Re: user tomcat authentication
First authentication is done so that if in the browser exists relevant HTTP COOKIE and validation of that cookie is done then page should be shown. 2011/6/12 Mark Thomas ma...@apache.org: On 12/06/2011 20:29, Pid wrote: On 12/06/2011 17:12, Petr Hracek wrote: And what about in case that I have my own program for accessing to the specific databases where the passwords are stored as hashes? Are there any possibilities how to run that program for getting unhashed password from database? Why not hash the inbound password, then send compare it against the one in the DB, rather than decoding it? The Realm implementations can handle this, if you're using a standard hashing method that Java recognises. Hopefully you've not invented your own hashing method. Hmm. Hash functions are meant to be one way. It should be impossible to retrieve an unhashed password from the database. I hope that the original description is inaccurate rather than an example of (yet another) badly broken home-grown security solution that needs to be thrown away. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Best Regards / S pozdravem Petr Hracek - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: user tomcat authentication
First authentication is done so that if in the browser exists relevant HTTP COOKIE and validation of that cookie is done then page should be shown. How to do that I do not know from the tomcat point of view. Is there any possiblity how to check valid HTTP COOKIE otherwise showing loging page. If HTTP COOKIE is not existing than logging has to be done over my one program. How to do that I do not know as well. Are there any examples? 2011/6/13 Petr Hracek phrac...@gmail.com: First authentication is done so that if in the browser exists relevant HTTP COOKIE and validation of that cookie is done then page should be shown. 2011/6/12 Mark Thomas ma...@apache.org: On 12/06/2011 20:29, Pid wrote: On 12/06/2011 17:12, Petr Hracek wrote: And what about in case that I have my own program for accessing to the specific databases where the passwords are stored as hashes? Are there any possibilities how to run that program for getting unhashed password from database? Why not hash the inbound password, then send compare it against the one in the DB, rather than decoding it? The Realm implementations can handle this, if you're using a standard hashing method that Java recognises. Hopefully you've not invented your own hashing method. Hmm. Hash functions are meant to be one way. It should be impossible to retrieve an unhashed password from the database. I hope that the original description is inaccurate rather than an example of (yet another) badly broken home-grown security solution that needs to be thrown away. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Best Regards / S pozdravem Petr Hracek -- Best Regards / S pozdravem Petr Hracek - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: user tomcat authentication
On 13/06/2011 07:50, Petr Hracek wrote: First authentication is done so that if in the browser exists relevant HTTP COOKIE and validation of that cookie is done then page should be shown. How to do that I do not know from the tomcat point of view. Is there any possiblity how to check valid HTTP COOKIE otherwise showing loging page. If HTTP COOKIE is not existing than logging has to be done over my one program. How to do that I do not know as well. Are there any examples? From the little information you give, you're describing container managed security. FORM auth as defined by the Servlet Spec can do just that. You configure a Realm, some elements in web.xml which define where the login form error pages are, and which URLs are protected. p 2011/6/13 Petr Hracek phrac...@gmail.com: First authentication is done so that if in the browser exists relevant HTTP COOKIE and validation of that cookie is done then page should be shown. 2011/6/12 Mark Thomas ma...@apache.org: On 12/06/2011 20:29, Pid wrote: On 12/06/2011 17:12, Petr Hracek wrote: And what about in case that I have my own program for accessing to the specific databases where the passwords are stored as hashes? Are there any possibilities how to run that program for getting unhashed password from database? Why not hash the inbound password, then send compare it against the one in the DB, rather than decoding it? The Realm implementations can handle this, if you're using a standard hashing method that Java recognises. Hopefully you've not invented your own hashing method. Hmm. Hash functions are meant to be one way. It should be impossible to retrieve an unhashed password from the database. I hope that the original description is inaccurate rather than an example of (yet another) badly broken home-grown security solution that needs to be thrown away. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Best Regards / S pozdravem Petr Hracek signature.asc Description: OpenPGP digital signature
Re: user tomcat authentication
Only the simple question, What is the flag which URLs are protected? I have found that link http://tomcat-configure.blogspot.com/2009/01/tomcat-web-xml.html and specially section: How to secure your application with JAAS ? Let's say that my htdocs directory is there: /opt/testApp/htdocs/index.html and servlet storage is there: /opt/testApp/servlet/ Logging page is mention here: /opt/globalPages/htdocs/index.html How to configure https://ipaddress/testApp/ so that if HTTP COOKIE is not defined then /opt/globalPages/htdocs/index.html will be shown otherwise /opt/testApp/htdocs/index.html will be shown. Thank you very much 2011/6/13 Pid p...@pidster.com: On 13/06/2011 07:50, Petr Hracek wrote: First authentication is done so that if in the browser exists relevant HTTP COOKIE and validation of that cookie is done then page should be shown. How to do that I do not know from the tomcat point of view. Is there any possiblity how to check valid HTTP COOKIE otherwise showing loging page. If HTTP COOKIE is not existing than logging has to be done over my one program. How to do that I do not know as well. Are there any examples? From the little information you give, you're describing container managed security. FORM auth as defined by the Servlet Spec can do just that. You configure a Realm, some elements in web.xml which define where the login form error pages are, and which URLs are protected. p 2011/6/13 Petr Hracek phrac...@gmail.com: First authentication is done so that if in the browser exists relevant HTTP COOKIE and validation of that cookie is done then page should be shown. 2011/6/12 Mark Thomas ma...@apache.org: On 12/06/2011 20:29, Pid wrote: On 12/06/2011 17:12, Petr Hracek wrote: And what about in case that I have my own program for accessing to the specific databases where the passwords are stored as hashes? Are there any possibilities how to run that program for getting unhashed password from database? Why not hash the inbound password, then send compare it against the one in the DB, rather than decoding it? The Realm implementations can handle this, if you're using a standard hashing method that Java recognises. Hopefully you've not invented your own hashing method. Hmm. Hash functions are meant to be one way. It should be impossible to retrieve an unhashed password from the database. I hope that the original description is inaccurate rather than an example of (yet another) badly broken home-grown security solution that needs to be thrown away. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Best Regards / S pozdravem Petr Hracek -- Best Regards / S pozdravem Petr Hracek - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: user tomcat authentication
On 13/06/2011 09:44, Petr Hracek wrote: Only the simple question, What is the flag which URLs are protected? It is time for you to read the Servlet specification. I have found that link http://tomcat-configure.blogspot.com/2009/01/tomcat-web-xml.html and specially section: How to secure your application with JAAS ? And it looks like you need to read the Tomcat documentation as well. Mark Let's say that my htdocs directory is there: /opt/testApp/htdocs/index.html and servlet storage is there: /opt/testApp/servlet/ Logging page is mention here: /opt/globalPages/htdocs/index.html How to configure https://ipaddress/testApp/ so that if HTTP COOKIE is not defined then /opt/globalPages/htdocs/index.html will be shown otherwise /opt/testApp/htdocs/index.html will be shown. Thank you very much 2011/6/13 Pid p...@pidster.com: On 13/06/2011 07:50, Petr Hracek wrote: First authentication is done so that if in the browser exists relevant HTTP COOKIE and validation of that cookie is done then page should be shown. How to do that I do not know from the tomcat point of view. Is there any possiblity how to check valid HTTP COOKIE otherwise showing loging page. If HTTP COOKIE is not existing than logging has to be done over my one program. How to do that I do not know as well. Are there any examples? From the little information you give, you're describing container managed security. FORM auth as defined by the Servlet Spec can do just that. You configure a Realm, some elements in web.xml which define where the login form error pages are, and which URLs are protected. p 2011/6/13 Petr Hracek phrac...@gmail.com: First authentication is done so that if in the browser exists relevant HTTP COOKIE and validation of that cookie is done then page should be shown. 2011/6/12 Mark Thomas ma...@apache.org: On 12/06/2011 20:29, Pid wrote: On 12/06/2011 17:12, Petr Hracek wrote: And what about in case that I have my own program for accessing to the specific databases where the passwords are stored as hashes? Are there any possibilities how to run that program for getting unhashed password from database? Why not hash the inbound password, then send compare it against the one in the DB, rather than decoding it? The Realm implementations can handle this, if you're using a standard hashing method that Java recognises. Hopefully you've not invented your own hashing method. Hmm. Hash functions are meant to be one way. It should be impossible to retrieve an unhashed password from the database. I hope that the original description is inaccurate rather than an example of (yet another) badly broken home-grown security solution that needs to be thrown away. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Best Regards / S pozdravem Petr Hracek - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 6.0.18 clustering problem
Hi people... Background : I have two nodes (say, n1 and n2) running 3 instances of tomcat (say t1, t2, t3), with n1 running t1, t3 and n2 running t2. (All running same application.). I want to make clustering for n1-t1 and n2-t2. Clustering cofig for n1-t1 is Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=.*\.ico;.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Clustering cofig for n2-t2 is same as above n1-t3 has element Cluster commented and is not participating in clustering at all. Its being used for some other special purpose. Here is what i get when i start the tomcat instance. Jun 11, 2011 9:26:18 AM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/jav a-1.6.0-sun-1.6.0.13/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.13/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-sun-1.6.0.13/jre/../lib/amd64:/usr/java/packages /lib/amd64:/lib:/usr/lib Jun 11, 2011 9:26:18 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Jun 11, 2011 9:26:18 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 446 ms Jun 11, 2011 9:26:18 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Jun 11, 2011 9:26:18 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.18 Jun 11, 2011 9:26:18 AM org.apache.catalina.ha.tcp.SimpleTcpCluster start INFO: Cluster is about to start Jun 11, 2011 9:26:18 AM org.apache.catalina.tribes.transport.ReceiverBase bind INFO: Receiver Server Socket bound to:/70.87.28.134:4000 Jun 11, 2011 9:26:18 AM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Setting cluster mcast soTimeout to 500 Jun 11, 2011 9:26:18 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4 Jun 11, 2011 9:26:19 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:4 Jun 11, 2011 9:26:19 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8 Jun 11, 2011 9:26:20 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:8 Jun 11, 2011 9:26:20 AM org.apache.catalina.loader.WebappClassLoader validateJarFile INFO: validateJarFile(/opt/ mail.pw/webapps/pw-mail/WEB-INF/lib/selenium-server-0.9.2-standalone.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class Jun 11, 2011 9:26:20 AM org.apache.catalina.loader.WebappClassLoader validateJarFile INFO: validateJarFile(/opt/ mail.pw/webapps/pw-mail/WEB-INF/lib/servlet-api-2.5-6.1.11.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: ja vax/servlet/Servlet.class Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager start INFO: Register manager /pw-mail to cluster element Engine with name Catalina Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager start INFO: Starting clustering manager at /pw-mail Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager getAllClusterSessions INFO: Manager [localhost#/pw-mail]: skipping state transfer. No members active in cluster group. Jun 11, 2011 9:26:28 AM org.apache.catalina.ha.session.DeltaManager start INFO: Register manager /manager to cluster element Engine with name Catalina Jun 11, 2011 9:26:28 AM org.apache.catalina.ha.session.DeltaManager start INFO: Starting clustering manager at /manager Jun 11, 2011 9:26:28 AM
How to configure USE_SECURE_RANDOM_FOR_UUID?
Hi, I’ve noticed that in Tomcat 7.0.14’s org.apache.catalina.tribes.io.ChannelData there is public static field 'public static volatile boolean USE_SECURE_RANDOM_FOR_UUID'. and it seems to be used only once in the same class. By default its value is false. Do you know if there is a way to change/configure its value? Thanks! Franckie14
One process per webapp
Hi, I posted a RFE at https://issues.apache.org/bugzilla/show_bug.cgi?id=51366 asking for the ability to seamlessly deploy webapps into separate JVMs. Tomcat 7.0's parallel deployment sounds nice but it still doesn't solve the JNI and memory leak problems that haunt a single JVM architecture. Please read the proposal and let me know what you think. Thanks, Gili -- View this message in context: http://old.nabble.com/One-process-per-webapp-tp31836121p31836121.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Optimal Settings to use Tomcat as a HTTP File Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sriram, On 6/11/2011 4:00 AM, Sriram Narayanan wrote: On Sat, Jun 11, 2011 at 1:14 AM, Christopher Schultz ch...@christopherschultz.net wrote: Sriram, On 6/10/2011 1:49 PM, Sriram Narayanan wrote: Having one application serve static content, and having other applications serve other content (accept http requests, perform some processing, and send back responses, for e.g.), is actually a widely accepted and tested mechanism of using various stacks for various tasks. Sure, but it's not always necessary. More moving parts when they aren't necessary just results in tougher management and greater opportunity for security mistakes. For those that need it, this is what is done. Phrases such as moving parts, etc give the impression that it's all going to be very complicated when it's not. My point is that most don't need it. It's evidently become so standard that people do it because it's what everybody does, instead of for some specific reason. For instance, we use Apache httpd in front of Apache Tomcat because we need a single web server process to proxy to multiple back-end Apache Tomcat instances. We also have multiple back-end servers and use httpd as a load-balancer. If we had an F5 out front, we would probably remove Apache httpd from the mix. Configuring two web servers is (debatably) double the complexity. I didn't say it was very complicated... I just said it was more complicated. In fact, the vast majority of websites out there specifically stick in proxies and such in front of tomcat for SSL termination, load balancing, and static content serving. I'm not sure I would say the vast majority, but certainly many are. There's no need to give the impression that some other web server in front of Tomcat is a best practice: it's merely a common practice. This is not giving an impression. There's a reason that this is common practice. Enlighten me: what is the reason that this is common practice? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk32aIoACgkQ9CaO5/Lv0PCRcwCcD3dtgWWo5LjQoYCdYGxD6eut qjAAn2DH2dXpwCGXuiM84qc4YbofgWHn =w0j7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Terminating long running request threads
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter, On 6/12/2011 5:49 AM, Peter Roßbach wrote: can we add the unique Thread Id, please? If you can find the java.lang.Thread object, can't you get it's unique id already? Maybe I'm misunderstanding your question. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk32aXIACgkQ9CaO5/Lv0PCGpwCePJnyTL+6lC7jO2dkAe1uZL0j YJ4AoIALl4DWko/V6MIbHzPTSNyHMksa =84/7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Optimal Settings to use Tomcat as a HTTP File Server
Enlighten me: what is the reason that this is common practice? The most obvious reason for having HTTP server in front of an Application Server (Tomcat) is that there are many things that you can do at/in the HTTP server that you don't have available to you inside Tomcat. Things like: -Caching -Proxy -Load balancing -Static image serving (much more economical because the HTTP server is much lighter weight than a JVM/App server) -etc... The most common/safest configuration is the HTTP server being directly available to the internet and the Application Servers being hidden behind firewalls with only 1 port per IP address forwarded through the firewall. The most common reason for this is that an Application Server requires usually requires access to many more things than a simple HTTP server (Databases, Network Disk space, etc..) and those other things are MUCH more difficult to secure against external intrusions. Also if you want to do clustering with failover or sequential updates it is better to have something in front of the actual application server that doesn't need to be changed much. It will just simplify ongoing daily maintenance (it looks more complicated but in the long run it makes things a lot simpler). HTTP servers are also much more efficient at processing HTTP connections and HTTPS traffic than Application Servers. Besides, if you want an outage message, where would you serve that from if not from an HTTP server? Bill -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: June 13, 2011 3:44 PM To: Tomcat Users List Subject: Re: Optimal Settings to use Tomcat as a HTTP File Server -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sriram, On 6/11/2011 4:00 AM, Sriram Narayanan wrote: On Sat, Jun 11, 2011 at 1:14 AM, Christopher Schultz ch...@christopherschultz.net wrote: Sriram, On 6/10/2011 1:49 PM, Sriram Narayanan wrote: Having one application serve static content, and having other applications serve other content (accept http requests, perform some processing, and send back responses, for e.g.), is actually a widely accepted and tested mechanism of using various stacks for various tasks. Sure, but it's not always necessary. More moving parts when they aren't necessary just results in tougher management and greater opportunity for security mistakes. For those that need it, this is what is done. Phrases such as moving parts, etc give the impression that it's all going to be very complicated when it's not. My point is that most don't need it. It's evidently become so standard that people do it because it's what everybody does, instead of for some specific reason. For instance, we use Apache httpd in front of Apache Tomcat because we need a single web server process to proxy to multiple back-end Apache Tomcat instances. We also have multiple back-end servers and use httpd as a load-balancer. If we had an F5 out front, we would probably remove Apache httpd from the mix. Configuring two web servers is (debatably) double the complexity. I didn't say it was very complicated... I just said it was more complicated. In fact, the vast majority of websites out there specifically stick in proxies and such in front of tomcat for SSL termination, load balancing, and static content serving. I'm not sure I would say the vast majority, but certainly many are. There's no need to give the impression that some other web server in front of Tomcat is a best practice: it's merely a common practice. This is not giving an impression. There's a reason that this is common practice. Enlighten me: what is the reason that this is common practice? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk32aIoACgkQ9CaO5/Lv0PCRcwCcD3dtgWWo5LjQoYCdYGxD6eut qjAAn2DH2dXpwCGXuiM84qc4YbofgWHn =w0j7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat efficiency (was: RE: Optimal Settings to use Tomcat as a HTTP File Server)
-Original Message- From: Bill Miller [mailto:millebi.subscripti...@gmail.com] Sent: Monday, June 13, 2011 3:58 PM Enlighten me: what is the reason that this is common practice? ... -Static image serving (much more economical because the HTTP server is much lighter weight than a JVM/App server) -etc... I've heard this claim before, but I'm not so sure I believe it. Apache httpd is a web server implemented in C that runs directly on the OS. Apache Tomcat is a web server written in Java that runs on a JVM. I'd hope both are written near-optimally for their respective environments, and there's no good reason Java needs to be slow. I just tried a trivial benchmark of a static file (187 bytes) that yielded 3,223 req/sec from httpd, and 3,172 req/sec from Tomcat. That's a difference under 2%. A 2% performance difference isn't compelling enough to me to make an architectural decision one way or the other. I haven't benchmarked larger files, but I can imagine that APR's sendfile support would give Tomcat an assist there. On the other hand, there are other good reasons to use Java as a web server in favor of httpd. Security, for one--I shouldn't need to worry about e.g. stack buffer overflow exploits when running a Java server. My hope is that Tomcat and its ilk will slowly replace older web server technology for static and dynamic content alike. That's not just for simplicity's sake, but that I also see the difference between static and dynamic requests starting to evaporate. We serve a lot of cacheable requests from our application, all idempotent requests, and they are not normally backed by file system content. They could just as well be a row in a database or search engine results. The distinction of static content (i.e. content served by files on a file system) isn't useful to me because it's not very different than content served from other sources. But, unlike Apache httpd, Tomcat is built on a technology that is very easy to extend for e.g. database access. The architectural shift away from file content seems to be accelerated by adoption of distributed and (especially) cloud computing, in which a central read/write file system is not always convenient or available. Distributed file systems exist but have not proven to be as effective as relational databases or any of the No-SQL technologies such as Hadoop. Hence the traditional static vs. dynamic distinction is most likely becoming obsolete. -Jeff
Re: Tomcat efficiency (was: RE: Optimal Settings to use Tomcat as a HTTP File Server)
On 13 June 2011 21:41, Jeff Sturm jeff.st...@eprize.com wrote: From: Bill Miller [mailto:millebi.subscripti...@gmail.com] -Static image serving (much more economical because the HTTP server is much lighter weight than a JVM/App server) -etc... [...] I just tried a trivial benchmark of a static file (187 bytes) that yielded 3,223 req/sec from httpd, and 3,172 req/sec from Tomcat. That's a difference under 2%. A 2% performance difference isn't compelling enough to me to make an architectural decision one way or the other. I haven't benchmarked larger files, but I can imagine that APR's sendfile support would give Tomcat an assist there. http://tomcat.apache.org/articles/benchmark_summary.pdf I seem to recall some more recent benchmarks as well? The summary I've seen is you'll run out of network bandwidth long before you run out of the capacity to serve static files in any modern system, whether you're using httpd or Tomcat. - Peter
Re: How to configure USE_SECURE_RANDOM_FOR_UUID?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Frank, On 6/13/2011 11:46 AM, franckie frank wrote: I’ve noticed that in Tomcat 7.0.14’s org.apache.catalina.tribes.io.ChannelData there is public static field 'public static volatile boolean USE_SECURE_RANDOM_FOR_UUID'. and it seems to be used only once in the same class. By default its value is false. Do you know if there is a way to change/configure its value? How about: import org.apache.catalina.tribes.io.ChannelData; ... ChannelData.USE_SECURE_RANDOM_FOR_UUID = true; ? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk32hHgACgkQ9CaO5/Lv0PAN/ACfcvRm70MK30Oxtu5AeciZK/l9 0JgAoLkVlDFYkmhQCAXGCbH8JYtWro8l =0ooA -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to configure USE_SECURE_RANDOM_FOR_UUID?
On 13/06/2011 22:43, Christopher Schultz wrote: Frank, On 6/13/2011 11:46 AM, franckie frank wrote: Ive noticed that in Tomcat 7.0.14s org.apache.catalina.tribes.io.ChannelData there is public static field 'public static volatile boolean USE_SECURE_RANDOM_FOR_UUID'. and it seems to be used only once in the same class. By default its value is false. Do you know if there is a way to change/configure its value? How about: import org.apache.catalina.tribes.io.ChannelData; ... ChannelData.USE_SECURE_RANDOM_FOR_UUID = true; But that begs the questions, why would you want to? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: One process per webapp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gili, On 6/13/2011 1:07 PM, cowwoc wrote: I posted a RFE at https://issues.apache.org/bugzilla/show_bug.cgi?id=51366 asking for the ability to seamlessly deploy webapps into separate JVMs. So you want Tomcat to have an option to run as a supervisor in one JVM and deploy webapps to separate JVMs? Tomcat 7.0's parallel deployment sounds nice but it still doesn't solve the JNI and memory leak problems that haunt a single JVM architecture. Parallel deployment is at once orthogonal to and the opposite of what you are requesting. Please read the proposal and let me know what you think. What single management interface are you describing in your enhancement comments? The Tomcat manager webapp? It's trivial to run a manager in each JVM and use that for deployment. If you know that your webapp needs to do things such as register a shared library on startup, you can do one of two things: 1. Always bounce Tomcat directly instead of re-loading the webapp 2. Fix the webapp so it doesn't bomb on startup when the library is already loaded Tomcat provides the manager webapp and ant tasks to access it, plus a toolbox of scripts to start/stop/etc. Tomcat. Your needs seem to be fairly specific... why not just roll your own solution? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk32htcACgkQ9CaO5/Lv0PAGJwCaA020eDYhHSRmgVxALLLisG7z 0zgAn1WDZNd+BRnJVD+C/kKUHh6KtotJ =o0Md -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Optimal Settings to use Tomcat as a HTTP File Server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill, This is fun. On 6/13/2011 3:58 PM, Bill Miller wrote: Enlighten me: what is the reason that this is common practice? The most obvious reason for having HTTP server in front of an Application Server (Tomcat) is that there are many things that you can do at/in the HTTP server that you don't have available to you inside Tomcat. Fair enough, but you shouldn't just throw httpd in the mix because those features are available. You should only turn to Apache httpd when you actually need one of those features. I'm just suggesting that httpd/Tomcat as a standard setup is a thing of the past. Sure, lots of people do it, but lots of those people shouldn't be doing it. Things like: -Caching -Proxy -Load balancing -Static image serving (much more economical because the HTTP server is much lighter weight than a JVM/App server) Really? What benchmarking have you done? Because I have benchmarked httpd against Tomcat's NIO and APR connectors and I can tell you that Tomcat scales just as well (better under certain conditions). Why shouldn't it? It's the same code in the case of APR. Here's my data and writeup: http://people.apache.org/~schultz/ApacheCon%20NA%202010/ -etc... Wait, there's /more/? You must be right, then. The most common/safest configuration is the HTTP server being directly available to the internet and the Application Servers being hidden behind firewalls with only 1 port per IP address forwarded through the firewall. The safest usable configuration has the application servers not directly accessible from the Internet, or any other dangerous place. There's no reason that a full-blown http server has to be in between them. Load balancers, proxies, etc. are all other options that are equally viable. Also if you want to do clustering with failover or sequential updates it is better to have something in front of the actual application server that doesn't need to be changed much. Agreed, but there's no reason for that thing to be httpd. HTTP servers are also much more efficient at processing HTTP connections and HTTPS traffic than Application Servers. References, please? You do know that the APR connector runs the same code as Apache httpd, right? Note that I didn't benchmark HTTPS speeds for the above presentation, though my expectation is that JSSE will be easily out-performed by both Apache httpd and Tomcat/APR, unless some JSSE-friendly hardware SSL acceleration is available (which would presumably be usable by OpenSSL, anyway, probably giving the slight edge back to httpd/APR/OpenSSL). Besides, if you want an outage message, where would you serve that from if not from an HTTP server? Load balancer, proxy, etc. You don't have to use Apache httpd + mod_jk or whatever just to get a down page showing when you are having an outage. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk32i60ACgkQ9CaO5/Lv0PAuhwCgwW2eeB/PgcDUSTLWwQAcV5bm usQAnj9NeFpA80ZrFXrtQGNCI1l5g47u =/2yD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat efficiency (was: RE: Optimal Settings to use Tomcat as a HTTP File Server)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff, On 6/13/2011 4:41 PM, Jeff Sturm wrote: -Original Message- From: Bill Miller [mailto:millebi.subscripti...@gmail.com] Sent: Monday, June 13, 2011 3:58 PM Enlighten me: what is the reason that this is common practice? ... -Static image serving (much more economical because the HTTP server is much lighter weight than a JVM/App server) -etc... I've heard this claim before, but I'm not so sure I believe it. I just tried a trivial benchmark of a static file I have better benchmarks, I think: http://people.apache.org/~schultz/ApacheCon%20NA%202010/ On the other hand, there are other good reasons to use Java as a web server in favor of httpd. Security, for one +1 One could argue (and others have, in another thread) that the app server (with it's usually more-privileged role among servers) is inappropriate to be Internet-facing, and I agree. Were Tomcat to include an HTTP proxying capability (which it doesn't) that performed well (which it could), I might even recommend replacing Apache httpd with Tomcat for static file-serving for just security reasons. Apache httpd is pretty secure, though, in it's default configuration when kept up-to-date. ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk32jNYACgkQ9CaO5/Lv0PAHSgCfdWzzez5DQ3CknIuJnhot30mI 8YwAn3aRepmkLQ071mosobQj0CGfiTV6 =opVW -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[Embedded Tomcat 7] - Redeploy WAR File
Hi there! I am running tomcat 7.0.14-embed with JavaSE-1.6 on a Windows7 machine. /Autodeploy/, /DeployOnStartup/ and /UnpackWARs/ works like a charm when creating a new WAR-File at appBase directory for the firsttime. If my application generates a updated version of the WAR-File while the Tomcat isn't running, the new WAR-File never gets unpacked. This behaviour is also described at: * http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Automatic%20Application%20Deployment /Note: If you re-deploy an updated WAR file while Tomcat is stopped, be sure to delete the associated expanded directory before restarting Tomcat, so that the updated WAR file will be re-expanded when Tomcat restarts./ Is there a workarround to re-deploy a updated WAR-File, while Tomcat is offline, without deleting folders manually? Scenario: 1. my app generates a WAR File with a index.jsp and random image to display (basically just a zip file) 2. my app starts tomcat 7 embedded Current Behavior: 1. if the WAR-File was never deployed before, the WAR-File will be unpacked 2. if the WAR-File was deployed before, the WAR-File will not be unpacked and the old version is visible in the webbrowser In that case i have to delete the folder manually and restart tomcat. Wished Behavior: Everytime the WAR-File is updated it shall be re-deployed by Tomcat. Code Snippet: String tempDir = System.getProperty(java.io.tmpdir); String appID = test; RandomWarGenerator rwg = new RandomWarGenerator(tempDir, appID); rwg.export(); // generates WAR-File with index.jsp and random image to display File webApp = new File(tempDir, appID); Tomcat server = new Tomcat(); server.setBaseDir(tempDir); server.setPort(8080); StandardHost stdHost = (StandardHost) server.getHost(); stdHost.setAppBase(tempDir); stdHost.setUnpackWARs(true); stdHost.setAutoDeploy(true); stdHost.setDeployOnStartup(true); server.setHost(stdHost); server.addWebapp(server.getHost(), / + appID , webApp.getAbsolutePath()); server.start(); server.getServer().await(); Thanks in advance! Cheers Darky
Re: [Embedded Tomcat 7] - Redeploy WAR File
On 13/06/2011 23:57, Dark Before Dawn wrote: Hi there! I am running tomcat 7.0.14-embed with JavaSE-1.6 on a Windows7 machine. /Autodeploy/, /DeployOnStartup/ and /UnpackWARs/ works like a charm when creating a new WAR-File at appBase directory for the firsttime. If my application generates a updated version of the WAR-File while the Tomcat isn't running, the new WAR-File never gets unpacked. This behaviour is also described at: * http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Automatic%20Application%20Deployment /Note: If you re-deploy an updated WAR file while Tomcat is stopped, be sure to delete the associated expanded directory before restarting Tomcat, so that the updated WAR file will be re-expanded when Tomcat restarts./ Is there a workarround to re-deploy a updated WAR-File, while Tomcat is offline, without deleting folders manually? The simplest is probably use unpackWARs=false Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [Embedded Tomcat 7] - Redeploy WAR File
Am 14.06.2011 01:01, schrieb Mark Thomas: On 13/06/2011 23:57, Dark Before Dawn wrote: Hi there! I am running tomcat 7.0.14-embed with JavaSE-1.6 on a Windows7 machine. /Autodeploy/, /DeployOnStartup/ and /UnpackWARs/ works like a charm when creating a new WAR-File at appBase directory for the firsttime. If my application generates a updated version of the WAR-File while the Tomcat isn't running, the new WAR-File never gets unpacked. This behaviour is also described at: * http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Automatic%20Application%20Deployment /Note: If you re-deploy an updated WAR file while Tomcat is stopped, be sure to delete the associated expanded directory before restarting Tomcat, so that the updated WAR file will be re-expanded when Tomcat restarts./ Is there a workarround to re-deploy a updated WAR-File, while Tomcat is offline, without deleting folders manually? The simplest is probably use unpackWARs=false Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Hi Mark, that would be an option, but this could be a heavy footprint if WAR-Files grow in size? Cheers - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.18 clustering problem
- Original Message - From: Nilesh - MiKu niles...@directi.com To: users@tomcat.apache.org Cc: Sent: Monday, June 13, 2011 8:36 AM Subject: Tomcat 6.0.18 clustering problem Hi people... Background : I have two nodes (say, n1 and n2) running 3 instances of tomcat (say t1, t2, t3), with n1 running t1, t3 and n2 running t2. (All running same application.). I want to make clustering for n1-t1 and n2-t2. Clustering cofig for n1-t1 is Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=8 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=4000 autoBind=100 selectorTimeout=5000 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=.*\.ico;.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Clustering cofig for n2-t2 is same as above n1-t3 has element Cluster commented and is not participating in clustering at all. Its being used for some other special purpose. Here is what i get when i start the tomcat instance. Jun 11, 2011 9:26:18 AM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/jav a-1.6.0-sun-1.6.0.13/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.13/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-sun-1.6.0.13/jre/../lib/amd64:/usr/java/packages /lib/amd64:/lib:/usr/lib Jun 11, 2011 9:26:18 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Jun 11, 2011 9:26:18 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 446 ms Jun 11, 2011 9:26:18 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Jun 11, 2011 9:26:18 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.18 Jun 11, 2011 9:26:18 AM org.apache.catalina.ha.tcp.SimpleTcpCluster start INFO: Cluster is about to start Jun 11, 2011 9:26:18 AM org.apache.catalina.tribes.transport.ReceiverBase bind INFO: Receiver Server Socket bound to:/70.87.28.134:4000 Jun 11, 2011 9:26:18 AM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Setting cluster mcast soTimeout to 500 Jun 11, 2011 9:26:18 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4 Jun 11, 2011 9:26:19 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:4 Jun 11, 2011 9:26:19 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8 Jun 11, 2011 9:26:20 AM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:8 Jun 11, 2011 9:26:20 AM org.apache.catalina.loader.WebappClassLoader validateJarFile INFO: validateJarFile(/opt/ mail.pw/webapps/pw-mail/WEB-INF/lib/selenium-server-0.9.2-standalone.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class Jun 11, 2011 9:26:20 AM org.apache.catalina.loader.WebappClassLoader validateJarFile INFO: validateJarFile(/opt/ mail.pw/webapps/pw-mail/WEB-INF/lib/servlet-api-2.5-6.1.11.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: ja vax/servlet/Servlet.class Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager start INFO: Register manager /pw-mail to cluster element Engine with name Catalina Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager start INFO: Starting clustering manager at /pw-mail Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager getAllClusterSessions INFO: Manager [localhost#/pw-mail]: skipping state transfer. No members active in cluster group. Jun 11, 2011
Re: One process per webapp
Hi Christopher, Assuming we simply use one webapp per Tomcat instance I'm still looking for two changes: * Restart the entire JVM on webapp redeploy (to avoid JNI and ClassLoader problems) * Faster webapp redeploys if the entire JVM is restarted. I'm aiming for one second but currently we're at ten seconds. Gili Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gili, On 6/13/2011 1:07 PM, cowwoc wrote: I posted a RFE at https://issues.apache.org/bugzilla/show_bug.cgi?id=51366 asking for the ability to seamlessly deploy webapps into separate JVMs. So you want Tomcat to have an option to run as a supervisor in one JVM and deploy webapps to separate JVMs? Tomcat 7.0's parallel deployment sounds nice but it still doesn't solve the JNI and memory leak problems that haunt a single JVM architecture. Parallel deployment is at once orthogonal to and the opposite of what you are requesting. Please read the proposal and let me know what you think. What single management interface are you describing in your enhancement comments? The Tomcat manager webapp? It's trivial to run a manager in each JVM and use that for deployment. If you know that your webapp needs to do things such as register a shared library on startup, you can do one of two things: 1. Always bounce Tomcat directly instead of re-loading the webapp 2. Fix the webapp so it doesn't bomb on startup when the library is already loaded Tomcat provides the manager webapp and ant tasks to access it, plus a toolbox of scripts to start/stop/etc. Tomcat. Your needs seem to be fairly specific... why not just roll your own solution? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk32htcACgkQ9CaO5/Lv0PAGJwCaA020eDYhHSRmgVxALLLisG7z 0zgAn1WDZNd+BRnJVD+C/kKUHh6KtotJ =o0Md -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/One-process-per-webapp-tp31836121p31839136.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7.0.11 embedded does not load context.xml [SEC=UNCLASSIFIED]
UNCLASSIFIED Hi, I am trying to embed Tomcat 7.0.11 into my standard web application. This web application defines some Resource elements in META-INF/context.xml - yet, Tomcat is not loading this file. tomcat = new Tomcat(); tomcat.setBaseDir(.); tomcat.setPort(8084); tomcat.addWebapp(/, System.getProperty(user.dir) + /build/web); tomcat.setHostname(localhost); tomcat.enableNaming(); tomcat.start(); Causes the following error: javax.naming.NamingException: Cannot create resource instance at org.apache.naming.factory.ResourceEnvFactory.getObjectInstance(ResourceE nvFactory.java:117) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304) at org.apache.naming.NamingContext.lookup(NamingContext.java:826) at org.apache.naming.NamingContext.lookup(NamingContext.java:145) at org.apache.naming.NamingContext.lookup(NamingContext.java:814) at org.apache.naming.NamingContext.lookup(NamingContext.java:159) at dsto.adiib.ws.harmoniser.AdiibHarmoniser.init(AdiibHarmoniser.java:113 ) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorA ccessorImpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingCons tructorAccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.Class.newInstance0(Class.java:355) at java.lang.Class.newInstance(Class.java:308) at com.sun.xml.ws.api.server.InstanceResolver.createNewInstance(InstanceRes olver.java:215) at com.sun.xml.ws.api.server.InstanceResolver.createDefault(InstanceResolve r.java:180) at com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.jav a:123) at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505) at com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(D eploymentDescriptorParser.java:253) at com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(Deploymen tDescriptorParser.java:147) at com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextIn itialized(WSServletContextListener.java:124) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.j ava:4681) at org.apache.catalina.core.StandardContext$1.call(StandardContext.java:518 4) at org.apache.catalina.core.StandardContext$1.call(StandardContext.java:517 9) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto r.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja va:908) at java.lang.Thread.run(Thread.java:662) Line 113 of AdiibHarmoniser is like so: HarmoniserImplConfigBean harmoniserImplConfigBean = (HarmoniserImplConfigBean)envCtx.lookup(beanName); This essentially loads some external beans for me. My context.xml looks like so: ?xml version=1.0 encoding=UTF-8? Context antiJARLocking=true path=/AdiibHarmoniser Resource auth=Container csdTypeComparatorValue=VIDEO csdViewDataModel=NSIL_VIDEO_VIEW dibTextPath=//video factory=org.apache.naming.factory.BeanFactory harmonise=true harmoniserClassName=dsto.adiib.ws.harmoniser.FmvHarmoniser name=bean/FmvFactory subscriptionId=adiibFmvHarmoniser type=dsto.adiib.ws.harmoniser.HarmoniserImplConfigBean/ Resource auth=Container csdTypeComparatorValue=IMAGERY csdViewDataModel=NSIL_IMAGERY_VIEW dibTextPath=//nitf factory=org.apache.naming.factory.BeanFactory harmonise=true harmoniserClassName=dsto.adiib.ws.harmoniser.NitfHarmoniser name=bean/NitfFactory subscriptionId=adiibNitfHarmoniser type=dsto.adiib.ws.harmoniser.HarmoniserImplConfigBean/ /Context Using normal Tomcat (non embedded) everything works fine. I found a post similar to my problem here: http://stackoverflow.com/questions/5238451/jndi-jdbc-data-source-in-embe dded-tomcat-7, yet this caused a followon exception. java.lang.NoSuchMethodError: org.apache.catalina.Context.setConfigFile(Ljava/lang/String;)V Any ideas? Kind Regards, James IMPORTANT: This email remains the property of the Department of Defence and is subject to the jurisdiction of section 70 of the Crimes Act 1914. If you have received this email in error, you are requested to contact the sender and delete the email.