Re: mod-jk not called after PerlHandler gets called
Mohit Anchlia wrote: I posted this thread in mod_perl group: http://www.gossamer-threads.com/lists/modperl/modperl/102273 I thought I should ask here as well. Before someone on this list tells you to that you are in the wrong place, let me say a word : this question /is/ relevant to this list, in the sense that it implicates mod_jk, for which this is the right list. In fact, Mohit's question involves Apache httpd, mod_jk and mod_perl. The question here is in fact : given some JkMount directives in Apache, and also a setHandler mod_perl, which response handler will Apache select ? And the confusion is due to the not-so-clear fact that JkMount is in fact a setHandler instruction in disguise. So, Mohit, the problem is that this : JkMount /bridge/* tc and this : SetHandler modperl are in conflict. The first JkMount is in fact like a setHandler mod_jk IF the URL looks like /bridge/* But, a few lines later, you have an unconditional setHandler mod_perl, which overrides this JkMount. So in the end, the response handler is mod_perl, and mod_jk is forgotten. But then, in your mod_perl response handler, you return DECLINED. That tells Apache that it should look for another response handler. But mod_jk is already forgotten, so Apache finds only its own default handler, the one which tries to return the URL as a file on disk. Mohit, I believe that for the rest of this discussion, it is better to continue it on the mod_perl list, because the rest is not so relevant to mod_jk or Tomcat. Except that you should first read this page : http://tomcat.apache.org/connectors-doc/reference/apache.html and in particular the sections : Assigning URLs to Tomcat and Using SetHandler and Environment Variables - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[ANN] Apache Tomcat Twitter feed
Hi, We have launched the official Apache Tomcat project Twitter feed at: http://twitter.com/TheApacheTomcat We will regularly post there announce and other relevant news, and we are welcoming all new followers to our new Twitter feed. For those interested in ASF in general, there is also official ASF Twitter feed which can be accessed at: http://twitter.com/TheASF/ Regards -- The Apache Tomcat Team - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [SECURITY] CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability
The processing of applying the digital signature to the original e-mail made the patches hard to read. E-mail clients that can process digital signatures should undo this formatting. For those folks with an e-mail client that can't process OpenGPG signed e-mail, the patches have been placed on the download mirrors as part of the 6.0.29 and 7.0.4 distributions. To obtain the patches: For Tomcat 6 - Open http://tomcat.apache.org/download-60.cgi - Select 'Browse' from the Quick Navigation section - Select the patches directory For Tomcat 7 - Open http://tomcat.apache.org/download-70.cgi - Select 'Browse' from the Quick Navigation section - Select the patches directory The Apache Tomcat Security Team - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Server affinity instead of session affinity
On 23/11/2010 00:06, Andrew Hole wrote: There is a middleware-to-middleware connection between Tomcat A and Tomcat B using RMI (point-to-point protocol) and Tomcat A has in-memory data useful to App3. The same aproach in the second server: applications in tomcat d have RMI communication to tomcat c. I don't think there is a way to do this in mod_jk configuration. One way to do this would be base affinity on client IP address. You should be able to do something like the following in httpd: - get client IP address - if last octet is odd, redirect to machine 1 - else, redirect to machine 2 Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: clearThreadLocalMap and NullPointerException
On 23/11/2010 02:19, Blair Zajac wrote: Any suggestions in tracking this down? Would a custom Tomcat build that gets each key and value in a try/catch block be useful? Almost certainly. As far as I can tell there is a collections object in a thread local that is non-null yet returns null for a call to iterator(). That seems wrong to me. The root cause could be a bug in the collection class or it might be a side-effect of multiple threads accessing a non-thread-safe collection. Putting the value.toString() calls inside try-catches should make it more robust. I'll do that for 7.0.x and propose it for 6.0.x. Do let us know what the problem was when you find it. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: OutOfMemoryError some time on some tomcat
On 23/11/2010 06:55, Daniel Baktiar wrote: hi charles, please allow me to disagree to that hanging onto reference as the main issue. Daniel, You are completely wrong. I suggest you read this: http://wiki.apache.org/tomcat/MemoryLeakProtection and try out some of the sample code with a profiler. permgen space is garbage collector's specific issue, not general hanging onto reference issue. it is caused by redeployment, which is the metadata for classes, marked to be permanent generation by the hotspot garbage collector. when you deploy new classes, the class loader will introduce memory usages that will also marked as permanent generation. That might have been true with the JVMs of 10 years ago. It certainly isn't true today and hasn't been for quite some time. Unused classes can be GC'd from permgen. If you don't believe me, get yourself a profiler and test it for yourself. permgen is oracle hotspot specific implementation issue. you won't get it when you run on oracle jrockit (which performs just in time compilation), for example. Yes you will see the exact same problem in JRockit. However, it will take a lot longer since JRockit stores class information in the Java heap. That means you still have a memory leak but it takes a lot longer for it to trigger an OOME since you have to fill the entire heap first rather than 'just' filling permgen. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to access JSP and Servlet remotely ?
On 23/11/2010 06:56, surya.prakash wrote: even im facing same problem. i need to run jsp file from another system. With a question phrased like that, you aren't going to get much help here. Try reading this: http://www.catb.org/~esr/faqs/smart-questions.html and then re-phrase your question. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
org.apache.jasper.util.Entry object Heap Size
In one of our internet applications we are getting the heap memory consumption of almost 1.3 GB for org.apache.jasper.util.Entry object during analyzing the heap dump via eclipse memory analyzer tool. Now internally this object is pointing to one of our jsp's. The reference is as follows: org.apache.jasper.util.Entry - content - jspURI - value = /custom/company.jsp The total number of objects of this class is 60,000. Could you please indicate from the Tomcat perspective - when are the objects of this class created and under what scenarios would heap usage be to this high level? Thanks, Amit -- View this message in context: http://old.nabble.com/org.apache.jasper.util.Entry-object-Heap-Size-tp30283792p30283792.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: OutOfMemoryError some time on some tomcat!!!!1
hi, Chuck.Caldarale I referenced to these two links http://blogs.sun.com/fkieviet/entry/classloader_leaks_the_dreaded_java http://blogs.sun.com/fkieviet/entry/how_to_fix_the_dreaded and do as the blog tolds, but failed to find the reason of the oom of my app... thanks though.. by the way, do you have the the jhat the articals mentioned? I went to the jdk/bin, but the jhat there seems not work as the author mentioned. 2010/11/23 Daniel Baktiar dbakt...@gmail.com hi charles, please allow me to disagree to that hanging onto reference as the main issue. permgen space is garbage collector's specific issue, not general hanging onto reference issue. it is caused by redeployment, which is the metadata for classes, marked to be permanent generation by the hotspot garbage collector. when you deploy new classes, the class loader will introduce memory usages that will also marked as permanent generation. permgen is oracle hotspot specific implementation issue. you won't get it when you run on oracle jrockit (which performs just in time compilation), for example. --- daniel baktiar http://savinggaia.tritiumapps.com - saving the planet is everyone's business! On 23 November 2010 14:10, Caldarale, Charles R chuck.caldar...@unisys.comwrote: From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: OutOfMemoryError some time on some tomcat1 I just kept redeploying apps , and the perm gen keep growing each time I deploy the same app. and when I undeploy the app, the perm gen didn't clean the garbage Exactly the situation I suggested the other day: you have something that's hanging onto a reference to an object from your webapp classes, preventing the old webapp deployment from being garbage collected. Again, read this: http://wiki.apache.org/tomcat/FAQ/Memory Also, take a look at these: http://blogs.sun.com/fkieviet/entry/classloader_leaks_the_dreaded_java http://blogs.sun.com/fkieviet/entry/how_to_fix_the_dreaded - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: [ANN] New Tomcat committer: Christopher Schultz (schultz)
On 22.11.2010 21:52, Caldarale, Charles R wrote: On behalf of the Tomcat committers I am pleased to announce that Christopher Schultz (schultz) has been voted in as a new Tomcat committer. Please join me in welcoming him. And you thought you were busy before... Congratulations. Congratulations, and thanks for effort you make for Tomcat community. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: org.apache.jasper.util.Entry object Heap Size
On 23/11/2010 11:02, amitruwali wrote: In one of our internet applications we are getting the heap memory consumption of almost 1.3 GB for org.apache.jasper.util.Entry object during analyzing the heap dump via eclipse memory analyzer tool. Now internally this object is pointing to one of our jsp's. The reference is as follows: org.apache.jasper.util.Entry - content - jspURI - value = /custom/company.jsp The total number of objects of this class is 60,000. Could you please indicate from the Tomcat perspective - when are the objects of this class created and under what scenarios would heap usage be to this high level? There is no such class in any current Tomcat version. Since you haven't told us which version you are using, there is little more we can do to help. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: OutOfMemoryError some time on some tomcat!!!!1
hi xu, if you cannot find the jhat in the bin folder, most probably you were referring to jre folder, instead of jdk folder. i just checked it out, my jdk/bin folder has it, but not the case for my jre/bin folder. daniel --- daniel baktiar http://savinggaia.tritiumapps.com - saving the planet is everyone's business! On 23 November 2010 19:18, xu cheng xcheng@gmail.com wrote: hi, Chuck.Caldarale I referenced to these two links http://blogs.sun.com/fkieviet/entry/classloader_leaks_the_dreaded_java http://blogs.sun.com/fkieviet/entry/how_to_fix_the_dreaded and do as the blog tolds, but failed to find the reason of the oom of my app... thanks though.. by the way, do you have the the jhat the articals mentioned? I went to the jdk/bin, but the jhat there seems not work as the author mentioned. 2010/11/23 Daniel Baktiar dbakt...@gmail.com hi charles, please allow me to disagree to that hanging onto reference as the main issue. permgen space is garbage collector's specific issue, not general hanging onto reference issue. it is caused by redeployment, which is the metadata for classes, marked to be permanent generation by the hotspot garbage collector. when you deploy new classes, the class loader will introduce memory usages that will also marked as permanent generation. permgen is oracle hotspot specific implementation issue. you won't get it when you run on oracle jrockit (which performs just in time compilation), for example. --- daniel baktiar http://savinggaia.tritiumapps.com - saving the planet is everyone's business! On 23 November 2010 14:10, Caldarale, Charles R chuck.caldar...@unisys.comwrote: From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: OutOfMemoryError some time on some tomcat1 I just kept redeploying apps , and the perm gen keep growing each time I deploy the same app. and when I undeploy the app, the perm gen didn't clean the garbage Exactly the situation I suggested the other day: you have something that's hanging onto a reference to an object from your webapp classes, preventing the old webapp deployment from being garbage collected. Again, read this: http://wiki.apache.org/tomcat/FAQ/Memory Also, take a look at these: http://blogs.sun.com/fkieviet/entry/classloader_leaks_the_dreaded_java http://blogs.sun.com/fkieviet/entry/how_to_fix_the_dreaded - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: OutOfMemoryError some time on some tomcat
hi mark, thank you for showing my mistake. my apology to chuck also. i will read the article. --- daniel baktiar http://savinggaia.tritiumapps.com - saving the planet is everyone's business! On 23 November 2010 18:50, Mark Thomas ma...@apache.org wrote: On 23/11/2010 06:55, Daniel Baktiar wrote: hi charles, please allow me to disagree to that hanging onto reference as the main issue. Daniel, You are completely wrong. I suggest you read this: http://wiki.apache.org/tomcat/MemoryLeakProtection and try out some of the sample code with a profiler. permgen space is garbage collector's specific issue, not general hanging onto reference issue. it is caused by redeployment, which is the metadata for classes, marked to be permanent generation by the hotspot garbage collector. when you deploy new classes, the class loader will introduce memory usages that will also marked as permanent generation. That might have been true with the JVMs of 10 years ago. It certainly isn't true today and hasn't been for quite some time. Unused classes can be GC'd from permgen. If you don't believe me, get yourself a profiler and test it for yourself. permgen is oracle hotspot specific implementation issue. you won't get it when you run on oracle jrockit (which performs just in time compilation), for example. Yes you will see the exact same problem in JRockit. However, it will take a lot longer since JRockit stores class information in the Java heap. That means you still have a memory leak but it takes a lot longer for it to trigger an OOME since you have to fill the entire heap first rather than 'just' filling permgen. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: OutOfMemoryError some time on some tomcat!!!!1
From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: OutOfMemoryError some time on some tomcat1 hanging onto a reference to an object from your webapp classes, preventing the old webapp deployment from being garbage collected. what kind of object do you mean by saying this? Something is keeping a reference to an object (or class) defined in your webapp, or to the classloader for your webapp. Likely candidates include thread locals, loggers, and auxiliary threads started (but not stopped) by the webapp. Until the offending reference is nulled out, the object can't be collected, so its classloader can't be collected, so the old webapp stays in memory. Any heap profiler should be able to find the references to your webapp classes, although the process may well be tedious. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Server affinity instead of session affinity
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 11/23/2010 5:12 AM, Mark Thomas wrote: On 23/11/2010 00:06, Andrew Hole wrote: There is a middleware-to-middleware connection between Tomcat A and Tomcat B using RMI (point-to-point protocol) and Tomcat A has in-memory data useful to App3. The same aproach in the second server: applications in tomcat d have RMI communication to tomcat c. I don't think there is a way to do this in mod_jk configuration. One way to do this would be base affinity on client IP address. You should be able to do something like the following in httpd: - get client IP address - if last octet is odd, redirect to machine 1 - else, redirect to machine 2 What about Chuck's suggestion of having multiple JVMs with the same jvmRoute? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzr0pgACgkQ9CaO5/Lv0PCiUQCgmPrNHGz1bfUF0qmSfAOVfziA RUEAn1s2Fa5LoFa/CB9YOAdovXtSLIrX =zcqz -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Server affinity instead of session affinity
On 23/11/2010 14:41, Christopher Schultz wrote: Mark, On 11/23/2010 5:12 AM, Mark Thomas wrote: On 23/11/2010 00:06, Andrew Hole wrote: There is a middleware-to-middleware connection between Tomcat A and Tomcat B using RMI (point-to-point protocol) and Tomcat A has in-memory data useful to App3. The same aproach in the second server: applications in tomcat d have RMI communication to tomcat c. I don't think there is a way to do this in mod_jk configuration. One way to do this would be base affinity on client IP address. You should be able to do something like the following in httpd: - get client IP address - if last octet is odd, redirect to machine 1 - else, redirect to machine 2 What about Chuck's suggestion of having multiple JVMs with the same jvmRoute? It won't work. Apps are routed independently. If every Tomcat instance was running every app then the session ID can be shared between the apps and you get more options. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Server affinity instead of session affinity
With the configuration below and your explanations, I suppose that there is some kind of load-balancing going on between the two machines. What is used at the front-end to load-balance ? An idea (for the moment vague) would be to use some intelligent front-end, which would decide (maybe as Mark wrote, in function of the client IP address) to start chanelling one client to either machine 1 or machine 2 - and within it to Tomcat A,B,C or D - , set a cookie, and use this cookie later to keep sending the same client to the same back-end machine. Kind of a session on top of a session.. There is also the question of why App1-4 have to be split between different Tomcats. Why can you not run all apps within one single JVM/Tomcat ? Andrew Hole wrote: There is a middleware-to-middleware connection between Tomcat A and Tomcat B using RMI (point-to-point protocol) and Tomcat A has in-memory data useful to App3. The same aproach in the second server: applications in tomcat d have RMI communication to tomcat c. thanks On Mon, Nov 22, 2010 at 11:58 PM, André Warnier a...@ice-sa.com wrote: Andrew Hole wrote: Sorry for the inconvenience. I sent the email with wrong content. An example: Machine 1: Tomcat A App1 App2 Tomcat B App3 App4 Machine 2: Tomcat C App1 App2 Tomcat D App3 App4 Using session affinity, if I make a request to App1 and the Tomcat A in Machine 1 is selected. All the sequent requests will be redirected (within the same session) to the same Tomcat (tomcat A). However, if i make a request to App3, Tomcat B (machine 1) or Tomcat D (machine 2) could be selected. What I really want is that the request to App3 could be done to Tomcat B in machine 1 (the request was done using the same browser client). Ok, now I get it. My next question is : why ? Why is it important that, having started on Tomcat A with App1, the same client would get App3 on Tomcat B, rather than on Tomcat D ? What do Tomcat A and Tomcat B have in common, that Tomcat C and D don't ? And vice-versa. And , should your scheme still work if in the future, Tomcat A and Tomcat B were split onto two separate machines ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
how to keep session alive on the server side
I have a situation where client enters a long duration request and I need to keep the session alive for the client while this long duration request is going on. Since this long duration request could be hours, I do not want to change the default HTTP session timeout value. I also do not want to put the burden on the client to keep his session alive in the background (by making dummy requests). I want to be able to handle it inside tomcat, if possible. Is there a way to manipulate the lastAccessTime on the session object? -Ajay
Re: how to keep session alive on the server side
On 23/11/2010 17:58, Aggarwal, Ajay wrote: I have a situation where client enters a long duration request and I need to keep the session alive for the client while this long duration request is going on. Since this long duration request could be hours, I do not want to change the default HTTP session timeout value. I also do not want to put the burden on the client to keep his session alive in the background (by making dummy requests). I want to be able to handle it inside tomcat, if possible. Is there a way to manipulate the lastAccessTime on the session object? http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html org.apache.catalina.session.StandardSession.ACTIVITY_CHECK Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: how to keep session alive on the server side
From: Aggarwal, Ajay [mailto:ajay.aggar...@stratus.com] Subject: how to keep session alive on the server side I have a situation where client enters a long duration request and I need to keep the session alive for the client while this long duration request is going on. Since this long duration request could be hours, I do not want to change the default HTTP session timeout value. Does the client provide any indication that it's about to enter the long duration state? If so, you can call HttpSession.setMaxInactiveInterval() for that particular session from whatever JSP, servlet, or filter receives the indication. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to keep session alive on the server side
Aggarwal, Ajay wrote: I have a situation where client what kind of client ? enters a long duration request do you mean that the request takes a long time to send to the server, or that the server will take a long time to respond ? and I need to keep the session alive for the client ? or for the server ? while this long duration request is going on. Since this long duration request could be hours, I do not want to change the default HTTP session timeout value. I also do not want to put the burden on the client to keep his session alive in the background (by making dummy requests). I want to be able to handle it inside tomcat, if possible. Is there a way to manipulate the lastAccessTime on the session object? What I mean with the above is : if the client is a browser, and he sends a short request, and the server takes a long time to respond, then the browser will time out after a few minutes (4-5) and display an error page, thinking that the server is down. On the other hand, if your concern is that the server may time out the client session, while it is still processing the client request, then it should not do that. It should only start timing the client inactivity after it has responded to the request, no ? See servlet Specification v 3.0, sections 7.5 7.6. The session invalidation will not take effect until all servlets using that session have exited the service method. My interpretation of this is that the session timeout only counts *between* requests, not while a request is still being processed. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: vcs for hefty video and graphics files
On 22/11/2010 19:09, Harry Putnam wrote: Which of the main contenders: cvs subversion mercurial git bizarre Maybe a few more I don't know about, would be the best candidate for the usage and user described bizarre? Never heard of this VCS before... Each project would only run a month or 2 months at the most and then all but the final delivered version would be deleted. That version might be keep for a yr or so. Maybe it is pure heresy, but since all you want is to keep temporarily several very big and nearly incompressible files where diffs (or deltas?) are probably not significant, I would advance that a VCS won't be very useful here. Advantages of VCS are (among others): - make delta of changes to keep as little data as possible - compress this data (?) - keep changes indefinitely to be sure to have them when we need them - share and merge (changes from somebody else, or you elsewhere) Unless I missed something, these advantages doesn't seem to apply there. Some game makers keep track of their (large) binary files, along with the rest of the project (source code). Rarely in isolation. Perforce and PlasticSCM both boast superior support of these files, I won't comment on these allegations (over other VCS), just having no experience here. Somehow, in your case, the good old way of keeping copies renamed to keep the version (or kept in specific directories) might work for you... Perhaps along with a small text file with comments on content of each file. PS.: I don't see why you included Tomcat list... -- Philippe Lhoste -- (near) Paris -- France -- http://Phi.Lho.free.fr -- -- -- -- -- -- -- -- -- -- -- -- -- -- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: how to keep session alive on the server side
I guess I need to explain my situation little better. It is slightly complicated so bear with me. I have 2 types of servlets. Type-1 servlets make use of sessions (using JSESSIONID cookie) and type-2 servlets do not use JSESSIONID cookie and instead implement some API specs which require the authentication token to be passed by the client as part of each request (request here is XML in the body of HTTP request). They are part of same Tomcat application because my clients are mix clients which make use of functionality provided by both type of servlets. These mix clients first login using a type-1 servlet. As part of the successful login, they get an authentication token back, which is HTTP session's id. These clients use this token (in XML request) when they talk to type-2 servlets. I have implemented a session listener to keep track of authenticated HTTP sessions in type-1 servlets. So the type-2 servlets are able to validate the authentication token with my session listener. I had to tell all this background to clarify that my long duration request does not directly come on the session that I need to keep alive. Instead this long duration request comes on type-2 servlet. Note that type-2 servlets do not use JSESSIONID cookie. And my challenge is to keep the corresponding HTTP session alive, the one that maps to the given authentication token from this long duration request. So I was hoping for something like httpSession.setLastAccessTime (now)... or some other trick. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Tuesday, November 23, 2010 2:47 PM To: Tomcat Users List Subject: Re: how to keep session alive on the server side Aggarwal, Ajay wrote: I have a situation where client what kind of client ? enters a long duration request do you mean that the request takes a long time to send to the server, or that the server will take a long time to respond ? and I need to keep the session alive for the client ? or for the server ? while this long duration request is going on. Since this long duration request could be hours, I do not want to change the default HTTP session timeout value. I also do not want to put the burden on the client to keep his session alive in the background (by making dummy requests). I want to be able to handle it inside tomcat, if possible. Is there a way to manipulate the lastAccessTime on the session object? What I mean with the above is : if the client is a browser, and he sends a short request, and the server takes a long time to respond, then the browser will time out after a few minutes (4-5) and display an error page, thinking that the server is down. On the other hand, if your concern is that the server may time out the client session, while it is still processing the client request, then it should not do that. It should only start timing the client inactivity after it has responded to the request, no ? See servlet Specification v 3.0, sections 7.5 7.6. The session invalidation will not take effect until all servlets using that session have exited the service method. My interpretation of this is that the session timeout only counts *between* requests, not while a request is still being processed. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: OutOfMemoryError some time on some tomcat!!!!1
Don't bother with jhat, try eclipse Memory Analysis Tool instead. It's much more friendly and efficient to find leaks. On 23 nov. 2010, at 12:18, xu cheng wrote: hi, Chuck.Caldarale I referenced to these two links http://blogs.sun.com/fkieviet/entry/classloader_leaks_the_dreaded_java http://blogs.sun.com/fkieviet/entry/how_to_fix_the_dreaded and do as the blog tolds, but failed to find the reason of the oom of my app... thanks though.. by the way, do you have the the jhat the articals mentioned? I went to the jdk/bin, but the jhat there seems not work as the author mentioned. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Server affinity instead of session affinity
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 11/23/2010 10:27 AM, André Warnier wrote: With the configuration below and your explanations, I suppose that there is some kind of load-balancing going on between the two machines. What is used at the front-end to load-balance ? An idea (for the moment vague) would be to use some intelligent front-end, which would decide (maybe as Mark wrote, in function of the client IP address) to start chanelling one client to either machine 1 or machine 2 - and within it to Tomcat A,B,C or D - , set a cookie, and use this cookie later to keep sending the same client to the same back-end machine. Kind of a session on top of a session.. I believe there was a presentation at ApacheCon where someone presented something like this. I didn't attend, but I heard that a relatively simply use of httpd's mod_headers was used to essentially synthesize sticky sessions. The same technique could be applied to do a sort of server stickiness: 1. Check the request for a SERVER_AFFINITY cookie 2. If none exists, choose a server however you like and set SERVER_AFFINITY=A/B or D/C 3. Given a server affinity, send the request to a specific back-end server. Note that #3 can be achieved by simply choosing an AJP worker that is not a load-balancer. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzsK6kACgkQ9CaO5/Lv0PCZWACgwBnHTtm61U3tRM1QXP1w+Tdp EOQAn0YPzA8SVbO589e+V++qS8fS2cIl =Hh7E -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to keep session alive on the server side
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 11/23/2010 1:46 PM, Caldarale, Charles R wrote: From: Aggarwal, Ajay [mailto:ajay.aggar...@stratus.com] Subject: how to keep session alive on the server side I have a situation where client enters a long duration request and I need to keep the session alive for the client while this long duration request is going on. Since this long duration request could be hours, I do not want to change the default HTTP session timeout value. Does the client provide any indication that it's about to enter the long duration state? If so, you can call HttpSession.setMaxInactiveInterval() for that particular session from whatever JSP, servlet, or filter receives the indication. +1 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzsLUQACgkQ9CaO5/Lv0PCJqQCggGYgrWMMXot0GcewwcenR1FM IzQAniHYsOs1iJfVMmn2T7vHoOnfk/N4 =0ZGB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: how to keep session alive on the server side
I am little reluctant to use HttpSession.setMaxInactiveInterval() for couple of reasons: 1) I don't know ahead of time how long these operations will take. SO I don't have a good value to set the MaxInactiveInterval to. 2) I need to design for my clients crashing or losing connectivity with me. So I can't use a negative value either (i.e. never expires). -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, November 23, 2010 4:08 PM To: Tomcat Users List Subject: Re: how to keep session alive on the server side -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 11/23/2010 1:46 PM, Caldarale, Charles R wrote: From: Aggarwal, Ajay [mailto:ajay.aggar...@stratus.com] Subject: how to keep session alive on the server side I have a situation where client enters a long duration request and I need to keep the session alive for the client while this long duration request is going on. Since this long duration request could be hours, I do not want to change the default HTTP session timeout value. Does the client provide any indication that it's about to enter the long duration state? If so, you can call HttpSession.setMaxInactiveInterval() for that particular session from whatever JSP, servlet, or filter receives the indication. +1 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzsLUQACgkQ9CaO5/Lv0PCJqQCggGYgrWMMXot0GcewwcenR1FM IzQAniHYsOs1iJfVMmn2T7vHoOnfk/N4 =0ZGB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to keep session alive on the server side
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ajay, On 11/23/2010 4:15 PM, Aggarwal, Ajay wrote: I am little reluctant to use HttpSession.setMaxInactiveInterval() for couple of reasons: 1) I don't know ahead of time how long these operations will take. So I don't have a good value to set the MaxInactiveInterval to. That will certainly be problematic. 2) I need to design for my clients crashing or losing connectivity with me. So I can't use a negative value either (i.e. never expires). That makes sense. Have you considered an asynchronous response model? Perhaps a single HTTP request-response isn't the best way to implement your service. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzsM6YACgkQ9CaO5/Lv0PAJvwCfRGloFQ8aTNSvwHjML8MTk9f/ fnwAn2ITyT6iACIaV3WaH3V4f+awX210 =770y -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Importing CERTIFICATE into Java Keystore
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Uma, Please keep posts on the list for the benefit of the community. On 11/22/2010 7:31 PM, uma ravi wrote: I am trying to import the certificate and did the same as you did but still go the same error.My test connection on IDm is not working.I saw your post (year back) that you got it working.Can you please send me the steps to get rid of this problem.It would be really helpful Please tell me what file(s) you have and what you are trying to achieve. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzsNCgACgkQ9CaO5/Lv0PBkoQCgwLUMIxjxHbgCm9LN4SrwlYRT jQEAn2fM9lRpqFicvVcFpZXAe+5Pb/GO =Pw1N -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Several hosts within one tomcat / catch-all problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Konstantin, On 11/19/2010 11:59 AM, Konstantin Kolinko wrote: 2010/11/19 Steffen Heil li...@steffen-heil.de: Hi We have a web application which usually runs on a certain host all alone - it is the only context for that host. However, it allows to use different hostnames and therefore we use aliases in our server.xml per host. Now more and more users of those application want to use more subdomains and we have lots of trouble keeping the server.xml updates with all those hostnames. It would be a huge advantage to be able to tell tomcat to use all subdomains of a given domain in one step. Such as Alias*.domain.tdl/Alias I like it. Perhaps I don't understand, but I agree with Pid's suggestion: just use defaultHost -- that's what it's for, right? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzsNQ8ACgkQ9CaO5/Lv0PBHLACdHpOI/NY4k8ttCYJq9bezk/Ji CFgAn1FVvTxhDFYmUEFACRMG2Lw8WlJj =ak33 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Server affinity instead of session affinity
I'm reading about domain directive in worker properties. I can setup different workers to be in the same domain (p.e. a machine) and have domain affinity. Do you have some idea how it really works? Thanks On Tue, Nov 23, 2010 at 9:01 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 11/23/2010 10:27 AM, André Warnier wrote: With the configuration below and your explanations, I suppose that there is some kind of load-balancing going on between the two machines. What is used at the front-end to load-balance ? An idea (for the moment vague) would be to use some intelligent front-end, which would decide (maybe as Mark wrote, in function of the client IP address) to start chanelling one client to either machine 1 or machine 2 - and within it to Tomcat A,B,C or D - , set a cookie, and use this cookie later to keep sending the same client to the same back-end machine. Kind of a session on top of a session.. I believe there was a presentation at ApacheCon where someone presented something like this. I didn't attend, but I heard that a relatively simply use of httpd's mod_headers was used to essentially synthesize sticky sessions. The same technique could be applied to do a sort of server stickiness: 1. Check the request for a SERVER_AFFINITY cookie 2. If none exists, choose a server however you like and set SERVER_AFFINITY=A/B or D/C 3. Given a server affinity, send the request to a specific back-end server. Note that #3 can be achieved by simply choosing an AJP worker that is not a load-balancer. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzsK6kACgkQ9CaO5/Lv0PCZWACgwBnHTtm61U3tRM1QXP1w+Tdp EOQAn0YPzA8SVbO589e+V++qS8fS2cIl =Hh7E -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Server affinity instead of session affinity
And regarding your question; ~Why can you not run all apps within one single JVM/Tomcat ? Because we have a lot of web applications and we are using 32-bit JVM. Thanks a lot On Tue, Nov 23, 2010 at 10:59 PM, Andrew Hole andremailingl...@gmail.comwrote: I'm reading about domain directive in worker properties. I can setup different workers to be in the same domain (p.e. a machine) and have domain affinity. Do you have some idea how it really works? Thanks On Tue, Nov 23, 2010 at 9:01 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 11/23/2010 10:27 AM, André Warnier wrote: With the configuration below and your explanations, I suppose that there is some kind of load-balancing going on between the two machines. What is used at the front-end to load-balance ? An idea (for the moment vague) would be to use some intelligent front-end, which would decide (maybe as Mark wrote, in function of the client IP address) to start chanelling one client to either machine 1 or machine 2 - and within it to Tomcat A,B,C or D - , set a cookie, and use this cookie later to keep sending the same client to the same back-end machine. Kind of a session on top of a session.. I believe there was a presentation at ApacheCon where someone presented something like this. I didn't attend, but I heard that a relatively simply use of httpd's mod_headers was used to essentially synthesize sticky sessions. The same technique could be applied to do a sort of server stickiness: 1. Check the request for a SERVER_AFFINITY cookie 2. If none exists, choose a server however you like and set SERVER_AFFINITY=A/B or D/C 3. Given a server affinity, send the request to a specific back-end server. Note that #3 can be achieved by simply choosing an AJP worker that is not a load-balancer. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkzsK6kACgkQ9CaO5/Lv0PCZWACgwBnHTtm61U3tRM1QXP1w+Tdp EOQAn0YPzA8SVbO589e+V++qS8fS2cIl =Hh7E -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Server affinity instead of session affinity
Andrew Hole wrote: I'm reading about domain directive in worker properties. I can setup different workers to be in the same domain (p.e. a machine) and have domain affinity. Do you have some idea how it really works? No, but it kind of sounds like what you want to achieve, doesn't it ? You could try it, and see how it goes. It sounds like you would need to add one directive to each worker, like worker.tomcatA.domain=machine1 worker.tomcatB.domain=machine1 worker.tomcatC.domain=machine2 worker.tomcatD.domain=machine2 and it would then balance between machine1 and machine2, instead of between the workers themselves. But it also sounds like tomcatA and tomcatB would have to be configured as a cluster, and have some provision to share and replicate sessions between them. That may be more work than you're aiming for. (I'm not sure, just guessing). So you do have an Apache in front with mod_jk then ? Does this Apache do anything else than load-balancing the back-end Tomcats ? And about your JVM's being 32-bit : any reason why that has to remain so ? Are the machines themselves only 32-bit physically ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: clearThreadLocalMap and NullPointerException
On Nov 23, 2010, at 2:24 AM, Mark Thomas wrote:
On 23/11/2010 02:19, Blair Zajac wrote:
Any suggestions in tracking this down? Would a custom Tomcat build that
gets each key and value in a try/catch block be useful?
Almost certainly. As far as I can tell there is a collections object in
a thread local that is non-null yet returns null for a call to
iterator(). That seems wrong to me.
The root cause could be a bug in the collection class or it might be a
side-effect of multiple threads accessing a non-thread-safe collection.
Putting the value.toString() calls inside try-catches should make it
more robust. I'll do that for 7.0.x and propose it for 6.0.x.
Do let us know what the problem was when you find it.
I got the type of object by logging the class of the object, it's a
com.sun.jna.Structure$2.StructureSet. I'm using JNA 3.2.7 in my app.
Nov 23, 2010 4:42:51 PM org.apache.catalina.loader.WebappClassLoader
clearThreadLocalMap
SEVERE: Calling toString on a com.sun.jna.Structure$2.StructureSet threw a
NullPointerException.
java.lang.NullPointerException
at java.util.AbstractCollection.toString(AbstractCollection.java:415)
at
org.apache.catalina.loader.WebappClassLoader.clearThreadLocalMap(WebappClassLoader.java:2380)
at
org.apache.catalina.loader.WebappClassLoader.clearReferencesThreadLocals(WebappClassLoader.java:2304)
at
org.apache.catalina.loader.WebappClassLoader.clearReferences(WebappClassLoader.java:1886)
at
org.apache.catalina.loader.WebappClassLoader.stop(WebappClassLoader.java:1798)
at org.apache.catalina.loader.WebappLoader.stop(WebappLoader.java:738)
at
org.apache.catalina.core.StandardContext.stop(StandardContext.java:4812)
at
org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:924)
at
org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:1319)
at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:1290)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:323)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1086)
at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1098)
at org.apache.catalina.core.StandardEngine.stop(StandardEngine.java:450)
at
org.apache.catalina.core.StandardService.stop(StandardService.java:587)
at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
at org.apache.catalina.startup.Catalina.stop(Catalina.java:648)
at org.apache.catalina.startup.Catalina.start(Catalina.java:615)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Nov 23, 2010 4:42:51 PM org.apache.catalina.loader.WebappClassLoader
clearThreadLocalMap
SEVERE: The web application [/foobar] created a ThreadLocal with key of type
[com.sun.jna.Structure$2] (value [com.sun.jna.structur...@2e4f7bc2]) and a
value of type [com.sun.jna.Structure$2.StructureSet] (value [null]) but failed
to remove it when the web application was stopped. This is very likely to
create a memory leak.
Nov 23, 2010 4:42:51 PM org.apache.catalina.loader.WebappClassLoader
clearThreadLocalMap
SEVERE: The web application [/foobar] created a ThreadLocal with key of type
[com.sun.jna.Native$3] (value [com.sun.jna.nativ...@6446154e]) and a value of
type [java.lang.Integer] (value [2]) but failed to remove it when the web
application was stopped. This is very likely to create a memory leak.
Does JNA provide its own clean up methods that I could run at shutdown? I
haven't looked yet to see.
BTW, there's code in this section:
if (value != null) {
args[3] = value.getClass().getCanonicalName();
args[4] = value.toString();
}
if (value == null) {
if (log.isDebugEnabled()) {
log.debug(sm.getString(
webappClassLoader.clearThreadLocalDebug,
args));
if (clearReferencesThreadLocals) {
log.debug(sm.getString(
webappClassLoader.clearThreadLocalDebugClear));
}
}
Re: [ANN] New Tomcat committer: Christopher Schultz (schultz)
2010/11/23 Mark Thomas ma...@apache.org: On behalf of the Tomcat committers I am pleased to announce that Christopher Schultz (schultz) has been voted in as a new Tomcat committer. Please join me in welcoming him. Congratulations! -- Keiichi.Fujino - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] New Tomcat committer: Christopher Schultz (schultz)
Congrats Chris. On Nov 23, 2010 7:01 PM, Keiichi Fujino kfuj...@apache.org wrote: 2010/11/23 Mark Thomas ma...@apache.org: On behalf of the Tomcat committers I am pleased to announce that Christopher Schultz (schultz) has been voted in as a new Tomcat committer. Please join me in welcoming him. Congratulations! -- Keiichi.Fujino - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: clearThreadLocalMap and NullPointerException
On Nov 23, 2010, at 4:49 PM, Blair Zajac wrote: On Nov 23, 2010, at 2:24 AM, Mark Thomas wrote: On 23/11/2010 02:19, Blair Zajac wrote: Any suggestions in tracking this down? Would a custom Tomcat build that gets each key and value in a try/catch block be useful? Almost certainly. As far as I can tell there is a collections object in a thread local that is non-null yet returns null for a call to iterator(). That seems wrong to me. The root cause could be a bug in the collection class or it might be a side-effect of multiple threads accessing a non-thread-safe collection. Putting the value.toString() calls inside try-catches should make it more robust. I'll do that for 7.0.x and propose it for 6.0.x. Do let us know what the problem was when you find it. Does JNA provide its own clean up methods that I could run at shutdown? I haven't looked yet to see. I found the cause, it's an issue with JNA, they should be providing a real iterator() implementation, not one that just returns null. Not that they expected anyone to call toString() on it. http://article.gmane.org/gmane.comp.java.jna.user/4347 I guess it's up to you if you want to handle a case like this. I could see other projects not bothering to provide real implementations of things if they don't expect anything to go looking into their internals. Blair - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SSL No Certificate file specified or invalid file format
Hi All,
When I want to config SSL in Tomcat: apache-tomcat-7.0.4 in windows XP,
there is some error below , anyone can tell me what is the problem?
step 1:
I generate client /server java key store by code as follow:
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import org.bouncycastle.jce.provider.asymmetric.ec.KeyPairGenerator;
import org.bouncycastle.x509.X509V3CertificateGenerator;
/**
*
* Tomcat HTTPS client/server key Certificate generator
*
*/
public class TomcatKey {
//Client Certificate
static String TRUST_STORE_NAME = client;
static char[] TRUST_STORE_PASSWORD = test.toCharArray();
//Server Certificate
static String SERVER_NAME = server;
static char[] SERVER_PASSWORD = test.toCharArray();
static String SERVER_HOST = localhost;
/**
* @param args
*/
public static void main(String[] args) {
try {
// trustsotre, my root certificate
KeyStore store = KeyStore.getInstance(JKS);
// initialize
store.load(null, null);
KeyPair rootPair = generateKeyPair();
X500PrivateCredential rootCredential = createRootCredential(rootPair);
store.setCertificateEntry(TRUST_STORE_NAME, rootCredential
.getCertificate());
store.store(new FileOutputStream(TRUST_STORE_NAME + .keystore),
TRUST_STORE_PASSWORD);
// server credentials
store = KeyStore.getInstance(JKS);
store.load(null, null);
store.setKeyEntry(SERVER_NAME, rootCredential.getPrivateKey(),
SERVER_PASSWORD, new Certificate[] { rootCredential
.getCertificate() });
store.store(new FileOutputStream(SERVER_NAME + .keystore),
SERVER_PASSWORD);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchProviderException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
}
//generate Key Pair
public static KeyPair generateKeyPair() throws NoSuchAlgorithmException,
NoSuchProviderException {
// create the keys
java.security.KeyPairGenerator generator =
KeyPairGenerator.getInstance(RSA);
generator.initialize(1024, new SecureRandom());
return generator.generateKeyPair();
}
//generate certificate
public static X500PrivateCredential createRootCredential(KeyPair rootPair)
throws Exception {
X509Certificate rootCert = generateX509V3RootCertificate(rootPair);
return new X500PrivateCredential(rootCert, rootPair.getPrivate());
}
public static X509Certificate generateX509V3RootCertificate(KeyPair
pair)throws NoSuchAlgorithmException,
NoSuchProviderException, CertificateEncodingException, InvalidKeyException,
IllegalStateException, SignatureException {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal(CN= + SERVER_HOST+ , OU=GoldenSF,
O=SHA, C=cn));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 5000L));
certGen.setSubjectDN(new X500Principal(CN= + SERVER_HOST+ ,
OU=GoldenSF, O=SHA, C=cn));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm(SHA1WithRSA);
certGen.setNotAfter(new Date(System.currentTimeMillis() +
Integer.MAX_VALUE));
return certGen.generate(pair.getPrivate(), new SecureRandom());
}
}
step2:
put the files in apache-tomcat-7.0.4/conf : client.keystore, and
server.keystore
step3:
then update server.xml as follow:
?xml version='1.0' encoding='utf-8'?
Server port=8005 shutdown=SHUTDOWN
Listener className=org.apache.catalina.core.AprLifecycleListener
SSLEngine=on /
Listener className=org.apache.catalina.core.JasperListener /
Listener
className=org.apache.catalina.core.JreMemoryLeakPreventionListener /
Listener
className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener /
GlobalNamingResources
Resource name=UserDatabase auth=Container
type=org.apache.catalina.UserDatabase
description=User database that can be updated and saved
factory=org.apache.catalina.users.MemoryUserDatabaseFactory
pathname=conf/tomcat-users.xml /
/GlobalNamingResources
Service name=Catalina
Connector port=443 SSLEnabled=true
maxThreads=150 scheme=https secure=true
clientAuth=false sslProtocol=TLS
protocol=org.apache.coyote.http11.Http11AprProtocol
keystoreFile=conf/server.keystore keystorePass=test
truststoreFile =conf/client.keystore truststorePass=test/
Connector
Re: SSL No Certificate file specified or invalid file format
2010/11/24 Scott Li scott...@gwghk.com: 信息: Loaded APR based Apache Tomcat Native library 1.1.20. 010-11-24 9:36:38 org.apache.catalina.core.AprLifecycleListener init 信息: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 010-11-24 9:36:38 org.apache.coyote.http11.Http11AprProtocol init As mentioned in the docs, there are two SSL implementations that can be used by Tomcat: - one provided by Java runtime, - another provided by OpenSSL library (called through APR/Tomcat-Native). Their configurations are very different. The above log fragment shows that you are using the APR one. To configure it correctly: see docs. To disable it: a) remove bin\tcnative-1.dll b) remove Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / line from server.xml. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL No Certificate file specified or invalid file format
It works, Thank you very much Konstantin Kolinko! I disabled APR by following these steps: a) remove bin\tcnative-1.dll b) remove Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / line from server.xml. c) remove 'protocol=http11.Http11AprProtocol' from server.xml's Connector , changed as follow: Connector port=443 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=conf/server.keystore keystorePass=test truststoreFile =conf/client.keystore truststorePass=test/ then https://localhost/ can open. and my question is what is the configurations with OpenSSL library (called through APR/Tomcat-Native). I have read the http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#SSL_and_Tomcat but it seems not have the configurations of APR, Can you give me the docs link you metioned? or send to my email: sc...@222m.net, Thanks! 在 2010年11月24日 上午9:54,Konstantin Kolinko knst.koli...@gmail.com写道: 2010/11/24 Scott Li scott...@gwghk.com: 信息: Loaded APR based Apache Tomcat Native library 1.1.20. 010-11-24 9:36:38 org.apache.catalina.core.AprLifecycleListener init 信息: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true]. 010-11-24 9:36:38 org.apache.coyote.http11.Http11AprProtocol init As mentioned in the docs, there are two SSL implementations that can be used by Tomcat: - one provided by Java runtime, - another provided by OpenSSL library (called through APR/Tomcat-Native). Their configurations are very different. The above log fragment shows that you are using the APR one. To configure it correctly: see docs. To disable it: a) remove bin\tcnative-1.dll b) remove Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / line from server.xml. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Thanks Regards, Scott Li
Re: SSL No Certificate file specified or invalid file format
2010/11/24 Scott Li scott...@gwghk.com: It works, Thank you very much Konstantin Kolinko! I disabled APR by following these steps: a) remove bin\tcnative-1.dll b) remove Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / line from server.xml. c) remove 'protocol=http11.Http11AprProtocol' from server.xml's Connector , changed as follow: Connector port=443 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=conf/server.keystore keystorePass=test truststoreFile =conf/client.keystore truststorePass=test/ then https://localhost/ can open. and my question is what is the configurations with OpenSSL library (called through APR/Tomcat-Native). I have read the http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#SSL_and_Tomcat but it seems not have the configurations of APR, Can you give me the docs link you metioned? http://tomcat.apache.org/tomcat-7.0-doc/config/http.html#SSL_Support Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
the memory puzzle me....
hi; I oberved the heap of the jvm which runs tomcat without deploying any webapp. and it's some kind like this /|/|/|/|/|/| when the used heap goes up, there is a memory use of the heap, maybe allocation for the new class instances, and when it goes down , there is a gc, am I right? but I didn't deploy any app on the tomcat. I'm just wondering what is using the memory? best regards
RE: the memory puzzle me....
From: xu cheng [mailto:xcheng@gmail.com] Subject: the memory puzzle me I oberved the heap of the jvm which runs tomcat without deploying any webapp. and it's some kind like this /|/|/|/|/|/| That's called a sawtooth pattern, and is what you should be seeing. when the used heap goes up, there is a memory use of the heap, maybe allocation for the new class instances, and when it goes down , there is a gc, am I right? Yes; the GC you're seeing is very likely what's called a minor GC, which cleans out only the young generation, which is where nearly all objects are created and the vast majority die. A major GC will process not only the young generation, but also the tenured (old) and so-called permanent ones. (Note that most things in the perm gen space are not actually permanent, and not necessarily even long-lived.) but I didn't deploy any app on the tomcat. I'm just wondering what is using the memory? Tomcat has numerous background threads doing such things as waiting for connections from clients, checking for webapp deployments, monitoring changes to deployed webapps, etc. All of these are creating a few objects for very short periods, over and over. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: the memory puzzle me....
thanks, by the way, the permanent generation is also collected by major gc? and what will trigger a gc in the permanent generation best regards 2010/11/24 Caldarale, Charles R chuck.caldar...@unisys.com From: xu cheng [mailto:xcheng@gmail.com] Subject: the memory puzzle me I oberved the heap of the jvm which runs tomcat without deploying any webapp. and it's some kind like this /|/|/|/|/|/| That's called a sawtooth pattern, and is what you should be seeing. when the used heap goes up, there is a memory use of the heap, maybe allocation for the new class instances, and when it goes down , there is a gc, am I right? Yes; the GC you're seeing is very likely what's called a minor GC, which cleans out only the young generation, which is where nearly all objects are created and the vast majority die. A major GC will process not only the young generation, but also the tenured (old) and so-called permanent ones. (Note that most things in the perm gen space are not actually permanent, and not necessarily even long-lived.) but I didn't deploy any app on the tomcat. I'm just wondering what is using the memory? Tomcat has numerous background threads doing such things as waiting for connections from clients, checking for webapp deployments, monitoring changes to deployed webapps, etc. All of these are creating a few objects for very short periods, over and over. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: the memory puzzle me....
From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: the memory puzzle me the permanent generation is also collected by major gc? Correct. what will trigger a gc in the permanent generation When either the tenured or the permanent generation is full, someone calls System.gc(), or you click the Perform GC button in JConsole (or its equivalent in other profilers). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: the memory puzzle me....
thanks very much you help me alog by the way, do you know *any tool that can monitor the permanent generation*, such what's now resident in the perm gen? I know that in the linux the jmap -permheap pid will display something, like this class_loaderclassesbytesparent_loaderalive?type bootstrap11874691664 null liveinternal 0x84747550118080x846017d8dead sun/reflect/delegatingclassloa...@0x937f35f8 0x84685ee0118000x846017d8dead sun/reflect/delegatingclassloa...@0x937f35f8 0x84686030117920x846017d8dead sun/reflect/delegatingclassloa...@0x937f35f8 0x84686210117920x846017d8dead sun/reflect/delegatingclassloa...@0x937f35f8 it seems useless for me actually (I 'm new learning about this) cos the permanent gen occupy about 20MB and jmap list about 10 live class with 30 dead ones, I was confused with this I used some other profiler tools but they just show* how much* perm gen was used, but not *what they are used for* thanks best regards 2010/11/24 Caldarale, Charles R chuck.caldar...@unisys.com From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: the memory puzzle me the permanent generation is also collected by major gc? Correct. what will trigger a gc in the permanent generation When either the tenured or the permanent generation is full, someone calls System.gc(), or you click the Perform GC button in JConsole (or its equivalent in other profilers). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: the memory puzzle me....
From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: the memory puzzle me by the way, do you know *any tool that can monitor the permanent generation*, such what's now resident in the perm gen? I presume you mean on Windows, since you already found one for Linux. I suspect the more sophisticated profilers like YourKit will do it, but I'm not sure. Others on the list use YourKit regularly, so they might be able to be more definitive when they wake up in an hour or two. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: the memory puzzle me....
thanks!!! you really help me a lot! someone knows how to figure out how much permanent gen my vm is using? 2010/11/24 Caldarale, Charles R chuck.caldar...@unisys.com From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: the memory puzzle me by the way, do you know *any tool that can monitor the permanent generation*, such what's now resident in the perm gen? I presume you mean on Windows, since you already found one for Linux. I suspect the more sophisticated profilers like YourKit will do it, but I'm not sure. Others on the list use YourKit regularly, so they might be able to be more definitive when they wake up in an hour or two. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: the memory puzzle me....
I got it jmap -heap will print many things 2010/11/24 xu cheng xcheng@gmail.com thanks!!! you really help me a lot! someone knows how to figure out how much permanent gen my vm is using? 2010/11/24 Caldarale, Charles R chuck.caldar...@unisys.com From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: the memory puzzle me by the way, do you know *any tool that can monitor the permanent generation*, such what's now resident in the perm gen? I presume you mean on Windows, since you already found one for Linux. I suspect the more sophisticated profilers like YourKit will do it, but I'm not sure. Others on the list use YourKit regularly, so they might be able to be more definitive when they wake up in an hour or two. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: the memory puzzle me....
You should check out jvisualvm which comes with any recent HotSpot JVM. I don't have a copy available on the laptop I'm on right now, but by looking at the screenshots, it looks like it shows the permanent generation: http://wiki.oracle.com/page/How+to+use+JConsole,+JVisualVM+or+VisualVM+with+Oracle+Application+Server Blair On Nov 23, 2010, at 9:54 PM, xu cheng wrote: thanks!!! you really help me a lot! someone knows how to figure out how much permanent gen my vm is using? 2010/11/24 Caldarale, Charles R chuck.caldar...@unisys.com From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: the memory puzzle me by the way, do you know *any tool that can monitor the permanent generation*, such what's now resident in the perm gen? I presume you mean on Windows, since you already found one for Linux. I suspect the more sophisticated profilers like YourKit will do it, but I'm not sure. Others on the list use YourKit regularly, so they might be able to be more definitive when they wake up in an hour or two. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Server affinity instead of session affinity
On Tue, Nov 23, 2010 at 10:01 PM, Christopher Schultz
ch...@christopherschultz.net wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
André,
On 11/23/2010 10:27 AM, André Warnier wrote:
With the configuration below and your explanations, I suppose that there
is some kind of load-balancing going on between the two machines.
What is used at the front-end to load-balance ?
An idea (for the moment vague) would be to use some intelligent
front-end, which would decide (maybe as Mark wrote, in function of the
client IP address) to start chanelling one client to either machine 1 or
machine 2 - and within it to Tomcat A,B,C or D - , set a cookie, and use
this cookie later to keep sending the same client to the same back-end
machine.
Kind of a session on top of a session..
I believe there was a presentation at ApacheCon where someone presented
something like this. I didn't attend, but I heard that a relatively
simply use of httpd's mod_headers was used to essentially synthesize
sticky sessions.
The same technique could be applied to do a sort of server stickiness:
1. Check the request for a SERVER_AFFINITY cookie
2. If none exists, choose a server however you like and set
SERVER_AFFINITY=A/B or D/C
3. Given a server affinity, send the request to a specific back-end
server.
Note that #3 can be achieved by simply choosing an AJP worker that is
not a load-balancer.
I guess you mean that:
Header add Set-Cookie ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/
env=BALANCER_ROUTE_CHANGED
Proxy balancer://mycluster
BalancerMember http://192.168.1.50:80 route=1
BalancerMember http://192.168.1.51:80 route=2
ProxySet stickysession=ROUTEID
/Proxy
ProxyPass /test balancer://mycluster
From http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html.
Thats working quite good even for not Apache backends like IIS. (To make
basic client affinity possible)
Maybe this could be used to stick the whole Client to one backend by the
first request?
If there is an entry context to set this cookie, it should be possible to
stick the client to the backend for the following contexts - maybe.
Mario
--
http://www.n0r1sk.com
Re: the memory puzzle me....
hi: thanks for replying the jvisualvm does show the capacity and the used of the perm gen that the vm use *currently* but not the size of the vm* configuration*: PermSize and MaxPermSize in my opinion , the MaxPermSize is the size that the perm gen is *allowed to expand to*, and the PermSize is the size that allocated when the vm*initially *started. and the capacity is the size that allocated to the vm* currently*. am I right? thanks by the way, I connect to a server remotely , there is only character interface for me best regards 2010/11/24 Blair Zajac bl...@orcaware.com You should check out jvisualvm which comes with any recent HotSpot JVM. I don't have a copy available on the laptop I'm on right now, but by looking at the screenshots, it looks like it shows the permanent generation: http://wiki.oracle.com/page/How+to+use+JConsole,+JVisualVM+or+VisualVM+with+Oracle+Application+Server Blair On Nov 23, 2010, at 9:54 PM, xu cheng wrote: thanks!!! you really help me a lot! someone knows how to figure out how much permanent gen my vm is using? 2010/11/24 Caldarale, Charles R chuck.caldar...@unisys.com From: xu cheng [mailto:xcheng@gmail.com] Subject: Re: the memory puzzle me by the way, do you know *any tool that can monitor the permanent generation*, such what's now resident in the perm gen? I presume you mean on Windows, since you already found one for Linux. I suspect the more sophisticated profilers like YourKit will do it, but I'm not sure. Others on the list use YourKit regularly, so they might be able to be more definitive when they wake up in an hour or two. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Unable to find WEB INF
Hello i am new to tomcat i deployed my application by copy it into webapps folder in tomcat now i have to make some change in index file but unable to find that directory with application name where is it located ??? thanks
Re: [ANN] New Tomcat committer: Christopher Schultz (schultz)
Welcome aboard. tim On Tue, Nov 23, 2010 at 8:16 AM, Mark Thomas ma...@apache.org wrote: On behalf of the Tomcat committers I am pleased to announce that Christopher Schultz (schultz) has been voted in as a new Tomcat committer. Please join me in welcoming him. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
