FW: Tomcat 6.0.20 Causes Kernel Crash on Linux
-Original Message- From: Timir Hazarika (thazarik) Sent: Wednesday, November 18, 2009 1:21 PM To: Amol Wate (awate) Subject: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux Amol, I'm not sure this question reached the list, would you forward it please ? Further, I see the following trace caused kernel panic: Stack traceback for pid 5518 0x810092cfae80 5518 5477 12 R 0x810092cfb180 *java rspripFunction (args) 0x810079a1bd38 0x805a5a5f sock_get_ops+0x1f (0x0) 0x810079a1bd80 0x8820cc46 [ad]ad_layer_revert+0x56 (0x810075077000) 0x810079a1bdb0 0x8820cd21 [ad]ad_layer_release+0x11 (0x810075077000) 0x810079a1bdd0 0x805a4e4b sock_release+0x5b (0x810075077000) 0x810079a1bdf0 0x805a5ce6 sock_close+0x26 (0x810075077050) 0x810079a1be10 0x802857e8 __fput+0x178 (0x81009b69d100) 0x810079a1be50 0x80285836 fput+0x16 (invalid) 0x810079a1be60 0x805a648c sys_accept+0x1dc (invalid, 0xfd7fe8b4, 0xfd7fe8b0) 0x810079a1bf40 0x805c0f43 compat_sys_socketcall+0xa3 (invalid) 0x810079a1bf80 0x80220452 ia32_sysret (invalid, invalid, invalid, invalid) Thanks in advance, Timir -Original Message- From: Timir Hazarika (thazarik) Sent: Tuesday, November 17, 2009 5:21 PM To: 'users@tomcat.apache.org' Subject: Tomcat 6.0.20 Causes Kernel Crash on Linux Folks, Are there any known memory issues with tomcat 6.0.20 ? This build causes a kernel panic on my linux box with Java 5. I'd been using 6.0.18 without any issues on the same configuration. http://markmail.org/message/mrpgvn4mqvyrq64a reports a memory leak, though I don't have enough debugs to say it matches mine. All I have is: BUG: unable to handle kernel NULL pointer dereference at virtual address printing eip: c05d9144 *pdpt = 2db52001 *pde = Oops: [#1] This problem is consistently reproducible on 6.0.20, and magically disappears upon switching back to 6.0.18. What am I missing ? Thanks in advance, Timir - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Virtual hosts on tomcat 5.5.15
Hi everybody, currently I am running a few virtual domains on a root server with tomcat 5.5.15 installed. So far everything works fine. Now I just wanted to upgrade to the latest 5.5.x series in fact migrate to version 5.5.28. For example a virtual host on tomcat 5.5.15 has been configured as follows: Host name=www.blah.de debug=0 unpackWARs=true appBase=/home/blah Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=virtual_log. suffix=.txt timestamp=true/ Context path= docBase= debug=0 reloadable=true/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=virtual_log. suffix=.txt pattern=common resolveHosts=false/ /Host Works fine without any problems. If I switch now to Tomcat 5.5.28 the context is beeing deployed and the JSP pages are accessible, but the whole WEB-INF folder including web.xml and taglibs cannot be found. I've noticed this behaviour with all tomcat versions later than 5.5.15. Does anybody know if some configuration ore something else has changed? Unfortunately I could not find any changelog or any other information about this issue. Does anybody have an idea, what's going wrong? Any suggestions are really appreciated. Cheers Matthias - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Importing CERTIFICATE into Java Keystore
Hi. I have an IDM instance setup. I am currently trying to configure and set-up an LDAP Resource. During the configuration, I got the error : Could not connect to the LDAP server api.csc.fi. == javax.naming.CommunicationException: simple bind failed: api.csc.fi:636 Upon extensive research (on Tomcat websites, as well as Forums), I got the notion that I needed to import the ldapCertificate into my JAVA Keystore, otherwise it would be impossible for IDM to successfully connect to LDAP. I am using Apache Tomcat as my application server. I was able to locate several online documents which explained how to import a trusted certificate into the Keystore (unfortunately, these documents seem to give several different solutions to the same problem). Eventually, I decided to use the following command at my command-prompt : keytool -importcert -alias abc -file ABCCA.cer (where abc is the alias) The import was successful. However, I am still getting the same error on my LDAP configuration. Am I doing something wrong? Is there something ELSE I need to do ? Best regards, Stephen _ Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
Re: Secure login only, not rest of app
Robert Denison wrote: Thanks peter, Don't suppose anyone can point me to any documentation that talks about getting caching working properly for tomcat and static content can they? A good caching tutorial is http://www.mnot.net/cache_docs/ The best site for web performance in general is http://developer.yahoo.com/performance/rules.html Tools for checking these rules are YSlow (http://developer.yahoo.com/yslow/) and http://www.webpagetest.org/ The most important rules are * Reduce number of requests (by consolidating scripts, style sheets and images), * Reduce data volume (e. g., by compression), * Allow re-use by caching, * Keep persistent connections, * Avoid sending cookies for static objects. If you have to serve users in a different continent than where your servers are, you should also think about using a CDN. Persistent connections are especially important with SSL, because SSL connection setup is expensive. Regards, Oliver Schoett - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: MISC; Tomcat-5.5.12; After one Tomcat Cluster node shutdown, sessionDestroyed been called before contextDestroyed
On 18/11/2009 01:10, Imad Hachem wrote:
Dear Pid,
After one Tomcat Cluster node shutdown, what kind of variables (that might
come as null) I should rely on to know that my node has been stoped.
Why do they need to be null?
You're *still* not explaining why you think they should be null - simply
asserting that they are null does not explain why this should be the case.
Please provide an explanation as to why the variable that you have set
to a known value, should suddenly stop being that value and be unset, or
be null.
What is causing it to change?
When you manually shutdown a particular node, you are setting the
MANUAL_STOP attribute to true or 1 or some known value.
You only need to know this in the HttpSessionListener so you can
determine whether the sessions are expiring because the node is stopping.
If the value is null, then the node is not being manually stopped, and
so in all probability the sessions are expiring naturally.
I need to know if my sessionDestroyed has been called from a
session.invalidate Event OR session timeout OR Tomcat Cluster node
shutdown.
If you control the application, then you can always ensure that the
session.invalidate() method is accompanied by your custom log out code.
The other two conditions should be covered by the code described previously.
p
Best Regards,
Imad Hachem
System Engineer
From: p...@pidster.com
Date: Wed, 18 Nov 2009 00:19:07 +
Subject: Re: MISC; Tomcat-5.5.12; After one Tomcat Cluster node shutdown,
sessionDestroyed been called before contextDestroyed
To: users@tomcat.apache.org
On 18 Nov 2009, at 00:07, Imad Hachemhachem_i...@hotmail.com wrote:
Dear Pid,
find below my explanation:
1. Manually set an attribute (e.g. MANUAL_STOP=1) in application scope
2. Manually shutdown Tomcat instance.
3. Tomcat expires all sessions
4. Tomcat fires HttpSessionListener.sessionDestroyed for each session
5. custom code checks for, and finds, attribute (e.g. MANUAL_STOP=1)
if(MANUAL_STOP == null){ // Tomcat Cluster Node Shutdown
//don't do anything
}
else{ // case of session.invalidate or session timeout
6. custom code does logout per session
}
8. Tomcat fires ServletContextListener.contextDestroyed for each app
But in fact, the variable MANUAL_STOP saved to the application scope
is always coming as 1, even after tomcat cluster node shutdown which
expected to come as null.
Yes. The value 1 is expected - you're not explaining why you think it
should be null.
p
I need to know if my sessionDestroyed has been called from a
session.invalidate Event OR session timeout OR Tomcat Cluster node
shutdown.
Best Regards,
Imad Hachem
System Engineer
Date: Tue, 17 Nov 2009 16:23:16 +
From: p...@pidster.com
To: users@tomcat.apache.org
CC: ihac...@lb.path-solutions.com
Subject: Re: MISC; Tomcat-5.5.12; After one Tomcat Cluster node
shutdown, sessionDestroyed been called before contextDestroyed
On 17/11/2009 16:11, Imad Hachem wrote:
Dear Pid,
I am expecting them to come as null to know that the Tomcat Node
(or context) has been shutdown.
That makes no sense. These are the logical steps.
1. Manually set an attribute (e.g. MANUAL_STOP=1) in application
scope
2. Manually shutdown Tomcat instance.
3. Tomcat expires all sessions
4. Tomcat fires HttpSessionListener.sessionDestroyed for each session
5. custom code checks for, and finds, attribute (e.g. MANUAL_STOP=1)
6. custom code does logout per session
8. Tomcat fires ServletContextListener.contextDestroyed for each app
Perhaps you can explain, clearly, what you expect to happen and
where it
happens?
p
Best Regards,
Imad Hachem
System Engineer
Date: Tue, 17 Nov 2009 16:08:37 +
From: p...@pidster.com
To: users@tomcat.apache.org
CC: ihac...@lb.path-solutions.com
Subject: Re: MISC; Tomcat-5.5.12; After one Tomcat Cluster node
shutdown, sessionDestroyed been called before contextDestroyed
On 17/11/2009 15:57, Imad Hachem wrote:
Dear Pid,
I have tried to set application context variables, but it didn't
worked, since I m expecting to get these variables as null
values after node shutdown, but in fact they are coming as not
null.
If you set them as not null and they are not null why are you
surprised?
Why do you expect them to be null?
p
Best Regards,
Imad Hachem
System Engineer
Date: Tue, 17 Nov 2009 15:38:22 +
From: p...@pidster.com
To: users@tomcat.apache.org
Subject: Re: MISC; Tomcat-5.5.12; After one Tomcat Cluster node
shutdown, sessionDestroyed been called before contextDestroyed
On 17/11/2009 14:40, Ronald Klop wrote:
Hi Imad,
Ronald. (The Ronald of the link mentioned by Pid.)
Did the code supplied therein, work for you Ronald?
@Imad
The Servlet Spec (and therefore Tomcat) doesn't differentiate
between
causes of session expiry.
The code requires you to set a value in the application scope,
then the
HttpSessionListener sessionDestroyed method checks for that
value.
If the value is present, you initiated
Re: Virtual hosts on tomcat 5.5.15
On 18/11/2009 08:09, Matthias Pueski wrote: Hi everybody, currently I am running a few virtual domains on a root server with tomcat 5.5.15 installed. So far everything works fine. Now I just wanted to upgrade to the latest 5.5.x series in fact migrate to version 5.5.28. For example a virtual host on tomcat 5.5.15 has been configured as follows: Host name=www.blah.de debug=0 unpackWARs=true appBase=/home/blah Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=virtual_log. suffix=.txt timestamp=true/ Context path= docBase= debug=0 reloadable=true/ That'll cause you some problems. Do you have a META-INF/context.xml defined in your web app? Have a read of the docs about how to properly define a Context and give us a shout if you can't fix it. N.B. You'll probably have to rename the app ROOT.war or the exploded app dir ROOT. http://tomcat.apache.org/tomcat-5.5-doc/config/context.html p Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=virtual_log. suffix=.txt pattern=common resolveHosts=false/ /Host Works fine without any problems. If I switch now to Tomcat 5.5.28 the context is beeing deployed and the JSP pages are accessible, but the whole WEB-INF folder including web.xml and taglibs cannot be found. I've noticed this behaviour with all tomcat versions later than 5.5.15. Does anybody know if some configuration ore something else has changed? Unfortunately I could not find any changelog or any other information about this issue. Does anybody have an idea, what's going wrong? Any suggestions are really appreciated. Cheers Matthias - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how can I get info when tomcat 5.5 exited abnormally
messages log:
Nov 6 20:15:07 debian kernel: [22981271.685460] java[6530]: segfault at
47572a08 ip 7f329d66718d sp 475729f0 error 6 in
libnet.so[7f329d65a000+13000]
jdk: 1.6u14, amd64 cpu
2009/11/18 hu jingoal jingoa...@gmail.com
-- Forwarded message --
From: hu jingoal jingoa...@gmail.com
Date: 2009/11/18
Subject: how can I get info when tomcat 5.5 exited abnormally
To: users@tomcat.apache.org
My environment is : apache + two tomcat 5.5.
recently, tomcat exited abnomally without any info frequently.
in catalina.sh, I had CATALINA_OPTS=
-XX:ErrorFile=/usr/local/log/java_error_%p.log , but the file
java_error_*.log is not exist.
follows the url: http://tomcat.apache.org/tomcat-5.5-doc/logging.html, I
had added log4j setting, but the file ${catalina.home}/logs/tomcat.log
is zero length.
any suggestion is appreciated, thanks
jingoalhu
Re: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux
2009/11/18 Amol Wate (awate) aw...@cisco.com Are there any known memory issues with tomcat 6.0.20 ? This build causes a kernel panic on my linux box with Java 5. I'd been using 6.0.18 without any issues on the same configuration. http://markmail.org/message/mrpgvn4mqvyrq64a reports a memory leak, though I don't have enough debugs to say it matches mine. All I have is: BUG: unable to handle kernel NULL pointer dereference at virtual address printing eip: c05d9144 *pdpt = 2db52001 *pde = Oops: [#1] This problem is consistently reproducible on 6.0.20, and magically disappears upon switching back to 6.0.18. What am I missing ? Thanks in advance, Timir I suspect you're missing either a working Linux kernel, or working hardware :-). 6.0.20 is stable on a wide variety of OSs and hardware; something about yours is causing problems. Tomcat is not an unusual process - it doesn't expect anything in particular out of the OS or kernel, as it has to be so portable - so I'd contend that a kernel panic is indicative of problems outside Tomcat. 1) Are you *certain* the hardware is solid? Have you run memory testers etc across it? What is it, anyway, as you haven't told us? 2) Are you *certain* your Linux kernel is solid? What is it, anyway, as you haven't told us? Also, what JVM and are you using anything other than pure Java code (do you have tcnative installed, do you make any JNI calls, etc)? - Peter
Re: java.lang.ClassNotFoundException: org.apache.catalina.realm.CombinedRealm
2009/11/18 DJVege djv...@gmail.com: Hi guys, I'm quite simply trying to create a combined realm that will hold 2 JNDI realms, but am receiving the error above. I thought the realms were native to tomcat? I shouldn't need any extra lib/jar files, should I? Anyone know why I might be getting this error? Tomcat 6.0.18. Windows Server 2003. Use the latest version. CombinedRealm was added in 6.0.20. (or in 6.0.19, but that version was never released) http://tomcat.apache.org/tomcat-6.0-doc/changelog.html Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 6.0.16 + mod_jk 1.2.19 - request threads hanging up
Hi everyone, I'm having some issues with an Apache + Tomcat setup behaving strangely. Our Tomcat (6.0.16) servers have many ajp threads that are stuck executing the the native sendbb method of the class org.apache.tomcat.jni.Socket. [You can find an example stack trace at the end of this message.] Apparently, those threads have completed the elaboration of the original requests (it may have taken a while to do that), and they are trying to flush the output buffer. This happens frequently when our servers are under heavy load: Tomcat stays executing sendbb for a long time, and we usually find many threads which are stuck in that state. Every time this happens, the Tomcat process starts using a lot of CPU time, and it goes like that for a few hours, when it doesn't crash before. The traffic is routed to the Tomcat servers (belonging to a cluster of 4 nodes) by two Apache web servers (2.0.52) with mod_jk (1.2.19). We're having a hard time figuring out the cause for this behavior: it may depend on the interaction between mod_jk and Tomcat, but I couldn't find any definitive explanation for that by looking at the documentation and this list's archives. Any advice will be welcome :) Below you'll find the configuration properties of mod_jk (pay attention to the timeouts, are they too low?) and an example stack trace for one of the stuck threads. Thank you all. Regards, Alessandro Bahgat * Our configuration is: OS: Red Hat Enterprise Linux AS release 4 (Nahant Update 4) JVM: Sun 1.6.0_10 23 bit Apache: 2.0.52 mod_jk: 1.2.19 Tomcat: 6.0.16 * mod_jk properties: # DefineNode1 (applprod01) worker.applprod01.port=8009 worker.applprod01.host=###.###.###.### worker.applprod01.type=ajp13 worker.applprod01.lbfactor=1 worker.applprod01.connection_pool_size=1 worker.applprod01.socket_keepalive=true worker.applprod01.socket_timeout=5 worker.applprod01.connection_pool_timeout=5 * Sample stack trace for one of the hang up threads: ajp-8009-300 - Thread t...@962 java.lang.Thread.State: RUNNABLE at org.apache.tomcat.jni.Socket.sendbb(Native Method) at org.apache.coyote.ajp.AjpAprProcessor.flush(AjpAprProcessor.java:1181) at org.apache.coyote.ajp.AjpAprProcessor$SocketOutputBuffer.doWrite(AjpAprProcessor.java:1268) at org.apache.coyote.Response.doWrite(Response.java:560) at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:353) at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:434) at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:349) at org.apache.tomcat.util.buf.IntermediateOutputStream.write(C2BConverter.java:242) at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:202) at sun.nio.cs.StreamEncoder.implWrite(StreamEncoder.java:263) at sun.nio.cs.StreamEncoder.write(StreamEncoder.java:106) - locked org.apache.tomcat.util.buf.writeconver...@1d7d7b0 at java.io.OutputStreamWriter.write(OutputStreamWriter.java:190) at org.apache.tomcat.util.buf.WriteConvertor.write(C2BConverter.java:196) at org.apache.tomcat.util.buf.C2BConverter.convert(C2BConverter.java:81) at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:438) at org.apache.catalina.connector.CoyoteWriter.write(CoyoteWriter.java:143) at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:277) at java.io.PrintWriter.write(PrintWriter.java:382) - locked org.apache.jasper.runtime.jspwriteri...@1919913 at org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:119) at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:326) at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:342) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: authenticate LDAP across domains
we are using to tomcat 5.5.7. We are doing just that in our server.xml connectionURL= ldap:ldap.domain.com:port I found nothing in the documentation that allows you to set the domain. Any suggestions you have would be most appreciated. thanks! Pid Ster wrote: On 17/11/2009 14:25, nabbleQuestioner wrote: I am trying to use tomcat to authenticate using LDAP and configured the server.xml with no problems... the problem is that the request is not able to get to the Active directory because I am sending the request from a client that sits on domain A and the LDAP server sits on domain B. Is there any way to tell tomcat that I want a different domain that where I currently am? (tell tomcat what domain the active directory is sitting on)? Which Tomcat version are you using? What have you found when you searched the archives? Can't you just specify the connectionURL=ldap://ldap.domain.com;? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/authenticate-LDAP-across-domains-tp26390861p26406399.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux
Peter, we're talking a custom built linux server that has been in production for years. I'm wondering what's magical with 6.0.20 that causes my kernel such trouble, and why the problem doesn't surface with any of the earlier builds. I haven't changed any of the JNI in my system, or any code for that matter. Simply replace 6.0.18 by 6.0.20, start tomcat and ka-boom ? -Original Message- From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Sent: Wednesday, November 18, 2009 3:39 PM To: Tomcat Users List Subject: Re: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux 2009/11/18 Amol Wate (awate) aw...@cisco.com Are there any known memory issues with tomcat 6.0.20 ? This build causes a kernel panic on my linux box with Java 5. I'd been using 6.0.18 without any issues on the same configuration. http://markmail.org/message/mrpgvn4mqvyrq64a reports a memory leak, though I don't have enough debugs to say it matches mine. All I have is: BUG: unable to handle kernel NULL pointer dereference at virtual address printing eip: c05d9144 *pdpt = 2db52001 *pde = Oops: [#1] This problem is consistently reproducible on 6.0.20, and magically disappears upon switching back to 6.0.18. What am I missing ? Thanks in advance, Timir I suspect you're missing either a working Linux kernel, or working hardware :-). 6.0.20 is stable on a wide variety of OSs and hardware; something about yours is causing problems. Tomcat is not an unusual process - it doesn't expect anything in particular out of the OS or kernel, as it has to be so portable - so I'd contend that a kernel panic is indicative of problems outside Tomcat. 1) Are you *certain* the hardware is solid? Have you run memory testers etc across it? What is it, anyway, as you haven't told us? 2) Are you *certain* your Linux kernel is solid? What is it, anyway, as you haven't told us? Also, what JVM and are you using anything other than pure Java code (do you have tcnative installed, do you make any JNI calls, etc)? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux
2009/11/18 Timir Hazarika (thazarik) thaza...@cisco.com Peter, we're talking a custom built linux server that has been in production for years. I'm wondering what's magical with 6.0.20 that causes my kernel such trouble, and why the problem doesn't surface with any of the earlier builds. As you've provided no more information despite requests, we will also be wondering. We cannot help you to debug the problem with this little information on your environment and configuration. - Peter
Re: authenticate LDAP across domains
On 18/11/2009 11:43, nabbleQuestioner wrote: we are using to tomcat 5.5.7. You know the latest version is 5.5.28 right? Is it possible for you to upgrade? p We are doing just that in our server.xml connectionURL= ldap:ldap.domain.com:port I found nothing in the documentation that allows you to set the domain. Any suggestions you have would be most appreciated. thanks! Pid Ster wrote: On 17/11/2009 14:25, nabbleQuestioner wrote: I am trying to use tomcat to authenticate using LDAP and configured the server.xml with no problems... the problem is that the request is not able to get to the Active directory because I am sending the request from a client that sits on domain A and the LDAP server sits on domain B. Is there any way to tell tomcat that I want a different domain that where I currently am? (tell tomcat what domain the active directory is sitting on)? Which Tomcat version are you using? What have you found when you searched the archives? Can't you just specify the connectionURL=ldap://ldap.domain.com;? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux
Hm. I thoought all required information was in the last email. - Java 1.5.upd10 - Linux kernel, custom built 2.6.23, i586 What else from my environment can help ? -Original Message- From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Sent: Wednesday, November 18, 2009 5:35 PM To: users@tomcat.apache.org Subject: Re: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux 2009/11/18 Timir Hazarika (thazarik) thaza...@cisco.com Peter, we're talking a custom built linux server that has been in production for years. I'm wondering what's magical with 6.0.20 that causes my kernel such trouble, and why the problem doesn't surface with any of the earlier builds. As you've provided no more information despite requests, we will also be wondering. We cannot help you to debug the problem with this little information on your environment and configuration. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux
Oh, and the maxheap, minheap, permsize are all set to 512M. -Original Message- From: Timir Hazarika (thazarik) Sent: Wednesday, November 18, 2009 5:40 PM To: 'Tomcat Users List' Subject: RE: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux Hm. I thoought all required information was in the last email. - Java 1.5.upd10 - Linux kernel, custom built 2.6.23, i586 What else from my environment can help ? -Original Message- From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Sent: Wednesday, November 18, 2009 5:35 PM To: users@tomcat.apache.org Subject: Re: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux 2009/11/18 Timir Hazarika (thazarik) thaza...@cisco.com Peter, we're talking a custom built linux server that has been in production for years. I'm wondering what's magical with 6.0.20 that causes my kernel such trouble, and why the problem doesn't surface with any of the earlier builds. As you've provided no more information despite requests, we will also be wondering. We cannot help you to debug the problem with this little information on your environment and configuration. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Loading customized StandardContext subclass(
Hum Shame on me. I don't know what happened but I was writing an answer and I rechecked it with the common.loader key in catalina.properties : it worked ! I guess I mischecked that case (or with the libs not properly set) So, sorry for the noise and thank you for your quick answer, Konstantin. Best regards, Joël. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Virtual hosts on tomcat 5.5.15
From: Matthias Pueski [mailto:matth...@pueski.de] Subject: Virtual hosts on tomcat 5.5.15 Host name=www.blah.de debug=0 unpackWARs=true appBase=/home/blah Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=virtual_log. suffix=.txt timestamp=true/ There is no Logger element allowed in 5.5. Context path= docBase= debug=0 reloadable=true/ As Pid noted, an empty docBase is illegal. Also, you should not be placing Context elements in server.xml. If you want to define the default webapp for a Host, name the .war file or directory ROOT (case sensitive), located immediately under the Host appBase directory. The Context element belongs in the webapp's META-INF/context.xml file, or in conf/Catalina/[host]/[appName].xml. The fact that anything worked under 5.5.15 is purely accidental, since your config is seriously broken. It appears to have been copied verbatim from a much older version of Tomcat (or perhaps derived from the tons of misinformation about Tomcat out on the Internet), which is always bad practice. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Location of properties file for web app in Tomcat
Hi, There is a simple way of using properties file across different web applications in Tomcat. Jar the properties file (included in package folders) and drop it in jakarta-tomcat/common/lib directory If you do not want to jar, just drop the properties file (included in relevant package structure folders) to jakarta-tomcat/common/classes The properties file would be available to all web applications after Tomcat is restarted. R, -- View this message in context: http://old.nabble.com/Location-of-properties-file-for-web-app-in-Tomcat-tp21767095p26408179.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6.0.16 + mod_jk 1.2.19 - request threads hanging up
From: Alessandro Bahgat [mailto:ale.bah...@gmail.com] Subject: Tomcat 6.0.16 + mod_jk 1.2.19 - request threads hanging up Our Tomcat (6.0.16) servers have many ajp threads that are stuck executing the the native sendbb method of the class org.apache.tomcat.jni.Socket. Try upgrading to the current Tomcat version (6.0.20), or at least using the latest version of tcnative (1.1.16). The symptoms you describe have been observed in older versions. Alternatively, turn off APR by removing or renaming the .so file in Tomcat's bin directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Virtual hosts on tomcat 5.5.15
Thank you both very much! I did the following: 1.) Removed the context element from the server.xml 2.) added META-INF/context.xml to the web application and removed the docBase attribute 3.) Removed the logger element 4.) moved the Web Application to a folder named ROOT, directly under the appBase Now everything works fine. Am Mittwoch, den 18.11.2009, 08:18 -0600 schrieb Caldarale, Charles R: From: Matthias Pueski [mailto:matth...@pueski.de] Subject: Virtual hosts on tomcat 5.5.15 Host name=www.blah.de debug=0 unpackWARs=true appBase=/home/blah Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=virtual_log. suffix=.txt timestamp=true/ There is no Logger element allowed in 5.5. Context path= docBase= debug=0 reloadable=true/ As Pid noted, an empty docBase is illegal. Also, you should not be placing Context elements in server.xml. If you want to define the default webapp for a Host, name the .war file or directory ROOT (case sensitive), located immediately under the Host appBase directory. The Context element belongs in the webapp's META-INF/context.xml file, or in conf/Catalina/[host]/[appName].xml. The fact that anything worked under 5.5.15 is purely accidental, since your config is seriously broken. It appears to have been copied verbatim from a much older version of Tomcat (or perhaps derived from the tons of misinformation about Tomcat out on the Internet), which is always bad practice. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Newbie, tomcat performance tuning
HI, I'm new to the list and tomcat. I have a web application deployed in tomcat 6. this application is quite CPU hungry and I would like to optimise the tomcat accordingly. I'm expecting to have 200 concurrent connections to the server at peak, not much for a standard web application but ours is imagery based and bit resource hungry. Can you guide me where and what parameters that I can tweak in tomcat to get high performance? for eg, JVM memory, threads, etc etc My server configuration; tomcat 6.0 2 x quard core xenon processor (8 core) 12 GB ram SAS Dirve (15k rpm), RAID Windows 2003 server, 64 bit NO other application running on this server. -- Thanks Bruce NSW Australia - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat and MySQL
Hello, i've developed a web application, it runs on Tomcat 5.5.4 and it uses MySQL. I have a problem when after i use the application, and then it remains idle for some hours. It seems that the connection with MySQL it's closed by the driver due to a timeout. The stacktrace is the follow: javax.servlet.ServletException: No operations allowed after connection closed.Connection was implicitly closed by the driver. org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:845) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:778) org.apache.jsp.aziende_jsp._jspService(org.apache.jsp.aziende_jsp:482) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:99) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:325) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) com.mysql.jdbc.exceptions.MySQLNonTransientConnectionException: No operations allowed after connection closed.Connection was implicitly closed by the driver. com.mysql.jdbc.SQLError.createSQLException(SQLError.java:980) com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956) com.mysql.jdbc.SQLError.createSQLException(SQLError.java:926) com.mysql.jdbc.ConnectionImpl.throwConnectionClosedException(ConnectionImpl.java:1160) com.mysql.jdbc.ConnectionImpl.checkClosed(ConnectionImpl.java:1147) com.mysql.jdbc.ConnectionImpl.createStatement(ConnectionImpl.java:2486) com.mysql.jdbc.ConnectionImpl.createStatement(ConnectionImpl.java:2468) businessLogic.CommonInterface.getSpecializzazioni(CommonInterface.java:1538) businessLogic.CommonInterface.getSpecializzazione(CommonInterface.java:930) org.apache.jsp.aziende_jsp._jspService(org.apache.jsp.aziende_jsp:128) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:99) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:325) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) Can i configure Tomcat so that the connection with MySQL will be persistent? thank you in advice :) -- View this message in context: http://old.nabble.com/Tomcat-and-MySQL-tp26408387p26408387.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Newbie, tomcat performance tuning
Bruce: Can you guide me where and what parameters that I can tweak in tomcat to get high performance? for eg, JVM memory, threads, etc etc Have you seen this page: http://wiki.apache.org/tomcat/FAQ/Performance_and_Monitoring Neil -- Neil Aggarwal, (281)846-8957, http://UnmeteredVPS.net Host your tomcat app on a CentOS VPS for only $25/month! Unmetered bandwidth, 7 day no risk trial, Google Checkout - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat and MySQL
Giocarmine: It seems that the connection with MySQL it's closed by the driver due to a timeout. Have you set autoReconnect=true in your JDBC url? jdbc:mysql://localhost:3306/dbName?autoReconnect=true Neil -- Neil Aggarwal, (281)846-8957, http://UnmeteredVPS.net Host your tomcat app on a CentOS VPS for only $25/month! Unmetered bandwidth, 7 day no risk trial, Google Checkout - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Newbie, tomcat performance tuning
From: Bruce Foster [mailto:gis.fos...@gmail.com] Subject: Newbie, tomcat performance tuning Can you guide me where and what parameters that I can tweak in tomcat to get high performance? for eg, JVM memory, threads, etc etc Other than the number of threads in the Connector pool, there's not much you can set in Tomcat that will have any effect on a webapp that's CPU-intensive. The biggest contributor will be the overall architecture of your webapp, followed by the implementation itself. For the former, you mostly have to insure that you're not doing the same thing multiple times unnecessarily; for the latter, use a profiler to determine what areas are the most heavily used and optimize those. Can't really provide any specifics until you instrument the webapp. One thing you can do is run a 1.6 JVM, since that is measurably faster (usually) than 1.5. Of course, make sure it's a 64-bit JVM, since you're on a 64-bit platform. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat and MySQL
On 18/11/2009 14:57, Neil Aggarwal wrote: Giocarmine: It seems that the connection with MySQL it's closed by the driver due to a timeout. Have you set autoReconnect=true in your JDBC url? jdbc:mysql://localhost:3306/dbName?autoReconnect=true Opening a single connection, and keeping it open, is not usually a good strategy. A better solution would be to configure a connection pool. http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html#Database%20Connection%20Pool%20%28DBCP%29%20Configurations p Neil -- Neil Aggarwal, (281)846-8957, http://UnmeteredVPS.net Host your tomcat app on a CentOS VPS for only $25/month! Unmetered bandwidth, 7 day no risk trial, Google Checkout - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat and MySQL
From: giocarmine [mailto:giocarm...@gmail.com] Subject: Tomcat and MySQL i've developed a web application, it runs on Tomcat 5.5.4 Step 1: upgrade. 5.5.4 is over five years old and innumerable bugs and security issues have been fixed since then. It seems that the connection with MySQL it's closed by the driver due to a timeout. Not by the driver, but by the MySQL server. Besides the autoReconnect setting, read the commons-dbcp doc and try the testOnBorrow and validationQuery settings: http://commons.apache.org/dbcp/configuration.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
POST replication
Hi, this is my first question to the list so please be gentle :) My question is about a Tomcat feature available when using container managed authentication. If a user requests a protected resource, Tomcat first authenticates the user and then processes the initial request whether it's a GET or a POST. I've been doing an in-house authentication mechanism which tries to mimic this functionality. I'm having a bit of trouble replicating the POST requests after successful user authentication. I've managed to replicate GET requests by doing a forward or a sendRedirect to the pre-authentication URL but with a POST things get harder. Is there any way to achieve this without using container managed authentication? What if that POST also included one file upload, would that make it impossible to replicate the request? Thanks for your input! (I've searched the archives but couldn't find an answer to this) Best regards, JN - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Expression Language Changes
Where can I find a full and complete list of changes made to the expression language (EL) starting with Tomcat v5.5.7 through Tomcat v6.0.20? I need for this to be a detailed as possible. Thank you, Stephen Caine CommonGround Softworks, Inc. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache-2.2.11 + mod_jk-1.2.28 + SSL
Hi,
we're seeing a strange problem here that is only partially reproducible.
Our customer is running a cluster of Tomcat 5.5.26 servers (several cluster
domains) behind several load-balanced Apache-2.2.11 (for SSL termination +
sticky sessions). The application consists of an unencrypted part and an
SSL encrypted part. Most of the time, the setup is running fine (at least
since we solved some (unrelated) network problems, see my previous mails).
When a HTTP/1.0 client requests a dynamically generated page over SSL,
most of the response is returned immediately. Then, we see a 5-second
timeout (this is *not* Apache's KeepAliveTimeout), then the rest of the
response is delivered just before the connection is shut down.
For dynamically generated pages, we do not set a Content-Length header,
so for HTTP/1.0 clients the server has to respond with Connection: close
(which it does). Only it waits for 5 seconds before actually closing it.
Everything works fine for
- static content (where we set Content-Length)
- redirects (where we set Content-Lenth: 0)
- HTTP/1.1-clients (where the server uses Transfer-Encoding: Chunked)
- HTTP/1.0-clients in the non-ssl part (!)
Here's an example output generated by curl -0 -v -L -N -o /dev/null:
* About to connect() to xxx.yyy.de port 443 (#0)
* Trying xxx.xxx.xx.xx... connected
* Connected to xxx.yyy.de (xxx.xxx.xx.xx) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*subject: /C=DE/ST=.../L=.../O=.../OU=.../CN=xxx.yyy.de
*start date: 2009-07-13 00:00:00 GMT
*expire date: 2010-07-23 23:59:59 GMT
*common name: xxx.yyy.de (matched)
*issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD. (c)97 VeriSign
*SSL certificate verify ok.
GET /.../html HTTP/1.0
User-Agent: curl/7.19.0 (i686-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8h
zlib/1.2.3 libidn/1.10
Host: xxx.yyy.de
Accept: */*
Cookie: JSESSIONID=B0ED3118B70E8E00433E2E709C9FE5B7.zzz
HTTP/1.1 200 OK
Date: Wed, 18 Nov 2009 15:18:50 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref=..., CP=IDC CUR DEV PSA CONi OUR DEL STP PHY ONL UNI PUR
COM NAV DEM CNT STA
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: de
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
^M 0 00 00 0 0 0 --:--:-- --:--:-- --:--:-- 0
{ [data not shown]
^M100 245520 245520 0 19043 0 --:--:-- 0:00:01 --:--:-- 22239
^M100 245520 245520 0 10706 0 --:--:-- 0:00:02 --:--:-- 11647
^M100 245520 245520 0 7446 0 --:--:-- 0:00:03 --:--:-- 7889
^M100 245520 245520 0 5702 0 --:--:-- 0:00:04 --:--:-- 5959
^M100 245520 245520 0 4876 0 --:--:-- 0:00:05 --:--:-- 5062
* SSLv3, TLS alert, Client hello (1):
{ [data not shown]
^M100 280350 280350 0 5556 0 --:--:-- 0:00:05 --:--:-- 927
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
} [data not shown]
As you can see, 24552 (=3 * 8184) bytes are received almost immediately,
while the rest is only transferred after 5 seconds. Leaving -0 away
from the curl command line, the complete result is received immediately.
Requesting the same page via http instead of https, the complete result
is received immediately. The 5-second-delay can be seen using wget
instead of curl, too, so this is probably not a client problem.
So far, the problem has only been seen on the production system.
Due to the load conditions, it is infeasible to run mod_jk with significant
logging output.
mod_jk configuration is straightforward, timeouts are not defined (i. e.
we use default values).
Any ideas?
Thanks,
Peter
--
Peter Conrad
Tivano Software GmbH
Bahnhofstr. 18
63263 Neu-Isenburg
Tel: 06102 / 8099070
Fax: 06102 / 8099071
HRB 11680, AG Offenbach/Main
Geschäftsführer: Martin Apel
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For
Re: Tomcat DBCP Connection Pooling to MySQL limited number of connection issue in Spring2.5 + Hibernate3 + commons-DBCP1.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yagnesh, On 11/18/2009 1:32 AM, Yagnesh Chawda wrote: There is no difference in the outcome when I use com.mysql.jdbc.Driver max_connections=200 is still same in MySQL. That is very strange. Can you try to configure the data source through Tomcat (that is, using a Resource element in your context.xml file) to see if it's the connection pool or if Spring is doing something behind the scenes? You could just code-up a simple JSP that does some database access using the DataSource that Tomcat configures and run a simple JMeter test against that. Don't bother deploying your own webapp because it will just make things more confusing. It's possible that Spring is doing something strange, here. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEGuQACgkQ9CaO5/Lv0PDvHgCfTKIs4e7FUzslV+H86RElPE43 2i0AoKRwThEAY2gIuzEpVZ8NrLKFSLbA =BKur -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Thomas, On 11/18/2009 2:26 AM, thomas2004 wrote: I know, that you have seen a problem, the errno=11 thing. I need to know, whether *this* problem (errno=11, which is your original PDF generation problem) also happens, when no socket-timeout and no reply_timeout is set. Your reproduction attempt using a simple html snippet did *not* show a mod_jk problem and therefore is of no interest for me at the moment. Let's concentrate on the test case with errno=11. Ok. Hope to hear good news soon. Rainer is asking you a question, here. If you can work with him, I'm sure he'll be able to diagnose and possibly solve your problem. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEGzMACgkQ9CaO5/Lv0PB1bACghWxTc6vMgzNKxKjYQ3s+4uJZ kcsAnRQL8D/OR6ucdBr+C4DROJ5mQ4z+ =/Asi -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Newbie, tomcat performance tuning
Caldarale, Charles R wrote: From: Bruce Foster [mailto:gis.fos...@gmail.com] Subject: Newbie, tomcat performance tuning Can you guide me where and what parameters that I can tweak in tomcat to get high performance? for eg, JVM memory, threads, etc etc Other than the number of threads in the Connector pool, there's not much you can set in Tomcat that will have any effect on a webapp that's CPU-intensive. The biggest contributor will be the overall architecture of your webapp, followed by the implementation itself. For the former, you mostly have to insure that you're not doing the same thing multiple times unnecessarily; for the latter, use a profiler to determine what areas are the most heavily used and optimize those. Can't really provide any specifics until you instrument the webapp. One thing you can do is run a 1.6 JVM, since that is measurably faster (usually) than 1.5. Of course, make sure it's a 64-bit JVM, since you're on a 64-bit platform. - Chuck And set it to run the server-mode jvm rather than the client. This makes a BIG difference IME. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: POST replication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 11/18/2009 11:42 AM, Mark Thomas wrote: João Nuno Silva wrote: Hi, this is my first question to the list so please be gentle :) My question is about a Tomcat feature available when using container managed authentication. If a user requests a protected resource, Tomcat first authenticates the user and then processes the initial request whether it's a GET or a POST. I've been doing an in-house authentication mechanism which tries to mimic this functionality. I'm having a bit of trouble replicating the POST requests after successful user authentication. I've managed to replicate GET requests by doing a forward or a sendRedirect to the pre-authentication URL but with a POST things get harder. Is there any way to achieve this without using container managed authentication? Maybe. If I recall correctly, I implemented that using access to the Tomcat internals. You may be able to do this with just the Servlet API but I didn't try. This should be possible as long as you can save the entire request, including headers and body. What if that POST also included one file upload, would that make it impossible to replicate the request? No. You just read the input, save it and replay it later. +1 Note that replay basically means that a new request object must be created and used to forward the request using the request dispatcher to the intended target. I can't remember right this second, but I think the servlet spec says something like you aren't allowed to substitute one request for another, so you may have to wrap the real request (the one carrying a successful login) with one that basically re-writes everything. Something doesn't seem right about that, but João should read the servlet specification very carefully to make sure that his solution is compliant. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEM/sACgkQ9CaO5/Lv0PANbQCgrvnL+Dni4QlBrvLPRVz3yzMN 3tcAoKGndwTB6dsv2e3VWxC8Mnaqtykr =vD6C -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: POST replication
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 11/18/2009 11:42 AM, Mark Thomas wrote: João Nuno Silva wrote: Hi, this is my first question to the list so please be gentle :) My question is about a Tomcat feature available when using container managed authentication. If a user requests a protected resource, Tomcat first authenticates the user and then processes the initial request whether it's a GET or a POST. I've been doing an in-house authentication mechanism which tries to mimic this functionality. I'm having a bit of trouble replicating the POST requests after successful user authentication. I've managed to replicate GET requests by doing a forward or a sendRedirect to the pre-authentication URL but with a POST things get harder. Is there any way to achieve this without using container managed authentication? Maybe. If I recall correctly, I implemented that using access to the Tomcat internals. You may be able to do this with just the Servlet API but I didn't try. This should be possible as long as you can save the entire request, including headers and body. What if that POST also included one file upload, would that make it impossible to replicate the request? No. You just read the input, save it and replay it later. +1 Note that replay basically means that a new request object must be created and used to forward the request using the request dispatcher to the intended target. I can't remember right this second, but I think the servlet spec says something like you aren't allowed to substitute one request for another, so you may have to wrap the real request (the one carrying a successful login) with one that basically re-writes everything. Something doesn't seem right about that, but João should read the servlet specification very carefully to make sure that his solution is compliant. From what I've seen in the FormAuthenticator class Mark pointed me to, Tomcat doesn't create a new request, instead it fills it's fields with the values from the previous request. I'll try this in the near future and let you guys know how it went. Thanks! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEM/sACgkQ9CaO5/Lv0PANbQCgrvnL+Dni4QlBrvLPRVz3yzMN 3tcAoKGndwTB6dsv2e3VWxC8Mnaqtykr =vD6C -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Newbie, tomcat performance tuning
From: David kerber [mailto:dcker...@verizon.net] Subject: Re: Newbie, tomcat performance tuning And set it to run the server-mode jvm rather than the client. I believe that all 64-bit JVMs default to server mode, which is why I didn't mention it. As I recall, the 64-bit JRE doesn't even include a client mode JVM. (But I'll have to check; I'm stuck on a 32-bit box right now.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: POST replication
From: João Nuno Silva [mailto:jns...@gmail.com] Subject: Re: POST replication From what I've seen in the FormAuthenticator class Mark pointed me to, Tomcat doesn't create a new request, instead it fills it's fields with the values from the previous request. I'll try this in the near future and let you guys know how it went. Thanks! I'm curious as to why you're reinventing this particular wheel. Why not let Tomcat's built-in authentication handling do the hard work for you, and you just supply either a custom Realm or a JAAS-compliant login module to do the actual user validation? That would seem to be a lot easier and a lot less dependent on the internals of the particular Tomcat version you happen to be using. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Newbie, tomcat performance tuning
Caldarale, Charles R wrote: From: David kerber [mailto:dcker...@verizon.net] Subject: Re: Newbie, tomcat performance tuning And set it to run the server-mode jvm rather than the client. I believe that all 64-bit JVMs default to server mode, which is why I didn't mention it. As I recall, the 64-bit JRE doesn't even include a client mode JVM. (But I'll have to check; I'm stuck on a 32-bit box right now.) I didn't know that, but haven't looked into it at all; I'm just now setting up my first 64-bit machine. D - Chuck - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: http and/or ajp connectors
To answer a few questions: I'm running apache and tomcat on the same server (AIX). I'm also running VIPA (Virtual IP Addresses) under AIX. So, I have apache serving up one IP address (Vhost) without the need for tomcat on port 80. It serves up some documentation for users. The second IP/Vhost is running DSpace software. DSpace runs off Tomcat, but there are several webapps that can run under the DSpace/Tomcat servlets. Here's the rundown: http://digital.maag.ysu.edu:8080/jspui (JSP front end) http://digital.maag.ysu.edu:8080/xmlui(Running xmlui interface/ cocoon) http://digital.maag.ysu.edu:8080/oai(Harvester) http://digital.maag.ysu.edu:8080/sword (Another interface for specific uploads--we aren't using currently) As you can see I'd like to do TWO things here: 1. Remove the port issue if possible--makes it simpler on users and shorter too. 2. Redirect http://digitial.maag.ysu.edu to digital.maag.ysu.edu/jspui interface and keep the other interfaces. Does this help analyze the situation? Currently, I've just kept a simple redirect for digital.maag.ysu.edu to the first example in the list. I have to be honest, this isn't my area of expertise, so I'm a one- person-band here. Thanks for all your help. --Jeff On Nov 17, 2009, at 4:57 PM, André Warnier wrote: Jeffrey Trimble wrote: Recently, I used the cheap and easy http redirects from my apache server to my tomcat server. I ran into two issues, that I hope someone is able to guide me to a better solution First, I wanted to have the user not have to know about port 8080, and to have the root of the apache redirect to the tomcat servlet running. So for my apache, I had the redirect of (in the httpd-vhosts.conf file) ... The very first question is : do you use an Apache httpd front-end *only* in order to hide port 8080 ? Because if that is the case, why don't you just have Tomcat listening to port 80 directly ? It can also serve static pages, not just JSPs or servlets. The fact that you are using a proxy setup to proxy / to Tomcat, makes me wonder. Second question : are Apache httpd and Tomcat running on the same host ? Jeffrey Trimble System LIbrarian William F. Maag Library Youngstown State University 330.941.2483 (Office) jtrim...@cc.ysu.edu http://www.maag.ysu.edu http://digital.maag.ysu.edu I must not fear. Fear is the mind-killer. I will permit it to pass over me and through me... --Litany against fear
Re: http and/or ajp connectors
On Wed, Nov 18, 2009 at 10:59 AM, Jeffrey Trimble jtrim...@cc.ysu.edu wrote: As you can see I'd like to do TWO things here: So if you have a different IP being used for Tomcat, you don't need Apache httpd at all, AFAICT. 1. Remove the port issue if possible--makes it simpler on users and shorter too. Configure the Tomcat Connector to use port 80 and listen on your specified IP. 2. Redirect http://digitial.maag.ysu.edu to digital.maag.ysu.edu/jspui interface and keep the other interfaces. Rename the /jspui Context to ROOT. Done. :-) -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: POST replication
Caldarale, Charles R wrote: From: João Nuno Silva [mailto:jns...@gmail.com] Subject: Re: POST replication From what I've seen in the FormAuthenticator class Mark pointed me to, Tomcat doesn't create a new request, instead it fills it's fields with the values from the previous request. I'll try this in the near future and let you guys know how it went. Thanks! I'm curious as to why you're reinventing this particular wheel. Why not let Tomcat's built-in authentication handling do the hard work for you, and you just supply either a custom Realm or a JAAS-compliant login module to do the actual user validation? That would seem to be a lot easier and a lot less dependent on the internals of the particular Tomcat version you happen to be using. I'm doing this as an hobby, not at work! With this in mind, my reasons are: 1) I want to have an authentication module that's independent of the servlet container used (because I think this behavior of request replay isn't a standard, but I might be wrong...); 2) I believe I can better optimize session creation to reduce memory usage (because I won't save the previous request in session). I think this way I can be more tolerable to DoS attacks from unauthenticated users; 3) I'm learning a few things in the process of reinventing this wheel ;) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FW: Tomcat 6.0.20 Causes Kernel Crash on Linux
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timir, On 11/18/2009 7:09 AM, Timir Hazarika (thazarik) wrote: Hm. I thought all required information was in the last email. Hardly: Does it panic every time? Does it panic in the same place every time? Does it panic only under load? While idle? When you request /the_whole_internet.tar.gz from the web server? Does it fail when your webapp is never deployed? What connector(s) are you using? Are you using APR? Do you have any JNI code running? [I simply replaced] 6.0.18 [with] 6.0.20, [started] tomcat and ka-boom[.] You could have a look at this: http://tomcat.apache.org/tomcat-6.0-doc/changelog.html - Java 1.5.upd10 Sun's JVM, presumably? I've got 1.5.0_19 on my Linux box. You might want to upgrade to the latest supported patch level on your version. Oh, and the maxheap, minheap, permsize are all set to 512M. That's a pretty big permsize. How much memory does this machine have? I'm guessing you don't have 4GiB on an i586. http://markmail.org/message/mrpgvn4mqvyrq64a reports a memory leak, though I don't have enough debugs to say it matches mine. Given that the stack trace doesn't seem to include any GC code or anything having to do with memory, why would you suspect that you have the same problem as the one being discussed in this thread? They are talking about sessions apparently never being cleaned-up, not kernel panics. Your original stack trace does not seem complete. Either that, or there are lots of problems everywhere (all those invalid parameter values...). - Linux kernel, custom built 2.6.23, i586 What does custom built mean? Does that mean that you have hacked that kernel yourself, or does that mean that you merely compiled it yourself from the canonical kernel sources? No user code ever written ought to be able to crash a kernel. That's called a security problem: the best case is that you're open to a DOS attack which is pretty dramatic: your kernel halts and you need to power cycle the box :( Is your architecture really i586? Yuk. Note that the Linux kernel has moved-on to bigger and better version numbers: the latest stable version listed on kernel.org shows as 2.6.27.39 for the 2.6 series. Is it possible that there is a bug in your kernel that has been fixed in the intervening versions? Unfortunately for you, there's nothing that anyone on this list can really help you with (unless there's a kernel hacker out there who feels like donating their time to help, here) because there is no way Tomcat can affect the operation of the JVM or the OS kernel in this way, therefore, no Tomcat configuration can prevent it from happening other than to avoid triggering this particular problem. I agree with Peter that if you really have changed nothing aside upgrading from Tomcat 6.0.18 to 6.0.20, then you probably have either a kernel bug (and you win a beer) or you have bad hardware, and you win a trip to the hardware store. Just because hardware has been running for years doesn't mean it's guaranteed to keep running forever. But, if Tomcat is running okay at 6.0.18 and not 6.0.20, then I guess the temporary solution is clear: stick with 6.0.18, though I have a hard time believing that Tomcat is the source of the problem. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksESoAACgkQ9CaO5/Lv0PDhjgCePwBeWeVgAt0stXkwEftHVH4q yHcAn0R0S16BAbgYSTdaAsJcNKDLY36n =Jk4v -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Expression Language Changes
Mark, Thank you. I'll check it out. Where can I find a full and complete list of changes made to the expression language (EL) starting with Tomcat v5.5.7 through Tomcat v6.0.20? I need for this to be a detailed as possible. http://svn.apache.org/viewvc/tomcat/
Re: http and/or ajp connectors
Okay, but what about the other webapps that I want to have access to on the tomcat server? --Jeff On Nov 18, 2009, at 2:09 PM, Hassan Schroeder wrote: On Wed, Nov 18, 2009 at 10:59 AM, Jeffrey Trimble jtrim...@cc.ysu.edu wrote: As you can see I'd like to do TWO things here: So if you have a different IP being used for Tomcat, you don't need Apache httpd at all, AFAICT. 1. Remove the port issue if possible--makes it simpler on users and shorter too. Configure the Tomcat Connector to use port 80 and listen on your specified IP. 2. Redirect http://digitial.maag.ysu.edu to digital.maag.ysu.edu/jspui interface and keep the other interfaces. Rename the /jspui Context to ROOT. Done. :-) -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: http and/or ajp connectors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hassan, On 11/18/2009 2:09 PM, Hassan Schroeder wrote: On Wed, Nov 18, 2009 at 10:59 AM, Jeffrey Trimble jtrim...@cc.ysu.edu wrote: As you can see I'd like to do TWO things here: So if you have a different IP being used for Tomcat, you don't need Apache httpd at all, AFAICT. 1. Remove the port issue if possible--makes it simpler on users and shorter too. Configure the Tomcat Connector to use port 80 and listen on your specified IP. Assuming Jeffrey doesn't want to run Tomcat as root, here are some suggestions: http://wiki.apache.org/tomcat/HowTo#How_to_run_Tomcat_without_root_priviledges.3F After re-reading that section, I take back my recommendation: it has little to no useful information. Instead, see this section instead: http://wiki.apache.org/tomcat/FAQ/Security#Q7 Using jsvc is the preferred way to bind to port 80 on *NIX. 2. Redirect http://digitial.maag.ysu.edu to digital.maag.ysu.edu/jspui interface and keep the other interfaces. Rename the /jspui Context to ROOT. Specifically, re-name your WAR file from jspui.war to ROOT.war (capitalization is critical). If you are using directory-based deployment instead of WAR files, then just re-name the directory from jspui to ROOT (again, use caps). If you use file-based deployment via CATALINA_BASE/conf/[service]/[host]/jspui.xml then change the name of the xml file from jspui.xml to ROOT.xml (caps!). If you are using server.xml to deploy your contexts, stop doing that (unless you're on TC 4.1 or 5.0, but you aren't using those very old versions, now are you?). Note that you may also have to re-wire some of your relationships in the other code that may check for referers [sic], or redirect back to the home webapp. You can do this with Apache httpd configuration using mod_alias's RedirectMatch directive like this: RedirectMatch permanent /jspui($|/.*) http://your-site/$1 If you are going to scrap Apache httpd and use only Tomcat, you can use this library to do some of your dirty work in a similar way: http://tuckey.org/urlrewrite/ Your best bet is to use this library in a new webapp that is deployed into /jspui and simply redirects everything similar to how I've done it above. Honestly, it would be better to re-configure your webapps to know about the new URL mapping, but it might be helpful to catch things that have fallen through the cracks, or to help-out users who have bookmarks or links pointing to your old URLs. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksETfkACgkQ9CaO5/Lv0PAe0gCePIHwBJpj+3Oe95NiYq86vZLn PTMAn0ltGClaB/Sovid4w/+jaJy3P4wA =ejXW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: http and/or ajp connectors
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey, On 11/18/2009 2:39 PM, Jeffrey Trimble wrote: Okay, but what about the other webapps that I want to have access to on the tomcat server? They can stay right where they are, right? What is your concern about those other apps? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksETiEACgkQ9CaO5/Lv0PDU5wCfR4AZ0GXdtaNGa4xlxpcp7d0e mS0An11FYjmSj0KgcY4DcAo4kv/lNjgD =sMy3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: POST replication
From: João Nuno Silva [mailto:jns...@gmail.com] Subject: Re: POST replication 1) I want to have an authentication module that's independent of the servlet container used (because I think this behavior of request replay isn't a standard, but I might be wrong...); The servlet spec requires that the container retain the original request so it can be replayed if authentication succeeds. 2) I believe I can better optimize session creation to reduce memory usage (because I won't save the previous request in session). It doesn't really matter where you save the request; it will still consume the same amount of heap space unless you slow things down by writing it to disk (and thereby create a host of other problems for the normal path). I think this way I can be more tolerable to DoS attacks from unauthenticated users; I don't see how that follows. 3) I'm learning a few things in the process of reinventing this wheel ;) That one I'll buy. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: POST replication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 João, On 11/18/2009 2:13 PM, João Nuno Silva wrote: Caldarale, Charles R wrote: I'm curious as to why you're reinventing this particular wheel. Why not let Tomcat's built-in authentication handling do the hard work for you, and you just supply either a custom Realm or a JAAS-compliant login module to do the actual user validation? That would seem to be a lot easier and a lot less dependent on the internals of the particular Tomcat version you happen to be using. I'm doing this as an hobby, not at work! With this in mind, my reasons are: 1) I want to have an authentication module that's independent of the servlet container used (because I think this behavior of request replay isn't a standard, but I might be wrong...); You could look at securityfilter, which was built for just such a purpose. There's also ACEGI or Spring Security which is also independent of the container. 2) I believe I can better optimize session creation to reduce memory usage (because I won't save the previous request in session). I think this way I can be more tolerable to DoS attacks from unauthenticated users; Empty sessions are pretty light. I would guess that your additional credential management overhead will end up being roughly equivalent to what Tomcat experiences using sessions to store its information. 3) I'm learning a few things in the process of reinventing this wheel ;) Well, there's no reason to stop you, then :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksETrQACgkQ9CaO5/Lv0PABXQCfa+KNphg/3/1ojU2JXIFC3y0h SxgAnibdF4O9EBgZk++WRKsr7zdEXWpd =JUW5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: http and/or ajp connectors
On Wed, Nov 18, 2009 at 11:39 AM, Jeffrey Trimble jtrim...@cc.ysu.edu wrote: Okay, but what about the other webapps that I want to have access to on the tomcat server? As Chris already asked -- what about 'em? They're there. If you want them at those URLs, no further action necessary. You might want to set up a sandbox to familiarize yourself with this stuff in a safe environment (VM, old spare system, whatever). Just trying different configurations will answer a lot of questions... -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Newbie, tomcat performance tuning
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bruce, On 11/18/2009 9:48 AM, Bruce Foster wrote: I'm new to the list and tomcat. Welcome! I have a web application deployed in tomcat 6. this application is quite CPU hungry and I would like to optimise the tomcat accordingly. I'm expecting to have 200 concurrent connections to the server at peak, not much for a standard web application but ours is imagery based and bit resource hungry. Can you be more specific about what resources your webapp is hungry for? If a typical request needs 10MiB of memory to process an image, then you'll need to make sure that 50MiB * 200 requests = 10GiB of heap space is available to your webapp. Can your webapp handle 200 simultaneous requests? Consider using a load-testing tool such as JMeter to see how your webapp performs under load. Watch heap usage (in the JVM! 'Task Manager' is not useful, here), CPU utilization, disk usage, etc. to see what appears to be your limiting resource(s) and then tackle those. You already know the number of concurrent requests you are expecting at peak (200), so you have sort of set that requirement already (though I might allocate 225 or 250 just in case you get some bursts in there). Memory (and GC behavior) is really the only thing you can tune at the JVM level. Generally speaking, more heap space is better if you're going to need it. Also, setting the min and max heap sizes to the same values will avoid heap re-sizing which just wastes time if you know you want that memory dedicated to the heap anyway. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEUPEACgkQ9CaO5/Lv0PBqMwCfaTsem7ypj+aPTloqlDDKGI69 zXQAn1UjW0kB5q3RvppuLCjRwT9CJ6YT =t0x1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: java.lang.ClassNotFoundException: org.apache.catalina.realm.CombinedRealm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 DJVege, On 11/18/2009 12:43 AM, DJVege wrote: Realm/ I think you meant /Realm. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEUWUACgkQ9CaO5/Lv0PD6PwCcCRBmIkA+M76l7LinRxZwiXHA 4MYAn3gXbvFa8mJItnNViB0FijSGqYbs =UHtS -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Importing CERTIFICATE into Java Keystore
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen, On 11/18/2009 3:26 AM, Stephen . wrote: keytool -importcert -alias abc -file ABCCA.cer (where abc is the alias) You need to make sure that the keystore file you used to import the certificate is also the keystore used by the LDAP resource. Do you know what keystore into which you imported your cert? Do you know what keystore is being used by the LDAP resource? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEUlEACgkQ9CaO5/Lv0PCpogCcDEhSp2nvPErskak6mbdkpJqR PD8AnjglMawq8ag9j3YTh9HefruQ4oLY =TR5G -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
GetComponent with path
I trying to figure out how to get the web markup container if I have it's path. I am rendering a number of selectable objects using the grid view. Only one of them can be selected. On select the selected object in the grid changes color. But if another one is selected the original one has to revert back. I figured I would store the path to the WebMarkupContainer in the session and as the user changes selection I would change the colors of the component in the grid by using the path to the component. I have the path and it shows up as 3:ChoicePanel:rows:1:cols:3:ObjectPanel:AppRemove final WebMarkupContainer currSelectContainer = (WebMarkupContainer) this.getPage().get(currSelectObjectPath); returns a null. Is the path relative to something - or is the get() call not the right one to make at the page level. thanks! _ Hotmail: Trusted email with powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141665/direct/01/
RE: GetComponent with path
From: Ed _ [mailto:ed_b...@hotmail.com] Subject: GetComponent with path I trying to figure out how to get the web markup container if I have it's path. I am rendering a number of selectable objects using the grid view. Only one of them can be selected. On select the selected object in the grid changes color. But if another one is selected the original one has to revert back. I figured I would store the path to the WebMarkupContainer in the session and as the user changes selection I would change the colors of the component in the grid by using the path to the component. I have the path and it shows up as 3:ChoicePanel:rows:1:cols:3:ObjectPanel:AppRemove final WebMarkupContainer currSelectContainer = (WebMarkupContainer) this.getPage().get(currSelectObjectPath); returns a null. Is the path relative to something - or is the get() call not the right one to make at the page level. Does anyone see anything in the above that's even remotely related to Tomcat? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how can I get info when tomcat 5.5 exited abnormally
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jingoal,
On 11/17/2009 11:05 PM, hu jingoal wrote:
My environment is : apache + two tomcat 5.5.
recently, tomcat exited abnormally without any info frequently.
in catalina.sh, I had CATALINA_OPTS=
-XX:ErrorFile=/usr/local/log/java_error_%p.log , but the file
java_error_*.log is not exist.
follows the url: http://tomcat.apache.org/tomcat-5.5-doc/logging.html, I had
added log4j setting, but the file ${catalina.home}/logs/tomcat.log is zero
length.
What user does Tomcat run as? It's possible that Tomcat cannot write to
/usr/local/log/*
Nov 6 20:15:07 debian kernel: [22981271.685460] java[6530]: segfault at
47572a08 ip 7f329d66718d sp 475729f0 error 6 in
libnet.so[7f329d65a000+13000]
jdk: 1.6u14, amd64 cpu
That sounds like a bug in the JVM is it's segfaulting. Can you try with
a different version of Java? Maybe 1.6u10 or something earlier than u14?
Also, is this a 32-bit or 64-bit JVM?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksEVS4ACgkQ9CaO5/Lv0PBGEQCfSsTuQq4aAlg4gM/dkQBSEHWo
OyYAn09FiWOEoS2Pva2yZx6IYJqdIFi2
=56Yv
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: GetComponent with path
Sorry wrong mailing list! From: chuck.caldar...@unisys.com To: users@tomcat.apache.org Date: Wed, 18 Nov 2009 14:07:02 -0600 Subject: RE: GetComponent with path From: Ed _ [mailto:ed_b...@hotmail.com] Subject: GetComponent with path I trying to figure out how to get the web markup container if I have it's path. I am rendering a number of selectable objects using the grid view. Only one of them can be selected. On select the selected object in the grid changes color. But if another one is selected the original one has to revert back. I figured I would store the path to the WebMarkupContainer in the session and as the user changes selection I would change the colors of the component in the grid by using the path to the component. I have the path and it shows up as 3:ChoicePanel:rows:1:cols:3:ObjectPanel:AppRemove final WebMarkupContainer currSelectContainer = (WebMarkupContainer) this.getPage().get(currSelectObjectPath); returns a null. Is the path relative to something - or is the get() call not the right one to make at the page level. Does anyone see anything in the above that's even remotely related to Tomcat? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Bing brings you maps, menus, and reviews organized in one place. http://www.bing.com/search?q=restaurantsform=MFESRPpubl=WLHMTAGcrea=TEXT_MFESRP_Local_MapsMenu_Resturants_1x1
Re: Tomcat 6.0.16 + mod_jk 1.2.19 - request threads hanging up
On Wed, Nov 18, 2009 at 3:26 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Alessandro Bahgat [mailto:ale.bah...@gmail.com] Subject: Tomcat 6.0.16 + mod_jk 1.2.19 - request threads hanging up Our Tomcat (6.0.16) servers have many ajp threads that are stuck executing the the native sendbb method of the class org.apache.tomcat.jni.Socket. Try upgrading to the current Tomcat version (6.0.20), or at least using the latest version of tcnative (1.1.16). The symptoms you describe have been observed in older versions. Alternatively, turn off APR by removing or renaming the .so file in Tomcat's bin directory. - Chuck Thank you, I will do that. I just managed to persuade our customer to upgrade tcnative (now 1.1.10) on one of the production systems to see if it makes any difference. We'll probably plan a Tomcat upgrade in the next weeks as well. - Ale - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: silent / unattended install - tomcat 5.5
Beatty.Thomas wrote: Hi Can someone PLEASE tell me how to install tomcat 5.5 silently? I need to install the service, set the destination folder, set the Administrator user name and password, and set the path to the JVM. Does anyone know the parameters that I need to set at the command line in order to accomplish this? So far I have the following: apache-tomcat-5.5.17.exe /S /D=C:\develop\tomcat5.5 Maybe have a look at this : http://commons.apache.org/daemon/procrun.html In the .zip distribution of Tomcat 6, there are two .exe programs supplied : tomcat6.exe and tomcat6w.exe. These programs are in fact the renamed, respectively, prunsrv and prunmgr of which question in that webpage. So, probably, you will want to look at the command-line parameters indicated for prunmgr, and apply them to the tomcat6w.exe program. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: servlet exception when processing TLD
Sorry for the delay was busy with other staff.
file:${catalina.base}/webapps/nutch-1.0/- {
Doesn't work either modified botch catalina.policy init.d/50locale.policy
I don't like the idea of disabling all security which is working right now,
any idea how to set this properly ?
2009/11/16 Konstantin Kolinko knst.koli...@gmail.com
2009/11/16 MilleBii mille...@gmail.com:
Not sure how to fully disable security but I added the following which I
understand should grand all rights to classes under my webapp:
1. grant codeBase file:${catalina.home}/webapps/nutch-1.0/- {
permission java.security.AllPermission;
}; in conf/catalina.policy
It should be
file:${catalina.base}/webapps/nutch-1.0/- {
2. /etc/init.d/tomcat6 restart
3. start webapp by admin
Still the same error...
2009/11/15 Pid p...@pidster.com
On 15/11/2009 19:33, MilleBii wrote:
Nothing... is there a way to get more details actually ?
Did another trial I installed Tomcat 6 and deployed the same app, still
a
problem but I get another issue probably more meaning full
You're running Tomcat with the Security Manager enabled.
Presumably the Ubuntu package automatically configures the Security
Manager
in it's startup config. You should examine those files for more clues
as to
how you can disable it.
If you can disable the Security Manager temporarily, see if the
application
starts up. If not, send more error log info showing what happened and
we'll
try to assist.
If it does, re-enable it and you'll have to to figure out what the
application is trying to do, then add appropriate permissions in
tomcat/conf/catalina.policy.
There's more information about the SM here:
http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html
p
SEVERE: Exception sending initialized context event (context
initialized)
at listener class instance (listener)
org.apache.nutch.searcher.NutchBean$NutchBeanConstructor
java.lang.RuntimeException: java.security.AccessControlException:
access
denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at
org.apache.hadoop.util.ReflectionUtils.newInstance(ReflectionUtils.java:81)
at
org.apache.hadoop.fs.FileSystem.createFileSystem(FileSystem.java:1366)
at org.apache.hadoop.fs.FileSystem.access$200(FileSystem.java:56)
at org.apache.hadoop.fs.FileSystem$Cache.get(FileSystem.java:1379)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:215)
at org.apache.hadoop.fs.FileSystem.get(FileSystem.java:120)
at org.apache.nutch.searcher.NutchBean.init(NutchBean.java:89)
at org.apache.nutch.searcher.NutchBean.init(NutchBean.java:77)
at
org.apache.nutch.searcher.NutchBean$NutchBeanConstructor.contextInitialized(NutchBean.java:425)
at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
So I'm stuck still.
2009/11/15 Caldarale, Charles Rchuck.caldar...@unisys.com
From: MilleBii [mailto:mille...@gmail.com]
Subject: servlet exception when processing TLD
SEVERE: Error reading tld listeners javax.servlet.ServletException:
Exception when processing TLD at the ressource path
/WEB-INF/taglibs-i18n.tld dans le contexte /nutch-1.0
javax.servlet.ServletException: Exception when processing TLD at the
ressource path /WEB-INF/taglibs-i18n.tld dans le contexte
/nutch-1.0
at
org.apache.catalina.startup.TldConfig.tldScanTld(TldConfig.java:555)
The above exception is a wrapper for the underlying cause. Is there
another, nested exception displayed in the logs?
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE
PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
-MilleBii-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
-MilleBii-
Re: http and/or ajp connectors
Jeffrey Trimble wrote: To answer a few questions: I'm running apache and tomcat on the same server (AIX). I'm also running VIPA (Virtual IP Addresses) under AIX. So, I have apache serving up one IP address (Vhost) without the need for tomcat on port 80. It serves up some documentation for users. The second IP/Vhost is running DSpace software. DSpace runs off Tomcat, but there are several webapps that can run under the DSpace/Tomcat servlets. Here's the rundown: http://digital.maag.ysu.edu:8080/jspui (JSP front end) http://digital.maag.ysu.edu:8080/xmlui(Running xmlui interface/cocoon) http://digital.maag.ysu.edu:8080/oai (Harvester) http://digital.maag.ysu.edu:8080/sword(Another interface for specific uploads--we aren't using currently) As you can see I'd like to do TWO things here: 1.Remove the port issue if possible--makes it simpler on users and shorter too. 2.Redirect http://digitial.maag.ysu.edu to digital.maag.ysu.edu/jspui interface and keep the other interfaces. Does this help analyze the situation? Currently, I've just kept a simple redirect for digital.maag.ysu.edu to the first example in the list. Going back then to your original post : redirect / http//digital.maag.ysu.edu/jspui That one, you drop, because it is the one that caused your original endless loop. Then I had a ProxyPass in the httpd.conf file: ProxyPass /jspui http://digital.maag.ysu.edu/jspui ProxyPassReverse /jspui http://digital.maag.ysu.edu/jspui Old African proverb : to eat an elephant, one has to do it a little bit at a time. So first issue # 1 : Just do this in Apache httpd : ProxyPass /jspui http://digital.maag.ysu.edu:8080/jspui ProxyPassReverse /jspui http://digital.maag.ysu.edu:8080/jspui and do similar things for your other webapps, like ProxyPass /xmlui http://digital.maag.ysu.edu/xmlui etc.. (In other words, whatever comes in into Apache on port 80, you proxy to Tomcat on its currently configured port 8080. To the user, it appears that everything is answered by Apache httpd, thus on the default port 80, which being the default, does not need to be specified in the URL) Once that is working, to tackle issue # 2, the fact that you would apparently like to have it so that if a user requests : http://digital.maag.ysu.edu/ they would in fact be directed to Tomcat's /jspui webapp, you can use either one of two methods : 1) 1a) make /jspui become your default Tomcat application. For that, you have to rename it to ROOT. There are plenty of explanations available about this in previous threads on this list, or else there is a superb tutorial about it in the FAQ. (http://wiki.apache.org/tomcat/HowTo , see #38) The end result will be that, for Tomcat, your former /jspui application will now respond to the URL http://digital.maag.ysu.edu:8080/ 1b) of course you then need to change your ProxyPass directive, so that Apache would proxy to Tomcat's new default application, the URL http://digital.maag.ysu.edu/ (in other words, /) That is left as an exercise to the reader. (But, if you do a ProxyPass of /, make sure you put that one as the last ProxyPass, to give the others a chance). OR 2) use mod_rewrite under Apache, to rewrite the URL http://digital.maag.ysu.edu/ (in other words, /) to http://digital.maag.ysu.edu/jspui and then just proxy this to Tomcat like above. This is all assuming that in your Apache VirtualHost for digital.maag.ysu.edu, you just proxy everything to Tomcat, and do not want, with this VirtualHost, to serve anything directly from Apache. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: POST replication
Caldarale, Charles R wrote: From: João Nuno Silva [mailto:jns...@gmail.com] Subject: Re: POST replication 1) I want to have an authentication module that's independent of the servlet container used (because I think this behavior of request replay isn't a standard, but I might be wrong...); The servlet spec requires that the container retain the original request so it can be replayed if authentication succeeds. Thanks for clarifying that! 2) I believe I can better optimize session creation to reduce memory usage (because I won't save the previous request in session). It doesn't really matter where you save the request; it will still consume the same amount of heap space unless you slow things down by writing it to disk (and thereby create a host of other problems for the normal path). I think this way I can be more tolerable to DoS attacks from unauthenticated users; I don't see how that follows. I was testing the possibility of sending just a token with the login page and save the request to a persistent storage and when a successful authentication arrived use that token to retrieve the request. This way nothing was kept in memory and server stability was increased because sessions would only be created for authenticated users. These were my thoughts but I haven't done any memory usage profiling to back them up. 3) I'm learning a few things in the process of reinventing this wheel ;) That one I'll buy. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: POST replication
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 João, On 11/18/2009 2:13 PM, João Nuno Silva wrote: Caldarale, Charles R wrote: I'm curious as to why you're reinventing this particular wheel. Why not let Tomcat's built-in authentication handling do the hard work for you, and you just supply either a custom Realm or a JAAS-compliant login module to do the actual user validation? That would seem to be a lot easier and a lot less dependent on the internals of the particular Tomcat version you happen to be using. I'm doing this as an hobby, not at work! With this in mind, my reasons are: 1) I want to have an authentication module that's independent of the servlet container used (because I think this behavior of request replay isn't a standard, but I might be wrong...); You could look at securityfilter, which was built for just such a purpose. There's also ACEGI or Spring Security which is also independent of the container. I'll try Spring Security, they don't specifically mention request replay but I guess it must support it. Thank you! 2) I believe I can better optimize session creation to reduce memory usage (because I won't save the previous request in session). I think this way I can be more tolerable to DoS attacks from unauthenticated users; Empty sessions are pretty light. I would guess that your additional credential management overhead will end up being roughly equivalent to what Tomcat experiences using sessions to store its information. 3) I'm learning a few things in the process of reinventing this wheel ;) Well, there's no reason to stop you, then :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksETrQACgkQ9CaO5/Lv0PABXQCfa+KNphg/3/1ojU2JXIFC3y0h SxgAnibdF4O9EBgZk++WRKsr7zdEXWpd =JUW5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache-2.2.11 + mod_jk-1.2.28 + SSL
Hi,
On 18.11.2009 17:01, conrad-tomcat.users.2...@tivano.de wrote:
Hi,
we're seeing a strange problem here that is only partially reproducible.
Our customer is running a cluster of Tomcat 5.5.26 servers (several cluster
domains) behind several load-balanced Apache-2.2.11 (for SSL termination +
sticky sessions). The application consists of an unencrypted part and an
SSL encrypted part. Most of the time, the setup is running fine (at least
since we solved some (unrelated) network problems, see my previous mails).
When a HTTP/1.0 client requests a dynamically generated page over SSL,
most of the response is returned immediately. Then, we see a 5-second
timeout (this is *not* Apache's KeepAliveTimeout), then the rest of the
response is delivered just before the connection is shut down.
For dynamically generated pages, we do not set a Content-Length header,
so for HTTP/1.0 clients the server has to respond with Connection: close
(which it does). Only it waits for 5 seconds before actually closing it.
Everything works fine for
- static content (where we set Content-Length)
- redirects (where we set Content-Lenth: 0)
- HTTP/1.1-clients (where the server uses Transfer-Encoding: Chunked)
- HTTP/1.0-clients in the non-ssl part (!)
Here's an example output generated by curl -0 -v -L -N -o /dev/null:
* About to connect() to xxx.yyy.de port 443 (#0)
* Trying xxx.xxx.xx.xx... connected
* Connected to xxx.yyy.de (xxx.xxx.xx.xx) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*subject: /C=DE/ST=.../L=.../O=.../OU=.../CN=xxx.yyy.de
*start date: 2009-07-13 00:00:00 GMT
*expire date: 2010-07-23 23:59:59 GMT
*common name: xxx.yyy.de (matched)
*issuer: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign
International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref.
LIABILITY LTD. (c)97 VeriSign
*SSL certificate verify ok.
GET /.../html HTTP/1.0
User-Agent: curl/7.19.0 (i686-suse-linux-gnu) libcurl/7.19.0 OpenSSL/0.9.8h
zlib/1.2.3 libidn/1.10
Host: xxx.yyy.de
Accept: */*
Cookie: JSESSIONID=B0ED3118B70E8E00433E2E709C9FE5B7.zzz
HTTP/1.1 200 OK
Date: Wed, 18 Nov 2009 15:18:50 GMT
Server: Apache
Cache-Control: no-cache
Pragma: no-cache
P3P: policyref=..., CP=IDC CUR DEV PSA CONi OUR DEL STP PHY ONL UNI PUR
COM NAV DEM CNT STA
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: de
% Total% Received % Xferd Average Speed TimeTime Time
Current
Dload Upload Total SpentLeft Speed
^M 0 00 00 0 0 0 --:--:-- --:--:-- --:--:--
0
{ [data not shown]
^M100 245520 245520 0 19043 0 --:--:-- 0:00:01 --:--:--
22239
^M100 245520 245520 0 10706 0 --:--:-- 0:00:02 --:--:--
11647
^M100 245520 245520 0 7446 0 --:--:-- 0:00:03 --:--:--
7889
^M100 245520 245520 0 5702 0 --:--:-- 0:00:04 --:--:--
5959
^M100 245520 245520 0 4876 0 --:--:-- 0:00:05 --:--:--
5062
* SSLv3, TLS alert, Client hello (1):
{ [data not shown]
^M100 280350 280350 0 5556 0 --:--:-- 0:00:05 --:--:--
927
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):
} [data not shown]
As you can see, 24552 (=3 * 8184) bytes are received almost immediately,
8184 looks like the body size of one full AJP packet (protocol used by
mod_jk and Tomcat).
while the rest is only transferred after 5 seconds. Leaving -0 away
from the curl command line, the complete result is received immediately.
Requesting the same page via http instead of https, the complete result
is received immediately. The 5-second-delay can be seen using wget
instead of curl, too, so this is probably not a client problem.
So far, the problem has only been seen on the production system.
Due to the load conditions, it is infeasible to run mod_jk with significant
logging output.
To bad.
mod_jk configuration is straightforward, timeouts are not defined (i. e.
we use default values).
That's not so nice but also likely not the cause of
Problem with reading plain html
Hi! I got application deployed in tomcat. This application generates html log files. I would like to access these files from my webapplication but i got problems. When i put these files in for ex: c:/logs i cant access them because created link: file:///c:/logs/file.html is not working (i read that this is a browser security issue). Then i tried to create link using relative path, because the application is often redeployed i have to put this folder outside application folder in webapp. When i put the folder in webapps/logs i still cant access the file because there is no project logs so the resource is not found. How to workaround this issue? I tried to google with no help. How to read plain html file from my webapplication? -- View this message in context: http://old.nabble.com/Problem-with-reading-plain-html-tp26418721p26418721.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with reading plain html
On Wed, Nov 18, 2009 at 5:08 PM, sosna patryk.sosin...@gmail.com wrote: I got application deployed in tomcat. This application generates html log files. I would like to access these files from my webapplication but i got problems. When i put these files in for ex: c:/logs i cant access them because created link: file:///c:/logs/file.html is not working (i read that this is a browser security issue). Then i tried to create link using relative path, because the application is often redeployed i have to put this folder outside application folder in webapp. When i put the folder in webapps/logs i still cant access the file because there is no project logs so the resource is not found. ? You can write the logs to an alternate context, exactly as above: $CATALINA_HOME/webapps/logs and just never redeploy that. HTH, -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with reading plain html
But how to access these files when i dont have webapplication logs deployed. I tried that and got tomcat error page resource /logs not found. I dont want to deploy another project i want to access html files from a folder in tomcat. Is it possible ?? Hassan Schroeder-2 wrote: On Wed, Nov 18, 2009 at 5:08 PM, sosna patryk.sosin...@gmail.com wrote: ? You can write the logs to an alternate context, exactly as above: $CATALINA_HOME/webapps/logs and just never redeploy that. HTH, -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Problem-with-reading-plain-html-tp26418721p26418843.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with reading plain html
On Wed, Nov 18, 2009 at 5:22 PM, sosna patryk.sosin...@gmail.com wrote: But how to access these files when i dont have webapplication logs deployed. I tried that and got tomcat error page resource /logs not found. I dont want to deploy another project i want to access html files from a folder in tomcat. Is it possible ?? Not as easily as doing what I suggested. What's the big issue with creating a directory under webapps and putting your log files there? Seems pretty lightweight to me... -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with reading plain html
Ah! You are right ! My bad. I forgot to restart tomcat after creating logs folder. It is working like i wanted. Thanks! Hassan Schroeder-2 wrote: On Wed, Nov 18, 2009 at 5:22 PM, sosna patryk.sosin...@gmail.com wrote: But how to access these files when i dont have webapplication logs deployed. I tried that and got tomcat error page resource /logs not found. I dont want to deploy another project i want to access html files from a folder in tomcat. Is it possible ?? Not as easily as doing what I suggested. What's the big issue with creating a directory under webapps and putting your log files there? Seems pretty lightweight to me... -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Problem-with-reading-plain-html-tp26418721p26418986.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Java Out of Heap Issue
I consider old code part of application code :) no age discrimination when it comes to memory leaks. What you describe in your memory graph is a simple memory leak. Generally, I would look in that order: 1a. Old code? Look for improperly closed DB connections. 1. Sessions 2. Application code 3. Other webapps p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Fwd: Servlet MessageBrokerServlet is not available on Ubuntu AMD64
I have solved this problem. What I did is as Follows. There is No Problem with either BlazeDS, Tomcat or Kubuntu OS as such. The repository Install of Tomcat has the problem. What I did is as follows. 1. First I removed the repository Install of all Tomcat packages. 2. Downloaded the stable tar.gz distribution from Apache website. 3. Followed Instructions at this http://www.howtogeek.com/howto/linux/installing-tomcat-6-on-ubuntu/ (states that repository Install of tomcat do not work properly.) 4. deployed the blazeds war on linux 5. Started Tomcat and tested http://localhost:8080/blazeds/messagebroker/amf It gave me blank screen as expected. Moderators may put Repository Install of Tomcat do not work properly in FAQ section of Tomcat so that it helps Ubuntu Users. Thanks and best Regards Raja - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Dedicated Thread Pool
I'm using Lambda Probe http://www.lambdaprobe.org/ to monitor threads of my Tomcat Connector. In the first few hours of Tomcat startup, threads were named http-8080-exec-1, http-8080-exec-2, etc. But now after two days, I cannot see those threads anymore. It currently has http-8080-exec-480, http-8080-exec-481, etc. How can a thread be removed from a thread pool? I can imagine a thread being suspended or waiting on a busy resource, but how can it be removed? Mohsen On Sat, Nov 14, 2009 at 8:55 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Mohsen Saboorian [mailto:mohs...@gmail.com] Subject: Re: Dedicated Thread Pool Chuck, how can I bind the new Connector to a different webapp directory? You can't, unless you create an additional Service and Engine - which is likely more trouble than it's worth. Just use the alternate port when running the monitor app, and use the regular port for the other webapps. In this case, obscurity (not telling users about the alternate port) is probably sufficient. Again, JMX-based tools may well give you more and better information - such as being able to look at thread dumps on the fly. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Importing CERTIFICATE into Java Keystore
Thanks for your response, No, I don't know any of these things. This is why I am so confused!! My JAVA folder has 3 different locations which contain the command KEYTOOL I don't even know which of them is supposed to hold the certificate. Yesterday, just to be on the safe side, I imported my certificate into ALL 3 locations (under 3 different aliases) Still did not work. Then I found yet another command online which says that, it's not enough to import the certificate into keystore. It needs to be imported directly into the CACERT file. But, it does not say HOW this should be done!! To make matters even worse, I found yet another advice in Tomcat's documentation, saying : before importing the certificate, you need to first import a so-called TRUST CHAIN. In some places, it says you need this trust chain if the certificate was applied for by yourself. In some places, it does not mention the trust chain at all, if you already trust the certificate. So, what exactly is the CORRECT way to do this? And what is the right command??? is it : keytool -import -file tomcatCert.crt -trustcacerts -alias tomcat -keystore c:/apps/jdk/jre/lib/security/cacerts -storepass changeit or is it :keytool -import -alias root -keystore your_keystore_filename -trustcacerts -file filename_of_the_chain_certificate or : keytool -import -alias tomcat -keystore your_keystore_filename -file your_certificate_filename or : keytool -importcert -alias abc -file ABCCA.cer Which is it ??? And what is the difference between KEYSTORE and CACERT I am just so confused!! Date: Wed, 18 Nov 2009 15:00:17 -0500 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Importing CERTIFICATE into Java Keystore -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen, On 11/18/2009 3:26 AM, Stephen . wrote: keytool -importcert -alias abc -file ABCCA.cer (where abc is the alias) You need to make sure that the keystore file you used to import the certificate is also the keystore used by the LDAP resource. Do you know what keystore into which you imported your cert? Do you know what keystore is being used by the LDAP resource? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksEUlEACgkQ9CaO5/Lv0PCpogCcDEhSp2nvPErskak6mbdkpJqR PD8AnjglMawq8ag9j3YTh9HefruQ4oLY =TR5G -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010
