?: W.
Re: comet with httpclient
Hi Martin, I have the same implementation as a servlet please find the servlet code i used blow. public class CometServlet extends HttpServlet implements CometProcessor { protected ArrayListHttpServletResponse connections = new ArrayListHttpServletResponse(); protected MessageSender messageSender = null; public void init() throws ServletException { messageSender = new MessageSender(); Thread messageSenderThread = new Thread(messageSender, MessageSender[ + getServletContext().getContextPath() + ]); messageSenderThread.setDaemon(true); messageSenderThread.start(); } public void destroy() { connections.clear(); messageSender.stop(); messageSender = null; } @Override public void service(ServletRequest arg0, ServletResponse arg1) throws ServletException, IOException { System.out.println(Inside service method); super.service(arg0, arg1); } @Override public void event(CometEvent event) throws IOException, ServletException { HttpServletRequest request = event.getHttpServletRequest(); HttpServletResponse response = event.getHttpServletResponse(); if (event.getEventType() == CometEvent.EventType.BEGIN) { log(Begin for session: + request.getSession(true).getId()); PrintWriter writer = response.getWriter(); writer .println(!doctype html public \-//w3c//dtd html 4.0 transitional//en\); writer .println(headtitleJSP Chat/title/headbody bgcolor=\#FF\); writer.flush(); synchronized (connections) { connections.add(response); } } else if (event.getEventType() == CometEvent.EventType.ERROR) { log(Error for session: + request.getSession(true).getId()); synchronized (connections) { connections.remove(response); } event.close(); } else if (event.getEventType() == CometEvent.EventType.END) { log(End for session: + request.getSession(true).getId()); synchronized (connections) { connections.remove(response); } PrintWriter writer = response.getWriter(); writer.println(/body/html); event.close(); } else if (event.getEventType() == CometEvent.EventType.READ) { InputStream is = request.getInputStream(); byte[] buf = new byte[512]; do { int n = is.read(buf); // can throw an IOException if (n 0) { log(Read + n + bytes: + new String(buf, 0, n) + for session: + request.getSession(true).getId()); } else if (n 0) { // error(event, request, response); return; } } while (is.available() 0); } } public class MessageSender implements Runnable { protected boolean running = true; protected ArrayListString messages = new ArrayListString(); public MessageSender() { } public void stop() { running = false; } /** * Add message for sending. */ public void send(String user, String message) { synchronized (messages) { messages.add([ + user + ]: + message); messages.notify(); } } public void run() { while (running) { if (messages.size() == 0) { try { synchronized (messages) { messages.wait(); } } catch (InterruptedException e) { // Ignore } } synchronized (connections) { String[] pendingMessages = null; synchronized (messages) { pendingMessages = messages.toArray(new String[0]); messages.clear(); } // Send any pending message on all the open connections for (int i = 0; i connections.size(); i++) { try { PrintWriter writer = connections.get(i).getWriter(); for (int j = 0; j pendingMessages.length; j++) { writer.println(pendingMessages[j] + br); } writer.flush(); } catch (IOException e) { log(IOExeption sending message, e); } } } } } } } Please let me know if im doing anything