Re: Speeding up tomcat

[Christopher Schultz]

Alex,

On 3/25/24 13:06, Alex Hatcher wrote:

Java version: 11.0.20
Tomcat version: 9.0.59


Are you able to upgrade these? Your Tomcat is nearly 2 years old and 
your Java is ... I'm not sure how old. This will have nothing to do with 
performance. Just security and general stability.



OS Version: Windows Server 2022 Datacenter Azure Edition

Azure VM Type and Specs: D8s v3

8 CPU 32 GiB Mem

VM Generation V2

VM Architecture   x64

Location   East US Zone 1



We have a traditional client/server application from a third-party 
vendor that has a couple second delay when accessing certain items 
(tabs) in their Web UI.  The delay has been traced down to the 
webserver, which runs Tomcat.  The application and database servers

do not appear to have any significant delays.

When an item is clicked inside the web UI, a call from the web 
server is made to the app and DB server, which come back fairly

quickly.  It's at the point where data is delivered from the app
server to the web server that tomcat on the webserver CPU usage
spikes.  In reviewing the web server with procmon running, we noticed
that tomcat is reading a lot of class files during the time we are
waiting for the task to complete to render the page.   Approximately
55,000 (yes 55000) classes read each click.


Ouch.

The vendor has reviewed this and said it's nothing to worry about, 
but we cannot find any other significant task that tomcat is doing

during this wait state that a web client experiences.


Are you able to see the duration of that 55000 class file read? How have 
you observed that Tomcat is reading all those files? Once an application 
is started and humming-along, Tomcat shouldn't be reading too many class 
files at all.


Reasons I can think of for reading lots of class files:

1. Auto-reload is enabled, and your class files have timestamps in the 
future. This would basically restart your application completely every 
few seconds. I think you'd notice.


2. You have disabled caching of your  and, for some reason, 
you are constantly searching through them for something.


3. You have an application-level scan for classes which is not using 
Tomcat's (usually cached) loader to locate classes. In this case, I 
would say that your application should (a) be loading though Tomcat and 
(b) probably not scanning classes all the time :)



We have sql tracing showing microsecond response times.

Developer console in chrome shows it waiting for 1.9 (Avg) seconds per click.



We would like to get to the root cause of this slowness, whether it is the 
operating system, Azure VM, webserver or vendor application causing the issue.


Well, if your application is triggering a 55000-file scan with every 
request, that's obviously the place to start. That simply should not be 
happening. Even a fast VM, OS, web server, etc. wasting that much time 
won't be "fast". So start there.


If you are able to observe the files being read, you can probably 
arrange to have one of them refuse to be read which should produce a 
FileNotFoundException or similar in a log. Then you can see what 
component is actually triggering that file-read and try to find out what 
it's being read with every request.


I would make the vendor do this. It's what you pay them for.

-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] Apache Tomcat 10.1.20 Available

[Christopher Schultz]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.20.

Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the /webapps-javaee directory and Tomcat will 
automatically convert them to Jakarta EE and copy them to the webapps 
directory. This conversion is performed using the Apache Tomcat 
migration tool for Jakarta EE tool which is also available as a separate 
download for off-line use.


Apache Tomcat 10.1.20 is a bugfix and feature release. The notable 
changes compared to 10.1.19 include:


 - Fix regression when reloading TLS configuration and files.

 - When restoring a saved POST request after a successful FORM
   authentication, ensure that neither the URI, the query string no
   the protocol are corrupted when restoring the request body.

 - Align error handling for Writer and OutputStream. Ensure use of
   either once the response has been recycled triggers a
   NullPointerException provided that discardFacades is configured with
   the default value of true.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-10.1-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-10.cgi

Migration guides from Apache Tomcat 8.5.x and 9.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[ANN] Apache Tomcat 8.5.100 Available

[Christopher Schultz]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.100.

*This will likely be the final release of Apache Tomcat 8.5. Please see 
the EOL notice linked at the end of this message.*


Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 8.5.100 is a bugfix and feature release. The notable
changes compared to 8.5.99 include:

 - Fix regression when reloading TLS configuration and files.

 - When restoring a saved POST request after a successful FORM
   authentication, ensure that neither the URI, the query string no
   the protocol are corrupted when restoring the request body.

 - Align error handling for Writer and OutputStream. Ensure use of
   either once the response has been recycled triggers a
   NullPointerException provided that discardFacades is configured with
   the default value of true.

Please refer to the change log for the complete list of changes:
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html

Downloads:
https://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 7.x and 8.0:
https://tomcat.apache.org/migration.html

Please note that Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 
2024. For more information please visit 
https://tomcat.apache.org/tomcat-85-eol.html


Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Speeding up tomcat

[John.E.Gregg]

Alex


> -Original Message-
> From: Alex Hatcher 
> Sent: Monday, March 25, 2024 12:06 PM
> To: users@tomcat.apache.org
> Subject: Speeding up tomcat
> 
> 
> 
> Java version: 11.0.20
> 
> Tomcat version: 9.0.59
> 
> 
> OS Version: Windows Server 2022 Datacenter Azure Edition
> 
> Azure VM Type and Specs: D8s v3
> 
> 8 CPU 32 GiB Mem
> 
> VM Generation V2
> 
> VM Architecture   x64
> 
> Location   East US Zone 1
> 
> 
> 
> We have a traditional client/server application from a third-party vendor that
> has a couple second delay when accessing certain items (tabs) in their Web UI.
> The delay has been traced down to the webserver, which runs Tomcat.  The
> application and database servers do not appear to have any significant delays.
> 
> 
> 
> When an item is clicked inside the web UI, a call from the web server is made
> to the app and DB server, which come back fairly quickly.  It's at the point
> where data is delivered from the app server to the web server that tomcat on
> the webserver CPU usage spikes.  In reviewing the web server with procmon
> running, we noticed that tomcat is reading a lot of class files during the 
> time
> we are waiting for the task to complete to render the page.   Approximately
> 55,000 (yes 55000) classes read each click.
> 
> 
> 
> The vendor has reviewed this and said it's nothing to worry about, but we
> cannot find any other significant task that tomcat is doing during this wait
> state that a web client experiences.
> 
> 
> 
> We have sql tracing showing microsecond response times.
> 
> 
> 
> Developer console in chrome shows it waiting for 1.9 (Avg) seconds per click.
> 
> 
> 
> We would like to get to the root cause of this slowness, whether it is the
> operating system, Azure VM, webserver or vendor application causing the
> issue.
> 
> 
> 
> 
> 
> 
> Notice: This e-mail message is confidential and is intended only for the use 
> of
> the individual and/or entity identified in the address line of this message. 
> If
> you have received this message in error, or are not the named recipient(s),
> please notify us immediately by telephone (888-479-9111) M_LEGAL_NOTICE

For this level of detail, I would use a profiler like the java flight recorder, 
JProfiler, etc.

Your description of classes being re-read sounds like the code is recreating 
one of the many factory classes that use the java service locator under the 
covers, like DocumentBuilderFactory, etc.  If you can confirm that, I can tell 
you (or the vendor) what to do about it.

Thanks


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Speeding up tomcat

[Alex Hatcher]

Java version: 11.0.20

Tomcat version: 9.0.59


OS Version: Windows Server 2022 Datacenter Azure Edition

Azure VM Type and Specs: D8s v3

8 CPU 32 GiB Mem

VM Generation V2

VM Architecture   x64

Location   East US Zone 1



We have a traditional client/server application from a third-party vendor that 
has a couple second delay when accessing certain items (tabs) in their Web UI.  
The delay has been traced down to the webserver, which runs Tomcat.  The 
application and database servers do not appear to have any significant delays.



When an item is clicked inside the web UI, a call from the web server is made 
to the app and DB server, which come back fairly quickly.  It's at the point 
where data is delivered from the app server to the web server that tomcat on 
the webserver CPU usage spikes.  In reviewing the web server with procmon 
running, we noticed that tomcat is reading a lot of class files during the time 
we are waiting for the task to complete to render the page.   Approximately 
55,000 (yes 55000) classes read each click.



The vendor has reviewed this and said it's nothing to worry about, but we 
cannot find any other significant task that tomcat is doing during this wait 
state that a web client experiences.



We have sql tracing showing microsecond response times.



Developer console in chrome shows it waiting for 1.9 (Avg) seconds per click.



We would like to get to the root cause of this slowness, whether it is the 
operating system, Azure VM, webserver or vendor application causing the issue.






Notice: This e-mail message is confidential and is intended only for the use of 
the individual and/or entity identified in the address line of this message. If 
you have received this message in error, or are not the named recipient(s), 
please notify us immediately by telephone (888-479-9111)
M_LEGAL_NOTICE

Re: Tomcat 9.0.87 - status 400 in css / images

[Christopher Schultz]

DAngel,

On 3/22/24 16:14, DAngel wrote:

Tomcat 9.0.87 (and Tomcat 9.0.76)
Ubuntu 22.04 (and Red hat 8)
java 8 : openjdk version "1.8.0_382"
protocol: HTTP

I have migrated an application from tomcat 7 (7.0.76) to tomcat 9.0.76 (and
also to tomcat 9.0.87)

After upgrading to Tomcat 9.0.76, the web page is not displaying correctly
as some CSS/images are returning HTTP status 400. If we reload the browser,
it works fine.

  When this happens, the "type" of the resources is text/html .

  My error is similar to this:
https://stackoverflow.com/questions/77989064/intermittently-getting-status-400-for-js-css-images-after-upgrading-to-tomcat-9

  Any configuration I may be missing?
  Any advice to solve this error is welcome.


400 indicates that the client sent a bad request.

Are you using HTTP 1.1 or h2?

Is there a reverse-proxy between your browser and Tomcat? If so, what 
product+protocol are you using to connect the two?


Is this an environment where you could enable debug/trace logging, or is 
this production which would represent a big problem for you?


Are you able to reproduce it, even non-predictably? Meaning, if you load 
a page 10 times can you make it happen, or is it only every 100,000 page 
loads or something?


-chris

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: PKCS#8 encryption algorithm unrecognized

[Timothy Resh]

Sorry for the delay.  Our certificate creation process was automated
several years ago and I had to go through the code to figure out the
commands being used for the certificates

First, we use the createcert.exe from the Sybase 17 installation to
generate a DB cert for ODBC connectivity.  Please see the following link
for more information.
https://infocenter.sybase.com/help/index.jsp?topic=/com.sybase.help.sqlanywhere.12.0.1/dbadmin/gencert-ml-ref1.html
-t encryption type
-b length
-ca "1"  Create Certificate Authority
-u 3,4,5,6

   - 3. Key Encipherment
   - 4. Data Encipherment
   - 5. Key Agreement
   - 6. Certificate Signing

-v 6 years
-co Public Certificate
-x Generates a self-signed certificate

*C:\tmp12>ECHO. | "C:\Program Files\SQL Anywhere 17\Bin64\createcert.exe"
-t "rsa" -b "2048" -ca "1" -io "C:\tmp12\DB\Application Certificate
Files\Private Keys\ASA12 SAMM Vessel.pem" -ko "C:\tmp12\DB\Application
Certificate Files\Private Keys\ASA12 SAMM Vessel.key" -kp "changeit" -x -co
"C:\tmp12\DB\Application Certificate Files\Public Keys\ASA12 SAMM
Vessel.pub" -sc "US" -scn "WSD-2DNX4M3.mydomain.com
" -sl "Norfolk" -so "Vessel Ships" -sou
"Engineering" -sst "VA" -u 3,4,5,6 -v "6"*









*SQL Anywhere X.509 Certificate Generator Version 17.0.10.6160Warning: The
certificate will not be compatible with older versionsof the software
including version 12.0.1 prior to build 3994 and version 16.0prior to build
1691. Use the -3des switch if you require compatibility.Generating key
pair...Certificate will be a self-signed rootSerial number [generate GUID]:
Generated serial number: 42455c10a27d441db3e3d09f39f35452*


This creates a  ASA12 SAMM Vessel.pub  that is then copied to the Tomcat
Application Server as "Client Configuration.pem"

our next commands are all openssl or keytool

openssl.exe genrsa -aes256 -passout pass:"changeit" -out
"C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.key" 2048
1>nul 2>&1
openssl.exe req -new -key "C:\tmp12\Certificate\Private
Key\WSD-2DNX4M3.mydomain.com.key" -subj "/CN=
WSD-2DNX4M3.mydomain.com/OU=USN/OU=PKI/OU=DoD/O=U.S.Government/C=US" -out
"C:\tmp12\Certificate\Keystore\WSD-2DNX4M3.mydomain.com.csr" -passin
pass:"changeit"1>nul 2>&1

echo basicConstraints = CA:FALSE  1>"C:\tmp12\openssl\v3.ext"
echo keyUsage = digitalSignature, keyEncipherment
 1>>"C:\tmp12\openssl\v3.ext"
ECHO [SAN]   1>>"C:\tmp12\openssl\v3.ext"
ECHO subjectAltName=DNS:WSD-2DNX4M3.mydomain.com
1>>"C:\tmp12\openssl\v3.ext"

openssl.exe x509 -req -extfile "C:\tmp12\openssl\v3.ext" -signkey
"C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.key" -in
"C:\tmp12\Certificate\Keystore\WSD-2DNX4M3.mydomain.com.csr" -out
"C:\tmp12\Certificate\Public Key\WSD-2DNX4M3.mydomain.com.cer" -passin
pass:"changeit" -days "2190" -extensions SAN
Certificate request self-signature ok
subject=CN = WSD-2DNX4M3.mydomain.com, OU = USN, OU = PKI, OU = DoD, O =
U.S.Government, C = US

COPY "C:\tmp12\Certificate\Public Key\WSD-2DNX4M3.mydomain.com.cer"
"C:\tmp12\Certificates\CA\"   1>nul 2>&1

openssl.exe pkcs12 -export -in "C:\tmp12\Certificate\Public
Key\WSD-2DNX4M3.mydomain.com.cer" -inkey "C:\tmp12\Certificate\Private
Key\WSD-2DNX4M3.mydomain.com.key" -out "C:\tmp12\Certificate\Private
Key\WSD-2DNX4M3.mydomain.com.p12" -name WSD-2DNX4M3.mydomain.com -CAfile
"C:\tmp12\Certificate\Public Key\WSD-2DNX4M3.mydomain.com.cer" -caname
WSD-2DNX4M3.mydomain.com -passin pass:"changeit" -passout pass:"changeit"

keytool.exe -importkeystore -deststorepass "changeit" -destkeypass
"changeit" -destkeystore "C:\tmp12\Certificate\Keystore\Vessel.jks"
-srckeystore "C:\tmp12\Certificate\Private
Key\WSD-2DNX4M3.mydomain.com.p12" -srcstoretype PKCS12 -srcstorepass
"changeit" -alias WSD-2DNX4M3.mydomain.com
Importing keystore C:\tmp12\Certificate\Private
Key\WSD-2DNX4M3.mydomain.com.p12 to
C:\tmp12\Certificate\Keystore\Vessel.jks...
DEL /Q "C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.p12"

openssl.exe rsa -in "C:\tmp12\Certificate\Private
Key\WSD-2DNX4M3.mydomain.com.key" -out "C:\tmp12\Certificate\Private
Key\WSD-2DNX4M3.mydomain.com.key.2" -passin pass:"changeit"
openssl.exe rsa -aes256 -in "C:\tmp12\Certificate\Private
Key\WSD-2DNX4M3.mydomain.com.key.2" -out "C:\tmp12\Certificate\Private
Key\WSD-2DNX4M3.mydomain.com.key.3" -passin pass:"changeit" -passout
pass:"changeit"
openssl.exe pkcs8 -topk8 -v1 PBE-SHA1-3DES -in
"C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.key.3" -out
"C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.key" -passin
pass:"changeit" -passout pass:"changeit"

DEL /Q "C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.key.2"
DEL /Q "C:\tmp12\Certificate\Private Key\WSD-2DNX4M3.mydomain.com.key.3"

keytool.exe -importkeystore -srckeystore
"C:\tmp12\Certificate\Keystore\Vessel.jks" -destkeystore
"C:\tmp12\Certificate\Keystore\Vessel.p12" -srcstoretype JKS -deststoretype
PKCS12 -srcstorepass "changeit" -deststorepass "changeit"