how to configure ProxyPass for tomcat for app which generates url at root /
I basically have 2 applications http://sakai.openitup.in http://olat.openitup.in we wanted both of these to be accessible as http://research.openitup.in/sakai http://research.openitup.in/olat and a website http://reserach.openitup.in which is separate from both of these but what I found was if I proxy root of these apps (sakai and olat) using a different URL then things work. i.e. vhost for sakai.openitup.in ServerName sakai.openitup.in ProxyPass / ajp://192.168.1.14:8009/ ProxyPassReverse / ajp://192.168.1.14:8009/ and for olat another vhost ServerName olat.openitup.in ProxyPass / ajp://192.168.1.15:8009/ ProxyPassReverse / ajp://192.168.1.15:8009/ then things work. But if I use in the vhost research.openitup.in ServerName research.openitup.in ProxyPass /sakai ajp://192.168.1.14:8009/ ProxyPassReverse /sakai ajp://192.168.1.14:8009/ ProxyPass /olat ajp://192.168.1.15:8009/ ProxyPassReverse /olat ajp://192.168.1.15:8009/ ProxyPass / http://192.168.1.14 ProxyPassReverse / http://192.168.1.14 in the vhost of research.openitup.in then http://research.openitup.in/sakai http://research.openitup.in/olat are not accessible. If you notice I have forwarded root of research.openitup.in to an internal machine. Which is where it actually is so ProxyPass / for research.openitup.in is needed. So in this situation what can be a possible solution for me so that I can access http://research.openitup.in/sakai and not http://sakai.openitup.in and same for olat http://research.openitup.in/olat and not http://olat.openitup.in Let me know if some one has some suggestion for this part. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Performance Tuning Tomcat 7...
Hi Mark, I setup a simple servlet with no code in the doGet() method running in Tomcat 7.0.8 and using jvm 1.6.22 and using httpclient from apache commons lib and I am lucky to get 2.8msec per request as measured at the client. I am thinking the commons httpclient is slow itself. So what did you use for the client side? Also, I looked at the test results someone ran using Apache httpclient and they took the total number of requests and the time it took to run and came out with an absurd number because the response times were much longer than the number they calaculated. I could do the same thing by say taking 100 requests that ran in parallel and took 100msec each and divide by 100 and say it took 1msec per request but that is not what the user would see. Just interesting how people can twist statistics. -Tony - Original Message From: Mark Thomas To: Tomcat Users List Sent: Sat, February 12, 2011 11:45:29 AM Subject: Re: Performance Tuning Tomcat 7... On 12/02/2011 18:27, Tony Anecito wrote: > Right now for most of my transactions I get less than 5 microseconds and > around > > 1.2msec is spent on getting to and out of Tomcat and out of to/out of the >client > > call. > > So people were saying look at better parsers or replacing whatever does the > parsing. > > I am measuring round trip time at the client (before and after the jersey > call) > > and getting to 1.47msec. At Tomcat it is less than 5microseconds at the > beginning of the method the GET goes to the end of the method so the code is > very fast. > > So I am thinking whatever parses the cmd and puts together the html response > after the end of the method is where I should focus. Testing Tomcat on localhost with a simple servlet using my 3 year old laptop I can process around 20,000 requests a second on a single connection which is around 50 microseconds per request. That includes server and client processing. Looking at all these numbers suggests that there is a lot of additional overhead somewhere in your system. Based on past experience, guessing where that overhead might be is a waste of time. You need to use a profiler to track it down. I usually use Yourkit since they give free copies to the Tomcat committers for use with Tomcat development. Other profilers are available. Pick the one that works best for you. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to set auto redirection in tomcat
On Thu, Feb 24, 2011 at 4:41 AM, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > James, > > On 2/23/2011 5:16 PM, James Godrej wrote: >> - Original Message >> From: "Caldarale, Charles R" >> To: Tomcat Users List >> Sent: Thu, 24 February, 2011 3:01:01 AM >> Subject: RE: how to set auto redirection in tomcat >> >>> From: James Godrej [mailto:jamesgod...@yahoo.in] >>> Subject: how to set auto redirection in tomcat >> >>> I am using mod_ajp as a front end >> >>> Why? What purpose is it serving? >>> If it's not doing anything useful (e.g., handling PHP), you should simplify >>>your >>> life and remove it. >> >> I am running at least 20 other websites and 2 of them use mod_proxy_ajp >> each of these is hosted on some machine internally on lan. >> >>> How ever I have an application running on it >>> http://social.openitup.in/olat >>> what I want to do is when some one opens >>> http://social.openitup.in >> >>> Remove the existing ROOT application, and rename yours to ROOT. >> >> No this did not worked I tried. > > Did you name it "ROOT", or did you name it "root" (or "Root" or "rOOt" > or "rooT")? Case matters, even on win32. > > You might have to restart Tomcat after doing that. > > Using "ROOT" as the webapp name definitely works. People do it all the > time... > Yes renaming to ROOT worked.Thanks Christopher. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] Memory Leak in Tomcat
> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, February 23, 2011 10:11 AM > To: Tomcat Users List > Subject: Re: [OT] Memory Leak in Tomcat > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > הילה, > > On 2/23/2011 10:51 AM, הילה - צוות אגורה wrote: > > the user that runs the tomcat service is a domain user, but I specify > the > > user name and password of this user under "log on" tab on the service > > properties. > > it's not a problem since the password is encrypted, but in the xml > file it's > > in clear text. > > It's a good thing those credentials don't need to be decrypted in order > to be used. Congratulations: you've covered your ass. > Not sure exactly what Windows does once you've entered a verified user/pw combination for a service. I'm guessing that it stores the password somehow, because if you change the password, the service won't start next time. However, this is a "nice" (?) feature of using SQL Server. Already validated user credentials can be passed by the OS to SQL Server to be validated for database logon. It's their version of SSO for the database. (Note: I don't find it an overwhelming advantage for determining to use that specific database software.) __ Confidentiality Notice: This Transmission (including any attachments) may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this transmission in error, please immediately reply to the sender or telephone (512) 343-9100 and delete this transmission from your system.
Re: Issue with oralce drive under tomcat 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 2/22/2011 9:24 PM, Caldarale, Charles R wrote: >> From: robert.jen...@surecomp.com [mailto:robert.jen...@surecomp.com] >> Subject: Issue with oralce drive under tomcat 7 > >> Caused by: java.lang.ClassCastException: >> oracle.jdbc.driver.OracleResultSetMetaData >> cannot be cast to oracle.jdbc.OracleResultSetMetaData > > This is frequently caused by having the JDBC driver jar in more than one > location. If you're using Tomcat's DBCP capability, the jar must be in > Tomcat's lib directory - only. If you're doing your own connection pooling > (or none at all), the jar should be in the webapp's WEB-INF/lib directory - > only. Make sure the jar is not also in some other location, such as jre/lib, > or the endorsed directory. Odd that the class names are different... and that your suggestion worked. Copy/paste error? Robert, may I ask why you were casting to an Oracle-specific interface in the first place? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1llP8ACgkQ9CaO5/Lv0PAE0wCcCP0Bbq0GmdDJBeOG3Z6ksPoP dHEAnj01yUcjYwrHqXYqo6RlZP3PQhwM =vi8b -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Upgrading from Tomcat 6.0.29 to 7.0.8 - TLD Scanned Location Problem
Thanks - a custom JarScanner did the trick. I'll do the bugzilla submission soon too. -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Wednesday, February 23, 2011 3:04 PM To: Tomcat Users List Subject: Re: Upgrading from Tomcat 6.0.29 to 7.0.8 - TLD Scanned Location Problem On 23/02/2011 19:13, Scott Hamilton wrote: > Looks like the TldConfig class changed significantly between these versions > such that now TLDs that are under WEB-INF/classes (e.g. > WEB-INF/classes/META-INF) are no longer scanned/processed. > > This is an issue for us in development as some of our MyEclipse projects are > TLD library projects that in production will be in JARs in the WEB-INF/lib > but in development get exploded into WEB-INF/classes. In 6.0.x this worked > fine for us; 7.0.8 has removed this "feature". > > I realize that the reasoning behind this was to be more spec-compliant. Actually, the reasoning was: a) make TLD scanning consistent between Catalina & Jasper b) provide the extension points required by the Virgo project for OSGI RFC66 > My question is whether there is a Tomcat work-around to this to facilitate > our development environment? I've been poking around the TC source code and > as yet see no way to do this. I was even thinking of extending TldConfig to > use a subclass as a lifecycle listener (turning off the context processTlds) > but (as far as I've looked at this approach) the methods I'd want to override > or call in TldConfig are private. :( > > Any ideas? See http://tomcat.apache.org/tomcat-7.0-doc/config/jar-scanner.html Implementing your own JarScanner that additionally scans WEB-INF/classes should do the trick in the short-term. If you open a Bugzilla issue, I'll look into providing a configuration option that allows WEB-INF classes to be treated like an exploded JAR file. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to set auto redirection in tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James, On 2/23/2011 5:16 PM, James Godrej wrote: > - Original Message > From: "Caldarale, Charles R" > To: Tomcat Users List > Sent: Thu, 24 February, 2011 3:01:01 AM > Subject: RE: how to set auto redirection in tomcat > >> From: James Godrej [mailto:jamesgod...@yahoo.in] >> Subject: how to set auto redirection in tomcat > >> I am using mod_ajp as a front end > >> Why? What purpose is it serving? >> If it's not doing anything useful (e.g., handling PHP), you should simplify >> your >> life and remove it. > > I am running at least 20 other websites and 2 of them use mod_proxy_ajp > each of these is hosted on some machine internally on lan. > >> How ever I have an application running on it >> http://social.openitup.in/olat >> what I want to do is when some one opens >> http://social.openitup.in > >> Remove the existing ROOT application, and rename yours to ROOT. > > No this did not worked I tried. Did you name it "ROOT", or did you name it "root" (or "Root" or "rOOt" or "rooT")? Case matters, even on win32. You might have to restart Tomcat after doing that. Using "ROOT" as the webapp name definitely works. People do it all the time... - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1llD8ACgkQ9CaO5/Lv0PD0twCeK84xRWWUFC92plxV18I45ICe e7AAoI7AezKBuR47d2J3TuhLL0u/JgZ5 =CM7H -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP over ssl
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 2/23/2011 2:56 PM, André Warnier wrote: Personally, in such a case I would see the solution with an SSH or VPN tunnel as much simpler to put in place, and requiring much less "opening of ports". There's nothing that says that port 8009 has to be used for AJP: you can use HTTPS over port 8009 just as well. So, the congressional approval necessary will only need to cover the switch from mod_proxy_ajp to mod_proxy_http. I would think you'd have to get approval for any of these actions... why not just pick the one that makes the most sense and request permission to do that? My mistake. I thought, incorrectly, that the OP was using mod_jk as a connector right now, and the tunnel solution then looked simpler with respect to the (lack of) configuration changes required in that case. But if he is using mod_proxy_ajp now, then the situation is reversed. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server running website
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joel,
I'll try to hit all your replies at once, here.
On 2/23/2011 4:18 PM, Joel wrote:
>>> sackett-research-lab2b:~ joel$ sudo find /opt/Tomcat -type f -exec \
grep "function2.basiceng.umr.edu" "{}" \;
Oops: I forgot the "-l" switch on grep... it's not giving you any file
names :)
>>> Password:
>>> http://function2.basiceng.umr.edu/view";>
>>> // ">> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
>>> id + "\">"
>>> Binary file /opt/Tomcat/webapps/view/css/.nobar.css.swp matches
>>> http://function2.basiceng.umr.edu:8080/view/cgi-bin/test.cgi
>>> ">Test
>>> http://function2.basiceng.umr.edu/tst.cgi";>
>>> // ">> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
>>> id + "\">"
>>> Binary file /opt/Tomcat/webapps/view2/css/.nobar.css.swp matches
>>> Binary file /opt/Tomcat/work/Standalone/localhost/_/index_jsp.class
>>> matches
>>> out.write(">> http://function2.basiceng.umr.edu/view\";>\r\n");
>>> // ">> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
>>> id + "\">"
Got some hits, I see. What is the hostname of the server on which the
app is actually running, now? Either :80 or :8080 should work given the
configuration you've shown, so I suspect the hostname is the problem.
You can always try to configure an /etc/hosts setting for the above
hostname and set them to the IP address of the real host -- just for
testing, of course... it's not reasonable to have users modify their
hosts files just to use your webapp :)
This appears commented-out, but could be a problem.
>>> How could this be a problem if it is commented out?
Well, it's tough to tell if it's commented since there was no context.
Maybe there really was a "//" in the output. Besides, anywhere that text
occurs is a potential error in case it gets un-commented in the future.
>> Yeah, finally found the tools menu (not used to macs), but I still can't
>> see how to turn off friendly messages. All the options are different in the
>> mac version.
Hmm... does Wireshark have a Mac OS X build? You might try that if you
get desperate.
> So I was wondering if the website url in these files has anything to do with
> my problem
If the hostname of the server has changed (or you've moved the app,
which it sounds like you have), then it is /very/ likely to cause problems.
> and if so are all the java files present for all the class files
You'll have to check that out for yourself. How familiar are you with
Java in general? Each .class file comes from a .java file, though there
are some cases where the .java filename isn't obvious from the .class
file name (inner classes, anonymous classes, and other assorted fun stuff).
String constants are compiled-into the .class files without any
compression, so if you have a .java file with that text in it, you
should find it in the .java file that goes with it.
Web applications rarely come with any source files in them, though .jsp
files (which are compiled on the fly by the server) are always in
"source form". If the webapp is written properly, all UI-related stuff
will be in the .jsp files and not in any .java files.
> and if so how would I go about recompiling the java files?
That really depends on the build process of the webapp. Are there any
files like "build.xml" in the root directory of the webapp? Anything
else that might look like a build script? If you don't have any .java
files, you have nothing to compile, which would be convenient. If you do
have them and there are no build scripts, you might have to use "javac",
the command-line compiler, which is similar to the "cc" C compiler
except that it doesn't do any linking: just compiles .java -> .class.
> Binary file Tomcat/work/Standalone/localhost/_/index_jsp.class matches
These files are compiled .jsp files: you can ignore them and focus on
the source .jsp with a similar name. For instance, the file above should
have come from a file called "index.jsp".
There will also be a .java file laying around with a similar name. Oh,
there it is:
> Tomcat/work/Standalone/localhost/_/index_jsp.java: out.write(" http-equiv=\"Refresh\" content=\"0;url=
> http://function2.basiceng.umr.edu/view\";>\r\n");
Hope that helps,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1lk2UACgkQ9CaO5/Lv0PC4bQCdGuAMyj7V7V8wjkNpF+Zuc2Z0
WYcAoKsDd4+DaZlxYdoc5Qs1a+ZFHq9v
=nyyz
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Choosing the right worker
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dave, On 2/23/2011 3:32 PM, laredotornado wrote: > We're using 6.0.24, running on two servers. In our workers.properties file > on the web server, we have ... > > ===Begin workers.properties == > worker.lbroute.balance_workers=worker1,worker2 > > worker.worker1.type=ajp13 > worker.worker1.host=ip_addr1 > worker.worker1.port=8000 > worker.worker1.lbfactor=1 You might want to look into using worker templates: you can set all of this stuff for a single template worker and inherit them in the individual ones. Useful for a consistent configuration for all workers in a lb cluster. > worker.worker1.redirect=worker2 This should failover to worker2 if worker1 suffers an error, even though worker2 is set to disabled. The docs say as much: you can use this as a hot standby. You might want to look at the ping_mode, "good", "bad" settings, too. > How can I configure my workers.properties file so that if the index page of > our sites is throwing a 500 http status code, it will fail over to the other > worker? If your index page is being served by Tomcat/worker1, then this configuration should fail-over to worker2. Is that not what you are observing? If not, then please tell us what you are observing. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lkCsACgkQ9CaO5/Lv0PADywCfewAFL3/W5C7EVSL91NFxbBfA hNsAn34/DRp5KmNHJwb4P/b6co0bTRhq =pmf7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP over ssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 2/23/2011 2:56 PM, André Warnier wrote: > Personally, in such a case I would see the solution with an SSH or VPN > tunnel as much simpler to put in place, and requiring much less "opening > of ports". There's nothing that says that port 8009 has to be used for AJP: you can use HTTPS over port 8009 just as well. So, the congressional approval necessary will only need to cover the switch from mod_proxy_ajp to mod_proxy_http. I would think you'd have to get approval for any of these actions... why not just pick the one that makes the most sense and request permission to do that? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1ljckACgkQ9CaO5/Lv0PARLACgkGOVZh0D8OJZHJNmvwu6B+Nw FFoAoLo4sqBLLUtpKW58msMrofW1LlAs =32/2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: how to set auto redirection in tomcat
- Original Message From: "Caldarale, Charles R" To: Tomcat Users List Sent: Thu, 24 February, 2011 3:01:01 AM Subject: RE: how to set auto redirection in tomcat > From: James Godrej [mailto:jamesgod...@yahoo.in] > Subject: how to set auto redirection in tomcat > I am using mod_ajp as a front end >Why? What purpose is it serving? >If it's not doing anything useful (e.g., handling PHP), you should simplify >your >life and remove it. I am running at least 20 other websites and 2 of them use mod_proxy_ajp each of these is hosted on some machine internally on lan. > How ever I have an application running on it > http://social.openitup.in/olat > what I want to do is when some one opens > http://social.openitup.in >Remove the existing ROOT application, and rename yours to ROOT. No this did not worked I tried. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: how to set auto redirection in tomcat
> From: James Godrej [mailto:jamesgod...@yahoo.in] > Subject: how to set auto redirection in tomcat > I am using mod_ajp as a front end Why? What purpose is it serving? If it's not doing anything useful (e.g., handling PHP), you should simplify your life and remove it. > How ever I have an application running on it > http://social.openitup.in/olat > what I want to do is when some one opens > http://social.openitup.in Remove the existing ROOT application, and rename yours to ROOT. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: server running website
On Wed, Feb 23, 2011 at 3:26 PM, Joel wrote:
>
>
> On Wed, Feb 23, 2011 at 12:57 PM, Joel wrote:
>
>>
>>
>>
>> On Wed, Feb 23, 2011 at 11:08 AM, Christopher Schultz <
>> ch...@christopherschultz.net> wrote:
>>>
>>>
>>> Try this:
>>>
>>> sudo find /opt/Tomcat -type f -exec \
>>> grep "function2.basiceng.umr.edu" "{}" \;
>>>
>>> Thanks, I'll use this now.
>>
>> sackett-research-lab2b:~ joel$ sudo find /opt/Tomcat -type f -exec \
>> > grep "function2.basiceng.umr.edu" "{}" \;
>> Password:
>> http://function2.basiceng.umr.edu/view";>
>> // "> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
>> id + "\">"
>> Binary file /opt/Tomcat/webapps/view/css/.nobar.css.swp matches
>> http://function2.basiceng.umr.edu:8080/view/cgi-bin/test.cgi
>> ">Test
>> http://function2.basiceng.umr.edu/tst.cgi";>
>> // "> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
>> id + "\">"
>> Binary file /opt/Tomcat/webapps/view2/css/.nobar.css.swp matches
>> Binary file /opt/Tomcat/work/Standalone/localhost/_/index_jsp.class
>> matches
>> out.write("> http://function2.basiceng.umr.edu/view\";>\r\n");
>> // "> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
>> id + "\">"
>>
>>
>>
>>>
>>> >> /opt/Tomcat/webapps/view/acct_new.jsp:// ">> >>
>>> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id=";
>>> +
>>> >> id + "\">"
>>>
>>> This appears commented-out, but could be a problem.
>>>
>> How could this be a problem if it is commented out?
>>
>>
>>> Are the messages you are getting coming only from Safari? Can you track
>>> the HTTP messages that are actually being sent? It's tough to tell
>>> what's going on just from Safari error messages (which are somewhat
>>> "friendly" and try to interpret the situation instead of telling you
>>> exactly what happened).
>>>
>>>
>> I'm not sure how to do this, I know you can turn off friend messages in
>> internet explorer. But when I downloaded ie5 for mac I couldn't find the
>> *$&#*@(# tools menu. :)
>>
>>
>>
>> oh and this is the /etc/hosts
>>
>> ##
>> # Host Database
>> #
>> # localhost is used to configure the loopback interface
>> # when the system is booting. Do not change this entry.
>> ##
>> 127.0.0.1 localhost
>> 255.255.255.255 broadcasthost
>> ::1 localhost
>> fe80::1%lo0 localhost
>> ~
>>
>>
>>
>> Thanks for the help.
>>
> Yeah, finally found the tools menu (not used to macs), but I still can't
> see how to turn off friendly messages. All the options are different in the
> mac version.
>
So I was wondering if the website url in these files has anything to do with
my problem and if so are all the java files present for all the class files
and if so how would I go about recompiling the java files?
Binary file Tomcat/work/Standalone/localhost/_/index_jsp.class matches
Tomcat/work/Standalone/localhost/_/index_jsp.java: out.write("http://function2.basiceng.umr.edu/view\";>\r\n");
Thanks.
how to set auto redirection in tomcat
I have a site http://social.openitup.in right now what you are seeing is a default Tomcat6 page. I am using mod_ajp as a front end and Apache vhost configuration for same is ServerName social.openitup.in ServerAdmin webmaster@localhost ProxyRequests off Order deny,allow Allow from all ProxyPreserveHost On ProxyPass / ajp://192.168.1.19:8009/ ProxyPassReverse / ajp://192.168.1.19:8009/ How ever I have an application running on it http://social.openitup.in/olat what I want to do is when some one opens http://social.openitup.in then rather than seeing Tomcat6 home page from /var/lib/tomcat6/webapps/ROOT/index.html the person is redirected to olat application which is in /var/lib/tomcat6/webapps/olat how can this be achived? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting the expiry for static content served by Tomcat 6.0.32
You might serve static resources with Apache/nginx/haproxy. This has also the advantage that you save threads in tomcat. Cheers, Martin Am 23.02.2011 14:47 schrieb "Reinwald Warapen" : Hey, Is there any way I can specify the expiry of static content (js,css etc) by some setting in the context.xml or sever.xml .Or the only way to achieve this is to write my own filter which will add the appropriate header. Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Choosing the right worker
Hi, We're using 6.0.24, running on two servers. In our workers.properties file on the web server, we have ... ===Begin workers.properties == worker.lbroute.balance_workers=worker1,worker2 worker.worker1.type=ajp13 worker.worker1.host=ip_addr1 worker.worker1.port=8000 worker.worker1.lbfactor=1 worker.worker1.redirect=worker2 worker.worker1.socket_keepalive=true worker.worker1.connection_pool_timeout=60 worker.worker2.type=ajp13 worker.worker2.host=ip_addr2 worker.worker2.port=8000 worker.worker2.lbfactor=1 worker.worker2.activation=disabled worker.worker2.socket_keepalive=true worker.worker2.connection_pool_timeout=60 ===End workers.properties == How can I configure my workers.properties file so that if the index page of our sites is throwing a 500 http status code, it will fail over to the other worker? - Dave -- View this message in context: http://old.nabble.com/Choosing-the-right-worker-tp30998571p30998571.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server running website
On Wed, Feb 23, 2011 at 12:57 PM, Joel wrote:
>
>
>
> On Wed, Feb 23, 2011 at 11:08 AM, Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>>
>>
>> Try this:
>>
>> sudo find /opt/Tomcat -type f -exec \
>> grep "function2.basiceng.umr.edu" "{}" \;
>>
>> Thanks, I'll use this now.
>
> sackett-research-lab2b:~ joel$ sudo find /opt/Tomcat -type f -exec \
> > grep "function2.basiceng.umr.edu" "{}" \;
> Password:
> http://function2.basiceng.umr.edu/view";>
> // " http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
> id + "\">"
> Binary file /opt/Tomcat/webapps/view/css/.nobar.css.swp matches
> http://function2.basiceng.umr.edu:8080/view/cgi-bin/test.cgi
> ">Test
> http://function2.basiceng.umr.edu/tst.cgi";>
> // " http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
> id + "\">"
> Binary file /opt/Tomcat/webapps/view2/css/.nobar.css.swp matches
> Binary file /opt/Tomcat/work/Standalone/localhost/_/index_jsp.class matches
> out.write(" http://function2.basiceng.umr.edu/view\";>\r\n");
> // " http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
> id + "\">"
>
>
>
>>
>> >> /opt/Tomcat/webapps/view/acct_new.jsp:// "> >> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id=";
>> +
>> >> id + "\">"
>>
>> This appears commented-out, but could be a problem.
>>
> How could this be a problem if it is commented out?
>
>
>> Are the messages you are getting coming only from Safari? Can you track
>> the HTTP messages that are actually being sent? It's tough to tell
>> what's going on just from Safari error messages (which are somewhat
>> "friendly" and try to interpret the situation instead of telling you
>> exactly what happened).
>>
>>
> I'm not sure how to do this, I know you can turn off friend messages in
> internet explorer. But when I downloaded ie5 for mac I couldn't find the
> *$&#*@(# tools menu. :)
>
>
>
> oh and this is the /etc/hosts
>
> ##
> # Host Database
> #
> # localhost is used to configure the loopback interface
> # when the system is booting. Do not change this entry.
> ##
> 127.0.0.1 localhost
> 255.255.255.255 broadcasthost
> ::1 localhost
> fe80::1%lo0 localhost
> ~
>
>
>
> Thanks for the help.
>
Yeah, finally found the tools menu (not used to macs), but I still can't see
how to turn off friendly messages. All the options are different in the mac
version.
Re: Upgrading from Tomcat 6.0.29 to 7.0.8 - TLD Scanned Location Problem
On 23/02/2011 19:13, Scott Hamilton wrote: > Looks like the TldConfig class changed significantly between these versions > such that now TLDs that are under WEB-INF/classes (e.g. > WEB-INF/classes/META-INF) are no longer scanned/processed. > > This is an issue for us in development as some of our MyEclipse projects are > TLD library projects that in production will be in JARs in the WEB-INF/lib > but in development get exploded into WEB-INF/classes. In 6.0.x this worked > fine for us; 7.0.8 has removed this "feature". > > I realize that the reasoning behind this was to be more spec-compliant. Actually, the reasoning was: a) make TLD scanning consistent between Catalina & Jasper b) provide the extension points required by the Virgo project for OSGI RFC66 > My question is whether there is a Tomcat work-around to this to facilitate > our development environment? I've been poking around the TC source code and > as yet see no way to do this. I was even thinking of extending TldConfig to > use a subclass as a lifecycle listener (turning off the context processTlds) > but (as far as I've looked at this approach) the methods I'd want to override > or call in TldConfig are private. :( > > Any ideas? See http://tomcat.apache.org/tomcat-7.0-doc/config/jar-scanner.html Implementing your own JarScanner that additionally scans WEB-INF/classes should do the trick in the short-term. If you open a Bugzilla issue, I'll look into providing a configuration option that allows WEB-INF classes to be treated like an exploded JAR file. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP over ssl
Mladen Turk wrote: On 02/23/2011 07:28 PM, Jason Pyeron wrote: encrypting the data transfer between those boxes cause you can just as well make sure the proper persons have the network access. That list includes 78 people. You mean 78 people monitor your network for trouble ... I don't see what is so surprising there. We are 3 developers in my company, and whenever we want to install a piece of software at some of our customers, that is just about the number of people we have to deal with. ;-) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP over ssl
... It is not that I am wedded to any particular implementation, it is just each change requires board approval. A change for reconfiguring the enabled modules in apache. [we can skip this if we stay with mod_proxy_ajp, as it was already approved] A change for opening up a port on the apache box Personally, in such a case I would see the solution with an SSH or VPN tunnel as much simpler to put in place, and requiring much less "opening of ports". You have 2 machines : A running httpd, B running Tomcat. In machineA, you have a mod_jk setup which says something like worker.worker1.host=machineB.mydomain.com worker.worker1.port=8009 So let's say you change this to worker.worker1.host=localhost worker.worker1.port=8009 and you set up an SSH or VPN tunnel on localhost, listening on port 8009 and accepting connections only from localhost. This tunnel connects to machine B, where the receiving end forwards the data to localhost:8009 on B. On machine A, you have not opened an additional port (at least not one accessible from outside of machine A). On machine B, in all likelihood the SSH port is already open (and if not, you could have it listen on an arbitrary port, but accepting connections only from machine A). All the changes are transparent to Apache (apart from the above 1 line) and to Tomcat (entirely). And you save yourself the hassle in setting up mod_proxy_http on Apache, and a HTTPS Connector on Tomcat, with all the baggage attached to it. And you may save yourself changes in your authentication setup, since it will continue to use AJP and pass the user credentials as it does right now. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP over ssl
On 02/23/2011 07:28 PM, Jason Pyeron wrote: encrypting the data transfer between those boxes cause you can just as well make sure the proper persons have the network access. That list includes 78 people. You mean 78 people monitor your network for trouble or you have your production servers in the same network segment as your local intranet? Cannot tell which one is worse :) Regards -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Memory Leak in Tomcat
הילה wrote: Yes, I've read you other mail about the Jprofiler. I've run the Jprofiler for a weak until it generated a stuck process on the DB and crashed the application (even though it ran on the app server, and not the DB server) I'm not too familiar with Tomcat tweaks and java monitoring, so i'll try to go over your mail again and see if I can extract from it something that I can work with :] I hate to barge in (again?) in what is starting to look like a nice slinging match, but I think that we have already pretty much established that the memory leak, if any, happens in the jDTS (?) driver and/or the ntlmauth.dll that it is using, and not in Tomcat code. If it is in the ntlmauth.dll, I doubt that any Java tool will show anything. הילה, how exactly are you seeing that the Tomcat process is leaking memory ? With the MS Task Manager ? And, where exactly does that ntlmauth.dll come from ? @Chris : Apparently, the database being used accepts either plain text authentication, or NTLM authentication. And apparently also, the setup is such that in either case, the login to the database is done using a single user-id, provided "by Tomcat". One can discuss if this is, in the general scheme of things, an appropriate way in terms of security of access to the data in the database. But in the case of plain text authentication, the user-id and password used are stored in a Tomcat configuration file, in plain text. In the case of the NTLM authentication, the user-id under which tomcat runs can be easily discovered, but the password cannot. So I would think that in that limited sense, using NTLM offers an improvement. Now of course if at the same time, a bug in the jDTS driver or the ntlmauth.dll causes the Tomcat process to need more and more memory over time, the advantage is less evident. To nevertheless make some progress at identifying the culprit, I suggest the following procedure : Leave the user-id under which Tomcat itself is running as it is, using the Windows Domain user. Also leave the database as it is. But change back the authentication used for the database, to the plain-text setting. This way, the jDTS driver will still be there, but it will no longer be using the additional dll, and will authenticate to the DB with the plain-text user-id and password. Then check if the Tomcat process is still leaking memory. If it is not, then you know for sure that the leak is in ntlmauth.dll (or in the jDTS driver, but only when it using NTLM authentication). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Upgrading from Tomcat 6.0.29 to 7.0.8 - TLD Scanned Location Problem
Looks like the TldConfig class changed significantly between these versions such that now TLDs that are under WEB-INF/classes (e.g. WEB-INF/classes/META-INF) are no longer scanned/processed. This is an issue for us in development as some of our MyEclipse projects are TLD library projects that in production will be in JARs in the WEB-INF/lib but in development get exploded into WEB-INF/classes. In 6.0.x this worked fine for us; 7.0.8 has removed this "feature". I realize that the reasoning behind this was to be more spec-compliant. My question is whether there is a Tomcat work-around to this to facilitate our development environment? I've been poking around the TC source code and as yet see no way to do this. I was even thinking of extending TldConfig to use a subclass as a lifecycle listener (turning off the context processTlds) but (as far as I've looked at this approach) the methods I'd want to override or call in TldConfig are private. :( Any ideas? Thanks in advance, Scott
RE: Secure AJP over ssl
> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Wednesday, February 23, 2011 10:38 > To: Tomcat Users List > Subject: Re: Secure AJP over ssl > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Mark, > > On 2/23/2011 10:36 AM, Mark Thomas wrote: > > On 23/02/2011 15:32, Christopher Schultz wrote: > >> Mladen, > >> > >> On 2/23/2011 3:00 AM, Mladen Turk wrote: > >>> What do you think happens when encrypted data from client > comes in > >>> and is encrypted again and send to the client? > >>> It's unencrypted in the memory and anyone with access to > the box can > >>> just inspect the content of the httpd process in the same > way it can > >>> read the data on the socket. > >>> So since persons which are authorized to login to the Apache and > >>> Tomcat box have the option to view the data, your entire > security is > >>> still human based. > >> > >> I think he's talking about network sniffing (like another > node on the > >> network operating in promiscuous mode), not an untrusted > box administrator. > >> > >>> That's why I see no point of encrypting the data transfer between > >>> those boxes cause you can just as well make sure the > proper persons > >>> have the network access. > >> > >> I certainly agree with this. > >> > >> Anyhow, to answer the OP's question, there are really > three options: > >> > >> 1. SSH tunnel I think I am going to use stunnel in xinetd. > >> > >> 2. Encrypted VPN (OpenVPN is quite good and will auto-reconnect if > >>necessary while ssh generally won't). > >> > >> 3. Switch to mod_proxy_http and use an https:// URL with Mark's > >>indicated settings. I am glad to have this cleared up. > >> > >> These options are roughly in order of performance from > best to worst: > >> setting up an HTTPS connection is expensive and I'm not > entirely sure > >> how mod_proxy_http does connections, but I suspect it creates and > >> tears-down for each request (i.e. no keepalives, or at > least limited ones). > >> > >> Encrypted VPNs are simply more complicated than an SSH tunnel and > >> require slightly more overhead. An SSH tunnel is dead > simple and only > >> negotiates a symmetric key once at connect time (okay, and then > >> re-negotiates at intervals) but lacks the robustness of a VPN. > > > > I disagree with that assessment. mod_proxy_http is by far > the simplest > > way to go and it does use keep-alive. > > Good to know that mod_proxy_http uses keepalive. I was > recommending the others since the OP seems wedded to AJP. > Also, if there is any other traffic to encrypt (JDBC, etc.) > the VPN would handle that, too. It is not that I am wedded to any particular implementation, it is just each change requires board approval. A change for reconfiguring the enabled modules in apache. [we can skip this if we stay with mod_proxy_ajp, as it was already approved] A change for opening up a port on the apache box -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Secure AJP over ssl
> -Original Message- > From: Mladen Turk [mailto:mt...@apache.org] > Sent: Wednesday, February 23, 2011 3:01 > To: users@tomcat.apache.org > Subject: Re: Secure AJP over ssl > > On 02/22/2011 11:23 PM, Jason Pyeron wrote: > >> -Original Message- > > > > That is a naive view. [Please forgive the wording.] > > > > None taken. > > > Given: > > > > 1) The Apache box is secure and login is restricted to the > minimum set > > of persons with a kneed to know. > > 2) The Tomcat box is secure and login is restricted to the > minimum set > > of persons with a kneed to know. > > > > There is no reason to allow the set of persons capable (and > sometimes > > authorized) to inspect the data on a network (network > operations) to > > be able to inspect the unsecured contents of the data stream. That > > would be a briech of security and law. > > > > I just waited you mention that :) > What do you think happens when encrypted data from client > comes in and is encrypted again and send to the client? > It's unencrypted in the memory and anyone with access to the > box can just inspect the content of the httpd process in the > same way it can read the data on the socket. > So since persons which are authorized to login to the Apache > and Tomcat box have the option to view the data, your entire > security is still human based. That's why I see no point of Yes, the list includes 4 people. > encrypting the data transfer between those boxes cause you > can just as well make sure the proper persons have the network access. > That list includes 78 people. > However I can live with the 'law' reason, but that doesn't > mean it's a secure just because the 'law' says it is. I see it as there is no excuse not to encrypt it when it crosses security domain boundaries. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100- - +1 (443) 269-1555 x333Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is copyright PD Inc, subject to license 20080407P00. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server running website
On Wed, Feb 23, 2011 at 11:08 AM, Christopher Schultz <
ch...@christopherschultz.net> wrote:
>
>
> Try this:
>
> sudo find /opt/Tomcat -type f -exec \
> grep "function2.basiceng.umr.edu" "{}" \;
>
> Thanks, I'll use this now.
sackett-research-lab2b:~ joel$ sudo find /opt/Tomcat -type f -exec \
> grep "function2.basiceng.umr.edu" "{}" \;
Password:
http://function2.basiceng.umr.edu/view";>
// "http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; + id
+ "\">"
Binary file /opt/Tomcat/webapps/view/css/.nobar.css.swp matches
http://function2.basiceng.umr.edu:8080/view/cgi-bin/test.cgi
">Test
http://function2.basiceng.umr.edu/tst.cgi";>
// "http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; + id
+ "\">"
Binary file /opt/Tomcat/webapps/view2/css/.nobar.css.swp matches
Binary file /opt/Tomcat/work/Standalone/localhost/_/index_jsp.class matches
out.write("http://function2.basiceng.umr.edu/view\";>\r\n");
// "http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; + id
+ "\">"
>
> >> /opt/Tomcat/webapps/view/acct_new.jsp:// " >> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id=";
> +
> >> id + "\">"
>
> This appears commented-out, but could be a problem.
>
How could this be a problem if it is commented out?
> Are the messages you are getting coming only from Safari? Can you track
> the HTTP messages that are actually being sent? It's tough to tell
> what's going on just from Safari error messages (which are somewhat
> "friendly" and try to interpret the situation instead of telling you
> exactly what happened).
>
>
I'm not sure how to do this, I know you can turn off friend messages in
internet explorer. But when I downloaded ie5 for mac I couldn't find the
*$&#*@(# tools menu. :)
oh and this is the /etc/hosts
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
~
Thanks for the help.
Re: [OT] Memory Leak in Tomcat
Yes, I've read you other mail about the Jprofiler. I've run the Jprofiler for a weak until it generated a stuck process on the DB and crashed the application (even though it ran on the app server, and not the DB server) I'm not too familiar with Tomcat tweaks and java monitoring, so i'll try to go over your mail again and see if I can extract from it something that I can work with :] Thanks Hila 2011/2/23 Christopher Schultz > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > הילה, > > On 2/23/2011 10:51 AM, הילה - צוות אגורה wrote: > > the user that runs the tomcat service is a domain user, but I specify the > > user name and password of this user under "log on" tab on the service > > properties. > > it's not a problem since the password is encrypted, but in the xml file > it's > > in clear text. > > It's a good thing those credentials don't need to be decrypted in order > to be used. Congratulations: you've covered your ass. > > > so.. the problem for me is the memory leak that generated after switching > to > > windows authentication. > > Yup. Let's get back to that. See my other post about working with > JProfiler. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk1lMawACgkQ9CaO5/Lv0PAKpQCfeM8Qb+ixI0U+o6vukJDEAgIa > LuYAoKz94msoMkU2+lCJ+mgY2iVvAuEH > =Q9Rk > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: [OT] Memory Leak in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 הילה, On 2/23/2011 10:51 AM, הילה - צוות אגורה wrote: > the user that runs the tomcat service is a domain user, but I specify the > user name and password of this user under "log on" tab on the service > properties. > it's not a problem since the password is encrypted, but in the xml file it's > in clear text. It's a good thing those credentials don't need to be decrypted in order to be used. Congratulations: you've covered your ass. > so.. the problem for me is the memory leak that generated after switching to > windows authentication. Yup. Let's get back to that. See my other post about working with JProfiler. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lMawACgkQ9CaO5/Lv0PAKpQCfeM8Qb+ixI0U+o6vukJDEAgIa LuYAoKz94msoMkU2+lCJ+mgY2iVvAuEH =Q9Rk -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server running website
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joel,
On 2/23/2011 10:47 AM, Joel wrote:
> On Wed, Feb 23, 2011 at 10:44 AM, Joel wrote:
>> sackett-research-lab2b:opt joel$ sudo find /opt/Tomcat -type f | xargs grep
>> function2.basiceng.umr.edu
>> grep: /opt/Tomcat/conf/server: No such file or directory
>> grep: copy.xml: No such file or directory
It looks like you might not have enough "sudos" in there: I believe
xargs isn't being run as administrator, hence all the errors.
Try this:
sudo find /opt/Tomcat -type f -exec \
grep "function2.basiceng.umr.edu" "{}" \;
>> /opt/Tomcat/webapps/ROOT/index.jsp: > content="0;url=http://function2.basiceng.umr.edu/view";>
That looks promising.
>> /opt/Tomcat/webapps/view/acct_new.jsp:// "> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
>> id + "\">"
This appears commented-out, but could be a problem.
There appear to be references to these things in various places:
>> /opt/Tomcat/webapps/view/test.html: http://function2.basiceng.umr.edu:8080/view/cgi-bin/test.cgi";>Test
Note that the port number here (8080) isn't the same as the very first
one (the META refresh, to port 80). It looks like the app "matured" over
some time and maybe graduated from 8080 to 80 and nobody went back and
cleaned things up.
The proper way to create a link in JSP back to the same site, allowing
for relocations of both hostname /and/ deployment directory (say, /foo
instead of /bar) is this:
">link text
There are better ways to do this these says (using JSTL, for instance),
but this will work with all versions of JSP... and if you're on Tomcat
4.1 you'll need all the backward-compatibility you can get. :)
>> Feb 23, 2011 10:41:51 AM org.apache.struts.util.PropertyMessageResources
Oh, if you're using Struts, you can use the Struts taglibs to create
URLs for you. Assuming you don't really want to mess with too many
things just yet, I'll leave that discussion for later if you want.
Now, the fun part:
>> Feb 23, 2011 10:41:52 AM org.apache.coyote.http11.Http11Protocol start
>> INFO: Starting Coyote HTTP/1.1 on port 8080
HTTP connector on port 8080.
>> Feb 23, 2011 10:41:52 AM org.apache.coyote.http11.Http11Protocol start
>> INFO: Starting Coyote HTTP/1.1 on port 80
HTTP connector on port 80.
>> Feb 23, 2011 10:41:52 AM org.apache.jk.common.ChannelSocket init
>> INFO: JK2: ajp13 listening on /0.0.0.0:9007
AJP13 (aka mod_jk) connector on port 9007.
>> Feb 23, 2011 10:41:52 AM org.apache.jk.server.JkMain start
>> INFO: Jk running ID=0 time=1/8 config=/opt/Tomcat/conf/jk2.properties
Fantastic: it's running mod_jk2. Oddly enough, mod_jk2 is out of date
when compared to mod_jk. mod_jk2 was an abortive attempt to improve on
mod_jk... then mod_jk caught up and got better and mod_jk2 wasn't necessary.
Were these the latest "Starting Coyote" messages in the log file? When
constantly starting and stopping, it's easy to lose track of what
messages came from which startup. I recommend deleting the
logs/catalina.out file before you start with a new configuration just to
avoid confusion.
>> tcp46 0 0 *.9007 *.*LISTEN
>> tcp46 0 0 *.http *.*LISTEN
>> tcp46 0 0 *.http-alt *.*LISTEN
Those appear to be Tomcat.
>> without:
>>
>> sackett-research-lab2b:bin joel$ netstat -a | grep LISTEN
I don't see any :http and :http-alt, so this probably means that Tomcat
is listening properly. No port binding errors in the log file is also a
good indication.
> About the server.xml I must not have looked very closely, I think this is
> what you want.
Looks like the right stuff, thought many are commented-out. Let's look
at the enabled connectors (should be no surprised, given the log output
from above):
>
> port="9007" minProcessors="5" maxProcessors="75"
>enableLookups="true" redirectPort="8443"
>acceptCount="10" debug="0" connectionTimeout="0"
>useURIValidationHack="false"
>
> protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
AJP13 connector on port 9007.
That's all: there must be more somewhere else.
So... back to the original question: what's going on?
Are the messages you are getting coming only from Safari? Can you track
the HTTP messages that are actually being sent? It's tough to tell
what's going on just from Safari error messages (which are somewhat
"friendly" and try to interpret the situation instead of telling you
exactly what happened).
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk1lMRgACgkQ9CaO5/Lv0PB4JQCgm1+fjsOx9RSBkeeEdiV3Kvis
BUYAmQHWluZIsa5JpwHP75eqS9RheUwY
=lJjY
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
F
RE: loading an xsl file in javascript
> From: robert.jen...@surecomp.com [mailto:robert.jen...@surecomp.com] > Subject: RE: loading an xsl file in javascript > Localhost_access_log has this > 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET > /Reporting/reportwriter/xsl/treesort.xsl HTTP/1.1" 200 564 Oops - missed that one. Install Fiddler2 and see exactly what's coming back in the response. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: server running website
> From: Joel [mailto:felixtheratr...@gmail.com] > Subject: Re: server running website > So yeah it might be the later problem, where there is a > hardcoded directory. Is there a quick way to fix this? Since you're running on a very unsupported version of Tomcat, you're pretty much on your own now. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: loading an xsl file in javascript
The license expired is a different application we have... Localhost_access_log has this 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/xsl/treesort.xsl HTTP/1.1" 200 564 Sincerely, Robert Jenkin Surecomp Services, Inc. 2 Hudson Place, 4th Floor Hoboken, NJ 07030 Skype: robert.jenkin Office: 201 217 1437 | Direct: 201 716 1219 | Mobile: 908 251 0537 http://www.Surecomp.com -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Wednesday, February 23, 2011 10:46 AM To: Tomcat Users List Subject: RE: loading an xsl file in javascript > From: robert.jen...@surecomp.com [mailto:robert.jen...@surecomp.com] > Subject: RE: loading an xsl file in javascript > Platform is Windows 7 32bit > Using CATALINA_BASE: "C:\Downloads\tomcat-7\apache-tomcat-7.0.6" > Using JRE_HOME:"C:\Development\Java\jdk1.6.0_18\jre" Thank you. > Localhost_acess_log Note that there are *no* requests for treesort.xsl, so it looks like either the browser cached it, or your JavaScript is failing to issue the request. > Localhost log > Feb 23, 2011 10:24:03 AM org.apache.catalina.core.ApplicationContext log > SEVERE: StandardWrapper.Throwable > java.lang.RuntimeException: License Has Expired, Process Terminated > (Expiration Date: 20110131) > Feb 23, 2011 10:24:03 AM org.apache.catalina.core.StandardContext > loadOnStartup > SEVERE: Servlet /allMATCHWeb threw load() exception > java.lang.RuntimeException: License Has Expired, Process Terminated > (Expiration Date: 20110131) Looks a tad suspicious, don't you think? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This mail was sent via Mail-SeCure System. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Memory Leak in Tomcat
Hey, the user that runs the tomcat service is a domain user, but I specify the user name and password of this user under "log on" tab on the service properties. it's not a problem since the password is encrypted, but in the xml file it's in clear text. so.. the problem for me is the memory leak that generated after switching to windows authentication. 2011/2/23 Christopher Schultz > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > הילה, > > On 2/23/2011 10:38 AM, הילה wrote: > > I've explained it in my mail :] > > change the user that runs the tomcat service to a domain user with > > permissions to the DB > > So the domain user is password-less? How does the service start without > credentials? > > I'm not actually stupid: I'm just asking stupid questions to lead you to > the conclusion that the credentials are in fact somewhere. Just because > you can't see them (Windows has them hidden somewhere) doesn't mean > they're not there. > > You are just moving the problem somewhere else. > > This problem is discussed seasonally around here. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk1lLB8ACgkQ9CaO5/Lv0PA87wCfdhGwBHUiutC766MH+8x5g6Zy > NfIAoJkUCY7ZPD8EKEJvkdZHkTEEs6cj > =+Vwc > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: server running website
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 2/22/2011 10:59 AM, Caldarale, Charles R wrote: >> From: Joel [mailto:felixtheratr...@gmail.com] >> Subject: server running website > >> But when I try to go to the page "localhost:8080" or "localhost:80" >> Safari says: >> "Safari can't open the page "http://function2.basiceng.umr.edu/view"; because >> Safari can't find the server "function2.basiceng.umr.edu"." > > Looks like something is seriously askew in your hosts file. The localhost id > should always be mapped to 127.0.0.1, not some external DNS name. > >> When I don't run the server as sudo I get things like >> Safari can't open the page "http://www.localhost.com:80/"; because the server >> unexpectedly dropped the connection. This sometimes occurs when the server >> is busy. Wait for a few minutes, and then try again. > > Again, it looks like something's wrong with the hosts file. Careful. My last experience with Mac OS X lead, after days of head scratching and ranting and raving, to the conclusion that the /etc/hosts file is a sham: everything was being controlled via a LDAP configuration and the hosts file was being ignored. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lLNQACgkQ9CaO5/Lv0PBmlACbBjxczgeWIRqjwJ4azl6PRNXb Wb4Ani4GYgWpPf+98PXRO12hFcUyt8YR =hhTP -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Memory Leak in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 הילה, On 2/23/2011 10:38 AM, הילה wrote: > I've explained it in my mail :] > change the user that runs the tomcat service to a domain user with > permissions to the DB So the domain user is password-less? How does the service start without credentials? I'm not actually stupid: I'm just asking stupid questions to lead you to the conclusion that the credentials are in fact somewhere. Just because you can't see them (Windows has them hidden somewhere) doesn't mean they're not there. You are just moving the problem somewhere else. This problem is discussed seasonally around here. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lLB8ACgkQ9CaO5/Lv0PA87wCfdhGwBHUiutC766MH+8x5g6Zy NfIAoJkUCY7ZPD8EKEJvkdZHkTEEs6cj =+Vwc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Updating CRL
> > are there any plans to implement a life update (without > restarting the > > connector) of the CRL in tomcat 7? > > And maybe via URL not via File? > > At the moment? No. Thanks. It looks simple to switch from File to URL. But the life update seems to be quite complicated. Where could I hack in? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server running website
On Wed, Feb 23, 2011 at 10:44 AM, Joel wrote:
>
>
> On Tue, Feb 22, 2011 at 10:59 AM, Caldarale, Charles R <
> chuck.caldar...@unisys.com> wrote:
>>
>>
>> Again, it looks like something's wrong with the hosts file. Might be as
>> simple as not having a hosts file, or not having an entry for localhost.
>>
>> Another possibility is that you may have a webapp deployed that has
>> hard-coded the original website address, and did a redirect with it - hard
>> coding like that is a very, very bad practice.
>>
>>
> So yeah it might be the later problem, where there is a hardcoded
> directory. Is there a quick way to fix this? This should be a list of all
> the files that "function2.basiceng.umr.edu" appears in
>
> sackett-research-lab2b:opt joel$ sudo find /opt/Tomcat -type f | xargs grep
> function2.basiceng.umr.edu
> grep: /opt/Tomcat/conf/server: No such file or directory
> grep: copy.xml: No such file or directory
> /opt/Tomcat/webapps/ROOT/index.jsp: content="0;url=http://function2.basiceng.umr.edu/view";>
> /opt/Tomcat/webapps/view/acct_new.jsp:// " http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
> id + "\">"
> Binary file /opt/Tomcat/webapps/view/css/.nobar.css.swp matches
> grep: /opt/Tomcat/webapps/view/images/folder_closed: No such file or
> directory
> grep: copy.gif: No such file or directory
> grep: /opt/Tomcat/webapps/view/Pick_: No such file or directory
> grep: CLMatrices.jsp: No such file or directory
> grep: /opt/Tomcat/webapps/view/Reading: No such file or directory
> grep: Excel.jsp: No such file or directory
> grep: /opt/Tomcat/webapps/view/searchmorph_results: No such file or
> directory
> grep: old.jsp: No such file or directory
> /opt/Tomcat/webapps/view/test.html: http://function2.basiceng.umr.edu:8080/view/cgi-bin/test.cgi";>Test
> /opt/Tomcat/webapps/view/test1.html: http://function2.basiceng.umr.edu/tst.cgi";>
> grep: /opt/Tomcat/webapps/view/Testing: No such file or directory
> grep: DB.jsp: No such file or directory
> grep: /opt/Tomcat/webapps/view/UserPick_: No such file or directory
> grep: CLMatrices.jsp: No such file or directory
> /opt/Tomcat/webapps/view2/acct_new.jsp:// " http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
> id + "\">"
> Binary file /opt/Tomcat/webapps/view2/css/.nobar.css.swp matches
> grep: /opt/Tomcat/webapps/view2/images/folder_closed: No such file or
> directory
> grep: copy.gif: No such file or directory
> Binary file /opt/Tomcat/work/Standalone/localhost/_/index_jsp.class matches
> /opt/Tomcat/work/Standalone/localhost/_/index_jsp.java:
> out.write(" http://function2.basiceng.umr.edu/view\";>\r\n");
> /opt/Tomcat/work/Standalone/localhost/view/acct_new_jsp.java:// " href=\"
> http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; +
> id + "\">"
> grep: copy/SESSIONS.ser: No such file or directory
>
>
>
>
>
>
> Check the logs to find out what happened when you attempted to start the
>
> server.
>
> here is what happens in catalina.out when I start, not sure which log file
> you want, though there aren't errors in any of them
>
> Feb 23, 2011 10:37:26 AM org.apache.coyote.http11.Http11Protocol destroy
> INFO: Stoping http11 protocol on 80 Catalina:type=ThreadPool,name=http80
> Feb 23, 2011 10:41:50 AM org.apache.coyote.http11.Http11Protocol init
> INFO: Initializing Coyote HTTP/1.1 on port 8080
> Feb 23, 2011 10:41:50 AM org.apache.coyote.http11.Http11Protocol init
> INFO: Initializing Coyote HTTP/1.1 on port 80
> Starting service Tomcat-Standalone
> Apache Tomcat/4.1.29-LE-jdk14
> Feb 23, 2011 10:41:51 AM org.apache.struts.util.PropertyMessageResources
>
> INFO: Initializing, config='org.apache.struts.util.LocalStrings',
> returnNull=true
> Feb 23, 2011 10:41:51 AM org.apache.struts.util.PropertyMessageResources
>
> INFO: Initializing, config='org.apache.struts.action.ActionResources',
> returnNull=true
> Feb 23, 2011 10:41:51 AM org.apache.struts.util.PropertyMessageResources
>
> INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources',
> returnNull=true
> Feb 23, 2011 10:41:52 AM org.apache.coyote.http11.Http11Protocol start
> INFO: Starting Coyote HTTP/1.1 on port 8080
> Feb 23, 2011 10:41:52 AM org.apache.coyote.http11.Http11Protocol start
> INFO: Starting Coyote HTTP/1.1 on port 80
> Feb 23, 2011 10:41:52 AM org.apache.jk.common.ChannelSocket init
> INFO: JK2: ajp13 listening on /0.0.0.0:9007
> Feb 23, 2011 10:41:52 AM org.apache.jk.server.JkMain start
> INFO: Jk running ID=0 time=1/8 config=/opt/Tomcat/conf/jk2.properties
>
>
> Is there something else already running on the ports tomcat is
> trying to use? What does netstat list as listening ports with and
> without tomcat running?
>
>
> With tomcat:
> sackett-research-lab2b:logs joel$ netstat -a | grep LISTEN
> tcp4 0 0 localhost.8005 *.*LISTEN
> tcp46 0 0 *.9007 *.*LISTEN
> tcp46 0 0 *.commplex-link*
RE: loading an xsl file in javascript
> From: robert.jen...@surecomp.com [mailto:robert.jen...@surecomp.com] > Subject: RE: loading an xsl file in javascript > Platform is Windows 7 32bit > Using CATALINA_BASE: "C:\Downloads\tomcat-7\apache-tomcat-7.0.6" > Using JRE_HOME:"C:\Development\Java\jdk1.6.0_18\jre" Thank you. > Localhost_acess_log Note that there are *no* requests for treesort.xsl, so it looks like either the browser cached it, or your JavaScript is failing to issue the request. > Localhost log > Feb 23, 2011 10:24:03 AM org.apache.catalina.core.ApplicationContext log > SEVERE: StandardWrapper.Throwable > java.lang.RuntimeException: License Has Expired, Process Terminated > (Expiration Date: 20110131) > Feb 23, 2011 10:24:03 AM org.apache.catalina.core.StandardContext > loadOnStartup > SEVERE: Servlet /allMATCHWeb threw load() exception > java.lang.RuntimeException: License Has Expired, Process Terminated > (Expiration Date: 20110131) Looks a tad suspicious, don't you think? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat Connection Pool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rahul, (Marking off-topic as this a JDBC driver/database issue unrelated to Tomcat). On 2/23/2011 9:13 AM, Rahul Kumar wrote: > Tomcat version: 6.0 Not that it matters, but what version of 6.0? There are 32 or so of them. > Problem Statement: > > When server is idle for long period of time thread hangs for waiting > the DBMS to return with response. How long is "long"? > I have tried all the possible combination configuration for > connection pool but could succeed in removing that problem. Specifically, what have you tried? What were the results? > validationQuery="select * from dual" Might I suggest not using SELECT *, even if it's from DUAL? What does that even return? A single row with a single field whose value is '*'? >testOnBorrow="true" >testWhileIdle="true" If you have testWhileIdle=true, server idleness shouldn't affect the JDBC connections: they are periodically "pinged". > > timeBetweenEvictionRunsMillis="180" > > minEvictableIdleTimeMillis="180" 30 minutes. What is the idle-connection-timeout on any firewall hardware of software you might have sitting between your app server and your db? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lK2sACgkQ9CaO5/Lv0PDaWQCfa+sXQDyMGRrritbkD1mz3u7j f48AoLXiu98CEn5Yle1sSdbqoB6otqn1 =lJOm -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: server running website
On Tue, Feb 22, 2011 at 10:59 AM, Caldarale, Charles R <
chuck.caldar...@unisys.com> wrote:
>
>
> Again, it looks like something's wrong with the hosts file. Might be as
> simple as not having a hosts file, or not having an entry for localhost.
>
> Another possibility is that you may have a webapp deployed that has
> hard-coded the original website address, and did a redirect with it - hard
> coding like that is a very, very bad practice.
>
>
So yeah it might be the later problem, where there is a hardcoded directory.
Is there a quick way to fix this? This should be a list of all the files
that "function2.basiceng.umr.edu" appears in
sackett-research-lab2b:opt joel$ sudo find /opt/Tomcat -type f | xargs grep
function2.basiceng.umr.edu
grep: /opt/Tomcat/conf/server: No such file or directory
grep: copy.xml: No such file or directory
/opt/Tomcat/webapps/ROOT/index.jsp: http://function2.basiceng.umr.edu/view";>
/opt/Tomcat/webapps/view/acct_new.jsp:// "http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; + id
+ "\">"
Binary file /opt/Tomcat/webapps/view/css/.nobar.css.swp matches
grep: /opt/Tomcat/webapps/view/images/folder_closed: No such file or
directory
grep: copy.gif: No such file or directory
grep: /opt/Tomcat/webapps/view/Pick_: No such file or directory
grep: CLMatrices.jsp: No such file or directory
grep: /opt/Tomcat/webapps/view/Reading: No such file or directory
grep: Excel.jsp: No such file or directory
grep: /opt/Tomcat/webapps/view/searchmorph_results: No such file or
directory
grep: old.jsp: No such file or directory
/opt/Tomcat/webapps/view/test.html: http://function2.basiceng.umr.edu:8080/view/cgi-bin/test.cgi";>Test
/opt/Tomcat/webapps/view/test1.html: http://function2.basiceng.umr.edu/tst.cgi";>
grep: /opt/Tomcat/webapps/view/Testing: No such file or directory
grep: DB.jsp: No such file or directory
grep: /opt/Tomcat/webapps/view/UserPick_: No such file or directory
grep: CLMatrices.jsp: No such file or directory
/opt/Tomcat/webapps/view2/acct_new.jsp:// "http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; + id
+ "\">"
Binary file /opt/Tomcat/webapps/view2/css/.nobar.css.swp matches
grep: /opt/Tomcat/webapps/view2/images/folder_closed: No such file or
directory
grep: copy.gif: No such file or directory
Binary file /opt/Tomcat/work/Standalone/localhost/_/index_jsp.class matches
/opt/Tomcat/work/Standalone/localhost/_/index_jsp.java:
out.write("http://function2.basiceng.umr.edu/view\";>\r\n");
/opt/Tomcat/work/Standalone/localhost/view/acct_new_jsp.java:// "http://function2.basiceng.umr.edu:8080/view/Accounting/confirm.jsp?id="; + id
+ "\">"
grep: copy/SESSIONS.ser: No such file or directory
Check the logs to find out what happened when you attempted to start the
server.
here is what happens in catalina.out when I start, not sure which log file
you want, though there aren't errors in any of them
Feb 23, 2011 10:37:26 AM org.apache.coyote.http11.Http11Protocol destroy
INFO: Stoping http11 protocol on 80 Catalina:type=ThreadPool,name=http80
Feb 23, 2011 10:41:50 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on port 8080
Feb 23, 2011 10:41:50 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on port 80
Starting service Tomcat-Standalone
Apache Tomcat/4.1.29-LE-jdk14
Feb 23, 2011 10:41:51 AM org.apache.struts.util.PropertyMessageResources
INFO: Initializing, config='org.apache.struts.util.LocalStrings',
returnNull=true
Feb 23, 2011 10:41:51 AM org.apache.struts.util.PropertyMessageResources
INFO: Initializing, config='org.apache.struts.action.ActionResources',
returnNull=true
Feb 23, 2011 10:41:51 AM org.apache.struts.util.PropertyMessageResources
INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources',
returnNull=true
Feb 23, 2011 10:41:52 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on port 8080
Feb 23, 2011 10:41:52 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on port 80
Feb 23, 2011 10:41:52 AM org.apache.jk.common.ChannelSocket init
INFO: JK2: ajp13 listening on /0.0.0.0:9007
Feb 23, 2011 10:41:52 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=1/8 config=/opt/Tomcat/conf/jk2.properties
Is there something else already running on the ports tomcat is
trying to use? What does netstat list as listening ports with and
without tomcat running?
With tomcat:
sackett-research-lab2b:logs joel$ netstat -a | grep LISTEN
tcp4 0 0 localhost.8005 *.*LISTEN
tcp46 0 0 *.9007 *.*LISTEN
tcp46 0 0 *.commplex-link*.*LISTEN
tcp46 0 0 *.http *.*LISTEN
tcp46 0 0 *.http-alt *.*LISTEN
tcp4 0 0 *.kerberos *.*LISTEN
tcp6 0
Re: Updating CRL
On 23/02/2011 15:38, spr...@gmx.eu wrote: > Hi, > > are there any plans to implement a life update (without restarting the > connector) of the CRL in tomcat 7? > And maybe via URL not via File? At the moment? No. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Memory Leak in Tomcat
I've explained it in my mail :] change the user that runs the tomcat service to a domain user with permissions to the DB place ntlmauth.dll (from jtds-1.2.5 package) under c:\windows\system32 place jtds-1.2.5.jar (from jtds-1.2.5 package) in the tomcat 6.0\lib folder and it works. :] 2011/2/23 Christopher Schultz > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > הילה, > > On 2/23/2011 10:29 AM, הילה wrote: > > I trust the people in the company, but the company's work is with sites > that > > any user all over the internet can access. so we want to perform a damage > > control if some hacker would gain access to our web server, so if he can > - > > he won't get access to the DB, at least not with our help of displaying > the > > user and password to access the DB :]. > > I'm curious as to how your webapp can connect to a database without > credentials. > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk1lKRwACgkQ9CaO5/Lv0PA9/gCgm7sqTh9ReZ9LXr9gYj9pbYpt > lIsAni8xXRsB/v/JyQNNSmvkoFI3aUjz > =15dg > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Updating CRL
Hi, are there any plans to implement a life update (without restarting the connector) of the CRL in tomcat 7? And maybe via URL not via File? Thank you - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP over ssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 2/23/2011 10:36 AM, Mark Thomas wrote: > On 23/02/2011 15:32, Christopher Schultz wrote: >> Mladen, >> >> On 2/23/2011 3:00 AM, Mladen Turk wrote: >>> What do you think happens when encrypted data from client comes in and >>> is encrypted again and send to the client? >>> It's unencrypted in the memory and anyone with access to the box >>> can just inspect the content of the httpd process in the same way >>> it can read the data on the socket. >>> So since persons which are authorized to login to the Apache and Tomcat >>> box have the option to view the data, your entire security is still >>> human based. >> >> I think he's talking about network sniffing (like another node on the >> network operating in promiscuous mode), not an untrusted box administrator. >> >>> That's why I see no point of encrypting the data transfer >>> between those boxes cause you can just as well make sure the proper >>> persons have the network access. >> >> I certainly agree with this. >> >> Anyhow, to answer the OP's question, there are really three options: >> >> 1. SSH tunnel >> >> 2. Encrypted VPN (OpenVPN is quite good and will auto-reconnect if >>necessary while ssh generally won't). >> >> 3. Switch to mod_proxy_http and use an https:// URL with Mark's >>indicated settings. >> >> These options are roughly in order of performance from best to worst: >> setting up an HTTPS connection is expensive and I'm not entirely sure >> how mod_proxy_http does connections, but I suspect it creates and >> tears-down for each request (i.e. no keepalives, or at least limited ones). >> >> Encrypted VPNs are simply more complicated than an SSH tunnel and >> require slightly more overhead. An SSH tunnel is dead simple and only >> negotiates a symmetric key once at connect time (okay, and then >> re-negotiates at intervals) but lacks the robustness of a VPN. > > I disagree with that assessment. mod_proxy_http is by far the simplest > way to go and it does use keep-alive. Good to know that mod_proxy_http uses keepalive. I was recommending the others since the OP seems wedded to AJP. Also, if there is any other traffic to encrypt (JDBC, etc.) the VPN would handle that, too. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lKesACgkQ9CaO5/Lv0PBFRgCfVfwSNBR+hw9goy/jZft92ekx VRQAoICP/Mklk5HmZnyj7EvSdk4dEuGE =6FMQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat 7.0.8 behind a ssl gateway
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 rhannek, On 2/23/2011 10:17 AM, rhan...@gmx.de wrote: > I've set up an Apache Tomcat server for a small JSF2.0 project with > PrimeFaces. Because of some internal company rules the server has to > be able to operate behind a ssl gateway. Can you describe this in more detail? Are your clients using HTTPS to contact a web server (Apache httpd, etc.) which then makes a non-secure (or even secure) connection to Tomcat? > Well... it does not > completely. The whole design of the page is... well... fucked up. Your statement does not communicate anything useful. High marks for eloquence, though. :) > My guess would be the SSL gateway but I have no access to it. Give us more information about what the environment looks like. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lKasACgkQ9CaO5/Lv0PB5/gCeMhJmGuS6d/KfGaAuy/yLgp4I 1KUAn1cs+vQ/E2MZYgaoPF9wg0gHCnap =9MEE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP over ssl
On 23/02/2011 15:32, Christopher Schultz wrote: > Mladen, > > On 2/23/2011 3:00 AM, Mladen Turk wrote: >> What do you think happens when encrypted data from client comes in and >> is encrypted again and send to the client? >> It's unencrypted in the memory and anyone with access to the box >> can just inspect the content of the httpd process in the same way >> it can read the data on the socket. >> So since persons which are authorized to login to the Apache and Tomcat >> box have the option to view the data, your entire security is still >> human based. > > I think he's talking about network sniffing (like another node on the > network operating in promiscuous mode), not an untrusted box administrator. > >> That's why I see no point of encrypting the data transfer >> between those boxes cause you can just as well make sure the proper >> persons have the network access. > > I certainly agree with this. > > Anyhow, to answer the OP's question, there are really three options: > > 1. SSH tunnel > > 2. Encrypted VPN (OpenVPN is quite good and will auto-reconnect if >necessary while ssh generally won't). > > 3. Switch to mod_proxy_http and use an https:// URL with Mark's >indicated settings. > > These options are roughly in order of performance from best to worst: > setting up an HTTPS connection is expensive and I'm not entirely sure > how mod_proxy_http does connections, but I suspect it creates and > tears-down for each request (i.e. no keepalives, or at least limited ones). > > Encrypted VPNs are simply more complicated than an SSH tunnel and > require slightly more overhead. An SSH tunnel is dead simple and only > negotiates a symmetric key once at connect time (okay, and then > re-negotiates at intervals) but lacks the robustness of a VPN. I disagree with that assessment. mod_proxy_http is by far the simplest way to go and it does use keep-alive. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re:[OT] Memory Leak in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 הילה, On 2/23/2011 10:29 AM, הילה wrote: > I trust the people in the company, but the company's work is with sites that > any user all over the internet can access. so we want to perform a damage > control if some hacker would gain access to our web server, so if he can - > he won't get access to the DB, at least not with our help of displaying the > user and password to access the DB :]. I'm curious as to how your webapp can connect to a database without credentials. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lKRwACgkQ9CaO5/Lv0PA9/gCgm7sqTh9ReZ9LXr9gYj9pbYpt lIsAni8xXRsB/v/JyQNNSmvkoFI3aUjz =15dg -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP over ssl
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mladen, On 2/23/2011 3:00 AM, Mladen Turk wrote: > What do you think happens when encrypted data from client comes in and > is encrypted again and send to the client? > It's unencrypted in the memory and anyone with access to the box > can just inspect the content of the httpd process in the same way > it can read the data on the socket. > So since persons which are authorized to login to the Apache and Tomcat > box have the option to view the data, your entire security is still > human based. I think he's talking about network sniffing (like another node on the network operating in promiscuous mode), not an untrusted box administrator. > That's why I see no point of encrypting the data transfer > between those boxes cause you can just as well make sure the proper > persons have the network access. I certainly agree with this. Anyhow, to answer the OP's question, there are really three options: 1. SSH tunnel 2. Encrypted VPN (OpenVPN is quite good and will auto-reconnect if necessary while ssh generally won't). 3. Switch to mod_proxy_http and use an https:// URL with Mark's indicated settings. These options are roughly in order of performance from best to worst: setting up an HTTPS connection is expensive and I'm not entirely sure how mod_proxy_http does connections, but I suspect it creates and tears-down for each request (i.e. no keepalives, or at least limited ones). Encrypted VPNs are simply more complicated than an SSH tunnel and require slightly more overhead. An SSH tunnel is dead simple and only negotiates a symmetric key once at connect time (okay, and then re-negotiates at intervals) but lacks the robustness of a VPN. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lKIQACgkQ9CaO5/Lv0PA3AACeLMsHtTuiodq/s1ITyUJYS0Go LrEAnRRTPcVpDkPw9sXYP0vggDSz4fa3 =UJv2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: loading an xsl file in javascript
Hello Platform is Windows 7 32bit Tomcat version Using CATALINA_BASE: "C:\Downloads\tomcat-7\apache-tomcat-7.0.6" Using CATALINA_HOME: "C:\Downloads\tomcat-7\apache-tomcat-7.0.6" Using CATALINA_TMPDIR: "C:\Downloads\tomcat-7\apache-tomcat-7.0.6\temp" Using JRE_HOME:"C:\Development\Java\jdk1.6.0_18\jre" Using CLASSPATH: "C:\Downloads\tomcat-7\apache-tomcat-7.0.6\bin\bootstrap. jar;C:\Downloads\tomcat-7\apache-tomcat-7.0.6\bin\tomcat-juli.jar" Usage: catalina ( commands ... ) commands: debug Start Catalina in a debugger debug -security Debug Catalina with a security manager jpda startStart Catalina under JPDA debugger run Start Catalina in the current window run -security Start in the current window with security manager start Start Catalina in a separate window start -security Start in a separate window with security manager stop Stop Catalina version What version of tomcat are you running? Press any key to continue . . . Logs Localhost_acess_log 127.0.0.1 - - [23/Feb/2011:10:24:13 -0500] "GET /Reporting/?EXTERNAL_PAGE=RPT_ReportWriter&file=startup.html&entity=001&language=en&country=US&user=Alex&usertype=BANK&customerid=001 HTTP/1.1" 302 - 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/?EXTERNAL_PAGE=RPT_ReportWriter&file=startup.html&entity=001&language=en&country=US&user=Alex&usertype=BANK&customerid=001 HTTP/1.1" 302 5 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/?EXTERNAL_PAGE=RPT_ReportWriter&file=startup.html&entity=001&language=en&country=US&user=Alex&usertype=BANK&customerid=001 HTTP/1.1" 200 - 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/?EXTERNAL_PAGE=RPT_ReportWriter&user=Alex&language=en&entity=001&token=null&type=html&file=reporting.html&usertype=BANK&customerid=001 HTTP/1.1" 200 - 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/styles/entity001/table.css HTTP/1.1" 200 4785 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/styles/entity001/simplemenu.css HTTP/1.1" 200 1175 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/styles/entity001/simpletabs.css HTTP/1.1" 200 819 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/styles/entity001/calendar.css HTTP/1.1" 200 1876 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/styles/entity001/global.css HTTP/1.1" 200 1418 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/generic.js HTTP/1.1" 200 33537 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/ajaxUtils.js HTTP/1.1" 200 1285 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/simplemenu.js HTTP/1.1" 200 444 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/grid.js HTTP/1.1" 200 7283 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/soapclient.js HTTP/1.1" 200 15299 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/regexvalidate.js HTTP/1.1" 200 12113 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/date.js HTTP/1.1" 200 10702 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/tree.js HTTP/1.1" 200 1110 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/prototype.js HTTP/1.1" 200 134096 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/calendar_db.js HTTP/1.1" 200 13894 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/timepicker.js HTTP/1.1" 200 7609 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/en_US/reporting.js HTTP/1.1" 200 170272 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/scripts/jquery.min.js HTTP/1.1" 200 78601 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/images/am1.gif HTTP/1.1" 200 447 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/images/titleback.gif HTTP/1.1" 200 107 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/images/pm2.gif HTTP/1.1" 200 470 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/styles/entity001/body_bg.gif HTTP/1.1" 404 1113 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/images/close.gif HTTP/1.1" 200 106 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/images/entity001/ajax-loader.gif HTTP/1.1" 200 2545 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/images/entity001/Exit.gif HTTP/1.1" 200 1216 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/images/entity001/Refresh.gif HTTP/1.1" 200 1089 127.0.0.1 - - [23/Feb/2011:10:24:15 -0500] "GET /Reporting/reportwriter/images/entity001/Run.gif HTTP/1.1
Re: Memory Leak in Tomcat
I trust the people in the company, but the company's work is with sites that any user all over the internet can access. so we want to perform a damage control if some hacker would gain access to our web server, so if he can - he won't get access to the DB, at least not with our help of displaying the user and password to access the DB :]. 2011/2/23 Christopher Schultz > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > הילה, > > On 2/23/2011 2:06 AM, הילה wrote: > > I've posted my problem in the sourceforge forums, but no comments have > > received so far. :( > > > > If you have any suggestions to replace this, another way to authenticate > the > > tomcat to the DB with user and password that do not appear in clear text, > > I'll be glad to hear about it. > > May I ask what the problem is with cleartext credentials in the > configuration file? Don't you trust Microsoft Windows file permissions > and your own administrators? > > - -chris > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.10 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk1lJtgACgkQ9CaO5/Lv0PCj/wCgpM+WD+3V7Pf80Uu7Ys4C81+d > WokAoLGcwA2jgVeEpgTgKXgOwLgyaut8 > =xFOL > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Memory Leak in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 הילה, On 2/23/2011 2:06 AM, הילה wrote: > I've posted my problem in the sourceforge forums, but no comments have > received so far. :( > > If you have any suggestions to replace this, another way to authenticate the > tomcat to the DB with user and password that do not appear in clear text, > I'll be glad to hear about it. May I ask what the problem is with cleartext credentials in the configuration file? Don't you trust Microsoft Windows file permissions and your own administrators? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lJtgACgkQ9CaO5/Lv0PCj/wCgpM+WD+3V7Pf80Uu7Ys4C81+d WokAoLGcwA2jgVeEpgTgKXgOwLgyaut8 =xFOL -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Memory Leak in Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, Bah. The OP replied to me directly (and CC'd the list) and so a REPLY went to the OP and not to the list. Re-posting back. On 2/22/2011 4:52 PM, Christopher Schultz wrote: > הילה, > > On 2/22/2011 4:39 PM, הילה wrote: >> I have used JProfiler to monitor the tomcat process, but haven't found >> anything useful. > > Looking at the types of objects that are taking up all the memory is a > good place to start. Any obvious memory hogs? > >> you can see that the tomcat process is the only one that increasing > > If you're using JProfiler, how can you tell if anything /else/ is > increasing it's memory use? Presumably, Tomcat (and your webapp) are the > only things running in that JVM. > >> it started to happen since i switched to windows authentication.. so I >> think it's connected? > > Has anything else changed? Even something simple like more users? Also, > can you show us a memory usage graph? If it's not a nice saw-toothed > graph, then you are likely leaking memory. Try to graph it over 24 hours > or more -- and remember, this list strips most attachments, so putting > something online and posting a link to it would be best if you want us > to see a picture. > >> what is a heap analysis? how can i enable and analyze its results? > > That's up to the profiler you are using: JProfiler ought to have > Usually, it means things like looking at what types of objects are using > lots of memory and which objects are being created en masse and not > being released. > > Poke around in the UI of your profiler to see how you might do that. > > -chris > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1lJlUACgkQ9CaO5/Lv0PAF0ACgiC43KVwHwOFCCx9W6bk0qbta s9YAn1QnUEeZ/PNQDrbNWHJI0TDn8qXc =y6/B -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache Tomcat 7.0.8 behind a ssl gateway
Hi, I've set up an Apache Tomcat server for a small JSF2.0 project with PrimeFaces. Because of some internal company rules the server has to be able to operate behind a ssl gateway. Well... it does not completely. The whole design of the page is... well... fucked up. So does anyone have set up a similar configuration? Successfully? Were there any problems? My guess would be the SSL gateway but I have no access to it. Version: Apache Tomcat 7.0.8 OS: Windows XP SP3 -- NEU: FreePhone - kostenlos mobil telefonieren und surfen! Jetzt informieren: http://www.gmx.net/de/go/freephone - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: loading an xsl file in javascript
> From: robert.jen...@surecomp.com [mailto:robert.jen...@surecomp.com] > Subject: loading an xsl file in javascript > Via javascript I am loading xsl's from tomcat to client. Tomcat version? JVM version? Platform? Tomcat logs? AccessLogValve enabled? Fiddler2 shows what? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7 Cluster Issue
Thanks, that seems to have fixed the issue. I'm assuming this won't be a problem since we only have a single NIC with multiple IPs on that machine. I'll test session failover and verify it. Thanks very much! -Original Message- From: Filip Hanik - Dev Lists [mailto:devli...@hanik.com] Sent: Tuesday, February 22, 2011 6:49 PM To: users@tomcat.apache.org Subject: Re: Tomcat 7 Cluster Issue It can probably be fixed, there are a few references to this http://www.techienuggets.com/CommentDetail?tx=355312 https://issues.jboss.org/browse/JGRP-777 I'd have to reproduce it, so that I can fix it/work around it. I will open a bugzilla item with this In the meantime, does this still happen if you remove the "bind" attribute? best Filip On 02/22/2011 04:02 PM, Bruce Pease wrote: > Good Afternoon: > > > > I am running Windows server 2008 with Oracle/Sun jdk 1.6u24 and Tomcat 7.0.8. > Windows server 2008 multicast is defaulted on. I am attempting to set up a > cluster (config that currenly works in Windows server 2000 and tomcat 6), and > getting the exception listed below. I haven't been able to find a > configuration change from Tomcat 6 to 7 that might be causing this error. I > have included the cluster configuration as well. Any assistance would be > appreciated. > > > > channelSendOptions="11"> > expireSessionsOnShutdown="true" notifyListenersOnReplication="true"/> > > className="org.apache.catalina.tribes.group.GroupChannel"> > > className="org.apache.catalina.tribes.membership.McastService" > address="228.0.0.45" bind="10.103.4.70" port="45564" frequency="500" > dropTime="3000"/> > > className="org.apache.catalina.tribes.transport.nio.NioReceiver" > address="10.103.4.70" port="4220" autoBind="100" selectorTimeout="100" > maxThreads="6"/> > > className="org.apache.catalina.tribes.transport.ReplicationTransmitter"> > > className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/> > > > > className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/ > >> > className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Int > erceptor"/> > > className="org.apache.catalina.tribes.group.interceptors.ThroughputIntercepto > r"/> > > > > className="org.apache.catalina.ha.tcp.ReplicationValve" > filter=".*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.htm;.*\.html;.*\.css;.*\.txt;"/> > > className="org.apache.catalina.ha.session.JvmRouteBinderValve"/> > > className="org.apache.catalina.ha.deploy.FarmWarDeployer" > tempDir="/tmp/war-temp/" deployDir="/tmp/war-deploy/" > watchDir="/tmp/war-listen/" watchEnabled="false"/> > > className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"/> > > className="org.apache.catalina.ha.session.ClusterSessionListener"/> > > > > > > Feb 22, 2011 5:48:11 PM org.apache.catalina.ha.tcp.SimpleTcpCluster > startInternal > > SEVERE: Unable to start cluster. > > org.apache.catalina.tribes.ChannelException: java.net.SocketException: An > operation was attempted on something that is not a socket; No faulty members > identified. > > at > org.apache.catalina.tribes.group.ChannelCoordinator.internalStart(ChannelCoor > dinator.java:178) > > at > org.apache.catalina.tribes.group.ChannelCoordinator.start(ChannelCoordinator. > java:99) > > at > org.apache.catalina.tribes.group.ChannelInterceptorBase.start(ChannelIntercep > torBase.java:150) > > at > org.apache.catalina.tribes.group.ChannelInterceptorBase.start(ChannelIntercep > torBase.java:150) > > at > org.apache.catalina.tribes.group.interceptors.MessageDispatchInterceptor.star > t(MessageDispatchInterceptor.java:153) > > at > org.apache.catalina.tribes.group.ChannelInterceptorBase.start(ChannelIntercep > torBase.java:150) > > at > org.apache.catalina.tribes.group.ChannelInterceptorBase.start(ChannelIntercep > torBase.java:150) > > at > org.apache.catalina.tribes.group.GroupChannel.start(GroupChannel.java:416) > > at > org.apache.catalina.ha.tcp.SimpleTcpCluster.startInternal(SimpleTcpCluster.ja > va:671) > > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) > > at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1026) > > at > org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:774) > > at > org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145) > > at > org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1035) > > at > org.apache.catalina.core.StandardEngine.s
RE: loading an xsl file in javascript
More clairification... xml.loadXML(xml.transformNode(xsl)); if transforming the xml using the xml already loaded.. so the source xml is from the target object Sincerely, Robert Jenkin Surecomp Services, Inc. 2 Hudson Place, 4th Floor Hoboken, NJ 07030 Skype: robert.jenkin Office: 201 217 1437 | Direct: 201 716 1219 | Mobile: 908 251 0537 http://www.Surecomp.com -Original Message- From: rob.kob...@gmail.com [mailto:rob.kob...@gmail.com] On Behalf Of Rob Koberg Sent: Wednesday, February 23, 2011 9:51 AM To: Tomcat Users List Cc: Robert Jenkin Subject: Re: loading an xsl file in javascript > // sort the xml using xsl stylesheet > alert(getUrl() + "/reportwriter/xsl/treesort.xsl"); > xsl.load(getUrl() + "/reportwriter/xsl/treesort.xsl"); -^ > xml.loadXML(xml.transformNode(xsl)); -^ > > // Load XSL > alert(getUrl() + "/reportwriter/xsl/tree.xsl"); > xsl.load(getUrl() + "/reportwriter/xsl/tree.xsl"); Unless it is a typo, you are transforming your xml before you load it. You might want to check out Sarissa for client side transforms. best, -Rob This mail was sent via Mail-SeCure System. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: loading an xsl file in javascript
Hi The code is correct we first load the xsl and transform xml using the xsl. I like also to point out that the code as it stands is working without issue with weblogic 10 and websphere 7. The issue is after the xsl.load() method is called the xsl is blank. Sincerely, Robert Jenkin Surecomp Services, Inc. 2 Hudson Place, 4th Floor Hoboken, NJ 07030 Skype: robert.jenkin Office: 201 217 1437 | Direct: 201 716 1219 | Mobile: 908 251 0537 http://www.Surecomp.com -Original Message- From: rob.kob...@gmail.com [mailto:rob.kob...@gmail.com] On Behalf Of Rob Koberg Sent: Wednesday, February 23, 2011 9:51 AM To: Tomcat Users List Cc: Robert Jenkin Subject: Re: loading an xsl file in javascript > // sort the xml using xsl stylesheet > alert(getUrl() + "/reportwriter/xsl/treesort.xsl"); > xsl.load(getUrl() + "/reportwriter/xsl/treesort.xsl"); -^ > xml.loadXML(xml.transformNode(xsl)); -^ > > // Load XSL > alert(getUrl() + "/reportwriter/xsl/tree.xsl"); > xsl.load(getUrl() + "/reportwriter/xsl/tree.xsl"); Unless it is a typo, you are transforming your xml before you load it. You might want to check out Sarissa for client side transforms. best, -Rob This mail was sent via Mail-SeCure System. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: a problem about my jsf-tomcat application on opening
> From: ahmet temiz [mailto:ahmettemi...@gmail.com] > Subject: a problem about my jsf-tomcat application on opening > How can I enable its opening in first try. Fix your webapp. It's returning a 302 (redirect) in response to the URL you posted, with a hard-coded target of localhost: HTTP/1.1 302 Moved Temporarily Server: Apache-Coyote/1.1 X-Powered-By: JSF/1.2 Set-Cookie: JSESSIONID=384D773B1106F0A2965D629CE3A03E60; Path=/pro1 Location: http://localhost:8080/pro1/bir.jsf Content-Language: en-US Content-Length: 0 Date: Wed, 23 Feb 2011 14:27:45 GMT This is your webapp's doing, not Tomcat's. Someone has hard-coded "localhost" into a filter, servlet, or JSP, or the configuration files thereof. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
loading an xsl file in javascript
Hello,
Via javascript I am loading xsl's from tomcat to client. My javascript code was
the following...
// sort the xml using xsl stylesheet
xsl.load("reportwriter/xsl/treesort.xsl");
xml.loadXML(xml.transformNode(xsl));
// Load XSL
xsl.load("reportwriter/xsl/tree.xsl");
This resulted in the following error...
Error: The stylesheet does not contain a document element. The stylesheet may
be empty, or it may not be a well-formed XML document.
I modified the code to the following
// sort the xml using xsl stylesheet
alert(getUrl() + "/reportwriter/xsl/treesort.xsl");
xsl.load(getUrl() + "/reportwriter/xsl/treesort.xsl");
xml.loadXML(xml.transformNode(xsl));
// Load XSL
alert(getUrl() + "/reportwriter/xsl/tree.xsl");
xsl.load(getUrl() + "/reportwriter/xsl/tree.xsl");
the alert show the following
https://localhost:7443/Reporting/reportwriter/xsl/treesort.xls (I never get to
the second alert)
If I cut/paste the url into browser url line it loads and displays without
issue. However, when I run my webapp I still get the following error
Error: The stylesheet does not contain a document element. The stylesheet may
be empty, or it may not be a well-formed XML document.
So it appears the stylesheet is loading a blank file. Any ideas? Is there
something different I need to do with tomcat to load these?
My webapp directory structure is the following
Within tomcat webapps folder I have
Reporting
Logs
META-INF
reportwriter
images
pages
reports
scripts
xml
xsl - this is where the two xsl files are stored
WEB-INF
This is the contents of treesort.xsl
http://www.w3.org/1999/XSL/Transform";>
Sincerely,
Robert Jenkin
Surecomp Services, Inc.
2 Hudson Place, 4th Floor
Hoboken, NJ 07030
Skype: robert.jenkin
Office: 201 217 1437 | Direct: 201 716 1219 | Mobile: 908 251 0537
http://www.Surecomp.com
This mail was sent via Mail-SeCure System.
Tomcat Connection Pool
Hi, Can anyone help me regarding issue with connection pool for Tomcat? Tomcat version: 6.0 OS: Linux Database: Oracle 10g . Problem Statement: When server is idle for long period of time thread hangs for waiting the DBMS to return with response. I have tried all the possible combination configuration for connection pool but could succeed in removing that problem. Connection pool Configuration: maxActive="8" maxIdle="8" maxWait="3" minIdle="1" initialSize="1" validationQuery="select * from dual" testOnBorrow="true" testWhileIdle="true" timeBetweenEvictionRunsMillis="180" minEvictableIdleTimeMillis="180" numTestsPerEvictionRun="3" username="PESALES" password="X" driverClassName="oracle.jdbc.OracleDriver" url="jdbc:oracle:thin:@10.156.33.42:1521:ORADEV2"/> Excerpt of thread Dump: at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) at oracle.net.ns.Packet.receive(Unknown Source) at oracle.net.ns.DataPacket.receive(Unknown Source) at oracle.net.ns.NetInputStream.getNextPacket(Unknown Source) at oracle.net.ns.NetInputStream.read(Unknown Source) at oracle.net.ns.NetInputStream.read(Unknown Source) at oracle.net.ns.NetInputStream.read(Unknown Source) at oracle.jdbc.driver.T4CMAREngine.unmarshalUB1(T4CMAREngine.java:1104) at oracle.jdbc.driver.T4CMAREngine.unmarshalSB1(T4CMAREngine.java:1075) at oracle.jdbc.driver.T4C8Oall.receive(T4C8Oall.java:480) at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:207) at oracle.jdbc.driver.T4CStatement.executeForDescribe(T4CStatement.java:801) at oracle.jdbc.driver.OracleStatement.executeMaybeDescribe(OracleStatement.java:1039) at oracle.jdbc.driver.T4CStatement.executeMaybeDescribe(T4CStatement.java:841) at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1134) at oracle.jdbc.driver.OracleStatement.executeQuery(OracleStatement.java:1274) - locked <0x2aab9a2b0ae8> (a oracle.jdbc.driver.T4CStatement) - locked <0x2aab9ba7d688> (a oracle.jdbc.driver.T4CConnection) at org.apache.tomcat.dbcp.dbcp.DelegatingStatement.executeQuery(DelegatingStatement.java:208) at org.apache.tomcat.dbcp.dbcp.PoolableConnectionFactory.validateConnection(PoolableConnectionFactory.java:332) at org.apache.tomcat.dbcp.dbcp.PoolableConnectionFactory.validateObject(PoolableConnectionFactory.java:312) at org.apache.tomcat.dbcp.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:855) - locked <0x2aab9ba7d498> (a org.apache.tomcat.dbcp.pool.impl.GenericObjectPool) at org.apache.tomcat.dbcp.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:96) at org.apache.tomcat.dbcp.dbcp.BasicDataSource.getConnection(BasicDataSource.java:880) at org.springframework.orm.hibernate3.LocalDataSourceConnectionProvider.getConnection(LocalDataSourceConnectionProvider.java:82) at org.hibernate.jdbc.ConnectionManager.openConnection(ConnectionManager.java:423) at org.hibernate.jdbc.ConnectionManager.getConnection(ConnectionManager.java:144) at org.hibernate.jdbc.JDBCContext.connection(JDBCContext.java:119) at org.hibernate.transaction.JDBCTransaction.begin(JDBCTransaction.java:57) at org.hibernate.impl.SessionImpl.beginTransaction(SessionImpl.java:1326) at org.springframework.orm.hibernate3.HibernateTransactionManager.doBegin(HibernateTransactionManager.java:558) at org.springframework.transaction.support.AbstractPlatformTransactionManager.getTransaction(AbstractPlatformTransactionManager.java:350) at org.springframework.transaction.interceptor.TransactionAspectSupport.createTransactionIfNecessary(TransactionAspectSupport.java:262) at org.springframework.transaction.interceptor.TransactionIn
Re: Setting the expiry for static content served by Tomcat 6.0.32
> > Is there any way I can specify the expiry of static content (js,css etc) by > some setting in the context.xml or sever.xml .Or the only way to achieve > this is to write my own filter which will add the appropriate header. > We used this http://www.vineetmanohar.com/2010/10/java-expiry-date-header/ - seemed to cover everything we needed Chris
RE: Issue with oralce drive under tomcat 7
Chuck, Your are correct.. I removed the ojdbc6.jar from by app\lib folder and it worked. Thanks Sincerely, Robert Jenkin Surecomp Services, Inc. 2 Hudson Place, 4th Floor Hoboken, NJ 07030 Skype: robert.jenkin Office: 201 217 1437 | Direct: 201 716 1219 | Mobile: 908 251 0537 http://www.Surecomp.com -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, February 22, 2011 9:25 PM To: Tomcat Users List Subject: RE: Issue with oralce drive under tomcat 7 > From: robert.jen...@surecomp.com [mailto:robert.jen...@surecomp.com] > Subject: Issue with oralce drive under tomcat 7 > Caused by: java.lang.ClassCastException: > oracle.jdbc.driver.OracleResultSetMetaData > cannot be cast to oracle.jdbc.OracleResultSetMetaData This is frequently caused by having the JDBC driver jar in more than one location. If you're using Tomcat's DBCP capability, the jar must be in Tomcat's lib directory - only. If you're doing your own connection pooling (or none at all), the jar should be in the webapp's WEB-INF/lib directory - only. Make sure the jar is not also in some other location, such as jre/lib, or the endorsed directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This mail was sent via Mail-SeCure System. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Setting the expiry for static content served by Tomcat 6.0.32
Hey, Is there any way I can specify the expiry of static content (js,css etc) by some setting in the context.xml or sever.xml .Or the only way to achieve this is to write my own filter which will add the appropriate header. Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
a problem about my jsf-tomcat application on opening
hello I have a problem about my jsf-tomcat application on opening. I am using tomcat 6, sun java- mojarra in linux environment. My web application goes first to localhost (and nothing found) and in second time if we enter the address again the page is opened. How can I enable its opening in first try. I guess ( and not sure) localhost is default address, consequently my application tries to open page in localhost ( and nothing found) hereis the my application if you want to see the problematic opening: www.deprem.gov.tr:8080/pro1/bir.jsf I will appreciate if you provide a solution kind regards Ahmet Temiz -- Ahmet Temiz Jeoloji Müh. Afet ve Acil Durum Yönetimi Başkanlığı Planlama ve Zarar Azaltma Dairesi Başkanlığı Bilgi ve CBS grubu Eskişehir Yolu 10. km. Lodumlu / Ankara Tel : 0 312 2872680 / 1535 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Memory Leak in Tomcat
Sorry for the sent mail double time thing :] i'll check the Jespa suggestion. thanks :] keep the ideas coming, guys. every little thing could help Thanks Hila 2011/2/23 André Warnier > הילה wrote: > >> I've posted my problem in the sourceforge forums, but no comments have >> received so far. :( >> >> If you have any suggestions to replace this, another way to authenticate >> the >> tomcat to the DB with user and password that do not appear in clear text, >> I'll be glad to hear about it. >> >> Have a look at Jespa (http://www.ioplex.com) > > In the basic configuration, it works a bit differently : it authenticates > (with Windows Domain) the user who is *using* the Tomcat application, not > the Tomcat process itself. > (*) > > However, it comes with an API which can probably be used to do what you > want. > Send an email to supp...@ioplex.com explaining what you want to achieve, > and I am sure that they will tell you if Jespa can be used for that. > > > > (*) Note the difference : currently, you are authenticating to the DB with > the single "Tomcat user". So all the users of your application really > access the database under this one "group-id". Anyone who can connect to > Tomcat, can get data out of the database, under this one user-id. That may > or may not be secure, depending on how the users authenticate to the Tomcat > application. > > In the Jespa kind of setup, a java servlet filter picks up the Windows > Domain user-id of the user accessing the Tomcat application. > This same user-id can then be picked up inside the application via > getRemoteUser() (or something sismilar), and used to connect to the > database. > Then you really filter accesses to the database by individual user-id. > > One or the other setup may be what you really need, but that you have to > decide yourself. > > > P.S. > There is no need to send me a copy of each message that you send to the > list. > I receive all messages to the list anyway (as do the other subscribers), so > when you copy me, I get the same message twice. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Memory Leak in Tomcat
הילה wrote: I've posted my problem in the sourceforge forums, but no comments have received so far. :( If you have any suggestions to replace this, another way to authenticate the tomcat to the DB with user and password that do not appear in clear text, I'll be glad to hear about it. Have a look at Jespa (http://www.ioplex.com) In the basic configuration, it works a bit differently : it authenticates (with Windows Domain) the user who is *using* the Tomcat application, not the Tomcat process itself. (*) However, it comes with an API which can probably be used to do what you want. Send an email to supp...@ioplex.com explaining what you want to achieve, and I am sure that they will tell you if Jespa can be used for that. (*) Note the difference : currently, you are authenticating to the DB with the single "Tomcat user". So all the users of your application really access the database under this one "group-id". Anyone who can connect to Tomcat, can get data out of the database, under this one user-id. That may or may not be secure, depending on how the users authenticate to the Tomcat application. In the Jespa kind of setup, a java servlet filter picks up the Windows Domain user-id of the user accessing the Tomcat application. This same user-id can then be picked up inside the application via getRemoteUser() (or something sismilar), and used to connect to the database. Then you really filter accesses to the database by individual user-id. One or the other setup may be what you really need, but that you have to decide yourself. P.S. There is no need to send me a copy of each message that you send to the list. I receive all messages to the list anyway (as do the other subscribers), so when you copy me, I get the same message twice. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP over ssl
On 02/22/2011 11:23 PM, Jason Pyeron wrote: -Original Message- That is a naive view. [Please forgive the wording.] None taken. Given: 1) The Apache box is secure and login is restricted to the minimum set of persons with a kneed to know. 2) The Tomcat box is secure and login is restricted to the minimum set of persons with a kneed to know. There is no reason to allow the set of persons capable (and sometimes authorized) to inspect the data on a network (network operations) to be able to inspect the unsecured contents of the data stream. That would be a briech of security and law. I just waited you mention that :) What do you think happens when encrypted data from client comes in and is encrypted again and send to the client? It's unencrypted in the memory and anyone with access to the box can just inspect the content of the httpd process in the same way it can read the data on the socket. So since persons which are authorized to login to the Apache and Tomcat box have the option to view the data, your entire security is still human based. That's why I see no point of encrypting the data transfer between those boxes cause you can just as well make sure the proper persons have the network access. However I can live with the 'law' reason, but that doesn't mean it's a secure just because the 'law' says it is. Cheers -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
