RE: specifying the content-type
Charles Caldarale wrote: when talking with a web browser directly to tomcat (port 8080), the web page is shown correctly. Are you sure the original request on port 80 is actually making it through httpd all the way to Tomcat? The symptoms you're reporting are characteristic of a misconfigured httpd not forwarding anything to Tomcat. Post your mod_jk config for someone (probably not me) to look at. Currently i'm logging the whole AJP-stuff between httpd and tomcat (that's a lot). This shows that httpd forwards the request to tomcat, and tomcat delivers the response. My mod_jk.conf: # Load mod_jk module # LoadModulejk_module libexec/mod_jk.so # Declare the module for IfModule directive (remove this line on Apache 2.0.x) # AddModule mod_jk.c # Where to find workers.properties # JkWorkersFile /etc/httpd/conf/workers.properties # Where to put jk shared memory JkShmFile /var/log/apache2/mod_jk.shm # Where to put jk logs JkLogFile /var/log/apache2/mod_jk.log # Set the jk log level [debug/error/info] JkLogLeveldebug # Select the timestamp log format JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkRequestLogFormat %r %s %w %V JKWorkerProperty worker.appl01.type=ajp13 JKWorkerProperty worker.appl01.host=localhost JKWorkerProperty worker.appl01.port=8009 JKWorkerProperty worker.list=appl01 # Send servlet for context /mouseidgenes to worker named appl01 JkMount /mouseidgenes/* appl01 # Send JSPs for context /examples to worker named worker1 # JkMount /examples/*.jsp worker1 Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671
Re: Tomcat reset connection before completing the request
On 01/06/2011 04:07, Chaminda Divitotawela wrote: Hi Pid, Thanks for the response. I comprehensively agree with you the version we use is quite old. The problem is that, my engineering team is very reluctant to invest on testing an upgrade unless there is issue which impact functionality. At the moment I have is a guess. Any idea about a bug which had been fixed for such a problem since 6.0.13? If I have that information or at least a close one, I can easily push engineering to invest on upgrading the Tomcat version. http://tomcat.apache.org/security-6.html should be all you need to convince anyone of the need for an upgrade. Mark Thanks, Chaminda On 01/06/2011 01:05, Pid wrote: On 31/05/2011 15:03, Chaminda Divitotawela wrote: I am using two tomcat 6.0.13 servers loadblanced by a apache httpd-2.2.4 You really, really need to upgrade Tomcat. That version is old many problems have been fixed since then. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: specifying the content-type
Christopher Schultz wrote: On 5/31/2011 2:09 PM, Lentes, Bernd wrote: box. I configured a httpd (apache 2.2.10) in front of the tomcat, which communicates with tomcat using AJP. Do you actually require httpd for your setup? If Tomcat works fine on it's own, maybe that's how you should run it... A lot of people recommended that. It's likely that we will deploy more webapps later. When i open one link, i don't see the desired web page, but the source code of it. Do you see the HTML source code, or the JSP source code (obviously, only if you are requesting a .jsp file)? I see HTML code. If the former, it's likely to be a Content-Type issue as you have guessed. Look for broken Header directives in httpd.conf, especially for the VirtualHost you are using and especially in any Location sections that you use for your JkMount directives. There are not Header directives. If the latter, you are probably missing JkMount (or they are broken) directives and you are probably either setting DocumentRoot to the webapp's root (which is often considered very dangerous) or using Alias to achieve the same effect. I use JKMount, and DocumentRoot of httpd and webapps of tomcat are not overlapping. If you choose to use DocumentRoot = webapp root or a similar Alias setup, /make sure you know what you are doing/. If you aren't careful, you can end up making your secret passwords and stuff available to any remote user (oops). Using tcpdump shows me that the content type in the http-header is text/plain. Ok, that's the reason why i see the source code. Can i configure the content-type which is delivered by tomcat ? I tried using mod_mime_magic on httpd, but this module just helps specifying the content-type of static files. Our content is dynamic. First, let's make sure that the .jsp files are being executed. If not, you are chasing the wrong problem. We don't use jsp, we have servlets. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3lSDkACgkQ9CaO5/Lv0PCzEwCeO1UbGc1WL3QjlpGUWB+jnIA7 NzcAnRUvspPSP7dRy5imscTvRQcqf/FJ =Zyac -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671
Using two authentication methods for one application
I created my own authentication method beside BASIC, DIGEST, FORM, and CLIENT-CERT to allow the user to authenticate against our own SAML IdP and enter the user credentials on a page provided by the IdP. The authentication method of the IdP uses a Java applet to access a smart card and get the user credentials, so the web browser has to be redirected to some different page to login. To add our own authentication method we extended org.apache.catalina.authenticator.AuthenticatorBase and added the it to the list of supported methods in the tomcat configuration. This is working like expected. Now it should be possible to also log into the application with a from based authentication in addition to the IdP login, the normal FORM method would be nice. The user should select at some entry page what method he wants to use and then the correct authentication method should be used. I tried to modify the web.xml of my web application to add both methods, but it did not work. Adding two login-config or two auth-method is not allowed. Now my plan is to implement some additional authentication method which supports both or a method which will forward the request to some other method ( my own or FORM) depending on some attribute in the http request, but this does not look clean to me. Is there a clean way to do this? I am working on the Tomcat included in the JBoss 5.1 (I think it is 6.0), but it should also work on other versions (= 6.0) so that we are able to secure any web application running on some tomcat. Hauke Please add me to the CC as I am not subscripted to the list. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: specifying the content-type
Andre Warnier wrote: Lentes, Bernd wrote: Hi, first, i'm new to tomcat and i'm not a java developer. You have all my sympathy. My collegues developed a web application i have to deploy now. I'm using tomcat6 on a sles 11 sp1 box. I configured a httpd (apache 2.2.10) in front of the tomcat, which communicates with tomcat using AJP. When i open one link, i don't see the desired web page, but the source code of it. Using tcpdump shows me that the content type in the http-header is text/plain. That is typical of a bad/dangerous configuration of Apache, mod_jk and Tomcat. You are probably a) allowing Apache to see the contents of the Tomcat webapps directory directly (e.g. by setting the Apache DocumentRoot = the Tomcat webapps dir.) No. webapps=/srv/tomcat6/webapps DocumentRoot=/srv/www/htdocs b) not properly indicating to Apache/mod_jk that these URLs must be proxied to Tomcat via mod_jk (JkMount instructions). mod_jk.conf: ... JkMount /mouseidgenes/* appl01 ... As a consequence, when you request from Apache a URL like (for example) /myapp/something.jsp, Apache goes directly to that file and serves it back to the browser. Of course since Apache does not know what a .jsp file is, it treats it as plaint text and that is what it says in the Content-type header. Do the following test to confirm the above : request the URL /myapp/WEB-INF/web.xml (where myapp is the first part of the URL for a Tomcat application). HTTP Error 404. Can i configure the content-type which is delivered by tomcat ? You can, but you should not have to, because it is not the problem here. Tomcat never receives the request for that file; It does receive the request. I log all the AJP stuff, and you see there, among others: This is the request from the client: ... [Tue May 31 20:51:46 2011] [24717:4165998336] [debug] init_ws_service::mod_jk.c (888): Service protocol=HTTP/1.1 method=GET host=(null) addr=146.107.135.80 n ame=vm53200-12 port=80 auth=(null) user=(null) laddr=146.107.35.101 raddr=146.107.135.80 uri=/mouseidgenes/InputData ... The reponse: ... [Tue May 31 20:51:48 2011] [24717:4165998336] [debug] ajp_unmarshal_response::jk_ajp_common.c (608): status = 200 [Tue May 31 20:51:48 2011] [24717:4165998336] [debug] ajp_unmarshal_response::jk_ajp_common.c (615): Number of headers is = 0 [Tue May 31 20:51:48 2011] [24717:4165998336] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=8188 max=8192 [Tue May 31 20:51:48 2011] [24717:4165998336] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 03 1F F8 3C 48 65 61 64 3E 3C 74 69 74 6C 65 3E - ...Headtitle [Tue May 31 20:51:48 2011] [24717:4165998336] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 00104D 6F 75 73 65 49 44 47 65 6E 65 73 3C 2F 74 69 - MouseIDGenes/ti [Tue May 31 20:51:48 2011] [24717:4165998336] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 002074 6C 65 3E 3C 2F 68 65 61 64 3E 0A 0D 0A 3C 73 - tle/head...s [Tue May 31 20:51:48 2011] [24717:4165998336] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 003063 72 69 70 74 20 74 79 70 65 3D 27 74 65 78 74 - cript.type='text [Tue May 31 20:51:48 2011] [24717:4165998336] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 00402F 6A 61 76 61 73 63 72 69 70 74 27 20 73 72 63 - /javascript'.src ... If you want further help, give us an idea of the layout on disk of your Apache and Tomcat directories, and of the URLs that should be processed by Tomcat. OK: vm53200-12:/etc/apache2 # l /usr/share/tomcat6/ total 12 drwxr-xr-x 3 root root 4096 Apr 18 16:33 ./ drwxr-xr-x 200 root root 4096 May 30 08:00 ../ drwxr-xr-x 2 root root 4096 Apr 18 16:33 bin/ lrwxrwxrwx 1 root root 12 Apr 18 16:33 conf - /etc/tomcat6/ lrwxrwxrwx 1 root root 15 Apr 18 16:33 lib - ../java/tomcat6/ lrwxrwxrwx 1 root root 16 Apr 18 16:33 logs - /var/log/tomcat6/ lrwxrwxrwx 1 root root 23 Apr 18 16:33 temp - /var/cache/tomcat6/temp/ lrwxrwxrwx 1 root root 20 Apr 18 16:33 webapps - /srv/tomcat6/webapps/ lrwxrwxrwx 1 root root 18 Apr 18 16:33 work - /var/cache/tomcat6/ vm53200-12:/etc/apache2 # l /srv/www/ total 16 drwxr-xr-x 4 root root 4096 Apr 17 17:46 ./ drwxr-xr-x 5 root root 4096 Apr 18 16:33 ../ drwxr-xr-x 2 root root 4096 Apr 17 17:49 cgi-bin/ drwxr-xr-x 3 root root 4096 May 23 18:08 htdocs/ URL that should be processed: http://vm53200-12/mouseidgenes/InputData (talking to httpd in front of tomcat, result is source code in the browser) http://vm53200-12:8080/mouseidgenes/InputData (talking directly to tomcat coyote, result is a correctly displayed web page). Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr.
Re: specifying the content-type
Lentes, Bernd wrote: Charles Caldarale wrote: when talking with a web browser directly to tomcat (port 8080), the web page is shown correctly. Are you sure the original request on port 80 is actually making it through httpd all the way to Tomcat? The symptoms you're reporting are characteristic of a misconfigured httpd not forwarding anything to Tomcat. Post your mod_jk config for someone (probably not me) to look at. Currently i'm logging the whole AJP-stuff between httpd and tomcat (that's a lot). This shows that httpd forwards the request to tomcat, and tomcat delivers the response. Your configuration of mod_jk below looks correct (except a small detail, see JkMount). But I must say that it is difficult to believe that the request is actually forwarded to Tomcat, and that Tomcat then fails to recognise the file as a JSP page, and returns it as text/plain source. Particularly if, as you said earlier, when you access the same URL on Tomcat directly, via port 8080, the same document displays correctly. The Connector's in Tomcat (the one for HTTP port 8080, and the one for AJP on port 8009) are just interfaces that receive a request in some format, translate it to a common internal format, and then forward it in that internal format to the internal Tomcat machinery (which is the same in both cases). So whether a request is originally received on the HTTP Connector or on the AJP Connector, should not make a difference in terms of how Tomcat processes the same URL. And the result should be returned the same way in both cases. So something in the symptoms you report does not fit. Can you : - stop Apache - clear the mod_jk log - restart Apache - then issue just one request to mouseidgenes through Apache (port 80) - then edit the mod_jk log, find the lines specific to that one request, and paste them here To explain : when a module like mod_jk is installed in Apache, then Apache will forward *every* request to mod_jk. It is mod_jk which then examines the URL, and decides if it wants to handle this request or not. If not, it returns a code to Apache saying I decline the request, and then Apache looks for another response handler to handle this.(*) If mod_jk decides to handle the request (because it matches one of the URLs that it has been asked to handle, via the JkMount directives), /then/ it forwards it to Tomcat, waits for the Tomcat response, and returns this response to Apache (which returns it to the browser). (*) Apache does the same for any other handlers that have been installed. Each of them is called in turn with the same URL. The first one who decides to handle the request wins. If no handlers decide to process this request (and all return declined), then eventually Apache will process the request with its own default handler. That one finds the requested file on disk somwhere under the Apache DocumentRoot, and returns it to the browser with a Content-type that is what the default Apache handler thinks it is. (in this case, plain text). So what I suspect, is that when you look at the mod_jk log, you see lines that show that indeed mod_jk received the request URL from Apache, and is trying to match it to one of its internally mapped URLs. But you may be missing the line that says, in the end, that mod_jk could not match the URL, and is returning a response declined to Apache. My mod_jk.conf: # Load mod_jk module # LoadModulejk_module libexec/mod_jk.so # Declare the module for IfModule directive (remove this line on Apache 2.0.x) # AddModule mod_jk.c # Where to find workers.properties # JkWorkersFile /etc/httpd/conf/workers.properties # Where to put jk shared memory JkShmFile /var/log/apache2/mod_jk.shm # Where to put jk logs JkLogFile /var/log/apache2/mod_jk.log # Set the jk log level [debug/error/info] JkLogLeveldebug # Select the timestamp log format JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkRequestLogFormat %r %s %w %V JKWorkerProperty worker.appl01.type=ajp13 JKWorkerProperty worker.appl01.host=localhost JKWorkerProperty worker.appl01.port=8009 JKWorkerProperty worker.list=appl01 # Send servlet for context /mouseidgenes to worker named appl01 JkMount /mouseidgenes/* appl01 This will forward a request like /mouseidgenes/index.jsp, but will not forward the URL /mouseidgenes. You may want to add JkMount /mouseidgenes appl01 # Send JSPs for context /examples to worker named worker1 # JkMount /examples/*.jsp worker1 Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671
Re: Tomcat 5.5.27, session lost, cookies
Hi Chris, as I said in one of my previous mail, I'm not able to reproduce the error anymore. I'm trying to figuring out what's changed (some commit made by someone of our team), and next week I'll test it on some other test environments. I'm trying to collect all the details to send you accurate info, but I need to reproduce the error to do so. BTW, in my previous mails I tell you about the architecture used in our webapp, I send you the HTTP logs as returned by the access log valve and I said we use 3 cookies: - JSESSIONID, with value of generated session id - jsessionid, same as before, just the name in lower case - I18N, containing value generation_timei18n , s.a.: 1234567890IT_it When I'll have more details about this issue, I'll send you as soon as possible. I would like to thank you for your precious help and support, best regards Il 31/05/2011 21.18, Christopher Schultz ha scritto: Diego, You should send us an example. It looks like you have done a lot of investigation into the issue, but you won't give us any details. Please provide some. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat reset connection before completing the request
Thanks Mark. I can make use of the security information. Thanks, Chaminda On 01/06/2011 14:29, Mark Thomas wrote: On 01/06/2011 04:07, Chaminda Divitotawela wrote: Hi Pid, Thanks for the response. I comprehensively agree with you the version we use is quite old. The problem is that, my engineering team is very reluctant to invest on testing an upgrade unless there is issue which impact functionality. At the moment I have is a guess. Any idea about a bug which had been fixed for such a problem since 6.0.13? If I have that information or at least a close one, I can easily push engineering to invest on upgrading the Tomcat version. http://tomcat.apache.org/security-6.html should be all you need to convince anyone of the need for an upgrade. Mark Thanks, Chaminda On 01/06/2011 01:05, Pid wrote: On 31/05/2011 15:03, Chaminda Divitotawela wrote: I am using two tomcat 6.0.13 servers loadblanced by a apache httpd-2.2.4 You really, really need to upgrade Tomcat. That version is old many problems have been fixed since then. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: specifying the content-type
On 01/06/2011 11:04, André Warnier wrote: JkMount /mouseidgenes/* appl01 This will forward a request like /mouseidgenes/index.jsp, but will not forward the URL /mouseidgenes. You may want to add JkMount /mouseidgenes appl01 There is a syntax method to address this situation: JkMount /mouseidgenes/|* appl01 p signature.asc Description: OpenPGP digital signature
Re: specifying the content-type
On 01/06/2011 10:55, Lentes, Bernd wrote: lrwxrwxrwx 1 root root 20 Apr 18 16:33 webapps - /srv/tomcat6/webapps/ What is in the webapps dir? A directory called 'mouseidgenes'? If so, what is the file tree in that directory? What is /mouseidgenes/InputData? Is it a servlet or a JSP? p signature.asc Description: OpenPGP digital signature
Re: Tomcat with Cisco ACE Load Balancer
On 31/05/2011 21:10, Tauqir Akhtar wrote: Hi We have been using Weblogic Clusters with Cisco ACE Load Balancer We have 8 managed servers in the weblogic Cluster distributed evenly over two Machines. Load Balancer distributes the load in Robin Round fashion across these 8 managed servers using the concept of Stickiness. Now we need to replace Weblogic with Tomcat. I am looking for a document that would help me replicate this existing architecture in Tomcat environments. Questions that I have: * How many tomcat Installation would be required? Impossible to say, we don't know anything about your application, server spec, environment, current performance, etc etc etc * Or it would be single Installation on each machines and then copying of directory for each port? Impossible to say, we don't know anything about your application, server spec, environment, current performance, etc etc etc Also: I don't know what 'copying of directory for each port' means. * Will load Balancer see any difference if the request is from a Tomcat or Weblogic? The app server make requests to the load balancer? Or the load balancer directs requests to each app server? * If yes, then what are changes required in Load Balancer configuration? Impossible to say, we don't know anything about your application, server spec, environment, current performance, etc etc etc Pease help me with your suggestions. Please provide some meaningful information. p Thanks Tauqir Akhtar ## NOTICE: The contents of this e-mail and any attachments to it may contain privileged and confidential information from The Jones Group Inc. or its affiliates. This information is only for the viewing or use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of, or the taking of any action in reliance upon, the information contained in this e-mail, or any of the attachments to this e-mail, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this message and delete it from your system. ### signature.asc Description: OpenPGP digital signature
Re: Request headers created in valve don't make it to application
So I tried moving the configuraiton of the valve into the app's META-INF/context.xml with no success. One thing I didn't mention that is interesting is that the I do set the request's setUserPrincipal(..) and that works. Thanks Marc On Tue, May 31, 2011 at 5:27 PM, Marc Boorshtein mboorsht...@gmail.com wrote: Do you have any filters or other valves that might be wrapping the request and choosing to ignore your extra headers? No, the app is just a servlet that loops over all the headers and cookies and generates a properties response 1) Show us your modified conf/context.xml. !-- The contents of this file will be loaded for each web application -- Context !-- Default set of monitored resources -- WatchedResourceWEB-INF/web.xml/WatchedResource !-- Uncomment this to disable session persistence across Tomcat restarts -- !-- Manager pathname= / -- !-- Uncomment this to enable Comet connection tacking (provides events on session expiration as well as webapp lifecycle) -- !-- Valve className=org.apache.catalina.valves.CometConnectionManagerValve / -- !-- Context path=/echo -- Valve className=com.tremolosecurity.valve.TremoloValve headerName=autoidmrequest userAttribute=from-assertion-uid roleAttribute=role createHeaders=true encryptionKeyName=lastMile ignoreURI= pathToKeyStore=WEB-INF/autoIdmSession.jks keyPass=start123 / !-- /Context -- /Context 2) Show us your Valve code. (It is simple, right?) IteratorAttribute attribs = lastmile.getAttributes().iterator(); while (attribs.hasNext()) { Attribute attrib = attribs.next(); if (this.createHeaders) { logger.info(creating header); for (String val : attrib.getValues()) { logger.info(attrib.getName() + = + val); request.addHeader(attrib.getName(), val); } } . . . [2011-05-31 15:22:11,262][http-8080-1] INFO AutoIDMFilter - true [2011-05-31 15:22:11,262][http-8080-1] INFO AutoIDMFilter - creating header [2011-05-31 15:22:11,263][http-8080-1] INFO AutoIDMFilter - from-assertion-uid=testStaticGroupSucceed [2011-05-31 15:22:11,264][http-8080-1] INFO AutoIDMFilter - creating header [2011-05-31 15:22:11,264][http-8080-1] INFO AutoIDMFilter - from-assertion-sn=User [2011-05-31 15:22:11,264][http-8080-1] INFO AutoIDMFilter - creating header [2011-05-31 15:22:11,265][http-8080-1] INFO AutoIDMFilter - from-assertion-cn=Test User 3) Show us the WEB-INF/web.xml and Context element for your webapp. ?xml version=1.0? web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=2.4 servlet servlet-nameecho/servlet-name servlet-classcom.tremolosecurity.test.servlet.EchoServlet/servlet-class /servlet servlet-mapping servlet-nameecho/servlet-name url-pattern/echo/url-pattern /servlet-mapping servlet-mapping servlet-nameecho/servlet-name url-pattern/echo and echo/url-pattern /servlet-mapping /web-app Thanks Marc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: specifying the content-type
Pid wrote: On 01/06/2011 10:55, Lentes, Bernd wrote: lrwxrwxrwx 1 root root 20 Apr 18 16:33 webapps - /srv/tomcat6/webapps/ What is in the webapps dir? A directory called 'mouseidgenes'? Yes. If so, what is the file tree in that directory? vm53200-12:~ # l /srv/tomcat6/webapps/mouseidgenes total 268 drwxr-xr-x 6 tomcat tomcat 4096 May 30 16:55 ./ drwxrwxr-x 8 root tomcat 4096 May 30 16:55 ../ -rw-r--r-- 1 tomcat tomcat 1481 May 20 15:02 Applet.htm -rw-r--r-- 1 tomcat tomcat 2443 May 9 16:21 Download.html drwxr-xr-x 2 tomcat tomcat 4096 May 30 16:55 File_Ressources/ -rw-r--r-- 1 tomcat tomcat 2798 May 23 14:35 IDGenesStyle.css -rw-r--r-- 1 tomcat tomcat 6088 Apr 13 10:40 LinkedSelection.js drwxr-xr-x 2 tomcat tomcat 4096 May 30 16:55 META-INF/ -rw-r--r-- 1 tomcat tomcat 498 Apr 13 11:53 MailingList.html drwxr-xr-x 4 tomcat tomcat 4096 May 30 17:03 WEB-INF/ drwxr-xr-x 6 tomcat tomcat 4096 May 30 16:55 classes/ -rw-r--r-- 1 tomcat tomcat 2032 Apr 13 11:54 contact.html -rw-r--r-- 1 tomcat tomcat 7239 May 9 16:13 help.html -rw-r--r-- 1 tomcat tomcat 2500 Apr 13 11:55 home.html -rw-r--r-- 1 tomcat tomcat 443 May 11 13:16 ind2_old.html -rw-r--r-- 1 tomcat tomcat 378 May 20 15:59 ind_old.html -rw-r--r-- 1 tomcat tomcat 434 Apr 29 22:31 intSearch_old.html -rw-r--r-- 1 tomcat tomcat 85925 May 11 09:40 jquery.min.js -rw-r--r-- 1 tomcat tomcat 37133 Apr 20 12:47 jquery.validate.js -rw-r--r-- 1 tomcat tomcat 4731 May 4 14:14 main_new.htm -rw-r--r-- 1 tomcat tomcat 1409 May 20 14:47 menu.htm -rw-r--r-- 1 tomcat tomcat 1930 Mar 25 10:22 terminAuswahl.js -rw-r--r-- 1 tomcat tomcat 14537 May 4 09:44 tidy.html -rw-r--r-- 1 tomcat tomcat 28948 May 9 13:55 xhtml2fo.xsl What is /mouseidgenes/InputData? Is it a servlet or a JSP? It's a servlet. Extract from web.xml: ... servlet servlet-nameInputData/servlet-name servlet-classinput.InputData/servlet-class /servlet servlet-mapping servlet-nameInputData/servlet-name url-pattern/InputData/url-pattern /servlet-mapping ... Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671
RE: specifying the content-type
Andre Warnier wrote: Your configuration of mod_jk below looks correct (except a small detail, see JkMount). But I must say that it is difficult to believe that the request is actually forwarded to Tomcat, and that Tomcat then fails to recognise the file as a JSP page, and returns it as text/plain source. The content is dynamically delivered by a servlet, not a jsp-file. Particularly if, as you said earlier, when you access the same URL on Tomcat directly, via port 8080, the same document displays correctly. Yes. The Connector's in Tomcat (the one for HTTP port 8080, and the one for AJP on port 8009) are just interfaces that receive a request in some format, translate it to a common internal format, and then forward it in that internal format to the internal Tomcat machinery (which is the same in both cases). So whether a request is originally received on the HTTP Connector or on the AJP Connector, should not make a difference in terms of how Tomcat processes the same URL. And the result should be returned the same way in both cases. tcpdump shows that the content delivered by httpd has a content-type of text/plain, the content delivered by tomcat has no content-type. So something in the symptoms you report does not fit. Can you : - stop Apache - clear the mod_jk log - restart Apache - then issue just one request to mouseidgenes through Apache (port 80) - then edit the mod_jk log, find the lines specific to that one request, and paste them here OK: This should be the beginning of the request forwarded by httpd to tomcat: ... [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] map_uri_to_worker::jk_uri_worker_map.c (682): Attempting to map URI '/mouseidgenes/InputData' from 1 map s [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/mouseidgenes/*=appl01' source 'Jk Mount' [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] find_match::jk_uri_worker_map.c (516): Found a wildchar match '/mouseidgenes/*=appl01' [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] jk_handler::mod_jk.c (): Into handler jakarta-servlet worker=appl01 r-proxyreq=0 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] wc_get_worker_for_name::jk_worker.c (115): found a worker appl01 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] wc_maintain::jk_worker.c (323): Maintaining worker appl01 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] wc_get_name_for_type::jk_worker.c (292): Found worker type 'ajp13' [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] init_ws_service::mod_jk.c (888): Service protocol=HTTP/1.1 method=GET host=(null) addr=146.107.135.80 na me=vm53200-12 port=80 auth=(null) user=(null) laddr=146.107.35.101 raddr=146.107.135.80 uri=/mouseidgenes/InputData [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_get_endpoint::jk_ajp_common.c (2587): acquired connection pool slot=0 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_marshal_into_msgb::jk_ajp_common.c (553): ajp marshaling done [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_service::jk_ajp_common.c (2058): processing appl01 with 2 retries [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_send_request::jk_ajp_common.c (1352): (appl01) all endpoints are disconnected, detected by connect c heck (0), cping (0), send (0) [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] jk_open_socket::jk_connect.c (448): socket TCP_NODELAY set to On [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] jk_open_socket::jk_connect.c (548): trying to connect socket 13 to 127.0.0.1:8009 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] jk_open_socket::jk_connect.c (574): socket 13 connected to 127.0.0.1:8009 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connect_to_endpoint::jk_ajp_common.c (878): Connected socket 13 to (127.0.0.1:8009) [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): sending to ajp13 pos=4 len=433 max=8192 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 12 34 01 AD 02 02 00 08 48 54 54 50 2F 3 1 2E 31 - .4..HTTP/1.1 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 001000 00 17 2F 6D 6F 75 73 65 69 64 67 65 6 E 65 73 - .../mouseidgenes ... And this should be the beginning of the response: ... [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=10 max=8192 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 04 00 C8 00 02 4F 4B 00 00 00 00 00 00 0 0 00 00 - .OK. [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_unmarshal_response::jk_ajp_common.c (608): status = 200 [Wed Jun 01 14:04:31 2011]
Re: RE: specifying the content-type
Are you using virtual host maybe? If so, the JkMount directive has to be inside VirtualHost and not in the global apache conf file. Igor On Jun 1, 2011 10:14 PM, Lentes, Bernd bernd.len...@helmholtz-muenchen.de wrote: Andre Warnier wrote: Your configuration of mod_jk below looks correct (except a small detail,... The content is dynamically delivered by a servlet, not a jsp-file. Particularly if, as you said earlier, when you access the same URL on Tomcat directly, via port... Yes. The Connector's in Tomcat (the one for HTTP port 8080, and the one for AJP on port 8009) ar... tcpdump shows that the content delivered by httpd has a content-type of text/plain, the content delivered by tomcat has no content-type. So something in the symptoms you report does not fit. Can you : - stop Apache - clear t... OK: This should be the beginning of the request forwarded by httpd to tomcat: ... [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] map_uri_to_worker::jk_uri_worker_map.c (682): Attempting to map URI '/mouseidgenes/InputData' from 1 map s [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] find_match::jk_uri_worker_map.c (503): Attempting to map context URI '/mouseidgenes/*=appl01' source 'Jk Mount' [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] find_match::jk_uri_worker_map.c (516): Found a wildchar match '/mouseidgenes/*=appl01' [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] jk_handler::mod_jk.c (): Into handler jakarta-servlet worker=appl01 r-proxyreq=0 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] wc_get_worker_for_name::jk_worker.c (115): found a worker appl01 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] wc_maintain::jk_worker.c (323): Maintaining worker appl01 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] wc_get_name_for_type::jk_worker.c (292): Found worker type 'ajp13' [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] init_ws_service::mod_jk.c (888): Service protocol=HTTP/1.1 method=GET host=(null) addr=146.107.135.80 na me=vm53200-12 port=80 auth=(null) user=(null) laddr=146.107.35.101 raddr=146.107.135.80 uri=/mouseid... [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_get_endpoint::jk_ajp_common.c (2587): acquired connection pool slot=0 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_marshal_into_msgb::jk_ajp_common.c (553): ajp marshaling done [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_service::jk_ajp_common.c (2058): processing appl01 with 2 retries [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_send_request::jk_ajp_common.c (1352): (appl01) all endpoints are disconnected, detected by connect c heck (0), cping (0), send (0) [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] jk_open_socket::jk_connect.c (448): socket TCP_NODELAY set to On [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] jk_open_socket::jk_connect.c (548): trying to connect socket 13 to 127.0.0.1:8009 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] jk_open_socket::jk_connect.c (574): socket 13 connected to 127.0.0.1:8009 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connect_to_endpoint::jk_ajp_common.c (878): Connected socket 13 to ( 127.0.0.1:8009) [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): sending to ajp13 pos=4 len=433 max=8192 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 12 34 01 AD 02 02 00 08 48 54 54 50 2F 3 1 2E 31 - .4..HTTP/1.1 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_send_message::jk_ajp_common.c (934): 001000 00 17 2F 6D 6F 75 73 65 69 64 67 65 6 E 65 73 - .../mouseidgenes ... And this should be the beginning of the response: ... [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=10 max=8192 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 04 00 C8 00 02 4F 4B 00 00 00 00 00 00 0 0 00 00 - .OK. [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_unmarshal_response::jk_ajp_common.c (608): status = 200 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_unmarshal_response::jk_ajp_common.c (615): Number of headers is = 0 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): received from ajp13 pos=0 len=8188 max=8192 [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 03 1F F8 3C 48 65 61 64 3E 3C 74 69 74 6 C 65 3E - ...Headtitle [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 00104D 6F 75 73 65 49 44 47 65 6E 65 73 3C 2 F 74 69 - MouseIDGenes/ti [Wed Jun 01 14:04:31 2011] [26662:405231360] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1117): 0020
RE: RE: specifying the content-type
Igor Cimicov wrote: Are you using virtual host maybe? If so, the JkMount directive has to be inside VirtualHost and not in the global apache conf file. Igor No. Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671
Re: specifying the content-type
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bernd, On 6/1/2011 5:18 AM, Lentes, Bernd wrote: I use JKMount, and DocumentRoot of httpd and webapps of tomcat are not overlapping. [snip] We don't use jsp, we have servlets. Okay. Can you post your servlet code, then? There is no default Content-Type for HTTP responses, so getting a response directly from Tomcat might cause the browser to auto-detect content. It's possible that Apache httpd wants to use a Content-Type and defaults to text/plain for some reason. You might want to properly set the Content-Type header in your servlet code if you aren't already doing it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3mSFAACgkQ9CaO5/Lv0PBtKQCZAb7EA5ORK2d/cMwodfBiFE/x umcAnioj4Ujz0sI76Cn/WvqZG7ULnmVy =Tagb -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: specifying the content-type
Hi Bernd, I think your colleagues forgot/didn't want to set the content-type in the servlet(-code)? text/plain is apache default for anything it doesn't know (if I recall correctly) If no content-type is set by the servlet, no content-type is delivered. No content-type set by the servlet causes *your browser* to start guessing. text/html is a pretty solid guess for a browser. Often a servlet can only generate one kind of content-type. If that's the case there's no point in making it configurable. However, you could use mod_headers to have this set/added by apache . . . Best Regards, Martin
Re: Request headers created in valve don't make it to application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marc, On 5/31/2011 5:27 PM, Marc Boorshtein wrote: 2) Show us your Valve code. (It is simple, right?) IteratorAttribute attribs = lastmile.getAttributes().iterator(); while (attribs.hasNext()) { Attribute attrib = attribs.next(); if (this.createHeaders) { logger.info(creating header); for (String val : attrib.getValues()) { logger.info(attrib.getName() + = + val); request.addHeader(attrib.getName(), val); } } Can you try this: request.addHeader(attrib.getName(), val); logger.info(After added header: + attrib.getName() + = + request.getHeader(attrib.getName())); I wonder if the header value is being ignored because the request is frozen or something like that. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3mSyEACgkQ9CaO5/Lv0PD/AACfZg+IWAsUhL6Rrh0BkqQTaqLO tKkAoKK0YfmIIBqMY78ZTWnSQJg44mWY =c/1M -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5.27, session lost, cookies
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Diego, On 6/1/2011 6:27 AM, Diego Ruotolo wrote: BTW, in my previous mails I tell you about the architecture used in our webapp, I send you the HTTP logs as returned by the access log valve and The logs are not useful, since they don't contain headers. I said we use 3 cookies: - JSESSIONID, with value of generated session id - jsessionid, same as before, just the name in lower case Cookie names are case-insensitive, so using JSESSIONID as well as jsessionid is going to cause problems. http://www.ietf.org/rfc/rfc2109.txt See sections 4.1 (specifically the definition of attr and the comment following it) and 4.2.2 where NAME is defined to be an attr. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3mTOQACgkQ9CaO5/Lv0PAkigCdGg8MRl9CgnXspAA1u3HWeQD7 BLIAn1nwH4DHkgqL5KwQ4QnySJERQsnf =CKtT -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Source of after_start and stop LifecycleEvent
Hello Tomcat users, Does anyone know has it been changed after Apache Tomcat 6.0.13 that source of LifecycleEvent of after_start and stop type is org.apache.catalina.core.StandardEngine instead of org.apache.catalina.Server? I'm experiencing issues with JBoss mod_cluster: http://community.jboss.org/thread/167432 Its LifecycleListener, http://anonsvn.jboss.org/repos/mod_cluster/trunk/src/main/java/org/jboss/modcluster/catalina/ModClusterListener.java expects source of after_start and stop event to be org.apache.catalina.Server but when debugging I see that it's org.apache.catalina.core.StandardEngine. Regards, Stevo. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using two authentication methods for one application
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hauke, On 6/1/2011 5:48 AM, Hauke Mehrtens wrote: I created my own authentication method beside BASIC, DIGEST, FORM, and CLIENT-CERT to allow the user to authenticate against our own SAML IdP and enter the user credentials on a page provided by the IdP. The authentication method of the IdP uses a Java applet to access a smart card and get the user credentials, so the web browser has to be redirected to some different page to login. To add our own authentication method we extended org.apache.catalina.authenticator.AuthenticatorBase and added the it to the list of supported methods in the tomcat configuration. This is working like expected. Cool! Now it should be possible to also log into the application with a from based authentication in addition to the IdP login, the normal FORM method would be nice. The user should select at some entry page what method he wants to use and then the correct authentication method should be used. I tried to modify the web.xml of my web application to add both methods, but it did not work. Adding two login-config or two auth-method is not allowed. Right: you'll either have to step outside the servlet spec on this one (i.e. implement everything as a Filter or something like that) or try to integrate the two authentication methods into a single authenticator that can handle both situations (which might not be possible). Now my plan is to implement some additional authentication method which supports both or a method which will forward the request to some other method ( my own or FORM) depending on some attribute in the http request, but this does not look clean to me. Is there a clean way to do this? I think whatever you do, it's going to be kind of ugly. I have never used it, but you might want to look at using your own JSSE provider or something like that. I know it supports a lot of complexity, but your problem might come down to gathering the credentials in the first place, not necessarily performing the authentication. I'm totally ignorant of SAMS IdP... how does one communicate credentials? If you could shoehorn the credentials into username/password fields (even if one of them is blank), you might be able to use a unified authenticator. Since you are using an applet, you can communicate any way you choose with Tomcat, that is, using any URL with any parameters, etc. If you are using Tomcat 7, you can use the newly-available HttpServletRequest.login(String username, String password) method to access your special, dual-use authenticator from a special URL. I am working on the Tomcat included in the JBoss 5.1 (I think it is 6.0), but it should also work on other versions (= 6.0) so that we are able to secure any web application running on some tomcat. Hmm. Does JBoss have a version running Tomcat 7? Or, is it possible to safely upgrade Tomcat inside of JBoss? Please add me to the CC as I am not subscripted to the list. You must be subscribed to the list to post to it. This is the last time I will CC you on a message posted to the list, mostly because I'm lazy. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3mT6QACgkQ9CaO5/Lv0PAxYACdGkhA0s4VsHXGnxGr1oz66PI6 mOMAoIAYahgTAsPKnKe+oi7cclQEuzge =a1Aw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request headers created in valve don't make it to application
On 1:59 PM, Marc Boorshtein wrote: Do you have any filters or other valves that might be wrapping the request and choosing to ignore your extra headers? No, the app is just a servlet that loops over all the headers and cookies and generates a properties response 1) Show us your modified conf/context.xml. !-- The contents of this file will be loaded for each web application -- Context !-- Default set of monitored resources -- WatchedResourceWEB-INF/web.xml/WatchedResource !-- Uncomment this to disable session persistence across Tomcat restarts -- !-- Manager pathname= / -- !-- Uncomment this to enable Comet connection tacking (provides events on session expiration as well as webapp lifecycle) -- !-- Valve className=rg.apache.catalina.valves.CometConnectionManagerValve / -- !--Context path=echo -- Valve className=om.tremolosecurity.valve.TremoloValve headerName=utoidmrequest userAttribute=from-assertion-uid roleAttribute=ole createHeaders=true encryptionKeyName=lastMile ignoreURI= pathToKeyStore=WEB-INF/autoIdmSession.jks keyPass=tart123 / !--/Context -- /Context 2) Show us your Valve code. (It is simple, right?) IteratorAttribute attribs =astmile.getAttributes().iterator(); while (attribs.hasNext()) { Attribute attrib =ttribs.next(); if (this.createHeaders) { logger.info(creating header); for (String val : attrib.getValues()) { logger.info(attrib.getName() + =+ val); request.addHeader(attrib.getName(), val); } } . . . [2011-05-31 15:22:11,262][http-8080-1] INFO AutoIDMFilter - true [2011-05-31 15:22:11,262][http-8080-1] INFO AutoIDMFilter - creating header [2011-05-31 15:22:11,263][http-8080-1] INFO AutoIDMFilter - from-assertion-uid=stStaticGroupSucceed [2011-05-31 15:22:11,264][http-8080-1] INFO AutoIDMFilter - creating header [2011-05-31 15:22:11,264][http-8080-1] INFO AutoIDMFilter - from-assertion-sn=er [2011-05-31 15:22:11,264][http-8080-1] INFO AutoIDMFilter - creating header [2011-05-31 15:22:11,265][http-8080-1] INFO AutoIDMFilter - from-assertion-cn=st User 3) Show us the WEB-INF/web.xml andContext element for your webapp. ?xml version=.0? web-app xmlns=ttp://java.sun.com/xml/ns/j2ee xmlns:xsi=ttp://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation=ttp://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version=.4 servlet servlet-nameecho/servlet-name servlet-classcom.tremolosecurity.test.servlet.EchoServlet/servlet-class /servlet servlet-mapping servlet-nameecho/servlet-name url-pattern/echo/url-pattern /servlet-mapping servlet-mapping servlet-nameecho/servlet-name url-pattern/echo and echo/url-pattern /servlet-mapping /web-app Thanks Marc Hi, Marc- Is that a carriage return and/or line feed before the attribute name in the log file or just the formatting of the e-mail? -Terence Bandoian - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Source of after_start and stop LifecycleEvent
Pardon, it's StandardService and not StandardEngine that's source of these events (Apache Tomcat 6.0.32). Regards, Stevo. On Wed, Jun 1, 2011 at 4:42 PM, Stevo Slavić ssla...@gmail.com wrote: Hello Tomcat users, Does anyone know has it been changed after Apache Tomcat 6.0.13 that source of LifecycleEvent of after_start and stop type is org.apache.catalina.core.StandardEngine instead of org.apache.catalina.Server? I'm experiencing issues with JBoss mod_cluster: http://community.jboss.org/thread/167432 Its LifecycleListener, http://anonsvn.jboss.org/repos/mod_cluster/trunk/src/main/java/org/jboss/modcluster/catalina/ModClusterListener.java expects source of after_start and stop event to be org.apache.catalina.Server but when debugging I see that it's org.apache.catalina.core.StandardEngine. Regards, Stevo. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request headers created in valve don't make it to application
Can you try this: request.addHeader(attrib.getName(), val); logger.info(After added header: + attrib.getName() + = + request.getHeader(attrib.getName())); I wonder if the header value is being ignored because the request is frozen or something like that. - -chris [2011-06-01 11:14:03,074][http-8080-1] INFO AutoIDMFilter - true [2011-06-01 11:14:03,074][http-8080-1] INFO AutoIDMFilter - creating header [2011-06-01 11:14:03,074][http-8080-1] INFO AutoIDMFilter - from-assertion-uid=testStaticGroupSucceed [2011-06-01 11:14:03,074][http-8080-1] INFO AutoIDMFilter - After added header: from-assertion-uid=null [2011-06-01 11:14:03,075][http-8080-1] INFO AutoIDMFilter - creating header [2011-06-01 11:14:03,075][http-8080-1] INFO AutoIDMFilter - from-assertion-sn=User [2011-06-01 11:14:03,076][http-8080-1] INFO AutoIDMFilter - After added header: from-assertion-sn=null [2011-06-01 11:14:03,076][http-8080-1] INFO AutoIDMFilter - creating header [2011-06-01 11:14:03,076][http-8080-1] INFO AutoIDMFilter - from-assertion-cn=Test User [2011-06-01 11:14:03,076][http-8080-1] INFO AutoIDMFilter - After added header: from-assertion-cn=null So for some reason the addHeader is not doing anything Thanks Marc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request headers created in valve don't make it to application
Hi, Marc- Is that a carriage return and/or line feed before the attribute name in the log file or just the formatting of the e-mail? -Terence Bandoian just email formatting - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5.27, session lost, cookies
Hi Chris, many thanks for your suggestion. Next week I will try to remove the cookie in excess and I'll tell you the result. Best regards Il 01/06/2011 16.29, Christopher Schultz ha scritto: Diego, On 6/1/2011 6:27 AM, Diego Ruotolo wrote: BTW, in my previous mails I tell you about the architecture used in our webapp, I send you the HTTP logs as returned by the access log valve and The logs are not useful, since they don't contain headers. I said we use 3 cookies: - JSESSIONID, with value of generated session id - jsessionid, same as before, just the name in lower case Cookie names are case-insensitive, so using JSESSIONID as well as jsessionid is going to cause problems. http://www.ietf.org/rfc/rfc2109.txt See sections 4.1 (specifically the definition of attr and the comment following it) and 4.2.2 where NAME is defined to be an attr. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Diego Ruotolo - NoemaLife S.p.A. Ing. Diego Ruotolo Software developer NoemaLife S.p.A. Via Gobetti, 52 40129 Bologna - ITALY T +39 051 70.98.249 F +39 051 41.93.900 www.noemalife.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: specifying the content-type
Christopher Schulz wrote: On 6/1/2011 5:18 AM, Lentes, Bernd wrote: I use JKMount, and DocumentRoot of httpd and webapps of tomcat are not overlapping. [snip] We don't use jsp, we have servlets. Okay. Can you post your servlet code, then? I have to ask our developers. There is no default Content-Type for HTTP responses, so getting a response directly from Tomcat might cause the browser to auto-detect content. That's what i also believe. It's possible that Apache httpd wants to use a Content-Type and defaults to text/plain for some reason. You might want to properly set the Content-Type header in your servlet code if you aren't already doing it. How can i do that ? Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671
RE: specifying the content-type
Martin Kuen wrote: Hi Bernd, I think your colleagues forgot/didn't want to set the content-type in the servlet(-code)? Yes, i also think they forgot. They are Bioinformatics and don't know much about protocols and web servers. text/plain is apache default for anything it doesn't know (if I recall correctly) If no content-type is set by the servlet, no content-type is delivered. No content-type set by the servlet causes *your browser* to start guessing. text/html is a pretty solid guess for a browser. Often a servlet can only generate one kind of content-type. If that's the case there's no point in making it configurable. However, you could use mod_headers to have this set/added by apache . . . I will check this out. Bernd Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH) Ingolstädter Landstr. 1 85764 Neuherberg www.helmholtz-muenchen.de Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe Geschäftsführer: Prof. Dr. Günther Wess und Dr. Nikolaus Blum Registergericht: Amtsgericht München HRB 6466 USt-IdNr: DE 129521671
Re: specifying the content-type
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bernd, On 6/1/2011 1:04 PM, Lentes, Bernd wrote: Okay. Can you post your servlet code, then? I have to ask our developers. Okay. There is no default Content-Type for HTTP responses, so getting a response directly from Tomcat might cause the browser to auto-detect content. That's what i also believe. Sounds like Martin Kuen and I had the same idea moments apart. You might want to properly set the Content-Type header in your servlet code if you aren't already doing it. How can i do that ? You'd have to modify the code like this: response.setContentType(text/html); (or whatever content type is appropriate in the situation). Use of mod_headers or something similar may get this taken care of more quickly, but fixing the code is a better long-term approach. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3miz0ACgkQ9CaO5/Lv0PBdcgCgpjCnxikUYyTdjdkp1SJU8+DH qaMAn0DYaJIVz8H55ynT+4+aWvZ44urP =N3Nq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7 Shared Class Loader Removed?
Hi, I noticed that the tomcat 7 documentation has removed the Shared classloader description. Has the shared classloader been removed from tomcat? TIA, - Ole - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Source of after_start and stop LifecycleEvent
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stevo, On Wed, Jun 1, 2011 at 4:42 PM, Stevo Slavić ssla...@gmail.com wrote: Hello Tomcat users, Does anyone know has it been changed after Apache Tomcat 6.0.13 that source of LifecycleEvent of after_start and stop type is org.apache.catalina.core.StandardEngine instead of org.apache.catalina.Server? [Pardon, it's StandardService and not StandardEngine that's source of these events (Apache Tomcat 6.0.32).] I'm experiencing issues with JBoss mod_cluster: http://community.jboss.org/thread/167432 Its LifecycleListener, http://anonsvn.jboss.org/repos/mod_cluster/trunk/src/main/java/org/jboss/modcluster/catalina/ModClusterListener.java expects source of after_start and stop event to be org.apache.catalina.Server but when debugging I see that it's org.apache.catalina.core.StandardEngine. It looks like several components (in trunk, currently 6.0.32+) issue AFTER_START and STOP lifecycle events: java/org/apache/catalina/core/StandardThreadExecutor.java java/org/apache/catalina/core/StandardServer.java java/org/apache/catalina/core/StandardContext.java java/org/apache/catalina/core/ContainerBase.java java/org/apache/catalina/core/StandardService.java java/org/apache/catalina/core/StandardPipeline.java java/org/apache/catalina/ha/tcp/SimpleTcpCluster.java So, StandardServer does issue such events and should be handled correctly by the code you indicated, but StandardService also sends those events and if you want to handle those as well, you'll have to do so. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3mjlcACgkQ9CaO5/Lv0PACnwCfWnICcaQa+/5UDFjDa2APDeLP WPgAn2Az5qtm6l1udDNGcXmw96673iVW =de2w -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7 Shared Class Loader Removed?
From: Ole Ersoy [mailto:ole.er...@gmail.com] Subject: Tomcat 7 Shared Class Loader Removed? I noticed that the tomcat 7 documentation has removed the Shared classloader description. Has the shared classloader been removed from tomcat? It wasn't removed per se, but it is no longer used by default. You may still configure it in catalina.properties, if you have a pressing need to do so (usually a very, very bad idea). Note that this actually happened with Tomcat 6, about 4.5 years ago... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 Shared Class Loader Removed?
Hi Chuck, I may have a server that has several instances of the same web application running under different contexts. I was thinking about putting the jars in the shared repository, rather than deploying them with the war. Could you please help me understand why this is bad? TIA, - Ole On 06/01/2011 02:12 PM, Caldarale, Charles R wrote: From: Ole Ersoy [mailto:ole.er...@gmail.com] Subject: Tomcat 7 Shared Class Loader Removed? I noticed that the tomcat 7 documentation has removed the Shared classloader description. Has the shared classloader been removed from tomcat? It wasn't removed per se, but it is no longer used by default. You may still configure it in catalina.properties, if you have a pressing need to do so (usually a very, very bad idea). Note that this actually happened with Tomcat 6, about 4.5 years ago... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat with Cisco ACE Load Balancer
Thanks Pid for you updates. All I am trying here to implement Tomcat in Load Balanced Environment. WE have Java EE base web Application. And we have two 36 GB web servers. Currently they have WebLogic installed on them. Four Instance of WebLogic managed servers run on each machine. Our Java Appplicatiion is deployed on all of these web servers. Machine 1 : WebsLogicServer1 (Port : 6001) WebsLogicServer2 (Port : 6002) WebsLogicServer3 (Port : 6003) WebsLogicServer4 (Port : 6004) Machine 1 : WebsLogicServer4 (Port : 6005) WebsLogicServer6 (Port : 6006) WebsLogicServer7 (Port : 6007) WebsLogicServer8 (Port : 6008) Right now we are using WebLogic Servers in a Cluster that are loaded balanced by Cisco Load Balancer. In current scenario using WebLogic , if a user sends a request , it goes to the Cisco Load Balancer which directs it to any of the 8 Weblogic Ports in the cluster based on Robin Round Algorithm. We don't have any performance issues as of now. All I am trying here to replicate this setup using Tomcat instead oof weblogic. Please if you can guide me . Thanks Tauqir Akhtar 212 801 8039 -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Wednesday, June 01, 2011 7:14 AM To: Tomcat Users List Subject: Re: Tomcat with Cisco ACE Load Balancer On 31/05/2011 21:10, Tauqir Akhtar wrote: Hi We have been using Weblogic Clusters with Cisco ACE Load Balancer We have 8 managed servers in the weblogic Cluster distributed evenly over two Machines. Load Balancer distributes the load in Robin Round fashion across these 8 managed servers using the concept of Stickiness. Now we need to replace Weblogic with Tomcat. I am looking for a document that would help me replicate this existing architecture in Tomcat environments. Questions that I have: * How many tomcat Installation would be required? Impossible to say, we don't know anything about your application, server spec, environment, current performance, etc etc etc * Or it would be single Installation on each machines and then copying of directory for each port? Impossible to say, we don't know anything about your application, server spec, environment, current performance, etc etc etc Also: I don't know what 'copying of directory for each port' means. * Will load Balancer see any difference if the request is from a Tomcat or Weblogic? The app server make requests to the load balancer? Or the load balancer directs requests to each app server? * If yes, then what are changes required in Load Balancer configuration? Impossible to say, we don't know anything about your application, server spec, environment, current performance, etc etc etc Pease help me with your suggestions. Please provide some meaningful information. p Thanks Tauqir Akhtar ## NOTICE: The contents of this e-mail and any attachments to it may contain privileged and confidential information from The Jones Group Inc. or its affiliates. This information is only for the viewing or use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of, or the taking of any action in reliance upon, the information contained in this e-mail, or any of the attachments to this e-mail, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this message and delete it from your system. ### ## NOTICE: The contents of this e-mail and any attachments to it may contain privileged and confidential information from The Jones Group Inc. or its affiliates. This information is only for the viewing or use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of, or the taking of any action in reliance upon, the information contained in this e-mail, or any of the attachments to this e-mail, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this message and delete it from your system. ### - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 7 Shared Class Loader Removed?
From: Ole Ersoy [mailto:ole.er...@gmail.com] Subject: Re: Tomcat 7 Shared Class Loader Removed? I was thinking about putting the jars in the shared repository, rather than deploying them with the war. Could you please help me understand why this is bad? 1) You would have data sharing - probably inadvertent - across all the webapps. Information can leak from one to another, which has serious integrity and security implications. 2) You would introduce versioning dependencies across all your webapp deployments, so if one copy of the webapp needed to be updated for a given client set, all would have to be updated simultaneously. 3) Redeployment or restart of a single webapp would be impossible. Other than saving a certain amount of disk and memory space (both of which are exceedingly cheap these days), what do you think you would gain? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat with Cisco ACE Load Balancer
From: Tauqir Akhtar [mailto:takh...@jny.com] Subject: RE: Tomcat with Cisco ACE Load Balancer All I am trying here to implement Tomcat in Load Balanced Environment. Please if you can guide me . Pid's words still stand: Impossible to say, we don't know anything about your application, server spec, environment, current performance, etc etc etc. You're not going to get any kind of definitive answer on a support mailing list. You need to set up a prototype Tomcat cluster or two, test it with a simulated load that's as close to your real-world traffic as you can get, fix whatever problems you find, and repeat until you're happy. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 Shared Class Loader Removed?
Chuck, Thank you. I have some jars that I'm going to create an RPM for to help with provisioning. Since I'm doing that I thought linking or putting them in the shared class loader repository might be smart, but perhaps not :). Thanks again, - Ole On 06/01/2011 03:10 PM, Caldarale, Charles R wrote: From: Ole Ersoy [mailto:ole.er...@gmail.com] Subject: Re: Tomcat 7 Shared Class Loader Removed? I was thinking about putting the jars in the shared repository, rather than deploying them with the war. Could you please help me understand why this is bad? 1) You would have data sharing - probably inadvertent - across all the webapps. Information can leak from one to another, which has serious integrity and security implications. 2) You would introduce versioning dependencies across all your webapp deployments, so if one copy of the webapp needed to be updated for a given client set, all would have to be updated simultaneously. 3) Redeployment or restart of a single webapp would be impossible. Other than saving a certain amount of disk and memory space (both of which are exceedingly cheap these days), what do you think you would gain? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 Shared Class Loader Removed?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ole, On 6/1/2011 4:33 PM, Ole Ersoy wrote: Thank you. I have some jars that I'm going to create an RPM for to help with provisioning. Since I'm doing that I thought linking or putting them in the shared class loader repository might be smart, but perhaps not :). You would really only be saving the in-memory representation of the java.lang.Class objects, which is relatively modest in terms of memory use. - From our experience, shared ClassLoaders are more trouble than they are worth. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk3moxQACgkQ9CaO5/Lv0PAZHwCglvfJpoUwZG8aM/LJEzOcn/wA n9kAnRPen5Ok+qonldPGq7TQAop6XeJv =pjae -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request headers created in valve don't make it to application
On 01/06/2011 16:16, Marc Boorshtein wrote: So for some reason the addHeader is not doing anything I'm guessing you haven't looked at the source for this yet. org.apache.catalina.connector#addHeader(String,String) is a NOOP. It was removed for Tomcat 7. You want: request.getCoyoteRequest().getMimeHeaders().setValue(str).setString(str) This will work for 6 and 7. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request headers created in valve don't make it to application
To quote one of my favorite tv showswell there's your problem! Thanks, I'll give this a try. Marc Sent from my iPad On Jun 1, 2011, at 4:47 PM, Mark Thomas ma...@apache.org wrote: On 01/06/2011 16:16, Marc Boorshtein wrote: So for some reason the addHeader is not doing anything I'm guessing you haven't looked at the source for this yet. org.apache.catalina.connector#addHeader(String,String) is a NOOP. It was removed for Tomcat 7. You want: request.getCoyoteRequest().getMimeHeaders().setValue(str).setString(str) This will work for 6 and 7. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Application crash after Migrate to different ESX
Hey, Explaining the whole infrastructure may be even more confusing. so I'll ask something else, simpler- when using the string testonborrow=true do I need to use it alone? can it be used alone? or do I have to put also the validationInterval string (or any other string)? Thanks Hila 2011/5/20 André Warnier a...@ice-sa.com הילה wrote: ... So, if you are using that pool, I basically do not understand why you would need any additional mechanism to overcome the loss of a db connection when your VM is migrated. Particularly that smart keep alive you keep talking about, but never telling us where it comes from and where it is inserted in that architecture. I don't understand on what mechanism are you talking about. I don't want to add anything (unless it can fix the problem) I just stated the problem, and the environment we have (win 2008, tomcat 6.0.29, jdbc pool.. These are the dry facts) The keep alive is an xslt file which contains actions to perform on the DB to check that everything is alive. if so, it returns an OK response, which can be viewed in HTML file on IE browser. The Load balancer samples the keep alive every 10 seconds to check the OK state. if it's not OK for 3 times in a row- the LB takes it out from the servers' pool and no one else can connect to it. So now there is also a load balancer ? I've just gone through all your previous posts, and this is the first time it has been mentioned. And it appears that it is the load balancer which tests de DB server directly (?) Huh ? I'm like Chris now, just a bit confused again about your setup. so yes. we need this keep alive and can't dismiss it, because it's the indication that the server is functioning properly. Which server ? and if it's not function - The LB can identify it and remove the server from the servers' pool so no one will try and approach it. Again, which server is taken out of the server pool ? The DB server, or the one running Tomcat ? Do you actually mean that the load balancer on one side, and Tomcat on the other side, are each accessing the DB server in parallel and by different channels ? we use the JTDS driver (I tried the Microsoft JDBC, but its performance is poor compared to the JTDS driver of sourceforge) Someone in my company suggested that the problem can rely in either of these JARs. so I will check with the tomcat-dbcp.jar as scenario 1, sql-jdbc.jar as scenario2, and maybe both combined as scenario 3. scenario 4 will be testing the behavior while validation is configured. Sure, add some extra variables to the problem. That will make it a lot simpler to find out what happens. no need of sarcasm here. these aren't additional variables. we spoke on the connection pool, so this is one of the things I can focus on to try and fix the problem. Yes, that was sarcasm. I was just getting a bit frustrated, because I am trying to help, but it seems impossible to get logical explanations here even about your exact configuration. So let me try again, graphically. As far as I can tell by your posts, your configuration is : hardware : - Vmware VM with your application and Tomcat and jdbc pool and jtds drivers - network - another machine with the DB and, somewhere, there is a load-balancer with a smart keep alive feature built-in. logical : Application -- Tomcat -- jdbc pool -- jtds driver -- network -- database At the start, the jdbc pool contains for example 10 connections to the database. At some point, there is a network problem, and as a consequence 5 of these connections are broken. But the jdbc pool is not configured to detect this in advance, and as a consequence, when the application tries to use a DB connection, it may get one of the 5 pooled connections which are broken, and it then gets an exception and breaks down. Or it may get a pooled connection that is not broken, and then everything appears to work fine. Now can you tell us where in the above schema the smart keep alive fits in ? Or else, correct the above schema to tell us how things really work ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request headers created in valve don't make it to application
On 01/06/2011 16:16, Marc Boorshtein wrote: So for some reason the addHeader is not doing anything I'm guessing you haven't looked at the source for this yet. org.apache.catalina.connector#addHeader(String,String) is a NOOP. It was removed for Tomcat 7. You want: request.getCoyoteRequest().getMimeHeaders().setValue(str).setString(str) This will work for 6 and 7. Worked perfectly, thanks! Marc - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat with Cisco ACE Load Balancer
- Original Message - From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Wednesday, June 1, 2011 1:16 PM Subject: RE: Tomcat with Cisco ACE Load Balancer From: Tauqir Akhtar [mailto:takh...@jny.com] Subject: RE: Tomcat with Cisco ACE Load Balancer All I am trying here to implement Tomcat in Load Balanced Environment. Please if you can guide me . Pid's words still stand: Impossible to say, we don't know anything about your application, server spec, environment, current performance, etc etc etc. You're not going to get any kind of definitive answer on a support mailing list. You need to set up a prototype Tomcat cluster or two, test it with a simulated load that's as close to your real-world traffic as you can get, fix whatever problems you find, and repeat until you're happy. - Chuck I'll go a little further out on the limb than Chuck and Pid. You can run multiple Tomcats from one installation. See RUNNING.txt in the current 7.0.x or 6.0.x distribution on how to do this. That being said, the other comments are spot on. Here are some considerations that you need to deal with. 1. Does your application make use of EJBs? If so, then Tomcat may not be the right choice. 2. Does your application make use of distributed transactions? If so, you can make Tomcat work with some additional applications, but again it may not be the right choice. 3. How many Tomcats? As Chuck and Pid have pointed out this is application-dependent, and will require testing on your part. 4. Sessions? Does your application use sessions? If so, how are they handled in a cluster of Weblogic servers? There is documentation on how to set up clustering on the Tomcat web site. 4. Changes to Cisco ACE configuration? First of all, this is an ACE question. Is the round robin modified by stickiness? If so, does that stickiness depend on cookies sent by the Weblogic server? Again, this is an application-related question. I'm sure I can think of a lot more questions given time. However, these questions should help you start thinking along the right lines. Once you've answered these (and other) questions, then you can ask specific questions on the list, such as: 1. I'm running 4 Tomcat 7.0.14 instances on a single server. Here are my server.xml files. I'm getting the following exceptions when trying to start the servers. What am I missing? 2. What's a good way to start multiple Tomcat 7.0.14 servers at boot time on a RedHat Linux system (version, etc.)? For load testing, you could use JMeter and the access log sampler to generate tests (you do keep access logs, right?). Hopefully this is enough to get you started. The other solution is to pay someone to do this (hint, it's not cheap). I'm sure there are people on the list (me included) who would do this for a fee. . . . . just my two cents. /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: specifying the content-type
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bernd, On 6/1/2011 1:04 PM, Lentes, Bernd wrote: Okay. Can you post your servlet code, then? I have to ask our developers. Okay. There is no default Content-Type for HTTP responses, so getting a response directly from Tomcat might cause the browser to auto-detect content. That's what i also believe. Sounds like Martin Kuen and I had the same idea moments apart. You might want to properly set the Content-Type header in your servlet code if you aren't already doing it. How can i do that ? You'd have to modify the code like this: response.setContentType(text/html); (or whatever content type is appropriate in the situation). Use of mod_headers or something similar may get this taken care of more quickly, but fixing the code is a better long-term approach. Sorry guys, but it still does not make sense : The response is interpreted perfectly OK when it comes through the HTTP Connector of Tomcat, on port 8080. But it is not interpreted OK when it comes through the AJP Connector, on port 8009. If it was a question of a header set or not set by the servlet, it would be the same in both cases, no ? Mmmm, now I get a new suspicion : Because the Tomcat app does not set a content-type : - in the case where the browser connects directly to Tomcat, the response comes without content-type, so the browser sniffs and guesses itself, and it happens to do it right. - but in the case where the response goes through Apache httpd, Apache sees that there is no content-type, and adds a text/plain one. (Nothing to do with AJP/mod_jk, it is Apache who done it) That should be visible at the browser level, using a plugin like HttpFox (Firefox) or Fiddler2 (IE). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ***SPAM*** maxPostSize syntax
You guys have a chip on your shoulder. This is Java. xM, xm, xG and xg are accepted as sizes by all the -Xm? options, so why not by Tomcat. M and G are size units, too. Other than dudes with an attitude like you, nobody refers to 64M as 67108864. -- O.L. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org