tomcat manager configuration
Hi all, i´m trying to figure out where are the configurations for the tomcat manager webapp. I mean how if i would want to change the path of the manager, write my own one, disable it and so oni´m just trying to understand if (apart the access configurations) all the the confs are indeed hardcoded in tomcat... any clarifications from you is very appreciated. thanks you!!! -- View this message in context: http://old.nabble.com/tomcat-manager-configuration-tp27635436p27635436.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat manager configuration
On 18/02/2010 08:05, banto wrote: Hi all, i´m trying to figure out where are the configurations for the tomcat manager webapp. I mean how if i would want to change the path of the manager, write my own one, disable it and so oni´m just trying to understand if (apart the access configurations) all the the confs are indeed hardcoded in tomcat... All the available configuration is in the application's web.xml and context.xml files. Path is determined by the directory name. It should be possible to just rename it. If it isn't, that would be a bug. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 6.0.18 doesn't fully shutdown
Hallo, i am running an application (Spring+Framework+Quartz) in tomcat 6.0.18 under Windows XP and JDK 1.6.0_16. When i shutdown tomcat (either script or SHUTDOWN via 8005 port), there are always some threads hanging. They are not related to the application, as far as i can see- although it problems with Spring+Framework+Quartz. The thread stack follows; i can see some locks there... Does somebody have some advice? I am new in Tomcat (and threaded debugging) so any directions would be appreciated 2010-02-18 10:55:58 Full thread dump Java HotSpot(TM) Client VM (11.0-b16 mixed mode): DestroyJavaVM prio=6 tid=0x002b7c00 nid=0xf14 waiting on condition [0x..0x0090fd4c] java.lang.Thread.State: RUNNABLE http-8080-1 daemon prio=6 tid=0x2331f000 nid=0x128 in Object.wait() [0x24dbf000..0x24dbfa94] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) at java.lang.Object.wait(Object.java:485) at org.apache.tomcat.util.net.JIoEndpoint$Worker.await(JIoEndpoint.java:416) - locked 0x07851038 (a org.apache.tomcat.util.net.JIoEndpoint$Worker) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:442) at java.lang.Thread.run(Thread.java:619) http-8080-Acceptor-0 daemon prio=6 tid=0x2342d400 nid=0x77c waiting on condition [0x24d6f000..0x24d6fb14] java.lang.Thread.State: TIMED_WAITING (sleeping) at java.lang.Thread.sleep(Native Method) at org.apache.tomcat.util.net.JIoEndpoint$Acceptor.run(JIoEndpoint.java:302) at java.lang.Thread.run(Thread.java:619) Timer-1 daemon prio=6 tid=0x23b4d000 nid=0xaf8 in Object.wait() [0x2495f000..0x2495fd94] java.lang.Thread.State: TIMED_WAITING (on object monitor) at java.lang.Object.wait(Native Method) - waiting on 0x076b6e20 (a java.util.TaskQueue) at java.util.TimerThread.mainLoop(Timer.java:509) - locked 0x076b6e20 (a java.util.TaskQueue) at java.util.TimerThread.run(Timer.java:462) DelayActionThread prio=6 tid=0x237bd000 nid=0x368 waiting on condition [0x2490f000..0x2490fa14] java.lang.Thread.State: TIMED_WAITING (sleeping) at java.lang.Thread.sleep(Native Method) at com.lhs.ccb.common.DelayAction.run(DelayAction.java:200) Low Memory Detector daemon prio=6 tid=0x22c5f400 nid=0xbb8 runnable [0x..0x] java.lang.Thread.State: RUNNABLE CompilerThread0 daemon prio=10 tid=0x22c5c400 nid=0x5f8 waiting on condition [0x..0x2300fa3c] java.lang.Thread.State: RUNNABLE JDWP Command Reader daemon prio=6 tid=0x22c4e800 nid=0xb2c runnable [0x..0x] java.lang.Thread.State: RUNNABLE JDWP Event Helper Thread daemon prio=6 tid=0x22c4cc00 nid=0x824 runnable [0x..0x] java.lang.Thread.State: RUNNABLE JDWP Transport Listener: dt_socket daemon prio=6 tid=0x22c49400 nid=0x12c runnable [0x..0x22f1fa7c] java.lang.Thread.State: RUNNABLE Attach Listener daemon prio=10 tid=0x22c3e000 nid=0x538 runnable [0x..0x] java.lang.Thread.State: RUNNABLE Signal Dispatcher daemon prio=10 tid=0x22c3cc00 nid=0xee0 runnable [0x..0x] java.lang.Thread.State: RUNNABLE Finalizer daemon prio=8 tid=0x22c2d400 nid=0xc58 in Object.wait() [0x22d9f000..0x22d9fc94] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:116) - locked 0x03d43c30 (a java.lang.ref.ReferenceQueue$Lock) at java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:132) at java.lang.ref.Finalizer$FinalizerThread.run(Finalizer.java:159) Reference Handler daemon prio=10 tid=0x22c28800 nid=0x1f4 in Object.wait() [0x22d4f000..0x22d4fd14] java.lang.Thread.State: WAITING (on object monitor) at java.lang.Object.wait(Native Method) at java.lang.Object.wait(Object.java:485) at java.lang.ref.Reference$ReferenceHandler.run(Reference.java:116) - locked 0x03d43c50 (a java.lang.ref.Reference$Lock) VM Thread prio=10 tid=0x22c25400 nid=0x20c runnable VM Periodic Task Thread prio=10 tid=0x22c60c00 nid=0x6c0 waiting on condition JNI global references: 14468 -- View this message in context: http://old.nabble.com/tomcat-6.0.18-doesn%27t-fully-shutdown-tp27636692p27636692.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.18 doesn't fully shutdown
On 18/02/2010 10:16, nocturna_gr wrote: Hallo, i am running an application (Spring+Framework+Quartz) in tomcat 6.0.18 under Windows XP and JDK 1.6.0_16. When i shutdown tomcat (either script or SHUTDOWN via 8005 port), there are always some threads hanging. They are not related to the application, as far as i can see- although it problems with Spring+Framework+Quartz. The thread stack follows; i can see some locks there... Does somebody have some advice? I am new in Tomcat (and threaded debugging) so any directions would be appreciated If you start a TimerThread you are expected to stop it. This is normally done by cancelling whatever jobs you scheduled. Tomcat 6.0.25 will include code to automatically stop forgotten timer threads but that is only a workaround. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat manager configuration
On 18/02/2010 11:03, banto wrote: All the available configuration is in the application's web.xml and context.xml files. Path is determined by the directory name. It should be possible to just rename it. If it isn't, that would be a bug. Mark i see the application's web.xml but to be more specific i´m looking for the configuration that specifies the server/webapps folder as root of manager apps in the same way the webapps is the root of the web-applications. http://tomcat.apache.org/tomcat-6.0-doc/config/index.html Host - appBase or Context - docBase depending on what you are trying to achieve. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.18 doesn't fully shutdown
Mark Thomas wrote: On 18/02/2010 10:16, nocturna_gr wrote: Hallo, i am running an application (Spring+Framework+Quartz) in tomcat 6.0.18 under Windows XP and JDK 1.6.0_16. When i shutdown tomcat (either script or SHUTDOWN via 8005 port), there are always some threads hanging. They are not related to the application, as far as i can see- although it problems with Spring+Framework+Quartz. The thread stack follows; i can see some locks there... Does somebody have some advice? I am new in Tomcat (and threaded debugging) so any directions would be appreciated If you start a TimerThread you are expected to stop it. This is normally done by cancelling whatever jobs you scheduled. I sometimes run into shutdown problems as well, and I'm running as a windows service. Does this mean I need to cancel the timer itself, or just any jobs that are in progress that were started by the timer? D Tomcat 6.0.25 will include code to automatically stop forgotten timer threads but that is only a workaround. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
sending request to tomcat failed.....
Hi.. I'm using apache2.2 + tomcat6.0.18 + mod_jk1.2.28 for my portal.While doing load test with 20 more users i'm getting the following message in mod_jk.logand in browser also page is not getting loaded... [Thu Feb 18 18:32:58 2010]worker1 216.205.107.50 0.031250 [Thu Feb 18 18:32:58 2010]worker1 216.205.107.50 0.031250 [Thu Feb 18 18:32:58 2010]worker1 216.205.107.50 0.031250 [Thu Feb 18 18:33:00 2010][1528:4604] [info] jk_ajp_common.c (1496): (worker1) all endpoints are disconnected, detected by connect check (8), cping (0), send (0) [Thu Feb 18 18:33:00 2010]worker1 216.205.107.50 0.00 [Thu Feb 18 18:33:00 2010]worker1 216.205.107.50 0.00 [Thu Feb 18 18:35:07 2010][1528:2244] [info] jk_ajp_common.c (1788): Writing to client aborted or client network problems [Thu Feb 18 18:35:07 2010][1528:2244] [info] jk_ajp_common.c (2447): (worker1) sending request to tomcat failed (unrecoverable), because of client write error (attempt=1) [Thu Feb 18 18:35:07 2010]worker1 216.205.107.50 30.25 [Thu Feb 18 18:35:07 2010][1528:2244] [info] mod_jk.c (2608): Aborting connection for worker=worker1 I'm suspecting this due to some improper configuration of workers.properties virtual host settings. can you please help me to proceed further. -- View this message in context: http://old.nabble.com/sending-request-to-tomcat-failed.-tp27637807p27637807.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sending request to tomcat failed.....
On 18/02/2010 14:06, Peter Crowther wrote: On 18 February 2010 13:55, Munirathinavelmunirathina...@gmail.com wrote: I'm using apache2.2 + tomcat6.0.18 + mod_jk1.2.28 for my portal.While doing load test with 20 more users i'm getting the following message in mod_jk.logand in browser also page is not getting loaded... [...] [Thu Feb 18 18:35:07 2010][1528:2244] [info] jk_ajp_common.c (1788): Writing to client aborted or client network problems [Thu Feb 18 18:35:07 2010][1528:2244] [info] jk_ajp_common.c (2447): (worker1) sending request to tomcat failed (unrecoverable), because of client write error (attempt=1) [Thu Feb 18 18:35:07 2010]worker1 216.205.107.50 30.25 [Thu Feb 18 18:35:07 2010][1528:2244] [info] mod_jk.c (2608): Aborting connection for worker=worker1 I'm suspecting this due to some improper configuration of workers.properties virtual host settings. can you please help me to proceed further. We probably could, but we are not telepaths. Speak for yourself. We cannot analyse your configuration given the information you have posted. If you suspect the error is somewhere in workers.properties and virtual host settings, then why not post them plus your server.xml (with any sensitive bits replaced)? My guess is that his server.xml contains a load of spurious config, which may or may not be messing up his mod_jk config. But then I'd also bet that his problem manifests as an NPE in one of the JSPs, because either the load testing script doesn't handle cookies properly, his URLs aren't encoded properly or his JSPs don't properly handle borked data conditions. p - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Why does Tomcat try to use the cache when compilation failed?
Hi there, For some reason, it appears Tomcat is trying to hit its compilation cache when compilation failed. For example, if I create a JSP containing nothing but Hello, %=world%!, predictably, I get an error: org.apache.jasper.JasperException: Unable to compile class for JSP. Subsequent requests however alternate between this and org.apache.jasper.JasperException: org.apache.jasper.JasperException: Unable to load class for JSP. Further, if I create a JSP containing Hello!, it of course works just fine. If I modify it contain Hello, %=name%!, the response alternates between the previously-mentioned compilation error, and the cached Hello!. Any ideas what's going on? Cheers, Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why does Tomcat try to use the cache when compilation failed?
On 18 February 2010 14:14, Eric Bauman baum...@livejournal.dk wrote: For some reason, it appears Tomcat is trying to hit its compilation cache when compilation failed. [Details elided] Which version of Tomcat's this on, Eric? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Why does Tomcat try to use the cache when compilation failed?
From: news [mailto:n...@ger.gmane.org] On Behalf Of Eric Bauman Subject: Why does Tomcat try to use the cache when compilation failed? Any ideas what's going on? Any idea what Tomcat version you're using? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Why does Tomcat try to use the cache when compilation failed?
On 19/02/2010 01:25, Peter Crowther wrote: On 18 February 2010 14:14, Eric Baumanbaum...@livejournal.dk wrote: For some reason, it appears Tomcat is trying to hit its compilation cache when compilation failed. [Details elided] Which version of Tomcat's this on, Eric? - Peter Hi there, I'm using 6.0.24. Cheers, Eric - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sending request to tomcat failed.....
Peter Crowther wrote: On 18 February 2010 13:55, Munirathinavel munirathina...@gmail.com wrote: I'm using apache2.2 + tomcat6.0.18 + mod_jk1.2.28 for my portal.While doing load test with 20 more users i'm getting the following message in mod_jk.logand in browser also page is not getting loaded... [...] [Thu Feb 18 18:35:07 2010][1528:2244] [info] jk_ajp_common.c (1788): Writing to client aborted or client network problems [Thu Feb 18 18:35:07 2010][1528:2244] [info] jk_ajp_common.c (2447): (worker1) sending request to tomcat failed (unrecoverable), because of client write error (attempt=1) [Thu Feb 18 18:35:07 2010]worker1 216.205.107.50 30.25 [Thu Feb 18 18:35:07 2010][1528:2244] [info] mod_jk.c (2608): Aborting connection for worker=worker1 I'm suspecting this due to some improper configuration of workers.properties virtual host settings. can you please help me to proceed further. We probably could, but we are not telepaths. (apart from Pid) We cannot analyse your configuration given the information you have posted. If you suspect the error is somewhere in workers.properties and virtual host settings, then why not post them plus your server.xml (with any sensitive bits replaced)? In addition to what Peter mentions above, I would suggest to read the log messages carefully. As you can imagine, these are not produced randomly. The developer of mod_jk put them in the code, and tried to indicate as clearly as possible what is happening. And it does not sound as if this is some wrong parameter in the configuration. This is a schema of how it works : a) HTTP request : Client (browser) == Apache httpd -- mod_jk == Tomcat b) HTTP response : Tomcat == mod_jk -- Apache httpd == Client (browser) In the above, a == represents a real TCP/IP connection, and a -- is just an internal function call. (Or another way to see this, is that mod_jk is really a part of the Apache httpd code; it is just a function called by Apache, so there is no external connection between them). c) In the log of mod_jk, there are these messages : [Thu Feb 18 18:35:07 2010][1528:2244] [info] jk_ajp_common.c (1788): Writing to client aborted or client network problems [Thu Feb 18 18:35:07 2010][1528:2244] [info] jk_ajp_common.c (2447): (worker1) sending request to tomcat failed (unrecoverable), because of client write error (attempt=1) So, mod_jk is saying : I cannot write to the client, because I do not have a connection with him anymore. This happens during the response phase, when mod_jk has received some response bytes from Tomcat, and is trying to send them to the client (the browser). But it cannot do that, because the TCP/IP connection with the client is already closed. In other words : - either the user lost patience, and clicked on another link in the browser page (or on the stop button in the browser, or closed the browser window). In such cases, the browser will close the TCP/IP connection with Apache. - or there is some network problem between the client and Apache, which causes the connection to be lost. This can happen if there is some other element between Apache and the client that can close or lose the connection. (And of course there always is something : the internet, routers, firewalls,..). A case like the above happens also regularly under normal circumstances. There will always be users who cannot stop clicking all over on the page, or clicking again when they think that the server is too slow, and for a million other reasons. It is normally nothing to worry about, except if it seems to happen too often, or users complain (and you can verify) that they just click once of the link, and they get incomplete pages or error messages. But then, you should really analyse what happens, using a network monitoring tool like wireshark, and see what really happens to these lost connections. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 6.0.18 shutdown address
I'm moving from tomcat 5.5.25 to tomcat 6.0.18 and have noticed one problem. I use to be able to define the following in my server.xml Server port=8005 shutdown=SHUTDOWN *address=127.0.0.1* ... /Server but now the address portion won't work...I only want shutdown commands to be able to come from localhost...can someone help me? I don't know if the syntax just changed or what. -- Curtis Garman Web Programmer Heartland Community College
Re: tomcat 6.0.18 shutdown address
On 18/02/2010 15:14, Curtis Garman wrote: I'm moving from tomcat 5.5.25 to tomcat 6.0.18 and have noticed one problem. I use to be able to define the following in my server.xml Server port=8005 shutdown=SHUTDOWN *address=127.0.0.1* ... /Server but now the address portion won't work...I only want shutdown commands to be able to come from localhost...can someone help me? I don't know if the syntax just changed or what. Define won't work. Tomcat only listens on the localhost address on that port anyway, netstat (or a similar tool) will show you which address each port is listening on. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
xhrGet error loading page
I have two servers: The GUI code is under http://vs119.bvr.kstart.ibm.com:8080/com.ibm.ocs.ui/ocstest2.jsp REST APIs is under http://vs118.bvr.kstart.ibm.com:8080/Restlet/it1/OCS/questions This is under the same domain and port wet I am getting an error running on firefox from my local machine's browser. On my machine I open firefox and http://vs119.bvr.kstart.ibm.com:8080/com.ibm.ocs.ui/ocstest2.jsp My application asks for a url to run xhrGet I enter: url:http://vs118.bvr.kstart.ibm.com:8080/Restlet/it1/OCS/questions press get and I get an error: Error: Unable to load http://vs118.bvr.kstart.ibm.com:8080/Restlet/it1/OCS/questions status:0 Why is not loading. I am on the same port and domain? what is status:0? Thanks for your input -- View this message in context: http://old.nabble.com/xhrGet-error-loading-page-tp27637835p27637835.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: xhrGet error loading page
From: Camil [mailto:hro...@us.ibm.com] Subject: xhrGet error loading page I have two servers: The GUI code is under http://vs119.bvr.kstart.ibm.com:8080/com.ibm.ocs.ui/ocstest2.jsp REST APIs is under http://vs118.bvr.kstart.ibm.com:8080/Restlet/it1/OCS/questions This is under the same domain and port wet I am getting an error running on firefox from my local machine's browser. On my machine I open firefox and http://vs119.bvr.kstart.ibm.com:8080/com.ibm.ocs.ui/ocstest2.jsp My application asks for a url to run xhrGet I enter: url:http://vs118.bvr.kstart.ibm.com:8080/Restlet/it1/OCS/questions press get and I get an error: Error: Unable to load http://vs118.bvr.kstart.ibm.com:8080/Restlet/it1/OCS/questions status:0 Why is not loading. I am on the same port and domain? what is status:0? Did anyone see *any* mention of Tomcat in the above? Are we all supposed to become as telepathic as Pid and start diagnosing user application errors via the aether? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.18 shutdown address
Is this something new for tomcat 6?...I was told there was a security vulnerability there with tomcat 5 On Thu, Feb 18, 2010 at 9:27 AM, Pid p...@pidster.com wrote: On 18/02/2010 15:14, Curtis Garman wrote: I'm moving from tomcat 5.5.25 to tomcat 6.0.18 and have noticed one problem. I use to be able to define the following in my server.xml Server port=8005 shutdown=SHUTDOWN *address=127.0.0.1* ... /Server but now the address portion won't work...I only want shutdown commands to be able to come from localhost...can someone help me? I don't know if the syntax just changed or what. Define won't work. Tomcat only listens on the localhost address on that port anyway, netstat (or a similar tool) will show you which address each port is listening on. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Curtis Garman Web Programmer Heartland Community College
RE: tomcat 6.0.18 shutdown address
From: Curtis Garman [mailto:curt.gar...@gmail.com] Subject: Re: tomcat 6.0.18 shutdown address Is this something new for tomcat 6?...I was told there was a security vulnerability there with tomcat 5 You were misinformed. The shutdown port has always been open only on 127.0.0.1. Tomcat 6 is just a bit more picky about spurious attributes. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.18 shutdown address
On 18/02/2010 15:42, Curtis Garman wrote: Is this something new for tomcat 6?...I was told there was a security vulnerability there with tomcat 5 By whom? It has been this way since Tomcat 4. The issue, if I recall correctly, was with some of the Tomcat 3 releases. Mark On Thu, Feb 18, 2010 at 9:27 AM, Pid p...@pidster.com wrote: On 18/02/2010 15:14, Curtis Garman wrote: I'm moving from tomcat 5.5.25 to tomcat 6.0.18 and have noticed one problem. I use to be able to define the following in my server.xml Server port=8005 shutdown=SHUTDOWN *address=127.0.0.1* ... /Server but now the address portion won't work...I only want shutdown commands to be able to come from localhost...can someone help me? I don't know if the syntax just changed or what. Define won't work. Tomcat only listens on the localhost address on that port anyway, netstat (or a similar tool) will show you which address each port is listening on. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.18 shutdown address
Curtis Garman wrote: Is this something new for tomcat 6?...I was told there was a security vulnerability there with tomcat 5 Yes. At some point in time inversion 5.0 or 5.5 or 6.0, someone realised that if this shutdown port allowed connections from anywhere, there was a theoretical possibility that some miscreant, if he also knew the shutdown password string (the one indicated by the shutdown attribute), might send it just to be a pain and annoy everyone by shutting down Tomcat. That was when it was decided to only allow connections from localhost on that port, to restrict the attack surface. Of course, as long as they do not know this shutdown string (because you have changed it from the default), they cannot use this anyway. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.18 shutdown address
Mark Thomas wrote: On 18/02/2010 15:42, Curtis Garman wrote: Is this something new for tomcat 6?...I was told there was a security vulnerability there with tomcat 5 By whom? It has been this way since Tomcat 4. The issue, if I recall correctly, was with some of the Tomcat 3 releases. Ooops.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.18 shutdown address
On 18/02/2010 15:42, Curtis Garman wrote: Is this something new for tomcat 6?...I was told there was a security vulnerability there with tomcat 5 I don't see an address property in either of the below: http://tomcat.apache.org/tomcat-5.5-doc/config/server.html http://svn.apache.org/repos/asf/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/Server.java And the implementation listens to 127.0.0.1 if I'm not mistaken: http://svn.apache.org/repos/asf/tomcat/tc5.5.x/trunk/container/catalina/src/share/org/apache/catalina/core/StandardServer.java p On Thu, Feb 18, 2010 at 9:27 AM, Pid p...@pidster.com mailto:p...@pidster.com wrote: On 18/02/2010 15:14, Curtis Garman wrote: I'm moving from tomcat 5.5.25 to tomcat 6.0.18 and have noticed one problem. I use to be able to define the following in my server.xml Server port=8005 shutdown=SHUTDOWN *address=127.0.0.1* ... /Server but now the address portion won't work...I only want shutdown commands to be able to come from localhost...can someone help me? I don't know if the syntax just changed or what. Define won't work. Tomcat only listens on the localhost address on that port anyway, netstat (or a similar tool) will show you which address each port is listening on. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org mailto:users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org mailto:users-h...@tomcat.apache.org -- Curtis Garman Web Programmer Heartland Community College - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.18 doesn't fully shutdown
Thanks for your answer Mark, i thought the same thing, but this is a daemon thread... it should cause any problems, isn't it so? markt-2 wrote: On 18/02/2010 10:16, nocturna_gr wrote: Hallo, i am running an application (Spring+Framework+Quartz) in tomcat 6.0.18 under Windows XP and JDK 1.6.0_16. When i shutdown tomcat (either script or SHUTDOWN via 8005 port), there are always some threads hanging. They are not related to the application, as far as i can see- although it problems with Spring+Framework+Quartz. The thread stack follows; i can see some locks there... Does somebody have some advice? I am new in Tomcat (and threaded debugging) so any directions would be appreciated If you start a TimerThread you are expected to stop it. This is normally done by cancelling whatever jobs you scheduled. Tomcat 6.0.25 will include code to automatically stop forgotten timer threads but that is only a workaround. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/tomcat-6.0.18-doesn%27t-fully-shutdown-tp27636692p27638624.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat 6.0.18 doesn't fully shutdown
From: nocturna_gr [mailto:kostaspa...@yahoo.gr] Subject: Re: tomcat 6.0.18 doesn't fully shutdown this is a daemon thread... The thread of interest is this one: DelayActionThread prio=6 tid=0x237bd000 nid=0x368 waiting on condition [0x2490f000..0x2490fa14] java.lang.Thread.State: TIMED_WAITING (sleeping) at java.lang.Thread.sleep(Native Method) at com.lhs.ccb.common.DelayAction.run(DelayAction.java:200) Not a daemon, and not part of Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trouble with CLIENT-CERT authentication method
On 2/17/10, Mark Thomas ma...@apache.org wrote: CVE-2009-3555? Now that this is working, I'd like to ask what other options exist for using client certificate authentication on a per-webapp basis. Requiring my customers to enable a feature (allowUnsafeLegacyRenegotiation) that exposes them to a potential man-in-the-middle attack doesn't seem like a good idea! (Heck, it even says Unsafe in the property name!) I saw mention of overriding the SSL implementation with sslImplementation=classname... does that still work in 6.x? Is that a good option? And what about an Authentication Valve, is that the right direction? Thanks! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
alternate for ng.overrides.spring.properties
Hello Am using Tomcat 5.5 Currently some member variables are initialized by specifying the value as varibleName1=value in ng.overrides.spring.properties For another variable say variable2, I want to the specify the initial value in some other file say, /tmp/initialize In otherwords, variable1 should be initialized from the value specified in ng.overrides.spring.properties variable2 should be initialized from /tmp/initialize Could someone let me know, how to achieve this. TIA. _ Hotmail: Powerful Free email with security by Microsoft. https://signup.live.com/signup.aspx?id=60969
Re: alternate for ng.overrides.spring.properties
V Jayakumar wrote: Hello Am using Tomcat 5.5 Currently some member variables are initialized by specifying the value as varibleName1=value in ng.overrides.spring.properties For another variable say variable2, I want to the specify the initial value in some other file say, /tmp/initialize In otherwords, variable1 should be initialized from the value specified in ng.overrides.spring.properties variable2 should be initialized from /tmp/initialize Could someone let me know, how to achieve this. Pid, do we need your special talents here ? Or is it just me ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trouble with CLIENT-CERT authentication method
On 18/02/2010 16:30, Kevin Mills wrote: On 2/17/10, Mark Thomas ma...@apache.org wrote: CVE-2009-3555? Now that this is working, I'd like to ask what other options exist for using client certificate authentication on a per-webapp basis. Requiring my customers to enable a feature (allowUnsafeLegacyRenegotiation) that exposes them to a potential man-in-the-middle attack doesn't seem like a good idea! (Heck, it even says Unsafe in the property name!) I saw mention of overriding the SSL implementation with sslImplementation=classname... does that still work in 6.x? Is that a good option? And what about an Authentication Valve, is that the right direction? No. The TLS protocol is broken. You need to avoid renegotiation or wait for the updated protocol and Sun to implement the fix in JSSE or an OpenSSL release with the fix. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] alternate for ng.overrides.spring.properties
_ Hotmail: Powerful Free email with security by Microsoft. At least somebody in Redmond has humour. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: alternate for ng.overrides.spring.properties
On 18/02/2010 16:46, André Warnier wrote: V Jayakumar wrote: Hello Am using Tomcat 5.5 Currently some member variables are initialized by specifying the value as varibleName1=value in ng.overrides.spring.properties For another variable say variable2, I want to the specify the initial value in some other file say, /tmp/initialize In otherwords, variable1 should be initialized from the value specified in ng.overrides.spring.properties variable2 should be initialized from /tmp/initialize Could someone let me know, how to achieve this. Pid, do we need your special talents here ? Or is it just me ? [cough] thread-hijacking [cough] p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SSL APR Tomcat 6.0.20 Not Working
Hi, I am trying to upgrade from 5.0.16 to 6.0.20 and also try to use the APR, with SSL. I had SSL working fine in 6.0.20 with JSSE (i.e. not APR SSL). I have used http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips to get my private key file and added this to my server.xml... Connector port=443 protocol=HTTP/1.1 maxHttpHeaderSize=8192 maxThreads=150 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true SSLProtocol=TLSv1 SSLPassword= SSLCertificateFile=* SSLCertificateKeyFile=** / and on startup I get this output 18-Feb-2010 17:04:45 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.16. 18-Feb-2010 17:04:45 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 18-Feb-2010 17:04:46 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 18-Feb-2010 17:04:46 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-443 18-Feb-2010 17:04:46 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1918 ms 18-Feb-2010 17:04:46 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 18-Feb-2010 17:04:46 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.20 18-Feb-2010 17:04:48 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 18-Feb-2010 17:04:48 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-443 18-Feb-2010 17:04:48 org.apache.catalina.startup.Catalina start INFO: Server startup in 1316 ms which all looks fine and dandy, but when I try to access a page with https it just doesnt respond i.e. explorer says its not there and asks to diagnose connection problems. Am I missing something simple? Thanks, Iain -- View this message in context: http://old.nabble.com/SSL-APR-Tomcat-6.0.20-Not-Working-tp27642349p27642349.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to enable logging when running Tomcat 5.5 under Eclipse 3.5?
Hi, I'm running Tomcat 5.5 under Eclipse 3.5. I want to see some access logging because for instance it silently ignores imported style sheets it can't find. I saw a reference somewhere to org.apache.catalina.valves. AccessLogValve so I tried uncommenting that in server.xml but it makes no difference. Nothing extra to the console, nothing to any log file in the workspace. This is all I get in the console window: Created MBeanServer with ID: 635da44f:126e1e2f13c:-8000:Dylan:1 18-Feb-2010 16:22:13 org.apache.catalina.core.AprLifecycleListener lifecycleEvent INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [deleted] 18-Feb-2010 16:22:13 org.apache.coyote.http11.Http11BaseProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 18-Feb-2010 16:22:13 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1046 ms 18-Feb-2010 16:22:13 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 18-Feb-2010 16:22:13 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/5.5.28 18-Feb-2010 16:22:13 org.apache.catalina.core.StandardHost start INFO: XML validation disabled 18-Feb-2010 16:22:18 org.apache.coyote.http11.Http11BaseProtocol start INFO: Starting Coyote HTTP/1.1 on http-8080 18-Feb-2010 16:22:18 org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 18-Feb-2010 16:22:18 org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/156 config=null 18-Feb-2010 16:22:18 org.apache.catalina.storeconfig.StoreLoader load INFO: Find registry server-registry.xml at classpath resource 18-Feb-2010 16:22:18 org.apache.catalina.startup.Catalina start INFO: Server startup in 5094 ms Thanks! Dave
RE: How to enable logging when running Tomcat 5.5 under Eclipse 3.5?
From: David Griffiths [mailto:david.griffi...@gmail.com] Subject: How to enable logging when running Tomcat 5.5 under Eclipse 3.5? I'm running Tomcat 5.5 under Eclipse 3.5. Eclipse has this annoying characteristic of using its own configuration for Tomcat, ignoring yours. Try running Tomcat separately and see what happens. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to enable logging when running Tomcat 5.5 under Eclipse 3.5?
2010/2/18 David Griffiths david.griffi...@gmail.com: Hi, I'm running Tomcat 5.5 under Eclipse 3.5. I want to see some access logging because for instance it silently ignores imported style sheets it can't find. I saw a reference somewhere to org.apache.catalina.valves. AccessLogValve so I tried uncommenting that in server.xml but it makes no difference. Nothing extra to the console, nothing to any log file in the workspace. 1. Learn how to run Tomcat with separate CATALINA_HOME and CATALINA_BASE. (see RUNNING.txt) 2. Eclipse IDE run a Tomcat instance with CATALINA_BASE being set to .metadata/.plugins/org.eclipse.wst.server.core/tmp0 in your Workspace directory. Look for your access log there. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Two contexts of the same webapp
Is it possible for a webbaplication to have two instances within single tomcat? I was thinking of having two (almost) identical context files which both point to the same docBase. Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Two contexts of the same webapp
From: Mario Splivalo [mailto:mario.spliv...@megafon.hr] Subject: Two contexts of the same webapp Is it possible for a webbaplication to have two instances within single tomcat? Yes, just keep the location of the .war (or expansion thereof) outside of the Host appBase directory. Note that the two webapp instances will not share any classes or static data, which is probably a good thing. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: SSL APR Tomcat 6.0.20 Not Working
On 18/02/2010 17:15, iainmac wrote: Connector port=443 protocol=HTTP/1.1 maxHttpHeaderSize=8192 maxThreads=150 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true SSLProtocol=TLSv1 SSLPassword= SSLCertificateFile=* SSLCertificateKeyFile=** / Looks good. 18-Feb-2010 17:04:48 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-443 This indicates that the SSL connector started up with http rather than https. It would end https-443 if it were using ssl. Usually, that means SSLEnabled=true was not set but I see it is there in your case. I'd upgrade to native 1.1.20 as there are a bunch of bug fixes. Also, which platform and where did you get the binaries from? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6 on solaris losing cookies
So we think we've found a threading problem in the cookie handling. Running on Solaris 10, jdk 1.5, tomcat 6.0.24. We built our 'own' version of 6.0.24, adding logging in some places, and ultimately, this is what we discovered: A bit of information: in these log entries, we're looking at 2 threads : 66 and 228. We're also looking at 2 Cookies entities : 2021596579 and 1706042601. Here's the modified 'getCookieCount()' method in Cookies: public int getCookieCount() { log(processed = + !unprocessed); if( unprocessed ) { unprocessed=false; log(calling process cookies); processCookies(headers); } return cookieCount; } First, thread 66 receives a request (from a monitoring process, has no cookies): Feb 18, 2010 11:31:04 AM org.apache.catalina.connector.CoyoteAdapter parseSessionCookiesId INFO: 66-parseSessionCookie for request: R( /) Next, it's checking its cookie count, and here's something wrong already : the unprocessed flag in Cookies is already set to false.. for Cookies 1706042601. Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,1706042601-C:processed = true Next, we jump to thread 228: it seems to be busy ending a request using Cookies 2021596579 Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 228,2021596579-C:recycling Cookies Back to thread 66, who suddenly seems to be using THE SAME COOKIES OBJECT: Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,2021596579-C:processed = false Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,2021596579-C:calling process cookies Then, its now recycling Cookies.. in fact, it's recycling Cookies 1706042601 twice! Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,1706042601-C:recycling Cookies Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,1706042601-C:recycling Cookies Back to 228, which is going to try to handle a new request. Note that at this time, 2021596579 has not yet been recycled: Feb 18, 2010 11:31:04 AM org.apache.catalina.connector.CoyoteAdapter parseSessionCookiesId INFO: 228-parseSessionCookie for request: R( /nav/mysfly.sfly) Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 228,2021596579-C:processed = true Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 228,2021596579-C:recycling Cookies And thus, we've lost our session reference. God I hope the formatting holds when I send this -George On Feb 17, 2010, at 12:00 PM, George Baxter wrote: Downloaded src code of tomcat for debugging purposes and sure enough, our cookies are of type byte, so the fact that the code can parse the cookie 'string' just fine means diddly-squat. Next plan, build my own tomcat 6.0.24 version with lots of logging and checks for debugging purposes... -g. On Feb 16, 2010, at 4:22 PM, George Baxter wrote: Well.. we parsed the header that failed, and it parsed just fine. Note that we're parsing via the 'old deprecated' parse by string entity. I guess I'll try parsing by bytes next. -g. On Feb 16, 2010, at 2:47 PM, Konstantin Kolinko wrote: 2010/2/17 George Baxter gbax...@shutterfly.commailto:gbax...@shutterfly.com: Hi Konstantin, Thanks for your reply. Yes, the getHeaders(cookie) returns what seems to be a valid set of cookies, thus we're not losing them in any of the proxies we might have set up. (Currently, we're only in development mode for tomcat 6 and we're not going through any proxies, just directly to the server.) We get this problem in all sorts of browsers (FF, Safari, IE). The thing that really bugs me is the inconsistency. It's almost as if there were a race condition going on, but the request is basically single threaded, isn't it? My only fear is some parser used in the tomcat code is being used in a non-thread safe manner, but then *everybody* would be having this problem, neh? I'm finding out about the connectors, but we may not be using any as : Jan 28, 2010 6:52:56 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /dist/sfsite/obj Hopefully, this is just in our development environments! Thanks, -George On Feb 12, 2010, at 2:32 PM, Konstantin Kolinko wrote: 2010/2/13 George Baxter gbax...@shutterfly.commailto:gbax...@shutterfly.com: Hello, We're running into an issue with tomcat 6.0.18 running on solaris. Occasionally a request will come through that has cookies in the header, but the request.getCookies() returns no cookies. How do you observe that? You mean that it is present in HttpServletRequest.getHeaders(Cookie) ? This causes the user to lose session since even the JSESSIONID cookie is not recognized, and of course all our custom cookies are lost. It seems to happen
Re: tomcat 6 on solaris losing cookies
On 18/02/2010 20:23, George Baxter wrote: So we think we've found a threading problem in the cookie handling. Hmm. Each request has its own Cookies object. The only way these would be shared between threads is if two threads were using the same request object. That usually happens when custom filters/valves wrap requests and mix up the request/response objects. Putting requests and responses into the session is another sign of things going awry. I'd add some logging to check which request and cookies objects are being used and see if you can track down where they are getting mixed up. My money is on application code. Mark Running on Solaris 10, jdk 1.5, tomcat 6.0.24. We built our 'own' version of 6.0.24, adding logging in some places, and ultimately, this is what we discovered: A bit of information: in these log entries, we're looking at 2 threads : 66 and 228. We're also looking at 2 Cookies entities : 2021596579 and 1706042601. Here's the modified 'getCookieCount()' method in Cookies: public int getCookieCount() { log(processed = + !unprocessed); if( unprocessed ) { unprocessed=false; log(calling process cookies); processCookies(headers); } return cookieCount; } First, thread 66 receives a request (from a monitoring process, has no cookies): Feb 18, 2010 11:31:04 AM org.apache.catalina.connector.CoyoteAdapter parseSessionCookiesId INFO: 66-parseSessionCookie for request: R( /) Next, it's checking its cookie count, and here's something wrong already : the unprocessed flag in Cookies is already set to false.. for Cookies 1706042601. Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,1706042601-C:processed = true Next, we jump to thread 228: it seems to be busy ending a request using Cookies 2021596579 Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 228,2021596579-C:recycling Cookies Back to thread 66, who suddenly seems to be using THE SAME COOKIES OBJECT: Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,2021596579-C:processed = false Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,2021596579-C:calling process cookies Then, its now recycling Cookies.. in fact, it's recycling Cookies 1706042601 twice! Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,1706042601-C:recycling Cookies Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,1706042601-C:recycling Cookies Back to 228, which is going to try to handle a new request. Note that at this time, 2021596579 has not yet been recycled: Feb 18, 2010 11:31:04 AM org.apache.catalina.connector.CoyoteAdapter parseSessionCookiesId INFO: 228-parseSessionCookie for request: R( /nav/mysfly.sfly) Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 228,2021596579-C:processed = true Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 228,2021596579-C:recycling Cookies And thus, we've lost our session reference. God I hope the formatting holds when I send this -George On Feb 17, 2010, at 12:00 PM, George Baxter wrote: Downloaded src code of tomcat for debugging purposes and sure enough, our cookies are of type byte, so the fact that the code can parse the cookie 'string' just fine means diddly-squat. Next plan, build my own tomcat 6.0.24 version with lots of logging and checks for debugging purposes... -g. On Feb 16, 2010, at 4:22 PM, George Baxter wrote: Well.. we parsed the header that failed, and it parsed just fine. Note that we're parsing via the 'old deprecated' parse by string entity. I guess I'll try parsing by bytes next. -g. On Feb 16, 2010, at 2:47 PM, Konstantin Kolinko wrote: 2010/2/17 George Baxter gbax...@shutterfly.commailto:gbax...@shutterfly.com: Hi Konstantin, Thanks for your reply. Yes, the getHeaders(cookie) returns what seems to be a valid set of cookies, thus we're not losing them in any of the proxies we might have set up. (Currently, we're only in development mode for tomcat 6 and we're not going through any proxies, just directly to the server.) We get this problem in all sorts of browsers (FF, Safari, IE). The thing that really bugs me is the inconsistency. It's almost as if there were a race condition going on, but the request is basically single threaded, isn't it? My only fear is some parser used in the tomcat code is being used in a non-thread safe manner, but then *everybody* would be having this problem, neh? I'm finding out about the connectors, but we may not be using any as : Jan 28, 2010 6:52:56 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path:
Re: Configure tomcat in my development environment, and save session across restart
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ashish, On 2/17/2010 5:07 PM, Ashish Kulkarni wrote: There is no SESSIONS.ser created under, but there is tldCache.ser These files are unrelated to each other. C:\App\apache-tomcat-5.5.25\work\Catalina\localhost\[webapp] I have created a myapp.xml file under C:\App\apache-tomcat-5.5.25\conf\Catalina\localhost folder, and this xml file looks like below ?xml version=1.0 encoding=UTF-8? Context docBase=C:/akulkarni/code/workspace_3.5/myapp/WebContent/ path=/myapp reloadable=true /Context Remove the path attribute: it is illegal, here. Tomcat takes the path from the name of the XML file (myapp.xml - /myapp). None of what you did will change the capability of your webapp to persist sessions across a webapp reload. If SESSIONS.ser doesn't exist, Tomcat either can't create it (permissions issue), never found a session that was serializable (not serializable issue in your code), or you have disabled the standard manager's persistence mechanism. You can post your server.xml file if you want, but I'll bet it's the default and that the problem is with your session objects, not something in your configuration. Have you checked log files for anything at all? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt9rSAACgkQ9CaO5/Lv0PBqcQCeJqOXs6MNEyXeEU0cEk11/kOt EVoAn1zIvwYp9doCqr0srpl5ZF2Xs4vs =HLhG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Why does Tomcat try to use the cache when compilation failed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric, On 2/18/2010 9:28 AM, Eric Bauman wrote: On 19/02/2010 01:25, Peter Crowther wrote: On 18 February 2010 14:14, Eric Baumanbaum...@livejournal.dk wrote: For some reason, it appears Tomcat is trying to hit its compilation cache when compilation failed. [Details elided] Which version of Tomcat's this on, Eric? - Peter Hi there, I'm using 6.0.24. Are you sure that it's not your browser caching the page? You might have to use a packet sniffer to see if the browser is actually contacting the server (or just look at an AccessLog). It occurs to me that this behavior has been described before, and it really could be Tomcat serving an old copy of the page. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt9rfAACgkQ9CaO5/Lv0PAnrwCeLe7rpunVFYpPNZpX8pud0cLL 0VIAn218jA6NL0otET5icTD1DRArA18S =xwPG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trouble with CLIENT-CERT authentication method
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kevin, On 2/17/2010 7:24 PM, Kevin Mills wrote: Sure thing - here is my Connector element: Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=50 scheme=https secure=true keystoreFile=.../tomcat.keystore keystorePass=... clientAuth=false sslProtocol=TLS Stupid question: don't you want clientAuth=true? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt9sR0ACgkQ9CaO5/Lv0PDsVgCgkR1Md/xdnO14MU3ZWMXQz13l gCAAniGMybkQIU3VghXUj4G0l0OfrE2w =m/Iy -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6 on solaris losing cookies
Hmm, well it's possible. However, I'm not entirely confident that each request has its own Cookies object. There is a 'setHeaders()' method on Cookies. What's it for? Checking myself. Will add more logging as you suggested. We are using Spring MVC which uses ThreadLocal to store requests... and these threads CAN spawn off child threads which 'inherit' the threadlocal variables. I'm not sure this is happening particularly often for us, but I'll be looking at that more closely. -g. On Feb 18, 2010, at 12:42 PM, Mark Thomas wrote: On 18/02/2010 20:23, George Baxter wrote: So we think we've found a threading problem in the cookie handling. Hmm. Each request has its own Cookies object. The only way these would be shared between threads is if two threads were using the same request object. That usually happens when custom filters/valves wrap requests and mix up the request/response objects. Putting requests and responses into the session is another sign of things going awry. I'd add some logging to check which request and cookies objects are being used and see if you can track down where they are getting mixed up. My money is on application code. Mark Running on Solaris 10, jdk 1.5, tomcat 6.0.24. We built our 'own' version of 6.0.24, adding logging in some places, and ultimately, this is what we discovered: A bit of information: in these log entries, we're looking at 2 threads : 66 and 228. We're also looking at 2 Cookies entities : 2021596579 and 1706042601. Here's the modified 'getCookieCount()' method in Cookies: public int getCookieCount() { log(processed = + !unprocessed); if( unprocessed ) { unprocessed=false; log(calling process cookies); processCookies(headers); } return cookieCount; } First, thread 66 receives a request (from a monitoring process, has no cookies): Feb 18, 2010 11:31:04 AM org.apache.catalina.connector.CoyoteAdapter parseSessionCookiesId INFO: 66-parseSessionCookie for request: R( /) Next, it's checking its cookie count, and here's something wrong already : the unprocessed flag in Cookies is already set to false.. for Cookies 1706042601. Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,1706042601-C:processed = true Next, we jump to thread 228: it seems to be busy ending a request using Cookies 2021596579 Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 228,2021596579-C:recycling Cookies Back to thread 66, who suddenly seems to be using THE SAME COOKIES OBJECT: Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,2021596579-C:processed = false Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,2021596579-C:calling process cookies Then, its now recycling Cookies.. in fact, it's recycling Cookies 1706042601 twice! Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,1706042601-C:recycling Cookies Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 66,1706042601-C:recycling Cookies Back to 228, which is going to try to handle a new request. Note that at this time, 2021596579 has not yet been recycled: Feb 18, 2010 11:31:04 AM org.apache.catalina.connector.CoyoteAdapter parseSessionCookiesId INFO: 228-parseSessionCookie for request: R( /nav/mysfly.sfly) Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 228,2021596579-C:processed = true Feb 18, 2010 11:31:04 AM org.apache.tomcat.util.http.Cookies log INFO: 228,2021596579-C:recycling Cookies And thus, we've lost our session reference. God I hope the formatting holds when I send this -George On Feb 17, 2010, at 12:00 PM, George Baxter wrote: Downloaded src code of tomcat for debugging purposes and sure enough, our cookies are of type byte, so the fact that the code can parse the cookie 'string' just fine means diddly-squat. Next plan, build my own tomcat 6.0.24 version with lots of logging and checks for debugging purposes... -g. On Feb 16, 2010, at 4:22 PM, George Baxter wrote: Well.. we parsed the header that failed, and it parsed just fine. Note that we're parsing via the 'old deprecated' parse by string entity. I guess I'll try parsing by bytes next. -g. On Feb 16, 2010, at 2:47 PM, Konstantin Kolinko wrote: 2010/2/17 George Baxter gbax...@shutterfly.commailto:gbax...@shutterfly.com: Hi Konstantin, Thanks for your reply. Yes, the getHeaders(cookie) returns what seems to be a valid set of cookies, thus we're not losing them in any of the proxies we might have set up. (Currently, we're only in development mode for tomcat 6 and we're not going through any proxies, just directly to the server.) We get this problem in all sorts of browsers (FF, Safari, IE). The thing that really bugs me is the inconsistency. It's almost as if there
Re: Accessing a Tomcat webapp from a PHP webapp
Hi Chris! Interesting. What is the URL you are trying to access? I tryed access a directory containing images. Each image is accessed correctly, but the whole directory don't, generating the HTTP 404 status. Can you give us more details? I was using a AJAX request (using JQuery) to load the servlet content into the page generated by the PHP script. I've moved the PHP script to an other machine (better configured) and now the HTTP status is 200, but the response is blank... So, I've tested to use a IFRAME HTML tag instead the AJAX request and it works... o_O Also, if you can enable the AccessLogValve and post the log file generated by that. I've never used the AccessLogValve, can you help me? :) Where do you have Tomcat installed? Where is your webapp application installed? Tomcat is installed into my localhost and the PHP script is on an Apache running into another host. Finally, please post your webapp's entire web.xml file and all Host entries from conf/server.xml so we can see what mappings are being used. There isn't nothing special in these files - both are with only standard configuration. (bad behaviour, I know). It's because still in a developing enviorment... But here we go: --- web.xml --- ?xml version=1.0 encoding=UTF-8? web-app version=2.5 xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; servlet servlet-nameservices/servlet-name servlet-classservlets.services/servlet-class /servlet servlet-mapping servlet-nameservices/servlet-name url-pattern/services/url-pattern /servlet-mapping session-config session-timeout 30 /session-timeout /session-config welcome-file-list welcome-fileindex.jsp/welcome-file /welcome-file-list !-- Chave para usar os serviços do GoogleMaps API -- context-param param-nameGoogleMapsKey/param-name param-value !-- localhost:8080/GISSIVAT -- ABQI5aeP66Pg4Yeg-ea2DVew2BSnFOuoISv6yQSBPQUmIaOLMwwm4hRyOR-W7GAD7BADGeiXMiGWHkluHg !-- localhost:8081/GISSIVAT -- !-- ABQI5aeP66Pg4Yeg-ea2DVew2BTMN1__QsGLCmUyCwFFI1DaYXRtzBSxR0NrrwSzFJ2vR4R58z5Ng5ptIA -- !-- www.gbd.ibilce.unesp.br:8080/GISSIVAT -- !-- ABQI5aeP66Pg4Yeg-ea2DVew2BRueMid9W0bKUwKJ5AVrvH4WeU3ixRznkBAg90f_dwEcgEij6skHDaM_g -- /param-value /context-param !-- Ativa/Desativa o console de log para debug. -- context-param param-nameDebugMode/param-name param-valuetrue/param-value /context-param /web-app - - Host elements into server.xml -- Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false !-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html -- !-- Valve className=org.apache.catalina.authenticator.SingleSignOn / -- !-- Access log processes all example. Documentation at: /docs/config/valve.html -- !-- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common resolveHosts=false/ -- /Host --- Thanks for your help! José Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 zé, On 2/17/2010 12:02 PM, zé wrote: I don't use any kind of authentication Ok. I believe that the directory indexes are disabled due the HTTP 404 error returned when is tried listing. Interesting. What is the URL you are trying to access? It's just a servlet being accessed by a PHP script. The servers aren't in the same machine instead of I told before, sorry. May be this the cause? May the Tomcat refusing a connection requested by a script generated by another web server, due a security constraint? It's possible, but it wouldn't be this way by default: you'd have to configure your server in a strange way to accomplish that... I'd think you'd remember having done that :) Can you give us more details? The URL(s) you are trying to access would be helpful. Also, if you can enable the AccessLogValve and post the log file generated by that. Where do you have Tomcat installed? Where is your webapp application installed? Finally, please post your webapp's entire web.xml file and all Host entries from conf/server.xml so we can see what mappings are being used. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Re: Two contexts of the same webapp
Caldarale, Charles R wrote: From: Mario Splivalo [mailto:mario.spliv...@megafon.hr] Subject: Two contexts of the same webapp Is it possible for a webbaplication to have two instances within single tomcat? Yes, just keep the location of the .war (or expansion thereof) outside of the Host appBase directory. Note that the two webapp instances will not share any classes or static data, which is probably a good thing. Thnx! Yes, apps need to be separate, it's just that they're the same. I have separate configurations, logs, everything set up. But, now, I'm wondering, since I'll be having dozens of the same applications, I'd like to automate deploying using war files. In that case, having separate war file for each instance forces me to have several same docBase directories? Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Two contexts of the same webapp
From: Mario Splivalo [mailto:mario.spliv...@megafon.hr] Subject: Re: Two contexts of the same webapp But, now, I'm wondering, since I'll be having dozens of the same applications, I'd like to automate deploying using war files. In that case, having separate war file for each instance forces me to have several same docBase directories? Instead of a separate .war file for each, can you configure the different settings in each app's Context element? That would let you have one .war file, but different .xml files all having the same docBase. Look here for individualized Context settings: http://tomcat.us.apache.org/tomcat-6.0-doc/config/context.html#Context%20Parameters http://tomcat.us.apache.org/tomcat-6.0-doc/config/context.html#Environment%20Entries http://tomcat.us.apache.org/tomcat-6.0-doc/config/context.html#Resource%20Definitions - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Two contexts of the same webapp
Mario Splivalo wrote: ... Thnx! Yes, apps need to be separate, it's just that they're the same. I have separate configurations, logs, everything set up. But, now, I'm wondering, since I'll be having dozens of the same applications, I'd like to automate deploying using war files. In that case, having separate war file for each instance forces me to have several same docBase directories? Can you maybe explain why you need to have dozens of instances of the same webapp ? There might be other forms of configuring Tomcat to achieve the same goals in an easier way. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL APR Tomcat 6.0.20 Not Working
I changed TLSv1 to just TLS and it worked iainmac wrote: Hi, I am trying to upgrade from 5.0.16 to 6.0.20 and also try to use the APR, with SSL. I had SSL working fine in 6.0.20 with JSSE (i.e. not APR SSL). I have used http://conshell.net/wiki/index.php/Keytool_to_OpenSSL_Conversion_tips to get my private key file and added this to my server.xml... Connector port=443 protocol=HTTP/1.1 maxHttpHeaderSize=8192 maxThreads=150 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true SSLProtocol=TLSv1 SSLPassword= SSLCertificateFile=* SSLCertificateKeyFile=** / and on startup I get this output 18-Feb-2010 17:04:45 org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.16. 18-Feb-2010 17:04:45 org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 18-Feb-2010 17:04:46 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-80 18-Feb-2010 17:04:46 org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-443 18-Feb-2010 17:04:46 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1918 ms 18-Feb-2010 17:04:46 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 18-Feb-2010 17:04:46 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.20 18-Feb-2010 17:04:48 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-80 18-Feb-2010 17:04:48 org.apache.coyote.http11.Http11AprProtocol start INFO: Starting Coyote HTTP/1.1 on http-443 18-Feb-2010 17:04:48 org.apache.catalina.startup.Catalina start INFO: Server startup in 1316 ms which all looks fine and dandy, but when I try to access a page with https it just doesnt respond i.e. explorer says its not there and asks to diagnose connection problems. Am I missing something simple? Thanks, Iain -- View this message in context: http://old.nabble.com/SSL-APR-Tomcat-6.0.20-Not-Working-tp27642349p27647034.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Howto configure cold failover with Tomcat on 2 different servers?
Anyone guys? Any insights on the following? Thanks On Thu, Feb 18, 2010 at 13:48, Leon Kolchinsky lkolc...@gmail.com wrote: Hello All, My current interest is to install Confluence - http://www.atlassian.com/software/confluence/ in a Cold Failover mode. I'm currently running ApacheHttpd in front of Tomcat6 using mod_jk module and I prefer to leave Apache Httpd in front of Tomcat. This is java application is using DB (Oracle in my case) and some kind of local caching technique (to make things run faster I presume). So there must be only one Confluence application at a time. I would like to configureCold Failover in such a way that the moment current Tomcat instance become unresponsive, the command will run killing tomcat+apache httpd and starting another tomcat+apache httpd on another server (or just killing tomcat, but I'm not sure that it's doable, since it's not a regular loadbalancer worker setup). I know that there is a possibility to use 'Advanced worker directives' like connect_timeout, prepost_timeout and reply_timeout but I'm not sure that it's implementable in my case. Any suggestion on proposed configuration? May be there are some other ways to achieve what I want? Any help very much appreciated.
Re: tomcat 6.0.18 shutdown address
yes...this is what I was told...thanks all for the info On Thu, Feb 18, 2010 at 9:52 AM, André Warnier a...@ice-sa.com wrote: Curtis Garman wrote: Is this something new for tomcat 6?...I was told there was a security vulnerability there with tomcat 5 Yes. At some point in time inversion 5.0 or 5.5 or 6.0, someone realised that if this shutdown port allowed connections from anywhere, there was a theoretical possibility that some miscreant, if he also knew the shutdown password string (the one indicated by the shutdown attribute), might send it just to be a pain and annoy everyone by shutting down Tomcat. That was when it was decided to only allow connections from localhost on that port, to restrict the attack surface. Of course, as long as they do not know this shutdown string (because you have changed it from the default), they cannot use this anyway. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Curtis Garman Web Programmer Heartland Community College
Re: Howto configure cold failover with Tomcat on 2 different servers?
On 18/02/2010 22:49, Leon Kolchinsky wrote: Anyone guys? Any insights on the following? Thanks On Thu, Feb 18, 2010 at 13:48, Leon Kolchinskylkolc...@gmail.com wrote: Hello All, My current interest is to install Confluence - http://www.atlassian.com/software/confluence/ in a Cold Failover mode. I'm currently running ApacheHttpd in front of Tomcat6 using mod_jk module and I prefer to leave Apache Httpd in front of Tomcat. This is java application is using DB (Oracle in my case) and some kind of local caching technique (to make things run faster I presume). So there must be only one Confluence application at a time. I would like to configureCold Failover in such a way that the moment current Tomcat instance become unresponsive, the command will run killing tomcat+apache httpd and starting another tomcat+apache httpd on another server (or just killing tomcat, but I'm not sure that it's doable, since it's not a regular loadbalancer worker setup). I'm not sure that's doable either. If you've got a spare server, why not just have the other instance already running? p I know that there is a possibility to use 'Advanced worker directives' like connect_timeout, prepost_timeout and reply_timeout but I'm not sure that it's implementable in my case. Any suggestion on proposed configuration? May be there are some other ways to achieve what I want? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat 6.0.18 shutdown address
From: Curtis Garman [mailto:curt.gar...@gmail.com] Subject: Re: tomcat 6.0.18 shutdown address yes...this is what I was told...thanks all for the info Unfortunately, pretty much all of what André wrote was wrong, as Mark explained. So again, what you were told was false. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6.0.18 shutdown address
On 18/02/2010 23:08, Curtis Garman wrote: yes...this is what I was told... thanks all for the info To be clear: Mark's answer is the correct one. p On Thu, Feb 18, 2010 at 9:52 AM, André Warniera...@ice-sa.com wrote: Curtis Garman wrote: Is this something new for tomcat 6?...I was told there was a security vulnerability there with tomcat 5 Yes. At some point in time inversion 5.0 or 5.5 or 6.0, someone realised that if this shutdown port allowed connections from anywhere, there was a theoretical possibility that some miscreant, if he also knew the shutdown password string (the one indicated by the shutdown attribute), might send it just to be a pain and annoy everyone by shutting down Tomcat. That was when it was decided to only allow connections from localhost on that port, to restrict the attack surface. Of course, as long as they do not know this shutdown string (because you have changed it from the default), they cannot use this anyway. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Accessing a Tomcat webapp from a PHP webapp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 zé, On 2/18/2010 4:51 PM, zé wrote: Interesting. What is the URL you are trying to access? I tryed access a directory containing images. Each image is accessed correctly, but the whole directory don't, generating the HTTP 404 status. If you got /403/, then it's most likely that the DefaultServlet (which serves anything that hasn't been mapped to another servlet, such as static files and directories and such) hasn't been configured to serve directory indexes. You can do this by copying the configuration for DefaultServlet from TOMCAT_HOME/conf/web.xml into your webapp's WEB-INF/web.xml file -- the one from your webapp will override Tomcat's defaults -- and modifying that configuration so that directory indexes are enabled. conf/web.xml is well-documented so you should be able to see what settings to change. Can you give us more details? I was using a AJAX request (using JQuery) to load the servlet content into the page generated by the PHP script. I've moved the PHP script to an other machine (better configured) and now the HTTP status is 200, but the response is blank... So, I've tested to use a IFRAME HTML tag instead the AJAX request and it works... o_O Hmm... well, it appears that someone already did that configuration for you, then. :) Also, if you can enable the AccessLogValve and post the log file generated by that. I've never used the AccessLogValve, can you help me? :) The documentation is shown as an example of using valves in Tomcat: http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html Just put the Valve element inside your Context in META-INF/context.xml for your webapp. Finally, please post your webapp's entire web.xml file and all Host entries from conf/server.xml so we can see what mappings are being used. There isn't nothing special in these files - both are with only standard configuration. (bad behaviour, I know). It's because still in a developing enviorment... No, actually leaving conf/server.xml in it's default configuration is one of the best things you /can/ do: it means that you haven't broken any of your Hosts or webapp deployments :) - Host elements into server.xml -- Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false !-- SingleSignOn valve, share authentication between web applications Documentation at: /docs/config/valve.html -- !-- Valve className=org.apache.catalina.authenticator.SingleSignOn / -- !-- Access log processes all example. Documentation at: /docs/config/valve.html -- !-- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common resolveHosts=false/ -- /Host --- You can see above an example of how to use the AccessLogValve, though this will log accesses to the entire Host, not just your web application. Glad you got everything working. Good luck! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt9zicACgkQ9CaO5/Lv0PAOGgCgwT9TkBtw8qfF3d1jqiihO+c0 EJ8AniEbX4zyi3bcII2oMT5/RvMIoNmg =7/c7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Howto configure cold failover with Tomcat on 2 different servers?
Constrains of the application :( You can't run 2 instances in same time on the same DB. That's why I have to configure Cold Failover for that I need to find out that Tomcat is in unresponsive state to shut it down completely and start it on another server. But what's the best way (or may be the only way) to achieve that? On Fri, Feb 19, 2010 at 10:11, Pid p...@pidster.com wrote: On 18/02/2010 22:49, Leon Kolchinsky wrote: Anyone guys? Any insights on the following? Thanks On Thu, Feb 18, 2010 at 13:48, Leon Kolchinskylkolc...@gmail.com wrote: Hello All, My current interest is to install Confluence - http://www.atlassian.com/software/confluence/ in a Cold Failover mode. I'm currently running ApacheHttpd in front of Tomcat6 using mod_jk module and I prefer to leave Apache Httpd in front of Tomcat. This is java application is using DB (Oracle in my case) and some kind of local caching technique (to make things run faster I presume). So there must be only one Confluence application at a time. I would like to configureCold Failover in such a way that the moment current Tomcat instance become unresponsive, the command will run killing tomcat+apache httpd and starting another tomcat+apache httpd on another server (or just killing tomcat, but I'm not sure that it's doable, since it's not a regular loadbalancer worker setup). I'm not sure that's doable either. If you've got a spare server, why not just have the other instance already running? p I know that there is a possibility to use 'Advanced worker directives' like connect_timeout, prepost_timeout and reply_timeout but I'm not sure that it's implementable in my case. Any suggestion on proposed configuration? May be there are some other ways to achieve what I want? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Accessing a Tomcat webapp from a PHP webapp
Sent from my iPhone On Feb 18, 2010, at 6:32 PM, Christopher Schultz ch...@christopherschultz.net wrote: access? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 6.0.24 ssl with windows 7
With jdk1.6.0 and tomcat 6.0.10 ssl works great on windows 7 or windows 2008 R1 . Server.xml ssl fragment Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false keystoreFile=C:\jdk1.6.0\bin\ domain_name.keystore SSLCertificateKeyFile=C:\jdk1.6.0\bin\ domain_name.keystore SSLCertificateFile=C:\jdk1.6.0\bin\domain_name.crt SSLCertificateChainFile=C:\jdk1.6.0\bin\ComodoEVSGCCA.crt keystorePass=*** sslProtocol=TLS / When you replace tomcat 6.0.10 with tomcat 6.0.24 tomcat does not produce logs or connect. Any suggestions? Is there some new setting or procedure with 6.0.24? Thanks, Roy
Re: tomcat 6.0.24 ssl with windows 7
Roy, You can try starting Tomcat with one of the following JVM startup switches, and then inspect the logs after trying to connect to Tomcat via HTTPS to see what isn't working: -Djavax.net.debug=all -Djavax.net.debug=ssl:handshake:data -Djavax.net.debug=help -- to get a list of options See this page for a more detailed explanation of these debug options: http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug -- Jason Brittain On Thu, Feb 18, 2010 at 10:10 PM, Roy Nabel r...@rco.com wrote: With jdk1.6.0 and tomcat 6.0.10 ssl works great on windows 7 or windows 2008 R1 . Server.xml ssl fragment Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false keystoreFile=C:\jdk1.6.0\bin\ domain_name.keystore SSLCertificateKeyFile=C:\jdk1.6.0\bin\ domain_name.keystore SSLCertificateFile=C:\jdk1.6.0\bin\domain_name.crt SSLCertificateChainFile=C:\jdk1.6.0\bin\ComodoEVSGCCA.crt keystorePass=*** sslProtocol=TLS / When you replace tomcat 6.0.10 with tomcat 6.0.24 tomcat does not produce logs or connect. Any suggestions? Is there some new setting or procedure with 6.0.24? Thanks, Roy -- Jason Brittain
Regarding Connector in tomcat 6
Hi, My web application is currently deployed on Tomcat 6. Currently it is running on http. I was asked to run it on HTTPS. I was able to run in on HTTPS and for that I need to make changes in server.xml everytime iIf have to run my web app on https. Switching/Toggling between Https and Https requires me to restart tomcat everytime after changes in server.xml. Is it possible to change from http to https at runtime i.e without re-starting tomcat. Is there any way to access the connector using some code? Any help will be appreciated. Thank you, -Nikita
Regarding Connector in tomcat 6
Hi, My web application is currently deployed on Tomcat 6. Currently it is running on http. I was asked to run it on HTTPS. I was able to run in on HTTPS and for that I need to make changes in server.xml everytime iIf have to run my web app on https. Switching/Toggling between Https and Https requires me to restart tomcat everytime after changes in server.xml. Is it possible to change from http to https at runtime i.e without re-starting tomcat. Is there any way to access the connector using some code? Any help will be appreciated. Thank you.
Re: Trouble with CLIENT-CERT authentication method
Christopher: Nope. clientAuth=false means that the webapp's web.xml specifies which resources require the client certificate. See the Connector doc page's description of the accepted values for the clientAuth attribute: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html clientAuth is a rather confusing name for this attribute since a value of false makes it appear as though client certs won't be used, which isn't really how it works. Less confusing names might be clientAuthChallenge or clientAuthRequired with values such as always, want, and protected. -- Jason Brittain On Thu, Feb 18, 2010 at 1:29 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kevin, On 2/17/2010 7:24 PM, Kevin Mills wrote: Sure thing - here is my Connector element: Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=50 scheme=https secure=true keystoreFile=.../tomcat.keystore keystorePass=... clientAuth=false sslProtocol=TLS Stupid question: don't you want clientAuth=true? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkt9sR0ACgkQ9CaO5/Lv0PDsVgCgkR1Md/xdnO14MU3ZWMXQz13l gCAAniGMybkQIU3VghXUj4G0l0OfrE2w =m/Iy -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Jason Brittain
AJP13 shows static content only
Hi, I have problem to configure apache and tomcat (ajp13). I have several virtual hosts (php,jsp). PHP pages are ok, but jsp shows static (html) content only. Someone encountered this problem? Any suggestion ? Thanks, Petr (apache 2.2, tomcat 6, win xp) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Two contexts of the same webapp
Caldarale, Charles R wrote: From: Mario Splivalo [mailto:mario.spliv...@megafon.hr] Subject: Re: Two contexts of the same webapp But, now, I'm wondering, since I'll be having dozens of the same applications, I'd like to automate deploying using war files. In that case, having separate war file for each instance forces me to have several same docBase directories? Instead of a separate .war file for each, can you configure the different settings in each app's Context element? That would let you have one .war file, but different .xml files all having the same docBase. Look here for individualized Context settings: http://tomcat.us.apache.org/tomcat-6.0-doc/config/context.html#Context%20Parameters http://tomcat.us.apache.org/tomcat-6.0-doc/config/context.html#Environment%20Entries http://tomcat.us.apache.org/tomcat-6.0-doc/config/context.html#Resource%20Definitions I could, of course, but I'm loosing the auto-war-deploy feature that way, right? I would like to use ant or tomcat manager to deploy war files. Although, the app is fairly simple, so I could just use manager to stop all the applications, overwrite the docBase directory with the new version, and then start all the apps. Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Two contexts of the same webapp
André Warnier wrote: Mario Splivalo wrote: ... Thnx! Yes, apps need to be separate, it's just that they're the same. I have separate configurations, logs, everything set up. But, now, I'm wondering, since I'll be having dozens of the same applications, I'd like to automate deploying using war files. In that case, having separate war file for each instance forces me to have several same docBase directories? Can you maybe explain why you need to have dozens of instances of the same webapp ? There might be other forms of configuring Tomcat to achieve the same goals in an easier way. Well, the proprietary library we're using to receive connection to some proprietary -based service is awfully written - we can't get an service-identifier (let's call it that way) within the library. That is why we have dozen applications, and in configuration of the app we setup the service-identifier string and each app 'listens' on its own url: http://tomcat.local/app1/servlet/receive http://tomcat.local/app2/servlet/receive http://tomcat.local/app3/servlet/receive And each service know which 'instance' to 'attack'. Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org