Re: user tomcat authentication

[Petr Hracek]

First authentication is done so that if in the browser exists relevant
HTTP COOKIE and validation of that cookie is done then page should be
shown.


2011/6/12 Mark Thomas ma...@apache.org:
 On 12/06/2011 20:29, Pid wrote:
 On 12/06/2011 17:12, Petr Hracek wrote:
 And what about in case that I have my own program for accessing to the
 specific
 databases where the passwords are stored as hashes?

 Are there any possibilities how to run that program for getting unhashed
 password from database?

 Why not hash the inbound password, then send  compare it against the
 one in the DB, rather than decoding it?

 The Realm implementations can handle this, if you're using a standard
 hashing method that Java recognises.

 Hopefully you've not invented your own hashing method.

 Hmm. Hash functions are meant to be one way. It should be impossible to
 retrieve an unhashed password from the database.

 I hope that the original description is inaccurate rather than an
 example of (yet another) badly broken home-grown security solution that
 needs to be thrown away.

 Mark

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





-- 
Best Regards / S pozdravem
Petr Hracek

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: user tomcat authentication

[Petr Hracek]

First authentication is done so that if in the browser exists relevant
HTTP COOKIE and validation of that cookie is done then page should be
shown.
How to do that I do not know from the tomcat point of view.

Is there any possiblity how to check valid HTTP COOKIE otherwise
showing loging page.

If HTTP COOKIE is not existing than logging has to be done over my one program.
How to do that I do not know as well.

Are there any examples?

2011/6/13 Petr Hracek phrac...@gmail.com:
 First authentication is done so that if in the browser exists relevant
 HTTP COOKIE and validation of that cookie is done then page should be
 shown.


 2011/6/12 Mark Thomas ma...@apache.org:
 On 12/06/2011 20:29, Pid wrote:
 On 12/06/2011 17:12, Petr Hracek wrote:
 And what about in case that I have my own program for accessing to the
 specific
 databases where the passwords are stored as hashes?

 Are there any possibilities how to run that program for getting unhashed
 password from database?

 Why not hash the inbound password, then send  compare it against the
 one in the DB, rather than decoding it?

 The Realm implementations can handle this, if you're using a standard
 hashing method that Java recognises.

 Hopefully you've not invented your own hashing method.

 Hmm. Hash functions are meant to be one way. It should be impossible to
 retrieve an unhashed password from the database.

 I hope that the original description is inaccurate rather than an
 example of (yet another) badly broken home-grown security solution that
 needs to be thrown away.

 Mark

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





 --
 Best Regards / S pozdravem
 Petr Hracek




-- 
Best Regards / S pozdravem
Petr Hracek

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: user tomcat authentication

[Pid]

On 13/06/2011 07:50, Petr Hracek wrote:
 First authentication is done so that if in the browser exists relevant
 HTTP COOKIE and validation of that cookie is done then page should be
 shown.
 How to do that I do not know from the tomcat point of view.
 
 Is there any possiblity how to check valid HTTP COOKIE otherwise
 showing loging page.
 
 If HTTP COOKIE is not existing than logging has to be done over my one 
 program.
 How to do that I do not know as well.
 
 Are there any examples?

From the little information you give, you're describing container
managed security.  FORM auth as defined by the Servlet Spec can do just
that.

You configure a Realm, some elements in web.xml which define where the
login form  error pages are, and which URLs are protected.


p



 2011/6/13 Petr Hracek phrac...@gmail.com:
 First authentication is done so that if in the browser exists relevant
 HTTP COOKIE and validation of that cookie is done then page should be
 shown.


 2011/6/12 Mark Thomas ma...@apache.org:
 On 12/06/2011 20:29, Pid wrote:
 On 12/06/2011 17:12, Petr Hracek wrote:
 And what about in case that I have my own program for accessing to the
 specific
 databases where the passwords are stored as hashes?

 Are there any possibilities how to run that program for getting unhashed
 password from database?

 Why not hash the inbound password, then send  compare it against the
 one in the DB, rather than decoding it?

 The Realm implementations can handle this, if you're using a standard
 hashing method that Java recognises.

 Hopefully you've not invented your own hashing method.

 Hmm. Hash functions are meant to be one way. It should be impossible to
 retrieve an unhashed password from the database.

 I hope that the original description is inaccurate rather than an
 example of (yet another) badly broken home-grown security solution that
 needs to be thrown away.

 Mark

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





 --
 Best Regards / S pozdravem
 Petr Hracek

 
 
 




signature.asc
Description: OpenPGP digital signature

Re: user tomcat authentication

[Petr Hracek]

Only the simple question,
What is the flag which URLs are protected?
I have found that link
http://tomcat-configure.blogspot.com/2009/01/tomcat-web-xml.html
and specially section:

How to secure your application with JAAS ?

Let's say that my htdocs directory is there:
   /opt/testApp/htdocs/index.html
and servlet storage is there:
  /opt/testApp/servlet/

Logging page is mention here: /opt/globalPages/htdocs/index.html

How to configure https://ipaddress/testApp/ so that if HTTP COOKIE
is not defined then /opt/globalPages/htdocs/index.html will be shown
otherwise /opt/testApp/htdocs/index.html will be shown.

Thank you very much

2011/6/13 Pid p...@pidster.com:
 On 13/06/2011 07:50, Petr Hracek wrote:
 First authentication is done so that if in the browser exists relevant
 HTTP COOKIE and validation of that cookie is done then page should be
 shown.
     How to do that I do not know from the tomcat point of view.

 Is there any possiblity how to check valid HTTP COOKIE otherwise
 showing loging page.

 If HTTP COOKIE is not existing than logging has to be done over my one 
 program.
     How to do that I do not know as well.

 Are there any examples?

 From the little information you give, you're describing container
 managed security.  FORM auth as defined by the Servlet Spec can do just
 that.

 You configure a Realm, some elements in web.xml which define where the
 login form  error pages are, and which URLs are protected.


 p



 2011/6/13 Petr Hracek phrac...@gmail.com:
 First authentication is done so that if in the browser exists relevant
 HTTP COOKIE and validation of that cookie is done then page should be
 shown.


 2011/6/12 Mark Thomas ma...@apache.org:
 On 12/06/2011 20:29, Pid wrote:
 On 12/06/2011 17:12, Petr Hracek wrote:
 And what about in case that I have my own program for accessing to the
 specific
 databases where the passwords are stored as hashes?

 Are there any possibilities how to run that program for getting unhashed
 password from database?

 Why not hash the inbound password, then send  compare it against the
 one in the DB, rather than decoding it?

 The Realm implementations can handle this, if you're using a standard
 hashing method that Java recognises.

 Hopefully you've not invented your own hashing method.

 Hmm. Hash functions are meant to be one way. It should be impossible to
 retrieve an unhashed password from the database.

 I hope that the original description is inaccurate rather than an
 example of (yet another) badly broken home-grown security solution that
 needs to be thrown away.

 Mark

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





 --
 Best Regards / S pozdravem
 Petr Hracek










-- 
Best Regards / S pozdravem
Petr Hracek

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: user tomcat authentication

[Mark Thomas]

On 13/06/2011 09:44, Petr Hracek wrote:
 Only the simple question,
 What is the flag which URLs are protected?

It is time for you to read the Servlet specification.

 I have found that link
 http://tomcat-configure.blogspot.com/2009/01/tomcat-web-xml.html
 and specially section:
 
 How to secure your application with JAAS ?

And it looks like you need to read the Tomcat documentation as well.

Mark

 
 Let's say that my htdocs directory is there:
/opt/testApp/htdocs/index.html
 and servlet storage is there:
   /opt/testApp/servlet/
 
 Logging page is mention here: /opt/globalPages/htdocs/index.html
 
 How to configure https://ipaddress/testApp/ so that if HTTP COOKIE
 is not defined then /opt/globalPages/htdocs/index.html will be shown
 otherwise /opt/testApp/htdocs/index.html will be shown.
 
 Thank you very much
 
 2011/6/13 Pid p...@pidster.com:
 On 13/06/2011 07:50, Petr Hracek wrote:
 First authentication is done so that if in the browser exists relevant
 HTTP COOKIE and validation of that cookie is done then page should be
 shown.
 How to do that I do not know from the tomcat point of view.

 Is there any possiblity how to check valid HTTP COOKIE otherwise
 showing loging page.

 If HTTP COOKIE is not existing than logging has to be done over my one 
 program.
 How to do that I do not know as well.

 Are there any examples?

 From the little information you give, you're describing container
 managed security.  FORM auth as defined by the Servlet Spec can do just
 that.

 You configure a Realm, some elements in web.xml which define where the
 login form  error pages are, and which URLs are protected.


 p



 2011/6/13 Petr Hracek phrac...@gmail.com:
 First authentication is done so that if in the browser exists relevant
 HTTP COOKIE and validation of that cookie is done then page should be
 shown.


 2011/6/12 Mark Thomas ma...@apache.org:
 On 12/06/2011 20:29, Pid wrote:
 On 12/06/2011 17:12, Petr Hracek wrote:
 And what about in case that I have my own program for accessing to the
 specific
 databases where the passwords are stored as hashes?

 Are there any possibilities how to run that program for getting unhashed
 password from database?

 Why not hash the inbound password, then send  compare it against the
 one in the DB, rather than decoding it?

 The Realm implementations can handle this, if you're using a standard
 hashing method that Java recognises.

 Hopefully you've not invented your own hashing method.

 Hmm. Hash functions are meant to be one way. It should be impossible to
 retrieve an unhashed password from the database.

 I hope that the original description is inaccurate rather than an
 example of (yet another) badly broken home-grown security solution that
 needs to be thrown away.

 Mark

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





 --
 Best Regards / S pozdravem
 Petr Hracek







 
 
 




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 6.0.18 clustering problem

[Nilesh - MiKu]

Hi people...

Background :

I have two nodes (say, n1 and n2) running 3 instances of tomcat (say t1, t2,
t3), with n1 running t1, t3 and n2 running t2. (All running same
application.). I want to make clustering for n1-t1 and n2-t2.

Clustering cofig for n1-t1 is

Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster
channelSendOptions=8

Manager className=org.apache.catalina.ha.session.DeltaManager
expireSessionsOnShutdown=false notifyListenersOnReplication=true/

Channel className=org.apache.catalina.tribes.group.GroupChannel
Membership className=org.apache.catalina.tribes.membership.McastService
address=228.0.0.4
port=45564
frequency=500
dropTime=3000/

Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver
address=auto
port=4000
autoBind=100
selectorTimeout=5000
maxThreads=6/

Sender
className=org.apache.catalina.tribes.transport.ReplicationTransmitter
Transport
className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/
/Sender

Interceptor
className=org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor/
Interceptor
className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/
Interceptor
className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/
/Channel

Valve className=org.apache.catalina.ha.tcp.ReplicationValve
filter=.*\.ico;.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;/

ClusterListener
className=org.apache.catalina.ha.session.ClusterSessionListener/

/Cluster

Clustering cofig for n2-t2 is same as above

n1-t3 has element Cluster commented and is not participating in clustering
at all. Its being used for some other special purpose.

Here is what i get when i start the tomcat instance.

Jun 11, 2011 9:26:18 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path: /usr/lib/jvm/jav
a-1.6.0-sun-1.6.0.13/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.13/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-sun-1.6.0.13/jre/../lib/amd64:/usr/java/packages
/lib/amd64:/lib:/usr/lib
Jun 11, 2011 9:26:18 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
Jun 11, 2011 9:26:18 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 446 ms
Jun 11, 2011 9:26:18 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Jun 11, 2011 9:26:18 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
Jun 11, 2011 9:26:18 AM org.apache.catalina.ha.tcp.SimpleTcpCluster start
INFO: Cluster is about to start
Jun 11, 2011 9:26:18 AM org.apache.catalina.tribes.transport.ReceiverBase
bind
INFO: Receiver Server Socket bound to:/70.87.28.134:4000
Jun 11, 2011 9:26:18 AM
org.apache.catalina.tribes.membership.McastServiceImpl setupSocket
INFO: Setting cluster mcast soTimeout to 500
Jun 11, 2011 9:26:18 AM
org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
INFO: Sleeping for 1000 milliseconds to establish cluster membership, start
level:4
Jun 11, 2011 9:26:19 AM
org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
INFO: Done sleeping, membership established, start level:4
Jun 11, 2011 9:26:19 AM
org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
INFO: Sleeping for 1000 milliseconds to establish cluster membership, start
level:8
Jun 11, 2011 9:26:20 AM
org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
INFO: Done sleeping, membership established, start level:8
Jun 11, 2011 9:26:20 AM org.apache.catalina.loader.WebappClassLoader
validateJarFile
INFO: validateJarFile(/opt/
mail.pw/webapps/pw-mail/WEB-INF/lib/selenium-server-0.9.2-standalone.jar) -
jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending
 class: javax/servlet/Servlet.class
Jun 11, 2011 9:26:20 AM org.apache.catalina.loader.WebappClassLoader
validateJarFile
INFO: validateJarFile(/opt/
mail.pw/webapps/pw-mail/WEB-INF/lib/servlet-api-2.5-6.1.11.jar) - jar not
loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: ja
vax/servlet/Servlet.class
Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager start
INFO: Register manager /pw-mail to cluster element Engine with name Catalina
Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager start
INFO: Starting clustering manager at /pw-mail
Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager
getAllClusterSessions
INFO: Manager [localhost#/pw-mail]: skipping state transfer. No members
active in cluster group.
Jun 11, 2011 9:26:28 AM org.apache.catalina.ha.session.DeltaManager start
INFO: Register manager /manager to cluster element Engine with name Catalina
Jun 11, 2011 9:26:28 AM org.apache.catalina.ha.session.DeltaManager start
INFO: Starting clustering manager at /manager
Jun 11, 2011 9:26:28 AM 

How to configure USE_SECURE_RANDOM_FOR_UUID?

[franckie frank]

Hi,



I’ve noticed that in Tomcat 7.0.14’s
org.apache.catalina.tribes.io.ChannelData there is public static field

'public static volatile boolean USE_SECURE_RANDOM_FOR_UUID'.

and it seems to be used only once in the same class. By default its value is
false.



Do you know if there is a way to change/configure its value?



Thanks!

Franckie14

One process per webapp

[cowwoc]

Hi,

I posted a RFE at https://issues.apache.org/bugzilla/show_bug.cgi?id=51366
asking for the ability to seamlessly deploy webapps into separate JVMs.

Tomcat 7.0's parallel deployment sounds nice but it still doesn't solve the
JNI and memory leak problems that haunt a single JVM architecture.

Please read the proposal and let me know what you think.

Thanks,
Gili
-- 
View this message in context: 
http://old.nabble.com/One-process-per-webapp-tp31836121p31836121.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Optimal Settings to use Tomcat as a HTTP File Server

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sriram,

On 6/11/2011 4:00 AM, Sriram Narayanan wrote:
 On Sat, Jun 11, 2011 at 1:14 AM, Christopher Schultz
 ch...@christopherschultz.net wrote:
 Sriram,
 
 On 6/10/2011 1:49 PM, Sriram Narayanan wrote:
 Having one application serve static content, and having other
 applications serve other content (accept http requests, perform some
 processing, and send back responses, for e.g.), is actually a widely
 accepted and tested mechanism of using various stacks for various
 tasks.
 
 Sure, but it's not always necessary. More moving parts when they aren't
 necessary just results in tougher management and greater opportunity for
 security mistakes.
 
 For those that need it, this is what is done. Phrases such as moving
 parts, etc give the impression that it's all going to be very
 complicated when it's not.

My point is that most don't need it. It's evidently become so standard
that people do it because it's what everybody does, instead of for
some specific reason.

For instance, we use Apache httpd in front of Apache Tomcat because we
need a single web server process to proxy to multiple back-end Apache
Tomcat instances. We also have multiple back-end servers and use httpd
as a load-balancer. If we had an F5 out front, we would probably remove
Apache httpd from the mix.

Configuring two web servers is (debatably) double the complexity. I
didn't say it was very complicated... I just said it was more
complicated.

 In fact, the vast majority of websites out there specifically stick in
 proxies and such in front of tomcat for  SSL termination, load
 balancing, and static content serving.
 
 I'm not sure I would say the vast majority, but certainly many are.
 There's no need to give the impression that some other web server in
 front of Tomcat is a best practice: it's merely a common practice.
 
 This is not giving an impression. There's a reason that this is common 
 practice.

Enlighten me: what is the reason that this is common practice?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk32aIoACgkQ9CaO5/Lv0PCRcwCcD3dtgWWo5LjQoYCdYGxD6eut
qjAAn2DH2dXpwCGXuiM84qc4YbofgWHn
=w0j7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Terminating long running request threads

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Peter,

On 6/12/2011 5:49 AM, Peter Roßbach wrote:
 can we add the unique Thread Id, please?

If you can find the java.lang.Thread object, can't you get it's unique
id already? Maybe I'm misunderstanding your question.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk32aXIACgkQ9CaO5/Lv0PCGpwCePJnyTL+6lC7jO2dkAe1uZL0j
YJ4AoIALl4DWko/V6MIbHzPTSNyHMksa
=84/7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Optimal Settings to use Tomcat as a HTTP File Server

[Bill Miller]

 Enlighten me: what is the reason that this is common practice?

The most obvious reason for having HTTP server in front of an Application 
Server (Tomcat) is that there are many things that you can do at/in the HTTP 
server that you don't have available to you inside Tomcat. Things like:
-Caching
-Proxy
-Load balancing
-Static image serving (much more economical because the HTTP server is much 
lighter weight than a JVM/App server)
-etc...

The most common/safest configuration is the HTTP server being directly 
available to the internet and the Application Servers being hidden behind 
firewalls with only 1 port per IP address forwarded through the firewall. 

The most common reason for this is that an Application Server requires usually 
requires access to many more things than a simple HTTP server (Databases, 
Network Disk space, etc..) and those other things are MUCH more difficult to 
secure against external intrusions. Also if you want to do clustering with 
failover or sequential updates it is better to have something in front of the 
actual application server that doesn't need to be changed much. It will just 
simplify ongoing daily maintenance (it looks more complicated but in the long 
run it makes things a lot simpler). HTTP servers are also much more efficient 
at processing HTTP connections and HTTPS traffic than Application Servers.

Besides, if you want an outage message, where would you serve that from if not 
from an HTTP server?

Bill

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: June 13, 2011 3:44 PM
To: Tomcat Users List
Subject: Re: Optimal Settings to use Tomcat as a HTTP File Server

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sriram,

On 6/11/2011 4:00 AM, Sriram Narayanan wrote:
 On Sat, Jun 11, 2011 at 1:14 AM, Christopher Schultz
 ch...@christopherschultz.net wrote:
 Sriram,
 
 On 6/10/2011 1:49 PM, Sriram Narayanan wrote:
 Having one application serve static content, and having other
 applications serve other content (accept http requests, perform some
 processing, and send back responses, for e.g.), is actually a widely
 accepted and tested mechanism of using various stacks for various
 tasks.
 
 Sure, but it's not always necessary. More moving parts when they aren't
 necessary just results in tougher management and greater opportunity for
 security mistakes.
 
 For those that need it, this is what is done. Phrases such as moving
 parts, etc give the impression that it's all going to be very
 complicated when it's not.

My point is that most don't need it. It's evidently become so standard
that people do it because it's what everybody does, instead of for
some specific reason.

For instance, we use Apache httpd in front of Apache Tomcat because we
need a single web server process to proxy to multiple back-end Apache
Tomcat instances. We also have multiple back-end servers and use httpd
as a load-balancer. If we had an F5 out front, we would probably remove
Apache httpd from the mix.

Configuring two web servers is (debatably) double the complexity. I
didn't say it was very complicated... I just said it was more
complicated.

 In fact, the vast majority of websites out there specifically stick in
 proxies and such in front of tomcat for  SSL termination, load
 balancing, and static content serving.
 
 I'm not sure I would say the vast majority, but certainly many are.
 There's no need to give the impression that some other web server in
 front of Tomcat is a best practice: it's merely a common practice.
 
 This is not giving an impression. There's a reason that this is common 
 practice.

Enlighten me: what is the reason that this is common practice?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk32aIoACgkQ9CaO5/Lv0PCRcwCcD3dtgWWo5LjQoYCdYGxD6eut
qjAAn2DH2dXpwCGXuiM84qc4YbofgWHn
=w0j7
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat efficiency (was: RE: Optimal Settings to use Tomcat as a HTTP File Server)

[Jeff Sturm]

 -Original Message-
 From: Bill Miller [mailto:millebi.subscripti...@gmail.com]
 Sent: Monday, June 13, 2011 3:58 PM
 
  Enlighten me: what is the reason that this is common practice?
...
 -Static image serving (much more economical because the HTTP server is much 
 lighter
 weight than a JVM/App server) -etc...

I've heard this claim before, but I'm not so sure I believe it.  Apache httpd 
is a web server implemented in C that runs directly on the OS.  Apache Tomcat 
is a web server written in Java that runs on a JVM.  I'd hope both are written 
near-optimally for their respective environments, and there's no good reason 
Java needs to be slow.

I just tried a trivial benchmark of a static file (187 bytes) that yielded 
3,223 req/sec from httpd, and 3,172 req/sec from Tomcat.  That's a difference 
under 2%.  A 2% performance difference isn't compelling enough to me to make an 
architectural decision one way or the other.  I haven't benchmarked larger 
files, but I can imagine that APR's sendfile support would give Tomcat an 
assist there.

On the other hand, there are other good reasons to use Java as a web server in 
favor of httpd.   Security, for one--I shouldn't need to worry about e.g. stack 
buffer overflow exploits when running a Java server.

My hope is that Tomcat and its ilk will slowly replace older web server 
technology for static and dynamic content alike.  That's not just for 
simplicity's sake, but that I also see the difference between static and 
dynamic requests starting to evaporate.  We serve a lot of cacheable requests 
from our application, all idempotent requests, and they are not normally backed 
by file system content.  They could just as well be a row in a database or 
search engine results.  The distinction of static content (i.e. content 
served by files on a file system) isn't useful to me because it's not very 
different than content served from other sources.  But, unlike Apache httpd, 
Tomcat is built on a technology that is very easy to extend for e.g. database 
access.

The architectural shift away from file content seems to be accelerated by 
adoption of distributed and (especially) cloud computing, in which a central 
read/write file system is not always convenient or available.  Distributed file 
systems exist but have not proven to be as effective as relational databases or 
any of the No-SQL technologies such as Hadoop.  Hence the traditional static 
vs. dynamic distinction is most likely becoming obsolete.

-Jeff

Re: Tomcat efficiency (was: RE: Optimal Settings to use Tomcat as a HTTP File Server)

[Peter Crowther]

On 13 June 2011 21:41, Jeff Sturm jeff.st...@eprize.com wrote:

  From: Bill Miller [mailto:millebi.subscripti...@gmail.com]
  -Static image serving (much more economical because the HTTP server is
 much lighter
  weight than a JVM/App server) -etc...

 [...]

I just tried a trivial benchmark of a static file (187 bytes) that yielded
 3,223 req/sec from httpd, and 3,172 req/sec from Tomcat.  That's a
 difference under 2%.  A 2% performance difference isn't compelling enough to
 me to make an architectural decision one way or the other.  I haven't
 benchmarked larger files, but I can imagine that APR's sendfile support
 would give Tomcat an assist there.

 http://tomcat.apache.org/articles/benchmark_summary.pdf

I seem to recall some more recent benchmarks as well?  The summary I've seen
is you'll run out of network bandwidth long before you run out of the
capacity to serve static files in any modern system, whether you're using
httpd or Tomcat.

- Peter

Re: How to configure USE_SECURE_RANDOM_FOR_UUID?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Frank,

On 6/13/2011 11:46 AM, franckie frank wrote:
 I’ve noticed that in Tomcat 7.0.14’s
 org.apache.catalina.tribes.io.ChannelData there is public static field
 
 'public static volatile boolean USE_SECURE_RANDOM_FOR_UUID'.
 
 and it seems to be used only once in the same class. By default its value is
 false.
 
 Do you know if there is a way to change/configure its value?

How about:

import org.apache.catalina.tribes.io.ChannelData;

...

   ChannelData.USE_SECURE_RANDOM_FOR_UUID = true;

?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk32hHgACgkQ9CaO5/Lv0PAN/ACfcvRm70MK30Oxtu5AeciZK/l9
0JgAoLkVlDFYkmhQCAXGCbH8JYtWro8l
=0ooA
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: How to configure USE_SECURE_RANDOM_FOR_UUID?

[Mark Thomas]

On 13/06/2011 22:43, Christopher Schultz wrote:
 Frank,
 
 On 6/13/2011 11:46 AM, franckie frank wrote:
 Ive noticed that in Tomcat 7.0.14s
 org.apache.catalina.tribes.io.ChannelData there is public static field
 
 'public static volatile boolean USE_SECURE_RANDOM_FOR_UUID'.
 
 and it seems to be used only once in the same class. By default its value is
 false.
 
 Do you know if there is a way to change/configure its value?
 
 How about:
 
 import org.apache.catalina.tribes.io.ChannelData;
 
 ...
 
ChannelData.USE_SECURE_RANDOM_FOR_UUID = true;

But that begs the questions, why would you want to?

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: One process per webapp

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Gili,

On 6/13/2011 1:07 PM, cowwoc wrote:
 I posted a RFE at https://issues.apache.org/bugzilla/show_bug.cgi?id=51366
 asking for the ability to seamlessly deploy webapps into separate JVMs.

So you want Tomcat to have an option to run as a supervisor in one JVM
and deploy webapps to separate JVMs?

 Tomcat 7.0's parallel deployment sounds nice but it still doesn't solve the
 JNI and memory leak problems that haunt a single JVM architecture.

Parallel deployment is at once orthogonal to and the opposite of what
you are requesting.

 Please read the proposal and let me know what you think.

What single management interface are you describing in your
enhancement comments? The Tomcat manager webapp? It's trivial to run a
manager in each JVM and use that for deployment.

If you know that your webapp needs to do things such as register a
shared library on startup, you can do one of two things:

  1. Always bounce Tomcat directly instead of re-loading the webapp
  2. Fix the webapp so it doesn't bomb on startup when the library
 is already loaded

Tomcat provides the manager webapp and ant tasks to access it, plus a
toolbox of scripts to start/stop/etc. Tomcat. Your needs seem to be
fairly specific... why not just roll your own solution?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk32htcACgkQ9CaO5/Lv0PAGJwCaA020eDYhHSRmgVxALLLisG7z
0zgAn1WDZNd+BRnJVD+C/kKUHh6KtotJ
=o0Md
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Optimal Settings to use Tomcat as a HTTP File Server

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bill,

This is fun.

On 6/13/2011 3:58 PM, Bill Miller wrote:
 Enlighten me: what is the reason that this is common practice?
 
 The most obvious reason for having HTTP server in front of an
 Application Server (Tomcat) is that there are many things that you
 can do at/in the HTTP server that you don't have available to you
 inside Tomcat.

Fair enough, but you shouldn't just throw httpd in the mix because those
features are available. You should only turn to Apache httpd when you
actually need one of those features.

I'm just suggesting that httpd/Tomcat as a standard setup is a thing
of the past. Sure, lots of people do it, but lots of those people
shouldn't be doing it.

 Things like:
 -Caching
 -Proxy
 -Load balancing
 -Static image serving (much more economical because the HTTP server
 is much lighter weight than a JVM/App server)

Really? What benchmarking have you done? Because I have benchmarked
httpd against Tomcat's NIO and APR connectors and I can tell you that
Tomcat scales just as well (better under certain conditions). Why
shouldn't it? It's the same code in the case of APR.

Here's my data and writeup:
http://people.apache.org/~schultz/ApacheCon%20NA%202010/

 -etc...

Wait, there's /more/? You must be right, then.

 The most common/safest configuration is the HTTP server being
 directly available to the internet and the Application Servers being hidden
 behind firewalls with only 1 port per IP address forwarded through the
 firewall.

The safest usable configuration has the application servers not directly
accessible from the Internet, or any other dangerous place. There's no
reason that a full-blown http server has to be in between them. Load
balancers, proxies, etc. are all other options that are equally viable.

 Also if you want to do clustering with failover or sequential updates
 it is better to have something in front of the actual application
 server that doesn't need to be changed much.

Agreed, but there's no reason for that thing to be httpd.

 HTTP servers are also much more efficient at processing HTTP
 connections and HTTPS traffic than Application Servers.

References, please? You do know that the APR connector runs the same
code as Apache httpd, right? Note that I didn't benchmark HTTPS speeds
for the above presentation, though my expectation is that JSSE will be
easily out-performed by both Apache httpd and Tomcat/APR, unless some
JSSE-friendly hardware SSL acceleration is available (which would
presumably be usable by OpenSSL, anyway, probably giving the slight edge
back to httpd/APR/OpenSSL).

 Besides, if you want an outage message, where would you serve that
 from if not from an HTTP server?

Load balancer, proxy, etc. You don't have to use Apache httpd + mod_jk
or whatever just to get a down page showing when you are having an outage.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk32i60ACgkQ9CaO5/Lv0PAuhwCgwW2eeB/PgcDUSTLWwQAcV5bm
usQAnj9NeFpA80ZrFXrtQGNCI1l5g47u
=/2yD
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat efficiency (was: RE: Optimal Settings to use Tomcat as a HTTP File Server)

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Jeff,

On 6/13/2011 4:41 PM, Jeff Sturm wrote:
 -Original Message-
 From: Bill Miller [mailto:millebi.subscripti...@gmail.com]
 Sent: Monday, June 13, 2011 3:58 PM

 Enlighten me: what is the reason that this is common practice?
 ...
 -Static image serving (much more economical because the HTTP server is much 
 lighter
 weight than a JVM/App server) -etc...
 
 I've heard this claim before, but I'm not so sure I believe it.

 I just tried a trivial benchmark of a static file

I have better benchmarks, I think:

http://people.apache.org/~schultz/ApacheCon%20NA%202010/

 On the other hand, there are other good reasons to use Java as a web
 server in favor of httpd.   Security, for one

+1

One could argue (and others have, in another thread) that the app server
(with it's usually more-privileged role among servers) is inappropriate
to be Internet-facing, and I agree. Were Tomcat to include an HTTP
proxying capability (which it doesn't) that performed well (which it
could), I might even recommend replacing Apache httpd with Tomcat for
static file-serving for just security reasons.

Apache httpd is pretty secure, though, in it's default configuration
when kept up-to-date. ;)

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk32jNYACgkQ9CaO5/Lv0PAHSgCfdWzzez5DQ3CknIuJnhot30mI
8YwAn3aRepmkLQ071mosobQj0CGfiTV6
=opVW
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[Embedded Tomcat 7] - Redeploy WAR File

[Dark Before Dawn]

Hi there!

I am running tomcat 7.0.14-embed with JavaSE-1.6 on a Windows7 machine. 
/Autodeploy/, /DeployOnStartup/ and /UnpackWARs/ works like a charm when 
creating a new WAR-File at appBase directory for the firsttime. If my 
application generates a updated version of the WAR-File while the Tomcat 
isn't running, the new WAR-File never gets unpacked. This behaviour is 
also described at:


   * 
http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Automatic%20Application%20Deployment

   /Note: If you re-deploy an updated WAR file while Tomcat is
   stopped, be sure to delete the associated expanded directory
   before restarting Tomcat, so that the updated WAR file will be
   re-expanded when Tomcat restarts./

Is there a workarround to re-deploy a updated WAR-File, while Tomcat is 
offline, without deleting folders manually?


Scenario:
1. my app generates a WAR File with a index.jsp and random image to 
display (basically just a zip file)

2. my app starts tomcat 7 embedded

Current Behavior:
1. if the WAR-File was never deployed before, the WAR-File will be unpacked
2. if the WAR-File was deployed before, the WAR-File will not be 
unpacked and the old version is visible in the webbrowser

In that case i have to delete the folder manually and restart tomcat.

Wished Behavior:
Everytime the WAR-File is updated it shall be re-deployed by Tomcat.

Code Snippet:

String tempDir = System.getProperty(java.io.tmpdir);
String appID = test;

RandomWarGenerator rwg = new  RandomWarGenerator(tempDir, appID);
rwg.export(); // generates WAR-File with index.jsp and random 
image to display


File webApp = new File(tempDir, appID);

Tomcat server = new Tomcat();

server.setBaseDir(tempDir);
server.setPort(8080);

StandardHost stdHost = (StandardHost) server.getHost();
stdHost.setAppBase(tempDir);

stdHost.setUnpackWARs(true);
stdHost.setAutoDeploy(true);
stdHost.setDeployOnStartup(true);

server.setHost(stdHost);

server.addWebapp(server.getHost(), / + appID , 
webApp.getAbsolutePath());


server.start();

server.getServer().await();


Thanks in advance!
Cheers Darky

Re: [Embedded Tomcat 7] - Redeploy WAR File

[Mark Thomas]

On 13/06/2011 23:57, Dark Before Dawn wrote:
 Hi there!
 
 I am running tomcat 7.0.14-embed with JavaSE-1.6 on a Windows7 machine.
 /Autodeploy/, /DeployOnStartup/ and /UnpackWARs/ works like a charm when
 creating a new WAR-File at appBase directory for the firsttime. If my
 application generates a updated version of the WAR-File while the Tomcat
 isn't running, the new WAR-File never gets unpacked. This behaviour is
 also described at:
 
*
 http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Automatic%20Application%20Deployment
 
 
/Note: If you re-deploy an updated WAR file while Tomcat is
stopped, be sure to delete the associated expanded directory
before restarting Tomcat, so that the updated WAR file will be
re-expanded when Tomcat restarts./
 
 Is there a workarround to re-deploy a updated WAR-File, while Tomcat is
 offline, without deleting folders manually?

The simplest is probably use unpackWARs=false

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [Embedded Tomcat 7] - Redeploy WAR File

[Dark Before Dawn]

Am 14.06.2011 01:01, schrieb Mark Thomas:

On 13/06/2011 23:57, Dark Before Dawn wrote:

Hi there!

I am running tomcat 7.0.14-embed with JavaSE-1.6 on a Windows7 machine.
/Autodeploy/, /DeployOnStartup/ and /UnpackWARs/ works like a charm when
creating a new WAR-File at appBase directory for the firsttime. If my
application generates a updated version of the WAR-File while the Tomcat
isn't running, the new WAR-File never gets unpacked. This behaviour is
also described at:

*
http://tomcat.apache.org/tomcat-6.0-doc/config/host.html#Automatic%20Application%20Deployment


/Note: If you re-deploy an updated WAR file while Tomcat is
stopped, be sure to delete the associated expanded directory
before restarting Tomcat, so that the updated WAR file will be
re-expanded when Tomcat restarts./

Is there a workarround to re-deploy a updated WAR-File, while Tomcat is
offline, without deleting folders manually?

The simplest is probably use unpackWARs=false

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org



Hi Mark,
that would be an option, but this could be a heavy footprint if 
WAR-Files grow in size?

Cheers

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6.0.18 clustering problem

[Mark Eggers]

- Original Message -

 From: Nilesh - MiKu niles...@directi.com
 To: users@tomcat.apache.org
 Cc: 
 Sent: Monday, June 13, 2011 8:36 AM
 Subject: Tomcat 6.0.18 clustering problem
 
 Hi people...
 
 Background :
 
 I have two nodes (say, n1 and n2) running 3 instances of tomcat (say t1, t2,
 t3), with n1 running t1, t3 and n2 running t2. (All running same
 application.). I want to make clustering for n1-t1 and n2-t2.
 
 Clustering cofig for n1-t1 is
 
 Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster
 channelSendOptions=8
 
 Manager className=org.apache.catalina.ha.session.DeltaManager
 expireSessionsOnShutdown=false 
 notifyListenersOnReplication=true/
 
 Channel 
 className=org.apache.catalina.tribes.group.GroupChannel
 Membership 
 className=org.apache.catalina.tribes.membership.McastService
 address=228.0.0.4
 port=45564
 frequency=500
 dropTime=3000/
 
 Receiver 
 className=org.apache.catalina.tribes.transport.nio.NioReceiver
 address=auto
 port=4000
 autoBind=100
 selectorTimeout=5000
 maxThreads=6/
 
 Sender
 className=org.apache.catalina.tribes.transport.ReplicationTransmitter
 Transport
 className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/
 /Sender
 
 Interceptor
 className=org.apache.catalina.tribes.group.interceptors.TcpPingInterceptor/
 Interceptor
 className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/
 Interceptor
 className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/
 /Channel
 
 Valve className=org.apache.catalina.ha.tcp.ReplicationValve
 filter=.*\.ico;.*\.gif;.*\.js;.*\.jpg;.*\.png;.*\.css;.*\.txt;/
 
 ClusterListener
 className=org.apache.catalina.ha.session.ClusterSessionListener/
 
 /Cluster
 
 Clustering cofig for n2-t2 is same as above
 
 n1-t3 has element Cluster commented and is not participating in 
 clustering
 at all. Its being used for some other special purpose.
 
 Here is what i get when i start the tomcat instance.
 
 Jun 11, 2011 9:26:18 AM org.apache.catalina.core.AprLifecycleListener init
 INFO: The APR based Apache Tomcat Native library which allows optimal
 performance in production environments was not found on the
 java.library.path: /usr/lib/jvm/jav
 a-1.6.0-sun-1.6.0.13/jre/lib/amd64/server:/usr/lib/jvm/java-1.6.0-sun-1.6.0.13/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-sun-1.6.0.13/jre/../lib/amd64:/usr/java/packages
 /lib/amd64:/lib:/usr/lib
 Jun 11, 2011 9:26:18 AM org.apache.coyote.http11.Http11Protocol init
 INFO: Initializing Coyote HTTP/1.1 on http-8080
 Jun 11, 2011 9:26:18 AM org.apache.catalina.startup.Catalina load
 INFO: Initialization processed in 446 ms
 Jun 11, 2011 9:26:18 AM org.apache.catalina.core.StandardService start
 INFO: Starting service Catalina
 Jun 11, 2011 9:26:18 AM org.apache.catalina.core.StandardEngine start
 INFO: Starting Servlet Engine: Apache Tomcat/6.0.18
 Jun 11, 2011 9:26:18 AM org.apache.catalina.ha.tcp.SimpleTcpCluster start
 INFO: Cluster is about to start
 Jun 11, 2011 9:26:18 AM org.apache.catalina.tribes.transport.ReceiverBase
 bind
 INFO: Receiver Server Socket bound to:/70.87.28.134:4000
 Jun 11, 2011 9:26:18 AM
 org.apache.catalina.tribes.membership.McastServiceImpl setupSocket
 INFO: Setting cluster mcast soTimeout to 500
 Jun 11, 2011 9:26:18 AM
 org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
 INFO: Sleeping for 1000 milliseconds to establish cluster membership, start
 level:4
 Jun 11, 2011 9:26:19 AM
 org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
 INFO: Done sleeping, membership established, start level:4
 Jun 11, 2011 9:26:19 AM
 org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
 INFO: Sleeping for 1000 milliseconds to establish cluster membership, start
 level:8
 Jun 11, 2011 9:26:20 AM
 org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers
 INFO: Done sleeping, membership established, start level:8
 Jun 11, 2011 9:26:20 AM org.apache.catalina.loader.WebappClassLoader
 validateJarFile
 INFO: validateJarFile(/opt/
 mail.pw/webapps/pw-mail/WEB-INF/lib/selenium-server-0.9.2-standalone.jar) -
 jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending
 class: javax/servlet/Servlet.class
 Jun 11, 2011 9:26:20 AM org.apache.catalina.loader.WebappClassLoader
 validateJarFile
 INFO: validateJarFile(/opt/
 mail.pw/webapps/pw-mail/WEB-INF/lib/servlet-api-2.5-6.1.11.jar) - jar not
 loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: ja
 vax/servlet/Servlet.class
 Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager start
 INFO: Register manager /pw-mail to cluster element Engine with name Catalina
 Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager start
 INFO: Starting clustering manager at /pw-mail
 Jun 11, 2011 9:26:21 AM org.apache.catalina.ha.session.DeltaManager
 getAllClusterSessions
 INFO: Manager [localhost#/pw-mail]: skipping state transfer. No members
 active in cluster group.
 Jun 11, 2011 

Re: One process per webapp

[cowwoc]

Hi Christopher,

  Assuming we simply use one webapp per Tomcat instance I'm still looking
for two changes:

* Restart the entire JVM on webapp redeploy (to avoid JNI and ClassLoader
problems)
* Faster webapp redeploys if the entire JVM is restarted. I'm aiming for one
second but currently we're at ten seconds.

Gili



Christopher Schultz-2 wrote:
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Gili,
 
 On 6/13/2011 1:07 PM, cowwoc wrote:
 I posted a RFE at
 https://issues.apache.org/bugzilla/show_bug.cgi?id=51366
 asking for the ability to seamlessly deploy webapps into separate JVMs.
 
 So you want Tomcat to have an option to run as a supervisor in one JVM
 and deploy webapps to separate JVMs?
 
 Tomcat 7.0's parallel deployment sounds nice but it still doesn't solve
 the
 JNI and memory leak problems that haunt a single JVM architecture.
 
 Parallel deployment is at once orthogonal to and the opposite of what
 you are requesting.
 
 Please read the proposal and let me know what you think.
 
 What single management interface are you describing in your
 enhancement comments? The Tomcat manager webapp? It's trivial to run a
 manager in each JVM and use that for deployment.
 
 If you know that your webapp needs to do things such as register a
 shared library on startup, you can do one of two things:
 
   1. Always bounce Tomcat directly instead of re-loading the webapp
   2. Fix the webapp so it doesn't bomb on startup when the library
  is already loaded
 
 Tomcat provides the manager webapp and ant tasks to access it, plus a
 toolbox of scripts to start/stop/etc. Tomcat. Your needs seem to be
 fairly specific... why not just roll your own solution?
 
 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
 iEYEARECAAYFAk32htcACgkQ9CaO5/Lv0PAGJwCaA020eDYhHSRmgVxALLLisG7z
 0zgAn1WDZNd+BRnJVD+C/kKUHh6KtotJ
 =o0Md
 -END PGP SIGNATURE-
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

-- 
View this message in context: 
http://old.nabble.com/One-process-per-webapp-tp31836121p31839136.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat 7.0.11 embedded does not load context.xml [SEC=UNCLASSIFIED]

[Fraser, James]

UNCLASSIFIED 

Hi, 

I am trying to embed Tomcat 7.0.11 into my standard web application.
This web application defines some Resource elements in
META-INF/context.xml - yet, Tomcat is not loading this file. 

tomcat = new Tomcat();
tomcat.setBaseDir(.);
tomcat.setPort(8084);
tomcat.addWebapp(/, System.getProperty(user.dir) +
/build/web);
tomcat.setHostname(localhost);
tomcat.enableNaming();
tomcat.start(); 

Causes the following error: 

javax.naming.NamingException: Cannot create resource instance
at
org.apache.naming.factory.ResourceEnvFactory.getObjectInstance(ResourceE
nvFactory.java:117)
at
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
at
org.apache.naming.NamingContext.lookup(NamingContext.java:826)
at
org.apache.naming.NamingContext.lookup(NamingContext.java:145)
at
org.apache.naming.NamingContext.lookup(NamingContext.java:814)
at
org.apache.naming.NamingContext.lookup(NamingContext.java:159)
at
dsto.adiib.ws.harmoniser.AdiibHarmoniser.init(AdiibHarmoniser.java:113
)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorA
ccessorImpl.java:39)
at
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingCons
tructorAccessorImpl.java:27)
at
java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at
com.sun.xml.ws.api.server.InstanceResolver.createNewInstance(InstanceRes
olver.java:215)
at
com.sun.xml.ws.api.server.InstanceResolver.createDefault(InstanceResolve
r.java:180)
at
com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.jav
a:123)
at
com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:505)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parseAdapters(D
eploymentDescriptorParser.java:253)
at
com.sun.xml.ws.transport.http.DeploymentDescriptorParser.parse(Deploymen
tDescriptorParser.java:147)
at
com.sun.xml.ws.transport.http.servlet.WSServletContextListener.contextIn
itialized(WSServletContextListener.java:124)

at
org.apache.catalina.core.StandardContext.listenerStart(StandardContext.j
ava:4681)
at
org.apache.catalina.core.StandardContext$1.call(StandardContext.java:518
4)
at
org.apache.catalina.core.StandardContext$1.call(StandardContext.java:517
9)
at
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecuto
r.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:908)
at java.lang.Thread.run(Thread.java:662) 

Line 113 of AdiibHarmoniser is like so: 

HarmoniserImplConfigBean harmoniserImplConfigBean =
(HarmoniserImplConfigBean)envCtx.lookup(beanName); 

This essentially loads some external beans for me. 

My context.xml looks like so: 

?xml version=1.0 encoding=UTF-8?
Context antiJARLocking=true path=/AdiibHarmoniser
  Resource auth=Container csdTypeComparatorValue=VIDEO
csdViewDataModel=NSIL_VIDEO_VIEW dibTextPath=//video
factory=org.apache.naming.factory.BeanFactory harmonise=true
harmoniserClassName=dsto.adiib.ws.harmoniser.FmvHarmoniser
name=bean/FmvFactory subscriptionId=adiibFmvHarmoniser
type=dsto.adiib.ws.harmoniser.HarmoniserImplConfigBean/

  Resource auth=Container csdTypeComparatorValue=IMAGERY
csdViewDataModel=NSIL_IMAGERY_VIEW dibTextPath=//nitf
factory=org.apache.naming.factory.BeanFactory harmonise=true
harmoniserClassName=dsto.adiib.ws.harmoniser.NitfHarmoniser
name=bean/NitfFactory subscriptionId=adiibNitfHarmoniser
type=dsto.adiib.ws.harmoniser.HarmoniserImplConfigBean/

/Context 

Using normal Tomcat (non embedded) everything works fine. I found a post
similar to my problem here:
http://stackoverflow.com/questions/5238451/jndi-jdbc-data-source-in-embe
dded-tomcat-7, yet this caused a followon exception.

java.lang.NoSuchMethodError:
org.apache.catalina.Context.setConfigFile(Ljava/lang/String;)V 

Any ideas? 

Kind Regards, 

James 

IMPORTANT: This email remains the property of the Department of Defence
and is subject to the jurisdiction of section 70 of the Crimes Act 1914.
If you have received this email in error, you are requested to contact
the sender and delete the email.