Is Tomcat being hacked by curl ?
(Debian) Linux 2.6.11.12-xenU Tomcat 5.5.20 Java 1.5.0_04 This question concerns access to a running Tomcat instance by a previously unseen/unknown user agent. I have been developing commercial sites in Java for a number of years now but this is the first time I have deployed a commercial application on my own and hence I am a complete beginner when it comes to dealing with nefarious nerks trying to hack my installation. Is it a 'Tomcat' question ?... I'm not sure but here goes anyway. The following might be quite harmless but it would be nice to hear of others exp' in this area Looking at the user agent section of my Webalizer generated access log analysis page I can see the following entry curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0. I have been to http://curl.haxx.se/ and it seems to my (currently) inexperienced eye that this software _could_ be used to do all sorts of despicable things to a web site. I guess it could also be used to 'build your own browser' so I'm not panicking just yet I have telnet and ftp disabled and access the server via ssh and scp. Is this likely to be some dismal little hacker trying to probe my defenses or am I worrying unnecessarily. I will investigate curl further of course. Thanks Duncan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Real-Time Tracking
Hi list. I'm interested in implement the log described in this URL: http://www.devx.com/Java/Article/32730/1954?pf=true How I compile the ResourceTrackingAccessLogValve.java? Where I put the class? Thanks in advice. -- Nadie es tan joven que no se pueda morir mañana, ni tan viejo que no pueda vivir un día más. – La Celestina (Fernando de Rojas, 1499)
Re: Is Tomcat being hacked by curl ?
Curl is a command line http client. It is available for almost all unix/linux platforms. It is easy to use in scripts to download stuff from http servers. It is not a hacking tool. You should look at what people are downloading/requesting with it. Ronald. On Thu Aug 23 09:25:51 CEST 2007 Tomcat Users List users@tomcat.apache.org wrote: (Debian) Linux 2.6.11.12-xenU Tomcat 5.5.20 Java 1.5.0_04 This question concerns access to a running Tomcat instance by a previously unseen/unknown user agent. I have been developing commercial sites in Java for a number of years now but this is the first time I have deployed a commercial application on my own and hence I am a complete beginner when it comes to dealing with nefarious nerks trying to hack my installation. Is it a 'Tomcat' question ?... I'm not sure but here goes anyway. The following might be quite harmless but it would be nice to hear of others exp' in this area Looking at the user agent section of my Webalizer generated access log analysis page I can see the following entry curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0. I have been to http://curl.haxx.se/ and it seems to my (currently) inexperienced eye that this software _could_ be used to do all sorts of despicable things to a web site. I guess it could also be used to 'build your own browser' so I'm not panicking just yet I have telnet and ftp disabled and access the server via ssh and scp. Is this likely to be some dismal little hacker trying to probe my defenses or am I worrying unnecessarily. I will investigate curl further of course. Thanks Duncan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Is Tomcat being hacked by curl ?
From: Lyallex [mailto:[EMAIL PROTECTED] curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0. I have been to http://curl.haxx.se/ and it seems to my (currently) inexperienced eye that this software _could_ be used to do all sorts of despicable things to a web site. Or it could be used, as I do, to script operations on my own sites and for large data uploads. Basically, someone's got a copy of cURL and has performed at least one operation on your site from (apparently) a RedHat box. There are much better cracking tools than cURL, and this is either legitimate or a very inexperienced script kiddie - they haven't even changed the user agent string. Chase the person, not the technology - I'd be much more interested in which resources they accessed and which IP they came from. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
Lyallex wrote: This question concerns access to a running Tomcat instance by a previously unseen/unknown user agent. [...] Is it a 'Tomcat' question ?... I'm not sure but here goes anyway. No. The following might be quite harmless but it would be nice to hear of others exp' in this area Looking at the user agent section of my Webalizer generated access log analysis page I can see the following entry curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0. I have been to http://curl.haxx.se/ and it seems to my (currently) inexperienced eye that this software _could_ be used to do all sorts of despicable things to a web site. As could be almost any other user agent - if your website allows despicable things to be done to it. I guess it could also be used to 'build your own browser' so I'm not panicking just yet I have telnet and ftp disabled and access the server via ssh and scp. Is this likely to be some dismal little hacker trying to probe my defenses or am I worrying unnecessarily. Maybe. But if your web server can really be compromised by a client that does just what you intended when bringing the server online - i. e. accessing it via HTTP - you have much more important things to worry about than whether this client calls itself curl, Firefox, IE, telnet or whatever. Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
You should look at the client query, not agent to get an idea about security. Curl client is not that uncomon. I use is (as long as wget, depending on server) to download files from public server directy to my own server. Example of use here are - download a JVM from sun website (wget 'url' or curl 'url') - download additional perl modules from CPAN - test a connection :) it could also be part of a script that is pumping your webcontent for various indexing reason. Althought, in last case, nasty indexers tends to mimic firefox or internet explorer as client :) Last but not least it could also be a user which has changed, for unknown reason, it's navigator identity for a test and forgot to reset it back to normal before going to the net. En l'instant précis du 23/08/07 09:25, Lyallex s'exprimait en ces termes: (Debian) Linux 2.6.11.12-xenU Tomcat 5.5.20 Java 1.5.0_04 This question concerns access to a running Tomcat instance by a previously unseen/unknown user agent. I have been developing commercial sites in Java for a number of years now but this is the first time I have deployed a commercial application on my own and hence I am a complete beginner when it comes to dealing with nefarious nerks trying to hack my installation. Is it a 'Tomcat' question ?... I'm not sure but here goes anyway. The following might be quite harmless but it would be nice to hear of others exp' in this area Looking at the user agent section of my Webalizer generated access log analysis page I can see the following entry curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0. I have been to http://curl.haxx.se/ and it seems to my (currently) inexperienced eye that this software _could_ be used to do all sorts of despicable things to a web site. I guess it could also be used to 'build your own browser' so I'm not panicking just yet I have telnet and ftp disabled and access the server via ssh and scp. Is this likely to be some dismal little hacker trying to probe my defenses or am I worrying unnecessarily. I will investigate curl further of course. Thanks Duncan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://www.noooxml.org/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Force auth contraint on SSL connector
Hello, we are planning to activate our intranet with ssl. Along with this, we would like to make this intranet available to our employees from their home. Insite, without ssl, there is no need to identify our user. Anonymous browsing is to be allowed. From outside however, we want to force authentification on all the webapp. So we would like to have a security-constraint on / that applies *only* when webapp is reached using SSL connector. The standard web.xml, afaik, does not support separating constraint depending on http connector. We thought about using some valve that would force users to a specific login url if their are not yet authenticated. Does this somehow already exist in tomcat. Below is a short description of aimed configuration: http://server/webapp -- no auth constraint http://server/webapp/admin -- auth-constraint, role admin http://server/webapp/edit -- auth-constraint, role admin or publisher https://server/webapp -- auth contraint, no specific role (or role user is needed) https://server/webapp/admin -- auth-constraint, role admin https://server/webapp/edit -- auth-constraint, role admin or publisher -- http://www.noooxml.org/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
OK, that's all good advice ... [EMAIL PROTECTED]:/usr/tomcat/logs$ cat access.log | grep curl 69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] GET /favicon.ico HTTP/1.1 200 2238 - curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6 69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] HEAD / HTTP/1.1 200 - - curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6 So, looking for favicon.ico and doing a HEAD on my entry page, doesn't look to suspicious I guess. [EMAIL PROTECTED]:/usr/tomcat/logs$ whois 69.25.212.171 Internap Network Services PNAP-12-2002 (NET-69-25-0-0-1) 69.25.0.0 - 69.25.255.255 Name.com INAP-DEN-NAMECOM-1256 (NET-69-25-212-128-1) 69.25.212.128 - 69.25.212.191 # ARIN WHOIS database, last updated 2007-08-22 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. Sometimes whois returns a bunch of stuff sometimes I only get a minimal return, not much use really. Anyway, I will investigate further Thanks for taking the time to reply Regards Duncan On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: (Debian) Linux 2.6.11.12-xenU Tomcat 5.5.20 Java 1.5.0_04 This question concerns access to a running Tomcat instance by a previously unseen/unknown user agent. I have been developing commercial sites in Java for a number of years now but this is the first time I have deployed a commercial application on my own and hence I am a complete beginner when it comes to dealing with nefarious nerks trying to hack my installation. Is it a 'Tomcat' question ?... I'm not sure but here goes anyway. The following might be quite harmless but it would be nice to hear of others exp' in this area Looking at the user agent section of my Webalizer generated access log analysis page I can see the following entry curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0. I have been to http://curl.haxx.se/ and it seems to my (currently) inexperienced eye that this software _could_ be used to do all sorts of despicable things to a web site. I guess it could also be used to 'build your own browser' so I'm not panicking just yet I have telnet and ftp disabled and access the server via ssh and scp. Is this likely to be some dismal little hacker trying to probe my defenses or am I worrying unnecessarily. I will investigate curl further of course. Thanks Duncan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
www.who.is Much more info ...tracking the perpetrator down now ... this is fun. On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: OK, that's all good advice ... [EMAIL PROTECTED]:/usr/tomcat/logs$ cat access.log | grep curl 69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] GET /favicon.ico HTTP/1.1 200 2238 - curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6 69.25.212.171 - - [22/Aug/2007:16:40:41 +0100] HEAD / HTTP/1.1 200 - - curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6 So, looking for favicon.ico and doing a HEAD on my entry page, doesn't look to suspicious I guess. [EMAIL PROTECTED]:/usr/tomcat/logs$ whois 69.25.212.171 Internap Network Services PNAP-12-2002 (NET-69-25-0-0-1) 69.25.0.0 - 69.25.255.255 Name.com INAP-DEN-NAMECOM-1256 (NET-69-25-212-128-1) 69.25.212.128 - 69.25.212.191 # ARIN WHOIS database, last updated 2007-08-22 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. Sometimes whois returns a bunch of stuff sometimes I only get a minimal return, not much use really. Anyway, I will investigate further Thanks for taking the time to reply Regards Duncan On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: (Debian) Linux 2.6.11.12-xenU Tomcat 5.5.20 Java 1.5.0_04 This question concerns access to a running Tomcat instance by a previously unseen/unknown user agent. I have been developing commercial sites in Java for a number of years now but this is the first time I have deployed a commercial application on my own and hence I am a complete beginner when it comes to dealing with nefarious nerks trying to hack my installation. Is it a 'Tomcat' question ?... I'm not sure but here goes anyway. The following might be quite harmless but it would be nice to hear of others exp' in this area Looking at the user agent section of my Webalizer generated access log analysis page I can see the following entry curl/7.12.1 (i386-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0. I have been to http://curl.haxx.se/ and it seems to my (currently) inexperienced eye that this software _could_ be used to do all sorts of despicable things to a web site. I guess it could also be used to 'build your own browser' so I'm not panicking just yet I have telnet and ftp disabled and access the server via ssh and scp. Is this likely to be some dismal little hacker trying to probe my defenses or am I worrying unnecessarily. I will investigate curl further of course. Thanks Duncan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm + Expired Passwords
I just find it hard to believe that there is no open-source project/library to mange users that includes the above functionality. Web server logins are dismal across the board, but its so easy to write a filter so I think nobody bothered. Peter Stephen More wrote: On 8/22/07, Christopher Schultz [EMAIL PROTECTED] wrote: 1. Checks to see if the Session exists and has a Principal. 2. Checks to see if the Session contains my User object. If not, it loads the User object and performs the real login (as opposed to the basic authentication provided by the container). 3. Checks to see what the user's status is. If the user is in the must change password state, I send them to the change password screen. Using the default tomcat realms I see 2 possibilities: 1. use the JDBCRealm and create a SQL view for user_roles. If the user has an expired password, then a role called expiredPassword should exist as a row in this view. 2. use the JAASRealm, if the password is expired add the role expiredPassword. Both of these would require a Filter that checks for the existence of the role expiredPassword and redirect as needed. I just find it hard to believe that there is no open-source project/library to mange users that includes the above functionality. -Steve - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Logging Problem on Upgrade to Tomcat 6
Filip At the beginning of this conversation you said that you would validate my web app for me. I have created a very simple web app that shows the difference in behaviour in terms of where a RuntimeException is logged in Tomcat 5.5.23 and 6.0.14. It doesn't seem to matter whether or not Log4J is turned on at the Tomcat level. The web app consists of an emtpy web xml, 3 simple JSP pages, the commons-logging and log4j Jars and a log4j.properties file. Shall I send the War to [EMAIL PROTECTED] or do you have an alternative place you would like it sent? Regards Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 21:19 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: There wasn't any trace at all - I added my own logging to tell me that one server had sent the message, but on the other server there was no sign of why it wasn't being delivered to the ChannelListener until I turned on debug logging and then it reported the ClassNotFoundException, but not at the SEVERE or WARNING level. Seeing as it is the first time I have used Tribes, it is possible that I did something wrong - but I don't think so. you are right, debug has to be enabled, I'm gonna change that right away. basically, if you have classes outside of the scope of Tribes classloader, you are better off just sending a byte[] and do the serialization/deserialization yourself. Filip Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 20:39 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: OK - I'll run through the steps from scratch again and see if I have more joy this time. let me know how it goes, I can help out more. By the way, I have been using Tribes in my application and it works really well. I did have a problem initially as I was sending a class that did not exist in Tomcat's classpath, only in the web application and there was no error logged anywhere to report the ClassNotFoundException - can I suggest that this exception is logged somewhere to help people develop using Tribes? did you by any chance save the stacktrace or was there none? I thought tribes was pretty good about not swallowing any errors. but I would like to improve if there is possibility to do so Filip Thanks for all your help. Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 20:21 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: What is confusing me is that I never had to catch the exception and log it from within my application in Tomcat 4, 5 or 5.5 - it just appeared in the web app log automatically. Is there no way to configure Log4J/Tomcat 6 to do the same thing without having to do as you suggest? it should do it, if you removed tomcat's logging manager and replaced it with log4j so you might have just missed a step Filip Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 19:51 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 it will only log to the webapp.log if your application catches the exception, then issues a log.error(msg,exception) (tomcat will do the same assuming it was correctly configured) if you provide a sample war, I can validate it for you Filip Ashley Hollands wrote: I did build the extra JAR files as described in the documentation. Whether I am using Log4J at the Tomcat level, or using Tomcat's default logging, I do get log messages in my web app log. For example if I add the following to my web app log4j.properties: log4j.logger.com.mycompany=INFO it logs these messages to the web app log no problem - both with Log4J and Tomcat's default logging at the top-level. My problem is that it isn't logging Exceptions even though as I understand it, it should be logging anything with priority ERROR or higher (lower?) that is generated by the web app to the web app log. Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 19:12 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: Thanks for the reply Filip if you want a global log4j (instead of tomcat's own framework)... I have configured Tomcat to use Log4J at the top-level using the documentation you recommend no problem, but it doesn't solve my problem. What I want is for the Exception to get logged at the web application level (I'm not bothered whether it also
JK Loadbalancer not balancing fairly
Hi All, We are doing some load testing on our setup and find that the cpu use age of tomcat reported by top on the two systems is not equal. Typically we see figures like ~400% to 800% cpu on one machine and ~50% on the other machine for the java process. We would expect that the two cpu values to be equal. The jkstatus page on box one shows the following after a restart. Although before a restart the Max column was showing 250 for jcpres1 and 32 for jcpres2. NameTypeHostAddrAct State D F M V Acc Err CE RE Wr Rd BusyMax Route RR Cd Rs jcpres1 ajp13 172.16.4.11:8009172.16.4.11:8009ACT OK 0 1 1 869 42762 4 0 939K 286M1 11 jcpres1 0/0 jcpres2 ajp13 172.16.4.12:8009172.16.4.12:8009ACT OK 0 1 1 869 42772 1 0 943K 280M2 9 jcpres2 0/0 and box 2 NameTypeHostAddrAct State D F M V Acc Err CE RE Wr Rd BusyMax Route RR Cd Rs jcpres1 ajp13 172.16.4.11:8009172.16.4.11:8009ACT OK 0 1 1 484 38720 4 0 850K 256M3 10 jcpres1 0/0 jcpres2 ajp13 172.16.4.12:8009172.16.4.12:8009ACT OK 0 1 1 483 38710 4 0 850K 260M1 10 jcpres2 0/0 Our system setup. Both machines are running the the following software on RedHat 4ES Httpd 2.2.4 Mod JK 1.2.25 Tomcat 6.0.12 Java 1.6.0_01 Box 1. workers.properties # JK Status worker config worker.list=jkstatus worker.jkstatus.type=status # Presentaton Load Balancer Config worker.list=preslb worker.preslb.type=lb worker.preslb.balance_workers=jcpres1,jcpres2 worker.preslb.sticky_session=1 worker.jcpres1.port=8009 worker.jcpres1.host=172.16.4.11 worker.jcpres1.type=ajp13 worker.jcpres1.lbfactor=1 worker.jcpres1.fail_on_status=503,400,500,909 worker.jcpres2.port=8009 worker.jcpres2.host=172.16.4.12 worker.jcpres2.type=ajp13 worker.jcpres2.lbfactor=1 worker.jcpres2.fail_on_status=503,400,500,909 Box 2. workers.properties # JK Status worker config worker.list=jkstatus worker.jkstatus.type=status # Presentaton Load Balancer Config worker.list=preslb worker.preslb.type=lb worker.preslb.balance_workers=jcpres1,jcpres2 worker.preslb.sticky_session=1 worker.jcpres1.port=8009 worker.jcpres1.host=172.16.4.11 worker.jcpres1.type=ajp13 worker.jcpres1.lbfactor=1 worker.jcpres1.fail_on_status=503,400,500,909 worker.jcpres2.port=8009 worker.jcpres2.host=172.16.4.12 worker.jcpres2.type=ajp13 worker.jcpres2.lbfactor=1 worker.jcpres2.fail_on_status=503,400,500,909 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Domain mapping
Hi How do I setup domains for webapplications-mapping in tomcat5.5? I can read that there should be defined a context-element in either META-INF/context.xml or server.xml file, but I find it very hard to find a working solution or example. Should i define both host and context element or... and where? I have a DNS A-record pointing to the ip-adress of the server running my tomcat, but I cant make tomcat handle the requests correctly. My hosting operator suggests introducing an Apache for this purpuse, which I believe is quite an overkill. Or is it? Hope you can help med out with a good tutorial or explanation of where to start. Regards - Jens Rosenberg - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: URL mangling
Aha! Yes I am. Kinda makes sense that would be it. Thanks so much for thinking deep enough to ask the question. I'm already forwarding everything that starts with my servlet. I coded all JSPs to use relative paths. Can I tell mod_jk to forward everything with a relative path to tomcat as well? -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 9:10 PM To: Tomcat Users List Subject: RE: URL mangling Yes, it should. Are you running tomcat behind Apache HTTPD or another web server to serve up static content? On Wed, 2007-08-22 at 09:17, Hehl, Thomas wrote: /* Shouldn't that get everything? I have a debug at the beginning of doFilter that prints out the request and I only get the original one, nothing for the images and stuff. -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 9:03 AM To: Tomcat Users List Subject: Re: URL mangling So now I'm trying to see if there's a way to mangle these urls dynamically on the security server instead so that I can use the same JSP for everything. I tried using a filter, but that works ONLY for the actual request itself. Filters evidently don't see requests for images or stylesheets, etc. Filters see whatever their mappings tell them to see. The url-mapping for filters works the same way as it does for servlets. What mapping are you using? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Password protected zip files always corrupt
Hi, I'm trying to allow my users to download a password protected zip file from a link in an email but I keep being told the zip file is corrupt when I do even though I know it's not. It's using standard tomcat form authentication, if you go to the front page of the site and login normally and then right click on the link and select save target as (or save link as in firefox) it works fine. If you just click on the link to open the file in firefox, it works ok. If you do the same thing in IE, you get an empty archive. However if you move the same file to an area outside of the protected area, everything works fine. When I attempt to try the same thing with other file types, e.g. pdf, it opens in the browser or downloads fine regardless of whether it's within the protected area or not. If it is in the protected area, the user is redirected to the login page first, as one would expect. I have already tried adding the following to my web.xml without any luck: mime-mapping extensionzip/extension mime-typeapplication/zip/mime-type /mime-mapping Any ideas? Thanks, Kevin - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: URL mangling
Probably, I haven't done a lot of work with connectors. Maybe a better question at this point is, if you're going to pass everything to Tomcat anyway, is there still a benefit to using Apache HTTPD as a front end? Tomcat and the JVM have both made huge strides in performance over the last few years and many of us are running full fledged commercial apps with Tomcat running as a standalone. On Thu, 2007-08-23 at 07:58, Hehl, Thomas wrote: Aha! Yes I am. Kinda makes sense that would be it. Thanks so much for thinking deep enough to ask the question. I'm already forwarding everything that starts with my servlet. I coded all JSPs to use relative paths. Can I tell mod_jk to forward everything with a relative path to tomcat as well? -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 9:10 PM To: Tomcat Users List Subject: RE: URL mangling Yes, it should. Are you running tomcat behind Apache HTTPD or another web server to serve up static content? On Wed, 2007-08-22 at 09:17, Hehl, Thomas wrote: /* Shouldn't that get everything? I have a debug at the beginning of doFilter that prints out the request and I only get the original one, nothing for the images and stuff. -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 9:03 AM To: Tomcat Users List Subject: Re: URL mangling So now I'm trying to see if there's a way to mangle these urls dynamically on the security server instead so that I can use the same JSP for everything. I tried using a filter, but that works ONLY for the actual request itself. Filters evidently don't see requests for images or stylesheets, etc. Filters see whatever their mappings tell them to see. The url-mapping for filters works the same way as it does for servlets. What mapping are you using? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: URL mangling
The benefit is the client is already doing it this way and wants us to it the same. The realities of the IT world. Alas... -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 8:23 AM To: Tomcat Users List Subject: RE: URL mangling Probably, I haven't done a lot of work with connectors. Maybe a better question at this point is, if you're going to pass everything to Tomcat anyway, is there still a benefit to using Apache HTTPD as a front end? Tomcat and the JVM have both made huge strides in performance over the last few years and many of us are running full fledged commercial apps with Tomcat running as a standalone. On Thu, 2007-08-23 at 07:58, Hehl, Thomas wrote: Aha! Yes I am. Kinda makes sense that would be it. Thanks so much for thinking deep enough to ask the question. I'm already forwarding everything that starts with my servlet. I coded all JSPs to use relative paths. Can I tell mod_jk to forward everything with a relative path to tomcat as well? -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 9:10 PM To: Tomcat Users List Subject: RE: URL mangling Yes, it should. Are you running tomcat behind Apache HTTPD or another web server to serve up static content? On Wed, 2007-08-22 at 09:17, Hehl, Thomas wrote: /* Shouldn't that get everything? I have a debug at the beginning of doFilter that prints out the request and I only get the original one, nothing for the images and stuff. -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 9:03 AM To: Tomcat Users List Subject: Re: URL mangling So now I'm trying to see if there's a way to mangle these urls dynamically on the security server instead so that I can use the same JSP for everything. I tried using a filter, but that works ONLY for the actual request itself. Filters evidently don't see requests for images or stylesheets, etc. Filters see whatever their mappings tell them to see. The url-mapping for filters works the same way as it does for servlets. What mapping are you using? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using HSQLDB for Authentication
remmons wrote: I am trying to use HSQLDB for container authentication in Tomcat. When I start Tomcat, I get this message in the catalina.-MM-DD.log: INFO: Starting Servlet Engine: Apache Tomcat/5.5.23 Aug 2, 2007 3:10:29 PM org.apache.catalina.realm.JDBCRealm start SEVERE: Exception opening database connection java.sql.SQLException: The database is already in use by another process: [EMAIL PROTECTED] =\\localhost\data\Auth.lck, exists=false, locked=false, valid=false, fl =null]: java.io.FileNotFoundException: \\localhost\data\Auth.lck (The network path was not found) Apparently, Tomcat cannot find my database files. Without success, I have located them in various places: webbapps/MyApp/WEB-INF/data webbapps/MyApp/WEB-INF/classes/data webbapps/MyApp/WEB-INF/lib/data webapps/data I am using the following connectionURL: connectionURL=jdbc:hsqldb://localhost/data/Auth where Auth is the name of my HSQLDB database with the following files: data/Auth.log data/Auth.properties data/Auth.script I setup my realm in server.xml as follows: Realm className=org.apache.catalina.realm.JDBCRealm driverName=org.hsqldb.jdbcDriver connectionURL=jdbc:hsqldb://localhost/data/Auth connectionName=SA connectionPassword= userTable=USER userNameCol=USERNAME userCredCol=PASSWORD userRoleTable=USER_ROLE roleNameCol=ROLENAME / Can someone tell me where to put the database files so Tomcat can find them? I am using Tomcat 5.5. -- Robert Emmons, P.E., Aurigen Inc. [EMAIL PROTECTED], http://www.aurigen.com Computer Programming and Consulting - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] In case anyone is interested, I found the secrets to getting Tomcat to use my HSQLDB database for container authentication: * Locate hsqldb.jar in %CATALINA_HOME%/common/lib * Locate the HSQLDB database files in webapps/myApp/data * Use the following Realm element in server.xml: Realm className=org.apache.catalina.realm.JDBCRealm driverName=org.hsqldb.jdbcDriver connectionURL=jdbc:hsqldb:data/Auth connectionName=SA connectionPassword= userTable=USER userNameCol=USERNAME userCredCol=PASSWORD userRoleTable=USER_ROLE roleNameCol=ROLENAME / That is the same Realm element as I used above, except for the connectionURL: * Correct: connectionURL=jdbc:hsqldb:data/Auth * Incorrect: connectionURL=jdbc:hsqldb:/localhoast/data/Auth -- View this message in context: http://www.nabble.com/Using-HSQLDB-for-Authentication-tf4208687.html#a12293244 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk Could not find a worker error
Hi All I have installed tomcat5.5 with apache2.2 on a debian box following the guide at http://www.howtoforge.com/apache2_tomcat5_mod_jk I have followed this guide relatively strictly, the only things i have changed are the jdk version used (JDK 6 update 2) and the mod_jk installation method (i used apt-get install libapache-mod-jk) However when i try to test the installation i get a 500 internal server error. There is this line in the mod_jk.log [Thu Aug 23 21:53:56 2007] [6726:42688] [info] jk_handler::mod_jk.c (1986): Could not find a worker for worker name=ajp13 And another thing i have noticed is that when i enter which java on the command line, nothing is returned (it should be my java path /usr/lib/jdk apparently. javac doesnt work either) Just wondering if anybody knows what could be wrong with the installation? Any help greatly appreciated Cheers Will
Re: Logging Problem on Upgrade to Tomcat 6
yes, feel free to send it to that address Filip Ashley Hollands wrote: Filip At the beginning of this conversation you said that you would validate my web app for me. I have created a very simple web app that shows the difference in behaviour in terms of where a RuntimeException is logged in Tomcat 5.5.23 and 6.0.14. It doesn't seem to matter whether or not Log4J is turned on at the Tomcat level. The web app consists of an emtpy web xml, 3 simple JSP pages, the commons-logging and log4j Jars and a log4j.properties file. Shall I send the War to [EMAIL PROTECTED] or do you have an alternative place you would like it sent? Regards Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 21:19 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: There wasn't any trace at all - I added my own logging to tell me that one server had sent the message, but on the other server there was no sign of why it wasn't being delivered to the ChannelListener until I turned on debug logging and then it reported the ClassNotFoundException, but not at the SEVERE or WARNING level. Seeing as it is the first time I have used Tribes, it is possible that I did something wrong - but I don't think so. you are right, debug has to be enabled, I'm gonna change that right away. basically, if you have classes outside of the scope of Tribes classloader, you are better off just sending a byte[] and do the serialization/deserialization yourself. Filip Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 20:39 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: OK - I'll run through the steps from scratch again and see if I have more joy this time. let me know how it goes, I can help out more. By the way, I have been using Tribes in my application and it works really well. I did have a problem initially as I was sending a class that did not exist in Tomcat's classpath, only in the web application and there was no error logged anywhere to report the ClassNotFoundException - can I suggest that this exception is logged somewhere to help people develop using Tribes? did you by any chance save the stacktrace or was there none? I thought tribes was pretty good about not swallowing any errors. but I would like to improve if there is possibility to do so Filip Thanks for all your help. Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 20:21 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: What is confusing me is that I never had to catch the exception and log it from within my application in Tomcat 4, 5 or 5.5 - it just appeared in the web app log automatically. Is there no way to configure Log4J/Tomcat 6 to do the same thing without having to do as you suggest? it should do it, if you removed tomcat's logging manager and replaced it with log4j so you might have just missed a step Filip Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 19:51 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 it will only log to the webapp.log if your application catches the exception, then issues a log.error(msg,exception) (tomcat will do the same assuming it was correctly configured) if you provide a sample war, I can validate it for you Filip Ashley Hollands wrote: I did build the extra JAR files as described in the documentation. Whether I am using Log4J at the Tomcat level, or using Tomcat's default logging, I do get log messages in my web app log. For example if I add the following to my web app log4j.properties: log4j.logger.com.mycompany=INFO it logs these messages to the web app log no problem - both with Log4J and Tomcat's default logging at the top-level. My problem is that it isn't logging Exceptions even though as I understand it, it should be logging anything with priority ERROR or higher (lower?) that is generated by the web app to the web app log. Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 19:12 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: Thanks for the reply Filip if you want a global log4j (instead of tomcat's own framework)... I have configured Tomcat to use Log4J at the top-level using the documentation you recommend no problem, but it doesn't solve my problem. What I want is for
Re: mod_jk Could not find a worker error
Hi Will, Can you post the contents of your workers.properties file? It could be a problem with the naming of the worker set up in this file. Cheers, Ben On Thu, 2007-08-23 at 23:49 +1000, Will Parkinson wrote: Hi All I have installed tomcat5.5 with apache2.2 on a debian box following the guide at http://www.howtoforge.com/apache2_tomcat5_mod_jk I have followed this guide relatively strictly, the only things i have changed are the jdk version used (JDK 6 update 2) and the mod_jk installation method (i used apt-get install libapache-mod-jk) However when i try to test the installation i get a 500 internal server error. There is this line in the mod_jk.log [Thu Aug 23 21:53:56 2007] [6726:42688] [info] jk_handler::mod_jk.c (1986): Could not find a worker for worker name=ajp13 And another thing i have noticed is that when i enter which java on the command line, nothing is returned (it should be my java path /usr/lib/jdk apparently. javac doesnt work either) Just wondering if anybody knows what could be wrong with the installation? Any help greatly appreciated Cheers Will - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Managerp app
Is there a way to have the manager web application just upload a .war and not deploy it? Or a way to have it upload a .war to a location outside of the appBase? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Domain mapping
From: Jens Rosenberg [mailto:[EMAIL PROTECTED] Subject: Domain mapping How do I setup domains for webapplications-mapping in tomcat5.5? Why do you want to? It's not normally necessary, unless you want separate sets of webapps available for each domain. If you do want segregated webapps, define a Host element in server.xml for each domain, with a unique appBase attribute for each Host. The webapps for each domain should be placed in the corresponding appBase. I can read that there should be defined a context-element in either META-INF/context.xml or server.xml file, but I find it very hard to find a working solution or example. Don't put Context elements in server.xml - that's only there for compatibility with older levels. The standard Tomcat download includes numerous sample applications, some with Context elements (they're not required for simple webapps). Should i define both host and context element or... and where? It's Host and Context - case matters. Read the doc: http://tomcat.apache.org/tomcat-5.5-doc/config/host.html http://tomcat.apache.org/tomcat-5.5-doc/config/context.html My hosting operator suggests introducing an Apache for this purpuse, which I believe is quite an overkill. By Apache, I'll presume you mean httpd, since Tomcat is also an Apache product. Yes, it is overkill, and will do little for you other than add overhead. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using HSQLDB for Authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Robert, * Correct: connectionURL=jdbc:hsqldb:data/Auth * Incorrect: connectionURL=jdbc:hsqldb:/localhoast/data/Auth Thanks for posting a followup to this when you found the answer. Often, dead threads will end in no solution as the OP will disappear thinking that the community doesn't care. We do care; it's just that nobody that read your post knew what to do ;) Now it's in the archives, so hopefully someone will find it when searching. Nice job, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzZhD9CaO5/Lv0PARAv9kAJ4kJ+06o4pf6CzW3xAGpd5j6UUhLgCfRjER AseWX5z6dP+VIzsmhgVd5IU= =6FzY -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: why does mod_jk still try to send the request to a shutdown machine?
Have a look at http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html You could lower you prepost_timeout. The Timeouts will help for unplanned downtimes. For planned downtimes you should administratively change the activation attribute of the load balancer members. Regards, Rainer Guofeng Zhang schrieb: Hi, I use Apache as the load balancer and configured mod_jk to work in failover mode. The master and slave run on separate machines. To test how the failover works, I shut down the master machine, then I access my application. But it takes about one minute for me to see the first page. I think the time is used to try to establish the socket connection. I think I need to configure something that I missed in the worker.properties so that mod_jk could detect the status of the master before it sends the request to it. Thanks for your help very much. I use Apache HTTPD 2.2.4, mod_jk 2.2.4, JBoss 4.0.4/Tomcat 5.5. The following the log of mod_jk. [Wed Aug 22 17:24:59 2007][1632:1624] [info] mod_jk.c (2775): mod_jk/1.2.24 initialized [Wed Aug 22 17:25:42 2007][1632:6124] [info] jk_connect.c (473): connect to 192.168.225.195:8009 failed (errno=60) [Wed Aug 22 17:25:42 2007][1632:6124] [info] jk_ajp_common.c (891): Failed opening socket to (192.168.225.195:8009) (errno=60) [Wed Aug 22 17:25:42 2007][1632:6124] [info] jk_ajp_common.c (1311): (master) error connecting to the backend server (errno=60) [Wed Aug 22 17:25:42 2007][1632:6124] [info] jk_ajp_common.c (2071): (master) sending request to tomcat failed, recoverable operation attempt=1 The following is the content of worker.properties. # Define list of workers that will be used # for mapping requests worker.list=loadbalancer,status # Define Master worker.master.host=192.168.225.195 worker.master.port=8009 worker.master.type=ajp13 worker.master.lbfactor=1 worker.master.cachesize=10 worker.master.cache_timeout=600 worker.master.socket_timeout=180 worker.master.recycle_timeout=100 worker.master.prepost_timeout=50 worker.master.recovery_options=0 # Define prefered failover node for master worker.master.redirect=slave # Define Slave worker.slave.host= 192.168.225.116 worker.slave.port=8009 worker.slave.type=ajp13 worker.slave.lbfactor=1 worker.slave.cachesize=10 worker.slave.cache_timeout=600 worker.slave.socket_timeout=180 worker.slave.recycle_timeout=100 worker.slave.prepost_timeout=50 worker.slave.recovery_options=0 #Disable slave for all requests except failover worker.slave.activation=disabled # Load-balancing behaviour worker.loadbalancer.type=lb worker.loadbalancer.balance_workers=master, slave worker.loadbalancer.sticky_session=1 # Status worker for managing load balancer worker.status.type=status - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBCRealm + Expired Passwords
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen, Stephen More wrote: Both of these would require a Filter that checks for the existence of the role expiredPassword and redirect as needed. Yes. That's why I did it myself all in a single filter (including loading the user's state, rather than adding an essentially useless role called expired-password). I just find it hard to believe that there is no open-source project/library to mange users that includes the above functionality. Long ago, I had that thought, too. I resolved to create one user-management package to rule them all, but as I worked with more and more applications, I found that the requirements for each application were often so different that the resulting uber-package would just be a tiny framework with hundreds of little plug-ins that would make it un-manageable. Just my two cents. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzZjw9CaO5/Lv0PARAuLEAKC343a5QCuq0RXLVuOJj4B8HS8ERwCghGJm rm5vzKWEf34XgJaGsw7RuRs= =p09S -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to specify derby home to the JVM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ping, Ping Yu wrote: set JAVA_OPTS=%JAVA_OPTS% -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties -Dderby.system.home=C:\Absolute_Path_To_\sql That's an oddly non-matched set of parens. Might I suggest this: set JAVA_OPTS=%JAVA_OPTS% - -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager - -Djava.util.logging.config.file=%CATALINA_BASE%\conf\logging.properties - -Dderby.system.home=C:\Absolute_Path_To_\sql Of course, that should all be on a single line in your script. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzZpj9CaO5/Lv0PARArR8AJ4ou2PF0AARvJ+SC52d7/pKbrOu7gCgkDts +92HIG9bDk4TT8cbNE8jh58= =ksk5 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Container managed securty
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ali, Ali Ok wrote: I use Tomcat's JDBC realm for security. However, I want to use a very customized login form (like remember me option or javascript based modal login form). How can I make these work? I recommend using securityfilter (http://securityfilter.sourceforge.net). It allows (among other things) direct logins. (That is, you don't have to attempt to hit a protected resource in order to display the login page to the user). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzZqw9CaO5/Lv0PARAo51AJ0ZbVuQcmURenBhY5Nqu+hkiTAnWQCgncwL OXXv8ls2sfS6oy6DYTZwGtM= =5MxS -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location - find_vma failed
Hi, Tomcat runs fine, but the log contains this message: Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location - find_vma failed Another thread said this was most likely due to the tomcat user not having access to the /proc file system, and that it's not a biggie. Just thought I'd air it out, to see if anyone has any concerns about this? Thanks, - Ole - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Force auth contraint on SSL connector
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, From outside however, we want to force authentification on all the webapp. So we would like to have a security-constraint on / that applies *only* when webapp is reached using SSL connector. You might be able to avoid the entire problem by using a VPN. Is that an acceptable change in strategy? What about client certificates? I think you're going to seriously complicate your application to add this requirement. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzZxA9CaO5/Lv0PARAvOuAKCo7gSdhMUdvtdLcWrvT4EsR7ZhyQCfaQcG Qowp91xWkZYt1Gs4CtT8SNw= =kq0I -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logging Problem on Upgrade to Tomcat 6
what is missing from the Tomcat 6 docs, is that you put log4j.properties in TC_HOME/lib to configure Tomcat's global logging Filip Filip Hanik - Dev Lists wrote: yes, feel free to send it to that address Filip Ashley Hollands wrote: Filip At the beginning of this conversation you said that you would validate my web app for me. I have created a very simple web app that shows the difference in behaviour in terms of where a RuntimeException is logged in Tomcat 5.5.23 and 6.0.14. It doesn't seem to matter whether or not Log4J is turned on at the Tomcat level. The web app consists of an emtpy web xml, 3 simple JSP pages, the commons-logging and log4j Jars and a log4j.properties file. Shall I send the War to [EMAIL PROTECTED] or do you have an alternative place you would like it sent? Regards Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 21:19 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: There wasn't any trace at all - I added my own logging to tell me that one server had sent the message, but on the other server there was no sign of why it wasn't being delivered to the ChannelListener until I turned on debug logging and then it reported the ClassNotFoundException, but not at the SEVERE or WARNING level. Seeing as it is the first time I have used Tribes, it is possible that I did something wrong - but I don't think so. you are right, debug has to be enabled, I'm gonna change that right away. basically, if you have classes outside of the scope of Tribes classloader, you are better off just sending a byte[] and do the serialization/deserialization yourself. Filip Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 20:39 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: OK - I'll run through the steps from scratch again and see if I have more joy this time. let me know how it goes, I can help out more. By the way, I have been using Tribes in my application and it works really well. I did have a problem initially as I was sending a class that did not exist in Tomcat's classpath, only in the web application and there was no error logged anywhere to report the ClassNotFoundException - can I suggest that this exception is logged somewhere to help people develop using Tribes? did you by any chance save the stacktrace or was there none? I thought tribes was pretty good about not swallowing any errors. but I would like to improve if there is possibility to do so Filip Thanks for all your help. Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 20:21 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: What is confusing me is that I never had to catch the exception and log it from within my application in Tomcat 4, 5 or 5.5 - it just appeared in the web app log automatically. Is there no way to configure Log4J/Tomcat 6 to do the same thing without having to do as you suggest? it should do it, if you removed tomcat's logging manager and replaced it with log4j so you might have just missed a step Filip Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 19:51 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 it will only log to the webapp.log if your application catches the exception, then issues a log.error(msg,exception) (tomcat will do the same assuming it was correctly configured) if you provide a sample war, I can validate it for you Filip Ashley Hollands wrote: I did build the extra JAR files as described in the documentation. Whether I am using Log4J at the Tomcat level, or using Tomcat's default logging, I do get log messages in my web app log. For example if I add the following to my web app log4j.properties: log4j.logger.com.mycompany=INFO it logs these messages to the web app log no problem - both with Log4J and Tomcat's default logging at the top-level. My problem is that it isn't logging Exceptions even though as I understand it, it should be logging anything with priority ERROR or higher (lower?) that is generated by the web app to the web app log. Ashley -Original Message- From: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Sent: 22 August 2007 19:12 To: Tomcat Users List Subject: Re: Logging Problem on Upgrade to Tomcat 6 Ashley Hollands wrote: Thanks for the reply Filip if you want a global log4j (instead of tomcat's own framework)... I have configured Tomcat to use
Re: Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location - find_vma failed
Ole Ersoy wrote: Hi, Tomcat runs fine, but the log contains this message: Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location - find_vma failed Another thread said this was most likely due to the tomcat user not having access to the /proc file system, and that it's not a biggie. Just thought I'd air it out, to see if anyone has any concerns about this? do you get the same warning when you do the -server option? JDK 1.5 and higher, does to introspection on the system to figure out best runtime options internally. Filip Thanks, - Ole - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK Loadbalancer not balancing fairly
Ben, So I assume you have two web servers fronting two app servers - or there are two servers both of which have a web server and an app server? For the restart you talk about - did you restart both web servers? Do you have a good load balancer (local director, content director like an F5) in front of the two web servers? If I am reading your JKStatus text correctly I noticed the following: Load balancer value on web server 2 --- = ~0.56 Load balancer value on web server 1 but Number requests on web server 2 --- = ~0.91 Number requests on web server 1 Now, if I am interpreting the meaning of load balancer value and number of reuqests correctly, that would imply that the number of sessions stuck to each app server from web server 1 is very roughly twice as high as from 2, but the total number of requests sent to each app server from both web servers is very roughly the same. (Can someone confirm I'm intrepreting those #s correctly?) According to the docs, each connect by default trys to keep the number of requests sent to each worker the same, which looks to be happening reasonably well. (I'm playing with trying the keep the number of sessions balanced since our apps tend to be more of a memory issue than a cpu issue. There is a setting on the connector for this.) With a some info on your setup we can try to figure out the load imbalance. As a note, I am playing with the jk1.2.x connector, but our productio systems use the old jk2.x connector. With that, I've seen a load imbalance on the app servers when one of the app serves has gone down for a while, and then has come back up. If the connectors are not reset, they will try to catch up the restarted app server in terms of the number of requests it has handled, thus loading it more heavily than servers that have been up the whole time. Brian ---Original Message- --From: ben short [mailto:[EMAIL PROTECTED] --Sent: Thursday, August 23, 2007 4:51 AM --To: Tomcat Users List --Subject: JK Loadbalancer not balancing fairly -- --Hi All, -- --We are doing some load testing on our setup and find that --the cpu use age of tomcat reported by top on the two systems --is not equal. --Typically we see figures like ~400% to 800% cpu on one --machine and ~50% on the other machine for the java process. --We would expect that the two cpu values to be equal. -- --The jkstatus page on box one shows the following after a restart. --Although before a restart the Max column was showing 250 for --jcpres1 and 32 for jcpres2. -- --Name TypeHostAddrAct State D F --MV Acc Err CE RE Wr Rd --Busy Max Route RR Cd Rs -- jcpres1 ajp13 172.16.4.11:8009 --172.16.4.11:8009 ACT OK 0 1 1 --869 42762 4 0 939K286M1 --11 jcpres1 -- 0/0 -- jcpres2 ajp13 172.16.4.12:8009 --172.16.4.12:8009 ACT OK 0 1 1 --869 42772 1 0 943K280M2 --9jcpres2 -- 0/0 -- --and box 2 -- --Name TypeHostAddrAct State D F --MV Acc Err CE RE Wr Rd --Busy Max Route RR Cd Rs -- jcpres1 ajp13 172.16.4.11:8009 --172.16.4.11:8009 ACT OK 0 1 1 --484 38720 4 0 850K256M3 --10 jcpres1 -- 0/0 -- jcpres2 ajp13 172.16.4.12:8009 --172.16.4.12:8009 ACT OK 0 1 1 --483 38710 4 0 850K260M1 --10 jcpres2 -- 0/0 -- -- --Our system setup. -- --Both machines are running the the following software on RedHat 4ES -- --Httpd 2.2.4 --Mod JK 1.2.25 --Tomcat 6.0.12 --Java 1.6.0_01 -- --Box 1. -- --workers.properties -- --# JK Status worker config -- --worker.list=jkstatus --worker.jkstatus.type=status -- --# Presentaton Load Balancer Config -- --worker.list=preslb -- --worker.preslb.type=lb --worker.preslb.balance_workers=jcpres1,jcpres2 --worker.preslb.sticky_session=1 -- --worker.jcpres1.port=8009 --worker.jcpres1.host=172.16.4.11 --worker.jcpres1.type=ajp13 --worker.jcpres1.lbfactor=1 --worker.jcpres1.fail_on_status=503,400,500,909 -- --worker.jcpres2.port=8009 --worker.jcpres2.host=172.16.4.12 --worker.jcpres2.type=ajp13 --worker.jcpres2.lbfactor=1 --worker.jcpres2.fail_on_status=503,400,500,909 -- -- --Box 2. -- --workers.properties -- --# JK Status worker config -- --worker.list=jkstatus --worker.jkstatus.type=status -- --# Presentaton Load Balancer Config -- --worker.list=preslb -- --worker.preslb.type=lb --worker.preslb.balance_workers=jcpres1,jcpres2 --worker.preslb.sticky_session=1 -- --worker.jcpres1.port=8009 --worker.jcpres1.host=172.16.4.11 --worker.jcpres1.type=ajp13
Re: A Global Error Page (JSP or JSF)
I have configured a servlet to display an error message and a stack trace for 500 errors 9defined in web.xml). It works sometimes and not at others? By this i mean some 500 errors are caught and reported the others just cause an error and failure. In Response To: Does anybody have an example of global JSP (or JSF) error page that can be used to catch 500 errors genertaed by either servlets or jsps? Thanks. Sent from Techienuggets Netbeans IDE Forum: http://www.techienuggets.com/Detail?tx=11104 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A Global Error Page (JSP or JSF)
try to put something like this into your web.xml (i hope that is what you've been asking for): error-page exception-typejava.lang.Throwable/exception-type location/errorPages/generalError.html/location /error-page That page should just display some message like general error occured, please report to webmaster... . The error itself you then should find in your logs. Cheers Gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A Global Error Page (JSP or JSF)
That's exactly what I have done. I have even tested it by having a servlet do a int i = 500/0; which causes a 500 error and a divide by zero exception which invokes the page correctly with the error and the stack trace; however, sometimes for errors (like trying to access a null object) the page is not invoked but there's a stack trace in the logs. In Response To: try to put something like this into your web.xml (i hope that is what you've been asking for): error-page exception-typejava.lang.Throwable/exception-type location/errorPages/generalError.html/location /error-page That page should just display some message like general error occured, please report to webmaster... . The error itself you then should find in your logs. Cheers Gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Sent from Techienuggets Netbeans IDE Forum: http://www.techienuggets.com/Detail?tx=11104 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.5.23: adding datasource to /conf/context.xml without restarting server to find it?
Hi, I added a jdbc datasource to $TOMCAT_BASE/conf/context.xml using W3C DOM. But I have to restart the server find the new resource. I wonder is there a way to add new resources to $TOMCAT_BASE/conf/context.xml on Tomcat 5.5.23, without restarting server to find it? Regards, cun -- View this message in context: http://www.nabble.com/Tomcat-5.5.23%3A-adding-datasource-to--conf-context.xml-without-restarting-server-to-find-it--tf4318541.html#a12296924 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: why does mod_jk still try to send the request to a shutdown machine?
On 8/23/07, Rainer Jung [EMAIL PROTECTED] wrote: Guofeng Zhang schrieb: # Define Master worker.master.host=192.168.225.195 worker.master.port=8009 worker.master.type=ajp13 worker.master.lbfactor=1 worker.master.cachesize=10 worker.master.cache_timeout=600 worker.master.socket_timeout=180 worker.master.recycle_timeout=100 worker.master.prepost_timeout=50 worker.master.recovery_options=0 You could lower you prepost_timeout. The Timeouts will help for unplanned downtimes. For planned downtimes you should administratively change the activation attribute of the load balancer members. He's already using a low prepost_timeout of 50ms (IMO is way too low and should be set to 250-500ms). What he should also set is the connect_timeout setting, again, I would recommend 500ms or higher. Additionally, I see some other settings which are incorrect: cachesize is deprecated and should not be set (or left at 1 unless using a threaded Apache MPM which is unlikely unless running on Windows which the OP does not mention). cache_timeout is also deprecated and should not be set. recycle_timeout is also deprecated and should not be set. -Dave - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.23: adding datasource to /conf/context.xml without restarting server to find it?
Ok... this begs the question: Why did you add the datasource to $TOMCAT_BASE/conf/context.xml? The datasource should be in your individual webapp's context.xml file where all you have to do is restart the webapp via the manager webapp. --David shunhecun wrote: Hi, I added a jdbc datasource to $TOMCAT_BASE/conf/context.xml using W3C DOM. But I have to restart the server find the new resource. I wonder is there a way to add new resources to $TOMCAT_BASE/conf/context.xml on Tomcat 5.5.23, without restarting server to find it? Regards, cun - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
Once you find them, you might be hard pressed to actually do anything about it beyond getting in touch with their ISP. It might be easier to just block them at the firewall or on the server tomcat runs on with something like iptables. Mark On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: www.who.is Much more info ...tracking the perpetrator down now ... this is fun. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: So, looking for favicon.ico and doing a HEAD on my entry page, doesn't look to suspicious I guess. ...tracking the perpetrator down now ... this is fun. While the exercise may be fun, you are most likely wasting your time as the client is very likely to be harmless and meant no harm - hopefully you learn something from it. As others have mentioned, while the user-agent of a client can be interesting, for any real malicious activity the user-agent will likely be spoofed to look more like something main stream than to stand out. -Dave - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: why does mod_jk still try to send the request to a shutdown machine?
David Rees schrieb: On 8/23/07, Rainer Jung [EMAIL PROTECTED] wrote: Guofeng Zhang schrieb: # Define Master worker.master.host=192.168.225.195 worker.master.port=8009 worker.master.type=ajp13 worker.master.lbfactor=1 worker.master.cachesize=10 worker.master.cache_timeout=600 worker.master.socket_timeout=180 worker.master.recycle_timeout=100 worker.master.prepost_timeout=50 worker.master.recovery_options=0 You could lower you prepost_timeout. The Timeouts will help for unplanned downtimes. For planned downtimes you should administratively change the activation attribute of the load balancer members. He's already using a low prepost_timeout of 50ms (IMO is way too low and should be set to 250-500ms). Sorry, I had only little time and directly ran into our old problem, that some timeouts are seconds, and some are milliseconds. Your are right, 50 is way too small, se my new Timeouts docs page :) What he should also set is the connect_timeout setting, again, I would recommend 500ms or higher. Yes, since prepost_timeout is already that small, I would also guess, that the minute he had to wait happened during connection establishment. Unfortunately, the connect_timeout will only help, if the connection can be established fast (the TCP connection), but then one wants to check, if Tomcat can answer fast (or maybe one is connected to something other than Tomcat). So in case the remote host is dead (i.e. it's not only Tomcat not answering or no Tomcat there), we have the problem, that TCP as a reliable problem tries hard to establish a connection with several resends of SYNs in increasing intervals, leading to long waiting times. Once the timeout fires, the load balancer takes the node down, so no more waiting time. Retries will only influence few requests. Additionally, I see some other settings which are incorrect: cachesize is deprecated and should not be set (or left at 1 unless using a threaded Apache MPM which is unlikely unless running on Windows which the OP does not mention). cache_timeout is also deprecated and should not be set. recycle_timeout is also deprecated and should not be set. Mostly I agree, but I would set a timeout for athe connection pool. -Dave Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
Just to nip this one early before the discussion strays too far, curl is NOT a hacking tool. It's just a command line http client useful in all sorts of linux/unix OS scripts. To determine if it's being used to probe your site, you need to pay attention to WHAT is being requested. The brief sample offered by the OP was actually very benign (no weird escape sequences or attempts to access a binary executable). --David Mark Deneen wrote: Once you find them, you might be hard pressed to actually do anything about it beyond getting in touch with their ISP. It might be easier to just block them at the firewall or on the server tomcat runs on with something like iptables. Mark On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: www.who.is Much more info ...tracking the perpetrator down now ... this is fun. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Use JMX to manage applications
What is the preferred API for accessing MBeans from within servlets or JSPs? MBeanServerConnection jmxServerConnection = JMXConnectorFactory.connect(new JMXServiceURL(urlForJMX),null).getMBeanServerConnection(); jmxServerConnection.getAttribute(new ObjectName(Application:Name=Server,Type=Server),myAttribute); OR MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); AttributeList list = server.getAttributes(new ObjectName(Application:Name=Server,Type=Server),myAttribute); They both have roughly the same amount of code and do the same thing, so I'm wondering which is the preferred way. Unfortunately, you can't really abstract away the mechanism of getting the MBeanServer because one uses a MBeanServer while the other way uses the MBeanServerConnection object from which to perform other methods. The only tradeoff I can see is that the first way requires knowing the JMX connection URL which may need to be changed if, for example, the JXM port number is changed. However, the second way may return multiple MBeanServers, right? In the second way, would you ever expect a List with more than one MBeanServer to be returned? If so, how would that happen, and how would your code deal with it? Thanks. lightbulb432 wrote: How, from a web application deployed to Tomcat, can you customize the behavior of your web application based on attributes specified in an MBean? The link http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html talks a lot about Ant tasks, but that's not really what I'm looking to do. How can you get programmatic access to MBeans? And how do you deploy MBeans to Tomcat? I'm pretty confused here...hopefully someone can clarify. Thanks. -- View this message in context: http://www.nabble.com/Use-JMX-to-manage-applications-tf3978363.html#a12297804 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK Loadbalancer not balancing fairly
[EMAIL PROTECTED] schrieb: Ben, So I assume you have two web servers fronting two app servers - or there are two servers both of which have a web server and an app server? For the restart you talk about - did you restart both web servers? Do you have a good load balancer (local director, content director like an F5) in front of the two web servers? If I am reading your JKStatus text correctly I noticed the following: Load balancer value on web server 2 --- = ~0.56 Load balancer value on web server 1 but Number requests on web server 2 --- = ~0.91 Number requests on web server 1 Now, if I am interpreting the meaning of load balancer value and number of reuqests correctly, that would imply that the number of sessions stuck to each app server from web server 1 is very roughly twice as high as from 2, but the total number of requests sent to each app server from both web servers is very roughly the same. (Can someone confirm I'm intrepreting those #s correctly?) The number of requests is the total since last jk/apache restart. So if the last restart was shortly before, the numbers will not help. If they were not reset after the tests, we would know, that Apache 1 had a little more requests than apache 2, but both of them send exacty the same number of requests to the two tomcat nodes (delta=1 request). The V column is the balancing value used to decide, where the next request goes to. It is the number of requests sent to the tomcat divided by two once a minute, so it is multiplied by a decay curve. The big difference between the V values of apache 1 and apache 2 does not matter. It could simply mean, that the one with the bigger V value did it's division more recent in time. The V values for the two tomcats are again very similar on the same Apache, another indication of good balancing. All his is true for the default balancing method Requests. I would suggest first to follow CPU by Tomcat process over the test period (not per system and not simply as one number, instead as a graph over time). According to the docs, each connect by default trys to keep the number of requests sent to each worker the same, which looks to be happening reasonably well. (I'm playing with trying the keep the number of sessions balanced since our apps tend to be more of a memory issue than a cpu issue. There is a setting on the connector for this.) With a some info on your setup we can try to figure out the load imbalance. As a note, I am playing with the jk1.2.x connector, but our productio systems use the old jk2.x connector. With that, I've seen a load imbalance on the app servers when one of the app serves has gone down for a while, and then has come back up. If the connectors are not reset, they will try to catch up the restarted app server in terms of the number of requests it has handled, thus loading it more heavily than servers that have been up the whole time. The catchup problem should be fixed. A recovered or reactivated worker gets the biggest work done value of all other workers, so it should start normal or even a little less loaded. Brian Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Use JMX to manage applications
On 8/23/07, lightbulb432 [EMAIL PROTECTED] wrote: What is the preferred API for accessing MBeans from within servlets or JSPs? MBeanServerConnection jmxServerConnection = JMXConnectorFactory.connect (new JMXServiceURL(urlForJMX),null).getMBeanServerConnection(); jmxServerConnection.getAttribute(new ObjectName(Application:Name=Server,Type=Server),myAttribute); This code can connect to an MBeanServer which need not be in the same JVM as your Servlet and you may need to provide authorization credentials to get connected. OR MBeanServer server = (MBeanServer) MBeanServerFactory.findMBeanServer(null).get(0); AttributeList list = server.getAttributes(new ObjectName(Application:Name=Server,Type=Server),myAttribute); This code looks up MBeanServers in the same JVM as your Servlet. They both have roughly the same amount of code and do the same thing, so I'm wondering which is the preferred way. Unfortunately, you can't really abstract away the mechanism of getting the MBeanServer because one uses a MBeanServer while the other way uses the MBeanServerConnection object from which to perform other methods. The only tradeoff I can see is that the first way requires knowing the JMX connection URL which may need to be changed if, for example, the JXM port number is changed. However, the second way may return multiple MBeanServers, right? In the second way, would you ever expect a List with more than one MBeanServer to be returned? If so, how would that happen, and how would your code deal with it? Thanks. lightbulb432 wrote: How, from a web application deployed to Tomcat, can you customize the behavior of your web application based on attributes specified in an MBean? The link http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html talks a lot about Ant tasks, but that's not really what I'm looking to do. How can you get programmatic access to MBeans? And how do you deploy MBeans to Tomcat? I'm pretty confused here...hopefully someone can clarify. Thanks. -- View this message in context: http://www.nabble.com/Use-JMX-to-manage-applications-tf3978363.html#a12297804 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A Global Error Page (JSP or JSF)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gregor, [EMAIL PROTECTED] wrote: however, sometimes for errors (like trying to access a null object) the page is not invoked but there's a stack trace in the logs. Is it possible that the exception is being caught and logged before it can fall all the way through to Tomcat's error handler? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzcRy9CaO5/Lv0PARAi4xAJ0RVgMkcrD9sUeBsYWVjZaWda9SOACfaDf/ Rena9GlPkNaOC1HHgYzTipo= =+oMm -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR
Sorry to reply to my own post, but I have sort of figured it out. There were about 2000 classes in /WEB-INF/classes, only one servlet though. Instead of making the war from here, we only have the servlet class in WEB-INF/classes and jar up the rest of the packages and place that jar into WEB-INF/lib. Not ideal, but I guess it will have to do, but I don't see why it would matter how many classes are in WEB-INF/classes. Start up time is now around 5s instead of 80s. -Original Message- From: Dan Beaulieu [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 10:32 AM To: 'Tomcat Users List' Subject: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR Hello, we are having problems with slow server startup with Tomcat6. It is a basic webapp and the server starts up fairly quickly when WEB-INF exists, but if we are trying to deploy from a WAR, it takes 10 times as long. I've downloaded the tomcat source to try to dig in and see what is going on, but thought I'd try here first. We are getting different behavior on 3 different systems. On one windows xp machine, it takes about 7-8 seconds to complete the server startup, on another about 15s, and on the windows 2000 machine it takes over a minute. I only mention the OS because that is the only difference software wise. This is all using the same WAR, built and packed on one machine. I've tried APR and it is actually slower starting up. Here is a sample out of the Catalina log: Aug 23, 2007 10:13:42 AM org.apache.catalina.core.AprLifecycleListener init INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: {Path removed for brevity} Aug 23, 2007 10:13:42 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Aug 23, 2007 10:13:42 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 953 ms Aug 23, 2007 10:13:42 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Aug 23, 2007 10:13:42 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.13 Aug 23, 2007 10:15:00 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Aug 23, 2007 10:15:00 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Aug 23, 2007 10:15:00 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/63 config=null Aug 23, 2007 10:15:00 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 78567 ms - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR
if you have reloadable=true (and maybe even if it is not set, not sure) Tomcat adds files to a list for monitoring the timestamp of them changing. Hence many classes will add to more stuff to add to the list and monitor but that doesn't seem like it should take 80sec anyway Filip Dan Beaulieu wrote: Sorry to reply to my own post, but I have sort of figured it out. There were about 2000 classes in /WEB-INF/classes, only one servlet though. Instead of making the war from here, we only have the servlet class in WEB-INF/classes and jar up the rest of the packages and place that jar into WEB-INF/lib. Not ideal, but I guess it will have to do, but I don't see why it would matter how many classes are in WEB-INF/classes. Start up time is now around 5s instead of 80s. -Original Message- From: Dan Beaulieu [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 10:32 AM To: 'Tomcat Users List' Subject: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR Hello, we are having problems with slow server startup with Tomcat6. It is a basic webapp and the server starts up fairly quickly when WEB-INF exists, but if we are trying to deploy from a WAR, it takes 10 times as long. I've downloaded the tomcat source to try to dig in and see what is going on, but thought I'd try here first. We are getting different behavior on 3 different systems. On one windows xp machine, it takes about 7-8 seconds to complete the server startup, on another about 15s, and on the windows 2000 machine it takes over a minute. I only mention the OS because that is the only difference software wise. This is all using the same WAR, built and packed on one machine. I've tried APR and it is actually slower starting up. Here is a sample out of the Catalina log: Aug 23, 2007 10:13:42 AM org.apache.catalina.core.AprLifecycleListener init INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: {Path removed for brevity} Aug 23, 2007 10:13:42 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Aug 23, 2007 10:13:42 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 953 ms Aug 23, 2007 10:13:42 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Aug 23, 2007 10:13:42 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.13 Aug 23, 2007 10:15:00 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Aug 23, 2007 10:15:00 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Aug 23, 2007 10:15:00 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/63 config=null Aug 23, 2007 10:15:00 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 78567 ms - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
On 8/23/07, David Smith [EMAIL PROTECTED] wrote: Just to nip this one early before the discussion strays too far, curl is NOT a hacking tool. It's just a command line http client useful in all sorts of linux/unix OS scripts. Yep, I understand what curl is now ... spent some time on the relevant website reading up about it. I never actually suggested it was a hacking tool, I was unsure what it was and was asking for relevant exp' from the uses of this list, and as is often the case users@tomcat.apache.org delivered the goods. To determine if it's being used to probe your site, you need to pay attention to WHAT is being requested. The brief sample offered by the OP was actually very benign (no weird escape sequences or attempts to access a binary executable). Although ... depending on what you consider hacking it certainly seems like it could easily be used to run a crude DOS attack (for example) simply by writing a shell script with a loop in it, like many other otherwise benign applications out there I'm sure. Anyway, what this has taught me is to pay much more attention to the logs over and above checking out the webalizer pages once a day and to understand what is being requested as well as by what (and by whom)... oh yes, and to dredge up what I used to know about iptables (or was that ipchains) as well, good tip. So, a success than, and none of this is EVER a waste of time IMHO. Many thanks Duncan --David Mark Deneen wrote: Once you find them, you might be hard pressed to actually do anything about it beyond getting in touch with their ISP. It might be easier to just block them at the firewall or on the server tomcat runs on with something like iptables. Mark On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: www.who.is Much more info ...tracking the perpetrator down now ... this is fun. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR
Is it unpacking the war during startup? Unzipping 2000 files takes a while (even if they're small). -- Len On 8/23/07, Dan Beaulieu [EMAIL PROTECTED] wrote: Sorry to reply to my own post, but I have sort of figured it out. There were about 2000 classes in /WEB-INF/classes, only one servlet though. Instead of making the war from here, we only have the servlet class in WEB-INF/classes and jar up the rest of the packages and place that jar into WEB-INF/lib. Not ideal, but I guess it will have to do, but I don't see why it would matter how many classes are in WEB-INF/classes. Start up time is now around 5s instead of 80s. -Original Message- From: Dan Beaulieu [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 10:32 AM To: 'Tomcat Users List' Subject: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR Hello, we are having problems with slow server startup with Tomcat6. It is a basic webapp and the server starts up fairly quickly when WEB-INF exists, but if we are trying to deploy from a WAR, it takes 10 times as long. I've downloaded the tomcat source to try to dig in and see what is going on, but thought I'd try here first. We are getting different behavior on 3 different systems. On one windows xp machine, it takes about 7-8 seconds to complete the server startup, on another about 15s, and on the windows 2000 machine it takes over a minute. I only mention the OS because that is the only difference software wise. This is all using the same WAR, built and packed on one machine. I've tried APR and it is actually slower starting up. Here is a sample out of the Catalina log: Aug 23, 2007 10:13:42 AM org.apache.catalina.core.AprLifecycleListener init INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: {Path removed for brevity} Aug 23, 2007 10:13:42 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Aug 23, 2007 10:13:42 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 953 ms Aug 23, 2007 10:13:42 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Aug 23, 2007 10:13:42 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.13 Aug 23, 2007 10:15:00 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Aug 23, 2007 10:15:00 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Aug 23, 2007 10:15:00 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/63 config=null Aug 23, 2007 10:15:00 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 78567 ms - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
Sorry, I wasn't after you. I was just trying to catch a discussion that could easily lose sight of the original question. For the benefit of people on the list, curl can be use for good purposes like downloading packages, a test of server status (e.g. in heart beat script activating a backup when the primary dies), or to automatically backup a website if you have a CMS package with a backup tool. Magnolia CMS falls into that last category and I've used curl with a cron job to backup the site nightly. --David Lyallex wrote: On 8/23/07, David Smith [EMAIL PROTECTED] wrote: Just to nip this one early before the discussion strays too far, curl is NOT a hacking tool. It's just a command line http client useful in all sorts of linux/unix OS scripts. Yep, I understand what curl is now ... spent some time on the relevant website reading up about it. I never actually suggested it was a hacking tool, I was unsure what it was and was asking for relevant exp' from the uses of this list, and as is often the case users@tomcat.apache.org delivered the goods. To determine if it's being used to probe your site, you need to pay attention to WHAT is being requested. The brief sample offered by the OP was actually very benign (no weird escape sequences or attempts to access a binary executable). Although ... depending on what you consider hacking it certainly seems like it could easily be used to run a crude DOS attack (for example) simply by writing a shell script with a loop in it, like many other otherwise benign applications out there I'm sure. Anyway, what this has taught me is to pay much more attention to the logs over and above checking out the webalizer pages once a day and to understand what is being requested as well as by what (and by whom)... oh yes, and to dredge up what I used to know about iptables (or was that ipchains) as well, good tip. So, a success than, and none of this is EVER a waste of time IMHO. Many thanks Duncan --David Mark Deneen wrote: Once you find them, you might be hard pressed to actually do anything about it beyond getting in touch with their ISP. It might be easier to just block them at the firewall or on the server tomcat runs on with something like iptables. Mark On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: www.who.is Much more info ...tracking the perpetrator down now ... this is fun. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: why does mod_jk still try to send the request to a shutdown machine?
He's already using a low prepost_timeout of 50ms (IMO is way too low and should be set to 250-500ms). Sorry, I had only little time and directly ran into our old problem, that some timeouts are seconds, and some are milliseconds. Your are right, 50 is way too small, se my new Timeouts docs page :) Looks good. :-) What he should also set is the connect_timeout setting, again, I would recommend 500ms or higher. Yes, since prepost_timeout is already that small, I would also guess, that the minute he had to wait happened during connection establishment. Unfortunately, the connect_timeout will only help, if the connection can be established fast (the TCP connection), but then one wants to check, if Tomcat can answer fast (or maybe one is connected to something other than Tomcat). So in case the remote host is dead (i.e. it's not only Tomcat not answering or no Tomcat there), we have the problem, that TCP as a reliable problem tries hard to establish a connection with several resends of SYNs in increasing intervals, leading to long waiting times. So with connect_timeout set to 500, mod_jk won't give up on the connection attempt after 500 ms have elapsed? Mostly I agree, but I would set a timeout for athe connection pool. Perhaps the default configuration and docs could be updated to reflect that instead of setting to zero? I normally use these settings on my servers: socket_keepalive=1 socket_timeout=300 connection_pool_timeout=300 connect_timeout=500 prepost_timeout=500 I also normally set the worker maintain and lb worker recover_time to something lower than the default as well so that mod_jk picks up recovering workers more quickly. It would be nice if worker maintenance could be done by a process other than the processes/threads which also process requests! -Dave - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
On 8/23/07, Lyallex [EMAIL PROTECTED] wrote: Although ... depending on what you consider hacking it certainly seems like it could easily be used to run a crude DOS attack (for example) simply by writing a shell script with a loop in it, like many other otherwise benign applications out there I'm sure. You can use telnet to run a crude DoS attack, too. Or any other tool which can open a TCP connection. curl would not be my first choice to perform a DoS attack if I were so inclined. -Dave - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK Loadbalancer not balancing fairly
Rainer, Thanks very much for the clarification! Since I have playing with the load balancing strategy set to session (worker.router.method=S on my load balancer), is there a way to tell roughly how many sessions have been pinned to each worker/tomcat? In this case would the load balancer value be (something like) the number of new sessions sent to a particular worker divided by two some number of times? If this were true you still would not know the number of sessions pinned to a worked because of the factors of two having been divided out. I just got a HTTP JMX adapter wired up in Tomcat so I'll see if I can get session info that way... Thanks again, Brian ---Original Message- --From: Rainer Jung [mailto:[EMAIL PROTECTED] --Sent: Thursday, August 23, 2007 11:22 AM --To: Tomcat Users List --Subject: Re: JK Loadbalancer not balancing fairly -- --[EMAIL PROTECTED] schrieb: -- Ben, -- -- So I assume you have two web servers fronting two app servers - or -- there are two servers both of which have a web server and an app -- server? For the restart you talk about - did you restart both web -- servers? Do you have a good load balancer (local director, content -- director like an F5) in front of the two web servers? -- -- If I am reading your JKStatus text correctly I noticed the --following: -- -- Load balancer value on web server 2 -- --- = ~0.56 Load balancer --value on web -- server 1 -- -- but -- -- Number requests on web server 2 -- --- = ~0.91 Number requests on web -- server 1 -- -- -- Now, if I am interpreting the meaning of load balancer value and -- number of reuqests correctly, that would imply that the --number of -- sessions stuck to each app server from web server 1 is --very roughly -- twice as high as from 2, but the total number of requests --sent to each -- app server from both web servers is very roughly the same. (Can -- someone confirm I'm intrepreting those #s correctly?) -- --The number of requests is the total since last jk/apache --restart. So if the last restart was shortly before, the --numbers will not help. If they were not reset after the --tests, we would know, that Apache 1 had a little more --requests than apache 2, but both of them send exacty the --same number of requests to the two tomcat nodes (delta=1 request). -- --The V column is the balancing value used to decide, where --the next request goes to. It is the number of requests sent --to the tomcat divided by two once a minute, so it is --multiplied by a decay curve. The big difference between the --V values of apache 1 and apache 2 does not matter. It could --simply mean, that the one with the bigger V value did it's --division more recent in time. The V values for the two --tomcats are again very similar on the same Apache, another --indication of good balancing. -- --All his is true for the default balancing method Requests. -- --I would suggest first to follow CPU by Tomcat process over --the test period (not per system and not simply as one --number, instead as a graph over time). -- -- According to the docs, each connect by default trys to --keep the number -- of requests sent to each worker the same, which looks to --be happening -- reasonably well. (I'm playing with trying the keep the number of -- sessions balanced since our apps tend to be more of a memory issue -- than a cpu issue. There is a setting on the connector for this.) -- -- With a some info on your setup we can try to figure out the load -- imbalance. -- -- As a note, I am playing with the jk1.2.x connector, but --our productio -- systems use the old jk2.x connector. With that, I've seen a load -- imbalance on the app servers when one of the app serves --has gone down -- for a while, and then has come back up. If the connectors are not -- reset, they will try to catch up the restarted app --server in terms -- of the number of requests it has handled, thus loading it --more heavily -- than servers that have been up the whole time. -- --The catchup problem should be fixed. A recovered or --reactivated worker gets the biggest work done value of all --other workers, so it should start normal or even a little --less loaded. -- -- -- Brian -- --Regards, -- --Rainer -- --- --To start a new topic, e-mail: users@tomcat.apache.org To --unsubscribe, e-mail: [EMAIL PROTECTED] --For additional commands, e-mail: [EMAIL PROTECTED] -- -- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to get port of a running Tomcat instance
Can someone provide a java code snippet showing how to get the port that Tomcat is listening on? Is there a way to access the settings in the server.xml file from within a running instance of Tomcat? I'm running a Struts-based app on Tomcat 5.5 (multiple Tomcat instances actually) and need to know which port a request just came in on. Ideally, I would like to set an application scope variable at startup, in a plugin class. The plugin class has access to ServletContext and a ModuleConfig object, but I was not able to find a way to get the port through those objects. Maybe I'm missing it. I looked through ServletContext object and could not find it. Could not find access to Catalina's HttpConnector class anywhere. Thanks, Brian Barnett - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to get port of a running Tomcat instance
I do not know if this info is helpful... ServletRequest has getServerPort() and getServerName() methods that should give the port and server through which the request came. Vamsi On 8/24/07, Brian Barnett [EMAIL PROTECTED] wrote: Can someone provide a java code snippet showing how to get the port that Tomcat is listening on? Is there a way to access the settings in the server.xml file from within a running instance of Tomcat? I'm running a Struts-based app on Tomcat 5.5 (multiple Tomcat instances actually) and need to know which port a request just came in on. Ideally, I would like to set an application scope variable at startup, in a plugin class. The plugin class has access to ServletContext and a ModuleConfig object, but I was not able to find a way to get the port through those objects. Maybe I'm missing it. I looked through ServletContext object and could not find it. Could not find access to Catalina's HttpConnector class anywhere. Thanks, Brian Barnett - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Duncan, Not to belabor this thread too much, but... Lyallex wrote: I never actually suggested [curl] was a hacking tool See the subject line. Although ... depending on what you consider hacking it certainly seems like it could easily be used to run a crude DOS attack (for example) simply by writing a shell script with a loop in it, like many other otherwise benign applications out there I'm sure. ...such as lynx, wget, telnet, etc. Of course, telnet doesn't report itself using a user-agent header unless you want it to. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGzefG9CaO5/Lv0PARAsn6AJ9RcuKjbeC2ccXOe1+3NmIWGmp00QCgv4RR XnD4UQopQJ1d+PnCJWD0K5I= =MxqR -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to get port of a running Tomcat instance
http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/ServletRequest.html#getLocalPort() You can only get the port from a request. This is because a sepecific webapp can be served from serveral hostname and from several port, all sharing same instance of servlet. (basic example is tomcat with virtual hosting activated and listening on both plain 8080 port and SSL port) Brian Barnett a écrit : Can someone provide a java code snippet showing how to get the port that Tomcat is listening on? Is there a way to access the settings in the server.xml file from within a running instance of Tomcat? I'm running a Struts-based app on Tomcat 5.5 (multiple Tomcat instances actually) and need to know which port a request just came in on. Ideally, I would like to set an application scope variable at startup, in a plugin class. The plugin class has access to ServletContext and a ModuleConfig object, but I was not able to find a way to get the port through those objects. Maybe I'm missing it. I looked through ServletContext object and could not find it. Could not find access to Catalina's HttpConnector class anywhere. Thanks, Brian Barnett - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to get port of a running Tomcat instance
Yes of course, that makes sense. I will use Vamsi's suggestion with ServletRequest.getServerPort(). Thank you. -Original Message- From: David Delbecq [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 2:03 PM To: Tomcat Users List Subject: Re: How to get port of a running Tomcat instance http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/ServletRequest.html#getL ocalPort() You can only get the port from a request. This is because a sepecific webapp can be served from serveral hostname and from several port, all sharing same instance of servlet. (basic example is tomcat with virtual hosting activated and listening on both plain 8080 port and SSL port) Brian Barnett a écrit : Can someone provide a java code snippet showing how to get the port that Tomcat is listening on? Is there a way to access the settings in the server.xml file from within a running instance of Tomcat? I'm running a Struts-based app on Tomcat 5.5 (multiple Tomcat instances actually) and need to know which port a request just came in on. Ideally, I would like to set an application scope variable at startup, in a plugin class. The plugin class has access to ServletContext and a ModuleConfig object, but I was not able to find a way to get the port through those objects. Maybe I'm missing it. I looked through ServletContext object and could not find it. Could not find access to Catalina's HttpConnector class anywhere. Thanks, Brian Barnett - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Use JMX to manage applications
The following link describes using JMX with Tomcat. Step #4 talks about the mbeans-descriptors.xml file, but it seems to make no difference when using it. If I don't include elements in that file that I do in MBean interface, it still works in JConsole properly - and the descriptions entered don't seem to show up in JConsole either. http://oss.wxnet.org/mbeans.html Also, things like the writeable property and the type property that are specified in this file could easily be determined from the MBean interface, from return types, whether a getter has a corresponding setter, etc. Then what is the use of this file if updating it to keep in sync with the MBean interface makes no difference? Is it necessary to begin with? Thanks. lightbulb432 wrote: How, from a web application deployed to Tomcat, can you customize the behavior of your web application based on attributes specified in an MBean? The link http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html talks a lot about Ant tasks, but that's not really what I'm looking to do. How can you get programmatic access to MBeans? And how do you deploy MBeans to Tomcat? I'm pretty confused here...hopefully someone can clarify. Thanks. -- View this message in context: http://www.nabble.com/Use-JMX-to-manage-applications-tf3978363.html#a12301485 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR
Reloadable is true, and unpack is false. If we tell it to unpack it'll take a long time to start up, but then subsequent start ups with out deleting the webapp dir are fast. Agreed, reloadable shouldn't have that much of an impact. -Original Message- From: Len Popp [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 2:43 PM To: Tomcat Users List Subject: Re: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR Is it unpacking the war during startup? Unzipping 2000 files takes a while (even if they're small). -- Len On 8/23/07, Dan Beaulieu [EMAIL PROTECTED] wrote: Sorry to reply to my own post, but I have sort of figured it out. There were about 2000 classes in /WEB-INF/classes, only one servlet though. Instead of making the war from here, we only have the servlet class in WEB-INF/classes and jar up the rest of the packages and place that jar into WEB-INF/lib. Not ideal, but I guess it will have to do, but I don't see why it would matter how many classes are in WEB-INF/classes. Start up time is now around 5s instead of 80s. -Original Message- From: Dan Beaulieu [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 10:32 AM To: 'Tomcat Users List' Subject: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR Hello, we are having problems with slow server startup with Tomcat6. It is a basic webapp and the server starts up fairly quickly when WEB-INF exists, but if we are trying to deploy from a WAR, it takes 10 times as long. I've downloaded the tomcat source to try to dig in and see what is going on, but thought I'd try here first. We are getting different behavior on 3 different systems. On one windows xp machine, it takes about 7-8 seconds to complete the server startup, on another about 15s, and on the windows 2000 machine it takes over a minute. I only mention the OS because that is the only difference software wise. This is all using the same WAR, built and packed on one machine. I've tried APR and it is actually slower starting up. Here is a sample out of the Catalina log: Aug 23, 2007 10:13:42 AM org.apache.catalina.core.AprLifecycleListener init INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: {Path removed for brevity} Aug 23, 2007 10:13:42 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Aug 23, 2007 10:13:42 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 953 ms Aug 23, 2007 10:13:42 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Aug 23, 2007 10:13:42 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.13 Aug 23, 2007 10:15:00 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Aug 23, 2007 10:15:00 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Aug 23, 2007 10:15:00 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/63 config=null Aug 23, 2007 10:15:00 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 78567 ms - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Force auth contraint on SSL connector
Christopher Schultz a écrit : -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, From outside however, we want to force authentification on all the webapp. So we would like to have a security-constraint on / that applies *only* when webapp is reached using SSL connector. You might be able to avoid the entire problem by using a VPN. Is that an acceptable change in strategy? H no :) VPN means installing and maintaing a vpn server + installing vpn on clients at their home. This is a bit annoying when what you want is make available to users general documents they might need when not at office. And i know the answer would be like No need, there is already the absolutely unfriendly ssh connection + port forwarding + point your browser to 127.0.0.1 What about client certificates? I think you're going to seriously complicate your application to add this requirement. Cleint certificates means managing those certificate, that is something to avoid considering its along the lines of maintaining a set of authentification token seperated from the general authentification database already in use by other non-java applications Thanks for suggestions but it's not applicable easily in our environment. - -chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR
even then, you should set reloadable=false the flag name is misleading, all apps are reloadable, regardless of what that setting is (basically autoDeploy=true - webapps are reloadable) read up on the reloadable flag, you'll see that it actually would add all 2000 files to be monitored by tomcat, and could have noticeable impact Filip Dan Beaulieu wrote: Reloadable is true, and unpack is false. If we tell it to unpack it'll take a long time to start up, but then subsequent start ups with out deleting the webapp dir are fast. Agreed, reloadable shouldn't have that much of an impact. -Original Message- From: Len Popp [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 2:43 PM To: Tomcat Users List Subject: Re: Tomcat6, apache2, mod_jk, non-APR, windows 2000, slow server startup with unpacked WAR Is it unpacking the war during startup? Unzipping 2000 files takes a while (even if they're small). - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Siteminder based Security
This is probably a far fetched request but does anyone know a good way of nulling the Siteminder header when a user logs out so that they'll be challenged by Siteminder again when they hit a protected URL? I am invalidating the user session and in HTTP watch I can see that the SM session is gone but yet Siteminder doesn't throw a challenge. thanks for any insight. Sent from Techienuggets Netbeans IDE Forum: http://www.techienuggets.com/Detail?tx=11164 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Graceful webapp reloading
Jérôme Etévé wrote: Is there a way to setup tomcat to do a nice graceful reload where all the current requests are allowed to finish and the new one putted into a queue until the application is fully loaded and ready to serve them ? Multiple Tomcat instances and httpd as a load balancer. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Need a way to identify tomcat instances at run-time
I have a struts-based application running on multiple tomcat instances, load balanced by a hardware load balancer, i.e., no Apache Web Server. I need a way at run-time to know which tomcat instance it is. Is there a way to access info in the server.xml or context.xml file at run-time? Can I specify some arbitrary value in either of those xml files that would be available at run-time? Is there some other way to identify the tomcat instance at run-time? Is there a way to access CATALINA_HOME or CATALINA_BASE at run-time? Any ideas would be appreciated. Thanks, Brian Barnett - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Mapped File Access Problems in Servlets
I have a servlet that does a direct read from a mapped drive in Windows. It works fine in tomcat as long as I use a drive on the local machine. However, I need to access a mapped drive on a different machine. When I run the program, I get a FileNotFound error in JAVA and (access denied) next to it. Is there some permissions that need to be set so my servlet can access a file on another machine. And how do I set this in Tomcat/JAVA. Thanks, Dan Gross ATLC - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.net.SocketException: Invalid argument
What's your server OS? In Response To: I am running Tomcat 5.0.28 and Apache 2.2 using mod_jk. I am constantly seeing the following error show up in the catalina.log: WARNING: Exception executing accept java.net.SocketException: Invalid argument at java.net.PlainSocketImpl.socketSetOption(Native Method) at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:240) at java.net.Socket.setSoLinger(Socket.java:826) at org.apache.jk.common.ChannelSocket.accept(ChannelSocket.java:300) at org.apache.jk.common.ChannelSocket.acceptConnections(ChannelSocket.java:638) at org.apache.jk.common.SocketAcceptor.runIt(ChannelSocket.java:847) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Thread.java:534) Is this something that I should be concerned with? I don't see any glaring performance issues with my site, but I still don't like the fact that my logs are filling up with errors. Thanks for your help and input. Aaron Steele Technology Manager Natural Wellness USA, Inc. http://www.veria.com 701 Highlander Blvd, Suite 200 | Arlington, Texas 76015 p (817) 804-4646 | c (817) 879-7528 | f (817) 804-4696 - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Sent from Techienuggets Netbeans IDE Forum: http://www.techienuggets.com/Detail?tx=11168 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.net.SocketException: Invalid argument
Sun v245 running Solaris 10 Aaron Steele Technology Lead Natural Wellness USA, Inc. http://www.veria.com 701 Highlander Blvd, Suite 200 | Arlington, Texas 76015 p (817) 804-4646 | c (817) 879-7528 | f (817) 804-4696 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 9:51 PM To: users@tomcat.apache.org Subject: Re: java.net.SocketException: Invalid argument Importance: High What's your server OS? In Response To: I am running Tomcat 5.0.28 and Apache 2.2 using mod_jk. I am constantly seeing the following error show up in the catalina.log: WARNING: Exception executing accept java.net.SocketException: Invalid argument at java.net.PlainSocketImpl.socketSetOption(Native Method) at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:240) at java.net.Socket.setSoLinger(Socket.java:826) at org.apache.jk.common.ChannelSocket.accept(ChannelSocket.java:300) at org.apache.jk.common.ChannelSocket.acceptConnections(ChannelSocket.java:638) at org.apache.jk.common.SocketAcceptor.runIt(ChannelSocket.java:847) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:683) at java.lang.Thread.run(Thread.java:534) Is this something that I should be concerned with? I don't see any glaring performance issues with my site, but I still don't like the fact that my logs are filling up with errors. Thanks for your help and input. Aaron Steele Technology Manager Natural Wellness USA, Inc. http://www.veria.com 701 Highlander Blvd, Suite 200 | Arlington, Texas 76015 p (817) 804-4646 | c (817) 879-7528 | f (817) 804-4696 - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Sent from Techienuggets Netbeans IDE Forum: http://www.techienuggets.com/Detail?tx=11168 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.net.SocketException: Invalid argument
By looking at the stack trace it looks like setsockopt() is trying to set an option on the underlying socket that's not supported by your TCP/IP implementation. It probably is some performance related option that's being ignored. You could turn up the logging level by setting JkLogLevel debug. You could also run truss against the jvm process to see what the socket option is. In Response To: Sun v245 running Solaris 10 Aaron Steele Technology Lead  Natural Wellness USA, Inc. http://www.veria.com 701 Highlander Blvd, Suite 200 | Arlington, Texas 76015 p (817) 804-4646 | c (817) 879-7528 | f (817) 804-4696 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, August 23, 2007 9:51 PM To: [EMAIL PROTECTED] Subject: Re: java.net.SocketException: Invalid argument Importance: High What's your server OS? In Response To: I am running Tomcat 5.0.28 and Apache 2.2 using mod_jk. I am constantly seeing the following error show up in the catalina.log: WARNING: Exception executing accept java.net.SocketException: Invalid argument at java.net.PlainSocketImpl.socketSetOption(Native Method) at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:240) at java.net.Socket.setSoLinger(Socket.java:826) at org.apache.jk.common.ChannelSocket.accept(ChannelSocket.java:300) at org.apache.jk.common.ChannelSocket.acceptConnections(ChannelSocket.java:638) at org.apache.jk.common.SocketAcceptor.runIt(ChannelSocket.java:847) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:683) at java.lang.Thread.run(Thread.java:534) Is this something that I should be concerned with? I don't see any glaring performance issues with my site, but I still don't like the fact that my logs are filling up with errors. Thanks for your help and input. Aaron Steele Technology Manager Natural Wellness USA, Inc. http://www.veria.com 701 Highlander Blvd, Suite 200 | Arlington, Texas 76015 p (817) 804-4646 | c (817) 879-7528 | f (817) 804-4696 - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Sent from Techienuggets Netbeans IDE Forum: http://www.techienuggets.com/Detail?tx=11168 - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Sent from Techienuggets Netbeans IDE Forum: http://www.techienuggets.com/Detail?tx=11168 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Mapped File Access Problems in Servlets
Daniel L. Gross wrote: I have a servlet that does a direct read from a mapped drive in Windows. It works fine in tomcat as long as I use a drive on the local machine. However, I need to access a mapped drive on a different machine. When I run the program, I get a FileNotFound error in JAVA and (access denied) next to it. Is there some permissions that need to be set so my servlet can access a file on another machine. And how do I set this in Tomcat/JAVA. Thanks, Dan Gross ATLC This comes down to the Windows user Tomcat is running as. You need to make sure that that user has the necessary access to the network drives. If you are running as a service, the default user for services has zero privs on other machines. Usually what is required is to configure the service to log on as a domain user that has the necessary access. HTH, Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Mapped File Access Problems in Servlets
From: Daniel L. Gross [mailto:[EMAIL PROTECTED] Subject: Mapped File Access Problems in Servlets However, I need to access a mapped drive on a different machine. When I run the program, I get a FileNotFound error in JAVA and (access denied) next to it. Are you running Tomcat as a Windows service? If so, the drive mappings that you've specified for your account are likely not available to the service account. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.net.SocketException: Invalid argument
Looks like the SO_LINGER option isn't being set. I would look into that. In Response To: By looking at the stack trace it looks like setsockopt() is trying to set an option on the underlying socket that's not supported by your TCP/IP implementation. It probably is some performance related option that's being ignored. You could turn up the logging level by setting JkLogLevel debug. You could also run truss against the jvm process to see what the socket option is. Sent from Techienuggets Netbeans IDE Forum: http://www.techienuggets.com/Detail?tx=11168 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK Loadbalancer not balancing fairly
[EMAIL PROTECTED] schrieb: Rainer, Thanks very much for the clarification! Since I have playing with the load balancing strategy set to session (worker.router.method=S on my load balancer), is there a way to tell roughly how many sessions have been pinned to each worker/tomcat? In this case would the load balancer No unfortunatley not. You can log cookies (if used) wuth apache and the name of the target worker in the access log. Maybe easier is to log the session ID in Tomcats access log (I think %S, check the Valves docs) and then count the different IDs (not nice, but will work). value be (something like) the number of new sessions sent to a particular worker divided by two some number of times? If this were true you still would not know the number of sessions pinned to a worked because of the factors of two having been divided out. I just got a HTTP It is true. JMX adapter wired up in Tomcat so I'll see if I can get session info that way... Yes, the manager MBean of the context contains session info. Thanks again, Brian Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]