Re: Client certificate gone after 1 minute timeout (SSL, APR)
Hi, Albert.
I do not know how to help you, but you can help me with SSL + Tomcat.
I saw You made an two-sided SSL with default tomcat connector, and I'd like
to ask you about this:
What steps have you done to make it work?
If you can, please help.
Thanks..
On Mon, Feb 22, 2010 at 2:16 PM, Albert Tumanov altum...@gmail.com wrote:
Dear colleagues,
I'm chasing a strange problem with Tomcat + SSL + APR + Firefox.
Namely, the setup works perfectly (i.e. the client certificate is sent
and the servlet application can get it).
But if I allow the SSL connection to time out (it happens 1 minute
after the last request), the servlet application does not get the
client certificate anymore.
The workaround is to clear Firefox cache (Tools - Clear Recent History
- 1 hour, Active logins).
After this, the application will work again until the next timeout.
This problem does NOT occur if I use pure Java SSL config (no APR) or
when I use browser other that Firefox.
From that you can imply that this might be a Firefox problem, but I'm
not so sure.
Firefox works perfectly with all other HTTPS sites and also pure Java
SSL config works with Firefox.
So obviously this problem occurs because Tomcat libnative fails to
handle some peculiarities of Firefox SSL packets.
Here is my exact setup:
- Debian 5 (Lenny)
- libapr1 1.2.12-5+lenny1
- openssl 0.9.8g-15+lenny6
- Tomcat 6.0.24 with tomcat-native-1.1.19
- server authentication certificates (newcert.pem, newkey-no-password.pem)
- client authentication certificates (cas.crt and a personal
certificate signed by that)
- a simple servlet ssltest to get the client cert:
writer.println(Arrays.deepToString((X509Certificate[])
request.getAttribute(javax.servlet.request.X509Certificate)));
- Firefox 3.6
The only change in server.xml is the connector conf:
Connector port=8443 SSLEnabled=true
maxThreads=150 scheme=https secure=true
SSLCertificateFile=${user.home}/newcert.pem
SSLCertificateKeyFile=${user.home}/newkey-no-password.pem
SSLVerifyClient=require
SSLVerifyDepth=2
SSLCACertificateFile=${user.home}/cas.crt
/
Now steps to reproduce:
1) go to https://localhost:8443/ssltest, it will show the client
certificate
2) wait 1 minute
3) refresh browser - the application will not get the client certificate
(request.getAttribute(javax.servlet.request.X509Certificate) returns
null)
I have traced the SSL packets using ssltap -sxlp 8444 localhost:8443
It shows that 1 minute after the last request, there will be Read EOF
on Server socket.
After that, the problem starts occuring.
I have compared ssltap traces for Firefox and Safari.
They look pretty similar.
The only significant difference is that Safari seems to terminate the
connection by sending SSL alert packet.
In case of Firefox, it is the Tomcat server who sends the first SSL
alert packet.
I hope somebody can shed a light on that issue :)
Best Regards,
Albert
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Fwd: Cant start stop the default context in a virtual host
Hi I have been using Tomcat for years since 3 till 6 but I have never worked this one out I have several host in my engine each with a manager I have web apps intalled including a website in the ROOT context ( e.g. / ) for each host If you try and start or stop the / context it says no such context exist ( although it really does ). Any other webapp can be started/stopped inside this host just not the ROOT one Only solutions is to start stop the server which kills off the other connections to other hosts Can it be done Thanks J
Tomcat reload defaultt ( root ) context for web app in host
Hi I have been using Tomcat for years since 3 till 6 but I have never worked this one out I have several host in my engine each with a manager I have web apps intalled including a website in the ROOT context ( e.g. / ) for each host If you try and start or stop the / context it says no such context exist ( although it really does ). Any other webapp can be started/stopped inside this host just not the ROOT one Only solutions is to start stop the server which kills off the other connections to other hosts Can it be done Thanks
Re: sendRedirect problem
Environment: - Apache Tomcat 5.5 - OS and JVM are (very probably) not relevant - Code WORKS on JDeveloper debugger (Windows XP and vista, various JVM's) - Code NOT WORKS when deployed to Apache Tomcat 5.5 (tests made on various machines, Windows Server 2008, ...) xxx.jsp and yyy.jsp are regular jsp pages in a JSF project: - xxx.jsp invokes yyy.jsp by regular JSF page flow (action triggered by a menu item) - In a jsp:scriptlet inside yyy.jsp app is verified that a backing bean is not null - If backing bean = null a response.sendRedirect(xxx.jsp) is made - On JDeveloper the app redirects to xxx.jsp but on Apache Tomcat 5.5 yyy.jsp is rendered Call responseComplete method before sendRedirect does not solve the problem... Donn Aiken-2 wrote: If I had to guess, there is a missing FacesContext.responseComplete(); Prior to the sendRedirect call. DJ On 2/22/10, Pid p...@pidster.com wrote: On 22/02/2010 12:39, Desbaratizador wrote: Hi I have a faces (JSF) app developed with JDeveloper, in a JSP i have a sendRedirect like this: response.sendRedirect(xxx.jsp); Does xxx stand for something and if so, what? (Don't tell us if the actual page name is something exciting and proprietory, who knows what we might do with that knowledge.) The problem: sendRedirect not working (the page where the redirect is invoked continues loading), occurs only when the app is deployed to Apache Tomcat. On the JDeveloper built-in debugger the code works fine: xxx.jsp appears. So it works on the server, it works in the debugger. When doesn't it work? Any idea? From the almost none-existent information you've provided, no, not really. Exact Tomcat, JVM, OS versions and *lot* more specific information would be useful. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/sendRedirect-problem-tp27686610p27702052.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sendRedirect problem
On 23/02/2010 11:42, Desbaratizador wrote:
Environment:
- Apache Tomcat 5.5
- OS and JVM are (very probably) not relevant
- Code WORKS on JDeveloper debugger (Windows XP and vista, various JVM's)
- Code NOT WORKS when deployed to Apache Tomcat 5.5 (tests made on various
machines, Windows Server 2008, ...)
xxx.jsp and yyy.jsp are regular jsp pages in a JSF project:
- xxx.jsp invokes yyy.jsp by regular JSF page flow (action triggered by a
menu item)
- In ajsp:scriptlet inside yyy.jsp app is verified that a backing bean is
not null
- If backing bean = null a response.sendRedirect(xxx.jsp) is made
- On JDeveloper the app redirects to xxx.jsp but on Apache Tomcat
5.5 yyy.jsp is rendered
Call responseComplete method before sendRedirect does not solve the
problem...
How do you know the bean is definitely being set, and what is setting it?
Are you also doing response.encodeRedirectURL('yyy.jsp')?
What is different between the app deployed/run in JDeveloper and the app
deployed/run in Tomcat on the server?
p
Donn Aiken-2 wrote:
If I had to guess, there is a missing
FacesContext.responseComplete();
Prior to the sendRedirect call.
DJ
On 2/22/10, Pidp...@pidster.com wrote:
On 22/02/2010 12:39, Desbaratizador wrote:
Hi
I have a faces (JSF) app developed with JDeveloper, in a JSP i have a
sendRedirect like this:
response.sendRedirect(xxx.jsp);
Does xxx stand for something and if so, what?
(Don't tell us if the actual page name is something exciting and
proprietory, who knows what we might do with that knowledge.)
The problem: sendRedirect not working (the page where the redirect is
invoked continues loading), occurs only when the app is deployed to
Apache
Tomcat. On the JDeveloper built-in debugger the code works fine: xxx.jsp
appears.
So it works on the server, it works in the debugger.
When doesn't it work?
Any idea?
From the almost none-existent information you've provided, no, not
really. Exact Tomcat, JVM, OS versions and *lot* more specific
information would be useful.
p
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat reload defaultt ( root ) context for web app in host
On 23/02/2010 10:19, James McArthur wrote: Hi I have been using Tomcat for years since 3 till 6 but I have never worked this one out I have severalhost in my engine each with a manager I have web apps intalled including a website in the ROOT context ( e.g. / ) for each host If you try and start or stop the / context it says no such context exist ( although it really does ). Any other webapp can be started/stopped inside this host just not the ROOT one Only solutions is to start stop the server which kills off the other connections to other hosts Can it be done So which Tomcat version (from 3 - 6 are you using now?)? Do you have a Context path= or Context path=/ in your server.xml? Please post your (password comment sanitised) server.xml. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate gone after 1 minute timeout (SSL, APR)
On 23/02/2010 09:31, Andrey D wrote:
Hi, Albert.
I do not know how to help you, but you can help me with SSL + Tomcat.
I saw You made an two-sided SSL with default tomcat connector, and I'd like
to ask you about this:
What steps have you done to make it work?
If you can, please help.
Please don't hijack someone else's thread. If you have a problem, start
a completely new* email and send it to the list.
p
* Just editing the subject line body in a reply doesn't count.
On Mon, Feb 22, 2010 at 2:16 PM, Albert Tumanovaltum...@gmail.com wrote:
Dear colleagues,
I'm chasing a strange problem with Tomcat + SSL + APR + Firefox.
Namely, the setup works perfectly (i.e. the client certificate is sent
and the servlet application can get it).
But if I allow the SSL connection to time out (it happens 1 minute
after the last request), the servlet application does not get the
client certificate anymore.
The workaround is to clear Firefox cache (Tools - Clear Recent History
- 1 hour, Active logins).
After this, the application will work again until the next timeout.
This problem does NOT occur if I use pure Java SSL config (no APR) or
when I use browser other that Firefox.
From that you can imply that this might be a Firefox problem, but I'm
not so sure.
Firefox works perfectly with all other HTTPS sites and also pure Java
SSL config works with Firefox.
So obviously this problem occurs because Tomcat libnative fails to
handle some peculiarities of Firefox SSL packets.
Here is my exact setup:
- Debian 5 (Lenny)
- libapr1 1.2.12-5+lenny1
- openssl 0.9.8g-15+lenny6
- Tomcat 6.0.24 with tomcat-native-1.1.19
- server authentication certificates (newcert.pem, newkey-no-password.pem)
- client authentication certificates (cas.crt and a personal
certificate signed by that)
- a simple servlet ssltest to get the client cert:
writer.println(Arrays.deepToString((X509Certificate[])
request.getAttribute(javax.servlet.request.X509Certificate)));
- Firefox 3.6
The only change in server.xml is the connector conf:
Connector port=8443 SSLEnabled=true
maxThreads=150 scheme=https secure=true
SSLCertificateFile=${user.home}/newcert.pem
SSLCertificateKeyFile=${user.home}/newkey-no-password.pem
SSLVerifyClient=require
SSLVerifyDepth=2
SSLCACertificateFile=${user.home}/cas.crt
/
Now steps to reproduce:
1) go to https://localhost:8443/ssltest, it will show the client
certificate
2) wait 1 minute
3) refresh browser - the application will not get the client certificate
(request.getAttribute(javax.servlet.request.X509Certificate) returns
null)
I have traced the SSL packets using ssltap -sxlp 8444 localhost:8443
It shows that 1 minute after the last request, there will be Read EOF
on Server socket.
After that, the problem starts occuring.
I have compared ssltap traces for Firefox and Safari.
They look pretty similar.
The only significant difference is that Safari seems to terminate the
connection by sending SSL alert packet.
In case of Firefox, it is the Tomcat server who sends the first SSL
alert packet.
I hope somebody can shed a light on that issue :)
Best Regards,
Albert
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Calling flushBuffer() in TOMCAT 6.0.20 returning NullPointerException.
On 23/02/2010 07:33, chinmaytotekar wrote: Ya got the problem.. The problem was response.getWriter() object was declared as global in servlet, so it became common to all threads. and if one thread closes it, it used to give NullPtrException in other threads. Every time, a coconut. p Konstantin Kolinko wrote: 2010/2/19 Christopher Schultzch...@christopherschultz.net: Konstantin, On 2/19/2010 2:22 PM, Konstantin Kolinko wrote: 1. The OP (chinmaytotekar) never mentioned what Tomcat version (s)he was using. What a disgrace. The thread subject seems to contradict this statement. Ah, sorry. I missed that. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sendRedirect problem
One other thing to check - there is a return after the sendRedirect in the scriplet, yes? Could you share a stripped down version of the pages? These beans are also presumably in session scope? DJ On 2/23/10, Desbaratizador pgove...@gtinformatica.pt wrote: Environment: - Apache Tomcat 5.5 - OS and JVM are (very probably) not relevant - Code WORKS on JDeveloper debugger (Windows XP and vista, various JVM's) - Code NOT WORKS when deployed to Apache Tomcat 5.5 (tests made on various machines, Windows Server 2008, ...) xxx.jsp and yyy.jsp are regular jsp pages in a JSF project: - xxx.jsp invokes yyy.jsp by regular JSF page flow (action triggered by a menu item) - In a jsp:scriptlet inside yyy.jsp app is verified that a backing bean is not null - If backing bean = null a response.sendRedirect(xxx.jsp) is made - On JDeveloper the app redirects to xxx.jsp but on Apache Tomcat 5.5 yyy.jsp is rendered Call responseComplete method before sendRedirect does not solve the problem... Donn Aiken-2 wrote: If I had to guess, there is a missing FacesContext.responseComplete(); Prior to the sendRedirect call. DJ On 2/22/10, Pid p...@pidster.com wrote: On 22/02/2010 12:39, Desbaratizador wrote: Hi I have a faces (JSF) app developed with JDeveloper, in a JSP i have a sendRedirect like this: response.sendRedirect(xxx.jsp); Does xxx stand for something and if so, what? (Don't tell us if the actual page name is something exciting and proprietory, who knows what we might do with that knowledge.) The problem: sendRedirect not working (the page where the redirect is invoked continues loading), occurs only when the app is deployed to Apache Tomcat. On the JDeveloper built-in debugger the code works fine: xxx.jsp appears. So it works on the server, it works in the debugger. When doesn't it work? Any idea? From the almost none-existent information you've provided, no, not really. Exact Tomcat, JVM, OS versions and *lot* more specific information would be useful. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/sendRedirect-problem-tp27686610p27702052.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies suddenly
Just an update. After 8 1/2 days, on the newly built Slackware machine with the JRE in the Slackware distribution removed bebore installing the operating system and using the newest version of the mysql-connector, the system failed in exactly the same fashion as the previous attempts: ran beautifully right up to the point of failure and the failure was the JVM being stopped with a reported seg fault. Changed this server to the IBM JVM. Tested it locally (directly accessed the IP within the DMZ) and it worked great. Switched it to production early this morning (4:30AM before people start coming onto the system) and everything seemed good. Then, specific customers (the rest were able to come in just fine) starting getting 404's (we use only https, didn't have a chance to see if they could come in as http) on their first access. I switched to a backup server with the old configuration and everyone seems OK for now. Remember, three servers: A - Slackware 13 - 64 bit. Latest IBM JVM. Tomcat 6.0.24. B - Slackware 13 - 64 bit. Sun JVM 1.6.0_18. Tomcat 6.0.24. C - Slackware 12 - 32 bit. Sun JVM 1.5.0_01. Tomcat 5.5.23 A is the server I have been experimenting with. B is the server I am currently running on and expect it to fail (because it always has.) C is the original server that has run successfully for several years. One more event that may or may not be related. I have not touched the original server (C) except to roll new war's out (almost nightly... minor bug fixes.) This morning, it started producing these messages every 10 seconds: Feb 23, 2010 5:50:01 AM org.apache.catalina.loader.WebappClassLoader modified INFO: Additional JARs have been added Feb 23, 2010 5:50:01 AM org.apache.catalina.core.StandardContext reload INFO: Reloading this Context has started Chuck, seems like it is time to break out the exorcism tools. Thanks, Carl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: sendRedirect problem
The addition of a return after sendRedirect put the code to work on Apache Tomcat 5.5. Remarks: even in the absence of that return the redirect works in JDeveloper debugger Thanks Desbaratizador Donn Aiken-2 wrote: One other thing to check - there is a return after the sendRedirect in the scriplet, yes? Could you share a stripped down version of the pages? These beans are also presumably in session scope? DJ On 2/23/10, Desbaratizador pgove...@gtinformatica.pt wrote: Environment: - Apache Tomcat 5.5 - OS and JVM are (very probably) not relevant - Code WORKS on JDeveloper debugger (Windows XP and vista, various JVM's) - Code NOT WORKS when deployed to Apache Tomcat 5.5 (tests made on various machines, Windows Server 2008, ...) xxx.jsp and yyy.jsp are regular jsp pages in a JSF project: - xxx.jsp invokes yyy.jsp by regular JSF page flow (action triggered by a menu item) - In a jsp:scriptlet inside yyy.jsp app is verified that a backing bean is not null - If backing bean = null a response.sendRedirect(xxx.jsp) is made - On JDeveloper the app redirects to xxx.jsp but on Apache Tomcat 5.5 yyy.jsp is rendered Call responseComplete method before sendRedirect does not solve the problem... Donn Aiken-2 wrote: If I had to guess, there is a missing FacesContext.responseComplete(); Prior to the sendRedirect call. DJ On 2/22/10, Pid p...@pidster.com wrote: On 22/02/2010 12:39, Desbaratizador wrote: Hi I have a faces (JSF) app developed with JDeveloper, in a JSP i have a sendRedirect like this: response.sendRedirect(xxx.jsp); Does xxx stand for something and if so, what? (Don't tell us if the actual page name is something exciting and proprietory, who knows what we might do with that knowledge.) The problem: sendRedirect not working (the page where the redirect is invoked continues loading), occurs only when the app is deployed to Apache Tomcat. On the JDeveloper built-in debugger the code works fine: xxx.jsp appears. So it works on the server, it works in the debugger. When doesn't it work? Any idea? From the almost none-existent information you've provided, no, not really. Exact Tomcat, JVM, OS versions and *lot* more specific information would be useful. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/sendRedirect-problem-tp27686610p27702052.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/sendRedirect-problem-tp27686610p27702740.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to replace the HttpSession implementation in Tomcat?
Hi Evgeny, thanks a lot for shared your experience, very interesting. I'd like to plug something magic that could avoid me configuring a filter, I started investigating about a possible use of AOP HttpSession. If anyone is interested, I'll share my results when done. Best regards!!! Simo http://people.apache.org/~simonetripodi/ On Tue, Feb 23, 2010 at 7:51 AM, Tsirkin Evgeny tsir...@gmail.com wrote: Just in case somebody will google for a solution for replacing session. I have done this . First of all ,why: We have cluster of 2 machines . Each have a separate db on it . The machines are sharing information using nfs mounting fs. Each machine runs it's own apache server ,(no apache balancer in front). There IS a hardware load balancer in front of this but sometime it fails to route already open sessions to same host. So,we can't : 1. share sessions using files ,because this would be same file for 2 tomcats and because this would fail on nfs . 2. we can't use tomcat cluster because there are cases when BOTH tomcat would be shut down or restarted and session would be loosed. 3. we can't use a db because there is no central db - each host has it's own one. 4. to complicate issue machines could be added/removed to the cluster. What we did - override session object using filter.On each request start it would read it's info from db (any configured one ,but preferring the local one) On each request end it would write itself into ALL dbs that are configured to be used. Although the obvious problem here is the writing to more then 1 db and reading from a db on each request ,this really works good thanks for mysql to be so fast on simple read/write. I have even implemented a simple lock mechanism for session . What more - this solution is portable ,it worked for us on SunONE server and now on tomcat. Thanks Evgeny On Tue, Feb 16, 2010 at 9:54 PM, Simone Tripodi simone.trip...@gmail.comwrote: Hi Martin, very interesting, thanks for share it!!! I did, more or less, the same on a project for a customer, but it was strictly related to the application, your stuff looks much much better of mine and it is a reusable module. All the best, Simo http://people.apache.org/~simonetripodi/http://people.apache.org/%7Esimonetripodi/ On Tue, Feb 16, 2010 at 6:02 PM, Martin Grotzke martin.grot...@javakaffee.de wrote: Hi Jon, On Mon, 2010-02-15 at 11:55 -0600, Jon Brisbin wrote: I'm trying to figure out today how I can implement a Valve or something that can store a session to a backend DB and reload that session on another Tomcat instance similar to how the PersistentManager loads user's session after a restart. Would a Valve based on PersistentValve allow me to implement a cluster-like solution such that a user login causes a write to a central database and a load balanced request to another server would see that user without forcing another login? You might have a look at the http://code.google.com/p/memcached-session-manager/ which is a session failover solution storing sessions in memcached. When the project was created I only thought of applications using sticky sessions but it should also work with non-sticky sessions if sessions are stored in memcached synchronously (sessionBackupAsync needs to be set to false, see [1]). The memcached-session-manager basically is a session manager implemention, the most interesting part is the MemcachedBackupSessionManager ([2]) if you want to have a look at the code. Cheers, Martin [1] http://code.google.com/p/memcached-session-manager/wiki/SetupAndConfiguration [2] http://github.com/magro/memcached-session-manager/blob/master/core/src/main/java/de/javakaffee/web/msm/MemcachedBackupSessionManager.java Jon Brisbin Portal Webmaster NPC International, Inc. On Feb 15, 2010, at 11:05 AM, Simone Tripodi wrote: Hi all guys and very nice to meet the Tomcat community, I've a web-application that needs to be replicated in more than one Tomcat, and since it is HttpSession based, I need to enable the session replication. Even if I work with very good sysadmins that know how to do it, I'm curious and would like to know if I could replace the HttpSession implementation with a my own one, I'd like to integrate Hazelcast[1] for data synchronization. Thanks in advance, every suggestion will be very appreciated. Simo [1] http://www.hazelcast.com/ http://people.apache.org/~simonetripodi/http://people.apache.org/%7Esimonetripodi/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail:
Re: sendRedirect problem
Glad the issue is solved. If I had to guess, I bet OC4J and Tomcat buffer the output differently, and that is why you see the output from xxx.jsp in one, and the output from yyy.jsp in the other. DJ On Tue, Feb 23, 2010 at 7:44 AM, Desbaratizador pgove...@gtinformatica.ptwrote: The addition of a return after sendRedirect put the code to work on Apache Tomcat 5.5. Remarks: even in the absence of that return the redirect works in JDeveloper debugger Thanks Desbaratizador Donn Aiken-2 wrote: One other thing to check - there is a return after the sendRedirect in the scriplet, yes? Could you share a stripped down version of the pages? These beans are also presumably in session scope? DJ On 2/23/10, Desbaratizador pgove...@gtinformatica.pt wrote: Environment: - Apache Tomcat 5.5 - OS and JVM are (very probably) not relevant - Code WORKS on JDeveloper debugger (Windows XP and vista, various JVM's) - Code NOT WORKS when deployed to Apache Tomcat 5.5 (tests made on various machines, Windows Server 2008, ...) xxx.jsp and yyy.jsp are regular jsp pages in a JSF project: - xxx.jsp invokes yyy.jsp by regular JSF page flow (action triggered by a menu item) - In a jsp:scriptlet inside yyy.jsp app is verified that a backing bean is not null - If backing bean = null a response.sendRedirect(xxx.jsp) is made - On JDeveloper the app redirects to xxx.jsp but on Apache Tomcat 5.5 yyy.jsp is rendered Call responseComplete method before sendRedirect does not solve the problem... Donn Aiken-2 wrote: If I had to guess, there is a missing FacesContext.responseComplete(); Prior to the sendRedirect call. DJ On 2/22/10, Pid p...@pidster.com wrote: On 22/02/2010 12:39, Desbaratizador wrote: Hi I have a faces (JSF) app developed with JDeveloper, in a JSP i have a sendRedirect like this: response.sendRedirect(xxx.jsp); Does xxx stand for something and if so, what? (Don't tell us if the actual page name is something exciting and proprietory, who knows what we might do with that knowledge.) The problem: sendRedirect not working (the page where the redirect is invoked continues loading), occurs only when the app is deployed to Apache Tomcat. On the JDeveloper built-in debugger the code works fine: xxx.jsp appears. So it works on the server, it works in the debugger. When doesn't it work? Any idea? From the almost none-existent information you've provided, no, not really. Exact Tomcat, JVM, OS versions and *lot* more specific information would be useful. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/sendRedirect-problem-tp27686610p27702052.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/sendRedirect-problem-tp27686610p27702740.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies suddenly
Carl wrote: ... One more event that may or may not be related. If it is related, then indeed the time for exorcism may be reached. I have not touched the original server (C) (they all say that) except to roll new war's out (almost nightly... minor bug fixes.) This morning, it started producing these messages every 10 seconds: Feb 23, 2010 5:50:01 AM org.apache.catalina.loader.WebappClassLoader modified INFO: Additional JARs have been added Feb 23, 2010 5:50:01 AM org.apache.catalina.core.StandardContext reload INFO: Reloading this Context has started Let's say that this is not directly related, and that you're just afflicted with an incredibly bad karma these days. If you have a Manager application running, this might indicate that someone broke into it and is actually loading his own apps into your server. Maybe changing the password of the Manager app would be a good idea at this point, along with having a check if you really know all the apps which are running. Along also with a netstat check of the connections which your Tomcat is making to the outside world. Other than that, I'll widly hypothesize (..tise ? ..sise ?): - that in order to realise that something has changed, Tomcat must somewhere be keeping a list of current applications, along with timestamps of some sort - that if Tomcat were somehow unable to update that list of apps/timestamps and kept always the old value, then it would always think that your new apps are new, and keep on reloading them - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies suddenly
On 23/02/2010 13:46, André Warnier wrote: Carl wrote: ... One more event that may or may not be related. If it is related, then indeed the time for exorcism may be reached. I have not touched the original server (C) (they all say that) except to roll new war's out (almost nightly... minor bug fixes.) This morning, it started producing these messages every 10 seconds: Feb 23, 2010 5:50:01 AM org.apache.catalina.loader.WebappClassLoader modified INFO: Additional JARs have been added Feb 23, 2010 5:50:01 AM org.apache.catalina.core.StandardContext reload INFO: Reloading this Context has started Check the server time hasn't drifted. Sometimes this can happen if the files have timestamps that are out. p Let's say that this is not directly related, and that you're just afflicted with an incredibly bad karma these days. If you have a Manager application running, this might indicate that someone broke into it and is actually loading his own apps into your server. Maybe changing the password of the Manager app would be a good idea at this point, along with having a check if you really know all the apps which are running. Along also with a netstat check of the connections which your Tomcat is making to the outside world. Other than that, I'll widly hypothesize (..tise ? ..sise ?): - that in order to realise that something has changed, Tomcat must somewhere be keeping a list of current applications, along with timestamps of some sort - that if Tomcat were somehow unable to update that list of apps/timestamps and kept always the old value, then it would always think that your new apps are new, and keep on reloading them - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat dies suddenly
From: Pid [mailto:p...@pidster.com] Subject: Re: Tomcat dies suddenly Check the server time hasn't drifted. Sometimes this can happen if the files have timestamps that are out. Also check the timestamps on the .war files - they may be in the future, causing continuous redeployment. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Tomcat 5.5.26 stops responding to all client from browser/applets for ~3minutes few times per day
Hi All, I have the similar issue as Sasidhar Pradhakar, he posted tomcat 6 not responding to any kind of request i.e. static and dynamic resources after some hours at http://www.mail-archive.com/users@tomcat.apache.org/msg71076.html. I have the similar issue as your case where my Tomcat stops responding to all requests for around 3 minutes few times randomly per day, after the ~3minutes, it will resume and respond to all clients. Specification Platform: My tomcat is 5.5.26, running on Solaris 10 SPARC platform. Description of my issue: I have set the 2 connectionTimeout setting as default with the Tomcat. I generated 3 thread dumps during the period (by detecting that no activity written to the log file and monitor the network activity) but I could not identify the root cause from my application. I could see the total number of threads are jumping from 210++ to 310++, after that it fall back to 210++. Most of the threads are the HTTP Processes. I had tried to send periodic requests continuously to the Tomcat using JMeter in hoping the Tomcat will respond any request, but whenever the Tomcat stops responding, all the requests are not served. I can see the logging from the client browser is in waiting state from the Tomcat response. But I cannot see the request logged in the Tomcat log file. Unless the Tomcat 'awakes' and starts responding to all its clients. I need to clarify the symptom with you and seek your expertise on this: a. May I know what is the problem of your tomcat? b. Is the tomcat not responding for some minutes or hours to all requests but then it can c. Does it resume itself to respond all requests then? Have anybody facing the similar issue before? Please feel free to provide me the steps to tackle the issue or resolution. Thanks. Regards, Chan. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat reload defaultt ( root ) context for web app in host
From: James McArthur [mailto:genera...@googlemail.com] Subject: Tomcat reload defaultt ( root ) context for web app in host If you try and start or stop the / context it says no such context exist (although it really does). Works fine for me on 6.0.24 using Tomcat's manager webapp. Besides the config information Pid requested, tell us exactly what you're doing to stop and start the ROOT webbap. - Chuck P.S. Double-posting is not necessary - but it is frowned upon. THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat loading dlls
Hi Everybody, I have a web application deployed into tomcat which needs some dlls during execution. These dlls are being included in the java code statically and use system.loadlibrary(...) to be loaded. If I place the needed dlls into Tomcat's bin directory they are found and loaded successfully during startup. Now I know that this is not regarded as a good practice. So my question is. What is the best practice? What is the best way to go? Do I place the needed dlls into another directory and alter an environmental variable (f.e. java.library.path, PATH, CLASSPATH, ...) or do i alter catalina.bat/startup.bat? Seriously, what is the prefered solution? Thanks in Advance for your time! Stefan -- View this message in context: http://old.nabble.com/Tomcat-loading-dlls-tp27703944p27703944.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 5.5.26 stops responding to all client from browser/applets for ~3minutes few times per day
From: Hae Loong Chan [mailto:haelo...@gmail.com] Subject: Tomcat 5.5.26 stops responding to all client from browser/applets for ~3minutes few times per day I generated 3 thread dumps during the period (by detecting that no activity written to the log file and monitor the network activity) but I could not identify the root cause from my application. I could see the total number of threads are jumping from 210++ to 310++, after that it fall back to 210++. Most of the threads are the HTTP Processes. You need to examine /each/ thread carefully. (Rather laborious, but necessary.) It's likely that just one has locked something critical and caused everything else to back up behind it. The lock may not be a Java object, just something logically locked in your webapp. You may also have a situation where all the DB connections are tied up processing long-running queries or updates, again preventing all other threads from accessing the DB. It's remotely possible that everything is suspended for garbage collection, but given the duration of the delay, that seems unlikely. Turn on -verbose:gc to see if GC events correspond to the pauses. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] Calling flushBuffer() in TOMCAT 6.0.20 returning NullPointerException.
From: Pid [mailto:p...@pidster.com] Subject: Re: Calling flushBuffer() in TOMCAT 6.0.20 returning NullPointerException. Every time, a coconut. Now that brings back memories... never could knock the bloody things off. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat loading dlls
From: StrongSteve [mailto:ste...@starkeweb.org] Subject: Tomcat loading dlls Do I place the needed dlls into another directory and alter an environmental variable (f.e. java.library.path, PATH, CLASSPATH, ...) or do i alter catalina.bat/startup.bat? Since you're on Windows, the easiest approach is just to insure the DLLs are somewhere in the PATH - if you're running Tomcat from the .bat scripts. If you want to modify the PATH variable to include an additional directory, do that with setenv.bat; don't modify catalina.bat or startup.bat. If you're running Tomcat as a Windows service, set the java.libary.path system property in the Java tab of the tomcat?w.exe program to point to the directory where the DLLs are. (Fill in the ? with the level of Tomcat you're using - which you didn't tell us.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat reload defaultt ( root ) context for web app in host
I am running 5.5 Here is part of server.xml for one that does not work. The context / will not reload but the /b one will The fail message is as follows : FAIL - No context exists for path / Host name=www.mysite.co.uk unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Alias1.2.3.4/Alias DefaultContext reloadable=true ResourceLink name=jdbc/TestDB global=jdbc/TestDB type=javax.sql.DataSource / /DefaultContext Context path=/ docBase=/vol/b2b/ debug=0/Context Context path=/b docBase=/vol/b2bjemini/ debug=0/Context etc etc Sorry about double post this was my first use of the board and it was an error - not trying to be a cheeky b** On Tue, Feb 23, 2010 at 2:10 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: James McArthur [mailto:genera...@googlemail.com] Subject: Tomcat reload defaultt ( root ) context for web app in host If you try and start or stop the / context it says no such context exist (although it really does). Works fine for me on 6.0.24 using Tomcat's manager webapp. Besides the config information Pid requested, tell us exactly what you're doing to stop and start the ROOT webbap. - Chuck P.S. Double-posting is not necessary - but it is frowned upon. THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies suddenly
This was an 'oh, crap' moment. Andre was correct: I had commented a shutdown out of the script I used to deploy (each morning at 1:00AM.) So, apparently, it was just merrily reploying and redeploying, or something. All better now (with the proper deploy script.) Thanks to everyone and have a good day. Carl - Original Message - From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, February 23, 2010 8:54 AM Subject: RE: Tomcat dies suddenly From: Pid [mailto:p...@pidster.com] Subject: Re: Tomcat dies suddenly Check the server time hasn't drifted. Sometimes this can happen if the files have timestamps that are out. Also check the timestamps on the .war files - they may be in the future, causing continuous redeployment. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat reload defaultt ( root ) context for web app in host
From: genera...@googlemail.com [mailto:genera...@googlemail.com] On Behalf Of James McArthur Subject: Re: Tomcat reload defaultt ( root ) context for web app in host Host name=www.mysite.co.uk unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Alias1.2.3.4/Alias DefaultContext reloadable=true ResourceLink name=jdbc/TestDB global=jdbc/TestDB type=javax.sql.DataSource / /DefaultContext Context path=/ docBase=/vol/b2b/ debug=0/Context Context path=/b docBase=/vol/b2bjemini/ debug=0/Context A) Context elements should not be in server.xml - they belong in each webapp's META-INF/context.xml file, or in conf/Catalina/[host]/[appName].xml. Had you used the strongly recommended technique, you wouldn't have a problem. B) As the 5.5 doc clearly states, the path for the default webapp is , not /. C) There is no DefaultContext element in Tomcat 5.5. You appear to have copied over a horribly outdated configuration from some older version and tried to use it in 5.5; that's always a dangerous thing to do. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat reload defaultt ( root ) context for web app in host
Hi Thanks for the help so where do I put my ResourceLink then - its working across all my servers like this ? Do i need it in every Conext On Tue, Feb 23, 2010 at 2:49 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: genera...@googlemail.com [mailto:genera...@googlemail.com] On Behalf Of James McArthur Subject: Re: Tomcat reload defaultt ( root ) context for web app in host Host name=www.mysite.co.uk unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Alias1.2.3.4/Alias DefaultContext reloadable=true ResourceLink name=jdbc/TestDB global=jdbc/TestDB type=javax.sql.DataSource / /DefaultContext Context path=/ docBase=/vol/b2b/ debug=0/Context Context path=/b docBase=/vol/b2bjemini/ debug=0/Context A) Context elements should not be in server.xml - they belong in each webapp's META-INF/context.xml file, or in conf/Catalina/[host]/[appName].xml. Had you used the strongly recommended technique, you wouldn't have a problem. B) As the 5.5 doc clearly states, the path for the default webapp is , not /. C) There is no DefaultContext element in Tomcat 5.5. You appear to have copied over a horribly outdated configuration from some older version and tried to use it in 5.5; that's always a dangerous thing to do. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat reload defaultt ( root ) context for web app in host
From: genera...@googlemail.com [mailto:genera...@googlemail.com] On Behalf Of James McArthur Subject: Re: Tomcat reload defaultt ( root ) context for web app in host Thanks for the help so where do I put my ResourceLink then - its working across all my servers like this ? Do i need it in every Conext To quote from the Tomcat doc: * In the $CATALINA_HOME/conf/context.xml file: the Context element information will be loaded by all webapps. * In the $CATALINA_HOME/conf/[enginename]/[hostname]/context.xml.default file: the Context element information will be loaded by all webapps of that host. Really, it's worth reading the doc for the version of Tomcat you're actually using. http://tomcat.apache.org/tomcat-5.5-doc/config/context.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5.26 stops responding to all client from browser/applets for ~3minutes few times per day
On 23/02/2010 14:19, Caldarale, Charles R wrote: From: Hae Loong Chan [mailto:haelo...@gmail.com] Subject: Tomcat 5.5.26 stops responding to all client from browser/applets for ~3minutes few times per day I generated 3 thread dumps during the period (by detecting that no activity written to the log file and monitor the network activity) but I could not identify the root cause from my application. I could see the total number of threads are jumping from 210++ to 310++, after that it fall back to 210++. Most of the threads are the HTTP Processes. You need to examine /each/ thread carefully. (Rather laborious, but necessary.) It's likely that just one has locked something critical and caused everything else to back up behind it. The lock may not be a Java object, just something logically locked in your webapp. You may also have a situation where all the DB connections are tied up processing long-running queries or updates, again preventing all other threads from accessing the DB. It's remotely possible that everything is suspended for garbage collection, but given the duration of the delay, that seems unlikely. Turn on -verbose:gc to see if GC events correspond to the pauses. Does it occur at the same times every day, or at the same interval? (External DB backup perhaps?) p - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies suddenly
Carl wrote: This was an 'oh, crap' moment. Andre was correct: I had commented a shutdown out of the script I used to deploy (each morning at 1:00AM.) So, apparently, it was just merrily reploying and redeploying, or something. All better now (with the proper deploy script.) Oh well.. I was about to suggest that the system clock of your system had gotten stuck, and to suggest giving it a thump to unlock it. (Re this e.g. : Feb 23, 2010 5:50:01 AM org.apache.catalina.loader.WebappClassLoader modified INFO: Additional JARs have been added Feb 23, 2010 5:50:01 AM org.apache.catalina.core.StandardContext reload INFO: Reloading this Context has started ) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
Is the system CLASSPATH environment variable set to anything? (It shouldn't be.) Yes, it is...I'll have to double check it, but I did configure it, I think with a reference to the oracle jre. Is the Oracle driver jar anywhere else on the system (in the jre/lib directory, for example)? Make sure it's not present in any other location the JVM might be getting into. I don't believe so, but I'll double check that as well. Without having hands-on access to your system, it's difficult to tell what's wrong, but it's likely to be something bordering on the trivial. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to replace the HttpSession implementation in Tomcat?
On Feb 23, 2010, at 7:31 AM, Simone Tripodi wrote: Hi Evgeny, thanks a lot for shared your experience, very interesting. I'd like to plug something magic that could avoid me configuring a filter, I started investigating about a possible use of AOP HttpSession. If anyone is interested, I'll share my results when done. This sound very interesting to me. I'd love to take a look at it when you're done. I'm still fighting load-balancing issues. Jon Brisbin Portal Webmaster NPC International, Inc. Best regards!!! Simo http://people.apache.org/~simonetripodi/ On Tue, Feb 23, 2010 at 7:51 AM, Tsirkin Evgeny tsir...@gmail.com wrote: Just in case somebody will google for a solution for replacing session. I have done this . First of all ,why: We have cluster of 2 machines . Each have a separate db on it . The machines are sharing information using nfs mounting fs. Each machine runs it's own apache server ,(no apache balancer in front). There IS a hardware load balancer in front of this but sometime it fails to route already open sessions to same host. So,we can't : 1. share sessions using files ,because this would be same file for 2 tomcats and because this would fail on nfs . 2. we can't use tomcat cluster because there are cases when BOTH tomcat would be shut down or restarted and session would be loosed. 3. we can't use a db because there is no central db - each host has it's own one. 4. to complicate issue machines could be added/removed to the cluster. What we did - override session object using filter.On each request start it would read it's info from db (any configured one ,but preferring the local one) On each request end it would write itself into ALL dbs that are configured to be used. Although the obvious problem here is the writing to more then 1 db and reading from a db on each request ,this really works good thanks for mysql to be so fast on simple read/write. I have even implemented a simple lock mechanism for session . What more - this solution is portable ,it worked for us on SunONE server and now on tomcat. Thanks Evgeny On Tue, Feb 16, 2010 at 9:54 PM, Simone Tripodi simone.trip...@gmail.comwrote: Hi Martin, very interesting, thanks for share it!!! I did, more or less, the same on a project for a customer, but it was strictly related to the application, your stuff looks much much better of mine and it is a reusable module. All the best, Simo http://people.apache.org/~simonetripodi/http://people.apache.org/%7Esimonetripodi/ On Tue, Feb 16, 2010 at 6:02 PM, Martin Grotzke martin.grot...@javakaffee.de wrote: Hi Jon, On Mon, 2010-02-15 at 11:55 -0600, Jon Brisbin wrote: I'm trying to figure out today how I can implement a Valve or something that can store a session to a backend DB and reload that session on another Tomcat instance similar to how the PersistentManager loads user's session after a restart. Would a Valve based on PersistentValve allow me to implement a cluster-like solution such that a user login causes a write to a central database and a load balanced request to another server would see that user without forcing another login? You might have a look at the http://code.google.com/p/memcached-session-manager/ which is a session failover solution storing sessions in memcached. When the project was created I only thought of applications using sticky sessions but it should also work with non-sticky sessions if sessions are stored in memcached synchronously (sessionBackupAsync needs to be set to false, see [1]). The memcached-session-manager basically is a session manager implemention, the most interesting part is the MemcachedBackupSessionManager ([2]) if you want to have a look at the code. Cheers, Martin [1] http://code.google.com/p/memcached-session-manager/wiki/SetupAndConfiguration [2] http://github.com/magro/memcached-session-manager/blob/master/core/src/main/java/de/javakaffee/web/msm/MemcachedBackupSessionManager.java Jon Brisbin Portal Webmaster NPC International, Inc. On Feb 15, 2010, at 11:05 AM, Simone Tripodi wrote: Hi all guys and very nice to meet the Tomcat community, I've a web-application that needs to be replicated in more than one Tomcat, and since it is HttpSession based, I need to enable the session replication. Even if I work with very good sysadmins that know how to do it, I'm curious and would like to know if I could replace the HttpSession implementation with a my own one, I'd like to integrate Hazelcast[1] for data synchronization. Thanks in advance, every suggestion will be very appreciated. Simo [1] http://www.hazelcast.com/ http://people.apache.org/~simonetripodi/http://people.apache.org/%7Esimonetripodi/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
test session's replication in tomcat cluster ?
Hi, I've just configure a tomcat cluster and i would like to know how could i test that and see the data were replicated on my second node. Thank you.
Re: test session's replication in tomcat cluster ?
Stephane Lorin wrote: Hi, I've just configure a tomcat cluster and i would like to know how could i test that and see the data were replicated on my second node. I am sure that several people on this list are already busy sharpening their knives to send you pointed answers requesting at least *some* details of your configuration. Before that however, I would like to join my voice and ask, naively, /if/ one would take the question above as it is, and assume that the Tomcat was the latest version 6.0.24, and assuming that the clustering setup was correct, and assuming that there are only two Tomcats, and assuming any other set of standard assumptions, is there any general method applicable to at least see if it seems to be working ? And if not, what would be the minimum set of information needed to provide such a method ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] problem in using context path in xsl:import
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tembug, On 2/21/2010 11:43 PM, tembugs tembugs wrote: But can we define any variable before the import statement in xsl to define the absolute path in one place than repeating in every location where needed? Not with xsl:import: that element must appear before all other elements in an xsl:stylesheet. If you instead use xsl:include, you may define xsl:param elements and then use those parameters in your paths. WRT relative paths, I have xsl:import href=foo.xsl / in my templates and everything seems to work out fine. I am using Cocoon 2.1.11 and I the XSLT engine is Apache Xalan 2.7.1. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEFOgACgkQ9CaO5/Lv0PD1xwCfVrAIMsAk3uXXzqeksDw1nfMU tIAAn1saeivSPY96rYI6/7Bh56tU8h6e =g6NC -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
using my own LifecycleListener
Hi I need to launch an initialization procedure as soon as my web application is deployed on Tomcat (working on a 6.0.20). As per the documentation, I can define a LifecycleListener in my context.xml file for the webapp in question. However, the documentation says that it needs to be packed as a jar and be copied to $CATALINA_HOME/lib. And that's where I have my catch 22.. my implementation of LicecycleListener needs access to objects defined in the webapp - so I figure I have to deploy basically the entire solution to $CATALINA_HOME/lib (which can be problematic if you run different webapps making use of different versions of the same lib), then go hack the build file so that it won't package my libs with the webapp anymore. Am I misunderstanding something here? Shouldn't there be a deployment way where I can keep the webapp self-contained? Or how can I get my LifeCycleListener which I have to deploy outside my webapp to gain access to the set of classes and libs that are part of the webapp? In other words.. if mynamespace.MyLifeCycleListener is located in $CATALINA_HOME/lib/CustomMyLifeCycleListener.jar, how will it have access to libs and classes located in $CATALINA_HOME/webapps/MyebApp/WEB-INF/lib (or /WEB-INF/classes/mynamespace)? After writing these lines I figured I'd go ahead and test a little.. so I created two libs The Launcher Lib (launcherlib.jar) to be placed in $CATALINA_HOME/lib The webapp lib (webapp-lib.jar) (which is used by both the launcher lib and the webapp lib) And the webapp itself (webapp.war) Netbeans automatically adds a copy of the webapp lib to it. So I first copied the launcher lib including the launcher lib's own lib dir (containing catalina.jar and webapp-lib.jar) to the tomcat lib directory. Then I deployed the webapp.. and it worked out just fine. In the launcher app I initialize a singleton object in the webapp lib, and then dump the fact that the initialization has been done to the console (system.out.println). Looking at the Tomcat logs I see that this is being done properly each time the webapp is being started. However, if I get the same singleton object from the webapp and query its initialization state, it tells me it is not initialized.. so indicating that the two instances of the webapp lib run completely separate. So I went ahead and changed the manifest file of the launcher lib to reference the deployed webapp lib jar file and removed the reference to catalina.jar (it's in the same directory so it shouldn't matter). Stopped and restarted the webapp.. the launcher lib still does its thing just fine, but then accessing the webapp it still tells me the singleton is not initialized.. so it's not a matter of where to put the files, but even though the launcher lib is referenced in the context of the webapp, it seems to run under a separate context and that's a problem - I need the LifeCycleListener to initialize something that can then be used by the webapp (I figure that's the main point to have a LifeCycleListener for a specific webapp).. so how can I get the launcher lib and the webapp to share their state? Regards Stephan
Re: test session's replication in tomcat cluster ?
On 23/02/2010 17:13, André Warnier wrote: Stephane Lorin wrote: Hi, I've just configure a tomcat cluster and i would like to know how could i test that and see the data were replicated on my second node. I am sure that several people on this list are already busy sharpening their knives to send you pointed answers requesting at least *some* details of your configuration. Before that however, I would like to join my voice and ask, naively, /if/ one would take the question above as it is, and assume that the Tomcat was the latest version 6.0.24, and assuming that the clustering setup was correct, and assuming that there are only two Tomcats, and assuming any other set of standard assumptions, is there any general method applicable to at least see if it seems to be working ? Assuming there's a load balancer in front and you're using sticky sessions: 1. Display session id in page, note route. 2. Add a flag value to session. 3. Count to 10 (probably) 4. load page using /path/to/page.jsp;jsessionid=SAMESESSIONID.otherroute 5. display the flag value from session. OR 1. Enable Tomcat logging. And if not, what would be the minimum set of information needed to provide such a method ? Cluster config, sticky session? sync / async? load balancer? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to replace the HttpSession implementation in Tomcat?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tsirkin, On 2/23/2010 1:51 AM, Tsirkin Evgeny wrote: What we did - override session object using filter.On each request start it would read it's info from db (any configured one ,but preferring the local one) On each request end it would write itself into ALL dbs that are configured to be used. This could have been done using standard Tomcat components and a shared session-only database. Or, a pair of MysQL databases rigged to hot-copy each other. I think you did more work than necessary. Does this work with authentication? Tomcat adds information to the session that isn't part of the attributes, so a standard HttpSession wrapper won't be able to replicate this information between the nodes. That means that things like flow-resuming (where your original request is re-submitted after successful authentication) won't work. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEGbYACgkQ9CaO5/Lv0PDhiQCfQe3yPvORu/NX4AKyTDFL+xvR kxgAoKAdaB26k5K/T+10Rqrq7iQsS6Xu =2IqQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies suddenly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carl, On 2/23/2010 7:08 AM, Carl wrote: One more event that may or may not be related. I have not touched the original server (C) except to roll new war's out (almost nightly... minor bug fixes.) This morning, it started producing these messages every 10 seconds: Feb 23, 2010 5:50:01 AM org.apache.catalina.loader.WebappClassLoader modified INFO: Additional JARs have been added Feb 23, 2010 5:50:01 AM org.apache.catalina.core.StandardContext reload INFO: Reloading this Context has started Check your server's date and time relative to the file. It could simply be a DST issue or something like that. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEGnQACgkQ9CaO5/Lv0PDXGACeLrzlZqwlTpMB4DiPcypjHhSw CEcAoI9GiSZOhWIo/Z0ej/wdV1w8ZAZa =yH9o -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: using my own LifecycleListener
On 23/02/2010 18:00, STEINER Stephan wrote: Hi I need to launch an initialization procedure as soon as my web application is deployed on Tomcat (working on a 6.0.20). As per the documentation, I can define a LifecycleListener in my context.xml file for the webapp in question. However, the documentation says that it needs to be packed as a jar and be copied to $CATALINA_HOME/lib. And that's where I have my catch 22.. my implementation of LicecycleListener needs access to objects defined in the webapp - so I figure I have to deploy basically the entire solution to $CATALINA_HOME/lib (which can be problematic if you run different webapps making use of different versions of the same lib), then go hack the build file so that it won't package my libs with the webapp anymore. Am I misunderstanding something here? Yes. Shouldn't there be a deployment way where I can keep the webapp self-contained? Or how can I get my LifeCycleListener which I have to deploy outside my webapp to gain access to the set of classes and libs that are part of the webapp? You can't. In other words.. if mynamespace.MyLifeCycleListener is located in $CATALINA_HOME/lib/CustomMyLifeCycleListener.jar, how will it have access to libs and classes located in $CATALINA_HOME/webapps/MyebApp/WEB-INF/lib (or /WEB-INF/classes/mynamespace)? It won't. After writing these lines I figured I'd go ahead and test a little.. so I created two libs The Launcher Lib (launcherlib.jar) to be placed in $CATALINA_HOME/lib The webapp lib (webapp-lib.jar) (which is used by both the launcher lib and the webapp lib) And the webapp itself (webapp.war) Netbeans automatically adds a copy of the webapp lib to it. So I first copied the launcher lib including the launcher lib's own lib dir (containing catalina.jar and webapp-lib.jar) to the tomcat lib directory. Then I deployed the webapp.. and it worked out just fine. Really? ... In the launcher app I initialize a singleton object in the webapp lib, and then dump the fact that the initialization has been done to the console (system.out.println). Looking at the Tomcat logs I see that this is being done properly each time the webapp is being started. However, if I get the same singleton object from the webapp and query its initialization state, it tells me it is not initialized.. so indicating that the two instances of the webapp lib run completely separate. ... no, not fine. So I went ahead and changed the manifest file of the launcher lib to reference the deployed webapp lib jar file and removed the reference to catalina.jar (it's in the same directory so it shouldn't matter). Madness. Stopped and restarted the webapp.. the launcher lib still does its thing just fine, but then accessing the webapp it still tells me the singleton is not initialized.. so it's not a matter of where to put the files, but even though the launcher lib is referenced in the context of the webapp, it seems to run under a separate context and that's a problem - I need the LifeCycleListener to initialize something that can then be used by the webapp (I figure that's the main point to have a LifeCycleListener for a specific webapp).. so how can I get the launcher lib and the webapp to share their state? As above, you're using the wrong Listener type. LifecycleListener is an interface from org.apache.catalina and is not part of the Servlet Spec. You need: javax.servlet.ServletContextListener p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies suddenly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carl, On 2/23/2010 7:08 AM, Carl wrote: Just an update. After 8 1/2 days, on the newly built Slackware machine with the JRE in the Slackware distribution removed bebore installing the operating system and using the newest version of the mysql-connector, the system failed in exactly the same fashion as the previous attempts: ran beautifully right up to the point of failure and the failure was the JVM being stopped with a reported seg fault. ...and?! What does strace say? Or, the hs_* file that should have been dumped? Or your core file or whatever? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEGrUACgkQ9CaO5/Lv0PCwBACfb7RjY+gFnKIe3I0WWuwZvywo aIAAn1NdVr0Pp8HGsK74arolpbKWrwrO =F403 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: using my own LifecycleListener
From: Pid [mailto:p...@pidster.com] Subject: Re: using my own LifecycleListener You need: javax.servlet.ServletContextListener Which is declared in your webapp's WEB-INF/web.xml file, not the Context element. The servlet spec is required reading before you ever touch any servlet container. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to replace the HttpSession implementation in Tomcat?
On Tue, Feb 23, 2010 at 8:08 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tsirkin, On 2/23/2010 1:51 AM, Tsirkin Evgeny wrote: What we did - override session object using filter.On each request start it would read it's info from db (any configured one ,but preferring the local one) On each request end it would write itself into ALL dbs that are configured to be used. This could have been done using standard Tomcat components and a shared session-only database. Which means running another mysql instance just for it, And on what machine - there are 2 equivalent machines ,no separate db one. Or, a pair of MysQL databases rigged to hot-copy each other. Unfortunately i think that mysql just don't know how to do master-master cluster (maybe in newer versions it does). I think you did more work than necessary. Does this work with authentication? Tomcat adds information to the session that isn't part of the attributes, so a standard HttpSession wrapper won't be able to replicate this information between the nodes. I guess tomcat authentication is broken for me - tomcat is probably writing something in session _ before _ the filter loads the data into it from db. This probably can be fixed if i do not rip the old data written by tomcat and just add my own ,but i just don't use tomcat auth. That means that things like flow-resuming (where your original request is re-submitted after successful authentication) won't work. What's flow-resuming is ?How a request can be resumed ?Doesn't this goes againt the idea of http is staitless ,that's vrey interesting? Evgeny - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEGbYACgkQ9CaO5/Lv0PDhiQCfQe3yPvORu/NX4AKyTDFL+xvR kxgAoKAdaB26k5K/T+10Rqrq7iQsS6Xu =2IqQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate gone after 1 minute timeout (SSL, APR)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Albert, On 2/22/2010 7:16 AM, Albert Tumanov wrote: I'm chasing a strange problem with Tomcat + SSL + APR + Firefox. Namely, the setup works perfectly (i.e. the client certificate is sent and the servlet application can get it). But if I allow the SSL connection to time out (it happens 1 minute after the last request), the servlet application does not get the client certificate anymore. Are you keeping an SSL connection for a long time? Or, do you mean that if you wait for slightly longer than 1 minute after the last SSL request to make another one, the client certificate does not get delivered to Tomcat? 1) go to https://localhost:8443/ssltest, it will show the client certificate Does the request complete successfully at this point: meaning that the TCP/IP connection is closed and you get all the bytes you expected from the server? 2) wait 1 minute 3) refresh browser - the application will not get the client certificate (request.getAttribute(javax.servlet.request.X509Certificate) returns null) I'm no SSL expert, but these two requests ought to be completely independent of each other: the client certificate should always be sent. I have traced the SSL packets using ssltap -sxlp 8444 localhost:8443 It shows that 1 minute after the last request, there will be Read EOF on Server socket. 1 minute after step #1 above, or step #3? In step #3, is the client certificate sent by the browser or not? After that, the problem starts occuring. I have compared ssltap traces for Firefox and Safari. They look pretty similar. The only significant difference is that Safari seems to terminate the connection by sending SSL alert packet. Terminates which connection? #1 or #3? In case of Firefox, it is the Tomcat server who sends the first SSL alert packet. Strange... - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEJNsACgkQ9CaO5/Lv0PCBXgCeL8ta3ZzmIg3f1LWkJz9QePN1 /JwAoITs0gccpdOkFBOnk/IJR0eJ8Rh2 =eZ/C -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 6 on solaris losing cookies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 George, On 2/22/2010 2:37 PM, George Baxter wrote: Thanks for everyone's help... it was indeed app code.. some old ugly legacy code was putting a reference to a request in a thread local variable and then not cleaning up the thread local reference when the request ended. When the thread was reused, it was referencing a request that was no longer valid (been recycled) and all things went downhill from there. Another coconut! We're still a bit confused as to why this code works fine in Tomcat 5.5 and fails so gloriously in 6, but I suppose the recycling model and maybe the thread handling model is different. Perhaps your app's code depends on this ThreadLocal being leaked across requests or something. I believe that Tomcat 6 (but not Tomcat 5.5) clears ThreadLocals placed in there by webapp code as a protection against memory leaks and weird issues like this. It's possible that your webapp can't exist in such a tidy environment :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEJVcACgkQ9CaO5/Lv0PCagACeM6oGNlUcK8/wERIx4goIyDHO QmQAoK3A//rJqMLoKxdMdMS5OeP7fLjD =XEyN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Regarding Connector in tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dude, On 2/22/2010 2:28 AM, Cummins College wrote: This has to done at runtime i.e without shutting down tomcat and re-starting it. Is it possible to access the http connector at runtime and change its attributes? Use JMX. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEJhMACgkQ9CaO5/Lv0PALngCfbZCQwJVKjt9suH/pddxmR0XJ /RwAni6WksxwBw5JbDhjKztoG/7rHWMM =6mtJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Webapp slow down after idle - 5.5.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, On 2/22/2010 2:14 PM, Peter Crowther wrote: On 22 February 2010 19:07, Caldarale, Charles R chuck.caldar...@unisys.com wrote: Sounds like the OS might be paging out Tomcat, and taking a long time to get all the necessary pages back in when a request is made. I'm not familiar with operational details of AIX, but I would suspect there are some system-level monitoring tools available to see if there is a paging spike in this situation. vmstat (http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds6/vmstat.htm) would do the job. No finesse, but sufficient information :-). +1 If Tomcat/JVM is being swapped-out or otherwise passivated, a simple are you alive script can be scheduled to run at intervals to keep Tomcat in memory. Something like every hour or maybe every minute, you could make a request to some trivial page like /ping.jsp. Another possibility is that your webapp uses database connections which are becoming stale during these periods of inactivity. Oracle, specifically, is well-known for taking a long time to re-establish a database connection, so it's possible you're waiting for that to happen after these idle times. Several solutions are possible, including: 1. Use the ping.jsp technique to also issue a trivial query against the database 2. Change your database connection configuration to allow for longer idle times - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEJwEACgkQ9CaO5/Lv0PDZCwCeM8Yc259GpiqPB/KkgotGdBVL epsAoID+/TlQ8FQSB4/4LpKLIsKewfhT =EuRI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Serving static files in a cluster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hassan, On 2/21/2010 9:36 AM, Hassan Schroeder wrote: On Sun, Feb 21, 2010 at 3:23 AM, imrank imran...@gmail.com wrote: Can I use the approach of having all the files sitting on a single NFS file server and have the different tomcat instances read/write the files to that server's filesystem? I guess theres gonna be some cost in terms of network latency... Not to mention creating a single point of failure. Alternatively, keep local copies on each server and use rsync to maintain consistent images. Or Hadoop, which I believe can be configured to copy-to-cluster either synchronously or asynchronously on write. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEKH8ACgkQ9CaO5/Lv0PBdvQCglBd9ppuj7Pvyq9D1fBSEXO1l ZvsAoJCMgBFSBgr85wUEOjXlNpEQW9JF =W50+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Serving static files in a cluster
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 2/21/2010 10:21 AM, André Warnier wrote: You can certainly do that on the base of symbolic links and NFS mounts for instance. Each Tomcat would contain something like : Just be sure that Tomcat doesn't delete your entire document repository when you undeploy. It would be better to have this document repo /outside/ of the docBase. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEKPMACgkQ9CaO5/Lv0PB9zACgpj+Ir3/Gi6onpc/YIs1lphbt ZKgAnjU0o1ffjlObDqXxiXEDn+8owZU9 =cK43 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Webapp slow down after idle - 5.5.x
On Tue, Feb 23, 2010 at 11:05 AM, Christopher Schultz ch...@christopherschultz.net wrote: Something like every hour or maybe every minute, you could make a request to some trivial page like /ping.jsp. Which is exactly what a service monitor like Nagios does -- plus it lets you know if the proper response isn't received (no response, error page/wrong page size, etc.). I would think every production system would have something like that in place as a matter of course. -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB connection error -Tomcat 6 config
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 2/20/2010 10:01 AM, Caldarale, Charles R wrote: From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: DB connection error -Tomcat 6 config BTW: i put my Oracle driver classes (classes12.jar or classes12.zip) in WEB-INF/lib That works if your webapp is managing the connection pool (or you're not using one). If Tomcat manages the connection pool, the JDBC classes must be placed where Tomcat's own code can access them. ...and if you're using Oracle 9i, circa 2001, on an abandoned JVM. That driver is so old - how old is it? - it's so old that it owes Fred Flintstone a food stamp. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEKxMACgkQ9CaO5/Lv0PBfwQCeIEBRvdGlYqZf1BTt2TCAIWLL vCgAn06qqtkPeNhGs14KJoBZjoBSupTv =ckx2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
Using 10g now... Thanks. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, February 23, 2010 1:23 PM To: Tomcat Users List Subject: Re: DB connection error -Tomcat 6 config -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 2/20/2010 10:01 AM, Caldarale, Charles R wrote: From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: DB connection error -Tomcat 6 config BTW: i put my Oracle driver classes (classes12.jar or classes12.zip) in WEB-INF/lib That works if your webapp is managing the connection pool (or you're not using one). If Tomcat manages the connection pool, the JDBC classes must be placed where Tomcat's own code can access them. ...and if you're using Oracle 9i, circa 2001, on an abandoned JVM. That driver is so old - how old is it? - it's so old that it owes Fred Flintstone a food stamp. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEKxMACgkQ9CaO5/Lv0PBfwQCeIEBRvdGlYqZf1BTt2TCAIWLL vCgAn06qqtkPeNhGs14KJoBZjoBSupTv =ckx2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Session id is invalid occurs randomly
Hi - I need a little help here. We are running Tomcat 5.5.17 APR/SSL, Sun JDK 1.5.0_06, Windows 2000 SP4 32-bit. We have a customer running IE as the client passing through an unknown proxy server. Sometimes they are running IE via a remote desktop, sometimes from their own desktop (if I interpreted the user correctly). It seems that they can login just fine and work just fine, most of the time. However, every now and then, they will get kicked out with an invalid session error. That is our software's error message to them, basically meaning we didn't get the session id we were expecting. I'm leaning toward the proxy trashing the session cookie, or presenting the wrong one, etc. I'm planning on adding the RequestDumper valve to their configuration to capture what is really going on. Does anyone have any other suggestions for me to look at? Jeff = Jeffrey W. Jannere-mail: jeffrey.jan...@polydyne.com mailto:jeffrey.jan...@polydyne.com PolyDyne Software Inc. web: http://www.polydyne.com/ http://www.polydyne.com/ 9390 Research Blvd. phone: (512) 343-9100 x8930 Building 1, Suite 400 fax: (512) 343-9297 Austin, TX 78759 = *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments.
Re: Serving static files in a cluster
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 2/21/2010 10:21 AM, André Warnier wrote: You can certainly do that on the base of symbolic links and NFS mounts for instance. Each Tomcat would contain something like : Just be sure that Tomcat doesn't delete your entire document repository when you undeploy. It would be better to have this document repo /outside/ of the docBase. YES. +1. I remember this, now. That was a very bad recommendation of mine. Something like that is in the documentation, or in a previous thread in this forum. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEKPMACgkQ9CaO5/Lv0PB9zACgpj+Ir3/Gi6onpc/YIs1lphbt ZKgAnjU0o1ffjlObDqXxiXEDn+8owZU9 =cK43 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
Yeah, Chuck, Martin, I did have my CLASSPATH referencing the following: .;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip; C:\Java\jdk1.6.0_18\bin; C:\oracle\ora92\jdbc\lib; C:\oracle\ora92\jdbc\lib\nls_charset11.zip; C:\oracle\ora92\jdbc\lib\classes111.zip; C:\oracle\ora92\jdbc\lib\ocrs12.zip You're saying remove those? (The last four references I presume). -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, February 19, 2010 6:04 PM To: Tomcat Users List Subject: RE: DB connection error -Tomcat 6 config From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: DB connection error -Tomcat 6 config Have you changed conf/catalina.properties, by any chance? No, I haven't -- should I do that? No; that file contains the classpaths for the various Tomcat classloaders. If you had changed it, it might explain why Tomcat wasn't finding the class of interest. Is the system CLASSPATH environment variable set to anything? (It shouldn't be.) Is the Oracle driver jar anywhere else on the system (in the jre/lib directory, for example)? Make sure it's not present in any other location the JVM might be getting into. Without having hands-on access to your system, it's difficult to tell what's wrong, but it's likely to be something bordering on the trivial. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: using my own LifecycleListener
On Feb 23, 2010, at 12:32 PM, Caldarale, Charles R wrote: The servlet spec is required reading before you ever touch any servlet container. Oops. Guess I missed that memo. Crap. Now I'm going to have to resign! I'm living a lie. ;) Jon Brisbin Portal Webmaster NPC International, Inc. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: DB connection error -Tomcat 6 config I did have my CLASSPATH referencing the following: .;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip; C:\Java\jdk1.6.0_18\bin; C:\oracle\ora92\jdbc\lib; C:\oracle\ora92\jdbc\lib\nls_charset11.zip; C:\oracle\ora92\jdbc\lib\classes111.zip; C:\oracle\ora92\jdbc\lib\ocrs12.zip You're saying remove those? (The last four references I presume). No, remove all of them. Never, ever have the CLASSPATH variable set. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session id is invalid occurs randomly
On 23/02/2010 19:54, Jeffrey Janner wrote: Hi - I need a little help here. We are running Tomcat 5.5.17 APR/SSL, Sun JDK 1.5.0_06, Windows 2000 SP4 32-bit. We have a customer running IE as the client passing through an unknown proxy server. Sometimes they are running IE via a remote desktop, sometimes from their own desktop (if I interpreted the user correctly). It seems that they can login just fine and work just fine, most of the time. However, every now and then, they will get kicked out with an invalid session error. That is our software's error message to them, basically meaning we didn't get the session id we were expecting. I'm leaning toward the proxy trashing the session cookie, or presenting the wrong one, etc. I'm planning on adding the RequestDumper valve to their configuration to capture what is really going on. Does anyone have any other suggestions for me to look at? I'd use tcpdump / wireshark. You get more complete information in an easier to handle format and no risk to breaking the app. Mark Jeff = Jeffrey W. Jannere-mail: jeffrey.jan...@polydyne.com mailto:jeffrey.jan...@polydyne.com PolyDyne Software Inc. web: http://www.polydyne.com/ http://www.polydyne.com/ 9390 Research Blvd. phone: (512) 343-9100 x8930 Building 1, Suite 400 fax: (512) 343-9297 Austin, TX 78759 = *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
The first line had come preset by the desktop guys who image the build. I'll take them all out and see what happens. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, February 23, 2010 2:40 PM To: Tomcat Users List Subject: RE: DB connection error -Tomcat 6 config From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: DB connection error -Tomcat 6 config I did have my CLASSPATH referencing the following: .;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip; C:\Java\jdk1.6.0_18\bin; C:\oracle\ora92\jdbc\lib; C:\oracle\ora92\jdbc\lib\nls_charset11.zip; C:\oracle\ora92\jdbc\lib\classes111.zip; C:\oracle\ora92\jdbc\lib\ocrs12.zip You're saying remove those? (The last four references I presume). No, remove all of them. Never, ever have the CLASSPATH variable set. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
More heap space for jhat
My dump file: -rw-r--r-- 1 root root 1101517561 Feb 23 20:13 heap When I run jhat on this I get: Exception in thread main java.lang.OutOfMemoryError: Java heap space Is there a way to make jhat use more memory? I cannot find a command line option that does this. Thanks jon soons - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
Ok, did all that (removal of all CP variables), and I did find references of the Oracle jar files ojdbc14.jar and ojdbc14_g.jar in the C:\Program Files\Oracle\jre\1.1.8\lib folder, so I removed those too (came with the laptop build, I believe - they were there before I got it). But I still get the following error. exception org.apache.jasper.JasperException: An exception occurred processing JSP page /chngctrl/change_ctrl_rslts_impactidentifier.jsp at line 126 123: DataSource ds = (DataSource) 124: envCtx.lookup(jdbc/myoracle); 125: // Allocate and use a connection from the pool 126: Connection connection = ds.getConnection(); 127: Stacktrace: org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:401) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) root cause javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'oracle.jdbc.OracleDriver' org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:862) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:791) org.apache.jsp.chngctrl.change_005fctrl_005frslts_005fimpactidentifier_jsp._jspService(change_005fctrl_005frslts_005fimpactidentifier_jsp.java:750) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) root cause org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'oracle.jdbc.OracleDriver' org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1136) org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880) org.apache.jsp.chngctrl.change_005fctrl_005frslts_005fimpactidentifier_jsp._jspService(change_005fctrl_005frslts_005fimpactidentifier_jsp.java:192) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) root cause java.lang.ClassNotFoundException: oracle.jdbc.OracleDriver java.net.URLClassLoader$1.run(URLClassLoader.java:202) java.security.AccessController.doPrivileged(Native Method) java.net.URLClassLoader.findClass(URLClassLoader.java:190) sun.misc.Launcher$ExtClassLoader.findClass(Launcher.java:229) java.lang.ClassLoader.loadClass(ClassLoader.java:307) java.lang.ClassLoader.loadClass(ClassLoader.java:248) java.lang.Class.forName0(Native Method) java.lang.Class.forName(Class.java:169) org.apache.tomcat.dbcp.dbcp.BasicDataSource.createDataSource(BasicDataSource.java:1130) org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880) org.apache.jsp.chngctrl.change_005fctrl_005frslts_005fimpactidentifier_jsp._jspService(change_005fctrl_005frslts_005fimpactidentifier_jsp.java:192) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) note The full stack trace of the root cause is available in the Apache Tomcat/6.0.24 logs. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, February 23, 2010 2:40 PM To: Tomcat Users List Subject: RE: DB connection error -Tomcat 6 config From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: DB connection error -Tomcat 6 config I did have my CLASSPATH referencing the following: .;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip; C:\Java\jdk1.6.0_18\bin; C:\oracle\ora92\jdbc\lib; C:\oracle\ora92\jdbc\lib\nls_charset11.zip; C:\oracle\ora92\jdbc\lib\classes111.zip;
RE: Session id is invalid occurs randomly
Thanks Mark. Actually, on a little more research I was going to change to the RequestDumperFilter instead of the valve for just that reason. I'll look into tcpdump/wireshark. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, February 23, 2010 2:46 PM To: Tomcat Users List Subject: Re: Session id is invalid occurs randomly On 23/02/2010 19:54, Jeffrey Janner wrote: Hi - I need a little help here. We are running Tomcat 5.5.17 APR/SSL, Sun JDK 1.5.0_06, Windows 2000 SP4 32-bit. We have a customer running IE as the client passing through an unknown proxy server. Sometimes they are running IE via a remote desktop, sometimes from their own desktop (if I interpreted the user correctly). It seems that they can login just fine and work just fine, most of the time. However, every now and then, they will get kicked out with an invalid session error. That is our software's error message to them, basically meaning we didn't get the session id we were expecting. I'm leaning toward the proxy trashing the session cookie, or presenting the wrong one, etc. I'm planning on adding the RequestDumper valve to their configuration to capture what is really going on. Does anyone have any other suggestions for me to look at? I'd use tcpdump / wireshark. You get more complete information in an easier to handle format and no risk to breaking the app. Mark Jeff = Jeffrey W. Jannere-mail: jeffrey.jan...@polydyne.com mailto:jeffrey.jan...@polydyne.com PolyDyne Software Inc. web: http://www.polydyne.com/ http://www.polydyne.com/ 9390 Research Blvd. phone: (512) 343-9100 x8930 Building 1, Suite 400 fax: (512) 343-9297 Austin, TX 78759 = *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB connection error -Tomcat 6 config
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry, I'm glad to hear that you got everything working. Just to sum up, this should have been all you needed to to in order to migrate from 4.1 to 6.0: 0. Install Tomcat 6.0.x 1. Copy yourapp.war from tomcat4/webapps/yourwpp.war to tomcat6/webapps 2. Copy JDBC driver to tomcat6/lib 3. Create tomcat6/webapps/yourwebapp.war/META-INF/context.xml containing: Context ... Resource name=jdbc/resourcename type=javax.sql.DataSource .. / /Context That should be about it. If you want logging, too, that's a different story :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEQq8ACgkQ9CaO5/Lv0PBL0gCgno3HSlfLoH+X/CEBQs1MtnRd bkgAoLxK3/ISlGkObed/z0oi+Xz3BmBN =Ahhp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Question about SSL
I need to implement SSL for Tomcat 6.0.24 on Windows 2003 Server R2 SP2 that is already running IIS 6.0. Should I implement SSL using IIS or Tomcat? There are other webapps running under this Tomcat that do not require https. Reading through the docs: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Configuration The process seems easy enough. Generate a keystore and uncomment the SSL connector in server.xml, changing the default password, and pointing the keystore path correctly. I do not have the Tomcat native library installed, so JSSE applies for me. ...Any page within an application can be requested over a secure socket by simply prefixing the address with https: instead of http:. When I enable SSL, this means that it is enabled for every webapp running under that Tomcat? The user can choose the protocol for the URL even if it is not required? ...It is not strictly necessary to run an entire web application over SSL, and indeed a developer can pick and choose which pages require a secure connection and which do not. Where do I configure this? I only need one URL to be available via https: Leo Donahue
RE: More heap space for jhat
From: Jonathan Soons [mailto:jso...@juilliard.edu] Subject: More heap space for jhat When I run jhat on this I get: Exception in thread main java.lang.OutOfMemoryError: Java heap space Is there a way to make jhat use more memory? I cannot find a command line option that does this. To quote from the Sun documentation on jhat: -Jflag Pass flag to the Java virtual machine on which jhat is run. For example, -J-Xmx512m to use a maximum heap size of 512MB. http://java.sun.com/javase/6/docs/technotes/tools/share/jhat.html The -J option is the standard mechanism for most if not all of the JDK tools. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question about SSL
From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Subject: Question about SSL I need to implement SSL for Tomcat 6.0.24 on Windows 2003 Server R2 SP2 that is already running IIS 6.0. Should I implement SSL using IIS or Tomcat? Probably IIS, but I'm not very familiar with it. Some browsers (guess who?) get confused will SSL over a non-standard port, and IIS has probably already grabbed 443. When I enable SSL, this means that it is enabled for every webapp running under that Tomcat? Enabled, but not forced; HTTPS normally uses port 443, regular HTTP port 80. If the client chooses to send the request to 443, it must use SSL. The user can choose the protocol for the URL even if it is not required? Yes. ...It is not strictly necessary to run an entire web application over SSL, and indeed a developer can pick and choose which pages require a secure connection and which do not. Where do I configure this? Read section 12 of the servlet spec. You need to configure a transport-guarantee of CONFIDENTIAL for the desired URL pattern(s). This will cause requests over non-secure connections to be redirected to the secure port. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
Let me give that a shot, and see if it works. Odd thing is that I've purposefully changed the xml reference of oracle.jdcb.OracleDriver reference to the deprecated version of oracle.jdcb.driver.OracleDriver to see how or if the errors being thrown would be stated differently, and they're not being done so. Just the same error ref of Class can't be found - oracle.jdcb.driver.OracleDriver All the while, it's there. But let me try this again and see. Thanks, Chris. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, February 23, 2010 3:04 PM To: Tomcat Users List Subject: Re: DB connection error -Tomcat 6 config -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry, I'm glad to hear that you got everything working. Just to sum up, this should have been all you needed to to in order to migrate from 4.1 to 6.0: 0. Install Tomcat 6.0.x 1. Copy yourapp.war from tomcat4/webapps/yourwpp.war to tomcat6/webapps 2. Copy JDBC driver to tomcat6/lib 3. Create tomcat6/webapps/yourwebapp.war/META-INF/context.xml containing: Context ... Resource name=jdbc/resourcename type=javax.sql.DataSource .. / /Context That should be about it. If you want logging, too, that's a different story :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEQq8ACgkQ9CaO5/Lv0PBL0gCgno3HSlfLoH+X/CEBQs1MtnRd bkgAoLxK3/ISlGkObed/z0oi+Xz3BmBN =Ahhp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Webapp slow down after idle - 5.5.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hassan, On 2/23/2010 2:19 PM, Hassan Schroeder wrote: On Tue, Feb 23, 2010 at 11:05 AM, Christopher Schultz ch...@christopherschultz.net wrote: Something like every hour or maybe every minute, you could make a request to some trivial page like /ping.jsp. Which is exactly what a service monitor like Nagios does -- plus it lets you know if the proper response isn't received (no response, error page/wrong page size, etc.). I would think every production system would have something like that in place as a matter of course. I would think so. We have our own that reports heap usage, database connection pool usage, and the patch level of the JVM. We can use it to graph memory usage over long periods of time using whatever sampling rate we choose, because it's all based upon when the request is made. Every 5 minutes? No problem. Every 5 seconds? Just change the cron job. :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuETK8ACgkQ9CaO5/Lv0PCdVwCfWqWqmEloAvZvjDCuGs8LdTzh C0UAoKOxjXHGvi0QoOPQkhyvjl9uStn2 =Uxtn -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to replace the HttpSession implementation in Tomcat?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tsirkin, On 2/23/2010 1:49 PM, Tsirkin Evgeny wrote: On Tue, Feb 23, 2010 at 8:08 PM, Christopher Schultz ch...@christopherschultz.net wrote: I guess tomcat authentication is broken for me - tomcat is probably writing something in session _ before _ the filter loads the data into it from db. That is true: Tomcat does session work /before/ filters are invoked, but it also has something called the session note which is essentially a private attribute that can be used for things like authentication state information. The HttpSession has no access to this except through introspection, which could be disabled by a SecurityManager I'd imagine. This probably can be fixed if i do not rip the old data written by tomcat and just add my own ,but i just don't use tomcat auth. If you're not using container-based authentication, then I guess it doesn't matter. That means that things like flow-resuming (where your original request is re-submitted after successful authentication) won't work. What's flow-resuming is ?How a request can be resumed ?Doesn't this goes againt the idea of http is staitless ,that's vrey interesting? See section 12.5.3 of the servlet (2.5) specification which lays this all out in plain English. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuETaUACgkQ9CaO5/Lv0PDHggCeOrnsxbjOuB0THbM80BBmeJSe BEEAnRglqa3NXiGhX7+2IoFIWbotMCLl =4KTl -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: DB connection error -Tomcat 6 config Odd thing is that I've purposefully changed the xml reference of oracle.jdcb.OracleDriver reference to the deprecated version of oracle.jdcb.driver.OracleDriver to see how or if the errors being thrown would be stated differently, and they're not being done so. Just the same error ref of Class can't be found - oracle.jdcb.driver.OracleDriver Is the above a typo on your part, or does the error really say jdcb? If the error is continuing regardless of how you set the attribute in the Resource element, then your Resource element is being ignored. Look for a Context element in conf/Catalina/[host]/[appName].xml; if that file exists, it will override the one in the webapp's META-INF/context.xml file. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session id is invalid occurs randomly
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey, On 2/23/2010 2:54 PM, Jeffrey Janner wrote: It seems that they can login just fine and work just fine, most of the time. However, every now and then, they will get kicked out with an invalid session error. That is our software's error message to them, basically meaning we didn't get the session id we were expecting. I'm leaning toward the proxy trashing the session cookie, or presenting the wrong one, etc. Is it possible that your error message is wrong? We have an ancient app that runs home to mama when anything goes wrong and displays a message that says An error occurred, probably because your session timed out. The original devs didn't bother to do nice things like null-checking and just assumed that the session state would be sane: when errors occurred, it was usually because the session went away. Anyhow, we sometimes get SQLExceptions that trigger this error message and people complain that their session couldn't have timed out. It would be funny if it weren't in production :( I'm planning on adding the RequestDumper valve to their configuration to capture what is really going on. Make sure to dump the requested session id as well as the id of the session actually used. If the user is requesting a session and not getting it, that may be useful information. Any idea if these clients are using cookies or not? Sometimes a missing response.encodeURL() call can ruin your whole day. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuETwwACgkQ9CaO5/Lv0PACPgCgiCfgL4aizr2GyGFRoUKotlzW cs8AoLxG8Mnc/L9q//aOX/jZsLB8PYn/ =FzoK -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question about SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck and Leo, On 2/23/2010 4:25 PM, Caldarale, Charles R wrote: From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Subject: Question about SSL ...It is not strictly necessary to run an entire web application over SSL, and indeed a developer can pick and choose which pages require a secure connection and which do not. Where do I configure this? Read section 12 of the servlet spec. You need to configure a transport-guarantee of CONFIDENTIAL for the desired URL pattern(s). This will cause requests over non-secure connections to be redirected to the secure port. While it may seem like transport-guarantee will meet all your needs, we have a lot of folks asking questions on the list about secure-login, but non-secure access to the rest of the webapp. There are arguments both for and against this practice, but there are a couple of things to consider: 1. transport-guarantee doesn't apply (I think) to the login page that Tomcat serves, even if you set it. This is because Tomcat does an internal forward from the requested resource (say, /protected.jsp) to your login page. 2. Tomcat doesn't automatically use HTTPS for your call to j_security_check, so make sure that your login form /does/ use HTTPS in it's URL. 3. If you are allowing clients to use cookies, you'll need to make sure that your JSESSIONID cookie is created in non-secure mode, otherwise you'll get a session assigned to you that is only accessible via HTTPS and you'll confuse the hell our of yourself trying to figure out why it's not working. That last one can be a real PITA: if you're looking for secure-auth /only/, then you'll have to design your pages to ensure that your cookies are always in non-secure-mode but that j_security_check does get sent over HTTPS. Hope that helps., - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEUNMACgkQ9CaO5/Lv0PC65ACeKXZiaDWg7XB11SmwjAO/1BQo TV0AoI67PshphTce5w+c76q2ESLGcnjI =FKxX -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
Sorry -- that is a typo only. Ok, thanks, Chuck. I'll look to kill off any Context element in the conf folder that might be interfering with the META-INF version. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, February 23, 2010 3:52 PM To: Tomcat Users List Subject: RE: DB connection error -Tomcat 6 config From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: DB connection error -Tomcat 6 config Odd thing is that I've purposefully changed the xml reference of oracle.jdcb.OracleDriver reference to the deprecated version of oracle.jdcb.driver.OracleDriver to see how or if the errors being thrown would be stated differently, and they're not being done so. Just the same error ref of Class can't be found - oracle.jdcb.driver.OracleDriver Is the above a typo on your part, or does the error really say jdcb? If the error is continuing regardless of how you set the attribute in the Resource element, then your Resource element is being ignored. Look for a Context element in conf/Catalina/[host]/[appName].xml; if that file exists, it will override the one in the webapp's META-INF/context.xml file. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question about SSL
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Question about SSL 1. transport-guarantee doesn't apply (I think) to the login page that Tomcat serves, even if you set it. If the requested resource is covered by the security constraint that includes the transport-guarantee of CONFIDENTIAL, the login page will be protected. The redirect to the SSL port happens before the login. That last one can be a real PITA: if you're looking for secure-auth /only/, then you'll have to design your pages to ensure that your cookies are always in non-secure-mode but that j_security_check does get sent over HTTPS. And, as we keep trying to drum into people, having an encrypted login but unencrypted pages serves little purpose, since the now trusted jsessionid is visible to anyone who can see the traffic - such as your neighbor on your cable-based ISP. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: DB connection error -Tomcat 6 config
Ok, Chris -- I blew away the new version I'd made, and recreated the webapps ensuring I went in this order. I'm still getting an error, but now it seems confined to the jdbc/env lookup reference I'd earlier tried to make. I've put that reference, as noted below in your email, in the appropriate webapp folder, /META-INF/context.xml. Now my stack trace appears like so: - message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: An exception occurred processing JSP page /chngctrl/change_ctrl_rslts_condensed.jsp at line 115 112: Context envCtx = (Context) initCtx.lookup(java:comp/env); 113: // Look up our data source 114: DataSource ds = (DataSource) 115: envCtx.lookup(jdbc/myoracle); 116: // Allocate and use a connection from the pool 117: Connection connection = ds.getConnection(); 118: Stacktrace: org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:510) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:401) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) root cause javax.servlet.ServletException: javax.naming.NameNotFoundException: Name jdbc is not bound in this Context org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:862) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:791) org.apache.jsp.chngctrl.change_005fctrl_005frslts_005fcondensed_jsp._jspService(change_005fctrl_005frslts_005fcondensed_jsp.java:428) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) root cause javax.naming.NameNotFoundException: Name jdbc is not bound in this Context org.apache.naming.NamingContext.lookup(NamingContext.java:770) org.apache.naming.NamingContext.lookup(NamingContext.java:153) org.apache.jsp.chngctrl.change_005fctrl_005frslts_005fcondensed_jsp._jspService(change_005fctrl_005frslts_005fcondensed_jsp.java:181) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:377) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:313) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:260) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) note The full stack trace of the root cause is available in the Apache Tomcat/6.0.24 logs. -- Thanks, Chris Barry, 0. Install Tomcat 6.0.x 1. Copy yourapp.war from tomcat4/webapps/yourwpp.war to tomcat6/webapps 2. Copy JDBC driver to tomcat6/lib 3. Create tomcat6/webapps/yourwebapp.war/META-INF/context.xml containing: Context ... Resource name=jdbc/resourcename type=javax.sql.DataSource .. / /Context That should be about it. If you want logging, too, that's a different story :) - -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Session id is invalid occurs randomly
*** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. ---BeginMessage--- Chris - No, it's not an incorrect error message. My dev team assures me that the message only occurs if the provided session ID does not match the one attached to the user in the database. I watched the database the user, and the DB value didn't change after the initial login, but the user got the message on the next link he clicked on after login. There wasn't an opportunity for something to have made the session go away. The app is deployed a couple of dozen times here with hundreds of users, and these guys are the only ones expressing the problem. I've forgotten which version of IE, looked like 7 or 8, but it is set up in standard IE cookie mode, that is, he wasn't overriding the default handling mechanism. Jeff -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, February 23, 2010 3:56 PM To: Tomcat Users List Subject: Re: Session id is invalid occurs randomly -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey, On 2/23/2010 2:54 PM, Jeffrey Janner wrote: It seems that they can login just fine and work just fine, most of the time. However, every now and then, they will get kicked out with an invalid session error. That is our software's error message to them, basically meaning we didn't get the session id we were expecting. I'm leaning toward the proxy trashing the session cookie, or presenting the wrong one, etc. Is it possible that your error message is wrong? We have an ancient app that runs home to mama when anything goes wrong and displays a message that says An error occurred, probably because your session timed out. The original devs didn't bother to do nice things like null-checking and just assumed that the session state would be sane: when errors occurred, it was usually because the session went away. Anyhow, we sometimes get SQLExceptions that trigger this error message and people complain that their session couldn't have timed out. It would be funny if it weren't in production :( I'm planning on adding the RequestDumper valve to their configuration to capture what is really going on. Make sure to dump the requested session id as well as the id of the session actually used. If the user is requesting a session and not getting it, that may be useful information. Any idea if these clients are using cookies or not? Sometimes a missing response.encodeURL() call can ruin your whole day. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuETwwACgkQ9CaO5/Lv0PACPgCgiCfgL4aizr2GyGFRoUKotlzW cs8AoLxG8Mnc/L9q//aOX/jZsLB8PYn/ =FzoK -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org ---End Message--- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat dies suddenly
Chris, There was no core dump or hs_* file. The strace output looks like it was overwritten this morning at 1:00AM, crap, double crap. What's the consensus on moving to the IBM JVM or rerunning this test (Sun JVM) to failure to get a good strace output? I screwed up... sorry. Thanks, Carl - Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, February 23, 2010 1:13 PM Subject: Re: Tomcat dies suddenly -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Carl, On 2/23/2010 7:08 AM, Carl wrote: Just an update. After 8 1/2 days, on the newly built Slackware machine with the JRE in the Slackware distribution removed bebore installing the operating system and using the newest version of the mysql-connector, the system failed in exactly the same fashion as the previous attempts: ran beautifully right up to the point of failure and the failure was the JVM being stopped with a reported seg fault. ...and?! What does strace say? Or, the hs_* file that should have been dumped? Or your core file or whatever? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuEGrUACgkQ9CaO5/Lv0PCwBACfb7RjY+gFnKIe3I0WWuwZvywo aIAAn1NdVr0Pp8HGsK74arolpbKWrwrO =F403 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Trouble with CLIENT-CERT authentication method
On 2/19/10, Christopher Schultz ch...@christopherschultz.net wrote: So, with clientAuth=false, how do you get a client certificate to use for authentication? Or, does the presence of the CLIENT-CERT in web.xml trigger an SSL-renegotiation where the client cert /is/ requested from the client. The presence of CLIENT-CERT: login-config auth-methodCLIENT-CERT/auth-method /login-config in web.xml triggers the renegotiation and the client cert is requested from the client. As Mark pointed out, this exposes the TLS bug CVE-2009-355 so be warned! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question about SSL
Thank you both for the feeback. Much appreciated. In my case, I am enabling SSL for a webservice that issues tokens when users connect to a secure GIS web service over http from a web client. The end user loads a page that contains a JavaScript URL with a supplied token to a secure GIS web service. End users consuming the web service via a webpage are not required to log in. I use the Token service from the local server behind our firewall to generate the token that is embeded in the JavaScript webapp that the WWW users see. It can be restricted via the HTTP Referer or an IP address. However, end users (within our local network) who connect to my secured web service using a desktop client are required to supply a http URL to the web service with a username and password in a dialogue. The desktop client makes the request to the Token service but requires that service to be running in SSL. For anyone interested: http://webhelp.esri.com/arcgisserver/9.3.1/java/token_service.htm Secure Connection (HTTPS/SSL) required for Token Service My sysadmin suggested we disable IIS and let Tomcat handle the SSL certificates, since it seems easier to implement. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, February 23, 2010 3:19 PM To: Tomcat Users List Subject: RE: Question about SSL From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Question about SSL 1. transport-guarantee doesn't apply (I think) to the login page that Tomcat serves, even if you set it. If the requested resource is covered by the security constraint that includes the transport-guarantee of CONFIDENTIAL, the login page will be protected. The redirect to the SSL port happens before the login. That last one can be a real PITA: if you're looking for secure-auth /only/, then you'll have to design your pages to ensure that your cookies are always in non-secure-mode but that j_security_check does get sent over HTTPS. And, as we keep trying to drum into people, having an encrypted login but unencrypted pages serves little purpose, since the now trusted jsessionid is visible to anyone who can see the traffic - such as your neighbor on your cable-based ISP. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: DB connection error -Tomcat 6 config I'm still getting an error, but now it seems confined to the jdbc/env lookup reference I'd earlier tried to make. If you don't mind, post your Context element again. The error message indicates something doesn't match between what your JSP/servlet is requesting and what's registered via the Resource element. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat dies suddenly
-Original Message- From: Carl [mailto:c...@etrak-plus.com] Sent: Tuesday, February 23, 2010 5:09 AM To: Tomcat Users List Subject: Re: Tomcat dies suddenly Just an update. After 8 1/2 days, on the newly built Slackware machine with the JRE in the Slackware distribution removed bebore installing the operating system and using the newest version of the mysql-connector, the system failed in exactly the same fashion as the previous attempts: ran beautifully right up to the point of failure and the failure was the JVM being stopped with a reported seg fault. Changed this server to the IBM JVM. Tested it locally (directly accessed the IP within the DMZ) and it worked great. Switched it to production early this morning (4:30AM before people start coming onto the system) and everything seemed good. Then, specific customers (the rest were able to come in just fine) starting getting 404's (we use only https, didn't have a Carl, Just out of curiosity, have you tried building out machines with DIFFERENT hardware. E.G. building out a server using an IBM or HP computer, rather than than the ones you already have. If I recall correctly, you started this thread out with SIG 11's. SIG 11's on Linux are quite often hardware problems. I know you've done memtest, but sometimes that's not enough. Here's a link to a problem I had: http://archive.lug.boulder.co.us/Week-of-Mon-20071210/035903.html To make a long story short, there was random disk corruption that was happening. When I stopped using the on-board controller and went to a PCI one, the computer would reboot itself under heavy load. Some of the static burn-in utilities can miss hardware defects because they don't actually stress the system. E.G. power, CPU, disks, etc. The problem was a specific rev of a specific motherboard. I think you need to step back, get a computer from a different manufacturer and test. You've tried different OS's, different JVMs, different everything, but different hardware. By your own admission, the app used run flawlessly on an older server. When you've eliminated everything else, the thing that remains, however unlikely must be the culprit. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: More heap space for jhat
I recommend you use MAT (http://www.eclipse.org/mat/downloads.php) to analyze your heap dumps. It has the ability to load significantly large heap dumps on machines will limited resources. I have opened 4G heap dumps with MAT using a 2G heap. I'm sure I could have used less, but I didnt need to. The other option is to use jvisualvm (it comes with your Java6 JVM) if the process is still running. On Wed, Feb 24, 2010 at 6:18 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Jonathan Soons [mailto:jso...@juilliard.edu] Subject: More heap space for jhat When I run jhat on this I get: Exception in thread main java.lang.OutOfMemoryError: Java heap space Is there a way to make jhat use more memory? I cannot find a command line option that does this. To quote from the Sun documentation on jhat: -Jflag Pass flag to the Java virtual machine on which jhat is run. For example, -J-Xmx512m to use a maximum heap size of 512MB. http://java.sun.com/javase/6/docs/technotes/tools/share/jhat.html The -J option is the standard mechanism for most if not all of the JDK tools. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5.26 stops responding to all client from browser/applets for ~3minutes few times per day
Hi Pil, Yes, this symptom occurs on daily basis, randomly few times per day. I was told my client where they observed inaccessible table in the web page. The web page has the ability to sync (by sending HTTP request to the Servlet) with my application running on Tomcat for every interval of 20 seconds. If the web page does not updated periodically and exceeds to response limit, say 1 minutes, the expected result is inaccessible table in the web page. I only can track it through monitoring the network traffic and the log file written for every request processed by the Tomcat. Whenever a request from JSP page to the destination Servlet in the Tomcat Servlet container, I should see the logging of the activity. But right now I cannot see it unless the destination Servlet claimed to receive and respond to it. Thanks. Regads, hlchan. On Tue, Feb 23, 2010 at 11:06 PM, Pid p...@pidster.com wrote: On 23/02/2010 14:19, Caldarale, Charles R wrote: From: Hae Loong Chan [mailto:haelo...@gmail.com] Subject: Tomcat 5.5.26 stops responding to all client from browser/applets for ~3minutes few times per day I generated 3 thread dumps during the period (by detecting that no activity written to the log file and monitor the network activity) but I could not identify the root cause from my application. I could see the total number of threads are jumping from 210++ to 310++, after that it fall back to 210++. Most of the threads are the HTTP Processes. You need to examine /each/ thread carefully. (Rather laborious, but necessary.) It's likely that just one has locked something critical and caused everything else to back up behind it. The lock may not be a Java object, just something logically locked in your webapp. You may also have a situation where all the DB connections are tied up processing long-running queries or updates, again preventing all other threads from accessing the DB. It's remotely possible that everything is suspended for garbage collection, but given the duration of the delay, that seems unlikely. Turn on -verbose:gc to see if GC events correspond to the pauses. Does it occur at the same times every day, or at the same interval? (External DB backup perhaps?) p - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
NioConnector limits and comet requests
Hi, I'm trying to understand how the Tomcat 6.0 NIO connector handles the various limit attributes in the configuration, particularly in regards to comet requests. I've had a look at the source code, and I think I understand, but I'd like to confirm my understanding, and also ask some further questions. The acceptCount works just like it does on the other processors, it gets passed to the ServerSocket as the backlog parameter. This limit will be reached if the acceptor thread(s) aren't able to accept new requests quickly enough. This is where behaviour differs from the default HTTP connector, all the acceptor threads do is add the channel to a poller which uses the NIO selectors to wait on activity, and then return quickly. As far as I can see, the number of active selectors can be unlimited, is that right? Would there be any advantages in limiting this? What would happen if such a limit was reached? On the default HTTP connector though, when new requests arrive, the handler will block until it can get a free worker thread, so the acceptCount limit could easily be reached. In order to reach the acceptCount limit in the NIO connector, the server would have to be under a massive amount of load, such that the accept thread never gets scheduled to accept new connections. This would be a difficult limit to reach, so the acceptCount is possibly not a very useful parameter for the NIO connector. The maxThreads is the maximum number of worker threads, this is pretty straight forward, these threads do the actual work of the requests, eventually calling some servlet service() or comet processor event() method. There is another pool for comet requests, this is the connections map in the NIO connector. This is unlimited, and it's used to store all comet requests that are not currently being processed by a worker thread. Would there be any advantages to limiting this? What would happen if such a limit was reached? The poller threads just select on all the active channels, and hand work off to the worker threads. The number of threads allowed in this pool enforce no limits on concurrent requests. So, if my understanding of all this is correct, I can fire thousands/millions of requests at the example code in http://tomcat.apache.org/tomcat-6.0-doc/aio.html, and there is nothing in Tomcat that will prevent these from all being accepted, even if doing so may cause the server to become unresponsive as it tries to send a message to one million clients, or may cause out of memory errors. Would it be beneficial for Tomcat to have an inbuilt mechanism to fail gracefully should such a situation occur? I know that part of the advantage of NIO is that it handles DoS situations that are caused by making a small number of requests that read/write very slowly much better than the thread per request model, so such limits may be unlimited by default, but some applications may be able to benefit from setting a limit in Tomcat. Cheers, James - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session id is invalid occurs randomly
Hi Jeffery Check what else they have open when they access your application. There could be another J2EE application that does not scope it's session cookies correctly. We have had ongoing problems with SAP portal servers scoping session cookies across our whole domain, rather than scoping to the server they are running on. When this happens, you get a session that does not belong to you. Ask them to browse their cookies and tell you the scope (there are many Firefox plugins that will make this easy). Personally I think it is a shortcoming of the J2EE Servlet specification - all session cookies are named JSESSIONID. This is not honoured by some IBM products, but Tomcat adheres faithfully to the spec. Regards Ron - Original Message - From: Jeffrey Janner To: Tomcat Users List Sent: Wednesday, February 24, 2010 11:48 AM Subject: RE: Session id is invalid occurs randomly *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to replace the HttpSession implementation in Tomcat?
On Tue, Feb 23, 2010 at 11:50 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- What's flow-resuming is ?How a request can be resumed ?Doesn't this goes againt the idea of http is staitless ,that's vrey interesting? So,the flow-resuming you were talking about is just the mechanism of storing the request parameters and url and use them again after successful authentication,right? Yes,this probably would not work with custom session ,since tomcat probably stores the parameters and url in session. For this particular issue however i have implemented my own mechanism using custom cookies (server side cookies). Of course,all this is probably can not be reused and is tied to my particular env. . But it is a yes this can be done if really needed email. Evgeny See section 12.5.3 of the servlet (2.5) specification which lays this all out in plain English. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuETaUACgkQ9CaO5/Lv0PDHggCeOrnsxbjOuB0THbM80BBmeJSe BEEAnRglqa3NXiGhX7+2IoFIWbotMCLl =4KTl -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
