Re: Issue with mod_jk
On 23.03.2011 22:29, Lance Campbell wrote: I discovered an issue with mod_jk. In the workers.property file I miss typed lbFactor=2 with lbactor=2. Mod_jk was able to continue to work which I appreciate. But I would have liked to have received an error message letting me know that I had a typo. I am using RedHat 5. So I would be using the same version of mod_jk as what has been deployed by RedHat. Is there something I could do different so that I can see a warning message or error message when I have a typo like this? There is no easy way to do this, because the workers.properties file allows to set arbitrary variables like myvar=123 and reuse those definitions later on with $(myvar). So in your case the typo made lbfactor into the variable lbactor :( It would have been safer to make variables sytactically distinguishable from builtin properties, but it's too late now for compatibility reasons. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat + apache + mod_jk
On 24.03.2011 15:55, ar...@bca-group.com wrote: For the first time we have received this error (many times). Looks to me like tomcat cannot talk to apache to me. Can anyone shed any light on this? Windows Server 2003 Tomcat: 6.0.16 Apache: 2.2 JDK: 1.6.0_23 Tomcat and Apache on same box so I don't see how it can be a network issue as some forums are suggesting. What do your mod_jk logs say? Any interesting info from comparing Apache and Tomcat access logs? Did response times go up? Regards, Rainer 24-Mar-2011 13:25:02 org.apache.jk.core.MsgContext action WARNING: Error sending end packet java.net.SocketException: Software caused connection abort: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:136) at org.apache.jk.common.ChannelSocket.send(ChannelSocket.java:531) at org.apache.jk.common.JkInputStream.endMessage(JkInputStream.java:121) at org.apache.jk.core.MsgContext.action(MsgContext.java:304) at org.apache.coyote.Response.action(Response.java:183) at org.apache.coyote.Response.finish(Response.java:305) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:195) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:283) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:767) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:697) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:889) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:662) 24-Mar-2011 13:25:02 org.apache.jk.common.ChannelSocket processConnection WARNING: processCallbacks status 2 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster
Hi all, First of all, sorry for the long post, but the reasoning and architecture requires explanation to get the full understanding of the situation. We are currently migrating our website from Oracle 10g to Apache 2/Tomcat 6.0.29. The site itself is a set of pages where customers select what they want to purchase, then once they're happy, it switches to SSL to gather their customer details and take payments. The current setup involves two intelligent load-balancers that terminates SSL then hands over to Oracle 10g. The 10g stack has custom Oracle versions of Apache which have configuration options not found in standard Apache and appear to have made configuration simpler. For instance, there is a simulateHttps directive that you can give to a virtual host in Oracle Apache which does not exist in the standard version. Using that option, we simply have 2 virtual hosts defined in Apache, one for http traffic and one for https traffic (with simulateHttps set to on). They both forward to OC4J and it works fine. With the new architecture we have two load-balancer which round-robin to two Apache servers. These servers connect to two Tomcat servers which are configured with a mod_jk loadbalancer using session affinity. Through config we have separated HTTP HTTPS traffic. We have done this because the application needs to identify when it is secure, which we do by simulating HTTP using settings in the connector in the Tomcat server.xml. This is detailed further down. Obviously we want to keep the same functionality on the Apache/Tomcat stack, and also retain the termination of SSL at the load-balancer, but are having trouble when the application switches to HTTPS. It works fine if we have a single Tomcat instance running, but once the 2nd Tomcat instance is enabled, moving to HTTPS fails because a new session is created. Our configuration is as follows: Apache: We have 2 Apache servers running - they are served in a round-robin style by the load-balancer. They recieve 2 types of traffic, non-secure and secure, but the secure traffic is NOT encrypted (SSL terminated at the load-balancer). httpd.conf JkWorkersFile conf/workers.properties Listen Listen NameVirtualHost *: NameVirtualHost *: VirtualHost *: ServerName http://www.mysite.com:80 JkMount /* loadbalancer /VirtualHost VirtualHost *: ServerName https://www.mysite.com:443 JkMount /* loadbalancerSSL /VirtualHost end httpd.conf We are using mod_jk to connect to Tomcat workers.properties worker.list = loadbalancer, loadbalancerSSL, status worker.tomcat1.type=ajp13 worker.tomcat1.host=192.168.1.36 worker.tomcat1.port=8009 worker.tomcat2.type=ajp13 worker.tomcat2.host=192.168.1.85 worker.tomcat2.port=8009 worker.tomcatSSL1.type=ajp13 worker.tomcatSSL1.host=192.168.1.36 worker.tomcatSSL1.port=8010 worker.tomcatSSL2.type=ajp13 worker.tomcatSSL2.host=192.168.1.85 worker.tomcatSSL2.port=8010 worker.loadbalancer.type = lb worker.loadbalancer.sticky_session = 1 worker.loadbalancer.balance_workers = tomcat1,tomcat2 worker.loadbalancer.session_cookie = JSESSIONID worker.loadbalancerSSL.type = lb worker.loadbalancerSSL.sticky_session = 1 worker.loadbalancerSSL.balance_workers = tomcatSSL1,tomcatSSL2 worker.loadbalancerSSL.session_cookie = JSESSIONID worker.status.type = status end workers.properties As you can see, Apache can receive on either or dependant on the source of the traffic. If it's non-secure, it uses the loadbalancer called loadbalancer which uses two Tomcats listening on port 8009 - this is a connector in Tomcat that is not secure. For traffic on , loadbalancerSSL is used. This is the same two Tomcats but on port 8010 - this is a connector that believes it is secure. Tomcat config is detailed below. Tomcat: We have 2 Tomcat servers. They too recieve two types of traffic, non-secure and secure, as passed on from Apache. server.xml Tomcat 1 !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8010 maxThreads=200/ !-- This is the secure connetor, although its not using SSL, it's just secure traffic -- Connector port=8010
Re: Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster
On 29.03.2011 12:07, Richard Levy wrote:
Hi all,
First of all, sorry for the long post, but the reasoning and
architecture requires explanation to get the full understanding of the
situation.
We are currently migrating our website from Oracle 10g to Apache
2/Tomcat 6.0.29. The site itself is a set of pages where customers
select what they want to purchase, then once they're happy, it
switches to SSL to gather their customer details and take payments.
The current setup involves two intelligent load-balancers that
terminates SSL then hands over to Oracle 10g. The 10g stack has
custom Oracle versions of Apache which have configuration options not
found in standard Apache and appear to have made configuration
simpler. For instance, there is a simulateHttps directive that you
can give to a virtual host in Oracle Apache which does not exist in
the standard version. Using that option, we simply have 2 virtual
hosts defined in Apache, one for http traffic and one for https
traffic (with simulateHttps set to on). They both forward to OC4J and
it works fine.
You can achieve this with standard Apache and mod_jk esily to.
With the new architecture we have two load-balancer which round-robin
to two Apache servers. These servers connect to two Tomcat servers
which are configured with a mod_jk loadbalancer using session
affinity. Through config we have separated HTTP HTTPS traffic. We
have done this because the application needs to identify when it is
secure, which we do by simulating HTTP using settings in the connector
in the Tomcat server.xml. This is detailed further down.
Obviously we want to keep the same functionality on the Apache/Tomcat
stack, and also retain the termination of SSL at the load-balancer,
but are having trouble when the application switches to HTTPS. It
works fine if we have a single Tomcat instance running, but once the
2nd Tomcat instance is enabled, moving to HTTPS fails because a new
session is created.
I went only brievly thourgh your configuration list and communication
behavior, but thanks for the details!
I suggest you try the following:
- use only one connector per Tomcat instance, so
only one jvmRoute and only one worker per Tomcat
- let Apache via mod_jk inform the connector,
whether the request came via HTTP or (fake) HTTPS
- still do the redirect, but now because of only one connector you
have only one jvmRoute and only one worker per Tomcat.
So stickyness should work again.
How can Apache forward the HTTP vs. (fake) HTTPS info via mod_jk?
mod_jk automatically forwards the info whether the request was HTTPS.
When the application checks it, the Tomcat AJP connector retrieves the
info from what mod_jk forwarded it was and presents it to the
application. AJP itself is never encrypted.
Where does mod_jk get the info from? By default it checks an Apache
environment variable named HTTPS, which is set by Apache whenever it
handles an HTTPS request.
You can also set the HTTPS environment variable by your Apache config,
but it is better to understand not to overload the meaning of the variable.
Instead:
- tell mod_jk to look for another, private variable which contains the
info whether the rquest was HTTP or (fake) HTTPS:
JkHTTPSIndicator MyHTTPSVariable
(you can choose the name MyHTTPSVariable)
- set the variable MyHTTPSVariable to On in the Apache
Virtual Host that receives your fake HTTPS requests
SetEnv JkHTTPSIndicator On
(for this mod_env must be enabled)
That's it :)
You can check the correct setting of JkHTTPSIndicator by adding
%{JkHTTPSIndicator}e to the LogFormat of your acces log in Apache.
Some additional reading:
http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html
http://tomcat.apache.org/connectors-doc/reference/apache.html
HTH!
Regards,
Rainer
Our configuration is as follows:
Apache:
We have 2 Apache servers running - they are served in a round-robin
style by the load-balancer. They recieve 2 types of traffic,
non-secure and secure, but the secure traffic is NOT encrypted (SSL
terminated at the load-balancer).
httpd.conf
JkWorkersFile conf/workers.properties
Listen
Listen
NameVirtualHost *:
NameVirtualHost *:
VirtualHost *:
ServerName http://www.mysite.com:80
JkMount /* loadbalancer
/VirtualHost
VirtualHost *:
ServerName https://www.mysite.com:443
JkMount /* loadbalancerSSL
/VirtualHost
end httpd.conf
We are using mod_jk to connect to Tomcat
workers.properties
worker.list = loadbalancer, loadbalancerSSL, status
worker.tomcat1.type=ajp13
worker.tomcat1.host=192.168.1.36
worker.tomcat1.port=8009
Re: Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster
Additional remark: I still think you should try my first suggestion, because overall the config is much simpler But if for some reason you need the setup like you tried already, you can trick mod_jk to use the right worker: worker.tomcatSSL1.domain=tomcat1 worker.tomcatSSL2.domain=tomcat2 will allow loadbalancerSSL to choose tomcatSSL1 instead of tomcat1 (and the same for 2). Vice versa worker.tomcat1.domain=1 worker.tomcat2.domain=2 will allow loadbalancer to choose tomcat1 instead of tomcatSSL1 (and the same for 2). Vice versa Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster
OK, I'm sure some of you guys can weigh in better on this than me, but: If he already has two intelligent load-balancers terminating the SSL, couldn't he simplify the configuration a good bit by removing the Apache servers all together? That is, couldn't he just run Tomcat as a stand-alone cluster with HTTP/HTTPS connectors instead of AJP? -- Jeff -Original Message- From: Richard Levy [mailto:rich@gmail.com] Sent: Tuesday, March 29, 2011 5:07 AM To: users@tomcat.apache.org Subject: Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster Hi all, First of all, sorry for the long post, but the reasoning and architecture requires explanation to get the full understanding of the situation. We are currently migrating our website from Oracle 10g to Apache 2/Tomcat 6.0.29. The site itself is a set of pages where customers select what they want to purchase, then once they're happy, it switches to SSL to gather their customer details and take payments. The current setup involves two intelligent load-balancers that terminates SSL then hands over to Oracle 10g. The 10g stack has custom Oracle versions of Apache which have configuration options not found in standard Apache and appear to have made configuration simpler. For instance, there is a simulateHttps directive that you can give to a virtual host in Oracle Apache which does not exist in the standard version. Using that option, we simply have 2 virtual hosts defined in Apache, one for http traffic and one for https traffic (with simulateHttps set to on). They both forward to OC4J and it works fine. With the new architecture we have two load-balancer which round-robin to two Apache servers. These servers connect to two Tomcat servers which are configured with a mod_jk loadbalancer using session affinity. Through config we have separated HTTP HTTPS traffic. We have done this because the application needs to identify when it is secure, which we do by simulating HTTP using settings in the connector in the Tomcat server.xml. This is detailed further down. Obviously we want to keep the same functionality on the Apache/Tomcat stack, and also retain the termination of SSL at the load-balancer, but are having trouble when the application switches to HTTPS. It works fine if we have a single Tomcat instance running, but once the 2nd Tomcat instance is enabled, moving to HTTPS fails because a new session is created. Our configuration is as follows: Apache: We have 2 Apache servers running - they are served in a round-robin style by the load-balancer. They recieve 2 types of traffic, non-secure and secure, but the secure traffic is NOT encrypted (SSL terminated at the load-balancer). httpd.conf JkWorkersFile conf/workers.properties Listen Listen NameVirtualHost *: NameVirtualHost *: VirtualHost *: ServerName http://www.mysite.com:80 JkMount /* loadbalancer /VirtualHost VirtualHost *: ServerName https://www.mysite.com:443 JkMount /* loadbalancerSSL /VirtualHost end httpd.conf We are using mod_jk to connect to Tomcat workers.properties worker.list = loadbalancer, loadbalancerSSL, status worker.tomcat1.type=ajp13 worker.tomcat1.host=192.168.1.36 worker.tomcat1.port=8009 worker.tomcat2.type=ajp13 worker.tomcat2.host=192.168.1.85 worker.tomcat2.port=8009 worker.tomcatSSL1.type=ajp13 worker.tomcatSSL1.host=192.168.1.36 worker.tomcatSSL1.port=8010 worker.tomcatSSL2.type=ajp13 worker.tomcatSSL2.host=192.168.1.85 worker.tomcatSSL2.port=8010 worker.loadbalancer.type = lb worker.loadbalancer.sticky_session = 1 worker.loadbalancer.balance_workers = tomcat1,tomcat2 worker.loadbalancer.session_cookie = JSESSIONID worker.loadbalancerSSL.type = lb worker.loadbalancerSSL.sticky_session = 1 worker.loadbalancerSSL.balance_workers = tomcatSSL1,tomcatSSL2 worker.loadbalancerSSL.session_cookie = JSESSIONID worker.status.type = status end workers.properties As you can see, Apache can receive on either or dependant on the source of the traffic. If it's non-secure, it uses the loadbalancer called loadbalancer which uses two Tomcats listening on port 8009 - this is a connector in Tomcat that is not secure. For traffic on , loadbalancerSSL is used. This is the same two Tomcats but on port 8010 - this is a connector that believes it is secure. Tomcat
RE: Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster
-Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, March 29, 2011 9:17 AM To: 'Tomcat Users List' Subject: RE: Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster OK, I'm sure some of you guys can weigh in better on this than me, but: If he already has two intelligent load-balancers terminating the SSL, couldn't he simplify the configuration a good bit by removing the Apache servers all together? That is, couldn't he just run Tomcat as a stand-alone cluster with HTTP/HTTPS connectors instead of AJP? -- Jeff To answer my own question: Unless he needs the Apache httpd setup to insure session stickyness because his intelligent load-balancers cannot provide it. __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication: Issue 49318 vs 47679
On 28/03/2011 22:31, Stefan Mayr wrote: Native SPNEGO in Tomcat sounds great. Waiting a little while depends on your scale of little. Is there already some development we can follow? Will this use Java GSS? I never figured out how to configure this with Tomcat. little hopefully means the next week or so in a 7.0.12 release. I have a handful of things I need/want to get into 7.0.12 and SPNEGO is one of them. Having spent more time than I want to think about and having lost count of the number of times I re-installed Windows 2k8 server to test this, I finally got this working a few minutes ago. The current code is *very* rough and ready and it only does authentication, not authorisation so I still have some work to do. The solution is based on ideas from Spring Security's Kerberos extension and the most recent patches attached to bug 48685. I'll be committing an initial implementation once I have cleaned up the code a bit and then I'll build on that to add authorisation, more configuration etc. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.32, Http11NioProtocol and log poll
On 3/21/2011 10:55 AM, ar...@bca-group.com wrote: I don't think I do this but I'm double-checking. Thanks. After writing to the OutputStream, should I just close the OutputStream which seems to generate a CometEvent.CLOSE or explicitly call event.close() after closing the stream? yes, explicitly call event.close Filip Thanks, Adam Caldarale, Charles Rchuck.caldar...@unisys.com 21/03/2011 15:47 Please respond to Tomcat Users Listusers@tomcat.apache.org To Tomcat Users Listusers@tomcat.apache.org cc Subject RE: Tomcat 6.0.32, Http11NioProtocol and log poll From: ar...@bca-group.com [mailto:ar...@bca-group.com] Subject: Tomcat 6.0.32, Http11NioProtocol and log poll Occasionally (like 0.1% of the time), when another web page in a second frame reloads (Independent JSP generated from SpringController in same container) the page loads with what appears to be the byte stream for the applet This is pretty much always caused by an application coding error: keeping request information at the wrong scoping level. For example, if you save anything about a specific request as a session attribute, other requests may accidentally use it or overwrite it, causing this kind of confusing. Keeping request-specific information in static fields is another typical example. Nothing absolutely rules out a Tomcat bug, but the odds are against it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This email and any attachments to it may contain confidential information intended for the addressee only. If you are not the intended addressee, you are strictly prohibited from disclosing, copying, distributing or using this email in any way. Unauthorised use of the information contained in this email is unlawful. If you have received this email in error please notify us on enquir...@bca-group.com and delete the email from your system. Information contained in this email can not be disclosed, copied, distributed or used in any way without the prior consent of the sender. Any opinions, advice or facts given in this email are given without warranty or the intention to enter into an agreement unless specifically stated and confirmed by agreement, letter or such other documentation signed by an authorised signatory of BCA Holdings Limited or any of its subsidiary companies. Any personal information contained in this email is strictly the view of the sender and is in no way authorised or attributable to BCA Holdings Limited or any of its subsidiary companies in any way. All emails through the company gateway are subject to monitoring. The company cannot be held liable for any errors or viruses contained in this message. BCA (438886) Headway House, Crosby Way, Farnham, Surrey GU9 7XG, England VAT registration number: GB 188 1552 38 # This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal # - No virus found in this message. Checked by AVG - www.avg.com Version: 10.0.1204 / Virus Database: 1498/3520 - Release Date: 03/21/11 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Logging request parameters - Filter vs Servlet
Where do you initialize the Logger (Filter or Servlet)? The servlet 2.5 spec says you can use filters for logging, but since I'm not modifying the request or response, is logging from within a filter the right approach to logging request parameters? Using CATALINA_BASE: C:\ApacheTomcat\apache-tomcat-6.0.32 Using CATALINA_HOME: C:\ApacheTomcat\apache-tomcat-6.0.32 Using CATALINA_TMPDIR: C:\ApacheTomcat\apache-tomcat-6.0.32\temp Using JRE_HOME:C:\jdk1.6.0_24 Using CLASSPATH: C:\ApacheTomcat\apache-tomcat-6.0.32\bin\bootstrap.jar Server version: Apache Tomcat/6.0.32 Server built: February 2 2011 2003 Server number: 6.0.32.0 OS Name:Windows XP OS Version: 5.1 Architecture: x86 JVM Version:1.6.0_24-b07 JVM Vendor: Sun Microsystems Inc. Leo
Please Help
One problem I am having Using Tomcat 6.0 is it doesn't reflect the change what I made instantaneously.. I mean it keep showing old results though I have disabled option of 'Remembering History' in browser.. What I feel is it is fetching old results from somewhere and now it's not by browser.. So how to configure Tomcat 6.0 so that it never remember anything and do process entirely new every time when it comes the execution part.. Regards,Jinal Dhruv
RE: Please Help
So. *what* is it not showing? Is it a JSP? If so, what is the time on your tomcat server compared to the time of the JSP. We have this sometimes when we deploy and find we have to update a JSP within a very short period of time, and our Tomcat server in our COLO is 2 time zones off. The JSP gets the local time, and if the server has compiled it, then it thinks the new JSP has already been compiled. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:32 PM To: Tomcat Subject: Please Help One problem I am having Using Tomcat 6.0 is it doesn't reflect the change what I made instantaneously.. I mean it keep showing old results though I have disabled option of 'Remembering History' in browser.. What I feel is it is fetching old results from somewhere and now it's not by browser.. So how to configure Tomcat 6.0 so that it never remember anything and do process entirely new every time when it comes the execution part.. Regards,Jinal Dhruv
Re: Please Help
I am having problem particularly with running Servlets programs.. Though I clear browser history, delete .class file and comile .java file again, it shows old results..So from where it come? Is Tomcat is storing it at somewhere? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:08 AM Subject: Re: Please Help So. *what* is it not showing? Is it a JSP? If so, what is the time on your tomcat server compared to the time of the JSP. We have this sometimes when we deploy and find we have to update a JSP within a very short period of time, and our Tomcat server in our COLO is 2 time zones off. The JSP gets the local time, and if the server has compiled it, then it thinks the new JSP has already been compiled. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:32 PM To: Tomcat Subject: Please Help One problem I am having Using Tomcat 6.0 is it doesn't reflect the change what I made instantaneously.. I mean it keep showing old results though I have disabled option of 'Remembering History' in browser.. What I feel is it is fetching old results from somewhere and now it's not by browser.. So how to configure Tomcat 6.0 so that it never remember anything and do process entirely new every time when it comes the execution part.. Regards,Jinal Dhruv
RE: Please Help
You can 1) Restart Tomcat or your web app, or 2) read this: http://stackoverflow.com/questions/415520/how-do-i-make-tomcat-stop-caching-my-servlet-responses -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:47 PM To: Tomcat Users List Subject: Re: Please Help I am having problem particularly with running Servlets programs.. Though I clear browser history, delete .class file and comile .java file again, it shows old results..So from where it come? Is Tomcat is storing it at somewhere? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:08 AM Subject: Re: Please Help So. *what* is it not showing? Is it a JSP? If so, what is the time on your tomcat server compared to the time of the JSP. We have this sometimes when we deploy and find we have to update a JSP within a very short period of time, and our Tomcat server in our COLO is 2 time zones off. The JSP gets the local time, and if the server has compiled it, then it thinks the new JSP has already been compiled. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:32 PM To: Tomcat Subject: Please Help One problem I am having Using Tomcat 6.0 is it doesn't reflect the change what I made instantaneously.. I mean it keep showing old results though I have disabled option of 'Remembering History' in browser.. What I feel is it is fetching old results from somewhere and now it's not by browser.. So how to configure Tomcat 6.0 so that it never remember anything and do process entirely new every time when it comes the execution part.. Regards,Jinal Dhruv - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication: Issue 49318 vs 47679
On 29/03/2011 15:20, Mark Thomas wrote: On 28/03/2011 22:31, Stefan Mayr wrote: Native SPNEGO in Tomcat sounds great. Waiting a little while depends on your scale of little. Is there already some development we can follow? Will this use Java GSS? I never figured out how to configure this with Tomcat. little hopefully means the next week or so in a 7.0.12 release. I have a handful of things I need/want to get into 7.0.12 and SPNEGO is one of them. Having spent more time than I want to think about and having lost count of the number of times I re-installed Windows 2k8 server to test this, I finally got this working a few minutes ago. The current code is *very* rough and ready and it only does authentication, not authorisation so I still have some work to do. The solution is based on ideas from Spring Security's Kerberos extension and the most recent patches attached to bug 48685. I'll be committing an initial implementation once I have cleaned up the code a bit and then I'll build on that to add authorisation, more configuration etc. The first part just got committed [1]. More to follow over the next day or so. Mark [1] http://svn.apache.org/viewvc?rev=1086683view=rev - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Please Help
Actually, I am using Tomcat from last 15 days only..One thing worked is if I restart PC, then it works fine..so it looks like restarting Tomcat works.. The problem on given link is excatly what I am facing..Thanx a ton for this.. but still can U tell me exactly how to restart Tomcat without restarting PC as one green signal is not appearing in my taskbar and I am using Windows7 as well as what do you mean by restarting webapp? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:36 AM Subject: Re: Please Help You can 1) Restart Tomcat or your web app, or 2) read this: http://stackoverflow.com/questions/415520/how-do-i-make-tomcat-stop-caching-my-servlet-responses -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:47 PM To: Tomcat Users List Subject: Re: Please Help I am having problem particularly with running Servlets programs.. Though I clear browser history, delete .class file and comile .java file again, it shows old results..So from where it come? Is Tomcat is storing it at somewhere? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:08 AM Subject: Re: Please Help So. *what* is it not showing? Is it a JSP? If so, what is the time on your tomcat server compared to the time of the JSP. We have this sometimes when we deploy and find we have to update a JSP within a very short period of time, and our Tomcat server in our COLO is 2 time zones off. The JSP gets the local time, and if the server has compiled it, then it thinks the new JSP has already been compiled. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:32 PM To: Tomcat Subject: Please Help One problem I am having Using Tomcat 6.0 is it doesn't reflect the change what I made instantaneously.. I mean it keep showing old results though I have disabled option of 'Remembering History' in browser.. What I feel is it is fetching old results from somewhere and now it's not by browser.. So how to configure Tomcat 6.0 so that it never remember anything and do process entirely new every time when it comes the execution part.. Regards,Jinal Dhruv - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Please Help
If you can get to your Manager app in Tomcat, you should be able to reload, or at least stop and start the webapp there. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 2:12 PM To: Tomcat Users List Subject: Re: Please Help Actually, I am using Tomcat from last 15 days only..One thing worked is if I restart PC, then it works fine..so it looks like restarting Tomcat works.. The problem on given link is excatly what I am facing..Thanx a ton for this.. but still can U tell me exactly how to restart Tomcat without restarting PC as one green signal is not appearing in my taskbar and I am using Windows7 as well as what do you mean by restarting webapp? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:36 AM Subject: Re: Please Help You can 1) Restart Tomcat or your web app, or 2) read this: http://stackoverflow.com/questions/415520/how-do-i-make-tomcat-stop-caching-my-servlet-responses -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:47 PM To: Tomcat Users List Subject: Re: Please Help I am having problem particularly with running Servlets programs.. Though I clear browser history, delete .class file and comile .java file again, it shows old results..So from where it come? Is Tomcat is storing it at somewhere? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:08 AM Subject: Re: Please Help So. *what* is it not showing? Is it a JSP? If so, what is the time on your tomcat server compared to the time of the JSP. We have this sometimes when we deploy and find we have to update a JSP within a very short period of time, and our Tomcat server in our COLO is 2 time zones off. The JSP gets the local time, and if the server has compiled it, then it thinks the new JSP has already been compiled. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:32 PM To: Tomcat Subject: Please Help One problem I am having Using Tomcat 6.0 is it doesn't reflect the change what I made instantaneously.. I mean it keep showing old results though I have disabled option of 'Remembering History' in browser.. What I feel is it is fetching old results from somewhere and now it's not by browser.. So how to configure Tomcat 6.0 so that it never remember anything and do process entirely new every time when it comes the execution part.. Regards,Jinal Dhruv - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Please Help
HOw to get to Manager app? don't get exactly.. From: Propes, Barry L barry.l.pro...@citi.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:49 AM Subject: RE: Please Help If you can get to your Manager app in Tomcat, you should be able to reload, or at least stop and start the webapp there. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 2:12 PM To: Tomcat Users List Subject: Re: Please Help Actually, I am using Tomcat from last 15 days only..One thing worked is if I restart PC, then it works fine..so it looks like restarting Tomcat works.. The problem on given link is excatly what I am facing..Thanx a ton for this.. but still can U tell me exactly how to restart Tomcat without restarting PC as one green signal is not appearing in my taskbar and I am using Windows7 as well as what do you mean by restarting webapp? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:36 AM Subject: Re: Please Help You can 1) Restart Tomcat or your web app, or 2) read this: http://stackoverflow.com/questions/415520/how-do-i-make-tomcat-stop-caching-my-servlet-responses -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:47 PM To: Tomcat Users List Subject: Re: Please Help I am having problem particularly with running Servlets programs.. Though I clear browser history, delete .class file and comile .java file again, it shows old results..So from where it come? Is Tomcat is storing it at somewhere? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:08 AM Subject: Re: Please Help So. *what* is it not showing? Is it a JSP? If so, what is the time on your tomcat server compared to the time of the JSP. We have this sometimes when we deploy and find we have to update a JSP within a very short period of time, and our Tomcat server in our COLO is 2 time zones off. The JSP gets the local time, and if the server has compiled it, then it thinks the new JSP has already been compiled. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:32 PM To: Tomcat Subject: Please Help One problem I am having Using Tomcat 6.0 is it doesn't reflect the change what I made instantaneously.. I mean it keep showing old results though I have disabled option of 'Remembering History' in browser.. What I feel is it is fetching old results from somewhere and now it's not by browser.. So how to configure Tomcat 6.0 so that it never remember anything and do process entirely new every time when it comes the execution part.. Regards,Jinal Dhruv - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Please Help
I suspect you installed Tomcat as a service. If so, you should be able to find the tomcat monitoring application. Click on your start icon in Win7 and then, in the search box, type Tomcat. Hopefully, you will see a Monitor Tomcat entry. Right-click over that, and select Run As Administrator. Once you get the screen up, you should have a set of tabs (General, Log On, Logging, ...). On the General tab, you should have buttons along the bottom, Start, Stop, Pause, and Restart. If the tomcat service is running, click Stop. Once stopped, click Start. To restart just the web app, you can run the manager application (if you installed it). Open a browser window and enter: http://localhost:8080/manager/html If that works, then you installed the manager app, and this will allow you to control individual applications. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 2:12 PM To: Tomcat Users List Subject: Re: Please Help Actually, I am using Tomcat from last 15 days only..One thing worked is if I restart PC, then it works fine..so it looks like restarting Tomcat works.. The problem on given link is excatly what I am facing..Thanx a ton for this.. but still can U tell me exactly how to restart Tomcat without restarting PC as one green signal is not appearing in my taskbar and I am using Windows7 as well as what do you mean by restarting webapp? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:36 AM Subject: Re: Please Help You can 1) Restart Tomcat or your web app, or 2) read this: http://stackoverflow.com/questions/415520/how-do-i-make-tomcat-stop-caching-my-servlet-responses -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:47 PM To: Tomcat Users List Subject: Re: Please Help I am having problem particularly with running Servlets programs.. Though I clear browser history, delete .class file and comile .java file again, it shows old results..So from where it come? Is Tomcat is storing it at somewhere? From: Joseph Morgan joseph.mor...@ignitesales.com To: Tomcat Users List users@tomcat.apache.org; Jinal Dhruv dhruv.ji...@yahoo.com Sent: Wednesday, 30 March 2011 12:08 AM Subject: Re: Please Help So. *what* is it not showing? Is it a JSP? If so, what is the time on your tomcat server compared to the time of the JSP. We have this sometimes when we deploy and find we have to update a JSP within a very short period of time, and our Tomcat server in our COLO is 2 time zones off. The JSP gets the local time, and if the server has compiled it, then it thinks the new JSP has already been compiled. -Original Message- From: Jinal Dhruv [mailto:dhruv.ji...@yahoo.com] Sent: Tuesday, March 29, 2011 1:32 PM To: Tomcat Subject: Please Help One problem I am having Using Tomcat 6.0 is it doesn't reflect the change what I made instantaneously.. I mean it keep showing old results though I have disabled option of 'Remembering History' in browser.. What I feel is it is fetching old results from somewhere and now it's not by browser.. So how to configure Tomcat 6.0 so that it never remember anything and do process entirely new every time when it comes the execution part.. Regards,Jinal Dhruv - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication: Issue 49318 vs 47679
Would adding support for client credential delegation be out of scope
for this implementation or not?
Client credential delegation is when you use the spnego token
construct a javax.security.auth.Subject instance that represents the
client - which the server side application can use this to impersonate
the client (eg. connect to some Kerberized database as the client that
sent the request, or consume some other kerberized service as the
client).
The code for creating such a Subject would be something like this:
GSSContext context =
GSSManager.getInstance().createContext((GSSCredential) null);
context.acceptSecContext(...);
//check if the credentials can be delegated
if (!context.getCredDelegState()) {
//get the delegated credentials from the calling peer...
GSSCredential clientCred = context.getDelegCred();
//Create a Subject out of the delegated credentials.
//With this Subject the application server can impersonate the
client that sent the request.
Subject clientSubject =
com.sun.security.jgss.GSSUtil.createSubject(context.getSrcName(),
clientCred);
}
//Store the clientSubject somewhere - maybe to the HttpServletRequest?
I am sure this would be useful for some applications - for example the
one that we are currently developing needs functionality like this.
On Tue, Mar 29, 2011 at 9:09 PM, Mark Thomas ma...@apache.org wrote:
On 29/03/2011 15:20, Mark Thomas wrote:
On 28/03/2011 22:31, Stefan Mayr wrote:
Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
your scale of little. Is there already some development we can follow?
Will this use Java GSS? I never figured out how to configure this with
Tomcat.
little hopefully means the next week or so in a 7.0.12 release. I have
a handful of things I need/want to get into 7.0.12 and SPNEGO is one of
them.
Having spent more time than I want to think about and having lost count
of the number of times I re-installed Windows 2k8 server to test this, I
finally got this working a few minutes ago. The current code is *very*
rough and ready and it only does authentication, not authorisation so I
still have some work to do.
The solution is based on ideas from Spring Security's Kerberos extension
and the most recent patches attached to bug 48685.
I'll be committing an initial implementation once I have cleaned up the
code a bit and then I'll build on that to add authorisation, more
configuration etc.
The first part just got committed [1]. More to follow over the next day
or so.
Mark
[1] http://svn.apache.org/viewvc?rev=1086683view=rev
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
Why?
Because YES!
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication: Issue 49318 vs 47679
Whoops, i reversed the condition of the if statement, it should be:
//check if the credentials can be delegated
if (context.getCredDelegState()) {
...
}
On Tue, Mar 29, 2011 at 9:47 PM, Borut Hadžialić
borut.hadzia...@gmail.com wrote:
Would adding support for client credential delegation be out of scope
for this implementation or not?
Client credential delegation is when you use the spnego token
construct a javax.security.auth.Subject instance that represents the
client - which the server side application can use this to impersonate
the client (eg. connect to some Kerberized database as the client that
sent the request, or consume some other kerberized service as the
client).
The code for creating such a Subject would be something like this:
GSSContext context =
GSSManager.getInstance().createContext((GSSCredential) null);
context.acceptSecContext(...);
//check if the credentials can be delegated
if (!context.getCredDelegState()) {
//get the delegated credentials from the calling peer...
GSSCredential clientCred = context.getDelegCred();
//Create a Subject out of the delegated credentials.
//With this Subject the application server can impersonate the
client that sent the request.
Subject clientSubject =
com.sun.security.jgss.GSSUtil.createSubject(context.getSrcName(),
clientCred);
}
//Store the clientSubject somewhere - maybe to the HttpServletRequest?
I am sure this would be useful for some applications - for example the
one that we are currently developing needs functionality like this.
On Tue, Mar 29, 2011 at 9:09 PM, Mark Thomas ma...@apache.org wrote:
On 29/03/2011 15:20, Mark Thomas wrote:
On 28/03/2011 22:31, Stefan Mayr wrote:
Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
your scale of little. Is there already some development we can follow?
Will this use Java GSS? I never figured out how to configure this with
Tomcat.
little hopefully means the next week or so in a 7.0.12 release. I have
a handful of things I need/want to get into 7.0.12 and SPNEGO is one of
them.
Having spent more time than I want to think about and having lost count
of the number of times I re-installed Windows 2k8 server to test this, I
finally got this working a few minutes ago. The current code is *very*
rough and ready and it only does authentication, not authorisation so I
still have some work to do.
The solution is based on ideas from Spring Security's Kerberos extension
and the most recent patches attached to bug 48685.
I'll be committing an initial implementation once I have cleaned up the
code a bit and then I'll build on that to add authorisation, more
configuration etc.
The first part just got committed [1]. More to follow over the next day
or so.
Mark
[1] http://svn.apache.org/viewvc?rev=1086683view=rev
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
Why?
Because YES!
--
Why?
Because YES!
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication: Issue 49318 vs 47679
On 29/03/2011 20:47, Borut Hadžialić wrote: Would adding support for client credential delegation be out of scope for this implementation or not? It is in scope with the caveat - as always - that it depends on what the final implementation looks like. I do know (from debug logging) that right now tokens do not allow delegation. I suspect the hardest part of implementing this will be figuring out what config needs tweaking to allow that. //Store the clientSubject somewhere - maybe to the HttpServletRequest? That needs a little more thought. I am leaning towards a request attribute at the moment unless I can find a way to get it into the result of getUserPrincipal() (which I don't think I can without requiring a cast to a Tomcat internal class which is just horrible). I am sure this would be useful for some applications - for example the one that we are currently developing needs functionality like this. Testing help always appreciated if you are happy running the latest 7.0.x release (this should be in 7.0.12 which I plan to start releasing just as soon as I finish everything on my todo list). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication: Issue 49318 vs 47679
On Tue, Mar 29, 2011 at 9:57 PM, Mark Thomas ma...@apache.org wrote: It is in scope with the caveat - as always - that it depends on what the final implementation looks like. I do know (from debug logging) that right now tokens do not allow delegation. I suspect the hardest part of implementing this will be figuring out what config needs tweaking to allow that. I think that credential delegation is configured at the domain controller and client side, as this nice article describes: http://spnego.sourceforge.net/credential_delegation.html I am sure this would be useful for some applications - for example the one that we are currently developing needs functionality like this. Testing help always appreciated if you are happy running the latest 7.0.x release (this should be in 7.0.12 which I plan to start releasing just as soon as I finish everything on my todo list). We already have some hand written custom code for this. We will not be switching to 7.0.x (we will be deploying to tcServer in producion, and it will probably take lots of time for 7.0.12 changes to appear in some version of tcServer, so we need the custom code we have at the moment). I might however try to deploy our app to 7.0.12 when it is out - and see how much of our custom code will get removed by this spnego support that you are writing now. -- Why? Because YES! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows Authentication: Issue 49318 vs 47679
On 29/03/2011 21:18, Borut Hadžialić wrote: On Tue, Mar 29, 2011 at 9:57 PM, Mark Thomas ma...@apache.org wrote: It is in scope with the caveat - as always - that it depends on what the final implementation looks like. I do know (from debug logging) that right now tokens do not allow delegation. I suspect the hardest part of implementing this will be figuring out what config needs tweaking to allow that. I think that credential delegation is configured at the domain controller and client side, as this nice article describes: http://spnego.sourceforge.net/credential_delegation.html Thanks. That is one of the many articles I have read over the last few days but I had forgotten which ones mentioned what. I'll take a look. I am sure this would be useful for some applications - for example the one that we are currently developing needs functionality like this. Testing help always appreciated if you are happy running the latest 7.0.x release (this should be in 7.0.12 which I plan to start releasing just as soon as I finish everything on my todo list). We already have some hand written custom code for this. We will not be switching to 7.0.x (we will be deploying to tcServer in producion, and it will probably take lots of time for 7.0.12 changes to appear in some version of tcServer, so we need the custom code we have at the moment). Fair enough. off-topic With my VMware hat on that is is probably going to be sooner than you think it is but I can't give you any firm dates. /off-topic I might however try to deploy our app to 7.0.12 when it is out - and see how much of our custom code will get removed by this spnego support that you are writing now. That would be great. Any testing and feedback is always helpful. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Caching Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jinal, On 3/29/2011 4:01 PM, Jinal Dhruv wrote: I want Tomcat to stop catching my servlet responses and I cant understand the solution at http://stackoverflow.com/questions/415520/how-do-i-make-tomcat-stop-caching-my-servlet-responses That's because the proposed solution isn't one. Here are your options: 1. Use the manager to reload the web app (undeploy/redeploy should not be necessary: a simple reload should work) ( http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Reload_An_Existing_Application ) 2. Set the element in META-INF/context.xml to have reloadable=true ( http://tomcat.apache.org/tomcat-6.0-doc/config/context.html ) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2SQu8ACgkQ9CaO5/Lv0PASiACdFViaKOGVUSQnOn0nM1cDOy/q bfQAoJFklSKNwedSAfMoJXhnBKqzAG2o =/jWG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging request parameters - Filter vs Servlet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 3/29/2011 12:57 PM, Leo Donahue - PLANDEVX wrote: Where do you initialize the Logger (Filter or Servlet)? Which logger? The servlet 2.5 spec says you can use filters for logging, but since I'm not modifying the request or response, is logging from within a filter the right approach to logging request parameters? That depends upon your requirements. What are they? Note that reading request parameters in a Filter may trigger parsing of a POST request body which may not be something you want to happen on every request. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2SQ2QACgkQ9CaO5/Lv0PCkogCfcjmdq3Y2nEboa10pIoqx532R Wv0An0lqu05E16lGvZNOYBUedUFHAAF3 =VaL5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Caching Problem
I dont understand second option..Can U explain a bit more? From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, 30 March 2011 2:07 AM Subject: Re: Tomcat Caching Problem -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jinal, On 3/29/2011 4:01 PM, Jinal Dhruv wrote: I want Tomcat to stop catching my servlet responses and I cant understand the solution at http://stackoverflow.com/questions/415520/how-do-i-make-tomcat-stop-caching-my-servlet-responses That's because the proposed solution isn't one. Here are your options: 1. Use the manager to reload the web app (undeploy/redeploy should not be necessary: a simple reload should work) ( http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Reload_An_Existing_Application ) 2. Set the element in META-INF/context.xml to have reloadable=true ( http://tomcat.apache.org/tomcat-6.0-doc/config/context.html ) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2SQu8ACgkQ9CaO5/Lv0PASiACdFViaKOGVUSQnOn0nM1cDOy/q bfQAoJFklSKNwedSAfMoJXhnBKqzAG2o =/jWG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Caching Problem
On 29 March 2011 21:47, Jinal Dhruv dhruv.ji...@yahoo.com wrote: I dont understand second option..Can U explain a bit more? In case you cannot access the cited document: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html#Common%20Attributes it says: reloadable Set to true if you want Catalina to monitor classes in /WEB-INF/classes/ and /WEB-INF/lib for changes, and automatically reload the web application if a change is detected. This feature is very useful during application development, but it requires significant runtime overhead and is not recommended for use on deployed production applications. That's why the default setting for this attribute is false. You can use the Manager web application, however, to trigger reloads of deployed applications on demand. From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, 30 March 2011 2:07 AM Subject: Re: Tomcat Caching Problem -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jinal, On 3/29/2011 4:01 PM, Jinal Dhruv wrote: I want Tomcat to stop catching my servlet responses and I cant understand the solution at http://stackoverflow.com/questions/415520/how-do-i-make-tomcat-stop-caching-my-servlet-responses That's because the proposed solution isn't one. Here are your options: 1. Use the manager to reload the web app (undeploy/redeploy should not be necessary: a simple reload should work) ( http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Reload_An_Existing_Application ) 2. Set the element in META-INF/context.xml to have reloadable=true ( http://tomcat.apache.org/tomcat-6.0-doc/config/context.html ) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2SQu8ACgkQ9CaO5/Lv0PASiACdFViaKOGVUSQnOn0nM1cDOy/q bfQAoJFklSKNwedSAfMoJXhnBKqzAG2o =/jWG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Logging request parameters - Filter vs Servlet
Chris, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Logging request parameters - Filter vs Servlet Leo, On 3/29/2011 12:57 PM, Leo Donahue - PLANDEVX wrote: Where do you initialize the Logger (Filter or Servlet)? Which logger? I don't know what I don't know... Log4j I guess. That is what everyone recommends. The servlet 2.5 spec says you can use filters for logging, but since I'm not modifying the request or response, is logging from within a filter the right approach to logging request parameters? That depends upon your requirements. What are they? I just want to capture the request parameters on a certain web app and log them (time and what they were) in a separate log file from the standard logs, so that I don't have to hunt them down in the standard Tomcat logs. The security tool that our telecom office uses for auditing our sites makes quite a mess of my standard logs periodically. Note that reading request parameters in a Filter may trigger parsing of a POST request body which may not be something you want to happen on every request. An example of things I don't know that I don't know... Leo
Re: Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster
Hi Am 29.03.2011 12:28, schrieb Rainer Jung: On 29.03.2011 12:07, Richard Levy wrote: ... The current setup involves two intelligent load-balancers that terminates SSL then hands over to Oracle 10g. The 10g stack has custom Oracle versions of Apache which have configuration options not found in standard Apache and appear to have made configuration simpler. For instance, there is a simulateHttps directive that you can give to a virtual host in Oracle Apache which does not exist in the standard version. Using that option, we simply have 2 virtual hosts defined in Apache, one for http traffic and one for https traffic (with simulateHttps set to on). They both forward to OC4J and it works fine. You can achieve this with standard Apache and mod_jk esily to. That's what we have in production: 1. Our intelligent Loadbalancer controls an additional HTTP-Request-Header Front-End-Https (default off, on when using SSL). 2. Our Apache is one VirtualHost using the following block for SSL detection: IfModule env_module # Fake SSL if Loadbalancer does SSL-Offload SetEnvIf Front-End-Https ^on$ HTTPS=on /IfModule Advantage: 1. as we use the same backend for ssl and non-ssl-traffic the session affinity still works switching between HTTP and HTTPS 2. Reduced Apache configuration as we don't need to double VirtualHosts for SSL 3. Transparent to the Java Applications. The Application won't notice we've cheated :-) With the new architecture we have two load-balancer which round-robin to two Apache servers. These servers connect to two Tomcat servers which are configured with a mod_jk loadbalancer using session affinity. Through config we have separated HTTP HTTPS traffic. We have done this because the application needs to identify when it is secure, which we do by simulating HTTP using settings in the connector in the Tomcat server.xml. This is detailed further down. Obviously we want to keep the same functionality on the Apache/Tomcat stack, and also retain the termination of SSL at the load-balancer, but are having trouble when the application switches to HTTPS. It works fine if we have a single Tomcat instance running, but once the 2nd Tomcat instance is enabled, moving to HTTPS fails because a new session is created. I went only brievly thourgh your configuration list and communication behavior, but thanks for the details! I suggest you try the following: - use only one connector per Tomcat instance, so only one jvmRoute and only one worker per Tomcat - let Apache via mod_jk inform the connector, whether the request came via HTTP or (fake) HTTPS - still do the redirect, but now because of only one connector you have only one jvmRoute and only one worker per Tomcat. So stickyness should work again. How can Apache forward the HTTP vs. (fake) HTTPS info via mod_jk? mod_jk automatically forwards the info whether the request was HTTPS. When the application checks it, the Tomcat AJP connector retrieves the info from what mod_jk forwarded it was and presents it to the application. AJP itself is never encrypted. Where does mod_jk get the info from? By default it checks an Apache environment variable named HTTPS, which is set by Apache whenever it handles an HTTPS request. You can also set the HTTPS environment variable by your Apache config, but it is better to understand not to overload the meaning of the variable. Instead: - tell mod_jk to look for another, private variable which contains the info whether the rquest was HTTP or (fake) HTTPS: JkHTTPSIndicator MyHTTPSVariable (you can choose the name MyHTTPSVariable) - set the variable MyHTTPSVariable to On in the Apache Virtual Host that receives your fake HTTPS requests SetEnv JkHTTPSIndicator On (for this mod_env must be enabled) That's it :) Guess that's cleaner then what we did. I'll put swapping HTTPS with JkHTTPSIndicator on my todo-list. Stefan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster
Am 29.03.2011 16:19, schrieb Jeffrey Janner: OK, I'm sure some of you guys can weigh in better on this than me, but: If he already has two intelligent load-balancers terminating the SSL, couldn't he simplify the configuration a good bit by removing the Apache servers all together? That is, couldn't he just run Tomcat as a stand-alone cluster with HTTP/HTTPS connectors instead of AJP? -- Jeff To answer my own question: Unless he needs the Apache httpd setup to insure session stickyness because his intelligent load-balancers cannot provide it. There are other reasons too: - adding addition access restricions not handled in tomcat - adding custom errorpages - offloading static content from tomcat - doing some rewriting - ... Apache httpd may not be very lightweight but it is very feature rich. Often it is the only point you can additionaly influence closed application running in tomcat Stefan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Bug Help
In order to circimvent this bug https://issues.jboss.org/browse/JBPAPP-366 what should I exactly have in apache 2 properties. We often see cping/cpong after connecting to the backend server failed (errno=110) and bunch of 503s Current worker.properties look something like this: worker.app1.type=ajp13 worker.app1.port=8009 worker.app1.host=app1.data.ie.intuit.net worker.app1.socket_keepalive=true worker.app1.prepost_timeout=5000 worker.app1.connect_timeout=5000 worker.app1.retries=1 worker.app1.socket_connect_timeout=1000 worker.app1.ping_mode=A worker.app1.ping_timeout=5000 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Caching Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jinal, On 3/29/2011 4:47 PM, Jinal Dhruv wrote: I dont understand second option..Can U explain a bit more? Read the documentation reference I sent to you. Search for reloadable. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2SkU4ACgkQ9CaO5/Lv0PBJXACgp/1NjWtIDy1pXk6TxMUGqJSC iAkAoJrxM1uQsivb/56Pk4YOMFryGafd =2ee1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
