Re: Should Tomcat continue to support SSI?

[Mark Thomas]

On 07/06/17 16:34, Emmanuel Bourg wrote:
> Le 7/06/2017 à 16:51, Christopher Schultz a écrit :
> 
>> What about separating SSI out into a separate (sub?) project and
>> removing it from Tomcat core?
> 
> +1, I was about to suggest this as well.

I was more motivated by reducing the volume code we have to maintain
rather than the volume of code we ship by default.

I've no objection if someone wants to tweak the build to split this out
into a separate module but I'm still interested to hear if anyone is
using this code.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A question about websocket API-- Annotation ServerEndpoint

[王琳]

Thank you



--
View this message in context: 
http://tomcat.10.x6.nabble.com/A-question-about-websocket-API-Annotation-ServerEndpoint-tp5064163p5064200.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 8/NIO performance discrepancies

[kmaxwilliams43]

Gvhuf

Envoyé de mon smartphone BlackBerry 10.
  Message d'origine  
De: Astrat Goe
Envoyé: mercredi 7 juin 2017 21:29
À: Tomcat Users List
Répondre à: Tomcat Users List
Objet: Re: Tomcat 8/NIO performance discrepancies


> On Jun 8, 2017, at 4:28 AM, Mark Thomas  wrote:
> 
> On 07/06/17 20:25, Piyush Kumar Nayak wrote:
>> Mark,
>> 
>> It may not be important, but just to be clear, I'm not testing on localhost. 
>> My JMeter and Tomcat are on different machines, with 1 Gbps NIC interfaces 
>> between them.
> 
> I'm aware you were using two machines but that doesn't appear to be a
> significant factor in the observed differences.
> 
>> Can you also please provide some pointers on the following:
>> - How did you disable session on your JSP?
> 
> Look in the index.jsp for the ROOT web application that ships with
> Tomcat for an example. Full details are in the JSP specification.
> 
>> - Did you observe anything that suggests that the client is not closing the 
>> connections?
> 
> Yes. This looks like a JMeter issue. It isn't the first time JMeter has
> given strange results under load. I've switched to ab which I have found
> to be generally much more reliable for these sorts of tests.
> 
> I'm still seeing significant differences in BIO with and without an
> executor.
> 
> I'm still looking for the root cause. I have noticed that without an
> executor I see far fewer keep-alive requests than I'd expect. That could
> explain the difference, or some of it at least.
> 
> Mark
> 
> 
>> I did not specify the implementation for the HTTP sampler that I configured 
>> with JMeter, and it is not set in my jmeter.properties file. So, going by 
>> JMeter's documentation, Apache HttpComponents HttpClient 4.x. should be in 
>> use.
>> 
>> Thanks
>> Piyush.
>> 
>> -Original Message-
>> From: Mark Thomas [mailto:ma...@apache.org] 
>> Sent: Wednesday, June 07, 2017 8:27 PM
>> To: Tomcat Users List 
>> Subject: Re: Tomcat 8/NIO performance discrepancies
>> 
>> On 06/06/17 09:10, Piyush Kumar Nayak wrote:
>>> Thanks, Mark.
>>> 
>>> Here are some additional details.
>> 
>> Thanks. These help a lot to make sure we are testing (at least roughly) the 
>> same thing.
>> 
>>> I am using Apache JMeter to inject load. I am using a simple hello-world 
>>> JSP.
>>> 
>>> The test JMX simulates 100 concurrent user threads with a ramp-up of 5 secs 
>>> and uses an HTTP Cookie Manager, that reuses cookies for each user thread.
>> 
>> I've disabled session in the JSP for my test and used a simpler JSP.
>> That should amplify any difference in connector performance.
>> 
>> I'm also testing on localhost.
>> 
>>> I have disabled access log in tomcat. All the other server.xml settings are 
>>> the default.
>>> 
>>> 
>>> The BIO with Executor configuration we are using is:
>>> >> maxThreads="150" minSpareThreads="4"/>
>>> 
>>> >> connectionTimeout="2"
>>> redirectPort="8443" />
>> 
>> FYI for anyone following along. That is a non-executor config. The connector 
>> needs to specify the executor it wants to used.
>> 
>> I do see odd behaviour with BIO + executor. It locks up very easily. It 
>> appears that the client isn't closing the connections. I don't see this 
>> problem with BIO but that may be related to how BIO without an executor 
>> handles large numbers of connections.
>> 
>> If I lower the client thread count, the odd behaviour stops and I do see 
>> notably higher throughput with BIO + executor. That is unexpected.
>> 
>> My initial thoughts are maybe a contention issue related to the thread pool. 
>> I'm continuing to investigate. I plan to look at performance first and then 
>> the locking up.
>> 
>> Mark
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [External] Re: Security Headers Implementation in Tomcat 6.x version

[kmaxwilliams43]

Ghgfhch 
Dygugjfbjg

Envoyé de mon smartphone BlackBerry 10.
  Message d'origine  
De: Christopher Schultz
Envoyé: jeudi 8 juin 2017 18:43
À: users@tomcat.apache.org
Répondre à: Tomcat Users List
Objet: Re: [External] Re: Security Headers Implementation in Tomcat 6.x version

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Shaik,

On 6/8/17 1:18 AM, Shaik, Mohammad N. wrote:
> Hi Olaf & Chris,
> 
> By placing HTTPD 2.x server in front of Tomcat 6, is it possible to
> hide Tomcat 6 from external world? I just don’t want people to find
> out that I am using Tomcat 6, instead I want them to know that I am
> using httpd 2.x server. Is this possible?
> 
> I just need Apache HTTPD server to take care of headers and let
> Tomcat do rest of the stuff (which it is already doing in my case).
> Do I still need to configure anything other than headers in my
> case?

Not really. If you configure httpd -> Tomcat, then you can
firewall-out everyone from your Tomcat server except the server
running httpd.

By default, httpd will return its own "Server" header so you don't
even need to try to mask Tomcat's existence that way.

- -chris

> -Original Message- From: Olaf Kock
> [mailto:tom...@olafkock.de] Sent: 31 May 2017 16:38 To: Tomcat
> Users List  Subject: [External] Re:
> Security Headers Implementation in Tomcat 6.x version
> 
> Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.:
>> Hello Olaf,
>> 
>> Thanks for your response!
>> 
>> Based on your inputs, we are thinking to put Apache httpd in
>> front of Tomcat 6 server, since our header configuration is going
>> to be static.
>> 
>> Can you please help us in identifying which version of Apache
>> HTTP Server we can use for Tomcat 6 version? Also, it will be
>> great if you can share some guidelines on how to implement Apache
>> in front of Tomcat.
> 
> For completeness sake I'd like to answer a few of these questions,
> rather briefly. It seems that you're deep into implementing
> Christopher's solution of compiling the newer filters for Tomcat
> 6.
> 
> Every current Apache httpd is fine, no version restriction.
> Especially: Choose one that will get updates for quite a while, not
> like the outdated Tomcat version you're running. Read on mod_proxy,
> mod_proxy_ajp, mod_jk and mod_proxy_http, which are all keywords on
> the connection between Apache and tomcat. Once you've set this up,
> setting the headers is a matter of adding the "Header" directive to
> httpd's configuration. I understand though, that setting up the
> connection can be some task if you've never done that. Especially
> if you're using https, and also refer to it in your webapp's code
> (e.g. to validate client certs) - but as you give no clue you're
> doing that, I'm assuming you don't and the setup would be easy.
> 
> Anyway, feel free to utilize the newer code - I just wanted this
> information to be in this thread as well. However, once you're done
> with it: Utilize even more newer code and prepare to migrate away
> from your discontinued tomcat version.
> 
> Olaf
> 
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 
> 
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If
> you have received it in error, please notify the sender immediately
> and delete the original. Any other use of the e-mail by you is
> prohibited. Where allowed by local law, electronic communications
> with Accenture and its affiliates, including e-mail and instant
> messaging (including content), may be scanned by our systems for
> the purposes of information security and assessment of internal
> compliance with Accenture policy. 
> __

>
> www.accenture.com
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZOZqoAAoJEBzwKT+lPKRYVBAP/RotI8+S6dbEVYxNNJtwIoLT
LzoBCrxF/VWva8CUqGNrWJNdjy4IUuwiB00zGYZpyXmvIVAjG8H+fq+pocYVTSLz
1q6ZiqLuw3yj2xottS2fBY3lQC3hQawGjP9IX+Y3/qq9lgGNificZ7ok2iBBhlrZ
CiwiQSVuvpboawxYKl62kXB6c2pprzGqRZ1l6I+pcir/mMHJ6W0fYXrdxgEk8M9d
aY7W0YRugVsCbuAHqpQ+1Jr2jv3+Wme1LknTV9+ixmbHnu0UecoIhseWywDanrQD
1if8Rh/TtuT31wWKu7nn48llofjzmWwNRVjaFeNY9u/zjMkimcQ2B+shSuq81M5H
BxcvutplbYhGWED2AS/G/OviNbC+JJiaDXgE+mrH31kNfH9WXS5DH+RZO0q1kxmy
gXrBQ4M+XoZgloQQ4Y9kSRfEBeEccr3axtdo7FwpqJjCesLFSfCkUZgGHhOFuGAx
JGG4zIu2JLAsNVXu76KSX7JNPvnWoqrYzmrV5uweDU3xf3Mls2A2LuxEOTe5ANOg

Re: Under system account, Tomcat starts even with shutdown port conflict

[Igor Cicimov]

If you are trying to run it on port <1024 you need authbind enabled

On 9 Jun 2017 1:21 am, "Tou Vue"  wrote:

> Hello,
>
> I have a question regarding how Tomcat starts up under the system account
> and local user account in Windows. I had a Tomcat service that would start
> fine under the system account, but once I configured it to start under the
> local user account, I received a JVM_Bind exception. I looks like the
> Tomcat was not able to access the shutdown port configured.
>
> I figured it was a port conflict, another service was using the same port.
> So, I changed the port so there was no conflict, and Tomcat started up okay
> again. But I'm still wondering why Tomcat was able to start up with the
> system account even with the same port conflict.
>
> Any suggestions would be appreciated.
>
> Thank You,
> Tou Vue
>

Re: Tomcat 8/NIO performance discrepancies

[kmaxwilliams43]

Envoyé de mon smartphone BlackBerry 10.
  Message d'origine  
De: kmaxwilliam...@gmail.com
Envoyé: vendredi 9 juin 2017 00:12
À: Astrat Goe; Tomcat Users List
Objet: Re: Tomcat 8/NIO performance discrepancies

Gvhuf

Envoyé de mon smartphone BlackBerry 10.
  Message d'origine  
De: Astrat Goe
Envoyé: mercredi 7 juin 2017 21:29
À: Tomcat Users List
Répondre à: Tomcat Users List
Objet: Re: Tomcat 8/NIO performance discrepancies
Ggfggthgd
Vid
‎
> On Jun 8, 2017, at 4:28 AM, Mark Thomas  wrote:
> 
> On 07/06/17 20:25, Piyush Kumar Nayak wrote:
>> Mark,
>> 
>> It may not be important, but just to be clear, I'm not testing on localhost. 
>> My JMeter and Tomcat are on different machines, with 1 Gbps NIC interfaces 
>> between them.
> 
> I'm aware you were using two machines but that doesn't appear to be a
> significant factor in the observed differences.
> 
>> Can you also please provide some pointers on the following:
>> - How did you disable session on your JSP?
> 
> Look in the index.jsp for the ROOT web application that ships with
> Tomcat for an example. Full details are in the JSP specification.
> 
>> - Did you observe anything that suggests that the client is not closing the 
>> connections?
> 
> Yes. This looks like a JMeter issue. It isn't the first time JMeter has
> given strange results under load. I've switched to ab which I have found
> to be generally much more reliable for these sorts of tests.
> 
> I'm still seeing significant differences in BIO with and without an
> executor.
> 
> I'm still looking for the root cause. I have noticed that without an
> executor I see far fewer keep-alive requests than I'd expect. That could
> explain the difference, or some of it at least.
> 
> Mark
> 
> 
>> I did not specify the implementation for the HTTP sampler that I configured 
>> with JMeter, and it is not set in my jmeter.properties file. So, going by 
>> JMeter's documentation, Apache HttpComponents HttpClient 4.x. should be in 
>> use.
>> 
>> Thanks
>> Piyush.
>> 
>> -Original Message-
>> From: Mark Thomas [mailto:ma...@apache.org] 
>> Sent: Wednesday, June 07, 2017 8:27 PM
>> To: Tomcat Users List 
>> Subject: Re: Tomcat 8/NIO performance discrepancies
>> 
>> On 06/06/17 09:10, Piyush Kumar Nayak wrote:
>>> Thanks, Mark.
>>> 
>>> Here are some additional details.
>> 
>> Thanks. These help a lot to make sure we are testing (at least roughly) the 
>> same thing.
>> 
>>> I am using Apache JMeter to inject load. I am using a simple hello-world 
>>> JSP.
>>> 
>>> The test JMX simulates 100 concurrent user threads with a ramp-up of 5 secs 
>>> and uses an HTTP Cookie Manager, that reuses cookies for each user thread.
>> 
>> I've disabled session in the JSP for my test and used a simpler JSP.
>> That should amplify any difference in connector performance.
>> 
>> I'm also testing on localhost.
>> 
>>> I have disabled access log in tomcat. All the other server.xml settings are 
>>> the default.
>>> 
>>> 
>>> The BIO with Executor configuration we are using is:
>>> >> maxThreads="150" minSpareThreads="4"/>
>>> 
>>> >> connectionTimeout="2"
>>> redirectPort="8443" />
>> 
>> FYI for anyone following along. That is a non-executor config. The connector 
>> needs to specify the executor it wants to used.
>> 
>> I do see odd behaviour with BIO + executor. It locks up very easily. It 
>> appears that the client isn't closing the connections. I don't see this 
>> problem with BIO but that may be related to how BIO without an executor 
>> handles large numbers of connections.
>> 
>> If I lower the client thread count, the odd behaviour stops and I do see 
>> notably higher throughput with BIO + executor. That is unexpected.
>> 
>> My initial thoughts are maybe a contention issue related to the thread pool. 
>> I'm continuing to investigate. I plan to look at performance first and then 
>> the locking up.
>> 
>> Mark
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
>> 
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>> 
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A question about websocket API-- Annotation ServerEndpoint

[kmaxwilliams43]

Fifgfdyfyi

Envoyé de mon smartphone BlackBerry 10.
  Message d'origine  
De: 王琳
Envoyé: vendredi 9 juin 2017 01:37
À: users@tomcat.apache.org
Répondre à: Tomcat Users List
Objet: Re: A question about websocket API-- Annotation ServerEndpoint

Thank you



--
View this message in context: 
http://tomcat.10.x6.nabble.com/A-question-about-websocket-API-Annotation-ServerEndpoint-tp5064163p5064200.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A question about websocket API-- Annotation ServerEndpoint

[kmaxwilliams43]

Fictdyhcu

Envoyé de mon smartphone BlackBerry 10.
  Message d'origine  
De: 王琳
Envoyé: vendredi 9 juin 2017 01:37
À: users@tomcat.apache.org
Répondre à: Tomcat Users List
Objet: Re: A question about websocket API-- Annotation ServerEndpoint

Thank you



--
View this message in context: 
http://tomcat.10.x6.nabble.com/A-question-about-websocket-API-Annotation-ServerEndpoint-tp5064163p5064200.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Under system account, Tomcat starts even with shutdown port conflict

[Caldarale, Charles R]

> From: Igor Cicimov [mailto:icici...@gmail.com] 
> Subject: Re: Under system account, Tomcat starts even with shutdown port 
> conflict

> If you are trying to run it on port <1024 you need authbind enabled

Read the original message.  The OP is running on Windows, not Linux, so there 
are no restrictions on port usage.  Some other process is using the port.

Since there are multiple ways to stop Tomcat (especially when running as a 
Windows service), non-availability of the shutdown port is not considered fatal.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomact 7.x - Subscription

[Coty Sutherland]

Hello,

On Thu, Jun 8, 2017 at 9:10 AM, Mahajan, Arvind 
wrote:

> Hi
>
>
>
> I am new to tomcat , considering evaluation of Tomcat vs. JBOSS EAP in my
> new application hosting requirement.
>
> My application vendor support both (Tomcat & JBOSS) middle ware
>
>
>
> Operating system - RHEL *6.9 and 7.3* on which Tomcat 7 will be installed
> (refer below screen shot)
>
>
>
> *Questions *
>
> · Does tomcat 7.x works on RHEL *6.9 and 7.3* (see below yellow
> mark)?
>
Yes

> · Pls share Operating support matrix for tomcat.
>
There is no operating system support matrix for Tomcat. It is written in
Java, which is platform agnostic, so as long as it has the required Java
version (which can be found at http://tomcat.apache.org/whichversion.html for
each Tomcat version) it will work. The only part of Tomcat that has any
platform dependencies other than Java is tomcat-native, which requires APR
and OpenSSL (if you use TLS).

> · Help me to know do I have to pay money for subscription to get
> your support on configuration , installation, get vulnerabilities fixes ,
> troubleshooting in problem ?
>
> · Benefit of Subscription ?
>
There is no subscription to use Apache Tomcat as it is Free and Open Source
Software. Support for Apache Tomcat from the community is provided by
volunteers via this users list and/or IRC, but responses are not always
immediate. If you wanted to pay for support (which guarantees support
whenever you need it), then you could use the Tomcat package provided by
your Linux distribution (in the case of RHEL).

>
>
> [image: cid:image001.png@01D2E069.9D6A4120]
>
>
>
> Arvind Mahajan
>
> Manager –IT
>
> Volkswagen Finance Private Limited
>
> Silver Utopia, 3rd Floor
>
> Cardinal Gracious Road
>
> Chakala, Andheri East
>
> Mumbai – 400099
>
>
>
> Desk: +91 22 3952 1102 <+91%2022%203952%201102>
>
> Mobile: +91 9619935570 <+91%2096199%2035570>
>
>
>
> *Confidentiality notice:* This mail, including any attachments contains
> confidential and privileged information for the sole use of the
> addressee(s). If you are not the intended recipient, please notify the
> sender by e-mail and delete the original message. Any unauthorized review,
> use, disclosure, dissemination, forwarding, printing or copying of this
> email or any action taken in belief on this e-mail is strictly prohibited
> and are unlawful. VWFPL has taken every reasonable precaution to minimize
> this risk. Before opening the e-mail or attachment, you should carry out
> your own virus checks. VWFPL reserves the right to record, monitor, and
> inspect all email communications through its internal and external networks.
>

Re: Tomcat 8/NIO performance discrepancies

[Mark Thomas]

On 07/06/17 22:28, Mark Thomas wrote:



> I'm still seeing significant differences in BIO with and without an
> executor.
> 
> I'm still looking for the root cause. I have noticed that without an
> executor I see far fewer keep-alive requests than I'd expect. That could
> explain the difference, or some of it at least.

Further testing indicates that most, if not all, of the performance
difference is down to the fewer number of requests processed using HTTP
keep-alive. This is because BIO without an executor is subject to
disableKeepAlivePercentage whereas BIO with an executor is not.

If the number of concurrent clients is kept below 75% of maxThreads,
performance remains very similar.

The problems you are likely to experience in the real world without
disableKeepAlivePercentage (i.e. if you use BIO with an executor) are
described in this thread:

http://tomcat.markmail.org/thread/mcfdk2273v2fsh5k

The better tuning options are probably:
- increase maxThreads to max expected client concurrency + headroom
  or if your memory/CPU won't permit that, as high as you can
- increase disableKeepAlivePercentage

I'll look at BIO vs NIO next.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomact 7.x - Subscription

[Mahajan, Arvind]

Hi

I am new to tomcat , considering evaluation of Tomcat vs. JBOSS EAP in my new 
application hosting requirement.
My application vendor support both (Tomcat & JBOSS) middle ware

Operating system - RHEL 6.9 and 7.3 on which Tomcat 7 will be installed (refer 
below screen shot)

Questions

* Does tomcat 7.x works on RHEL 6.9 and 7.3 (see below yellow mark)?

* Pls share Operating support matrix for tomcat.

* Help me to know do I have to pay money for subscription to get your 
support on configuration , installation, get vulnerabilities fixes , 
troubleshooting in problem ?

* Benefit of Subscription ?

[cid:image001.png@01D2E069.9D6A4120]

Arvind Mahajan
Manager -IT
Volkswagen Finance Private Limited
Silver Utopia, 3rd Floor
Cardinal Gracious Road
Chakala, Andheri East
Mumbai - 400099

Desk: +91 22 3952 1102
Mobile: +91 9619935570


Confidentiality notice: This mail, including any attachments contains 
confidential and privileged information for the sole use of the addressee(s). 
If you are not the intended recipient, please notify the sender by e-mail and 
delete the original message. Any unauthorized review, use, disclosure, 
dissemination, forwarding, printing or copying of this email or any action 
taken in belief on this e-mail is strictly prohibited and are unlawful. VWFPL 
has taken every reasonable precaution to minimize this risk. Before opening the 
e-mail or attachment, you should carry out your own virus checks. VWFPL 
reserves the right to record, monitor, and inspect all email communications 
through its internal and external networks.

Re: [External] Re: Security Headers Implementation in Tomcat 6.x version

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Shaik,

On 6/8/17 1:18 AM, Shaik, Mohammad N. wrote:
> Hi Olaf & Chris,
> 
> By placing HTTPD 2.x server in front of Tomcat 6, is it possible to
> hide Tomcat 6 from external world? I just don’t want people to find
> out that I am using Tomcat 6, instead I want them to know that I am
> using httpd 2.x server. Is this possible?
> 
> I just need Apache HTTPD server to take care of headers and let
> Tomcat do rest of the stuff (which it is already doing in my case).
> Do I still need to configure anything other than headers in my
> case?

Not really. If you configure httpd -> Tomcat, then you can
firewall-out everyone from your Tomcat server except the server
running httpd.

By default, httpd will return its own "Server" header so you don't
even need to try to mask Tomcat's existence that way.

- -chris

> -Original Message- From: Olaf Kock
> [mailto:tom...@olafkock.de] Sent: 31 May 2017 16:38 To: Tomcat
> Users List  Subject: [External] Re:
> Security Headers Implementation in Tomcat 6.x version
> 
> Am 29.05.2017 um 13:34 schrieb Shaik, Mohammad N.:
>> Hello Olaf,
>> 
>> Thanks for your response!
>> 
>> Based on your inputs, we are thinking to put Apache httpd in
>> front of Tomcat 6 server, since our header configuration is going
>> to be static.
>> 
>> Can you please help us in identifying which version of Apache
>> HTTP Server we can use for Tomcat 6 version? Also, it will be
>> great if you can share some guidelines on how to implement Apache
>> in front of Tomcat.
> 
> For completeness sake I'd like to answer a few of these questions,
> rather briefly. It seems that you're deep into implementing
> Christopher's solution of compiling the newer filters for Tomcat
> 6.
> 
> Every current Apache httpd is fine, no version restriction.
> Especially: Choose one that will get updates for quite a while, not
> like the outdated Tomcat version you're running. Read on mod_proxy,
> mod_proxy_ajp, mod_jk and mod_proxy_http, which are all keywords on
> the connection between Apache and tomcat. Once you've set this up,
> setting the headers is a matter of adding the "Header" directive to
> httpd's configuration. I understand though, that setting up the
> connection can be some task if you've never done that. Especially
> if you're using https, and also refer to it in your webapp's code
> (e.g. to validate client certs) - but as you give no clue you're
> doing that, I'm assuming you don't and the setup would be easy.
> 
> Anyway, feel free to utilize the newer code - I just wanted this
> information to be in this thread as well. However, once you're done
> with it: Utilize even more newer code and prepare to migrate away
> from your discontinued tomcat version.
> 
> Olaf
> 
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 
> 
> This message is for the designated recipient only and may contain
> privileged, proprietary, or otherwise confidential information. If
> you have received it in error, please notify the sender immediately
> and delete the original. Any other use of the e-mail by you is
> prohibited. Where allowed by local law, electronic communications
> with Accenture and its affiliates, including e-mail and instant
> messaging (including content), may be scanned by our systems for
> the purposes of information security and assessment of internal
> compliance with Accenture policy. 
> __

>
>  www.accenture.com
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJZOZqoAAoJEBzwKT+lPKRYVBAP/RotI8+S6dbEVYxNNJtwIoLT
LzoBCrxF/VWva8CUqGNrWJNdjy4IUuwiB00zGYZpyXmvIVAjG8H+fq+pocYVTSLz
1q6ZiqLuw3yj2xottS2fBY3lQC3hQawGjP9IX+Y3/qq9lgGNificZ7ok2iBBhlrZ
CiwiQSVuvpboawxYKl62kXB6c2pprzGqRZ1l6I+pcir/mMHJ6W0fYXrdxgEk8M9d
aY7W0YRugVsCbuAHqpQ+1Jr2jv3+Wme1LknTV9+ixmbHnu0UecoIhseWywDanrQD
1if8Rh/TtuT31wWKu7nn48llofjzmWwNRVjaFeNY9u/zjMkimcQ2B+shSuq81M5H
BxcvutplbYhGWED2AS/G/OviNbC+JJiaDXgE+mrH31kNfH9WXS5DH+RZO0q1kxmy
gXrBQ4M+XoZgloQQ4Y9kSRfEBeEccr3axtdo7FwpqJjCesLFSfCkUZgGHhOFuGAx
JGG4zIu2JLAsNVXu76KSX7JNPvnWoqrYzmrV5uweDU3xf3Mls2A2LuxEOTe5ANOg
jDVH6K6UbkplWHvAWKDIUcKyTPKKbk7M5M3zikwdpC+YD7g8oxZHD0kZKtej0y7F
dbV4MXJS0M4x/dLvDKX3B1llHTmyHHJ7li02YO/3/tslMJiqZ2xsmSOzxJTxsG5j
ZFaXCW7JdKIBmiFR397r
=UPn3
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional 

Re: Tomcat 8/NIO performance discrepancies

[Mark Thomas]

On 08/06/17 14:42, Mark Thomas wrote:
> I'll look at BIO vs NIO next.

At the sort of request rates and response sizes we are talking about, we
are a long way from real-world applications and the differences you see
between BIO and NIO are largely down to the differences between doing a
blocking read for the next request (BIO) and polling (NIO).

What you will notice is that as the number of concurrent clients rises,
BIO performance will drop considerably as soon as the
disableKeepAlivePercentage is exceeded and will continue to fall as
client concurrency rises. NIO, on the other hand, will retain broadly
the same performance even when client concurrency >> threads.

I have spent some time looking at this in detail with a profiler but the
timing differences we are talking about are so small that often the
profiler overhead ends up dominating.

I think the general lesson here is that benchmarks like this can be
interesting but the further removed they are from real-world examples,
the less useful they are likely to be.

As you move towards more real-world examples, what you tend to find is
that I/O and/or application logic become far more dominant.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A question about websocket API-- Annotation ServerEndpoint

[Mark Thomas]

On 08/06/17 02:06, 王琳 wrote:
> Hi friend:
>  i have a question. use Tomcat 8.5.15
> @ServerEndpoint API has 'value' summary. This value mapping url.When the url 
> has parameter,use {}.
> for example:
> @ServerEndpoint(value = 
> "/websocket/fmsWebsocket/{userId}/{companyId}/{groupId}")
> 
> js:var url = "ws://192.168.0.6:8080/note/websocket/fmsWebsocket/1/1/1";
> 
> My question is when {userId} is null or {companyId} is null or {groupId} is 
> null . How  write @ ServerEndpoint(value=??).
> and
> js: var url = "ws://192.168.0.6:8080/note/websocket/fmsWebsocket///1";
> is right?

No. That will get normalized to:#
ws://192.168.0.6:8080/note/websocket/fmsWebsocket/1

which then won't match your template. You'll need to define an explicit
value for unspecified - e.g. 0.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Under system account, Tomcat starts even with shutdown port conflict

[Tou Vue]

Tomcat was able to access the same port if I turned off the other service.
So I don't think it's protected.

Thank You,
Tou Vue

On Thu, Jun 8, 2017 at 10:26 AM, Coty Sutherland 
wrote:

> On Thu, Jun 8, 2017 at 11:21 AM, Tou Vue  wrote:
> > Hello,
> >
> > I have a question regarding how Tomcat starts up under the system account
> > and local user account in Windows. I had a Tomcat service that would
> start
> > fine under the system account, but once I configured it to start under
> the
> > local user account, I received a JVM_Bind exception. I looks like the
> > Tomcat was not able to access the shutdown port configured.
> >
> > I figured it was a port conflict, another service was using the same
> port.
> > So, I changed the port so there was no conflict, and Tomcat started up
> okay
> > again. But I'm still wondering why Tomcat was able to start up with the
> > system account even with the same port conflict.
>
> Are you sure it was a port conflict and that the port wasn't somehow
> protected by the OS?
>
> > Any suggestions would be appreciated.
> >
> > Thank You,
> > Tou Vue
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Under system account, Tomcat starts even with shutdown port conflict

[Coty Sutherland]

On Thu, Jun 8, 2017 at 11:21 AM, Tou Vue  wrote:
> Hello,
>
> I have a question regarding how Tomcat starts up under the system account
> and local user account in Windows. I had a Tomcat service that would start
> fine under the system account, but once I configured it to start under the
> local user account, I received a JVM_Bind exception. I looks like the
> Tomcat was not able to access the shutdown port configured.
>
> I figured it was a port conflict, another service was using the same port.
> So, I changed the port so there was no conflict, and Tomcat started up okay
> again. But I'm still wondering why Tomcat was able to start up with the
> system account even with the same port conflict.

Are you sure it was a port conflict and that the port wasn't somehow
protected by the OS?

> Any suggestions would be appreciated.
>
> Thank You,
> Tou Vue

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Under system account, Tomcat starts even with shutdown port conflict

[Tou Vue]

Hello,

I have a question regarding how Tomcat starts up under the system account
and local user account in Windows. I had a Tomcat service that would start
fine under the system account, but once I configured it to start under the
local user account, I received a JVM_Bind exception. I looks like the
Tomcat was not able to access the shutdown port configured.

I figured it was a port conflict, another service was using the same port.
So, I changed the port so there was no conflict, and Tomcat started up okay
again. But I'm still wondering why Tomcat was able to start up with the
system account even with the same port conflict.

Any suggestions would be appreciated.

Thank You,
Tou Vue