Re: Tomcat memory usage 3.3 vs 5.5
1) Reduce the number of applications you load during start-up. 2) Remove unwanted jars from WEB-INF/lib and also from /common/lib 3) Also remove wherever the jars seem to be unnecessary. -- View this message in context: http://www.nabble.com/Tomcat-memory-usage-3.3-vs-5.5-t1472557.html#a3982404 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat memory usage 3.3 vs 5.5
Hello all, We run tomcat inside an embedded system and we are planning to upgrade the tomcat version from 3.3.1 to 5.5.16. We noticed that the memory footprint of a barebones tomcat 5.5 installation is 44 MB. Plain and simple Tomcat 3.3 used to run with 25 MB. We have limited memory on our system and the memory usage of tomcat 5.5 is a concern for us. The numbers above are the resident set size (RSS) on a linux system. When we took the above numbers, both the tomcats had the same heap setting (min: 25 - max: 30 mb). When we run our webapps, which add another 20 jars in the classpath, the steady state memory usage is 50 MB with Tomcat 3.3 and 66 MB with Tomcat 5.5. Has anyone else solved a similar problem before ? Can I try and tweak tomcat 5.5 to run in less memory ? Our server.xml is the minimal configuration possible. Regards, Abhi. OS: Linux / RedHat 7.3 JVM: IBM 1.4.2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: DBCP 1.1 minIdle parameter - does it work in Tomcat 4.1.18?
Marc, thanks - but not sure what you mean by "connections retrieved from the pool.". If I issue an MySQL "SHOW PROCESSLIST" it still just shows two connections for the datasource user, not the 10 I would expect given a value of 10 for minIdle. -Original Message- From: Marc Farrow [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 18, 2006 8:53 PM To: Tomcat Users List; [EMAIL PROTECTED] Subject: Re: DBCP 1.1 minIdle parameter - does it work in Tomcat 4.1.18? This also possibly could be related to the use of the connections retrieved from the pool. On 4/18/06, Richard Mixon <[EMAIL PROTECTED]> wrote: > > I'm (still) trying to figure out a problem with our connection pool > locking up - all threads waiting for a connection from the DBCP pool, > such as following from a thread dump: > > ... > "Thread-28" daemon prio=1 tid=0xac9dedc8 nid=0x5256 waiting for > monitor entry [0xb0607000..0xb0608580] at > org.apache.commons.dbcp.AbandonedObjectPool.borrowObject > (AbandonedObjectPool > .java:111) > - waiting to lock <0x4a26b950> (a > org.apache.commons.dbcp.AbandonedObjectPool) > at > org.apache.commons.dbcp.PoolingDataSource.getConnection( > PoolingDataSource.ja > va:110) > at > org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource. > java > :3 > 12) > at com.acme.Connector.CreateConnection(Connector.java:56) > ... > > > I set DBCP connection parameters as follows, expecting to always see a > minimum of 10 idle connections. But when I look at MySQL (4.0.18) I > only see > 1 or 2 connections. What gives, does minIdle not work as I am expecting? > > Thank you - Richard > > ... > type="javax.sql.DataSource"/> > > >url > ... > > removeAbandoned > true > > > removeAbandonedTimeout > 60 > > > logAbandoned > true > > > > maxActive > 100 > > > maxWait > 3 > > > maxIdle > 30 > > > minIdle > 10 > > > ... > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Marc Farrow - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.16 configuration problem--THIRD RESEND
thanks for the recap. On 4/18/06, Scott Smith <[EMAIL PROTECTED]> wrote: > > OK. Everything is now working. > > Things I learned: > 1. The "Info" message concerning servlet.jar is really an error > message. Things simply don't work if you have a servlet.jar, > servlet-api.jar or jsp-api.jar file in your WEB-INF/lib directory. This > was most of my problem. > 2. The docBase is not required in a Context (despite what the > documentation says). If you think about a context.xml file in a > META-INF directory, it makes sense that would be the case. You don't > need a path either. > 3. There was a minor problem in the Realm I presented. If the Realm > and the Resource it refers to are together in a Context, then you need a > localDataSource="true" in the Realm to make it work. > > Thanks to everyone who offered suggestions. It got me going down the > right path. > > Scott > > -Original Message- > From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] > Sent: Monday, April 17, 2006 7:29 AM > To: Tomcat Users List > Subject: Re: Tomcat 5.5.16 configuration problem--THIRD RESEND > > do you have more than one docBase specified? > also, servlet.jar etc should not be in your WEB-INF/lib > > Scott Smith wrote: > > OK, I removed the unnecessary Contexts (at least they are unnecessary > > for the time being) and did notice the following messages. > > > > WARNING: A docBase c:\webapps\myapp inside the host appBase has been > > specified, and will be ignored > > Apr 15, 2006 2:09:41 AM org.apache.catalina.loader.WebappClassLoader > > validateJarFile > > INFO: > > > validateJarFile(D:\MSD\Prog0\NewsBrowser\webapps\medias\WEB-INF\lib\serv > > let-api.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. > > Offending class: javax/servlet/Servlet.class > > Apr 15, 2006 2:09:41 AM org.apache.catalina.loader.WebappClassLoader > > validateJarFile > > INFO: > > > validateJarFile(D:\MSD\Prog0\NewsBrowser\webapps\medias\WEB-INF\lib\serv > > let.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. > > Offending class: javax/servlet/Servlet.class > > > > The first Warning certainly sounds ominous--but, I don't know what it > > means. I did some googling which seemed to imply that it's probably > > caused by the Context error in the webapp itself. I don't know what > the > > others mean. So, I'm still at square one. > > > > > > -Original Message- > > From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] > > Sent: Friday, April 14, 2006 6:58 PM > > To: Tomcat Users List > > Subject: Re: Tomcat 5.5.16 configuration problem--THIRD RESEND > > > > maybe I should read the docs ;) > > > > yes, any container can have it, > > > > Filip Hanik - Dev Lists wrote: > > > >> exactly, the realm element doesn't belong there, read up on the docs > >> > >> Scott Smith wrote: > >> > >>> I am also doing Forms authentication...but I haven't got that far > >>> > > since > > > >>> the webapp doesn't initialize yet. > >>> > >>> This app used to use the struts tag, but I'm trying > to > >>> move it to jndi. > >>> > >>> -Original Message- > >>> From: Marc Farrow [mailto:[EMAIL PROTECTED] Sent: Friday, April > > >>> 14, 2006 5:05 PM > >>> To: Tomcat Users List > >>> Subject: Re: Tomcat 5.5.16 configuration problem--THIRD RESEND > >>> > >>> What are you trying to accomplish with the tag? > >>> > >>> > >>> > >>> > >>> On 4/14/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote: > >>> > >>> > check your log files upon startup, your myapp.xml doesn't have a > > > >>> docBase > >>> > >>> > attribute to associate it with the app itself. > path="/myapp">. > > Scott Smith wrote: > > > > Sorry, I sent this so many times. Hopefully, I have all of the > > > > > >>> typos > >>> > >>> > > out of it this time... > > > > > > > > I have specified the following as myapp.xml in the > > conf\Catalina\locahost directory: > > > > > > > > > > > > > > > > > > > type="javax.sql.DataSource" > > > > username="user" password="pswd" > > > > > > driverClassName="net.sourceforge.jtds.jdbc.Driver" > > > > > > > > > > > > > url="jdbc:jtds:sqlserver://127.0.0.1:1433;DatabaseName=MyDB;SelectMethod > > > >>> > >>> > > =cursor" > > > > maxActive="30" maxIdle="20" minIdle="10" > > maxWait="2" /> > > > > > > > > >>> className="org.apache.catalina.realm.DataSourceRealm" > >>> > >>> > > debug="99" > > > > dataSourceName="jdbc/MyDB" > > > > userTable="zUsers" userNameCol="zUserName" > > userCredCol="zPassword" > > > > userRoleTable="wsViewRoles" > > > > > >>> roleNameCol="zRole" > >>> > >>> > > /> > > > > > > > >
Re: DBCP 1.1 minIdle parameter - does it work in Tomcat 4.1.18?
This also possibly could be related to the use of the connections retrieved from the pool. On 4/18/06, Richard Mixon <[EMAIL PROTECTED]> wrote: > > I'm (still) trying to figure out a problem with our connection pool > locking > up - all threads waiting for a connection from the DBCP pool, such as > following from a thread dump: > > ... > "Thread-28" daemon prio=1 tid=0xac9dedc8 nid=0x5256 waiting for monitor > entry [0xb0607000..0xb0608580] > at > org.apache.commons.dbcp.AbandonedObjectPool.borrowObject > (AbandonedObjectPool > .java:111) > - waiting to lock <0x4a26b950> (a > org.apache.commons.dbcp.AbandonedObjectPool) > at > org.apache.commons.dbcp.PoolingDataSource.getConnection( > PoolingDataSource.ja > va:110) > at > org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java > :3 > 12) > at com.acme.Connector.CreateConnection(Connector.java:56) > ... > > > I set DBCP connection parameters as follows, expecting to always see a > minimum of 10 idle connections. But when I look at MySQL (4.0.18) I only > see > 1 or 2 connections. What gives, does minIdle not work as I am expecting? > > Thank you - Richard > > ... > type="javax.sql.DataSource"/> > > >url > ... > > removeAbandoned > true > > > removeAbandonedTimeout > 60 > > > logAbandoned > true > > > > > maxActive > 100 > > > maxWait > 3 > > > maxIdle > 30 > > > minIdle > 10 > > > ... > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Marc Farrow
tomcat, realms and tomcatAuthentication=false
I'm trying to get tomcat to accept remote_user from apache via mod_jk, but still use an existing role-based realm implementation. If necessary, I am looking into modifying Tomcat to do this, but I'd really rather not reinvent this wheel if a) it's not necessary or b) if someone out there has already done it. Basically, I'm trying to get pubcookie to work with my existing realm implementation and apps. Pubcookie sets remote_user in Apache. If you set tomcatAuthentication=false in the coyote connector, it passes remote_user from mod_jk to Tomcat. This works fine. However, you get no roles--you need to roll your own roles (sorry) in each app. I'd really like to (and assume others would as well) allow Apache to set remote_user, and then use that with a nice, modular, pre-built realm implementation. It would mean having to do some parallel configuration in apache to match web.xml security constraints, but we already have to do similar things to make mod_jk work, anyway. It appears the connector builds its own Principal, Ajp13Principal, and sticks it into the request, but it knows nothing about implemented realms, so it ignores them. I'm guessing I'd need to modify AuthenticatorBase to recognize some type of flag passed in the request (from the connector setup), and some generic realm password, so it can call the authenticate method and fill in the roles. So my questions are basically: is there a better way? 1) that doesn't involve altering Tomcat or 2) has already been done or 3) alters Tomcat in a better way? Thanks for any wisdom. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.5.16 configuration problem--THIRD RESEND
OK. Everything is now working. Things I learned: 1. The "Info" message concerning servlet.jar is really an error message. Things simply don't work if you have a servlet.jar, servlet-api.jar or jsp-api.jar file in your WEB-INF/lib directory. This was most of my problem. 2. The docBase is not required in a Context (despite what the documentation says). If you think about a context.xml file in a META-INF directory, it makes sense that would be the case. You don't need a path either. 3. There was a minor problem in the Realm I presented. If the Realm and the Resource it refers to are together in a Context, then you need a localDataSource="true" in the Realm to make it work. Thanks to everyone who offered suggestions. It got me going down the right path. Scott -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: Monday, April 17, 2006 7:29 AM To: Tomcat Users List Subject: Re: Tomcat 5.5.16 configuration problem--THIRD RESEND do you have more than one docBase specified? also, servlet.jar etc should not be in your WEB-INF/lib Scott Smith wrote: > OK, I removed the unnecessary Contexts (at least they are unnecessary > for the time being) and did notice the following messages. > > WARNING: A docBase c:\webapps\myapp inside the host appBase has been > specified, and will be ignored > Apr 15, 2006 2:09:41 AM org.apache.catalina.loader.WebappClassLoader > validateJarFile > INFO: > validateJarFile(D:\MSD\Prog0\NewsBrowser\webapps\medias\WEB-INF\lib\serv > let-api.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. > Offending class: javax/servlet/Servlet.class > Apr 15, 2006 2:09:41 AM org.apache.catalina.loader.WebappClassLoader > validateJarFile > INFO: > validateJarFile(D:\MSD\Prog0\NewsBrowser\webapps\medias\WEB-INF\lib\serv > let.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. > Offending class: javax/servlet/Servlet.class > > The first Warning certainly sounds ominous--but, I don't know what it > means. I did some googling which seemed to imply that it's probably > caused by the Context error in the webapp itself. I don't know what the > others mean. So, I'm still at square one. > > > -Original Message- > From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] > Sent: Friday, April 14, 2006 6:58 PM > To: Tomcat Users List > Subject: Re: Tomcat 5.5.16 configuration problem--THIRD RESEND > > maybe I should read the docs ;) > > yes, any container can have it, > > Filip Hanik - Dev Lists wrote: > >> exactly, the realm element doesn't belong there, read up on the docs >> >> Scott Smith wrote: >> >>> I am also doing Forms authentication...but I haven't got that far >>> > since > >>> the webapp doesn't initialize yet. >>> >>> This app used to use the struts tag, but I'm trying to >>> move it to jndi. >>> >>> -Original Message- >>> From: Marc Farrow [mailto:[EMAIL PROTECTED] Sent: Friday, April >>> 14, 2006 5:05 PM >>> To: Tomcat Users List >>> Subject: Re: Tomcat 5.5.16 configuration problem--THIRD RESEND >>> >>> What are you trying to accomplish with the tag? >>> >>> >>> >>> >>> On 4/14/06, Filip Hanik - Dev Lists <[EMAIL PROTECTED]> wrote: >>> >>> check your log files upon startup, your myapp.xml doesn't have a >>> docBase >>> >>> attribute to associate it with the app itself. >>> path="/myapp">. Scott Smith wrote: > Sorry, I sent this so many times. Hopefully, I have all of the > > >>> typos >>> >>> > out of it this time... > > > > I have specified the following as myapp.xml in the > conf\Catalina\locahost directory: > > > > > > > > > type="javax.sql.DataSource" > > username="user" password="pswd" > > > driverClassName="net.sourceforge.jtds.jdbc.Driver" > > > > > > url="jdbc:jtds:sqlserver://127.0.0.1:1433;DatabaseName=MyDB;SelectMethod > >>> >>> > =cursor" > > maxActive="30" maxIdle="20" minIdle="10" > maxWait="2" /> > > > >>> className="org.apache.catalina.realm.DataSourceRealm" >>> >>> > debug="99" > > dataSourceName="jdbc/MyDB" > > userTable="zUsers" userNameCol="zUserName" > userCredCol="zPassword" > > userRoleTable="wsViewRoles" > > >>> roleNameCol="zRole" >>> >>> > /> > > > > > > In my web.xml file I have: > > > > > > jdbc/MyDB > > javax.sql.DataSource > > Container > > > > > > But, when I execute the code
DBCP 1.1 minIdle parameter - does it work in Tomcat 4.1.18?
I'm (still) trying to figure out a problem with our connection pool locking up - all threads waiting for a connection from the DBCP pool, such as following from a thread dump: ... "Thread-28" daemon prio=1 tid=0xac9dedc8 nid=0x5256 waiting for monitor entry [0xb0607000..0xb0608580] at org.apache.commons.dbcp.AbandonedObjectPool.borrowObject(AbandonedObjectPool .java:111) - waiting to lock <0x4a26b950> (a org.apache.commons.dbcp.AbandonedObjectPool) at org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.ja va:110) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:3 12) at com.acme.Connector.CreateConnection(Connector.java:56) ... I set DBCP connection parameters as follows, expecting to always see a minimum of 10 idle connections. But when I look at MySQL (4.0.18) I only see 1 or 2 connections. What gives, does minIdle not work as I am expecting? Thank you - Richard ... url ... removeAbandoned true removeAbandonedTimeout 60 logAbandoned true maxActive 100 maxWait 3 maxIdle 30 minIdle 10 ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: authentication problem using manager URLs from a script
Mark - Thanks for the pointers. I ended up picking up code from the Tomcat source of org.apache.catalina.ant.AbstractTask and using that to do Basic Authentication. I've got it working now. Garey Mills Library Systems Office UC Berkeley The brain is not where you think On Tue, 18 Apr 2006, Mark Thomas wrote: > Garey Mills wrote: > > Mark - > > > > I have looked at the manager app how-to, and it doesn't describe > > how connect from a script. I have this > > > > > > private static String stop = > > "http://myhost:8080/manager/stop?path=/myapp";; > > > > public static void main(String[] args) { > > > > > > try { > > > > URL stopURL = new URL(stop); > > > > URLConnection cnxn = ustopURL.openConnection(); > > > > cnxn.setRequestProperty("username", "user"); > > cnxn.setRequestProperty("password", "password"); > > > > cnxn.connect(); > > > > > > > > but am still getting 401. Do you have any suggestions? > > This isn't how BASIC authentication works. For details see RFC 2617 or > for the quick solution see the applyHttpBasicAuthentication method in > http://marc2.theaimsgroup.com/?l=fop-cvs&m=114069081209918&w=2 > > Alternatively take a look at HTTPClient that will hide all this fun > and games. > > Mark > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: servlet mapping request
Hello Mark on Tomcat Users. 1. Tomcat version is 5.5.9 2. Content of web.xml in (public_html/WEB-INF/web.xml within 'nbfcus' homedir) : http://java.sun.com/j2ee/dtds/web-app_2_2.dtd";> webmaster [EMAIL PROTECTED] The EMAIL address of the administrator to whom questions and comments about this application should be addressed. EventsServlet EventsServlet servletHandler servletHandler EventsServlet /events servletHandler *.do 30 3. Here is requested info from httpd.conf: LoadModule jk_module libexec/mod_jk.so AddModule mod_jk.c ServerAlias nbfc.us ServerAdmin [EMAIL PROTECTED] DocumentRoot /home/nbfcus/public_html BytesLog domlogs/nbfc.us-bytes_log ServerName www.nbfc.us User nbfcus Group nbfcus CustomLog /usr/local/apache/domlogs/nbfc.us combined ScriptAlias /cgi-bin/ /home/nbfcus/public_html/cgi-bin/ JkMount /*.jsp ajp13 JkMount /servlet/* ajp13 JkMount /servlets/* ajp13 I hope this can help you to help me to determine problem. Thx, Raymond P. Jones Ph: 518-446-9845 E: [EMAIL PROTECTED] - Original Message - From: "Mark Thomas" <[EMAIL PROTECTED]> To: "Tomcat Users List" Sent: Saturday, April 15, 2006 12:54 PM Subject: Re: servlet mapping request > Info we need to help you: > > 1. Exact Tomcat version. I would be extremely surprised if this really > is the most recent release (5.5.17) > > 2. The content of your web.xml > > 3. Given that you are using Apache as well, the relevant Jk directives > from your httpd.conf file > > Related to point 3, can you direct your browser to Tomcat directly, > bypassing Apache? If so, does this work? > > Mark > > Raymond P. Jones wrote: > > Hello Tomcat Users. > > I need your help regarding servlet mappings in our WEB-INF/web.xml file running on an Apache webserver with a Tomcat container(most recent release) on a public website. After putting our web.xml file in public\WEB-INF and asking our web host to restart Tomcat, our servlet mappings stilll do not work in our test web page. > > I've searched through many books, even a Tomcat Quickstart book and they all say Tomcat has to be restarted for the servlet mappings in web.xml to work. So we requested a Tomcat restart and after this, the servlet mapping we use gives a error. When I use /servlet/EventsServlet in link, it calls the servlet and it works, but according to Tomcat documentation this is a security issue that we don't want to implement. > > > > I'm hoping that you know what the solution(s) are and can point me in the right direction. > > I'm appreciative for assist that you may provide. > > > > Raymond P. Jones > > Ph: 518-446-9845 > > E: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: authentication problem using manager URLs from a script
Garey Mills wrote: > Mark - > > I have looked at the manager app how-to, and it doesn't describe > how connect from a script. I have this > > > private static String stop = > "http://myhost:8080/manager/stop?path=/myapp";; > > public static void main(String[] args) { > > > try { > > URL stopURL = new URL(stop); > > URLConnection cnxn = ustopURL.openConnection(); > > cnxn.setRequestProperty("username", "user"); > cnxn.setRequestProperty("password", "password"); > > cnxn.connect(); > > > > but am still getting 401. Do you have any suggestions? This isn't how BASIC authentication works. For details see RFC 2617 or for the quick solution see the applyHttpBasicAuthentication method in http://marc2.theaimsgroup.com/?l=fop-cvs&m=114069081209918&w=2 Alternatively take a look at HTTPClient that will hide all this fun and games. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: authentication problem using manager URLs from a script
Mark - I have looked at the manager app how-to, and it doesn't describe how connect from a script. I have this private static String stop = "http://myhost:8080/manager/stop?path=/myapp";; public static void main(String[] args) { try { URL stopURL = new URL(stop); URLConnection cnxn = ustopURL.openConnection(); cnxn.setRequestProperty("username", "user"); cnxn.setRequestProperty("password", "password"); cnxn.connect(); but am still getting 401. Do you have any suggestions? I have a complex app that does a number of things before stopping and starting a web app, and I don't want to have to cram the whole thing int Ant. Any help appreciated; Garey Mills Library Systems Office UC Berkeley The brain is not where you think On Tue, 18 Apr 2006, Mark Thomas wrote: > Marc Farrow wrote: > > You have to use the webdav application provide from tomcat. Check under > > $tomcat_home/webapps/webdav/web.xml. there is a line commented out that > > states some property of read-only = false. by default it is read-only and > > you have to manually turn it on. > > What on earth has webdav got to do with this? > > > On 4/18/06, Garey Mills <[EMAIL PROTECTED]> wrote: > >> Hello - > >> > >>I want to stop and start a context from a Java program running as > >> a cron job. I have tried > >> > >>http://:/manager/stop? > >>username=& > >>password=& > >>path=/ > >> > >> (without the carriage returns, of course). This yields me a 401. Reading > >> the manager app documentation, it doesn't actually explain how to > >> authenticate from a script. How do I do it? > > The user name and password get passed as HTTP headers. The easiest way > is probably to use the provided ant tasks. See the bottom of > http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html for details. > > > Mark > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: authentication problem using manager URLs from a script
Marc Farrow wrote: > You have to use the webdav application provide from tomcat. Check under > $tomcat_home/webapps/webdav/web.xml. there is a line commented out that > states some property of read-only = false. by default it is read-only and > you have to manually turn it on. What on earth has webdav got to do with this? > On 4/18/06, Garey Mills <[EMAIL PROTECTED]> wrote: >> Hello - >> >>I want to stop and start a context from a Java program running as >> a cron job. I have tried >> >>http://:/manager/stop? >>username=& >>password=& >>path=/ >> >> (without the carriage returns, of course). This yields me a 401. Reading >> the manager app documentation, it doesn't actually explain how to >> authenticate from a script. How do I do it? The user name and password get passed as HTTP headers. The easiest way is probably to use the provided ant tasks. See the bottom of http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html for details. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: authentication problem using manager URLs from a script
You have to use the webdav application provide from tomcat. Check under $tomcat_home/webapps/webdav/web.xml. there is a line commented out that states some property of read-only = false. by default it is read-only and you have to manually turn it on. On 4/18/06, Garey Mills <[EMAIL PROTECTED]> wrote: > > Hello - > >I want to stop and start a context from a Java program running as > a cron job. I have tried > >http://:/manager/stop? >username=& >password=& >path=/ > > (without the carriage returns, of course). This yields me a 401. Reading > the manager app documentation, it doesn't actually explain how to > authenticate from a script. How do I do it? > > I apologize if this question has been asked before. I studied the list for > a couple of hours before giving up; > > Garey Mills > Library Systems Office > UC Berkeley > > The brain is not where you think > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Marc Farrow
authentication problem using manager URLs from a script
Hello - I want to stop and start a context from a Java program running as a cron job. I have tried http://:/manager/stop? username=& password=& path=/ (without the carriage returns, of course). This yields me a 401. Reading the manager app documentation, it doesn't actually explain how to authenticate from a script. How do I do it? I apologize if this question has been asked before. I studied the list for a couple of hours before giving up; Garey Mills Library Systems Office UC Berkeley The brain is not where you think - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question: TomCat 3.2
Shaban Ghumri wrote: > Hi, > I would like to know based on your experience with TomCat, if there are > tools that I can use to debug a potential memory leak on servlet running on > TomCat 3.2? Try Googling for Java Profiler. There are a number of tools that could help with this. My personal favourite is YourKit but it is only one of many. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Question: TomCat 3.2
Hi, I would like to know based on your experience with TomCat, if there are tools that I can use to debug a potential memory leak on servlet running on TomCat 3.2? Thanks in advance! Shaban Ghumri
RE: IP Masking
Did you use host name in your tomcat configure file? -Original Message- From: Carl Crawford [mailto:[EMAIL PROTECTED] Sent: April 18, 2006 12:59 PM To: users@tomcat.apache.org Subject: IP Masking System: Tomcat 4.1 Using Tomcats HTTP server Windows 2003 Server Question: Tomcat is showing our IP address instead of our URL. If you type in www.siascend.com and load the page, the url changes to 84.40.31.164. Is there a setting in Tomcat to mask the IP with our url? Thanks, Carl Crawford Director of Media Operations Summit Interactive 318-865-8232 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] !DSPAM:44451ae112344791446556!
Re: IP Masking
It appears your redirect page is responsible for that. If. I replace the IP with your domain name, everything appears to work and the domain name is retained when links are followed. How is your redirect code composing the URL? --David Carl Crawford wrote: System: Tomcat 4.1 Using Tomcats HTTP server Windows 2003 Server Question: Tomcat is showing our IP address instead of our URL. If you type in www.siascend.com and load the page, the url changes to 84.40.31.164. Is there a setting in Tomcat to mask the IP with our url? Thanks, Carl Crawford Director of Media Operations Summit Interactive 318-865-8232 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- David Smith Network Operations Supervisor Department of Entomology Cornell University 2132 Comstock Hall Ithaca, NY 14853 Phone: (607) 255-9571 Fax: (607) 255-0940 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IP Masking
this is your own fault, http://www.siascend.com/index.html content="0;URL=http://84.40.31.164/Ascend/";> as you can see, you are redirecting the browser to the IP address, tomcat doesn't do that for you Filip Carl Crawford wrote: System: Tomcat 4.1 Using Tomcats HTTP server Windows 2003 Server Question: Tomcat is showing our IP address instead of our URL. If you type in www.siascend.com and load the page, the url changes to 84.40.31.164. Is there a setting in Tomcat to mask the IP with our url? Thanks, Carl Crawford Director of Media Operations Summit Interactive 318-865-8232 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
IP Masking
System: Tomcat 4.1 Using Tomcats HTTP server Windows 2003 Server Question: Tomcat is showing our IP address instead of our URL. If you type in www.siascend.com and load the page, the url changes to 84.40.31.164. Is there a setting in Tomcat to mask the IP with our url? Thanks, Carl Crawford Director of Media Operations Summit Interactive 318-865-8232 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Relative Link Question
Thanks, But I with the rewrite I can solve the problem, as you can see on the othe other posts. But I wanted to go one step forward and that is what I can not do, though I've read it is possible and simple. I want to omit the webapp name from the URL so that instead of accessing: http://myserver/webapp/index.htm for example I would just see or type the following: http://myserver/index.htm Appreciated anyway -- View this message in context: http://www.nabble.com/Relative-Link-Question-t1452173.html#a3971825 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Relative Link Question
Sorry, Did not work must be doing something else wrong -- View this message in context: http://www.nabble.com/Relative-Link-Question-t1452173.html#a3971693 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Relative Link Question
Have you tried to set your appBase to D:/Tomcat 5.5/webapps/netprof? sometimes back-slashes cause problems. On 4/18/06, biai <[EMAIL PROTECTED]> wrote: > > > Hi again, > Thank you for all the tips. Some resolved my problems, but the appBase > still > gives me an error. > I've read a lot about it but still does not work. In this latest version > of > testing I only have one Host and it looks like the following: >appBase="D:\Tomcat 5.5\webapps\netprof" >unpackWARs="true"> >www3novo.netprof.pt > > > View this message in context: > http://www.nabble.com/Relative-Link-Question-t1452173.html#a3971429 > Sent from the Tomcat - User forum at Nabble.com. > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Marc Farrow
Re: Relative Link Question
Hi again, Thank you for all the tips. Some resolved my problems, but the appBase still gives me an error. I've read a lot about it but still does not work. In this latest version of testing I only have one Host and it looks like the following: www3novo.netprof.pt
RE: JK Sticky Session Handling with Load Balancing
Lol, ok ok, it works. My stupid fault. The reason my JSP does not output the session ID is because the JSP on tomcat2 does not feature the output statement - I added that to tomcat1's copy only The shame. Thanks to all for the help. -Original Message- From: Allistair Crossley [mailto:[EMAIL PROTECTED] Sent: 18 April 2006 17:10 To: Tomcat Users List Subject: RE: JK Sticky Session Handling with Load Balancing Hi, Thanks for the suggestions, that has led to a solution I think. I used the EAL valve to log inbound and outbound cookies as you suggested. Started both Tomcats, and put a whole bunch of requests in, including new browsers to generate new sessions. The result was that I spotted I made a mistake with my naming of jvmRoute which I did not realise had to reflect the name of the worker. I had called them jvm1 and jvm2 when they needed to be tomcat1 and tomcat2. This seems to have solved the actual issue, with sessions now being maintained on the relevant server ... tomcat1 "Language=en; Country=US" "JSESSIONID=45B40272D7FADB4F574B9B70B9699E51.tomcat1; Path=/" 200 "Language=en; Country=US; JSESSIONID=45B40272D7FADB4F574B9B70B9699E51.tomcat1" - 200 tomcat2 "Language=en; Country=US" "JSESSIONID=1299F640245D5064BFE8118092405723.tomcat2; Path=/" 200 "Language=en; Country=US; JSESSIONID=1299F640245D5064BFE8118092405723.tomcat2" - 200 _However_ ;) The one thing I don't get is that the session id is still blank on the JSP when served by Tomcat 2, whereas on Tomcat 1 I get something like ABDEFAA6D956F1DAACBB8B0A7D0238D4.tomcat1 >From JK logging I can see that the cookie does get set for Tomcat 2 [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (628): Number of headers is = 3 [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (684): Header[0] [Set-Cookie] = [JSESSIONID=4CBDB4270B8239DD4A71D32529BF0A13.tomcat2; Path=/] [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (684): Header[1] [Content-Type] = [text/html;charset=UTF-8] [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (684): Header[2] [Content-Language] = [en-GB] [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (1037): received from ajp13 pos=0 len=1266 max=8192 And a follow-up request matches the same session ID [Tue Apr 18 17:08:43 2006] [1184:2312] [debug] jk_lb_worker.c (514): total sessionid is 4CBDB4270B8239DD4A71D32529BF0A13.tomcat2 [Tue Apr 18 17:08:43 2006] [1184:2312] [debug] jk_lb_worker.c (524): searching worker for partial sessionid 4CBDB4270B8239DD4A71D32529BF0A13.tomcat2 [Tue Apr 18 17:08:43 2006] [1184:2312] [debug] jk_lb_worker.c (532): searching worker for session route tomcat2 [Tue Apr 18 17:08:43 2006] [1184:2312] [debug] jk_lb_worker.c (541): found worker tomcat2 for route tomcat2 and partial sessionid 4CBDB4270B8239DD4A71D32529BF0A13.tomcat2 So I am not sure why my JSP is unable to get a handle on the session ID for tomcat2 sessions only. Best regards, Allistair. -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: 18 April 2006 16:08 To: Tomcat Users List Subject: Re: JK Sticky Session Handling with Load Balancing domain: you don't need the domain attribute. Domai has the following purpose: Once you start replicating sessions between tomcats and you build up a huge group of tomcat instances and break it up into smaller groups which replicate, then you can use domain to tell lb, between which tomcat instances you replicate the sessions. workers with the same domain are assumed to replicate all sessions between each other. So when lb detects a worker as being in error state, it tries to send the request to another worker having the same domain name as the erroneous one. Cookies: How do you detect, if the cookie is set? You could log the ingoing "Cookie" header to detect cookies sent by the browser and the outgoing "Set-Cookie" header to watch which Cookies your server tries to sent. For Apache you can include \"%{Cookie}i\" \"%{Set-Cookie}o\" in your LogFormat, for tomcat standalone use http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/cat alina/valves/ExtendedAccessLogValve.html Any JSP called which does not use the page directive setting the session atribute to false will use a session. On its first access tomcat should send the cookie except you disable the cookie usage in your tomcat configuration. Allistair Crossley wrote: > Edgar, Reinhard and Rainer and Tim, > > I forgot to set jvmRoute in my server.xml ;) > > But seriously .. many many thanks for your time. I have set the domain > property for each worker, and matched them to jvmRoute on the Engine > element. > > This has resolved the issue where Tomcat 1 generates new session ids > per request when Tomcat 2 is also running. For example, Tomcat 1 now > generates session Ids like this > > 3A65ADAA09137DB460CB3FD8D393BF20.jvm1 > > I've been able to get requests into Tomcat 1 that stick with Tomcat 1 > perfectly alright
RE: JK Sticky Session Handling with Load Balancing
Hi, Thanks for the suggestions, that has led to a solution I think. I used the EAL valve to log inbound and outbound cookies as you suggested. Started both Tomcats, and put a whole bunch of requests in, including new browsers to generate new sessions. The result was that I spotted I made a mistake with my naming of jvmRoute which I did not realise had to reflect the name of the worker. I had called them jvm1 and jvm2 when they needed to be tomcat1 and tomcat2. This seems to have solved the actual issue, with sessions now being maintained on the relevant server ... tomcat1 "Language=en; Country=US" "JSESSIONID=45B40272D7FADB4F574B9B70B9699E51.tomcat1; Path=/" 200 "Language=en; Country=US; JSESSIONID=45B40272D7FADB4F574B9B70B9699E51.tomcat1" - 200 tomcat2 "Language=en; Country=US" "JSESSIONID=1299F640245D5064BFE8118092405723.tomcat2; Path=/" 200 "Language=en; Country=US; JSESSIONID=1299F640245D5064BFE8118092405723.tomcat2" - 200 _However_ ;) The one thing I don't get is that the session id is still blank on the JSP when served by Tomcat 2, whereas on Tomcat 1 I get something like ABDEFAA6D956F1DAACBB8B0A7D0238D4.tomcat1 >From JK logging I can see that the cookie does get set for Tomcat 2 [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (628): Number of headers is = 3 [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (684): Header[0] [Set-Cookie] = [JSESSIONID=4CBDB4270B8239DD4A71D32529BF0A13.tomcat2; Path=/] [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (684): Header[1] [Content-Type] = [text/html;charset=UTF-8] [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (684): Header[2] [Content-Language] = [en-GB] [Tue Apr 18 17:07:15 2006] [1184:2312] [debug] jk_ajp_common.c (1037): received from ajp13 pos=0 len=1266 max=8192 And a follow-up request matches the same session ID [Tue Apr 18 17:08:43 2006] [1184:2312] [debug] jk_lb_worker.c (514): total sessionid is 4CBDB4270B8239DD4A71D32529BF0A13.tomcat2 [Tue Apr 18 17:08:43 2006] [1184:2312] [debug] jk_lb_worker.c (524): searching worker for partial sessionid 4CBDB4270B8239DD4A71D32529BF0A13.tomcat2 [Tue Apr 18 17:08:43 2006] [1184:2312] [debug] jk_lb_worker.c (532): searching worker for session route tomcat2 [Tue Apr 18 17:08:43 2006] [1184:2312] [debug] jk_lb_worker.c (541): found worker tomcat2 for route tomcat2 and partial sessionid 4CBDB4270B8239DD4A71D32529BF0A13.tomcat2 So I am not sure why my JSP is unable to get a handle on the session ID for tomcat2 sessions only. Best regards, Allistair. -Original Message- From: Rainer Jung [mailto:[EMAIL PROTECTED] Sent: 18 April 2006 16:08 To: Tomcat Users List Subject: Re: JK Sticky Session Handling with Load Balancing domain: you don't need the domain attribute. Domai has the following purpose: Once you start replicating sessions between tomcats and you build up a huge group of tomcat instances and break it up into smaller groups which replicate, then you can use domain to tell lb, between which tomcat instances you replicate the sessions. workers with the same domain are assumed to replicate all sessions between each other. So when lb detects a worker as being in error state, it tries to send the request to another worker having the same domain name as the erroneous one. Cookies: How do you detect, if the cookie is set? You could log the ingoing "Cookie" header to detect cookies sent by the browser and the outgoing "Set-Cookie" header to watch which Cookies your server tries to sent. For Apache you can include \"%{Cookie}i\" \"%{Set-Cookie}o\" in your LogFormat, for tomcat standalone use http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/cat alina/valves/ExtendedAccessLogValve.html Any JSP called which does not use the page directive setting the session atribute to false will use a session. On its first access tomcat should send the cookie except you disable the cookie usage in your tomcat configuration. Allistair Crossley wrote: > Edgar, Reinhard and Rainer and Tim, > > I forgot to set jvmRoute in my server.xml ;) > > But seriously .. many many thanks for your time. I have set the domain > property for each worker, and matched them to jvmRoute on the Engine > element. > > This has resolved the issue where Tomcat 1 generates new session ids > per request when Tomcat 2 is also running. For example, Tomcat 1 now > generates session Ids like this > > 3A65ADAA09137DB460CB3FD8D393BF20.jvm1 > > I've been able to get requests into Tomcat 1 that stick with Tomcat 1 > perfectly alright which is an improvement. > > _However_ :) requests that get to Tomcat 2 still do not have session > ids returned in the headers at all. I appreciate this is Tomcat that > is not generating the session id, but I replicated Tomcat 2 from > Tomcat 1, changing server.xml's ports to be unique and I don't see > another reason (relative to my knowledge of course) why Tomcat 2 would > continue to be blank for Tomcat 2. We
ip instead of domainName
Hi I use tomcat 5.0.18 for a web app. The url should be the domain name but it become the IP wherever you navigate. My hosts in the server.xml are correctly configured i guess because i use the same conf for a other server (same tomcat version). I use the james server to receive and send mail. The domain name are not the same from the one of the tomcat server. (Don't know if this help but i write it because i had problems to configure DNS nicely). Any idea ? Thibaut - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: min/maxSpareThreads not working with APR
I thing that is normal! Currently the APR Connector not implement a shrinking thread pool! The trick is: Implementation is easier and for a high load szenario the APR use a pooler buffer instead a a lot of new thread like the normal Java based connectors. s. APR Connector documentation or better the o.a.tomcat.util.net.AprEndpoint implementation. Regards Peter Am 18.04.2006 um 16:46 schrieb Adam McFarren: When I run Tomcat 5.5 with APR the min/maxSpareThread attributes don't appear to be working. maxThreads works fine however. Here's the details: Versions: Tomcat 5.5.16 APR 1.2.6 Native Connector 1.1.2 Sun's JDK 1.5.0_06 RedHat AS3 With APR: server.xml: address="10.0.111.47" maxThreads="50" minSpareThreads="15" maxSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEngine="on" SSLCertificateFile="${catalina.base}/conf/x4j2ee.crt" SSLCertificateKeyFile="${catalina.base}/conf/ x4j2ee.key" /> catalina.out: Apr 18, 2006 10:19:16 AM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-10.0.111.47-4443 /manager/status: http-10.0.111.47-4443 Max threads: 50 Min spare threads: 0 Max spare threads: 0 Current thread count: 1 Current thread busy: 1 Keeped alive sockets count: 0 I also verified that this wasn't just a problem with the manager app's reporting. Doing a thread dump (kill -3) on the PID showed only 3 threads associated with the http-10.0.111.47-4443 connector (a Poller, an Acceptor and a "-1" thread). I can also change the maxThreads value and that update is reflected in the manager's status page. Without APR: server.xml: address="10.0.111.47" maxThreads="50" minSpareThreads="15" maxSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" sslProtocol="TLS" /> catalina.out: Apr 18, 2006 10:14:17 AM org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-10.0.111.47-4443 /manager/status: http-10.0.111.47-4443 Max threads: 50 Min spare threads: 15 Max spare threads: 25 Current thread count: 15 Current thread busy: 1 Again, I verified with a thread dump that without APR enabled I see threads "http-10.0.111.47-4443-Processor1" to "http-10.0.111.47-4443-Processor15". Known bug? Configuration problem I missed? The example shown at http://tomcat.apache.org/tomcat-5.5-doc/ apr.html includes the min/maxSpareThreads attributes. Thanks, -adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK Sticky Session Handling with Load Balancing
domain: you don't need the domain attribute. Domai has the following purpose: Once you start replicating sessions between tomcats and you build up a huge group of tomcat instances and break it up into smaller groups which replicate, then you can use domain to tell lb, between which tomcat instances you replicate the sessions. workers with the same domain are assumed to replicate all sessions between each other. So when lb detects a worker as being in error state, it tries to send the request to another worker having the same domain name as the erroneous one. Cookies: How do you detect, if the cookie is set? You could log the ingoing "Cookie" header to detect cookies sent by the browser and the outgoing "Set-Cookie" header to watch which Cookies your server tries to sent. For Apache you can include \"%{Cookie}i\" \"%{Set-Cookie}o\" in your LogFormat, for tomcat standalone use http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/valves/ExtendedAccessLogValve.html Any JSP called which does not use the page directive setting the session atribute to false will use a session. On its first access tomcat should send the cookie except you disable the cookie usage in your tomcat configuration. Allistair Crossley wrote: Edgar, Reinhard and Rainer and Tim, I forgot to set jvmRoute in my server.xml ;) But seriously .. many many thanks for your time. I have set the domain property for each worker, and matched them to jvmRoute on the Engine element. This has resolved the issue where Tomcat 1 generates new session ids per request when Tomcat 2 is also running. For example, Tomcat 1 now generates session Ids like this 3A65ADAA09137DB460CB3FD8D393BF20.jvm1 I've been able to get requests into Tomcat 1 that stick with Tomcat 1 perfectly alright which is an improvement. _However_ :) requests that get to Tomcat 2 still do not have session ids returned in the headers at all. I appreciate this is Tomcat that is not generating the session id, but I replicated Tomcat 2 from Tomcat 1, changing server.xml's ports to be unique and I don't see another reason (relative to my knowledge of course) why Tomcat 2 would continue to be blank for Tomcat 2. We are on an intranet, so we use cookies exclusively. Best regards, Allistair == tomcat 1 server.xml Engine == == tomcat 2 server.xml Engine == == latest workers config == worker.list=loadbalancer worker.tomcat1.domain=jvm1 worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat1.lbfactor=1 worker.tomcat1.cachesize=10 worker.tomcat2.domain=jvm2 worker.tomcat2.port=8109 worker.tomcat2.host=localhost worker.tomcat2.type=ajp13 worker.tomcat2.lbfactor=1 worker.tomcat2.cachesize=10 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=tomcat1,tomcat2 worker.loadbalancer.sticky_session=1 -Original Message- From: Edgar Alves [mailto:[EMAIL PROTECTED] Sent: 18 April 2006 14:36 To: Tomcat Users List Subject: Re: JK Sticky Session Handling with Load Balancing Hi again, When using two workers like that you must set the domain property for each of them for having mod_jk send the requests to the appropriate Tomcat instance. Add the following two lines to your workers properties file: worker.tomcat1.domain=tomcat1 worker.tomcat2.domain=tomcat2 And for each Tomcat instance, set the "jvmRoute" attribute of the Engine element in the respective server.xml configuration to the value that you used in the respective worker "domain" property above for each instance ("tomcat1" and "tomcat2" above). -- Edgar Alves Allistair Crossley wrote: Hi Edgar, Yep I just noticed that too :)) However, correcting this configuration (to the below) does nothing to resolve the issue, because the lb worker type by default has sticky_session=1. I set it explicitly anyway as below. However, I have noticed that in fact Tomcat 2 is not returning JSESSIONID headers as Tomcat 1 does when both Tomcats are in. To recap then, when only Tomcat 1 is in the loop, JSESSIONIDs are returned and remains consistent across requests. When Tomcat 2 is brought in, Tomcat 1 starts generating a different JSESSIONID per request, whilst Tomcat 2 returns no JSESSIONID at all. Thanks, Allistair === new config === worker.list=loadbalancer worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat1.lbfactor=1 worker.tomcat1.cachesize=10 worker.tomcat2.port=8109 worker.tomcat2.host=localhost worker.tomcat2.type=ajp13 worker.tomcat2.lbfactor=1 worker.tomcat2.cachesize=10 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=tomcat1,tomcat2 worker.loadbalancer.sticky_session=1 -Original Message- From: Edgar Alves [mailto:[EMAIL PROTECTED] Sent: 18 April 2006 12:32 To: Tomcat Users List Subject: Re: JK Sticky Session Handling with Load Balancing Hi there, You're setting the sticky_session property for each worker. That's not how it works. That prope
CMS and JAAS
Hi, I m stucked in a security authentication/authorization issue, which I hope you have some advice for me. In simple words, I want to use the Web container security (for authorization) together with my own JAAS implementation (for authentication). How to achieve this ? I don't want to use the BASIC, FORM, CLIENT-CERT etc auth-methods. I want to by pass these and hit my JAAS login model. The reason is that we collect user information in different way, by an exchange with the user in a front filter. I cant get this to work, even though that I have configured my loginmodule, user, role and configured the JAASRealm in Tomcat, This is how I want to do it (in theory). 1. User enters a URL (e.g. /mycontext/cars/), 2. The SecFilter gets triggered, which ends by exchanging user information, 3. The MyLoginModule gets called with user information 4. User is been looked up and get assigned a User/Role Principals. 5. Login is OK 6. Now the web container security can take place and checks in web.xml if this user is-in-role to call /cars url. I've searched the entire web but could not see any good article about this. Am I the only one who wants to by-pass the auth-methods but still can provide good authentication and "standard" web-authorization. (I've seen some work-around such as: http://www.kopz.org/public/documents/tomcat/jaasintomcat.html but this is a work-around, which I dont like). Please advice, Thank you for reading, and sorry for the long email.
min/maxSpareThreads not working with APR
When I run Tomcat 5.5 with APR the min/maxSpareThread attributes don't appear to be working. maxThreads works fine however. Here's the details: Versions: Tomcat 5.5.16 APR 1.2.6 Native Connector 1.1.2 Sun's JDK 1.5.0_06 RedHat AS3 With APR: server.xml: address="10.0.111.47" maxThreads="50" minSpareThreads="15" maxSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" SSLEngine="on" SSLCertificateFile="${catalina.base}/conf/x4j2ee.crt" SSLCertificateKeyFile="${catalina.base}/conf/ x4j2ee.key" /> catalina.out: Apr 18, 2006 10:19:16 AM org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-10.0.111.47-4443 /manager/status: http-10.0.111.47-4443 Max threads: 50 Min spare threads: 0 Max spare threads: 0 Current thread count: 1 Current thread busy: 1 Keeped alive sockets count: 0 I also verified that this wasn't just a problem with the manager app's reporting. Doing a thread dump (kill -3) on the PID showed only 3 threads associated with the http-10.0.111.47-4443 connector (a Poller, an Acceptor and a "-1" thread). I can also change the maxThreads value and that update is reflected in the manager's status page. Without APR: server.xml: address="10.0.111.47" maxThreads="50" minSpareThreads="15" maxSpareThreads="25" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" sslProtocol="TLS" /> catalina.out: Apr 18, 2006 10:14:17 AM org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-10.0.111.47-4443 /manager/status: http-10.0.111.47-4443 Max threads: 50 Min spare threads: 15 Max spare threads: 25 Current thread count: 15 Current thread busy: 1 Again, I verified with a thread dump that without APR enabled I see threads "http-10.0.111.47-4443-Processor1" to "http-10.0.111.47-4443- Processor15". Known bug? Configuration problem I missed? The example shown at http://tomcat.apache.org/tomcat-5.5-doc/apr.html includes the min/maxSpareThreads attributes. Thanks, -adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK Sticky Session Handling with Load Balancing
Edgar, Reinhard and Rainer and Tim, I forgot to set jvmRoute in my server.xml ;) But seriously .. many many thanks for your time. I have set the domain property for each worker, and matched them to jvmRoute on the Engine element. This has resolved the issue where Tomcat 1 generates new session ids per request when Tomcat 2 is also running. For example, Tomcat 1 now generates session Ids like this 3A65ADAA09137DB460CB3FD8D393BF20.jvm1 I've been able to get requests into Tomcat 1 that stick with Tomcat 1 perfectly alright which is an improvement. _However_ :) requests that get to Tomcat 2 still do not have session ids returned in the headers at all. I appreciate this is Tomcat that is not generating the session id, but I replicated Tomcat 2 from Tomcat 1, changing server.xml's ports to be unique and I don't see another reason (relative to my knowledge of course) why Tomcat 2 would continue to be blank for Tomcat 2. We are on an intranet, so we use cookies exclusively. Best regards, Allistair == tomcat 1 server.xml Engine == == tomcat 2 server.xml Engine == == latest workers config == worker.list=loadbalancer worker.tomcat1.domain=jvm1 worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat1.lbfactor=1 worker.tomcat1.cachesize=10 worker.tomcat2.domain=jvm2 worker.tomcat2.port=8109 worker.tomcat2.host=localhost worker.tomcat2.type=ajp13 worker.tomcat2.lbfactor=1 worker.tomcat2.cachesize=10 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=tomcat1,tomcat2 worker.loadbalancer.sticky_session=1 -Original Message- From: Edgar Alves [mailto:[EMAIL PROTECTED] Sent: 18 April 2006 14:36 To: Tomcat Users List Subject: Re: JK Sticky Session Handling with Load Balancing Hi again, When using two workers like that you must set the domain property for each of them for having mod_jk send the requests to the appropriate Tomcat instance. Add the following two lines to your workers properties file: worker.tomcat1.domain=tomcat1 worker.tomcat2.domain=tomcat2 And for each Tomcat instance, set the "jvmRoute" attribute of the Engine element in the respective server.xml configuration to the value that you used in the respective worker "domain" property above for each instance ("tomcat1" and "tomcat2" above). -- Edgar Alves Allistair Crossley wrote: > Hi Edgar, > > Yep I just noticed that too :)) However, correcting this configuration > (to the below) does nothing to resolve the issue, because the lb > worker type by default has sticky_session=1. I set it explicitly > anyway as below. > > However, I have noticed that in fact Tomcat 2 is not returning > JSESSIONID headers as Tomcat 1 does when both Tomcats are in. > > To recap then, when only Tomcat 1 is in the loop, JSESSIONIDs are > returned and remains consistent across requests. When Tomcat 2 is > brought in, Tomcat 1 starts generating a different JSESSIONID per > request, whilst Tomcat 2 returns no JSESSIONID at all. > > Thanks, Allistair > > === new config === > > worker.list=loadbalancer > > worker.tomcat1.port=8009 > worker.tomcat1.host=localhost > worker.tomcat1.type=ajp13 > worker.tomcat1.lbfactor=1 > worker.tomcat1.cachesize=10 > > worker.tomcat2.port=8109 > worker.tomcat2.host=localhost > worker.tomcat2.type=ajp13 > worker.tomcat2.lbfactor=1 > worker.tomcat2.cachesize=10 > > worker.loadbalancer.type=lb > worker.loadbalancer.balance_workers=tomcat1,tomcat2 > worker.loadbalancer.sticky_session=1 > > > -Original Message- > From: Edgar Alves [mailto:[EMAIL PROTECTED] > Sent: 18 April 2006 12:32 > To: Tomcat Users List > Subject: Re: JK Sticky Session Handling with Load Balancing > > Hi there, > You're setting the sticky_session property for each worker. That's > not how it works. > That property is valid only for the loadbalancer and it takes a > boolean value. Set it to 'True' or '1' to get the desired effect. > Read http://tomcat.apache.org/connectors-doc/config/workers.html for > more info. > > -- Edgar Alves > > Allistair Crossley wrote: > >> Hi, >> >> I have setup 2 Tomcats on the same machine fronted by IIS, and used a >> sticky_session=1 JK (1.2.15) load-balanced setup (as printed at the >> foot of this email) >> >> I setup a JSP on both Tomcats that outputs the session ID. >> >> With only 1 Tomcat started, making requests to the JSP results in the >> same session ID being output on each request. >> >> When I start up the 2nd Tomcat and continue making requests to the >> JSP, I am switched between both Tomcats rather than staying on the >> same Tomcat and therefore acquire a new session ID. >> >> However, with the 2 Tomcat's "in the loop" the session Ids become >> different *per request* no matter which Tomcat is used. >> >> I would have expected at most 2 unique session Ids (one per Tomcat) >> since with 1 Tomcat running only, the 1 unique session ID is >> > maintained. > >> I would appreciate any help or guidance as to why this
Re: Post request to 'j_security_check' after tomcat restart or se ssio n timeout produces error 400
Hi, First, you must understand in form based login, access to the form should never be done directly, that's because the container can accept a form login only if before the user tried to access an area requiring authentification. In simple terms, you see the form because the container has decided it required your credentials, not because you just wanted to log in. Now in your case, after a session expire, when the user submit the form, tomcat just notice it gets an access to j_security_check while user session (which has been reset) show no track of a previous attempt to access a secure area needing authentification. The container then concludes naturally it is an attempt at accessing directly the j_security_check and just ignore the call, sending a 400. At this step, tomcat has not saved the user/pass. In your error handler you redirect to secure area. Then naturally, tomcat now trigger the code requesting credential and show again the login form. So there is no solution to solve your problem, except perhaps increasing session timeout to limit the number of 'show form - timeout - submit form' The case of tomcat shutting down my be due to error are persisting the sessions (See output at tomcat shutdown/startup and check for session persistence errors) regards, David Delbecq Amol Upadhye a écrit : >Anybody know about the problem I have as described in below email? > >Thanks, >Amol > >-Original Message- >From: Amol Upadhye [mailto:[EMAIL PROTECTED] >Sent: Thursday, April 13, 2006 2:25 PM >To: users@tomcat.apache.org >Subject: Post request to 'j_security_check' after tomcat restart or sessio n >timeout produces error 400 > >Hi, > >I am using Tomcat 5.0.28 and Form based authentication. >Here are steps to produce my problem, >1. Access secured page -> tomcat forwards request to login page >2. Restart tomcat server or wait till session expires, keep login page as it >is, do not close browser window. >3. After tomcat restarts, with same login page try to login > >In this case even if login information is correct tomcat throws error 400. >This is because it looses the URL to which to forward to after >authentication. >What I want is to forward the request to the desired page (may be >preconfigured). >Is there a way to configure so that control is forwarded to the configured >page in this case? >Current I have Error 400 handler in which if requested URL is >'j_security_check' then I redirect to the desired page (secured page). But >tomcat somehow doesn't keep authenticated principal and again presents login >screen. > >Any help is very much appreciated. > >Thanks, >Amol > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK Sticky Session Handling with Load Balancing
This is almost always "I forgot to set jvmRoute in my server.xml". -Original Message- From: Edgar Alves [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 18, 2006 9:36 AM To: Tomcat Users List Subject: Re: JK Sticky Session Handling with Load Balancing Hi again, When using two workers like that you must set the domain property for each of them for having mod_jk send the requests to the appropriate Tomcat instance. Add the following two lines to your workers properties file: worker.tomcat1.domain=tomcat1 worker.tomcat2.domain=tomcat2 And for each Tomcat instance, set the "jvmRoute" attribute of the Engine element in the respective server.xml configuration to the value that you used in the respective worker "domain" property above for each instance ("tomcat1" and "tomcat2" above). -- Edgar Alves Allistair Crossley wrote: > Hi Edgar, > > Yep I just noticed that too :)) However, correcting this configuration > (to the below) does nothing to resolve the issue, because the lb worker > type by default has sticky_session=1. I set it explicitly anyway as > below. > > However, I have noticed that in fact Tomcat 2 is not returning > JSESSIONID headers as Tomcat 1 does when both Tomcats are in. > > To recap then, when only Tomcat 1 is in the loop, JSESSIONIDs are > returned and remains consistent across requests. When Tomcat 2 is > brought in, Tomcat 1 starts generating a different JSESSIONID per > request, whilst Tomcat 2 returns no JSESSIONID at all. > > Thanks, Allistair > > === new config === > > worker.list=loadbalancer > > worker.tomcat1.port=8009 > worker.tomcat1.host=localhost > worker.tomcat1.type=ajp13 > worker.tomcat1.lbfactor=1 > worker.tomcat1.cachesize=10 > > worker.tomcat2.port=8109 > worker.tomcat2.host=localhost > worker.tomcat2.type=ajp13 > worker.tomcat2.lbfactor=1 > worker.tomcat2.cachesize=10 > > worker.loadbalancer.type=lb > worker.loadbalancer.balance_workers=tomcat1,tomcat2 > worker.loadbalancer.sticky_session=1 > > > -Original Message- > From: Edgar Alves [mailto:[EMAIL PROTECTED] > Sent: 18 April 2006 12:32 > To: Tomcat Users List > Subject: Re: JK Sticky Session Handling with Load Balancing > > Hi there, > You're setting the sticky_session property for each worker. That's not > how it works. > That property is valid only for the loadbalancer and it takes a > boolean value. Set it to 'True' or '1' to get the desired effect. > Read http://tomcat.apache.org/connectors-doc/config/workers.html for > more info. > > -- Edgar Alves > > Allistair Crossley wrote: > >> Hi, >> >> I have setup 2 Tomcats on the same machine fronted by IIS, and used a >> sticky_session=1 JK (1.2.15) load-balanced setup (as printed at the >> foot of this email) >> >> I setup a JSP on both Tomcats that outputs the session ID. >> >> With only 1 Tomcat started, making requests to the JSP results in the >> same session ID being output on each request. >> >> When I start up the 2nd Tomcat and continue making requests to the >> JSP, I am switched between both Tomcats rather than staying on the >> same Tomcat and therefore acquire a new session ID. >> >> However, with the 2 Tomcat's "in the loop" the session Ids become >> different *per request* no matter which Tomcat is used. >> >> I would have expected at most 2 unique session Ids (one per Tomcat) >> since with 1 Tomcat running only, the 1 unique session ID is >> > maintained. > >> I would appreciate any help or guidance as to why this may be >> > happening. > >> Cookies are enabled, and jsessionid is not being used on URLs. >> >> Cheers, Allistair. >> >> == config == >> >> worker.list=loadbalancer >> >> worker.tomcat1.port=8009 >> worker.tomcat1.host=localhost >> worker.tomcat1.type=ajp13 >> worker.tomcat1.lbfactor=1 >> worker.tomcat1.cachesize=10 >> worker.tomcat1.sticky_session=1 >> >> worker.tomcat2.port=8109 >> worker.tomcat2.host=localhost >> worker.tomcat2.type=ajp13 >> worker.tomcat2.lbfactor=1 >> worker.tomcat2.cachesize=10 >> worker.tomcat1.sticky_session=2 >> >> worker.loadbalancer.type=lb >> worker.loadbalancer.balance_workers=tomcat1,tomcat2 >> >> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Re: Directory listing... what happened ?
Thanks a lot. You guys are great. I found this tutorial on how to install AND connect tomcat to apache so here it is just in case it might help someone else: http://agiletesting.blogspot.com/2005/10/configuring-apache-2-and-tomcat-55.html > From: [EMAIL PROTECTED]> To: users@tomcat.apache.org> Subject: RE: Re: > Directory listing... what happened ?> Date: Tue, 18 Apr 2006 08:18:49 -0500> > > ask in an ubuntu-related forum for help on permanently disabling your > apache> server, or, connect your apache server to tomcat with mod_jk. > > > If you're unsure of how to do the first, you probably will feel more pain> > trying the second (so do that first thing).> > > > > -Original > Message-> > From: Jonathan Pare [mailto:[EMAIL PROTECTED] > > Sent: > Monday, April 17, 2006 5:20 PM> > To: Tomcat Users List> > Subject: RE: Re: > Directory listing... what happened ?> > > > > > That's it ! Thaks a lot ! I > changed the tomcat port back to > > 8080 and everything went back to normal. > But then I > > remembered why I change the port in the first place. It's > > > because I want to use dyndns to access my website from > > outside my > network, so I have to use (I think) the port 80. > > Any suggestion ?> > > > > > > > From: [EMAIL PROTECTED]> > > > To: users@tomcat.apache.org> > > Subject: RE: Re: Directory listing... what > happened ?> > > Date: Mon, 17 Apr 2006 16:43:33 -0500> > > > > > buried in > your stacktrace:> > > > > > SEVERE: Error initializing endpoint> > > > java.net.BindException: Address already in use:80> > > > > > Combine this > with your previous statement "... until I rebooted my > > > computer"> > > > > > > Most likely there is a version of Apache web server that > > was > enabled > > > with your ubuntu installation, that at some point in the > > > past, you or > > > someone else turned off (and have subsequently forgotten > > > about). On > > > restart, ubuntu is configured to start apache, which it > > > does, and it > > > grabs port 80.> > > > > > Then, tomcat fails to start as > stated in its logs.> > > > > > Which is why you see the default "congrats on > setting up apache" > > > message from apache. Even though you didn't install > apache, > > it's part > > > of your ubuntu setup and it restarts with your > box.> > > > > > > > > > -> To > unsubscribe, e-mail: [EMAIL PROTECTED]> For additional commands, e-mail: > [EMAIL PROTECTED]> _ Profitez des puissants filtres de courriels indésirables articulés sur la technologie brevetée MicrosoftMD SmartScreen. http://join.msn.com/?pgmarket=fr-ca&page=features/junkmail
Re: Making an LDAP connection available to a web application
Hi Graham, I was also attempting this about 2 months ago with Active Directory and Tomcat 5.5.9. I got everything working about 70%. The problem that I ran into was that I did not setup any kind of connection pooling on the AD side of things. I have no control over the Windows side of the house and didn't want to make any waves with keeping a pool of connections open on the AD server. so I eventually scapped the idea and just connect and disconnect per request. I have copied below the relevant peices of my LDAP/AD JNDI stuff, maybe you will find them useful. AD Connection ldap/TASC javax.naming.directory.DirContext Container ... I realize this is not the best way to do it, but this was just a proof of concept. package com.affinity.resources; import java.util.Enumeration; import java.util.Hashtable; import java.util.Iterator; import java.util.Set; import javax.naming.Context; import javax.naming.Name; import javax.naming.NamingException; import javax.naming.directory.DirContext; import javax.naming.directory.InitialDirContext; import javax.naming.RefAddr; import javax.naming.Reference; import javax.naming.spi.ObjectFactory; public class ldapAccess implements ObjectFactory { public ldapAccess() {} public Object getObjectInstance(Object obj, Name nm, Context nameCtx, Hashtable environment) throws NamingException { DirContext ctx = null; Hashtable env = new Hashtable(11); Reference ref = (Reference) obj; Enumeration addrs = ref.getAll(); env.put(Context.INITIAL_CONTEXT_FACTORY, " com.sun.jndi.ldap.LdapCtxFactory"); while (addrs.hasMoreElements()) { RefAddr addr = (RefAddr) addrs.nextElement(); String name = addr.getType(); String value = (String) addr.getContent(); if (name.equals("password")) { env.put(Context.SECURITY_CREDENTIALS, value); } else if (name.equals("username")) { env.put(Context.SECURITY_PRINCIPAL, value); } else if (name.equals("authMechanism")) { env.put(Context.SECURITY_AUTHENTICATION, value); } else if (name.equals("url")) { env.put(Context.PROVIDER_URL, value); } } try { ctx = new InitialDirContext(env); } catch (NamingException ne) { ne.printStackTrace(); throw new NamingException(ne.getMessage()); } return ctx; } } I believe that was all the configuration I had to do. Then to call this in my applications I would do this: Context initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup("java:comp/env"); DirContext ad = (DirContext) envCtx.lookup("ldap/TASC"); ad would then be my directory connection object. The major problem with this setup is that if you ever call ad.close() it will close the entire JNDI resource thus making it unavailable until you restart Tomcat. The problem with leaving it open is that there is most likely a timeout enforced on the LDAP/AD side of things. So making a class that would handle LDAP connection pooling would be required for any production use. I hope you find this helpful. Best Regards, Jason Beck On 4/6/06, Graham Leggett <[EMAIL PROTECTED]> wrote: > > Hi all, > > There are lots of tutorials available explaining how to make a JDBC > database pool available to a web application. > > I cannot however find any tutorials explaining how to do the same thing > with a JNDI/LDAP connection. > > Sure, there are lots of tutorials explaining how to secure your webapp > using container managed security, but this isn't what I am looking for. > > I would like my web application to make queries and changes to an LDAP > directory, and I would like the LDAP connection to be defined in > server.xml, the same way I can do it with JDBC. > > Does anyone know whether this is possible? > > Regards, > Graham > -- > > >
Tinyca certificates
Please, has anybody use 'tinyca' to generate certificates for Tomcat 5?I did the configuration but browser complains that 'Mozila and localhost cannot communicate securely because they have no common encryption algorithms'. Using the keytool utility however, https works fine. Your help would be appreciated Regards Damian
Re: JK Sticky Session Handling with Load Balancing
Hi again, When using two workers like that you must set the domain property for each of them for having mod_jk send the requests to the appropriate Tomcat instance. Add the following two lines to your workers properties file: worker.tomcat1.domain=tomcat1 worker.tomcat2.domain=tomcat2 And for each Tomcat instance, set the "jvmRoute" attribute of the Engine element in the respective server.xml configuration to the value that you used in the respective worker "domain" property above for each instance ("tomcat1" and "tomcat2" above). -- Edgar Alves Allistair Crossley wrote: > Hi Edgar, > > Yep I just noticed that too :)) However, correcting this configuration > (to the below) does nothing to resolve the issue, because the lb worker > type by default has sticky_session=1. I set it explicitly anyway as > below. > > However, I have noticed that in fact Tomcat 2 is not returning > JSESSIONID headers as Tomcat 1 does when both Tomcats are in. > > To recap then, when only Tomcat 1 is in the loop, JSESSIONIDs are > returned and remains consistent across requests. When Tomcat 2 is > brought in, Tomcat 1 starts generating a different JSESSIONID per > request, whilst Tomcat 2 returns no JSESSIONID at all. > > Thanks, Allistair > > === new config === > > worker.list=loadbalancer > > worker.tomcat1.port=8009 > worker.tomcat1.host=localhost > worker.tomcat1.type=ajp13 > worker.tomcat1.lbfactor=1 > worker.tomcat1.cachesize=10 > > worker.tomcat2.port=8109 > worker.tomcat2.host=localhost > worker.tomcat2.type=ajp13 > worker.tomcat2.lbfactor=1 > worker.tomcat2.cachesize=10 > > worker.loadbalancer.type=lb > worker.loadbalancer.balance_workers=tomcat1,tomcat2 > worker.loadbalancer.sticky_session=1 > > > -Original Message- > From: Edgar Alves [mailto:[EMAIL PROTECTED] > Sent: 18 April 2006 12:32 > To: Tomcat Users List > Subject: Re: JK Sticky Session Handling with Load Balancing > > Hi there, > You're setting the sticky_session property for each worker. That's not > how it works. > That property is valid only for the loadbalancer and it takes a > boolean value. Set it to 'True' or '1' to get the desired effect. > Read http://tomcat.apache.org/connectors-doc/config/workers.html for > more info. > > -- Edgar Alves > > Allistair Crossley wrote: > >> Hi, >> >> I have setup 2 Tomcats on the same machine fronted by IIS, and used a >> sticky_session=1 JK (1.2.15) load-balanced setup (as printed at the >> foot of this email) >> >> I setup a JSP on both Tomcats that outputs the session ID. >> >> With only 1 Tomcat started, making requests to the JSP results in the >> same session ID being output on each request. >> >> When I start up the 2nd Tomcat and continue making requests to the >> JSP, I am switched between both Tomcats rather than staying on the >> same Tomcat and therefore acquire a new session ID. >> >> However, with the 2 Tomcat's "in the loop" the session Ids become >> different *per request* no matter which Tomcat is used. >> >> I would have expected at most 2 unique session Ids (one per Tomcat) >> since with 1 Tomcat running only, the 1 unique session ID is >> > maintained. > >> I would appreciate any help or guidance as to why this may be >> > happening. > >> Cookies are enabled, and jsessionid is not being used on URLs. >> >> Cheers, Allistair. >> >> == config == >> >> worker.list=loadbalancer >> >> worker.tomcat1.port=8009 >> worker.tomcat1.host=localhost >> worker.tomcat1.type=ajp13 >> worker.tomcat1.lbfactor=1 >> worker.tomcat1.cachesize=10 >> worker.tomcat1.sticky_session=1 >> >> worker.tomcat2.port=8109 >> worker.tomcat2.host=localhost >> worker.tomcat2.type=ajp13 >> worker.tomcat2.lbfactor=1 >> worker.tomcat2.cachesize=10 >> worker.tomcat1.sticky_session=2 >> >> worker.loadbalancer.type=lb >> worker.loadbalancer.balance_workers=tomcat1,tomcat2 >> >> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK Sticky Session Handling with Load Balancing
Hi, please do not mix up the tomcat cluster and apache load balancing. Sticky session means that tomcat2 is not used at all in your configuration. Only tomcat1, which created the cookie. When tomcat2 creates no session, the browser gets none and the lb-worker cannot work also. Maybe your apps/configurations are not consistent? Again: when tomcat does not create a session, this has nothing to do with mod_jk. Not the request starts a session, tomcat does it! regards, Reinhard Am Dienstag, 18. April 2006 13:43 schrieb Allistair Crossley: > Hi Edgar, > > Yep I just noticed that too :)) However, correcting this configuration > (to the below) does nothing to resolve the issue, because the lb worker > type by default has sticky_session=1. I set it explicitly anyway as > below. > > However, I have noticed that in fact Tomcat 2 is not returning > JSESSIONID headers as Tomcat 1 does when both Tomcats are in. > > To recap then, when only Tomcat 1 is in the loop, JSESSIONIDs are > returned and remains consistent across requests. When Tomcat 2 is > brought in, Tomcat 1 starts generating a different JSESSIONID per > request, whilst Tomcat 2 returns no JSESSIONID at all. > > Thanks, Allistair > > === new config === > > worker.list=loadbalancer > > worker.tomcat1.port=8009 > worker.tomcat1.host=localhost > worker.tomcat1.type=ajp13 > worker.tomcat1.lbfactor=1 > worker.tomcat1.cachesize=10 > > worker.tomcat2.port=8109 > worker.tomcat2.host=localhost > worker.tomcat2.type=ajp13 > worker.tomcat2.lbfactor=1 > worker.tomcat2.cachesize=10 > > worker.loadbalancer.type=lb > worker.loadbalancer.balance_workers=tomcat1,tomcat2 > worker.loadbalancer.sticky_session=1 > > > -Original Message- > From: Edgar Alves [mailto:[EMAIL PROTECTED] > Sent: 18 April 2006 12:32 > To: Tomcat Users List > Subject: Re: JK Sticky Session Handling with Load Balancing > > Hi there, > You're setting the sticky_session property for each worker. That's not > how it works. > That property is valid only for the loadbalancer and it takes a > boolean value. Set it to 'True' or '1' to get the desired effect. > Read http://tomcat.apache.org/connectors-doc/config/workers.html for > more info. > > -- Edgar Alves > > Allistair Crossley wrote: > > Hi, > > > > I have setup 2 Tomcats on the same machine fronted by IIS, and used a > > sticky_session=1 JK (1.2.15) load-balanced setup (as printed at the > > foot of this email) > > > > I setup a JSP on both Tomcats that outputs the session ID. > > > > With only 1 Tomcat started, making requests to the JSP results in the > > same session ID being output on each request. > > > > When I start up the 2nd Tomcat and continue making requests to the > > JSP, I am switched between both Tomcats rather than staying on the > > same Tomcat and therefore acquire a new session ID. > > > > However, with the 2 Tomcat's "in the loop" the session Ids become > > different *per request* no matter which Tomcat is used. > > > > I would have expected at most 2 unique session Ids (one per Tomcat) > > since with 1 Tomcat running only, the 1 unique session ID is > > maintained. > > > I would appreciate any help or guidance as to why this may be > > happening. > > > Cookies are enabled, and jsessionid is not being used on URLs. > > > > Cheers, Allistair. > > > > == config == > > > > worker.list=loadbalancer > > > > worker.tomcat1.port=8009 > > worker.tomcat1.host=localhost > > worker.tomcat1.type=ajp13 > > worker.tomcat1.lbfactor=1 > > worker.tomcat1.cachesize=10 > > worker.tomcat1.sticky_session=1 > > > > worker.tomcat2.port=8109 > > worker.tomcat2.host=localhost > > worker.tomcat2.type=ajp13 > > worker.tomcat2.lbfactor=1 > > worker.tomcat2.cachesize=10 > > worker.tomcat1.sticky_session=2 > > > > worker.loadbalancer.type=lb > > worker.loadbalancer.balance_workers=tomcat1,tomcat2 > > > > > > > > --- > > QAS Ltd. > > Registered in England: No 2582055 > > Registered in Australia: No 082 851 474 > > --- > > > > Disclaimer: The information contained within this e-mail is > > confidential and may be privileged. This email is intended solely for > the named recipient only; if you are not authorised you must not > disclose, copy, distribute, or retain this message or any part of it. If > you have received this message in error please contact the sender at > once so that we may take the appropriate action and avoid troubling you > further. Any views expressed in this message are those of the > individual sender. QAS Limited has the right lawfully to record, > monitor and inspect messages between its employees and any third party. > Your messages shall be subject to such lawful supervision as QAS Limited > deems to be necessary in order to protect its information, its interests > and its reputation. > > > Whilst all efforts are made to safeguard Inbound and Outbound emails, > > QAS Limited cannot guarantee that attachments a
Re: JK Sticky Session Handling with Load Balancing
Hi, 1) If you want to use a mod_jk lb worker with sticky sessions, you need three ingrediants: a) configured lb worker with sticky_session (default is 1=on) and a corresponding JkMount to this lb worker b) tomcat instances with unique jvmRoute settings in server.xml (the jvmRoute gives each instance its name) and worker configurations for the balanced workers where the workers names are equal to the jvmRoutes and host/port are correct for the repective tomcat instances c) Correct configuration of URL encoding or usage of session cookies in the target tomcat instances. If these three conitions are met, then it works like that: - Any request without cookie or URL encoding will go to one of your tomcat instances. Which one depends on subtle load balancing decisions. - Any request without cookie/encoding received by a tomcat instance will return a response with a JSESSIONID-cookie or URL encoding of all embedded links (assuming c)). The cookie resp. URL encoding will end in a dot "." appended with the jvmRoute of the tomcat instance. - Following requests with cookie or URL will be processed by the lb as follows: It will search for a dot '.' in the cookie (with name JSESSIONID) resp. in the URL part ";jsessionid=". Then it will take the string after the dot and look in it's balanced worker table, if it can find a worker with the same name that is not in error state and then will send the request there. In case no such worker exists, it will handle the request like in the first case. Allistair Crossley wrote: Hi Edgar, Yep I just noticed that too :)) However, correcting this configuration (to the below) does nothing to resolve the issue, because the lb worker type by default has sticky_session=1. I set it explicitly anyway as below. However, I have noticed that in fact Tomcat 2 is not returning JSESSIONID headers as Tomcat 1 does when both Tomcats are in. To recap then, when only Tomcat 1 is in the loop, JSESSIONIDs are returned and remains consistent across requests. When Tomcat 2 is brought in, Tomcat 1 starts generating a different JSESSIONID per request, whilst Tomcat 2 returns no JSESSIONID at all. Thanks, Allistair === new config === worker.list=loadbalancer worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat1.lbfactor=1 worker.tomcat1.cachesize=10 worker.tomcat2.port=8109 worker.tomcat2.host=localhost worker.tomcat2.type=ajp13 worker.tomcat2.lbfactor=1 worker.tomcat2.cachesize=10 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=tomcat1,tomcat2 worker.loadbalancer.sticky_session=1 -Original Message- From: Edgar Alves [mailto:[EMAIL PROTECTED] Sent: 18 April 2006 12:32 To: Tomcat Users List Subject: Re: JK Sticky Session Handling with Load Balancing Hi there, You're setting the sticky_session property for each worker. That's not how it works. That property is valid only for the loadbalancer and it takes a boolean value. Set it to 'True' or '1' to get the desired effect. Read http://tomcat.apache.org/connectors-doc/config/workers.html for more info. -- Edgar Alves Allistair Crossley wrote: Hi, I have setup 2 Tomcats on the same machine fronted by IIS, and used a sticky_session=1 JK (1.2.15) load-balanced setup (as printed at the foot of this email) I setup a JSP on both Tomcats that outputs the session ID. With only 1 Tomcat started, making requests to the JSP results in the same session ID being output on each request. When I start up the 2nd Tomcat and continue making requests to the JSP, I am switched between both Tomcats rather than staying on the same Tomcat and therefore acquire a new session ID. However, with the 2 Tomcat's "in the loop" the session Ids become different *per request* no matter which Tomcat is used. I would have expected at most 2 unique session Ids (one per Tomcat) since with 1 Tomcat running only, the 1 unique session ID is maintained. I would appreciate any help or guidance as to why this may be happening. Cookies are enabled, and jsessionid is not being used on URLs. Cheers, Allistair. == config == worker.list=loadbalancer worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat1.lbfactor=1 worker.tomcat1.cachesize=10 worker.tomcat1.sticky_session=1 worker.tomcat2.port=8109 worker.tomcat2.host=localhost worker.tomcat2.type=ajp13 worker.tomcat2.lbfactor=1 worker.tomcat2.cachesize=10 worker.tomcat1.sticky_session=2 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=tomcat1,tomcat2 --- QAS Ltd. Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- Disclaimer: The information contained within this e-mail is confidential and may be privileged. This email is intended solely for the named recipient only; if you are not authorised you must not disclose
RE: Post request to 'j_security_check' after tomcat restart or se ssio n timeout produces error 400
Anybody know about the problem I have as described in below email? Thanks, Amol -Original Message- From: Amol Upadhye [mailto:[EMAIL PROTECTED] Sent: Thursday, April 13, 2006 2:25 PM To: users@tomcat.apache.org Subject: Post request to 'j_security_check' after tomcat restart or sessio n timeout produces error 400 Hi, I am using Tomcat 5.0.28 and Form based authentication. Here are steps to produce my problem, 1. Access secured page -> tomcat forwards request to login page 2. Restart tomcat server or wait till session expires, keep login page as it is, do not close browser window. 3. After tomcat restarts, with same login page try to login In this case even if login information is correct tomcat throws error 400. This is because it looses the URL to which to forward to after authentication. What I want is to forward the request to the desired page (may be preconfigured). Is there a way to configure so that control is forwarded to the configured page in this case? Current I have Error 400 handler in which if requested URL is 'j_security_check' then I redirect to the desired page (secured page). But tomcat somehow doesn't keep authenticated principal and again presents login screen. Any help is very much appreciated. Thanks, Amol
RE: Re: Directory listing... what happened ?
ask in an ubuntu-related forum for help on permanently disabling your apache server, or, connect your apache server to tomcat with mod_jk. If you're unsure of how to do the first, you probably will feel more pain trying the second (so do that first thing). > -Original Message- > From: Jonathan Pare [mailto:[EMAIL PROTECTED] > Sent: Monday, April 17, 2006 5:20 PM > To: Tomcat Users List > Subject: RE: Re: Directory listing... what happened ? > > > That's it ! Thaks a lot ! I changed the tomcat port back to > 8080 and everything went back to normal. But then I > remembered why I change the port in the first place. It's > because I want to use dyndns to access my website from > outside my network, so I have to use (I think) the port 80. > Any suggestion ? > > > > From: [EMAIL PROTECTED] > > To: users@tomcat.apache.org > > Subject: RE: Re: Directory listing... what happened ? > > Date: Mon, 17 Apr 2006 16:43:33 -0500 > > > > buried in your stacktrace: > > > > SEVERE: Error initializing endpoint > > java.net.BindException: Address already in use:80 > > > > Combine this with your previous statement "... until I rebooted my > > computer" > > > > Most likely there is a version of Apache web server that > was enabled > > with your ubuntu installation, that at some point in the > past, you or > > someone else turned off (and have subsequently forgotten > about). On > > restart, ubuntu is configured to start apache, which it > does, and it > > grabs port 80. > > > > Then, tomcat fails to start as stated in its logs. > > > > Which is why you see the default "congrats on setting up apache" > > message from apache. Even though you didn't install apache, > it's part > > of your ubuntu setup and it restarts with your box. > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK Sticky Session Handling with Load Balancing
Hi Edgar, Yep I just noticed that too :)) However, correcting this configuration (to the below) does nothing to resolve the issue, because the lb worker type by default has sticky_session=1. I set it explicitly anyway as below. However, I have noticed that in fact Tomcat 2 is not returning JSESSIONID headers as Tomcat 1 does when both Tomcats are in. To recap then, when only Tomcat 1 is in the loop, JSESSIONIDs are returned and remains consistent across requests. When Tomcat 2 is brought in, Tomcat 1 starts generating a different JSESSIONID per request, whilst Tomcat 2 returns no JSESSIONID at all. Thanks, Allistair === new config === worker.list=loadbalancer worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat1.lbfactor=1 worker.tomcat1.cachesize=10 worker.tomcat2.port=8109 worker.tomcat2.host=localhost worker.tomcat2.type=ajp13 worker.tomcat2.lbfactor=1 worker.tomcat2.cachesize=10 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=tomcat1,tomcat2 worker.loadbalancer.sticky_session=1 -Original Message- From: Edgar Alves [mailto:[EMAIL PROTECTED] Sent: 18 April 2006 12:32 To: Tomcat Users List Subject: Re: JK Sticky Session Handling with Load Balancing Hi there, You're setting the sticky_session property for each worker. That's not how it works. That property is valid only for the loadbalancer and it takes a boolean value. Set it to 'True' or '1' to get the desired effect. Read http://tomcat.apache.org/connectors-doc/config/workers.html for more info. -- Edgar Alves Allistair Crossley wrote: > Hi, > > I have setup 2 Tomcats on the same machine fronted by IIS, and used a > sticky_session=1 JK (1.2.15) load-balanced setup (as printed at the > foot of this email) > > I setup a JSP on both Tomcats that outputs the session ID. > > With only 1 Tomcat started, making requests to the JSP results in the > same session ID being output on each request. > > When I start up the 2nd Tomcat and continue making requests to the > JSP, I am switched between both Tomcats rather than staying on the > same Tomcat and therefore acquire a new session ID. > > However, with the 2 Tomcat's "in the loop" the session Ids become > different *per request* no matter which Tomcat is used. > > I would have expected at most 2 unique session Ids (one per Tomcat) > since with 1 Tomcat running only, the 1 unique session ID is maintained. > > > I would appreciate any help or guidance as to why this may be happening. > Cookies are enabled, and jsessionid is not being used on URLs. > > Cheers, Allistair. > > == config == > > worker.list=loadbalancer > > worker.tomcat1.port=8009 > worker.tomcat1.host=localhost > worker.tomcat1.type=ajp13 > worker.tomcat1.lbfactor=1 > worker.tomcat1.cachesize=10 > worker.tomcat1.sticky_session=1 > > worker.tomcat2.port=8109 > worker.tomcat2.host=localhost > worker.tomcat2.type=ajp13 > worker.tomcat2.lbfactor=1 > worker.tomcat2.cachesize=10 > worker.tomcat1.sticky_session=2 > > worker.loadbalancer.type=lb > worker.loadbalancer.balance_workers=tomcat1,tomcat2 > > > > --- > QAS Ltd. > Registered in England: No 2582055 > Registered in Australia: No 082 851 474 > --- > > Disclaimer: The information contained within this e-mail is confidential and may be privileged. This email is intended solely for the named recipient only; if you are not authorised you must not disclose, copy, distribute, or retain this message or any part of it. If you have received this message in error please contact the sender at once so that we may take the appropriate action and avoid troubling you further. Any views expressed in this message are those of the individual sender. QAS Limited has the right lawfully to record, monitor and inspect messages between its employees and any third party. Your messages shall be subject to such lawful supervision as QAS Limited deems to be necessary in order to protect its information, its interests and its reputation. > > Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS Limited cannot guarantee that attachments are virus free or compatible with your systems and does not accept any liability in respect of viruses or computer problems experienced. > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK Sticky Session Handling with Load Balancing
Hi there, You're setting the sticky_session property for each worker. That's not how it works. That property is valid only for the loadbalancer and it takes a boolean value. Set it to 'True' or '1' to get the desired effect. Read http://tomcat.apache.org/connectors-doc/config/workers.html for more info. -- Edgar Alves Allistair Crossley wrote: > Hi, > > I have setup 2 Tomcats on the same machine fronted by IIS, and used a > sticky_session=1 JK (1.2.15) load-balanced setup (as printed at the foot > of this email) > > I setup a JSP on both Tomcats that outputs the session ID. > > With only 1 Tomcat started, making requests to the JSP results in the > same session ID being output on each request. > > When I start up the 2nd Tomcat and continue making requests to the JSP, > I am switched between both Tomcats rather than staying on the same > Tomcat and therefore acquire a new session ID. > > However, with the 2 Tomcat's "in the loop" the session Ids become > different *per request* no matter which Tomcat is used. > > I would have expected at most 2 unique session Ids (one per Tomcat) > since with 1 Tomcat running only, the 1 unique session ID is maintained. > > > I would appreciate any help or guidance as to why this may be happening. > Cookies are enabled, and jsessionid is not being used on URLs. > > Cheers, Allistair. > > == config == > > worker.list=loadbalancer > > worker.tomcat1.port=8009 > worker.tomcat1.host=localhost > worker.tomcat1.type=ajp13 > worker.tomcat1.lbfactor=1 > worker.tomcat1.cachesize=10 > worker.tomcat1.sticky_session=1 > > worker.tomcat2.port=8109 > worker.tomcat2.host=localhost > worker.tomcat2.type=ajp13 > worker.tomcat2.lbfactor=1 > worker.tomcat2.cachesize=10 > worker.tomcat1.sticky_session=2 > > worker.loadbalancer.type=lb > worker.loadbalancer.balance_workers=tomcat1,tomcat2 > > > > --- > QAS Ltd. > Registered in England: No 2582055 > Registered in Australia: No 082 851 474 > --- > > Disclaimer: The information contained within this e-mail is confidential and > may be privileged. This email is intended solely for the named recipient > only; if you are not authorised you must not disclose, copy, distribute, or > retain this message or any part of it. If you have received this message in > error please contact the sender at once so that we may take the appropriate > action and avoid troubling you further. Any views expressed in this message > are those of the individual sender. QAS Limited has the right lawfully to > record, monitor and inspect messages between its employees and any third > party. Your messages shall be subject to such lawful supervision as QAS > Limited deems to be necessary in order to protect its information, its > interests and its reputation. > > Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS > Limited cannot guarantee that attachments are virus free or compatible with > your systems and does not accept any liability in respect of viruses or > computer problems experienced. > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: what about a server specific web.xml tailoring?
I would say no. This is an issue for build management, not tomcat. May I suggest you put together a short script that explodes the war, replaces the web.xml, and then re-zips the webapp back to a war. The whole thing could easily be done with a shell script or batch file - don't even need ant. --David Rolf Schumacher wrote: Dear long time Tomcat operators, I get new versions of a war file very often. Due to authorization constrains I have to place some extra security-constraints clauses into it - every time I deploy a new version. Is there a way to tell Tomcat to get the web.xml from a different place than WEB-INF for a particular application even if the war file supplies one? Rolf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AJP13 and Mod jk security
The easiest way is to rely on you network admins to ensure no one is eavesdropping. But sometimes that isn't possible. The next easiest way to use an ssh tunnel between tomcat and apache. You need google for the specifics. But from your apache servers - if you have one tomcat - you'd probably do this: ssh -N -L 8009:tomcat1.joedog.org:8009 -C -f ssh.joedog.org Or if you have ssh installed on tomcat1.joedog.org - you can save yourself an extra hop: ssh -N -L 8009:localhost:8009 -C -f tomcat1.joedog.org Of course - there will be a performance tradeoff by using this trick but the security tradeoff can be worth it. See google for more details on ssh tunneling. -Tim lmk wrote: Hi; how to secure communication between apache web server and servlet engine..?? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: what about a server specific web.xml tailoring?
No. But if I were you - I would write an Ant task which 1) unpacked the war 2) copied the original web.xml to a backup name (for reference) 3) injected the security constraint 4) repackage the war Or you can create a Valve which does the additional constraints. -Tim Rolf Schumacher wrote: Dear long time Tomcat operators, I get new versions of a war file very often. Due to authorization constrains I have to place some extra security-constraints clauses into it - every time I deploy a new version. Is there a way to tell Tomcat to get the web.xml from a different place than WEB-INF for a particular application even if the war file supplies one? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: File download error in IE with mod_jk
IIRC, its an IE setting. It has to do with tomcat probably sending a no-cache (like) header while in HTTPS. HTTPS + nocache + IE == weird issues. I can't recall the resolution. But google searching: https Internet explorer download will probably get you int he right directions. There are also some bugzilla and tomcat-user threads about this. The tomcat-user threads might be hard to find since the topic is pretty old. Good luck. -Tim Magnus Dürr wrote: Hi! I have a problem downloading files threw my webapp using Internet Explorer. The application has a resources directory where i have som large files. When I mount the directory in mod_jk to ensure only users logged in in tomcat can access it (add the line "JkMount /mywebapp/resources/* ajp13" in apache httpd.conf) file download stops working in IE, but it works fine from FireFox, i.e. accessing the URL https://www.myserver.com/mywebapp/resources/file.zip generates an error message. The file dialog opens but nothing happens and after some sort of timeout an error dialog shows with the following text: Internet Explorer cannot download file.zip from www.myserver.com, An unexpected error has occurred. The application uses https. Does anyone know how to fix this? Software versions: Apache httpd 2.0 Tomcat 5.5.12 mod_jk 1.2.6 Thanks Magnus Dürr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JK Sticky Session Handling with Load Balancing
Hi, I have setup 2 Tomcats on the same machine fronted by IIS, and used a sticky_session=1 JK (1.2.15) load-balanced setup (as printed at the foot of this email) I setup a JSP on both Tomcats that outputs the session ID. With only 1 Tomcat started, making requests to the JSP results in the same session ID being output on each request. When I start up the 2nd Tomcat and continue making requests to the JSP, I am switched between both Tomcats rather than staying on the same Tomcat and therefore acquire a new session ID. However, with the 2 Tomcat's "in the loop" the session Ids become different *per request* no matter which Tomcat is used. I would have expected at most 2 unique session Ids (one per Tomcat) since with 1 Tomcat running only, the 1 unique session ID is maintained. I would appreciate any help or guidance as to why this may be happening. Cookies are enabled, and jsessionid is not being used on URLs. Cheers, Allistair. == config == worker.list=loadbalancer worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat1.lbfactor=1 worker.tomcat1.cachesize=10 worker.tomcat1.sticky_session=1 worker.tomcat2.port=8109 worker.tomcat2.host=localhost worker.tomcat2.type=ajp13 worker.tomcat2.lbfactor=1 worker.tomcat2.cachesize=10 worker.tomcat1.sticky_session=2 worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=tomcat1,tomcat2 --- QAS Ltd. Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- Disclaimer: The information contained within this e-mail is confidential and may be privileged. This email is intended solely for the named recipient only; if you are not authorised you must not disclose, copy, distribute, or retain this message or any part of it. If you have received this message in error please contact the sender at once so that we may take the appropriate action and avoid troubling you further. Any views expressed in this message are those of the individual sender. QAS Limited has the right lawfully to record, monitor and inspect messages between its employees and any third party. Your messages shall be subject to such lawful supervision as QAS Limited deems to be necessary in order to protect its information, its interests and its reputation. Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS Limited cannot guarantee that attachments are virus free or compatible with your systems and does not accept any liability in respect of viruses or computer problems experienced. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: AJP13 and Mod jk security
http://marc.theaimsgroup.com/?l=tomcat-user&m=113980330229468&w=2 (the short answer is basically you don't use Tomcat -- you use networking infrastructure) Tim -Original Message- From: lmk [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 18, 2006 6:08 AM To: users@tomcat.apache.org Subject: AJP13 and Mod jk security Hi; how to secure communication between apache web server and servlet engine..?? thanks -- View this message in context: http://www.nabble.com/AJP13-and-Mod-jk-security-t1467202.html#a3965323 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AJP13 and Mod jk security
Hi; how to secure communication between apache web server and servlet engine..?? thanks -- View this message in context: http://www.nabble.com/AJP13-and-Mod-jk-security-t1467202.html#a3965323 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Stopping of tomcat failed.
Hi Manivannan, > 'unclosed sockets' - some client application interacting with your tomcat > forgets to close the connection. (like browsers etc) . Or the tomcat doesnt close connection to the database. So, this unclosed connections results in 'unclosed sockets' If 'unclosed sockets' was a cause and tomcat's stop process was failed, is there no bad influence on re-start of tomcat and running of web applications ? [EMAIL PROTECTED] wrote : >hi Yasunori, > welcome. > 'unclosed sockets' - some client application interacting with your tomcat > forgets to close the connection. (like browsers etc) . Or the tomcat doesnt close connection to the database. So, this unclosed connections results in 'unclosed sockets' > 'hangin process' - A process which become orphon (very rare!). And joins > under 'init' process, that becomes hard to be killed. (I think there might be lots of nice terms to refer to these kind processes) > > >-- >Manivannan Palanichamy >http://geocities.com/manivannan57 > > > > > > >-Original Message- >From: Yasunori Taniguchi <[EMAIL PROTECTED]> >To: Tomcat Users List >Sent: Tue, 18 Apr 2006 10:00:06 +0900 >Subject: Re: Stopping of tomcat failed. > > >[EMAIL PROTECTED] wrote: >>yes, the 'unclosed sockets', 'hanging process' and the likes are some notable >root causes. > >Sorry. I don't know about 'unclosed sockets', 'hanging process'. >Are they bugs ? >Please tell me the informations about them. > > >[EMAIL PROTECTED] wrote: >>yes, the 'unclosed sockets', 'hanging process' and the likes are some notable >root causes. >> >>-- >>Manivannan Palanichamy >>http://geocities.com/manivannan57 >> >> >> >> >> >> >>-Original Message- >>From: Yasunori Taniguchi <[EMAIL PROTECTED]> >>To: Tomcat Users List >>Sent: Mon, 17 Apr 2006 20:27:38 +0900 >>Subject: Re: Stopping of tomcat failed. >> >> >>Thanks for your reply ! >> >>[EMAIL PROTECTED] wrote: >>>I understand your problem. This happens sometimes. Instead of runnign >>shutdown.sh, you can manually kill the tomcat >>instance using the following steps: >> >>What is the cause of this problem's ? >>And. >>Is there any bad influences ? >>For example, garbage file or process is left, etc. >> >> >>[EMAIL PROTECTED] wrote: >>>I understand your problem. This happens sometimes. Instead of runnign >>shutdown.sh, you can manually kill the tomcat >>instance using the following steps: >>>1. type this command: ps -ax | grep 'endorse'[an ugly way of >>finding the tomcat process! ] >>> and find out its process id. (For example the Pid: 3435) >>>2. then kill the pid using kill command like: kill -9 3435 >>>(where 3435 is your tomcat instance process id.) >>> >>>Then, telnet to the tomcat port, sure, it wont reply. This is how it can be >>shutdown indirectly. >>> >>>(If still not working, the worst solution is to restart you machine.) >>> >>>Good luck/ >>> >>> >>> >>>-- >>>Manivannan Palanichamy >>>http://geocities.com/manivannan57 >>> >>> >>> >>> >>> >>> >>>-Original Message- >>>From: Yasunori Taniguchi <[EMAIL PROTECTED]> >>>To: Tomcat Users List >>>Sent: Mon, 17 Apr 2006 19:48:35 +0900 >>>Subject: Re: Stopping of tomcat failed. >>> >>> >>>[EMAIL PROTECTED] さんは書きました: Are you running apache along with tomcat? (I mean apache on port 80 and tomcat on 8080) ? >>> >>>I'm running apache on port 13000. >>>Is there a setting of port for tomcat ? >>> >>>I can use web application on port 13000. >>>I think it means apache and tomcat are running correctly. >>> >>> -- Manivannan Palanichamy http://geocities.com/manivannan57 -Original Message- From: Yasunori Taniguchi <[EMAIL PROTECTED]> To: Tomcat Users List Sent: Mon, 17 Apr 2006 13:05:24 +0900 Subject: Re: Stopping of tomcat failed. Hi. I want help about the following matter. I got an information that : Apache was killed. This is the correct operation for apache. According to the following matter, tomcat was communicating with apache, and probably any web application process was executing. Is it really ? If there is no web application executing, the following matter never happen ? Yasunori Taniguchi さんは書きました: >Hi. > >Please help me. > >I'm using apache and tomcat to use Web-based GUI tool on RHEL3.0. >The GUI tool has a shell script that starts/stops apache and tomcat. >This script with stop option displayed message "[FAILED]". >It means that stopping of tomcat has been failed. >But the tomcat was disappeared in the process list. And re-execution of >stop > was >failed as same as the execution of stop after succeeded-stop. (The >messages output >to catalina.out is tha same.) >Then GUI tool was not used at that time. >In the script, all the messages were discarded to /dev/null, and nothing related >messag
what about a server specific web.xml tailoring?
Dear long time Tomcat operators, I get new versions of a war file very often. Due to authorization constrains I have to place some extra security-constraints clauses into it - every time I deploy a new version. Is there a way to tell Tomcat to get the web.xml from a different place than WEB-INF for a particular application even if the war file supplies one? Rolf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
File download error in IE with mod_jk
Hi! I have a problem downloading files threw my webapp using Internet Explorer. The application has a resources directory where i have som large files. When I mount the directory in mod_jk to ensure only users logged in in tomcat can access it (add the line "JkMount /mywebapp/resources/* ajp13" in apache httpd.conf) file download stops working in IE, but it works fine from FireFox, i.e. accessing the URL https://www.myserver.com/mywebapp/resources/file.zip generates an error message. The file dialog opens but nothing happens and after some sort of timeout an error dialog shows with the following text: Internet Explorer cannot download file.zip from www.myserver.com, An unexpected error has occurred. The application uses https. Does anyone know how to fix this? Software versions: Apache httpd 2.0 Tomcat 5.5.12 mod_jk 1.2.6 Thanks Magnus Dürr