tomcat 6.0.32, ecj maven dependency
I can't find a maven repo with the ecj dependency specified in jasper-6.0.32 groupIdorg.eclipse.jdt.core.compiler/groupIdartifactIdecj/artifactId version3.3.1/version has anybody a hint? thanks in advance federico fissore - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.32, ecj maven dependency
On 01/04/2011 08:29, Federico Fissore wrote: I can't find a maven repo with the ecj dependency specified in jasper-6.0.32 groupIdorg.eclipse.jdt.core.compiler/groupIdartifactIdecj/artifactId version3.3.1/version has anybody a hint? The uploading of versions of that jar is somewhat patchy. The simplest thing to do is grab a copy from Eclipse and load it manually into your local repo. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk / AJP and compression
Hello, The Tomcat AJP Connector does not support compression. Why has this been ommitted? Of course, Apache can do compression but this leaves data running uncompressed between Apache and Tomcat. John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk / AJP and compression
On 01/04/2011 11:15, John Baker wrote: Hello, The Tomcat AJP Connector does not support compression. Why has this been ommitted? Because the link between Tomcat and reverse proxy will nearly always have significantly more capacity than the link between the client and the reverse proxy. Adding compression gains very little but adds delay and increases CPU usage. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: maxThreads
On 01/04/2011 06:58, Kaushal Shriyan wrote: Hi, What are the implications or issues if maxThreads are increased from the default 150 to 300 threads. Are there any performance issues ? Yes, may be at risk of improving performance. p I am using TC 5.5.27 , Ubuntu Linux Server 8.04 , Sun Java 1.6.0 Update 24 Please suggest/guide. Thanks and Regards, Kaushal signature.asc Description: OpenPGP digital signature
Re: mod_jk / AJP and compression
Mark, In general, that's true. However, for high performance applications measuring results in milliseconds - ie noting that a request with compression takes 60ms and without takes 120ms - it's an issue. And it seems so easy to fix by putting compression into the Tomcat AJP connector. Given it's a quick fix, I was curious to why it hadn't been done before now? John On Fri, 01 Apr 2011 11:20 +0100, Mark Thomas ma...@apache.org wrote: On 01/04/2011 11:15, John Baker wrote: Hello, The Tomcat AJP Connector does not support compression. Why has this been ommitted? Because the link between Tomcat and reverse proxy will nearly always have significantly more capacity than the link between the client and the reverse proxy. Adding compression gains very little but adds delay and increases CPU usage. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Problem with too many open db connections on Tomcat
Hello, I have a problem with Tomcat and open connections to an Oracle 11g database. I use Tomcat 5.5, DBCP 1.2 and Hibernate 3.3 + Spring for DB connections. For political reasons I can not upgrade to new Tomcat versions at the moment. I have 7 deployed apps on the Tomcat. 4 user a datasource configured for Tomcat itself (in context.xml) with a setting of maxActiv=20. This datasource is used by Hibernate via JNDI. 3 other apps use their own datasource with all together 15 db connections (everyone with maxActive=5). So I thought that there should be at most 35 connections to the database. But netstat on Linux shows that there are on average between 38 and 61. I used visualvm to look at the MBeans for all apps and there at the datasource. All showed numActive=0. According to my google search numActive shows the number of active connections. I thought this would show me the number of active DB connections that Hibernate is currently using. Am I wrong here? It was weird that all always showed 0 for numActive. Has anyone had a similar problem? How can I find out if and where I have a connection leak? best wishes, Claus -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with too many open db connections on Tomcat
On 01/04/2011 12:36, Claus Hausberger wrote: Hello, I have a problem with Tomcat and open connections to an Oracle 11g database. I use Tomcat 5.5, DBCP 1.2 and Hibernate 3.3 + Spring for DB connections. For political reasons I can not upgrade to new Tomcat versions at the moment. I have 7 deployed apps on the Tomcat. 4 user a datasource configured for Tomcat itself (in context.xml) with a setting of maxActiv=20. This datasource is used by Hibernate via JNDI. Which context.xml file? Exactly where is it located? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat GzipOutputFilter
Hello, I note there's a GzipOutputFilter in the Tomcat (and JBoss) jar files: http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/http11/filters/GzipOutputFilter.html Yet I can't load it in the web.xml file using filter-class. Is there some pre-defined filter name for this filter? John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat GzipOutputFilter
2011/4/1 John Baker jba...@javasystemsolutions.com: Hello, I note there's a GzipOutputFilter in the Tomcat (and JBoss) jar files: http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/http11/filters/GzipOutputFilter.html Yet I can't load it in the web.xml file using filter-class. Is there some pre-defined filter name for this filter? This class does not implement the javax.servlet.Filter interface and thus it cannot be used in a web application. It is just an internal component of HTTP connectors, that is used when you enable gzip compression on the connector, http://tomcat.apache.org/tomcat-6.0-doc/config/http.html There is compressionFilters.CompressionFilter class in the examples webapp though, that can be used as a Filter. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat GzipOutputFilter
The AJP connector doesn't support compression (a missing useful feature in my opinion) so I found myself looking for a filter. Thanks for letting me know it won't work. I'll look at the example filter. On Fri, 01 Apr 2011 16:28 +0400, Konstantin Kolinko knst.koli...@gmail.com wrote: 2011/4/1 John Baker jba...@javasystemsolutions.com: Hello, I note there's a GzipOutputFilter in the Tomcat (and JBoss) jar files: http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/http11/filters/GzipOutputFilter.html Yet I can't load it in the web.xml file using filter-class. Is there some pre-defined filter name for this filter? This class does not implement the javax.servlet.Filter interface and thus it cannot be used in a web application. It is just an internal component of HTTP connectors, that is used when you enable gzip compression on the connector, http://tomcat.apache.org/tomcat-6.0-doc/config/http.html There is compressionFilters.CompressionFilter class in the examples webapp though, that can be used as a Filter. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with too many open db connections on Tomcat
Original-Nachricht Datum: Fri, 01 Apr 2011 12:44:28 +0100 Von: Mark Thomas ma...@apache.org An: Tomcat Users List users@tomcat.apache.org Betreff: Re: Problem with too many open db connections on Tomcat On 01/04/2011 12:36, Claus Hausberger wrote: Hello, I have a problem with Tomcat and open connections to an Oracle 11g database. I use Tomcat 5.5, DBCP 1.2 and Hibernate 3.3 + Spring for DB connections. For political reasons I can not upgrade to new Tomcat versions at the moment. I have 7 deployed apps on the Tomcat. 4 user a datasource configured for Tomcat itself (in context.xml) with a setting of maxActiv=20. This datasource is used by Hibernate via JNDI. Which context.xml file? Exactly where is it located? Mark Hi Mark, the file is in the Tomcat folder under: conf/context.xml this is the config: Resource name=jdbc/myDS auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@my-oracle-host:mysid username=xxx password=XXX maxActive=20 maxIdle=10 maxWait=-1 / regards, Claus - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat GzipOutputFilter
On Fri, 01 Apr 2011 13:31:18 +0100, John Baker jba...@javasystemsolutions.com wrote: The AJP connector doesn't support compression (a missing useful feature in my opinion) Typical deployment setup for AJP connector is to pass requests via processes on the same machine, or at least in the same network segment. So there's no need to compress such traffic. You want compression to limit bytes sent to remote clients, over WAN connection. -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problem with too many open db connections on Tomcat
Are you able to insert these attributes in the Resource tag? timeBetweenEvictionRunsMillis=-1 minEvictableIdleTimeMillis=5000 poolPreparedStatements=true removeAbandoned=true removeAbandonedTimeout=300 I have these attributes nested in my Resource element - I never used 5.5 but use 6.0.29 and I believe it helps with potential rogue connections. -Original Message- From: Claus Hausberger [mailto:chausber...@gmx.de] Sent: Friday, April 01, 2011 7:38 AM To: Tomcat Users List Subject: Re: Problem with too many open db connections on Tomcat Original-Nachricht Datum: Fri, 01 Apr 2011 12:44:28 +0100 Von: Mark Thomas ma...@apache.org An: Tomcat Users List users@tomcat.apache.org Betreff: Re: Problem with too many open db connections on Tomcat On 01/04/2011 12:36, Claus Hausberger wrote: Hello, I have a problem with Tomcat and open connections to an Oracle 11g database. I use Tomcat 5.5, DBCP 1.2 and Hibernate 3.3 + Spring for DB connections. For political reasons I can not upgrade to new Tomcat versions at the moment. I have 7 deployed apps on the Tomcat. 4 user a datasource configured for Tomcat itself (in context.xml) with a setting of maxActiv=20. This datasource is used by Hibernate via JNDI. Which context.xml file? Exactly where is it located? Mark Hi Mark, the file is in the Tomcat folder under: conf/context.xml this is the config: Resource name=jdbc/myDS auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@my-oracle-host:mysid username=xxx password=XXX maxActive=20 maxIdle=10 maxWait=-1 / regards, Claus - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with too many open db connections on Tomcat
On 01/04/2011 13:38, Claus Hausberger wrote: Original-Nachricht Datum: Fri, 01 Apr 2011 12:44:28 +0100 Von: Mark Thomas ma...@apache.org An: Tomcat Users List users@tomcat.apache.org Betreff: Re: Problem with too many open db connections on Tomcat On 01/04/2011 12:36, Claus Hausberger wrote: Hello, I have a problem with Tomcat and open connections to an Oracle 11g database. I use Tomcat 5.5, DBCP 1.2 and Hibernate 3.3 + Spring for DB connections. For political reasons I can not upgrade to new Tomcat versions at the moment. I have 7 deployed apps on the Tomcat. 4 user a datasource configured for Tomcat itself (in context.xml) with a setting of maxActiv=20. This datasource is used by Hibernate via JNDI. Which context.xml file? Exactly where is it located? Mark Hi Mark, the file is in the Tomcat folder under: conf/context.xml this is the config: Resource name=jdbc/myDS auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@my-oracle-host:mysid username=xxx password=XXX maxActive=20 maxIdle=10 maxWait=-1 / And there is the problem. conf/context.xml provides the defaults for every web application so every context deployed on that instance will have a resource as configured as above. If you want a shared resource, define it in server.xml and put a resource link in conf/context.xml. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with too many open db connections on Tomcat
Original-Nachricht Datum: Fri, 01 Apr 2011 14:49:56 +0100 Von: Mark Thomas ma...@apache.org An: Tomcat Users List users@tomcat.apache.org Betreff: Re: Problem with too many open db connections on Tomcat On 01/04/2011 13:38, Claus Hausberger wrote: Original-Nachricht Datum: Fri, 01 Apr 2011 12:44:28 +0100 Von: Mark Thomas ma...@apache.org An: Tomcat Users List users@tomcat.apache.org Betreff: Re: Problem with too many open db connections on Tomcat On 01/04/2011 12:36, Claus Hausberger wrote: Hello, I have a problem with Tomcat and open connections to an Oracle 11g database. I use Tomcat 5.5, DBCP 1.2 and Hibernate 3.3 + Spring for DB connections. For political reasons I can not upgrade to new Tomcat versions at the moment. I have 7 deployed apps on the Tomcat. 4 user a datasource configured for Tomcat itself (in context.xml) with a setting of maxActiv=20. This datasource is used by Hibernate via JNDI. Which context.xml file? Exactly where is it located? Mark Hi Mark, the file is in the Tomcat folder under: conf/context.xml this is the config: Resource name=jdbc/myDS auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@my-oracle-host:mysid username=xxx password=XXX maxActive=20 maxIdle=10 maxWait=-1 / And there is the problem. conf/context.xml provides the defaults for every web application so every context deployed on that instance will have a resource as configured as above. If you want a shared resource, define it in server.xml and put a resource link in conf/context.xml. Mark Hi Mark, thanks. Do I understand this correctly? If my file (context.xml) defines maxActive=20 and I have 4 apps using this, everyone get's it's own 20 connections, making it at most 80? I thought this would be one pool shared by all. I will try it as you suggested with server.xml. best wishes, Claus - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit gratis Handy-Flat! http://portal.gmx.net/de/go/dsl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with too many open db connections on Tomcat
On 01/04/2011 14:56, Claus Hausberger wrote: Original-Nachricht Datum: Fri, 01 Apr 2011 14:49:56 +0100 Von: Mark Thomas ma...@apache.org An: Tomcat Users List users@tomcat.apache.org Betreff: Re: Problem with too many open db connections on Tomcat On 01/04/2011 13:38, Claus Hausberger wrote: Original-Nachricht Datum: Fri, 01 Apr 2011 12:44:28 +0100 Von: Mark Thomas ma...@apache.org An: Tomcat Users List users@tomcat.apache.org Betreff: Re: Problem with too many open db connections on Tomcat On 01/04/2011 12:36, Claus Hausberger wrote: Hello, I have a problem with Tomcat and open connections to an Oracle 11g database. I use Tomcat 5.5, DBCP 1.2 and Hibernate 3.3 + Spring for DB connections. For political reasons I can not upgrade to new Tomcat versions at the moment. I have 7 deployed apps on the Tomcat. 4 user a datasource configured for Tomcat itself (in context.xml) with a setting of maxActiv=20. This datasource is used by Hibernate via JNDI. Which context.xml file? Exactly where is it located? Mark Hi Mark, the file is in the Tomcat folder under: conf/context.xml this is the config: Resource name=jdbc/myDS auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@my-oracle-host:mysid username=xxx password=XXX maxActive=20 maxIdle=10 maxWait=-1 / And there is the problem. conf/context.xml provides the defaults for every web application so every context deployed on that instance will have a resource as configured as above. If you want a shared resource, define it in server.xml and put a resource link in conf/context.xml. Mark Hi Mark, thanks. Do I understand this correctly? If my file (context.xml) defines maxActive=20 and I have 4 apps using this, everyone get's it's own 20 connections, making it at most 80? Correct. I thought this would be one pool shared by all. Nope. I will try it as you suggested with server.xml. That should fix it. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with too many open db connections on Tomcat
Is there a way to encrypt the password in the Resource tag and tomcat can still read it and decrypt? -Henry On 4/1/2011 9:58 AM, Mark Thomas wrote: On 01/04/2011 14:56, Claus Hausberger wrote: Original-Nachricht Datum: Fri, 01 Apr 2011 14:49:56 +0100 Von: Mark Thomasma...@apache.org An: Tomcat Users Listusers@tomcat.apache.org Betreff: Re: Problem with too many open db connections on Tomcat On 01/04/2011 13:38, Claus Hausberger wrote: Original-Nachricht Datum: Fri, 01 Apr 2011 12:44:28 +0100 Von: Mark Thomasma...@apache.org An: Tomcat Users Listusers@tomcat.apache.org Betreff: Re: Problem with too many open db connections on Tomcat On 01/04/2011 12:36, Claus Hausberger wrote: Hello, I have a problem with Tomcat and open connections to an Oracle 11g database. I use Tomcat 5.5, DBCP 1.2 and Hibernate 3.3 + Spring for DB connections. For political reasons I can not upgrade to new Tomcat versions at the moment. I have 7 deployed apps on the Tomcat. 4 user a datasource configured for Tomcat itself (in context.xml) with a setting of maxActiv=20. This datasource is used by Hibernate via JNDI. Which context.xml file? Exactly where is it located? Mark Hi Mark, the file is in the Tomcat folder under: conf/context.xml this is the config: Resource name=jdbc/myDS auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@my-oracle-host:mysid username=xxx password=XXX maxActive=20 maxIdle=10 maxWait=-1 / And there is the problem. conf/context.xml provides the defaults for every web application so every context deployed on that instance will have a resource as configured as above. If you want a shared resource, define it in server.xml and put a resource link in conf/context.xml. Mark Hi Mark, thanks. Do I understand this correctly? If my file (context.xml) defines maxActive=20 and I have 4 apps using this, everyone get's it's own 20 connections, making it at most 80? Correct. I thought this would be one pool shared by all. Nope. I will try it as you suggested with server.xml. That should fix it. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk workers contact 'localhost' instead of the configured host
Hi, I'm working with mod_jk 1.2.31 for Apache 2.2.3 under RedHat Linux and I'm trying to configure a simple two JBoss nodes load balancer. No virtualhost are used. Workers are configured as follow: - worker.lnxstagjboss1_staging3.port=8009 worker.lnxstagjboss1_staging3.host=172.16.133.117 worker.lnxstagjboss1_staging3.type=ajp13 worker.lnxstagjboss1_staging3.lbfactor=1 worker.lnxstagjboss2_staging3.port=8009 worker.lnxstagjboss2_staging3.host=172.16.133.118 worker.lnxstagjboss2_staging3.type=ajp13 worker.lnxstagjboss2_staging3.lbfactor=1 worker.loadbalancer3.type=lb worker.loadbalancer3.sticky_session=1 worker.loadbalancer3.balance_workers=lnxstagjboss1_partition3,lnxstagjboss2_partition3 The two JBoss bind to the addresses 172.16.133.117 and 172.16.133.118, not localhost. When running Apache, the worker try to connect to localhost instead of the two hosts and obviously does not work. This is the relevant part of log: [Fri Apr 01 15:14:29 2011][6809:4864] [debug] ajp_validate::jk_ajp_common.c (1996): worker lnxstagjboss1_partition3 contact is 'localhost:8009' ... [Fri Apr 01 15:14:29 2011][6809:4864] [debug] ajp_validate::jk_ajp_common.c (1996): worker lnxstagjboss2_partition3 contact is 'localhost:8009' Marco Sarti - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem with too many open db connections on Tomcat
On 01/04/2011 15:06, Henry Lu wrote: Is there a way to encrypt the password in the Resource tag and tomcat can still read it and decrypt? 1. Please don't hijack someone else's thread. 2. Look at the docs, in particular the FAQs before posting. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat GzipOutputFilter
On 01/04/2011 13:31, John Baker wrote: The AJP connector doesn't support compression (a missing useful feature in my opinion) so I found myself looking for a filter. Thanks for letting me know it won't work. I'll look at the example filter. Surely you want to be doing that at the HTTPD edge? mod_deflate would do the job and requires minimal configuration. p On Fri, 01 Apr 2011 16:28 +0400, Konstantin Kolinko knst.koli...@gmail.com wrote: 2011/4/1 John Baker jba...@javasystemsolutions.com: Hello, I note there's a GzipOutputFilter in the Tomcat (and JBoss) jar files: http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/coyote/http11/filters/GzipOutputFilter.html Yet I can't load it in the web.xml file using filter-class. Is there some pre-defined filter name for this filter? This class does not implement the javax.servlet.Filter interface and thus it cannot be used in a web application. It is just an internal component of HTTP connectors, that is used when you enable gzip compression on the connector, http://tomcat.apache.org/tomcat-6.0-doc/config/http.html There is compressionFilters.CompressionFilter class in the examples webapp though, that can be used as a Filter. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: mod_jk workers contact 'localhost' instead of the configured host
2011/4/1 Marco Sarti marco.sa...@plangroup.it: Hi, I'm working with mod_jk 1.2.31 for Apache 2.2.3 under RedHat Linux and I'm trying to configure a simple two JBoss nodes load balancer. No virtualhost are used. Workers are configured as follow: - worker.lnxstagjboss1_staging3.port=8009 worker.lnxstagjboss1_staging3.host=172.16.133.117 worker.lnxstagjboss1_staging3.type=ajp13 worker.lnxstagjboss1_staging3.lbfactor=1 worker.lnxstagjboss2_staging3.port=8009 worker.lnxstagjboss2_staging3.host=172.16.133.118 worker.lnxstagjboss2_staging3.type=ajp13 worker.lnxstagjboss2_staging3.lbfactor=1 How the above names (with staging in them) match to the ones below (with partition in them)? worker.loadbalancer3.type=lb worker.loadbalancer3.sticky_session=1 worker.loadbalancer3.balance_workers=lnxstagjboss1_partition3,lnxstagjboss2_partition3 The two JBoss bind to the addresses 172.16.133.117 and 172.16.133.118, not localhost. When running Apache, the worker try to connect to localhost instead of the two hosts and obviously does not work. This is the relevant part of log: [Fri Apr 01 15:14:29 2011][6809:4864] [debug] ajp_validate::jk_ajp_common.c (1996): worker lnxstagjboss1_partition3 contact is 'localhost:8009' ... [Fri Apr 01 15:14:29 2011][6809:4864] [debug] ajp_validate::jk_ajp_common.c (1996): worker lnxstagjboss2_partition3 contact is 'localhost:8009' - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
password encryption
I tried the following command and failed as tomcat home directory: C:\apps\apache-tomcat-7.0.11java -cp lib/catalina.jar;bin/tomcat-juli.jar org.a pache.catalina.realm.RealmBase -a md5 henry Exception in thread main java.lang.NoClassDefFoundError: org/apache/tomcat/uti l/res/StringManager at org.apache.catalina.util.LifecycleBase.clinit(LifecycleBase.java:38 ) Caused by: java.lang.ClassNotFoundException: org.apache.tomcat.util.res.StringMa nager at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) ... 1 more Could not find the main class: org.apache.catalina.realm.RealmBase. Program wil l exit. Any Help? -Henry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Protecting against HTTP response splitting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 3/31/2011 8:21 PM, Christopher Schultz wrote: On 3/31/2011 7:05 AM, Ronald Klop wrote: I would say that some proper input validation solves your problem. Does new URL(redirectURL).toString() give an exception on invalid url's? new URL(String) will throw a MalformedURLException if there are illegal characters in the URL. I suppose that's good enough for my purposes: the only returnURLs that should be generated should be coming from our own application, and if they are broken, it's a bug. If a MalformedURLException is thrown, it should be due to some sort of malicious use and the user is better off getting a nasty error than just about anything else. Apparently, it's more complicated than that... at least when it comes to my particular application... we want to keep the URLs as short as possible, they they are not fully-qualified in most cases. Instead, they are webapp-relative and blindly passing them into the java.net.URL constructor fails even for real URLs because they have no protocol. Now, I could add code to fully-qualify them, but then I'd be doing work I'm already asking the container to do for me (since HttpServletResponse.sendRedirect is required to fully-qualify the URL anyway) and I'd prefer to rely on the container for that task -- it's likely to do a better job, anyway :) I think I'm doing to standardize on simply scanning for troublesome characters like \r and \n and throwing a MalformedURLException or something like that. If anyone else has any good ideas or Warnings about what might be a naive sanitization check, I'd be glad to hear them. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2V5gsACgkQ9CaO5/Lv0PBgfwCeOrioFeSvp8iUJ51a9qJqAny3 8QkAn0c12aRinn7eoGUoAgA2uYydVQA/ =bwLF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Protecting against HTTP response splitting
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Leon,
On 4/1/2011 1:49 AM, Leon Rosenberg wrote:
On Fri, Apr 1, 2011 at 2:21 AM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ronald,
On 3/31/2011 7:05 AM, Ronald Klop wrote:
I would say that some proper input validation solves your problem.
Does new URL(redirectURL).toString() give an exception on invalid url's?
new URL(String) will throw a MalformedURLException if there are illegal
characters in the URL.
This will work for 'correct urls', however, you don't necessary need
to send correct urls, and I suppose you don't want to:
Consider this, struts1 like action:
public ActionForward execute(ActionMapping mapping, FormBean bean,
HttpServletRequest req, HttpServletResponse res) throws Exception {
//do something useful
res.sendRedirect(pageResult?page=1);
return null;
}
This is not a syntactically correct url, but it will work in all
browsers and save you a lot of stress in multi-url (i18n) portals.
I would solve your problem by having multiple entry points for the
actions which than can specify the final redirect path.
Yeah, I was thinking about this, too... instead of passing the actual
URL, just have a list of predefined URLs like home or display or
whatever and then just pass-around a symbolic name... that way, the
worst a malicious user can do is get the wrong name and go to a
different part of the webapp... instead of being able to redirect to
evilsite.com.
That requires more work, of course, and may be the ultimate solution we
choose... but it's not going to work for some particular actions because
they really can be redirected to an arbitrary location within our
webapp, and enumerating those would not really be possible.
Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk2V5sAACgkQ9CaO5/Lv0PA7cgCglfyxvxL2wzNeTJIOiWsmrCqA
CV4AoLgdmc3bG5I19J2tf9BLDxXme1Sh
=iQAo
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk workers contact 'localhost' instead of the configured host
My apologies to all the list for this stupid mistake... you are right. Thank you. Marco Sarti Plansoft Srl - via Rosellini, 25 Firenze Cell: (+39)3489932833 Skype: msarti66 - Messaggio originale - Da: Konstantin Kolinko knst.koli...@gmail.com A: Tomcat Users List users@tomcat.apache.org Inviato: Venerdì, 1 aprile 2011 16:45:43 Oggetto: Re: mod_jk workers contact 'localhost' instead of the configured host 2011/4/1 Marco Sarti marco.sa...@plangroup.it: Hi, I'm working with mod_jk 1.2.31 for Apache 2.2.3 under RedHat Linux and I'm trying to configure a simple two JBoss nodes load balancer. No virtualhost are used. Workers are configured as follow: - worker.lnxstagjboss1_staging3.port=8009 worker.lnxstagjboss1_staging3.host=172.16.133.117 worker.lnxstagjboss1_staging3.type=ajp13 worker.lnxstagjboss1_staging3.lbfactor=1 worker.lnxstagjboss2_staging3.port=8009 worker.lnxstagjboss2_staging3.host=172.16.133.118 worker.lnxstagjboss2_staging3.type=ajp13 worker.lnxstagjboss2_staging3.lbfactor=1 How the above names (with staging in them) match to the ones below (with partition in them)? worker.loadbalancer3.type=lb worker.loadbalancer3.sticky_session=1 worker.loadbalancer3.balance_workers=lnxstagjboss1_partition3,lnxstagjboss2_partition3 The two JBoss bind to the addresses 172.16.133.117 and 172.16.133.118, not localhost. When running Apache, the worker try to connect to localhost instead of the two hosts and obviously does not work. This is the relevant part of log: [Fri Apr 01 15:14:29 2011][6809:4864] [debug] ajp_validate::jk_ajp_common.c (1996): worker lnxstagjboss1_partition3 contact is 'localhost:8009' ... [Fri Apr 01 15:14:29 2011][6809:4864] [debug] ajp_validate::jk_ajp_common.c (1996): worker lnxstagjboss2_partition3 contact is 'localhost:8009' - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk / AJP and compression
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, On 4/1/2011 6:45 AM, John Baker wrote: In general, that's true. However, for high performance applications measuring results in milliseconds - ie noting that a request with compression takes 60ms and without takes 120ms - it's an issue. And it seems so easy to fix by putting compression into the Tomcat AJP connector. Given it's a quick fix, I was curious to why it hadn't been done before now? It's not just a quick-fix: AJP is a binary protocol and simply compressing it isn't fair to clients that wouldn't understand the compression. Regarding achieving compression, you have several options already. One thing to note is that if httpd and Tomcat are on the same machine, you are only wasting your time. With that out of the way, you have (at least) the following options: 1. Use stunnel/ssh/etc with compression enabled. This has the advantage of also encrypting communications which you might want to do if you have components sending sensitive information across the network. Making sure the connection is always up might be a challenge, though. 2. Use your favorite VPN. These usually allow both encryption (or not) and compression (or not) and are generally pretty good about keeping themselves up and running so your app doesn't fail when it can't communicate. 3. Use mod_proxy_http and forget all about AJP entirely. AFAIK, all the HTTP connectors support compression. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2V6F4ACgkQ9CaO5/Lv0PB+4wCfXZo0SXKtdUuB+3B9+LFGyhkG HSgAn20IDgQiRrdinTejDEQgSsnpKpxW =E+p5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: maxThreads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 4/1/2011 6:43 AM, Pid wrote: On 01/04/2011 06:58, Kaushal Shriyan wrote: Hi, What are the implications or issues if maxThreads are increased from the default 150 to 300 threads. Are there any performance issues ? Yes, may be at risk of improving performance. Hah. Seriously, to the OP: if your webapp under load is not really using the CPU or network much (that is, you're waiting on some other resource) and still taking a long time to service requests, then increasing the number of connections is likely to /slow your webapp down/ because you will be putting more strain on those already-taxed resources. On the other hand, if your webapp under load is using a lot of CPU time, then you will also experience a slowdown because you'll end up with more context switches to service all those requests PLUS you'll have more load on the CPU doing actual work. Finally, increasing the maxThreads will increase your memory requirements for two reasons: first, you'll need a stack for each thread to use (see your JVM's default or command-line switches for what that per-thread memory requirement is) PLUS you'll need the amount of memory that a typical request (or particularly memory-heavy request, if you want to be really safe) will use FOR EACH THREAD. The best thing to do is to load test your webapp and see what point your webapp stops responding in a reasonable amount of time (to be determined by your own requirements). If your response time is very fast and your server is using very little CPU, then you can increase the maxThreads until things start to become intolerable. Oh, and if you are using Tomcat behind some web server like Apache httpd, you might want to make sure that your value for maxThreads matches whatever configuration you have on the web server so that you can actually serve that many requests through to Tomcat. ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2V6rAACgkQ9CaO5/Lv0PCNYQCfUQ+KKMvNUbbsgI2jQ8DgfeoF 90EAoMKOwBIwrcsuv8LZsC5sRkXajcj/ =JaTv -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
url-pattern algorithm problem?
Hello, We are using Tomcat 7.0.11 with the following servlet-mapping servlet-mapping servlet-nameapp/servlet-name url-pattern*.htm/url-pattern url-pattern/en/*/url-pattern /servlet-mapping The problem we find if the incoming url is like http://example.com/en/yp/list/cat/10/1;, it will not matched to the 'app' servlet. Any ideas? Could it be a problem in tomcat matching algorithm? Regards, Cha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: url-pattern algorithm problem?
From: Cha [mailto:eric.cha.r...@gmail.com] Subject: url-pattern algorithm problem? url-pattern*.htm/url-pattern url-pattern/en/*/url-pattern The problem we find if the incoming url is like http://example.com/en/yp/list/cat/10/1;, it will not matched to the 'app' servlet. Likely correct behavior, since neither of your specified patterns match the incoming URL - if your webapp is deployed as en. The above pattern would only match the URL if your webapp is deployed as ROOT - but you didn't tell us. Could it be a problem in tomcat matching algorithm? Read the servlet spec; the url-pattern does *not* include the context (webapp) name. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Protecting against HTTP response splitting
2011/4/1 Christopher Schultz ch...@christopherschultz.net: I think I'm doing to standardize on simply scanning for troublesome characters like \r and \n and throwing a MalformedURLException or something like that. You'd better scan for allowed characters. The \r and \n are not the only ones where the things may go wrong. If anyone else has any good ideas or Warnings about what might be a naive sanitization check, I'd be glad to hear them. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: url-pattern algorithm problem?
My bad, the app is deployed as 'ROOT' and I did read the url-pattern section in the section before posting the question. Based on what I read, it should match to the 'app', but it is not in this case. Cha. On 04/01/2011 11:39 AM, Caldarale, Charles R wrote: From: Cha [mailto:eric.cha.r...@gmail.com] Subject: url-pattern algorithm problem? url-pattern*.htm/url-pattern url-pattern/en/*/url-pattern The problem we find if the incoming url is like http://example.com/en/yp/list/cat/10/1;, it will not matched to the 'app' servlet. Likely correct behavior, since neither of your specified patterns match the incoming URL - if your webapp is deployed as en. The above pattern would only match the URL if your webapp is deployed as ROOT - but you didn't tell us. Could it be a problem in tomcat matching algorithm? Read the servlet spec; theurl-pattern does *not* include the context (webapp) name. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: url-pattern algorithm problem?
2011/4/1 Cha eric.cha.r...@gmail.com: Hello, We are using Tomcat 7.0.11 with the following servlet-mapping servlet-mapping servlet-nameapp/servlet-name url-pattern*.htm/url-pattern url-pattern/en/*/url-pattern Missing ''. Do you have a Filter that catches such requests and rewrites the URL? If you do, then the request will never reach the servlet. /servlet-mapping The problem we find if the incoming url is like http://example.com/en/yp/list/cat/10/1;, it will not matched to the 'app' servlet. Any ideas? Could it be a problem in tomcat matching algorithm? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: password encryption
Do you have org.apache.tomcat.util.res.StringManager on your classpath? It's in tomcat-coyote.jar in my installation (6.0.18). Paul On Fri, Apr 1, 2011 at 10:47 AM, Henry Lu z...@umich.edu wrote: I tried the following command and failed as tomcat home directory: C:\apps\apache-tomcat-7.0.11java -cp lib/catalina.jar;bin/tomcat-juli.jar org.a pache.catalina.realm.RealmBase -a md5 henry Exception in thread main java.lang.NoClassDefFoundError: org/apache/tomcat/uti l/res/StringManager at org.apache.catalina.util.LifecycleBase.clinit(LifecycleBase.java:38 ) Caused by: java.lang.ClassNotFoundException: org.apache.tomcat.util.res.StringMa nager at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) ... 1 more Could not find the main class: org.apache.catalina.realm.RealmBase. Program wil l exit. Any Help? -Henry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Issue with isapi_redirect-1.2.31 on IIS7 on Win2008R2
Hi, we have a customer that is facing a situation since yesterday on two 2008R2 servers. The IIS did without warning refuse to load the isapi_redirect-1.2.31 dll. The error is always the same: Could not load all ISAPI filters for site 'the site name'. Therefore site startup aborted. The HTTP Filter DLL D:\PaperDynamix\IIS-Redirect\bin\isapi_redirect-1.2.28.dll failed to load. The data is the error. The error code in the data is 005 The system ran in this configuration for four month now without change on the IIS configuration. We replaced the redirector with the .31 version, but this was also not loaded. The eventlog only shows the issue above, everything else is fine. The tomcat servers behind the IIS are running fine no issue there. The version of the DLL is definitely x64, we think there has been a global policy change on the Windows domain, but this is neglected, customer says, that policies have not been changed for some weeks. On the server, McAFFEE is installed, but it does not report anything, nor does it deny loading any file (not reported at least). We cannot see any traces of any crash. Does anyone know of a Servicepack / Bugfix installed on the Domain Controller that may propagate this change to domain members? On the server, UAC is active, but there is no login failure in the audit event log, so no trace of an issue there. Is anyone aware of such an issue or can anyone point me to something? What happened yesterday at around 02:00 PM? Mit freundlichen Grüßen Thomas Strauß Geschäftsführer Entwicklung SRS PaperDynamix® DIGITAL SCHON AUF DEM PAPIER SRS-Management GmbH Berliner Ring 93 64625 Bensheim T +49 6251 85 424 - 20 F +49 6251 85 424 - 14 M +49 174 2110912 http://www.srs-management.de www.srs-management.de http://www.srs-paperdynamix.de www.srs-paperdynamix.de HRB 25262 AG Darmstadt Geschäftsführer: Detlev Homilius, Thomas Strauß smime.p7s Description: S/MIME cryptographic signature
Re: url-pattern algorithm problem?
'' is a copypaste error sorry. Yes, I do have filters but there is not url rewrite at all. Turning on the debug on tomcat, it is return 404. If I changing the pattern to /en/yp/* for that incoming url, it will work but it doesn't conform to what the spec said though. Regards, Cha. On 04/01/2011 12:05 PM, Konstantin Kolinko wrote: 2011/4/1 Chaeric.cha.r...@gmail.com: Hello, We are using Tomcat 7.0.11 with the following servlet-mapping servlet-mapping servlet-nameapp/servlet-name url-pattern*.htm/url-pattern url-pattern/en/*/url-pattern Missing ''. Do you have a Filter that catches such requests and rewrites the URL? If you do, then the request will never reach the servlet. /servlet-mapping The problem we find if the incoming url is like http://example.com/en/yp/list/cat/10/1;, it will not matched to the 'app' servlet. Any ideas? Could it be a problem in tomcat matching algorithm? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: password encryption
In Tomcat 7 you will need lib/tomcat-util.jar. The following works: java -cp bin/tomcat-juli.jar;lib/catalina.jar;lib/tomcat-util.jar org.apache.catalina.realm.RealmBase -a md5 foo I updated the docs: http://svn.apache.org/viewvc?rev=1087791view=rev Best regards, Konstantin Kolinko 2011/4/1 Paul Gifford pggiff...@gmail.com: Do you have org.apache.tomcat.util.res.StringManager on your classpath? It's in tomcat-coyote.jar in my installation (6.0.18). Paul On Fri, Apr 1, 2011 at 10:47 AM, Henry Lu z...@umich.edu wrote: I tried the following command and failed as tomcat home directory: C:\apps\apache-tomcat-7.0.11java -cp lib/catalina.jar;bin/tomcat-juli.jar org.a pache.catalina.realm.RealmBase -a md5 henry Exception in thread main java.lang.NoClassDefFoundError: org/apache/tomcat/uti l/res/StringManager at org.apache.catalina.util.LifecycleBase.clinit(LifecycleBase.java:38 ) Caused by: java.lang.ClassNotFoundException: org.apache.tomcat.util.res.StringMa nager at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) ... 1 more Could not find the main class: org.apache.catalina.realm.RealmBase. Program wil l exit. Any Help? -Henry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat with apr and openssl gives ssl_error_rx_record_too_long
Hi all,
We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java=
=3D keystore).
We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) instal=
=3D led.
tomcat-native-1.1-20-src downloaded, and built correctly (Loaded APR based=
=3D Apache Tomcat Native library 1.1.20 message in catalina.out, no error=
mes=3D sages).
We used the free portecle application to export private key and certifica=
=3D te from the java keystore.
Relevant server.xml parts are:
Listener className=3D3Dorg.apache.catalina.core.AprLifecycleListener=
S=3D SLEngine=3D3Don /
Connector
protocol=3D3Dorg.apache.coyote.http11.Http11AprProtocol
URIEncoding=3D3DUTF-8
acceptCount=3D3D100
algorithm=3D3D${jazz.connector.algorithm}
clientAuth=3D3Dfalse
connectionTimeout=3D3D2
disableUploadTimeout=3D3Dtrue
enableLookups=3D3Dfalse
SSLCertificateFile=3D3D/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer
SSLCertificateKeyFile=3D3D/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem=
SSLPassword=3D3D
maxHttpHeaderSize=3D3D8192
maxSpareThreads=3D3D75
maxThreads=3D3D150
minSpareThreads=3D3D25
port=3D3D9443
scheme=3D3Dhttps
secure=3D3Dtrue
SSLEnabled=3D3Dtrue
SSLProtocol=3D3D${jazz.connector.sslProtocol}/
We tried to omit and change ${jazz.connector.*} parameters without effect s=
=3D o we think it's not relevant.
(Rational Team Concert is running on this server, hopefully unrelevant.) Af=
ter all, when connecting to the server we've got the mentioned error:
An error occurred during a connection to https://some-machine:9443.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
No error messages in log.
Any instructions, comments, hints appreciated.
Best regards,
Lengyel Tamas
Quattrosoft Kft.
e-mail: leng...@quattrosoft.humailto:leng...@quattrosoft.hu
Re: password encryption
On 01/04/2011 15:47, Henry Lu wrote: I tried the following command and failed as tomcat home directory: Please don't hijack threads. p signature.asc Description: OpenPGP digital signature
RE: tomcat with apr and openssl gives ssl_error_rx_record_too_long
Sorry, too much copy/pastes made my mail unreadable. Again:
Hi all,
We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java
keystore).
We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24) installed.
tomcat-native-1.1-20-src downloaded, and built correctly (Loaded APR based
Apache Tomcat Native library 1.1.20 message in catalina.out, no error
messages).
We used the free portecle application to export private key and certificate
from the java keystore.
Relevant server.xml parts are:
Listener className=org.apache.catalina.core.AprLifecycleListener
SSLEngine=on /
Connector
protocol=org.apache.coyote.http11.Http11AprProtocol
URIEncoding=UTF-8
acceptCount=100
algorithm=${jazz.connector.algorithm}
clientAuth=false
connectionTimeout=2
disableUploadTimeout=true
enableLookups=false
SSLCertificateFile=/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer
SSLCertificateKeyFile=/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem
SSLPassword=
maxHttpHeaderSize=8192
maxSpareThreads=75
maxThreads=150
minSpareThreads=25
port=9443
scheme=https
secure=true
SSLEnabled=true
SSLProtocol=${jazz.connector.sslProtocol}/
We tried to omit and change ${jazz.connector.*} parameters without effect so we
think it's not relevant.
(Rational Team Concert is running on this server, hopefully unrelevant.) After
all, when connecting to the server we've got the mentioned error:
An error occurred during a connection to https://some-machine:9443.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
No error messages in log.
Any instructions, comments, hints appreciated.
Best regards,
Lengyel Tamas
e-mail: leng...@quattrosoft.humailto:leng...@quattrosoft.hu
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
different urls to open up same tomcat instance
Hello, I'm a beginner to apache tomcat, but I've been tasked with solving a problem with our tomcat servers. Our tomcat instance is started up with one URL: https://www.xxx.com/server/servlet/Controller?Command=ShowDashboardhttps://sm2.bonfiremedia.com/ebayserver/servlet/Controller?Command=ShowDashboardtab=12 which brings up our dashboard with our server's performance. A second URL was created to bring up the same dashboard. https://www.xxx.com/s/s/Controller?Command=ShowDashboardhttps://sm2.bonfiremedia.com/ebayserver/servlet/Controller?Command=ShowDashboardtab=12 but unfortunately, each url starts up a different instance of the server with different stats. Is there anyway to make both URLs point to the same instance? Thanks
Re: url-pattern algorithm problem?
2011/4/1 Cha eric.cha.r...@gmail.com: '' is a copypaste error sorry. Yes, I do have filters but there is not url rewrite at all. Turning on the debug on tomcat, it is return 404. If I changing the pattern to /en/yp/* for that incoming url, it will work but it doesn't conform to what the spec said though. So, such patterns do work, but that specific one does not. I guess it will be something trivial, like mapping two different servlets to the same URL pattern. If you want to debug it, look at http://wiki.apache.org/tomcat/FAQ/Developing#Debugging and place breakpoints in the org.apache.tomcat.util.http.mapper.Mapper class. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: what exactly does it mean to run multiple tomcat instances?
On Thu, 31 Mar 2011, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, On 3/31/2011 9:07 AM, Robert P. J. Day wrote: i'd eventually deduced most of that. i think it would be useful if that were explained more forcefully in the RUNNING.txt file since it's not immediately obvious. - From RUNNING.txt: When you use $CATALINA_BASE, Tomcat will calculate all relative references for files in the following directories based on the value of $CATALINA_BASE instead of $CATALINA_HOME: * bin - Only setenv.sh (*nix), setenv.bat (windows) and tomcat-juli.jar * conf - Server configuration files (including server.xml) So... it specifically tells you that it will use your own conf/server.xml file. Would you like an additional reinforcing statement? why, yes, thanks for asking so politely. :-) because if you read further down in that RUNNING.txt file, you see: Troubleshooting There are only really 3 things likely to go wrong during the stand-alone Tomcat install: (1) The most common hiccup is when another web server (or any process for that matter) has laid claim to port 8080. This is the default HTTP port that Tomcat attempts to bind to at startup. To change this, open the file: $CATALINA_HOME/conf/server.xml and search for '8080'. Change it to a port that isn't in use, and is greater than 1024, as ports less than or equal to 1024 require superuser access to bind under UNIX. Restart Tomcat and you're in business. Be sure that you replace the 8080 in the URL you're using to access Tomcat. For example, if you change the port to 1977, you would request the URL http://localhost:1977/ in your browser. now correct me if i'm wrong, but since we just established that you need to reassign more than just the main (8080) server port, to then subsequently claim that all you need to do to avoid a conflict is to reassign the main (8080) server port would be incorrect, would it not? rday -- Robert P. J. Day Waterloo, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat with apr and openssl gives ssl_error_rx_record_too_long
2011/4/1 Lengyel Tamás leng...@quattrosoft.hu:
Sorry, too much copy/pastes made my mail unreadable. Again:
Hi all,
We use tomcat 5.5.30 on ubuntu linux, ssl configured and working (with java
keystore).
We tried to install APR. libapr1-dev, libssl-dev, java (jdk1.6.0_24)
installed.
tomcat-native-1.1-20-src downloaded, and built correctly (Loaded APR based
Apache Tomcat Native library 1.1.20 message in catalina.out, no error
messages).
We used the free portecle application to export private key and certificate
from the java keystore.
Relevant server.xml parts are:
Listener className=org.apache.catalina.core.AprLifecycleListener
SSLEngine=on /
Connector
protocol=org.apache.coyote.http11.Http11AprProtocol
URIEncoding=UTF-8
acceptCount=100
algorithm=${jazz.connector.algorithm}
clientAuth=false
connectionTimeout=2
disableUploadTimeout=true
enableLookups=false
SSLCertificateFile=/opt/IBM/JazzTeamServer/server/tomcat/rtc.cer
SSLCertificateKeyFile=/opt/IBM/JazzTeamServer/server/tomcat/rtcpk.pem
SSLPassword=
maxHttpHeaderSize=8192
maxSpareThreads=75
maxThreads=150
minSpareThreads=25
port=9443
scheme=https
secure=true
SSLEnabled=true
Missing second after the value above.
SSLProtocol=${jazz.connector.sslProtocol}/
We tried to omit and change ${jazz.connector.*} parameters without effect so
we think it's not relevant.
What values they expand to?
(Rational Team Concert is running on this server, hopefully unrelevant.)
After all, when connecting to the server we've got the mentioned error:
An error occurred during a connection to https://some-machine:9443.
SSL received a record that exceeded the maximum permissible length.
(Error code: ssl_error_rx_record_too_long)
No error messages in log.
And any INFO messages when the connector/protocol starts?
I do not see SSLEngine=on in your Connector and apr.html page of
the docs says that its default value is off.
What happens if you connect with the HTTP protocol,
http://some-machine:9443
Any instructions, comments, hints appreciated.
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
How to configure custom MBeans
Hi,
I'm trying to configure custom MBeans by creating an
MBeanInterface+Impl and putting the jar into tomcat's lib-dir.
I manged to create the mbean using jmx-direclty like the following
(exected from within a LifecycleListener):
MBeanServer server = getServer();
ObjectName name = null;
try {
name = new ObjectName(test:Name=test);
server.registerMBean(this, name);
} catch (Exception e) {
e.printStackTrace();
}
however I'd like to use the modeler-way (mbeans-descriptor.xml),
because I want to see mbean-descriptions (for operations, paramters
etc.) when using jconsole.
I can't get this to work - the documentation doesn't help a lot here...
BTW. I'm using tomcat6.
tia,
dani
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: different urls to open up same tomcat instance
From: peter sze [mailto:szep...@gmail.com] Subject: different urls to open up same tomcat instance Our tomcat instance is started up with one URL: which brings up our dashboard with our server's performance. A second URL was created to bring up the same dashboard. but unfortunately, each url starts up a different instance of the server with different stats. Is there anyway to make both URLs point to the same instance? Your terminology may be a bit off here; are you actually starting Tomcat with the above URLs, or just accessing a webapp that runs within Tomcat? There can be many webapps deployed within a single instance of Tomcat. It's also not at all clear what you mean by server. Regardless, the dashboard of which you speak is not part of Tomcat, so it's unlikely anyone here can readily answer your question. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: url-pattern algorithm problem?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cha, On 4/1/2011 12:20 PM, Cha wrote: If I changing the pattern to /en/yp/* for that incoming url, it will work but it doesn't conform to what the spec said though. Sounds like you have another conflicting url-pattern somewhere in web.xml. Care to post the rest of your url-patterns? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2WGQQACgkQ9CaO5/Lv0PD0vQCgla4EpCpakMOlA9Lc+2koaVoz XzAAniImcyk+/4ImQ7cmfTnx5P/HQHZb =bkJE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: mod_jk / AJP and compression
If you want compression here, then just do it in a servlet filter based on Accept-Encoding thus resulting in compression in Tomcat and the stream remaining compressed all the way to the client. From: Mark Thomas [mailto:ma...@apache.org] Sent: Fri 4/1/2011 5:20 AM To: Tomcat Users List Subject: Re: mod_jk / AJP and compression On 01/04/2011 11:15, John Baker wrote: Hello, The Tomcat AJP Connector does not support compression. Why has this been ommitted? Because the link between Tomcat and reverse proxy will nearly always have significantly more capacity than the link between the client and the reverse proxy. Adding compression gains very little but adds delay and increases CPU usage. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: different urls to open up same tomcat instance
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter, On 4/1/2011 1:02 PM, peter sze wrote: I'm a beginner to apache tomcat, but I've been tasked with solving a problem with our tomcat servers. Our tomcat instance is started up with one URL: https://www.xxx.com/server/servlet/Controller?Command=ShowDashboardhttps://sm2.bonfiremedia.com/ebayserver/servlet/Controller?Command=ShowDashboardtab=12 which brings up our dashboard with our server's performance. A second URL was created to bring up the same dashboard. https://www.xxx.com/s/s/Controller?Command=ShowDashboardhttps://sm2.bonfiremedia.com/ebayserver/servlet/Controller?Command=ShowDashboardtab=12 but unfortunately, each url starts up a different instance of the server with different stats. Is there anyway to make both URLs point to the same instance? As Chuck says, you are saying starts up when you really mean accesses. How are you deploying your webapps? If you have more than one WAR file in the webapps/ directory, then you are deploying two separate webapps. If you have more than one .xml file in conf/Catalina/localhost/ then you are deploying two separate webapps. If you just want two URLs to point to the same servlet, it's a simple matter of using the proper url-pattern in a servlet-mapping element in WEB-INF/web.xml to do that. If you are using .../servlet/Controller, I suspect you are using the invoker servlet which is a really, really bad idea. Tell us more about your configuration/setup and we can help you get what you want. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2WLREACgkQ9CaO5/Lv0PB3iQCbBAjDd5Z/dgbqElfzKqldrjcL +0cAnRp+UQbyI3/xtPw4YT6TkdbHdNrV =y0PX -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: what exactly does it mean to run multiple tomcat instances?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, On 4/1/2011 1:13 PM, Robert P. J. Day wrote: On Thu, 31 Mar 2011, Christopher Schultz wrote: So... it specifically tells you that it will use your own conf/server.xml file. Would you like an additional reinforcing statement? Why, yes, thanks for asking so politely. :-) because if you read further down in that RUNNING.txt file, you see: [snip] now correct me if i'm wrong, but since we just established that you need to reassign more than just the main (8080) server port, to then subsequently claim that all you need to do to avoid a conflict is to reassign the main (8080) server port would be incorrect, would it not? That's just the most common problem: since servers /other/ than Tomcat often bind to port 8080, Tomcat may interfere with some other non-Tomcat process. You're point is valid, though: there are many potentially conflicting port numbers in server.xml. Patches, even for documentation, are always welcome... - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2WLdwACgkQ9CaO5/Lv0PA+DQCgmpu8ErvC1PU6xw/71yDbPN3E XJgAn1eDSlYEBFSRtvWeXngEkJ8NGRd6 =us+1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Protecting against HTTP response splitting
On 1 April 2011 15:49, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 3/31/2011 8:21 PM, Christopher Schultz wrote: On 3/31/2011 7:05 AM, Ronald Klop wrote: I would say that some proper input validation solves your problem. Does new URL(redirectURL).toString() give an exception on invalid url's? new URL(String) will throw a MalformedURLException if there are illegal characters in the URL. I suppose that's good enough for my purposes: the only returnURLs that should be generated should be coming from our own application, and if they are broken, it's a bug. If a MalformedURLException is thrown, it should be due to some sort of malicious use and the user is better off getting a nasty error than just about anything else. Apparently, it's more complicated than that... at least when it comes to my particular application... we want to keep the URLs as short as possible, they they are not fully-qualified in most cases. Instead, they are webapp-relative and blindly passing them into the java.net.URL constructor fails even for real URLs because they have no protocol. I may be missing something here, but can't you use the ctor: URL(URL context, String spec) and pass in a dummy context with a suitable protocol? Now, I could add code to fully-qualify them, but then I'd be doing work I'm already asking the container to do for me (since HttpServletResponse.sendRedirect is required to fully-qualify the URL anyway) and I'd prefer to rely on the container for that task -- it's likely to do a better job, anyway :) I think I'm doing to standardize on simply scanning for troublesome characters like \r and \n and throwing a MalformedURLException or something like that. If anyone else has any good ideas or Warnings about what might be a naive sanitization check, I'd be glad to hear them. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2V5gsACgkQ9CaO5/Lv0PBgfwCeOrioFeSvp8iUJ51a9qJqAny3 8QkAn0c12aRinn7eoGUoAgA2uYydVQA/ =bwLF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: what exactly does it mean to run multiple tomcat instances?
On Fri, 1 Apr 2011, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, On 4/1/2011 1:13 PM, Robert P. J. Day wrote: On Thu, 31 Mar 2011, Christopher Schultz wrote: So... it specifically tells you that it will use your own conf/server.xml file. Would you like an additional reinforcing statement? Why, yes, thanks for asking so politely. :-) because if you read further down in that RUNNING.txt file, you see: [snip] now correct me if i'm wrong, but since we just established that you need to reassign more than just the main (8080) server port, to then subsequently claim that all you need to do to avoid a conflict is to reassign the main (8080) server port would be incorrect, would it not? That's just the most common problem: since servers /other/ than Tomcat often bind to port 8080, Tomcat may interfere with some other non-Tomcat process. You're point is valid, though: there are many potentially conflicting port numbers in server.xml. Patches, even for documentation, are always welcome... as i'm still working my way thru the docs, i don't think i'm ready to start submitting patches just yet. give me a few days ... rday -- Robert P. J. Day Waterloo, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
