Re: Need clarification on AJP Connector logs
On 15/12/2009 00:24, Michael Dubrovskiy wrote: In order to troubleshoot some issues with Apache Tomcat Connector I set JkLogLevel debug, and I found in mod_jk.log file a lot of messages like [debug] map_uri_to_worker::jk_uri_worker_map.c (597): Attempting to map URI '//phpmyadmin/config/config.inc.php' from 5 maps [debug] map_uri_to_worker::jk_uri_worker_map.c (597): Attempting to map URI '//phpMyAdmin/config/config.inc.php' from 5 maps Does anybody knows, what it is actually trying to do and where “//phpmyadmin/config/config.inc.php'” could be located? I’m not able to find it anywhere on the server. It's probably just a bot, scanning URLs and trying to access a poorly protected PHP config file. You can safely ignore it if you don't have PHP installed. You should find confirmation in your error log, showing a 404 for those URLs. p Thank you - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Config Question
On 15/12/2009 04:17, steflik wrote: Chuck, OK, I've read the document several times and still can't figure out what it is you are trying to tell me. I'm not using WARs so /META-INF/? doesn't come into play. If theContext statements don't go in to server.xml where should I put them, context.xml doesn't seem to be the appropriate place? A web app in the form of a directory is just an exploded/uncompressed WAR. Putting a META-INF directory inside the app dir still applies. Try it and see. (The manager host-manager apps preinstalled in Tomcat also use a META-INF directory.) p Dick Steflik Binghamton University Caldarale, Charles R wrote: From: steflik [mailto:stef...@binghamton.edu] Subject: Re: Tomcat Config Question Do I just move thecontext statements out of server.xml and into context.xml? It'sContext notcontext - case matters. or is there something else I have to do. Reading the doc would be a good first step: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Very slow shutdown - 3 mins
Hi, we're running 3 tomcat instances on Solaris. We are experiencing extremely show shutdowns. I've done a thread dump, but as far as I can tell all looks ok. Does anyone know what is causing this? We're calling /opt/ec/tomcat/bin/shutdown.sh to shut down the instance. I see the line: 'INFO: Stopping Coyote HTTP/1.1 on http-8082' appear quickly. However the java process hangs about for at least another 3 minutes. Here's the thread dump: Dec 15, 2009 7:35:23 AM org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-8082 Dec 15, 2009 7:35:24 AM org.apache.catalina.core.StandardService stop INFO: Stopping service Catalina Dec 15, 2009 7:35:26 AM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-8082 2009-12-15 07:36:20 Full thread dump Java HotSpot(TM) Server VM (11.2-b01 mixed mode): DestroyJavaVM prio=3 tid=0x0807 nid=0x2 waiting on condition [0x..0xfe46ebb0] java.lang.Thread.State: RUNNABLE http-8082-1 daemon prio=3 tid=0x0848a800 nid=0xba in Object.wait() [0xe396d000..0xe396dbf0] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) at java.lang.Object.wait(Object.java:485) at org.apache.tomcat.util.net.JIoEndpoint$Worker.await(JIoEndpoint.java:423) - locked 0xf9e92aa8 (a org.apache.tomcat.util.net.JIoEndpoint$Worker) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:449) at java.lang.Thread.run(Thread.java:619) Java2D Disposer daemon prio=3 tid=0x08dd nid=0x50 in Object.wait() [0xe407b000..0xe407baf0] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:116) - locked 0xec1c6cc8 (a java.lang.ref.ReferenceQueue$Lock) at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:132) at sun.java2d.Disposer.run(Disposer.java:125) at java.lang.Thread.run(Thread.java:619) pool-1-thread-10 prio=3 tid=0x085b8800 nid=0x38 waiting on condition [0xe44d9000..0xe44d9af0] java.lang.Thread.State: WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for 0xeb57f170 (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject) at java.util.concurrent.locks.LockSupport.park(LockSupport.java:158) at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:1925) at java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:358) at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:947) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) at java.lang.Thread.run(Thread.java:619) pool-1-thread-9 prio=3 tid=0x08e0b400 nid=0x37 waiting on condition [0xe497d000..0xe497db70] java.lang.Thread.State: WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for 0xeb57f170 (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject) at java.util.concurrent.locks.LockSupport.park(LockSupport.java:158) at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:1925) at java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:358) at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:947) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) at java.lang.Thread.run(Thread.java:619) pool-1-thread-8 prio=3 tid=0x09550c00 nid=0x36 waiting on condition [0xe49ce000..0xe49ce9f0] java.lang.Thread.State: WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for 0xeb57f170 (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject) at java.util.concurrent.locks.LockSupport.park(LockSupport.java:158) at java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.await(AbstractQueuedSynchronizer.java:1925) at java.util.concurrent.LinkedBlockingQueue.take(LinkedBlockingQueue.java:358) at java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:947) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) at java.lang.Thread.run(Thread.java:619) pool-1-thread-7 prio=3 tid=0x08e74400 nid=0x35 waiting on condition [0xe45ae000..0xe45aea70] java.lang.Thread.State: WAITING (parking) at sun.misc.Unsafe.park(Native Method) - parking to wait for 0xeb57f170 (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject) at java.util.concurrent.locks.LockSupport.park(LockSupport.java:158) at
Accumulation of Request Processors objects causes tomcat stuck?
Hi, i am running an application on tomcat which gets stuck when processing incoming messages after a while. I see accumulation of request processors objects in jconsole under: Catalina\RequestProcessor\http-8080. What do these objects mean, what does it mean that they accumulate? can it explain tomcat's getting stuck? Thanks -- View this message in context: http://old.nabble.com/Accumulation-of-Request-Processors-objects-causes-tomcat-stuck--tp26791905p26791905.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
j_security_check change the principal user
Hi, I have a problem. I have a web aplication (java,jsp) with j_security_check but the user that i use to authenticate need change por other in the Simpleprincipal for j_security_check store in the session as the primary user. Is posible? thanks, Sorry for my inglish. -- View this message in context: http://old.nabble.com/j_security_check-change-the-principal-user-tp26792345p26792345.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Getting Servlet-api.jar source.
Where Can I download Servlet-api.jar source? Thanks in advance Jaime Carmona Loeches. Formador de Java J2EE / Java-J2EE Teacher Pronoide SL www.pronoide.com Spain
AW: Re: Response logging
Thanks for the link, I will try the filter in my application. Best regards, Abid -Ursprüngliche Nachricht- Von: Christopher Schultz [mailto:ch...@christopherschultz.net] Gesendet: Montag, 14. Dezember 2009 19:56 An: Tomcat Users List Betreff: Re: Response logging -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Abid, On 12/14/2009 11:09 AM, Abid Hussain wrote: I would like to log the complete responses (including the body) from the incoming ajax requests. [snip] Does anybody if there is any tomcat-built-in or external tool which can log every response tomcat sends out? I don't believe that there is anything built-in. Someone recently asked about how to do this, and I wrote a filter that can capture the response, including headers, etc. I posted it to this list, and you can read the whole thread here: http://markmail.org/message/fumpfuspt7a3nesz Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksmijcACgkQ9CaO5/Lv0PCKvgCfZLj0KG00UEWHj1qHeRI98lcl J5YAn1siZfrMrrKUetSFJmHeQ2d9PInr =s55q -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to access JNDI resources on Tomcat level
The problem is https. For rememberMe in Josso, the site should be in ssl. I configured ssl in tomcat. Now i am getting the following error. I have installed the cert. in IE. Please help me if there are tomcat settings required for ssl. 15 Dec 2009 06:14:38,992 DEBUG Error getting client certs javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1012) at org.apache.coyote.Request.action(Request.java:352) at org.apache.catalina.connector.Request.getAttribute(Request.java:896) at org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263) at org.josso.gateway.signon.LoginSelectorAction.execute(LoginSelectorAction.java:67) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.josso.gateway.filter.ProtocolHandlerFilter.doFilter(ProtocolHandlerFilter.java:86) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:275) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 15 Dec 2009 06:14:38,992 DEBUG Looking for cookie: JOSSO_REMEMBERME_josso 15 Dec 2009 06:14:38,992 DEBUG RemembermeCookie NOT found! Pid Ster wrote: On 14/12/2009 12:55, vramanaj wrote: Hi, I am through with the Josso configuration. Could be able to see the sso logon page, redirecting the authenticated username to the partner application. Facing problem with rememberMe option. Second time when i try to logon to the application, logon page is showing up again. I set 'rememberMeEnabled' to true in josso. For rememberMe in sso, i read that we need to set tomcat ssl enabled. I did that. JOSSO_REMEMBERME_josso is getting created. Still are there any configurations we need to do in tomcat ? No idea, but it sounds like a JOSSO problem. Maybe that community can assist. p Regards vramanaj wrote: Resolved AuthenticationFailureException issue. This is coming because i have used basic-authentication scheme. If basic-authentication scheme used, we need remove hasAlgorithm and hasEnconding properties in josso-gateway-auth.xml file. Now Josso session id is getting created. But getting the below error while trying to access the application: java.lang.RuntimeException: Outbound relaying failed. No Principal found. Verify your SSO Agent Configuration! org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:502) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) java.lang.Thread.run(Thread.java:619) Tomcat log shows: Dec 1, 2009 8:51:55 AM org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler handle INFO: Tue Dec 01 08:51:55 EST 2009 - sso-session - info - vjosyula -
Re: compiling tomcat6020 from source on modern amd64-bit linux
On Sunday 13 December 2009 10:54:10 am Zacheusz Siedlecki wrote: Right - I meant native APR (with IO functionality) not connectors in jars Regards, Zacheusz thanks for your comments, perhaps you et al could help with a little decryption?. ...in the directory ~/tomcat-6.0.20-src/native/connector for example [biomecha...@work connector]$ ls build BUILDING include Makefile.in srclib buildconf config.layout libtcnative.dsp os tcnative.dsp build.conf configure.in libtcnative.dsw src tcnative.pc.in [biomecha...@work connector]$ excerpt from the BUILDING file reads Building from source package: configure --with-apr=apr_install_location --with-ssl=openssl_install_location make ## when you execute autoconf to generate an executable 'configure' script, it works fine but when you run ./configure --with-apr=~wherever-apr-1-config-is it replies with the complaint 'unrecognised option --with-apr it also reports:- configure error: cannot find install-sh, install.sh or shtool in build ./build QUESTION 1: Are there any options to pass to autoconf before to solve the above problems ? OR QUESTION 2: Is it best to install these 'independently' following recipes at this url:- http://tomcat.apache.org/native-doc/? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Getting Servlet-api.jar source.
On 15/12/2009 10:50, Jaime Carmona Loeches wrote: Where Can I download Servlet-api.jar source? Thanks in advance Jaime Carmona Loeches. http://tomcat.apache.org/svn.html p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to access JNDI resources on Tomcat level
On 15/12/2009 11:25, vramanaj wrote: The problem is https. For rememberMe in Josso, the site should be in ssl. I configured ssl in tomcat. Now i am getting the following error. I have installed the cert. in IE. Please help me if there are tomcat settings required for ssl. If the problem is setting up HTTPS, have you completed the steps included on the page below? http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html p 15 Dec 2009 06:14:38,992 DEBUG Error getting client certs javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1012) at org.apache.coyote.Request.action(Request.java:352) at org.apache.catalina.connector.Request.getAttribute(Request.java:896) at org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263) at org.josso.gateway.signon.LoginSelectorAction.execute(LoginSelectorAction.java:67) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.josso.gateway.filter.ProtocolHandlerFilter.doFilter(ProtocolHandlerFilter.java:86) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:275) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 15 Dec 2009 06:14:38,992 DEBUG Looking for cookie: JOSSO_REMEMBERME_josso 15 Dec 2009 06:14:38,992 DEBUG RemembermeCookie NOT found! Pid Ster wrote: On 14/12/2009 12:55, vramanaj wrote: Hi, I am through with the Josso configuration. Could be able to see the sso logon page, redirecting the authenticated username to the partner application. Facing problem with rememberMe option. Second time when i try to logon to the application, logon page is showing up again. I set 'rememberMeEnabled' to true in josso. For rememberMe in sso, i read that we need to set tomcat ssl enabled. I did that. JOSSO_REMEMBERME_josso is getting created. Still are there any configurations we need to do in tomcat ? No idea, but it sounds like a JOSSO problem. Maybe that community can assist. p Regards vramanaj wrote: Resolved AuthenticationFailureException issue. This is coming because i have used basic-authentication scheme. If basic-authentication scheme used, we need remove hasAlgorithm and hasEnconding properties in josso-gateway-auth.xml file. Now Josso session id is getting created. But getting the below error while trying to access the application: java.lang.RuntimeException: Outbound relaying failed. No Principal found. Verify your SSO Agent Configuration! org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:502) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) java.lang.Thread.run(Thread.java:619) Tomcat log shows: Dec 1, 2009
Re: j_security_check change the principal user
On 15/12/2009 10:03, peibel80 wrote: Hi, I have a problem. I have a web aplication (java,jsp) with j_security_check but the user that i use to authenticate need change por other in the Simpleprincipal for j_security_check store in the session as the primary user. Is posible? I don't think I understand what you're asking. You want to authenticate with one user, and then swap that for another? p thanks, Sorry for my inglish. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to access JNDI resources on Tomcat level
Yes, I did. I have followed those configuration steps for other applications earlier. Are there any other configurations required to store the cookies in IE browser, if the application is ssl enabled ? Pid Ster wrote: On 15/12/2009 11:25, vramanaj wrote: The problem is https. For rememberMe in Josso, the site should be in ssl. I configured ssl in tomcat. Now i am getting the following error. I have installed the cert. in IE. Please help me if there are tomcat settings required for ssl. If the problem is setting up HTTPS, have you completed the steps included on the page below? http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html p 15 Dec 2009 06:14:38,992 DEBUG Error getting client certs javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1012) at org.apache.coyote.Request.action(Request.java:352) at org.apache.catalina.connector.Request.getAttribute(Request.java:896) at org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263) at org.josso.gateway.signon.LoginSelectorAction.execute(LoginSelectorAction.java:67) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.josso.gateway.filter.ProtocolHandlerFilter.doFilter(ProtocolHandlerFilter.java:86) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:275) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 15 Dec 2009 06:14:38,992 DEBUG Looking for cookie: JOSSO_REMEMBERME_josso 15 Dec 2009 06:14:38,992 DEBUG RemembermeCookie NOT found! Pid Ster wrote: On 14/12/2009 12:55, vramanaj wrote: Hi, I am through with the Josso configuration. Could be able to see the sso logon page, redirecting the authenticated username to the partner application. Facing problem with rememberMe option. Second time when i try to logon to the application, logon page is showing up again. I set 'rememberMeEnabled' to true in josso. For rememberMe in sso, i read that we need to set tomcat ssl enabled. I did that. JOSSO_REMEMBERME_josso is getting created. Still are there any configurations we need to do in tomcat ? No idea, but it sounds like a JOSSO problem. Maybe that community can assist. p Regards vramanaj wrote: Resolved AuthenticationFailureException issue. This is coming because i have used basic-authentication scheme. If basic-authentication scheme used, we need remove hasAlgorithm and hasEnconding properties in josso-gateway-auth.xml file. Now Josso session id is getting created. But getting the below error while trying to access the application: java.lang.RuntimeException: Outbound relaying failed. No Principal found. Verify your SSO Agent Configuration! org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:502) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
Re: j_security_check change the principal user
Pid Ster wrote: On 15/12/2009 10:03, peibel80 wrote: Hi, I have a problem. I have a web aplication (java,jsp) with j_security_check but the user that i use to authenticate need change por other in the Simpleprincipal for j_security_check store in the session as the primary user. Is posible? I don't think I understand what you're asking. You want to authenticate with one user, and then swap that for another? p thanks, Sorry for my inglish. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi, thank for the reply. I try to explain I make login in jsp page login: person pass: xx i used j_security_check, then with an implementation of LoginModule valid user person against LDAP and when i make the return, some internal process recorded person in the PrincipalUser in the Session, and I want change person for person.example. is this possible? thanks -- View this message in context: http://old.nabble.com/j_security_check-change-the-principal-user-tp26792345p26794410.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SessionID cookie not secure over SSL
I am not sure whether i can post this here or not. But i want to try my luck. I am facing problem in configuring rememberMe for one of the Josso partner application. Following cookies are getting generated when i logging for the first time. cookie=JSESSIONID=964AB2019709DEEEA148DC018D69C2D4; JOSSOSESSIONID=EE45FA07BFA8AFF42BA3CCA3FBB5C16B; JOSSOREMEMBERME_josso=ke++yJbvJTRK5nXPCufcIA== From the next time onwards it is expected that it should allow me to access the application with out prompting the logon credentials. But here in this case every time when i open the browser window and access the application, logon page is showing up. Interestingly when i use Google Chrome browser, it is working. But Google chrome prompting for save the passwords. I opted to save the passwords in Google chrome. In case of using IE, it is not working. Tomcat debug log is throwing the below exception. Please help me out in resolving this issue. Quick response is highly appreciated. 15 Dec 2009 06:14:38,992 DEBUG Error getting client certs javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1012) at org.apache.coyote.Request.action(Request.java:352) at org.apache.catalina.connector.Request.getAttribute(Request.java:896) at org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263) at org.josso.gateway.signon.LoginSelectorAction.execute(LoginSelectorAction.java:67) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.josso.gateway.filter.ProtocolHandlerFilter.doFilter(ProtocolHandlerFilter.java:86) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:275) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 15 Dec 2009 06:14:38,992 DEBUG Looking for cookie: JOSSOREMEMBERMEjosso 15 Dec 2009 06:14:38,992 DEBUG RemembermeCookie NOT found! Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe, On 10/27/2009 5:34 PM, Joe Wallace wrote: Hi Chris, You wrote: Tomcat will create its JSESSIONID cookie like this in all cases: Cookie cookie = new Cookie(JSESSIONID, sessionId); if(request.isSecure()) cookie.setSecure(true); My filter calls HttpServletRequest.isSecure() which returns true It then calls Cookie.getSecure() for the JSESSIONID cookie which returns false. I am expecting this to return true since all connections have been over https. Or should I be looking elswhere? If this is what you are observing, then the cookie is being created during a non-https request. I would recommend clearing the cookie for your site in your browser, then visiting your site until you see the cookie appear. You can use an HttpServletRequestWrapper + a Filter to see where the session is being created if you'd rather not watch HTTP traffic. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrocrkACgkQ9CaO5/Lv0PCVTACfZRIKYGnQP3Jn8TnXSJ7Ew/gW f9MAnjeIMMSJhO3et+EXonxuZW7o7/Et =L5et -END PGP SIGNATURE- - To
Re: Tomcat Config Question
Chuck, I'm a little bit hesitant as a number of the students are still struggleing to get their JSP project done. Right now the server is running and the Context statements that define where the apps are are right at the end of server.xml. This is an example of a Context ststement as they are currently in server.xml: Context docBase=/home/alti/public_html/alti path=/alti debug=0 reloadable=true crossContext=true/Context If this is moved out of server.xml and into /home/alti/public_html/alti/META_INF/ how will Tomcat know where the alti app is; I always thought that Tomcat followed the paths it found in server.xml to figure out where all of the apps were.? If this is where it goes what name does the file get context.xml or alti.xml? Dick Steflik Binghamton University Pid Ster wrote: On 15/12/2009 04:17, steflik wrote: Chuck, OK, I've read the document several times and still can't figure out what it is you are trying to tell me. I'm not using WARs so /META-INF/? doesn't come into play. If theContext statements don't go in to server.xml where should I put them, context.xml doesn't seem to be the appropriate place? A web app in the form of a directory is just an exploded/uncompressed WAR. Putting a META-INF directory inside the app dir still applies. Try it and see. (The manager host-manager apps preinstalled in Tomcat also use a META-INF directory.) p Dick Steflik Binghamton University Caldarale, Charles R wrote: From: steflik [mailto:stef...@binghamton.edu] Subject: Re: Tomcat Config Question Do I just move thecontext statements out of server.xml and into context.xml? It'sContext notcontext - case matters. or is there something else I have to do. Reading the doc would be a good first step: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Tomcat-Config-Question-tp26711131p26794592.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Config Question
I'm assuming your docBase for this app is not inside tomcat's webapps folder and in that case, you're right to wonder how tomcat finds the context.xml file. The Context ... .../Context element can also be in it's own file named after the path attribute - i.e. alti.xml in conf/Catalina/localhost. Replace 'Catalina' with your tomcat's Service name from server.xml and 'localhost' with your Host name, again from server.xml. Tomcat looks there as well for the webapp's Context .../Context element and you can remove the path attribute. --David steflik wrote: Chuck, I'm a little bit hesitant as a number of the students are still struggleing to get their JSP project done. Right now the server is running and the Context statements that define where the apps are are right at the end of server.xml. This is an example of a Context ststement as they are currently in server.xml: Context docBase=/home/alti/public_html/alti path=/alti debug=0 reloadable=true crossContext=true/Context If this is moved out of server.xml and into /home/alti/public_html/alti/META_INF/ how will Tomcat know where the alti app is; I always thought that Tomcat followed the paths it found in server.xml to figure out where all of the apps were.? If this is where it goes what name does the file get context.xml or alti.xml? Dick Steflik Binghamton University Pid Ster wrote: On 15/12/2009 04:17, steflik wrote: Chuck, OK, I've read the document several times and still can't figure out what it is you are trying to tell me. I'm not using WARs so /META-INF/? doesn't come into play. If theContext statements don't go in to server.xml where should I put them, context.xml doesn't seem to be the appropriate place? A web app in the form of a directory is just an exploded/uncompressed WAR. Putting a META-INF directory inside the app dir still applies. Try it and see. (The manager host-manager apps preinstalled in Tomcat also use a META-INF directory.) p Dick Steflik Binghamton University Caldarale, Charles R wrote: From: steflik [mailto:stef...@binghamton.edu] Subject: Re: Tomcat Config Question Do I just move thecontext statements out of server.xml and into context.xml? It'sContext notcontext - case matters. or is there something else I have to do. Reading the doc would be a good first step: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat / windows 2008 IIS 7 x64
We did get tomcat to process the JSP on the localhost site, but it will not process .JSP on the others sites we have configured.Can you do multiple sites? I am assuming we are missing something in the Server.XML is where we need to define all this. -Original Message- From: Sabo, Eric Sent: Friday, November 20, 2009 7:53 AM To: Tomcat Users List Subject: RE: Tomcat / windows 2008 IIS 7 x64 Those steps I was not sure about, can you give me default values or settings, that might be my issue. The jsp is in the default web site, but I would like the whole server to have this ability - meaning more that just the default site, we will probably have a couple of web sites on this server. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:46 AM To: users@tomcat.apache.org Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:34, Sabo, Eric wrote: That step did not work, I have one file that has a simple jsp page it will not display it. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:31 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:23, Sabo, Eric wrote: 1. Tomcat is running on port 8080, at least I am getting to the default web site. Good start. 2-3. Don't know what you mean by this? How does one check? 2. Your application. JSP != PHP You can't just chuck JSP files into a published directory hope they work*. Do you have an application to deploy to Tomcat already? OK, so: What Connectors and Hosts you have defined in your server.xml? Where did you put the JSP? p p * Probably. Nothing has been written to my log files that I setup in the isap.properties file. I am new to tomcat so please bare with me on this. Thanks for all your help on this issue. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:21 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:11, Sabo, Eric wrote: Still after trying some more things we are still getting an HTTP Error 404.3 - Not Found - error code of 0x80070032 I followed this steps: http://jspors.blogspot.com/2009/01/setting-up-64-bit-tomcat-6-on-iis7.html Configure Tomcat (this is the part we are not really sure) Start with little steps: 1. Can you get Tomcat running with the default server.xml? 2. Next, can you get Tomcat running your app as a standalone? 3. After that connect IIS to Tomcat. Get back to us at each stage if it's not working. Don't forget to check log files. catalina.out is a good place to start. Set up server.xml Set up context.xml Set up isapi_redirect.properties, workers.properties, and uriworkermap.properties (see http://tomcat.apache.org/connectors-doc/reference/iis.html) Also how do we tell if we got the right executables meaning the right x64 ones? Tomcat won't start. Probably. p Since this is open source, is there anyone that does this setup for consulting fee? -Original Message- From: Sabo, Eric Sent: Thursday, November 19, 2009 11:38 AM To: 'users@tomcat.apache.org' Subject: Tomcat / windows 2008 IIS 7 x64 Is there any official documentation on how to setup Tomcat (ASPX/JSP java interpreter) on a Windows 2008 using IIS 7 (x64 platform) ? Thanks in advance, Eric Sabo Senior Windows Systems Engineer Information Technology Services - Operations California University of Pennsylvania Please note my new email address:eric.s...@calu.edu Notice: California University of Pennsylvania is changing its domain name from CUP.EDU to CALU.EDU, effective Aug. 14. Please make a note that all email addresses will change to use this domain name and record appropriate changes in your contact lists. The CUP.EDU address will continue to work in parallel for a short time and then will be discontinued. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: mod_jk and session stickyness of images requests
Thanks for all your answers so far! I'm still trying to figure out the problem but there are also some other things I need to take care of. Just to make it clear, here is a summary of my problem and what was suggested so far: - We have a webapp that serves content (html, xhtml, ...) and images (jpg, png, ...). - Both, content and images, are _not_ static. - They are generated by two different servlets in the same context. - The images are generated _only_ on the server that processed the content request. - This means subsequent image requests have to be routed to the same server as the content request. - We enabled session cookies and URL rewriting (the latter via EncodeUrlTransformer of Cocoon). - The cookie path is equal to the context path, so the cookies are valid for both servlets (content and images). - In general the whole mod_jk load balancing works fine, with or without cookies (I tried disabling cookies on my iPhone and it worked as expected). - Some devices however don't seem to send cookies with image requests, although they send a valid cookie with the previous content request. - The latter may or may not be a problem of the devices themselves or an intermediate proxy or something else (we already had a problem with BlackBerry servers killing sessions). I have yet to try what Rainer suggested: adding the cookie information to the access log. The problem was, that we need the access logs for statistics and I didn't know (till Christopher wrote it), that we could set up a secondary log. Once I have that running, I might be able to give more details. Greetings, Timo
Re: How to access JNDI resources on Tomcat level
On 15/12/2009 12:44, vramanaj wrote: Yes, I did. I have followed those configuration steps for other applications earlier. Are there any other configurations required to store the cookies in IE browser, if the application is ssl enabled ? No, Tomcat doesn't need to do anything special for IE. p Pid Ster wrote: On 15/12/2009 11:25, vramanaj wrote: The problem is https. For rememberMe in Josso, the site should be in ssl. I configured ssl in tomcat. Now i am getting the following error. I have installed the cert. in IE. Please help me if there are tomcat settings required for ssl. If the problem is setting up HTTPS, have you completed the steps included on the page below? http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html p 15 Dec 2009 06:14:38,992 DEBUG Error getting client certs javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352) at org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1012) at org.apache.coyote.Request.action(Request.java:352) at org.apache.catalina.connector.Request.getAttribute(Request.java:896) at org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263) at org.josso.gateway.signon.LoginSelectorAction.execute(LoginSelectorAction.java:67) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.josso.gateway.filter.ProtocolHandlerFilter.doFilter(ProtocolHandlerFilter.java:86) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:275) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) 15 Dec 2009 06:14:38,992 DEBUG Looking for cookie: JOSSO_REMEMBERME_josso 15 Dec 2009 06:14:38,992 DEBUG RemembermeCookie NOT found! Pid Ster wrote: On 14/12/2009 12:55, vramanaj wrote: Hi, I am through with the Josso configuration. Could be able to see the sso logon page, redirecting the authenticated username to the partner application. Facing problem with rememberMe option. Second time when i try to logon to the application, logon page is showing up again. I set 'rememberMeEnabled' to true in josso. For rememberMe in sso, i read that we need to set tomcat ssl enabled. I did that. JOSSO_REMEMBERME_josso is getting created. Still are there any configurations we need to do in tomcat ? No idea, but it sounds like a JOSSO problem. Maybe that community can assist. p Regards vramanaj wrote: Resolved AuthenticationFailureException issue. This is coming because i have used basic-authentication scheme. If basic-authentication scheme used, we need remove hasAlgorithm and hasEnconding properties in josso-gateway-auth.xml file. Now Josso session id is getting created. But getting the below error while trying to access the application: java.lang.RuntimeException: Outbound relaying failed. No Principal found. Verify your SSO Agent Configuration! org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:502) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
Trying to access a directory outside docBase... is it possible ?
Hi, I am new to Tomcat and JEE, but a new job means to learn new things. So right to my problem, wich I am sure is not too unusual, but I couldn't really find a solution (via google) so far. my directory structure looks as follows /opt/document-repository - mounted nfs-disk of an archiving system /opt/Tomcat/webapps/myApp.war - my project deployment file my webapp for now is just a bunch of servlets which, using java.io.File..., have no trouble to read the archiving systems directory structure listing to list all available archived pdf-files. With servlets and some CSS I managed to build a little directory tree in the browser output and linked the pdf-files to get opened (via adobe reader plugin) in an iframe this basically works if the pdf-files I want to open are located in the deployment directory. but what I want to do is to access the pdf-files of the archiving disk. it seems tho while the servlet java code {java.io...} CAN, tomcat CANNOT access the pdf-files, which are stored there. And my projects deployment directory and the archiving systems mount have to be separated, so I can not mount the nfs into the deployment directory nor can I put my application around the nfs-mount-directory I stumbled over a hint about adding a Context docBase=/opt/documents path=/documents/ directive to the web.xml file, but I haven't had any luck with my experiments so far, but then I realized that this would mean that I also have to move my project directory which I can't. So if there is any possibility to get this done (i am using linux incase you haven't guessed already) I would be very glad if anyone could drop a few lines to help me out. Thanks in advance! Ingo Gambin Brilliant Vorsorge GmbH Worringer Str. 2-4 D-40211 Düsseldorf Telefon: +49 (0) 211 / 61793-0 Mobil:+49 (0) 176 / 44 66 66 42 eMail:igam...@brilliant.de PGP-Fingerprint: D316 7343 EA4B 82C7 D96D 6917 3BF3 005A DA46 227F signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: Tomcat Config Question
On 15/12/2009 13:15, steflik wrote: Chuck, I'm a little bit hesitant as a number of the students are still struggleing to get their JSP project done. Right now the server is running and the Context statements that define where the apps are are right at the end of server.xml. This is an example of aContext ststement as they are currently in server.xml: Context docBase=/home/alti/public_html/alti path=/alti debug=0 reloadable=true crossContext=true/Context If this is moved out of server.xml and into /home/alti/public_html/alti/META_INF/ how will Tomcat know where the alti app is; I always thought that Tomcat followed the paths it found in server.xml to figure out where all of the apps were.? If this is where it goes what name does the file get context.xml or alti.xml? Maybe this would be useful: look at User Web Applications http://tomcat.apache.org/tomcat-6.0-doc/config/host.html p Dick Steflik Binghamton University Pid Ster wrote: On 15/12/2009 04:17, steflik wrote: Chuck, OK, I've read the document several times and still can't figure out what it is you are trying to tell me. I'm not using WARs so /META-INF/? doesn't come into play. If theContext statements don't go in to server.xml where should I put them, context.xml doesn't seem to be the appropriate place? A web app in the form of a directory is just an exploded/uncompressed WAR. Putting a META-INF directory inside the app dir still applies. Try it and see. (The manager host-manager apps preinstalled in Tomcat also use a META-INF directory.) p Dick Steflik Binghamton University Caldarale, Charles R wrote: From: steflik [mailto:stef...@binghamton.edu] Subject: Re: Tomcat Config Question Do I just move thecontext statements out of server.xml and into context.xml? It'sContext notcontext - case matters. or is there something else I have to do. Reading the doc would be a good first step: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 'Parametrizing' context.xml?
Bill Barker wrote: Mario Splivalo mario.spliv...@megafon.hr wrote in message news:4b266622.5060...@megafon.hr... Tomcat also supports ant-style variable replacement, so using that then Ken's example would look like: context-param param-namebaseprefix/param-name param-value${BPVAL}/param-value /context-param where BPVAL is a Java system property (that can be set in catalina.properties for example). And, those can be used also in apps context.xml? Of course, this only works for Tomcat. Ken's suggestion will work on any servlet container. Yes, in the long run I'll stick to those, but since we're only using Tomcat for now it would be much easier not to fiddle with ant. Thank you all! Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 6 not responding to any kind of request i.e. static and dynamic resources after some hours
hi, we are using tomcat 6, jdk1.5, CentOS 5, with 4gb of ram, data base is Oracle 11g. For the past one month we are getting this problem before that we don't. Tomcat hangs after running for several hours. Means initially it is taking around 24hr now it is hanging every 3 to 4 hr we can not say the exact time. When I see the graph using visualgc there is plenty of space and data sources are also sufficient I configured it 200. And http threads maxActive are 150. I am unable to find the problem. give suggestions to solve this problem. I didn't understand the thread dump. And we are sending per day nearly 5 mails to users using sendmail using java. The full thred dump as follows. Full thread dump Java HotSpot(TM) Server VM (1.5.0_19-b02 mixed mode): http-80-150 daemon prio=1 tid=0x093c4870 nid=0x37c2 runnable [0x7fb29000..0x7fb29db0] at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) at org.apache.coyote.http11.InternalInputBuffer.fill(InternalInputBuffer.java:735) at org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.java:366) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:808) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:595) http-80-149 daemon prio=1 tid=0x093c4160 nid=0x37c1 runnable [0x7fbaa000..0x7fbaaf30] at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) at org.apache.coyote.http11.InternalInputBuffer.fill(InternalInputBuffer.java:735) at org.apache.coyote.http11.InternalInputBuffer.parseRequestLine(InternalInputBuffer.java:366) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:808) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:454) at java.lang.Thread.run(Thread.java:595) ... all http-80-xx threads are in runnable like above . . DefaultQuartzScheduler_QuartzSchedulerThread prio=1 tid=0x86244118 nid=0x371f sleeping[0x821f6000..0x821f70b0] at java.lang.Thread.sleep(Native Method) at org.quartz.core.QuartzSchedulerThread.run(QuartzSchedulerThread.java:272) DefaultQuartzScheduler_Worker-9 prio=1 tid=0x8620e088 nid=0x371e in Object.wait() [0x82277000..0x82277e30] at java.lang.Object.wait(Native Method) - waiting on 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.getNextRunnable(SimpleThreadPool.java:428) - locked 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.access$000(SimpleThreadPool.java:47) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:518) DefaultQuartzScheduler_Worker-8 prio=1 tid=0x86254488 nid=0x371d in Object.wait() [0x822f8000..0x822f8db0] at java.lang.Object.wait(Native Method) - waiting on 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.getNextRunnable(SimpleThreadPool.java:428) - locked 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.access$000(SimpleThreadPool.java:47) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:518) DefaultQuartzScheduler_Worker-7 prio=1 tid=0x862542e8 nid=0x371c in Object.wait() [0x82379000..0x82379f30] at java.lang.Object.wait(Native Method) - waiting on 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.getNextRunnable(SimpleThreadPool.java:428) - locked 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.access$000(SimpleThreadPool.java:47) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:518) DefaultQuartzScheduler_Worker-6 prio=1 tid=0x864c8018 nid=0x371b in Object.wait() [0x823fa000..0x823faeb0] at java.lang.Object.wait(Native Method) - waiting on 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.getNextRunnable(SimpleThreadPool.java:428) - locked 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.access$000(SimpleThreadPool.java:47) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:518) DefaultQuartzScheduler_Worker-5 prio=1 tid=0x864c7e90 nid=0x371a in Object.wait() [0x8247b000..0x8247c030] at java.lang.Object.wait(Native Method) - waiting on 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.getNextRunnable(SimpleThreadPool.java:428) - locked 0x92767810 (a java.lang.Object) at org.quartz.simpl.SimpleThreadPool.access$000(SimpleThreadPool.java:47) at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:518) DefaultQuartzScheduler_Worker-4 prio=1 tid=0x86685dd0 nid=0x3719 in Object.wait()
RE: Very slow shutdown - 3 mins
From: Wayne Pope [mailto:waynemailingli...@gmail.com] Subject: Very slow shutdown - 3 mins I've done a thread dump, but as far as I can tell all looks ok. Not to me. You have numerous threads apparently spawned by a webapp that are still sitting around. Whatever webapp is responsible for them needs to implement a ServletContextListener to terminate those threads when the webapp is stopped. Tomcat knows nothing about them, so it can't do it. Some of the threads of interest that do not belong to Tomcat or the JVM: pool-1-thread-10 prio=3 tid=0x085b8800 nid=0x38 pool-1-thread-9 prio=3 tid=0x08e0b400 nid=0x37 pool-1-thread-8 prio=3 tid=0x09550c00 nid=0x36 pool-1-thread-7 prio=3 tid=0x08e74400 nid=0x35 pool-1-thread-6 prio=3 tid=0x08739000 nid=0x34 pool-1-thread-5 prio=3 tid=0x08b5e400 nid=0x32 pool-1-thread-4 prio=3 tid=0x08681400 nid=0x31 pool-1-thread-3 prio=3 tid=0x08b5f800 nid=0x2f pool-1-thread-2 prio=3 tid=0x0839f800 nid=0x2d pool-1-thread-1 prio=3 tid=0x087f6c00 nid=0x2a pool-3-thread-1 prio=3 tid=0x083fe400 nid=0x29 The above appear to be associated with some outbound HTTP call mechanism. Since they're not daemon threads, they won't go away nicely until someone tells them to (or Tomcat gets tired of waiting). MultiThreadedHttpConnectionManager cleanup daemon prio=3 tid=0x0824a400 nid=0x30 The manager for the above pooled threads. MySQL Statement Cancellation Timer daemon prio=3 tid=0x08498400 nid=0x18 Again, not a thread Tomcat creates, but at least it's a daemon. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Accumulation of Request Processors objects causes tomcat stuck?
From: Michal Singer [mailto:michal.sin...@expand.com] Subject: Accumulation of Request Processors objects causes tomcat stuck? i am running an application on tomcat which gets stuck when processing incoming messages after a while. So take a thread dump and find out what they're waiting for. While you're at it, tell us the Tomcat version, JVM version, and platform you're running on. I see accumulation of request processors objects in jconsole under: Catalina\RequestProcessor\http-8080. What do these objects mean, what does it mean that they accumulate? That's normal; those are threads Tomcat creates to process requests. can it explain tomcat's getting stuck? No, but a thread dump will show what in your webapp or database they're stuck on. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trying to access a directory outside docBase... is it possible ?
On 15/12/2009 13:46, Ingo Gambin wrote: Hi, I am new to Tomcat and JEE, but a new job means to learn new things. So right to my problem, wich I am sure is not too unusual, but I couldn't really find a solution (via google) so far. my directory structure looks as follows /opt/document-repository- mounted nfs-disk of an archiving system /opt/Tomcat/webapps/myApp.war- my project deployment file my webapp for now is just a bunch of servlets which, using java.io.File..., have no trouble to read the archiving systems directory structure listing to list all available archived pdf-files. With servlets and some CSS I managed to build a little directory tree in the browser output and linked the pdf-files to get opened (via adobe reader plugin) in an iframe this basically works if the pdf-files I want to open are located in the deployment directory. but what I want to do is to access the pdf-files of the archiving disk. it seems tho while the servlet java code {java.io...} CAN, tomcat CANNOT access the pdf-files, which are stored there. And my projects deployment directory and the archiving systems mount have to be separated, so I can not mount the nfs into the deployment directory nor can I put my application around the nfs-mount-directory I stumbled over a hint about adding a Context docBase=/opt/documents path=/documents/ directive to the web.xml file, but I haven't had any luck with my experiments so far, but then I realized that this would mean that I also have to move my project directory which I can't. So if there is any possibility to get this done (i am using linux incase you haven't guessed already) I would be very glad if anyone could drop a few lines to help me out. What actually happens when you try to access the files? Does the Tomcat process have sufficient rights to access that directory? p Thanks in advance! Ingo Gambin Brilliant Vorsorge GmbH Worringer Str. 2-4 D-40211 Düsseldorf Telefon: +49 (0) 211 / 61793-0 Mobil:+49 (0) 176 / 44 66 66 42 eMail:igam...@brilliant.de PGP-Fingerprint: D316 7343 EA4B 82C7 D96D 6917 3BF3 005A DA46 227F - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat / windows 2008 IIS 7 x64
On 15/12/2009 13:28, Sabo, Eric wrote: We did get tomcat to process the JSP on the localhost site, but it will not process .JSP on the others sites we have configured. Can you do multiple sites? Yes. p I am assuming we are missing something in the Server.XML is where we need to define all this. -Original Message- From: Sabo, Eric Sent: Friday, November 20, 2009 7:53 AM To: Tomcat Users List Subject: RE: Tomcat / windows 2008 IIS 7 x64 Those steps I was not sure about, can you give me default values or settings, that might be my issue. The jsp is in the default web site, but I would like the whole server to have this ability - meaning more that just the default site, we will probably have a couple of web sites on this server. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:46 AM To: users@tomcat.apache.org Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:34, Sabo, Eric wrote: That step did not work, I have one file that has a simple jsp page it will not display it. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:31 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:23, Sabo, Eric wrote: 1. Tomcat is running on port 8080, at least I am getting to the default web site. Good start. 2-3. Don't know what you mean by this? How does one check? 2. Your application. JSP != PHP You can't just chuck JSP files into a published directory hope they work*. Do you have an application to deploy to Tomcat already? OK, so: What Connectors and Hosts you have defined in your server.xml? Where did you put the JSP? p p * Probably. Nothing has been written to my log files that I setup in the isap.properties file. I am new to tomcat so please bare with me on this. Thanks for all your help on this issue. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:21 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:11, Sabo, Eric wrote: Still after trying some more things we are still getting an HTTP Error 404.3 - Not Found - error code of 0x80070032 I followed this steps: http://jspors.blogspot.com/2009/01/setting-up-64-bit-tomcat-6-on-iis7.html Configure Tomcat (this is the part we are not really sure) Start with little steps: 1. Can you get Tomcat running with the default server.xml? 2. Next, can you get Tomcat running your app as a standalone? 3. After that connect IIS to Tomcat. Get back to us at each stage if it's not working. Don't forget to check log files. catalina.out is a good place to start. Set up server.xml Set up context.xml Set up isapi_redirect.properties, workers.properties, and uriworkermap.properties (see http://tomcat.apache.org/connectors-doc/reference/iis.html) Also how do we tell if we got the right executables meaning the right x64 ones? Tomcat won't start. Probably. p Since this is open source, is there anyone that does this setup for consulting fee? -Original Message- From: Sabo, Eric Sent: Thursday, November 19, 2009 11:38 AM To: 'users@tomcat.apache.org' Subject: Tomcat / windows 2008 IIS 7 x64 Is there any official documentation on how to setup Tomcat (ASPX/JSP java interpreter) on a Windows 2008 using IIS 7 (x64 platform) ? Thanks in advance, Eric Sabo Senior Windows Systems Engineer Information Technology Services - Operations California University of Pennsylvania Please note my new email address:eric.s...@calu.edu Notice: California University of Pennsylvania is changing its domain name from CUP.EDU to CALU.EDU, effective Aug. 14. Please make a note that all email addresses will change to use this domain name and record appropriate changes in your contact lists. The CUP.EDU address will continue to work in parallel for a short time and then will be discontinued. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: exclusions from conf/web.xml are not being picked up
On 15/12/2009 06:45, Shaun Senecal wrote: I have a blanket security-constraint defined in my conf/web.xml, followed by a couple more specific security-constraints. However, it appears that the more specific ones are not being picked up. When I break in FormAuthenticator.invoke(), I can see in the constraints variable (SecurityConstraint[]) that only my global security-constraint is there so everything is requiring authentication. What am I doing wrong? I want to configure Tomcat such that /favicon.ico and /agentapp/* do not require authentication. conf/web.xml snippet: security-constraint web-resource-collection web-resource-nameThe entire SP/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-name*/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint security-constraint web-resource-collection web-resource-namefavicon.ico for browser tabs/web-resource-name url-pattern/favicon.ico/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint security-constraint web-resource-collection web-resource-nameagentapp/web-resource-name url-pattern/agentapp/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint The last two overlap with the first, so a union of them occurs. The /agentapp/ could be deployed in it's own war, or exploded dir, with a separate web.xml. The favicon is a bit more tricky, not sure you can do what you want to as long as the first rule exists. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 'Parametrizing' context.xml?
On 14/12/2009 16:21, Mario Splivalo wrote: Is there a way to 'parametrize' context.xml, for instance, in a manner one can 'parametrize' build.xml? For some webapplication in context.xml one puts, for instance, JDBC specific stuff. But, several developers can have different 'properties' for the database (different user accounts, and so on). Is there a way to parametrize those somehow, or each developer need to have separate context.xml? Despite the other helpful answers, I'm going to try a different tack. If each developer needs the web app to behave differently, then each developer will need their own version. In order to apply different settings, such as a DB user, one would need to restart the application - thus breaking it for other developers. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: cluster error recovered?
What are more reasonable values for those settings? mitch Filip Hanik - Dev Lists wrote: increase your send timeout, 3000 seconds is very aggressive, and you would have to tune away most long GC pauses to not timeout. increase your dropTimeout, it seems you're getting false positives, prolly GC again Filip On 12/11/2009 04:28 PM, Mitch Claborn wrote: tomcat 6.0.20 cluster See output below. There are errors at the beginning. Do the later messages (e.g. INFO: Manager [localhost#]; session state send at 12/11/09 5:16 PM received in 7,894 ms.) indicate that it recovered? Is there a way to somehow determine that the cluster is operational after the tomcat has been running for a while? Mitch Dec 11, 2009 5:16:43 PM org.apache.catalina.realm.JAASRealm setContainer INFO: Set JAAS app name Catalina Dec 11, 2009 5:16:43 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Dec 11, 2009 5:16:43 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.20 Dec 11, 2009 5:16:43 PM org.apache.catalina.ha.tcp.SimpleTcpCluster start INFO: Cluster is about to start Dec 11, 2009 5:16:44 PM org.apache.catalina.tribes.transport.ReceiverBase bind INFO: Receiver Server Socket bound to:/10.0.0.52:5000 Dec 11, 2009 5:16:44 PM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Setting cluster mcast soTimeout to 500 Dec 11, 2009 5:16:44 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4 Dec 11, 2009 5:16:44 PM org.apache.catalina.ha.tcp.SimpleTcpCluster memberAdded INFO: Replication member added:org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 0, 0, 53}:5000,{10, 0, 0, 53},5000, alive=73495212,id={103 55 44 -101 55 19 65 -86 -80 19 79 49 -64 64 -48 10 }, payload={}, command={}, domain={}, ] Dec 11, 2009 5:16:45 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:4 Dec 11, 2009 5:16:45 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8 Dec 11, 2009 5:16:45 PM org.apache.catalina.tribes.io.BufferPool getBufferPool INFO: Created a buffer pool with max size:104857600 bytes of type:org.apache.catalina.tribes.io.BufferPool15Impl Dec 11, 2009 5:16:46 PM org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNING: Context manager doesn't exist:localhost# Dec 11, 2009 5:16:46 PM org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNING: Context manager doesn't exist:localhost# Dec 11, 2009 5:16:46 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:8 Dec 11, 2009 5:16:46 PM org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNING: Context manager doesn't exist:localhost# Dec 11, 2009 5:16:47 PM org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNING: Context manager doesn't exist:localhost# Dec 11, 2009 5:16:47 PM org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNING: Context manager doesn't exist:localhost# Dec 11, 2009 5:16:48 PM org.apache.catalina.ha.session.ClusterSessionListener messageReceived WARNING: Context manager doesn't exist:localhost# Dec 11, 2009 5:16:49 PM org.apache.catalina.ha.session.DeltaManager start INFO: Register manager to cluster element Engine with name Catalina Dec 11, 2009 5:16:49 PM org.apache.catalina.ha.session.DeltaManager start INFO: Starting clustering manager at Dec 11, 2009 5:16:54 PM org.apache.catalina.tribes.group.interceptors.TcpFailureDetector memberDisappeared INFO: Received memberDisappeared[org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 0, 0, 53}:5000,{10, 0, 0, 53},5000, alive=73504284,id={103 55 44 -101 55 19 65 -86 -80 19 79 49 -64 64 -48 10 }, payload={}, command={}, domain={}, ]] message. Will verify. Dec 11, 2009 5:16:54 PM org.apache.catalina.tribes.group.interceptors.TcpFailureDetector memberDisappeared INFO: Verification complete. Member still alive[org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 0, 0, 53}:5000,{10, 0, 0, 53},5000, alive=73504284,id={103 55 44 -101 55 19 65 -86 -80 19 79 49 -64 64 -48 10 }, payload={}, command={}, domain={}, ]] Dec 11, 2009 5:16:54 PM org.apache.catalina.ha.tcp.SimpleTcpCluster send SEVERE: Unable to send message through cluster sender. org.apache.catalina.tribes.ChannelException: Operation has timed out(3000 ms.).; Faulty members:tcp://{10, 0, 0, 53}:5000; at org.apache.catalina.tribes.transport.nio.ParallelNioSender.sendMessage(ParallelNioSender.java:97) at
Re: Trying to access a directory outside docBase... is it possible ?
Am Dienstag, den 15.12.2009, 15:01 + schrieb Pid: o right to my problem, wich I am sure is not too unusual, but I couldn't really find a solution (via google) so far. my directory structure looks as follows /opt/document-repository- mounted nfs-disk of an archiving system /opt/Tomcat/webapps/myApp.war- my project deployment file my webapp for now is just a bunch of servlets which, using java.io.File..., have no trouble to read the archiving systems directory structure listing to list all available archived pdf-files. With servlets and some CSS I managed to build a little directory tree in the browser output and linked the pdf-files to get opened (via adobe reader plugin) in an iframe this basically works if the pdf-files I want to open are located in the deployment directory. but what I want to do is to access the pdf-files of the archiving disk. it seems tho while the servlet java code {java.io...} CAN, tomcat CANNOT access the pdf-files, which are stored there. And my projects deployment directory and the archiving systems mount have to be separated, so I can not mount the nfs into the deployment directory nor can I put my application around the nfs-mount-directory I stumbled over a hint about adding a Context docBase=/opt/documents path=/documents/ directive to the web.xml file, but I haven't had any luck with my experiments so far, but then I realized that this would mean that I also have to move my project directory which I can't. So if there is any possibility to get this done (i am using linux incase you haven't guessed already) I would be very glad if anyone could drop a few lines to help me out. What actually happens when you try to access the files? Does the Tomcat process have sufficient rights to access that directory? http://localhost:8080/myApp/PDFClient - entry servlet and main form http://localhost:8080/myApp/PDFViewer - servlet loaded in IFrame ok when I click on a linked PDF e. g. a href=http://localhost:8080/myApp/PDFViewer?file=document-repository/Folder%202/TestDok4.pdfpage=1; target=viewer-iframefilename/a in the PDFClient the PDFViewer should be loaded in the IFrame, which actually is a blank page that just embeds the PDF-File ...process request-parameters and session-vars... if(pdfFile!=null) { output = embed src=\+pdfFile+#page=+pdfPage +toolbar=0navpanes=0scrollbar=0view=Fit\ width= \550\ height=\550\; } When I call the Viewer with a file 'TestDok1.pdf' which is located in the 'war' file (main directory of the project), it works well, when a pdf-file from a location outside the project directory the generated html looks like it should: html head titlePDFViewer/title /head body embed src=document-repository/TestDok1.pdf#page=1toolbar=0navpanes=0scrollbar=0view=Fit width=550 height=550 /body /html but instead of opening the PDF-File the plugin opens nothing... well at least it reserves the 550x550 pixels for the presentation but all is white nothing is displayed /opt and recursively all contents have rwxrwxrwx... so I would think the access rights should not be the problem... Thx for the quick answer! Ingo signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
RE: exclusions from conf/web.xml are not being picked up
From: Pid [mailto:p...@pidster.com] Subject: Re: exclusions from conf/web.xml are not being picked up The /agentapp/ could be deployed in it's own war, or exploded dir, with a separate web.xml. The favicon is a bit more tricky, not sure you can do what you want to as long as the first rule exists. I think what the OP might be missing is that the url-pattern applies to the portion of the URL *after* the context selection path. If angentapp is indeed a separate webapp, nothing will ever match the /agentapp/* pattern. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trying to access a directory outside docBase... is it possible ?
On 15/12/2009 15:25, Ingo Gambin wrote: Am Dienstag, den 15.12.2009, 15:01 + schrieb Pid: o right to my problem, wich I am sure is not too unusual, but I couldn't really find a solution (via google) so far. my directory structure looks as follows /opt/document-repository- mounted nfs-disk of an archiving system /opt/Tomcat/webapps/myApp.war- my project deployment file my webapp for now is just a bunch of servlets which, using java.io.File..., have no trouble to read the archiving systems directory structure listing to list all available archived pdf-files. With servlets and some CSS I managed to build a little directory tree in the browser output and linked the pdf-files to get opened (via adobe reader plugin) in an iframe this basically works if the pdf-files I want to open are located in the deployment directory. but what I want to do is to access the pdf-files of the archiving disk. it seems tho while the servlet java code {java.io...} CAN, tomcat CANNOT access the pdf-files, which are stored there. And my projects deployment directory and the archiving systems mount have to be separated, so I can not mount the nfs into the deployment directory nor can I put my application around the nfs-mount-directory I stumbled over a hint about adding a Context docBase=/opt/documents path=/documents/ directive to the web.xml file, but I haven't had any luck with my experiments so far, but then I realized that this would mean that I also have to move my project directory which I can't. So if there is any possibility to get this done (i am using linux incase you haven't guessed already) I would be very glad if anyone could drop a few lines to help me out. What actually happens when you try to access the files? Does the Tomcat process have sufficient rights to access that directory? http://localhost:8080/myApp/PDFClient- entry servlet and main form http://localhost:8080/myApp/PDFViewer- servlet loaded in IFrame snip So what do your app logs say? If the viewer servlet isn't working where does it throw it's errors? p Thx for the quick answer! Ingo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trying to access a directory outside docBase... is it possible ?
Ingo Gambin wrote: ... my directory structure looks as follows /opt/document-repository - mounted nfs-disk of an archiving system /opt/Tomcat/webapps/myApp.war - my project deployment file my webapp for now is just a bunch of servlets which, using java.io.File..., have no trouble to read the archiving systems directory structure listing to list all available archived pdf-files. With servlets and some CSS I managed to build a little directory tree in the browser output and linked the pdf-files to get opened (via adobe reader plugin) in an iframe this basically works if the pdf-files I want to open are located in the deployment directory. but what I want to do is to access the pdf-files of the archiving disk. it seems tho while the servlet java code {java.io...} CAN, tomcat CANNOT access the pdf-files, which are stored there. And my projects deployment directory and the archiving systems mount have to be separated, so I can not mount the nfs into the deployment directory nor can I put my application around the nfs-mount-directory But maybe you could just create a link, inside your deployment directory, to the mount ? /opt/Tomcat/webapps/myApp/docs -- /opt/document-repository You would have to make sure that the user-id under which Tomcat runs has read access to that directory and to the documents in it. Otherwise, can you be more precise when you say that tomcat CANNOT access the files ? what URL is the client using, and what exactly happens ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and session stickyness of images requests
On 15.12.2009 14:36, Kockert, Timo wrote: Thanks for all your answers so far! I'm still trying to figure out the problem but there are also some other things I need to take care of. Just to make it clear, here is a summary of my problem and what was suggested so far: - We have a webapp that serves content (html, xhtml, ...) and images (jpg, png, ...). - Both, content and images, are _not_ static. - They are generated by two different servlets in the same context. - The images are generated _only_ on the server that processed the content request. - This means subsequent image requests have to be routed to the same server as the content request. - We enabled session cookies and URL rewriting (the latter via EncodeUrlTransformer of Cocoon). - The cookie path is equal to the context path, so the cookies are valid for both servlets (content and images). - In general the whole mod_jk load balancing works fine, with or without cookies (I tried disabling cookies on my iPhone and it worked as expected). - Some devices however don't seem to send cookies with image requests, although they send a valid cookie with the previous content request. And do they use a URL with encoded session to retrieve the images? If the link was encoded correctly, they should. You can easily check by looking at the existing access log. Or does cocoon no longer encode the session in the URL, if it sees the cookie in the previous request? - The latter may or may not be a problem of the devices themselves or an intermediate proxy or something else (we already had a problem with BlackBerry servers killing sessions). I have yet to try what Rainer suggested: adding the cookie information to the access log. The problem was, that we need the access logs for statistics and I didn't know (till Christopher wrote it), that we could set up a secondary log. Once I have that running, I might be able to give more details. Greetings, Timo Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Limit user sessions in tomcat
Hello, We frequently have situations where a user has brought down a tomcat entirely by himself by running the same transaction multiple times because the response was not quick enough. Is there a way through configuation of tomcat and mod_jk to control the number of concurrent transactions/sessions a user can maintain? Since this is something that can happen to anyone out there, I am curious as to how you are handling this scenario.. Thanks, Chetan
Re: Trying to access a directory outside docBase... is it possible ?
2009/12/15 André Warnier a...@ice-sa.com But maybe you could just create a link, inside your deployment directory, to the mount ? /opt/Tomcat/webapps/myApp/docs -- /opt/document-repository If you're going to do this, be Very Very Careful. Tomcat doesn't follow symbolic links by default, even on UNIX. This is for a very good reason: if you do this, Tomcat *will* follow the symlink and delete your PDFs when you undeploy your webapp. You probably don't want this to happen. This is a common enough use case (it comes up about once a month on the list) that Someone may have coded a quick serve the content from this directory servlet, probably based on the root webapp. Chris? You're generally the coder with quick hacks already developed... - Peter
RE: Limit user sessions in tomcat
This is an application level problem. You need to implement your own synchronization/locking system to prevent this from happening. If you're running reports that are taking a while, you might want to consider creating a system that will email the results to the clients rather than making them wait. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- From: Chetan Chheda [mailto:chetan_chh...@yahoo.com] Sent: Tuesday, December 15, 2009 9:04 AM To: users@tomcat.apache.org Subject: Limit user sessions in tomcat Hello, We frequently have situations where a user has brought down a tomcat entirely by himself by running the same transaction multiple times because the response was not quick enough. Is there a way through configuation of tomcat and mod_jk to control the number of concurrent transactions/sessions a user can maintain? Since this is something that can happen to anyone out there, I am curious as to how you are handling this scenario.. Thanks, Chetan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trying to access a directory outside docBase... is it possible ?
On 15/12/2009 16:05, Peter Crowther wrote: 2009/12/15 André Warniera...@ice-sa.com But maybe you could just create a link, inside your deployment directory, to the mount ? /opt/Tomcat/webapps/myApp/docs -- /opt/document-repository If you're going to do this, be Very Very Careful. Tomcat doesn't follow symbolic links by default, even on UNIX. This is for a very good reason: if you do this, Tomcat *will* follow the symlink and delete your PDFs when you undeploy your webapp. You probably don't want this to happen. This is a common enough use case (it comes up about once a month on the list) that Someone may have coded a quick serve the content from this directory servlet, probably based on the root webapp. Chris? You're generally the coder with quick hacks already developed... The OP already has a servlet AFAICT. It's just not working. p - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6 not responding to any kind of request i.e. static and dynamic resources after some hours
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sasidhar, On 12/15/2009 9:21 AM, sasidhar prabhakar wrote: Tomcat hangs after running for several hours. Means initially it is taking around 24hr now it is hanging every 3 to 4 hr we can not say the exact time. [snip] And we are sending per day nearly 5 mails to users using sendmail using java. [snip] Full thread dump Java HotSpot(TM) Server VM (1.5.0_19-b02 mixed mode): http-80-150 daemon prio=1 tid=0x093c4870 nid=0x37c2 runnable [0x7fb29000..0x7fb29db0] at java.net.SocketInputStream.socketRead0(Native Method) Maybe someone is DDOSing you because you are spamming them. shrug - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksntuQACgkQ9CaO5/Lv0PD/ZACcCOuF68Y6WapPgfA+2Jsw/JDU ctcAn2RiUg6VS0ZbA8odIBjIFAmIRlyY =bi2K -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Accumulation of Request Processors objects causes tomcat stuck?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michal, On 12/15/2009 9:55 AM, Caldarale, Charles R wrote: From: Michal Singer [mailto:michal.sin...@expand.com] Subject: Accumulation of Request Processors objects causes tomcat stuck? i am running an application on tomcat which gets stuck when processing incoming messages after a while. So take a thread dump and find out what they're waiting for. While you're at it, tell us the Tomcat version, JVM version, and platform you're running on. I see accumulation of request processors objects in jconsole under: Catalina\RequestProcessor\http-8080. What do these objects mean, what does it mean that they accumulate? That's normal; those are threads Tomcat creates to process requests. More specifically, unless you are using an Executor (unless you set this up yourself, you are not), your Connector will allocate as many threads as are required to serve the client demand (up to the configured maxThreads), but will never release them. Executors are smarter than that and can take request processor threads out of service if you feel strongly about reducing the number of idle threads. So, the presence of lots of threads is not a direct indication that anything is amiss. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksnt/IACgkQ9CaO5/Lv0PDbFACeL2ah5EhTDSje6gN6fav3jL43 etEAnjtzOPtQPba8a4BtEhfBaUtbVuSq =cUGp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trying to access a directory outside docBase... is it possible ?
2009/12/15 Ingo Gambin igam...@brilliant.de Hi, I am new to Tomcat and JEE, but a new job means to learn new things. So right to my problem, wich I am sure is not too unusual, but I couldn't really find a solution (via google) so far. my directory structure looks as follows /opt/document-repository - mounted nfs-disk of an archiving system /opt/Tomcat/webapps/myApp.war - my project deployment file my webapp for now is just a bunch of servlets which, using java.io.File..., have no trouble to read the archiving systems directory structure listing to list all available archived pdf-files. With servlets and some CSS I managed to build a little directory tree in the browser output and linked the pdf-files to get opened (via adobe reader plugin) in an iframe this basically works if the pdf-files I want to open are located in the deployment directory. but what I want to do is to access the pdf-files of the archiving disk. it seems tho while the servlet java code {java.io...} CAN, tomcat CANNOT access the pdf-files, which are stored there. And my projects deployment directory and the archiving systems mount have to be separated, so I can not mount the nfs into the deployment directory nor can I put my application around the nfs-mount-directory I stumbled over a hint about adding a Context docBase=/opt/documents path=/documents/ directive to the web.xml file, but I haven't had any luck with my experiments so far, but then I realized that this would mean that I also have to move my project directory which I can't. So if there is any possibility to get this done (i am using linux incase you haven't guessed already) I would be very glad if anyone could drop a few lines to help me out. Thanks in advance! Ingo Gambin Brilliant Vorsorge GmbH Worringer Str. 2-4 D-40211 Düsseldorf Telefon: +49 (0) 211 / 61793-0 Mobil:+49 (0) 176 / 44 66 66 42 eMail:igam...@brilliant.de PGP-Fingerprint: D316 7343 EA4B 82C7 D96D 6917 3BF3 005A DA46 227F Context docBase=/opt/documents path=/documents/ You must create documents.xml in conf/Catalina/localhost/ and put there this directive, not in web.xml
Re: Trying to access a directory outside docBase... is it possible ?
Pid wrote: On 15/12/2009 16:05, Peter Crowther wrote: 2009/12/15 André Warniera...@ice-sa.com But maybe you could just create a link, inside your deployment directory, to the mount ? /opt/Tomcat/webapps/myApp/docs -- /opt/document-repository If you're going to do this, be Very Very Careful. Tomcat doesn't follow symbolic links by default, even on UNIX. This is for a very good reason: if you do this, Tomcat *will* follow the symlink and delete your PDFs when you undeploy your webapp. Ooops. (Although I did specify read access for the Tomcat user-id. If it does not have write access to the directory pointed to, it should not be able to delete the files, right ?) You probably don't want this to happen. This is a common enough use case (it comes up about once a month on the list) that Someone may have coded a quick serve the content from this directory servlet, probably based on the root webapp. Chris? You're generally the coder with quick hacks already developed... The OP already has a servlet AFAICT. It's just not working. I think indeed the OP has some kind of servlet, and that one works. But I understood that he wanted Tomcat to serve these documents directly, as files, not going through a servlet. Maybe I got that wrong. OP ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Config Question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dick, On 12/15/2009 8:15 AM, steflik wrote: I'm a little bit hesitant as a number of the students are still struggling to get their JSP project done. Right now the server is running and the Context statements that define where the apps are are right at the end of server.xml. My recommendations: 1. Have your students submit a WAR file that you install under the auto-deploy webapps. You can call it 'cschultz.war' for me, for example. The students (and you) can access it via http://host/cschultz/ 2. No META-INF/context.xml is required if there's nothing special to add. I see you have: Context docBase=/home/alti/public_html/alti path=/alti debug=0 reloadable=true crossContext=true/Context If the Context is in META-INF/context.xml, then the docBase and path attributes are forbidden. debug is meaningless (you must be looking at old documentation if you've read anything about a debug attribute), relodable=true is the default, and crossContext=true is probably unnecessary (feel free to convince me). This constitutes a Context with nothing special. As such, the webapp /does not need to have a META-INF/context.xml file/. So, let's say I'm you and I want to configure my server to support this. Here's what I do: 1. Remove all Context elements from Tomcat's conf/server.xml file. 2. Make sure that there is a Host with autoDeploy=true and appBase=somewhere (webapps is not a bad choice). 3. When a student submits a webapp WAR file (see below), drop it into the webapps directory and it will auto-deploy. If you are a student, you do this: $ ls index.jsp my-great-example.jsp easter-egg.jsp $ jar cvf cschultz.war *.jsp $ echo Professor, Please find attached my submission for assignment 1.1. Thanks, - -chris | mutt -a cschultz.war stef...@binghamton.edu Now, to answer your other questions: If this is moved out of server.xml and into /home/alti/public_html/alti/META_INF/ how will Tomcat know where the alti app is; I always thought that Tomcat followed the paths it found in server.xml to figure out where all of the apps were.? Yes, but you can also use auto-deploy. The auto-deployer looks for changes in the webapps directory (new directories or WAR files) and deploys them. Any previously-deployed webapp is checked for changes (.class or .jar file changes) and re-deployed if necessary. Another option is to put the file into Tomcat's configuration directory instead of within the WAR file (or exploded webapp deployment directory). In that case, you put the file into conf/[service]/[host]/[appname].xml That file will have a docBase that points either to a WAR file or an exploded WAR structure on the disk. The name of the .xml file dictates the deployment path, so the path attribute is forbidden. If you need to have the students copy their own WAR files (or exploded WAR structures) somewhere specific, you could set up a webapps directory that allowed them to do that using standard UNIX file permissions (though you might have to sacrifice some security, or set up something overly complicated to make it work). Another option would be to set up a Host for each student, with it's own auto-deploy webapps directory to which only that student has access. Then they are responsible for their own WAR deployment. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksnuyAACgkQ9CaO5/Lv0PDn+ACgju7+0lr9idqtcnJjhxP6hxzV Py0AoLKFb8gCWXQvUT9uhcfhYr7cVxxh =Uo7j -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat / windows 2008 IIS 7 x64
Got it to work finally. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Tuesday, December 15, 2009 10:03 AM To: users@tomcat.apache.org Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 15/12/2009 13:28, Sabo, Eric wrote: We did get tomcat to process the JSP on the localhost site, but it will not process .JSP on the others sites we have configured. Can you do multiple sites? Yes. p I am assuming we are missing something in the Server.XML is where we need to define all this. -Original Message- From: Sabo, Eric Sent: Friday, November 20, 2009 7:53 AM To: Tomcat Users List Subject: RE: Tomcat / windows 2008 IIS 7 x64 Those steps I was not sure about, can you give me default values or settings, that might be my issue. The jsp is in the default web site, but I would like the whole server to have this ability - meaning more that just the default site, we will probably have a couple of web sites on this server. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:46 AM To: users@tomcat.apache.org Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:34, Sabo, Eric wrote: That step did not work, I have one file that has a simple jsp page it will not display it. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:31 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:23, Sabo, Eric wrote: 1. Tomcat is running on port 8080, at least I am getting to the default web site. Good start. 2-3. Don't know what you mean by this? How does one check? 2. Your application. JSP != PHP You can't just chuck JSP files into a published directory hope they work*. Do you have an application to deploy to Tomcat already? OK, so: What Connectors and Hosts you have defined in your server.xml? Where did you put the JSP? p p * Probably. Nothing has been written to my log files that I setup in the isap.properties file. I am new to tomcat so please bare with me on this. Thanks for all your help on this issue. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:21 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:11, Sabo, Eric wrote: Still after trying some more things we are still getting an HTTP Error 404.3 - Not Found - error code of 0x80070032 I followed this steps: http://jspors.blogspot.com/2009/01/setting-up-64-bit-tomcat-6-on-iis7.html Configure Tomcat (this is the part we are not really sure) Start with little steps: 1. Can you get Tomcat running with the default server.xml? 2. Next, can you get Tomcat running your app as a standalone? 3. After that connect IIS to Tomcat. Get back to us at each stage if it's not working. Don't forget to check log files. catalina.out is a good place to start. Set up server.xml Set up context.xml Set up isapi_redirect.properties, workers.properties, and uriworkermap.properties (see http://tomcat.apache.org/connectors-doc/reference/iis.html) Also how do we tell if we got the right executables meaning the right x64 ones? Tomcat won't start. Probably. p Since this is open source, is there anyone that does this setup for consulting fee? -Original Message- From: Sabo, Eric Sent: Thursday, November 19, 2009 11:38 AM To: 'users@tomcat.apache.org' Subject: Tomcat / windows 2008 IIS 7 x64 Is there any official documentation on how to setup Tomcat (ASPX/JSP java interpreter) on a Windows 2008 using IIS 7 (x64 platform) ? Thanks in advance, Eric Sabo Senior Windows Systems Engineer Information Technology Services - Operations California University of Pennsylvania Please note my new email address:eric.s...@calu.edu Notice: California University of Pennsylvania is changing its domain name from CUP.EDU to CALU.EDU, effective Aug. 14. Please make a note that all email addresses will change to use this domain name and record appropriate changes in your contact lists. The CUP.EDU address will continue to work in parallel for a short time and then will be discontinued. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail:
AW: mod_jk and session stickyness of images requests
Just to make it clear, here is a summary of my problem and what was suggested so far: - We have a webapp that serves content (html, xhtml, ...) and images (jpg, png, ...). - Both, content and images, are _not_ static. - They are generated by two different servlets in the same context. - The images are generated _only_ on the server that processed the content request. - This means subsequent image requests have to be routed to the same server as the content request. - We enabled session cookies and URL rewriting (the latter via EncodeUrlTransformer of Cocoon). - The cookie path is equal to the context path, so the cookies are valid for both servlets (content and images). - In general the whole mod_jk load balancing works fine, with or without cookies (I tried disabling cookies on my iPhone and it worked as expected). - Some devices however don't seem to send cookies with image requests, although they send a valid cookie with the previous content request. And do they use a URL with encoded session to retrieve the images? If the link was encoded correctly, they should. You can easily check by looking at the existing access log. Or does cocoon no longer encode the session in the URL, if it sees the cookie in the previous request? The EncodeUrlTransformer of Cocoon checks for an existing cookie and does not encode URLs if it finds one. So no, the image URLs in those cases are not encoded with a session ID. Otherwise the load balancing would work I guess. Greetings, Timo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Limit user sessions in tomcat
From: Chetan Chheda [mailto:chetan_chh...@yahoo.com] Subject: Limit user sessions in tomcat Is there a way through configuation of tomcat and mod_jk to control the number of concurrent transactions/sessions a user can maintain? Don't know about what you might be able to configure in httpd, but in Tomcat this is frequently done with a filter in conjunction with an HttpSessionListener to insure a user session is being used by an excessive number of concurrent requests. This keeps the throttling independent of the logic in the webapp. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Trying to access a directory outside docBase... is it possible ?
From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Subject: Re: Trying to access a directory outside docBase... is it possible ? This is a common enough use case (it comes up about once a month on the list) that Someone may have coded a quick serve the content from this directory servlet, probably based on the root webapp. A special servlet is not required - Tomcat's default servlet will do the job. Paolo already gave the correct answer, which is to set up a Context element for a dummy webapp: Context docBase=/opt/documents path=/documents/ You must create documents.xml in conf/Catalina/localhost/ and put there this directive, not in web.xml Although the path attribute must not be used - just the docBase. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Limit user sessions in tomcat
Caldarale, Charles R wrote: From: Chetan Chheda [mailto:chetan_chh...@yahoo.com] Subject: Limit user sessions in tomcat Is there a way through configuation of tomcat and mod_jk to control the number of concurrent transactions/sessions a user can maintain? Don't know about what you might be able to configure in httpd, but in Tomcat this is frequently done with a filter in conjunction with an HttpSessionListener to insure a user session is being used by an excessive number of concurrent requests. This keeps the throttling independent of the logic in the webapp. There exist a couple of add-on filter modules at the Apache level to handle that kind of thing. It might be better to do it at the earliest possible level, before you even hit mod_jk or Tomcat. On another level, I don't quite understand yet how this squares with the fact that most browsers will not establish more than 2 connections with the same webserver at the same time. It seems a bit difficult to imagine that one single user can crash a Tomcat just by repeatedly hitting the same link. Maybe the OP should just find that user and tell him to stop doing that. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Limit user sessions in tomcat
2009/12/15 André Warnier a...@ice-sa.com On another level, I don't quite understand yet how this squares with the fact that most browsers will not establish more than 2 connections with the same webserver at the same time. It seems a bit difficult to imagine that one single user can crash a Tomcat just by repeatedly hitting the same link. As far as the browser's concerned, clicking a link while a request is pending cancels the previous request (and generally closes the socket) and opens a new one. So it only has one connection open at any one time. As far as Tomcat's concerned - as shown by the recent emails on the topic - there's no way of detecting that closed socket and stopping its thread from trying to service it. So old requests build up, unwanted but impossible to discard until they complete or try to write something to the (closed) socket. - Peter
RE: Limit user sessions in tomcat
From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: Limit user sessions in tomcat On another level, I don't quite understand yet how this squares with the fact that most browsers will not establish more than 2 connections with the same webserver at the same time. Because when you click on another link (or re-click the same one), the browser closes its end of the connection to the server, and opens another one. Closing the client end is pretty much invisible to the server until it attempts to send a response, which won't happen until the webapp finishes processing the now useless request. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Limit user sessions in tomcat
Andre, We have a vast user population thats geographically dispersed, so implementing something thru the system would be the favourable approach.. Can you point me to links on the web that explain the add on modules and their implementation? All, Is there a 3rd party tool available to manage tomcat sessions and kill them once they go rogue? We dont have an inhouse development staff, so the best approach would be buying something off the shelf if it exists.. Thanks, Chetan From: Peter Crowther peter.crowt...@melandra.com To: Tomcat Users List users@tomcat.apache.org Sent: Tue, December 15, 2009 12:07:15 PM Subject: Re: Limit user sessions in tomcat 2009/12/15 André Warnier a...@ice-sa.com On another level, I don't quite understand yet how this squares with the fact that most browsers will not establish more than 2 connections with the same webserver at the same time. It seems a bit difficult to imagine that one single user can crash a Tomcat just by repeatedly hitting the same link. As far as the browser's concerned, clicking a link while a request is pending cancels the previous request (and generally closes the socket) and opens a new one. So it only has one connection open at any one time. As far as Tomcat's concerned - as shown by the recent emails on the topic - there's no way of detecting that closed socket and stopping its thread from trying to service it. So old requests build up, unwanted but impossible to discard until they complete or try to write something to the (closed) socket. - Peter
tomcat jdbc pool is not proxying resultSets and preparedStatements
Hi, I'm using ddlutils 1.0 and tomcat jdbc pool 1.0.7.1 and I getting an error due to a connection is closed and the pool is not aware of that. Basically the issue is that ddlutils has a resultset iterator and when it finishes it closes the connection by getting it from the * resultSet.preparedStatement.connection* and the connection returned is not the proxy that the pool has created. So the issue happens when another client retrieves a connection from the pool because the pool returns a connection that was actually closed. Why tomcat jdbc pool is not creating proxies for preparedStatements and resultSets like commons-dbcp? Is there any other way to address this issue? Thanks, Guillermo
Re: Limit user sessions in tomcat
2009/12/15 Chetan Chheda chetan_chh...@yahoo.com Is there a 3rd party tool available to manage tomcat sessions and kill them once they go rogue? Can I just check two pieces of terminology? In Tomcat (and many other web servers), a session is the notion that a user will make multiple requests to the server from the same browser over time. It's also used to refer to any data that the application keeps between these requests from the same user. I'm not aware of a way that a session could go rogue except by getting more and more data stored in it - in which case, it's time to file a bug report with your external development house and tell them to fix the leaky code! A single request to the server is one HTTP request from the browser* to the server, and the response from server to browser. This can cause problems if it takes a long time to service. Each request uses one thread while it is being serviced, then that thread is returned to the pool once the request completes. I'm not aware of any tool that will allow you to kill threads in the middle of a request if they go rogue. Are you having problems with rogue (large) sessions, or with rogue (long-running) requests? - Peter * Yes, to the pedants out there, I know this should more generally be called a user-agent or even a client, as so many HTTP requests now come from web services.
Re: Context Chicken Egg Problem
Hi Chris, Current architecture is to share a jar in shared/lib between the main webapps, an admin webapps and a localhost only management webapps. This was originally in Tomcat 3. New architecture will separate each, drop the management webapps and we'll control contexts via multicasting, jmx, and/or servlets. Any reason to share the JAR instead of weploying it several times? Memory and disk space are pretty cheap. We are running on 8 year old Sun Netra boxes and our loaded set takes up half of the available memory which is less than 1GB. Redeployment on Tomcat 6.0 will include new boxes. The economy is tough, we've been waiting for new hardware ... should be soon. Then we can make each Tomcat pretty generic and each context self contained with its own instance of our JAR. One question is whether we will need to share our oracle JAR. We don't currently use JNDI, we manage the connection pool directly. If we want to limit the poolsize based on the machine then we need to share. Otherwise we can allocate smaller pools to each webapps that needs access. I suppose our results will vary depending on whose JDBC we are using. Currently we use Oracle 8, but with our refresh will go to Oracle 10. What do you think? Thanks. Regards, Dave - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Limit user sessions in tomcat
Thanks Peter for the clarification. My background is that of a UNIX administrator not a web administrator and its showing from my posts.. My problem is long running requests. If the requests take longer than their fancy, the users just close the browser window, open a new one and resubmit the same request. I also noticed a lot of the following in my mod_jk logs which to me means the user killed the browser? ... [Tue Dec 15 02:56:30.491 2009] [3460:93] [info] jk_ajp_common.c (1688): Writing to client aborted or client network problems [Tue Dec 15 02:56:30.492 2009] [3460:93] [info] jk_ajp_common.c (2315): (31) sending request to tomcat failed (unrecoverable), becau se of client write error (attempt=1) [Tue Dec 15 02:56:30.778 2009] [3460:93] [info] jk_lb_worker.c (1339): service failed, worker 31 is in error state [Tue Dec 15 02:56:30.778 2009] [3460:93] [info] jk_lb_worker.c (1360): unrecoverable error 200, request failed. Client failed in the middle of request, we can't recover to another instance. [Tue Dec 15 02:56:30.778 2009] [3460:93] [info] mod_jk.c (2421): Aborting connection for worker=loadbalancer From: Peter Crowther peter.crowt...@melandra.com To: Tomcat Users List users@tomcat.apache.org Sent: Tue, December 15, 2009 12:42:01 PM Subject: Re: Limit user sessions in tomcat 2009/12/15 Chetan Chheda chetan_chh...@yahoo.com Is there a 3rd party tool available to manage tomcat sessions and kill them once they go rogue? Can I just check two pieces of terminology? In Tomcat (and many other web servers), a session is the notion that a user will make multiple requests to the server from the same browser over time. It's also used to refer to any data that the application keeps between these requests from the same user. I'm not aware of a way that a session could go rogue except by getting more and more data stored in it - in which case, it's time to file a bug report with your external development house and tell them to fix the leaky code! A single request to the server is one HTTP request from the browser* to the server, and the response from server to browser. This can cause problems if it takes a long time to service. Each request uses one thread while it is being serviced, then that thread is returned to the pool once the request completes. I'm not aware of any tool that will allow you to kill threads in the middle of a request if they go rogue. Are you having problems with rogue (large) sessions, or with rogue (long-running) requests? - Peter * Yes, to the pedants out there, I know this should more generally be called a user-agent or even a client, as so many HTTP requests now come from web services.
Re: AW: mod_jk and session stickyness of images requests
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timo, On 12/15/2009 8:36 AM, Kockert, Timo wrote: Just to make it clear, here is a summary of my problem and what was suggested so far: Thanks for the nice summary. After a long thread like this, it's nice to have everything together. - In general the whole mod_jk load balancing works fine, with or without cookies (I tried disabling cookies on my iPhone and it worked as expected). Good. - Some devices however don't seem to send cookies with image requests, although they send a valid cookie with the previous content request. We'll be interested to see what those devices turn out to be. I suspect that the iPhone is /not/ the culprit, since Safari is a pretty decent web browser. - The latter may or may not be a problem of the devices themselves or an intermediate proxy or something else (we already had a problem with BlackBerry servers killing sessions). Well, those servers can't kill the sessions, but they can interfere with the cookies. One thing you could do, if you identify that certain user agents (browsers) are failing to handle the cookies properly, you can disable cookies on certain browsers using a filter. If it comes to that, I can help you write such a filter if such a thing doesn't already exist. Can you describe the symptom in a bit more detail? Your claim is that the request for the image goes to the wrong server in the farm. How are you detecting that? Do you get an error when trying to access session data that you expect to be there? Do you get mismatched session ids (because the client requested session X, and the server didn't have that session, so session Y was created on demand)? I'm wondering if it's possible that there's a logic error in your code that is actually masquerading as a backend server-switch and you might be chasing the wrong problem. Just a thought: I'm not saying your code sucks :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn0XgACgkQ9CaO5/Lv0PBDxwCeLOTWWZ4SrB3H0edT3lHZM5nm NMYAn34cfVpdCAgffca1823YQeeqmKBQ =/ZQA -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AW: mod_jk and session stickyness of images requests
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timo, On 12/15/2009 8:36 AM, Kockert, Timo wrote: - We enabled session cookies and URL rewriting (the latter via EncodeUrlTransformer of Cocoon). Oh, and what version of Cocoon are you using? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn0Z0ACgkQ9CaO5/Lv0PDjNQCgtn7IoVAXPcprlMhO0sGOYbW0 1+kAoLHOmKtk8kG1vGSSuYdXDkzHSwuj =yk6A -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SessionID cookie not secure over SSL
On 15/12/2009 13:09, vramanaj wrote: I am not sure whether i can post this here or not. But i want to try my luck. Please don't hijack threads. Many members of this list will ignore posts that hijack other threads. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SSL problem
Fresh Tomact 6.0.20 install on a new Slackware (version 13 - 64bit) linux box. Access to 8080 works fine but neither 8443 nor 443 work. I believe 443 and 8443 are up because a nmap gives: Discovered open port 443/tcp on 127.0.0.1 Discovered open port 8080/tcp on 127.0.0.1 Discovered open port 8443/tcp on 127.0.0.1 The relevant portions of server.xml are: snip Connector port=8443 maxHttpHeaderSize=8192 maxThreads=600 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/usr/local/certs/tomcat_keystore.ks keystorePass=jellybean/ Connector port=443 maxHttpHeaderSize=8192 maxThreads=600 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/usr/local/certs/tomcat_keystore.ks keystorePass=jellybean/ /snip The cert is from Thawte and has been used in an existing server for the past year: r...@tomcat2:/usr/local/certs# -rw-r--r-- 1 root root 2493 2008-12-12 17:33 tomcat_keystore.ks Yes, I have googled (for the last day) and found many ideas but nothing seems to fit so I am asking if anyone sees anything that might be the cause. TIA, Carl
Re: Limit user sessions in tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 12/15/2009 12:01 PM, André Warnier wrote: On another level, I don't quite understand yet how this squares with the fact that most browsers will not establish more than 2 connections with the same webserver at the same time. Things have changed: http://www.webperformanceinc.com/library/reports/LoadTesting-IE8-Firefox/ It seems a bit difficult to imagine that one single user can crash a Tomcat just by repeatedly hitting the same link. If the webapp has been written in a way to allow it, this is definitely possible: write a long-running backend process and have the user click GO GO GO GO GO GO GO GO GO and suddenly you have lots of long-running backend processes running. Since the webapp doesn't try to write to the response during that time, Tomcat happily executes each request to completion without knowing that the client has hung up the phone. Maybe the OP should just find that user and tell him to stop doing that. :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn09UACgkQ9CaO5/Lv0PAOqgCfaT7o1QW0SNw3ORtD04nrDLnH q78AoIIKIshmnyNbAWBGS3U/wUDkbu7h =SrvE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat jdbc pool is not proxying resultSets and preparedStatements
On 15/12/2009 17:34, Guillermo Fernandes wrote: Hi, I'm using ddlutils 1.0 and tomcat jdbc pool 1.0.7.1 and I getting an error due to a connection is closed and the pool is not aware of that. Basically the issue is that ddlutils has a resultset iterator and when it finishes it closes the connection by getting it from the * resultSet.preparedStatement.connection* and the connection returned is not the proxy that the pool has created. So the issue happens when another client retrieves a connection from the pool because the pool returns a connection that was actually closed. Why tomcat jdbc pool is not creating proxies for preparedStatements and resultSets like commons-dbcp? That would be a bug. Please create a bugzilla entry. Is there any other way to address this issue? Use DBCP or one of the other connection pools? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL problem
From: Carl [mailto:c...@etrak-plus.com] Subject: SSL problem Access to 8080 works fine but neither 8443 nor 443 work. What does that mean? Does Tomcat return a message saying not working? (I doubt it.) I believe 443 and 8443 are up because a nmap gives: Do a netstat -an while Tomcat is running and make sure it's actually listening on those ports. The relevant portions of server.xml are: snip Did you perhaps snip out the comment marker that the default server.xml has around the SSL Connector? Post all of your server.xml. Are you using the APR library (probably named tcnative-1.so in Tomcat's bin directory)? If so, the SSL configuration is quite different. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL problem
On 15/12/2009 18:18, Carl wrote: Connector port=443 maxHttpHeaderSize=8192 maxThreads=600 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/usr/local/certs/tomcat_keystore.ks keystorePass=jellybean/ You are missing SSLEnabled=true to tell Tomcat to actually use SSL for that connector. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Limit user sessions in tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chetan, On 12/15/2009 11:03 AM, Chetan Chheda wrote: We frequently have situations where a user has brought down a tomcat entirely by himself by running the same transaction multiple times because the response was not quick enough. Does this usually end up being the same transaction (just one problematic service) or do you have many that could exhibit this problem? Is there a way through configuation of tomcat and mod_jk to control the number of concurrent transactions/sessions a user can maintain? No, but you can write some code to do it. Since this is something that can happen to anyone out there, I am curious as to how you are handling this scenario. We do not have such a problem on any of our webapps (that I know of), but here's what I would do: write a filter. This filter will: a. Check the user's session for a marker object. Let's call it DUPLICATE_REQUEST_MARKER. b. If the DUPLICATE_REQUEST_MARKER is present, we either: i. do a RUPLICATE_REQUEST_MARKER.wait() or ii. return an error message to the user (your choice, depending on your requirements) c. If the DUPLICATE_REQUEST_MARKER is not present, then i. create a DUPLICATE_REQUEST_MARKER and put it in the session ii. allow the request to continue iii. call DUPLICATE_REQUEST_MARKER.notify iv. remove DUPLICATE_REQUEST_MARKER from the session (Not sure if 'iv' and 'iii' above should be reversed... I haven't really thought about it much). Now, you can simply declare this filter in web.xml and map it to whatever problematic URLs you might have. This will allow a single user (as defined by their session) to perform only one long-running request at a time. If you want, you can go crazy with complex threading acrobatics like trying to interrupt the already-running thread so it stops processing the (presumed) aborted request, etc. but this should be enough to get you going, and prevent a single user from bringing down your application. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn1b0ACgkQ9CaO5/Lv0PCgyQCdFDv8ErN68mlXTRjBCzLdt18J JvQAoLIUJWrinTiHs/d33F6mi1B10qv7 =mlFy -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trying to access a directory outside docBase... is it possible ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter, On 12/15/2009 11:05 AM, Peter Crowther wrote: If you're going to do this, be Very Very Careful. Tomcat doesn't follow symbolic links by default, even on UNIX. This is for a very good reason: if you do this, Tomcat *will* follow the symlink and delete your PDFs when you undeploy your webapp. You probably don't want this to happen. +1 :) This is a common enough use case (it comes up about once a month on the list) that Someone may have coded a quick serve the content from this directory servlet, probably based on the root webapp. Chris? You're generally the coder with quick hacks already developed... Uh, file-serving code is pretty simple: set the Content-Type and Content-Length headers, open the file, deliver the bytes. It's so popular that it's already been written and even ships with Tomcat: it's called the DefaultServlet :) Seriously, though, Ingo was very close to a working solution: I stumbled over a hint about adding a Context docBase=/opt/documents path=/documents/ directive to the web.xml file Ohh! So close! That should be added to conf/server.xml (but not really, since that's no longer recommended). Let's do it the right way: Put this into conf/Catalina/localhost/document-repository.xml: Context docBase=/opt/document-repository path=/documents / I think you might have to restart Tomcat for it to pick up that config file, but it will create a new webapp context that serves files directly from that location. Your URLs will no longer look like this: http://localhost:8080/myApp/PDFViewer?file=document-repository/Folder%202/TestDok4.pdfpage=1 Instead, they can look just like this: /documents/Folder%202/TestDok4.pdfpage=1 You can even get rid of your PDFViewer servlet, because it's probably just serving bytes and not doing anything particularly exciting. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn2SsACgkQ9CaO5/Lv0PDlQACglU4lGn9398YVUBpjMGtbJP2X beoAn1zI4YyBJe9sr2MYZOSdlyCqXi3o =RPfr -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT - question] Limit user sessions in tomcat
Are there any standard techniques that a /developer/ of such a long running prccess could apply to wrap the process in a cocoon which periodically updates a browser with (real) progress data, and at the same time, such updates are verifications that the socket is still live and the user hasn't gone away; if the user has gone away, that would be detected and the wrapper would kill the process?? Thanks --Ken On Dec 15, 2009, at 1:22 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 12/15/2009 12:01 PM, André Warnier wrote: On another level, I don't quite understand yet how this squares with the fact that most browsers will not establish more than 2 connections with the same webserver at the same time. Things have changed: http://www.webperformanceinc.com/library/reports/LoadTesting-IE8-Firefox/ It seems a bit difficult to imagine that one single user can crash a Tomcat just by repeatedly hitting the same link. If the webapp has been written in a way to allow it, this is definitely possible: write a long-running backend process and have the user click GO GO GO GO GO GO GO GO GO and suddenly you have lots of long-running backend processes running. Since the webapp doesn't try to write to the response during that time, Tomcat happily executes each request to completion without knowing that the client has hung up the phone. Maybe the OP should just find that user and tell him to stop doing that. :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn09UACgkQ9CaO5/Lv0PAOqgCfaT7o1QW0SNw3ORtD04nrDLnH q78AoIIKIshmnyNbAWBGS3U/wUDkbu7h =SrvE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: j_security_check change the principal user
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peibel, On 12/15/2009 8:03 AM, peibel80 wrote: I have a web application (java,jsp) with j_security_check but the user that i use to authenticate need change por other in the Simpleprincipal for j_security_check store in the session as the primary user. Is possible? [snip] I try to explain I make login in jsp page login: person pass: xx i used j_security_check, then with an implementation of LoginModule valid user person against LDAP and when i make the return, some internal process recorded person in the PrincipalUser in the Session, and I want change person for person.example. If you have a LoginModule, can't you just use any Principal you want? boolean login() { // whatever subject.getPrincipals().addPrincipal(new Principal(evildoer)); } Or maybe this goes in the commit() method. I've never used JAAS before, so I'm not familiar with the procedures. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn2+4ACgkQ9CaO5/Lv0PBdzACcDTRSCkiS1Z4Oi6SgcB12YlaC PkQAnA9bW8yzuCYQuo+4pZu4HCVAuxMs =kydJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to access JNDI resources on Tomcat level
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, On 12/15/2009 7:44 AM, vramanaj wrote: Yes, I did [read the SSL HOWTO]. I have followed those configuration steps for other applications earlier. You may still need to import the /remote server's/ certificate into your keystore in order to trust that server's certificate. Does your LDAP server use a self-signed certificate? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn3GYACgkQ9CaO5/Lv0PCfxgCgrLZL7rf7vKYQjY9Hu47OQVhp hxkAn03btgtswea2P+lDwbihYbDl1ig8 =V1dR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT - question] Limit user sessions in tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ken, On 12/15/2009 1:52 PM, Ken Bowen wrote: Are there any standard techniques that a /developer/ of such a long running proccess could apply to wrap the process in a cocoon which periodically updates a browser with (real) progress data, and at the same time, such updates are verifications that the socket is still live and the user hasn't gone away; if the user has gone away, that would be detected and the wrapper would kill the process?? Uh, probably :) You'd probably want to do a few things: 1. Use a thread pool. This allows you to use your own threads to either do the real work, or to manage the connections back to the client. I recommend the former, and allowing Tomcat's threads to mostly sit idle while the thread pool does your long-running business tasks. 2. All your tasks need to be gracefully interruptable. If you are doing long-running database queries, then I'm not sure what you could do, since you're just waiting on the server. If you want to limit query time, there are methods in JDBC that allow you to at least request a time limit on a query (see Statement.setQueryTimeout), though that won't really help you out much because the query will simply be aborted after a certain amount of time. One way to make these tasks gracefully interruptable is to have them periodically check a stop flag that is accessible by the task itself, but also settable by, say, another thread. If the stop flag is ever true, clean everything up and stop the task, preferably indicating to the caller that the task was stopped instead of completing. 3. Have your webapp's code (running in the Tomcat-managed thread) poll for activity. Something like this: doGet() { Future future = new Task(); // be creative: see java.util.concurrent try { while(!future.isDone()) { try { Object result = future.get(1, TimeUnit.SECONDS); } catch (TimeoutException te) { response.flush(); // does this work? // now, just keep waiting... } } // send good response to client } catch (InterruptedException ie) { future.cancel(); response.sendError(); } catch (IOException ioe) { // client disconnected future.cancel(); response.sendError(); } finally { future.cancel(); // just in case } } - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn354ACgkQ9CaO5/Lv0PAQCgCfQGNbT9xF4FZ2PewPnFE52m8S BhoAni5ya2Yye8sO6YWjqjvB4Gxu79IU =WF/0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Limit user sessions in tomcat
Chetan Chheda wrote: Andre, We have a vast user population thats geographically dispersed, so implementing something thru the system would be the favourable approach.. Can you point me to links on the web that explain the add on modules and their implementation? All, Is there a 3rd party tool available to manage tomcat sessions and kill them once they go rogue? We dont have an inhouse development staff, so the best approach would be buying something off the shelf if it exists.. For something at the apache httpd front-end level, maybe start with a Google search for apache mod_cband. A direct link : http://codee.pl/cband.html I am suggesting this because you were mentioning mod_jk, implying that you have an Apache httpd front-end. I believe that if you want to limit this kind of thing, it is better to do it as early as possible when a request comes in, rather than waiting until an Apache/Tomcat connection is already established, and a Tomcat thread if already dedicated to processing this request (if only to reject it later). At the Apache level, instead of using something like JkMount /myApp ajp13 JkMount /myApp/* ajp13 to select which requests will be forwarded by Apache, via mod_jk, to Tomcat, you can use the alternative setup explained at the very end of this page : http://tomcat.apache.org/connectors-doc/reference/apache.html I find that this provides a clearer way to combine Apache configuration directives with the mod_jk proxying instructions. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Limit user sessions in tomcat
Chetan Chheda wrote: Thanks Peter for the clarification. My background is that of a UNIX administrator not a web administrator and its showing from my posts.. My problem is long running requests. If the requests take longer than their fancy, the users just close the browser window, open a new one and resubmit the same request. I also noticed a lot of the following in my mod_jk logs which to me means the user killed the browser? ... [Tue Dec 15 02:56:30.491 2009] [3460:93] [info] jk_ajp_common.c (1688): Writing to client aborted or client network problems [Tue Dec 15 02:56:30.492 2009] [3460:93] [info] jk_ajp_common.c (2315): (31) sending request to tomcat failed (unrecoverable), becau se of client write error (attempt=1) [Tue Dec 15 02:56:30.778 2009] [3460:93] [info] jk_lb_worker.c (1339): service failed, worker 31 is in error state [Tue Dec 15 02:56:30.778 2009] [3460:93] [info] jk_lb_worker.c (1360): unrecoverable error 200, request failed. Client failed in the middle of request, we can't recover to another instance. [Tue Dec 15 02:56:30.778 2009] [3460:93] [info] mod_jk.c (2421): Aborting connection for worker=loadbalancer This is typically the case you indicate : - a user clicks on a link, sending a request to Apache - Apache passes the request to mod_jk and waits for mod_jk to provide a response - mod_jk forwards the request to Tomcat - Tomcat receives the request and passes it to a thread for execution - the thread takes xxx time to process the request and produce the response - the thread sends the response back to mod_jk, and is now done - mod_jk wants to send the response back to Apache (and the client), but on writing to the client socket, gets an error, namely that the other end is no longer there (the client browser has closed the connection, because the user clicked somewhere else, maybe several minutes ago) - mod_jk logs the error above - but by that time, it is too late to do anything useful about it in Tomcat, because the webapp thread has already done all its processing for the request (uselessly). At the Tomcat webapp level, you can either do something like Christopher is suggesting (which avoids *accepting* additional identical requests from the same client, until this request is processed), or you can try to modify the application so that it at least starts returning something to the client very early in the request processing cycle. If it does that, it will get the error which mod_jk is seeing, bubbled up to its own response socket, much earlier. That may at least avoid unnecessary processing. Or again, you can try and catch these events much earlier, before they even get to Tomcat and start using up Tomcat resources. Being myself an Apache/mod_perl guy more than a Tomcat/Java guy, I would do this by means of a PerlAccessHandler at the Apache front-end level, implementing much the same logic as Chris mentions in his post about a servlet filter. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6 and IIS 7
Hi Peter; no other service listens to port 80, except Tomcat and IIS. When IIS stops and Tomcat start, running netstat -an returns what I expected. However, then Tomcat stop, and IIS start, running netstat -an got below: TCP [::]:80 [::]:0 LISTENING Even though, I set IIS to bind to one IP, run IE on the machine to both IP addresses gave me IIS page. Thanks. Tuan. From: Peter Crowther peter.crowt...@melandra.com To: Tomcat Users List users@tomcat.apache.org Sent: Thu, December 10, 2009 3:54:58 PM Subject: Re: Tomcat 6 and IIS 7 Stop both, netstat -an - is there anything active on port 80? If so, find it and terminate with extreme prejudice ;-). Start Tomcat. netstat -an - what address(es) does it report Tomcat as being bound to? Are they what you expect? Stop Tomcat, start IIS7, netstat -an again - what address(es) does it report IIS as being bound to? Are they what you expect? If all of those are what you expect, please come back to the list and I'll have another think! - Peter 2009/12/10 Tuan Quan tuan_q...@yahoo.com Hi all, I have a problem getting both Tomcat 6 (running on port 80) and IIS 7 (also, on port 80 - But different IP address) The server has two IP addresses. and I'd like to dedicate each IP to Tomcat and IIS. I'm able to assign Tomcat to only ONE IP address. Then went to IIS 7 to bind it to the other IP address - however, once Tomcat started, IIS 7 does not work - even though I specifically set it to listen to a different IP than the Tomcat. Any idea would be very appreciated. Thanks. Tuan
Re: tomcat jdbc pool is not proxying resultSets and preparedStatements
Ok, I agree it is a bug. I have created the ticket: https://issues.apache.org/bugzilla/show_bug.cgi?id=48392 https://issues.apache.org/bugzilla/show_bug.cgi?id=48392Actually I'm using commons-dbcp but were are not getting good performance results so I wanted to try out with the tomcat jdbc-pool. Thanks, Guillermo On Tue, Dec 15, 2009 at 3:25 PM, Mark Thomas ma...@apache.org wrote: On 15/12/2009 17:34, Guillermo Fernandes wrote: Hi, I'm using ddlutils 1.0 and tomcat jdbc pool 1.0.7.1 and I getting an error due to a connection is closed and the pool is not aware of that. Basically the issue is that ddlutils has a resultset iterator and when it finishes it closes the connection by getting it from the * resultSet.preparedStatement.connection* and the connection returned is not the proxy that the pool has created. So the issue happens when another client retrieves a connection from the pool because the pool returns a connection that was actually closed. Why tomcat jdbc pool is not creating proxies for preparedStatements and resultSets like commons-dbcp? That would be a bug. Please create a bugzilla entry. Is there any other way to address this issue? Use DBCP or one of the other connection pools? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Context Chicken Egg Problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, I'm bringing this back onto the list in case it helps anyone. Also marking OT. On 12/15/2009 1:42 PM, David Fisher wrote: We designed things during the Tomcat 3 timeframe. I will need to push my developer to do it the JNDI way, I'll likely have to do it myself. I've found these resources: http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html http://tomcat.apache.org/tomcat-6.0-doc/jndi-datasource-examples-howto.html Are there other resources that you would recommend for configuring JDBC through JNDI? Those are pretty comprehensive. Configuring JNDI DataSources isn't all that hard: just put a Resource element into your Context and make sure your driver's JAR file is available to the common ClassLoader (so Tomcat can create the objects, and your code can use them). Any technotes about db failover, etc. Should we consider DBCP? All db failover should be done through your driver. Tomcat uses commons-dbcp under the hood, so you're already using connection pooling. There's a newer pool available if you want to try it out (higher performance, more features), but it appears to have a few bugs in it, and it's not really ready for prime-time. How well does this technique work in an Eclipse environment? Eclipse should be able to run Tomcat normally and the use of JNDI shouldn't be a problem. I don't use Eclipse, though, so I don't know for sure. I haven't read too many complaints on the list about JNDI not working via Eclipse. I'm pretty sure that the Oracle JDBC drivers are compatible with all versions of the server. You should use the most up-to-date version of the Oracle JDBC driver that you can find, regardless of the server version. I know it, but then I have a conservative developer who is afraid of taking the risk, even though Oracle says the 10g JDBC is ok with Oracle 8. I didn't think Oracle even had server-version-specific JDBC drivers. Anyhow, go ahead and use the version-matched JDBC driver if it makes your developers happy. No matter what you do, make sure to test the hell out of it before it goes into production :) We have a JIRA instance that requires the Oracle 9 drivers and my oracle session view is missing the os_user and program from that system's connections. So, I can't argue too strongly to update our jdbc jar. Hmm... that's definitely a problem when it comes to Tomcat-managed DataSources: all webapps must use the same driver version. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn6DUACgkQ9CaO5/Lv0PCTFgCeMMdLX3kKtgnTs3ud6LhHjaSD QfIAn08yBCQINkPMSvDIcIi3TfC5lvas =sR9Z -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL problem
Chuck, When I try to go to either 8443 or 443, with: https://10.10.10.30/ or https://10.10.10.30:8443/ I get the following: Secure Connection Failed An error occurred during a connection to 10.10.10.30. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long) * The page you are trying to view can not be shown because the authenticity of the received data could not be verified. * Please contact the web site owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site. but when I use https://10.10.10.30:8080/, I get the Tomcat page. nstat -an gives nothing, no output. The entire server.xml is: (rather large as I haven't started pruning out the things I don't need): ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 maxHttpHeaderSize=8192 maxThreads=600 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 scheme=http acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8443 maxHttpHeaderSize=8192 maxThreads=600 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/usr/local/certs/tomcat_keystore.ks keystorePass=jellybean/ !-- Define a SSL HTTP/1.1 Connector on port 443 -- Connector port=443 maxHttpHeaderSize=8192 maxThreads=600 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/usr/local/certs/tomcat_keystore.ks keystorePass=jellybean/ !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true
Re: SSL problem
Mark and Chuck, I am so embarrassed, I should have caught that. It works properly with that one little addition. You guys (and others also) provide so much help. All I can say is thanks. Carl - Original Message - From: Mark Thomas ma...@apache.org To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, December 15, 2009 1:28 PM Subject: Re: SSL problem On 15/12/2009 18:18, Carl wrote: Connector port=443 maxHttpHeaderSize=8192 maxThreads=600 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/usr/local/certs/tomcat_keystore.ks keystorePass=jellybean/ You are missing SSLEnabled=true to tell Tomcat to actually use SSL for that connector. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AW: mod_jk and session stickyness of images requests
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Timo, On 12/15/2009 8:36 AM, Kockert, Timo wrote: - We enabled session cookies and URL rewriting (the latter via EncodeUrlTransformer of Cocoon). Oh, and what version of Cocoon are you using? I believe that I saw pass, a few posts ago, something about Cocoon seeing a cookie, and thus deciding not to do URL-rewriting for the links in the current response. Let me very hypothetically suggest a scenario : - some user agent out there has a bug, with the consequence that for img .. links embedded in a page, it does not send cookies with the corresponding requests. But for html pages it does. (*) - at the server side, to accomodate both agents that can handle cookies and agents that cannot, in principle the setup is to do both : send a session-id cookie, but also do URL-rewriting and add a ;jsessionid attribute to the URLs. - However Cocoon interferes with that setup, in the sense that when it gets a request with a cookie, it does not do the rewriting of the URLs embedded in the response page; instead it just responds with a Set-Cookie header. - so now the user-agent gets a response html page, in which the embedded img links have not been rewritten, and thus do not contain the ;jesssionid.. attribute. When it requests these images, the URLs for said requests do not contain the jsessionid attribute; and because of the aforementioned bug, it does not send a cookie either. I know it is kind of a bizarre bug for an agent, but it seems to fit the symptoms. Once you have eliminated the impossible, what remains, however improbable, must be the truth. One way of checking this would be to log, at the server level, the request URLs together with the corresponding HTTP headers (**). If you see a request for an image come in, without a ;jsessionid attribute in the URL, AND without a Cookie: JSESSIONID, then it must be so. (*) Note that this is why, early in the cycle, I specifically asked if the images were being requested by some separate applet or Javascript thingie, rather than a simple img link. That is because it might have explained why the main request, for a page, may have contained a Cookie, but the img requests not. (**) or use Wireshark, and filter for HTTP requests fitting the image pattern. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT - question] Limit user sessions in tomcat
Chris, Thanks. We do #1 routinely, usually setting the thread(s) up as workers managing a queue. #2 can be problematic as you note: long-running db queries or long graphics generation are hard to fit into this model simply because one is using someone else's monolithic code that makes no such provisions. #3 is what I was wondering about. So far our long tasks haven't been terribly long, but some are reaching that (user-frustration) boundary. Cheers, Ken On Dec 15, 2009, at 2:12 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ken, On 12/15/2009 1:52 PM, Ken Bowen wrote: Are there any standard techniques that a /developer/ of such a long running proccess could apply to wrap the process in a cocoon which periodically updates a browser with (real) progress data, and at the same time, such updates are verifications that the socket is still live and the user hasn't gone away; if the user has gone away, that would be detected and the wrapper would kill the process?? Uh, probably :) You'd probably want to do a few things: 1. Use a thread pool. This allows you to use your own threads to either do the real work, or to manage the connections back to the client. I recommend the former, and allowing Tomcat's threads to mostly sit idle while the thread pool does your long-running business tasks. 2. All your tasks need to be gracefully interruptable. If you are doing long-running database queries, then I'm not sure what you could do, since you're just waiting on the server. If you want to limit query time, there are methods in JDBC that allow you to at least request a time limit on a query (see Statement.setQueryTimeout), though that won't really help you out much because the query will simply be aborted after a certain amount of time. One way to make these tasks gracefully interruptable is to have them periodically check a stop flag that is accessible by the task itself, but also settable by, say, another thread. If the stop flag is ever true, clean everything up and stop the task, preferably indicating to the caller that the task was stopped instead of completing. 3. Have your webapp's code (running in the Tomcat-managed thread) poll for activity. Something like this: doGet() { Future future = new Task(); // be creative: see java.util.concurrent try { while(!future.isDone()) { try { Object result = future.get(1, TimeUnit.SECONDS); } catch (TimeoutException te) { response.flush(); // does this work? // now, just keep waiting... } } // send good response to client } catch (InterruptedException ie) { future.cancel(); response.sendError(); } catch (IOException ioe) { // client disconnected future.cancel(); response.sendError(); } finally { future.cancel(); // just in case } } - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn354ACgkQ9CaO5/Lv0PAQCgCfQGNbT9xF4FZ2PewPnFE52m8S BhoAni5ya2Yye8sO6YWjqjvB4Gxu79IU =WF/0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL problem
Carl wrote: Fresh Tomact 6.0.20 install on a new Slackware (version 13 - 64bit) linux box. Access to 8080 works fine but neither 8443 nor 443 work. Can you define does not work ? What error are you seeing ? - is it a failure to even connect to that port on the server ? - or do you get a Tomcat error page as a response ? I believe 443 and 8443 are up because a nmap gives: Discovered open port 443/tcp on 127.0.0.1 Discovered open port 8080/tcp on 127.0.0.1 Discovered open port 8443/tcp on 127.0.0.1 Try on the server : netstat -pan and verify that the process associated with each of the ports is really Tomcat, or something else. The relevant portions of server.xml are: snip Connector port=8443 maxHttpHeaderSize=8192 maxThreads=600 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/usr/local/certs/tomcat_keystore.ks keystorePass=jellybean/ Connector port=443 maxHttpHeaderSize=8192 maxThreads=600 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=/usr/local/certs/tomcat_keystore.ks keystorePass=jellybean/ /snip These look OK (to me), provided that they do not have !-- ... -- tags around them. (Neither really your snip../snip tags above). Come on, do check. It is a frequent enough error. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Context Chicken Egg Problem
On the Eclipse question: Eclipse basically just starts your Tomcat (which you configure into Eclipse), using it's own startup script which maps all Tomcat output into the Eclipse console. As such, JNDI (or whatever else) works just like it does when start Tomcat from it's own startup.sh in ~bin. On Dec 15, 2009, at 2:49 PM, Christopher Schultz wrote: Eclipse should be able to run Tomcat normally and the use of JNDI shouldn't be a problem. I don't use Eclipse, though, so I don't know for sure. I haven't read too many complaints on the list about JNDI not working via Eclipse. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Expired client certificate was not rejected by server
Using the keytool, I generated a couple of client trust/key stores and a server trust/key store to setup two way ssl authentication. I used a single jks file as both the trust/key store for each client/server. I've setup the tomcat 6 secure connector to require the client to present it's cert . Connector SSLEnabled=true clientAuth=true minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 keystoreFile=conf/server.jks keystorePass=myPassword keystoreType=JKS port=8443 protocol=HTTP/1.1 scheme=https secure=true sslProtocol=TLS truststoreFile=conf/server.jks truststorePass=myPassword truststoreType=JKS/ For the most part, the setup seems to be working fine. Tomcat allows request from clients with valid certificates (trusted/valid date range) and denies clients with unknown certificates (i.e. wasn't imported into server trust store). However, I had one case where I purposely created a client certificate to be valid for only 1 day in order test expired certificates. Even though we were well past the valid date range of the certificate, it didn't seem that Tomcat checked the expired date range during the certificate validation and allowed the request to proceed? I believe that the check happens in X509Certificate.checkValidity(date) method, but debugging from eclipse, it doesn't seem like this method was ever called. I've checked most of the message boards and people seem to have the opposite problem (i.e. expired certificate preventing access and they need to renew/replace). I figured that this check should happen by default and did not find any additional attributes on the Connector to indicate that it was something that needed to be specified explicitly. Any insights will be greatly appreciated.
Re: [OT - question] Limit user sessions in tomcat
Ken Bowen wrote: Chris, Thanks. We do #1 routinely, usually setting the thread(s) up as workers managing a queue. #2 can be problematic as you note: long-running db queries or long graphics generation are hard to fit into this model simply because one is using someone else's monolithic code that makes no such provisions. #3 is what I was wondering about. So far our long tasks haven't been terribly long, but some are reaching that (user-frustration) boundary. All in all, it seems quite a messy problem. To really detect that the client has gone while you are still doing something for him, would require : 1) the ability to send from time to time some output to the client, which a) would generate an error if the client has really gone and the socket is closed in that direction b) but would not disturb the client in any way if per chance it is still there and waiting for an answer. 2) the ability to do this asynchronously with the real request processing which is taking place in the meantime 3) a mechanism for, in case the client has gone in the meantime, telling the process that is processing the request, that it can drop it and discard whatever it wanted to output. Or alternatively, a method for killing the request-processing process properly from outside. 4) a mechanism for cleaning this all up properly when the real response output has been initiated. 5) the ability to set this up selectively only for requests likely to take a certain time to process, so as not make the whole thing very inefficient. It would seem that there ought to be some low-level response-direction socket flag that should be available, to tell whether the receiving end has gone, without actually having to send anything from a higher-level code module. But getting to that low-level socket data does not seem to be so easy in Java, is it ? I remember trying once to get back there starting from the HttpServletResponse object, and not getting anywhere fast. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT - question] Limit user sessions in tomcat
From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: [OT - question] Limit user sessions in tomcat It would seem that there ought to be some low-level response-direction socket flag that should be available, to tell whether the receiving end has gone, without actually having to send anything from a higher-level code module. But getting to that low-level socket data does not seem to be so easy in Java, is it ? It's not hard in Java (Socket.getRemoteSocketAddress() or Socket.isConnected() should work), but there's nothing in the servlet spec that allows a servlet thread to obtain for that information. Ideally, the container (Tomcat) would asynchronously monitor the socket status and set some flag in the Request object for the webapp code to examine at its leisure. Might also be able to implement this with a new form of listener. I haven't looked at the Servlet 3 spec to see if anything is in there for this rather common problem. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT - question] Limit user sessions in tomcat
On 15/12/2009 22:01, Caldarale, Charles R wrote: From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: [OT - question] Limit user sessions in tomcat It would seem that there ought to be some low-level response-direction socket flag that should be available, to tell whether the receiving end has gone, without actually having to send anything from a higher-level code module. But getting to that low-level socket data does not seem to be so easy in Java, is it ? It's not hard in Java (Socket.getRemoteSocketAddress() or Socket.isConnected() should work), but there's nothing in the servlet spec that allows a servlet thread to obtain for that information. Ideally, the container (Tomcat) would asynchronously monitor the socket status and set some flag in the Request object for the webapp code to examine at its leisure. Might also be able to implement this with a new form of listener. I haven't looked at the Servlet 3 spec to see if anything is in there for this rather common problem. Comet? p THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: exclusions from conf/web.xml are not being picked up
Thanks Chuck. That is in fact what I was doing, so I will move that into the webapps web.xml. Pid, I'm actually not as concerned about the favicon as I am with agentapp, but your suggestion of moving it into the webapp seems to be the key. Thanks. On Wed, Dec 16, 2009 at 12:32 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Pid [mailto:p...@pidster.com] Subject: Re: exclusions from conf/web.xml are not being picked up The /agentapp/ could be deployed in it's own war, or exploded dir, with a separate web.xml. The favicon is a bit more tricky, not sure you can do what you want to as long as the first rule exists. I think what the OP might be missing is that the url-pattern applies to the portion of the URL *after* the context selection path. If angentapp is indeed a separate webapp, nothing will ever match the /agentapp/* pattern. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT - question] Limit user sessions in tomcat
On Tue, Dec 15, 2009 at 11:01 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: [OT - question] Limit user sessions in tomcat It would seem that there ought to be some low-level response-direction socket flag that should be available, to tell whether the receiving end has gone, without actually having to send anything from a higher-level code module. But getting to that low-level socket data does not seem to be so easy in Java, is it ? It's not hard in Java (Socket.getRemoteSocketAddress() or Socket.isConnected() should work), but there's nothing in the servlet spec that allows a servlet thread to obtain for that information. Ideally, the container (Tomcat) would asynchronously monitor the socket status and set some flag in the Request object for the webapp code to examine at its leisure. Might also be able to implement this with a new form of listener. I haven't looked at the Servlet 3 spec to see if anything is in there for this rather common problem. Hmm, last time I implemented a tcp/ip stack (which is more than 10 years ago) there were no possibility in the tcp protocol to detect a broken (not closed) connection except via so_timeout which should be large enough for a webapp to reply. As far as I know, socket.isConnected will never return false, once connected, even if you close the Socket on your side, isConnected will still return true. As for the OPs question (and i apologize if the answer was already given) the common approach to prevent f5-hitting users on long-running requests is to start a background thread which processes the request (or, more modern, use a Future and the Executor facilities) and return the current request back to the user with a waiting page, which refreshes itself in short periods checking whether the background task is yet finished and redirecting to the result page when done. regards Leon - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Page 404 on mydomain.com/share but not localhost:8080/share
Hello- I am running Alfresco on Apache/Tomcat on Snow Leopard 10.6.2 and have an anomaly that I can¹t figure out. http://localhost:8080/alfresco works as expected http://localhost:8080/share works as expected http://mydomain.com/alfresco works as expected http://mydomain.com/share fails. When I go to http://mydomain.com/share the url redirects to http://mydomain.com/share/page/site-index and logs a 404 error. I have posted this on the Alfresco and Apple Snow Leopard forum with no avail... Thanks for your help, Tim
Could not init service for worker=jkstatus
Hi I having a problem with mod_jk [ Could not init service for worker=avizpado] where avizpado is my workername [ you can see all the configuration attatch] i already have test if the port 8009 is open [nmap and telenet] and is open but i have absolute no idea what is wrong Thanks in avance for the help Happy Holidays Carlos O. PD. If you need more information please ask. Information Os Centos 5 x84_64 Mod_jk 1.2.26 [from http://archive.apache.org/dist/tomcat/tomcat-connectors/jk/binaries/linux/jk-1.2.26/x86_64/ ] JDK 1.6.0.12 Apache INFO Apache Version Apache/2.2.9 (Unix) PHP/5.2.6 mod_jk/1.2.26 Apache API Version 20051115 User/Group daemon(2)/2 Max Requests Per Child: 1 - Keep Alive: on - Max Per Connection: 100 Timeouts Connection: 300 - Keep-Alive: 5 Virtual Server Yes Tomcat 6.0.18 = MOD_JK LOG == [Tue Dec 15 18:03:58 2009] [30953:2720246336] [debug] find_match::jk_uri_worker_map.c (516): Found a wildchar match '/*.jsp=avizpado' [Tue Dec 15 18:03:58 2009] [30953:2720246336] [debug] jk_handler::mod_jk.c (): Into handler jakarta-servlet worker=avizpado r-proxyreq=0 [Tue Dec 15 18:03:58 2009] [30953:2720246336] [debug] wc_get_worker_for_name::jk_worker.c (115): found a worker avizpado [Tue Dec 15 18:03:58 2009] [30953:2720246336] [debug] wc_maintain::jk_worker.c (323): Maintaining worker avizpado [Tue Dec 15 18:03:58 2009] [30953:2720246336] [debug] ajp_maintain::jk_ajp_common.c (2652): reached pool min size 1 from 1 cache slots [Tue Dec 15 18:03:58 2009] [30953:2720246336] [debug] ajp_maintain::jk_ajp_common.c (2661): recycled 0 sockets in 0 seconds from 1 pool slots [Tue Dec 15 18:03:58 2009] [30953:2720246336] [debug] wc_get_name_for_type::jk_worker.c (292): Found worker type 'ajp13' [Tue Dec 15 18:03:58 2009] [30953:2720246336] [error] jk_handler::mod_jk.c (2314): Could not init service for worker=avizpado [Tue Dec 15 18:19:50 2009] [30955:2720246336] [warn] map_uri_to_worker::jk_uri_worker_map.c (608): Uri * is invalid. Uri must start with / [Tue Dec 15 18:19:50 2009] [30955:2720246336] [debug] jk_translate::mod_jk.c (3147): no match for * found [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] jk_set_time_fmt::jk_util.c (430): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S %Y] ' [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_open::jk_uri_worker_map.c (427): rule map size is 1 [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/*=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] jk_set_time_fmt::jk_util.c (430): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S %Y] ' [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] jk_set_time_fmt::jk_util.c (430): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S %Y] ' [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] jk_set_time_fmt::jk_util.c (430): Pre-processed log time stamp format is '[%a %b %d %H:%M:%S %Y] ' [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_open::jk_uri_worker_map.c (427): rule map size is 9 [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/*.jsp=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/*.iface=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/*.jsf=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/xmlhttp/*=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/block/*=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/js/*=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/img/*=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/css/*=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] uri_worker_map_add::jk_uri_worker_map.c (379): wildchar rule '/images/*=avizpado' source 'JkMount' was added [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] do_shm_open::jk_shm.c (402): Truncated shared memory to 28800 [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] do_shm_open::jk_shm.c (447): Initialized shared memory size=28800 free=28672 addr=0x2b33ad16c000 [Tue Dec 15 18:41:41 2009] [22175:2720246336] [debug] do_shm_open_lock::jk_shm.c
RE: [OT - question] Limit user sessions in tomcat
From: Leon Rosenberg [mailto:rosenberg.l...@googlemail.com] Subject: Re: [OT - question] Limit user sessions in tomcat Hmm, last time I implemented a tcp/ip stack (which is more than 10 years ago) there were no possibility in the tcp protocol to detect a broken (not closed) connection except via so_timeout which should be large enough for a webapp to reply. True, but the browser should be closing its end, which should result in a TCP RST being sent to the server, so the server's TCP/IP stack knows that further sends on that connection are not allowed. Whether or not that information is available down at the Java API level is dependent on the JVM/JRE implementation for the specific platform. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to JSF 2.0 (Mojarra-2.0.2) with Facelets on Tomcat?
Nobody knows? Regards, Zacheusz On Sat, Dec 12, 2009 at 10:35 PM, Zacheusz Siedlecki zacheusz.siedle...@gmail.com wrote: Can I use JSF 2.0 (Mojarra-2.0.2) with Facelets on Tomcat? With Jetty and Glassfish Mojarra works fine. With Tomcat I get facelets exception. For example java.io.FileNotFoundException: /welcome.xhtml Not Found in ExternalContext as a Resource com.sun.faces.facelets.impl.DefaultFaceletFactory.resolveURL(DefaultFaceletFactory.java:187) Does anybody use Mojarra 2 with Tomcat? Regards, Zacheusz - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How to JSF 2.0 (Mojarra-2.0.2) with Facelets on Tomcat?
From: zacheu...@gmail.com [mailto:zacheu...@gmail.com] On Behalf Of Zacheusz Siedlecki Subject: Re: How to JSF 2.0 (Mojarra-2.0.2) with Facelets on Tomcat? Nobody knows? Probably not, since you got zero responses to your original query - but then it contained pretty much zero useful information. Looks like a configuration error in Mojarra, but that's just a guess. If you want help with the Tomcat aspects, you'll need to supply at least the basics: Tomcat version, JVM version, platform you're on, your server.xml, the web.xml for Mojarra, and its Context element (if it has one). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat jdbc pool is not proxying resultSets and preparedStatements
On 12/15/2009 10:34 AM, Guillermo Fernandes wrote: Hi, I'm using ddlutils 1.0 and tomcat jdbc pool 1.0.7.1 and I getting an error due to a connection is closed and the pool is not aware of that. Basically the issue is that ddlutils has a resultset iterator and when it finishes it closes the connection by getting it from the * resultSet.preparedStatement.connection* and the connection returned is not the proxy that the pool has created. wow, that seems backwards, but since the API allows you to do so, I would guess its a valid use case. So the issue happens when another client retrieves a connection from the pool because the pool returns a connection that was actually closed. validationQuery=... and testOnBorrow=true would take care of this as a work around for now. Why tomcat jdbc pool is not creating proxies for preparedStatements and resultSets like commons-dbcp? performance of course, the lesser the better. SlowQueryReport interceptor already has an example of this, so its doable. Is there any other way to address this issue? see work around above Filip Thanks, Guillermo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6 not responding to any kind of request i.e. static and dynamic resources after some hours
DDOS is definitely not the cause we are accurately monitoring the incoming traffic and all the mails we are sending from the application are user generated like friend requests. we are unable to identify the cause by seeing thread dump could any body tell us the problem by seeing thread dump. On Tue, Dec 15, 2009 at 9:48 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sasidhar, On 12/15/2009 9:21 AM, sasidhar prabhakar wrote: Tomcat hangs after running for several hours. Means initially it is taking around 24hr now it is hanging every 3 to 4 hr we can not say the exact time. [snip] And we are sending per day nearly 5 mails to users using sendmail using java. [snip] Full thread dump Java HotSpot(TM) Server VM (1.5.0_19-b02 mixed mode): http-80-150 daemon prio=1 tid=0x093c4870 nid=0x37c2 runnable [0x7fb29000..0x7fb29db0] at java.net.SocketInputStream.socketRead0(Native Method) Maybe someone is DDOSing you because you are spamming them. shrug - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksntuQACgkQ9CaO5/Lv0PD/ZACcCOuF68Y6WapPgfA+2Jsw/JDU ctcAn2RiUg6VS0ZbA8odIBjIFAmIRlyY =bi2K -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: 'Parametrizing' context.xml?
Mario Splivalo mario.spliv...@megafon.hr wrote in message news:4b27994e.5080...@megafon.hr... Bill Barker wrote: Mario Splivalo mario.spliv...@megafon.hr wrote in message news:4b266622.5060...@megafon.hr... Tomcat also supports ant-style variable replacement, so using that then Ken's example would look like: context-param param-namebaseprefix/param-name param-value${BPVAL}/param-value /context-param where BPVAL is a Java system property (that can be set in catalina.properties for example). And, those can be used also in apps context.xml? Yes, this should work in context.xml (and even server.xml). Of course, this only works for Tomcat. Ken's suggestion will work on any servlet container. Yes, in the long run I'll stick to those, but since we're only using Tomcat for now it would be much easier not to fiddle with ant. Thank you all! Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT - question] Limit user sessions in tomcat
Caldarale, Charles R chuck.caldar...@unisys.com wrote in message news:99c8b2929b39c24493377ac7a121e21f9680850...@usea-exch8.na.uis.unisys.com... From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: [OT - question] Limit user sessions in tomcat It would seem that there ought to be some low-level response-direction socket flag that should be available, to tell whether the receiving end has gone, without actually having to send anything from a higher-level code module. But getting to that low-level socket data does not seem to be so easy in Java, is it ? It's not hard in Java (Socket.getRemoteSocketAddress() or Socket.isConnected() should work), but there's nothing in the servlet spec that allows a servlet thread to obtain for that information. Ideally, the container (Tomcat) would asynchronously monitor the socket status and set some flag in the Request object for the webapp code to examine at its leisure. Might also be able to implement this with a new form of listener. I haven't looked at the Servlet 3 spec to see if anything is in there for this rather common problem. The Servlet 3 spec has something close: Asynchronous requests (which are sort of like Comet in TC 6). It's more designed to allow the servlet to push content to the client (think a JavaScript progress bar). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Accumulation of Request Processors objects causes tomcat stuck?
Hi. First of all, i am using Executor in the configuration of the connectors, and so if i understand you correctly, it means that the requestors are supposed to reduce? at least after i see that messages are stuck. Second, i am using apache-tomcat-6.0.18, jdk1.6.0_12, running on Windows XP. While you're at it, tell us the Tomcat version, JVM version, and platform you're running on. Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michal, On 12/15/2009 9:55 AM, Caldarale, Charles R wrote: From: Michal Singer [mailto:michal.sin...@expand.com] Subject: Accumulation of Request Processors objects causes tomcat stuck? i am running an application on tomcat which gets stuck when processing incoming messages after a while. So take a thread dump and find out what they're waiting for. While you're at it, tell us the Tomcat version, JVM version, and platform you're running on. I see accumulation of request processors objects in jconsole under: Catalina\RequestProcessor\http-8080. What do these objects mean, what does it mean that they accumulate? That's normal; those are threads Tomcat creates to process requests. More specifically, unless you are using an Executor (unless you set this up yourself, you are not), your Connector will allocate as many threads as are required to serve the client demand (up to the configured maxThreads), but will never release them. Executors are smarter than that and can take request processor threads out of service if you feel strongly about reducing the number of idle threads. So, the presence of lots of threads is not a direct indication that anything is amiss. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksnt/IACgkQ9CaO5/Lv0PDbFACeL2ah5EhTDSje6gN6fav3jL43 etEAnjtzOPtQPba8a4BtEhfBaUtbVuSq =cUGp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Accumulation-of-Request-Processors-objects-causes-tomcat-stuck--tp26791905p26806770.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Accumulation of Request Processors objects causes tomcat stuck?
From: Michal Singer [mailto:michal.sin...@expand.com] Subject: Re: Accumulation of Request Processors objects causes tomcat stuck? i am using Executor in the configuration of the connectors Might want to post your server.xml so we can take a look at it. if i understand you correctly, it means that the requestors are supposed to reduce? If they're not all busy, idle ones will terminate after some time period, down to the configured (or default) minimum for the Executor. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trying to access a directory outside docBase... is possible !
Hi, thanks a lot! Using the 'deprecated' way of putting the 'Context docBase...' directive to server.xml worked whereas trying to put it into documents.xml in the localhost directory did not (using Tomcat 5.5). I am using an extra servlet for the viewer because I dont want to reload the whole page but still want to set my session variables to the values sent via the link (file=... page=...), which I can easily do in the viewer servlet. Thanks again for all the ideas and information, I think I did learn a few things by your responses... especially the 'symbolic link'-hint as I was about to try that first thing this morning, good I read mails first. Best regards and CU when I encounter my next problem:-) Ingo Am Dienstag, den 15.12.2009, 13:44 -0500 schrieb Christopher Schultz: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter, On 12/15/2009 11:05 AM, Peter Crowther wrote: If you're going to do this, be Very Very Careful. Tomcat doesn't follow symbolic links by default, even on UNIX. This is for a very good reason: if you do this, Tomcat *will* follow the symlink and delete your PDFs when you undeploy your webapp. You probably don't want this to happen. +1 :) This is a common enough use case (it comes up about once a month on the list) that Someone may have coded a quick serve the content from this directory servlet, probably based on the root webapp. Chris? You're generally the coder with quick hacks already developed... Uh, file-serving code is pretty simple: set the Content-Type and Content-Length headers, open the file, deliver the bytes. It's so popular that it's already been written and even ships with Tomcat: it's called the DefaultServlet :) Seriously, though, Ingo was very close to a working solution: I stumbled over a hint about adding a Context docBase=/opt/documents path=/documents/ directive to the web.xml file Ohh! So close! That should be added to conf/server.xml (but not really, since that's no longer recommended). Let's do it the right way: Put this into conf/Catalina/localhost/document-repository.xml: Context docBase=/opt/document-repository path=/documents / I think you might have to restart Tomcat for it to pick up that config file, but it will create a new webapp context that serves files directly from that location. Your URLs will no longer look like this: http://localhost:8080/myApp/PDFViewer?file=document-repository/Folder%202/TestDok4.pdfpage=1 Instead, they can look just like this: /documents/Folder%202/TestDok4.pdfpage=1 You can even get rid of your PDFViewer servlet, because it's probably just serving bytes and not doing anything particularly exciting. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksn2SsACgkQ9CaO5/Lv0PDlQACglU4lGn9398YVUBpjMGtbJP2X beoAn1zI4YyBJe9sr2MYZOSdlyCqXi3o =RPfr -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: Dies ist ein digital signierter Nachrichtenteil