Re: Memory Leak

2016-06-28 Thread Felix Schumacher 


Am 29. Juni 2016 02:26:57 MESZ, schrieb Leo Donahue :
>On Jun 28, 2016 4:57 PM, "Roman Gelfand"  wrote:
>>
>> I am running a middleware application in .. tomcat...
>
>Ok.  This is something you wrote and deployed or it is a third party
>war
>file?
>
>>
>> catalina.out.prob:SEVERE: The web application [] appears to have
>started a
>> thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645',
>> description='null'}-devnymongodb01.meridiancapital.com:27017] but has
>> failed to stop it. This is very likely to create a memory leak.
>>
>
>Basically that says either you intentionally created a thread local
>variable that you did not close, or the third party war file did.

To be pedantic, the warning is about a thread not being closed.

Regards, 
Felix 

>
>If not you then ask your vendor to fix their app.
>
>>
>> --
>> Thanks,
>> R. Gelfand


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Runtime Cloning of DataSource for Different DB?

2016-06-28 Thread Terence M. Bandoian 

On 6/28/2016 3:56 AM, Mark Thomas wrote:

On 27/06/2016 22:35, Jerry Malcolm wrote:

Mark,

On 6/27/2016 1:07 PM, Mark Thomas wrote:

On 27/06/2016 17:44, Jerry Malcolm wrote:


I'm assuming that context.lookup(...) simply locates the "jdbc/myDB"
 tag in the context.xml file, pulls all of the parms out of
that tag, creates a DataSource object utilizing the parms, and returns
it.If that's the case, couldn't I create a variation/subclass of the
Context object that modifies the url parm that it found in the resource
tag and puts the desired db name into the url before constructing the
DataSource?

Sure.

You need to implement the appropriate factory and then specify your
factory class explicitly in the Resource element using the factory
attribute.

You probably want to start here for ideas on how to code up your factory:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/naming/factory/

or for a more specific example:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java?view=annotate



Mark


Thanks so much.  This looks doable.  Just to make sure I have the big
picture correct

1) I will define a new custom resource that returns a custom context
object that I write.
2) On the  tag for my custom context resource I can put all of
the standard DataSource parms
3) I then call lookup() on this custom context passing the dbName in
4) This custom context will build an appropriate Reference object with
all the parms, instantiate a BasicDataSourceFactory, and call
getInstance(.) on the factory.

When I need an instance of the datasource:
  Context initContext = new InitialContext();
  Context envContext  =
(Context)initContext.lookup("java:/comp/env");
  MyDataSourceContext dsContext = (MyDataSourceContext)
envContext.lookup( "dsContext/myDSContext" );
  DataSource myDS = (DataSource) dsContext.getInstance( "dbName" );

Am I getting close?

Yes, but I don't think you want to use custom NamingContexts. I think
there is a simpler way.

1. Write a custom DataSource factory that provides a getDataSource(...)
method that allows you to pass in whatever per instance config you need.
This DataSource factory will need to use bean style setters (like the
example I linked to) to pick up the other config from the 

2. Write a custom resource factory that returns an instance of your
DataSource factory.

3. Add a context Resource element for your DataSource factory,
remembering to use the factory element and specify the custom resource
factory from 2.

HTH,

Mark



If external configuration were not required, would there be a problem 
instantiating a DataSource directly and setting any required properties 
programmatically?  Would any functionality be lost?


Also, if there were base properties set in a  element, would 
there be a problem using a copy of the properties from that data source, 
modified as necessary, to instantiate a new DataSource?


-Terence Bandoian


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Memory Leak

2016-06-28 Thread Roman Gelfand 
It is third party REST server named espresso.  After looking further into
memory leaks message, I realized this is a thread that writes to mongodb.
I had also found couple of posts relating to leaks mongodb jdbc drivers.
On Jun 28, 2016 8:27 PM, "Leo Donahue"  wrote:

> On Jun 28, 2016 4:57 PM, "Roman Gelfand"  wrote:
> >
> > I am running a middleware application in .. tomcat...
>
> Ok.  This is something you wrote and deployed or it is a third party war
> file?
>
> >
> > catalina.out.prob:SEVERE: The web application [] appears to have started
> a
> > thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645',
> > description='null'}-devnymongodb01.meridiancapital.com:27017] but has
> > failed to stop it. This is very likely to create a memory leak.
> >
>
> Basically that says either you intentionally created a thread local
> variable that you did not close, or the third party war file did.
>
> If not you then ask your vendor to fix their app.
>
> >
> > --
> > Thanks,
> > R. Gelfand
>

Re: Memory Leak

2016-06-28 Thread Leo Donahue 
On Jun 28, 2016 4:57 PM, "Roman Gelfand"  wrote:
>
> I am running a middleware application in .. tomcat...

Ok.  This is something you wrote and deployed or it is a third party war
file?

>
> catalina.out.prob:SEVERE: The web application [] appears to have started a
> thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645',
> description='null'}-devnymongodb01.meridiancapital.com:27017] but has
> failed to stop it. This is very likely to create a memory leak.
>

Basically that says either you intentionally created a thread local
variable that you did not close, or the third party war file did.

If not you then ask your vendor to fix their app.

>
> --
> Thanks,
> R. Gelfand

Re: Memory Leak

2016-06-28 Thread David Kerber 

On 6/28/2016 5:57 PM, Roman Gelfand wrote:

I am running a middleware application in the tomcat environment described,
below.  After rebooting the server, the memory consumption is couple of
gigs.  Couple of weeks later, I get a message, I am out of memory.
Moreover, I need to bounce the whole server to start fresh.

Here, the log.  I am quite sure how to go about troubleshooting it.  Any
help is greatly appreciated.


The application has a memory leak.  You need to get it fixed.





catalina.out.prob:SEVERE: The web application [] appears to have started a
thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645',
description='null'}-devnymongodb01.meridiancapital.com:27017] but has
failed to stop it. This is very likely to create a memory leak.


catalina.out.prob:SEVERE: Servlet.service() for servlet [API REST Handler]
in context with path [] threw exception [java.lang.OutOfMemoryError: unable
to create new native thread] with root cause
catalina.out.prob:java.lang.OutOfMemoryError: unable to create new native
thread





Here is my tomcat environment...

Server version: Apache Tomcat/7.0.69
Server built:   Apr 11 2016 07:57:09 UTC
Server number:  7.0.69.0
OS Name:Linux
OS Version: 2.6.32-573.12.1.el6.x86_64
Architecture:   amd64
JVM Version:1.8.0_91-b14
JVM Vendor: Oracle Corporation


uname -a

Linux  2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 21:19:08 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux


Mem info

MemTotal:8061448 kB
MemFree: 5399052 kB
Buffers:  150360 kB
Cached:   388604 kB
SwapCached:0 kB
Active:  2290720 kB
Inactive: 197764 kB
Active(anon):1949532 kB
Inactive(anon):  160 kB
Active(file): 341188 kB
Inactive(file):   197604 kB
Unevictable:   0 kB
Mlocked:   0 kB
SwapTotal:   4128764 kB
SwapFree:4128764 kB
Dirty:40 kB
Writeback: 0 kB
AnonPages:   1949572 kB
Mapped:35900 kB
Shmem:   176 kB
Slab:  87844 kB
SReclaimable:  27304 kB
SUnreclaim:60540 kB
KernelStack:5504 kB
PageTables: 9032 kB
NFS_Unstable:  0 kB
Bounce:0 kB
WritebackTmp:  0 kB
CommitLimit: 8159488 kB
Committed_AS:3091324 kB
VmallocTotal:   34359738367 kB
VmallocUsed:  158244 kB
VmallocChunk:   34359576456 kB
HardwareCorrupted: 0 kB
AnonHugePages:   1767424 kB
HugePages_Total:   0
HugePages_Free:0
HugePages_Rsvd:0
HugePages_Surp:0
Hugepagesize:   2048 kB
DirectMap4k:   10240 kB
DirectMap2M: 8378368 kB


CPU info

processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 44
model name  : Intel(R) Xeon(R) CPU   E5649  @ 2.53GHz
stepping: 2
microcode   : 29
cpu MHz : 2533.423
cache size  : 12288 KB
physical id : 0
siblings: 2
core id : 0
cpu cores   : 2
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 11
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm
constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc
aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt
aes hypervisor lahf_lm ida arat epb dts
bogomips: 5066.84
clflush size: 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

processor   : 1
vendor_id   : GenuineIntel
cpu family  : 6
model   : 44
model name  : Intel(R) Xeon(R) CPU   E5649  @ 2.53GHz
stepping: 2
microcode   : 29
cpu MHz : 2533.423
cache size  : 12288 KB
physical id : 0
siblings: 2
core id : 1
cpu cores   : 2
apicid  : 1
initial apicid  : 1
fpu : yes
fpu_exception   : yes
cpuid level : 11
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm
constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc
aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt
aes hypervisor lahf_lm ida arat epb dts
bogomips: 5066.84
clflush size: 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Memory Leak

2016-06-28 Thread Roman Gelfand 
I am running a middleware application in the tomcat environment described,
below.  After rebooting the server, the memory consumption is couple of
gigs.  Couple of weeks later, I get a message, I am out of memory.
Moreover, I need to bounce the whole server to start fresh.

Here, the log.  I am quite sure how to go about troubleshooting it.  Any
help is greatly appreciated.


catalina.out.prob:SEVERE: The web application [] appears to have started a
thread named [cluster-ClusterId{value='5745ebcecdb2e06579174645',
description='null'}-devnymongodb01.meridiancapital.com:27017] but has
failed to stop it. This is very likely to create a memory leak.


catalina.out.prob:SEVERE: Servlet.service() for servlet [API REST Handler]
in context with path [] threw exception [java.lang.OutOfMemoryError: unable
to create new native thread] with root cause
catalina.out.prob:java.lang.OutOfMemoryError: unable to create new native
thread





Here is my tomcat environment...

Server version: Apache Tomcat/7.0.69
Server built:   Apr 11 2016 07:57:09 UTC
Server number:  7.0.69.0
OS Name:Linux
OS Version: 2.6.32-573.12.1.el6.x86_64
Architecture:   amd64
JVM Version:1.8.0_91-b14
JVM Vendor: Oracle Corporation


uname -a

Linux  2.6.32-573.12.1.el6.x86_64 #1 SMP Tue Dec 15 21:19:08 UTC 2015
x86_64 x86_64 x86_64 GNU/Linux


Mem info

MemTotal:8061448 kB
MemFree: 5399052 kB
Buffers:  150360 kB
Cached:   388604 kB
SwapCached:0 kB
Active:  2290720 kB
Inactive: 197764 kB
Active(anon):1949532 kB
Inactive(anon):  160 kB
Active(file): 341188 kB
Inactive(file):   197604 kB
Unevictable:   0 kB
Mlocked:   0 kB
SwapTotal:   4128764 kB
SwapFree:4128764 kB
Dirty:40 kB
Writeback: 0 kB
AnonPages:   1949572 kB
Mapped:35900 kB
Shmem:   176 kB
Slab:  87844 kB
SReclaimable:  27304 kB
SUnreclaim:60540 kB
KernelStack:5504 kB
PageTables: 9032 kB
NFS_Unstable:  0 kB
Bounce:0 kB
WritebackTmp:  0 kB
CommitLimit: 8159488 kB
Committed_AS:3091324 kB
VmallocTotal:   34359738367 kB
VmallocUsed:  158244 kB
VmallocChunk:   34359576456 kB
HardwareCorrupted: 0 kB
AnonHugePages:   1767424 kB
HugePages_Total:   0
HugePages_Free:0
HugePages_Rsvd:0
HugePages_Surp:0
Hugepagesize:   2048 kB
DirectMap4k:   10240 kB
DirectMap2M: 8378368 kB


CPU info

processor   : 0
vendor_id   : GenuineIntel
cpu family  : 6
model   : 44
model name  : Intel(R) Xeon(R) CPU   E5649  @ 2.53GHz
stepping: 2
microcode   : 29
cpu MHz : 2533.423
cache size  : 12288 KB
physical id : 0
siblings: 2
core id : 0
cpu cores   : 2
apicid  : 0
initial apicid  : 0
fpu : yes
fpu_exception   : yes
cpuid level : 11
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm
constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc
aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt
aes hypervisor lahf_lm ida arat epb dts
bogomips: 5066.84
clflush size: 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

processor   : 1
vendor_id   : GenuineIntel
cpu family  : 6
model   : 44
model name  : Intel(R) Xeon(R) CPU   E5649  @ 2.53GHz
stepping: 2
microcode   : 29
cpu MHz : 2533.423
cache size  : 12288 KB
physical id : 0
siblings: 2
core id : 1
cpu cores   : 2
apicid  : 1
initial apicid  : 1
fpu : yes
fpu_exception   : yes
cpuid level : 11
wp  : yes
flags   : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts mmx fxsr sse sse2 ss ht syscall nx rdtscp lm
constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc
aperfmperf unfair_spinlock pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt
aes hypervisor lahf_lm ida arat epb dts
bogomips: 5066.84
clflush size: 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:


-- 
Thanks,
R. Gelfand

Re: Need help setting up SSL on Tomcat 8

2016-06-28 Thread Daniel Savard 
2016-06-28 16:24 GMT-04:00 Sean Son :


>
> as for the output to the keytool command:
>
> Isnt the output to that command, confidential information?
>
>
No, there isn't anything confidential from the output of a simple -list. It
doesn't display the private key or anything like that. It will  just show
the list of certificates in your keystore.

The first entry in the keystore will be the one sent back by the Tomcat
server since you didn't specify any alias. So, I assume this is the
intended behavior.

Since you do not specify any trust store, the default trust store shipped
with your version of Java will be used. If the clients trying to connect
are not having certificats signed by one of these, it will fails. It may
not be a problem in your case since you do not provide any details on the
clients' certificates.

Regards,
-
Daniel Savard

Re: [OT] External XML Entities with relative pathnames

2016-06-28 Thread Konstantin Kolinko 
2016-06-28 18:53 GMT+03:00 Christopher Schultz :

> I'm trying to build an XML file that includes several smaller XML
> files using XXE, like this:
>
> bar.xml:
>
> 
>  
> ]>
> 
>   
> 
>
> The files "foo.xml" and "bar.xml" are in the same directory.
>
> This works great when the CWD of the process is the same as foo.xml
> and bar.xml, but when I try to say "hey program, parse
> /a/b/c/bar.xml", I get FileNotFoundException for CWD/foo.xml.
>
> We often recommend that people use XXE for "password-less" server.xml
> files. Is everyone using absolute filenames for that? Or is there some
> kind of option that I need to set on Xerces (being used internally by
> the JVM -- the com.sun.org.apache.xerces flavor) or Digester (I'm
> using commons-digester to read the XML) to enable relative entities?
>
> I've been searching the web for references to things like this, and it
> appears that various versions of Xerces (including the C version) had
> a bug where relative paths weren't working properly (the XML spec says
> that relative paths such as the above should be relative to the
> document that defined them -- that is: foo.xml should be expected in
> the same location as bar.xml in my example above). Do I just have a
> buggy version of Xerces?
>


1. I routinely use that "passwords" recipe to externalize resources
from server.xml.  It is the same example as in our FAQ (no path at all
-> resolved relatively to server.xml).

Also Tomcat has examples in its documentation:

Every document (e.g. changelog.xml, config/index.xml) references
project.xml located in the same directory as the document, with
different project.xml in each directory.

security-manager-howto.xml also references catalina.policy

Note that Apache Ant is usually run from the root of source tree.


2. Note that to be able to resolve relative URLs, XML parser must know
the correct URL of the file that it processes.

Sample code:

o.a.catalina.ant.ValidatorTask

InputSource is = new
InputSource(file.toURI().toURL().toExternalForm());
is.setByteStream(stream);

o.a.catalina.startup.Catalina:

InputSource is =
new InputSource(file.toURI().toURL().toString());
is.setByteStream(fis);

instead of just calling new InputSource(stream).

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need help setting up SSL on Tomcat 8

2016-06-28 Thread Sean Son 
Here is the complete  configuration

 








as for the output to the keytool command:

Isnt the output to that command, confidential information?

Thanks

On Tue, Jun 28, 2016 at 4:06 PM, Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Sean,
>
> On 6/28/16 2:31 PM, Sean Son wrote:
> > Hey Philip
> >
> > So i was able to get the page to connect with SSL but I noticed
> > that when I clicked on the little icon that looks like a lock next
> > to https:// in the address bar, I saw this certificate error:
> > Certificate Error There are issues with the site's certificate
> > chain (net::ERR_CERT_COMMON_NAME_INVALID).
>
> This usually means that the URL you are using contains a hostname that
> doesn't match the TLS certificate's "common name".
>
> > Does that mean that SSL has been implemented incorrectly?
> >
> > Also I am trying to get an incoming connection through port 80 to
> > tomcat, to automatically redirect to port 8443 (or 443 which ever
> > you think is easiest to implement)  without having to use a reverse
> > proxy in front of it.  In my server.xml I have the following:
> >
> >  > connectionTimeout="2" redirectPort="8443" />   Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBCAAGBQJXcti2AAoJEBzwKT+lPKRYYNAP/jimgUxO8gp1W0rOEhqeTszc
> yKjAhGQ6yjBE14mvDK+x2zO7+zw01fzqm3IbsyUeEHdSjo0YPQQl0/h15tnhatgA
> WuMYz78HyXVtB02FPc/gg82LXwI5GowpKRgd3phQ6f1UKOxpcIPZdOG2MvsbLgFG
> m8UX1qxhq34xkQBCkLv+sWd6sgAdGX3P6x/+qxCav3gr+8os5KHFofms6BUReIro
> hTRQ6XXIbB3VvOGC6uK/IXLcKtvf1v7Bv5NUsL4mWd9AFkwLl+VlSjdK055ubftp
> 6CKj5RUmJkJ06Y0Hy1dK4v9mjcMvM0VwsPcwU9E/GOKMMj0Q56EFVKQkroeLjdXj
> bYMPc8FNAG6eYUdlrSx5lfcDqhO/EmiUZXLJykBbPFmcke8jED1b31WdboMaJAce
> YuuYVUgia4+sP2w/u0bXdQB5ie6gYHecYwdhiIB/mYY74jVz6BeQ26x7EjS7w/WT
> 4eI5XbPX6JPtJe0e3WpRIe2Fk/pLQOdcHMbG+g0X69cbRtRcf7PT/feGbJzoC/qJ
> rUiE7okK98P9KawCV4lueV1b7whFAhJs6apGvIOs/1w296eZ60sM373ugF6ygc1b
> gQybFF/NgnwLrKk0A63retwLeSj2ImB0pl3NvJ9yxJZOy+OP4GalV6BJ5+yF5yz2
> UESskxe5+W3VYH8s1Ekt
> =6brz
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Need help setting up SSL on Tomcat 8

2016-06-28 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Sean,

On 6/28/16 2:31 PM, Sean Son wrote:
> Hey Philip
> 
> So i was able to get the page to connect with SSL but I noticed
> that when I clicked on the little icon that looks like a lock next
> to https:// in the address bar, I saw this certificate error: 
> Certificate Error There are issues with the site's certificate
> chain (net::ERR_CERT_COMMON_NAME_INVALID).

This usually means that the URL you are using contains a hostname that
doesn't match the TLS certificate's "common name".

> Does that mean that SSL has been implemented incorrectly?
> 
> Also I am trying to get an incoming connection through port 80 to
> tomcat, to automatically redirect to port 8443 (or 443 which ever
> you think is easiest to implement)  without having to use a reverse
> proxy in front of it.  In my server.xml I have the following:
> 
>  connectionTimeout="2" redirectPort="8443" />

Re: Tomcat graceful shutdown inquiry

2016-06-28 Thread Coty Sutherland 
Fantastic. Thanks! :)

On Tue, Jun 28, 2016 at 2:43 PM, Mark Thomas  wrote:
> On 28/06/2016 19:39, Coty Sutherland wrote:
>> Hello all,
>>
>> I've been poking around with the Fedora distribution of tomcat and
>> noticed that systemd isn't allowing tomcat to gracefully shutdown (it
>> sends an immediate SIGKILL after the Boostrap stop is called). That
>> isn't your issue, but in trying to mediate the issue so that session
>> persistence works as expected, I found that SIGTERM causes tomcat to
>> gracefully shutdown. Looking at the code of the
>> org.apache.catalina.startup.Bootstrap.stop() method, I can see that it
>> hands off to Server.stop() and stops the server by initiating the
>> shutdown hook, etc. When you send a SIGTERM to tomcat the
>> org.apache.catalina.core.StandardServer.stopInternal() method is what
>> handles shutdown and appears to be gracefully stopping the server,
>> though it goes about the process a bit differently.
>>
>> My question is, can anyone readily tell me the functional difference
>> between gracefully handling a SIGTERM and utilizing Bootstrap.stop()?
>
> None.
>
>> I'm sure that the Bootstrap.stop() is the preferred method,
>
> Not really.
>
>> but is there any major harm in using SIGTERM?
>
> No.
>
>> I've compared FINE level
>> logging on org.apache and both methods seem to get the same result (a
>> graceful stop).
>
> They are equivalent. If you disable the shutdown port, SIGTERM is the
> only way to gracefully shut down Tomcat.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat graceful shutdown inquiry

2016-06-28 Thread Mark Thomas 
On 28/06/2016 19:39, Coty Sutherland wrote:
> Hello all,
> 
> I've been poking around with the Fedora distribution of tomcat and
> noticed that systemd isn't allowing tomcat to gracefully shutdown (it
> sends an immediate SIGKILL after the Boostrap stop is called). That
> isn't your issue, but in trying to mediate the issue so that session
> persistence works as expected, I found that SIGTERM causes tomcat to
> gracefully shutdown. Looking at the code of the
> org.apache.catalina.startup.Bootstrap.stop() method, I can see that it
> hands off to Server.stop() and stops the server by initiating the
> shutdown hook, etc. When you send a SIGTERM to tomcat the
> org.apache.catalina.core.StandardServer.stopInternal() method is what
> handles shutdown and appears to be gracefully stopping the server,
> though it goes about the process a bit differently.
> 
> My question is, can anyone readily tell me the functional difference
> between gracefully handling a SIGTERM and utilizing Bootstrap.stop()?

None.

> I'm sure that the Bootstrap.stop() is the preferred method,

Not really.

> but is there any major harm in using SIGTERM?

No.

> I've compared FINE level
> logging on org.apache and both methods seem to get the same result (a
> graceful stop).

They are equivalent. If you disable the shutdown port, SIGTERM is the
only way to gracefully shut down Tomcat.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat graceful shutdown inquiry

2016-06-28 Thread Coty Sutherland 
Hello all,

I've been poking around with the Fedora distribution of tomcat and
noticed that systemd isn't allowing tomcat to gracefully shutdown (it
sends an immediate SIGKILL after the Boostrap stop is called). That
isn't your issue, but in trying to mediate the issue so that session
persistence works as expected, I found that SIGTERM causes tomcat to
gracefully shutdown. Looking at the code of the
org.apache.catalina.startup.Bootstrap.stop() method, I can see that it
hands off to Server.stop() and stops the server by initiating the
shutdown hook, etc. When you send a SIGTERM to tomcat the
org.apache.catalina.core.StandardServer.stopInternal() method is what
handles shutdown and appears to be gracefully stopping the server,
though it goes about the process a bit differently.

My question is, can anyone readily tell me the functional difference
between gracefully handling a SIGTERM and utilizing Bootstrap.stop()?
I'm sure that the Bootstrap.stop() is the preferred method, but is
there any major harm in using SIGTERM? I've compared FINE level
logging on org.apache and both methods seem to get the same result (a
graceful stop).



TIA,
Coty

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Need help setting up SSL on Tomcat 8

2016-06-28 Thread Sean Son 
Hey Philip

So i was able to get the page to connect with SSL but I noticed that when I
clicked on the little icon that looks like a lock next to https:// in the
address bar, I saw this certificate error:
Certificate Error
There are issues with the site's certificate chain
(net::ERR_CERT_COMMON_NAME_INVALID).

Does that mean that SSL has been implemented incorrectly?

Also I am trying to get an incoming connection through port 80 to tomcat,
to automatically redirect to port 8443 (or 443 which ever you think is
easiest to implement)  without having to use a reverse proxy in front of
it.  In my server.xml I have the following:



> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
>>
>

Re: Need help setting up SSL on Tomcat 8

2016-06-28 Thread Sean Son 
Thank you for your reply Philip

yes I have and it still failed.. I can try again and let you know what
errors I am running into.

Thanks!



On Tue, Jun 28, 2016 at 2:15 PM, Philip Hachey  wrote:

> Have you tried following the steps found here?:
> https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Need help setting up SSL on Tomcat 8

2016-06-28 Thread Philip Hachey 
Have you tried following the steps found here?: 
https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Need help setting up SSL on Tomcat 8

2016-06-28 Thread Sean Son 
Hello all

I am stuck trying to set up SSL on Tomcat 8. I have tried all sorts of
advice and still I cannot get it to work.

I attempted to use the method describe on this website:

https://sysengineers.wordpress.com/2011/03/16/tomcat-automatic-redirect-https/

but I started to see the following errors in my catalina.2016-06.26.log
file:

WARNING [main] org.apache.catalina.startup.SetAllPropertiesRule.begin
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLCertificateFile' to
'/home/user/apache-tomcat-8.0.35/ssl/certificate.crt' did not find a
matching property.
28-Jun-2016 10:44:20.495 WARNING [main]
org.apache.catalina.startup.SetAllPropertiesRule.begin
[SetAllPropertiesRule]{Server/Service/Connector} Setting property
'SSLCertificateKeyFile' to
'/home/user/apache-tomcat-8.0.35/ssl/certificate.key' did not find a
matching property.

So what I did was install openssl-devel and apr-devel and now those errors
have disappeared, but when I try to browse to the web application or the IP
of the server, I get the following error in the browser:

took too long to respond.

Try:

   - Reloading the page
   - Checking the connection
   - Checking the proxy and the firewall

I have no idea what I am doing wrong. I set up my Connector in server.xml
exactly the same way as the example in that website that I linked. Any
suggestions will greatly be appreciated!

Thanks!

Sean

Re: Deploy with white screen

2016-06-28 Thread Jeffrey A Trimble 
I started with a fresh copy.  The only change was to use Java7.  I don’t
have a  stanza in my server.xml.  I do have a context.xml file.

—Jeff

Jeffrey Trimble, MLS
William F. Maag Library
Youngstown State University
330.941.2483 (Office)
jatrim...@ysu.edu
http://www.maag.ysu.edu
http://digital.maag.ysu.edu




On 6/28/16, 12:03 PM, "Christopher Schultz" 
wrote:

>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Jeffrey,
>
>On 6/25/16 11:40 AM, Jeffrey A Trimble wrote:
>> I've just deployed tomcat 7.0.70 on a test server, but I'm seeing
>> something very strange and I'd like some advice to point me to a
>> solution.  I'm running DSpace software.
>> 
>> When I go to the web:  http://:8080/xmlui I'm getting a
>> blank white screen.  If I add something like "/home" onto the end
>> of the URL (http://:8080/xmlui/home) I receive a screen
>> that looks like my application with "Page not found" error in one
>> of the frames, but I can now get all my usualy menus and choose to
>> go on.  If I click a link for the Home landing page, it may or may
>> not get a white blank page.
>> 
>> Any thoughts?
>> 
>> Some informational data:
>> 
>> * server.xml has the declared the appBase to my directory where my
>> webapps reside (instead of copying them into the /webapps
>> directory under Tomcat).  We've been doing that for years. * I'm
>> running java 1.6 * xmlui is a cocoon application
>
>Can you post your  from server.xml?
>
>When you migrated from Tomcat 6 -> Tomcat 7, did you start with a
>fresh conf/server.xml from Tomcat 7, or did you try to copy the
>conf/server.xml from Tomcat 6 into Tomcat 7?
>
>- -chris
>-BEGIN PGP SIGNATURE-
>Comment: GPGTools - http://gpgtools.org
>Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
>iQIcBAEBCAAGBQJXcp/ZAAoJEBzwKT+lPKRYQgoP/iWCqzBF3cbxiNHFeVdplnwA
>RXBweJF2KareM9Bx79S2dDjw/H35f7LuRvbL5hjOGDtoLT/AXOa4HOBsHYAac561
>whxtxVU6rJoQtovCX63J0zjF59oV0KEdAPAMTd0jtaeoj2l26Ro3UFKqpUbpf+U6
>iZkLTBk26L3/Rd17a8y6ITUm/dYOfsc4TUpatELAI7NLab5ofqufAXnPskTDSl6v
>w4DFUyydO5cd8iwlIXYHjSMmh3KqCixWlXk7cVrJkwdjwCN61N4grKPMVFQUMQZg
>Am1XAVKPS18T8iJMFGZpzro9sxBQe9NsxRTvTgRFRDNR/ipBbXlbtGohFZyMScd7
>BtLH9DXT56K5rEgARjI9G5Q1W5oDaq6Fr10iSVtv5/uAepRb4+sR0HlfGDykohUy
>hl5pat4Z0x7p5Xjy+Xrsmv5Es6mNIbUGIFoadBmTa8xDnVPZ0NS/a1dfClcFCP4T
>rzgYvv59U5DDibdJgbDLHzEWhx2f8ik6jyh1vS3B2x7Ixxt6hT23ykE8GNw5rhMV
>8BLll+M1iykhf5dBRQHd5EqQ1ftwKWZRFQqAzGcn7vlSLdgAgvMNcPpvEzQUqvDK
>oGSmHcp7OhcHjGwXpdie2Y/5fM0lhdu7zfxBFGykIo97ieZWA9EjZpGOZX6xQuEB
>+RlTI4cqnGbqvQp+vqNU
>=xrav
>-END PGP SIGNATURE-
>
>-
>To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: users-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Deploy with white screen

2016-06-28 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Jeffrey,

On 6/25/16 11:40 AM, Jeffrey A Trimble wrote:
> I've just deployed tomcat 7.0.70 on a test server, but I'm seeing 
> something very strange and I'd like some advice to point me to a 
> solution.  I'm running DSpace software.
> 
> When I go to the web:  http://:8080/xmlui I'm getting a
> blank white screen.  If I add something like "/home" onto the end
> of the URL (http://:8080/xmlui/home) I receive a screen
> that looks like my application with "Page not found" error in one
> of the frames, but I can now get all my usualy menus and choose to
> go on.  If I click a link for the Home landing page, it may or may
> not get a white blank page.
> 
> Any thoughts?
> 
> Some informational data:
> 
> * server.xml has the declared the appBase to my directory where my 
> webapps reside (instead of copying them into the /webapps
> directory under Tomcat).  We've been doing that for years. * I'm
> running java 1.6 * xmlui is a cocoon application

Can you post your  from server.xml?

When you migrated from Tomcat 6 -> Tomcat 7, did you start with a
fresh conf/server.xml from Tomcat 7, or did you try to copy the
conf/server.xml from Tomcat 6 into Tomcat 7?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXcp/ZAAoJEBzwKT+lPKRYQgoP/iWCqzBF3cbxiNHFeVdplnwA
RXBweJF2KareM9Bx79S2dDjw/H35f7LuRvbL5hjOGDtoLT/AXOa4HOBsHYAac561
whxtxVU6rJoQtovCX63J0zjF59oV0KEdAPAMTd0jtaeoj2l26Ro3UFKqpUbpf+U6
iZkLTBk26L3/Rd17a8y6ITUm/dYOfsc4TUpatELAI7NLab5ofqufAXnPskTDSl6v
w4DFUyydO5cd8iwlIXYHjSMmh3KqCixWlXk7cVrJkwdjwCN61N4grKPMVFQUMQZg
Am1XAVKPS18T8iJMFGZpzro9sxBQe9NsxRTvTgRFRDNR/ipBbXlbtGohFZyMScd7
BtLH9DXT56K5rEgARjI9G5Q1W5oDaq6Fr10iSVtv5/uAepRb4+sR0HlfGDykohUy
hl5pat4Z0x7p5Xjy+Xrsmv5Es6mNIbUGIFoadBmTa8xDnVPZ0NS/a1dfClcFCP4T
rzgYvv59U5DDibdJgbDLHzEWhx2f8ik6jyh1vS3B2x7Ixxt6hT23ykE8GNw5rhMV
8BLll+M1iykhf5dBRQHd5EqQ1ftwKWZRFQqAzGcn7vlSLdgAgvMNcPpvEzQUqvDK
oGSmHcp7OhcHjGwXpdie2Y/5fM0lhdu7zfxBFGykIo97ieZWA9EjZpGOZX6xQuEB
+RlTI4cqnGbqvQp+vqNU
=xrav
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: wrong request.getServerPort value reported on upgraded HTTP/2 connector ?

2016-06-28 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Frank,

On 6/28/16 11:02 AM, Frank Taffelt wrote:
> Calling the method request.getServerPort() returns 80 on http/2 
> upgraded requests for the https connector. I would expect that
> this method should return 443 in these calls. My current
> workarround is to disable the APR Listener as this results in
> correct value for the https connector. So is this a bug?

Definitely seems like a bug. You have no other connectors defined other
than the one on port 443?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXcp4aAAoJEBzwKT+lPKRYfwgP/isAFGcsIB0XcgY/SCzVYdas
WO0gBJmDl8IiDG7ALYQ+XZqvCaZZbQRvLZ5se6gx9UGbnpKqTV27j51kSEKb9txE
sat8y7JmYlwrnTrxu6vDgPYHODYs+tI7ilYC02YSBth9v9E6I14egEV7bEv5H0F4
zYavdyO8jUFDFnv/tqllPfu0vm58BSHZnGHJcnSLU3hqijJOcS1edEq+jzj/xAJr
GtMi8ehI2RMSGq5nizl5Yc3zuc3jlsvilpPSc3ygqJfNltKBKDnNivUPWONF4ozS
Ibl6o1Rs8hs132xZka1OPI3+BlTc9HkQgHU3jvrQlfkWzNjv6ogM6Q5B76Jgv65T
li65XFLmw9x6SdUWn93S4FIQIJs/rYoJyX53ZwSlHiONFZh2C4KlDCzQPJ6iMt5z
UdQeUHCHZ2xZURmScSpVAOkyGog6V84kHtaDVPgD8+umNBqA+ujy7abDb6ZdKDuC
Yke6RssFatQmWBGJkp3JORPOIq1C1sNh64Gd1hz8U17kHK0zmffYis5aqeFPxUxr
2jEz1VAbsZULDclpWi2JW4TKezVrOykmQ4Dmgz//OOKeXW1XCwtaigK/c3XSv95D
cm3tpaGUsdhLUM75YaK/H1sLKwVyav6rubYrXWmKvTOPgO4sd3DlXFbW5T7NT+CR
ikuriVBWliBg8rb61KlH
=b+VE
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[OT] External XML Entities with relative pathnames

2016-06-28 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

All,

I'm trying to build an XML file that includes several smaller XML
files using XXE, like this:

bar.xml:



]>

  


The files "foo.xml" and "bar.xml" are in the same directory.

This works great when the CWD of the process is the same as foo.xml
and bar.xml, but when I try to say "hey program, parse
/a/b/c/bar.xml", I get FileNotFoundException for CWD/foo.xml.

We often recommend that people use XXE for "password-less" server.xml
files. Is everyone using absolute filenames for that? Or is there some
kind of option that I need to set on Xerces (being used internally by
the JVM -- the com.sun.org.apache.xerces flavor) or Digester (I'm
using commons-digester to read the XML) to enable relative entities?

I've been searching the web for references to things like this, and it
appears that various versions of Xerces (including the C version) had
a bug where relative paths weren't working properly (the XML spec says
that relative paths such as the above should be relative to the
document that defined them -- that is: foo.xml should be expected in
the same location as bar.xml in my example above). Do I just have a
buggy version of Xerces?

Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJXcp1vAAoJEBzwKT+lPKRYfXcP/2SdmSpa7dLwBed7xv97BHLl
Lq8JSJSVkVvZZjTF6gHvn8xVfGm+6KA1LQ6KRsSoke8ZKf54waUKclYcd04/Jkb5
N9na6UknDTCrhwPsY1xOyRZQ5jq62MeyxtJE+8EHitCwIaAqyaOaxsG1djPGnNpP
a68N4WQ3qyumDuoSC9Slx5jLPi/i4XciSGCx/LRC0zaY3ABmU+boOjBK+41Ambjz
0h9kWGqSm0/QRO8wETSoWzHLtrqckRXbkvHXnydaiCcmvE1ELmAd/364+TR2ZCeu
jZVO9uVSzpZkV8IQTa6Zic57avFfFdKmIRHiItDhW9Rm9l6SJgWZJmWV1/YDXcRB
IEocNgSz1Ad4gU1yVsv8gHH7LTTDggmgAjwlzdjCPkKB1dGCjLW2uYmJ7qNh0hsQ
GrjCG0/wisvhZh7m5K0zroG3+oYnnD+KmrEs5wUr9JDUC2TnV4a9LXozDbHdctNs
ojz+bFeBeC+hv6L8ICDTUk+fnptD2PAzPDDf59MukS3X2LEDNuv9y+N71wLyI20w
ecfgI6Eelgwe4Rf9dSBUNz84rArS7gzP9TDpOFV7jqP6uz7glDtIw5Wp+rRJ6xRR
e9taycc9HzQg+6CnzwbNr4XCLemq+b2/agRCxLX42NiMBxEwBGGXSyiF1tsTi9Be
EgBW4TOvmiba15v5bsnx
=vS/0
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

wrong request.getServerPort value reported on upgraded HTTP/2 connector ?

2016-06-28 Thread Frank Taffelt 
Calling the method request.getServerPort() returns 80 on http/2 upgraded 
requests for the https connector. I would expect that this method should return 
443 in these calls.
My current workarround is to disable the APR Listener as this results in 
correct value for the https connector. So is this a bug?

so here is my config:
Tomcat: 8.5.3
OS: Win7 (64bit)
tcnative:  1.2.7
Java Version:  1.8.0_92-b14

parts from my server.xml:
* active APR Listener

* connector:







   




Thanks,
Frank

Re: Runtime Cloning of DataSource for Different DB?

2016-06-28 Thread Mark Thomas 
On 27/06/2016 22:35, Jerry Malcolm wrote:
> Mark,
> 
> On 6/27/2016 1:07 PM, Mark Thomas wrote:
>> On 27/06/2016 17:44, Jerry Malcolm wrote:
>>
>>> I'm assuming that context.lookup(...) simply locates the "jdbc/myDB"
>>>  tag in the context.xml file, pulls all of the parms out of
>>> that tag, creates a DataSource object utilizing the parms, and returns
>>> it.If that's the case, couldn't I create a variation/subclass of the
>>> Context object that modifies the url parm that it found in the resource
>>> tag and puts the desired db name into the url before constructing the
>>> DataSource?
>> Sure.
>>
>> You need to implement the appropriate factory and then specify your
>> factory class explicitly in the Resource element using the factory
>> attribute.
>>
>> You probably want to start here for ideas on how to code up your factory:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/naming/factory/
>>
>> or for a more specific example:
>> http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/dbcp/dbcp2/BasicDataSourceFactory.java?view=annotate
>>
>>
>>
>> Mark
>>
> Thanks so much.  This looks doable.  Just to make sure I have the big
> picture correct
> 
> 1) I will define a new custom resource that returns a custom context
> object that I write.
> 2) On the  tag for my custom context resource I can put all of
> the standard DataSource parms
> 3) I then call lookup() on this custom context passing the dbName in
> 4) This custom context will build an appropriate Reference object with
> all the parms, instantiate a BasicDataSourceFactory, and call
> getInstance(.) on the factory.
> 
> When I need an instance of the datasource:
>  Context initContext = new InitialContext();
>  Context envContext  =
> (Context)initContext.lookup("java:/comp/env");
>  MyDataSourceContext dsContext = (MyDataSourceContext)
> envContext.lookup( "dsContext/myDSContext" );
>  DataSource myDS = (DataSource) dsContext.getInstance( "dbName" );
> 
> Am I getting close?

Yes, but I don't think you want to use custom NamingContexts. I think
there is a simpler way.

1. Write a custom DataSource factory that provides a getDataSource(...)
method that allows you to pass in whatever per instance config you need.
This DataSource factory will need to use bean style setters (like the
example I linked to) to pick up the other config from the 

2. Write a custom resource factory that returns an instance of your
DataSource factory.

3. Add a context Resource element for your DataSource factory,
remembering to use the factory element and specify the custom resource
factory from 2.

HTH,

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: I don't understand a recent change released in Tomcat 7.0.70

2016-06-28 Thread Lyallex 
On 25 June 2016 at 07:38, Lyallex  wrote:
> On 24 June 2016 at 21:50, Christopher Schultz
>  wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Lyallax,
>>
>> Okay, one last time before I start ignoring you. We really are trying
>> to be helpful. But nobody knows why who are so exercised about this.
>>
>> You haven't:
>>
>> a) Clearly explained what you want to do (redirect which requests?
>> with what response code? in what cases?)
>
> Thank you for your very reasonable response
>
> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
>
> Explains the problem that has been fixed in 7.0.70

Tomcat 7.0.70, stand alone production server, live.

curl -D /tmp/headers.txt -s  http://www.mysite.com/

HTTP/1.1 301 Moved Permanently
...

Fantastic

Thank You
Lyallex

>
> My 'issue' was with the design decision, not the fix.
> Software design is an obsession of mine, sometimes it overflows my
> brain and spills out on the pavement so to speak.
>
> I don't think this forum is the right place to discuss such issues.
> Many thanks for everyones patience.
>
> Lyallex
>
> 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org