RE: Deploying and building a war file
Hi i have to rebuild the war file meaning i have to recompile everything. I have been using Eclipse / Tomcat for build deploy and as far as the Compilation is considered correct, But why rebuild the **.war , Can u write an ANT script to copy the modified *.class or *.jsp or *.properties file to the respective folder under TOMCAT/WEBAPPS/APPLIC But u need to restart the TOMCAT if re-loadable flag is not set to true in global web.xml :) With regards Karthik -Original Message- From: Ziggy [mailto:zigg...@gmail.com] Sent: Tuesday, November 10, 2009 1:19 PM To: Tomcat Users List Subject: Re: Deploying and building a war file Hi Ken, I do use eclipse but only for development. I cant really deploy from eclipse for several reasons. One of them being that the deployment server is a different machine from where i do the development. Thanks On Mon, Nov 9, 2009 at 7:12 PM, Ken Bowen kbo...@als.com wrote: If you use Eclipse (www.eclipse.org/ free; runs on Wins/Mac/Linux) with the web plugins, it records your deploy target, and allows you to deploy with either a war file, or in exploded form. In the latter case, you can usually leave your web server running, make a code change, save the file, and it is automatically re-compiled re-deployed to the running server. At worst, you only need to hit a refresh button. It makes life much simpler, and the syntax-directed editor saves me from many stupidities. --Ken On Nov 9, 2009, at 7:04 AM, Ziggy wrote: Hi all, I've got a query on the way web applications are deployed. I have an application that has several jsp files and serlvets that are in WEB-INF/classes. When i deploy the application all i do is do a checkout on CVS, make the changes, rebuild the war using ANT and redeploy manually. This works fine but now i am having some doubts on this approach. Basicaly if i even change one file i have to rebuild the war file meaning i have to recompile everything. I think this is unecessary. i would like to be able to just recompile the one file and redeploy the one file without having to rebuild the whole war file. 1. How do you deploy your application? If you deploy as a war file, do you recompile everything even if the change is to a single file or a configuration file. 2. Could you provide an example on the approach you use from the point a source file comes out from CVS to the point it get to the production environment. (An example with a single file change would be usefull) 2. Do you use any tool to manage this? I am thinking that if i change one file i should be able to just compile that one file and move it to the WEB-INF/classes folder into the relevant folder. This might work but is there a better way of doing this instead of moving it manually? Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat caching
Hi, i have this problem of i am able to edit the xml file but when i try to link it up with a piechart using amchart, the data shown is that of the previous data before the update. It is only when i open up the xml file to refresh it that it is able to show the new data. Tried setting cachingAllowed to false and reloadable to true but the problem still exisit. Tried to add a parameter to the output file like this String outputFile = ../Googlipse/twitter.mining/WebContent/Pie.xml? + new Date(); but there is error. Please help. Thanks a lot!! Really desperate My code is as below String inputFile = ../Googlipse/twitter.mining/WebContent/Pie.xml; String outputFile = ../Googlipse/twitter.mining/WebContent/Pie.xml; Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(inputFile)); XPath xpath = XPathFactory.newInstance().newXPath(); NodeList nodes = (NodeList)xpath.evaluate(//sli...@title='Positive'], doc, XPathConstants.NODESET); for (int idx = 0; idx nodes.getLength(); idx++) { nodes.item(idx).setTextContent(6); } Transformer xformer = TransformerFactory.newInstance().newTransformer(); xformer.transform(new DOMSource(doc), new StreamResult(new File(outputFile))); Retrieving the xml file: script type=text/javascript // ![CDATA[ var so = new SWFObject(ampie.swf, ampie, 360, 300, 8, #FF); so.addVariable(settings_file, encodeURIComponent(ampie_settings1.xml)); so.addVariable(data_file, encodeURIComponent(Pie.xml)); so.write(flashcontent); // ]] /script -- View this message in context: http://old.nabble.com/tomcat-caching-tp26280018p26280018.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Suggested workaround for bug 47316
Is there a suggested workaround for the bug 47316 In config file, Service and engine names must match without building the tomcat source. https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3 We are using a programmatic interface, not the server.xml. Thanks In Advance Amol
Re: WebappClassLoader and undeploy
Elli Albek wrote: Thomas, My given name is is Mark. Thomas is my family name. what is the issue with javax.imageio? Do they really use context class loader for loading static variables? Yes. First call to most methods in that library trigger a call to sun.awt.AppContext.getAppContext() which initialises a singleton instance of AppContext using the thread context class loader. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Suggested workaround for bug 47316
Amol Wate (awate) wrote: Is there a suggested workaround for the bug 47316 In config file, Service and engine names must match without building the tomcat source. https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3 We are using a programmatic interface, not the server.xml. Use the same name for engine and service name. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
On 09.11.2009 11:27, thomas2004 wrote: I newly installed the mod_jk 1.2.28 and since then got problem (see below). ** We have a web application deployed on Jboss (RH Linux OS). The access to the web application is via a Apache Httpd Web Server. One of the function of this web application is one can online generate PDF-reports. This report could by quite big (30 MB). After the report is generated (this will take about 20 to 40 min.) it will show up on the browser. Formerly we have mod_jk 1.2.26 and everything is ok. Since a week we update the mod_jk to 1.2.28 and got problem. Exactly to say, the PDF-report can not be shown up on browser. One can find some error messages in mod_jk.log as follow: Code: [Tue Nov 03 11:03:07 2009] [12138:2537062720] [info] ajp_connection_tcp_get_message::jk_ajp_common.c (1150): (worker_portfolio_son1) can't receive the response header message from tomcat, network problems or tomcat (172.23.17.37:8009) is down (errno=11) [Tue Nov 03 11:03:07 2009] [12138:2537062720] [error] ajp_get_reply::jk_ajp_common.c (1962): (worker_portfolio_son1) Tomcat is down or refused connection. No response has been sent to the client (yet) [Tue Nov 03 11:03:07 2009] [12138:2537062720] [info] ajp_service::jk_ajp_common.c (2447): (worker_portfolio_son1) sending request to tomcat failed (recoverable), (attempt=2) [Tue Nov 03 11:03:07 2009] [12138:2537062720] [error] ajp_service::jk_ajp_common.c (2466): (worker_portfolio_son1) connecting to tomcat failed. [Tue Nov 03 11:03:07 2009] worker_portfolio_son1 citibank-extranet-ru-test.civ-versicherung.de 244.108419 [Tue Nov 03 11:03:07 2009] [12138:2537062720] [info] jk_handler::mod_jk.c (2615): Service error=0 for worker=worker_portfolio_son1 From google I know this could be a problem of reply_timeout. I set the reply_timeout in workers.properties but it doesn't help. Here is my workers.properties. Code: worker.list=jkstatus, worker_portfolio_son1 worker.worker_portfolio_son1.connection_pool_timeout=600 worker.worker_portfolio_son1.socket_timeout=120 worker.worker_portfolio_son1.socket_keepalive=True worker.worker_portfolio_son1.lbfactor=1 worker.worker_portfolio_son1.type=ajp13 worker.worker_portfolio_son1.port=8009 worker.worker_portfolio_son1.host=appl-portfolio-test.proactiv.de worker.worker_portfolio_son1.sticky_session=True worker.worker_portfolio_son1.reply_timeout=360 Remove the socket_timeout. Please let us know, whether that helped. To improve stability you should add a socket-connect_timeout and cping/cpong. See: http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html If you don't want a reply_timeout, you can also remove it. Default is no reply_timeout. But remove socket_timeout in any case. If everything works, you can optimize by using the new extensions for uriworkermap.properties. There you can configure reply_timeouts for individual URLs. E.g. having a general timeout of 30 seconds, and an increased timeout of 1 hour only for your special reporting URLs. http://tomcat.apache.org/connectors-doc/reference/uriworkermap.html#Rule%20extensions Another way of doing it when using Apache is via an environment variable an dmod_rewrite. Look for JK_REPLY_TIMEOUT in http://tomcat.apache.org/connectors-doc/reference/apache.html mod_rewrite allows to set environment variables depending on the URLs. Any reply timeout set via JK_REPLY_TIMEOUT will overwrite the one in workers.properties. But first get the easy config working, before trying to improve! Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat caching
On 10/11/2009 08:44, fireportal wrote: Hi, i have this problem of i am able to edit the xml file but when i try to link it up with a piechart using amchart, the data shown is that of the previous data before the update. It is only when i open up the xml file to refresh it that it is able to show the new data. You are referring to the xml file as if it's something we all know about. Tried setting cachingAllowed to false and reloadable to true but the problem still exisit. The reloadable attribute doesn't do what you think it does. Read the docs for your Tomcat level again. Tried to add a parameter to the output file like this String outputFile = ../Googlipse/twitter.mining/WebContent/Pie.xml? + new Date(); but there is error. There's an error because you can't append a query string to an output file path. Query strings are added when you perform a request for a path or file, but not when writing inside the file system. Even if you could make it work, you'd then have a file called: fail.txt?x=2 which you couldn't add a query string to when requested in a browser. fail.txt?x=2?q=bah Please help. Thanks a lot!! Really desperate It would help if you explained yourself properly, rather than jumping in and assuming someone happens to suffer from Internet Telepathy. My code is as below String inputFile = ../Googlipse/twitter.mining/WebContent/Pie.xml; String outputFile = ../Googlipse/twitter.mining/WebContent/Pie.xml; These are relative paths. Obviously I can't tell what they're relative to, because I have no idea whether this code is running on an Android phone or in a class deployed in a Servlet Container. (Hint: more info required). I can't tell even if you're updating the right file*. Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new InputSource(inputFile)); This might work, but I can't tell because I don't know where it's measuring the relative inputFile path from.* XPath xpath = XPathFactory.newInstance().newXPath(); NodeList nodes = (NodeList)xpath.evaluate(//sli...@title='Positive'], doc, XPathConstants.NODESET); for (int idx = 0; idx nodes.getLength(); idx++) { nodes.item(idx).setTextContent(6); } Transformer xformer = TransformerFactory.newInstance().newTransformer(); xformer.transform(new DOMSource(doc), new StreamResult(new File(outputFile))); Likewise, the relative path might work, or might not. So, you attempted to update an XML file of some unknown format. (Hint*). Retrieving the xml file: script type=text/javascript //![CDATA[ var so = new SWFObject(ampie.swf, ampie, 360, 300, 8, #FF); so.addVariable(settings_file, encodeURIComponent(ampie_settings1.xml)); so.addVariable(data_file, encodeURIComponent(Pie.xml)); so.write(flashcontent); // ]] /script I'm not entirely sure what encodeURIComponent() does*, if it doesn't add anything to the URL, then it's somewhat pointless. If you want to add a param to the URL, this is the place to do it, assuming encodeURIComponent() doesn't do anything unusual: encodeURIComponent(Pie.xml?d=+(new Date()).getTime()) The problem is not Tomcat, the problem is that your browser is caching the Flash/XML file. You need to ensure that the XML file is sent with no-cache type headers, which you can do with a simple servlet Filter. If you have not thoroughly read the Tomcat docs, wiki examples, now would be a good time. p * Because you didn't tell us. Start by assuming that we don't know what you've spent the last 24 hours doing. It's also preferable to tell us Tomcat, OS, JVM version when you ask a question to avoid people like me sending snippy replies when we have to guess what you're trying to do. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure login only, not rest of app
Hi P, Thanks very much for your reasoned helpful response. I fancied securing only login because I only want logged in users to see the service and I want the login to be secure (passwords are safe) but the data itself is irrelevant so I figure why spend cpu cycles encrypting/decrypting normal data communication? :) To be honest I'm happy to just encrypt the whole thing if that's just going to save me a lot of hassle. My last stab at this is maybe I could use a scenario of filtering all requests and essentially do: if (logged in) { if (https) goto http } else { if (http) goto https } And then rely on the security constraint only for requiring login and the Valve only for forwarding the request to the login page? R. On 9 Nov 2009, at 23:05, Pid wrote: On 09/11/2009 22:33, Robert Denison wrote: Hi all, I am trying to have setup my tomcat webapp to be secure for login only. It works as you'd expect if the security-constraint for /* is unsecure and if I make it secure (using CONFIDENTIAL) for /*. However if I try to make it secure only for the login page and unsecure elsewhere any attempt to go to a page redirects to the login page but unsecure - not using the https and higher port. I've seen comments about filters to redirect up to the https port but my thoughts are: 1) From what I understand it should be possible with multiple constraints for different URLs, and 2) as I only want to do this if the user is not logged in I'm not sure how the filter would work. I have a working https Connector because I can use the service configured for /* to be secure. So, to summarise, you want *only* the login page to be sent over SSL? The login page isn't ever requested directly, it's forwarded to by the AuthenticationValve. This means that you can place it out of the way, in, say: WEB-INF/login/form.jsp WEB-INF/login/error.jsp but it also means that you shouldn't directly request the login page. When you're using Container managed security, you request a secured resource and the Valve forwards to the form. Once you authenticate the original request is restored. Your config won't enforce SSL for the login page because the container forwards the request to the page after it recognises the /* rule requires a login. If you want the whole app to require a login, you can either choose to use SSL, or not, but you can't easily send the login page only over SSL. If only one part of the app required a login, you could employ a Filter to downgrade to non-SSL when the URL didn't match that path. Is there a particular reason why you want to downgrade after login? You might look into the Tomcat compatible SecurityFilter project, as it provides very similar functionality to container managed security, but more flexibility. http://securityfilter.sourceforge.net/ p Any offered help appreciated. The relevant (I think) web.xml snippet is: security-constraint web-resource-collection web-resource-nameApplication Login/web-resource-name url-pattern/login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameplayer/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint security-constraint web-resource-collection web-resource-nameApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameplayer/role-name /auth-constraint /security-constraint !-- Define the Login Configuration for this Application -- login-config auth-methodFORM/auth-method realm-nameApplication/realm-name form-login-config form-login-page/jsp/login.jsp/form-login-page form-error-page/jsp/error.jsp/form-error-page /form-login-config /login-config - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Suggested workaround for bug 47316
Hi Mark, I tried it but the approach did not succeed. As in this thread http://www.mail-archive.com/users@tomcat.apache.org/msg62626.html Is there any other workaround? Thanks Amol -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, November 10, 2009 3:33 PM To: Tomcat Users List Subject: Re: Suggested workaround for bug 47316 Amol Wate (awate) wrote: Is there a suggested workaround for the bug 47316 In config file, Service and engine names must match without building the tomcat source. https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3 We are using a programmatic interface, not the server.xml. Use the same name for engine and service name. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure login only, not rest of app
On 10/11/2009 10:07, Robert Denison wrote: Hi P, Thanks very much for your reasoned helpful response. I fancied securing only login because I only want logged in users to see the service and I want the login to be secure (passwords are safe) but the data itself is irrelevant so I figure why spend cpu cycles encrypting/decrypting normal data communication? :) Using SSL can interfere with caching of CSS, images etc. Getting those for each main request could cost the client more time than the encryption takes. Paying attention to static resource caching is a good idea. To be honest I'm happy to just encrypt the whole thing if that's just going to save me a lot of hassle. Do it, see how it works out. Then try: My last stab at this is maybe I could use a scenario of filtering all requests and essentially do: if (logged in) { if (https) goto http } else { if (http) goto https } And then rely on the security constraint only for requiring login and the Valve only for forwarding the request to the login page? This would probably work out OK, (just remember that the Filter will work at a level above/after the Valve has a chance to act). p R. On 9 Nov 2009, at 23:05, Pid wrote: On 09/11/2009 22:33, Robert Denison wrote: Hi all, I am trying to have setup my tomcat webapp to be secure for login only. It works as you'd expect if the security-constraint for /* is unsecure and if I make it secure (using CONFIDENTIAL) for /*. However if I try to make it secure only for the login page and unsecure elsewhere any attempt to go to a page redirects to the login page but unsecure - not using the https and higher port. I've seen comments about filters to redirect up to the https port but my thoughts are: 1) From what I understand it should be possible with multiple constraints for different URLs, and 2) as I only want to do this if the user is not logged in I'm not sure how the filter would work. I have a working https Connector because I can use the service configured for /* to be secure. So, to summarise, you want *only* the login page to be sent over SSL? The login page isn't ever requested directly, it's forwarded to by the AuthenticationValve. This means that you can place it out of the way, in, say: WEB-INF/login/form.jsp WEB-INF/login/error.jsp but it also means that you shouldn't directly request the login page. When you're using Container managed security, you request a secured resource and the Valve forwards to the form. Once you authenticate the original request is restored. Your config won't enforce SSL for the login page because the container forwards the request to the page after it recognises the /* rule requires a login. If you want the whole app to require a login, you can either choose to use SSL, or not, but you can't easily send the login page only over SSL. If only one part of the app required a login, you could employ a Filter to downgrade to non-SSL when the URL didn't match that path. Is there a particular reason why you want to downgrade after login? You might look into the Tomcat compatible SecurityFilter project, as it provides very similar functionality to container managed security, but more flexibility. http://securityfilter.sourceforge.net/ p Any offered help appreciated. The relevant (I think) web.xml snippet is: security-constraint web-resource-collection web-resource-nameApplication Login/web-resource-name url-pattern/login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameplayer/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint security-constraint web-resource-collection web-resource-nameApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameplayer/role-name /auth-constraint /security-constraint !-- Define the Login Configuration for this Application -- login-config auth-methodFORM/auth-method realm-nameApplication/realm-name form-login-config form-login-page/jsp/login.jsp/form-login-page form-error-page/jsp/error.jsp/form-error-page /form-login-config /login-config - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands,
Re: Secure login only, not rest of app
Ugh, I didn't know about the interference with caching (I am fairly new to this) so it seems that adds weight to the idea of not securing anything but the login process I'll give these ideas a try and report back so it's public info. Thanks again P. R. On 10 Nov 2009, at 10:42, Pid wrote: On 10/11/2009 10:07, Robert Denison wrote: Hi P, Thanks very much for your reasoned helpful response. I fancied securing only login because I only want logged in users to see the service and I want the login to be secure (passwords are safe) but the data itself is irrelevant so I figure why spend cpu cycles encrypting/decrypting normal data communication? :) Using SSL can interfere with caching of CSS, images etc. Getting those for each main request could cost the client more time than the encryption takes. Paying attention to static resource caching is a good idea. To be honest I'm happy to just encrypt the whole thing if that's just going to save me a lot of hassle. Do it, see how it works out. Then try: My last stab at this is maybe I could use a scenario of filtering all requests and essentially do: if (logged in) { if (https) goto http } else { if (http) goto https } And then rely on the security constraint only for requiring login and the Valve only for forwarding the request to the login page? This would probably work out OK, (just remember that the Filter will work at a level above/after the Valve has a chance to act). p R. On 9 Nov 2009, at 23:05, Pid wrote: On 09/11/2009 22:33, Robert Denison wrote: Hi all, I am trying to have setup my tomcat webapp to be secure for login only. It works as you'd expect if the security-constraint for /* is unsecure and if I make it secure (using CONFIDENTIAL) for /*. However if I try to make it secure only for the login page and unsecure elsewhere any attempt to go to a page redirects to the login page but unsecure - not using the https and higher port. I've seen comments about filters to redirect up to the https port but my thoughts are: 1) From what I understand it should be possible with multiple constraints for different URLs, and 2) as I only want to do this if the user is not logged in I'm not sure how the filter would work. I have a working https Connector because I can use the service configured for /* to be secure. So, to summarise, you want *only* the login page to be sent over SSL? The login page isn't ever requested directly, it's forwarded to by the AuthenticationValve. This means that you can place it out of the way, in, say: WEB-INF/login/form.jsp WEB-INF/login/error.jsp but it also means that you shouldn't directly request the login page. When you're using Container managed security, you request a secured resource and the Valve forwards to the form. Once you authenticate the original request is restored. Your config won't enforce SSL for the login page because the container forwards the request to the page after it recognises the /* rule requires a login. If you want the whole app to require a login, you can either choose to use SSL, or not, but you can't easily send the login page only over SSL. If only one part of the app required a login, you could employ a Filter to downgrade to non-SSL when the URL didn't match that path. Is there a particular reason why you want to downgrade after login? You might look into the Tomcat compatible SecurityFilter project, as it provides very similar functionality to container managed security, but more flexibility. http://securityfilter.sourceforge.net/ p Any offered help appreciated. The relevant (I think) web.xml snippet is: security-constraint web-resource-collection web-resource-nameApplication Login/web-resource-name url-pattern/login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameplayer/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint security-constraint web-resource-collection web-resource-nameApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameplayer/role-name /auth-constraint /security-constraint !-- Define the Login Configuration for this Application -- login-config auth-methodFORM/auth-method realm-nameApplication/realm-name form-login-config form-login-page/jsp/login.jsp/form-login-page form-error-page/jsp/error.jsp/form-error-page /form-login-config /login-config - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail:
Re: Suggested workaround for bug 47316
2009/11/10 Amol Wate (awate) aw...@cisco.com: Hi Mark, I tried it but the approach did not succeed. As in this thread http://www.mail-archive.com/users@tomcat.apache.org/msg62626.html Is there any other workaround? Thanks Amol -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, November 10, 2009 3:33 PM To: Tomcat Users List Subject: Re: Suggested workaround for bug 47316 Amol Wate (awate) wrote: Is there a suggested workaround for the bug 47316 In config file, Service and engine names must match without building the tomcat source. https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3 We are using a programmatic interface, not the server.xml. Use the same name for engine and service name. Mark It should be obvious, but start with http://catb.org/~esr/faqs/smart-questions.html#beprecise http://catb.org/~esr/faqs/smart-questions.html#explicit and the rest of the tips there. It might well be that you face a different problem. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure login only, not rest of app
I assume that the standard way of dealing with static caching is to have e.g. an images (css etc) directory and have that not secure? Simple question but can you do one /* constraint and then override that with a subsequent /images (and css etc) constraint or is there a different preferred way to do this kind of setup? It would be mildly annoying if I have to have all my main pages under some subdir (lengthening my URLs) just to differentiate, so I assume there is a better way? R. On 10 Nov 2009, at 10:42, Pid wrote: On 10/11/2009 10:07, Robert Denison wrote: Hi P, Thanks very much for your reasoned helpful response. I fancied securing only login because I only want logged in users to see the service and I want the login to be secure (passwords are safe) but the data itself is irrelevant so I figure why spend cpu cycles encrypting/decrypting normal data communication? :) Using SSL can interfere with caching of CSS, images etc. Getting those for each main request could cost the client more time than the encryption takes. Paying attention to static resource caching is a good idea. To be honest I'm happy to just encrypt the whole thing if that's just going to save me a lot of hassle. Do it, see how it works out. Then try: My last stab at this is maybe I could use a scenario of filtering all requests and essentially do: if (logged in) { if (https) goto http } else { if (http) goto https } And then rely on the security constraint only for requiring login and the Valve only for forwarding the request to the login page? This would probably work out OK, (just remember that the Filter will work at a level above/after the Valve has a chance to act). p R. On 9 Nov 2009, at 23:05, Pid wrote: On 09/11/2009 22:33, Robert Denison wrote: Hi all, I am trying to have setup my tomcat webapp to be secure for login only. It works as you'd expect if the security-constraint for /* is unsecure and if I make it secure (using CONFIDENTIAL) for /*. However if I try to make it secure only for the login page and unsecure elsewhere any attempt to go to a page redirects to the login page but unsecure - not using the https and higher port. I've seen comments about filters to redirect up to the https port but my thoughts are: 1) From what I understand it should be possible with multiple constraints for different URLs, and 2) as I only want to do this if the user is not logged in I'm not sure how the filter would work. I have a working https Connector because I can use the service configured for /* to be secure. So, to summarise, you want *only* the login page to be sent over SSL? The login page isn't ever requested directly, it's forwarded to by the AuthenticationValve. This means that you can place it out of the way, in, say: WEB-INF/login/form.jsp WEB-INF/login/error.jsp but it also means that you shouldn't directly request the login page. When you're using Container managed security, you request a secured resource and the Valve forwards to the form. Once you authenticate the original request is restored. Your config won't enforce SSL for the login page because the container forwards the request to the page after it recognises the /* rule requires a login. If you want the whole app to require a login, you can either choose to use SSL, or not, but you can't easily send the login page only over SSL. If only one part of the app required a login, you could employ a Filter to downgrade to non-SSL when the URL didn't match that path. Is there a particular reason why you want to downgrade after login? You might look into the Tomcat compatible SecurityFilter project, as it provides very similar functionality to container managed security, but more flexibility. http://securityfilter.sourceforge.net/ p Any offered help appreciated. The relevant (I think) web.xml snippet is: security-constraint web-resource-collection web-resource-nameApplication Login/web-resource-name url-pattern/login.jsp/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameplayer/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint security-constraint web-resource-collection web-resource-nameApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameplayer/role-name /auth-constraint /security-constraint !-- Define the Login Configuration for this Application -- login-config auth-methodFORM/auth-method realm-nameApplication/realm-name form-login-config form-login-page/jsp/login.jsp/form-login-page form-error-page/jsp/error.jsp/form-error-page /form-login-config /login-config - To
Re: Secure login only, not rest of app
Just to pick up on the point below. If the Valve acts before the filter then I would guess my idea can't work because the login will have already happened before I get chance to redirect to https. Therefore meaning the login process will have happened unencrypted... R. On 10 Nov 2009, at 10:42, Pid wrote: My last stab at this is maybe I could use a scenario of filtering all requests and essentially do: if (logged in) { if (https) goto http } else { if (http) goto https } And then rely on the security constraint only for requiring login and the Valve only for forwarding the request to the login page? This would probably work out OK, (just remember that the Filter will work at a level above/after the Valve has a chance to act). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure login only, not rest of app
2009/11/10 Robert Denison r...@blim.org: I assume that the standard way of dealing with static caching is to have e.g. an images (css etc) directory and have that not secure? No, as on most browsers that will pop up a dialog box with something like this page contains both secure and insecure items. Do you want to display the insecure items? All content referenced from a secure page should be secure to prevent this warning. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure login only, not rest of app
Thanks peter, Don't suppose anyone can point me to any documentation that talks about getting caching working properly for tomcat and static content can they? R. On 10 Nov 2009, at 13:14, Peter Crowther wrote: 2009/11/10 Robert Denison r...@blim.org: I assume that the standard way of dealing with static caching is to have e.g. an images (css etc) directory and have that not secure? No, as on most browsers that will pop up a dialog box with something like this page contains both secure and insecure items. Do you want to display the insecure items? All content referenced from a secure page should be secure to prevent this warning. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
Remove the socket_timeout. Please let us know, whether that helped. I've moved the socket_timeout and the reply_timeout two days ago but it doesn't help. My workersproperties looks now as follow: [code] worker.worker_portfolio_son1.connection_pool_timeout=600 worker.worker_portfolio_son1.socket_keepalive=True worker.worker_portfolio_son1.lbfactor=1 worker.worker_portfolio_son1.type=ajp13 worker.worker_portfolio_son1.port=8009 worker.worker_portfolio_son1.host=appl-portfolio-test.proactiv.de worker.worker_portfolio_son1.sticky_session=True worker.worker_portfolio_son1.ping_timeout=1 worker.worker_portfolio_son1.ping_mode=A worker.worker_portfolio_son1.retries=2 worker.worker_portfolio_son1.activation=A worker.worker_portfolio_son1.recovery_options=7 [/code] To improve stability you should add a socket-connect_timeout and cping/cpong. See: http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html I will try this later and tell you the result. Btw, is there any difference between mod_jk 1.2.26 and 1.2.28. I wonder why it works by 1.2.26 but not by 1.2.28. Regards Thomas -- View this message in context: http://old.nabble.com/A-question-about-mod_jk-1.2.28-configuration-tp26264069p26283383.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure login only, not rest of app
On 10/11/2009 12:48, Robert Denison wrote: Just to pick up on the point below. If the Valve acts before the filter then I would guess my idea can't work because the login will have already happened before I get chance to redirect to https. Therefore meaning the login process will have happened unencrypted... Ah, yes, indeed. p R. On 10 Nov 2009, at 10:42, Pid wrote: My last stab at this is maybe I could use a scenario of filtering all requests and essentially do: if (logged in) { if (https) goto http } else { if (http) goto https } And then rely on the security constraint only for requiring login and the Valve only for forwarding the request to the login page? This would probably work out OK, (just remember that the Filter will work at a level above/after the Valve has a chance to act). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5.26 hangs
Hi, for completeness: the issue seems to have been resolved. The problems were apparently caused by a misconfigured router between the webservers and the appservers. Am Mittwoch, 14. Oktober 2009 schrieb Mark Thomas: Any idea how to gain more information? Jk debug logs wireshark compare httpd and Tomcat access logs netstat was found to be very helpful, because it showed non-empty send-queues and lots of connections in FIN_WAIT_1 on the webservers. Which proved that the problems were network-related, and not due to software bugs. Thanks for your help! Peter -- Peter Conrad Tivano Software GmbH Bahnhofstr. 18 63263 Neu-Isenburg Tel: 06102 / 8099070 Fax: 06102 / 8099071 HRB 11680, AG Offenbach/Main Geschäftsführer: Martin Apel - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Having trouble with Tomcat 6.0.20 embedded in Red5
Mark Thomas wrote: Mondain wrote: Mark,Thanks for the patch; it works like a champ! Now how can I use this with future releases of Tomcat? Will I have to reapply it each time? Thanks for testing. Assuming it gets the necessary 3 +1s, it will be in 6.0.21 onwards. Mark Hi Pardon my ignorance but does this mean that in order to work with embedded tomcat I must either compile 6.0.20 by myself or wait for 6.0.21? Thanks Shai -- View this message in context: http://old.nabble.com/Having-trouble-with-Tomcat-6.0.20-embedded-in-Red5-tp23871105p26283608.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat: bandwidth limiter / transfer rate limit ?
Hello, Is there any kind of bandwidth limiter ou transfer rate limiter readily available for tomcat? I know that for apache 2.2.x there is: mod_curb - http://www.steve.org.uk/Software/mod_curb/ mod_cband - http://codee.pl/cband.html I know that I can probably come up with a servlet that outputs the limited amount of bytes per second, making the thread sleep for 1 second after each flush, but that sounds like it could generate a server performance problem. Any ideas? Thansk, Carlos. -- View this message in context: http://old.nabble.com/tomcat%3A-bandwidth-limiter---transfer-rate-limit---tp26283656p26283656.html Sent from the Tomcat - User mailing list archive at Nabble.com.
Re: Secure login only, not rest of app
On 10/11/2009 13:25, Robert Denison wrote: Thanks peter, Don't suppose anyone can point me to any documentation that talks about getting caching working properly for tomcat and static content can they? It's not so much a case of Tomcat, unfortunately your app is also affected by browser type, config, version etc. Tomcat should handle serving static resources perfectly well, but you can augment it if needed by employing a Filter that adds headers for matching files/requests. Checking the HTTP Headers that are actually being sent received by the major browsers is an essential step in tuning your app. Your access log will show if files are being returned with HTTP 304 status or not. Firefox has LiveHTTPHeaders and Firebug, IE has a plugin tool too. I thought of an alternative, you could only enforce container based security on a specific path /login/. Your Filter could redirect all unauthenticated users to the login app, the index page (after successful login) just redirects to the app homepage. if (logged in) { if (https) goto http } else { redirect to /login // tomcat takes care of the HTTPS upgrade } p R. On 10 Nov 2009, at 13:14, Peter Crowther wrote: 2009/11/10 Robert Denisonr...@blim.org: I assume that the standard way of dealing with static caching is to have e.g. an images (css etc) directory and have that not secure? No, as on most browsers that will pop up a dialog box with something like this page contains both secure and insecure items. Do you want to display the insecure items? All content referenced from a secure page should be secure to prevent this warning. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
On 10.11.2009 14:26, thomas2004 wrote: Remove the socket_timeout. Please let us know, whether that helped. I've moved the socket_timeout and the reply_timeout two days ago but it doesn't help. My workersproperties looks now as follow: [code] worker.worker_portfolio_son1.connection_pool_timeout=600 worker.worker_portfolio_son1.socket_keepalive=True worker.worker_portfolio_son1.lbfactor=1 worker.worker_portfolio_son1.type=ajp13 worker.worker_portfolio_son1.port=8009 worker.worker_portfolio_son1.host=appl-portfolio-test.proactiv.de worker.worker_portfolio_son1.sticky_session=True worker.worker_portfolio_son1.ping_timeout=1 worker.worker_portfolio_son1.ping_mode=A worker.worker_portfolio_son1.retries=2 worker.worker_portfolio_son1.activation=A worker.worker_portfolio_son1.recovery_options=7 [/code] To improve stability you should add a socket-connect_timeout and cping/cpong. See: http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html I will try this later and tell you the result. Btw, is there any difference between mod_jk 1.2.26 and 1.2.28. I wonder why it works by 1.2.26 but not by 1.2.28. I checked the code. Your errno 11 shown in the jk log of your original post is EAGAIN. We removed tolerating EAGAIN while reading from the backend: http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_connect.c?r1=705959r2=705977pathrev=802161diff_format=h EAGAIN should only be returned by read() when the socket is set to non-blocking mode. I can't see why this should be the case for your configuration. Is the log message the same when running without socket_timeout? Please provide details on your OS, web server and configuration (e.g Jk directives for Apache). Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Comet response is set to empty HTTP 200 reply by the framework problem
Hi, I have a CometProcessor servlet that receives events and queues them for processing by separate thread pool (a.k.a. asynchronous processor). I do that because I could get 1000s of concurrent requests for job that includes IO wait and I don¹t want to have 1000s of threads lying around waiting for IO. My IO signals me when the response is ready, so I pull the respective CometEvent instance, write to the reply and gracefully close the message. I¹ve read number of documents and posts on this mail list and I think I am doing the things correctly, however 1 out of 500 messages gives me problem. The problem is that the client immediately gets HTTP 200 reply with empty body from the server without my application having a chance to write to the outputStream. This happens both using the NIO and the regular (with ARP) connectors. Both using persistent and non-persistent connections. When looking at tcp dump I see that the response is given practically immediately. Setting the event timeout to 1 sec does not help. I can see also that the client is behaving well, because when I use persistent connection, the conversation goes on after the faulty message and the next messages are OK. I am pretty sure I am doing something wrong with handling the cometevent, but not sure where to start. For one thing I am confused where and when should the event.close() invocation be I've seen on this mailing list both the advice to put it in the end event handling and right after I finish writing to the stream. Thanks Georgi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Uploading Images - Refresh Directory
Looking for some help - I am using DWR (ajax) to upload image files to my web app. The app is running on Tomcat v6.0. I'm putting the files into a directory in WebContent\images or WebContent\images\sub directories When I upload the images, I then want to display them on my page. heres the problem. Even if I reload the page, the images will not appear on the page untill I go into the eclipse IDE and REFRESH the WebContent or Images directory. Any suggestions as to how I can get around this? Thanks! -- View this message in context: http://old.nabble.com/Uploading-Images---Refresh-Directory-tp26284142p26284142.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] ConnectionPool question
I'm glad I amuse all of you :P Chris, the reason there are multiple recycleConnection methods is because if a RS is passed to the front presentation layer, I have to have a way to close it, I have to be able to get the statement and connection somehow, and I don't want that in my code. From everything that everyone here has said, to semi fix this right: 1 - Each method that calls the DB for a RS needs to get it's own connection and close the resources itself (keeping it in the same scope) 2 - The CP wrapper that is here, CAN be used, but could end up causing more problems in the long run. Hey again, thanks for everything you all have said. I feel slightly more confident now in fixing this conundrum. :) - Josh On Sat, Nov 7, 2009 at 3:17 AM, Elli Albek e...@sustainlane.com wrote: Chris, as long as we are having fun its all good. I think this question is something many developers ask. I have seen it here and in other forums. You are correct, everything is wrapped. The connection wrapper spawns statment wrappers which spawn result set wrappers, and everything is tracked in parent child relationships. E On Fri, Nov 6, 2009 at 5:54 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Elli, Okay, I think we've hijacked Josh's thread enough to at least mark it as off topic. :) On 11/5/2009 10:37 PM, Elli Albek wrote: Christopher Schultz wrote: Pooled connections are almost certainly not behaving this way. This has been discussed at least twice in the last week or two, and, I believe, already once in this thread. This is certainly not the case for my DBCP library (1.2.2). I just stepped through the source code: Calling connection.close() is closing result sets and statements. I'm not sure how calling Connection.close (where the Connection object is one from DBCP) would possibly be able to close ResultSet and Statement objects created by the underlying connection. Unless, I suppose, they decided to wrap /everything/ and register all the ResultSet and Statement objects handed-out by the underlying Connection for the purposes of (possibly) closing them later. I should really read the source :) Below is the DBCP code that keeps track of open statements/result sets and closes them when the connection is closed (BDCP 1.2.2). Yup: it looks like they do wrap/register everything and then close it for you. It's nice that they followed the spec, here :) - -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Coyote HTTP11Protocol Pause
Hi Chuk, Thank you for the assistance, when we looked into the logs the Home page for this application throws the below exception followed by HTTP 500 error. Please advice. # # LEVEL: SEVERE SOURCE CLASS: com.application.rd.action.OpenLandingPageAction SOURCE METHOD: execute() DATE: Tue Nov 10 07:17:45 EST 2009 STACK TRACE: net.sf.hibernate.LazyInitializationException: Failed to lazily initialize a collection at net.sf.hibernate.collection.PersistentCollection.initialize(PersistentCollection.java:201) at net.sf.hibernate.collection.PersistentCollection.read(PersistentCollection.java:71) at net.sf.hibernate.collection.List.iterator(List.java:103) at com.application.content.dao.FeatureGroupScheduleManager.loadFeatures(FeatureGroupScheduleManager.java:151) at com.application.content.dao.FeatureGroupScheduleManager.getScheduleForFeatureGroupAndDate(FeatureGroupScheduleManager.java:98) at com.application.content.business.FeatureGroupScheduleHandler.getScheduleForFeatureGroupAndDate(FeatureGroupScheduleHandler.java:47) at com.application.rd.action.OpenContentCategoryAction.loadFeatureGroupSchedule(OpenContentCategoryAction.java:157) at com.application.rd.action.OpenContentCategoryAction.loadFeatureGroupsInRequest(OpenContentCategoryAction.java:105) at com.application.rd.action.OpenContentCategoryAction.execute(OpenContentCategoryAction.java:68) at com.application.rd.action.OpenLandingPageAction.execute(OpenLandingPageAction.java:85) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:480) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1420) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:502) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.application.rd.filter.SimpleBreadcrumbFilter.doFilter(SimpleBreadcrumbFilter.java:80) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.application.servlet.filters.DisableUrlSessionFilter.doFilter(DisableUrlSessionFilter.java:59) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.application.rd.filter.AkamaiExclusionsFilter.doFilter(AkamaiExclusionsFilter.java:68) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.application.rd.filter.RdAutoLoginFilter.doFilter(RdAutoLoginFilter.java:71) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.application.ads.OnPageAdvertInitFilter.doFilter(OnPageAdvertInitFilter.java:56) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.application.servlet.filters.GrabTrackingParametersFilter.doFilter(GrabTrackingParametersFilter.java:81) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.application.servlet.filters.HibernateFilter.doFilter(HibernateFilter.java:77) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.opensymphony.oscache.web.filter.CacheFilter.doFilter(CacheFilter.java:175) at com.application.rd.filter.GenericWebPageCachingFilter.doFilter(GenericWebPageCachingFilter.java:22) at com.application.rd.filter.SessionAwareWebPageCachingFilter.doFilter(SessionAwareWebPageCachingFilter.java:27) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at
Re: Tomcat Coyote HTTP11Protocol Pause
On 10/11/2009 14:31, Arunkumar Janarthanan wrote: Hi Chuk, Thank you for the assistance, when we looked into the logs the Home page for this application throws the below exception followed by HTTP 500 error. Please advice. # # LEVEL: SEVERE SOURCE CLASS: com.application.rd.action.OpenLandingPageAction SOURCE METHOD: execute() DATE: Tue Nov 10 07:17:45 EST 2009 STACK TRACE: net.sf.hibernate.LazyInitializationException: Failed to lazily initialize a collection at snip Caused by: net.sf.hibernate.UnresolvableObjectException: No row with the given identifier exists: 1003916, of class: com.application.content.bean.Feature snip That'll be the problem then. p # Regards, Arun J On Mon, Nov 9, 2009 at 9:04 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Arunkumar Janarthanan [mailto:arunkumar.webad...@gmail.com] Subject: Re: Tomcat Coyote HTTP11Protocol Pause There was no other error reported apart from sequence of Pause, stop destroyed messages from catalina. Something shut down Tomcat, and what you see is the normal result of that. If the shutdown was unexpected, then either someone sent the shutdown password over the shutdown port - or you've got a rogue webapp that's calling System.exit(). The latter can be prevented by employing a security manager, such as what's described here: https://www.securecoding.cert.org/confluence/display/java/EXC04-J.+Prevent+against+inadvertent+calls+to+System.exit%28%29+or+forced+shutdown - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Coyote HTTP11Protocol Pause
Hi Pid, Thanks for throwing light on the issue and it is much appreciated, little keen to know what this error means cause my develoipers debating for a while now it is not the application problem. Could I know what is the Action page is trying to do and gets this exception, is this possible as this page is my application's Home page and crashes whole application itself ? Many thanks. Arun Janarthanan On Tue, Nov 10, 2009 at 10:06 AM, Pid p...@pidster.com wrote: On 10/11/2009 14:31, Arunkumar Janarthanan wrote: Hi Chuk, Thank you for the assistance, when we looked into the logs the Home page for this application throws the below exception followed by HTTP 500 error. Please advice. # # LEVEL: SEVERE SOURCE CLASS: com.application.rd.action.OpenLandingPageAction SOURCE METHOD: execute() DATE: Tue Nov 10 07:17:45 EST 2009 STACK TRACE: net.sf.hibernate.LazyInitializationException: Failed to lazily initialize a collection at snip Caused by: net.sf.hibernate.UnresolvableObjectException: No row with the given identifier exists: 1003916, of class: com.application.content.bean.Feature snip That'll be the problem then. p # Regards, Arun J On Mon, Nov 9, 2009 at 9:04 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Arunkumar Janarthanan [mailto:arunkumar.webad...@gmail.com] Subject: Re: Tomcat Coyote HTTP11Protocol Pause There was no other error reported apart from sequence of Pause, stop destroyed messages from catalina. Something shut down Tomcat, and what you see is the normal result of that. If the shutdown was unexpected, then either someone sent the shutdown password over the shutdown port - or you've got a rogue webapp that's calling System.exit(). The latter can be prevented by employing a security manager, such as what's described here: https://www.securecoding.cert.org/confluence/display/java/EXC04-J.+Prevent+against+inadvertent+calls+to+System.exit%28%29+or+forced+shutdown - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Secure login only, not rest of app
From: Robert Denison [mailto:r...@blim.org] Subject: Re: Secure login only, not rest of app Simple question but can you do one /* constraint and then override that with a subsequent /images (and css etc) constraint Yes, that's required by the servlet spec - longest match wins. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Having trouble with Tomcat 6.0.20 embedded in Red5
From: shaiAhr [mailto:shai.aharonov...@comverse.com] Subject: Re: Having trouble with Tomcat 6.0.20 embedded in Red5 does this mean that in order to work with embedded tomcat I must either compile 6.0.20 by myself or wait for 6.0.21? If the fix is required for your environment, then yes. Luckily, building Tomcat is pretty easy: http://tomcat.apache.org/tomcat-6.0-doc/building.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Coyote HTTP11Protocol Pause
From: Arunkumar Janarthanan [mailto:arunkumar.webad...@gmail.com] Subject: Re: Tomcat Coyote HTTP11Protocol Pause little keen to know what this error means cause my develoipers debating for a while now it is not the application problem. No, it almost certainly *is* an application problem. The application appears to be reacting to the failure to establish a connection by doing a System.exit() - which is a capital offense in some places. Could I know what is the Action page is trying to do and gets this exception, is this possible as this page is my application's Home page and crashes whole application itself ? Everything in the stack trace is related to the application, not to Tomcat, so you're going to have to take it up with the developers of the app. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] Of the dissemination, or globalisation, of Tomcat knowledge
Mark, Nach der Mittagspause stellte Mark Thomas im Tomcat-Track die Neuerungen in Tomcat 7 vor. Die neue Tomcat-Version wird die Servlet-3.0-API unterstützen. Die API-Implementierung ist weit fortgeschritten – soweit die API-Definition selbst schon stabil ist. Zu den neuen Funktionen gehört unter anderem die asynchronene Requestverarbeitung. Diese erlaubt neue Kommunikationsformen in Webanwendungen etwa im AJAX-Umfeld. Der Tomcat Manager, über den neue Applikationen deployed werden können, wurde vor allem im Hinblick auf Sicherheit überarbeitet. Mit embedded Tomcat hat man eine Möglichkeit geschaffen, Tomcat sehr einfach in Java Code zu instanziieren und integriert mit der Applikation auszuliefern. Embedded Tomcat ist sehr leichtgewichtig und weist nur wenige Bibliotheksabhängigkeiten auf. Waow ! You really did say all that ? Tomcat rocks ! :-) Borrowed from the Lucene forum, and more directly from http://www.heise.de/open/artikel/ApacheCon-2009-Lucene-Hadoop-und-mehr-852929.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
Rainer Jung wrote: On 10.11.2009 14:26, thomas2004 wrote: Remove the socket_timeout. Please let us know, whether that helped. I've moved the socket_timeout and the reply_timeout two days ago but it doesn't help. ... Hi. Just my Tomcat- and Java-dummy look on this. As I understand the basic issue, there is a request coming through Apache for a document to be served by a Tomcat app. mod_jk forwards the request to Tomcat, and the Tomcat app can take upward of 20 minutes to produce the response (which is a PDF document). In the meantime, some timeout seems to occur at the front-end Apache or mod_jk level, and the user never gets his document. Now, is the problem not due to the fact that after receiving the request, Tomcat + webapp does not send back *anything* for more than 20 minutes ? Is there no possibility to have Tomcat + webapp return at least *something* in the meantime, to avoid this timeout ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Of the dissemination, or globalisation, of Tomcat knowledge
On 10/11/2009 16:01, André Warnier wrote: Nach der Mittagspause stellte Mark Thomas im Tomcat-Track die Neuerungen in Tomcat 7 vor. Die neue Tomcat-Version wird die Servlet-3.0-API unterstützen. Die API-Implementierung ist weit fortgeschritten – soweit die API-Definition selbst schon stabil ist. Zu den neuen Funktionen gehört unter anderem die asynchronene Requestverarbeitung. Diese erlaubt neue Kommunikationsformen in Webanwendungen etwa im AJAX-Umfeld. Der Tomcat Manager, über den neue Applikationen deployed werden können, wurde vor allem im Hinblick auf Sicherheit überarbeitet. Mit embedded Tomcat hat man eine Möglichkeit geschaffen, Tomcat sehr einfach in Java Code zu instanziieren und integriert mit der Applikation auszuliefern. Embedded Tomcat ist sehr leichtgewichtig und weist nur wenige Bibliotheksabhängigkeiten auf. That and more, apparently, but maybe not so concisely. http://java.dzone.com/articles/mark-thomas-apache-tomcat-7 p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Having trouble with Tomcat 6.0.20 embedded in Red5
Caldarale, Charles R wrote: From: shaiAhr [mailto:shai.aharonov...@comverse.com] Subject: Re: Having trouble with Tomcat 6.0.20 embedded in Red5 does this mean that in order to work with embedded tomcat I must either compile 6.0.20 by myself or wait for 6.0.21? If the fix is required for your environment, then yes. Luckily, building Tomcat is pretty easy: http://tomcat.apache.org/tomcat-6.0-doc/building.html - Chuck Thanks a lot for the quick reply Chuck. Hope it's easy as you say it is. -- View this message in context: http://old.nabble.com/Having-trouble-with-Tomcat-6.0.20-embedded-in-Red5-tp23871105p26286017.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Connect tomcat to Active Directory with jndi
Hi, (Sorry for my english) Im trying to authenticate an application using Windows Active Directory, with jndi realm connector. Looking for information Ive seen that the realm jndi configuration is able to set up at the server.xml, or in the context.xml aplication and web.xml.In my case I want just to authenticate an aplication so I use context.xml and web.xml. When I go to the aplication url, A popup ask me for user and password, I write my Active Directory User, and password, but returns me this message: Apache Tomcat/5.5.25 - Informe de Errortype Informe de estado mensaje descripción Este requerimiento requiere autenticación HTTP (). Apache Tomcat/5.5.25 I can´t see any information at catalina.out nor aplication.log. How can I see what is going wrong?Can I enable any jndi log?? Am I wrong with any parameter or format?What is the best way to do it?? Any suggestion will be welcome. Im trying this configuration without any results: Thanks in advance. context.xml ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/webapps/pfirma Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://oid.prpmalaga.es:389; UserPattern=uid={0},ou=Users,dc=prpmalaga,dc=es roleBase=ou=Groups,dc=prpmalaga,dc=es roleName=cn roleSearch=(uniqueMember={0}) / /Context -- WEB-INF/web.xml !-- Security definitions -- !-- Define a Security Constraint on this Application -- security-constraint web-resource-collection web-resource-nameContext-aplication-name/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameActive-Directory-Group-Name/role-name /auth-constraint /security-constraint !-- Define the Login Configuration for this Application -- login-config auth-methodBASIC/auth-method realm-nameActive-Directory-User/realm-name /login-config !-- Security roles referenced by this web application -- security-role descriptionDescription /description role-nameActive-directory-Group-Name/role-name /security-role
RE: [OT] Of the dissemination, or globalisation, of Tomcat knowledge
Ich kann nicht alles verstehen. Mein deutche ist night zu gut. Could you provide the translation? -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Tuesday, November 10, 2009 11:01 AM To: Tomcat Users List Subject: [OT] Of the dissemination, or globalisation, of Tomcat knowledge Mark, Nach der Mittagspause stellte Mark Thomas im Tomcat-Track die Neuerungen in Tomcat 7 vor. Die neue Tomcat-Version wird die Servlet-3.0-API unterstützen. Die API-Implementierung ist weit fortgeschritten - soweit die API-Definition selbst schon stabil ist. Zu den neuen Funktionen gehört unter anderem die asynchronene Requestverarbeitung. Diese erlaubt neue Kommunikationsformen in Webanwendungen etwa im AJAX-Umfeld. Der Tomcat Manager, über den neue Applikationen deployed werden können, wurde vor allem im Hinblick auf Sicherheit überarbeitet. Mit embedded Tomcat hat man eine Möglichkeit geschaffen, Tomcat sehr einfach in Java Code zu instanziieren und integriert mit der Applikation auszuliefern. Embedded Tomcat ist sehr leichtgewichtig und weist nur wenige Bibliotheksabhängigkeiten auf. Waow ! You really did say all that ? Tomcat rocks ! :-) Borrowed from the Lucene forum, and more directly from http://www.heise.de/open/artikel/ApacheCon-2009-Lucene-Hadoop-und-mehr-852929.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
On 10.11.2009 17:12, André Warnier wrote: Rainer Jung wrote: On 10.11.2009 14:26, thomas2004 wrote: Remove the socket_timeout. Please let us know, whether that helped. I've moved the socket_timeout and the reply_timeout two days ago but it doesn't help. ... Hi. Just my Tomcat- and Java-dummy look on this. As I understand the basic issue, there is a request coming through Apache for a document to be served by a Tomcat app. mod_jk forwards the request to Tomcat, and the Tomcat app can take upward of 20 minutes to produce the response (which is a PDF document). In the meantime, some timeout seems to occur at the front-end Apache or mod_jk level, and the user never gets his document. Now, is the problem not due to the fact that after receiving the request, Tomcat + webapp does not send back *anything* for more than 20 minutes ? Is there no possibility to have Tomcat + webapp return at least *something* in the meantime, to avoid this timeout ? It's possible, that this would work as a workaround. The usual let some bits dripple to keep the connection active strategy. Nevertheless he triggered behaviour that was indeed changed between 1.2.26 and 1.2.28 and we do not yet understand, why the read() call doesn't block the whole time and instead returns EAGAIN. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connect tomcat to Active Directory with jndi
Is that a typo on the role name? role-nameActive-directory-Group-Name/role-name Should it be Active-Directory-Group-Name ? You may ask in Spanish at http://groups.google.com/group/javasos -Jorge -Original Message- From: A A [mailto:masvalesolo...@yahoo.es] Sent: Tuesday, November 10, 2009 11:20 AM To: users@tomcat.apache.org Subject: Connect tomcat to Active Directory with jndi Hi, (Sorry for my english) Im trying to authenticate an application using Windows Active Directory, with jndi realm connector. Looking for information Ive seen that the realm jndi configuration is able to set up at the server.xml, or in the context.xml aplication and web.xml.In my case I want just to authenticate an aplication so I use context.xml and web.xml. When I go to the aplication url, A popup ask me for user and password, I write my Active Directory User, and password, but returns me this message: Apache Tomcat/5.5.25 - Informe de Errortype Informe de estado mensaje descripción Este requerimiento requiere autenticación HTTP (). Apache Tomcat/5.5.25 I can´t see any information at catalina.out nor aplication.log. How can I see what is going wrong?Can I enable any jndi log?? Am I wrong with any parameter or format?What is the best way to do it?? Any suggestion will be welcome. Im trying this configuration without any results: Thanks in advance. context.xml ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/webapps/pfirma Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://oid.prpmalaga.es:389; UserPattern=uid={0},ou=Users,dc=prpmalaga,dc=es roleBase=ou=Groups,dc=prpmalaga,dc=es roleName=cn roleSearch=(uniqueMember={0}) / /Context -- WEB-INF/web.xml !-- Security definitions -- !-- Define a Security Constraint on this Application -- security-constraint web-resource-collection web-resource-nameContext-aplication-name/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameActive-Directory-Group-Name/role-name /auth-constraint /security-constraint !-- Define the Login Configuration for this Application -- login-config auth-methodBASIC/auth-method realm-nameActive-Directory-User/realm-name /login-config !-- Security roles referenced by this web application -- security-role descriptionDescription /description role-nameActive-directory-Group-Name/role-name /security-role - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat build for the patch https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3
Hi, Is there an alternative to building from source as mentioned in the workaround? Is there a tomcat build available for the patch reported here? If not, will it be available anytime soon? Please let us know. Also, we are not using server.xml to start tomcat. We are use the embedded program interface for this process. Thanks, Venkat - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat build for the patch https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3
Krishnamurthi, Venkat wrote: Hi, Is there an alternative to building from source as mentioned in the workaround? Pay someone to do it for you? Is there a tomcat build available for the patch reported here? No. If not, will it be available anytime soon? Releases happen when they happen. There may be a 6.0.21 fairly soon to provide a workaround for CVE-2009-3555. Mark Please let us know. Also, we are not using server.xml to start tomcat. We are use the embedded program interface for this process. Thanks, Venkat - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connect tomcat to Active Directory with jndi
I think this value should be the active directory group name, isn´t it ?? --- El mar, 10/11/09, Jorge Medina jmed...@e-dialog.com escribió: De: Jorge Medina jmed...@e-dialog.com Asunto: RE: Connect tomcat to Active Directory with jndi Para: Tomcat Users List users@tomcat.apache.org Fecha: martes, 10 de noviembre, 2009 18:55 Is that a typo on the role name? role-nameActive-directory-Group-Name/role-name Should it be Active-Directory-Group-Name ? You may ask in Spanish at http://groups.google.com/group/javasos -Jorge -Original Message- From: A A [mailto:masvalesolo...@yahoo.es] Sent: Tuesday, November 10, 2009 11:20 AM To: users@tomcat.apache.org Subject: Connect tomcat to Active Directory with jndi Hi, (Sorry for my english) Im trying to authenticate an application using Windows Active Directory, with jndi realm connector. Looking for information Ive seen that the realm jndi configuration is able to set up at the server.xml, or in the context.xml aplication and web.xml.In my case I want just to authenticate an aplication so I use context.xml and web.xml. When I go to the aplication url, A popup ask me for user and password, I write my Active Directory User, and password, but returns me this message: Apache Tomcat/5.5.25 - Informe de Errortype Informe de estado mensaje descripción Este requerimiento requiere autenticación HTTP (). Apache Tomcat/5.5.25 I can´t see any information at catalina.out nor aplication.log. How can I see what is going wrong?Can I enable any jndi log?? Am I wrong with any parameter or format?What is the best way to do it?? Any suggestion will be welcome. Im trying this configuration without any results: Thanks in advance. context.xml ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/webapps/pfirma Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://oid.prpmalaga.es:389; UserPattern=uid={0},ou=Users,dc=prpmalaga,dc=es roleBase=ou=Groups,dc=prpmalaga,dc=es roleName=cn roleSearch=(uniqueMember={0}) / /Context -- WEB-INF/web.xml !-- Security definitions -- !-- Define a Security Constraint on this Application -- security-constraint web-resource-collection web-resource-nameContext-aplication-name/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameActive-Directory-Group-Name/role-name /auth-constraint /security-constraint !-- Define the Login Configuration for this Application -- login-config auth-methodBASIC/auth-method realm-nameActive-Directory-User/realm-name /login-config !-- Security roles referenced by this web application -- security-role descriptionDescription /description role-nameActive-directory-Group-Name/role-name /security-role - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 5.5.25 - Multiple Connectors and performance lost
Hello, I need help configuring a tomcat server, 5.5.25, running on Redhat EL 5.2. I have 4 web applications that communicate with each other. My problem consists in getting the information form the various applications when the number of threads is reached only by one application. When I contact a application named wayback this searches in an index that is served by another application named nutchwax. When I put a client making 100 requests to wayback and the maxThreads is configured to 100 then the wayback application enters in deadlock. Because tomcat cannot create another thread for nutchwax application. The applications interact in this way: *Nutchwax - Index - User *Wayback - *Nutchwax - Index - User *Wayback - *Nutchwax - Index - *ArcProxy - *Browser - User * means that this is a application of tomcat I found a way to resolve the deadlock by separating the applications in different connectors, I made 4 connector, one each for application I want to use. This originated a throupt that was of about 1.30sec to 16.30sec. The new server.xml file is configured with 4 service/engine/host 1. Service name=reciver 2. Connector port=8080 maxHttpHeaderSize=8192 maxThreads=10 3.enableLookups=false acceptCount=100 4.connectionTimeout=1 disableUploadTimeout=true 5.useBodyEncodingForURI=true/ 6. Engine name=reciver defaultHost=localhost jvmRoute=host1 7. Realm className=org.apache.catalina.realm.UserDatabaseRealm 8.resourceName=UserDatabase / 9. Host name=localhost appBase=webapps unpackWARs=true 10. autoDeploy=false xmlValidation=false 11. xmlNamespaceAware=false 12. Context docBase=browser path=/browser reloadable=false/ 13. /Host 14. /Engine 15. /Service 16. Service name=reciver2 17. Connector port=8081 maxHttpHeaderSize=8192 maxThreads=10 18.enableLookups=false acceptCount=1 19.connectionTimeout=1 disableUploadTimeout=true 20.useBodyEncodingForURI=true proxyName=example.pt proxyPort=80/ 21. Engine name=reciver2 defaultHost=example_app jvmRoute=host2 22. Host name=example_app appBase=test_app/example_app unpackWARs=true 23. autoDeploy=false xmlValidation=false 24. xmlNamespaceAware=false 25. Context docBase=example_app path=/example_app reloadable=false/ 26. /Host 27. /Engine 28. /Service 29. (...Repeted 2 more times.) Thanks in advance for your help, Simão Arquivo da Web Portuguesa | FCCN Av. do Brasil, n.º 101 1700-066 Lisboa Tel.: +351 21 8440100 (facultativo) Fax: +351 21 8472167 www.arquivo.pt | www.fccn.pt Aviso de Confidencialidade Esta mensagem é exclusivamente destinada ao seu destinatário, podendo conter informação CONFIDENCIAL, cuja divulgação está expressamente vedada nos termos da lei. Caso tenha recepcionado indevidamente esta mensagem, solicitamos-lhe que nos comunique esse mesmo facto por esta via ou para o telefone +351 218440100 devendo apagar o seu conteúdo de imediato. This message is intended exclusively for its addressee. It may contain CONFIDENTIAL information protected by law. If this message has been received by error, please notify us via e-mail or by telephone +351 218440100 and delete it immediately.
RE: tomcat 5.5.25 - Multiple Connectors and performance lost
From: Simão Fontes [mailto:simao.fon...@fccn.pt] Subject: tomcat 5.5.25 - Multiple Connectors and performance lost I have 4 web applications that communicate with each other. My problem consists in getting the information form the various applications when the number of threads is reached only by one application. Perhaps you could create a filter for each webapp that monitors the number of concurrent threads for its webapp and rejects (or queues) requests that exceed some pre-defined limit. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Hand Authentication to Apache
I have set up a basic extranet where clients can browse directories and view the files in those directories. Access is handled by basic authentication of Apache. In the directories that are open for a specific client I've created a .htaccess file (see example below). Today, Tomcat has been installed on my server. When I now want to access those secured directories, I get an error by Tomcat The requested resource is not available. How can I repair this? I've tried adding tomcatAuthentication=false to Connector port=21309 protocol=AJP/1.3 / and restarted Tomcat, but this was not the solution. Users should be able to browse certain subdirectories as follow: - User A, B, C should be able to access https://www.../extranet/client1/ and its subdirectories - User A, D, E, F should be able to access https://www.../extranet/client2/ and its subdirectories .htaccess-listing = # STRONG HTACCESS PROTECTION Files ~ ^.*\.([Hh][Tt][Aa]) order allow,deny deny from all /Files # REDIRECT http REQUESTS TO https, BUT AVOID ASKING TWICE FOR PASSWORD SSLRequireSSL ErrorDocument 403 https://www.pensionarchitects.be/extranet/docs AuthType Basic AuthName Extranet AuthBasicProvider file AuthUserFile Require valid-user Options +Indexes # SET INDEX OPTIONS IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=50 DescriptionWidth=* SuppressHTMLPreamble SuppressLastModified # SET DISPLAY ORDER IndexOrderDefault Descending Name HeaderName /extranet/header.html ReadmeName /extranet/footer.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Hand Authentication to Apache
On 10/11/2009 19:26, Ivan Eulaers wrote: I have set up a basic extranet where clients can browse directories and view the files in those directories. Access is handled by basic authentication of Apache. In the directories that are open for a specific client I've created a .htaccess file (see example below). Today, Tomcat has been installed on my server. When I now want to access those secured directories, I get an error by Tomcat The requested resource is not available. How can I repair this? I've tried adding tomcatAuthentication=false toConnector port=21309 protocol=AJP/1.3 / and restarted Tomcat, but this was not the solution. Users should be able to browse certain subdirectories as follow: - User A, B, C should be able to access https://www.../extranet/client1/ and its subdirectories - User A, D, E, F should be able to access https://www.../extranet/client2/ and its subdirectories .htaccess-listing = # STRONG HTACCESS PROTECTION Files ~ ^.*\.([Hh][Tt][Aa]) order allow,deny deny from all /Files # REDIRECT http REQUESTS TO https, BUT AVOID ASKING TWICE FOR PASSWORD SSLRequireSSL ErrorDocument 403 https://www.pensionarchitects.be/extranet/docs AuthType Basic AuthName Extranet AuthBasicProvider file AuthUserFile Require valid-user Options +Indexes # SET INDEX OPTIONS IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=50 DescriptionWidth=* SuppressHTMLPreamble SuppressLastModified # SET DISPLAY ORDER IndexOrderDefault Descending Name HeaderName /extranet/header.html ReadmeName /extranet/footer.html We'll be needing the Tomcat config (server.xml) and some idea of how the two servers are connected. Who installed Tomcat? What version? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Secure login only, not rest of app
Pid Regarding the login. I don't know what architecture you have but what your asking is possible. what Peter indicated below is more likely. It doesn't look like you are using spring but you might want to look at some of the ways they do such this. I do know you can enforce the use of https in either paths and/or beans (?a little vague there). We don't have a https style redirect as we have a CAS server for authentication but we do similar things with url redirects for our extra users. In effect if not authenticated redirect to (as Peter said) to /login/ Gerwood From: Pid [...@pidster.com] Sent: Wednesday, 11 November 2009 12:51 AM To: users@tomcat.apache.org Subject: Re: Secure login only, not rest of app On 10/11/2009 13:25, Robert Denison wrote: Thanks peter, Don't suppose anyone can point me to any documentation that talks about getting caching working properly for tomcat and static content can they? It's not so much a case of Tomcat, unfortunately your app is also affected by browser type, config, version etc. Tomcat should handle serving static resources perfectly well, but you can augment it if needed by employing a Filter that adds headers for matching files/requests. Checking the HTTP Headers that are actually being sent received by the major browsers is an essential step in tuning your app. Your access log will show if files are being returned with HTTP 304 status or not. Firefox has LiveHTTPHeaders and Firebug, IE has a plugin tool too. I thought of an alternative, you could only enforce container based security on a specific path /login/. Your Filter could redirect all unauthenticated users to the login app, the index page (after successful login) just redirects to the app homepage. if (logged in) { if (https) goto http } else { redirect to /login // tomcat takes care of the HTTPS upgrade } p R. On 10 Nov 2009, at 13:14, Peter Crowther wrote: 2009/11/10 Robert Denisonr...@blim.org: I assume that the standard way of dealing with static caching is to have e.g. an images (css etc) directory and have that not secure? No, as on most browsers that will pop up a dialog box with something like this page contains both secure and insecure items. Do you want to display the insecure items? All content referenced from a secure page should be secure to prevent this warning. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Inactive sessions won't be removed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian, On 11/5/2009 4:47 AM, Christian Stöber wrote: What version of Tomcat are you running? Sorry, I've forgotten. I'm running Tomcat 6.0.20. I can't imagine why the sessions are not expiring. Is it possible that you're misreading the output of the tool you're using? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5xIkACgkQ9CaO5/Lv0PCyLgCgowN9qxCUdz9G5SuKv6SVny5h zAMAnRkmguLSELTfYDfmFCvEaOI44q2J =fWHM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SEVERE: All threads (700) are currently busy, waiting. Increase maxThreads (700) or check the servlet status
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 11/6/2009 3:02 AM, André Warnier wrote: But, during a keepalive connection, usually the server needs to dedicate one process, or child or thread, to this connection. So this child/thread is blocked, and cannot server requests from other browsers. If the KeepAlive timeout is very long, it means that when the browser has finished requesting all the objects from the page, the connection still stays alive for a while, because the server waits to see if there are no more requests coming on the connection. Or, the client can close the connection which is a pretty good way to decide that there are no more requests to be made on that connection. Note that Tomcat's NIO connector puts worker threads back into the thread pool between keepalive requests on a single connection, and you can get better thread usage in that way. I would think that nowadays, a setting of 3 sec. is largely sufficient in most cases. +1 If the client can't make another request in a keepalive connection fast enough, it can always open up a new connection and make a new request. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5xYQACgkQ9CaO5/Lv0PA4iACfXjrmHkgcEAd47RTcMgmyPChF /mgAnRHLk2CSnliOOe+ROD4EUFxm8CBU =GP7F -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Inactive sessions won't be removed
On 10/11/2009 19:52, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Christian, On 11/5/2009 4:47 AM, Christian Stöber wrote: What version of Tomcat are you running? Sorry, I've forgotten. I'm running Tomcat 6.0.20. I can't imagine why the sessions are not expiring. Is it possible that you're misreading the output of the tool you're using? Or the tool is causing a session to be created? p - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5xIkACgkQ9CaO5/Lv0PCyLgCgowN9qxCUdz9G5SuKv6SVny5h zAMAnRkmguLSELTfYDfmFCvEaOI44q2J =fWHM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SEVERE: All threads (700) are currently busy, waiting. Increase maxThreads (700) or check the servlet status
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tobias, On 11/6/2009 8:56 AM, Tobias Crefeld wrote: Am Fri, 6 Nov 2009 08:24:14 +0100 schrieb Joan Monplet Ortega j...@solostocks-int.com: Yeah, It's the one Tomcat. We have 4GB RAM on production Server and We run it with 1GB. Not too much RAM... how many clients are using this system simultaneously? Our smallest machines ( 10 seats) have this amount of RAM configured. Wow, you must have pretty heavy requests. We have hundreds of users on a machine that only recently needed its heap size increased from the default 64MiB heap to make room for them. We do tend to keep things light, though. In applications/(select app)/sessions you get an overview which web-application (=context) is using the connections. Speaking of sessions, if you have synchronized access to the session or objects in the session, you may be locking-up threads waiting for those locks to be released. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5xjcACgkQ9CaO5/Lv0PDuIQCgpQgT25REehyGCQ5iZuEuzVTz l5cAoK/nSJ3ON+alUFIiODUirzrkQWeb =RH+Z -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Hand Authentication to Apache
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ivan, On 11/10/2009 2:26 PM, Ivan Eulaers wrote: Today, Tomcat has been installed on my server. When I now want to access those secured directories, I get an error by Tomcat The requested resource is not available. How can I repair this? Are you trying to replace Apache httpd with Tomcat? If so, Tomcat doesn't support .htaccess files. I've tried adding tomcatAuthentication=false to Connector port=21309 protocol=AJP/1.3 / and restarted Tomcat, but this was not the solution. tomcatAuthentication=false will allow any authentication information from Apache httpd to flow into Tomcat, but you still have to configure access appropriately based upon roles. Users should be able to browse certain subdirectories as follow: - User A, B, C should be able to access https://www.../extranet/client1/ and its subdirectories - User A, D, E, F should be able to access https://www.../extranet/client2/ and its subdirectories .htaccess-listing = # STRONG HTACCESS PROTECTION Files ~ ^.*\.([Hh][Tt][Aa]) What, no access to .../.htable files? It's tough to guess what is being forwarded to Tomcat. Can you show us your JkMount or Proxy directives that you have configured? Also, please provide a specific example of a URL that fails to load properly, what the error is, and what you expected to happen. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5yfYACgkQ9CaO5/Lv0PDPLACeIP2nLA8U8yB2W8BH1rkbswZx gYkAnR3q1h80kufY3dZx1dFaCTuXKig/ =yloJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure login only, not rest of app
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, On 11/10/2009 5:07 AM, Robert Denison wrote: if (logged in) { if (https) goto http } else { if (http) goto https } I've outlined this in another post, but I'll repeat it, here: 1. Modify your login page to check for HTTPS. If the request isn't secure, redirect back to yourself in HTTPS mode. 2. Write a filter that checks for secure mode. If you're in secure mode, do the following: a. Check for a JSESSIONID cookie. If one exists and it's in secure mode, create a new cookie with the same name, path, and value, but make sure it's /not/ in secure mode. Add this to the response. b. redirect back to yourself in HTTP mode I believe the above combination will get you what you're looking for. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5zE4ACgkQ9CaO5/Lv0PDd3QCgmcskkwkUodIxKKzwI/rdQIR/ WUEAn33AejWyKyk5S8jjK/1QX84qjvj+ =2P/v -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure login only, not rest of app
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, On 11/10/2009 7:48 AM, Robert Denison wrote: If the Valve acts before the filter then I would guess my idea can't work because the login will have already happened before I get chance to redirect to https. Therefore meaning the login process will have happened unencrypted... Remember that your login page is allowed to do stuff, too. See my other post for details. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5zHYACgkQ9CaO5/Lv0PD0fACbBRvCADlgHACBQNgeUG+Z7Tcw FzkAoJ9zbS3Y2RvGRn0UuTHbDp4VnPc8 =ld17 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Of the dissemination, or globalisation, of Tomcat knowledge
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jorge, On 11/10/2009 11:41 AM, Jorge Medina wrote: Ich kann nicht alles verstehen. Mein deutche ist night zu gut. Nein, das ist dein Deutsch sehr beschissen. Could you provide the translation? www.lmgttfy.com? http://translate.google.com/translate_t?hl=enie=UTF-8text=Nach+der+Mittagspause+stellte+Mark+Thomas+im+Tomcat-Track+die+Neuerungen+in+Tomcat+7+vor.+Die+neue+Tomcat-Version+wird+die+Servlet-3.0-API+unterst%C3%BCtzen.+Die+API-Implementierung+ist+weit+fortgeschritten+%E2%80%93+soweit+die+API-Definition+selbst+schon+stabil+ist.+Zu+den+neuen+Funktionen+geh%C3%B6rt+unter+anderem+die+asynchronene+Requestverarbeitung.+Diese+erlaubt+neue+Kommunikationsformen+in+Webanwendungen+etwa+im+AJAX-Umfeld.+Der+Tomcat+Manager%2C+%C3%BCber+den+neue+Applikationen+deployed+werden+k%C3%B6nnen%2C+wurde+vor+allem+im+Hinblick+auf+Sicherheit+%C3%BCberarbeitet.+Mit+embedded+Tomcat+hat+man+eine+M%C3%B6glichkeit+geschaffen%2C+Tomcat+sehr+einfach+in+Java+Code+zu+instanziieren+und+integriert+mit+der+Applikation+auszuliefern.+Embedded+Tomcat+ist+sehr+leichtgewichtig+und+weist+nur+wenige+Bibliotheksabh%C3%A4ngigkeiten+auf.+sl=detl=en# - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5zeoACgkQ9CaO5/Lv0PAA0QCgmS3jf4O+jouiUkHoJmXoDwNw zVQAn2EHJUIY8xyjbucyeyG8SpN9eT5F =4hQd -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas, On 11/10/2009 2:53 AM, thomas2004 wrote: Just to confirm: you have a single request that takes 20-40 minutes to fulfill? Or do you issue a request to generate the report and then, later, issue a request to retrieve the (already-generated) report? I issue a request to generate the report (click the button Create Report) which is done in Jboss. The report-generation takes very long since it will hold data from the database and process them. As the Jboss sends back the PDF-report stream back to the browser, it failed. From the log message this means the way return to client (browser) is closed. The client probably hung up the phone because it takes 20-40 minutes to respond to the request. 20-40 minutes is an unreasonable amount of time to wait for an HTTP request to complete. I recommend changing your architecture so that HTTP requests don't have to take so long. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5zlEACgkQ9CaO5/Lv0PCTFACfYde1O1nUrA7MDvA6RSZtol7M XdUAniqmFzB2G/bm6rY3aqnU5SJxy4vK =Qp8v -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 11/10/2009 11:26 AM, Rainer Jung wrote: It's possible, that this would work as a workaround. The usual let some bits dripple to keep the connection active strategy. Ugh. Why not have the request fire-off a report-generation thread that writes to a file. The client can then come back later and request the file. This way, nobody has to have an idle HTTP connection open for half an hour. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5ztUACgkQ9CaO5/Lv0PBfIACaAjnmj7HZNxW5CeVAb3rkHqbY c3YAni00TzeROcCCxKnkpydaEmxLnonf =t49C -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] ConnectionPool question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Josh, On 11/10/2009 9:18 AM, Josh Gooding wrote: the reason there are multiple recycleConnection methods is because if a RS is passed to the front presentation layer, I have to have a way to close it, I have to be able to get the statement and connection somehow, and I don't want that in my code. I was assuming that you were going to use Elli's suggestion to use a ThreadLocal to capture any allocated Connection objects, and just close everything at the end of the request processing. If you're going to do that, you can be lazy about it and just always close everything. From everything that everyone here has said, to semi fix this right: 1 - Each method that calls the DB for a RS needs to get it's own connection and close the resources itself (keeping it in the same scope) This is, of course, recommended technique. 2 - The CP wrapper that is here, CAN be used, but could end up causing more problems in the long run. Well, yes and no. Yes in the sense that you shouldn't encourage the kind of coding behavior that's been exhibited in the past: by writing such a wrapper and clean-up code, you (might) encourage laziness and make the problem worse rather than better. No in the sense that I don't believe this solution is actually going to exacerbate the actual problem itself. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5z7AACgkQ9CaO5/Lv0PCM5ACfdA3MPnJ/YEeUwIeuNjh9akH7 2X4AoKyfvWVdOv59FJtxMrw4nyLxsrk9 =WWP3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Of the dissemination, or globalisation, of Tomcat knowledge
On 10.11.2009 21:32, Christopher Schultz wrote: Could you provide the translation? www.lmgttfy.com? http://translate.google.com/translate_t?hl=enie=UTF-8text=Nach+der+Mittagspause+stellte+Mark+Thomas+im+Tomcat-Track+die+Neuerungen+in+Tomcat+7+vor.+Die+neue+Tomcat-Version+wird+die+Servlet-3.0-API+unterst%C3%BCtzen.+Die+API-Implementierung+ist+weit+fortgeschritten+%E2%80%93+soweit+die+API-Definition+selbst+schon+stabil+ist.+Zu+den+neuen+Funktionen+geh%C3%B6rt+unter+anderem+die+asynchronene+Requestverarbeitung.+Diese+erlaubt+neue+Kommunikationsformen+in+Webanwendungen+etwa+im+AJAX-Umfeld.+Der+Tomcat+Manager%2C+%C3%BCber+den+neue+Applikationen+deployed+werden+k%C3%B6nnen%2C+wurde+vor+allem+im+Hinblick+auf+Sicherheit+%C3%BCberarbeitet.+Mit+embedded+Tomcat+hat+man+eine+M%C3%B6glichkeit+geschaffen%2C+Tomcat+sehr+einfach+in+Java+Code+zu+instanziieren+und+integriert+mit+der+Applikation+auszuliefern.+Embedded+Tomcat+ist+sehr+leichtgewichtig+und+weist+nur+wenige+Bibliotheksabh%C3%A4ngigkeiten+auf.+sl=detl=en# No idea why google inserts power. There's nothing like that in the German original ... Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat startup exception
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Milan, On 11/9/2009 6:32 AM, Milan Tomic wrote: I have just installed it and moved some apps from tomcat 5.0. You should start over with the server.xml that came with Tomcat 6.0 and add whatever configuration you need. TC 5.0 server.xml is unlikely to be compatible with 6.0. As Pid says, you should remove Context elements from server.xml to avoid all kinds of problems. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr501UACgkQ9CaO5/Lv0PDpeQCeN8N2bafd76hqSoC0nkL0HrrB IPcAniLwedtgKdxAFucoSzQ1hAex+iLn =TvCB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 5.5.25 - Multiple Connectors and performance lost
Caldarale, Charles R wrote: From: Simão Fontes [mailto:simao.fon...@fccn.pt] Subject: tomcat 5.5.25 - Multiple Connectors and performance lost I have 4 web applications that communicate with each other. My problem consists in getting the information form the various applications when the number of threads is reached only by one application. Perhaps you could create a filter for each webapp that monitors the number of concurrent threads for its webapp and rejects (or queues) requests that exceed some pre-defined limit. But somehow this sounds to me like a problem in the design of the application. If A must call B to get a full response to the client, but A and B compete for a single resource pool, then why not combine them into one single A+B process and be done with the competition ? In addition to saving the overhead of A calling up B. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat: bandwidth limiter / transfer rate limit ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carlos, On 11/10/2009 8:47 AM, Cae Fernandes wrote: Is there any kind of bandwidth limiter ou transfer rate limiter readily available for tomcat? I know that for apache 2.2.x there is: mod_curb - http://www.steve.org.uk/Software/mod_curb/ mod_cband - http://codee.pl/cband.html Would it be acceptable for you to use Apache httpd in front of Tomcat? This seems like a reasonable reason to add it to your configuration. This type of thing seems to be best left to your network hardware: traffic shaping, QOS, etc. are often implemented at those layers so that you don't have to complicate your deployments with extra crap like this. Silly question: why not serve apps at full speed? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr51SMACgkQ9CaO5/Lv0PCUKQCfXLMDb+JUSSS2zrHwru90mrs3 jWYAnRMfeeCr/Fkiw2hnk9zvqjLNnrQ9 =/6qL -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] WebappClassLoader and undeploy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 11/9/2009 6:47 PM, Mark Thomas wrote: Give this a go: http://svn.apache.org/repos/asf/tomcat/trunk/java/org/apache/catalina/core/JreMemoryLeakPreventionListener.java You gotta love Sun: private static boolean defaultUseCaches = true; ... protected boolean useCaches = defaultUseCaches; ... public void setUseCaches(boolean usecaches) { if (connected) throw new IllegalStateException(Already connected); useCaches = usecaches; } So, not only do you have to create an instance of this class in order to set the value of a static member (duh!), you also can't change the default under certain circumstances that are local to the instance you're trying to use. Stupid, stupid, stupid. :( - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr516AACgkQ9CaO5/Lv0PBeKwCdFHKLDklbGes+AdYKx7bWYSNu bmgAn1sHYeTry1cnzu88Vek6Bk4oMzdc =7mhb -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat startup exception
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 11/9/2009 11:08 AM, Pid wrote: On 09/11/2009 15:46, André Warnier wrote: and mimsy were the borogroves Aha! You've employed the Inclined Sandle Variation presuming that will flummox me; but I have the perfect riposte: marmoset singlehat. Sadly, this mailing list is mirrored multiple places. Otherwise, Inclined Sandle Variation would be a Google Thwack. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr51CMACgkQ9CaO5/Lv0PDKeACgsI4TYH9NaXtIdz488lPD3GHh RbIAoMOHrtM63KldQolT7X6C31yThVxT =fOM2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Want to customise the tomcat's session logic
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 11/9/2009 9:55 PM, André Warnier wrote: Christopher Schultz wrote: I wish you'd tell us what the heck you're trying to do because I'm certain there's an easier way to do it. Like maybe just add an attribute to the session, containing the path where the session was begat ? (if I remember the original exposé correctly) I was thinking of something even slightly more brute-force-y like: Write a filter (my favorite!) that you map multiple times to your webapp, once for each URI segment that represents the old, separate webapps. The filter wraps the request which wraps HttpSession objects handed-out by the requests. The HttpSession wrapped is configured with the URI segment from the old webapp and basically represents a prefix used to prepend to all session keys. The HttpSession object you get from the wrapper only gives you access to keys that have the proper prefix. So, the real session has data like: /oldWebappA:foo - This is a string from the old 'A' /oldWebappB:foo - This is a string from the old 'B' When the code from oldWebappA requests the value for the key foo, the wrapped HttpSession prepends /oldWebappA: to the beginning of the key and returns This is a string from the old 'A'. When the code from oldWebappB does the same, it gets This is a string from the old 'B'. You can also go crazy and use a search order like: a. If URI + key has a value, return that b. else, return value for just the bare key This would allow sessions to share /some/ data, but everything else would be segmented. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr50owACgkQ9CaO5/Lv0PBPfgCePjtorZAbO159mYG6FR+JSoGN /7oAnRJ1WSS6t73jk1SgcvHOK0jLj2YW =kKky -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Uploading Images - Refresh Directory
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 mshowers, On 11/10/2009 9:14 AM, mshowers wrote: Looking for some help - I am using DWR (ajax) to upload image files to my web app. The app is running on Tomcat v6.0. I'm putting the files into a directory in WebContent\images or WebContent\images\sub directories Is that directory inside the deployment directory of your webapp? Don't do that! When I upload the images, I then want to display them on my page. heres the problem[:] Even if I reload the page, the images will not appear on the page untill I go into the eclipse IDE and REFRESH the WebContent or Images directory. What does REFRESH do in Eclipse? Does it re-deploy/reload the webapp? If so, then you're hitting Tomcat's directory-caching behavior which makes it difficult to put new files into the deployment directory while Tomcat is running. Again, don't do that! Any suggestions as to how I can get around this? Put your files somewhere else, and map a URI in your web application to a servlet that can fetch the files (and/or directory listings) from that other directory. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr50IoACgkQ9CaO5/Lv0PCPdQCcCRMlLLeREidPj+GY+1AW0Deb GJkAn2l75eKsvM2lCRENCfJhO+3Od/mL =VDng -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Of the dissemination, or globalisation, of Tomcat knowledge
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 11/10/2009 3:55 PM, Rainer Jung wrote: On 10.11.2009 21:32, Christopher Schultz wrote: Could you provide the translation? www.lmgttfy.com? http://translate.google.com/translate_t?hl=enie=UTF-8text=Nach+der+Mittagspause+stellte+Mark+Thomas+im+Tomcat-Track+die+Neuerungen+in+Tomcat+7+vor.+Die+neue+Tomcat-Version+wird+die+Servlet-3.0-API+unterst%C3%BCtzen.+Die+API-Implementierung+ist+weit+fortgeschritten+%E2%80%93+soweit+die+API-Definition+selbst+schon+stabil+ist.+Zu+den+neuen+Funktionen+geh%C3%B6rt+unter+anderem+die+asynchronene+Requestverarbeitung.+Diese+erlaubt+neue+Kommunikationsformen+in+Webanwendungen+etwa+im+AJAX-Umfeld.+Der+Tomcat+Manager%2C+%C3%BCber+den+neue+Applikationen+deployed+werden+k%C3%B6nnen%2C+wurde+vor+allem+im+Hinblick+auf+Sicherheit+%C3%BCberarbeitet.+Mit+embedded+Tomcat+hat+man+eine+M%C3%B6glichkeit+geschaffen%2C+Tomcat+sehr+einfach+in+Java+Code+zu+instanziieren+und+integriert+mit+der+Applikation+auszuliefern.+Embedded+Tomcat+ist+sehr+leichtgewichtig+und+weist+nur+wenige+Bibliotheksabh%C3%A4ngigkeiten+auf.+sl=detl=en# No idea why google inserts power. There's nothing like that in the German original ... It's because it sounds cooler. Which do you prefer? Choice 1: Yesterday, I went to the store. Choice 2: Yesterday, I want to the *power* store! Checkmate. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr52KoACgkQ9CaO5/Lv0PAvMACePokZ+YpkDPPMmksLJeJL+lG/ bW8AnjDym2Xd7kM4FqFLsIBnpfOBhT8X =PrMI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 5.5.25 - Multiple Connectors and performance lost
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 11/10/2009 4:02 PM, André Warnier wrote: Caldarale, Charles R wrote: From: Simão Fontes [mailto:simao.fon...@fccn.pt] Subject: tomcat 5.5.25 - Multiple Connectors and performance lost I have 4 web applications that communicate with each other. My problem consists in getting the information form the various applications when the number of threads is reached only by one application. Perhaps you could create a filter for each webapp that monitors the number of concurrent threads for its webapp and rejects (or queues) requests that exceed some pre-defined limit. But somehow this sounds to me like a problem in the design of the application. If A must call B to get a full response to the client, but A and B compete for a single resource pool, then why not combine them into one single A+B process and be done with the competition ? In addition to saving the overhead of A calling up B. Wait... are you suggesting that the OP replace a method call via HTTP with a straight-up Java method call? That's crazy! Haven't you ever heard of SOA? If he didn't use an HTTP call, he wouldn't be able to say that he's got services. ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr52QEACgkQ9CaO5/Lv0PCwOgCbB6CSu0wyn+R3bbpn8Fd/jDrQ 9YgAoKQz0t+bJtWroDFtA8x+POBX3pft =SKmx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Of the dissemination, or globalisation, of Tomcat knowledge
Rainer Jung wrote: On 10.11.2009 21:32, Christopher Schultz wrote: Could you provide the translation? www.lmgttfy.com? http://translate.google.com/translate_t?hl=enie=UTF-8text=Nach+der+Mittagspause+stellte+Mark+Thomas+im+Tomcat-Track+die+Neuerungen+in+Tomcat+7+vor.+Die+neue+Tomcat-Version+wird+die+Servlet-3.0-API+unterst%C3%BCtzen.+Die+API-Implementierung+ist+weit+fortgeschritten+%E2%80%93+soweit+die+API-Definition+selbst+schon+stabil+ist.+Zu+den+neuen+Funktionen+geh%C3%B6rt+unter+anderem+die+asynchronene+Requestverarbeitung.+Diese+erlaubt+neue+Kommunikationsformen+in+Webanwendungen+etwa+im+AJAX-Umfeld.+Der+Tomcat+Manager%2C+%C3%BCber+den+neue+Applikationen+deployed+werden+k%C3%B6nnen%2C+wurde+vor+allem+im+Hinblick+auf+Sicherheit+%C3%BCberarbeitet.+Mit+embedded+Tomcat+hat+man+eine+M%C3%B6glichkeit+geschaffen%2C+Tomcat+sehr+einfach+in+Java+Code+zu+instanziieren+und+integriert+mit+der+Applikation+auszuliefern.+Embedded+Tomcat+ist+sehr+leichtgewichtig+und+weist+nur+wenige+Bibliotheksabh%C3%A4ngigkeiten+auf.+sl=detl=en# No idea why google inserts power. There's nothing like that in the German original ... It looks like it is having problems with stuff like unter anderem and über dem. No wonder though. It takes about 50 years to learn German, and Google's bot hasn't been around that long. Even after 50 years, some Germans from some regions still don't manage it either. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Of the dissemination, or globalisation, of Tomcat knowledge
André Warnier wrote: Rainer Jung wrote: On 10.11.2009 21:32, Christopher Schultz wrote: Could you provide the translation? www.lmgttfy.com? http://translate.google.com/translate_t?hl=enie=UTF-8text=Nach+der+Mittagspause+stellte+Mark+Thomas+im+Tomcat-Track+die+Neuerungen+in+Tomcat+7+vor.+Die+neue+Tomcat-Version+wird+die+Servlet-3.0-API+unterst%C3%BCtzen.+Die+API-Implementierung+ist+weit+fortgeschritten+%E2%80%93+soweit+die+API-Definition+selbst+schon+stabil+ist.+Zu+den+neuen+Funktionen+geh%C3%B6rt+unter+anderem+die+asynchronene+Requestverarbeitung.+Diese+erlaubt+neue+Kommunikationsformen+in+Webanwendungen+etwa+im+AJAX-Umfeld.+Der+Tomcat+Manager%2C+%C3%BCber+den+neue+Applikationen+deployed+werden+k%C3%B6nnen%2C+wurde+vor+allem+im+Hinblick+auf+Sicherheit+%C3%BCberarbeitet.+Mit+embedded+Tomcat+hat+man+eine+M%C3%B6glichkeit+geschaffen%2C+Tomcat+sehr+einfach+in+Java+Code+zu+instanziieren+und+integriert+mit+der+Applikation+auszuliefern.+Embedded+Tomcat+ist+sehr+leichtgewichtig+und+weist+nur+wenige+Bibliotheksabh%C3%A4ngigkeiten+auf.+sl=detl=en# No idea why google inserts power. There's nothing like that in the German original ... I tried the French translation, and it also has the same power issue in that language : Parmi les nouvelles fonctionnalités incluent la demande de puissance de traitement asynchrone. Which, translated back to English, gives about this : Among the new functionalities include the request of asynchronous processing power. I guess if we let it go through 2 or 3 iterations like that, what Mark said might sound like real gibberish. I don't know, maybe it was, I wasn't there this time. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Of the dissemination, or globalisation, of Tomcat knowledge
On 10.11.2009 22:30, André Warnier wrote: Rainer Jung wrote: On 10.11.2009 21:32, Christopher Schultz wrote: Could you provide the translation? www.lmgttfy.com? http://translate.google.com/translate_t?hl=enie=UTF-8text=Nach+der+Mittagspause+stellte+Mark+Thomas+im+Tomcat-Track+die+Neuerungen+in+Tomcat+7+vor.+Die+neue+Tomcat-Version+wird+die+Servlet-3.0-API+unterst%C3%BCtzen.+Die+API-Implementierung+ist+weit+fortgeschritten+%E2%80%93+soweit+die+API-Definition+selbst+schon+stabil+ist.+Zu+den+neuen+Funktionen+geh%C3%B6rt+unter+anderem+die+asynchronene+Requestverarbeitung.+Diese+erlaubt+neue+Kommunikationsformen+in+Webanwendungen+etwa+im+AJAX-Umfeld.+Der+Tomcat+Manager%2C+%C3%BCber+den+neue+Applikationen+deployed+werden+k%C3%B6nnen%2C+wurde+vor+allem+im+Hinblick+auf+Sicherheit+%C3%BCberarbeitet.+Mit+embedded+Tomcat+hat+man+eine+M%C3%B6glichkeit+geschaffen%2C+Tomcat+sehr+einfach+in+Java+Code+zu+instanziieren+und+integriert+mit+der+Applikation+auszuliefern.+Embedded+Tomcat+ist+sehr+leichtgewichtig+und+weist+nur+wenige+Bibliotheksabh%C3%A4ngigkeiten+auf.+sl=detl=en# No idea why google inserts power. There's nothing like that in the German original ... It looks like it is having problems with stuff like unter anderem and über dem. No wonder though. It takes about 50 years to learn German, and Google's bot hasn't been around that long. Even after 50 years, some Germans from some regions still don't manage it either. :) Or maybe that's the real power of open source ... - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
HttpSessionListener sessionDestroyed only called once for sessionID
hello, I run jbossweb-tomcat55.sar inside jboss-4.0.5.CR1 I have one EAR file with two WAR files inside. I added HttpSessionListener in web.xml to both wars. If I request both war files from the same browser I have two HttpSession objects with different hash but with the same sessionID. That is exacly what I expected. but sessionDestroyed is only called for the first HttpSession object and never for the second ! furthermore sessionDestroyed is never called again for this sessionID also if new HttpSessions with new hash and same sessionID are created ! If I request the war file with the not destroyed session object again, there is never a new session created. thanks in advance -- View this message in context: http://old.nabble.com/HttpSessionListener-sessionDestroyed-only-called-once-for-sessionID-tp26291791p26291791.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HttpSessionListener sessionDestroyed only called once for sessionID
mauroS wrote: hello, I run jbossweb-tomcat55.sar inside jboss-4.0.5.CR1 I have one EAR file with two WAR files inside. I added HttpSessionListener in web.xml to both wars. If I request both war files from the same browser I have two HttpSession objects with different hash but with the same sessionID. That is exacly what I expected. but sessionDestroyed is only called for the first HttpSession object and never for the second ! furthermore sessionDestroyed is never called again for this sessionID also if new HttpSessions with new hash and same sessionID are created ! If I request the war file with the not destroyed session object again, there is never a new session created. I don't know what the Java gurus here are going to say about that, but as far as I am concerned, it seems that you got exactly what you deserved. Is there a real use case for something like that in Java ? Ignore this non-technical comment, it was from the heart, not the brain. The world is full of wonders. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HttpSessionListener sessionDestroyed only called once for sessionID
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mauro, On 11/10/2009 4:44 PM, mauroS wrote: I run jbossweb-tomcat55.sar inside jboss-4.0.5.CR1 I have one EAR file with two WAR files inside. I added HttpSessionListener in web.xml to both wars. If I request both war files from the same browser I have two HttpSession objects with different hash but with the same sessionID. That is exacly what I expected. What do you mean different hash? If you have a single session id, I would expect that you'd only one session. but sessionDestroyed is only called for the first HttpSession object and never for the second ! This is what I would expect if there is only one session. I don't know how JBoss handles multiple WARs in EAR files (I'm not familiar with the specs for EAR deployment), but it's possible that this is intended behavior. Do you have documentation which suggests this is /not/ correct behavior? furthermore sessionDestroyed is never called again for this sessionID also if new HttpSessions with new hash and same sessionID are created ! Again, what is this hash thing? Session ids shouldn't be re-used... at least not for a very long time. If I request the war file with the not destroyed session object again, there is never a new session created. So, the sessionDestroyed method is called, yet the session appears to continue to live and be accessible? Yikes. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr54hUACgkQ9CaO5/Lv0PBWCwCeILogm+f3BMEbjvVGOVmGDTjU fFAAoJe+RgjaomSw4eoJKSxDS62t/1Jl =h1y1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HttpSessionListener sessionDestroyed only called once for sessionID
On 10/11/2009 21:44, mauroS wrote: hello, I run jbossweb-tomcat55.sar inside jboss-4.0.5.CR1 I have one EAR file with two WAR files inside. I added HttpSessionListener in web.xml to both wars. If I request both war files from the same browser Request the war file? That sounds, well, a little imprecise, what *exactly* are you requesting? I have two HttpSession objects with different hash but with the same sessionID. They're in different classloaders, (assuming you mean .hashCode()), so that's expected. This information is important, why? How do you know this, what code are you using? What code is in your Listener? That is exacly what I expected. I'd be surprised to see the same sessionId from both apps, if they are indeed separate apps. but sessionDestroyed is only called for the first HttpSession object and never for the second ! But you said it's the same session id, so if it was destroyed once, why would it be destroyed again? furthermore sessionDestroyed is never called again for this sessionID Why would it be, if it was already destroyed? also if new HttpSessions with new hash and same sessionID are created ! If I request the war file with the not destroyed session object again, there is never a new session created. So you destroyed a session, and then made another request, and when you did a new session was created. Surprise? Not really. thanks in advance Err, right. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HttpSessionListener sessionDestroyed only called once for sessionID
Request the war file? That sounds, well, a little imprecise, what *exactly* are you requesting? I request with a browser the doGet method of a servlet, inside the toGet I call request.getSession(true); They're in different classloaders, (assuming you mean .hashCode()), so that's expected. This information is important, why? I think a war file must have different classLoaders because one war should never see objects from an other war, but I'm not an expert for this topic. This information is important because I clear caches for the session object and the destroy method is not called for all created sessions. How do you know this, what code are you using? What code is in your Listener? se.getSession().hashCode() - different hash se.getSession().getId() - same ID But you said it's the same session id, so if it was destroyed once, why would it be destroyed again? because only the ID is the same, but multiple HttpSession objects are created So you destroyed a session, and then made another request, and when you did a new session was created. Surprise? Not really. NO, no new session is created - the old not destroyed one is used ! -- View this message in context: http://old.nabble.com/HttpSessionListener-sessionDestroyed-only-called-once-for-sessionID-tp26291791p26292441.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HttpSessionListener sessionDestroyed only called once for sessionID
What do you mean different hash? the hasCode of the java object So, the sessionDestroyed method is called, yet the session appears to continue to live and be accessible? Yikes I have HttpSessionObj1 with ID 1 and hash A HttpSessionObj2 with ID 1 and hash B A is destroyed B is never destroyed and is accessible . -- View this message in context: http://old.nabble.com/HttpSessionListener-sessionDestroyed-only-called-once-for-sessionID-tp26291791p26292526.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: remote debug
To whom it may concern, mgthe friendliest greeting ive seen all week mgcontact us...@maven.apache.org and display your pom.xml (and location of your repositories) On 11/10/2009 2:18 AM, maven apache wrote: hi: I am so sorry to ask this problem again but I do can not make it work. I have seen the faq, and the doc pages,also I go to the goole to search but mgnew search engine??? .. I am using tomcat6.0.zip,and my project is managed by maven,so the web module I do not know how to debug,although I know how to debug a common dynamic web project and add breakpoints . But the web module is not a common web project.I have no idea. Someone tell me I can use remote debug for the web module ,however when I try to connect the server,it can not connect . So I want to know if the remote debug can be used for the web module in maven,if it is,how to config the debug? It's not at all clear what you are doing, here. If you are using some kind of Maven-specific webapp deployment, I would ask the Maven folks if they have any ideas. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr52l0ACgkQ9CaO5/Lv0PB5twCgt7kekyiZoXcfcRkaYWqAiSqR a+YAoKgbZ6wBEKY0O2UXzFnO8zHRadgh =Aua2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Windows 7: Unclutter your desktop. http://go.microsoft.com/?linkid=9690331ocid=PID24727::T:WLMTAGL:ON:WL:en-US:WWL_WIN_evergreen:112009
Re: tomcat: bandwidth limiter / transfer rate limit ?
Well, I've never run Apache before, I've been looking into MPM configuration for tomcat, but it seems like running apache may be too much for tomcat, and I`m afraid it could hurt performance in comparison to coyoto. Even though I've seen a comparison between tomcat and apache httpd mpm, and tomcat doesn't even come close until run with APR/native, then it comes close. But tomcat+coyote is just easier to setup. I'm still looking for a tomcat solution, if I don't find any I will maybe give apache httpd a try. I wanna do a per-user basis transfer rate limit. My business core sort of depends on this. It could be like a rapidshare type of business. Any other ideas? Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carlos, On 11/10/2009 8:47 AM, Cae Fernandes wrote: Is there any kind of bandwidth limiter ou transfer rate limiter readily available for tomcat? I know that for apache 2.2.x there is: mod_curb - http://www.steve.org.uk/Software/mod_curb/ mod_cband - http://codee.pl/cband.html Would it be acceptable for you to use Apache httpd in front of Tomcat? This seems like a reasonable reason to add it to your configuration. This type of thing seems to be best left to your network hardware: traffic shaping, QOS, etc. are often implemented at those layers so that you don't have to complicate your deployments with extra crap like this. Silly question: why not serve apps at full speed? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr51SMACgkQ9CaO5/Lv0PCUKQCfXLMDb+JUSSS2zrHwru90mrs3 jWYAnRMfeeCr/Fkiw2hnk9zvqjLNnrQ9 =/6qL -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/tomcat%3A-bandwidth-limiter---transfer-rate-limit---tp26283656p26293424.html Sent from the Tomcat - User mailing list archive at Nabble.com.
Re: tomcat: bandwidth limiter / transfer rate limit ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cae, On 11/10/2009 6:36 PM, Cae Fernandes wrote: I wanna do a per-user basis transfer rate limit. My business core sort of depends on this. It could be like a rapidshare type of business. If you can't do this with a piece of network hardware, I think you might have to write it yourself. I have no experience or familiarity whatsoever with Tomcat's Comet interfaces, but use of that type of connector might improve your throughput if you are intentionally stalling your response (or request) streams. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr6DycACgkQ9CaO5/Lv0PD2igCdHL0ZYhVAqbshfdKFIMY5+jjV Ck8AnAleVwRi7783zmWd3HPWI833Mn0j =eUnf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] WebappClassLoader and undeploy
Sorry Mark. Well this class loading scheme (context class loader - static variable) sounds little like a bug. Thanks for that startup class. I think it will solve a problem that we have (using imageio). So you just add it as high up as possible in the server.xml hierarchy? E - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: debugging model classes tied to Tomcat datasources
I'll bet the only thing your code does with a JNDI string is perform the lookup and get a Datasource. You could implement multiple constructors allowing your code to be initialized w/ a JNDI string, DataSource object, or url/username/password. The code utilizing the model classes would simply create them using which ever constructor it has data for. --David David, Sorry for the late reply (this darn this called life keeps butting in). This approach is working for me; thanks for offering it. Charles Mark, thank for your responses as well. Sincerely, Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Comet response is set to empty HTTP 200 reply by the framework problem
200 OK is immediate, but the body is left open. meaning, the chunk is left. you can share your tcpdump and tomcat logs Filip On 11/10/2009 07:08 AM, georgi danov wrote: Hi, I have a CometProcessor servlet that receives events and queues them for processing by separate thread pool (a.k.a. asynchronous processor). I do that because I could get 1000s of concurrent requests for job that includes IO wait and I don¹t want to have 1000s of threads lying around waiting for IO. My IO signals me when the response is ready, so I pull the respective CometEvent instance, write to the reply and gracefully close the message. I¹ve read number of documents and posts on this mail list and I think I am doing the things correctly, however 1 out of 500 messages gives me problem. The problem is that the client immediately gets HTTP 200 reply with empty body from the server without my application having a chance to write to the outputStream. This happens both using the NIO and the regular (with ARP) connectors. Both using persistent and non-persistent connections. When looking at tcp dump I see that the response is given practically immediately. Setting the event timeout to 1 sec does not help. I can see also that the client is behaving well, because when I use persistent connection, the conversation goes on after the faulty message and the next messages are OK. I am pretty sure I am doing something wrong with handling the cometevent, but not sure where to start. For one thing I am confused where and when should the event.close() invocation be I've seen on this mailing list both the advice to put it in the end event handling and right after I finish writing to the stream. Thanks Georgi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Hand Authentication to Apache
Tomcat 6 has been installed by my hosting provider, and I don't know how it is connected to Apache. I'm not a technical expert, and I'm only looking for a solution. This is my server.xml Server port=21305 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=21309 protocol=AJP/1.3 / Engine name=Standalone defaultHost=pa.be jvmRoute=tomcat114 Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=pa.be appBase=/home/virtual/site231/fst/var/www/html unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Aliaswww.pa.be/Alias --- On Tue, 11/10/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: Hand Authentication to Apache To: Tomcat Users List users@tomcat.apache.org Date: Tuesday, November 10, 2009, 9:15 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ivan, On 11/10/2009 2:26 PM, Ivan Eulaers wrote: Today, Tomcat has been installed on my server. When I now want to access those secured directories, I get an error by Tomcat The requested resource is not available. How can I repair this? Are you trying to replace Apache httpd with Tomcat? If so, Tomcat doesn't support .htaccess files. I've tried adding tomcatAuthentication=false to Connector port=21309 protocol=AJP/1.3 / and restarted Tomcat, but this was not the solution. tomcatAuthentication=false will allow any authentication information from Apache httpd to flow into Tomcat, but you still have to configure access appropriately based upon roles. Users should be able to browse certain subdirectories as follow: - User A, B, C should be able to access https://www.../extranet/client1/ and its subdirectories - User A, D, E, F should be able to access https://www.../extranet/client2/ and its subdirectories .htaccess-listing = # STRONG HTACCESS PROTECTION Files ~ ^.*\.([Hh][Tt][Aa]) What, no access to .../.htable files? It's tough to guess what is being forwarded to Tomcat. Can you show us your JkMount or Proxy directives that you have configured? Also, please provide a specific example of a URL that fails to load properly, what the error is, and what you expected to happen. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkr5yfYACgkQ9CaO5/Lv0PDPLACeIP2nLA8U8yB2W8BH1rkbswZx gYkAnR3q1h80kufY3dZx1dFaCTuXKig/ =yloJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org