mod_jk endpoints

2018-10-20 Thread Jerry Malcolm 
Thanks for the responses to my earlier post about websockets/JSPs.  
Http/2 is definitely the right answer for my issue there.


HTTP/2 solved the problem with the throttling the multiple parallel 
requests with the browser connection limits.  But now opening that 
throttle has now exposed a different problem at the server.  Quick 
refresh I have an app that does not have many concurrent users at 
this time.  However it does periodically have a very large number of 
concurrent requests (AJAX/REST) from a single client.


I now realize that with the browser limiting concurrent requests in 
HTTP/1.1, mod_jk was not getting overwhelmed.  But now that the 
floodgates have opened with HTTP/2, I realize that I have some serious 
configuration problems with mod_jk.  The requests are clogging up in 
mod_jk, timing out, and logging errors something like "cannot get 
endpoint for worker".  It then takes about 5 minutes for the clog to 
clear out before mod_jk is functional again for the other virtual hosts 
I'm hosting.


Specifics... I'm using Apache 2.4.33, Tomcat 9.0.  I tried to download 
the latest mod_jk.so.  The latest mod_jk for httpd on the binaries 
download site is from 2016.  All the versions for the past 2 years are 
iis only... I assume that's ok???  So I'm using the 2016 1.2.40 version.


My question is how do I increase the number of 'endpoints' that 
mod_jk has access to?  Is that a TC configuration or workers.properties 
setting?  I want to make sure mod_jk has enough resources/endpoints to 
pass (i.e.not 'block') all the requests it receives.  Once mod_jk is 
passing everything, I realize the flood might hit TC, and I may be back 
asking about increasing TC resources.  But for now, I just want to get 
mod_jk opened up.


Thanks again.

Jerry


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Cookie Header Not Being Parsed

2018-10-20 Thread Caldarale, Charles R 
> From: Durand, Dustin [mailto:dustin_dur...@intuit.com] 
> Subject: Cookie Header Not Being Parsed

> I've been attempting to track down an issue where the cookies aren't being

> parsed out of the cookie header in rare cases. We're using a java service 
> that utilizes JSession, so this causes the users session to be lost every 
> time one of these failures occurs.

> Version: Tomcat 8.5.31 and 8.5.34 (Attempted to upgrade)

Thanks for supplying the version info; many people forget.

> During the load tests we see the rare request come into the service where
the 
> filter dumps the cookie header which includes the expected cookies, but
when 
> the filter attempts to pull the cookies from the HttpServletRequest
they're 
> missing. To make it more interesting, the value cookie header usually
matches 
> the previous request(s) cookie header value for that user, which was
parsed 
> successfully.

The last sentence is the key point, indicating the probable source of the
problem: your application is likely hanging on to some reference to the
prior request and inadvertently using it when a new request shows up.  This
often takes the form of instance variables in a servlet being used to hold
request information.  Since the servlet object is shared across all requests
using it, information leakage can occur between concurrent requests; this is
also true for filters used in the request handling.  Leakage can also occur
with other singletons used by the webapp, or in any persistent data
maintained by the app (e.g., in a session object).

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.



smime.p7s
Description: S/MIME cryptographic signature

Cookie Header Not Being Parsed

2018-10-20 Thread Durand, Dustin 
Hello Tomcat Users,

I’ve been attempting to track down an issue where the cookies aren’t being 
parsed out of the cookie header in rare cases. We’re using a java service that 
utilizes JSession, so this causes the users session to be lost every time one 
of these failures occurs.

Version: Tomcat 8.5.31 and 8.5.34 (Attempted to upgrade)

To give additional context, we’ve been able to track this down by adding a 
custom filter (derived from javax.servlet.filter) that dumps all the headers 
and cookies for every request that comes to the server. This happens very 
rarely, so the only way we’ve been able to reproduce this issue is by doing 
load tests against our service.

During the load tests we see the rare request come into the service where the 
filter dumps the cookie header which includes the expected cookies, but when 
the filter attempts to pull the cookies from the HttpServletRequest they're 
missing. To make it more interesting, the value cookie header usually matches 
the previous request(s) cookie header value for that user, which was parsed 
successfully.

httpServletRequest.getHeaderNames(); // and then iterate over the headers to 
see all the headers -- the cookie header does exist and is valid even when 
cookies are missing

v.s.

httpServletRequest.getHeaders("Cookie"); // and then iterate over the 
enumerable to print the cookie header value. There is still only 1 header 
cookie and its valid even when cookies are missing

v.s.

httpServletRequest.getCookies(); // this ends up null when the cookies are 
missing


Request #1 (Cookies Present)
--
2018-10-20T12:23:21,387 |  Level=INFO Class="ca.xx.web.filters.AccessLogFilter" 
| StartTime="20-Oct-2018 12:23:21 GMT" requestURI=" "  authType="null" 
characterEncoding="UTF-8" contentLength="81" contentType=application/json; 
charset=UTF-8

CookieHeader="JSESSIONID=ABC; ... "
cookie_JSESSIONID="ABC"
cookie__lang="en"
cookie_... 

header_host="" header_connection="Keep-Alive" header_content-length="81" 
header_origin="" header_adrum="isAjax:true" header_accept="*/*" 
header_test="LoadTest" header_user-agent="" 
header_accept-encoding="gzip, deflate, br" 
header_accept-language="en-US,en;q=0.9"

header_cookie="JSESSIONID=ABC; ... "
header_content-type="application/json; charset=UTF-8" 
header_x-forwarded-for="" locale=en_US method="POST" pathInfo="null" 
protocol="HTTP/1.0" queryString"null" remoteAddr="" remoteHost="" 
remoteUser="null" requestedSessionId="ABC" scheme="http" serverName="" 
serverPort="80" servletPath=" " isSecure=false ResponseContentType="null" 
EndTime=20-Oct-2018 12:23:21 GMT


Request #2 (Missing Cookies)
--
2018-10-20T12:23:21,472 |  Level=INFO Class="ca.xx.web.filters.AccessLogFilter" 
|
StartTime="20-Oct-2018 12:23:21 GMT" requestURI=" "  authType="null" 
characterEncoding="UTF-8" contentLength="81" contentType=application/json; 
charset=UTF-8

CookieHeader="JSESSIONID=ABC; "
cookies=null

header_host="" header_connection="Keep-Alive" header_content-length="81" 
header_origin="" header_adrum="isAjax:true"
header_accept="*/*" header_test="LoadTest" header_user-agent="" 
header_accept-encoding="gzip, deflate, br" 
header_accept-language="en-US,en;q=0.9"

header_cookie="JSESSIONID=ABC; ... "

header_content-type="application/json; charset=UTF-8" 
header_x-forwarded-for="" locale=en_US method="POST" pathInfo="null" 
protocol="HTTP/1.0" queryString="null" remoteAddr="" remoteHost="" 
remoteUser="null" requestedSessionId="null" scheme="http" serverName=" " 
serverPort="80" servletPath=" " isSecure=false ResponseContentType="null" 
EndTime=20-Oct-2018 12:23:21 GMT


Notes:
- The value in the "cookie" header is the exact same between request 1 and 
request 2, as are the request URL and host.

- CookieHeader == httpServletRequest.getHeaders("Cookie");
- header_== iterating over values from 
httpServletRequest.getHeaderNames();
- cookie_ == iterating over  httpServletRequest.getCookies();
   OR cookies=null if it’s null
--


We've attempted to switching from Rfc6265CookieProcessor to 
LegacyCookieProcessor, but this had no effect.

I've dug around the Tomcat Github repo, and I didn't notice anything specific.

Http11InputBuffer seems to do the main parsing of the headers into the 
MimeHeaders instance that's part of the Request instance.
These MimeHeaders then end up in the cookies parsers (Rfc6265CookieProcessor or 
LegacyCookieProcessor), and it's calling:
int pos = [MimeHeaders] headers.findHeader("Cookie", 0);

Based on what I'm seeing in the filter, the cookie should be available to the 
parser.

We turned on the FINE level logging for the org.apache.tomcat.util classes, and 
the normal requests contain something along the following:

20-Oct-2018 12:08:45.981 FINE [http-nio-8080-exec-10] 
org.apache.tomcat.util.http.Rfc6265CookieProcessor.parseCookieHeader Cookies: 
Parsing b[]: 

But the requests that have null for getCookies() don't have this log entry, 
despite having the same

Re: Tomcat Clustering Support

2018-10-20 Thread Mark Thomas 
On 11/10/18 10:12, Mark Thomas wrote:



> If folks think this looks reasonable, I can create a BZ enhancement
> request to implement it.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62841

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org