date:20170907

I also stuck a similar named trivial static context into 
/var/lib/tomcat7/webapps (with a different directory name: "foobar" in 
Tomcat 8, "bozbar" in Tomcat 7).


In theory, Tomcat 8.5 should be able to see the foobar context, but not 
the bozbar context; this is also true in practice.


So it's something specific to the root context.

--
James H. H. Lampert

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: More, Re: This is weird (cross-posted to Tomcat and Debian Lists): Tomcat 8.5 is going to /var/lib/tomcat7/webapps/ROOT

2017-09-07 Thread Caldarale, Charles R

> From: James H. H. Lampert [mailto:jam...@touchtonecorp.com] 
> Subject: More, Re: This is weird (cross-posted to Tomcat and Debian
Lists):
> Tomcat 8.5 is going to /var/lib/tomcat7/webapps/ROOT

> If I remember right, Linux file systems can have not only symbolic links 
> to files, but also multiple hard links to the same file. Is there an 
> easy way to look for something like that?

Without doing a full directory search, you can't tell if a symlink target
references a directory entry you're interested in.  You can use "ls -l" to
see the link count on a file; if a non-directory file has a link count more
than 1, there's another hard link to it (directories always have a link
count >= 2).

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

More, Re: This is weird (cross-posted to Tomcat and Debian Lists): Tomcat 8.5 is going to /var/lib/tomcat7/webapps/ROOT

Just for grins, I put a trivial static context (nothing more than a 
directory containing a simple "index.html" file) into 
/var/lib/tomcat8/webapps. Tomcat 8.5 found it. So it's only the root 
context that's somehow getting redirected.


But on the other hand, if I rename var/lib/tomcat7/webapps/ROOT to 
"ROOTx," Tomcat 8.5 STILL finds that one (or at least its index.html).


Curiouser and curiouser.

If I remember right, Linux file systems can have not only symbolic links 
to files, but also multiple hard links to the same file. Is there an 
easy way to look for something like that?


--
James H. H. Lampert

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 4.1.30 - not working with iSeries after upgrading the OS to V7R3 which uses Java 7/Java 8


On 9/7/17, 2:43 PM, Christopher Schultz wrote:

It sounds like James H.H. Lampert may be able to help you with your
problem. He's been pounding his head against his AS/400 environment
for years.


Greetings!

I finally get a chance to talk about something I know, rather than beg 
for help about something I don't know!


(And it's not necessary to use my middle initials when referring to me, 
so long as you leave out both of them. It's when people use one "H" and 
not the other that irritates me.) ;-)


Just seeing "Tomcat" and a reference to an IBM Midrange box was enough 
to catch my attention.


Everything I've come up with is based on the instructions to be found at
 
(or  if you prefer). It's currently an 
extremely slow-loading page.


What you want to do is go to the relevant download page at 
tomcat.apache.org (so far, I've ONLY run Tomcat 7 on IBM Midrange boxes, 
not earlier or later versions), and download the ZIP file (not the tar.gz).


Once you have it, figure out where you're going to put it in the IFS, 
and FTP the ZIP file into that directory.


Go into QSHELL, and navigate to where you put the ZIP file, and unzip it 
using Java's JAR command. (e.g., "JAR -xf apache-tomcat-7.0.81.zip")


Once that has completed, exit QSHELL. You might want to rename the 
Tomcat directory to something less cumbersome (our installations rename 
it to simply "tomcat")


If you're also looking at the web page, you should see a part about 
modifying catalina.sh, to force "os400" to "true." You can safely ignore it.


Now, to run Tomcat on an IBM Midrange box in any kind of meaningful way, 
you need to set up a CL program that will find the JVM, set up the 
environment variables, and launch the thing; it's simply not practical 
to do it any other way. The web page gives one very out-of-date version, 
based on running a very old Tomcat under a very old JVM that you 
probably don't have.


Our CL program, because we install it on customer boxes, is somewhat 
proprietary in nature, so I won't give you all of the source, and it's 
also fairly complex, checking for the existence of every JVM we have run 
Tomcat 7 under, and also every JVM we believe is reasonably likely to 
support Tomcat 7. It also allows us to launch Tomcat in a specific job 
queue, so it runs in a specific subsystem, and to specify minimum and 
maximum heap space (subject to the limitations of the JVM)


In our STRTOMCAT CL program, we start by building up a CL variable, 
"," that contains certain important Java options. As of just 
over a year ago, it includes:

-Dos400.awt.native=true
-Djava.awt.headless=true
-Djava.version=1.6
-XX:PermSize=256m
-XX:MaxPermSize=256m
-Djavax.servlet.request.encoding=UTF-8
-Dfile.encoding=UTF-8
and -Xms and -Xmx options with the desired heap space parameters.

Next, it looks for a suitable JVM. Currently, the JVMs we look for, in 
the order we look for them, are:

/qopensys/QIBM/ProdData/JavaVM/jdk60/32bit
/qopensys/QIBM/ProdData/JavaVM/jdk60/64bit
/qopensys/QIBM/ProdData/JavaVM/jdk626/32bit
/qopensys/QIBM/ProdData/JavaVM/jdk626/64bit
/qopensys/QIBM/ProdData/JavaVM/jdk70/32bit
/qopensys/QIBM/ProdData/JavaVM/jdk70/64bit

Once we've found one, we ADDENVVAR ENVVAR(JAVA_HOME) with the full 
pathname of the JVM and REPLACE(*YES).


We also do an ADDENVVAR ENVVAR(CATALINA_HOME) with the full pathname of 
the Tomcat directory (including the Tomcat directory itself!) and 
REPLACE(*YES).


And we do another ADDENVVAR, this time
  ADDENVVAR ENVVAR(JAVA_OPTS) VALUE() REPLACE(*YES)

Finally, with everything else set up, we

 SBMJOB CMD(QSH +
  CMD('//bin/startup.sh')) +
  JOB(CATALINA) JOBD(/) +
  JOBQ(/) INLLIBL(QGPL +
  QTEMP) CPYENVVAR(*YES) ALWMLTTHD(*YES)
(omitting the JOBQ parameter if we're using the default job queue for 
the job description).


Obviously, you will want to use some combination of job description and 
job queue that won't put Tomcat into a one-job-at-a-time batch queue. 
But just as obviously, you need to submit it as a batch job, because 
otherwise, it's going to sit there, tying up your terminal session.


We have also done a similar ENDTOMCAT CL program, that goes through much 
of the same rigmarole to select a JVM and set up environment variables, 
and then submits "shutdown.sh" as a QShell batch job, and then sits 
there, checking for the presence of a CATALINA job, and if it doesn't go 
away within a reasonable amount of time, it then abends the CATALINA job.


Note that the CATALINA job doesn't really do a whole lot; the actual 
Tomcat server runs in a job called QP0ZSPWT, that is somehow chained to 
the CATALINA job. When one job dies (either naturally or forcibly), the 
other follows immediately.


--
James H. H. Lampert


-
To unsubscribe, e-mail:

Re: BIO: Async servlet with it's own thread pool; but get connection refused!

2017-09-07 Thread Yasser Zamani

Thanks for your attention.

Now I downloaded a fresh apache-tomcat-7.0.81-windows-x64 and chenged 
it's connector in same way (BIO,20,20,10). I get same result, fortunately :)

OUTPUT:

Using CATALINA_BASE: 
"C:\Users\user\.IntelliJIdea2016.3\system\tomcat\Unnamed_Async-Servlet-Example_2"
Using CATALINA_HOME: 
"C:\Users\user\Downloads\apache-tomcat-7.0.81-windows-x64-IJ\apache-tomcat-7.0.81"
Using CATALINA_TMPDIR: 
"C:\Users\user\Downloads\apache-tomcat-7.0.81-windows-x64-IJ\apache-tomcat-7.0.81\temp"
Using JRE_HOME:"E:\jdk1.7.0_79"
INFO: Server version:Apache Tomcat/7.0.81
INFO: Server built:  Aug 11 2017 10:21:27 UTC
INFO: Server number: 7.0.81.0
INFO: OS Name:   Windows 8.1
INFO: OS Version:6.3
INFO: Architecture:  amd64
INFO: Java Home: E:\jdk1.7.0_79\jre
INFO: JVM Version:   1.7.0_79-b15
INFO: JVM Vendor:Oracle Corporation
INFO: CATALINA_BASE: 
C:\Users\user\.IntelliJIdea2016.3\system\tomcat\Unnamed_Async-Servlet-Example_2

Container MAX used threads: 10

Sincerely Yours,
Yasser.

On 9/8/2017 2:30 AM, Mark Thomas wrote:
> On 07/09/17 22:22, Yasser Zamani wrote:
>> At first thanks a lot for your reply!
>>
>> On 9/7/2017 1:43 PM, Mark Thomas wrote:
>>> On 06/09/17 20:59, Yasser Zamani wrote:
 Hi there,

 I'm studying Servlet 3's async API using tomcat. I see following strange
 behavior from tomcat in a very simple test app!
>>>
>>> You are also using the BIO connector which, since it is blocking,
>>> doesn't offer any benefits when using async. You'd be better off with
>>> the NIO connector.
>>
>> Yes I know but currently it's not important for me. I am studying
>> Servlet 3's async API and BIO keeps it simpler to study and focus only
>> on it (with NIO I cannot know if something is because of Servlet 3's
>> async API or Tomcat's NIO).
>>
>>>
>>> You haven't told us which Tomcat version you are using. Since you are
>>> using BIO that narrows it down a bit to 7.0.x or 8.0.x but that is still
>>> a lot of possibilities.
>>
>> It's 7.0.47
>
> You are unlikely to get much interest on this list until you upgrade to
> the latest stable 7.0.x (or 8.0.x). So much has changed in the ~4 years
> since 7.0.47 that there isn't much value in investigating this. If you
> see the same or similar issues with 7.0.81, that would be more interesting.
>
> Mark
>
>
>>
>>>
>>> Neither have you told us what operating system you are using. My
>>> experience of JMeter under load, particularly on Windows, is that you
>>> see strange behaviour and it can be hard to figure out the interaction
>>> of JMeter, the OS network stack and Tomcat.
>>>
>>> You also haven't told us what hardware this test is running on.
>>> Particularly the number of cores available.
>>>
>>
>> OS Name  Microsoft Windows 8.1 Enterprise
>> System Type  x64-based PC
>> ProcessorIntel(R) Core(TM) i3-4130 CPU @ 3.40GHz, 3400 Mhz, 2 Core(s),
>> 4 Logical Processor(s)
>>
>>
 I have following JMeter test plan:
 Number of threads (users): 700
 Ramp-Up period (in seconds): 23
 Loop count: 1

 So JMeter generates 30.43 requests per second and 304.3 requests per 10
 seconds. I'm planning to full tomcat's BIO pool and accept buffer :)

 I have an always async test servlet which on destroy, I print tomcat
 container max used threads count. It prints 187 for me which is lower
 than 200 (tomcat default pool size) so I should not get any "connection
 refuse" but I get!
>>>
>>> There are all sorts of possible reasons for that. I'd suggest scaling
>>> down the test. Limit Tomcat to 20 threads. Reduce the load similarly.
>>> Increase the sleep time. You want to ensure that the only limit you are
>>> hitting is the one you are trying to hit.
>>>
>>
>> Previously I also tested very low loads but again as you suggested I
>> tested following low load configuration and get even worse results!!
>> Tomcat successfully returns from request below 29th but fails 25
>> requests of 29th to 70th. However this time all fails are "connection
>> refuse" and there are not any "connection reset". Whilst the program
>> output is "Container MAX used threads: 10" !!
>>
>> CONFIGURATION #2:
>>
>> Server.xml
>> > connectionTimeout="12"
>> maxThreads="20" maxConnections="20" acceptCount="10"
>> redirectPort="7743" />
>>
>> JMeter
>> Number of threads (users): 70
>> Ramp-Up period (in seconds): 35 (40 requests per 20 seconds)
>> Loop count: 1
>>
>> My async servlet
>> Async Sleep Time: 20 seconds (ensures 40 concurrent requests)
>> It's own thread pool size: 41 (lower than 40 so never fulls)
>>
>> JMETER RESULT of RESPONSE TIMES #2:
>> Max: 38 seconds (lower then tomcat and asyncContext timeout)
>> MIN: 20 seconds
>> AVG: 18 seconds (because of fails)
>> ERR: 36%
>>
>> UTPUT:
>>
>> Container MAX used threads: 10
>>
>> Thanks in advance!
>>
>>> Mark
>>>
>>>
 I have simulated a blocking

Re: Connect to another servlet during init

2017-09-07 Thread Kendall Shaw

On 9/7/17, 3:06 PM, "Christopher Schultz"  wrote:

Kendall,

On 9/7/17 5:36 PM, Kendall Shaw wrote:
> A web application that is not mine needs to be initialized after
> it starts before some resources are available. Manually, I would
> start tomcat (9.0.0.M9 on redhat linux) then request 
> http://example.com:8080/start-up.
> 
> The web application has a servlet configured with 
> 1.
> 
> I am attempting to do the initialization by creating a servlet
> that is configured with 2. But,
> I have not figured out how to use the 1st servlet from the 2nd.
> 
> The second servlet only implements the init method. It is never
> going to receive a request. Its only purpose is to invoke the
> first servlet.

Why not implement a proper lazy-initialization scheme, and not bother
with servlet #2?

I’m not sure I follow. I can’t modify source code of the first servlet.

> How can I find the path of the other servlet and send it a
> request, without having first received a request? I can’t use a 
> ServletRequestListener, because I want the initialization to occur 
> before the first servlet receives its first request.

How would you know the path of the other servlet at all? What
information do you think you need, and why don't you think you have
that information available to the init() method?

I know the name of the servlet. If I had a request I could use 
RequestDispatcher.include. But, I need to do this hopefully before any request 
is received.

Kendall

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Session delete

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alejandro,

On 9/7/17 5:49 PM, Alejandro Vargas M. wrote:
> Is there anyway to delete a session in Tomcat when the user not
> logout correctly from the application, normally they not logged out
> correctly, they just click on the "X" (they said), they click the
> close button of Internet Explorer.
> 
> I tried with $(window).unload using JS, but it works on every
> refresh, not when close button on the browser is clicked.

There is no reliable way to do this. The user can always unplug their
network connection if they don't want their session to be killed when
they close their browser. Sure, this is a pathological case, but it's
indeed possible.

The best thing for you to do is set your session-timeout value to the
lowest tolerable setting for your users, and let sessions time-out due
to inactivity.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZscPWAAoJEBzwKT+lPKRYgRsP/03gvV8Vsaj7rYHMLFUBnvP2
ighdvTGEytnhdPqzc2F/31XIME57mdlZz1Mim9CcW2EiS8Yw8NeD1mR1d+5JJdIn
zttevYFMJpbkcO01LMpMKaJ3IoZ84fKT4l5bhQIgijIk6NEqY01P663l4twKZxCb
ZsF1udU6LZRXfnxyjriO1830rlqnKTfAxT7lWIFnHN2OPFlES0FfZVxxTxoNx1Jg
Eb68Q3FxtXi88YiVkHi/MbCGMJ9sRMY9V9PI/UPoIln9vy8vYnHyqjksFdzBmMeU
2GXRUKud7U9JCM+iaHPWdmJI8bdc2sITRpT8yDTJp4T7u/Zu+dlENqa307csp1My
XfskWOcUxzhIV1TpFH9KH9v4UPqIcMJLtWI4/w1vX0QKe97k2jI2NT4l/zYEKNMO
vkXcWuRKcz0JbNkRlLT5pQ3NfE27bVw245XopDzqihJUDHYVcf4sLYJtB+Z6rLUH
71YMQnkBSbwJR5YP2h8KqL8/2XhJ1hN5j6804wsyQm/HaGyZirzYV4SFr4A54em5
Um1fMbI4PrVJycpbU12IiG7/hL18C8yhOBrwMHTpZdx6ZggA7xnU0cSw/cEuUHq7
EYcijkPEqGzqLs3UYTMavYyv6HbD5rNQLkGSbAWF065wDnUWCgeKMkXG4/+9VLUc
vY8Ou1UlluoX5X7742y9
=Qoy6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Connect to another servlet during init

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Kendall,

On 9/7/17 5:36 PM, Kendall Shaw wrote:
> A web application that is not mine needs to be initialized after
> it starts before some resources are available. Manually, I would
> start tomcat (9.0.0.M9 on redhat linux) then request 
> http://example.com:8080/start-up.
> 
> The web application has a servlet configured with 
> 1.
> 
> I am attempting to do the initialization by creating a servlet
> that is configured with 2. But,
> I have not figured out how to use the 1st servlet from the 2nd.
> 
> The second servlet only implements the init method. It is never
> going to receive a request. Its only purpose is to invoke the
> first servlet.

Why not implement a proper lazy-initialization scheme, and not bother
with servlet #2?

> How can I find the path of the other servlet and send it a
> request, without having first received a request? I can’t use a 
> ServletRequestListener, because I want the initialization to occur 
> before the first servlet receives its first request.

How would you know the path of the other servlet at all? What
information do you think you need, and why don't you think you have
that information available to the init() method?

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZscLMAAoJEBzwKT+lPKRYTCsQAL/N1PShOrW9MtwqOjlReMss
Wbmq/kSBT4PM6ea5UtrMVsXzU+ExU673TL5ZYuhV1MVWBjfAZv4xh9xwAOE0rw0D
wGEoL4exg81mLxmcVWUQbFKDyNF1tGGTHR/uKUXneKygHq4LfabKrIIBPcnmI8OX
GkQ7bQlZwLCchM8Mjo9ibHtRVqqV7OzsaE1X7rlPDztiPGp33OGvGE6L9sXTeBq/
cTYbNZ60GK6tKSYnFFYUFs5Av/XymVJFImLsOzOfN+oslZk13JdFZuGbS/sZqZ2V
Th4NNQxJbYSfjwwLJXqc3KBBLUYY63aEaKhHd8wgUE4PY90XvgehVn7+ZzgH5N9J
0vZ2ExBGXOnn1DIIgCY9A89Yz8WTrQ0NYkceVMgQSfGP7SCGT88u5QmQlKwHAQ3u
zgeI/3A0B+qmkpN//U+nRzDRWlQvObsMEts7vqOF7OndaxAomiKvSOFJm5iSirWb
45drAuq7sEGYcdTAWkRtWyaeWK5con20H4gwPK5NWT1fnVEja8j/F3pxrl2/20UU
6SNbs3bDC+2llwi9KUzNcLdn9G/STZmtbbHSmUVCOCk1rS/rJdroYS1aEyJJHW6y
RMiVHWu1IAqLelIvBwbTmfHrUBg6W3sYpDKvNdbim8X4WEp2UMRIqVW+RMnZMIS9
rC6zkIwxK6yMjM5GQzYL
=KrQ2
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: BIO: Async servlet with it's own thread pool; but get connection refused!

2017-09-07 Thread Mark Thomas

On 07/09/17 22:22, Yasser Zamani wrote:
> At first thanks a lot for your reply!
> 
> On 9/7/2017 1:43 PM, Mark Thomas wrote:
>> On 06/09/17 20:59, Yasser Zamani wrote:
>>> Hi there,
>>>
>>> I'm studying Servlet 3's async API using tomcat. I see following strange
>>> behavior from tomcat in a very simple test app!
>>
>> You are also using the BIO connector which, since it is blocking,
>> doesn't offer any benefits when using async. You'd be better off with
>> the NIO connector.
> 
> Yes I know but currently it's not important for me. I am studying 
> Servlet 3's async API and BIO keeps it simpler to study and focus only 
> on it (with NIO I cannot know if something is because of Servlet 3's 
> async API or Tomcat's NIO).
> 
>>
>> You haven't told us which Tomcat version you are using. Since you are
>> using BIO that narrows it down a bit to 7.0.x or 8.0.x but that is still
>> a lot of possibilities.
> 
> It's 7.0.47

You are unlikely to get much interest on this list until you upgrade to
the latest stable 7.0.x (or 8.0.x). So much has changed in the ~4 years
since 7.0.47 that there isn't much value in investigating this. If you
see the same or similar issues with 7.0.81, that would be more interesting.

Mark


> 
>>
>> Neither have you told us what operating system you are using. My
>> experience of JMeter under load, particularly on Windows, is that you
>> see strange behaviour and it can be hard to figure out the interaction
>> of JMeter, the OS network stack and Tomcat.
>>
>> You also haven't told us what hardware this test is running on.
>> Particularly the number of cores available.
>>
> 
> OS Name   Microsoft Windows 8.1 Enterprise
> System Type   x64-based PC
> Processor Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz, 3400 Mhz, 2 Core(s), 
> 4 Logical Processor(s)
> 
> 
>>> I have following JMeter test plan:
>>> Number of threads (users): 700
>>> Ramp-Up period (in seconds): 23
>>> Loop count: 1
>>>
>>> So JMeter generates 30.43 requests per second and 304.3 requests per 10
>>> seconds. I'm planning to full tomcat's BIO pool and accept buffer :)
>>>
>>> I have an always async test servlet which on destroy, I print tomcat
>>> container max used threads count. It prints 187 for me which is lower
>>> than 200 (tomcat default pool size) so I should not get any "connection
>>> refuse" but I get!
>>
>> There are all sorts of possible reasons for that. I'd suggest scaling
>> down the test. Limit Tomcat to 20 threads. Reduce the load similarly.
>> Increase the sleep time. You want to ensure that the only limit you are
>> hitting is the one you are trying to hit.
>>
> 
> Previously I also tested very low loads but again as you suggested I 
> tested following low load configuration and get even worse results!! 
> Tomcat successfully returns from request below 29th but fails 25 
> requests of 29th to 70th. However this time all fails are "connection 
> refuse" and there are not any "connection reset". Whilst the program 
> output is "Container MAX used threads: 10" !!
> 
> CONFIGURATION #2:
> 
> Server.xml
>  connectionTimeout="12"
>  maxThreads="20" maxConnections="20" acceptCount="10"
> redirectPort="7743" />
> 
> JMeter
> Number of threads (users): 70
> Ramp-Up period (in seconds): 35 (40 requests per 20 seconds)
> Loop count: 1
> 
> My async servlet
> Async Sleep Time: 20 seconds (ensures 40 concurrent requests)
> It's own thread pool size: 41 (lower than 40 so never fulls)
> 
> JMETER RESULT of RESPONSE TIMES #2:
> Max: 38 seconds (lower then tomcat and asyncContext timeout)
> MIN: 20 seconds
> AVG: 18 seconds (because of fails)
> ERR: 36%
> 
> UTPUT:
> 
> Container MAX used threads: 10
> 
> Thanks in advance!
> 
>> Mark
>>
>>
>>> I have simulated a blocking operation by a sleep for 10 seconds. When my
>>> servlet gets a request, it quickly starts an async and add further
>>> processing to my own thread pool (container thread comes back to pool
>>> quickly, right). My own thread pool size is 310 which is greater than
>>> 304.3 (requests in 10 seconds) so never full.
>>>
>>> I've tested several times. Tomcat successfully returns from all requests
>>> below 326th but fails 102 requests from 326th to 700th with "connection
>>> refuse" and afew with "connection reset".
>>>
>>> Why?! My own thread pool does the jobs and Tomcat's pool is free (my
>>> servlet uses 187 threads of tomcat at max).
>>>
>>> Thanks in advance!
>>>
>>> JMETER RESULT of RESPONSE TIMES:
>>> Max: 60 seconds (lower then tomcat and asyncContext timeout)
>>> MIN: 10 seconds
>>> AVG: 37 seconds
>>> ERR: 15%
>>>
>>> CONFIGURATIONS:
>>>
>>> Server.xml
>>> >> connectionTimeout="12"
>>> redirectPort="7743" />
>>>
>>> Async.java
>>>
>>> package com.sstr.example;
>>>
>>> import javax.servlet.*;
>>> import javax.servlet.annotation.WebInitParam;
>>> import javax.servlet.annotation.WebServlet;
>>> import javax.servlet.http.HttpServlet;
>>> import

Re: SOLVED, Re: For some reason, the AUTHBIND approach isn't working with 8.5

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

James,

On 9/7/17 12:18 PM, James H. H. Lampert wrote:
> Emmanuel Bourg wrote:
>>> You didn't change the TOMCAT8_USER variable in
>>> /etc/default/tomcat8 and authbind is installed, right?
>>> 
>>> What is the output of (as root):
>>> 
>>> su tomcat8 -s /bin/bash -c "authbind --deep /bin/bash -c
>>> 'netcat -v -p 443 -l'"
> and my reply ended:
>> The only difference I see is the home directories.
> 
> I found another difference.
> 
> I looked at the man page for authbind. Then I looked at the
> contents of /etc/authbind.
> 
> It seems that /etc/authbind/byport/443 has owner "tomcat7," group 
> "root," and mode 500. As soon as I changed that to group "tomcat8"
> and mode 550,
>> sudo -u tomcat8 -s /bin/bash -c "authbind --deep /bin/bash -c
>> 'netcat -v -p 443 -l'"
> no longer came back with "Permission denied," and when I put Tomcat
> 8.5 on port 443 and restarted Tomcat 8.5, it started right up
> without further complaint.

Glad to hear that.

I've not used authbind, but I believe you can configure things in more
than one way (i.e. /etc/authbind/byport versus /etc/authbind/byuid).
I'll bet there is an order of preference, and that
/etc/authbind/byport overrides /etc/authbind/byuid.

I think you may want to remove /etc/authbind/byport/443 altogether and
allow the /etc/authbind/byuid configuration to handle everything.

NB I would recommend, at least in production, that you limit the ports
to which Tomcat is allowed to bind to the ports you actually need, and
not 1-1023. Just In Case.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZsb/DAAoJEBzwKT+lPKRYeIwQAMfxev49BAcvfU5wn8TpGAt0
5uJNJ3FQy4fq6okPiFO14ZAtir/mMJqaIPZDrxAAAi5/oYUf91NCfkXa6jJzqnnO
3BxSczzu9PAM/TNUzvhViiXmfGCMu5Mivu5OUubhlqib98Av9Zih+bfesJiH2xUG
xBfURVOmLUq0MgYxadSmBJ9pNBzf6Jtu+wQa4Xd/O7+cgg406HXyorx/kPjfT1Nx
0YLdDBR7cvfZw0+4LLNpKGEY0MzETmGFi6Ia1QDUyucR1dzSI72a+LQqQkcr9gt0
xShL9f3d04HkCURWGHVIANVb1bsnNbXLFpWEY8P6TglJ9cLmmGB0ktTgFmA2hXe9
5NjDmEXSJkS6dNe2aD9Z0Z3bYGOFtlvYJlcmgn9e6hicBZkHF0vUUBom0J5Luro6
VvcubC8GYzfcQjm8mkYjvJgrGMMYo+XWhNu6oSH4l1R+tyVlmTwTZRGusu+v2kxp
aJfwrXAjoiMnMyOZNwH+x5/e3tiiiw1/uonrLZMDVf5eq6yiLcwILd5MP0Jx4NGX
kmqdyQka8c1SdHAq31c4AHfD9YtrQ5lTWXwgyt9s46Hb2FN9m3WN6HKnos6YuPqs
bbl+EFynsy9oA4NsQgUMgha5W2y98e7kznwNlQkIcwlFssIzzZ114GNZKNjdYlRK
uJlFBYYVIpZ7B4yM9oAV
=IxQn
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Session delete

2017-09-07 Thread Alejandro Vargas M.

Is there anyway to delete a session in Tomcat when the user not logout 
correctly from the application, normally they not logged out correctly, 
they just click on the "X" (they said), they click the close button of 
Internet Explorer.


I tried with $(window).unload using JS, but it works on every refresh, 
not when close button on the browser is clicked.



--




Alejandro Vargas Mayorga
/*Gerente Desarrollo C.A. & C.*/
*Tel. 506- 7232-3366*
*Email:**alejandro.var...@kymsolutions.com* 
*

**www.kymsolutions.com* *
Visite nuestra aula virtual! *

Re: For some reason, the AUTHBIND approach isn't working with 8.5

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Guang,

On 9/7/17 3:22 AM, Guang Chao wrote:
> On Thu, Sep 7, 2017 at 8:02 AM, James H. H. Lampert < 
> jam...@touchtonecorp.com> wrote:
> 
>> A little over a month ago, I had a problem with getting Tomcat 7
>> to bind to port 443 on Debian.
>> 
>> We solved that problem with the "authbind" approach.
>> 
>> Now, I'm attempting to do the same with Tomcat 8.5, and it's not
>> working.
>> 
>> 06-Sep-2017 23:47:46.293 SEVERE [main]
>> org.apache.coyote.AbstractProtocol.init
>>> Failed to initialize end point associated with ProtocolHandler 
>>> ["https-jsse-nio-443"] java.net.SocketException: Permission
>>> denied [snip]
> 
> You can not use port below 1024 if service is non root.

This is not true.

Authbind exists solely for the purpose of making your above statement
not true.

> You can use routing via iptables

Not necessary. Authbind should work.

> Another option is have a reverse proxy, e.g. nginx listening on
> 443 fronting your tomcat listening on a higher port.

Not necessary. Authbind should work.

- -chris


-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZsb72AAoJEBzwKT+lPKRY4kIP/RZEYZU5kvkCvj0P4xBMnqlg
5VsNoakhDYMfrFiuUOv07fa7FMe/3CRB9XGsgvxalb64rubSlW2Sv9GuimiVQOxA
1CTw/0jpG3hRhfni3sm+j3Jt4SyupZGnMTA0qmJ5L2SLCD649lBBeVYT0pVHGGeq
MjxxtLSlq3dc+/N/txOTbA4g1DFdGq7RWtDClZFn0WC7KKP85K1Nihy9ks+eM8kE
FaD6OSNm4qQp9z4ndMVRl3qFTpa9FgjfTHnTbBvqh9DiSK4yGtbIPlB8gOvo1SRe
jV07adGTv1k+4YE01fNL/4ux5BiuhhPkxymKPuGl2SEl6Fe+6JRxy/1Yj4ZyUJVA
LGhMjR4FeguSq5aMY+f/ZOgUZnDk3XyWsZCf46NESacUFkUoo/NU7U2EwJHq4LT3
AxOd8IQoHR0/nHnLJc5uKlwh9m7xnS0Ut7h9u67YtJz01Ty5QQWnDaIlqiadpU1C
4mgYggSyDyBFyo17xph1lfCDuX8Pa8l59ENq4lWdZj0xdwQuHdkhr1SpvBWB4fj/
EeALJW34jkaAh7fc04ax5V9DB7dBKe3MxVtIEpaA1ULW2b4mQpucBe4fnipMESwR
IXK4JCJnrnDrCRFwp8uKukQd50rlGIRWkuIfoIDdiLN45vD50g6zP6G3vvWFTNYb
mA57urLiLLRdPuQDNrd7
=Jpc6
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Getting a WAR last deployment timestamp thru JMX ?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Laurent,

On 9/7/17 10:52 AM, Laurent Perez wrote:
> I'm exposing some webapp metrics over a JSON servlet. I'd like to
> output the deployment timestamp of my webapp, when war is
> redeployed by tomcat using the built-in /manager/. I looked into
> the manager and could not find a timestamp.
> 
> Is there some magic JMX query available to obtain the last
> deployment time of a war ?

Poke-around in the JMX tree that Tomcat exposes. If you see it, you
can fetch that value through the manager's JMXProxyServlet.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZsb5nAAoJEBzwKT+lPKRYknsP/ip2kkC5jXaEsQ+REaFelutv
vwgLGR7pndQOWsSB3ruOJdIVwYMvrk0D4nUUA1U9HYMI5DOWXTEzsixGsRbsZavi
CP499Eyx3WSipoibnDTWCuIJtyKo7txN46X373oU5NImgNo+SivwkFklP2Xgx+gF
PW5WZ1Z4/BZpDuoskftyXXejJ3AgAU7cEtlk3MeKINv+GX8PP+eyBMso1PZzRvh5
LTECUnziHqjVEJgZuBhjz9U3ae//BJiTi+Qj28+Wy/mqkCILYUHZMTSH5VXf2DtP
39QAPijZ+JgnLlOFlNVKebgPLOZfQgAlRcr4PHHqo+5SFB5sc6D6int7Q+MsVjy/
JOjl/hL50X0ekhNi7UZYPmxv+Qf3LwBvtbhoACx5U7mzMcgx2pnVoAaIgAaUABSo
DqtOY5PWNjnO1Dlp1C8MpjDYxLdDahRSmVcNOGLU3JZjBfEvBzjkEuQYEm1yYNUW
jnJh+SEfbpdfoovkd4Nz7UwowAAszXqgKDVM+QfqzLBBEhRNGNS0zysLl99gQ8sJ
hH8L34onEohjfGDyskjlSQM1a5COevGwJg5f1idkEpm0fRblmS3knHBQjDGGFY/O
fMXI95STGlbxZfUn8pwi3xJt2nkCxUTrLR1YqFN6v9UJ8v5GxGUxCE34tdoBobBe
cVhD22Sjix6gfvwBiVrV
=ttUm
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: TomCat stops after few seconds

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Irene,

On 9/7/17 5:25 AM, Irene Almendros wrote:
> Many thanks for your reply. I updated again windows to the latest 
> version (1703) and TomCat is working properly again. Is possible
> that windows and Tomcat share some config files so that when
> windows is downgraded Tomcat stops working fine?

Not really.

Most likely, Java was corrupted in some way or there was a port conflict
.

Any time Tomcat doesn't behave as expected, it's best to read the log
files that Tomcat produces. They usually tell you exactly what's wrong.

- -chris

-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZsb3hAAoJEBzwKT+lPKRYJUEP/15edgt/s7gJph5WuoHHvfzy
Gmns9p1huEk3BBrR6RqMH+aB5/7zKxAvU7zqeQMf/0JtzMPYtVQ686u8y3eYPrUw
abCPQxvPJfPx9iMV8ePfBkGnQZrJsBfhuAJaLnbh7n4UBB2qY0lGTLNWjm3HKC9G
aKWoQ2t/uNgqKUC/TL/NVTe2jPaFszGG3DZHTxF9s/iXzRUnjOYKJ8e8zPKUI73K
mPATdGZHi0YjzUJswUqVO8QaeAasZVtW4x5Iern4znzM0GJPOlcHcruMnEfLvnHV
vcnqx2KNMWdqjc3JUBNuinusMZhWz/+BhrdhLy64C0V09g0QU+X+Q1we9NOwllgQ
ZIjuj4gO3WGoXlXsMcHpRq3zG7VPvM9DHUZAq+TBltfO3FhLKmGDBgNOBC3m13YH
YwL2e09Hc1w6t3d/qrqmMuDMrmVc71WOMoIYuKKR2WcQwGTXUwrDTde/fuf48d6O
WtYqoi2QOw3R3vpjKkfpkD3YCKBMkFtSmfm+SQSXn0DwQKWDB/h+gL8fGUdYSdVQ
+fTz6TsLKZ07U7ZHN1AtW5hSh1jty+85nh3eXF31z2Oxvb8rOEya8QjafDbt3UYv
1PiJn6KKd++ix7u3D6AFz17lRAM4KXwtauc1Bdh0ifnGtQgZ8Kdjl9dQ00YdR1vK
KhOR01xxf6IZP/Y1b8/9
=U72f
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 4.1.30 - not working with iSeries after upgrading the OS to V7R3 which uses Java 7/Java 8

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Ananthi,

On 9/7/17 5:12 AM, Ananthi K4 wrote:
> We have installed Apache Tomcat version 4.1.30 on our iSeries
> server. Recently we have upgraded the OS400 Operating System from
> Version 7.1 to 7.3 where Java 7 and Java 8 are introduced. After
> this upgrade, Tomcat is giving an HTTP status 500 exception
> report.
> 
> We explored the Tomcat portal and found that we are running Tomcat
> on a lower version and that needs to be upgraded. But we are unable
> to find the exact procedure to install Tomcat on iSeries server.
> 
> There is a subsystem TOMCAT running on the system with Job QP0ZSPWT
> being Active.
> 
> Please advise on the version of TOMCAT that needs to be installed
> on the system as well the procedure to install it.

It sounds like James H.H. Lampert may be able to help you with your
problem. He's been pounding his head against his AS/400 environment
for years.

I'm sure there are some OS-specific things to watch out for, but I
believe Java+Tomcat should be fairly easy to run just about anywhere:
just unpack the distribution tarball and run startup.sh from a
Unix-compatible shell and you should be up and running.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZsb11AAoJEBzwKT+lPKRYSqgP/Ar1KeC70lL/gCXFXDhmYTZK
HiDDkHSRLotOAgtOKNK5//FdxV7L3PbGPlHquciPpfZSxbS5i/FizHKpMpoc62Sz
2+DYVplO9WwdWsjtDy63ZIN0sQ44t95FbuovwKlYq7Dd27CnfgKIruxPNy1myzTB
N7P2IneI7kXiYAuENZ/TnlddiF97r3xvOfi8/O/eYlD3pI5cQvg/YG5c7OrkxcMB
tovC+h1uZQFwOocOIfLQwWfv9kg4vi6bVFiHrlVmyruXmqbqqT42pgt0as25l1YC
q51IdkGPLuElfzGjWFPhPORGnjDaORaGv1AzE0CQsgSOKDuzqrxZqGAGEdoghPEe
3rE/hL35Aax/HL8UCJxI+zxaA+WSnSVe9TpGrnYq9W/adm/ftD1JhQI6zIRvakPU
3LlIXQ9eZNa2m4x6b7epwfc8l1rBv2/FYN6aLzXdiYOLStolVABUmlpsd9u9S7vU
h1T0QF/BwySB3JRpNtw/x+imLsJs5RsdyUk5lVrO9LcQUKR0GW4M/vDl9GrfUtiv
T363n9NWqlS3mRkz5078mNx/SxXp1K1nDCcocGX51yCnOLeQHshP5JWCysJQcKP7
WiiukfhaX29gLbsv3BwGh2RvNkwNsDTYeAwwWRey9gXFVPho2yUtsLNVl1gwzjYB
aHAVVJMDoQb9iffsKNEp
=jWe5
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Connect to another servlet during init

2017-09-07 Thread Kendall Shaw

A web application that is not mine needs to be initialized after it starts 
before some resources are available. Manually, I would start tomcat (9.0.0.M9 
on redhat linux) then request http://example.com:8080/start-up.

The web application has a servlet configured with 
1.

I am attempting to do the initialization by creating a servlet that is 
configured with 2. But, I have not figured 
out how to use the 1st servlet from the 2nd.

The second servlet only implements the init method. It is never going to 
receive a request. Its only purpose is to invoke the first servlet.

How can I find the path of the other servlet and send it a request, without 
having first received a request? I can’t use a ServletRequestListener, because 
I want the initialization to occur before the first servlet receives its first 
request.

Kendall

Re: Converting an SSL connector tag from Tomcat 7 format to Tomcat 8.5 format -- WHAT GOES WHERE?

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

James,

On 9/6/17 3:52 PM, James H. H. Lampert wrote:
> On 9/6/17, 11:19 AM, Mark Thomas wrote:
> 
>> The old format will work with 8.5.x.
>> 
>> What were the stack traces?
> 
> And Alejandro Vargas wanted to see the stack traces, too.
> 
> Seeing as how this was the first stack trace (of 20, most with
> "caused by" sub-stack-traces):
> 
>> java.lang.ClassNotFoundException: 
>> org.apache.coyote.http11.Http11Protocol [snip]
> 
> I tried putting the old-style connector tag back in, with the class
> name changed from "org.apache.coyote.http11.Http11Protocol" to 
> "org.apache.coyote.http11.Http11NioProtocol" and this time, it
> worked perfectly.
> 
> I should have tried that when I first noticed there was a
> difference. It actually DID jump right out at me, but I couldn't
> believe that was the only thing wrong, with 20 stack traces.

Yes, conf/server.xml is not forward-compatible. When you upgrade, it's
best to compare your conf/server.xml with the one that came with your
old stock Tomcat version, and essentially perform the same diff
against the new Tomcat's stock conf/server.xml.

Otherwise, things like this happen. In your case, the BIO connector
was removed from Tomcat, leaving only the NIO, NIO2, and APR connectors.

If you use "HTTP/1.1" as the protocol, you don't have to specify a
class name (and you'll get NIO by default). Or, you can leave the
"protocol" attribute completely absent and you'll get the default
(which is "HTTP/1.1", which implies NIO).

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZsbujAAoJEBzwKT+lPKRYSKoQAJtuC/Eu2MEicuhyLjlwD6Mu
1HwcvhCZy//ksRRlzD6HuCzbUiEnjCGWY55jA6YJdS7u4H6TaQP/U3JSPmf2cHAZ
vHNXy0sNhUnx22rMSJyOlKUKfT2nb6+5au+1e6kBMLZrWVN2AS1Ljus1d8wh/aOT
epPmrK3OFWLfa8dfnDx+9i8eri9IaWNnodxaNONvkiBR4tbb1IlDNSA6FOHnyQrj
G5X0yAITL9PvynFoy35N3+Ctmvg9003TGb7d2fInzeiQwNVke35JJsyQmnG5/mai
mFBH+soNTLTPouAaKiXON2/TyPSHbUNZO/xaOO4i3eJkBcwR76fESjItx99r5BgZ
vel7W5nO5Y8lz6qw7cCxmmtEluFPfe3gK27Otv1bJ6iss3xdASePrlAT8QuWqx6S
YHdnmWb7TmerIphD1ftuy8QLxPbSm6TrJ/RcS01WTyglprL+BcoHME5Gm5rGAMWI
hxi2rdGGP/A7BlrvOrlJjwP0SgWwW0sH1pnPXQpZIlDRqDskPTkzc4GV4oFaaLxQ
yRP+CQJCEYHFbxhZVQWfua0XPw4X7hs/pgbDoVt6fD/JKVVhZa2w4LP/d/GY9PkA
Fz36H7s8gfx9UZmtYbAkXKKNH7i4l6rD5ZDF0NruLWe9l01ZGM+e0IaYecVLWBzY
59q8x5IKD5hgMBB85Uis
=C8rx
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: This is weird (cross-posted to Tomcat and Debian Lists): Tomcat 8.5 is going to /var/lib/tomcat7/webapps/ROOT


Pete Helgren (on the Tomcat List) wrote:

Longshotsomething in .profile of the user the Tomcat instance is
running under?


Neither the "tomcat7" nor "tomcat8" users have .profile files.

This is interesting. I got rid of the Tomcat 8.5 catalina.out files on 
both boxes (the one where everything works right, and the one where 8.5 
is getting 7's root context) and restarted them, and I got this at the 
tops of both catalina.out files:



WARNING [main] . . . Problem with directory [/var/lib/tomcat8/common/classes], 
exists: [false], isDirectory: [false], canRead: [false]
WARNING [main] . . . Problem with directory [/var/lib/tomcat8/common], exists: 
[false], isDirectory: [false], canRead: [false]
WARNING [main] . . . Problem with directory 
[/usr/share/tomcat8/common/classes], exists: [false], isDirectory: [false], 
canRead: [false]
WARNING [main] . . . Problem with directory [/usr/share/tomcat8/common], 
exists: [false], isDirectory: [false], canRead: [false]
WARNING [main] . . . Problem with directory [/var/lib/tomcat8/server/classes], 
exists: [false], isDirectory: [false], canRead: [false]
WARNING [main] . . . Problem with directory [/var/lib/tomcat8/server], exists: 
[false], isDirectory: [false], canRead: [false]
WARNING [main] . . . Problem with directory 
[/usr/share/tomcat8/server/classes], exists: [false], isDirectory: [false], 
canRead: [false]
WARNING [main] . . . Problem with directory [/usr/share/tomcat8/server], 
exists: [false], isDirectory: [false], canRead: [false]
WARNING [main] . . . Problem with directory [/var/lib/tomcat8/shared/classes], 
exists: [false], isDirectory: [false], canRead: [false]
WARNING [main] . . . Problem with directory [/var/lib/tomcat8/shared], exists: 
[false], isDirectory: [false], canRead: [false]
WARNING [main] . . . Problem with directory 
[/usr/share/tomcat8/shared/classes], exists: [false], isDirectory: [false], 
canRead: [false]
WARNING [main] . . . Problem with directory [/usr/share/tomcat8/shared], 
exists: [false], isDirectory: [false], canRead: [false]


On both boxes, according to catalina.out, CATALINA_BASE is 
/var/lib/tomcat8 and CATALINA_HOME is /usr/share/tomcat8.


Then I get a bunch of stack traces. I'll omit the stack traces 
themselves for the sake of brevity, and give just the error messages:

 java.io.FileNotFoundException: /usr/share/java/el-api-3.0.jar (No such file or 
directory)
 java.io.FileNotFoundException: /usr/share/java/jsp-api-2.3.jar (No such file 
or directory)
 java.io.FileNotFoundException: /usr/share/java/el-api-3.0.jar (No such file or 
directory)
 java.io.FileNotFoundException: /usr/share/java/jsp-api-2.3.jar (No such file 
or directory)
 java.io.FileNotFoundException: /usr/share/java/el-api-3.0.jar (No such file or 
directory)
 java.io.FileNotFoundException: /usr/share/java/jsp-api-2.3.jar (No such file 
or directory)
and so forth, alternating back and forth between those two jar files 
several times.


I'm still stumped. None of the configuration or log files I've looked in 
so far appear to have any references to anything in tomcat7.


--
JHHL


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: 8.5 - multiple host configuration question

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Chris,

On 9/5/17 4:42 PM, Chris Cheshire wrote:
> On Tue, Sep 5, 2017 at 2:07 PM, Christopher Schultz 
>  wrote:
>> If I were king, I'd set things up like this:
>> 
>> 1. Tomcat is installed in /usr/local/tomcat (or 
>> /usr/local/tomcat-x.y.z, or /opt/whatever, etc.).
> 
> 
> Looks like I do need to adjust default permissions on this if I
> expand as root.
> 
> The tarball leaves me with
> 
> [root@host apache-tomcat-8.5.20]# ls -al total 124 drwxr-xr-x  9
> root root  4096 Sep  5 20:31 . drwxr-xr-x 14 root root  4096 Sep  5
> 20:31 .. -rw-r-  1 root root 57092 Aug  2 21:36 LICENSE 
> -rw-r-  1 root root  1723 Aug  2 21:36 NOTICE -rw-r-  1
> root root  7064 Aug  2 21:36 RELEASE-NOTES -rw-r-  1 root root
> 15946 Aug  2 21:36 RUNNING.txt drwxr-x---  2 root root  4096 Sep  5
> 20:31 bin drwx--  2 root root  4096 Aug  2 21:36 conf 
> drwxr-x---  2 root root  4096 Sep  5 20:31 lib drwxr-x---  2 root
> root  4096 Aug  2 21:35 logs drwxr-x---  2 root root  4096 Sep  5
> 20:31 temp drwxr-x---  7 root root  4096 Aug  2 21:36 webapps 
> drwxr-x---  2 root root  4096 Aug  2 21:35 work
> 
> 
> What should the permissions, owner & group be set to for
> CATALINA_HOME if I am running separate instances per user?

It doesn't really matter. You just need to make sure that your "users"
can read the default config files -- especially conf/web.xml and
conf/tomcat.xml which usually shouldn't be modified from their
defaults anyway.

I've always been irritated that the conf/ directory is only readable
by the owner in the tarball. Maybe I'll agitate to get that changed,
and only protect conf/server.xml and conf/tomcat-users.xml in that way.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZsbqPAAoJEBzwKT+lPKRY+bcQAI6I9VMV42xTiV/02XT1idic
GJQzfD6fpukZ2ZoCltzsQ9n9oygAb43QAnslGLwzG+xa4+Kon+TkgNLlckhpO0IK
yw65LAcEkG8x7iggX23l1I4u4c51GlPERqb8FXH4Sys8JNMFaM3r48/SMiBmVW3r
29ILYk3yHhUWovZGnHcqzosTECo9FBfCNMe8bp+v7vDCifODKPrRRVUtzmOFdN+a
4YAqG+aRIQVHZHqE/2h5lbnnER5PzERj7igfArjOuHwkR4W283y/VxasOaQVrNgL
R/r+Qb99KNH5djiNj3kvfpqLO9Jq3rrIpuc6zH6yrv8EJcgmEoy494bONixt7Eus
q8g/0XTzU9izPfG3wRaCQaPh7oV+ZurYOZAFeYz0eOj5a/AjZfWnwpFSfcTyP5qD
IIrfiaysH+j3NwGpTsT2B1q5Ecp1bugzuIiHHnoZDVDodncSI52XdgykL9tyrjN7
20d4pcepVEdQoTT1ABJKl6mONKMuG3NA+rvNYJQvIlq642LbUx/3rkA+dk+m7OeY
TkCquZZ128NBGzMhwEuEnNSEmBmGyF27vH4qi+2HKi8dsVDsdvRb+mnmFJWTeWVC
ndW3Px/xldEDyhdF84g5TzX8Y7fYjJLOC2EzjkDZmZmI0/l54e7Y/+aq6pThrIpC
q2SjSPEtuzmmlEh2OC1z
=Xei9
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: 8.5 - multiple host configuration question

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Chris,

On 9/5/17 3:39 PM, Chris Cheshire wrote:
> On Tue, Sep 5, 2017 at 2:07 PM, Christopher Schultz
>> If I were king, I'd set things up like this:
>> 
>> 1. Tomcat is installed in /usr/local/tomcat (or 
>> /usr/local/tomcat-x.y.z, or /opt/whatever, etc.). 2. Tomcat is
>> never launched with CATALINA_BASE=/usr/local/tomcat 3. Each user
>> has their own CATALINA_BASE directory in their own home directory
>> (or wherever in the fs tree). No need to put anything in 
>> /usr/local which is usually considered to be shared and
>> read-only. CATALINA_BASE is just a directory with the following
>> directories in it: work/ logs/ conf/ lib/ webapps/. Anything in
>> there overrides anything in the CATALINA_HOME where Tomcat is
>> installed. I'd recommend using a custom conf/server.xml and
>> leaving everything else pretty much alone except maybe a JDBC
>> driver in CATALINA_BASE/lib that isn't necessary for all the
>> other Tomcats that will be running on the server.
>> 
>> This gives you a LOT of flexibility:
>> 
>> 1. Users run their own JVMs as their own users. Filesystem
>> permissions become simpler. Applications require less trust (e.g.
>> apps are running at "cschultz" instead of "tomcat7"). 2. Users
>> can select which version of Tomcat they want to use. Just change
>> CATALINA_BASE and restart. (Roughly speaking. If you switch major
>> versions, you'll likely have to update 
>> CATALINA_BASE/conf/server.xml quite a bit). No more "we are all 
>> running x.y.z whether you like it or not".
> 
> 
> Ok this helps a bit for upgrades. I would just expand the new
> tarball in a similar place, update user level conf and restart each
> instance when ready?

Exactly. Your users can even decide when they want to switch to a new
Tomcat version.

>> 3. Users can start/stop their own Tomcat services. No more
>> emailing an administrator and asking for a restart, and having to
>> coordinate it with several other unrelated teams who weren't
>> expecting a service restart in the middle of the day. 4. You
>> (admin) don't have to babysit everyone's web applications. Users
>> simply put their own apps in CATALINA_BASE/webapps and move on 
>> with their lives.
>> 
> 
> This means I need to configure each server and connector element
> with different ports for each user, correct?

Yes. A regimented port assignment scheme is recommended. In my shared
development environments, I assign every dev a number and their port
numbers become:

Tomcat AJP:   8[dev #][app #]5
Tomcat shutdown:  8[dev #][app #]6
Tomcat "Secure" port: 8[dev #][app #]7

(the "secure" port is for loopback requests; we have those for certain
applications)

So for example, my primary app id is 1 and my dev id is 2:

AJP:  8215
Shutdown: 8216
Secure:   8217

> I am fronting tomcat with httpd using an ajp connector to handle
> ssl certs. I use letsencrypt, and on a production server I can't
> afford to bounce even the connector and lose connections. httpd
> handles it a lot more gracefully. Can I have separate mod_jk.conf
> and workers.properties files for mod_jk pointing to different ports
> for separate connectors for tomcat?

Absolutely. Using regimented port assignments allows you to set up
everyone's port assignments in advance using a template worker and
then a bunch of workers that all look the same except for the port
numbers.

Then you just need to map URLs (e.g. /dev1-app1) to the matching port
numbers.

>>> What about file/directory permissions, assuming tomcat is
>>> running under the 'tomcat' user? I have root access to the
>>> machine, so changing groups, users, permissions is not an
>>> issue.
>> 
>> Free yourself from the "tomcat user". It's one of the things I
>> dislike most about the package-managed versions of Tomcat: they
>> tend to run everything as a single user which is completely
>> unnecessary.
>> 
> 
> Does this mean I launch tomcat (CATALINA_BASE/bin/startup.sh) as
> each user (sandbox1, sandbox2 etc)?

Yes. You may see that as a Good Thing or a Bad Thing. I think it's Good.

> Trying to assimilate all this, it sounds like :
> 
> CATALINA_HOME=/usr/local/tomcat-x.y.z 
> CATALINA_BASE=/home/sandbox1/tc
> 
> CATALINA_BASE/conf/server.xml has the entire configuration,
> engine, connector, host etc for that one user.

Yes.

> Where do I set the variables for CATALINA_BASE/HOME? RUNNING.txt
> says
> 
> "The CATALINA_HOME and CATALINA_BASE variables cannot be configured
> in the setenv script, because they are used to locate that file."

You'll have to set CATALINA_HOME and CATALINA_BASE for the user in
whatever way makes most sense. For example, ~/.profile works, but only
for interactive logins.

> Do I then need to create my own startup script that sets those,
> then calls ${CATALINA_HOME}/bin/startup.sh, or can I just set the
> variables in .bashrc?

Yeah, .bashrc will work, too, but .profile will be better because it
will effect non-bash shells, of course.

Once those

Re: BIO: Async servlet with it's own thread pool; but get connection refused!

2017-09-07 Thread Yasser Zamani

At first thanks a lot for your reply!

On 9/7/2017 1:43 PM, Mark Thomas wrote:
> On 06/09/17 20:59, Yasser Zamani wrote:
>> Hi there,
>>
>> I'm studying Servlet 3's async API using tomcat. I see following strange
>> behavior from tomcat in a very simple test app!
>
> You are also using the BIO connector which, since it is blocking,
> doesn't offer any benefits when using async. You'd be better off with
> the NIO connector.

Yes I know but currently it's not important for me. I am studying 
Servlet 3's async API and BIO keeps it simpler to study and focus only 
on it (with NIO I cannot know if something is because of Servlet 3's 
async API or Tomcat's NIO).

>
> You haven't told us which Tomcat version you are using. Since you are
> using BIO that narrows it down a bit to 7.0.x or 8.0.x but that is still
> a lot of possibilities.

It's 7.0.47

>
> Neither have you told us what operating system you are using. My
> experience of JMeter under load, particularly on Windows, is that you
> see strange behaviour and it can be hard to figure out the interaction
> of JMeter, the OS network stack and Tomcat.
>
> You also haven't told us what hardware this test is running on.
> Particularly the number of cores available.
>

OS Name Microsoft Windows 8.1 Enterprise
System Type x64-based PC
Processor   Intel(R) Core(TM) i3-4130 CPU @ 3.40GHz, 3400 Mhz, 2 Core(s), 
4 Logical Processor(s)


>> I have following JMeter test plan:
>> Number of threads (users): 700
>> Ramp-Up period (in seconds): 23
>> Loop count: 1
>>
>> So JMeter generates 30.43 requests per second and 304.3 requests per 10
>> seconds. I'm planning to full tomcat's BIO pool and accept buffer :)
>>
>> I have an always async test servlet which on destroy, I print tomcat
>> container max used threads count. It prints 187 for me which is lower
>> than 200 (tomcat default pool size) so I should not get any "connection
>> refuse" but I get!
>
> There are all sorts of possible reasons for that. I'd suggest scaling
> down the test. Limit Tomcat to 20 threads. Reduce the load similarly.
> Increase the sleep time. You want to ensure that the only limit you are
> hitting is the one you are trying to hit.
>

Previously I also tested very low loads but again as you suggested I 
tested following low load configuration and get even worse results!! 
Tomcat successfully returns from request below 29th but fails 25 
requests of 29th to 70th. However this time all fails are "connection 
refuse" and there are not any "connection reset". Whilst the program 
output is "Container MAX used threads: 10" !!

CONFIGURATION #2:

Server.xml


JMeter
Number of threads (users): 70
Ramp-Up period (in seconds): 35 (40 requests per 20 seconds)
Loop count: 1

My async servlet
Async Sleep Time: 20 seconds (ensures 40 concurrent requests)
It's own thread pool size: 41 (lower than 40 so never fulls)

JMETER RESULT of RESPONSE TIMES #2:
Max: 38 seconds (lower then tomcat and asyncContext timeout)
MIN: 20 seconds
AVG: 18 seconds (because of fails)
ERR: 36%

UTPUT:

Container MAX used threads: 10

Thanks in advance!

> Mark
>
>
>> I have simulated a blocking operation by a sleep for 10 seconds. When my
>> servlet gets a request, it quickly starts an async and add further
>> processing to my own thread pool (container thread comes back to pool
>> quickly, right). My own thread pool size is 310 which is greater than
>> 304.3 (requests in 10 seconds) so never full.
>>
>> I've tested several times. Tomcat successfully returns from all requests
>> below 326th but fails 102 requests from 326th to 700th with "connection
>> refuse" and afew with "connection reset".
>>
>> Why?! My own thread pool does the jobs and Tomcat's pool is free (my
>> servlet uses 187 threads of tomcat at max).
>>
>> Thanks in advance!
>>
>> JMETER RESULT of RESPONSE TIMES:
>> Max: 60 seconds (lower then tomcat and asyncContext timeout)
>> MIN: 10 seconds
>> AVG: 37 seconds
>> ERR: 15%
>>
>> CONFIGURATIONS:
>>
>> Server.xml
>> > connectionTimeout="12"
>> redirectPort="7743" />
>>
>> Async.java
>>
>> package com.sstr.example;
>>
>> import javax.servlet.*;
>> import javax.servlet.annotation.WebInitParam;
>> import javax.servlet.annotation.WebServlet;
>> import javax.servlet.http.HttpServlet;
>> import javax.servlet.http.HttpServletRequest;
>> import javax.servlet.http.HttpServletResponse;
>> import java.io.IOException;
>> import java.util.concurrent.ExecutorService;
>> import java.util.concurrent.Executors;
>> import java.util.concurrent.ThreadFactory;
>>
>> @WebServlet(
>>  name = "async",
>>  value = {"/async"},
>>  asyncSupported = true,
>>  initParams = {
>>  @WebInitParam(name = "JobPoolSize", value = "310")
>>  }
>> )
>> public class Async extends HttpServlet {
>>
>>  public final int REQUEST_TIMEOUT = 12;
>>  private ExecutorService exe;
>>
>>  @Override
>>  public void init() throws ServletException {
>>

Re: This is weird (cross-posted to Tomcat and Debian Lists): Tomcat 8.5 is going to /var/lib/tomcat7/webapps/ROOT

2017-09-07 Thread Pete Helgren

Longshotsomething in .profile of the user the Tomcat instance is 
running under?


Pete Helgren
www.petesworkshop.com
GIAC Secure Software Programmer-Java
Twitter - Sys_i_Geek  IBM_i_Geek

On 9/7/2017 1:10 PM, James H. H. Lampert wrote:
I've got two separate boxes, both running Debian Jessie, with both 
Tomcat 7.0.56 and Tomcat 8.5.14 installed, all of the installations 
via an apt-get from Debian's repositories.


On one of the boxes (Tomcat 8.5 installed alongside Tomcat 7 with no 
previous Tomcat 8), Tomat 8 is somehow pulling the root context from 
Tomcat 7: the Tomcat 8.5 server is going to 
/var/lib/tomcat7/webapps/ROOT when it should be going to 
/var/lib/tomcat8/webapps/ROOT.


On the other box (Tomcat 8.5 installed on top of Tomcat 8.0, alongside 
Tomcat 7), the Tomcat 8.5 server is correctly finding 
/var/lib/tomcat8/webapps/ROOT.


On both boxes, Tomcat 8.5 is correctly finding its manager context at 
/usr/share/tomcat8-admin/manager, while Tomcat 7 finds its manager 
context at /usr/share/tomcat7-admin/manager.


The only difference is that on the box that's finding the correct root 
context, Tomcat 8.5 was installed on top of Tomcat 8.0, while on the 
one that's finding the wrong root context, it was installed without 
any previous Tomcat 8. In both cases, the installations were alongside 
existing Tomcat 7 installations.


Can anybody point me to the right haystack to find my needle?

--
James H. H. Lampert

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

This is weird (cross-posted to Tomcat and Debian Lists): Tomcat 8.5 is going to /var/lib/tomcat7/webapps/ROOT

I've got two separate boxes, both running Debian Jessie, with both 
Tomcat 7.0.56 and Tomcat 8.5.14 installed, all of the installations via 
an apt-get from Debian's repositories.


On one of the boxes (Tomcat 8.5 installed alongside Tomcat 7 with no 
previous Tomcat 8), Tomat 8 is somehow pulling the root context from 
Tomcat 7: the Tomcat 8.5 server is going to 
/var/lib/tomcat7/webapps/ROOT when it should be going to 
/var/lib/tomcat8/webapps/ROOT.


On the other box (Tomcat 8.5 installed on top of Tomcat 8.0, alongside 
Tomcat 7), the Tomcat 8.5 server is correctly finding 
/var/lib/tomcat8/webapps/ROOT.


On both boxes, Tomcat 8.5 is correctly finding its manager context at 
/usr/share/tomcat8-admin/manager, while Tomcat 7 finds its manager 
context at /usr/share/tomcat7-admin/manager.


The only difference is that on the box that's finding the correct root 
context, Tomcat 8.5 was installed on top of Tomcat 8.0, while on the one 
that's finding the wrong root context, it was installed without any 
previous Tomcat 8. In both cases, the installations were alongside 
existing Tomcat 7 installations.


Can anybody point me to the right haystack to find my needle?

--
James H. H. Lampert

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

SOLVED, Re: For some reason, the AUTHBIND approach isn't working with 8.5


Emmanuel Bourg wrote:

You didn't change the TOMCAT8_USER variable in /etc/default/tomcat8 and
authbind is installed, right?

What is the output of (as root):

su tomcat8 -s /bin/bash -c "authbind --deep /bin/bash -c 'netcat -v -p
443 -l'"

and my reply ended:

The only difference I see is the home directories.


I found another difference.

I looked at the man page for authbind. Then I looked at the contents of 
/etc/authbind.


It seems that /etc/authbind/byport/443 has owner "tomcat7," group 
"root," and mode 500. As soon as I changed that to group "tomcat8" and 
mode 550,

sudo -u tomcat8 -s /bin/bash -c "authbind --deep /bin/bash -c 'netcat -v -p 443 
-l'"
no longer came back with "Permission denied," and when I put Tomcat 8.5 
on port 443 and restarted Tomcat 8.5, it started right up without 
further complaint.


--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: For some reason, the AUTHBIND approach isn't working with 8.5


On 9/7/17, 3:15 AM, Emmanuel Bourg wrote:

You didn't change the TOMCAT8_USER variable in /etc/default/tomcat8 and
authbind is installed, right?

What is the output of (as root):

su tomcat8 -s /bin/bash -c "authbind --deep /bin/bash -c 'netcat -v -p 443 -l'"
Well, all that does is ask me for a nonexistent password (Google Compute 
instances are ssh-by-keypair only), but if I change the su to a sudo, then:

jamesl@x:~$ sudo -u tomcat8 -s /bin/bash -c "authbind --deep /bin/bash -c 
'netcat -v -p 443 -l'"
Can't grab 0.0.0.0:443 with bind : Permission denied
jamesl@x:~$ sudo -s /bin/bash -c "authbind --deep /bin/bash -c 'netcat -v -p 443 
-l'"
listening on [any] 443 ...
^C
jamesl@x:~$ sudo -u tomcat7 -s /bin/bash -c "authbind --deep /bin/bash -c 
'netcat -v -p 443 -l'"
listening on [any] 443 ...
^C


So apparently, there's something different between the tomcat7 and 
tomcat8 user profiles that's killing authbind.


From /etc/passwd:

tomcat7:x:107:113::/usr/share/tomcat7:/bin/false

. . .

tomcat8:x:109:115::/var/lib/tomcat8:/bin/false


The only places "tomcat7" and "tomcat8" appear in /etc/group are:

tomcat7:x:113:

. . .

tomcat8:x:115:


The only difference I see is the home directories.
--
JHHL

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 4.1.30 - not working with OS400 after upgrading the OS to V7R3 which uses Java 7/Java 8

2017-09-07 Thread tomcat

On 07.09.2017 16:21, Vinay A S wrote:

Hello,

We have installed Apache Tomcat version 4.1.30 on our iSeries server.

I don't even know what to tell you. Some of the people on this list may not even have been
born yet, when that version was released.

(Ok, I am pushing it a bit; it was 2004, 13 years ago; so they may have been born, but
still in primary school)

Recently we have upgraded the OS400 Operating System from Version 7.1 to
7.3 where Java 7 and Java 8 are introduced. After this upgrade, Tomcat is
giving an HTTP status 500 exception report.

I don't know if anyone here will be able to help, with such an old version of Tomcat. But
in any case, an error 500 should be reflected in the tomcat logfiles.
Just in case, please view the logfile at the time of that error, and copy and paste the
relevant part here. (Do not send it as attachment, really copy and paste it in your email)

We explored the Tomcat portal and found that we are running Tomcat on a
lower version and that needs to be upgraded.

No kidding..

But we are unable to find the

exact procedure to install Tomcat on iSeries server.

There is a subsystem TOMCAT running on the system with Job QP0ZSPWT being
Active.

Please advise on the version of TOMCAT that needs to be installed on the
system as well the procedure to install it.

I believe that this is a question that you should ask to your system support people (or
IBM). This list here focuses on tomcat, as per http://tomcat.apache.org.

The current version is 8.5, which requires at least a Java 7 JVM.

Tomcat per se is Java code, and will run on any platform that has an appropriate JVM
available.
Installing Tomcat on any platform however, is more the resort of the package managers of
the corresponding platforms/OS'es.

First find out which version of Java is available/installed on your platform.
Then consult this page : http://tomcat.apache.org/whichversion.html
to determine which version of Tomcat is appropriate (the higher, the better)

Once you have done this, there are further instructions in each version's documentation,
that outline the installation. For example, for tomcat 8.5, here :

http://tomcat.apache.org/tomcat-8.5-doc/setup.html

The above concerns the tomcat which you would download from tomcat.apache.org.
But in all likelihood, there are special pre-packaged tomcat versions available for your
specific platform, which might simplify this.

But this, you need to ask your sysadmins.

Note that there are not really "tomcat upgrade" procedures for upgrading your tomcat 4.1
to 8.5. You will need to install the new tomcat (preferably somewhere else than the old
one), and then move your applications one by one from the old to the new.

If you are reasonably lucky, they might still work unchanged.
But do not move the old tomcat settings, to the new one. That will not work, and will
create a mess. Find out what you might need to change in the new standard settings, and do
it there (after making a backup).

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Getting a WAR last deployment timestamp thru JMX ?

2017-09-07 Thread Laurent Perez

Hi

I'm exposing some webapp metrics over a JSON servlet. I'd like to output
the deployment timestamp of my webapp, when war is redeployed by tomcat
using the built-in /manager/.
I looked into the manager and could not find a timestamp.

Is there some magic JMX query available to obtain the last deployment time
of a war ?

Thanks
laurent

-- 
http://laurentperez.fr
J2EE, HTML5, JS, CSS3

Apache Tomcat 4.1.30 - not working with OS400 after upgrading the OS to V7R3 which uses Java 7/Java 8

2017-09-07 Thread Vinay A S

Hello,

We have installed Apache Tomcat version 4.1.30 on our iSeries server.
Recently we have upgraded the OS400 Operating System from Version 7.1 to
7.3 where Java 7 and Java 8 are introduced. After this upgrade, Tomcat is
giving an HTTP status 500 exception report.

We explored the Tomcat portal and found that we are running Tomcat on a
lower version and that needs to be upgraded. But we are unable to find the
exact procedure to install Tomcat on iSeries server.

There is a subsystem TOMCAT running on the system with Job QP0ZSPWT being
Active.

Please advise on the version of TOMCAT that needs to be installed on the
system as well the procedure to install it.


Regards,

Vinay A S

Re: [External] Re: Security Headers Implementation in Tomcat 6.x version

2017-09-07 Thread Mark H. Wood

On Thu, Sep 07, 2017 at 04:07:25PM +0530, Mohammad Nayeem wrote:
> We have installed apace and configured mod_jk connector along with a
> load-balancer for 2 tomcat servers.
> 
> We were able to successfully start apache and we got the login page of our
> application hosted on it, but the functionality is lost. For example, when
> we hit login button on home page, nothing happens. Also, we tried access
> some specific web page using a direct url, we ended up with an error.
> 
> Do you have any suggestion for me so that we can achieve the exact same
> functionality that we had without apache in the front?

Yes:

o  When you say, "we ended up with an error," tell us what the error
   message says.  It is very difficult to diagnose an unknown error.

o  When you say, "nothing happens," what should happen, in detail?
   Check Tomcat's log files for the time at which nothing happened.
   Check your applications log files for that time.  If the logs say
   nothing about the operation, then it's time to insert more logging
   in your application code, or attach a debugger and step through the
   code, to see what it is doing.

o  Your browser may have developer tools that can show you requests
   and responses, which may help you to determine what is happening.
   I like a Firefox add-on called Firebug, if you need a suggestion.

o  In general, if we are to help, we need a lot more detail than "it
   doesn't work."  Too much information is better than too little.

o  My recollection is that this list does not forward attachments.  If
   the evidence is too large to simply copy into an email body, you
   could post it on something like Pastebin or Github Gist and refer
   to the URL in your messages.

-- 
Mark H. Wood
Lead Technology Analyst

University Library
Indiana University - Purdue University Indianapolis
755 W. Michigan Street
Indianapolis, IN 46202
317-274-0749
www.ulib.iupui.edu

signature.asc
Description: PGP signature

RE: [External] Re: Security Headers Implementation in Tomcat 6.x version

2017-09-07 Thread Mohammad Nayeem

Hello Olaf,

We have tried yours as well as Chris's suggestions, but in both the cases
the functionality of the application is lost.

We have installed apace and configured mod_jk connector along with a
load-balancer for 2 tomcat servers.

We were able to successfully start apache and we got the login page of our
application hosted on it, but the functionality is lost. For example, when
we hit login button on home page, nothing happens. Also, we tried access
some specific web page using a direct url, we ended up with an error.

Do you have any suggestion for me so that we can achieve the exact same
functionality that we had without apache in the front?


Regards,
Mohammad Nayeem

-Original Message-

From: Olaf Kock [mailto:tom...@olafkock.de]
Sent: 31 May 2017 16:38
To: Tomcat Users List 
Subject: [External] Re: Security Headers Implementation in Tomcat 6.x
version



Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.:

> Hello Olaf,

>

> Thanks for your response!

>

> Based on your inputs, we are thinking to put Apache httpd in front of
Tomcat 6 server, since our header configuration is going to be static.

>

> Can you please help us in identifying which version of Apache HTTP Server
we can use for Tomcat 6 version? Also, it will be great if you can share
some guidelines on how to implement Apache in front of Tomcat.



For completeness sake I'd like to answer a few of these questions, rather
briefly. It seems that you're deep into implementing Christopher's solution
of compiling the newer filters for Tomcat 6.



Every current Apache httpd is fine, no version restriction. Especially:

Choose one that will get updates for quite a while, not like the outdated
Tomcat version you're running. Read on mod_proxy, mod_proxy_ajp, mod_jk and
mod_proxy_http, which are all keywords on the connection between Apache and
tomcat. Once you've set this up, setting the headers is a matter of adding
the "Header" directive to httpd's configuration. I understand though, that
setting up the connection can be some task if you've never done that.
Especially if you're using https, and also refer to it in your webapp's
code (e.g. to validate client certs) - but as you give no clue you're doing
that, I'm assuming you don't and the setup would be easy.



Anyway, feel free to utilize the newer code - I just wanted this
information to be in this thread as well. However, once you're done with

it: Utilize even more newer code and prepare to migrate away from your
discontinued tomcat version.



Olaf







-

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [External] Re: Security Headers Implementation in Tomcat 6.x version

2017-09-07 Thread Mohammad Nayeem

Hi Chris,


We currently have 7.0.42 version which does not support security headers,
so we have taken jar files from 7.0.63 and replaced with the those in
7.0.42 library folder. We were able to successfully start our tomcat
instance and we got the login page of our application hosted on it, but the
functionality is lost. For example, when we hit login button on home page,
nothing happens. Also, we tried access some specific web page using a
direct url, we ended up with an error.


Do you have any suggestion for me so that we can achieve the exact same
functionality using libraries of 7.0.63? For your information, I  have
tried using more latest versions like Tomcat 8, but no luck.



Regards,

Mohammad Nayeem

 -Original Message-

From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Sent: 01 June 2017 19:59
To: users@tomcat.apache.org
Subject: Re: [External] Re: Security Headers Implementation in Tomcat 6.x
version



-BEGIN PGP SIGNED MESSAGE-

Hash: SHA256



Mohammad,



On 6/1/17 12:43 AM, Shaik, Mohammad N. wrote:

> What should be name of the new JAR file that I would create for the

> Filter classes?

It doesn't matter.



> There are multiple JAR files in lib folder. Does the name of these JAR

> files have any significance?



Not really.



> My understanding is that as long as you have your code (.class

> files) is present in any of the JAR files under "lib" folder, system

> would get it. You don’t need to have a specific-named JAR files having

> specific-named .class files. The .class files from all the jar files

> under lib folder is considered as one big collection, and based on the

> invoked classname its corresponding .class file gets executed from

> that big code. Multiple JAR files with different names is setup just

> for logical classification of classes. Please correct me if this is

> not right.



You are correct. There are problems if the same class exists in two
separate JAR files, but that should not be a problem in the standard Tomcat
installation, plus the JAR file that has a few (unique) classes from Tomcat
7 in there.



Remember: Upgrade ASAP.



- -chris



> -Original Message- From: Christopher Schultz

> [mailto:ch...@christopherschultz.net ]
Sent: 31 May 2017 23:52 To:

> users@tomcat.apache.org Subject: [External] Re: Security Headers

> Implementation in Tomcat 6.x version

>

> Mohammad,

>

> On 5/31/17 6:37 AM, Shaik, Mohammad N. wrote:

>> Can I simply use the JAR files from Tomcat 7 that contains executable

>> code of filter classes (security headers), and put them into

>> corresponding location in Tomcat 6?

>

> Definitely don't do that. But you could probably grab the compiled

> .class files from Tomcat 7's binary distribution... just make sure you

> have all of them.

>

> So, basically, create a new JAR file that contains only those Filter

> classes (don't forget any inner classes that might be found in

> separate .class files).

>

> -chris

>

> -

>

>

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

> For additional commands, e-mail: users-h...@tomcat.apache.org

>

>

> 

>

> This message is for the designated recipient only and may contain

> privileged, proprietary, or otherwise confidential information. If you

> have received it in error, please notify the sender immediately and

> delete the original. Any other use of the e-mail by you is prohibited.

> Where allowed by local law, electronic communications with Accenture

> and its affiliates, including e-mail and instant messaging (including

> content), may be scanned by our systems for the purposes of

> information security and assessment of internal compliance with

> Accenture policy.

> __



>

>  www.accenture.com

>

> -

>

>

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org

> For additional commands, e-mail: users-h...@tomcat.apache.org

>

-BEGIN PGP SIGNATURE-

Comment: GPGTools - http://gpgtools.org

Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/



iQIcBAEBCAAGBQJZMCSuAAoJEBzwKT+lPKRYuXoQAMLiiazF90PhBn4NxTu/Zh2u

kqFbjTSUBRnk+KgQ7hezeRbQlLj/gt20Fywd8cvxOgXZ9CFGOVrxY5ljQdD/GQqi

3fr437iqlVXrzgIeZo/N7NAOQHa04ktMmGQiW+Hx3o8MyN6UlXUazL4K3ddiDNkx

bnTCYXtjic66vTJvTr+I2TVy/gBTLe7V4ooxNVP9zv+NL3xFqFqb3ZrkoHI9xiTn

aoM3HL2RMRu0Kt/fRAhzqOHYDj5uFttjXMfCVnm5+nBEE7R5ymihI8rMfVIxlIBo

/28+3nRnOK63dhAKHfpnNgBykH3DDwtududKme6KpCzbuD/95seIGhr4aKtBL9ou

gJXSaXt0IR7PFy4xiZGwdESr1OdR1/eTnyq8vNzIcmbEW9gv30dRhdytbie85nET

0G5OBIOZ4UGwjfGc5+ItCaNeAY4zsCofwlvvqjPG0xjM5uBJK6Eqy4dp++VYPv5Y

qK/1Qpmzu+KALoV7nLXLDrRV3qes319XaWgKB9c8r6BH6vYIg5K+W+pR63TiFDLE

/XHDxIpemsy6oq657sg0JI/48J8iiulbiIXsZ5bb1gjOg7bh4xz8XqOtSW2oqSju

Re: For some reason, the AUTHBIND approach isn't working with 8.5

2017-09-07 Thread Emmanuel Bourg

Le 7/09/2017 à 02:02, James H. H. Lampert a écrit :

> Now, I'm attempting to do the same with Tomcat 8.5, and it's not working.
> 
> 
> I think I did everything the same as before. I uncommented AUTHBIND in
> /etc/default/tomcat8, and set it to "AUTHBIND=yes"; an
> /etc/authbind/byuid/109 (the uid of the tomcat8 user) was generated with
> contents
> 
> and yet still, I get the stack trace given above.

Hi James,

You didn't change the TOMCAT8_USER variable in /etc/default/tomcat8 and
authbind is installed, right?

What is the output of (as root):

su tomcat8 -s /bin/bash -c "authbind --deep /bin/bash -c 'netcat -v -p 443 -l'"

Emmanuel Bourg

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: TomCat stops after few seconds

2017-09-07 Thread Irene Almendros

Good morning,

Many thanks for your reply. I updated again windows to the latest version 
(1703) and TomCat is working properly again. Is possible that windows and 
Tomcat share some config files so that when windows is downgraded Tomcat stops 
working fine?

Thanks.

-Original Message-
From: Guang Chao [mailto:guang.chao.1...@gmail.com] 
Sent: 07 September 2017 08:13
To: Tomcat Users List
Subject: Re: TomCat stops after few seconds

On Wed, Sep 6, 2017 at 6:09 PM, Irene Almendros  wrote:

> Good morning,
>
> I am having the following problem with TomCat: I open Tomcat Monitor 
> and start the service but after a few seconds, it stops. The Apache 
> service is running.
>
> One week ago, my windows updated to the latest version but yesterday I 
> had to restore again the previous version as some applications stopped 
> working with the latest update. This morning when I tried to start 
> Tomcat service, I got the above issue. I have tried to generate a 
> threat dump file from the Monitor but there is o tomcatNN-stdout.DATE.log 
> file in the logs folder.
>
> I am quite new in Tomcat world so any help you can provide would be 
> appreciated.
>
> I am using:
>
> TomCat 8.0.44
> Windows10 Pro version 1607
> System type 64-bit
>
> Many thanks in advance.
>

Do you have any server monitoring installed?  Maybe check if OS has run out of 
memory or something.


>
> Best regards.
> Irene.
>
>
>
>


--
Guang 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: BIO: Async servlet with it's own thread pool; but get connection refused!

2017-09-07 Thread Mark Thomas

On 06/09/17 20:59, Yasser Zamani wrote:
> Hi there,
> 
> I'm studying Servlet 3's async API using tomcat. I see following strange 
> behavior from tomcat in a very simple test app!

You are also using the BIO connector which, since it is blocking,
doesn't offer any benefits when using async. You'd be better off with
the NIO connector.

You haven't told us which Tomcat version you are using. Since you are
using BIO that narrows it down a bit to 7.0.x or 8.0.x but that is still
a lot of possibilities.

Neither have you told us what operating system you are using. My
experience of JMeter under load, particularly on Windows, is that you
see strange behaviour and it can be hard to figure out the interaction
of JMeter, the OS network stack and Tomcat.

You also haven't told us what hardware this test is running on.
Particularly the number of cores available.

> I have following JMeter test plan:
> Number of threads (users): 700
> Ramp-Up period (in seconds): 23
> Loop count: 1
> 
> So JMeter generates 30.43 requests per second and 304.3 requests per 10 
> seconds. I'm planning to full tomcat's BIO pool and accept buffer :)
> 
> I have an always async test servlet which on destroy, I print tomcat 
> container max used threads count. It prints 187 for me which is lower 
> than 200 (tomcat default pool size) so I should not get any "connection 
> refuse" but I get!

There are all sorts of possible reasons for that. I'd suggest scaling
down the test. Limit Tomcat to 20 threads. Reduce the load similarly.
Increase the sleep time. You want to ensure that the only limit you are
hitting is the one you are trying to hit.

Mark


> I have simulated a blocking operation by a sleep for 10 seconds. When my 
> servlet gets a request, it quickly starts an async and add further 
> processing to my own thread pool (container thread comes back to pool 
> quickly, right). My own thread pool size is 310 which is greater than 
> 304.3 (requests in 10 seconds) so never full.
> 
> I've tested several times. Tomcat successfully returns from all requests 
> below 326th but fails 102 requests from 326th to 700th with "connection 
> refuse" and afew with "connection reset".
> 
> Why?! My own thread pool does the jobs and Tomcat's pool is free (my 
> servlet uses 187 threads of tomcat at max).
> 
> Thanks in advance!
> 
> JMETER RESULT of RESPONSE TIMES:
> Max: 60 seconds (lower then tomcat and asyncContext timeout)
> MIN: 10 seconds
> AVG: 37 seconds
> ERR: 15%
> 
> CONFIGURATIONS:
> 
> Server.xml
>  connectionTimeout="12"
> redirectPort="7743" />
> 
> Async.java
> 
> package com.sstr.example;
> 
> import javax.servlet.*;
> import javax.servlet.annotation.WebInitParam;
> import javax.servlet.annotation.WebServlet;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import java.io.IOException;
> import java.util.concurrent.ExecutorService;
> import java.util.concurrent.Executors;
> import java.util.concurrent.ThreadFactory;
> 
> @WebServlet(
>  name = "async",
>  value = {"/async"},
>  asyncSupported = true,
>  initParams = {
>  @WebInitParam(name = "JobPoolSize", value = "310")
>  }
> )
> public class Async extends HttpServlet {
> 
>  public final int REQUEST_TIMEOUT = 12;
>  private ExecutorService exe;
> 
>  @Override
>  public void init() throws ServletException {
>  int size = Integer.parseInt(getInitParameter("JobPoolSize"));
>  exe = Executors.newFixedThreadPool(
>  size,
>  new ThreadFactory() {
>  @Override
>  public Thread newThread(Runnable r) {
>  return new Thread(r, "Async Processor");
>  }
>  }
>  );
>  }
> 
>  @Override
>  protected void doGet(HttpServletRequest req, HttpServletResponse 
> resp) throws ServletException, IOException {
>  final AsyncContext context = req.startAsync();
>  context.setTimeout(REQUEST_TIMEOUT);
>  exe.execute(new ContextExecution(context, 
> Thread.currentThread().getName()));
>  }
> 
>  @Override
>  public void destroy() {
>  System.out.println("Container MAX used threads: " + threadCount);
>  exe.shutdown();
>  }
> 
>  int threadCount = 0;
>  class ContextExecution implements Runnable {
> 
>  final AsyncContext context;
>  final String containerThreadName;
> 
>  public ContextExecution(AsyncContext context, String 
> containerThreadName) {
>  this.context = context;
>  this.containerThreadName = containerThreadName;
>  }
> 
>  @Override
>  public void run() {
>  try {
>  int threadNumber = 
> Integer.parseInt(containerThreadName.substring(
>

Apache Tomcat 4.1.30 - not working with iSeries after upgrading the OS to V7R3 which uses Java 7/Java 8

2017-09-07 Thread Ananthi K4



Hello,

We have installed Apache Tomcat version 4.1.30 on our iSeries server.
Recently we have upgraded the OS400 Operating System from Version 7.1 to
7.3 where Java 7 and Java 8 are introduced. After this upgrade, Tomcat is
giving an HTTP status 500 exception report.

We explored the Tomcat portal and found that we are running Tomcat on a
lower version and that needs to be upgraded. But we are unable to find the
exact procedure to install Tomcat on iSeries server.

There is a subsystem TOMCAT running on the system with Job QP0ZSPWT being
Active.

Please advise on the version of TOMCAT that needs to be installed on the
system as well the procedure to install it.



   
 Regards,   
   

   
 Ananthi K  
   
 iSeries Administrator - Sandvik Account
   

   






 Phone: 91-991-660-5881Manyata Tech Park, G2 
Block, 
 E-mail: ananthi.kr...@in.ibm.com  Bangalore, KA 
560045 
  
India

Re: ISAPI and IIS 10 Logging Issue

2017-09-07 Thread tomcat


On 06.09.2017 22:07, Thomas, Michael wrote:

  --

On 01.09.2017 22:21, Thomas, Michael wrote:

All,

When using the ISAPI Handler Mapping in IIS 10 on Windows 2016, the IIS logs are not 
identifying the URI Stem (cs-uri-stem) and URI Query (cs-uri-query) as expected.  For 
EVERY request that the handler processes (e.g. .cfm), the cs-uri-stem records an entry as 
"/jakarta/isapi_redirect.dll" and the cs-uri-query is always empty.

Environment Details:

* IIS 10 (Windows 2016)

* Tomcat 8.5.11.0

* Java 1.8.0_131

* ISAPI Connector 1.2.41

* ColdFusion 2016

For comparison, we have a similar setup on another box (IIS 8.5 Windows Server 
2012 R2) and the logs are recording as expected.

Any assistance would be great!






  --

On 01.09.2017 22:37, Warnier, Andre wrote

Hi.

If I understand this correctly, the difference between your two setups above is 
at the Windows/IIS level, not at the tomcat/ISAPI-redirector level.

This may be naive, but isn't this a question then for the Windows/IIS people ?




--

On 05.09.2017 22:42, Thomas, Michael wrote:
Andre, you're right.  Perhaps this is a good question for the Windows folks.  I 
guess I was hoping that someone in this community has seen this issue before 
and had a recommended solution.

It is really challenging to not know what traffic your IIS Web Server is 
actually seeing.  There are of course other avenues (e.g. firewall logs, siem 
logs, etc) but the IIS logs are native to the boxes themselves and much easier 
to analyze.  I was curious if the ISAPI Connector returned a specific URL back 
to IIS and it could be tweaked.  Not sure if IIS is expecting a response in a 
certain format, etc.

Is there documentation that I can look at for what the ISAPI module should 
return to IIS?  Anyone have any insight into that pipeline?



  --

On 06.09.2017 00:41, Warnier, Andre wrote

First, about your last question above : I don't know, and I guess that the 
right people for that on this list would be Rainer or Mladen.

But second, I believe that the terminology you are using above is a bit confusing, from 
the point of view of the logic of the thing, particularly when you mention "what the 
ISAPI module should return to IIS".

IIS is the front-end, and it gets the client HTTP request first (URL, headers 
and all).
So it /has/ all the information needed to log whatever, should it choose to do 
so (*).

In a second step, IIS examines the request URL and, maybe with the help of the 
isapi_redirector, it determines that to properly answer this request, it should 
not use its own internal machinery, but it should delegate this to the 
isapi_redirector module.
What the isapi_redirector module does with the request, is none of IIS's 
business, so to speak. The only thing which IIS expects back from the 
isapi_redirector module, is either a HTTP succesful response, or some error 
code.
So this is the only additional information for which IIS might be waiting, for 
logging the request (e.g. the size of the response, and/or the time needed to 
generate it).

That the isapi_redirector module, to generate this HTTP response, uses a 
back-channel with a back-end tomcat, is unknown to IIS, and it does not care. 
From the IIS point of view, isapi_redirector might as well be using black magic 
to generate that response internally, without ever talking to anyone else.

(*) but in your case, it doesn't do it, or does it differently than IIS 8.5 or 
whatever earlier version did, although all the rest of the machinery did not 
change. So /that's/ the mystery to solve. Maybe MS changed the rules of the game 
(the ISAPI interface) somehow for IIS 10, and an ISAPI module is now >supposed 
to do something additional, to get things properly logged, that the 
ISAPI-redirector module does not do (yet).
But I think that you are still more likely to get that kind of information on 
an IIS-oriented forum, that on this tomcat forum.


I would ask first for example, for any IIS-10 specific changes in the logging 
of requests, maybe in conjunction with the usage of ISAPI filters in general.
(Maybe it is just your log formatting that does not invoke the right items of 
information ?)


--
Andre, thank you for the detailed explanation.  That helps me out a bunch.

I have started a thread in the IIS forums here:
https://forums.iis.net/p/1236914/2135699.aspx?ISAPI+and+IIS+10+Logging+Issues

Hopefully someone can help me out with this one and in turn help others who may 
not even know about this issue yet!



I followed the above link, and somewere in the chain I found this link :
http://www.iisadmin.co.uk/?p=326

This

Re: BIO: Async servlet with it's own thread pool; but get connection refused!

On Thu, Sep 7, 2017 at 3:59 AM, Yasser Zamani 
wrote:

> Hi there,
>
> I'm studying Servlet 3's async API using tomcat. I see following strange
> behavior from tomcat in a very simple test app!
>
> I have following JMeter test plan:
> Number of threads (users): 700
> Ramp-Up period (in seconds): 23
> Loop count: 1
>
> So JMeter generates 30.43 requests per second and 304.3 requests per 10
> seconds. I'm planning to full tomcat's BIO pool and accept buffer :)
>
> I have an always async test servlet which on destroy, I print tomcat
> container max used threads count. It prints 187 for me which is lower
> than 200 (tomcat default pool size) so I should not get any "connection
> refuse" but I get!
>
> I have simulated a blocking operation by a sleep for 10 seconds. When my
> servlet gets a request, it quickly starts an async and add further
> processing to my own thread pool (container thread comes back to pool
> quickly, right). My own thread pool size is 310 which is greater than
> 304.3 (requests in 10 seconds) so never full.
>
> I've tested several times. Tomcat successfully returns from all requests
> below 326th but fails 102 requests from 326th to 700th with "connection
> refuse" and afew with "connection reset".
>
> Why?! My own thread pool does the jobs and Tomcat's pool is free (my
> servlet uses 187 threads of tomcat at max).
>
> Thanks in advance!
>
> JMETER RESULT of RESPONSE TIMES:
> Max: 60 seconds (lower then tomcat and asyncContext timeout)
> MIN: 10 seconds
> AVG: 37 seconds
> ERR: 15%
>
> CONFIGURATIONS:
>
> Server.xml
>  connectionTimeout="12"
> redirectPort="7743" />
>
> Async.java
>
> package com.sstr.example;
>
> import javax.servlet.*;
> import javax.servlet.annotation.WebInitParam;
> import javax.servlet.annotation.WebServlet;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import java.io.IOException;
> import java.util.concurrent.ExecutorService;
> import java.util.concurrent.Executors;
> import java.util.concurrent.ThreadFactory;
>
> @WebServlet(
>  name = "async",
>  value = {"/async"},
>  asyncSupported = true,
>  initParams = {
>  @WebInitParam(name = "JobPoolSize", value = "310")
>  }
> )
> public class Async extends HttpServlet {
>
>  public final int REQUEST_TIMEOUT = 12;
>  private ExecutorService exe;
>
>  @Override
>  public void init() throws ServletException {
>  int size = Integer.parseInt(getInitParameter("JobPoolSize"));
>  exe = Executors.newFixedThreadPool(
>  size,
>  new ThreadFactory() {
>  @Override
>  public Thread newThread(Runnable r) {
>  return new Thread(r, "Async Processor");
>  }
>  }
>  );
>  }
>
>  @Override
>  protected void doGet(HttpServletRequest req, HttpServletResponse
> resp) throws ServletException, IOException {
>  final AsyncContext context = req.startAsync();
>  context.setTimeout(REQUEST_TIMEOUT);
>  exe.execute(new ContextExecution(context,
> Thread.currentThread().getName()));
>  }
>

I'm not 100% sure, but it seems the doGet method code here is not correct.


>
>  @Override
>  public void destroy() {
>  System.out.println("Container MAX used threads: " + threadCount);
>  exe.shutdown();
>  }
>
>  int threadCount = 0;
>  class ContextExecution implements Runnable {
>
>  final AsyncContext context;
>  final String containerThreadName;
>
>  public ContextExecution(AsyncContext context, String
> containerThreadName) {
>  this.context = context;
>  this.containerThreadName = containerThreadName;
>  }
>
>  @Override
>  public void run() {
>  try {
>  int threadNumber =
> Integer.parseInt(containerThreadName.substring(
>  containerThreadName.lastIndexOf('-')+1));
>  if(threadNumber > threadCount) {
>  threadCount = threadNumber;
>  }
>
>  // Simulate Time Consuming Task
>  Thread.sleep(1);
>
>  ServletResponse resp = context.getResponse();
>  if (resp != null) {
>  resp.getWriter().write("Ok");
>  }
>
>  context.complete();
>  } catch (Exception e) {
>  // Handle ?
>  }
>  }
>  }
> }
>
> OUTPUT:
>
> Container MAX used threads: 187
>



-- 
Guang

Re: Struts Vulnerability

On Thu, Sep 7, 2017 at 3:17 PM, Greg Huber  wrote:

> >2) Does Apache Struts only run on Apache Webserver and Tomcat?
>
> Should run on java based servers Glassfish, Websphere etc
>
> >3) Is there a simple way to determine if a server has Struts installed,
> >instead of logging into each of the servers and checking the programs
> >list?
>
> You could try and execute a struts action ie test.action on the server, if
> struts is there it will reply:
>
> There is no Action mapped for namespace [/] and action name [test]
> associated with context path [].
>
> ..but it depends on how the server is setup and how it deals with the
> 404's.
>

It seems OP has no docs for SCM. He may not also know what are the context
path of the applications.


>
> Alternatively Look for a jar struts.x.x.x.jar or struts2-core-x.x.x.jar in
> the lib directory of tomcat.
>

Yes use wildcard to search for struts2 jar.  I think this jar is bundled
with application and not  with app server.


>
> Struts1 is EOL, Struts2 struts2-core-2.5.13.jar
>
> Look at the struts website for security bulletins etc
> https://struts.apache.org/
>
>
> On 7 September 2017 at 00:18, Sean Son 
> wrote:
>
> > Hello all
> >
> > I am new to the mailing list as well as new to Apache Struts.  We all
> heard
> > in the news about the vulnerability affecting Apache Struts. I have been
> > tasked to determine which of our servers have Struts running on them.  I
> > have a few questions on how to determine if a server is running Struts or
> > not:
> >
> > 1) How does one determine if a Windows server, running IIS, has the
> Apache
> > Struts framework installed on it?
> >
> > 2) Does Apache Struts only run on Apache Webserver and Tomcat?
> >
> > 3) Is there a simple way to determine if a server has Struts installed,
> > instead of logging into each of the servers and checking the programs
> list?
> >
> >
> > I appreciate ALL help!
> >
>



-- 
Guang

Re: Page cannot be displayed , TOMCAT installation on windows 2012 R2

2017-09-07 Thread ford royal

Hello Chao
Issue got resolved after installing with admin privileges

Best Regards, Thank you, Cheers. :-))


On Thu, 9/7/17, Guang Chao  wrote:

 Subject: Re: Page cannot be displayed , TOMCAT installation on windows 2012 R2
 To: "Tomcat Users List" , "ford royal" 

 Date: Thursday, September 7, 2017, 7:04 AM
 
 On Tue, Sep 5, 2017 at 6:38 PM,
 ford royal 
 wrote:
 
 > HI
 team,
 >
 >
 >
 > I have installed
 Tomcat on windows 2012 r2 , but I get page cannot be
 > displayed when I try to open
 http:\\localhost:8080I have given Java path
 > also but still no.Java 8 update 144 
 tomcat is 8.5.20
 > please guide
 >
 >
 Can
 you share catalina.out under logs folder?
 
 
 >  Best Regards, Thank
 you, Rao
 >
 >
 
 
 
 
 -- 
 Guang
 
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: For some reason, the AUTHBIND approach isn't working with 8.5

On Thu, Sep 7, 2017 at 8:02 AM, James H. H. Lampert <
jam...@touchtonecorp.com> wrote:

> A little over a month ago, I had a problem with getting Tomcat 7 to bind
> to port 443 on Debian.
>
> We solved that problem with the "authbind" approach.
>
> Now, I'm attempting to do the same with Tomcat 8.5, and it's not working.
>
> 06-Sep-2017 23:47:46.293 SEVERE [main] org.apache.coyote.AbstractProtocol.init
>> Failed to initialize end point associated with ProtocolHandler
>> ["https-jsse-nio-443"]
>>  java.net.SocketException: Permission denied
>> at sun.nio.ch.Net.bind0(Native Method)
>> at sun.nio.ch.Net.bind(Net.java:463)
>> at sun.nio.ch.Net.bind(Net.java:455)
>> at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelI
>> mpl.java:223)
>> at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.
>> java:74)
>> at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java
>> :210)
>> at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEnd
>> point.java:970)
>> at org.apache.tomcat.util.net.AbstractJsseEndpoint.init(Abstrac
>> tJsseEndpoint.java:244)
>> at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.
>> java:613)
>> at org.apache.coyote.http11.AbstractHttp11Protocol.init(Abstrac
>> tHttp11Protocol.java:66)
>> at org.apache.catalina.connector.Connector.initInternal(Connect
>> or.java:968)
>> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.
>> java:107)
>> at org.apache.catalina.core.StandardService.initInternal(Standa
>> rdService.java:549)
>> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.
>> java:107)
>> at org.apache.catalina.core.StandardServer.initInternal(Standar
>> dServer.java:875)
>> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.
>> java:107)
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
>> at org.apache.catalina.startup.Catalina.load(Catalina.java:630)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAcce
>> ssorImpl.java:57)
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMe
>> thodAccessorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:606)
>> at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:311)
>> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:494)
>>
>
You can not use port below 1024 if service is non root.
You can use routing via iptables
Another option is have a reverse proxy, e.g. nginx listening on 443
fronting your tomcat listening on a higher port.


>
> I think I did everything the same as before. I uncommented AUTHBIND in
> /etc/default/tomcat8, and set it to "AUTHBIND=yes"; an
> /etc/authbind/byuid/109 (the uid of the tomcat8 user) was generated with
> contents
>
>> 0.0.0.0/0:1,1023
>> ::/0,1-1023
>>
>
> and yet still, I get the stack trace given above.
>
> --
> JHHL
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>


-- 
Guang

Re: Struts Vulnerability

2017-09-07 Thread Greg Huber

>2) Does Apache Struts only run on Apache Webserver and Tomcat?

Should run on java based servers Glassfish, Websphere etc

>3) Is there a simple way to determine if a server has Struts installed,
>instead of logging into each of the servers and checking the programs
>list?

You could try and execute a struts action ie test.action on the server, if
struts is there it will reply:

There is no Action mapped for namespace [/] and action name [test]
associated with context path [].

..but it depends on how the server is setup and how it deals with the 404's.

Alternatively Look for a jar struts.x.x.x.jar or struts2-core-x.x.x.jar in
the lib directory of tomcat.

Struts1 is EOL, Struts2 struts2-core-2.5.13.jar

Look at the struts website for security bulletins etc
https://struts.apache.org/


On 7 September 2017 at 00:18, Sean Son 
wrote:

> Hello all
>
> I am new to the mailing list as well as new to Apache Struts.  We all heard
> in the news about the vulnerability affecting Apache Struts. I have been
> tasked to determine which of our servers have Struts running on them.  I
> have a few questions on how to determine if a server is running Struts or
> not:
>
> 1) How does one determine if a Windows server, running IIS, has the Apache
> Struts framework installed on it?
>
> 2) Does Apache Struts only run on Apache Webserver and Tomcat?
>
> 3) Is there a simple way to determine if a server has Struts installed,
> instead of logging into each of the servers and checking the programs list?
>
>
> I appreciate ALL help!
>

Re: TomCat stops after few seconds

On Wed, Sep 6, 2017 at 6:09 PM, Irene Almendros  wrote:

> Good morning,
>
> I am having the following problem with TomCat: I open Tomcat Monitor and
> start the service but after a few seconds, it stops. The Apache service is
> running.
>
> One week ago, my windows updated to the latest version but yesterday I had
> to restore again the previous version as some applications stopped working
> with the latest update. This morning when I tried to start Tomcat service,
> I got the above issue. I have tried to generate a threat dump file from the
> Monitor but there is o tomcatNN-stdout.DATE.log file in the logs folder.
>
> I am quite new in Tomcat world so any help you can provide would be
> appreciated.
>
> I am using:
>
> TomCat 8.0.44
> Windows10 Pro version 1607
> System type 64-bit
>
> Many thanks in advance.
>

Do you have any server monitoring installed?  Maybe check if OS has run out
of memory or something.


>
> Best regards.
> Irene.
>
>
>
>


-- 
Guang

Re: web.xml

On Wed, Sep 6, 2017 at 6:16 AM, Alejandro Vargas M. <
alejandro.var...@kymsolutions.com> wrote:

> Good afternoon,
>
> I have a website on a client, and they ran a vulnerability test, and it
> throws a vulnerability that any user can see web.xml from a web browser,
>
> how can I hide to see web.xml or any other file from the browser?
>

Do you have a reverse proxy or a webserver directly serving static files?


>
> Thanks.
>
>
> --
>
>
>
>
> Alejandro Vargas Mayorga
> *Gerente Desarrollo C.A. & C.*
> *Tel. 506- 7232-3366*
> *Email:**alejandro.var...@kymsolutions.com*
> <%20alejandro.var...@kymsolutions.com>
> *www.kymsolutions.com* 
> * Visite nuestra aula virtual! *
>



-- 
Guang

Re: Page cannot be displayed , TOMCAT installation on windows 2012 R2

On Tue, Sep 5, 2017 at 6:38 PM, ford royal 
wrote:

> HI team,
>
>
>
> I have installed Tomcat on windows 2012 r2 , but I get page cannot be
> displayed when I try to open http:\\localhost:8080I have given Java path
> also but still no.Java 8 update 144  tomcat is 8.5.20
> please guide
>
>
Can you share catalina.out under logs folder?


>  Best Regards, Thank you, Rao
>
>




-- 
Guang

Re: Struts Vulnerability

On Thu, Sep 7, 2017 at 7:18 AM, Sean Son 
wrote:

> Hello all
>
> I am new to the mailing list as well as new to Apache Struts.  We all heard
> in the news about the vulnerability affecting Apache Struts. I have been
> tasked to determine which of our servers have Struts running on them.  I
> have a few questions on how to determine if a server is running Struts or
> not:
>
> 1) How does one determine if a Windows server, running IIS, has the Apache
> Struts framework installed on it?
>
> 2) Does Apache Struts only run on Apache Webserver and Tomcat?
>
> 3) Is there a simple way to determine if a server has Struts installed,
> instead of logging into each of the servers and checking the programs list?
>
>
> I appreciate ALL help!
>

You can try to search the file system for struts jar.
Btw, it seems only struts 2 are affected by the issue

-- 
Guang

Re: Does Tomcat scan static file directories on startup? If so, how does one prevent it?