Re: Apache mod_jk SetEnvIf negative look ahead not working
as2 wrote: Hi, I am trying to add a rule .. Try this : # First, all URLs that start with /app/ and end in either .jsp, .htm # or .html are forwarded to Tomcat LocationMatch ^/app/.+\.(jsp|html?)$ SetHandler jakarta-servlet /LocationMatch # But, we don't want that if it's inside of /app/dir/ LocationMatch ^/app/dir/ SetHandler none /LocationMatch # Except if it is inside of a /jsp/ subdir of /app/dir, # then we do want it anyway LocationMatch ^/app/dir/.*/jsp/ SetHandler jakarta-servlet /LocationMatch You may need to modify that a bit, according to what you want exactly (which is not so clear in your original question). But the base is : - Location and LocationMatch are applied one after the other, in the order in which they appear in the configuration file. (See : http://httpd.apache.org/docs/2.2/sections.html ) - SetHandler jakarta-servlet makes it so that all applicable URLs are proxied to Tomcat - SetHandler none cancels the effect of a previous SetHandler jakarta-servlet and returns to the default Apache handling. (See : http://httpd.apache.org/docs/2.2/mod/core.html#sethandler ) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Context.xml not updating dataSource
I am using Tomcat 6.0.18 and am using jTDS to connect to SQL Server 2005. The application is working fine in development (I'm using Netbeans 6.5) and I build the WAR from the IDE at the moment. When I deploy the WAR to the test server I update the context.xml to point the database connection URL to the testing SQL Server, and restart the application server. But, the DataSource is still using the settings from the WAR that I deployed and not reading the new values that I changed in the context.xml. If I put the testing details into the context.xml before I build the WAR then they are the ones used and everything works correctly. Surely this is not how Tomcat is intended to behave? Francis - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR Native library on tomcat 6
thanks a lot Brian; it works now, without using --prefix. Brian Millett wrote: On Fri, 2009-06-19 at 02:05 -0700, lmk wrote: --prefix=/usr/tomcat/apache-tomcat-6.0.18 I'd look where you told it to go. -- Brian Millett - [ Sinclair (re: The Line), The Gathering] The sky was full of stars and every star an exploding ship...one of ours. -- View this message in context: http://www.nabble.com/APR-Native-library-on-tomcat-6-tp24107914p24144172.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context.xml not updating dataSource
Francis Judge wrote: I am using Tomcat 6.0.18 and am using jTDS to connect to SQL Server 2005. The application is working fine in development (I'm using Netbeans 6.5) and I build the WAR from the IDE at the moment. When I deploy the WAR to the test server How do you deploy your WAR? Is unpackWARs true or false? I update the context.xml to point the database Exactly which file do you edit? connection URL to the testing SQL Server, and restart the application server. But, the DataSource is still using the settings from the WAR that I deployed and not reading the new values that I changed in the context.xml. If I put the testing details into the context.xml before I build the WAR then they are the ones used and everything works correctly. Surely this is not how Tomcat is intended to behave? It may not be how you intended Tomcat to behave. How Tomcat should behave will depend on the answers to the questions above. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Context.xml not updating dataSource
I am using Tomcat 6.0.18 on Windows Vista (dev) and Server 2003 R2 (test) and am using jTDS to connect to SQL Server 2005. The application is working fine in development (I'm using Netbeans 6.5) and I build the WAR from the IDE at the moment. When I deploy the WAR to the test server I update the context.xml to point the database connection URL to the testing SQL Server, and restart the application server. But, the DataSource is still using the settings from the WAR that I deployed and not reading the new values that I changed in the context.xml. If I put the testing details into the context.xml before I build the WAR then they are the ones used and everything works correctly. Surely this is not how Tomcat is intended to behave? Francis - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[SSL Tomcat5.5] Tomcat doesn't see alias in my keystore
Hello, This my server.xml : Code : Connector port=8443 maxHttpHeaderSize=8192 keystoreFile=/var/lib/tomcat5.5/.keystore keystorePass= keyAlias=tomcat maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / My keystore is well in /var/lib/tomcat5.5/.keystore, this my alias keystore list : Code : keytool -list -keystore /var/lib/tomcat5.5/.keystore Tapez le mot de passe du Keystore : Type Keystore : jks Fournisseur Keystore : SUN Votre Keystore contient 2 entrée(s) root, 17 juin 2009, trustedCertEntry, Empreinte du certificat (MD5) : tomcat, 17 juin 2009, trustedCertEntry, Empreinte du certificat (MD5) : You can see that tomcat alias exists... However this is the tomcat boot log : Code : ... java.io.IOException: Le nom alias tomcat n'identifie pas une entrée de clef ... In english : tomcat alias doesn't identify a key entry Any idea ? Thanks a lot -- -- Vernines William Sanimat Santé 1307 Impasse de Lisbonne Z.I ALBASUD 82000 Montauban tel: 05.63.22.05.40 fax: 05.63.23.04.94 wverni...@sanimatdiffusion.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context.xml not updating dataSource
I'm editing the context.xml in the application's MET-INF directory. The following is what it contains: Resource name=*DB/TMS* auth=*Container* type=*javax.sql.DataSource* username=* password=* driverClassName=*net.sourceforge.jtds.jdbcx.JtdsDataSource* url=*jdbc:jtds:sqlserver://localhost:1433;DatabaseName=TMS* maxActive=*8* maxIdle=*1* removeAbandoned=*true* I have not set the 'unpackWARs' option anywhere but I deploy through the tomcat administrative console. Mark Thomas wrote: Francis Judge wrote: I am using Tomcat 6.0.18 and am using jTDS to connect to SQL Server 2005. The application is working fine in development (I'm using Netbeans 6.5) and I build the WAR from the IDE at the moment. When I deploy the WAR to the test server How do you deploy your WAR? Is unpackWARs true or false? I update the context.xml to point the database Exactly which file do you edit? connection URL to the testing SQL Server, and restart the application server. But, the DataSource is still using the settings from the WAR that I deployed and not reading the new values that I changed in the context.xml. If I put the testing details into the context.xml before I build the WAR then they are the ones used and everything works correctly. Surely this is not how Tomcat is intended to behave? It may not be how you intended Tomcat to behave. How Tomcat should behave will depend on the answers to the questions above. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to get thread dump on Tomcat 6 (windows)
Caldarale, Charles R schrieb am 19.05.2009 um 08:37:23 (-0500): From: Gregor Schneider [mailto:rc4...@googlemail.com] Subject: Re: How to get thread dump on Tomcat 6 (windows) A late reply to this: Thread-Dump on Windows: If I'm not mistaken, the key-combination CtrlBreak should do the trick on /most/ JVMs Not when running as a service on Windows. As far as I can see, there are at least three ways to get a thread dump: (1) using the jstack tool; (2) hitting Ctrl-Break in the console (cmd.exe window), even when running as a service (needs the box Allow service to interact with desktop checked to show the console, of course); (3) clicking the icon in the notification area (systray) after launching tomcat6w.exe //MS//, see [1]. Michael Ludwig [1] http://commons.apache.org/daemon/procrun.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context.xml not updating dataSource
Francis Judge wrote: I'm editing the context.xml in the application's MET-INF directory. The following is what it contains: Resource name=*DB/TMS* auth=*Container* type=*javax.sql.DataSource* username=* password=* driverClassName=*net.sourceforge.jtds.jdbcx.JtdsDataSource* url=*jdbc:jtds:sqlserver://localhost:1433;DatabaseName=TMS* maxActive=*8* maxIdle=*1* removeAbandoned=*true* I have not set the 'unpackWARs' option anywhere but I deploy through the tomcat administrative console. You are editing the wrong file. When a web application is first deployed, any META-INF/context.xml is copied to CATALINA_BASE/conf/enginename/hostname (usually CATALINA_BASE/conf/Catalina/localhost) and renamed to appName.xml. Eg for a war file named myapp.war a META-INF/context.xml would be renamed to myapp.xml# Edit the copy of the context.xml file and all will work as you expect. Mark Mark Thomas wrote: Francis Judge wrote: I am using Tomcat 6.0.18 and am using jTDS to connect to SQL Server 2005. The application is working fine in development (I'm using Netbeans 6.5) and I build the WAR from the IDE at the moment. When I deploy the WAR to the test server How do you deploy your WAR? Is unpackWARs true or false? I update the context.xml to point the database Exactly which file do you edit? connection URL to the testing SQL Server, and restart the application server. But, the DataSource is still using the settings from the WAR that I deployed and not reading the new values that I changed in the context.xml. If I put the testing details into the context.xml before I build the WAR then they are the ones used and everything works correctly. Surely this is not how Tomcat is intended to behave? It may not be how you intended Tomcat to behave. How Tomcat should behave will depend on the answers to the questions above. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [SSL Tomcat5.5] Tomcat doesn't see alias in my keystore
William Vernines wrote: Votre Keystore contient 2 entrée(s) root, 17 juin 2009, trustedCertEntry, Empreinte du certificat (MD5) : tomcat, 17 juin 2009, trustedCertEntry, Empreinte du certificat (MD5) : You can see that tomcat alias exists... However this is the tomcat boot log : Code : ... java.io.IOException: Le nom alias tomcat n'identifie pas une entrée de clef ... In english : tomcat alias doesn't identify a key entry Any idea ? The error message says it all. There isn't a key entry named tomcat. (The entry named Tomcat is a trusted certificate, not a key). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context.xml not updating dataSource
Brilliant, I didn't see this in any of the documentation that read. Thanks for the help Francis Mark Thomas wrote: Francis Judge wrote: I'm editing the context.xml in the application's MET-INF directory. The following is what it contains: Resource name=*DB/TMS* auth=*Container* type=*javax.sql.DataSource* username=* password=* driverClassName=*net.sourceforge.jtds.jdbcx.JtdsDataSource* url=*jdbc:jtds:sqlserver://localhost:1433;DatabaseName=TMS* maxActive=*8* maxIdle=*1* removeAbandoned=*true* I have not set the 'unpackWARs' option anywhere but I deploy through the tomcat administrative console. You are editing the wrong file. When a web application is first deployed, any META-INF/context.xml is copied to CATALINA_BASE/conf/enginename/hostname (usually CATALINA_BASE/conf/Catalina/localhost) and renamed to appName.xml. Eg for a war file named myapp.war a META-INF/context.xml would be renamed to myapp.xml# Edit the copy of the context.xml file and all will work as you expect. Mark Mark Thomas wrote: Francis Judge wrote: I am using Tomcat 6.0.18 and am using jTDS to connect to SQL Server 2005. The application is working fine in development (I'm using Netbeans 6.5) and I build the WAR from the IDE at the moment. When I deploy the WAR to the test server How do you deploy your WAR? Is unpackWARs true or false? I update the context.xml to point the database Exactly which file do you edit? connection URL to the testing SQL Server, and restart the application server. But, the DataSource is still using the settings from the WAR that I deployed and not reading the new values that I changed in the context.xml. If I put the testing details into the context.xml before I build the WAR then they are the ones used and everything works correctly. Surely this is not how Tomcat is intended to behave? It may not be how you intended Tomcat to behave. How Tomcat should behave will depend on the answers to the questions above. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context.xml not updating dataSource
On Monday 22 June 2009 12:02:49 Mark Thomas wrote: You are editing the wrong file. When a web application is first deployed, any META-INF/context.xml is copied to CATALINA_BASE/conf/enginename/hostname (usually CATALINA_BASE/conf/Catalina/localhost) and renamed to appName.xml. Eg for a war file named myapp.war a META-INF/context.xml would be renamed to myapp.xml# Edit the copy of the context.xml file and all will work as you expect. What is the reason for this behavior? It seems quite counterintuitive. If I package a new version of my application with updated configuration, I usually expect that this configuration is used when I deploy this application, esp. with the manager deployment functionality. If I want to deploy the application on different tomcat installations, I have to delete the file from CATALINA_BASE/conf on each one, and it even might have a different path on each. So this behavior causes more work for my use case, and I have to do s.th. in addition to the standard deployment call. Is there a benefit from it? Mark Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context.xml not updating dataSource
Rainer Frey wrote: On Monday 22 June 2009 12:02:49 Mark Thomas wrote: You are editing the wrong file. When a web application is first deployed, any META-INF/context.xml is copied to CATALINA_BASE/conf/enginename/hostname (usually CATALINA_BASE/conf/Catalina/localhost) and renamed to appName.xml. Eg for a war file named myapp.war a META-INF/context.xml would be renamed to myapp.xml# Edit the copy of the context.xml file and all will work as you expect. What is the reason for this behavior? It seems quite counterintuitive. If I package a new version of my application with updated configuration, I usually expect that this configuration is used when I deploy this application, esp. with the manager deployment functionality. If I want to deploy the application on different tomcat installations, I have to delete the file from CATALINA_BASE/conf on each one, and it even might have a different path on each. So this behavior causes more work for my use case, and I have to do s.th. in addition to the standard deployment call. Is there a benefit from it? 1. In production, the operations folks don't have to unpack the app, edit the context file and re-pack the app to edit the configuration. 2. When a new version of the app is installed, the environment specific configuration isn't lost. If you want to remove the old configuration, undeploy the app first which will remove the old configuration file. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Pointers on diagnosing session and thread hangs
I posted just the part of the code that was relevant. The initialization and retrieval of the configuration options is not shown here. The pooling mechanism was the focus of the post and that is why I posted just that code. Pete Martin Gainty wrote: where is _isIBMi declaration?.. how is _isIBMi used to configure ConnectionPool? Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Sun, 21 Jun 2009 13:25:25 -0600 From: p...@valadd.com To: users@tomcat.apache.org Subject: Re: Pointers on diagnosing session and thread hangs For curiosity's sake, why did you roll your own DB pooling, rather than letting Tomcat manage it? That is a good question and one I am not sure I can easily answer since the base code I am working with was originally written by someone else 6 years ago. I am not sure if DB pooling was implemented back then, but we have a particular platform where we need to call some system routines before making the connection and so this driver is just small piece of code handles that system call and all the DB connecting and pooling. I am not sure why the pooling was implemented in this code since my understanding is that the JDBC driver usually handles this. We then added some additional support for other DB's into this code so that the web application can stay completely agnostic to the database it is connecting to. We specify different JDBC connection information in the configuration file that the DB Manager code references. So I guess the bottom line is that this code exists to keep the webapp independent of the database but why pooling was implemented in the driver is something that we are now looking into since it appears to be the point of pain. FWIW the code from the relevant method is: public DataSource setupDataSource(String userName, String password, String connectURI, String roleID, boolean doAdd) { // // First, we'll need a ObjectPool that serves as the // actual pool of connections. // // We'll use a GenericObjectPool instance, although // any ObjectPool implementation will suffice. // if(_debug) System.out.println(Setting up datasource with Role: +roleID); //Specific to our implementation ObjectPool connectionPool = new GenericObjectPool(null, maxActive, whenExhaustedAction, maxWait, maxIdle, minIdle, testOnBorrow, testOnReturn, timeBetweenEvictionRunsMillis, numTestsPerEvictionRun, minEvictableIdleTimeMillis, testWhileIdle); // // Next, we'll create a ConnectionFactory that the // pool will use to create Connections. // We'll use the DriverManagerConnectionFactory, // using the connect string passed in the command line // arguments. // ConnectionFactory connectionFactory = new DriverManagerConnectionFactory( connectURI, userName, password); // // Now we'll create the PoolableConnectionFactory, which wraps // the real Connections created by the ConnectionFactory with // the classes that implement the pooling functionality. // PoolableConnectionFactory pool = null; // Code to handle member overrides specific to IBM i if(_debug) System.out.println(Creating connection pool using PoolableConnectionFactory); pool = new PoolableConnectionFactory( connectionFactory, connectionPool, null, null, false, true) { /* * (non-Javadoc) * * @see org.apache.commons.dbcp.PoolableConnectionFactory#makeObject() */ public synchronized Object makeObject() throws Exception { // This line of code is BLOCKED randomly Connection conn = (Connection) super.makeObject(); //
Re: Context.xml not updating dataSource
On Monday 22 June 2009 13:53:47 Mark Thomas wrote: Rainer Frey wrote: On Monday 22 June 2009 12:02:49 Mark Thomas wrote: You are editing the wrong file. When a web application is first deployed, any META-INF/context.xml is copied to CATALINA_BASE/conf/enginename/hostname (usually CATALINA_BASE/conf/Catalina/localhost) and renamed to appName.xml. Eg for a war file named myapp.war a META-INF/context.xml would be renamed to myapp.xml# Edit the copy of the context.xml file and all will work as you expect. If I want to deploy the application on different tomcat installations, I have to delete the file from CATALINA_BASE/conf on each one, and it even might have a different path on each. If you want to remove the old configuration, undeploy the app first which will remove the old configuration file. Thanks, this was the point I missed. Mark Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Regarding log4J creating logs in tomcat logs folder using FileAppender
hi every one, Iam new to Log4j... How to create log files in tomcat logs folder using Apache Log4j FileAppender class? This is what i was doing new FileAppender(layout,todayslog,true); but the log files are created under tomcat bin folder...how t change this? Also let me know how to create a folder under tomcat logs folder. when i give the filename as mylogs\\todayslog it is throwing FileNotFoundException need help regarding thanks in advance -- Abhishek
RE: Regarding log4J creating logs in tomcat logs folder using FileAppender
From: abhishek reddy [mailto:abhishek.c1...@gmail.com] Subject: Regarding log4J creating logs in tomcat logs folder using FileAppender but the log files are created under tomcat bin folder Because you're using a relative path, which should be avoided, since you have no control over it. You can retrieve the Tomcat base path from the system property tomcat.base; Tomcat logs are normally in the logs directory under tomcat.base. Also let me know how to create a folder under tomcat logs folder. This is a Java, not Tomcat question; use java.io.File.mkdir(), or do it from a command line shell. Note that hard-coding a backslash as a file separator makes your code non-portable. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Regarding log4J creating logs in tomcat logs folder using FileAppender
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Subject: RE: Regarding log4J creating logs in tomcat logs folder using FileAppender but the log files are created under tomcat bin folder Because you're using a relative path, which should be avoided, since you have no control over it. You can retrieve the Tomcat base path from the system property tomcat.base; Tomcat logs are normally in the logs directory under tomcat.base. Also let me know how to create a folder under tomcat logs folder. This is a Java, not Tomcat question; use java.io.File.mkdir(), or do it from a command line shell. Note that hard-coding a backslash as a file separator makes your code non-portable. Another point: the location of the log4j output is normally specified in a log4j.properties or log4j.xml file to make reconfiguration easier; why are you trying to do this programmatically? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding log4J creating logs in tomcat logs folder using FileAppender
thanks for the reply. How to retrieve the tomcat base path? I have tried this way System.getProperty(tomcat.base);the value is comming as null On Mon, Jun 22, 2009 at 6:25 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: abhishek reddy [mailto:abhishek.c1...@gmail.com] Subject: Regarding log4J creating logs in tomcat logs folder using FileAppender but the log files are created under tomcat bin folder Because you're using a relative path, which should be avoided, since you have no control over it. You can retrieve the Tomcat base path from the system property tomcat.base; Tomcat logs are normally in the logs directory under tomcat.base. Also let me know how to create a folder under tomcat logs folder. This is a Java, not Tomcat question; use java.io.File.mkdir(), or do it from a command line shell. Note that hard-coding a backslash as a file separator makes your code non-portable. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Abhishek
Re: Regarding log4J creating logs in tomcat logs folder using FileAppender
i think it is catalina.base On Mon, Jun 22, 2009 at 6:41 PM, abhishek reddy abhishek.c1...@gmail.comwrote: thanks for the reply. How to retrieve the tomcat base path? I have tried this way System.getProperty(tomcat.base);the value is comming as null On Mon, Jun 22, 2009 at 6:25 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: abhishek reddy [mailto:abhishek.c1...@gmail.com] Subject: Regarding log4J creating logs in tomcat logs folder using FileAppender but the log files are created under tomcat bin folder Because you're using a relative path, which should be avoided, since you have no control over it. You can retrieve the Tomcat base path from the system property tomcat.base; Tomcat logs are normally in the logs directory under tomcat.base. Also let me know how to create a folder under tomcat logs folder. This is a Java, not Tomcat question; use java.io.File.mkdir(), or do it from a command line shell. Note that hard-coding a backslash as a file separator makes your code non-portable. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Abhishek -- Abhishek
Re: Regarding log4J creating logs in tomcat logs folder using FileAppender
Now it is working..thanks for the reply On Mon, Jun 22, 2009 at 6:45 PM, abhishek reddy abhishek.c1...@gmail.comwrote: i think it is catalina.base On Mon, Jun 22, 2009 at 6:41 PM, abhishek reddy abhishek.c1...@gmail.comwrote: thanks for the reply. How to retrieve the tomcat base path? I have tried this way System.getProperty(tomcat.base);the value is comming as null On Mon, Jun 22, 2009 at 6:25 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: abhishek reddy [mailto:abhishek.c1...@gmail.com] Subject: Regarding log4J creating logs in tomcat logs folder using FileAppender but the log files are created under tomcat bin folder Because you're using a relative path, which should be avoided, since you have no control over it. You can retrieve the Tomcat base path from the system property tomcat.base; Tomcat logs are normally in the logs directory under tomcat.base. Also let me know how to create a folder under tomcat logs folder. This is a Java, not Tomcat question; use java.io.File.mkdir(), or do it from a command line shell. Note that hard-coding a backslash as a file separator makes your code non-portable. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Abhishek -- Abhishek -- Abhishek
RE: Regarding log4J creating logs in tomcat logs folder using FileAppender
From: abhishek reddy [mailto:abhishek.c1...@gmail.com] Subject: Re: Regarding log4J creating logs in tomcat logs folder using FileAppender i think it is catalina.base Yes, sorry for the earlier misdirect. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Load Balancer - truncating responses?
On Mon, Jun 22, 2009 at 1:14 AM, André Warnier a...@ice-sa.com wrote: Dmitri O.Kondratiev wrote: Hello! I have the following problem: When using apache load balancer with Tomcat, *sometimes* responses get truncated , resulting in incomplete HTML of *wrong* encoding. My application that Tomcat runs always returns responses in utf-8, yet when truncated, page has a different encoding. The following combinations work: 1) IE - Tomcat 2) IE - Load Balancer - Tomcat 3) WebLoad - Tomcat The following returns truncated HTML: 1) WebLoad - Load Balancer - Tomcat Could Apache content negotiation be the reason for this error? Any other ideas why this could happen? Hi. I can't answer, but just to save time for someone else who would like to help you, could you specify : - what platforms is (are) this ? - what versions of Apache and Tomcat ? - what do you use to connect Apache and Tomcat (mod_proxy_http, mod_proxy_ajp, mod_jk, other ?) - is Apache httpd configured to do any kind of caching ? - what is WebLoad ? - what do you mean by page has a different encoding ? How do you know that ? Is the HTTP response Content-type header different ? Is a meta tag in the page different ? (If you do not know the answer to that, search in Google for Fiddler2. That is an add-on for IE, which allows you to see exactly what requests go from IE - server, and the responses that go server - IE. Including the HTTP headers, body etc..). Also, to stop you maybe looking in the wrong place, I believe that Apache content negociation only happens when you specify it explicitly, and it should only happen for content that Apache itself can serve locally, not for anything that is proxied somewhere else. Also, since according to your data below, it seems to be working fine in Tomcat itself, and not working fine when Apache httpd is in front of it, you may want to post this to the Apache httpd users list. André and Martin, thanks for trying to help! Before sending to Tomcat list I asked the same question at Apache httpd users list. No comments so far :( As a guideline for load balancing I used an approach outlined here: http://www.theserverside.com/tt/knowledgecenter/knowledgecenter.tss?l=LoadBalancingTomcatApache Some more context on my problem: - Everything runs on Win32 - apache-tomcat-6.0.18 - Apache2.2 - mod_proxy_balancer - WebLoad - is used as load generation tool http://www.webload.org/ Here is a linkhttp://rapidshare.com/files/247362496/bad-response-data.zip.html to a zip file with: - brokren response - appache tomcat conf - Packets sniffed by WireShark (with and without balancer) http://www.wireshark.org/ I will try to provide more data on the problem later. Thanks!
Re: Secure jsessionid cookie : request.scheme==https versus request.secure == true
Hello, My usecase may have not been clear enough : The internal over http connector : secure = true, scheme = http doesn't behave has I would like for stateful requests because Tomcat generates a secure JSESSIONID cookie even if the configured scheme is http rather than https. Due to this secure JSESSIONID cookie for non SSL http requests, clients like Apache Http Client won't retransmit the cookie for between requests. I hope my usecase is clearer. Cyrille On Sun, Jun 21, 2009 at 12:52 PM, Cyrille Le Clerc cyrille.lecl...@pobox.com wrote: Hello, I am interested in using the secure attribute of Tomcat connectors for non https/ssl requests. However, the ssl only JSESSIONID cookie mechanism currently relies on request.secure == true rather than on request.scheme == https (1). A confusion on secure vs. https seems to come from the fact that cookie.secure == true is interpreted by most http clients as cookie.sslOnly == true. Due to this behavior, I don't see how I can use connector.secure = true without connector.scheme = https. Could we imagine an evolution of Tomcat to generate secure session cookies if request.scheme == https rather than on request.secure == true ? I would be very pleased to propose a patch. My usecase is : an application receives requests from both the internet and from other servers of my data center (same trusted zone). The requests coming from the internet may use http or https when internal request use http (for security and CPU consumption reasons). The application's web services require a secure channel (https from the internet or http from the trusted zone). If Tomcat handled secure session cookies on request.scheme == https rather than request.secure == true, I would handle this with three connectors thanks to the nuance between the secure and scheme attributes of the connectors : - external over http connector : secure = false, scheme = http - external over https/ssl connector : secure = true, scheme = https - internal over http connector : secure = true, scheme = http Today, I handle this in the application wrapping the Http Servlet Request to declare secure requests whose remoteAddr matches the 10.* block. Cyrille (1) See http://fisheye6.atlassian.com/browse/tomcat/trunk/java/org/apache/catalina/connector/Request.java?r=HEAD#l2367 (2) web browsers, Apache Commons Http client, etc -- Cyrille Le Clerc cyrille.lecl...@pobox.com clecl...@xebia.fr http://blog.xebia.fr - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [SSL Tomcat5.5] Tomcat doesn't see alias in my keystore
Thanks a lot Mark ! Mark Thomas a écrit : William Vernines wrote: Votre Keystore contient 2 entrée(s) root, 17 juin 2009, trustedCertEntry, Empreinte du certificat (MD5) : tomcat, 17 juin 2009, trustedCertEntry, Empreinte du certificat (MD5) : You can see that tomcat alias exists... However this is the tomcat boot log : Code : ... java.io.IOException: Le nom alias tomcat n'identifie pas une entrée de clef ... In english : tomcat alias doesn't identify a key entry Any idea ? The error message says it all. There isn't a key entry named tomcat. (The entry named Tomcat is a trusted certificate, not a key). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- -- Vernines William Sanimat Santé 1307 Impasse de Lisbonne Z.I ALBASUD 82000 Montauban tel: 05.63.22.05.40 fax: 05.63.23.04.94 wverni...@sanimatdiffusion.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to enable debug log level?
Hello everybody, I discovered those logging instruction in the tomcat sources: if (log.isDebugEnabled()) log.debug( Not subject to any constraint); how can I set up my tomcat to return true to log.isDebugEnables() ? Best Regards, Oliver Block - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat-Rails, a pet project to run jruby on rails applications within an embedded tomcat
Hi, I'm working on a little project to use tomcat as server for rails applications without generate a war file. I'm using an embedded tomcat and jruby-rack to wrap requests. I don't know if this could be useful for anyone, currently it's based on my needs, but you can find more info in the project page: http://calavera.github.com/tomcat-rails http://github.com/calavera/tomcat-rails Advice and feedback will be really appreciated. Cheers -- David Calavera http://www.thinkincode.net
Re: Tomcat-Rails, a pet project to run jruby on rails applications within an embedded tomcat
David Calavera wrote: Hi, I'm working on a little project to use tomcat as server for rails applications without generate a war file. I'm using an embedded tomcat and jruby-rack to wrap requests. I don't know if this could be useful for anyone, currently it's based on my needs, but you can find more info in the project page: http://calavera.github.com/tomcat-rails http://github.com/calavera/tomcat-rails Advice and feedback will be really appreciated. You should read http://tomcat.apache.org/legal.html, particularly the parts related to trademarks and naming. If you haven't already found it, this class (from sandbox/trunk) is quite useful when you start embedding Apache Tomcat. http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/Tomcat.java Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat-Rails, a pet project to run jruby on rails applications within an embedded tomcat
Hi David- can you use CGIServlet to accomplish the ror? thanks, Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. From: david.calav...@gmail.com Date: Mon, 22 Jun 2009 16:36:46 +0200 Subject: Tomcat-Rails, a pet project to run jruby on rails applications withinan embedded tomcat To: users@tomcat.apache.org Hi, I'm working on a little project to use tomcat as server for rails applications without generate a war file. I'm using an embedded tomcat and jruby-rack to wrap requests. I don't know if this could be useful for anyone, currently it's based on my needs, but you can find more info in the project page: http://calavera.github.com/tomcat-rails http://github.com/calavera/tomcat-rails Advice and feedback will be really appreciated. Cheers -- David Calavera http://www.thinkincode.net _ Insert movie times and more without leaving Hotmail®. http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009
Re: Form-based authentication
Am Sonntag, 21. Juni 2009 01:34:29 schrieb Caldarale, Charles R: [...] you hard-code the single role name in the LoginModule, using whatever value you have in web.xml (currently User). You must have a role class that implements Principal and Serializable (in addition to the Principal class for the user name); this role class must be specified in your Realm element via the roleClassName attribute. Create an instance of the role class with the predefined name and add it to the Subject object's principals set in your commit() method after you have added the user name Principal object. By adding a roleClassName to the Realm descriptor (context.xml) and by adding a RolePrincipal to the subject solved my problem of authentication failures. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Load Balancer - truncating responses?
Hi Dmitri. No need to copy me personally. I am subscribed to the forum, so I get these messages anyway. A very quick look at the files you posted shows the following thing that I personally find strange : In the log.txt, I see that the first browser request is a POST. The response to that is a 302 moved, with a new location. OK so far. But then, when the browser re-issues the request to the new location, it does a GET, not a POST. I am not sure this has to do with the issue, but did you try this with another browser, and does it do the same ? Apart from that : The response seems indeed truncated, after 16632 bytes. The last byte is a \xD1, which is invalid UTF-8. The rest until then is entirely valid UTF-8, also with the correct HTTP header : content-type: text/html;charset=UTF-8 So I think that you do not really have a wrong encoding of the response. It is properly encoded. The fact that it appears wrongly encoded is probably just an artifact of IE, who (rightly) never sees the proper closing tags of the document, and consequently loses its mind somehow. I have tried to open the saved page with Firefox (after renaming it to .html), and it does show an incomplete page, but it shows it in Russian (I guess) cyrillic characters. So it does understand the encoding. All of that to say that : - first you should find out about the POST/GET above - then you should try another browser - and finally, the problem seems to be indeed a truncation of the result. Now remains to find out why this happens.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat-Rails, a pet project to run jruby on rails applications within an embedded tomcat
On Mon, Jun 22, 2009 at 4:50 PM, Mark Thomas ma...@apache.org wrote: David Calavera wrote: Hi, I'm working on a little project to use tomcat as server for rails applications without generate a war file. I'm using an embedded tomcat and jruby-rack to wrap requests. I don't know if this could be useful for anyone, currently it's based on my needs, but you can find more info in the project page: http://calavera.github.com/tomcat-rails http://github.com/calavera/tomcat-rails Advice and feedback will be really appreciated. You should read http://tomcat.apache.org/legal.html, particularly the parts related to trademarks and naming. Yep, I already added the asf license and all that stuff but I have to submitted. If you haven't already found it, this class (from sandbox/trunk) is quite useful when you start embedding Apache Tomcat. http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/startup/Tomcat.java I'm using it, it was really useful, one code line to config all the server classes instead of hundred XD. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- David Calavera http://www.thinkincode.net
jaas.config / JAASRealms
Hello, on the development pc I've put the jaas.config file to my home directory. As I am running tomcat from netbeans, that's no problem. I've modified jdk/jre/lib/security/java.security to find the jaas.config. Is it compatible with the jaas design to keep web applicaton specific jaas.config files and are there any directives for web.xml to declare the path to jaas.config? Best Regards, Oliver Block - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to enable debug log level?
From: Oliver Block [mailto:li...@oliver-block.eu] Subject: How to enable debug log level? how can I set up my tomcat to return true to log.isDebugEnables() ? Tomcat's internal logging is controlled by conf/logging.properties; tweak that to your heart's content. You will need some knowledge of java.util.logging to make sense out of it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat-Rails, a pet project to run jruby on rails applications within an embedded tomcat
On Mon, Jun 22, 2009 at 4:52 PM, Martin Gainty mgai...@hotmail.com wrote: Hi David- can you use CGIServlet to accomplish the ror? rails doesn't work pretty well with cgi, they are using rack, that's an implementation of python's wsgi in ruby. thanks, Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. From: david.calav...@gmail.com Date: Mon, 22 Jun 2009 16:36:46 +0200 Subject: Tomcat-Rails, a pet project to run jruby on rails applications withinan embedded tomcat To: users@tomcat.apache.org Hi, I'm working on a little project to use tomcat as server for rails applications without generate a war file. I'm using an embedded tomcat and jruby-rack to wrap requests. I don't know if this could be useful for anyone, currently it's based on my needs, but you can find more info in the project page: http://calavera.github.com/tomcat-rails http://github.com/calavera/tomcat-rails Advice and feedback will be really appreciated. Cheers -- David Calavera http://www.thinkincode.net _ Insert movie times and more without leaving Hotmail®. http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009 -- David Calavera http://www.thinkincode.net
RE: jaas.config / JAASRealms
From: Oliver Block [mailto:li...@oliver-block.eu] Subject: jaas.config / JAASRealms I've modified jdk/jre/lib/security/java.security to find the jaas.config. Not a good idea, since that affects every Java execution on that system. Better to specify the location via the java.security.auth.login.config system property. Is it compatible with the jaas design to keep web applicaton specific jaas.config files I don't believe so; JAAS appears to be for the whole JVM instance, not individual webapps. are there any directives for web.xml to declare the path to jaas.config? No, the servlet spec is agnostic when it comes to the actual authentication mechanism. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Slient full uninstall for Tomcat 6.0.16
I am trying to upgrade from 6.0.16 to 6.0.20 with an automated script. So, my thought is to uninstall, then re-install. (If there is a cleaner way, I would love any advice you may have.) I use Uninstall.exe /S to remove the old version, but many directories/files are left behind. When running an uninstall of tomcat 6.0.16 (not silent), you are asked in a yes/no pop-up window if you wish to remove all directories, even if they contain local data. This cleans all the directories. Is there a command line parameter I can use to force this remove all, similar to how /S is used for silent install?
Re: APR Native library on tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 lmk, On 6/19/2009 9:59 AM, lmk wrote: I complied apr sources, I dont used binnaries. If you compiled apr, you're not done: you actually need libtcnative-1.so as well as apr. The APR connector is a little misleading in its naming because it's libtcnative.so that is required, not libapr.so. You can find tcnative in your Tomcat distro under CATALINA_HOME/bin/tomcat-native.tar.gz - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/1BAACgkQ9CaO5/Lv0PCangCbBvsOD69tpdPieboAxoOgcEK2 TdwAoKWtCfA1oRaoFE2iOffyzJ/d4EwB =uhFj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: problem with tomcat-native 1.1.14 and tomcat 6
I am trying to compile the tomcat-native-1.1.14 from Ubuntu, am getting the message :/usr/local/tomcat/bin/tomcat-native-1.1.14-src/jni/native$ sudo ./configure --with-apr=/usr/local/apr --with-ssl=/usr --with-java-home=/usr/lib/jvm/java-6-sun/ [sudo] password for vijay: checking build system type... x86_64-unknown-linux-gnu checking host system type... x86_64-unknown-linux-gnu checking target system type... x86_64-unknown-linux-gnu checking for a BSD-compatible install... /usr/bin/install -c checking for working mkdir -p... yes Tomcat Native Version: 1.1.14 checking for chosen layout... tcnative checking for APR... yes setting CC to gcc setting CPP to gcc -E checking for a BSD-compatible install... /usr/bin/install -c checking for JDK location (please wait)... /usr/lib/jvm/java-6-sun/ checking Java platform... checking Java platform... checking for sablevm... NONE adding -I/usr/lib/jvm/java-6-sun//include to TCNATIVE_PRIV_INCLUDES checking os_type directory... linux adding -I/usr/lib/jvm/java-6-sun//include/linux to TCNATIVE_PRIV_INCLUDES checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for OpenSSL library... using openssl from /usr/lib and /usr/include checking OpenSSL library version... not compatible checking for OpenSSL DSA support... no setting TCNATIVE_LDFLAGS to -lssl -lcrypto adding -DHAVE_OPENSSL to CFLAGS setting TCNATIVE_LIBS to setting TCNATIVE_LIBS to /usr/local/apr/lib/libapr-1.la -lrt -lcrypt -lpthread -ldl configure: creating ./config.status config.status: creating tcnative.pc config.status: creating Makefile config.status: executing default commands When starting the Server i am getting the Log INFO that failed to start SSLEngine. Message shown below. Jun 22, 2009 6:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.14. Jun 22, 2009 6:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jun 22, 2009 6:00:57 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Failed to initialize the SSLEngine. Jun 22, 2009 6:00:58 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 Jun 22, 2009 6:00:58 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-443 Jun 22, 2009 6:00:58 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 881 ms Jun 22, 2009 6:00:58 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Jun 22, 2009 6:00:58 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.18 Mihai COSTACHE wrote: Hi, i have a working tomcat 6.0.14 and now i want to use tomcat-native beacause it use openssl and not java-ssl so .. 1) i installed tomcat-native 1.1.10 2) i edited server.xml (added SSLCertificateFile, SSLCertificateKeyFile, SSLPassword and SSLProtocol=TLSv1 to HTTPS Connector ... for HTTP Connector nothing has changed) 3) started tomcat again ... no error .. but not tcp sockets (for 8080 and 8443 ports) only this i have in catalina.out -- Jan 23, 2008 7:29:12 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded Apache Tomcat Native library 1.1.10. Jan 23, 2008 7:29:12 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. --- the tomcat is running but it doesn't listen on any port !!! --- bin/bash /sbin/runscript.sh /etc/init.d/tomcat-6 start tomcat2736 58.8 3.3 675280 34696 pts/0Sl 19:50 0:02 \_ /opt/sun-jdk-1.6.0.03/bin/java -server -Xms256M -Xmx512M -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=/var/lib/tomcat-6//conf/logging.properties -classpath /usr/share/tomcat-6/lib/:/usr/share/tomcat-6//lib:/opt/sun-jdk-1.6.0.03/lib/tools.jar:/usr/share/tomcat-6//bin/bootstrap.jar:/usr/share/tomcat-6//bin/tomcat-juli.jar -Dcatalina.base=/var/lib/tomcat-6/ -Dcatalina.home=/usr/share/tomcat-6/ -Djava.io.tmpdir=/var/tmp/tomcat-6/ org.apache.catalina.startup.Bootstrap start -- some help would be musch appreciated !!! thanks Mihai -- View this message in context: http://www.nabble.com/problem-with-tomcat-native-1.1.10-and-tomcat-6.0.14-tp15048117p24153602.html Sent from the Tomcat - User mailing list archive at Nabble.com.
Re: Tomcat window appears briefly, does not startup - Windows XP
Don't know if this was already answered, but make sure you have your logging set for debug logging. I know by default, it is not set to that. That may help get you something in the logs. - Josh 2009/6/16 Martin Gainty mgai...@hotmail.com Tim- what do the logs say? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Subject: Tomcat window appears briefly, does not startup - Windows XP Date: Tue, 16 Jun 2009 18:04:31 -0400 From: timothy.ruc...@teradata.com To: users@tomcat.apache.org Startup.bat in CATALINA_HOME/bin runs without error, but Tomcat does not startup Tim Rucker Professional Services Americas Teradata * E-Mail: timothy.ruc...@teradata.com mailto:tr185...@teradata.com * SMS: iPhone mailto:timruc...@txt.att.net * Virtual Office: (614) 314-4427 _ Bing™ brings you maps, menus, and reviews organized in one place. Try it now. http://www.bing.com/search?q=restaurantsform=MLOGENpubl=WLHMTAGcrea=TEXT_MLOGEN_Core_tagline_local_1x1
How To Obtain a Thread Dump
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, This question comes up enough, I've created a FAQ entry for it: http://wiki.apache.org/tomcat/HowTo#head-a3243c1d640297a9f2aa9446cbed434efbd4d1d9 Now we have an F-er M to RT. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/2nQACgkQ9CaO5/Lv0PDCPACfbrZo94iXmUx5jX+u8Cs44Kvr HOAAmwVQZq/nma9g+iIwgz8nKMP1/uA0 =ZqOM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Just a few questions on my Tomcat Configuration
Once again (sigh) . I just got out of my management meeting, they want to know if it can be done the other way, with all companies sharing the core code. I'm not exactly sure on how I'd even begin to do this. While I made a good point that A - it's more secure, and B - it is the better way of doing things, they did countered. If we wanted to upgrade the software, it's better to upgrade one single install, than to upgrade 50 - 100 clients which takes a large amount of time. It then becomes a logistical issue. All that aside, would you have any clue as to how would I go about starting something like that? I'm going to check the docs more closely, however, I am not confident that I will find anything like that in there. - Josh On Wed, Jun 17, 2009 at 10:10 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: Just a few questions on my Tomcat Configuration Maybe each company would have a customized few pages each with their own directories, tied to their own schema, etc, but point to the core application in another directory. Everyone would see their own front ends, but use a common framework in the backend maybe? That's quite a bit more than I was referring to, and I find it unlikely that any company would want its processing to be shared with others in the same webapp. Better to have separate deployments for each, even if the underlying webapp is identical in each instance. Are those API's part of teh standard Tomcat docs? The ones I referred to for adding and removing Host elements dynamically are part of the Embedded class: http://tomcat.apache.org/tomcat-6.0-doc/api/index.html The doc states that components can be added and removed on the fly, even after the start() method has been invoked. I've never tried it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure jsessionid cookie : request.scheme==https versus request.secure == true
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cyrille, On 6/21/2009 6:52 AM, Cyrille Le Clerc wrote: I am interested in using the secure attribute of Tomcat connectors for non https/ssl requests. However, the ssl only JSESSIONID cookie mechanism currently relies on request.secure == true rather than on request.scheme == https (1). Note that setting the request.scheme=https affects only the value returned from request.getScheme() and request.secure only affects the return value of request.isSecure(). Due to this behavior, I don't see how I can use connector.secure = true without connector.scheme = https. This is probably true, but I can see a use case where you want to treat some communication (say, localhost) as secure even when HTTP is being used. Could we imagine an evolution of Tomcat to generate secure session cookies if request.scheme == https rather than on request.secure == true ? I would be very pleased to propose a patch. Do you have a reason to set request.secure=false while request.scheme=https? My usecase is : an application receives requests from both the internet and from other servers of my data center (same trusted zone). The requests coming from the internet may use http or https when internal request use http (for security and CPU consumption reasons). The application's web services require a secure channel (https from the internet or http from the trusted zone). What is the danger of saying that request.scheme=https in your case? If Tomcat handled secure session cookies on request.scheme == https rather than request.secure == true, I would handle this with three connectors thanks to the nuance between the secure and scheme attributes of the connectors : - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/21sACgkQ9CaO5/Lv0PDuLwCgqX33PsAAaMQzXYw5kf6wRScZ HQsAn0f0Cz6i2BjUpmiy3aJ0ZST1ZNxI =yacH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Reading POSTed data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 6/19/2009 4:10 PM, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Reading POSTed data The servlet spec is very clear about when the request is consumed to fulfill a getParameter call and when the request is specifically /not/ consumed. What I find problematic is that the spec gives no hint about how to process POST data that is not parameterized. Lack of mentioning any alternative gives the impression that parameterization is the only way of handling it, whereas real-world practice is quite different. You're right: the spec does not specifically mention how to read POST data that isn't handled by the container. On the other hand, should it? I don't believe so: the spec tells you that the data will still be available in the request input stream/reader and that the application can do what it wishes. What did you expect it to say? Some best practices or suggestions perhaps? That kind of thing doesn't really appear anywhere else in the spec. Multipart is a good example: multipart requests are not mentioned a single time in the spec, yet those types of requests are used every day by lots of people without interference from containers. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/3FUACgkQ9CaO5/Lv0PBklgCfWEYtqVvompdwOtTILsMHQyhB GPIAn0h1+KZKNdNbnUpHgOFQKu0ugSL8 =kxkC -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Reading POSTed data
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 6/20/2009 7:59 AM, André Warnier wrote: Or as multipart/form-data... Now this raises an additional nitpicking question : It has been mentioned before, that Tomcat provides no standard mechanism to read POST parameters that have been sent that way. But, the servlet spec 3.0, at the end of section 3.1, says : Data from the query string and the post body are aggregated into the request parameter set. Query string data is presented before post body data. For example, if a request is made with a query string of a=hello and a post body of a=goodbyea= world, the resulting parameter set would be ordered a=(hello, goodbye, world). Now, considering that, for a html form, it is entirely valid to send form parameters using the multipart/form-data encoding, and considering the above paragraph, where does that leave us ? The spec still only mentions application/x-www-form-urlencoded, so multipart/form-data parsing is up to the application (or, more practically, a library used by the application). It should mean that the getParameterMap() method, for instance, has at least to peek at the body, determine if it /could/ contain parameters, and if yes parse it to extract them. True. If it does, then Tomcat /does/ contain code that can parse a multipart/form-data body. No. Part of the peek process is to check the content-type. A content-type of multipart/form-data is ignored. If it doesn't, then Tomcat does not respect the servlet spec. No, it's adhering to the spec. You're confusing POST data (in general) with POST data identified as parsable by the servlet spec in section 3.1.1 (of 2.5... not sure about 3.0). Tomcat will simply ignore multipart/form-data requests when it comes to parameter parsing. Other libraries can be rigged to provide parameter data from both sources (GET and multipart POST). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/3ZsACgkQ9CaO5/Lv0PDyiACgknhVNvhfRj2aUvPLct31BlW6 r4kAn0QKoKlmm4ouQ13Fy9Sq1yhdz7Am =VIgv -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat window appears briefly, does not startup - Windows XP
Josh Gooding wrote: Don't know if this was already answered, but make sure you have your logging set for debug logging. I know by default, it is not set to that. That may help get you something in the logs. That is a really bad idea. If you turn on debug logging for everything, Tomcat will take literally hours to start. Startup.bat in CATALINA_HOME/bin runs without error, but Tomcat does not startup From a command prompt change to the CATALINA_HOME/bin directory and use: catalina.bat run to start Tomcat. Or just look in the logs directory. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: problem with tomcat-native 1.1.14 and tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vijay, On 6/22/2009 3:14 PM, Jay M wrote: I am trying to compile the tomcat-native-1.1.14 from Ubuntu, am getting the message Any reason to use tomcat-native-1.1.14 instead of tomcat-native-1.1.16? When starting the Server i am getting the Log INFO that failed to start SSLEngine. Message shown below. Jun 22, 2009 6:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.14. Jun 22, 2009 6:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jun 22, 2009 6:00:57 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Failed to initialize the SSLEngine. Perhaps you have not set up your keystore, etc. correctly. You need a Connector like this: Connector port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/usr/local/ssl/server.crt SSLCertificateKeyFile=/usr/local/ssl/server.pem clientAuth=false sslProtocol=TLS/ See http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html for more info. Please post your configuration if the above info doesn't help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/39IACgkQ9CaO5/Lv0PBErQCeMzyqRHm+oERUjieJnxYcHROh e6MAnAuanbrv4jJeANxcevFrU/e+1G+g =DVO+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure jsessionid cookie : request.scheme==https versus request.secure == true
Thanks for your response Christopher, Could we imagine an evolution of Tomcat to generate secure session cookies if request.scheme == https rather than on request.secure == true ? I would be very pleased to propose a patch. Do you have a reason to set request.secure=false while request.scheme=https? I may have not been clear. My need is the opposite : I want to have request.secure=true but request.scheme=http. However, if request.secure=true, whatever is the value of request.scheme, Tomcat generates a secure JSESSIONID cookie. My problem is that most http clients treat secure cookie as ssl only and thus, my JSESSIONID cookie is ignored. I face this problem with Apache Http Client for example. My usecase is : an application receives requests from both the internet and from other servers of my data center (same trusted zone). The requests coming from the internet may use http or https when internal request use http (for security and CPU consumption reasons). The application's web services require a secure channel (https from the internet or http from the trusted zone). What is the danger of saying that request.scheme=https in your case? I would prefer to have request.scheme with the value that was used by the http client in case an application uses the scheme. Thanks for your time, Cyrille - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Trouble calling a secure Web Service requiring client certificate
I've got a TOMCAT application that pulls data from a Web Service and just recently the Web Service was hardened to require client certificates. I debugged all my certificate issues and got my Java class that talks to the Web Service working just fine as a stand-alone app. However, I'm having trouble getting it to work within Tomcat. My certificate is not being sent to the Web Service. This is how I initialize my keystore and truststore: System.setProperty(javax.net.ssl.trustStore, c:\\certs\\datahub.keystore); System.setProperty(javax.net.ssl.trustStorePassword,turstpass); System.setProperty(javax.net.ssl.keyStore, c:\\certs\\SDXWebservice.pfx); System.setProperty(javax.net.ssl.keyStorePassword,keypass); System.setProperty(javax.net.ssl.keyStoreType, PKCS12); I'm using Tomcat 6 and JRE 1.6. My web app is not secure and I had been using the out-of-the-box server.xml file, but I've been playing with an SSL connector on 8443, but I still can't get it to work and am not sure if I need to add this connector or not. I'm not a security expert at all and have really been struggling with this for far too long! Any and all help is appreciated. Thanks in advance. - Frank.
Re: Just a few questions on my Tomcat Configuration
(Late arrival, skimmed the thread, apologies if I'm off the mark). Given the assumption of different data per user/client/company, is the app identical for each company, bar aesthetic changes like images? If so, with minor tweaks to your HTML, a servlet Filter which processes the HttpRequestServlet.getServerName() field (to get the subdomain) could look up the URL of a CSS file in a client DB, which is then included in the document head. CSS is plenty powerful enough to make all the visual changes you'd need, if the underlying HTML is the same. All subdomains would need to run on the default host, but that would save you the effort of hard coding Hosts each time. You could also extend this to look up a more complex client object, (still based on server host name), with config info, perhaps even a unique DB name for use elsewhere. Or not. p Josh Gooding wrote: Once again (sigh) . I just got out of my management meeting, they want to know if it can be done the other way, with all companies sharing the core code. I'm not exactly sure on how I'd even begin to do this. While I made a good point that A - it's more secure, and B - it is the better way of doing things, they did countered. If we wanted to upgrade the software, it's better to upgrade one single install, than to upgrade 50 - 100 clients which takes a large amount of time. It then becomes a logistical issue. All that aside, would you have any clue as to how would I go about starting something like that? I'm going to check the docs more closely, however, I am not confident that I will find anything like that in there. - Josh On Wed, Jun 17, 2009 at 10:10 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: Just a few questions on my Tomcat Configuration Maybe each company would have a customized few pages each with their own directories, tied to their own schema, etc, but point to the core application in another directory. Everyone would see their own front ends, but use a common framework in the backend maybe? That's quite a bit more than I was referring to, and I find it unlikely that any company would want its processing to be shared with others in the same webapp. Better to have separate deployments for each, even if the underlying webapp is identical in each instance. Are those API's part of teh standard Tomcat docs? The ones I referred to for adding and removing Host elements dynamically are part of the Embedded class: http://tomcat.apache.org/tomcat-6.0-doc/api/index.html The doc states that components can be added and removed on the fly, even after the start() method has been invoked. I've never tried it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Load Balancer - truncating responses?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 6/22/2009 10:58 AM, André Warnier wrote: In the log.txt, I see that the first browser request is a POST. The response to that is a 302 moved, with a new location. OK so far. But then, when the browser re-issues the request to the new location, it does a GET, not a POST. This is common (client) reaction to a 302 response. Response codes 303 and 307 were invented to standardize the behavior of web browsers that support such codes. Unfortunately, the fear of older browsers being used has pretty much kept applications issuing 302 responses instead of the (better, IMO) 303 and 307 response codes. So, the spec has improved but the web hasn't so much. :( Nice analysis of the response, André. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/4rkACgkQ9CaO5/Lv0PCkVACgh4PmuOB+JLmG1Emoac3+AKwR Y0gAnjap23TcScFGxjnevhA++xwetvF8 =b8Ef -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trouble calling a secure Web Service requiring client certificate
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank, On 6/22/2009 3:53 PM, frank.bowar wrote: I've got a TOMCAT application that pulls data from a Web Service and just recently the Web Service was hardened to require client certificates. I debugged all my certificate issues and got my Java class that talks to the Web Service working just fine as a stand-alone app. However, I'm having trouble getting it to work within Tomcat. My certificate is not being sent to the Web Service. Can you post the relevant parts of your code? This is how I initialize my keystore and truststore: System.setProperty(javax.net.ssl.trustStore, c:\\certs\\datahub.keystore); System.setProperty(javax.net.ssl.trustStorePassword,turstpass); System.setProperty(javax.net.ssl.keyStore, c:\\certs\\SDXWebservice.pfx); System.setProperty(javax.net.ssl.keyStorePassword,keypass); System.setProperty(javax.net.ssl.keyStoreType, PKCS12); Depending on what else your code does, you may have to set these values on a KeyStore object and load it yourself. It's possible that Tomcat has already loaded the system-wide keystore from somewhere else by the time the above code runs, and thus does not affect anything. Your code may have to become a lot more complicated in order to make a connecting using a client certificate while running within Tomcat. Or, you may have to override the keystore on Tomcat's command-line so that these system properties are set /before/ Tomcat tried to load anything itself. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/44UACgkQ9CaO5/Lv0PANYQCeM9FdzgCvPBZyIOZWzK2+fn/h w9oAn3NPslY7Bl9gnUHUSclR6s9B+MxX =poak -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Just a few questions on my Tomcat Configuration
This is where my inexperience in tomcat will shine through. Scrapped all xxx.test.com sub-d's and went with test.com/[company id] as the way to go. It prevented me from having to edit the server.xml file and restart tomcat each and everytime that a company is added / subtracted. You are correct, the app [except database access (each co. get's it's own schema, and it's own file storage directory) and a few files (context.xml and web.xml)] is the exact same for everyone. All front ends (that the user views) can be the exact same for right now. Servlet filters though aren't they defined in the server.xml file? If they are that defeats the purpose of everything being created without a restart. Am I off base myself here? I'm looking in the docs for filters but not coming up with much. Any advice? - Josh On Mon, Jun 22, 2009 at 3:54 PM, Pid p...@pidster.com wrote: (Late arrival, skimmed the thread, apologies if I'm off the mark). Given the assumption of different data per user/client/company, is the app identical for each company, bar aesthetic changes like images? If so, with minor tweaks to your HTML, a servlet Filter which processes the HttpRequestServlet.getServerName() field (to get the subdomain) could look up the URL of a CSS file in a client DB, which is then included in the document head. CSS is plenty powerful enough to make all the visual changes you'd need, if the underlying HTML is the same. All subdomains would need to run on the default host, but that would save you the effort of hard coding Hosts each time. You could also extend this to look up a more complex client object, (still based on server host name), with config info, perhaps even a unique DB name for use elsewhere. Or not. p Josh Gooding wrote: Once again (sigh) . I just got out of my management meeting, they want to know if it can be done the other way, with all companies sharing the core code. I'm not exactly sure on how I'd even begin to do this. While I made a good point that A - it's more secure, and B - it is the better way of doing things, they did countered. If we wanted to upgrade the software, it's better to upgrade one single install, than to upgrade 50 - 100 clients which takes a large amount of time. It then becomes a logistical issue. All that aside, would you have any clue as to how would I go about starting something like that? I'm going to check the docs more closely, however, I am not confident that I will find anything like that in there. - Josh On Wed, Jun 17, 2009 at 10:10 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: Just a few questions on my Tomcat Configuration Maybe each company would have a customized few pages each with their own directories, tied to their own schema, etc, but point to the core application in another directory. Everyone would see their own front ends, but use a common framework in the backend maybe? That's quite a bit more than I was referring to, and I find it unlikely that any company would want its processing to be shared with others in the same webapp. Better to have separate deployments for each, even if the underlying webapp is identical in each instance. Are those API's part of teh standard Tomcat docs? The ones I referred to for adding and removing Host elements dynamically are part of the Embedded class: http://tomcat.apache.org/tomcat-6.0-doc/api/index.html The doc states that components can be added and removed on the fly, even after the start() method has been invoked. I've never tried it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache HTTPS doesn't work - redirects back to HTTP
I have tried to follow the myriad of procedures outlined on this, but I am just not seasoned enough. I have created a self-signed certificate on a test server (2k8std-a) with a CN of 2k8std-a. Should the CN be 172.17.2.238 since that is what my host name is named ? Whenever I browse to https://2k8std-ahttps://2k8std-a/, it redirects me to http://2k8std-a/jsp/login.jsp and while on any page, if I manually type an s after the http and hit Enter, then it just takes it back to http without any pop-up or nothing. I've attached my httpd.conf and ssl.conf for reference, as well as the ssl_request, transfer and error logs. Please help!! I'm at my wits end pulling all my hair out. Here is the output I'm getting in the error.log that might be of interest: [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization [debug] ssl_engine_io.c(1817): OpenSSL: read 11/11 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o [debug] ssl_engine_io.c(1750): +-+ [debug] ssl_engine_io.c(1789): | : 16 03 01 00 61 01 00 00-5d 03 01 a...].. | [debug] ssl_engine_io.c(1795): +-+ [debug] ssl_engine_io.c(1817): OpenSSL: read 91/91 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o [debug] ssl_engine_io.c(1750): +-+ [debug] ssl_engine_io.c(1789): | : 4a 3b b2 92 f6 cc f5 df-ab 9d 2b 2a 09 b6 79 1d J;+*..y. | [debug] ssl_engine_io.c(1789): | 0010: 52 70 37 bf 51 a5 92 a0-56 14 5d c9 bb de 9a 63 Rp7.Q...V.]c | [debug] ssl_engine_io.c(1789): | 0020: 20 84 ee 21 3b 8f 0a f1-e6 a4 9e ba 1f a9 aa e8 ..!;... | [debug] ssl_engine_io.c(1789): | 0030: 03 33 81 ea 40 23 73 ac-26 01 bf 55 9e e6 7e 7c @#s...U..~| | [debug] ssl_engine_io.c(1789): | 0040: 51 00 16 00 04 00 05 00-0a 00 09 00 64 00 62 00 Q...d.b. | [debug] ssl_engine_io.c(1789): | 0050: 03 00 06 00 13 00 12 00-63 01 c. | [debug] ssl_engine_io.c(1793): | 0091 - SPACES/NULS [debug] ssl_engine_io.c(1795): +-+ [debug] ssl_scache_shmcb.c(393): ssl_scache_shmcb_retrieve (0x84 - subcache 4) [debug] ssl_scache_shmcb.c(680): possible match at idx=0, data=0 [debug] ssl_scache_shmcb.c(697): shmcb_subcache_retrieve returning matching session [debug] ssl_scache_shmcb.c(408): leaving ssl_scache_shmcb_retrieve successfully [debug] ssl_engine_kernel.c(1598): Inter-Process Session Cache: request=GET status=FOUND id=84EE213B8F0AF1E6A49EBA1FA9AAE8033381EA402373AC2601BF559EE67E7C51 (session reuse) [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write server hello A [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write change cipher spec A [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 write finished A [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 flush data [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o [debug] ssl_engine_io.c(1750): +-+ [debug] ssl_engine_io.c(1789): | : 14 03 01 00 01 .| [debug] ssl_engine_io.c(1795): +-+ [debug] ssl_engine_io.c(1817): OpenSSL: read 1/1 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o [debug] ssl_engine_io.c(1750): +-+ [debug] ssl_engine_io.c(1789): | : 01 .| [debug] ssl_engine_io.c(1795): +-+ [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o [debug] ssl_engine_io.c(1750): +-+ [debug] ssl_engine_io.c(1789): | : 16 03 01 ... | [debug] ssl_engine_io.c(1793): | 0005 - SPACES/NULS [debug] ssl_engine_io.c(1795): +-+ [debug] ssl_engine_io.c(1817): OpenSSL: read 32/32 bytes from BIO#%p [mem: %p] \xa0\x11\xd2o [debug] ssl_engine_io.c(1750): +-+ [debug] ssl_engine_io.c(1789): | : 05 8f 21 33 00 90 8f 9d-f1 23 72 be f1 2b 4e a7 ..!3.#r..+N. | [debug] ssl_engine_io.c(1789): | 0010: f9 b5 77 b3 68 bd f8 9d-9e f2 93 74 be 91 e9 e9 ..w.h..t | [debug] ssl_engine_io.c(1795):
dbcp pool evictor deadlock?
Hi, I appologize in advance for the cross-post, but I'm really not sure if this is a problem with the dbcp code or my configuration. I ran into the most troublesome deadlock over the weekend on my server, and cannot figure out how/or why this deadlock occured. Via jconsole, I was able to get thread information of the deadlock, but that hasn't helped me diagnose the problem any further and/or determine if it is a config error, or something more critical in the tomcat pool. From what I can tell, there is a race condition where the evictor was triggered at the exact same moment as a resource was being added back into the pool. The evictor was waiting for the resource to be added to the pool, and the resource was waiting for the evictor to finish. However, I'm not sure if I am correct or not. My jndi settings are as follows: !-- Database resource -- Resource name=jdbc/db auth=Container type=javax.sql.DataSource username=db password=db driverClassName=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306/myapp?autoReconnect=true maxActive=100 maxIdle=4 validationQuery=select 1 testOnBorrow=true testWhileIdle=true timeBetweenEvictionRunsMillis=1 minEvictableIdleTimeMillis=6 / My thread trace is the following: THREAD 1: Name: Timer-1 State: BLOCKED on org.apache.tomcat.dbcp.dbcp.poolableconnect...@1e667871 owned by: scheduling.QuartzInternal_Worker-0 Total blocked: 1 Total waited: 15,342 Stack trace: org.apache.tomcat.dbcp.dbcp.AbandonedTrace.addTrace(AbandonedTrace.java:175) org.apache.tomcat.dbcp.dbcp.AbandonedTrace.init(AbandonedTrace.java:92) org.apache.tomcat.dbcp.dbcp.AbandonedTrace.init(AbandonedTrace.java:82) org.apache.tomcat.dbcp.dbcp.DelegatingStatement.init(DelegatingStatement.java:61) org.apache.tomcat.dbcp.dbcp.DelegatingConnection.createStatement(DelegatingConnection.java:224) org.apache.tomcat.dbcp.dbcp.PoolableConnectionFactory.validateConnection(PoolableConnectionFactory.java:331) org.apache.tomcat.dbcp.dbcp.PoolableConnectionFactory.validateObject(PoolableConnectionFactory.java:312) org.apache.tomcat.dbcp.pool.impl.GenericObjectPool.evict(GenericObjectPool.java:1217) - locked org.apache.tomcat.dbcp.pool.impl.genericobjectp...@741a266 org.apache.tomcat.dbcp.pool.impl.GenericObjectPool$Evictor.run(GenericObjectPool.java:1341) java.util.TimerThread.mainLoop(Unknown Source) java.util.TimerThread.run(Unknown Source) THREAD 2: Name: scheduling.QuartzInternal_Worker-0 State: BLOCKED on org.apache.tomcat.dbcp.pool.impl.genericobjectp...@741a266 owned by: Timer-1 Total blocked: 156,031 Total waited: 206,465 Stack trace: org.apache.tomcat.dbcp.pool.impl.GenericObjectPool.addObjectToPool(GenericObjectPool.java:1137) org.apache.tomcat.dbcp.pool.impl.GenericObjectPool.returnObject(GenericObjectPool.java:1076) org.apache.tomcat.dbcp.dbcp.PoolableConnection.close(PoolableConnection.java:87) - locked org.apache.tomcat.dbcp.dbcp.poolableconnect...@1e667871 org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper.close(PoolingDataSource.java:181) org.springframework.orm.hibernate3.LocalDataSourceConnectionProvider.closeConnection(LocalDataSourceConnectionProvider.java:96) org.hibernate.jdbc.ConnectionManager.closeConnection(ConnectionManager.java:451) org.hibernate.jdbc.ConnectionManager.cleanup(ConnectionManager.java:385) org.hibernate.jdbc.ConnectionManager.close(ConnectionManager.java:324) org.hibernate.impl.SessionImpl.close(SessionImpl.java:298) org.springframework.orm.hibernate3.SessionFactoryUtils.closeSession(SessionFactoryUtils.java:791) org.springframework.orm.hibernate3.SessionFactoryUtils.closeSessionOrRegisterDeferredClose(SessionFactoryUtils.java:777) org.springframework.orm.hibernate3.HibernateTransactionManager.doCleanupAfterCompletion(HibernateTransactionManager.java:733) org.springframework.transaction.support.AbstractPlatformTransactionManager.cleanupAfterCompletion(AbstractPlatformTransactionManager.java:989) org.springframework.transaction.support.AbstractPlatformTransactionManager.processCommit(AbstractPlatformTransactionManager.java:782) org.springframework.transaction.support.AbstractPlatformTransactionManager.commit(AbstractPlatformTransactionManager.java:701) org.springframework.transaction.interceptor.TransactionAspectSupport.commitTransactionAfterReturning(TransactionAspectSupport.java:321) org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:116) org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171) org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204) $Proxy8.execute(Unknown Source) sun.reflect.GeneratedMethodAccessor67.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) java.lang.reflect.Method.invoke(Unknown Source)
RE: Just a few questions on my Tomcat Configuration
From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: Just a few questions on my Tomcat Configuration Servlet filters though aren't they defined in the server.xml file? No, filters are an aspect of the servlet spec, and are declared in web.xml (valves are Tomcat-specific and declared in server.xml). You would have only one filter, not one for each company. The filter would examine the request URL and do whatever fiddling necessary for the specified company. A directory structure using the company names would provide storage location for any company-unique items. I'm looking in the docs for filters but not coming up with much. Look in the servlet spec and the examples that come with Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Trouble calling a secure Web Service requiring client certificate
Hi Chris - Can you post the relevant parts of your code? I used WSDL2Java to create stubs for the Web Service I am connecting to. Here is my code that wraps around the generated stubs: try { writer = new BufferedWriter(new FileWriter(outFile)); loc = new SDXWSLocator(xmlns, serviceProvider, soapAddress, username, password); soap = loc.getSDXWSSoap(); MISO/RCBeginDate2007-10-15/BeginDateEndDate2007-10-16/EndDateTime IncDaily/TimeInc/GetLoad); ioBuff = soap.sendData(GetRCCurrentOutagesRCMISO/RC/GetRCCurrentOutages); MISO/RCOutageDate2007-10-15/OutageDateShowBranches1/ShowBranches/ GetSystemState); //Log.log(ioBuff=+ioBuff); if(StringTools.isStringNull(ioBuff) == false) writer.write(ioBuff); writer.close(); } catch(IOException ioe) ... The only method in the stubs that I modified was sendData() to include the username/password in the soap header. Here is that code: public java.lang.String sendData(java.lang.String szXMLRequest) throws java.rmi.RemoteException { if (super.cachedEndpoint == null) { throw new org.apache.axis.NoEndPointException(); } org.apache.axis.client.Call _call = createCall(); _call.setOperation(_operations[1]); _call.setUseSOAPAction(true); _call.setSOAPActionURI(SDX:SendData); _call.setEncodingStyle(null); _call.setProperty(org.apache.axis.client.Call.SEND_TYPE_ATTR, Boolean.FALSE); _call.setProperty(org.apache.axis.AxisEngine.PROP_DOMULTIREFS, Boolean.FALSE); _call.setSOAPVersion(org.apache.axis.soap.SOAPConstants.SOAP12_CONSTANTS); _call.setOperationName(new javax.xml.namespace.QName(http://ws.sdx.net;, SendData)); /* * Add the authentication information to the Header. * * Added manually by FLB. */ SOAPHeaderElement header = new SOAPHeaderElement(sXmlns, AuthenticationXML); SOAPElement node; try { node = header.addChildElement(User); node.addTextNode(sUser); node = header.addChildElement(Password); node.addTextNode(sPassword); } catch (SOAPException ex) { ex.printStackTrace(); } _call.addHeader(header); setRequestHeaders(_call); setAttachments(_call); try { log(szXMLRequest.size=+szXMLRequest.length()+ +szXMLRequest); java.lang.Object _resp = _call.invoke(new java.lang.Object[] {szXMLRequest}); if (_resp instanceof java.rmi.RemoteException) { throw (java.rmi.RemoteException)_resp; } else { extractAttachments(_call); try { return (java.lang.String) _resp; } catch (java.lang.Exception _exception) { return (java.lang.String) org.apache.axis.utils.JavaUtils.convert(_resp, java.lang.String.class); } } } catch (org.apache.axis.AxisFault axisFaultException) { throw axisFaultException; } } Your code may have to become a lot more complicated in order to make a connecting using a client certificate while running within Tomcat. I hope not ... it seems like I'm so close. Or, you may have to override the keystore on Tomcat's command-line so that these system properties are set /before/ Tomcat tried to load anything itself. I added the following to the Tomcat startup command: -Djavax.net.ssl.trustStore=C:/certs/datahub.keystore -Djavax.net.ssl.trustStorePassword=wintwins -Djavax.net.ssl.keyStore=C:/certs/SDXWebservice.pfx -Djavax.net.ssl.keyStorePassword=137246?82 -Djavax.net.ssl.keyStoreType=PKCS12 with no difference in the way things are running. I think my truststore file is being used because if I don't define the truststore, the communication process traps out much sooner. I hope this helps you help me! - Frank. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, June 22, 2009 3:03 PM To: Tomcat Users List Subject: Re: Trouble calling a secure Web Service requiring client certificate -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank, On 6/22/2009 3:53 PM, frank.bowar wrote: I've got a TOMCAT application that pulls data from a Web Service and just recently the Web Service was hardened to require client certificates. I debugged all my certificate issues and got my Java class that talks to the Web Service working just fine as a stand-alone app. However, I'm having trouble getting it to work within Tomcat. My certificate is not being sent to the Web Service. Can you post the relevant parts of your code? This is how I initialize my keystore and truststore: System.setProperty(javax.net.ssl.trustStore, c:\\certs\\datahub.keystore); System.setProperty(javax.net.ssl.trustStorePassword,turstpass); System.setProperty(javax.net.ssl.keyStore, c:\\certs\\SDXWebservice.pfx);
apache-tomcat-jdbc-1.0.4 Multiple Resources
Using the 1.0.4 version of the tomcat jdbc pool, I defined two resources. It seems that the there is interaction between the two resource defined within the jdbc pool. Upon initialization the following item is logged: Jun 22, 2009 1:26:50 PM org.apache.tomcat.jdbc.pool.ConnectionPool init WARNING: initialSize is larger than maxActive, setting initialSize to: 2 below are the resource declarations, one resource has an initialSize of 1 with a maxActive of 2, the other resource has an initialSize of 10 with a maxActive of 100. Resource name=jdbc/DB1 auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver factory=org.apache.tomcat.jdbc.pool.DataSourceFactory jdbcInterceptors=org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer url=jdbc:postgresql://127.0.0.1:5432/fjhawaii defaultAutoCommit=true removeAbandoned=true removeAbandonedTimeout=60 logAbandoned=true username=xxx password=xxx maxActive=100 maxIdle=100 initalSize=10 minIdle=0 maxWait=3 validationQuery=select 1 timeBetweenEvictionRunsMillis=5000 minEvictableIdleTimeMillis=6 testOnBorrow=true testOnReturn=false testWhileIdle=false validationInterval=3/ Resource name=jdbc/DB2 auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver factory=org.apache.tomcat.jdbc.pool.DataSourceFactory url=jdbc:postgresql://10.1.1.191:5432/fjmreport defaultAutoCommit=true removeAbandoned=true removeAbandonedTimeout=60 logAbandoned=true username=xxx password=xxx maxActive=2 maxIdle=2 initalSize=1 minIdle=0 maxWait=3 validationQuery=select 1 timeBetweenEvictionRunsMillis=5000 minEvictableIdleTimeMillis=6 testOnBorrow=true testOnReturn=false testWhileIdle=false validationInterval=3/ Thanks, Roger -- View this message in context: http://www.nabble.com/apache-tomcat-jdbc-1.0.4-Multiple-Resources-tp24154980p24154980.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Just a few questions on my Tomcat Configuration
Josh Gooding wrote: This is where my inexperience in tomcat will shine through. Scrapped all xxx.test.com sub-d's and went with test.com/[company id] as the way to go. It prevented me from having to edit the server.xml file and restart tomcat each and everytime that a company is added / subtracted. You are correct, the app [except database access (each co. get's it's own schema, and it's own file storage directory) and a few files (context.xml and web.xml)] is the exact same for everyone. All front ends (that the user views) can be the exact same for right now. Servlet filters though aren't they defined in the server.xml file? If they are that defeats the purpose of everything being created without a restart. Am I off base myself here? I'm looking in the docs for filters but not coming up with much. Any advice? 1. Just reply to the list, I'm on it, I don't need a separate copy too. 2. It's Servlet Spec stuff, not Tomcat. Implement javax.servlet.Filter and add mappings* in each web.xml. Make sure it's the first one in the web.xml if other Filters or Servlets rely on anything it does. Filters are extremely useful, if used carefully. Do extra reading about how they work. E.g. use getServerName() as a key for an object, set it as a request attribute and then retrieve it in the HTML. @Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest hreq = (HttpServletRequest) req; HttpServletResponse hres = (HttpServletResponse) res; // do stuff ClientConfig config = yourFuncToGetConfig(hreq); hreq.setAttribute(clientconfig, config); // do other stuff chain.doFilter(hreq, hres); } ... and in your html, assuming your ClientConfig object has a getCssUrl()... link href=${requestScope.clientconfig.cssUrl} rel=stylesheet type=text/css / etc. p * Filter mappings are an exercise for the reader. GIYF. - Josh On Mon, Jun 22, 2009 at 3:54 PM, Pid p...@pidster.com wrote: (Late arrival, skimmed the thread, apologies if I'm off the mark). Given the assumption of different data per user/client/company, is the app identical for each company, bar aesthetic changes like images? If so, with minor tweaks to your HTML, a servlet Filter which processes the HttpRequestServlet.getServerName() field (to get the subdomain) could look up the URL of a CSS file in a client DB, which is then included in the document head. CSS is plenty powerful enough to make all the visual changes you'd need, if the underlying HTML is the same. All subdomains would need to run on the default host, but that would save you the effort of hard coding Hosts each time. You could also extend this to look up a more complex client object, (still based on server host name), with config info, perhaps even a unique DB name for use elsewhere. Or not. p Josh Gooding wrote: Once again (sigh) . I just got out of my management meeting, they want to know if it can be done the other way, with all companies sharing the core code. I'm not exactly sure on how I'd even begin to do this. While I made a good point that A - it's more secure, and B - it is the better way of doing things, they did countered. If we wanted to upgrade the software, it's better to upgrade one single install, than to upgrade 50 - 100 clients which takes a large amount of time. It then becomes a logistical issue. All that aside, would you have any clue as to how would I go about starting something like that? I'm going to check the docs more closely, however, I am not confident that I will find anything like that in there. - Josh On Wed, Jun 17, 2009 at 10:10 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Re: Just a few questions on my Tomcat Configuration Maybe each company would have a customized few pages each with their own directories, tied to their own schema, etc, but point to the core application in another directory. Everyone would see their own front ends, but use a common framework in the backend maybe? That's quite a bit more than I was referring to, and I find it unlikely that any company would want its processing to be shared with others in the same webapp. Better to have separate deployments for each, even if the underlying webapp is identical in each instance. Are those API's part of teh standard Tomcat docs? The ones I referred to for adding and removing Host elements dynamically are part of the Embedded class: http://tomcat.apache.org/tomcat-6.0-doc/api/index.html The doc states that components can be added and removed on the fly, even after the start() method has been invoked. I've never tried it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in
RE: dbcp pool evictor deadlock?
From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric B. Subject: dbcp pool evictor deadlock? I ran into the most troublesome deadlock over the weekend on my server Always start by telling us what version of Tomcat (and therefore which commons-dbcp) you're using. It's likely commons-dbcp 1.2.2 since that's been out for a while, but the exact version may be critical. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: dbcp pool evictor deadlock?
Caldarale, Charles R wrote: From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric B. Subject: dbcp pool evictor deadlock? I ran into the most troublesome deadlock over the weekend on my server Always start by telling us what version of Tomcat (and therefore which commons-dbcp) you're using. It's likely commons-dbcp 1.2.2 since that's been out for a while, but the exact version may be critical. It may well be an issue with DBCP. Your best bet would be to switch your app to use dbcp 1.2.2 and pool 1.5.1 directly rather than the built-in version bundled with Tomcat. There are some fixes needed in dbcp 1.2.2 but most of the sync issues were in pool 1.4/ Plans are afoot to update Tomcat to these versions. Mark - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache HTTPS doesn't work - redirects back to HTTP
BJ Selman wrote: Looks like my attachments are getting stripped, so... It's also in pretty, but largely invisible HTML colours too. This all looks like Apache HTTPD config, are you sure you're asking questions on the right mailing list? p *_Httpd.conf-_* ServerRoot /Apache2.2 Listen 172.17.2.238:80 LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule cgi_module modules/mod_cgi.so LoadModule dir_module modules/mod_dir.so LoadModule env_module modules/mod_env.so LoadModule include_module modules/mod_include.so LoadModule isapi_module modules/mod_isapi.so LoadModule logio_module modules/mod_logio.so LoadModule log_config_module modules/mod_log_config.so LoadModule mime_module modules/mod_mime.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule ssl_module modules/mod_ssl.so LoadModule jk_module modules/mod_jk.so #AddModule mod_jk.c JkWorkersFile W:/Tomcat/conf/workers.properties #EDITED 3/5, 10:00am - COMMENTED OUT NEXT LINE #JkShmFile mod_jk.shm JkLogFile logs/mod_jk.log JkLogLevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkStripSession On #Alias /throot/ /thr4/jsp/ JkMount /manager/* jkstatus JkMount /examples/* router JkMount /* router #JkMount /thr4/jsp/*.jsp router #JkMount /thr4/* router #JkMount /thr4/jsp/* router JkUnMount /thr4/image/* router JkUnMount /thr4/icons/* router JkUnMount /thr4/ap/* router JkUnMount /thr4/ap/*.jpg router JkUnMount /thr4/ap/*.gif router JkUnMount /thr4/ap/*.png router JkUnMount /thr4/ap/*.pdf router JkUnMount /thr4/ap/*.jsp router JkUnMount /thr4/*.jpg router JkUnMount /thr4/*.gif router JkUnMount /thr4/*.png router JkUnMount /thr4/*.pdf router #JkUnMount /thr4/*.jpeg router #JkUnMount /thr4/ap/*.jpeg router IfModule !mpm_netware_module IfModule !mpm_winnt_module User daemon Group daemon /IfModule /IfModule ServerName 172.17.2.238:80 DocumentRoot W:/Tomcat/webapps/thr4/jsp Directory / Options FollowSymLinks AllowOverride None Order deny,allow Allow from all /Directory Directory W:/Tomcat/webapps/thr4/jsp Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all #SSLOptions +StrictRequire #SSLRequire %{SSL_CIPHER_USEKEYSIZE} = 128 #satisfy any RewriteEngine On RewriteBase /ap/secure #RewriteCond %{SERVER_PORT} !^443$ RewriteCond %{HTTPS} !=on RewriteRule ^ap/secure(.*) https://%{SERVER_NAME}/ap/secure$1 [R,L] /Directory IfModule dir_module DirectoryIndex thr4/jsp/home.jsp /IfModule FilesMatch ^\.ht Order allow,deny Deny from all Satisfy All /FilesMatch ErrorLog logs/error.log LogLevel debug IfModule log_config_module LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ combined LogFormat %h %l %u %t \%r\ %s %b common IfModule logio_module # You need to enable mod_logio.c to use %I and %O LogFormat %h %l %u %t \%r\ %s %b \%{Referer}i\ \%{User-Agent}i\ %I %O combinedio /IfModule CustomLog logs/access.log common /IfModule IfModule alias_module ScriptAlias /cgi-bin/ /Apache2.2/cgi-bin/ /IfModule Directory /Apache2.2/cgi-bin AllowOverride None Options None Order allow,deny Allow from all /Directory DefaultType text/plain IfModule mime_module TypesConfig conf/mime.types AddType application/x-compress .Z AddType application/x-gzip .gz .tgz /IfModule IfModule ssl_module SSLRandomSeed startup builtin SSLRandomSeed connect builtin Include conf/ssl.conf /IfModule Include W:/Tomcat/conf/auto/mod_jk.conf *_Ssl.conf-_* Listen 172.17.2.238:443 AddType application/x-x509-ca-cert .crt AddType application/x-x509-ca-cert .cer AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin
RE: dbcp pool evictor deadlock?
From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric B. Subject: dbcp pool evictor deadlock? THREAD 1: Name: Timer-1 State: BLOCKED on org.apache.tomcat.dbcp.dbcp.poolableconnect...@1e667871 owned by: scheduling.QuartzInternal_Worker-0 Total blocked: 1 Total waited: 15,342 Stack trace: org.apache.tomcat.dbcp.dbcp.AbandonedTrace.addTrace(AbandonedTrace.java:175) Assuming this version of Tomcat is using commons-dbcp 1.2.2, there's something seriously wrong here. The synchronized block at the above line is for an AbandonedTrace object, not a PoolableConnection. This is beginning to look like a broken JVM or broken hardware. Want to tell us what you're using for those (and the OS, while you're at it)? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure jsessionid cookie : request.scheme==https versus request.secure == true
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cyrille, On 6/22/2009 3:50 PM, Cyrille Le Clerc wrote: My need is the opposite : I want to have request.secure=true but request.scheme=http. What is the requirement that scheme=http? You can actually use a (non-secure) HTTP connector and still set scheme=https. Do you have some portion of your application that relies on request.getScheme() returning HTTP? However, if request.secure=true, whatever is the value of request.scheme, Tomcat generates a secure JSESSIONID cookie. My problem is that most http clients treat secure cookie as ssl only and thus, my JSESSIONID cookie is ignored. If HTTPS is not being used /at all/, then why do you want to claim that it is secure? If you aren't using SSL, then not having SSL cookies shouldn't be a problem, right? I would prefer to have request.scheme with the value that was used by the http client in case an application uses the scheme. In that case, scheme should be honestly set to the scheme being used by the Connector, which ought to be known in advance. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/9GUACgkQ9CaO5/Lv0PDStwCePuQdTOl7RYfwzLTeIJSdEKs6 QHIAnis9z83fwNsZma/WsIvXEW8QwCYv =8HH2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: apache-tomcat-jdbc-1.0.4 Multiple Resources
most likely because you mispeled initialSize Filip rogerhb wrote: Using the 1.0.4 version of the tomcat jdbc pool, I defined two resources. It seems that the there is interaction between the two resource defined within the jdbc pool. Upon initialization the following item is logged: Jun 22, 2009 1:26:50 PM org.apache.tomcat.jdbc.pool.ConnectionPool init WARNING: initialSize is larger than maxActive, setting initialSize to: 2 below are the resource declarations, one resource has an initialSize of 1 with a maxActive of 2, the other resource has an initialSize of 10 with a maxActive of 100. Resource name=jdbc/DB1 auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver factory=org.apache.tomcat.jdbc.pool.DataSourceFactory jdbcInterceptors=org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer url=jdbc:postgresql://127.0.0.1:5432/fjhawaii defaultAutoCommit=true removeAbandoned=true removeAbandonedTimeout=60 logAbandoned=true username=xxx password=xxx maxActive=100 maxIdle=100 initalSize=10 minIdle=0 maxWait=3 validationQuery=select 1 timeBetweenEvictionRunsMillis=5000 minEvictableIdleTimeMillis=6 testOnBorrow=true testOnReturn=false testWhileIdle=false validationInterval=3/ Resource name=jdbc/DB2 auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver factory=org.apache.tomcat.jdbc.pool.DataSourceFactory url=jdbc:postgresql://10.1.1.191:5432/fjmreport defaultAutoCommit=true removeAbandoned=true removeAbandonedTimeout=60 logAbandoned=true username=xxx password=xxx maxActive=2 maxIdle=2 initalSize=1 minIdle=0 maxWait=3 validationQuery=select 1 timeBetweenEvictionRunsMillis=5000 minEvictableIdleTimeMillis=6 testOnBorrow=true testOnReturn=false testWhileIdle=false validationInterval=3/ Thanks, Roger - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: dbcp pool evictor deadlock?
Caldarale, Charles R chuck.caldar...@unisys.com wrote in message news:0aae5ab84b013e45a7b61cb66943c172294795f...@usea-exch7.na.uis.unisys.com... From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric B. Subject: dbcp pool evictor deadlock? THREAD 1: Name: Timer-1 State: BLOCKED on org.apache.tomcat.dbcp.dbcp.poolableconnect...@1e667871 owned by: scheduling.QuartzInternal_Worker-0 Total blocked: 1 Total waited: 15,342 Stack trace: org.apache.tomcat.dbcp.dbcp.AbandonedTrace.addTrace(AbandonedTrace.java:175) Assuming this version of Tomcat is using commons-dbcp 1.2.2, there's something seriously wrong here. The synchronized block at the above line is for an AbandonedTrace object, not a PoolableConnection. This is beginning to look like a broken JVM or broken hardware. Want to tell us what you're using for those (and the OS, while you're at it)? Am running CentOS 5.2 on a 64bit server, running 64bit Sun Java 6.0.11 with Tomcat 6.0.18. I'm not sure what version of dbcp Tomcat 6.0.18 uses, however. With respect to Mark's posting to switch to apache dpcp 1.2.2 and pool 1.5.1, is there any configuration documentation anywhere that I can read up to find out how to reconfigure tomcat/my app to use those instead of the default ones shipped with Tomcat? I figure I can d/l them and drop them in the tomcat/lib directory, but not sure how to indicate to Tomcat to use those classes in the Resource tag. Thanks! Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: dbcp pool evictor deadlock?
Eric B. wrote: Caldarale, Charles R chuck.caldar...@unisys.com wrote in message news:0aae5ab84b013e45a7b61cb66943c172294795f...@usea-exch7.na.uis.unisys.com... From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric B. Subject: dbcp pool evictor deadlock? THREAD 1: Name: Timer-1 State: BLOCKED on org.apache.tomcat.dbcp.dbcp.poolableconnect...@1e667871 owned by: scheduling.QuartzInternal_Worker-0 Total blocked: 1 Total waited: 15,342 Stack trace: org.apache.tomcat.dbcp.dbcp.AbandonedTrace.addTrace(AbandonedTrace.java:175) Assuming this version of Tomcat is using commons-dbcp 1.2.2, there's something seriously wrong here. The synchronized block at the above line is for an AbandonedTrace object, not a PoolableConnection. Like a number of classes, PoolableConnection extends AbandonedTrace so this isn't entirely unexpected. Pool 1.5 fixed a bunch of sync issues. This looks like a variation of POOL-125 / DBCP-44. Whilst not identical, the various changes in pool 1.5 should (hopefully) resolve this. Am running CentOS 5.2 on a 64bit server, running 64bit Sun Java 6.0.11 with Tomcat 6.0.18. I'm not sure what version of dbcp Tomcat 6.0.18 uses, however. dbcp 1.2.2 / pool 1.4 With respect to Mark's posting to switch to apache dpcp 1.2.2 and pool 1.5.1, is there any configuration documentation anywhere that I can read up to find out how to reconfigure tomcat/my app to use those instead of the default ones shipped with Tomcat? I figure I can d/l them and drop them in the tomcat/lib directory, Correct. but not sure how to indicate to Tomcat to use those classes in the Resource tag. Add a factory attribute to the resource tag of org.apache.commons.dbcp.BasicDataSourceFactory That should do it. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache HTTPS doesn't work - redirects back to HTTP
//your $APACHE_HOME/conf/httpd.conf must redirect all port 80 Traffic to https RewriteCond %{SERVER_PORT} ^80$ RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] //of course you will need mod_ssl to be installed and configured (documentation available at) http://www.modssl.org hth Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Mon, 22 Jun 2009 21:55:39 +0100 From: p...@pidster.com To: users@tomcat.apache.org Subject: Re: Apache HTTPS doesn't work - redirects back to HTTP BJ Selman wrote: Looks like my attachments are getting stripped, so... It's also in pretty, but largely invisible HTML colours too. This all looks like Apache HTTPD config, are you sure you're asking questions on the right mailing list? p *_Httpd.conf-_* ServerRoot /Apache2.2 Listen 172.17.2.238:80 LoadModule actions_module modules/mod_actions.so LoadModule alias_module modules/mod_alias.so LoadModule asis_module modules/mod_asis.so LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule authn_default_module modules/mod_authn_default.so LoadModule authn_file_module modules/mod_authn_file.so LoadModule authz_default_module modules/mod_authz_default.so LoadModule authz_groupfile_module modules/mod_authz_groupfile.so LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule autoindex_module modules/mod_autoindex.so LoadModule cgi_module modules/mod_cgi.so LoadModule dir_module modules/mod_dir.so LoadModule env_module modules/mod_env.so LoadModule include_module modules/mod_include.so LoadModule isapi_module modules/mod_isapi.so LoadModule logio_module modules/mod_logio.so LoadModule log_config_module modules/mod_log_config.so LoadModule mime_module modules/mod_mime.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule setenvif_module modules/mod_setenvif.so LoadModule ssl_module modules/mod_ssl.so LoadModule jk_module modules/mod_jk.so #AddModule mod_jk.c JkWorkersFile W:/Tomcat/conf/workers.properties #EDITED 3/5, 10:00am - COMMENTED OUT NEXT LINE #JkShmFile mod_jk.shm JkLogFile logs/mod_jk.log JkLogLevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkStripSession On #Alias /throot/ /thr4/jsp/ JkMount /manager/* jkstatus JkMount /examples/* router JkMount /* router #JkMount /thr4/jsp/*.jsp router #JkMount /thr4/* router #JkMount /thr4/jsp/* router JkUnMount /thr4/image/* router JkUnMount /thr4/icons/* router JkUnMount /thr4/ap/* router JkUnMount /thr4/ap/*.jpg router JkUnMount /thr4/ap/*.gif router JkUnMount /thr4/ap/*.png router JkUnMount /thr4/ap/*.pdf router JkUnMount /thr4/ap/*.jsp router JkUnMount /thr4/*.jpg router JkUnMount /thr4/*.gif router JkUnMount /thr4/*.png router JkUnMount /thr4/*.pdf router #JkUnMount /thr4/*.jpeg router #JkUnMount /thr4/ap/*.jpeg router IfModule !mpm_netware_module IfModule !mpm_winnt_module User daemon Group daemon /IfModule /IfModule ServerName 172.17.2.238:80 DocumentRoot W:/Tomcat/webapps/thr4/jsp Directory / Options FollowSymLinks AllowOverride None Order deny,allow Allow from all /Directory Directory W:/Tomcat/webapps/thr4/jsp Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all #SSLOptions +StrictRequire #SSLRequire %{SSL_CIPHER_USEKEYSIZE} = 128 #satisfy any RewriteEngine On
Re: Secure jsessionid cookie : request.scheme==https versus request.secure == true
Thanks very much for the time you spend on my problem Christopher. I use two connectors : one with secure=true and scheme=http ; another with secured=true, scheme=https. What is the requirement that scheme=http? You can actually use a (non-secure) HTTP connector and still set scheme=https. Do you have some portion of your application that relies on request.getScheme() returning HTTP? My application only checks request.secure=true. I would like Tomcat to create non-secure JSESSIONID cookies (ie non-ssl cookies) on the connector with secure=true and scheme=http. Today, if request.secure=true and request.scheme=http then Tomcat creates a secure JSESSIONID cookie that is ignored by http clients like Apache Http Client because these clients associates secure cookies with HTTPS. The modification would be that Tomcat to rely on request.scheme=https to create secure JSESSIONID cookies instead of relying on request.secure=true as it is done today. It would require one line of change on org.apache.catalina.connector.Request: protected void configureSessionCookie(Cookie cookie) { ... + if (https.equals(getScheme())) { - if (isSecure()) { cookie.setSecure(true); } } If HTTPS is not being used /at all/, then why do you want to claim that it is secure? If you aren't using SSL, then not having SSL cookies shouldn't be a problem, right? My problem is to have SSL cookies for HTTP requests : if request.scheme=http and request.secure=true, then Tomcat creates a secure JSESSIONID cookie (ie an SSL cookie) when I would like non-secured (ie non-secured) cookies. I would prefer to have request.scheme with the value that was used by the http client in case an application uses the scheme. In that case, scheme should be honestly set to the scheme being used by the Connector, which ought to be known in advance. Agreed, it is what I do. Thanks again for your time, Cyrille - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: dbcp pool evictor deadlock?
From: ma...@apache.org Subject: RE: dbcp pool evictor deadlock? Like a number of classes, PoolableConnection extends AbandonedTrace so this isn't entirely unexpected. I really shouldn't be looking at code with a splitting headache... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure jsessionid cookie : request.scheme==https versus request.secure == true
Cyrille Le Clerc wrote: Thanks very much for the time you spend on my problem Christopher. I use two connectors : one with secure=true and scheme=http ; another with secured=true, scheme=https. What is the requirement that scheme=http? You can actually use a (non-secure) HTTP connector and still set scheme=https. Do you have some portion of your application that relies on request.getScheme() returning HTTP? My application only checks request.secure=true. I would like Tomcat to create non-secure JSESSIONID cookies (ie non-ssl cookies) on the connector with secure=true and scheme=http. Today, if request.secure=true and request.scheme=http then Tomcat creates a secure JSESSIONID cookie that is ignored by http clients like Apache Http Client because these clients associates secure cookies with HTTPS. The modification would be that Tomcat to rely on request.scheme=https to create secure JSESSIONID cookies instead of relying on request.secure=true as it is done today. It would require one line of change on org.apache.catalina.connector.Request: protected void configureSessionCookie(Cookie cookie) { ... + if (https.equals(getScheme())) { - if (isSecure()) { cookie.setSecure(true); } } If HTTPS is not being used /at all/, then why do you want to claim that it is secure? If you aren't using SSL, then not having SSL cookies shouldn't be a problem, right? My problem is to have SSL cookies for HTTP requests : if request.scheme=http and request.secure=true, then Tomcat creates a secure JSESSIONID cookie (ie an SSL cookie) when I would like non-secured (ie non-secured) cookies. The Tomcat code will not be changed to behave in this way. The secure attribute is intended for use in architectures like: client --https-- httpd --http/ajp-- tomcat Depending on where the session is created, you might be able to use a filter to wrap your response and modify the secure attribute of any cookies as they are added to the response. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: apache-tomcat-jdbc-1.0.4 Multiple Resources
Yes that was it, the message threw me off a bit since when I read to mean that the initialSize that I setup was larger, instead of the initialSize set by the default (which is 10) was larger. Thanks, Roger Filip Hanik - Dev Lists wrote: most likely because you mispeled initialSize Filip rogerhb wrote: Using the 1.0.4 version of the tomcat jdbc pool, I defined two resources. It seems that the there is interaction between the two resource defined within the jdbc pool. Upon initialization the following item is logged: Jun 22, 2009 1:26:50 PM org.apache.tomcat.jdbc.pool.ConnectionPool init WARNING: initialSize is larger than maxActive, setting initialSize to: 2 below are the resource declarations, one resource has an initialSize of 1 with a maxActive of 2, the other resource has an initialSize of 10 with a maxActive of 100. Resource name=jdbc/DB1 auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver factory=org.apache.tomcat.jdbc.pool.DataSourceFactory jdbcInterceptors=org.apache.tomcat.jdbc.pool.interceptor.ResetAbandonedTimer url=jdbc:postgresql://127.0.0.1:5432/fjhawaii defaultAutoCommit=true removeAbandoned=true removeAbandonedTimeout=60 logAbandoned=true username=xxx password=xxx maxActive=100 maxIdle=100 initalSize=10 minIdle=0 maxWait=3 validationQuery=select 1 timeBetweenEvictionRunsMillis=5000 minEvictableIdleTimeMillis=6 testOnBorrow=true testOnReturn=false testWhileIdle=false validationInterval=3/ Resource name=jdbc/DB2 auth=Container type=javax.sql.DataSource driverClassName=org.postgresql.Driver factory=org.apache.tomcat.jdbc.pool.DataSourceFactory url=jdbc:postgresql://10.1.1.191:5432/fjmreport defaultAutoCommit=true removeAbandoned=true removeAbandonedTimeout=60 logAbandoned=true username=xxx password=xxx maxActive=2 maxIdle=2 initalSize=1 minIdle=0 maxWait=3 validationQuery=select 1 timeBetweenEvictionRunsMillis=5000 minEvictableIdleTimeMillis=6 testOnBorrow=true testOnReturn=false testWhileIdle=false validationInterval=3/ Thanks, Roger - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/apache-tomcat-jdbc-1.0.4-Multiple-Resources-tp24154980p24157131.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure jsessionid cookie : request.scheme==https versus request.secure == true
Thank you for the clarification Mark. Depending on where the session is created, you might be able to use a filter to wrap your response and modify the secure attribute of any cookies as they are added to the response. I am sorry to bother you but I don't see how I could wrap the class o.a.c.connector.Response whose method addCookieInternal(cookie) is called by o.a.c.connector.Request.doGetSession(boolean) to create the JSESSIONID cookie. As o.a.c.connector.Response is a class, I cannot use j.l.reflect.Proxy that only supports interfaces. Do you have in mind AOP, subclassing o.a.c.connector.Response or another approach ? If all this is to complex, I will fall back to another approach that is to do pattern matching (10.*) on request.remoteAddr to flag RequestFacade.secure=true if the requests come from my secured network area. This will let request.secure=false if request.scheme=http and thus have non-secure JSESSIONID cookies. I tested with a valve called SecuredRemoteAddressesValve (1) that I precede of RemoteIpValve (2) to process the x-forwarded-for header to find the real remoteAddr and this works fine. Thanks very much for your help, Cyrille (1) http://xebia-france.googlecode.com/svn/tomcat/xebia-tomcat-extras/tags/xebia-tomcat-extras-0.5/src/main/java/org/apache/catalina/connector/SecuredRemoteAddressesValve.java (2) http://xebia-france.googlecode.com/svn/tomcat/xebia-tomcat-extras/tags/xebia-tomcat-extras-0.5/src/main/java/org/apache/catalina/connector/RemoteIpValve.java On Tue, Jun 23, 2009 at 12:40 AM, Mark Thomasma...@apache.org wrote: Cyrille Le Clerc wrote: Thanks very much for the time you spend on my problem Christopher. I use two connectors : one with secure=true and scheme=http ; another with secured=true, scheme=https. What is the requirement that scheme=http? You can actually use a (non-secure) HTTP connector and still set scheme=https. Do you have some portion of your application that relies on request.getScheme() returning HTTP? My application only checks request.secure=true. I would like Tomcat to create non-secure JSESSIONID cookies (ie non-ssl cookies) on the connector with secure=true and scheme=http. Today, if request.secure=true and request.scheme=http then Tomcat creates a secure JSESSIONID cookie that is ignored by http clients like Apache Http Client because these clients associates secure cookies with HTTPS. The modification would be that Tomcat to rely on request.scheme=https to create secure JSESSIONID cookies instead of relying on request.secure=true as it is done today. It would require one line of change on org.apache.catalina.connector.Request: protected void configureSessionCookie(Cookie cookie) { ... + if (https.equals(getScheme())) { - if (isSecure()) { cookie.setSecure(true); } } If HTTPS is not being used /at all/, then why do you want to claim that it is secure? If you aren't using SSL, then not having SSL cookies shouldn't be a problem, right? My problem is to have SSL cookies for HTTP requests : if request.scheme=http and request.secure=true, then Tomcat creates a secure JSESSIONID cookie (ie an SSL cookie) when I would like non-secured (ie non-secured) cookies. The Tomcat code will not be changed to behave in this way. The secure attribute is intended for use in architectures like: client --https-- httpd --http/ajp-- tomcat Depending on where the session is created, you might be able to use a filter to wrap your response and modify the secure attribute of any cookies as they are added to the response. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Just a few questions on my Tomcat Configuration
This is where my inexperience in tomcat will shine through. Scrapped all xxx.test.com sub-d's and went with test.com/[company id] as the way to go. It prevented me from having to edit the server.xml file and restart tomcat each and everytime that a company is added / subtracted. You are correct, the app [except database access (each co. get's it's own schema, and it's own file storage directory) and a few files (context.xml and web.xml)] is the exact same for everyone. This is really not necessary. We use the Tomcat Host Manager Application, along with our own custom scripts to deploy new virtual hosts and remove virtual hosts. It's pretty easy. The advantage of doing that is you can create aliases within the customer's domain. I.E. appName.customerdomain.com The only thing about doing it this way is you have to create your own startup script that will generate a server.xml on the fly. IOW, when you start Tomcat, go through and figure out all of the virtual host names, and generate the entries in the server.xml before calling catalina.sh/bat. George Sexton MH Software, Inc. - Home of Connect Daily Web Calendar http://www.mhsoftware.com/ Voice: 303 438 9585 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How does one control what the path is on the JSESSIONID cookie?
Tomcat 6.0.18 automatically adds the session cookie like: Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds How can I change the path part of the cookie? thanks... - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: problem with tomcat-native 1.1.14 and tomcat 6
Hi Chris, I have done all those configuration in my server.xml and it given below, Do you have any idea about highlighted message showing up given in previous post while trying to install tomcat-native-1.1.14. Connector port=80 connectionTimeout=2 redirectPort=443 enableLookups=false acceptCount=100 bufferSize=8192 maxThreads=750 noCompressionUserAgents=gozilla, traviata compression=force useSendfile=false compressableMimeType=text/html, text/xml, text/css, text/plain, text/javascript, application/javascript, application/x-javascript / Connector port=443 maxHttpHeaderSize=8192 maxThreads=150 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true SSLCertificateFile=${catalina.base}/conf/ssl/server.crt SSLCertificateKeyFile=${catalina.base}/conf/ssl/server.key / Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Vijay, On 6/22/2009 3:14 PM, Jay M wrote: I am trying to compile the tomcat-native-1.1.14 from Ubuntu, am getting the message Any reason to use tomcat-native-1.1.14 instead of tomcat-native-1.1.16? When starting the Server i am getting the Log INFO that failed to start SSLEngine. Message shown below. Jun 22, 2009 6:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.14. Jun 22, 2009 6:00:57 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. Jun 22, 2009 6:00:57 PM org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: Failed to initialize the SSLEngine. Perhaps you have not set up your keystore, etc. correctly. You need a Connector like this: Connector port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true SSLCertificateFile=/usr/local/ssl/server.crt SSLCertificateKeyFile=/usr/local/ssl/server.pem clientAuth=false sslProtocol=TLS/ See http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html for more info. Please post your configuration if the above info doesn't help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAko/39IACgkQ9CaO5/Lv0PBErQCeMzyqRHm+oERUjieJnxYcHROh e6MAnAuanbrv4jJeANxcevFrU/e+1G+g =DVO+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/problem-with-tomcat-native-1.1.10-and-tomcat-6.0.14-tp15048117p24158614.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: problem with tomcat-native 1.1.14 and tomcat 6
From: Jay M [mailto:vija...@eossys.com] Subject: Re: problem with tomcat-native 1.1.14 and tomcat 6 Do you have any idea about highlighted message showing up given in previous post while trying to install tomcat-native-1.1.14. Not sure what you highlighted in a plain text message, but I did find this message to be somewhat curious in your original post: checking OpenSSL library version... not compatible Since I've never built OpenSSL on a Linux system, I don't know if it's pertinent or ignorable. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org