date:20091027

 From: selvakumar.V [mailto:selvakumar.velmuruge...@gmail.com]
 Subject: Jre upgrade Issue with Tomcat 5.5
 :java.util.zip.ZipException:error in opening zip file

 And Exception had been thrown for all jar files but here I will paste a
 part of Exception stack trace.

A common cause is a permissions problem - the Tomcat userid can't read the 
directories of interest.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 6 Context, docBase and path

 From: Nils Weinander [mailto:nils.weinan...@mogul.com]
 Subject: Tomcat 6 Context, docBase and path

 Sorry if this is a common question, I didn't find anything
 like it by Google.

Reading the actual Tomcat doc and FAQ is probably more productive.

 In a Tomcat 6, I have a Context declaration in server.xml

That's a bad idea right off; there shouldn't be any Context elements in 
server.xml.

 with a path and a docBase to a war file with a different
 name than the path:

If you insist on having the webapp name be different than its URI path, you 
must keep the webapp outside of the Host appBase directory, and place the 
Context element in conf/Catalina/[host]/[appName].xml.  The Context element 
must include the docBase attribute pointing to the absolute location of the 
webapp, and the path attribute must *not* be used.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Multiple driver load in tomcat

 From: unabble [mailto:sushi...@yahoo.com]
 Subject: Multiple driver load in tomcat

 I want to use multiple drivers in server.xml
 How can i use?

Just declare whatever you need; you can have as many Resource elements as you 
want as long as the name attributes are unique.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How do I debug dispatching errors?

2009-10-27 Thread Pid


On 26/10/2009 19:48, Josh wrote:

This is Tomcat 5.5.26 under Windows XP, Java version as follows:
java version 1.6.0_16
Java(TM) SE Runtime Environment (build 1.6.0_16-b01)
Java HotSpot(TM) Client VM (build 14.2-b01, mixed mode, sharing)

Pid wrote:

Which dispatcher?

Which dispatcher... can you help me out here? According to the file
noted below, when I give it the URL:

http://localhost:8080/CreateRelationship

...it will invoke the CreateRelationshipServlet which is

com.mycorp.referral.servlets.CreateRelationshipServlet

Whatever mechanism it is inside Tomcat that does this dispatching is not
working as I expect it should... and it's not giving me any indication
as to why. (Or, I am not able to understand any indication it may be
giving me.)


What is your app called, is it called ROOT?
Where is your context.xml defined?

Please post a sanitised (comments  passwords removed if applicable) 
version of your server.xml.



p




?xml version=1.0 encoding=ISO-8859-1?

!DOCTYPE web-app
PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;

web-app
servlet
servlet-nameLoginServlet/servlet-name
servlet-classcom.mycorp.referral.servlets.LoginServlet/servlet-class
!-- init-param
param-namepropertyFileNameLocation/param-name
param-valueC:/EclipseLib/FarmersQueue.properties/param-value
/init-param
--
/servlet
servlet
servlet-nameCreateRelationshipServlet/servlet-name
servlet-classcom.mycorp.referral.servlets.CreateRelationshipServlet/servlet-class


/servlet
servlet
servlet-nameProcessActionServlet/servlet-name
servlet-classcom.mycorp.referral.servlets.ProcessActionServlet/servlet-class


/servlet
servlet
servlet-nameUpdateRelationshipServlet/servlet-name
servlet-classcom.mycorp.referral.servlets.UpdateRelationshipServlet/servlet-class


/servlet servlet-mapping
servlet-nameLoginServlet/servlet-name
url-pattern/Login/url-pattern
/servlet-mapping
servlet-mapping
servlet-nameCreateRelationshipServlet/servlet-name
url-pattern/CreateRelationship/url-pattern
/servlet-mapping
servlet-mapping
servlet-nameProcessActionServlet/servlet-name
url-pattern/ProcessAction/url-pattern
/servlet-mapping servlet-mapping
servlet-nameUpdateRelationshipServlet/servlet-name
url-pattern/UpdateRelationship/url-pattern
/servlet-mapping welcome-file-list
welcome-fileLogin.jsp/welcome-file
/welcome-file-list
/web-app


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [SPAM] - RE: Tomcat 6 Context, docBase and path - Found word(s) if you received this in error in the Text body

2009-10-27 Thread Nils Weinander

Caldarale, Charles R wrote:

From: Nils Weinander [mailto:nils.weinan...@mogul.com]
Subject: Tomcat 6 Context, docBase and path

Sorry if this is a common question, I didn't find anything
like it by Google.

Reading the actual Tomcat doc and FAQ is probably more productive.

Tried that too...

In a Tomcat 6, I have a Context declaration in server.xml

That's a bad idea right off; there shouldn't be any Context elements in 
server.xml.

I know, but as I read the docs, that's primarily if you
need to modify contexts without restarting Tomcat and
this isn't needed here. Any other reasons?

with a path and a docBase to a war file with a different
name than the path:

If you insist on having the webapp name be different than its URI
path, you must keep the webapp outside of the Host appBase directory,
and place the Context element in conf/Catalina/[host]/[appName].xml.
The Context element must include the docBase attribute pointing to the
absolute location of the webapp, and the path attribute must *not* be used.

Thanks!

--
mogul | nils weinander |
hudiksvallsgatan 4 113 30 stockholm sweden |
+46 8 4100 6456 | +46 709 78 28 37 |
nils.weinan...@mogul.com | skype: nils.weinander |
www.mogul.com

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Jre upgrade Issue with Tomcat 5.5 :java.util.zip.ZipException:error in opening zip file

2009-10-27 Thread selvakumar.V


Hi,
Thanks for the update.

And one more quick question to you.

Actually our application consists of 4  web app like webapp1,webapp2.

For all the above web apps, we are using 2 jres.(jre1.5)

Now what we have done is just replaced the older jre with the newer jre 1.6
version folder.

And we didnt change any permission and all.

And we are facing that issue in 2 application only.Rest of the applications
are working fine.

And do you mean that the permission relate to JRE related stuff or
Application related stuff ?.

thanks,
Selvakumar.V


















Thanks
-- 
View this message in context: 
http://www.nabble.com/Jre-upgrade-Issue-with-Tomcat-5.5-%3Ajava.util.zip.ZipException%3A-error-in-opening-zip-file-tp26075575p26077079.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 6 Context, docBase and path

 From: Nils Weinander [mailto:nils.weinan...@mogul.com]
 Subject: Re: [SPAM] - RE: Tomcat 6 Context, docBase and path - Found
 word(s)if you received this in error in the Text body

 I know, but as I read the docs, that's primarily if you
 need to modify contexts without restarting Tomcat and
 this isn't needed here. Any other reasons?

Avoiding double deployments for one, as you have discovered...

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: sessions on tomcat restart in cluster

2009-10-27 Thread Tsirkin Evgeny

First of all please note that i really appreciate the tomcat developers work
and thank them
for it.
However see my notes below:


On Mon, Oct 26, 2009 at 9:21 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Tsirkin,

 On 10/25/2009 8:10 AM, Tsirkin Evgeny wrote:

 Instead, it's a simple
 case of choosing a single node to act as the controller for the cluster.
 Just add a configuration parameter to the Cluster element to identify
 one server as the controller and have /that/ one manage the sessions
 when the cluster is shut down.

 Hang on, there's no shutdown cluster message that all nodes
 understand. So, let's add that. But wait, what happens if the cluster
 controller goes down? We need a backup for the cluster controller. Let's
 add a backup for the cluster controller, and then a backup for the
 backup, and then a backup for the backup for the backup...



 Actually your solution is pretty fine. Just that there is no need in
controller backup - in case that
the controller goes down another node should take other (that;s for example
how master/slave
architecturere works if the master fails - a slave takes other).
Another solution would be to implement the same algorithm db clusters use
i.e. have a log for changes
and synchronize on that - no controller needed.
Actually the master/master cluster a very common for example in db world and
the algorithms for it
are well known.
Again ,i really appreciate the tomcat dev. work ,so if they do not have time
to implement such an alg.
then i understand.


 Now do you see why this hasn't been implemented?



No i don't .A complexity of solution does not mean let's not do it. In
that case we should say:

Hei, writing kernel is hard ,let's not do Linux
or
Hei,GC is hard let leave memory management in Java to programmers

However,something like this is fine:

We are short in resources and this feature is _not_ that needed ,let's do
something else.

And yes it _ is _ agreed that this feature is _ mostly _ not very needed so
if there is nobody to implement
it - let the developers do something else.

Evgeny



 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAkrl6L8ACgkQ9CaO5/Lv0PDdoACfR6+VP3xSV+17TdKs2759Z0fU
 gjAAnA5IDckHoO8AClD7Q1X+ArGl+Qte
 =0cmc
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Updating Apache and mod_jk

2009-10-27 Thread Andre Hübner


Hello,

have an older system apache 1.3, tomcat 4.1, mod_jk 1.2.2

updated to apache 2.2.10, mod_jk 1.2.28. tomcat should stay installed
unchanged.

restart fails with:

[Tue Oct 27 08:50:19.526 2009] [14905:16384] [error]
jk_map_validate_property::jk_map.c (404): The attribute
'worker.ajp14.credentials' is not supported - please check the documentation 
for the supported attributes.


If i deactivate line
worker.ajp14.credentials=myveryrandomentropy
in my workers.properties apache is starting, but tomcat application seems to
stuck, i got 404 errors when calling the application.
How can i correct this?
I also tried to compile older mod_jk 1.2.2 in my apache2 environment, but
this fails because file apu_compat.h is not found at making. i do not know
which packages containing this file.
How to solve this issue?

Thanks,
Andre 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Jre upgrade Issue with Tomcat 5.5:java.util.zip.ZipException:error in opening zip file

 From: selvakumar.V [mailto:selvakumar.velmuruge...@gmail.com]
 Subject: RE: Jre upgrade Issue with Tomcat
 5.5:java.util.zip.ZipException:error in opening zip file

 And we are facing that issue in 2 application only.Rest of the
 applications are working fine.

In that case, you may have corrupted jar files; try rebuilding them and see if 
the problem is corrected.

A jar file can be processed either sequentially by reading through all the 
entries one by one, or randomly by accessing each entry through the central 
directory that's stored at the end of the jar file.  This is just speculation, 
but if 1.5 processed jars sequentially and 1.6 uses the central directory, 
corruption in the directory would not have been detected in the older JRE.  I 
haven't compared the zip/jar code between the two, so as I said, this is just a 
guess about what might be happening.

 And do you mean that the permission relate to JRE related stuff or
 Application related stuff ?.

Application; but see the above.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Force Connection Close

2009-10-27 Thread Alexander Pirsig


Hi,

I have have a question regarding the connectionTimeout. If I start a 
telnet session on our http-connector


telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


Connections never get reset. Is there a problem with the timeout value? 
Enclosed is my Connector configuration


Connector port=8080
  emptySessionPath=true
  enableLookups=false
  scheme=http secure=false
  acceptCount=500
  debug=0
  maxThreads=1000
  keepAliveTimeout=700
  maxKeepAliveRequests=50
  threadPriority=10
  compression=off
  connectionTimeout=6000 disableUploadTimeout=true/

Is there a way to send a RST-Package to the client after some time I 
know there is a option in Apache.


Regards,

Alex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Error Listener start tomcat

2009-10-27 Thread vkpandit


When I deploy a war file of my jsf application to tomcat webapps directory I
get 
an error listenerstart in my tomcat logs and when I point my browser to the
location of the web page I get a runtime exception facesContext not found.

Anyone seen this and can help me

Sonia
-- 
View this message in context: 
http://www.nabble.com/Error-Listener-start-tomcat-tp26080229p26080229.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Force Connection Close

2009-10-27 Thread George Sexton

So, you have your connection timeout set to 6000 seconds. Did you wait that
long? 1 Hour 40 minutes?

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 

 -Original Message-
 From: Alexander Pirsig [mailto:a...@pirsig.net]
 Sent: Tuesday, October 27, 2009 9:57 AM
 To: users@tomcat.apache.org
 Subject: Force Connection Close
 
 Hi,
 
 I have have a question regarding the connectionTimeout. If I start a
 telnet session on our http-connector
 
 telnet localhost 8080
 Trying 127.0.0.1...
 Connected to localhost.
 Escape character is '^]'.
 
 
 Connections never get reset. Is there a problem with the timeout value?
 Enclosed is my Connector configuration
 
 Connector port=8080
emptySessionPath=true
enableLookups=false
scheme=http secure=false
acceptCount=500
debug=0
maxThreads=1000
keepAliveTimeout=700
maxKeepAliveRequests=50
threadPriority=10
compression=off
connectionTimeout=6000 disableUploadTimeout=true/
 
 Is there a way to send a RST-Package to the client after some time I
 know there is a option in Apache.
 
 Regards,
 
 Alex
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Force Connection Close

2009-10-27 Thread Alexander Pirsig


Hi George,

thanks for the reply, I thought 6sec == 6000ms. Is the Documentation 
wrong because I found the following in


http://tomcat.apache.org/tomcat-6.0-doc/config/http.html|
|connectionTimeout - The number of milliseconds this *Connector* will 
wait, after accepting a connection, for the request URI line to be 
presented. The default value is 6 (i.e. 60 seconds).


So 6000ms == 6sec am I right?

Regards,

Alex

George Sexton wrote:

So, you have your connection timeout set to 6000 seconds. Did you wait that
long? 1 Hour 40 minutes?

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 

  

-Original Message-
From: Alexander Pirsig [mailto:a...@pirsig.net]
Sent: Tuesday, October 27, 2009 9:57 AM
To: users@tomcat.apache.org
Subject: Force Connection Close

Hi,

I have have a question regarding the connectionTimeout. If I start a
telnet session on our http-connector

telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


Connections never get reset. Is there a problem with the timeout value?
Enclosed is my Connector configuration

Connector port=8080
   emptySessionPath=true
   enableLookups=false
   scheme=http secure=false
   acceptCount=500
   debug=0
   maxThreads=1000
   keepAliveTimeout=700
   maxKeepAliveRequests=50
   threadPriority=10
   compression=off
   connectionTimeout=6000 disableUploadTimeout=true/

Is there a way to send a RST-Package to the client after some time I
know there is a option in Apache.

Regards,

Alex

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Jre upgrade Issue with Tomcat 5.5 :java.util.zip.ZipException: error in opening zip file

2009-10-27 Thread Tobias Crefeld

Am Tue, 27 Oct 2009 03:47:23 -0700 (PDT)
schrieb selvakumar.V selvakumar.velmuruge...@gmail.com:

 WARNING: Could not get dir listing for
 /opt/CSCOpx/MDC/tomcat/webapps/ipm/WEB-INF

What do you get if you type at the shell prompt:

ls -la /opt/CSCOpx/MDC/tomcat/webapps/ipm/WEB-INF

and

ls -la /opt/CSCOpx/MDC/tomcat/

?


Regards,
 Tobias.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Force Connection Close

2009-10-27 Thread George Sexton

My mistake. You're right. The doc says millis.

I remember pointing out a bug in 5.5 that disabled the timeout for
connections. Perhaps the same issue exists in 6.0.

I tried searching in BugZilla but I couldn't find it. 

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 

 -Original Message-
 From: Alexander Pirsig [mailto:a...@pirsig.net]
 Sent: Tuesday, October 27, 2009 10:10 AM
 To: Tomcat Users List
 Subject: Re: Force Connection Close
 
 Hi George,
 
 thanks for the reply, I thought 6sec == 6000ms. Is the Documentation
 wrong because I found the following in
 
 http://tomcat.apache.org/tomcat-6.0-doc/config/http.html|
 |connectionTimeout - The number of milliseconds this *Connector* will
 wait, after accepting a connection, for the request URI line to be
 presented. The default value is 6 (i.e. 60 seconds).
 
 So 6000ms == 6sec am I right?
 
 Regards,
 
 Alex
 
 George Sexton wrote:
  So, you have your connection timeout set to 6000 seconds. Did you
 wait that
  long? 1 Hour 40 minutes?
 
  George Sexton
  MH Software, Inc.
  http://www.mhsoftware.com/
  Voice: 303 438 9585
 
 
 
  -Original Message-
  From: Alexander Pirsig [mailto:a...@pirsig.net]
  Sent: Tuesday, October 27, 2009 9:57 AM
  To: users@tomcat.apache.org
  Subject: Force Connection Close
 
  Hi,
 
  I have have a question regarding the connectionTimeout. If I start a
  telnet session on our http-connector
 
  telnet localhost 8080
  Trying 127.0.0.1...
  Connected to localhost.
  Escape character is '^]'.
  
 
  Connections never get reset. Is there a problem with the timeout
 value?
  Enclosed is my Connector configuration
 
  Connector port=8080
 emptySessionPath=true
 enableLookups=false
 scheme=http secure=false
 acceptCount=500
 debug=0
 maxThreads=1000
 keepAliveTimeout=700
 maxKeepAliveRequests=50
 threadPriority=10
 compression=off
 connectionTimeout=6000
 disableUploadTimeout=true/
 
  Is there a way to send a RST-Package to the client after some time I
  know there is a option in Apache.
 
  Regards,
 
  Alex
 
  
 -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Updating Apache and mod_jk

2009-10-27 Thread Rainer Jung

On 27.10.2009 14:50, Andre Hübner wrote:
 Hello,
 
 have an older system apache 1.3, tomcat 4.1, mod_jk 1.2.2
 
 updated to apache 2.2.10, mod_jk 1.2.28. tomcat should stay installed
 unchanged.
 
 restart fails with:
 
 [Tue Oct 27 08:50:19.526 2009] [14905:16384] [error]
 jk_map_validate_property::jk_map.c (404): The attribute
 'worker.ajp14.credentials' is not supported - please check the
 documentation for the supported attributes.
 
 If i deactivate line
 worker.ajp14.credentials=myveryrandomentropy
 in my workers.properties apache is starting, but tomcat application
 seems to
 stuck, i got 404 errors when calling the application.
 How can i correct this?
 I also tried to compile older mod_jk 1.2.2 in my apache2 environment, but
 this fails because file apu_compat.h is not found at making. i do not know
 which packages containing this file.
 How to solve this issue?

I'm afraid version 1.2.2 of mod_jk is so antique that ou will have to
set up a new configuration. At that time configuration options were not
kept stable. We did a good job in working with old configurations since
about 3 years, but 1.2.2 is much older.

Take a look at the configuration, especially at the documentation for
timeouts.

Quick fix: old mod_jk allowed JkMount in the global server and
automatically used them in all VHosts. More recent mod_jk needs either
JkMount in the VHosts you are actually using, or at least a JkMountCopy
On in those VHosts or JkMountCopy All in the global server.

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Error Listener start tomcat

 From: vkpandit [mailto:v.kri...@gmail.com]
 Subject: Error Listener start tomcat

 When I deploy a war file of my jsf application to tomcat webapps
 directory I get an error listenerstart in my tomcat logs and when
 I point my browser to the location of the web page I get a runtime
 exception facesContext not found.

http://www.catb.org/~esr/faqs/smart-questions.html

Tomcat version?

Stack trace from the listener start error?

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Force Connection Close

2009-10-27 Thread Alexander Pirsig


Okay, I found the solution but I'm not quite sure why this is happening:

I'm using tomcat 6.0.20 with APR as a connector when I switch back to 
non apr connector everything works as aspected.


scripts# time telnet 192.168.0.65 8080
Trying 192.168.0.65...
Connected to 192.168.0.65.
Escape character is '^]'.
Connection closed by foreign host.

real 0m6.016s
user 0m0.000s
sys 0m0.000s

This I kinda strange :/ but the solution was to force tomcat to fallback 
to http11Protocol-non apr connector by using the protocol attribute. Now 
my server.xml looks like this:


Connector port=8080
emptySessionPath=true
protocol=org.apache.coyote.http11.Http11Protocol
enableLookups=false
scheme=http secure=false
acceptCount=500
debug=0
maxThreads=700
maxKeepAliveRequests=50
threadPriority=10
compression=off
connectionTimeout=6000 disableUploadTimeout=true/

Regards,

Alex


George Sexton wrote:

My mistake. You're right. The doc says millis.

I remember pointing out a bug in 5.5 that disabled the timeout for
connections. Perhaps the same issue exists in 6.0.

I tried searching in BugZilla but I couldn't find it. 


George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585
 

  

-Original Message-
From: Alexander Pirsig [mailto:a...@pirsig.net]
Sent: Tuesday, October 27, 2009 10:10 AM
To: Tomcat Users List
Subject: Re: Force Connection Close

Hi George,

thanks for the reply, I thought 6sec == 6000ms. Is the Documentation
wrong because I found the following in

http://tomcat.apache.org/tomcat-6.0-doc/config/http.html|
|connectionTimeout - The number of milliseconds this *Connector* will
wait, after accepting a connection, for the request URI line to be
presented. The default value is 6 (i.e. 60 seconds).

So 6000ms == 6sec am I right?

Regards,

Alex

George Sexton wrote:


So, you have your connection timeout set to 6000 seconds. Did you
  

wait that


long? 1 Hour 40 minutes?

George Sexton
MH Software, Inc.
http://www.mhsoftware.com/
Voice: 303 438 9585



  

-Original Message-
From: Alexander Pirsig [mailto:a...@pirsig.net]
Sent: Tuesday, October 27, 2009 9:57 AM
To: users@tomcat.apache.org
Subject: Force Connection Close

Hi,

I have have a question regarding the connectionTimeout. If I start a
telnet session on our http-connector

telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


Connections never get reset. Is there a problem with the timeout


value?


Enclosed is my Connector configuration

Connector port=8080
   emptySessionPath=true
   enableLookups=false
   scheme=http secure=false
   acceptCount=500
   debug=0
   maxThreads=1000
   keepAliveTimeout=700
   maxKeepAliveRequests=50
   threadPriority=10
   compression=off
   connectionTimeout=6000


disableUploadTimeout=true/


Is there a way to send a RST-Package to the client after some time I
know there is a option in Apache.

Regards,

Alex




-


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Error Listener start tomcat

2009-10-27 Thread vkpandit


Hi Chuck,

I fixed it.  I just recreated the demo app, and this time kept the lib
directory empty.
Hope somebody else gets something out of this.  There are a lot of postings
on
error listenerstart but not a good solution.

THanks,

Sonia

Caldarale, Charles R wrote:
 
 From: vkpandit [mailto:v.kri...@gmail.com]
 Subject: Error Listener start tomcat
 
 When I deploy a war file of my jsf application to tomcat webapps
 directory I get an error listenerstart in my tomcat logs and when
 I point my browser to the location of the web page I get a runtime
 exception facesContext not found.
 
 http://www.catb.org/~esr/faqs/smart-questions.html
 
 Tomcat version?
 
 Stack trace from the listener start error?
 
  - Chuck
 
 
 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received this in error, please contact the sender and delete the e-mail
 and its attachments from all computers.
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

-- 
View this message in context: 
http://www.nabble.com/Error-Listener-start-tomcat-tp26080229p26082287.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: What is the difference between running Tomcat 6 as a Windows Service vs. running from the command line?

2009-10-27 Thread Earl Tom



Markus Schönhaber-10 wrote:
 
 Alan Kennedy:
 
 I need to find out what is the difference between running Tomcat 6 as
 a Windows Service and running it from the command line.
 
 The reason is that I'm getting a bizarre bug when a jython based
 servlet is run under Tomcat6-as-Service. But the bug does NOT appear
 when Tomcat 6 is run from the command line using bin\startup.bat.
 
 The most prominent difference I can think of is the user account Tomcat
 runs as.
 Although I have no idea why this should cause the endless recursion you
 are seeing, I'd (temporarily) change the user account of the Tomcat
 service to your personal account and see if the problem still exists.
 
 

Was there a solution found for this behavior?  

It is happening to me as well when I try to install Liferay portal as a
service (Server 2008, 64-bit JVM, Tomcat 6.0.20 zip file installed with
64-bit tomcat6 and tomcat6w.exe files substituted).  

I also get a stack overflow error when running as a service, but normal
behavior when using startup.bat .  After getting startup.bat to run, I
installed the service using service install.
If I run tomcat6 from the command line still as Administrator, it also
fails.

I was able to extract a command line that successfully runs:

C:\Program Files\Java\jdk1.5.0_16\bin\java  -Xmx1024m -XX:MaxPermSize=256m
-Dfile.encoding=UTF8 -Duser.timezone=GMT
-Djava.security.auth.login.config=C:/Tomcat/conf/jaas.config
-Dorg.apache.catalina.loader.WebappClassLoader.ENABLE_CLEAR_REFERENCES=false
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=C:\Tomcat\conf\logging.properties  
-Djava.endorsed.dirs=C:\Tomcat\endorsed -classpath
C:\Tomcat\bin\bootstrap.jar -Dcatalina.base=C:\Tomcat
-Dcatalina.home=C:\Tomcat -Djava.io.tmpdir=C:\Tomcat\temp
org.apache.catalina.startup.Bootstrap  start 

Is there something I can do to troubleshoot?

Thanks for any assistance,

-- 
Earl Tom

-- 
View this message in context: 
http://www.nabble.com/What-is-the-difference-between-running-Tomcat-6-as-a-Windows-Service--vs.-running-from-the-command-line--tp25960450p26083067.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

SessionID cookie not secure over SSL

Is there a setting in Tomcat 6.0.2 to make the SessionID cookie secure when 
created over https when using 
AJP 1.3 connector for IIS?  
 
JW

RE: SessionID cookie not secure over SSL

 From: Joe Wallace [mailto:j...@andar360.com]
 Subject: SessionID cookie not secure over SSL

 Is there a setting in Tomcat 6.0.2

Are you really using a version of Tomcat that old (Nov 2006)?

 to make the SessionID cookie secure
 when created over https when using
 AJP 1.3 connector for IIS?

What makes you think the cookie isn't being encrypted along with everything 
else sent over HTTPS?

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: DBCP woes (running out of cursors).

2009-10-27 Thread Bill Davidson


Elli Albek wrote:
2. If your JDBC driver supports caching of prepared statements and
metadata, do it in the driver and disable this in DBCP. IMO DBCP does
a poor job at best in caching. We use mysql and its JDBC driver is
doing an excellent job.

It didn't occur to me that that was available.

3. Your JDBC driver may already be caching metadata that DBCP is
caching. In this case you are caching the same data twice. Make sure
it dose not happen, it is a big memory overload on the JVM.

Interesting.  I need to do more research.

B. Avoid hot deployment of apps by shutting down tomcat before
updates. This is safer, but also not 100% clean.

We're actually doing that already, but for other reasons.  We currently
have different servers for different parts of the world and schedule down
time for off-peak periods for the regions they serve.

Thanks for the info.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: SessionID cookie not secure over SSL

I have a filter that calls
Cookie.getName and 
Cookie.getSecure
JSESSIONID returns false even when the connection is always https.
Tomcat version is 6.0.20.  

JW


-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Tuesday, October 27, 2009 3:04 PM
To: Tomcat Users List
Subject: RE: SessionID cookie not secure over SSL


 From: Joe Wallace [mailto:j...@andar360.com]
 Subject: SessionID cookie not secure over SSL
 
 Is there a setting in Tomcat 6.0.2

Are you really using a version of Tomcat that old (Nov 2006)?

 to make the SessionID cookie secure
 when created over https when using
 AJP 1.3 connector for IIS?

What makes you think the cookie isn't being encrypted along with everything 
else sent over HTTPS?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: DBCP woes (running out of cursors).

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Elli,

On 10/26/2009 9:01 PM, Elli Albek wrote:
2. If your JDBC driver supports caching of prepared statements and
metadata, do it in the driver and disable this in DBCP. IMO DBCP
does a poor job at best in caching. We use mysql and its JDBC driver
is doing an excellent job.

I don't believe that DBCP caches any metadata, and there are no settings
to tweak that AFAICT.

3. Your JDBC driver may already be caching metadata that DBCP is
caching. In this case you are caching the same data twice. Make sure
it dose not happen, it is a big memory overload on the JVM.

Do you mean PreparedStatements?

4. Tomcat has a problem doing a clean shutdown of DBCP, and other
JNDI resources. I traced in the debugger dangling connection pools
that are created during the shutdown process. If your pool is
configure to ping the connections once in a while, they can stay open
for a long time, possibly forever. Our solution is custom extension
that cleans up pools, which works in conjunction with our extended
implementation of DBCP.

This was recently discussed on this list:

http://tomcat.markmail.org/search/?q=%22right+way+to+close+database+connection+pool%22+list%3Aorg.apache.tomcat.users#query:%22right%20way%20to%20close%20database%20connection%20pool%22%20list%3Aorg.apache.tomcat.users%20order%3Adate-forward+page:1+mid:xq2q5wk6skv3exoz+state:results

If that link doesn't work, search MarkMail for Right way to close
database connection pool which is the subject of the thread.

I contributed the code for a ServletContextListener that you can use to
shut down your DataSource just before the servlet context is discarded.
This ought to resolve any issues you may be having, and you're of course
welcome to look at my code and/or make comments.

Note that this resource issue has nothing to do with commons-DBCP: it is
entirely Tomcat's fault that the DataSource is allowed to live forever.

I am not aware of any way to completely avoid dangling connection
pool after hot deployment under load. We tried to fix this but it got
too complicated, it is much easier to restart Tomcat and swallow the
bitter pill.

I believe tools like LambdaProbe will also allow you to shut down
DataSource objects as well. If you can afford to stop your webapp, close
the DataSource, then re-reploy, then this may be an option for you. Of
course, if you have time to do this, you probably have time to stop
Tomcat, update your WAR file, and start Tomcat again.

You can still do hot deployment of war files that do not access the
database, though it is possible that the same leaks will leave lots
of hanging objects of other types (like email clients, JMS clients,
thread pools, HttpClient, etc).

These things ought to clean themselves up by using
ServletContextListeners as well. Certainly, it's surprising (to me, at
least) that Tomcat creates and configures a resource yet never cleans it
up, but anything your webapp does also needs to be un-done by your webapp.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnSOgACgkQ9CaO5/Lv0PC7ywCcCdxixuwTCCm1FdxlFxmu5X9u
GkMAnjCcuSwqBCwSyDKd2RgwIvP+9iM4
=8NRT
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: DBCP woes (running out of cursors).

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Elli,

On 10/26/2009 10:59 PM, Elli Albek wrote:
 To disable caching in DBCP, use configuration option:
 poolPreparedStatements=false

Note that this is the default. Presumably, if you don't know if your
prepared statements are being cached, then they are not being cached.

[Side note: MySQL users should be aware that enabling server-side
prepared statements on your connections will almost certainly result in
disaster. See MysQL's bug database and Connector/J changelog for more
information.]

 I don’t remember where exactly you specify it

In your Resource definition in context.xml/appName.xml/server.xml

 This is actually something that I would like
 to see built into Tomcat/DBCP (property file configuration). Your system
 admin will thank you.

It is built into Tomcat. Just read the docs for JDBC DataSources:
http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html

Though not specifically mentioned, any attribute set on the Resource
element in your XML will be set on the DataSource that gets created.
That includes things like logAbandoned, poolPreparedStatements,
defaultTransactionIsolation, etc.

 It may not be possible to use the mysql caching algorithms, since they may
 use features that are not publicly available through JDBC and are part of
 their protocol. I don’t know the source well enough to comment on how it
 works internally.

Also, the Connector/J code itself is released under the GPL which may or
may not be compatible with the APL.

 Specific example of leaks:
 1.Close tomcat
 2.Connection pool is removed.
 3.Request comes in to the war file (the one that is in the closing
 process)
 4.Request gets processed.
 5.Servlet needs a connection from DBCP.
 6.Tomcat does not find the DBCP pool in JNDI, so it recreates it.
 7.The newly created connection pool will not be used after this request,
 and will not be closed. If the pool pings the connection, it will stay open.

My understanding was that:

1. Tomcat does not remove the connection pool
2. Once the shutdown process has started, no new requests will be
handled by the currently-shutting-down context

Could these two items give the result you are observing? It's easy
enough to have your webapp close the DataSource (even though it's kinda
stupid that Tomcat doesn't do it for you).

 After all this work, we just shut down tomcat when we update war files.

I would always advocate this approach IMHO: just in case you've damaged
your server at some point, starting fresh with a new deployment is a
good idea.

 2.Call shutdown callbacks of different APIs, give developer an option to
 deal with it. For example JMX shutdown process does not happen correctly.

Please log a bug for any legitimate complaints that you may have.
Remember that Tomcat shouldn't shut down anything that the webapp itself
started.

 We got to the
 conclusion that shutting down objects in tomcat was little chaotic and no
 one could say in confidence that using a certain listener API will work
 better than another without spending a few days of tracing the code and
 doing lots of tests.

The servlet specification makes it clear which listeners should be
notified of various events in a very specific order. If Tomcat is not
following these criteria, there's a bug somewhere and you should report
it. If you are using Tomcat-specific listeners, they should be properly
documented and working per the docs. If they are not, please file a bug
and help get things fixed.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnTD8ACgkQ9CaO5/Lv0PBR3ACeNHW25/eOTWp7F905j7nwBVBF
nJ4AoJDxZKGAAD0MwBvZipyPV7lCOATi
=Cle2
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SessionID cookie not secure over SSL

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe,

(Can you fix your emailer to include thread-ids when replying to the
list? Your replies are not properly threaded, here.)

On 10/27/2009 4:12 PM, Joe Wallace wrote:
 I have a filter that calls
 Cookie.getName and 
 Cookie.getSecure
 JSESSIONID returns false even when the connection is always https.
 Tomcat version is 6.0.20.  

If your cookie was created in HTTP mode, then the 'secure' flag will be
set to 'false' on that cookie. Are you sure you are always in HTTP mode?
Please double-check, and remember that /all JSPs will create a session
unless session=false in the @page directive/.

To answer your original question: there is no setting in Tomcat to get
secure=true on your cookies in SSL mode. Tomcat should /always/ use a
secure cookie when the cookie is created in SSL mode.

You may have to re-check your Connector attributes for the AJP
connector. Make sure that secure=true among others.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnTQ8ACgkQ9CaO5/Lv0PA/GQCgnPYgzFkWNPP0Ol57BxVg4uX5
YQsAnjGCZMrB4svfzI/S/TL9mhNtjfiv
=GZXQ
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Force Connection Close

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alexander,

On 10/27/2009 1:29 PM, Alexander Pirsig wrote:
 I'm using tomcat 6.0.20 with APR as a connector when I switch back to
 non apr connector everything works as expected.

Sounds like a bug in the connector to me. Could you log a bug in
bugzilla for this?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnTasACgkQ9CaO5/Lv0PD0BQCfeN+jX+vYDfZS5ICo4o7IuuHL
TVMAmgMoijDETZvyZriPDEtGIZK1hc8m
=y1BK
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: sessions on tomcat restart in cluster

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tsirkin,

On 10/27/2009 9:48 AM, Tsirkin Evgeny wrote:
 Actually your solution is pretty fine. Just that there is no need in
 controller backup - in case that the controller goes down another
 node should take other (that;s for example how master/slave 
 architecture works if the master fails - a slave takes other). 
 Another solution would be to implement the same algorithm db
 clusters use.

Patches are always welcome.

 A complexity of solution does not mean let's not do it.

True, but it's not a feature required by the servlet specification, and
it's not a feature that enough people have requested to motivate the
Tomcat devs to actually implement it.

 However,something like this is fine:
 
 We are short in resources and this feature is _not_ that needed 
 ,let's do something else.

That's pretty much the argument. Like I said, patches are always welcome.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnT6kACgkQ9CaO5/Lv0PDtXACgiSExipRoYv8nyoU6DW0lHTZd
EygAoIiQvhm/3uYcbOyb1AWEHxNXSvi7
=Wq1d
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How do I debug dispatching errors?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Josh,

On 10/20/2009 12:50 PM, Josh wrote:
 I have a debug statement set on the first line in the constructor of
 com.mycorp.referral.servlets.CreateRelationshipServlet.  However, when I
 call the servlet with this URL: 
 http://localhost:8081/MyApp/CreateRelationshp ... the createRelationship
 is not called - rather, ProcessAction is called again.

How are you determining that CreateRelationship is called? If you have a
log statement in the constructor for your servlet, then it ought to only
be called once: when the servlet is instantiated a single time by the
container. That instance will be used to service all requests that map
to that servlet.

Perhaps you should put a log statement in the service() method (or
doGet, doPost, etc.) and see what you get, there.

 I have set the
 debug levels in server.xml and web.xml to 'DEBUG'...

AFAIK, there are no Tomcat-related debug levels to be set in either
server.xml or web.xml unless you are using an unsupported version of Tomcat.

servlet
servlet-nameCreateRelationshipServlet/servlet-name
   
 servlet-classcom.mycorp.referral.servlets.CreateRelationshipServlet/servlet-class
 
/servlet
servlet
servlet-nameProcessActionServlet/servlet-name
   
 servlet-classcom.mycorp.referral.servlets.ProcessActionServlet/servlet-class
 
/servlet

[snip]

servlet-mapping
servlet-nameCreateRelationshipServlet/servlet-name
url-pattern/CreateRelationship/url-pattern
/servlet-mapping
servlet-mapping
servlet-nameProcessActionServlet/servlet-name
url-pattern/ProcessAction/url-pattern
/servlet-mapping

The above looks just fine. Are you forwarding the user from
CreateRelationshipServlet to ProcessActionServlet instead of redirecting
them, and getting confused about the appearance of the URL?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnUOQACgkQ9CaO5/Lv0PCMrwCdGPQKg+A4jUGis4on82sKL5q8
NJYAn3iilpKwt7ldbs1D19WXCAvo7PQs
=K8Jr
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: SessionID cookie not secure over SSL

I am using session cookies to track sessions.  I am used to Jrun where you 
would specifically set the cookie to be sent only over SSL or https.  This was 
not the default setting.  I want users to connect to my web site using https 
then they might click a link on one of my web pages whose protocal is not 
secure.  What is the behavior of the JSESSIONID cookie in this situation.

JW



-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, October 27, 2009 3:42 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe,

(Can you fix your emailer to include thread-ids when replying to the
list? Your replies are not properly threaded, here.)

On 10/27/2009 4:12 PM, Joe Wallace wrote:
 I have a filter that calls
 Cookie.getName and 
 Cookie.getSecure
 JSESSIONID returns false even when the connection is always https.
 Tomcat version is 6.0.20.  

If your cookie was created in HTTP mode, then the 'secure' flag will be
set to 'false' on that cookie. Are you sure you are always in HTTP mode?
Please double-check, and remember that /all JSPs will create a session
unless session=false in the @page directive/.

To answer your original question: there is no setting in Tomcat to get
secure=true on your cookies in SSL mode. Tomcat should /always/ use a
secure cookie when the cookie is created in SSL mode.

You may have to re-check your Connector attributes for the AJP
connector. Make sure that secure=true among others.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnTQ8ACgkQ9CaO5/Lv0PA/GQCgnPYgzFkWNPP0Ol57BxVg4uX5
YQsAnjGCZMrB4svfzI/S/TL9mhNtjfiv
=GZXQ
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: So many timeout values

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mohit,

On 10/26/2009 6:40 PM, Mohit Anchlia wrote:
 Christopher in one of his earlier replies mentioned that we don't have
 failover set. I am not sure why he said that because we have
 worker.list and also we have loadbalancer set in our
 worker.properties.

Here is the original workers.properties you listed:

 worker.host2533.type=ajp13
 worker.host2533.port=8009
 worker.host2533.host=host2533
 worker.host2533.socket_timeout=5
 worker.host2533.socket_keepalive=true
 worker.host2533.prepost_timeout=5
 worker.host2533.connect_timeout=5000
 worker.host2533.retries=3
 worker.host2533.recycle_timeout=900

I see that type=ajp13, not type=lb. I also don't see a worker.list in
there at all. Perhaps you didn't post as much configuration as you think
you did?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnUaAACgkQ9CaO5/Lv0PDywQCfd3b03RtlQUjTc3HDAJAbyOlD
a00An0h5vjYzErYfoSc3V5V6/aVSraTg
=IF6M
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SessionID cookie not secure over SSL

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe,

On 10/27/2009 5:00 PM, Joe Wallace wrote:
 I am using session cookies to track sessions.  I am used to Jrun
 where you would specifically set the cookie to be sent only over SSL
 or https.  This was not the default setting.  I want users to connect
 to my web site using https then they might click a link on one of my
 web pages whose protocal is not secure.  What is the behavior of the
 JSESSIONID cookie in this situation.

Tomcat will create its JSESSIONID cookie like this in all cases:

Cookie cookie = new Cookie(JSESSIONID, sessionId);
if(request.isSecure())
  cookie.setSecure(true);

(Note that the code might not look exactly like this, but it behaves in
this way).

So, if your session was created during a non-secure request, you'll get
a non-secure cookie. The solution? Make all your requests HTTPS. If you
have non-secure pages, you'll need to make sure they don't call
request.getSession(true) either explicitly or implicitly (say, by
forgetting to set session=false for a JSP).

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnUvIACgkQ9CaO5/Lv0PCVjACfdqIQS8CFhelJtjgOWaoHtBhc
6gAAoIrWzROh0PTIOUYe4Aobnm3YWVtp
=mlkD
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Expecting jsp:param - Porting resin jsp pages to tomcat, dreamweaver editable sections / comments

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bill,

On 10/26/2009 9:44 PM, Bill Barker wrote:
 Christopher Schultz ch...@christopherschultz.net wrote in message 
 On the other hand, shouldn't the JSP compiler pass-through everything
 except for directives? HTML is a common enough use case for JSP that
 SGML comments ought to be tolerated in these cases.
 
 Except for the fact that section 5.4 of the (2.1) JSP spec precludes having 
 anything except jsp:param / in the body of a jsp:include element. 
 Allowing template text in there is then a Container-specific feature and so 
 renders the webapp non-portable.

I read 5.4 and while the text doesn't say anything about this, the
formal syntax of jsp:include does:


Syntax
[...]
jsp:include page=”urlSpec” flush=true|false
{ jsp:param  / }*
/jsp:include


There, no other content appears to be allowed. However, other sections
of the JSP specification are less ambiguous. For instance, section 5.15
(jsp:text) specifically says:


No subelements may appear within jsp:text; for example the following
fragment is invalid and must generate a translation error.


The closest 5.4 comes is this:


A jsp:include action may have jsp:param subelements that can provide
values for some parameters in the request to be used for the inclusion.


Back to section 5.15, this is an interesting tidbit:


When within a JSP document, of course, the body content needs to
additionally conform to the constraints of being a well-formed XML
document, so the following example, although valid in a JSP page is
invalid in a JSP document:


The above is not qualified by anything mentioning the difference between
.jsp and .jspx files or anything like that. I would expect that any
SGML-style comments within a jsp:text element would, in fact, be
ignored by the JSP processor when producing output since it presupposes
XML semantics. Instead, the JSP compiler (in my 5.5.26 environment)
produces an error for this document:

jsp:text
!-- This is a SGML-style comment --
/jsp:text

The error is:

Exception: org.apache.jasper.JasperException: /test.jsp(3,0) 'amp;lt;',
when appears in the body of amp;lt;jsp:textamp;gt;, must be
encapsulated within a CDATA
Stack Trace:
org.apache.jasper.JasperException: /test.jsp(3,0) apos;amp;lt;apos;,
when appears in the body of amp;lt;jsp:textamp;gt;, must be
encapsulated within a CDATA
org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:40)

This error seems consistent with the no subelements clause in S.5.15,
but I see no such restriction placed on jsp:include.

 It would be a bug if the error happened for a page in XML syntax however.

I think the JSP specification has a little multiple-personality disorder
when it comes to XML-looking-syntax versus actual XML syntax. It's
unfortunate, since it can really confuse people.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnWJ8ACgkQ9CaO5/Lv0PBhkgCdHL88GleiLT4mo4wf2K3q9DTD
zB8An1Lk12w/HqvPZYPxbWERfJSJauln
=4VVb
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: SessionID cookie not secure over SSL

Hi Chris,
You wrote:
Tomcat will create its JSESSIONID cookie like this in all cases:

Cookie cookie = new Cookie(JSESSIONID, sessionId);
if(request.isSecure())
  cookie.setSecure(true);

My filter calls HttpServletRequest.isSecure() which returns true
It then calls Cookie.getSecure() for the JSESSIONID cookie which returns false. 

I am expecting this to return true since all connections have been over https.
Or should I be looking elswhere?


JW

 

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: Tuesday, October 27, 2009 4:07 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Joe,

On 10/27/2009 5:00 PM, Joe Wallace wrote:
 I am using session cookies to track sessions.  I am used to Jrun
 where you would specifically set the cookie to be sent only over SSL
 or https.  This was not the default setting.  I want users to connect
 to my web site using https then they might click a link on one of my
 web pages whose protocal is not secure.  What is the behavior of the
 JSESSIONID cookie in this situation.

Tomcat will create its JSESSIONID cookie like this in all cases:

Cookie cookie = new Cookie(JSESSIONID, sessionId);
if(request.isSecure())
  cookie.setSecure(true);

(Note that the code might not look exactly like this, but it behaves in
this way).

So, if your session was created during a non-secure request, you'll get
a non-secure cookie. The solution? Make all your requests HTTPS. If you
have non-secure pages, you'll need to make sure they don't call
request.getSession(true) either explicitly or implicitly (say, by
forgetting to set session=false for a JSP).

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnUvIACgkQ9CaO5/Lv0PCVjACfdqIQS8CFhelJtjgOWaoHtBhc
6gAAoIrWzROh0PTIOUYe4Aobnm3YWVtp
=mlkD
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat monitoring

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Mohamedin,

On 10/24/2009 4:47 AM, Mohamedin wrote:
 Please recommend a monitoring tool for tomcat. I am interested in
 knowing the response time of each request and finding requests that
 take a lot of time. In short I need to figure out the bottle nicks in
 my site.

It sounds like the AccessLogValve might suit your needs:
http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html

You probably want %D some place in your log pattern.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkrnWxAACgkQ9CaO5/Lv0PAX5QCdHXpAK7KuRBZcKIZNnxMsmNgN
FJEAnRSwXjclYANWP6bQSj7pQq1Ew79h
=45Y9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SessionID cookie not secure over SSL

2009-10-27 Thread André Warnier


Joe Wallace wrote:

I am using session cookies to track sessions.  I am used to Jrun where you 
would specifically set the cookie to be sent only over SSL or https.  This was 
not the default setting.  I want users to connect to my web site using https 
then they might click a link on one of my web pages whose protocal is not 
secure.  What is the behavior of the JSESSIONID cookie in this situation.


Joe,

1) assuming your setup is

browsers -- IIS  -- Tomcat
   A B

which portion(s) is(/are) using HTTPS ? A ? B ? both ?

2) secure is an attribute of a cookie, written inside of the cookie by 
the server creating the cookie in the first place.
If set, it has as consequence that a browser will only send it back to 
the original server with subsequent requests, if these subsequent 
requests happen over a HTTPS connection.


In other words, if you set the secure attribute on the JSESSIONID 
cookie, because for instance your initial request happens over HTTPS, 
then you switch to a non-HTTPS part of the site, the browser is probably 
no longer going to send this cookie back to the server.

In other words, you will, for practical purposes, lose your session.

Not so, gurus ?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Expecting jsp:param - Porting resin jsp pages to tomcat, dreamweaver editable sections / comments

2009-10-27 Thread Pete McNeil


Christopher Schultz wrote:

snip/


I think the JSP specification has a little multiple-personality disorder
when it comes to XML-looking-syntax versus actual XML syntax. It's
unfortunate, since it can really confuse people.
  


My $0.03

be strict in what you produce, be forgiving in what you receive


IMO allowing for the XML comments _seems_ like a good idea.

None the less we're modifying that code to be more correct -- even if 
the specs are a little ambiguous it seems more correct to treat the 
entire jsp:include.../ as a single entity in this case and not slice 
it up with comments for whatever reasons.


_M


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: SessionID cookie not secure over SSL

-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, October 27, 2009 4:48 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL

Joe Wallace wrote:
 I am using session cookies to track sessions.  I am used to Jrun where you 
 would specifically set the cookie to be sent only over SSL or https.  This 
 was not the default setting.  I want users to connect to my web site using 
 https then they might click a link on one of my web pages whose protocal is 
 not secure.  What is the behavior of the JSESSIONID cookie in this 
 situation.

Joe,

1) assuming your setup is

browsers -- IIS  -- Tomcat
A B

which portion(s) is(/are) using HTTPS ? A ? B ? both ?

2) secure is an attribute of a cookie, written inside of the cookie by 
the server creating the cookie in the first place.
If set, it has as consequence that a browser will only send it back to 
the original server with subsequent requests, if these subsequent 
requests happen over a HTTPS connection.

In other words, if you set the secure attribute on the JSESSIONID 
cookie, because for instance your initial request happens over HTTPS, 
then you switch to a non-HTTPS part of the site, the browser is probably 
no longer going to send this cookie back to the server.
In other words, you will, for practical purposes, lose your session.

Not so, gurus ?

Portion A is using IIS.  IIS holds the SSL cert.
I am using AJP 1.3 connector for IIS
It is defined in the Tomcat Server.xml

!-- Define an AJP 1.3 Connector on port  --
Connector port=8109 protocol=AJP/1.3 redirectPort=443
/

Joe

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SessionID cookie not secure over SSL

2009-10-27 Thread André Warnier

Joe Wallace wrote:

-Original Message-
From: André Warnier [mailto:a...@ice-sa.com]
Sent: Tuesday, October 27, 2009 4:48 PM
To: Tomcat Users List
Subject: Re: SessionID cookie not secure over SSL

Joe Wallace wrote:

I am using session cookies to track sessions.  I am used to Jrun where you would 
specifically set the cookie to be sent only over SSL or https.  This was not the 
default setting.  I want users to connect to my web site using https then they 
might click a link on one of my web pages whose protocal is not secure.  What is the 
behavior of the JSESSIONID cookie in this situation.

Joe,

1) assuming your setup is

browsers -- IIS  -- Tomcat

A B

which portion(s) is(/are) using HTTPS ? A ? B ? both ?

2) secure is an attribute of a cookie, written inside of the cookie by 
the server creating the cookie in the first place.
If set, it has as consequence that a browser will only send it back to 
the original server with subsequent requests, if these subsequent 
requests happen over a HTTPS connection.

In other words, if you set the secure attribute on the JSESSIONID 
cookie, because for instance your initial request happens over HTTPS, 
then you switch to a non-HTTPS part of the site, the browser is probably 
no longer going to send this cookie back to the server.

In other words, you will, for practical purposes, lose your session.

Not so, gurus ?

Portion A is using IIS.  IIS holds the SSL cert.
I am using AJP 1.3 connector for IIS
It is defined in the Tomcat Server.xml

!-- Define an AJP 1.3 Connector on port  --
Connector port=8109 protocol=AJP/1.3 redirectPort=443
/

Am I mistaken then to think that since the connection B from IIS to 
Tomcat is not over HTTPS but over AJP, Tomcat has no idea that HTTPS is 
being used ?
Whatever consequences this has in the context (and which are beyond my 
expertise).

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Expecting jsp:param - Porting resin jsp pages to tomcat, dreamweaver editable sections / comments

2009-10-27 Thread Konstantin Kolinko

2009/10/27 Pete McNeil madscient...@microneil.com:

 IMO allowing for the XML comments _seems_ like a good idea.


2009/10/26 Christopher Schultz ch...@christopherschultz.net:
 On the other hand, shouldn't the JSP compiler pass-through everything
 except for directives? HTML is a common enough use case for JSP that
 SGML comments ought to be tolerated in these cases.


Just an obvious reminder: although those are SGML comments, they are
not ignored by browsers.

E.g. in SCRIPT, STYLE tags, or IE specific !--[if .. conditional
clauses (never used and don't remember their syntax). Also I think
that they might be visible through DOM (don't know whether it is
actually true).

Thus, those comments are just like the other text on the page.

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: SessionID cookie not secure over SSL