Re: Post Session Id
On Wed, Apr 1, 2015 at 11:50 AM, Rainer Jung rainer.j...@kippdata.de wrote: Am 31.03.2015 um 15:19 schrieb Wesley Acheson: Currently I'm trying to use tracking-modeSSL/tracking-mode in web.xml but just running some local tests it appears that there are a number of problems when using the JK connector and using this mechanism. First issue: Even though the requests are going through AJP which supports the SSL context information propegation, It appears I need to add a second connector to serve over https. This is because the logic in ApplicationConnector.java for (Connector connector : connectors) { if (Boolean.TRUE.equals(connector.getAttribute(SSLEnabled))) { supportedSessionTrackingModes. add(SessionTrackingMode.SSL); break; } } Looks like the AJP connector doesn't accept that attribute. Something we could fix, but you found a workaround. Yeah I'm not sure if that is still an issue in TC8. When I'm not trying to get something working in deadlines I'll try to provide a bug report maybe a patch but I'm not sure if its the validation logic thats wrong or if the connector should instead should have that property. Second issue: This is the actual issue that blocks us. When going over mod_jk to a tomcat instance it appears that the request attribute SSL_SESSION_ID isn't populated on the first few requests to the server. However it is populated on subsequent requests. This is causing the following exception. java.lang.NullPointerException at org.apache.catalina.connector.CoyoteAdapter.parseSessionSslId( CoyoteAdapter.java:985) at org.apache.catalina.connector.CoyoteAdapter.postParseRequest( CoyoteAdapter.java:765) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:416) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler. process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor. run(JIoEndpoint.java:314) at java.util.concurrent.ThreadPoolExecutor.runWorker( ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run( ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run( TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Closing and repopening the browser causes the same issue to occur again. Which means that I'm going to have to go back to posting the id, after places where we don't control redirects back to our domain, I'm going to have to issue a one time session lookup token to lookup the session Id. This means sharing a data source with the Valve and the web applications. (basically a string-string hashmap) Hopefully I can use JNDI or similar for a local map if not its going to be needed to be backed by a database. So remaining questions are two: How to get the SSL_SESSION_ID populated on initial requests? Can I share some object in memory with tomcat as the container(in a valve) and the web application? I currently see no reason, why it shouldn't be populated right from the start. Could you please check - whether Apache always provides SSL_SESSION_ID: Set SSLOptions +StdEnvVars and add %{SSL_SESSION_ID}X to your access log (using CustomLog and a LogFormat). What I did before is I added the ssl options to apache and did an ngrep on port 8009 loopback interface, apache was not sending it over the wire. It was sending other SSL parameters Now this could be just some error in my configuration I don't have it here to check. I used whatever apache was installed by default by apt-get in mint. And I couldn't find a precompiled mod_jk.so so I ended up compiling it. This will log the ssl session id with every request that is handled by Apache in the Apache access log. If the field does not contain an id, then mod_jk has no chance of forwarding it and we need to solve that part. I'm not at the computer where I saw this behaviour and as above I'm not sure if its my fault. When I am back at the computer unfortunately I've other things to solve. (such as my hacked together session tracking). It looks like I'm way off the beaten path with trying SSL session over mod_jk so I'm not sure if a fix is all that usefull to anyone? - whether Tomcat sees the right IDs: You can add %{javax.servlet.request.ssl_session}r to the pattern of the AccessLogValve to add the ssl session id to your Tomcat access log. If you can see the ID for the problematic cases in the httpd access log but not in the Tomcat one, I'll do a little test here to reproduce. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Post Session Id
Because if they are reverse proxying on a subdomain then the subdomain needs a ssl cert basically. On Tue, Mar 31, 2015 at 5:35 PM, André Warnier a...@ice-sa.com wrote: Wesley Acheson wrote: This is getting off topic. The website that surrounds our website is available under multiple domains. I.e. They white label their product. Hi. If you do not want to pursue this, I cannot and do not want to force you. But on the base of the scarce info available : if they are the surrounding site, and your application lives in the iframe, then all they have to do is set up *their* server as the proxy to you, not so ? And in that case, why would they need to get any more certs than they already have ? On Tue, Mar 31, 2015 at 4:52 PM, André Warnier a...@ice-sa.com wrote: Wesley Acheson wrote: Andre that works perfectly fine but not for our use case. Ok, thanks for the confirmation. My logical world is back on track now. Not to nitpick, but your previous post was the first one in which you mentioned SSL as part of the equation, wasn't it ? If you still have a moment : in that previous post, you wrote Its not pratical for us to mandate that they buy an SSL cert for every top level domain that contains our application. Could you in a few words explain why that would be necessary ? I guess that I still do not clearly see that use case. Maybe just having a look at the initial page which you mention, could help ? On Tue, Mar 31, 2015 at 2:58 PM, André Warnier a...@ice-sa.com wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 3/30/15 6:07 PM, André Warnier wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 3/30/15 12:19 PM, Jeffrey Janner wrote: -Original Message- From: Christopher Schultz [mailto: chris@ christopherschultz.net] Sent: Monday, March 30, 2015 10:48 AM To: Tomcat Users List Subject: Re: Post Session Id -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wesley, On 3/30/15 3:57 AM, Wesley Acheson wrote: On Mon, Mar 30, 2015 at 2:17 AM, Christopher Schultz ch...@christopherschultz.net wrote: Wesley, On 3/29/15 1:15 PM, Wesley Acheson wrote: A team I am working with use tomcat 7 as their web container. The application cannot use url session tracking due to compliance reasons. One of the requirements we are facing is that the application should work in an iframe on the safari web browser, which blocks all cookies. Do you mean that Safari has been configured to block all cookies? Because Safari won't block cookies just because you are using an iframe . Should have said its a third party domain name. That can't change easily. Should have wrote Safari blocks all third party cookies. Okay, that explains it. Let me ask you... why is a path parameter (;jsessionid=f00) unacceptable but not a request parameter? Or if it that you want to have the parameters be in POST-parameters only? In terms of forgery and/or capturing session identifiers, there's really no difference from a security perspective of any of these strategies. - -chris I may be being a little naïve here, but would the sessionCookieDomain parameter of the Context element work for the OP here? No, because the domain of the page is considered to be separate from the application being used, here (in an iframe). Setting the domain of the cookie to the page-domain would probably result in the cookie being (possibly) ignored by the browser (because it came from the wrong domain) or the cookie wouldn't be sent to the application because the domain wouldn't match. That does bring-up another point, though: could the page-domain be used to proxy requests through to the application? If so, none of this work might need to be done. The browser would request https://host.com/app and host.com would proxy through to https://otherhost.com/app. It's more configuration and networking work, but it's less application work which may be a win. Re-reading this thread from the beginning, I still have a doubt as to whether I understand the issue correctly. That is because, as far as I know, an iframe within a Windows, is its own Window object, with its own baseURI etc.. And from the server's point of view, it is in fact like a separate browser window, from which requests originate and to which responses are being sent, and it is for all intents and purposes indistinguishable from just another separate Window or Tab that would be opened on the same workstation by the same or another browser. So under what circumstances can a session-id cookie being sent by Tomcat to that iframe Window be considered as a third-party cookie and blocked by a browser ? (And if it were, would that not be a browser bug ?) http://www.mendoweb.be/blog/internet-explorer-safari- third-party-cookie- problem/ http://stackoverflow.com/a/486569/276232
Re: Post Session Id
Andre that works perfectly fine but not for our use case. On Tue, Mar 31, 2015 at 2:58 PM, André Warnier a...@ice-sa.com wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 3/30/15 6:07 PM, André Warnier wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 3/30/15 12:19 PM, Jeffrey Janner wrote: -Original Message- From: Christopher Schultz [mailto:chris@ christopherschultz.net] Sent: Monday, March 30, 2015 10:48 AM To: Tomcat Users List Subject: Re: Post Session Id -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wesley, On 3/30/15 3:57 AM, Wesley Acheson wrote: On Mon, Mar 30, 2015 at 2:17 AM, Christopher Schultz ch...@christopherschultz.net wrote: Wesley, On 3/29/15 1:15 PM, Wesley Acheson wrote: A team I am working with use tomcat 7 as their web container. The application cannot use url session tracking due to compliance reasons. One of the requirements we are facing is that the application should work in an iframe on the safari web browser, which blocks all cookies. Do you mean that Safari has been configured to block all cookies? Because Safari won't block cookies just because you are using an iframe . Should have said its a third party domain name. That can't change easily. Should have wrote Safari blocks all third party cookies. Okay, that explains it. Let me ask you... why is a path parameter (;jsessionid=f00) unacceptable but not a request parameter? Or if it that you want to have the parameters be in POST-parameters only? In terms of forgery and/or capturing session identifiers, there's really no difference from a security perspective of any of these strategies. - -chris I may be being a little naïve here, but would the sessionCookieDomain parameter of the Context element work for the OP here? No, because the domain of the page is considered to be separate from the application being used, here (in an iframe). Setting the domain of the cookie to the page-domain would probably result in the cookie being (possibly) ignored by the browser (because it came from the wrong domain) or the cookie wouldn't be sent to the application because the domain wouldn't match. That does bring-up another point, though: could the page-domain be used to proxy requests through to the application? If so, none of this work might need to be done. The browser would request https://host.com/app and host.com would proxy through to https://otherhost.com/app. It's more configuration and networking work, but it's less application work which may be a win. Re-reading this thread from the beginning, I still have a doubt as to whether I understand the issue correctly. That is because, as far as I know, an iframe within a Windows, is its own Window object, with its own baseURI etc.. And from the server's point of view, it is in fact like a separate browser window, from which requests originate and to which responses are being sent, and it is for all intents and purposes indistinguishable from just another separate Window or Tab that would be opened on the same workstation by the same or another browser. So under what circumstances can a session-id cookie being sent by Tomcat to that iframe Window be considered as a third-party cookie and blocked by a browser ? (And if it were, would that not be a browser bug ?) http://www.mendoweb.be/blog/internet-explorer-safari-third-party-cookie- problem/ http://stackoverflow.com/a/486569/276232 Wesley, it looks like there are some hacks available that might solve your problem. http://stackoverflow.com/a/4702110/276232 http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/ Unfortunately, it looks like these hacks are outdated and no longer work: WebKit patched this bug so that iframe cookies are again ignored .. It looks like there might be some other possibilities, but I can't verify them ATM. So I would consider this as a browser bug. But nevertheless, that's how they work and one has to live with this for now. So back to the drawing board. The question here is : do the browsers reject the cookie a) just because it is addressed to an iframe ? or b) because (while being addressed to an iframe) the domain part of that cookie is determined to be different from the one from which the main window content is coming ? If (b), then the easiest solution would be to make it so that it isn't so. Let's imagine that the first main page is seen by the browser as coming from http://serverA.domainA.com;, and that this contains an iframe loaded from http://serverB.domainB.com;. With the response going to the iframe, comes a session-id cookie, whose domain portion is also serverB.domainB.com, and this is (dubiously in my view) determined to be unacceptable by the browser, because it differs from serverA.domainA.com. So the browser ignores the cookie. That issue would
Re: Post Session Id
This is getting off topic. The website that surrounds our website is available under multiple domains. I.e. They white label their product. On Tue, Mar 31, 2015 at 4:52 PM, André Warnier a...@ice-sa.com wrote: Wesley Acheson wrote: Andre that works perfectly fine but not for our use case. Ok, thanks for the confirmation. My logical world is back on track now. Not to nitpick, but your previous post was the first one in which you mentioned SSL as part of the equation, wasn't it ? If you still have a moment : in that previous post, you wrote Its not pratical for us to mandate that they buy an SSL cert for every top level domain that contains our application. Could you in a few words explain why that would be necessary ? I guess that I still do not clearly see that use case. Maybe just having a look at the initial page which you mention, could help ? On Tue, Mar 31, 2015 at 2:58 PM, André Warnier a...@ice-sa.com wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 3/30/15 6:07 PM, André Warnier wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 3/30/15 12:19 PM, Jeffrey Janner wrote: -Original Message- From: Christopher Schultz [mailto:chris@ christopherschultz.net] Sent: Monday, March 30, 2015 10:48 AM To: Tomcat Users List Subject: Re: Post Session Id -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wesley, On 3/30/15 3:57 AM, Wesley Acheson wrote: On Mon, Mar 30, 2015 at 2:17 AM, Christopher Schultz ch...@christopherschultz.net wrote: Wesley, On 3/29/15 1:15 PM, Wesley Acheson wrote: A team I am working with use tomcat 7 as their web container. The application cannot use url session tracking due to compliance reasons. One of the requirements we are facing is that the application should work in an iframe on the safari web browser, which blocks all cookies. Do you mean that Safari has been configured to block all cookies? Because Safari won't block cookies just because you are using an iframe . Should have said its a third party domain name. That can't change easily. Should have wrote Safari blocks all third party cookies. Okay, that explains it. Let me ask you... why is a path parameter (;jsessionid=f00) unacceptable but not a request parameter? Or if it that you want to have the parameters be in POST-parameters only? In terms of forgery and/or capturing session identifiers, there's really no difference from a security perspective of any of these strategies. - -chris I may be being a little naïve here, but would the sessionCookieDomain parameter of the Context element work for the OP here? No, because the domain of the page is considered to be separate from the application being used, here (in an iframe). Setting the domain of the cookie to the page-domain would probably result in the cookie being (possibly) ignored by the browser (because it came from the wrong domain) or the cookie wouldn't be sent to the application because the domain wouldn't match. That does bring-up another point, though: could the page-domain be used to proxy requests through to the application? If so, none of this work might need to be done. The browser would request https://host.com/app and host.com would proxy through to https://otherhost.com/app. It's more configuration and networking work, but it's less application work which may be a win. Re-reading this thread from the beginning, I still have a doubt as to whether I understand the issue correctly. That is because, as far as I know, an iframe within a Windows, is its own Window object, with its own baseURI etc.. And from the server's point of view, it is in fact like a separate browser window, from which requests originate and to which responses are being sent, and it is for all intents and purposes indistinguishable from just another separate Window or Tab that would be opened on the same workstation by the same or another browser. So under what circumstances can a session-id cookie being sent by Tomcat to that iframe Window be considered as a third-party cookie and blocked by a browser ? (And if it were, would that not be a browser bug ?) http://www.mendoweb.be/blog/internet-explorer-safari- third-party-cookie- problem/ http://stackoverflow.com/a/486569/276232 Wesley, it looks like there are some hacks available that might solve your problem. http://stackoverflow.com/a/4702110/276232 http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/ Unfortunately, it looks like these hacks are outdated and no longer work: WebKit patched this bug so that iframe cookies are again ignored .. It looks like there might be some other possibilities, but I can't verify them ATM. So I would consider this as a browser bug. But nevertheless, that's how they work and one has to live with this for now. So back to the drawing board
Re: Post Session Id
Guys, Thanks for all your suggestions, they are good suggestions but I'm not going to reply to them individually. The Valve for setting requested session Id works correctly. However I implemented it POST only which is causing problems the application we are using has a number of redirects. Reverse proxy from a subdomain has been discussed internally and rejected, this is to do with our business use case and the nature of the client who we are dealing with. Its not pratical for us to mandate that they buy an SSL cert for every top level domain that contains our application. Get requests with a session Id in the url are out due to compliance reasons. The same logic for A records in DNS which we considered also. Currently I'm trying to use tracking-modeSSL/tracking-mode in web.xml but just running some local tests it appears that there are a number of problems when using the JK connector and using this mechanism. First issue: Even though the requests are going through AJP which supports the SSL context information propegation, It appears I need to add a second connector to serve over https. This is because the logic in ApplicationConnector.java for (Connector connector : connectors) { if (Boolean.TRUE.equals(connector.getAttribute(SSLEnabled))) { supportedSessionTrackingModes.add(SessionTrackingMode.SSL); break; } } Looks like the AJP connector doesn't accept that attribute. Second issue: This is the actual issue that blocks us. When going over mod_jk to a tomcat instance it appears that the request attribute SSL_SESSION_ID isn't populated on the first few requests to the server. However it is populated on subsequent requests. This is causing the following exception. java.lang.NullPointerException at org.apache.catalina.connector.CoyoteAdapter.parseSessionSslId(CoyoteAdapter.java:985) at org.apache.catalina.connector.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:765) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:416) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745) Closing and repopening the browser causes the same issue to occur again. Which means that I'm going to have to go back to posting the id, after places where we don't control redirects back to our domain, I'm going to have to issue a one time session lookup token to lookup the session Id. This means sharing a data source with the Valve and the web applications. (basically a string-string hashmap) Hopefully I can use JNDI or similar for a local map if not its going to be needed to be backed by a database. So remaining questions are two: How to get the SSL_SESSION_ID populated on initial requests? Can I share some object in memory with tomcat as the container(in a valve) and the web application? On Tue, Mar 31, 2015 at 2:58 PM, André Warnier a...@ice-sa.com wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 André, On 3/30/15 6:07 PM, André Warnier wrote: Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 3/30/15 12:19 PM, Jeffrey Janner wrote: -Original Message- From: Christopher Schultz [mailto:chris@ christopherschultz.net] Sent: Monday, March 30, 2015 10:48 AM To: Tomcat Users List Subject: Re: Post Session Id -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wesley, On 3/30/15 3:57 AM, Wesley Acheson wrote: On Mon, Mar 30, 2015 at 2:17 AM, Christopher Schultz ch...@christopherschultz.net wrote: Wesley, On 3/29/15 1:15 PM, Wesley Acheson wrote: A team I am working with use tomcat 7 as their web container. The application cannot use url session tracking due to compliance reasons. One of the requirements we are facing is that the application should work in an iframe on the safari web browser, which blocks all cookies. Do you mean that Safari has been configured to block all cookies? Because Safari won't block cookies just because you are using an iframe . Should have said its a third party domain name. That can't change easily. Should have wrote Safari blocks all third party cookies. Okay, that explains it. Let me ask you... why is a path parameter (;jsessionid=f00) unacceptable but not a request parameter? Or if it that you want to have the parameters be in POST-parameters only? In terms of forgery and/or capturing session identifiers, there's really
Re: Post Session Id
On Mon, Mar 30, 2015 at 2:17 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wesley, On 3/29/15 1:15 PM, Wesley Acheson wrote: A team I am working with use tomcat 7 as their web container. The application cannot use url session tracking due to compliance reasons. One of the requirements we are facing is that the application should work in an iframe on the safari web browser, which blocks all cookies. Do you mean that Safari has been configured to block all cookies? Because Safari won't block cookies just because you are using an iframe . Should have said its a third party domain name. That can't change easily. Should have wrote Safari blocks all third party cookies. For this purpose I'd like to post some value around that acts as a session Id. However I'm not sure if this is possible? If you write a Valve (which would be Tomcat-specific, and not work under other servlet containers), you could change the way Tomcat reads session identifiers from the request (and use a request parameter instead of a path parameter). I understand that the solution at the moment would be container specific. Or you could handle session-management yourself and not use servlet-spec-style session-tracking (which would be WAY more invasive to your application). In the longer term this is probably better. For the immediate term I just need the lease invasive approach for the application. *I'm aware that this won't work for common paradigms such as POST-REDIRECT-GET.* Looking at CoyoteAdaptor.java seems to suggest that session Id can only be retrieved using SSL COOKIE and URL. COOKIE is out because of third party issues. URL is out because of compliance. SSL may be a possiblity but only if it doesn't involve custom client certificates. Is there any good place to hook in a post parameter for retrieving and reattaching the session? I've not done this before. CoyoteAdapter calls request.setRequestedSessionId in a few places, and I don't believe CoyoteAdapter can be overridden or replaced directly. If you had a Valve that ran before anything else, you might be able to capture the request, read a request parameter, and then call setRequestedSessionId yourself with that replacement value. Thanks very much I'm going to read up on valves now. YMMV - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVGJYFAAoJEBzwKT+lPKRYn8oP/0LIWZKl5Nf/bYdN1BeosGFF 6hLS/mEDZ+XUD/NMpGpTHjoin3+32m7kGKEGCCApQDc4GAUlIwJGzLeLPsGfFaoo QXXyM6XUfpHWmJaEPtAySe0CZ/fwOKvL/DKuuO7UbtjFmNc8Pm/e87p5lmprsaQ1 C+4pfXsV5ltdDO8eZU0ofOHAXA0qkDuizeixwEcG3sXnNqF4Hr7Oq4gF0TKwCAU9 6Hce0NYVY61YY64U0m+dCCsH5a9hMUlu48YGDA9JemKmeNLexR3TrxFC8LT8iqUW jXNygDD7GBfFBhIiYujUo3HwSCNW091OMy6Vb0DhcSOlL11LVpK2+eNLZ1aM3kHI 881Onen2evMjzZ3PcALw2SqN3Cmr8dqMp0YhrJc2jsZ6OXBrYSuSCYCw4A0tDlN7 GTusoqFobmipgXu+sksZh5A6h5uyThVTLikG3CQ72wvTDMzRBh1YrNPc027BLuKN k/KOoBv3Lkyan+pSEbzQCCchB2IQ/CSFHoD8jgfzcHehJ5qB1Mrwo97kwsh1qbvk IjGssbqyDrTmfrKVyl1ypeCi18l7pn9GrTzJwFoNUxmfd+42elwCrRPUdCYYZuR8 9Ne8uYegBwnvRQpDN5RCK73Bqpyi2lgyP10Ph20TvnQ3ACDNbb6247TOTPGnItGr G5g/FyojfAtvlnhe7+r4 =0axs -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Post Session Id
On Mon, Mar 30, 2015 at 10:24 AM, Aurélien Terrestris aterrest...@gmail.com wrote: If you write a Valve (which would be Tomcat-specific, and not work under other servlet containers), you could change the way Tomcat reads session identifiers from the request (and use a request parameter instead of a path parameter). Maybe could you also have a look on Filters since they're made for modifying the request before it reaches the servlet (or modifying the response after it leaves the servlet) : http://www.oracle.com/technetwork/java/filters-137243.html Yes I know how filters work. However their within the lifecycle of the webapp. A filter can't associate a session with a request :( 2015-03-30 9:57 GMT+02:00 Wesley Acheson wesley.ache...@gmail.com: On Mon, Mar 30, 2015 at 2:17 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Wesley, On 3/29/15 1:15 PM, Wesley Acheson wrote: A team I am working with use tomcat 7 as their web container. The application cannot use url session tracking due to compliance reasons. One of the requirements we are facing is that the application should work in an iframe on the safari web browser, which blocks all cookies. Do you mean that Safari has been configured to block all cookies? Because Safari won't block cookies just because you are using an iframe . Should have said its a third party domain name. That can't change easily. Should have wrote Safari blocks all third party cookies. For this purpose I'd like to post some value around that acts as a session Id. However I'm not sure if this is possible? If you write a Valve (which would be Tomcat-specific, and not work under other servlet containers), you could change the way Tomcat reads session identifiers from the request (and use a request parameter instead of a path parameter). I understand that the solution at the moment would be container specific. Or you could handle session-management yourself and not use servlet-spec-style session-tracking (which would be WAY more invasive to your application). In the longer term this is probably better. For the immediate term I just need the lease invasive approach for the application. *I'm aware that this won't work for common paradigms such as POST-REDIRECT-GET.* Looking at CoyoteAdaptor.java seems to suggest that session Id can only be retrieved using SSL COOKIE and URL. COOKIE is out because of third party issues. URL is out because of compliance. SSL may be a possiblity but only if it doesn't involve custom client certificates. Is there any good place to hook in a post parameter for retrieving and reattaching the session? I've not done this before. CoyoteAdapter calls request.setRequestedSessionId in a few places, and I don't believe CoyoteAdapter can be overridden or replaced directly. If you had a Valve that ran before anything else, you might be able to capture the request, read a request parameter, and then call setRequestedSessionId yourself with that replacement value. Thanks very much I'm going to read up on valves now. YMMV - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v2 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJVGJYFAAoJEBzwKT+lPKRYn8oP/0LIWZKl5Nf/bYdN1BeosGFF 6hLS/mEDZ+XUD/NMpGpTHjoin3+32m7kGKEGCCApQDc4GAUlIwJGzLeLPsGfFaoo QXXyM6XUfpHWmJaEPtAySe0CZ/fwOKvL/DKuuO7UbtjFmNc8Pm/e87p5lmprsaQ1 C+4pfXsV5ltdDO8eZU0ofOHAXA0qkDuizeixwEcG3sXnNqF4Hr7Oq4gF0TKwCAU9 6Hce0NYVY61YY64U0m+dCCsH5a9hMUlu48YGDA9JemKmeNLexR3TrxFC8LT8iqUW jXNygDD7GBfFBhIiYujUo3HwSCNW091OMy6Vb0DhcSOlL11LVpK2+eNLZ1aM3kHI 881Onen2evMjzZ3PcALw2SqN3Cmr8dqMp0YhrJc2jsZ6OXBrYSuSCYCw4A0tDlN7 GTusoqFobmipgXu+sksZh5A6h5uyThVTLikG3CQ72wvTDMzRBh1YrNPc027BLuKN k/KOoBv3Lkyan+pSEbzQCCchB2IQ/CSFHoD8jgfzcHehJ5qB1Mrwo97kwsh1qbvk IjGssbqyDrTmfrKVyl1ypeCi18l7pn9GrTzJwFoNUxmfd+42elwCrRPUdCYYZuR8 9Ne8uYegBwnvRQpDN5RCK73Bqpyi2lgyP10Ph20TvnQ3ACDNbb6247TOTPGnItGr G5g/FyojfAtvlnhe7+r4 =0axs -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Post Session Id
Hi All, A team I am working with use tomcat 7 as their web container. The application cannot use url session tracking due to compliance reasons. One of the requirements we are facing is that the application should work in an iframe on the safari web browser, which blocks all cookies. For this purpose I'd like to post some value around that acts as a session Id. However I'm not sure if this is possible? *I'm aware that this won't work for common paradigms such as POST-REDIRECT-GET.* Looking at CoyoteAdaptor.java seems to suggest that session Id can only be retrieved using SSL COOKIE and URL. COOKIE is out because of third party issues. URL is out because of compliance. SSL may be a possiblity but only if it doesn't involve custom client certificates. Is there any good place to hook in a post parameter for retrieving and reattaching the session? Regards Wesley
Re: Logrotate killing Tomcat
As far as I can see theres's no exception in this log. Is there anything of intrest a few lines before this? Like a stack trace. What does catalina.out say? On Wed, Apr 27, 2011 at 6:36 PM, Alex Carvalho da Silva alexc...@gmail.comwrote: Hi everyone, One tomcat server instance die when the logrotate run every week... The last info I get in the logs are : Apr 7, 2011 4:03:15 AM org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-8180 Apr 7, 2011 4:03:16 AM org.apache.catalina.core.StandardService stop INFO: Stopping service Catalina Apr 7, 2011 4:03:16 AM org.apache.catalina.ha.session.JvmRouteBinderValve stop INFO: JvmRouteBinderValve stopped Apr 7, 2011 4:03:17 AM org.apache.catalina.ha.session.DeltaManager stop INFO: Manager [localhost#] expiring sessions upon shutdown Apr 7, 2011 4:03:17 AM org.apache.catalina.loader.WebappClassLoader clearReferencesJdbc Running The Apache Tomcat 6.0 (6.0.32) Linux CentOS :2.6.18-194.17.4.el5 java version 1.6.0_24 There is not tomcat script on the /etc/logrotate.d/ How can I solve that problem? Thanks, Alex Carvalho
Re: New jsvc (commons-daemon-native); catalina.out is owned by root - WTF?
Can someone explain to me why logging as the tomcat user is a security risk? I don't like that behaviour but then again I don't understand it. Regards, Wesley Acheson On Wed, Dec 1, 2010 at 6:41 PM, Mladen Turk mt...@apache.org wrote: On 12/01/2010 11:55 AM, Gregor Schneider wrote: Sure, since Apache is usually started within root-context (sbin) - so that does make sense. Right but it drops the user to apache if instructed to do so. Even then logs are root owned, and this is security precaution (like with jsvc) And if you take a look into /var/logs, you can see exactly, that the logs inside this directory partly don't belong to root as long as they are not run within a root-context. A good example ist mysql: This is not good example. mysql doesn't need to run on privileged port, and if your tomcat doesn't need to run on port 80, and you don't wish to secure your installation why using jsvc at the first place? Regards -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] New Tomcat committer: Christopher Schultz (schultz)
Congratulations. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.29 hung
On Thu, Oct 21, 2010 at 1:11 AM, Jason Britton jbritto...@gmail.com wrote: Thankfully when I pulled up jvisualvm on the server and issued thread dumps, even though the stacktraces for the threads did not come up within jvisualvm the thread stacktraces were dumped to stdout. I think this is quite likely to be the result of kill -QUIT you mentioned earlier. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ApacheCon2010NA Meetup / Connector Performance
+1 I'd also like to see the results. It may be what I need to persuade my bosses about something. On Thu, Oct 14, 2010 at 11:03 PM, Pid p...@pidster.com wrote: On 14/10/2010 21:39, János Löbb wrote: On Oct 14, 2010, at 3:00 PM, Christopher Schultz wrote: All, Is there any interest in my (finally) presenting my performance data for Tomcat connectors versus Apache httpd at the conference meetup? I'd have to repeat my tests (my data is for 6.0.20 and we're on 6.0.29, now) plus add some stuff like static data via mod_jk just for a point of comparison to see what kind of overhead mod_jk adds to the mix. That kind means a pain in my arse with about 15 days to get it done. But, if there's interest, I'll get off my butt and show some purty pitchers at the meetup. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Chris, Can You post that also here on this list ? Wiki, then that link to list, is probably better - if at all possible. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: session won't timeout
There was a recient post on this where someone else had a similar problem. It turned out in her case to be an AJAX request being made in the background which kept the session alive. I can't seem to find a link to the thread in the archives but most of the advise given there for testing should be appropriate to this thread. On Thu, Sep 30, 2010 at 7:13 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Jing Chen [mailto:jin...@yahoo.com] Subject: Re: session won't timeout The results are different - in one case, the session is destroyed after 30 minutes; but in another case, the session stay active. First, look in Tomcat's logs to see if there's anything interesting in there regarding failures that might affect the session. Second, use Tomcat's manager app (or JConsole) to see what the timeout value of the sessions really is; something in your webapp might have changed it from the default. Third, turn on Tomcat's AccessLogValve to find out if the supposedly closed browsers are still sending in requests. Fourth, use Wireshark or equivalent on the client systems to see if any traffic is being sent to the Tomcat server, resetting the session timer. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [Fwd: WHY OCCURS THIS ERROR]
You may not have mapped tomcat to apache httpd correctly. What are you using AJP? mod_proxy? Can you send the relevant parts for your apache httpd configuration and for tomcat? (strip comments first) Wes 2010/9/28 Daniel Mérida dmer...@lcc.uma.es: If I have loaded succesfully my file whatevername.war, tomcat doesn't show any error in Logs and I can access to localhost:8080/whatevername without problem . . . Why occurs this error? Dani André Warnier wrote: Daniel Mérida wrote: Anybody knows some reason for this error? /Service Temporarily Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny2 with Suhosin-Patch mod_python/3.3.1 Python/2.5.2 mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0 Server at xxx..xx Port 443 / Mmmm. Let me guess : because the server is temporarily unable to service your request due to maintenance downtime or capacity problems ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0 and Windows 7
Its probably the Firewall / Anti Virus on the first machine, or its on a dodgy network connection. On Tue, Sep 28, 2010 at 4:20 PM, Julie Gautier j.gaut...@actes-sud.fr wrote: Hi again, I started by trying your second suggestion : I got another PC, on W7, and... it works (IE and FF) ! I really don't understand why it still doesn't work from the first one (new Dell PC) but that's good news for me : it doesn't seem directly related to W7. I'll try to understand why it doesn't work on the first machine but I don't even know where to search (I'll try at least to install the 6.0.29 version of Tomcat and tell you if it corrects the problem on the first PC)... I'll let the group know if I have news... Thanks anyway for your great help ! Julie -Message d'origine- De : André Warnier [mailto:a...@ice-sa.com] Envoyé : lundi 27 septembre 2010 22:17 À : Tomcat Users List Objet : Re: Tomcat 6.0 and Windows 7 Wesley Acheson wrote: Hi is that all thats in the log. It appears read timeout should be caused by an upstream IO Exception. That is obviously what the server is saying. It seems that the server is trying to read what the browser should be sending, but that the browser closes the connection before everything is sent. So the server tries to read from a closed connection, and that triggers an exception. The question is : why is the server only saying that for the Windows-7 station, and with 2 different browsers ? Apart from possibly the bug which Ongjen mentioned, I would recommend to Julie the following : 1) On both the Windows XP and the Windows-7 machine, install the HttpFox plugin/extension into the Firefox browser (find it on the www). (This is a very useful plugin, which can show you everything that goes from the workstation 's Firefox to the server, and vice-versa. It is an essential tool to diagnose this kind of issue.) Then activate the plugin (in a separate window) on both workstations, and do the upload again. Then compare what you see in the HttpFox windows. 2) get another, 3rd PC, preferably also Windows-7, to do the same test. This is just to find out if the issue is particular to that one specific Windows-7 PC, or to Windows-7 PCs in general. Wes On Mon, Sep 27, 2010 at 2:51 PM, Julie Gautier j.gaut...@actes-sud.fr wrote: Hello, I wrote a web application, that works great with a server under Tomcat 6.0.13 and client with Windows XP OS, in which user has to upload (text) files that are read and exploited. I tried this application (on a client machine) under Windows 7 and it works with uploaded files around 5-6 kb but if I try to upload a file around 60 kb, it doesn't work anymore and the localhost. .log trace file indicates the following error : org.apache.commons.fileupload.FileUploadException: Processing of multipart/form-data request failed. Read timed out at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.jav a:384) at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.jav a:268) at org.apache.struts.upload.CommonsMultipartRequestHandler.handleRequest(Common sMultipartRequestHandler.java:193) at org.apache.struts.util.RequestUtils.populate(RequestUtils.java:443) at org.apache.struts.action.RequestProcessor.processPopulate(RequestProcessor.j ava:796) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:203) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1192) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:430) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http 11Protocol.java:581
Re: Tomcat 6.0 and Windows 7
Hi is that all thats in the log. It appears read timeout should be caused by an upstream IO Exception. Wes On Mon, Sep 27, 2010 at 2:51 PM, Julie Gautier j.gaut...@actes-sud.fr wrote: Hello, I wrote a web application, that works great with a server under Tomcat 6.0.13 and client with Windows XP OS, in which user has to upload (text) files that are read and exploited. I tried this application (on a client machine) under Windows 7 and it works with uploaded files around 5-6 kb but if I try to upload a file around 60 kb, it doesn't work anymore and the localhost. .log trace file indicates the following error : org.apache.commons.fileupload.FileUploadException: Processing of multipart/form-data request failed. Read timed out at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.jav a:384) at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase.jav a:268) at org.apache.struts.upload.CommonsMultipartRequestHandler.handleRequest(Common sMultipartRequestHandler.java:193) at org.apache.struts.util.RequestUtils.populate(RequestUtils.java:443) at org.apache.struts.action.RequestProcessor.processPopulate(RequestProcessor.j ava:796) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:203) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1192) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:430) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:261) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http 11Protocol.java:581) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Unknown Source) Could you please help me to make my application work with client under Windows 7 ? Thanks in advance. Julie Gautier - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Re: Why an email list, and not a forum?
On Sun, Sep 26, 2010 at 12:23 AM, Mark Thomas ma...@apache.org wrote: On 24/09/2010 01:19, Brian wrote: Hi, Just a thought: Why is this support taking place in an email list, instead aof a web based forum? If you want a forum style interface, unsubscribe from the mailing list and use Nabble. My personal view is that e-mail offers many advantages, the most important of which is having a local off-line archive of the list traffic. I can read/reply/search without an internet connection. That would be impossible with a web only interface. Mark Google gears / HTML5 anyone. Naw seriously if you need to work without a connection that sucks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why an email list, and not a forum?
On Fri, Sep 24, 2010 at 9:28 AM, Mikolaj Rydzewski m...@ceti.pl wrote: On Fri, 24 Sep 2010 07:48:09 +0200, m.h.g.emme...@dnb.nl wrote: I agree. A forum would be more practical. It is much easier reading all postings on a topic. I find myself clearing my tomcat users list inbox every morning, while on forums I visit I check out the new or updated topics. The forums these days let you subscribe to topics or complete forums and send you a notification when a new topic gets started or updated. Use gmail to read list. You'll have a 'forum'. I do really hope we won't switch to web-based-something. -- Mikolaj Rydzewski - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org I noticed something. I've been subscribed to this ML for a long time, never participated much. I'm using gmail for the list and filter the messages into their own label and archive them. Recently I became involved in a discussion because it had a direct reflection on my experience in work. I ended up doing a simplistic patch which hasn't been accepted yet, however since that point I also had to join the dev mailing list. Since I had to check both ML's I've been doing it regularly, though it may just be a fad with me. The point is once your involved in something, doing more than just looking for answers a Mailing list is much better, it involves you much more directly. I don't have to check 10 sites for my 10 subscribed mailing lists. The emails are just there all filtered into their own labels (folders). So its probably better for a open source project to use a mailing list. The dev list has other special functions you just wouldn't see working with a forum, such as having the commit logs mailed, and the bugs mailed. This doesn't work well with forums as you'd either have one massive topic or spam with several little topics. Having said all that though I woudn't attempt to read these lists with outlook/outlook express or thunderbird. That just wouldn't work for me. So forums better for finding answers. Mailing lists better for participating. Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] In org.apache.catalina.connector.Request.doGetSession, java.lang.IllegalStateException: Cannot create a session after the response has been committed
On Fri, Sep 24, 2010 at 5:29 PM, Brian bbprefix-m...@yahoo.com wrote: Hi Christoper, The sessions expire if 2 hours have passed, and if that happens, the system forwards them to another page. I mean, in my programming I already considered what should happen if the session suddenly expired, and it should not arrive to this point. Thanks! You can't be sure that's whats happening though. The browser can make its own rules with session cookies. Unlikely but possible for the cookies to be deleted sometimes. Some people may not accept session cookies in the first place. Are you encoding the urls for sessions too? Where's the bean being set in an Interceptor, in a filter, on an earlier page in the session? Is it possible that you've missed a route to the pages which should always have this bean? Is it possible that people are directly navigating to the page that throws the error (say via a bookmark, or got a cached search engine result)? My advise would be (assuming you have an access log enabled that contains the session id). Look at the access log. Try to figure out the route the person took through your site. How long between page views? Was there some detail that they entered in the bean which was unserialiasble etc. I doubt anyone here can tell you the answer to your new problem, it too dependant on your new environment, however hopefully we will point you in a good direction to start looking. Also you can start a new thread as Christopher put but mark it OT. (if you don't believe tomcat is at fault). Regards, Wesley Acheson - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Consultant
At least two of the regular supporters of this mailing list work in spring source and one is one of the main committers to the tomcat project. To me that speaks wonders for the company. I've been trying to get my company to get them in for consultation too. To no avail. Wes On Fri, Sep 24, 2010 at 8:01 PM, Warren Henning warren.henn...@gmail.com wrote: http://www.springsource.com/support/professional-services SpringSource claims to be able to do this kind of thing. They were the first google result for tomcat consultant. Did you not search for that or did you disregard it? On Fri, Sep 24, 2010 at 10:25 AM, tdelesio tdele...@gmail.com wrote: My fortune 500 company is testing a pilot for switching over a J2EE web app over from Web Sphere application server to Tomcat and we are looking for a consultant to setup a crusted production instance of tomcat. Does anyone have any recommendations for a top notch consulting firm that could provide these services? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Logging Not Working Properly
On Sat, Sep 25, 2010 at 3:51 AM, Donald Winston satchwins...@yahoo.com wrote: resurrection.level=FINE (thanks everybody. You were helpful) Hey If I don't know I don't answer. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: catalina.log getting bigger causing fillup file system on unix
It looks like someone add a System.out.* inside a loop possibly as a debug. This is application logs, I see this all the time, someone just wants a quick debug and they print to system.out rather than using a logger. On Thu, Sep 23, 2010 at 8:30 PM, Patel, Biren G bpa...@telcordia.com wrote: Here is the logs from original email: Sep 16, 2010 12:55:54 PM org.apache.catalina.core.ApplicationContext log INFO: cgi: runCGI: write(dd ADD:00 09/16/2010 10:13:02 0600912345 0505266A9153 9153 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9203 9203 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9313 9313 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9253 9253 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9243 9243 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9323 9323 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9343 9343 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9263 9263 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9353 9353 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9373 9373 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9333 9333 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9363 9363 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9393 9393 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9293 9293 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9223 9223 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9283 9283 add ADD:00 09/16/2010 10:13:02 0600912345 0505266A9273 9273 add A) In normally case we have class name (log4j) that generates the log, I don't see that here. Second, why would it print same line (...add...) multiple times? Please let me know where do I look at. Regards, Biren G. Patel (732)699-4430 -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Thursday, September 23, 2010 2:13 PM To: Tomcat Users List Subject: Re: catalina.log getting bigger causing fillup file system on unix On 23/09/2010 09:30, Patel, Biren G wrote: Hi, I am using Tomcat 5.5.7 on AIX 5.3. The log file catalina.log is getting fill up quick causing file system to be 100 %, I am using default logging configuration. I see the following lines being dump into the log file. Can you please tell me what these log means ? Nope. That is application generated logging. You'll need to ask the app developers. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Automatically Add Session ID
On Thu, Sep 23, 2010 at 10:13 PM, Jeff Thorn j...@thorntechnologies.com wrote: Hi Max. Thanks for your response. I am sure there are no sessions now. Its a REST based XML API. What type of client is going to use the REST API? If its not browser based it may well not accept sessions. Thus you would have several session id's for the same client. Also the overhead is low. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat on Linux
Tommy, Most linux's will automatically install tomcat for you. I advise against fedora/red hat as the selinux part is difficult to configure. However it may add some security if you want it. Okay if you need help chosing a linux for tomcat, you should consider the following questions. Would you want to use a graphical console or a text based shell? Is this a production environment? Will you need support from the vendor? What package manager do they use etc. How much of the configuration process are you wanting the OS to do? I think most will set it up and install it as a service. On Ubuntu I found it very easy to install tomcat as a service. https://help.ubuntu.com/9.04/serverguide/C/tomcat.html but I'm confortable editing tomcats configuration by hand. Its really not that difficult to install tomcat yourself though. Regards, Wes On Mon, Sep 20, 2010 at 10:51 AM, Tommy Pham tommy...@gmail.com wrote: Thanks everyone for your input. I was hoping to get a better understanding of the differences between the flavors of Linux and how well and easy for me to run Tomcat. I guess I'll have to spend more time on various flavors. Thanks again, Tommy - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat on Linux
I thought that was the information he was looking for. No other reason for sending it. On Mon, Sep 20, 2010 at 10:14 PM, Pid p...@pidster.com wrote: On 20/09/2010 10:10, Wesley Acheson wrote: Tommy, Most linux's will automatically install tomcat for you. In the form of the not-very-popular-on-the-tomcat-users-list repackaged version. Okay if you need help chosing a linux for tomcat, you should consider the following questions. Would you want to use a graphical console or a text based shell? Is this a production environment? Will you need support from the vendor? What package manager do they use etc. How much of the configuration process are you wanting the OS to do? I think most will set it up and install it as a service. On Ubuntu I found it very easy to install tomcat as a service. https://help.ubuntu.com/9.04/serverguide/C/tomcat.html but I'm confortable editing tomcats configuration by hand. Its really not that difficult to install tomcat yourself though. 1. Download tar.gz 2. Unpack tar.gz 3. Run Tomcat 4. WIN* p * You can omit step 4, if that's too many steps. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HttpServletRequest.getParameter and PUT requests
On Mon, Sep 20, 2010 at 7:54 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, After reading a post on the cocoon-user mailing list (http://markmail.org/message/wzsgt4trlvztt6cr), I was reminded of our own discussion a few months back on this subject (http://markmail.org/message/dxgvu6fhcvp22xbo). I have decided to file an enhancement request and write a patch. Comments are definitely welcome. https://issues.apache.org/bugzilla/show_bug.cgi?id=49964 I don't see the patch. I see in the mail you've got your patch working with tc7 but still not seeing the patch. What comments were you looking for? That sounds arsey but It wasn't meant in that way. Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connect the same Database from two different web application
On Sat, Sep 18, 2010 at 1:17 PM, Rahul Deb Mohan ra...@zaloni.com wrote: Hello Everyone, I am using Hibernate to connect to my MySql Database using C3p0 connection pooling mechanism from my web application which is deployed in Tomcat. Eventually, now I need to develop a child application, using the same Database instance. So I have two application now : say Application A and Application B, and both will be deployed in a Tomcat Server and both has to use the same Database, let say my DB name is EmployeeDB. I defined Resource parameters separately for both of the application and have done all the settings that are required for the connectivity. Now when I deploy the applications, and try to run them, the first application ( it may be Application A or Application B) loads up properly, but the second application shows error as it could not connect to the Database. Whatever application I load first, it successfully connect to the Database, but second application fails to connect. I am guessing there must be some locking mechanism, provided by either Hibernate or the Tomcat, which is preventing me to do so. Please help me to overcome this issue as that is my fundamental requirement now. Thanks is advance. I am posting the stack trace hereby: [code]com.mchange.v2.cfg.BasicMultiPropertiesConfig: Properties object found at resource path [system properties] contains a value that is not a String: 25 Skipping... com.mchange.v2.cfg.BasicMultiPropertiesConfig: Properties object found at resource path [system properties] contains a value that is not a String: 25 Skipping... 921 [http-8990-4] ERROR org.hibernate.connection.C3P0ConnectionProvider - could not instantiate C3P0 connection pool java.lang.NullPointerException at java.util.Hashtable.put(Hashtable.java:394) at com.mchange.v2.c3p0.DataSources.pooledDataSource(DataSources.java:314) at org.hibernate.connection.C3P0ConnectionProvider.configure(C3P0ConnectionProvider.java:181) at org.hibernate.connection.ConnectionProviderFactory.newConnectionProvider(ConnectionProviderFactory.java:137) at org.hibernate.connection.ConnectionProviderFactory.newConnectionProvider(ConnectionProviderFactory.java:79) at org.hibernate.cfg.SettingsFactory.createConnectionProvider(SettingsFactory.java:448) at org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:89) at org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2101) at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1325) at com.duke.zaloni.studentdb.server.hibernate.HibernateUtil.clinit(HibernateUtil.java:17) at com.duke.zaloni.studentdb.server.LoginServletImpl.doPost(LoginServletImpl.java:33) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) Hibernate Error:Initial SessionFactory creation failed.org.hibernate.HibernateException: Could not instantiate C3P0 connection pool org.hibernate.HibernateException: Could not instantiate C3P0 connection pool at org.hibernate.connection.C3P0ConnectionProvider.configure(C3P0ConnectionProvider.java:185) at org.hibernate.connection.ConnectionProviderFactory.newConnectionProvider(ConnectionProviderFactory.java:137) at org.hibernate.connection.ConnectionProviderFactory.newConnectionProvider(ConnectionProviderFactory.java:79) at org.hibernate.cfg.SettingsFactory.createConnectionProvider(SettingsFactory.java:448) at org.hibernate.cfg.SettingsFactory.buildSettings(SettingsFactory.java:89) at org.hibernate.cfg.Configuration.buildSettings(Configuration.java:2101) at org.hibernate.cfg.Configuration.buildSessionFactory(Configuration.java:1325) at com.duke.zaloni.studentdb.server.hibernate.HibernateUtil.clinit(HibernateUtil.java:17) at
Re: Some problem of analyzing the tomcat logs
On Fri, Sep 17, 2010 at 9:17 AM, André Warnier a...@ice-sa.com wrote: Hi. In short and in my opinion, I think that you are re-inventing the wheel. There exist already numerous open-source programs which analyse web logs, and generally produce nice-looking graphics etc.. from them. And they do the splitting-up work properly, as long as you feed them the correct log format. Their documentation indicates how to do that. Look up webalizer, awstats etc.. Also, these programs are open-source, so you can look inside at how they do things, if you really want to write your own code. +1 There is a lot of software out there that gives good logs. However I don't know if many of them distinguish the file extensions which seems to be his problem? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] CI for Tomcat 6 and 7 docs now available
On Fri, Sep 17, 2010 at 1:27 PM, Mark Thomas ma...@apache.org wrote: This got me thinking. I recall at least one (André?) offer to help improve the documentation. This should make that a little easier, particularly for folks here to review the latest changes. I offered to do a generic correction on the building instructions of tc7 but haven't found time yet. If you do get involved then the process would be something along the lines of: (one time tasks) - install svn - install ant - checkout source - build Tomcat (per change task) So your saying apply each patch individually and rebuild after each? Or am I misreading? and then put the documentation for that patch in. - change docs - build Tomcat to test changes - use svn to create a patch - create a Bugzilla entry for the patch - committer reviews and applies the pacth / suggests changes Usually after a series of good patches the committers will get fed up with applying your patches for you and will make you a committer so you can do you own commits. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] CI for Tomcat 6 and 7 docs now available
On Fri, Sep 17, 2010 at 11:25 PM, André Warnier a...@ice-sa.com wrote: Mark Thomas wrote: ... If you want to start down this path and see how it goes, I am happy to talk you through step by step. I may (hem, probably will) need that at some point. But let me try following the basic steps you outlined, first. quoting : If you do get involved then the process would be something along the lines of: (one time tasks) - added : install or update Java JDK .. done - install svn .. done - install ant .. done - checkout source Ok, I'm here. I have a top directory c:\projects, under which I have already a couple of (unrelated) SVN repositories. Assuming I'd like first to have a look at the latest Tomcat 7.0 release, what do I do next ? I right-clicked on the directory, chose Tortoise SVN, then Create repository here, and it is asking me for a URL. I do not want to download the whole ASF repository, and not even all Tomcat versions, so what do I enter ? The current url for tc7 is http://svn.apache.org/repos/asf/tomcat/trunk - build Tomcat (per change task) - change docs - build Tomcat to test changes - use svn to create a patch - create a Bugzilla entry for the patch - committer reviews and applies the pacth / suggests changes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to solve To prevent a memory leak
I know there was a issue in older versions of tomcat that didn't release the mysql driver even if the driver wasn't referenced. What version are you runnning? Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Host Manager.
The way I've implemented this it does all the normal work of adding the host to the container before trying to persist the file. Now there are a lot of things that can go wrong when trying to write to a filesystem. Maybe the user doesn't have permission to update the file. Maybe the existing file is unparseable for some reason (that one shouldn't really happen). Maybe the security manager stops the user updating the file. etc. etc. So my question is what should be seen in the host manager in everyone's opinion if the file system changes aren't persisted? Some possibilities below: Should it still show success as its been added to the container.? Should the addition to the container be undone (rollback)? Should it show an error? Or two messages 1 for the container 1 for the file? If error messages are shown how much information should be shown to the client, a full stack trace, an informative message such as update server.xml:FAIL blocked by security manager Please feel free to pitch in anyone. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Host Manager.
Okay thats good feedback a lot more work though. On Fri, Sep 17, 2010 at 12:01 AM, André Warnier a...@ice-sa.com wrote: Wesley Acheson wrote: The way I've implemented this it does all the normal work of adding the host to the container before trying to persist the file. Now there are a lot of things that can go wrong when trying to write to a filesystem. Maybe the user doesn't have permission to update the file. Maybe the existing file is unparseable for some reason (that one shouldn't really happen). Maybe the security manager stops the user updating the file. etc. etc. So my question is what should be seen in the host manager in everyone's opinion if the file system changes aren't persisted? Some possibilities below: Should it still show success as its been added to the container.? Should the addition to the container be undone (rollback)? Should it show an error? Or two messages 1 for the container 1 for the file? If error messages are shown how much information should be shown to the client, a full stack trace, an informative message such as update server.xml:FAIL blocked by security manager Please feel free to pitch in anyone. Although I am not really competent, I will use your last phrase above as an excuse and pitch in. I understand what you are saying about what can go wrong, and I understand that conditions after a change may not be the same as when the change was started. But I find it particularly frustrating when I do a lot of work in an application, and when I want to save my work at the end, it comes and tells me that it cannot be saved, and does not provide any alternative (*). I would imagine that some of these reasons for not being able to write server.xml, can be tested ahead of time, and a warning message provided to the user as to that fact, before they start making changes. Also, maybe in case server.xml cannot be directly overwritten, an alternative path could be requested from the user ? (and/or the file could be written first as server.xml.new, and only renamed in a second step, which could fail). (*) the popup dialog with a single button Press OK to reboot comes to mind. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat on Linux
On Wed, Sep 15, 2010 at 10:08 PM, Tommy Pham tommy...@gmail.com wrote: Hi, I was wondering what flavor(s) of Linux, if applicable, do you use to develop? Em Windows. :P And what Linux flavor(s) do you have Tomcat running production on? Our Production environment is Solaris 10. Technically not linux but close enough. From time to time I use whatever flavour takes my fancy it shouldn't make too much difference. Linux tends to have good development tools no matter what the distro. Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat on Linux
Hi Christopher On Wed, Sep 15, 2010 at 11:18 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wesley, Our Production environment is Solaris 10. Technically not linux but close enough. Really? I haven't used Solaris in a long time, but back then it was definitely nothing like Linux except that ls gave you a directory listing in a terminal :) Okay its Unix. Which linux is (what a derivative) closely related to. I use vi on linux, vi on solaris. The filesystem is similar. Most unix commands are implement in linux. Bash is my shell of choice as in linux. Why we run Solaris. Thats the question really, because our parent company has a bunch of Solaris administrators. I would have preferred linux personally. Honeslty on a shell most commands are the same or very similar. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: session-timeout not taking effect
Pretty much as I thought. My tests were designed with this result in mind. Pretty bad way to test, I don't seem to help it though. I have an assumption then test accordingly. Anyway its using something called AJAX for other reasons. The downside it it keeps your sessions alive. Glad you sorted it out though. On Wed, Sep 15, 2010 at 6:13 PM, Debbie Shapiro dshap...@cardiacscience.com wrote: Official response from InetSoft: ** If you request for a report and leave it running in the browser in v10.2, the report will send a heartbeat beacon to the report server to let the server know that the report is still active, which will effectively keep the user session active. In v10.3, this has been enhanced so that the timeout value of the report will be taken into consideration, along with the heartbeat beacon mechanism instead of having the report be considered active if it is left open in the browser. ** So, apparently, this is InetSoft's programming causing this, not a Tomcat bug and the settings are correct. Guess I just need to wait till 10.3... *sigh*. Debbie Shapiro, Data Warehouse Manager Office: 425.402.2233 -Original Message- From: Debbie Shapiro Sent: Tuesday, September 14, 2010 4:17 PM To: 'Tomcat Users List' Subject: RE: session-timeout not taking effect waited an extra long time to test out the web page again, but it's still not timing out. I've asked InetSoft about the heartbeat requests. I'll update you all with what they say. Thanks! :-) Debbie Shapiro, Data Warehouse Manager Office: 425.402.2233 -Original Message- From: Debbie Shapiro Sent: Tuesday, September 14, 2010 3:24 PM To: Tomcat Users List Subject: RE: session-timeout not taking effect I tested out navigating to another web page in a different window and coming back to the web app page after it should have timed out, but no go. I just removed the comments for the access log as you mentioned below. What I'm seeing in the access log are heartbeat requests? Like follows. I'm not touching the page and I did navigate to another page after I ran the report... 10.5.2.18 - - [14/Sep/2010:15:22:03 -0700] POST /sree/Reports?op=heartbeatID=RA_QA[2f]PST[20]Complaints.12845027269201@ localisAJAXRequest=trueisContainer=falseisXML=false HTTP/1.1 200 - I don't know if this is because we're using LDAP for our security and InetSoft is checking this constantly. I have a feeling that's what it is though. :-( Debbie Shapiro, Data Warehouse Manager Office: 425.402.2233 -Original Message- From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Sent: Tuesday, September 14, 2010 2:48 PM To: Tomcat Users List Subject: Re: session-timeout not taking effect On Tue, Sep 14, 2010 at 11:39 PM, Debbie Shapiro dshap...@cardiacscience.com wrote: I should add that I am neither a Java nor a Tomcat expert by any means. Where would I find some of these settings? hmm may be a bit tricky I'm using IE to access this application. Where would one enable the access log? I essentially have the entire Tomcat installation using the defaults at installation, with the exception that I have included the InetSoft application directory in the webapps folder. Is a valve usually on server.xml If you reciently downloaded tomcat and haven't played with these files there a commented out access log valve which you can uncomment ( i.e. remove !-- and its end -- ) If I navigate to another website and immediately navigate back to the InetSoft page, it first displays a page that the login has expired and then prompts me to login again. I don't suppose you know if its using urlRewriting to keep sessions. There may be something in the browser address bar that says jsessionid. It's only if I leave the page up that it seems to not expire. My version of IE doesn't have tabs (I'm still on 6.0), so it's either change the current window to a new page or open a new window. Thats fine for the test. Change the current window by navigating to another site and back (You said before it asks you for a login). I'd advise a better browser however. I'm not sure how to determine that the session-timeout is anything other than 30 minutes aside from looking at the web.xml file. Not familiar with JConsole. I don't currently have the Tomcat manager running. I just found the documentation concerning that part of the app and I will see about getting that started. As I said, I have everything set to the defaults... Sorry for the stupid question but when you said the session should be expired, I assume you don't mean the report shouldn't still be on the screen. Is this a public website where someone could test? Wes - To unsubscribe
Re: Possible to proxy JMX?
On Mon, Sep 13, 2010 at 11:21 PM, Wesley Acheson wesley.ache...@gmail.com wrote: On Mon, Sep 13, 2010 at 11:12 PM, Pid p...@pidster.com wrote: On 12/09/2010 21:38, Wesley Acheson wrote: If it was possible to proxy JMX though I think it should be possible to have a small daemon application that proxy's tomcats JMX, and injects two commands, startup and restart. The idea being so this minimal java application could launch or relaunch tomcat. (I think it would need to call the startup.sh or startup.bat file) Wouldn't you just launch an embedded Tomcat instance? No cause that kind of defeats the point of having a shutdown. If peoples applications memory leak etc. You would want the container separate from the launcher. Dunno If I'm making sense with this. It does make sense in my head. You made me think of this, new in Java 6: http://download.oracle.com/javase/6/docs/api/javax/management/JMX.html Taking a look now p I guess people aren't interested in this or what I'm saying doesn't make sense. :( - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Class unloading in tomcat - PermGen Space
On Tue, Sep 14, 2010 at 4:36 PM, shivanic shivani.chan...@gmail.com wrote: 3. Is there any way to setup unloading of JSP's in the 5.X versions - either by using the custom classloader or any other way?. Thanks. Shivani I've heard of people unloading classes via a custom garbage collector. I don't have much details other than that you can try searching for it. I don't know how much millage it provides either. Also you do know you can increase permGen size. I don't know if that's an option for you or not. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: session-timeout not taking effect
On Tue, Sep 14, 2010 at 6:29 PM, Debbie Shapiro dshap...@cardiacscience.com wrote: I am using Tomcat 7.0 on a Windows 2003 Server 64-bit OS. I'm using the default settings for the web.xml file for session-timeout (30 minutes), but for some reason, the sessions aren't timing out at this point for users of the web app. Is there some reason why this setting would be ignored? I'm using Tomcat 7.0 with an InetSoft business intelligence implementation. Session timeout is the time out for the session if no requests are received from the client. What are the symptoms? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: session-timeout not taking effect
On Tue, Sep 14, 2010 at 7:17 PM, Debbie Shapiro dshap...@cardiacscience.com wrote: Hi Wesley - I logged in to my web app, ran a report and then left it alone for 45 minutes. Came back and tried to run another report. I was expecting to receive a prompt to login again, but instead it runs the second report. I also have a case open with InetSoft on this, but they are pointing me to my Tomcat configuration. Debbie Shapiro, Data Warehouse Manager Office: 425.402.2233 -Original Message- From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Sent: Tuesday, September 14, 2010 9:48 AM To: Tomcat Users List Subject: Re: session-timeout not taking effect On Tue, Sep 14, 2010 at 6:29 PM, Debbie Shapiro dshap...@cardiacscience.com wrote: I am using Tomcat 7.0 on a Windows 2003 Server 64-bit OS. I'm using the default settings for the web.xml file for session-timeout (30 minutes), but for some reason, the sessions aren't timing out at this point for users of the web app. Is there some reason why this setting would be ignored? I'm using Tomcat 7.0 with an InetSoft business intelligence implementation. Session timeout is the time out for the session if no requests are received from the client. What are the symptoms? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi Debbie, I wasn't saying that that was the problem exactly. There are a number of things you can do to check, just to rule it out. 1 . If you use firefox try the firebug plugin. Go to the net tab and run your test. Ensure no more requests are sent. 2. Enable the access log in tomcat. Ensure your requests aren't coming in more frequently than 1/2 an hour. 3. Run the test again but when you get the report. Navigate to another website. Leave it the half hour navigate back to the tomcat instance, check if your still logged in (Don't close the browser window for this test to be valid) 4. Ensure you aren't seeing cached versions of the pages. 5. Check if the session timeout is indeed set to half an hour. (Maybe this info is in jconsole I'm sure others on this list will know) If all this fails then it looks like you have a bug in tomcat on your hands. Test 1 2 and 3 aren't exclusive they all test the same thing. Take your pick. (personally I prefer 1 2) Regards, Wesley - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Class unloading in tomcat - PermGen Space
On Tue, Sep 14, 2010 at 6:21 PM, shivanic shivani.chan...@gmail.com wrote: Hello, We have already increased the max perm gen size - but that is not a permanent solution. As in, if the count of jsp's in the application which is already in a few thousands - increases twicefold - again the same problem would arise. Hence, was looking for something similar to what Mark suggested - but in version 5.x of tomcat. Thanks, Shivani Hmm thousands of jsp's takes a long time to write in my experience. Under how long an interval do you expect to double your thousands? Another question are the jsp's all very similar. Usually there is only a few overall page layouts in a normal project. Unless your project is very unusual if your expecting to write thousands more, It may imply there is a problem with your underlying architecture. Would it not be sensible to try in the future to encourage more code reuse within the team. I'm not saying your structure is wrong but I think you might want to take a look at it anyway. Please don't take offence at this statement. Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Class unloading in tomcat - PermGen Space
On Tue, Sep 14, 2010 at 10:15 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wesley, On 9/14/2010 2:44 PM, Wesley Acheson wrote: I'm not saying your structure is wrong but I think you might want to take a look at it anyway. ...and possibly switch to Velocity/Freemarker/whatever, which won't bust your PermGen space. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyP1/AACgkQ9CaO5/Lv0PBKVgCgmePdrqv3WY/9Ny6tQfg1RLoG 52QAnilbE4n56VUWmFpv8KShI14zW8rj =uPZR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Sorry was that directed at me. I mean are you telling me to look at those? Just asking cause you put my name on the top. I just thought it seemed like a sensible thing to advise that was all. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: session-timeout not taking effect
On Tue, Sep 14, 2010 at 11:39 PM, Debbie Shapiro dshap...@cardiacscience.com wrote: I should add that I am neither a Java nor a Tomcat expert by any means. Where would I find some of these settings? hmm may be a bit tricky I'm using IE to access this application. Where would one enable the access log? I essentially have the entire Tomcat installation using the defaults at installation, with the exception that I have included the InetSoft application directory in the webapps folder. Is a valve usually on server.xml If you reciently downloaded tomcat and haven't played with these files there a commented out access log valve which you can uncomment ( i.e. remove !-- and its end -- ) If I navigate to another website and immediately navigate back to the InetSoft page, it first displays a page that the login has expired and then prompts me to login again. I don't suppose you know if its using urlRewriting to keep sessions. There may be something in the browser address bar that says jsessionid. It's only if I leave the page up that it seems to not expire. My version of IE doesn't have tabs (I'm still on 6.0), so it's either change the current window to a new page or open a new window. Thats fine for the test. Change the current window by navigating to another site and back (You said before it asks you for a login). I'd advise a better browser however. I'm not sure how to determine that the session-timeout is anything other than 30 minutes aside from looking at the web.xml file. Not familiar with JConsole. I don't currently have the Tomcat manager running. I just found the documentation concerning that part of the app and I will see about getting that started. As I said, I have everything set to the defaults... Sorry for the stupid question but when you said the session should be expired, I assume you don't mean the report shouldn't still be on the screen. Is this a public website where someone could test? Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: session-timeout not taking effect
I'm guessing the only reason you run tomcat is to run this single application. It may be wise just to get a hosting company to do this for you they'll know a lot more about the security and configuration of the environment. Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Class unloading in tomcat - PermGen Space
On Wed, Sep 15, 2010 at 5:53 AM, shivanic shivani.chan...@gmail.com wrote: was searching for quick short term alternatives. Short term increae permgen size again. Discuss your problem with the external company, If they refuse then look at buying more hardware as a medium term solution Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Interesting wiki article and discussion: static versus transient Log references
Thats a useful refrence page. Thanks On Mon, Sep 13, 2010 at 3:23 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, For those who are interested, there is an interesting discussion surrounding an article on the Apache Commons Wiki regarding the use of static log references within library code deployed at a container level - such as Tomcat. I'm not sure it has any direct bearing on any of our readers, but some may find it interesting. Here's a link to the article: http://wiki.apache.org/commons/Logging/StaticLog Here a link to the discussion: http://markmail.org/thread/y5lmvy4xwosro36m Enjoy, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyOJdoACgkQ9CaO5/Lv0PCepACdGGEpVb1pwBlweoO4H67hw5iQ aioAn3PZMnb1930FWwPjQyzwk+JeWo1m =YL8A -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org That's a useful reference page. Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Want to get involved in Tomcat development?
So does martins comment answer this? On Sat, Sep 11, 2010 at 7:01 PM, Mark Thomas ma...@apache.org wrote: https://issues.apache.org/bugzilla/show_bug.cgi?id=49914 could be a good place to start. No idea if this is a bug or user error but from past experience my gut instinct is that this will be an easy one to research (and patch if necessary). If you want any pointers, (or have any other questions about fixing this issue) the dev list is the place to ask. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Possible to proxy JMX?
On Mon, Sep 13, 2010 at 11:12 PM, Pid p...@pidster.com wrote: On 12/09/2010 21:38, Wesley Acheson wrote: If it was possible to proxy JMX though I think it should be possible to have a small daemon application that proxy's tomcats JMX, and injects two commands, startup and restart. The idea being so this minimal java application could launch or relaunch tomcat. (I think it would need to call the startup.sh or startup.bat file) Wouldn't you just launch an embedded Tomcat instance? No cause that kind of defeats the point of having a shutdown. If peoples applications memory leak etc. You would want the container separate from the launcher. Dunno If I'm making sense with this. It does make sense in my head. You made me think of this, new in Java 6: http://download.oracle.com/javase/6/docs/api/javax/management/JMX.html Taking a look now p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Host Manager.
Okay I'm most of the way to a solution but I wouldn't mind if someone would take a look at a new WIP class and tell me what needs cleaning. Its not quite functional. Anyone interested? On Fri, Sep 3, 2010 at 4:44 AM, Wesley Acheson wesley.ache...@gmail.com wrote: Looked at that before not really convinced reworking that is easier than adding in an xml line or two via an xml writer. Willing to be convinced though. Wes On 9/3/10, Pid p...@pidster.com wrote: On 02/09/2010 21:06, Caldarale, Charles R wrote: From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Subject: Host Manager. Is there is no documentation for the host-manager? Very little that I've found. You can learn a bit about it by looking at its WEB-INF/web.xml file. If I remember correctly from this list it doesn't persist its settings is that correct? Correct. How many people would be interested in it persisting its settings, by editing the appropriate files. I would be interested. Note that there's only one file to edit: conf/server.xml. Is that in theory possible? It's all software... to add the folder structure and the appropiate context.xml files. That's not necessary - the conf/Catalina/[host]/... files are already created automatically as webapps are deployed under the new Host. Only conf/server.xml needs to be updated. Would it interfere too badly with tomcat while it was running? No, Tomcat only reads server.xml during startup. Whatever update mechanism is used must insure that the file is never in an unparsable state (e.g., don't update in place, instead create a new file and then rename it). May I gently steer you in the direction of the JMX API and the Catalina:type=Server.Operations.storeConfig() command? Not sure it works very well at the moment, but if it did... p - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Sent from my mobile device - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Host Manager.
On Sun, Sep 12, 2010 at 5:38 PM, Martin Gainty mgai...@hotmail.com wrote: could you configure public static void writeXml( Node n, OutputStream os ) throws TransformerException of org.apache.tomcat.util.DomUtil to trap TransformerFactoryConfigurationError http://cupi2.uniandes.edu.co/site/images/recursos/javadoc/j2se/1.5.0/docs/api/javax/xml/transform/TransformerFactory.html#newTransformer%28javax.xml.transform.Source%29 it seems at minumum one of these conditions to be satisifed to properly newInstance the TransformerFactory ? Use the javax.xml.transform.TransformerFactory system property. Use the properties file lib/jaxp.properties in the JRE directory. This configuration file is in standard java.util.Properties format and contains the fully qualified name of the implementation class with the key being the system property defined above. The jaxp.properties file is read only once by the JAXP implementation and it's values are then cached for future use. If the file does not exist when the first attempt is made to read from it, no further attempts are made to check for its existence. It is not possible to change the value of any property in jaxp.properties after it has been read for the first time. Use the Services API (as detailed in the JAR specification), if available, to determine the classname. The Services API will look for a classname in the file META-INF/services/javax.xml.transform.TransformerFactory in jars available to the runtime. Platform default TransformerFactory instance. ? Martin Gainty So far my attempt is here now. https://issues.apache.org/bugzilla/show_bug.cgi?id=48674 Your way sounds better though :( - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Possible to proxy JMX?
Hi I was wondering if Its possible to proxy a JMX service. I got to thinking a lot of people don't hot deploy for whatever reasons. They literally shut down tomcat and put in the new content and start it up again. If it was possible to proxy JMX though I think it should be possible to have a small daemon application that proxy's tomcats JMX, and injects two commands, startup and restart. The idea being so this minimal java application could launch or relaunch tomcat. (I think it would need to call the startup.sh or startup.bat file) What does everyone think? Would that be useful / possible? Its beyond my capabilities to write. I got to thinking about this after reading a misunderstanding in bugzilla. https://issues.apache.org/bugzilla/show_bug.cgi?id=49234#c70 and https://issues.apache.org/bugzilla/show_bug.cgi?id=49234#c71 with chamith buddhika's changes it really would be possible to do every step in this list. Including startup. Just an Idea really. I'm not going to attempt it. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat IIS - Understanding Context definition to access Webapps
On Sun, Sep 12, 2010 at 10:12 PM, Alexander Diedler adied...@tecracer.de wrote: I create in conf/Catalina/localhost a new file called webSiteA.xml with this content: --- try creating it in conf/Catalina/webSiteA. The folder structure is conf/[Engine]/[host] ?xml version='1.0' encoding='utf-8'? Context path=/ reloadable=true docBase=C:\Inetpub\wwwroot\SiteA distributable=true The path element will be ignored. I believe. Regards, Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: building tomcat 5.5 trunk
On Sat, Sep 11, 2010 at 6:06 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Subject: Re: building tomcat 5.5 trunk Reason I couldn't find the class in the 5.5 branch is a bit embarasing. I didn't set the classpath in eclipse and the find class shortcut doesn't see it. There's a reason I use grep... Yeah though i've it checked out in windows, and I don't have cygwin installed. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: context.xml being deleted out of conf/Catalina/[HOST]/ directory
On Fri, Sep 10, 2010 at 6:36 PM, Jason Britton jbritto...@gmail.com wrote: Could anyone give me an explanation what might cause my webapp's context configuration to be deleted out of the tomcat/conf/Catalina/[HOST]/ directory? I've got a foo.war file in the webapps directory, it gets exploded upon startup. It has its context definition residing in the file conf/Catalina/[HOST]/foo.xml. Every now and then foo.xml just gets up and blown away from the tomcat/conf/Catalina/[HOST]/ directory, usually upon a tomcat shutdown and startup. Any suggestions on what might be causing this deletion and how to prevent it from occurring would be greatly appreciated. Running tomcat 6.0.29 on 64-bit RHEL 5.5. Thanks a lot for your help, Jason Hi Jason, If you remove the war file your assoiated context files will be deleted. Do you think this may be related? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: context.xml being deleted out of conf/Catalina/[HOST]/ directory
On Sat, Sep 11, 2010 at 5:20 PM, Jason Britton jbritto...@gmail.com wrote: So even if my context still exists in exploded form in the webapps directory and I remove the .war form of the context, it'll remove the associated context.xml from the conf/Catalina/HOST/ directory? On Sat, Sep 11, 2010 at 8:12 AM, Wesley Acheson wesley.ache...@gmail.comwrote: On Fri, Sep 10, 2010 at 6:36 PM, Jason Britton jbritto...@gmail.com wrote: Could anyone give me an explanation what might cause my webapp's context configuration to be deleted out of the tomcat/conf/Catalina/[HOST]/ directory? I've got a foo.war file in the webapps directory, it gets exploded upon startup. It has its context definition residing in the file conf/Catalina/[HOST]/foo.xml. Every now and then foo.xml just gets up and blown away from the tomcat/conf/Catalina/[HOST]/ directory, usually upon a tomcat shutdown and startup. Any suggestions on what might be causing this deletion and how to prevent it from occurring would be greatly appreciated. Running tomcat 6.0.29 on 64-bit RHEL 5.5. Thanks a lot for your help, Jason Hi Jason, If you remove the war file your assoiated context files will be deleted. Do you think this may be related? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Yes I believe so. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: WEB-INF
Leo judging from the answers you've got. I think it may be better to state what you want to achieve. I'm not clear if you want to prevent access or allow access at the moment. Especially with the security role and no access. Is it that you want to protect your source code. Prevent access, prevent access under certain circumnstances. Or is it just you want the best way of not having something accessible through the outside world? Sorry If my questions don't make most sense. Regards, Wes On Fri, Sep 10, 2010 at 4:35 PM, michel compu...@videotron.ca wrote: - Original Message - From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, September 10, 2010 10:32 AM Subject: RE: WEB-INF From: michel [mailto:compu...@videotron.ca] Subject: Re: WEB-INF You get direct access to any JSP if you specify the URL. Not true. There is no direct client access to anything under WEB-INF. --Chuck, do you mean things like URL rewrites and such are ignored if you puta JSP in WEB-INF?Michel - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
building tomcat 5.5 trunk
HI I'm trying to build tomcat 5.5 trunk (to look further at Marks comment. http://marc.info/?l=tomcat-userm=128350009319985w=2 ). Trying to run ant download on build.xml gives me an error. Does the build.xml depend on me having subversion installed on my machine? The error I get when trying to run ant with no arguments is: C:\icarus\workspace\tc5.5\build\resources\build.xml:120: The following error occurred while executing this line: C:\icarus\workspace\tc5.5\build\resources\build.xml:101: Execute failed: java.io.IOException: Cannot run program svn: CreateProcess error=2, The system cannot find the file specified However building.txt implies its only needed to checkout source which I've already done. The error for ant download is C:\icarus\workspace\tc5.5\build\build.xml:2058: The following error occurred while executing this line: C:\icarus\workspace\tc5.5\build\build.xml:2148: Problem expanding gzip Unexpected end of ZLIB input stream Regards, Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: building tomcat 5.5 trunk
Actually I'm not being smart in these questions at all. What I want to do is investigate the code that writes the server.xml It doesn't matter if I'm able to build it or not. There is some code that tries to save server.xml in the 5.5. tree. It was used by the admin app. Mark Is anyone familiar with the part of code that tries to write server.xml and where to find it. Simiarly I'm trying to find the code that is called by the MBean server in the 6.0 branch. I'm currently looking at public synchronized void storeConfig() throws Exception { ObjectName sname = null; try { sname = new ObjectName(Catalina:type=StoreConfig); if(mserver.isRegistered(sname)) { mserver.invoke(sname, storeConfig, null, null); } else log.error(StoreConfig mbean not registered + sname); } catch (Throwable t) { log.error(t); } } but I can't figure out what Catalina:type=StoreConfig refers to. I don't see a StoreConfig class and I'm not familiar with JMX. If its refering to a method called storeConfig I can only see that in classes that eventually call the piece of code posted. Sorry for being a pain just trying to understand. Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: building tomcat 5.5 trunk
On Sat, Sep 11, 2010 at 12:32 AM, Wesley Acheson wesley.ache...@gmail.com wrote: but I can't figure out what Catalina:type=StoreConfig refers to. I don't see a StoreConfig class and I'm not familiar with JMX. If its refering to a method called storeConfig I can only see that in classes that eventually call the piece of code posted. Nevermind It isn't registered. Nothing happens when this is called in tc (6.0.29 anyway). Called from the manager by going to localhost/manager/save and although I got a saved message the following was written. 11-Sep-2010 00:42:22 org.apache.catalina.core.StandardServer storeConfig SEVERE: StoreConfig mbean not registeredCatalina:type=StoreConfig same result though jconsole. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: building tomcat 5.5 trunk
On Sat, Sep 11, 2010 at 12:49 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Subject: Re: building tomcat 5.5 trunk Is anyone familiar with the part of code that tries to write server.xml and where to find it. Familiar would be a bit strong, but at least some of the code you're looking for is in these locations in the 5.5 branch: container/webapps/admin/WEB-INF/classes/org/apache/webapp/admin/CommitChangesAction.java container/modules/storeconfig/src/share/org/apache/catalina/storeconfig/StoreConfig.java Simiarly I'm trying to find the code that is called by the MBean server in the 6.0 branch. I think that's the bit you need to create for 6.0 and above. I can't figure out what Catalina:type=StoreConfig refers to. AFAICT, it refers to a class that doesn't exist in the 6.0 branch (I suspect it was removed during the 6.0 reorganization). Look at 5.5 for examples. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Okay thanks Chuck, I've reached the same conclusion myself. Although It appears to be available in jconsole and the manager I don't think it is, also the methods appear to succeed. I think maybe it should throw an exception if its not registered. Reason I couldn't find the class in the 5.5 branch is a bit embarasing. I didn't set the classpath in eclipse and the find class shortcut doesn't see it. Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: pool error timeout waiting for idle object
On Thu, Sep 9, 2010 at 8:57 AM, sasidhar prabhakar sasidhar1...@gmail.com wrote: My application sometimes responding very slow. When I observed the logs, it is showing these lines Cannot get a connection, pool error Timeout waiting for idle object. The maximum connections on oracle I set 150. When I query for present sessions or process it is showing 70 to 80 and decreasing to minimum of 52, sometimes it grows up to 100 above also and it decreasing back to minimum. In tomcat I configured max threads 300. context.xml is Context path= reloadable=true Resource accessToUnderlyingConnectionAllowed=true auth=Container driverClassName=oracle.jdbc.OracleDriver maxActive=200 maxIdle=10 maxWait=8000 validationQuery=SELECT * from dual testOnBorrow=true removeAbandoned=true removeAbandonedTimeout=30 logAbandoned=true name=jdbc/ds password= type=javax.sql.DataSource url= username=/ Resource auth=Container name=mail/Session type=javax.mail.Session mail.smtp.host=localhost/ /Context For few days I am getting this problem. More than likely a problem with your Oracle. When you can't get the sessions are you able to get them through another means such as toad or SQLDeveloper. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multi level webapp
If I understand correctly you want to serve content from http://localhost/Gabjur from one web application and another application from http://localhost/Gabjur/AD etc. Is that the requirement or am I missing anything. Do these war files have any interconnected content? What version of tomcat are you using exactly? Are there any messages written to catalina.out? Which Java version are you using. Regards, Wesley Acheson On Thu, Sep 9, 2010 at 11:47 AM, Oscar Segarra Rey osega...@gencat.cat wrote: Hi, We have an application (Gabjur) composed for several modules (AD, AX, FD...) that should be served throug: http://localhost/Gabjur/AD http://localhost/Gabjur/AX http://localhost/Gabjur/FD... 1.- I have created the context file Gabjur#AD.xml, Gabjur#AX.xml and so on... 2.- I have renamed the .war's to Gabjur#AD.war, Gabjur#FD.war 3.- System deploys perfectly the .war files. The appears when application has to be started. When application starts up it creates automatically a file in the WEB-INF\classes folder called dfc.keystore but for any reason it is nota ble to create it in a folder containing the # character and therefore application does not start up. Is there any workarround to create a multilevel application ? Thanks a lot. Oscar Segarra Rey Àrea de tecnologies de la informació i les comunicacions Departament de la Presidència C/ Sant Honorat 1-3 - 08002 Barcelona 934024834 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multi level webapp
On Thu, Sep 9, 2010 at 1:24 PM, Pid p...@pidster.com wrote: On 09/09/2010 10:47, Oscar Segarra Rey wrote: When application starts up it creates automatically a file in the WEB-INF\classes folder called dfc.keystore Why not create it in the temporary directory assigned to the application, instead? getServletContext().getAttribute(javax.servlet.context.tempdir) p It was my understanding that you would just need to enter path in the context.xml ?xml version='1.0' encoding='utf-8'? Context path=/Gabjur/AD /Context But that doesn't seem to work for me. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multi level webapp
It was my understanding that you would just need to enter path in the context.xml ?xml version='1.0' encoding='utf-8'? Context path=/Gabjur/AD /Context But that doesn't seem to work for me. Nevermind just re-read the documentation. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multi level webapp
Oscar, I've only one last suggestion if you need it to work this way. And that would be to front tomcat with apache httpd. Use mod_proxy_http or similar along with a rewrite rule. I don't understand why path would be ignored in context.xml but that is the way it is, and I wasn't looking at these lists when that decision was taken. Sorry Wes Regardless, the OP is ignoring Mark's original point: the webapp is in violation of the spec by trying to create files within its deployment directory - that's always a bad idea. Yeah I know but I was trying to find a solution anyway. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Multi level webapp
On Thu, Sep 9, 2010 at 4:11 PM, Mark Thomas ma...@apache.org wrote: On 09/09/2010 14:21, Wesley Acheson wrote: Oscar, I've only one last suggestion if you need it to work this way. And that would be to front tomcat with apache httpd. Use mod_proxy_http or similar along with a rewrite rule. Bad idea. I have seen far too many apps break in all sorts of weird and wonderful ways when you change the context path in your reverse proxy. I assume this is all on the application vendors fault, not tomcats? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with SSI
This thread may help. http://www.pubbs.net/201009/tomcat/979-question-on-ssi.html On Thu, Sep 9, 2010 at 10:09 PM, jeffo1b j...@selectenergypartners.com wrote: Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff, On 9/8/2010 7:46 PM, jeffo1b wrote: Finally, i have a file called test.shtml that has the following code: !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/html4/loose.dtd; html head meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1 titletester/title /head body hi there !-- #include file=/inc.html -- /body The inc.html file is in the same directory as the test.html file. You meant test.shtml, right? when I run the file, i simply see the hi there and none of the contents of the inc.html file. How do you request (not run) the file? What is the URL? What is the contents of the file? Do you get the !-- #include ... -- still in the file? If that's the case, then either the SSI filter isn't running at all, or your syntax is incorrect. I'm not sure how picky the SSI parser is, but it appears that you have this: !-- #include file=/inc.html -- and the parser is looking for this: !--#include file=/inc.html -- Also, the (Apache httpd) documentation for #include /file/ is to a relative path /on the disk/ which would suggest that /inc.html would have to be put into your server's root directory. Probably not a good idea. Instead, try using /virtual/ like this: !--#include virtual=inc.html -- This is also a relative path, but it's relative to the current URL, so if you request http://host/app/test.shtml, it will include http://host/app/inc.html 1. i don't have the invoker servlet un-commented. is this required? No. You must choose between the filter and the servlet implementations. Actually, I don't see why you couldn't use both simultaneously, but they recommend against using both. 2. i got totally lost on the reg -exp discussions. i am not in the IT world and it was simply beyond my skill set. You might need to get someone else to configure this for you, then. For now, set the regular expression to .* (without quotes, of course). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyJM8UACgkQ9CaO5/Lv0PBa6ACghr7EdFCN0nJtUBb0sTfOz6ZN qGsAnRox5ShzLC4OZoHMhkbr7vusG9HP =3Elg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org I'm sure it was a combination of both, but I changed !-- #include file=/inc.html -- to !--#include virtual=inc.html -- and it worked! Thank you, and apologies for the poor use of terminology nomenclature. Now, if I can just figure out how to do recursive .jsp includes... -- View this message in context: http://old.nabble.com/Problems-with-SSI-tp29645512p29670889.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: URL Rewrite
On Mon, Sep 6, 2010 at 11:02 AM, Pid p...@pidster.com wrote: On 05/09/2010 23:40, Hassan Schroeder wrote: On Sun, Sep 5, 2010 at 3:23 PM, michel compu...@videotron.ca wrote: Or, uh, just don't *ever* use relative links, period. Sorry, but I don't understand why. In most cases relative links are great, simply because they are 'self-updating' when the page gets moved. ? Obviously not. If you move a page with relative links up or down a hierarchy (whether by actually moving it or referencing it from somewhere else, as in this case) it's broken. Period. +1 Michel, you have this the wrong way round. Hard-coding is a last-resort solution. I don't believe I used relative links anywhere in the last 7 or 8 years. No, it's the only sane way to write URLs. Sorry, I've spent too much time in the last 15 years fixing pointlessly broken stuff because other people thought the same thing. +1 NB: if your best solution is to add the rarely* used base href=, then you are, in effect, causing the links to behave as absolute ones. * It's rare for a reason. p Are we talking about absolute links like http://example.com/test; or /test (as opposed to test). If we are talking about the former my advise would be pretty much opposite to others advise. You pretty much prevent mirroring and deploying applications to multiple environments becomes a pain if you specify the domain part of a url for all URLS. Much better when working on a team is to define what url syntax should be used along with specific guidelines on how or why each part is used. I've commonly run into problems where people have hard coded full absolute urls into a deployable artifact (not java) alongside the the content it was supposed to be pointing to. After a while the company decides to no longer host the resource and the website of everyone who has that artifact breaks. Regards, Wes
Re: URL Rewrite
Please send a new email to the list rather than reply to an unrelated topic. On Mon, Sep 6, 2010 at 12:09 PM, Subrat Kumar Pattnaik patnaik.sub...@gmail.com wrote: I can not login to Apache Tomcat 7 managerplease tell me the configuration On Mon, Sep 6, 2010 at 2:32 PM, Pid p...@pidster.com wrote: On 05/09/2010 23:40, Hassan Schroeder wrote: On Sun, Sep 5, 2010 at 3:23 PM, michel compu...@videotron.ca wrote: Or, uh, just don't *ever* use relative links, period. Sorry, but I don't understand why. In most cases relative links are great, simply because they are 'self-updating' when the page gets moved. ? Obviously not. If you move a page with relative links up or down a hierarchy (whether by actually moving it or referencing it from somewhere else, as in this case) it's broken. Period. +1 Michel, you have this the wrong way round. Hard-coding is a last-resort solution. I don't believe I used relative links anywhere in the last 7 or 8 years. No, it's the only sane way to write URLs. Sorry, I've spent too much time in the last 15 years fixing pointlessly broken stuff because other people thought the same thing. +1 NB: if your best solution is to add the rarely* used base href=, then you are, in effect, causing the links to behave as absolute ones. * It's rare for a reason. p -- Let everyday b a dream u can touch. Let everyday b a luv u can feel. Let everyday b a reason to live bcoz life indeed is beautiful. Have a Gud day. Subrat P. +91-9439518745
Re: logging in problem in Tomcat 7
Have you followed the steps per: http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html? Regards, Wesley Acheson On Mon, Sep 6, 2010 at 12:58 PM, michel compu...@videotron.ca wrote: Please specify the problem beyond I cannot login. - Original Message - From: Subrat Kumar Pattnaik patnaik.sub...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Monday, September 06, 2010 6:51 AM Subject: logging in problem in Tomcat 7 I can not login to Apache Tomcat 7 managerplease tell me the configuration - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Manager documentation.
Hi is the documentation at http://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html correct. It seems to mention manager as the role then manager-script. particularly this excerpt - *MemoryRealm* - If you have not customized your $CATALINA_BASE/conf/server.xml to select a different one, Tomcat defaults to an XML-format file stored at $CATALINA_BASE/conf/tomcat-users.xml, which can be edited with any text editor. This file contains an XML user for each individual user, which might look something like this: user name=craigmcc password=secret roles=standard,manager-script / which defines the username and password used by this individual to log on, and the role names he or she is associated with. You can add the * manager* role to the comma-delimited roles attribute for one or more existing users, and/or create new users with that assigned role. - *JDBCRealm* - Your user and role information is stored in a database accessed via JDBC. Add the *manager-script* role to one or more existing users, and/or create one or more new users with this role assigned, following the standard procedures for your environment. - *JNDIRealm* - Your user and role information is stored in a directory server accessed via LDAP. Add the *manager-script* role to one or more existing users, and/or create one or more new users with this role assigned, following the standard procedures for your environment. The first time you attempt to issue one of the Manager commands described in the next section, you will be challenged to log on using BASIC authentication. The username and password you enter do not matter, as long as they identify a valid user in the users database who possesses the role * manager*.
Re: what is the username and password
Assuming you mean for the manager application still then no we can't you need to alter the tomcat-users.xml as in the links you were given previously. The role should be manager-script and the password is whatever you set in the tomcat-users file. Regards, Wesley Acheson On Mon, Sep 6, 2010 at 4:29 PM, Subrat Kumar Pattnaik patnaik.sub...@gmail.com wrote: Can any one tell me what is the user name and password for Tomcat 7
Re: Best practice for running Tomcat on port 80
On Tue, Sep 7, 2010 at 4:34 AM, jan gestre ipcopper...@gmail.com wrote: I'm using the latest 6.0.29 binary distribution, and I don't have an idea where to download jsvc, if it's already included I don't know the location, could someone please enlighten me on how to do this. It can be downloaded as part of this bundle http://commons.apache.org/daemon/download_daemon.cgi. Instructions are here http://commons.apache.org/daemon/jsvc.html. Dunno how to use it even after reading the instructions though. Regards, Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ThreadLocal and NIO
Hi, Currently we use a filter and log4j's NDC to store details of the request such as our identifier for the user and their Ip address. We then have a log pattern which puts these details in the log. This way if we have any errors we can easily associate them back to the origional request. This works very well. Currently we are using 6.0.18. However, If I understand it correctly. If we change to use NIO for the connectors it isn't thread per request any longer so setting something into log4j's NDC which uses ThreadLocal may not associate the variable with the actual request. Is this correct? If it is is there any way I can consistantly append the details of the session with the current activity such as running a SQL query. I'm not keen on passing the session details through every call on our system. Regards, Wesley Acheson
Re: [email] Dynamic attachments in mailer taglib 2 using JavaBean
No Ferindo. What he's saying is you are calling the class not an instance of the class. You can only call a class if the method is stactic. http://download.oracle.com/javase/tutorial/java/javaOO/classvars.html On Fri, Sep 3, 2010 at 3:32 PM, Ferindo Middleton ferindo.middle...@gmail.com wrote: That's what I can't understand. Should my call to the bean be a valid non-static code to get that value? I am new to java javabeans. The statement you wrote is exactly my statement in the JSP: yourbeanname.getTempFilePath() Is the same as: RadTicketsFileDownloadForEmailAttachmentBean.getTempFilePath() How else do I make this statement in a non-static way? Ferindo On Sep 3, 2010, at 7:13 AM, Pid p...@pidster.com wrote: On 03/09/2010 04:49, Ferindo Middleton wrote: I've written a javabean that connects to a database, downloads a file, and one of the getter methods returns the complete file path to the file. The problem I have is: when the JSP runs and gets to the part where it gets the file path to pass to the taglib, I get an error message that is typical of a reference to a nonstatic variable. This concerns me as I thout getter methods in javabeans would inherently returns values that are valid instance variables in a JSP. I will paste my getter method below, the JSP call to that method and the error message below: any guidance is welcome. Thank you: Getter method in jsvabean (javabean compiles fine): public String getTempFilePath() { this.downloadedfilename= tempFilePath; return this.downloadedfilename; } JSP call to getter method above: jsp:useBean id=getFilePath scope=request class=hall.RadTicketsFileDownloadForEmailAttachmentBean jsp:setProperty name=getFilePath property=fileId value=${all_attachments_for_this_ticket_row.id} / jsp:setProperty name=getFilePath property=originalFileName value=${all_attachments_for_this_ticket_row.attachment_name} / c:forEach items=${all_attachments_for_this_ticket.rows} var=all_attachments_for_this_ticket_row %-- /RadTicketsFileDownloadForEmailAttachment?attachmentId=${ all_attachments_for_this_ticket_row.id }fileName=${all_attachments_for_this_ticket_row.attachment_name} --% mt:attach type=application/octet-stream name=${all_attachments_for_this_ticket_row.attachment_name} filename=%= RadTicketsFileDownloadForEmailAttachmentBean.getTempFilePath() % / /c:forEach /jsp:useBean ... And the error message: org.apache.jasper.JasperException: Unable to compile class for JSP: An error occurred at line: 97 in the jsp file: /web/radtickets/ticket_email_response/ticket_email_response_dispatcher_page.jsp Cannot make a static reference to the non-static method getTempFilePath() from the type RadTicketsFileDownloadForEmailAttachmentBean 94: 95: 96:%-- /RadTicketsFileDownloadForEmailAttachment?attachmentId=${ all_attachments_for_this_ticket_row.id }fileName=${all_attachments_for_this_ticket_row.attachment_name} --% 97:mt:attach type=application/octet-stream 98:name=${all_attachments_for_this_ticket_row.attachment_name} 99:filename=%= RadTicketsFileDownloadForEmailAttachmentBean.getTempFilePath() % / 100: So don't make a static reference to the bean: RadTicketsFileDownloadForEmailAttachmentBean.getTempFilePath() yourbeanname.getTempFilePath() p 0x62590808.asc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies after starting
This looks like you've got many instances started at once (at least the end part of it does). Ensure that it is shut down fully before starting again. Are you the only user on this machine or is it shared? Other users may have the same ports used for a given reason. Its intresting that the JK connector was able to connect. But basically it looks like its running. On that machine if your the only user try typing telnet localhost 8005 SHUTDOWN Then clear the log file and startup again. See if you get any more java.net.BindException appearing in that log. For the record the bind exception means it couldn't attach to the port. Oh and a stack trace is not well explained here http://en.wikipedia.org/wiki/Stack_trace but it should give you the idea. from your own logs this is a single stack trace. The first line tells you the type of error (SocketException) along with a text descriptor of the error (Address already in use) The other lines tell you the Class name and method called. As this is a stack the error happened in the top line which was called by the line below etc etc. for example at java.net.PlainSocketImpl. listen(PlainSocketImpl.java:380) means happened in a class called PlainSocketImpl in a method called listen. PlainSocketImpl.java:380 refers to the location in the physical file which is called PlainSocketImpl.java line number 380 java.net.SocketException: Address already in use at java.net.PlainSocketImpl. socketListen(Native Method) at java.net.PlainSocketImpl.listen(PlainSocketImpl.java:380) at java.net.ServerSocket.bind(ServerSocket.java:320) at java.net.ServerSocket.init(ServerSocket.java:185) at java.net.ServerSocket.init(ServerSocket.java:141) at org.apache.tomcat.util.net.DefaultServerSocketFactory.createSocket(DefaultServerSocketFactory.java:50) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1014) at org.apache.catalina.core.StandardService.initialize(StandardService.java:680) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:795) at org.apache.catalina.startup.Catalina.load(Catalina.java:524) at org.apache.catalina.startup.Catalina.load(Catalina.java:548) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Aug 24, 2010 4:06:01 PM org.apache.catalina.startup.Catalina load Regards, Wes Aug 24, 2010 4:06:00 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/jdk1.6.0_21/jre/lib/amd64/server:/usr/java/jdk1.6.0_21/jre/lib/amd64:/usr/java/jdk1.6.0_21/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib Aug 24, 2010 4:06:00 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/jdk1.6.0_21/jre/lib/amd64/server:/usr/java/jdk1.6.0_21/jre/lib/amd64:/usr/java/jdk1.6.0_21/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib Aug 24, 2010 4:06:01 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Aug 24, 2010 4:06:01 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 754 ms Aug 24, 2010 4:06:01 PM org.apache.coyote.http11.Http11Protocol init SEVERE: Error initializing endpoint java.net.SocketException: Address already in use at java.net.PlainSocketImpl.socketListen(Native Method) at java.net.PlainSocketImpl.listen(PlainSocketImpl.java:380) at java.net.ServerSocket.bind(ServerSocket.java:320) at java.net.ServerSocket.init(ServerSocket.java:185) at java.net.ServerSocket.init(ServerSocket.java:141) at org.apache.tomcat.util.net.DefaultServerSocketFactory.createSocket(DefaultServerSocketFactory.java:50) at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:538) at org.apache.coyote.http11.Http11Protocol.init(Http11Protocol.java:176) at org.apache.catalina.connector.Connector.initialize(Connector.java:1014) at org.apache.catalina.core.StandardService.initialize(StandardService.java:680) at
Re: Question on SSI
On Thu, Sep 2, 2010 at 6:45 AM, Marc Chamberlin m...@marcchamberlin.com wrote: Perhaps this does say it, Wesley, but I am going to argue that, like a lot of documentation, too much is assumed about the readers level of background understanding. Maybe if you could come up with some concrete suggestions then I think the project owners may be intrested. I'm not talking for them though whatever I say is just what I think. In this instance, as an outsider, I do not understand the model inside the Tomcat server about just how the contentType parameter is going to be used, or what text/x-server-parsed-html(;.*)? is, does, or will do. Take the following jsp as an example %@ page language=java contentType=text/html; charset=ISO-8859-1 pageEncoding=ISO-8859-1% !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/html4/loose.dtd; html head meta http-equiv=Content-Type content=text/html; charset=ISO-8859-1 titleInsert title here/title /head body /body /html The content type is defined in the above jsp as text/html. Thats the mime type that will be sent back to a browser. Not all jsp's however need to return text/html this is equally valid. And has a very different response in a browser. %@ page language=java contentType=text/xml; charset=UTF-8 pageEncoding=UTF-8% ?xml version=1.0? roottext id=messageHello from an xml file/text/root Or in the case of a servlet the contentType may be defined by response.setContentType(). http://tomcat.apache.org/tomcat-5.5-doc/servletapi/javax/servlet/ServletResponse.html#setContentType%28java.lang.String%29 The final piece of the puzzle is understanding what tomcat does when you don't set a content type such as serving a static file. Firstly it looks in the web.xml of your application to see if it should match a mime type to a file extension. Then it looks in its web.xml in its conf directory. If you read the web.xml in its conf directory you should see: !-- mime-mapping extensionshtml/extension mime-typetext/x-server-parsed-html/mime-type /mime-mapping -- This indicates that (when uncommented) the mime type returned to the browser for a request to *.shtml will have the mime type of text/x-server-parsed-html now I've no idea if thats standard or not but it was used back in the apache httpd server 1.3 days. http://httpd.apache.org/docs/1.3/mod/mod_include.html Internet searches resulted in nothing informative, so to me this is a black box using a magic incantation and I do not have a way to grok how to manipulate it. Same applies to your answer of using text/html(;.*)? for the content type. This is the standard mime type of most webpages are in. The only reason I added the (;.*)? is it was in the initial expression and it had to do something. ?? Right!?? This is perhaps a very unusual form of a reg expression, if I were to interpret it, I would guess it is trying to match a string text/html; followed by an arbitrary set of characters, but I cannot be certain, and perhaps the semi-colon is being used in a way that I am unfamiliar with... TBH me either, I've just looked it up though. It appears that mime type can have a ; symbol after them followed by the name of the applications that should handle them. I never knew that, So the example I see at http://sylpheeddoc.sourceforge.net/en/manual/manual-14.html is application/pdf; xpdf so it appears that the expression is text/html followed by a ; followed by 1 or more characters where the expression group a ; followed by 1 character may occur at zero or more times. And if I am correct, I still do not understand what string is being matched against, though I might take a wild guess and guess that it is matching the content declaration in the meta tag of an html document... but then I got no clue what test/x-server-parsed-html(;.*)? is going to match against, and I cannot find any information about such a document type, so I remain lost... Whats being matched is what would be served to the browser if the included file was served. For example jsp's often begin. Some mime types are more intuitive than others, but not entirely. While I can understand the need to associate simpler concepts, like a jpeg image with something to handle .jpeg files, I really cannot say I understand the mapping fully to understand just how that mapping is done. Many sites are willing to list these mime types and repeat the same sort of list that is found in the web.xml file, but they do not reveal just what is going to happen or how the mapping gets modeled/translated into an action. So, IMHO what is needed is some additional links in the documentation, to places where concepts such as these are better defined... Also as a side note you can have multiple mappings for one filter.So in production based on your requirements I'd do the following filter-mapping filter-namessi/filter-name url-pattern*.html/url- pattern
Re: Question on SSI
On Thu, Sep 2, 2010 at 9:22 PM, Wesley Acheson wesley.ache...@gmail.comwrote: Far too much. Anyway I'm also interested in the ; mime types if anyone has any better reference. Also what does tomcat do if serving a static file with an unlisted extension?
Host Manager.
Few Questions Is there is no documentation for the host-manager? If I remember correctly from this list it doesn't persist its settings is that correct? How many people would be interested in it persisting its settings, by editing the appropriate files. Final question. Is that in theory possible? to add the folder structure and the appropiate context.xml files. Would it interfere too badly with tomcat while it was running? I really like the idea of the host manager. If it persisted its features I may actually have used it. Regards, Wes
Re: Host Manager.
On Thu, Sep 2, 2010 at 10:42 PM, Jordan Michaels jor...@viviotech.netwrote: I'd be interested as well. I've actually been meaning to get to this myself and submit a patch to make the changes persist, but my schedule has been too hectic for any extra-curricular work recently. If you don't (and I'm hoping you will)... I will get to it eventually. ;) -Jordan On 09/02/2010 01:06 PM, Caldarale, Charles R wrote: From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Subject: Host Manager. Is there is no documentation for the host-manager? Very little that I've found. You can learn a bit about it by looking at its WEB-INF/web.xml file. If I remember correctly from this list it doesn't persist its settings is that correct? Correct. How many people would be interested in it persisting its settings, by editing the appropriate files. I would be interested. Note that there's only one file to edit: conf/server.xml. Is that in theory possible? It's all software... to add the folder structure and the appropiate context.xml files. That's not necessary - the conf/Catalina/[host]/... files are already created automatically as webapps are deployed under the newHost. Only conf/server.xml needs to be updated. Would it interfere too badly with tomcat while it was running? No, Tomcat only reads server.xml during startup. Whatever update mechanism is used must insure that the file is never in an unparsable state (e.g., don't update in place, instead create a new file and then rename it). - Chuck I don't have a huge amount of time right now but yeah as far as I understand it, it shouldn't be tooo difficult. I do have another side project (in php) which Is probably more urgent to me. However I was thinking about doing this. Really I'm not sure what way the community is supposed to feed in its desires at the moment. So I thought maybe the best way was to ensure there was some interest here before committing myself. Wes
Re: Host Manager.
On Thu, Sep 2, 2010 at 10:06 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Wesley Acheson [mailto:wesley.ache...@gmail.com] How many people would be interested in it persisting its settings, by editing the appropriate files. I would be interested. Note that there's only one file to edit: conf/server.xml. Honestly I thought there was more than one going from this http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html Is that in theory possible? It's all software... to add the folder structure and the appropiate context.xml files. That's not necessary - the conf/Catalina/[host]/... files are already created automatically as webapps are deployed under the new Host. Only conf/server.xml needs to be updated. I've just created a host using the host manager. And deployed a war. I don't see such a file. just the manager.xml Would it interfere too badly with tomcat while it was running? No, Tomcat only reads server.xml during startup. Whatever update mechanism is used must insure that the file is never in an unparsable state (e.g., don't update in place, instead create a new file and then rename it). Understood for server.xml is the same true of the context files though?
Re: Host Manager.
Looked at that before not really convinced reworking that is easier than adding in an xml line or two via an xml writer. Willing to be convinced though. Wes On 9/3/10, Pid p...@pidster.com wrote: On 02/09/2010 21:06, Caldarale, Charles R wrote: From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Subject: Host Manager. Is there is no documentation for the host-manager? Very little that I've found. You can learn a bit about it by looking at its WEB-INF/web.xml file. If I remember correctly from this list it doesn't persist its settings is that correct? Correct. How many people would be interested in it persisting its settings, by editing the appropriate files. I would be interested. Note that there's only one file to edit: conf/server.xml. Is that in theory possible? It's all software... to add the folder structure and the appropiate context.xml files. That's not necessary - the conf/Catalina/[host]/... files are already created automatically as webapps are deployed under the new Host. Only conf/server.xml needs to be updated. Would it interfere too badly with tomcat while it was running? No, Tomcat only reads server.xml during startup. Whatever update mechanism is used must insure that the file is never in an unparsable state (e.g., don't update in place, instead create a new file and then rename it). May I gently steer you in the direction of the JMX API and the Catalina:type=Server.Operations.storeConfig() command? Not sure it works very well at the moment, but if it did... p - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Sent from my mobile device - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies after starting
Can you put in the beginning of the stack trace? Some things to look at make sure that you have permission to bind to the port that you've set your http connection to. (you probably won't be able to bind to port 80 on a linux box) RHEL5 has selinux installed by default which may cause problems. I'm not sure. Ensure nothing else is listening to that port. Regards, Wesley Acheson On Wed, Sep 1, 2010 at 9:00 AM, jan gestre ipcopper...@gmail.com wrote: Hi Everyone, I'm using 6.0.26 tomcat binary in my RHEL5 box, it was configured for high availability using DRBD, it was already working for more than a week already but all of a sudden it stopped working, tomcat just dies, restarting it manually does not help either. Here's my setup: RHEL5 64bit Sun Java 1.6 SDK 64 bit Tomcat 6.0.29 Here's my catalina.out log which is the same as the catalina.2010-09-01.log: logs/catalina.out at org.apache.catalina.connector.MapperListener.destroy(MapperListener.java:176) at org.apache.catalina.connector.Connector.stop(Connector.java:1135) at org.apache.catalina.core.StandardService.stop(StandardService.java:596) at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744) at org.apache.catalina.startup.Catalina.stop(Catalina.java:648) at org.apache.catalina.startup.Catalina$CatalinaShutdownHook.run(Catalina.java:692) Sep 1, 2010 1:44:26 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-8080 Sep 1, 2010 1:44:26 PM org.apache.catalina.connector.Connector stop SEVERE: Coyote connector has not been started --- Here's the log when it was working/running: catalina.2010-08-23.log Aug 23, 2010 3:00:16 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Aug 23, 2010 3:00:16 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Aug 23, 2010 3:00:16 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/16 config=null Aug 23, 2010 3:00:16 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 513 ms Aug 23, 2010 3:10:19 PM org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-8080 I've already googled similar issues but did not find any concrete solution. Will appreciate any help. Many thanks in advance. Jan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies after starting
On Wed, Sep 1, 2010 at 3:28 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Wesley Acheson [mailto:wesley.ache...@gmail.com] Subject: Re: Tomcat dies after starting Of course you can - but you have to use the proper technique, such as starting Tomcat via jsvc or using iptables. I know that. I was trying to keep it simple. As in if you start what is the first thing to look at. You can't bind to port 80 (or any port below 1024) as a non root user unless you apply a work around. - Chuck Are you happier with that response. I was only trying to help. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on SSI
On Wed, Sep 1, 2010 at 10:13 PM, Marc Chamberlin m...@marcchamberlin.com wrote: Hello - I am running a Tomcat6.0 server both stand-alone and with Eclipse, and am in the process of developing a webapp that I will want to make available to all our users via a server side include statement. I have this working in a limited sense, in that I got it working using the filter version but was unsuccessful getting the servlet version working, which is acceptable. (I am not clear on what the real difference between the two approaches is, documentation is non-existent as far as I could find). Anywise, what I have working, works so long as the !--#include virtual=somefile.html -- is in a .shtml file, but this will be unacceptable. I need this feature to also work from inside normal .html and .htm as well as .jsp files as that is what our users will expect. I have fooled around with the filter-mapping segment in the server's web.xml file but so far no joy in finding a solution. Have you tried modifying this section? filter-mapping filter-namessi/filter-name url-pattern*.shtml/url-pattern /filter-mapping To look more like this filter-mapping filter-namessi/filter-name url-pattern*/url-pattern /filter-mapping Also change the section init-param param-namecontentType/param-name param-valuetext/x-server-parsed-html(;.*)?/param-value /init-param The param-value must be a regular expression that will meet the following mime types text/x-server-parsed-html or text/html. My regular expressions aren't great so I'll leave that for an exercise. I think this should work with html and htm. I'm not so sure about JSP, hopefully someone else can clear this up. Note there is an overhead with scanning all your files for SSI comments but I don't think it should be too bad. Again someone more experienced should be able to answer. Searches (lots of em!) on the internet have not provided me with an answer, though I have gotten hints that it is doable. Could some kind guru help me grok this and guide me to the light? Many thanks in advance Marc Chamberlin Note I got this info from reading the web.xml that came with tomcat 6 it may be different depending on your version. Regards, Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: FileUploadBase$IOFileUploadException
Hi Paul Check the maxPost size on your connector. Also that libary may be trying to read/write to an area of disk that It isn't able to. Also the FileUpload has its own limits on file size. Have you looked at http://commons.apache.org/fileupload/using.html? Regards, Wes On Wed, Sep 1, 2010 at 10:53 PM, Paul Szynol pj...@columbia.edu wrote: Hi, folks, I am using apache's fileupload jar in a couple of webapps, and one of them just started throwing this exception when the user tries to upload an image bigger than 1 meg. org.apache.commons.fileuploa d.FileUploadBase$IOFileUploadException: Processing of multipart/form-data request failed. /upload__529be8aa_12acec7e12c__8000_000 0.tmp (Permission denied) Directory permissions are set correctly. Has anyone encountered and solved a similar problem? Thanks, Paul - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
META - Thread Hijacking
I've seen complaints about thread hijacking but I always see them as different threads in my mail client. (Gmail) should I be using different software to subscribe to the list I think I've replied to them (threadjacks) a few times :S Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on SSI
On Thu, Sep 2, 2010 at 12:24 AM, Marc Chamberlin m...@marcchamberlin.com wrote: On 9/1/2010 1:46 PM, Wesley Acheson wrote: On Wed, Sep 1, 2010 at 10:13 PM, Marc Chamberlin m...@marcchamberlin.com wrote: Have you tried modifying this section? filter-mapping filter-namessi/filter-name url-pattern*.shtml/url-pattern /filter-mapping To look more like this filter-mapping filter-namessi/filter-name url-pattern*/url-pattern /filter-mapping Thanks Wesley for taking the time to answer, much appreciated! Yes, I have tried this filter mapping / url-pattern with no joy. Also have tried a url-pattern of *.html and no joy either Also change the section init-param param-namecontentType/param-name param-valuetext/x-server-parsed-html(;.*)?/param-value /init-param The param-value must be a regular expression that will meet the following mime types text/x-server-parsed-html or text/html. My regular expressions aren't great so I'll leave that for an exercise. Hi Marc, Okay the suggestion was to do these two changes in conjunction with one another as I understand it the mapping says what URLS this is applied on and the init-param says what the mime type has to be. To test simply, just to see if we are on the right track try chaning the filter-mapping as above, but change init-param param-namecontentType/param-name param-valuetext/x-server-parsed-html(;.*)?/param-value /init-param to init-param param-namecontentType/param-name param-valuetext/html(;.*)?/param-value /init-param And test it on a html page. If I'm right it will work but shtml won't. Really need a regularexpression writer. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: META - Thread Hijacking
Have you ever searched the list archives? Hijacked threads are harmful. I appreciate those complaints being on the list, so that I won't waste my time replying (and increasing the mess). In that case the answer is yes. I should read this in a threaded client. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on SSI
On Thu, Sep 2, 2010 at 1:16 AM, Marc Chamberlin m...@marcchamberlin.com wrote: Thanks Wesley!!! That did the trick, and yes, shtml does not work... But this should be ok for our needs, our users don't create .shtml files, and this also worked for .jsp and .htm files as well as .html... Documentation on the Tomcat site should be updated to discuss this, IMHO... And it might be an interesting exercise to figure out how to make this work for all files if one is looking for exercises... ;-) For the record, the documentation actually does say it. You need to know what mime types are though. *contentType* - A regex pattern that must be matched before SSI processing is applied. When crafting your own pattern, don't forget that a mime content type may be followed by an optional character set in the form mime/type; charset=set that you must take into account. Default is text/x-server-parsed-html(;.*)?. Green emphisis assuming the mailing list allows html mail is mine. Also as a side note you can have multiple mappings for one filter.So in production based on your requirements I'd do the following filter-mapping filter-namessi/filter-name url-pattern*.html/url- pattern /filter-mapping filter-mapping filter-namessi/filter-name url-pattern*.htm/url- pattern /filter-mapping filter-mapping filter-namessi/filter-name url-pattern*.jsp/url- pattern /filter-mapping That should fix it. In case your wondering what mime types that are used in tomcat they are all listed in the web.xml in the conf subfolder of tomcat.
Re: Deploying ROOT application errors.
I reinstalled tomcat to another directory and it all works fine now :( Now I'm confused. Its the same zip file I used for tomcat yesterday. Anyway issues closed for the moment. Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deploying ROOT application errors.
On Tue, Aug 31, 2010 at 12:05 AM, Wesley Acheson wesley.ache...@gmail.com wrote: Hi, I assumed that this would be fixed by now still having a problem with the same application. Setup the same. Except trying with tomcat 6.0.29 which I downloaded today. I was unable to get to the bottom of it. I think I can probably reduce the test case however. Setup is tomat 6.0.29 java version 1.6.0_20 Java(TM) SE Runtime Environment (build 1.6.0_20-b02) Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing) Windows Vista 32 bit Running as administrator. More Info it seems to work correctly if the war file is deployed after tomcat has started. However if the war file is there when I start tomcat it is undeployable. SEVERE: [C:\icarus\tomcat\webapps\ROOT\WEB-INF\lib] could not be completely dele ted. The presence of the remaining files may cause problems 31-Aug-2010 00:18:29 org.apache.catalina.startup.ExpandWar deleteDir SEVERE: [C:\icarus\tomcat\webapps\ROOT\WEB-INF] could not be completely deleted. The presence of the remaining files may cause problems 31-Aug-2010 00:18:29 org.apache.catalina.startup.ExpandWar deleteDir SEVERE: [C:\icarus\tomcat\webapps\ROOT] could not be completely deleted. The pre sence of the remaining files may cause problems 31-Aug-2010 00:18:29 org.apache.catalina.startup.ExpandWar delete SEVERE: [C:\icarus\tomcat\webapps\ROOT] could not be completely deleted. The pre sence of the remaining files may cause problems 31-Aug-2010 00:18:29 org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive ROOT.war - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deploying ROOT application errors.
Sorry I don't understand what's happening. It is working now but It didn't work the first time I deployed to the new Tomcat instance. I got a bunch of warnings saying not able to remove from filesystem and checked the offending jar was in the filesystem too. However after shutting down tomcat deleting the offending war and exploded webapp restarting. I can deploy / undeploy to my hearts content. However shutting down tomcat and stating up again brings back my original problem. On Tue, Aug 31, 2010 at 12:05 AM, Wesley Acheson wesley.ache...@gmail.com wrote: Hi, I assumed that this would be fixed by now still having a problem with the same application. Setup the same. Except trying with tomcat 6.0.29 which I downloaded today. I was unable to get to the bottom of it. I think I can probably reduce the test case however. Setup is tomat 6.0.29 java version 1.6.0_20 Java(TM) SE Runtime Environment (build 1.6.0_20-b02) Java HotSpot(TM) Client VM (build 16.3-b01, mixed mode, sharing) Windows Vista 32 bit Running as administrator. On Thu, Jul 16, 2009 at 11:54 PM, Mark Thomas ma...@apache.org wrote: Wesley Acheson wrote: Theres only two jars and their not used. The flippant reply would be Well delete them then and the problem will go away WEB-INF/lib/mysql-connector-java-5.1.6.jar As soon as I saw that, I suspected it would be the one causing grief and... However the webapp isn't deployed correctly it still only contains WEB-INF/lib/mysql-connector-java-5.1.6.jar The problem is that if you put a jdbc driver jar in the lib directory, it gets registered with DriverManager automatically. I don't know if this is off topic but how is a jar file which isn't referenced yet registered? Is it Reflected to see if its a JDBC jar? Try de-registering it with a context listener (which you'll need to do anyway to avoid a permgen leak on reload). As an aside, Tomcat tries (and fails) to fix this for you automatically. That should be fixed in the next 6.0.x release. If you still see the problem when the driver is de-registered, I can take a look with a profiler. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Deploying ROOT application errors.
Sorry for the double/treble post earlier I started one reply saved as a draft. Then found out more details posted them and accidently sent the draft also. details below. Looks like you have a locked JAR file. That is indicative of a memory leak. You need to figure out a) which JAR can't be deleted and b) what is holding the reference to it. Mark On Thu, Jul 16, 2009 at 11:54 PM, Mark Thomas ma...@apache.org wrote: Wesley Acheson wrote: WEB-INF/lib/mysql-connector-java-5.1.6.jar As soon as I saw that, I suspected it would be the one causing grief and... However the webapp isn't deployed correctly it still only contains WEB-INF/lib/mysql-connector-java-5.1.6.jar The problem is that if you put a jdbc driver jar in the lib directory, it gets registered with DriverManager automatically. Still that jar file. I haven't even declared a resource in web.xml. At the moment its only sitting in libs because I intend to use it. And as per your instructions last year I'm trying to deregister with DriverManager via a context listener. As an aside, Tomcat tries (and fails) to fix this for you automatically. That should be fixed in the next 6.0.x release. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: clear text keystore password in server.xml
On Fri, Aug 27, 2010 at 2:36 PM, Mark Thomas ma...@apache.org wrote: On 27/08/2010 13:19, Vijay wrote: Hi Mark, I guess I am getting the point you are trying to make .. As long as the password or (the encrypted password and the secret key) are present at some location (file system / database/ etc) .. there is a security gap .. I agree with this .. Bingo! This said, I am trying to find a way to get tomcat work with an encrypted password. [given the fact there is no way anyone can get to the secret key for decrypting the password] Can't be done. As a minimum some secret has to be visible to the process running Tomcat. Which also means it is visible to any user with root privileges. By far the simplest solution is to have the tomcat user own server.xml and make that file owner readable only. You can, if you want to make server.xml more widely visible, use property replacement or XML entities to move the password to a separate file and then lock down that file. You also need to lock down any code run by Tomcat to stop a back-door being inserted. This includes web applications. Alternatively (for web applications) you could run under a security manager. Frankly this rapidly gets to the point where it is easier to: a) limit access to the machine to people you trust b) accept that if an attacker compromises the machine through Tomcat then the password is going to be compromised I have seen a lot of other 'solutions' proposed for this problem and I have yet to see one that isn't anything more than smoke mirrors designed to fool people (many of who should know better) into thinking the password is far more secure than it really is. Mark Thanks! Vijay On Fri, Aug 27, 2010 at 4:07 PM, Mark Thomas ma...@apache.org wrote: On 27/08/2010 11:26, Vijay wrote: For prototyping purposes, I am embedding the secret key in the program itself. If the solution works out, having it in a secure database is an option I am considering.. And how do you propose to provide the password Tomcat uses to access this secure database? Mark On Fri, Aug 27, 2010 at 3:45 PM, Mark Thomas ma...@apache.org wrote: On 27/08/2010 10:41, Vijay wrote: I am looking to write a wrapper class that decrypts the password passed as an environment variable to tomcat, and then sets the system property javax.net.ssl.keyStorePassword inside the JVM itself. And how do you propose to provide the secret key required to perform the decryption? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org I've been giving this whole issue a lot of thought. And not just now for months now. I was wondering if the following was possible in theory, When tomcat is started up it prompts for the password? Wouldn't that help with the whole smoke and mirrors situation? Regards, Wes - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: clear text keystore password in server.xml
If the hacker has root privilages I'm pretty sure you have worse problems. On Fri, Aug 27, 2010 at 7:14 PM, djohn...@desknetinc.com wrote: André Warnier a...@ice-sa.com wrote on 08/27/2010 12:32:43 PM: Ken Bowen wrote: If you wanted to go down this path, besides the web page for entering the password, you could add sending alerts to the cells of all your sysadmins to improve the probability of the password being entered in a timely manner. Perhaps Tomcats in clusters could obtain the password from their brethren. And to complete the circle and make it all more user-friendly, I would also add the password to the SMS being sent. At least it would avoid having the sysadmins sticking it on a Post- It on their screens. So all the hacker with root privileges has to do is temporarily replace the sysadmins list with a single a phone number, and then restart Tomcat, and (s)he is in business... - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: multiple instances on a server
I think the reason for doing this in ruby is that ruby is single threaded, I've been told. The JVM isn't. This is of course muddied with Jruby. http://stackoverflow.com/questions/3086467/confused-are-languages-like-python-ruby-single-threaded-unlike-say-java-for Anyway I don't see any reason you should need to install two instances. I believe that they'll both end up running in the same JVM also but again could be wrong. On Fri, Aug 27, 2010 at 6:57 PM, S Ahmed sahmed1...@gmail.com wrote: Hi, If you have a server with 15 GB of ram (or any large number for arguments sake), does it ever make sense to run multiple instances of tomcat on the same server? (serving http requests for the same web application) Or can a single instance utilize all the server resources just fine efficiently? The reason I am asking is that I have read that those hosting ruby on rails, or python web applications usually run multiple instances of their respective web server, each running on its own port, and then proxied using haproxy or the like. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: multiple instances on a server
On Fri, Aug 27, 2010 at 9:41 PM, Pid p...@pidster.com wrote: On 27/08/2010 18:51, Wesley Acheson wrote: I think the reason for doing this in ruby is that ruby is single threaded, I've been told. The JVM isn't. I'm raising an eyebrow. Huh? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Best practices for deployment on cluster environment
An ant deploy perhaps? Through the manager thats what we intend to move to. On Thu, Aug 26, 2010 at 4:17 PM, Pid p...@pidster.com wrote: On 26/08/2010 15:03, André Warnier wrote: Luca Gervasi wrote: On Wed, 2010-08-25 at 10:50 -0300, Fernando Morgenstern wrote: Hi, I have a Tomcat cluster environment with 4 servers. I was wondering that is the best way to deploy an application on 4 servers at the same time. At a first moment, i thought about having a script that would copy war files to all servers using rsync. Basically i upload the war file to the first server and them use this script to copy to other tomcat servers. Could you share your experience with this kind of environment? Is this the best way to deal with deployment? Thank you, Fernando M. Morgenstern - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org In such enviroment i think that you should deploy once in the NAS/SAN (i mean, unpack the war) and use the shared filesystem in ro in each istance. Btw i'm pretty interested in more answers :) And I believe that this is bad advice (but I am also willing to be contradicted). Nope. You're right, it's a really bad idea. Hosts, let alone servers, should not share an appBase. p Suppose you do this, and one Tomcat notices and starts redeploying the application. What about the other ones which are in the process of serving requests, and would suddenly find a missing or changed servlet under their nose ? At least, you would need some kind of mechanism to tell all Tomcats : wait a minute, do not process any more requests to this application while it is being redeployed, no ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org