Re: tomcat connection pooling problem
this class what i was talking about http://download-uk.oracle.com/docs/cd/B10501_01/java.920/a96654/oci_func.htm#1014118 On Mon, Jun 9, 2008 at 8:53 PM, Youssef Mohammed [EMAIL PROTECTED] wrote: for oracle database, you can just use their native driver (oci driver), they have a Pooled DataSource that will manage the pooling natively ... you don't need dbcp then. On Mon, Jun 9, 2008 at 5:26 PM, Htin Kyaw Nyo [EMAIL PROTECTED] wrote: Hi I am using tomcat55 and ojdbc14_g and tomcat connection pooling. I am getting this error when i leave tomcat run for a couple of days. I searched around the internet and people blaming firewall and connection issues by db server. here is a brief error: java.sql.SQLException: Io exception: Connection reset by peer: socket write error at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:158) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:382) at oracle.jdbc.driver.T4CPreparedStatement.execute_for_describe(T4CPreparedStatement.java:521) at oracle.jdbc.driver.OracleStatement.execute_maybe_describe(OracleStatement.java:979) at oracle.jdbc.driver.T4CPreparedStatement.execute_maybe_describe(T4CPreparedStatement.java:552)... ... I am pretty sure it is the connection issue from db server, since it can be resolved by restarting tomcat. but this solution is not acceptable for our production system. Is there anyway that I can systematically resolve the issue (from my source code using try catch) OR tomcat connection pooling configuration? I need to resolve without restarting tomcat. Thanks in advance. Nick -- Regards, Youssef -- Regards, Youssef
Re: Junk Mail problem on intranet application
Ok, I will check the filter what it does Thanks for the comments. On 6/9/08, Len Popp [EMAIL PROTECTED] wrote: Both the Exchange server and the email client (Outlook) can filter messages. You'll have to check the filtering settings on both client server to find out exactly why your emails are marked as spam. -- Len On Mon, Jun 9, 2008 at 08:36, Arun [EMAIL PROTECTED] wrote: Hi, I have struts2/spring/JPA/hibernate HR application. I am sending mails using Spring's helper. My app is sending out an email which contans a url which points to my app http://10.201.0.18:8080/myapp. And which ever mail this contains the url is getting into junk mail folder of outlook. Is there any way I can avoid it.? I am using our local exchange server. -- Thanks Arun George - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks Arun George
Re: webapp not working any more since Tomcat 5.5.26
Sorry about this, I messed subjects up. Abraham Marín Pérez [EMAIL PROTECTED] Responsable de I+D SILVANO CONSULTORES Tfno.: 93.412.79.12 -- Fax: 93.410.92.90 http://www.silvanoc.com/ [EMAIL PROTECTED] 09/06/2008 17:29 Por favor, responda a Tomcat Users List Para: Tomcat Users List users@tomcat.apache.org cc: Asunto: Re: Application versioning Hi all, hi Rainer, Thanks for your quick reply. I checked your suggestion, they are indeed POST requests, but its size never exceeds 0,5KB, far below the 8KB threshold. On the other hand, the request is done over a JSP file, that file compiles properly (also checked); the thing is this jsp uses an xml file to find out some configuration, and the null pointer comes precisely when reading this file (SAXParser complains about a null InputStream). That makes me think the request completely arrives at the server and is correctly processed, the problem comes after on. Any other hint? Regards, Abraham [EMAIL PROTECTED] wrote: Hi all: I've been strugling with this weird problem with no luck, so I finally decided to post it to the list hoping someone has any clue on how to go on. I have a beatiful webapp (well, a webapp) that has been working flawlessly with different Tomcat versions from 5.5.9 to 5.5.25. Exactly the same war file across vesions, no problem. But then Tomcat 5.5.26 was released and my webapp stopped working. Strange, uh? Are the requests which trigger the exception all POST requests? If so, it is maybe https://issues.apache.org/bugzilla/show_bug.cgi?id=44494 which came with 5.5.26 and applies to POST requests biugger than 8KB. Regards, Rainer Abraham Marín Pérez [EMAIL PROTECTED] Responsable de I+D SILVANO CONSULTORES Tfno.: 93.412.79.12 -- Fax: 93.410.92.90 http://www.silvanoc.com/ Abraham Marin 09/06/2008 16:42 Para: Tomcat Users List users@tomcat.apache.org cc: Asunto: Re: Application versioning Hi Denis, I think you just need to properly config your Context node in server.xml. You can specify on one hand the context (that is, the text after localhost/ in the URL) and the location (that is, where your app actually is). Changing location while keeping context will make you serve different versions on same URL (or even different apps, up to you ;-)). HTH, Abraham Abraham Marín Pérez [EMAIL PROTECTED] Responsable de I+D SILVANO CONSULTORES Tfno.: 93.412.79.12 -- Fax: 93.410.92.90 http://www.silvanoc.com/ Denis Cossutta [EMAIL PROTECTED] 09/06/2008 16:04 Por favor, responda a Tomcat Users List Para: users@tomcat.apache.org cc: Asunto: Application versioning I have multiple version of an application and i would like to switch from one to the other in a transparent way. This means that i would like to access it always through the same url ( localhost/myapp ), but pointing to myapp-1.1, or myapp-1.2 etc. etc. Thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Default servlet doesn't encode URI on redirect?
Sorry, not always easy to keep a thread with the huge traffic on this list. Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Benoit, Benoit Maisonny wrote: | Christopher Schultz wrote: | | Benoit, | | Benoit Maisonny wrote: | | I suspect someone forgot to encode the URI in the Location: HTTP header | | on the 302 response, but maybe there is something missing in our | | configuration? | | What is the default character set of the running JVM? | | UTF-8, according to java.nio.charset.Charset.defaultCharset().name(). | The JVM is a 1.6.0_03, BTW. How about checking the value of the system property file.encoding? UTF-8 as well. Benoit - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgR2LoACgkQ9CaO5/Lv0PAqTQCfZSxBip+lUCInkgCdSOnKlx0V w3kAoKEy/5rMxJVe+Y2wUIRa0+Pk3w3e =2jSq -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ArrayIndexOutOfBoundsException at InternalOutputBuffer.write
Am 09.06.2008, 19:15 Uhr, schrieb Mark Thomas [EMAIL PROTECTED]: Jörg Fröber wrote: Hello, using Tomcat 6.0.12 on one jsp page sometimes the following error occurs: java.lang.ArrayIndexOutOfBoundsException: 8192 That looks like a Tomcat bug. Do you see the same problem with the latest 6.0.x source from subversion? Mark I've build tomcat from http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk and there still occurs an error. Here is the stacktrace: java.lang.ArrayIndexOutOfBoundsException: 8192 at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:711) at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:618) at org.apache.coyote.http11.InternalOutputBuffer.sendHeader(InternalOutputBuffer.java:491) at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1600) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:935) at org.apache.coyote.Response.action(Response.java:181) at org.apache.coyote.http11.InternalOutputBuffer.doWrite(InternalOutputBuffer.java:563) at org.apache.coyote.Response.doWrite(Response.java:560) at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:353) at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:325) at org.apache.tomcat.util.buf.IntermediateOutputStream.write(C2BConverter.java:242) at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:202) at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:272) at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:276) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212) at org.apache.tomcat.util.buf.WriteConvertor.flush(C2BConverter.java:191) at org.apache.tomcat.util.buf.C2BConverter.flushBuffer(C2BConverter.java:134) at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:439) at org.apache.catalina.connector.CoyoteWriter.write(CoyoteWriter.java:143) at org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:119) at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:326) at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:342) at org.apache.jsp.M30102_jsp._jspService(M30102_jsp.java:889) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:337) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:266) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at de.indv.logging.DefaultLogFilter.doFilter(DefaultLogFilter.java:98) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:194) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) -- Regards JF - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ArrayIndexOutOfBoundsException at InternalOutputBuffer.write
Jörg Fröber wrote: I've build tomcat from http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk and there still occurs an error. Here is the stacktrace: Can you provide the source of the simplest JSP that causes the error? What we need is a test case we can use to investigate this. The simpler the test case the better. Cheers, Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ArrayIndexOutOfBoundsException at InternalOutputBuffer.write
On Tue, Jun 10, 2008 at 2:54 PM, Mark Thomas [EMAIL PROTECTED] wrote: Can you provide the source of the simplest JSP that causes the error? What we need is a test case we can use to investigate this. The simpler the test case the better. I suppose he should increase the header size, or (better) use a smaller HTTP header since it is pretty large. Rémy - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Moving from a very old Tomcat to a new Tomcat.
On 9 Jun 2008 at 20:10, Bill Davidson wrote: . . . I didn't really do it as a filter though. The login servlet, after verifying the user's login and password, just creates and sets the cookie in the response rather than letting Tomcat create the cookie. I would make sure to do some testing with multiple users using your app at the same time. -Steve O. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
IIS+Tomcat connector 404 issues
Hi, I'm currently attempting to configure IIS+Tomcat via the IIS connector as per instructions at: http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html So far I've been having no luck at all, browsing /examples/jsp/index.html just returns a 404: IIS Log: 3131-08-08 04:43:02 W3SVC824768881 192.168.100.102 GET /examples/jsp/index.html - 80 - 192.168.100.102 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+1.0.3705;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.04506.30;+.NET+CLR+3.0.04506.648) 404 2 1260 However browsing via port 8080 (the port which Tomcat is listening on) takes me to the expected examples page. The Tomcat ISAPI filter is showing status as loaded, and has the green arrow, and the connector log (with debugging on) shows: ISAPI.log: [Sun Apr 04 19:56:10.078 2004] [2596:2996] [debug] jk_isapi_plugin.c (1199): Filter started [Sun Apr 04 19:56:10.078 2004] [2596:2996] [debug] jk_uri_worker_map.c (682): Attempting to map URI '/servername/examples/jsp/index.html' from 1 maps [Sun Apr 04 19:56:10.078 2004] [2596:2996] [debug] jk_uri_worker_map.c (503): Attempting to map context URI '/examples/*=worker1' source 'uriworkermap' [Sun Apr 04 19:56:10.078 2004] [2596:2996] [debug] jk_uri_worker_map.c (503): Attempting to map context URI '/examples/*=worker1' source 'uriworkermap' [Sun Apr 04 19:56:10.078 2004] [2596:2996] [debug] jk_uri_worker_map.c (516): Found a wildchar match '/examples/*=worker1' [Sun Apr 04 19:56:10.078 2004] [2596:2996] [debug] jk_isapi_plugin.c (1277): check if [/examples/jsp/index.html] points to the web-inf directory [Sun Apr 04 19:56:10.078 2004] [2596:2996] [debug] jk_isapi_plugin.c (1294): [/examples/jsp/index.html] is a servlet url - should redirect to worker1 [Sun Apr 04 19:56:10.078 2004] [2596:2996] [debug] jk_isapi_plugin.c (1336): fowarding escaped URI [/examples/jsp/index.html] I've cut and paste the relevant config files: worker.properties: # Define workers using ajp13 worker.list=worker1 # Set properties for worker1 (ajp13) worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.lbfactor=50 worker.worker1.cachesize=10 worker.worker1.cache_timeout=600 worker.worker1.socket_keepalive=1 worker.worker1.recycle_timeout=300 uriworkermap.properties: /examples/*=worker1 I'm a bit mystified as to why the 404! Can anyone shed any light? Thanks, Iain -- legally privileged. It is intended solely for the addressee(s). Access to this Internet e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. All results and data contained in this document are subject to our Standard Terms and Conditions and are valid only when supported by an original document. Our Standard Terms and Conditions can be found on our website at: http://www.ahkgroup.com/terms_conditions.htm - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ArrayIndexOutOfBoundsException at InternalOutputBuffer.write
Am 10.06.2008, 15:13 Uhr, schrieb Rémy Maucherat [EMAIL PROTECTED]: On Tue, Jun 10, 2008 at 2:54 PM, Mark Thomas [EMAIL PROTECTED] wrote: Can you provide the source of the simplest JSP that causes the error? What we need is a test case we can use to investigate this. The simpler the test case the better. I suppose he should increase the header size, or (better) use a smaller HTTP header since it is pretty large. Rémy An explizit call of response.flushBuffer() seems to have solved the problem. -- Regards JF - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can not login to /manager/html
Hi, When accessing /manager/html remotely I am asked for username and password, but then I get a 401 access denied error regardless. However I am able to log in to the manager app locally, e.g. http://localhost/manager/html works. I am running a java based website on the same Tomcat server and it works perfectly, it can be accessed from remote hosts without problems. I have the following set up: Tomcat 5.5 JK 1.2.26 for IIS IIS 6.0 running on Windows 2003 Server my conf/uriworkermap.properties looks like this: /*=wlb /manager/*=wlb The first line is for accessing the (working) java based web site, the second line is for accessing the manager application (which I'm having trouble with). I have searched for solutions for hours without results, so any help would be very much appreciated. Thanks in advance! Regards, Bourne - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jkmanager node limitation
On the same front, say we have 50 nodes and one jkmanager. There would be a management problem to disable/activate nodes. Is there a way to disable/activate nodes passing URL parameters to jkmanager ? Or is the only way to edit the workers.properties file and use the 'activation' keyword. Example to activate node1000 worker.node1000.activation=s and worker.node1000.activation=Active thanks and regards Mohan Mohan2005 wrote: Thank you. Mladen Turk-4 wrote: Mohan2005 wrote: Hello All; Can you please tell me the maximum number of nodes a JkManager can handle without any issues ? Theoretically unlimited, but number of workers is defined by int, thus 2^31 - 1, for 32-bit integer systems. Each node consumes around 1K of data so multiply that by the number of nodes and number of child processes, and you'll get a rough estimate about configuration footprint. JkManager uses table scan for finding nodes (workers), so it's O(n). However this is still much faster then any database like structure, because this data is in shared memory. In general, the size what jkmanager can handle will be the last thing you'll need to worry about. Regards -- ^(TM) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/jkmanager-node-limitation-tp17720375p17757922.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ArrayIndexOutOfBoundsException at InternalOutputBuffer.write
On Tue, Jun 10, 2008 at 4:17 PM, Jörg Fröber [EMAIL PROTECTED] wrote: An explizit call of response.flushBuffer() seems to have solved the problem. So it could indeed be worth it if you provide a test JSP. Rémy - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Access beyond localhost
I appreciate that this question may have been asked before, but I can't track down an easy way to move forward on it, so am turning to the list for help. I downloaded and installed (WinXP) Tomcat 6.0.16 - its working fine and I have created a small application with JSPs and Servlets and client side JavaScript/Ajax. It can only however be accessed via localhost, e.g. http://localhost:8080/MYAPP If I try to access via my IP address, still on my own PC, that is for example http://192.168.1.100:8080/MYAPP I get an error message. Some of the HTML appears to format but the first JSP access causes the problem. Ok, so I believe that the security settings are defaulted this way. Its just not clear to me where to start changing security settings and how many I have to change to allow only other PCs on my LAN (other developers in my group) to access the server. Is it enough to change the Catalina.policy file mentioned in the security documentation ? Any guidance would be gratefully appreciated. Thanks, Charles. --- Dr Charles J Gillan The Queen's University of Belfast Northern Ireland BT3 9DT United Kingdom ---
Re: Can not login to /manager/html
Black Bourne wrote: Hi, When accessing /manager/html remotely I am asked for username and password, but then I get a 401 access denied error regardless. However I am able to log in to the manager app locally, e.g. http://localhost/manager/html works. Is a remote address valve configured to only allow local access? Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Access beyond localhost
Charles J Gillan wrote: If I try to access via my IP address, still on my own PC, that is for example http://192.168.1.100:8080/MYAPP I get an error message. What is the error message? Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jkmanager node limitation
Mohan2005 wrote: On the same front, say we have 50 nodes and one jkmanager. There would be a management problem to disable/activate nodes. Is there a way to disable/activate nodes passing URL parameters to jkmanager ? No, but that's a good idea to put a wildchar processing for worker names (same rules as for JkMount) I would suggest you fill in the bugzilla enhancement request for Native:JK component at: https://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%206 Regards -- ^(TM) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OutOfMemoryError while deploying
could you be running into http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6280693 http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6332094 so an upgrade to the JVM might fix it Filip Reid Swanson wrote: Hi, I have a web app that includes a large amount of data and I am having trouble deploying it. Nearly every time I try it fails with the following error. SEVERE: HTMLManager: FAIL - Deploy Upload Failed, Exception: Error invoking method check javax.management.RuntimeErrorException: Error invoking method check at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:308) at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213) at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784) at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1465) at org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:243) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:613) Caused by: java.lang.OutOfMemoryError at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.init(ZipFile.java:203) at java.util.jar.JarFile.init(JarFile.java:132) at java.util.jar.JarFile.init(JarFile.java:97) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:746) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:515) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1229) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297) ... 21 more I am running Mac OSX 10.4.11 with java version 1.5.0_07 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_07-164) Java HotSpot(TM) Client VM (build 1.5.0_07-87, mixed mode) and tomcat 6.0.16 I've defined JAVA_OPTS to JAVA_OPTS=-Xms512m -Xmx1024m -XX:MaxPermSize=512m -XX:PermSize=256m -XX:+UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled But basically no matter what I set JAVA_OPTS to the deployment will fail and the JVM never seems to use more than about 70MB of memory. Any help would be greatly appreciated. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jkmanager node limitation
Mladen Turk wrote: Mohan2005 wrote: On the same front, say we have 50 nodes and one jkmanager. There would be a management problem to disable/activate nodes. Is there a way to disable/activate nodes passing URL parameters to jkmanager ? No, but that's a good idea to put a wildchar processing for worker names (same rules as for JkMount) I would suggest you fill in the bugzilla enhancement request for Native:JK component at: https://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%206 Yes, please add an issue about status worker and using patterns for worker and sub worker. In the meantime, you can try to automate the activation setting for multiple workers by using a script. The details for the status worker URL arguments can be found on the page http://tomcat.apache.org/connectors-doc/reference/status.html#Request%20Parameters and you can always check, which URLs get used by interactive usage, because we never use POST. Examples: cmd=update mime=txt w=myloadbalancer sw=memberofloadbalancer wa=disabled Mass editing of one attribute for all sub workers (also called edit by aspect) could be done via cmd=update mime=txt w=myloadbalancer att=wa val1=disabled val2=active val3=disabled val4=disabled val5=active Of course this only works as long as the URL doesn't get to long. There's no guarantee about the order of the sub workers though, so you first need to check the order resulting from your config in the GUI of the status worker. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6 clustering problem
worked fine for me, here are my config files and example JSP files http://people.apache.org/~fhanik/replicated-context-example.zip Filip gangadhar p wrote: Hi Guys, The Tomcat 6 documentation (http://tomcat.apache.org/tomcat-6.0-doc/config/cluster.html) says that the Context (ServletContext, right ?) attributes are replicated across cluster members when the below element is added in either tomcat-home\conf\server.xml or tomcat-home\conf\context.xml file. Context className=org.apache.catalina.ha.context.ReplicatedContext/ But actually the ServletContext attributes are not replicated across all other cluster members!!! The added contents in my server.xml is given below: Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster managerClassName=org.apache.catalina.cluster.session.DeltaManager expireSessionsOnShutdown=false useDirtyFlag=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=228.0.0.4 mcastPort=45564 mcastFrequency=500 mcastDropTime=3000/ Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=127.0.0.1 tcpListenPort=4001 tcpSelectorTimeout=100 tcpThreadCount=6/ Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled/ Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;/ ClusterListener className=org.apache.catalina.cluster.session.ClusterSessionListener/ /Cluster Context path= docBase=G:\RealNetworks\apache-tomcat-6.0.16\webapps\ROOT crossContext=true debug=0 reloadable=true privileged=true/ And the added contents in config.xml file is given below: Context className=org.apache.catalina.ha.context.ReplicatedContext Any modifications required? Any suggestions would be highly appreciated. Thanks in advance. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getRealPath() returning temp space path
In my application, I am trying to upload files to be stored in the directory [application root]/files. To get the path to write files to, I am using: request.getSession().getServletContext().getRealPath(/files); However, this is returning the directory: apache-tomcat-6.0.16/temp/#-Application/files where # is a number 0-9. I thought it was supposed to return the path apache-tomcat-6.0.16/webapps/Application/files Am I gong about getting the path incorrectly, or do I need to change a configuration somewhere in Tomcat? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OutOfMemoryError while deploying
It's possible. Unfortunately it's not really practical to upgrade the JVM on the machine. As a work around I've found I can manually unzip the war and set the directory and context path in the html manager. On Tue 06/10/08 9:43 AM , Filip Hanik - Dev Lists [EMAIL PROTECTED] sent: could you be running into http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6280693 http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6332094 so an upgrade to the JVM might fix it Filip Reid Swanson wrote: Hi, I have a web app that includes a large amount of data and I am having trouble deploying it. Nearly every time I try it fails with the following error. SEVERE: HTMLManager: FAIL - Deploy Upload Failed, Exception: Error invoking method check javax.management.RuntimeErrorException: Error invoking method check at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:30 8) at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java :213) at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanSe rverInterceptor.java:815) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784) at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1465) at org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.ja va:243) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicatio nFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterC hain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.j ava:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.j ava:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBas e.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:12 8) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:10 2) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav a:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Htt p11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:613) Caused by: java.lang.OutOfMemoryError at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.(ZipFile.java:203) at java.util.jar.JarFile.(JarFile.java:132) at java.util.jar.JarFile.(JarFile.java:97) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:746) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:515) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1229) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:29 7) ... 21 more I am running Mac OSX 10.4.11 with java version 1.5.0_07 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_07-164) Java HotSpot(TM) Client VM (build 1.5.0_07-87, mixed mode) and tomcat 6.0.16 I've defined JAVA_OPTS to JAVA_OPTS=-Xms512m -Xmx1024m -XX:MaxPermSize=512m -XX:PermSize=256m -XX:+UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled But basically no matter what I set JAVA_OPTS to the deployment will fail and the JVM never seems to use more than about 70MB of memory. Any help would be greatly appreciated. - To start a new topic, e-mail: users @tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users @tomcat.apache.org To unsubscribe, e-mail: [EMAIL
Re: Tomcat-5.5 run error on red hat
kohanm wrote: here they are: [EMAIL PROTECTED] usr]# cd java [EMAIL PROTECTED] java]# cd jdk* [EMAIL PROTECTED] jdk1.6.0_02]# cd bin [EMAIL PROTECTED] bin]# ls -l ... -rwxr-xr-x 1 root root 135168 Jun 14 2007 java.exe ... I have no way to find out how you have managed that, but whatever you have there is a Windows version of JDK, as opposed to Linux one. Please get a Linux JDK distribution from http://java.sun.com/javase -- ..Juha - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: getRealPath() returning temp space path
From: David Momper [mailto:[EMAIL PROTECTED] Subject: getRealPath() returning temp space path However, this is returning the directory: apache-tomcat-6.0.16/temp/#-Application/files where # is a number 0-9. I thought it was supposed to return the path apache-tomcat-6.0.16/webapps/Application/files It's not actually guaranteed to return anything; this is another shining example of why you should *never* use getRealPath() in a J2EE environment. Tomcat provides a work area for webapps to use via the context attribute javax.servlet.context.tempdir; see the servlet spec and Tomcat configuration guide for details. Alternatively, you could provide the desired location via an environment variable, system property, or JNDI value. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Moving from a very old Tomcat to a new Tomcat.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill, Bill Davidson wrote: | However today, I discovered door #3. Make the login servlet (which is | https) create and set the cookie as a non-secure cookie instead of letting | Tomcat create the JSESSIONID itself. This is a minor change to the code | and it seems to make everything work under Tomcat 6.0.16 as it did under | Tomcat 3.2.4. Did you change Tomcat code, or your own code? This was essentially my suggestion, except that I recommended doing it in a filter so you could modify the (effective) behavior of the Tomcat j_security_check handler to always use a non-secure cookie. | Wait, that sounds a lot like #3. :D Yup! | I didn't really do it as a filter though. The login servlet, after | verifying the | user's login and password, just creates and sets the cookie in the response | rather than letting Tomcat create the cookie. The cookie does not have | the secure flag set because the Cookie constructor doesn't set it by | default. Okay, so it sounds like you are using your own. Is there any particular reason you are not using the built-in container-based security mechanism? | Long term, I think we need to switch everything after the login to https | but I'm getting some resistance to that idea based upon performance | concerns. Those performance concerns are certainly valid. My experience has shown that most all-HTTPS sites have the SSL handshake as the most expensive part of the transaction -- sometimes even including (localhost, non-encrypted) database activity. There are ways to speed it up, but they are expensive. It's cheaper to buy more boxes ;) | Most of the app's pages don't have sensitive data so it has | been set up to only do https on pages that can contain sensitive data. Just remember that sending JSESSIONID cookies in the clear means that sessions can be hijacked. Actually, sessions can also be hijacked /without/ them being sent in the clear, but if they /are/ in the clear, then someone can actually observe a valid JSESSIONID and then hijack it, rather than having to guess at a bunch before they get lucky. You can provide countermeasures for that sort of brute-force attack, but you can't protect against a correctly-hijacked JSESSIONID without mandating a particular IP address for a session or other similar strategies. | I didn't design it. I just inherited it a few months ago. Keeping it | working | as users expect is of paramount importance so changing the way | everything is done cannot be done lightly. I totally understand. Just try to move to a more secure stance over time. It's the best you can do. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO1gEACgkQ9CaO5/Lv0PBn9wCeIvWEfPUp4WUwYoiUsUGCpWJm pB8AoJiLTTq3R5r/uA+5+z2VfLtqsnwe =Qthr -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Moving from a very old Tomcat to a new Tomcat.
Christopher Schultz wrote: Did you change Tomcat code, or your own code? Our own code. We have an explicit login servlet that handles checking the login/password against values stored in our Oracle database. Okay, so it sounds like you are using your own. Is there any particular reason you are not using the built-in container-based security mechanism? I don't know. I didn't design it. Was that container based security available in Tomcat 3.2.4? Those performance concerns are certainly valid. My experience has shown that most all-HTTPS sites have the SSL handshake as the most expensive part of the transaction -- sometimes even including (localhost, non-encrypted) database activity. There are ways to speed it up, but they are expensive. It's cheaper to buy more boxes ;) Which we're doing. One of the nice things about doing this new Tomcat is that I'm doing it on a new box with a newer version of Linux, more CPU's (dual quad-cores), more RAM etc. Eventually, I want to get into Tomcat clustering, for load balancing, fault tolerance and fail over. Just remember that sending JSESSIONID cookies in the clear means that sessions can be hijacked. I know. I totally understand. Just try to move to a more secure stance over time. It's the best you can do. Agreed. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Questions on session hijack bug in 6.0.14 (CVE-2007-5333)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, I have a few questions myself. See inline. Mark Thomas wrote: | Annony Mouse wrote: | 2.) If (1) is fact, can the exploit expose ALL Session IDs? Is it | dumping all of the data in all the sessions, or 'just' the sessionID | map? | | The worst case is that the attacker will obtain the ID for the current | session. With this the attacker has access to the session as the current | user. Who is the current user? If the attacker already has the session id, there's no need to hit the server to ... obtain the session id, right? Knowledge of the id of a session pretty much gives someone the right to act as that user. Any (valid) user has easy access to their session id: it's either in the URL or in a cookie value. If the only way to exploit this is to have foreknowledge of a session id, isn't the security question moot? The session id must have been leaked previously, right? Maybe I'm seriously missing the point. :( | 3.) Could this affect authenticated sessions over HTTPS? | | Yes, depending on the authentication used. Eg, if you use FORM the | session is vulnerable, if you use CLIENT-CERT it isn't. Why is the session protected if CLIENT-CERT is being used? Because the attacker presumably does not have the correct client cert? If that's the case, how was the attack carried out in the first place? | 5.) Is there anything we can do to limit the scope of this bug with | config settings alone? Binding the session to the IP address that it | was first initialized with, for instance. | | That should mitigate the issue. Be aware that some ISPs play games with | IP addresses that mean a user's IP address might not be constant between | requests. Note that securityfilter will soon have a filter that performs this exact function. We're currently testing it ourselves before it even goes into CVS. I'd be happy to share the code with anyone who wants it. | 7.) If this is as big of a deal as it looks like, why is there no more | information available / more questions being posted / the world seems | shockingly quiet about this. | | I think your worst case assumption re Q2 has lead to an over estimate of | the impact of this. | It is made worse when an app allows user provided data to find its way | unfiltered into cookie content - this shouldn't happen and where it does | should be easy to fix. Any client can send a bogus cookie, though, right? On the other hand, what good is sabotaging your own request...? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO2WAACgkQ9CaO5/Lv0PCArgCguHpT41UILNrttSGhthO9CRZZ fIIAn2euPBcBye/f0psXR0xzaY8r9r1y =kuUr -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Moving from a very old Tomcat to a new Tomcat.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill, Bill Davidson wrote: | Christopher Schultz wrote: | Is there any particular reason you are not using the built-in | container-based security mechanism? | | I don't know. I didn't design it. Was that container based security | available in Tomcat 3.2.4? Yep. It's part of the servlet specification. Maybe as you move forward, you could look into using that and reduce the amount of code you have to maintain. Note that TC container-managed authentication does not allow drive-by logins (that is, logins that didn't result from the request for a protected resource). Basically, no unexpected logins, which kind of sucks. Securityfilter, available on sourceforge, provides container-managed-auth-style authentication and authorization and gives you some additional options not provided by TC. Feel free to check it out. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO2jUACgkQ9CaO5/Lv0PAXjQCfUGbvwuZ1imDAc2fp3AXHO9UR b9UAn0HL8N560ANPfnoyKpZLJdXl8+Oq =PARS -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to configure Apache-https redirect to Tomcat-http
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, BurnInHell wrote: | Since I want to access the application from outside and I have no access | to the firewall which is only enabeling https I want to access my | application over https://server.domain/app using: | | proxypass /app http://localhost:8080/myapp | | This does not work, because when trying to access https://server.domain/app, | he redirects me to http://server.domain/myapp which does not exist. What component is performing the redirect? Proxypass should not be issuing any redirects, so what is doing it? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO2tAACgkQ9CaO5/Lv0PA7vQCgwyyKL2w2VjgI01puSG25TgxE jrcAnibGtYd2sUy6dbw07dIJMuw+wThq =C950 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Moving from a very old Tomcat to a new Tomcat.
Christopher Schultz wrote: Yep. It's part of the servlet specification. Maybe as you move forward, you could look into using that and reduce the amount of code you have to maintain. Note that TC container-managed authentication does not allow drive-by logins (that is, logins that didn't result from the request for a protected resource). Basically, no unexpected logins, which kind of sucks. Securityfilter, available on sourceforge, provides container-managed-auth-style authentication and authorization and gives you some additional options not provided by TC. Feel free to check it out. Thanks for all the advice. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Something like a filter
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maux, maux wrote: | I would like to know if there is something that I can configure to an | application that force the application to execute that thing before it | executes. I mean I need something that does more or less the same that a | filter but without using the class filter. Does this need to execute before every request? If so, Filter is the way to go. Do you have an aversion to using Filters? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO3AIACgkQ9CaO5/Lv0PAcWQCgqRqMsB5kus27wW8QkJC1cvuD yMsAn1aWqoFaUU5pnSkWPIHGPYODYbcU =cdYz -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How can I run one particular webapp as a different user?
I'm using Tomcat in Linux and when I use Runtime.exec from Tomcat, the unix commands run as user dingo. But I have another user aruns and I would like ONE AND ONLY ONE of my web applications to use Runtime.exec() to run a perl script as user aruns and not as user Dingo. Is this possible? If so how ? Arun - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How can I run one particular webapp as a different user?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arun, Don't hijack threads :( Sudhir, Arun wrote: | I'm using Tomcat in Linux and when I use Runtime.exec from Tomcat, the | unix commands run as user dingo. But I have another user aruns and I | would like ONE AND ONLY ONE of my web applications to use Runtime.exec() | to run a perl script as user aruns and not as user Dingo. Is this | possible? If so how ? How would you do this on the command-line? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO3tkACgkQ9CaO5/Lv0PBFuACeLeZPJhQ26SCEk1V0KgmBC0Bc HcoAoK4r5/bGbe7rtg1psrHbv4yH/Q2S =1nyA -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How can I run one particular webapp as a different user?
Chris, Do you mean to say that every webapp is a separate thread? So the userid for the Runtime.exec() would be the id of the user starting the servlet conatiner (by running startup.sh)? Is there a place like a catalina.policy or something where I can say hey tomcat, this is userid with which you should runall Runtime.exec() calls!. :) (Too much to ask ?? ) Arun -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 10, 2008 4:07 PM To: Tomcat Users List Subject: Re: How can I run one particular webapp as a different user? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arun, Don't hijack threads :( Sudhir, Arun wrote: | I'm using Tomcat in Linux and when I use Runtime.exec from Tomcat, the | unix commands run as user dingo. But I have another user aruns and I | would like ONE AND ONLY ONE of my web applications to use Runtime.exec() | to run a perl script as user aruns and not as user Dingo. Is this | possible? If so how ? How would you do this on the command-line? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO3tkACgkQ9CaO5/Lv0PBFuACeLeZPJhQ26SCEk1V0KgmBC0Bc HcoAoK4r5/bGbe7rtg1psrHbv4yH/Q2S =1nyA -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, André Warnier wrote: | thank you for the explanations below. And I apologise if I answered | rather testily before. It happens. Just remember that Mark happens to be a Tomcat dev, so he's in a position to know the Truth ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO4tQACgkQ9CaO5/Lv0PCclQCfc8JZPaLlHxQzs7efU6cn+MkX 4sQAnj6OrlWOyJN4fKwCwmryZuGIIK7x =4uNr -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, Sorry, one more comment: André Warnier wrote: | Off-topic : Are you sure that can really happen ? I must admit that I | have never seen that behaviour before, and it seems to me that it would | create a host of other problems (such as breaking the underlying TCP | sessions). This absolutely used to be the case with AOLers. At [unnamed major CA company], we had a completely separate instance of one of our applications that was customized /just/ for AOL users, and it included tolerance for the old IP-address switcheroo. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO41EACgkQ9CaO5/Lv0PB2CwCgpOx10EFFOLxVPooxBV3t5JXE 6EIAmwfhh+1xMGGJoQNZARHu0rRRF0No =kDRo -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, Martin wrote: | If you're in a secure location that disallows cookies..you can always | try url-rewrite Dude. The container does URL rewriting without requiring other tools. Stop confusing people with this junk. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO4+kACgkQ9CaO5/Lv0PAMSACgk/DW2xkIjXyLEuXw74U+fvhj Wy0An1Vj6UpkaKbdGlAdDDwDkSNbeRoi =mcxF -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Get bean from servletContext on context destruction
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nameless, Nam3l3ss wrote: | I have a bean on a jsp page (jsp:UseBean) , with application scope, that uses | some resources that must be freed when the application is stopped/reset. | | I'm currently using a context listener to detect when does the servelt context | gets destroyed, but I cannot get the bean from it. When are you putting the bean into the context in the first place? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO5KIACgkQ9CaO5/Lv0PCkiQCfQOK5eNN5d0DnLx8rvYyu2qxu HB8An3xuleWHItgDxymG35BLMRv+EhFw =sK66 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getRealPath() returning temp space path
David Momper wrote: In my application, I am trying to upload files to be stored in the directory [application root]/files. To get the path to write files to, I am using: request.getSession().getServletContext().getRealPath(/files); However, this is returning the directory: apache-tomcat-6.0.16/temp/#-Application/files where # is a number 0-9. I thought it was supposed to return the path apache-tomcat-6.0.16/webapps/Application/files Am I gong about getting the path incorrectly, or do I need to change a configuration somewhere in Tomcat? This is a result of using one of the anti-resource locking options in your context. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: It¡¯s amazing, apache make TC perfor mance decrease dramatically.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Zufeng, Zufeng Huang wrote: | I post a topic about the performance of apache+mod_jk_tomcat | yesterday, and just now, I tried apache ab as the tool to do a | benchmark. But the result is amazing. [snip] | 1, According to my configurations, apache(2.2.4) has NO advantage | against tomcat(5.5.15) in processing static content. OMGWTFBBQ?! Oh, wait. We've been saying that for years. If you use the APR connector, it will have no advantage whatsoever since Tomcat will be running the identical code to Apache httpd. | 2, In processing dynamic content, apache make performance decrease dramatically. I dunno about that. The issue is that Apache httpd adds overhead. That's all there is to it. Apache httpd is really only appropriate with odd configurations including load balancing, multiple apps in separate JVMs, other needs (such as PHP support, or some module only available in Apache), or when Apache httpd is already present and nobody wants to get rid of it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO5hcACgkQ9CaO5/Lv0PDItACguHJeqx4Dlf5mVH4lUHRW87n9 Ee0An0Aj8uq7HsIEv73YufMY05F/kHBi =SeZF -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How can I run one particular webapp as a different user?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arun, Sudhir, Arun wrote: | Do you mean to say that every webapp is a separate thread? No. | So | the userid for the Runtime.exec() would be the id of the user starting | the servlet conatiner (by running startup.sh)? Yes. Child processes inherit the euid of the parent process. | Is there a place like a | catalina.policy or something where I can say hey tomcat, this is userid | with which you should runall Runtime.exec() calls!. :) (Too much to | ask ?? ) Java does not allow you to do this, so I would imagine that Tomcat can't either. On UNIX systems, running a process as another user is as simple as using the su command (or sudo, if you have that set up). Try looking at the man pages for those two commands and you should be able to figure out how to run one command as another user. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO5xEACgkQ9CaO5/Lv0PARsgCfeN86bIudAh3jbB15itWD8iww 3MAAmQFyVY0hjMKgzxsY7Ue8h9cB2yjI =YnF6 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to share jsp in different contexts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Luca, Luca Bertuccelli wrote: | I'd like to use some JSP of one context into different contexts without | copy[ing] them. Why /not/ copy them? | Is it possible? I'm sure it's possible, but Tomcat does not include any configuration options to actually make it happen. You'd have to write a lot of your own code. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO6KsACgkQ9CaO5/Lv0PBYLgCgrhTiW6J/tzGBwmWD8G/+upb5 4oMAniiI3TdVcS040m/s/lPGnZklXNbQ =7/S7 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run several applications on different ports, isolated from each other
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yves, Yves Glodt wrote: | I need to run now another application on tomcat, and what I think to do is to | have another instance of tomcat running on another port, isolated from my | OpenCms, with a different webapps folder as well. Yep, you need another instance of Tomcat. Conceptually, it's very simple: 1. Create a new directory which will hold your new instance. This ~ is called CATALINA_BASE, and you'll need to set this environment ~ variable accordingly. ~ This directory should contain the following directories: ~ conf/ ~ logs/ (optional, if you have no logging going here) ~ temp/ (optional, as TC should create this) ~ webapps/ (optional, if you have no auto-deployed webapps) ~ work/ (optional, as TC should create this) ~ The conf directory needs server.xml and web.xml. Make sure ~ that your Connectors in server.xml have unique port numbers ~ (i.e. default HTTP port is 8080, so check that, and the default ~ AJP port is 8009, so check that, too... these must be unique ~ across all TC instances). ~ Stick your webapps in 'webapps', obviously, unless you are ~ going to be declaring separate XML deployment descriptors ~ (ignore this if you have no idea what I'm talking about). 2. Run CATALINA_HOME/bin/startup.sh with the correct CATALINA_BASE ~ environment variable set. Note that CATALINA_HOME points to ~ the /actual/ TC install -- where the bin directory is -- and ~ CATALINA_BASE points to your instance as defined above. | tomcat-instance 1: port 8001 webapps-folder: /var/lib/tomcat5.5/webapps | tomcat-instance 2: port 8002 webapps-folder: /home/tomcat/webapps No problem: $ export CATALINA_BASE=/home/tomcat $ /var/lib/tomcat5.5/bin/startup.sh Just make sure that /home/tomcat is set up as indicated above. | Also, I would prefer not to touch the debian startup scripts, nor modify any | other distributed files. All config should be done in the tomcat config-files. That's going to be a problem, because I'm sure those scripts assume only a single instance of TC in the default location. If you want to start up multiple TC instances, you'll have to either: 1. Copy /etc/init.d/tomcat.sh (or whatever) to /etc/init.d/tomcat2.sh ~ and modify it accordingly (like setting CATALINA_BASE) 2. Write a different /etc/init.d/tomcat.sh script that somehow ~ identifies all TC instances and starts them separately | Can someone explain how to achieve this configuration, or maybe provide | example-files? The documentation is available in the RUNNING.txt file that should be packaged with Tomcat. If you can't find that file, as the Debian folks why they removed it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO74oACgkQ9CaO5/Lv0PAOMgCgteGLh9JSJCYeJ0pmrHIZVa3x jocAni/LufRQ4LXwFp3H9tRGtYmSH4aG =tRmh -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Questions on session hijack bug in 6.0.14 (CVE-2007-5333)
Christopher Schultz wrote: Mark Thomas wrote: | The worst case is that the attacker will obtain the ID for the current | session. With this the attacker has access to the session as the current | user. Who is the current user? If the attacker already has the session id, there's no need to hit the server to ... obtain the session id, right? Knowledge of the id of a session pretty much gives someone the right to act as that user. Any (valid) user has easy access to their session id: it's either in the URL or in a cookie value. This attack requires luring a user who is already logged in to a webapp running on a vulnerable Tomcat server to a malicious site. With a suitably crafted URL, the attacker is able to steal the authentication cookie for the user who was lured to the malicious site. It is the user that is lured who is the 'current user'. If the only way to exploit this is to have foreknowledge of a session id, isn't the security question moot? The session id must have been leaked previously, right? Maybe I'm seriously missing the point. :( See above. | 3.) Could this affect authenticated sessions over HTTPS? | | Yes, depending on the authentication used. Eg, if you use FORM the | session is vulnerable, if you use CLIENT-CERT it isn't. Why is the session protected if CLIENT-CERT is being used? Because the attacker presumably does not have the correct client cert? Yes. If that's the case, how was the attack carried out in the first place? Again, see above. | 7.) If this is as big of a deal as it looks like, why is there no more | information available / more questions being posted / the world seems | shockingly quiet about this. | | I think your worst case assumption re Q2 has lead to an over estimate of | the impact of this. | It is made worse when an app allows user provided data to find its way | unfiltered into cookie content - this shouldn't happen and where it does | should be easy to fix. Any client can send a bogus cookie, though, right? On the other hand, what good is sabotaging your own request...? They can but that is harder (but not impossible) for an attacker to trick a client into doing that. When a request parameter is used in/as the cookie value the attack is a lot easier. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OT: Fedora Core 8 viability (was Re: Problem in starting tomcat)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve, Steve Ochani wrote: | Off topic remark. I hope you don't use [Fedora Core 8] on production machines. Fedora is not | designed for that. What leads you to that conclusion? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO8DsACgkQ9CaO5/Lv0PCOtACfVMEme1ZQwBDEJdaKVQ2pFz3M vUEAn2/HeNhqg9ZAfarE2mRl57pv3WZt =kZZB -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
Christopher Schultz wrote: André, André Warnier wrote: | thank you for the explanations below. And I apologise if I answered | rather testily before. It happens. Just remember that Mark happens to be a Tomcat dev, so he's in a position to know the Truth ;) Not that that means I am always right. There is plenty of evidence of my errors in the archive ;) Of course, this being open source anyone is free to look at the source code and discover the 'real' truth. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: multiple tomcat process scenario
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ming, Yu, Ming wrote: | 2) After the service is initiated, there are two processes staying | resident in memory: one is the jsvc controller process and the other is | the main tomcat process. Everything is fine. The main process is | detached from the controller process. Detached... how? They should still have a parent/child relationship, and that can't be broken unless init inherits the child process after the parent dies. In this case, the parent is there, so... what do you mean? | 3) It seems that, at random times and may be affected by the | service load also, the main tomcat thread could spawn additional tomcat | processes. This can be clearly verified by the parent and child process IDs. This may correspond to Java Threads being represented as processes by your OS. I don't have much Solaris experience, so I can't tell you from personal experience. I know that certain versions of certain threading libraries on Linux will report threads as processes. | 4) Also, the newly spawned tomcat processes are seldom accessed | because their accumulated use time is 0:00. Again, your OS might be showing threads as processes, but assigning the CPU time used to the parent process (instead of the thread process) so that's why you might never see any CPU time used. | The following is the snapshot of the scenario: Your attachment was not posted. Perhaps you could make this available on your website or blog? Some versions of 'ps' have the ability to display process trees. Could you see if yours does and verify that the mysterious processes are actually children of the main java process? Also, please verify that they are running java and not something else entirely. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO8aAACgkQ9CaO5/Lv0PAdFQCeOPmAp+BOTTCsXkv7gH3ecnxV vdEAmQF24+3m7m+CgBfmyZRjvqlduKOi =lOz4 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Questions on session hijack bug in 6.0.14 (CVE-2007-5333)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, Mark Thomas wrote: | This attack requires luring a user who is already logged in to a webapp | running on a vulnerable Tomcat server to a malicious site. With a | suitably crafted URL, the attacker is able to steal the authentication | cookie for the user who was lured to the malicious site. It is the user | that is lured who is the 'current user'. Maybe I'm not reading the OP's reference correctly (http://securitytracker.com/alerts/2007/Aug/1018557.html) but it looks like the URL provided (in the exploit) doesn't demonstrate what you describe. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO8x0ACgkQ9CaO5/Lv0PDMcgCeL/A1AIC/uFGlFonqsLeg9Vq2 RbUAn2qNiHgkzEpTFePBhTD0JxcpuX0y =cpn1 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Questions on session hijack bug in 6.0.14 (CVE-2007-5333)
Christopher Schultz wrote: Mark, Mark Thomas wrote: | This attack requires luring a user who is already logged in to a webapp | running on a vulnerable Tomcat server to a malicious site. With a | suitably crafted URL, the attacker is able to steal the authentication | cookie for the user who was lured to the malicious site. It is the user | that is lured who is the 'current user'. Maybe I'm not reading the OP's reference correctly (http://securitytracker.com/alerts/2007/Aug/1018557.html) but it looks like the URL provided (in the exploit) doesn't demonstrate what you describe. You are reading the reference correctly. The example is simple but was enough to convince the security team that session hijacking was possible. When it comes to a choice of trying to produce a POC for what we believe to be the worst case scenario or working on a fix, the fix is usually all we have time for. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Something like a filter
I need to execute it before an application executes. I know filters are the way but I need to communicate with an applet and I think filters and applets can´t have a two-way communication. Thanks. Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maux, maux wrote: | I would like to know if there is something that I can configure to an | application that force the application to execute that thing before it | executes. I mean I need something that does more or less the same that a | filter but without using the class filter. Does this need to execute before every request? If so, Filter is the way to go. Do you have an aversion to using Filters? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhO3AIACgkQ9CaO5/Lv0PAcWQCgqRqMsB5kus27wW8QkJC1cvuD yMsAn1aWqoFaUU5pnSkWPIHGPYODYbcU =cdYz -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Something-like-a-filter-tp17647911p17765736.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OT: Fedora Core 8 viability (was Re: Problem in starting tomcat)
On 10 Jun 2008 at 17:20, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve, Steve Ochani wrote: | Off topic remark. I hope you don't use [Fedora Core 8] on production machines. Fedora is not | designed for that. What leads you to that conclusion? 1. When Fedora project was started I remember reading that it was almost like a testbed for testing new apps/open source projects to be put into Red Hat Enterprise Linux. 2. 6 month support cycle isn't exactly something that is long lasting/reliable for production systems. (IMO 3 years is a min.) 3. The past history of stableness of some versions, such as version 7. If someone is looking for a Red Hat type linux distro that is stable, long support time/cycle then they should consider CentOS. -Steve O. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jkmanager node limitation
Thank you. I will. Regards mohan Rainer Jung-3 wrote: Mladen Turk wrote: Mohan2005 wrote: On the same front, say we have 50 nodes and one jkmanager. There would be a management problem to disable/activate nodes. Is there a way to disable/activate nodes passing URL parameters to jkmanager ? No, but that's a good idea to put a wildchar processing for worker names (same rules as for JkMount) I would suggest you fill in the bugzilla enhancement request for Native:JK component at: https://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%206 Yes, please add an issue about status worker and using patterns for worker and sub worker. In the meantime, you can try to automate the activation setting for multiple workers by using a script. The details for the status worker URL arguments can be found on the page http://tomcat.apache.org/connectors-doc/reference/status.html#Request%20Parameters and you can always check, which URLs get used by interactive usage, because we never use POST. Examples: cmd=update mime=txt w=myloadbalancer sw=memberofloadbalancer wa=disabled Mass editing of one attribute for all sub workers (also called edit by aspect) could be done via cmd=update mime=txt w=myloadbalancer att=wa val1=disabled val2=active val3=disabled val4=disabled val5=active Of course this only works as long as the URL doesn't get to long. There's no guarantee about the order of the sub workers though, so you first need to check the order resulting from your config in the GUI of the status worker. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/jkmanager-node-limitation-tp17720375p17767755.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jkmanager node limitation
Hello Again; I tried the following, did not take effect; What am I doing wrong here please; My jkmanager shows this for the Loadbalancer TEST and it has only one node called NODE1 NameTypeHostAddrAct State D F M V Acc Err CE RE Wr Rd BusyMax Route RR Cd Rs [E|R] NODE1 ajp13 10.0.0.112:8109 10.0.0.112:8109 STP OK/IDLE 0 1 1 0 0 0 0 0 0 0 0 0 NODE1 WwwNODE1Com 0/0 Then I would call the following url to Activate the node. http://localhost/jkmanager/?cmd=updatemime=txtw=TESTatt=waNODE1=activate This would result in Result: type=OK message=Action finished But the node does not get activated. Please advice. Thanks and regards Mohan Rainer Jung-3 wrote: Mladen Turk wrote: Mohan2005 wrote: On the same front, say we have 50 nodes and one jkmanager. There would be a management problem to disable/activate nodes. Is there a way to disable/activate nodes passing URL parameters to jkmanager ? No, but that's a good idea to put a wildchar processing for worker names (same rules as for JkMount) I would suggest you fill in the bugzilla enhancement request for Native:JK component at: https://issues.apache.org/bugzilla/enter_bug.cgi?product=Tomcat%206 Yes, please add an issue about status worker and using patterns for worker and sub worker. In the meantime, you can try to automate the activation setting for multiple workers by using a script. The details for the status worker URL arguments can be found on the page http://tomcat.apache.org/connectors-doc/reference/status.html#Request%20Parameters and you can always check, which URLs get used by interactive usage, because we never use POST. Examples: cmd=update mime=txt w=myloadbalancer sw=memberofloadbalancer wa=disabled Mass editing of one attribute for all sub workers (also called edit by aspect) could be done via cmd=update mime=txt w=myloadbalancer att=wa val1=disabled val2=active val3=disabled val4=disabled val5=active Of course this only works as long as the URL doesn't get to long. There's no guarantee about the order of the sub workers though, so you first need to check the order resulting from your config in the GUI of the status worker. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/jkmanager-node-limitation-tp17720375p17769461.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]