INFARM, IL SUPPORTO LOGISTICO ALLA RISTRUTTURAZIONE IN FARMACIA
div style=margin:0 auto; margin-top:15px; border:0px solid #ccc; padding-top:5px: Per rimuovere il tuo indirizzo email dalla mailing list e non ricevere questa newsletter clicca qui: http://farmacia.it/index.php?ACT=5id=qCNTpHSY0e /div
Re: getAllClusterSessions gives OptionalDataException
Op vrijdag, 8 juli 2011 21:55 schreef Christopher Schultz ch...@christopherschultz.net: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ronald, On 7/8/2011 5:33 AM, Ronald Klop wrote: After some fun with debugging Tomcat on my live server (because I couldn't reproduce it in test) it looks like a concurrency bug in my own code. D'oh. I think I modify a HashMap which is serialized in the session. For some reason I don't get a ConcurrentModificationException, but in the byte[] in DeltaManager.handleALL_SESSION_DATA I had a HashMap with size 5, but I only saw 4 elements which gave the OptionalDataException. I now use a synchronized map and don't see the exception anymore (after 1 day of testing, so I don't cheer too loud yet). Definitely get back to us with an update. It would be nice to know that this problem turned out to be caused by the webapp and not Tomcat in some way. - -chris Hi, Today we had to do an update during work hours and all sessions were ok. So I consider this OptionalDataException solved for me. It was a not synchronized Map in the session which is updated more frequently now than in the past and triggered a race condition now. Greetings and thanks for responses and tips, Ronald.
Re: Sticky Session Not Working With Apache 2.0.54 and Tomcat 7.0.8
On 13/07/2011 20:17, Christopher Schultz wrote: Mark, On 7/13/2011 3:12 PM, Mark Thomas wrote: On 13/07/2011 19:39, Lataxes, Karl wrote: We're not using cookies. Our application is not web based, but accepts HTTP PUTS via client requests that enter our network from external sources. We are not URL encoding, as our clients are not configured to accept it. If we have to include URL encoding, both our client and server applications will have to be modified accordingly, which may be an option. No cookies and no url encoding. OK. So how are requests associated with a session? +1 +1 Sounds like the OP is Doing It Wrong. You missed out the capitals (corrected above). ;) p signature.asc Description: OpenPGP digital signature
Re: Sticky Session Not Working With Apache 2.0.54 and Tomcat 7.0.8
On 14/07/2011 10:25, Pid wrote: On 13/07/2011 20:17, Christopher Schultz wrote: Mark, On 7/13/2011 3:12 PM, Mark Thomas wrote: On 13/07/2011 19:39, Lataxes, Karl wrote: We're not using cookies. Our application is not web based, but accepts HTTP PUTS via client requests that enter our network from external sources. We are not URL encoding, as our clients are not configured to accept it. If we have to include URL encoding, both our client and server applications will have to be modified accordingly, which may be an option. No cookies and no url encoding. OK. So how are requests associated with a session? +1 +1 Sounds like the OP is Doing It Wrong. You missed out the capitals (corrected above). ;) http://www.cafepress.com/cp/customize/product2.aspx?number=556022568 p signature.asc Description: OpenPGP digital signature
Re: Terminating Timer Thread Gracefully
On 14/07/2011 06:05, Terence M. Bandoian wrote: On 1:59 PM, Pid wrote: ATimerTask is a private instance in AServletContextListener, is this necessary and if so, why? What logic is contained in ATimerTask? Are you overriding TimerTask.cancel() and do you catch InterruptedException? p Hi, Pid- For the sake of clarity, I'll repeat this here: public class AServletContextListener implements ServletContextListener { private Timer timer; private ATimerTask timerTask; Yes, but why is the timerTask an instance field? Put another way, why is there a reference to it outside of the contextInitialized() method? public void contextInitialized( ServletContextEvent sce ) { if ( timer == null ) { Calendar firstRunTime; timer = new Timer( true ); timerTask = new ATimerTask(); firstRunTime = new GregorianCalendar(); firstRunTime.set( Calendar.HOUR_OF_DAY, 12 ); firstRunTime.set( Calendar.MINUTE, 0 ); firstRunTime.set( Calendar.SECOND, 0 ); firstRunTime.set( Calendar.MILLISECOND, 0 ); timer.scheduleAtFixedRate( timerTask, firstRunTime.getTime(), 1000 * 60 * 60 * 24 ); } } public void contextDestroyed( ServletContextEvent sce ) { if ( timer != null ) { timer.cancel(); timer.purge(); timer = null; timerTask = null; try { Thread.sleep( 1000 ); } catch ( InterruptedException ie ) { } } } } It isn't absolutely necessary but why would I make the ATimerTask reference anything but private? As above. The only reason to keep a handle on the task itself is if you're calling cancel on the task - but you aren't doing that. Maybe you should? The timer tasks in the application perform some very straightforward database and file system maintenance when their run methods are invoked that might take up to half a second each. None override the cancel method. All are scheduled to execute on a daily or weekly basis and none at even close to the same time of day. The timer.cancel() method doesn't interrupt or stop a running task immediately, it just prevents it from running again. Your timer creates as daemon threads - perhaps you could assign a name too, and then report (just for confirmation) that it is the expected thread name(s) Tomcat's complaining is still running? Also, while testing for ways to prevent the error message from being written to the logs, I commented out the run method bodies of the timer tasks so that they returned immediately and, given that I know the schedule, none of the timer tasks were executing when I stopped or restarted Tomcat. That reads (to me) like you're saying that if you comment out the run methods, everything is OK. Is this correct? p The InterruptedException is caught and logged if it occurs. I've never seen it in the logs. Thanks. -Terence - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
response headers missing ?
Hi. This is a bit of a side question, or let's say a question-by-proxy. I happen to be also subscribed to a support list for mod_perl, and someone there made the following comment as part of a post : quote We have 100+ web servers where apache fronts a separate tomcat server using mod_proxy. Sadly, the tomcat dev's forgot to set any caching headers in the HTTP response (either Expires, Last-Modified or Cache-control) so the sites are largely uncacheable by browsers and the various tomcats are becoming overloaded. unquote Do any of the dev's here have a comment to make ? (sadly, the mod_perl OP failed to provide any version information so far). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: response headers missing ?
2011/7/14 André Warnier a...@ice-sa.com: Hi. This is a bit of a side question, or let's say a question-by-proxy. I happen to be also subscribed to a support list for mod_perl, and someone there made the following comment as part of a post : quote We have 100+ web servers where apache fronts a separate tomcat server using mod_proxy. Sadly, the tomcat dev's forgot to set any caching headers in the HTTP response (either Expires, Last-Modified or Cache-control) so the sites are largely uncacheable by browsers and the various tomcats are becoming overloaded. unquote (sadly, the mod_perl OP failed to provide any version information so far). AFAIK, DefaultServlet sets those headers, as well as ETag. For JSP files or Servlets adding the headers is responsibility of their authors. Well, usually JSPs and servlets have varying info and thus do not need caching (or may have some time-limited caching, like 1 minute, or 10 seconds). I think there was a filter somewhere, that can add those headers. I think UrlRewriteFilter can be set up to add them as well. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: response headers missing ?
On 14/07/2011 11:29, André Warnier wrote: Hi. This is a bit of a side question, or let's say a question-by-proxy. I happen to be also subscribed to a support list for mod_perl, and someone there made the following comment as part of a post : quote We have 100+ web servers where apache fronts a separate tomcat server using mod_proxy. Sadly, the tomcat dev's forgot to set any caching headers in the HTTP response (either Expires, Last-Modified or Cache-control) so the sites are largely uncacheable by browsers and the various tomcats are becoming overloaded. unquote I'd ask the OP to back that up with an explanation and some proof, contrary to the below: Request URL:http://localhost:8081/tomcat.png Request Method:GET Status Code:304 Not Modified Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3 Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Cache-Control:max-age=0 Connection:keep-alive Host:localhost:8081 If-Modified-Since:Sat, 02 Jul 2011 21:38:58 GMT If-None-Match:W/5103-1309642738000 User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1 Date:Thu, 14 Jul 2011 10:35:31 GMT ETag:W/5103-1309642738000 Server:Apache-Coyote/1.1 p Do any of the dev's here have a comment to make ? (sadly, the mod_perl OP failed to provide any version information so far). signature.asc Description: OpenPGP digital signature
Re: response headers missing ?
On 14/07/2011 11:29, André Warnier wrote: Hi. This is a bit of a side question, or let's say a question-by-proxy. I happen to be also subscribed to a support list for mod_perl, and someone there made the following comment as part of a post : quote We have 100+ web servers where apache fronts a separate tomcat server using mod_proxy. Sadly, the tomcat dev's forgot to set any caching headers in the HTTP response (either Expires, Last-Modified or Cache-control) so the sites are largely uncacheable by browsers and the various tomcats are becoming overloaded. unquote Do any of the dev's here have a comment to make ? Sadly, the mod_perl OP forget to do any research (such as requesting Tomcat's homepage and reading the headers) so my response is largely unprintable in polite society and the various Tomcat devs are becoming under impressed. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AJP-APR failures on Tomcat 7.0.16 with ISAPI Redirector 1.2.32
eurotrans-Verlag wrote: Hi Rainer, -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Thursday, July 14, 2011 12:17 AM At least there was trouble about Java2D for several users in the past. One such issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=41772 http://nerd.dk/blogs/bug-tomcat-or-java2d but you might find more. Regards, Rainer Thanks. In the meantime, I also came to that conclusion and replaced all instances of ImageIO.write(img, PNG, response.getOutputStream()) in my servlets/webapps with something like ByteArrayOutputStream bout = new ByteArrayOutputStream(); ImageIO.write(img, PNG, bout); bout.writeTo(response.getOutputStream()); so that the ImageIO never sees the real OutputStream, and it seems to work fine (no more IllegalStateExceptions or wrong message format errors in the isapi log when using AJP-APR). Is that a good practice (using ByteArrayOutputStream, then copy it to the response) to dynamically generate Images and serve them to the clients? Also, is there any hint to this on the Tomcat documentation/wiki? Because I don't think it would be unusual to dynamically generate images and serve them to clients using the ImageIO, and I think it could be a bit frustrating to find the actual problem if one doesn't know this. As a comment purely from a general programming point of view, not a Java/Tomcat programming point of view : I am not familiar with the ByteArrayOutputStream, but from your usage of it above it seems to be a buffer in memory to which one can write, and with a special writeTo method which must be an efficient way to copy its contents to another stream. If so, whether it is good practice or not would depend entirely on your particular circumstances : the size of the images you are handling this way, the number of simultaneous requests which you are handling, how much memory you have to play with, and how fast your CPU is. It is sometimes surprising to make the calculation. By writing an image first to a memory buffer, you use up the additional memory of that buffer, which is equal to the output size of your image, plus the overhead of the ByteArrayOutputStream structure. So let's use some totally arbitrary parameters, just for the sake of an example : - let's say that ByteArrayOutputStream has 50% overhead. So to store 250 KB of data, in reality uses up 375 KB of RAM - you serve up to 100 basic browser page requests at a time (that is, the base html pages which include the images) - each such page contains 4 (links to) images - each image is on average 250 KB in size (a small jpeg) - the browsers themselves, when finding image links in a page, will issue up to 4 simultaneous requests for those images (the last time I looked, quite a long time ago, browsers only requested 2 things in parallel, but they might have improved since) So you could in theory have 400 simultaneous requests, for 400 images, each 250 KB in size. Thus your Tomcat server (supposing it can handle 400 threads at a time) would be creating 400 instances of ByteArrayOutputStream, and - first filling them up until they reach 250 KB of data - then copying this data back onto the Response output stream - then discarding the ByteArrayOutputStream So, compared to using the Response output stream directly, you would now use an additional (375 KB X 400) = 150,000 KB = about 150 MB additional Heap space That seems reasonable to me. But of course it would be a problem if you are currently running Tomcat with a 128 MB heap. Or if your images, instead of being 250 KB on average, would be 250 MB. Or if filling up - and reading back - the ByteArrayOutputStream was very inefficient and used up all your CPU time. On the other hand, the alternative is to have broken responses, so it may be better to add some RAM to the system. Note: the above calculation is probably quite questionable. But it provides a quick estimate, that may be roughly within a factor 10 of reality. I use this often at the beginning of a project, to at least get an idea whether something seems reasonable/feasible, or is totally off-kilter. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: response headers missing ?
Mark Thomas wrote: On 14/07/2011 11:29, André Warnier wrote: Hi. This is a bit of a side question, or let's say a question-by-proxy. I happen to be also subscribed to a support list for mod_perl, and someone there made the following comment as part of a post : quote We have 100+ web servers where apache fronts a separate tomcat server using mod_proxy. Sadly, the tomcat dev's forgot to set any caching headers in the HTTP response (either Expires, Last-Modified or Cache-control) so the sites are largely uncacheable by browsers and the various tomcats are becoming overloaded. unquote Do any of the dev's here have a comment to make ? Sadly, the mod_perl OP forget to do any research (such as requesting Tomcat's homepage and reading the headers) so my response is largely unprintable in polite society and the various Tomcat devs are becoming under impressed. Wooaw. It was not my intention to start an inter-Apache-list war here, so I have a couple of things to add : 1) reading the next post of the original mod_perl poster, it has become clear to me that what he meant by the tomcat dev's was not The Tomcat Dev's. He obviously meant the dev's who developed the applications running under Tomcat. And he was not talking about static pages, it is more complicated than that. So you can all get back to being your usual serene and competent helpful selves again. 2) to further dispel the issue, here is the second post by the same OP. (I also have to add that I am quoting all this without permission, and it was just by curiosity). quote ... Assuming that what you say about Tomcat is true (I don't know, and it may be worth asking this on the Tomcat list), I can think of another way to achieve what you seem to want : if you can distinguish, from the request URL (or any other request property), the requests that are for invariant things, then you could arrange to /not/ proxy these requests to Tomcat, and serve them directly from Apache httpd. Indeed that is a good idea. We are doing that for new projects for css and js files (apache does not proxy certain paths and picks these up from the local filesystem). We can't do that for the 100 odd legacy servers as no-one has time o delve into the java/JSP code. I need to do something outside of tomcat where possible. Just to explain, each web server is a paid-for project - and when it's done, it sits there for 5+ years. Only I have the time/inclination to fix this as it's killing my VMWare infrastructure. Because the sites are all fronted by apache in a similar way, one solution is likely to apply to most of the sites. I would also add that most of the sites are dynamically driven pages, even involving MySQL querying, but once launched, the data remains fairly static - eg GET X will always resolve to reponse Y. I'm planning a small seminar on the value of Cache-Control for my dev colleagues so they can stop making this mistake ;- But that still leaves a lot of done projects to fix. Which proxying method exactly are you using between Apache and Tomcat ? (if you are using mod_proxy, then you are either using mod_proxy_http or mod_proxy_ajp; you could also consider using mod_jk). mod_proxy_http specifically. mod_jk looks interesting for new projects (we have local tomcats for those now) - I think it may be a non-starter for old stuff as trying to retro fit it may not be so simple (our older tomcat servers are in a remote farm on their own machines hence the use of mod_proxy_http). Also, what are the versions of Apache and Tomcat that you are using ? Apache 2.2 (various sub versions) and both tomcat 5.5 and tomcat 6 (but all on remote machines listening on TCP sockets). I think for this problem, I have to treat tomcat as a little, rather inefficient, black box and try to fixup on the apache front ends, hence the direction of my original idea... unquote .. and I am sure that he does not *really* mean it either, like he says in that last phrase. One interesting suggestion here was to use the URLRewriteFilter. I will pass that on to the mod_perl OP. Thanks for your answers, and peace to all. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Pool and XA datasource
Fabulous doc - thanks Filip! The examples are very helpful and that's the most thorough description of the pool options available. I've yet to test the XA commit/rollback functionality, but the pool itself is up now. Thanks for your assistance, it was extremely helpful. Cheers, Chris -Original Message- From: Filip Hanik - Dev Lists [mailto:devli...@hanik.com] Sent: Wednesday, July 13, 2011 3:47 PM To: Tomcat Users List Subject: Re: Tomcat Pool and XA datasource you've misconfigured it. the driverClassName would have to be a driver. Using XA data sources needs to create the datasource for those connections first. There is an example towards the bottom of http://www.tomcatexpert.com/blog/2010/04/01/configuring-jdbc-pool-high-concurrency Filip On 7/12/2011 6:27 AM, Siemback, Chris wrote: Hello all, Has anyone ever been able to successfully setup an Oracle XA datasource using the newer Tomcat Pool and running Tomcat 7? It appears the Tomcat Pool is attempting to cast the oracle XA data source to a java.sql.Driver - which it isn't. This needs to be an XA datasource. Anyone have luck with this - no working examples that I can find? Here's the versions/info/error: Software: Tomcat 7.0.16 Tomcat Pool 1.1.0.1 http://people.apache.org/~fhanik/jdbc-pool/v1.1.0.1/apache-tomcat-jdbc-1.1.0.1-bin.zip Oracle 11 (ojdbc6.jar) Context.xml contents: Resource auth=Container type=javax.sql.XADataSource factory=org.apache.tomcat.jdbc.pool.DataSourceFactory driverClassName=oracle.jdbc.xa.client.OracleXADataSource name=jdbc/mydatabase username=username password=password url=jdbc:oracle:thin:@localhost:1521:XE / Exception: SEVERE: Servlet.service() for servlet [jsp] in context with path [] threw exception [javax.servlet.ServletException: javax.naming.NamingException: oracle.jdbc.xa.client.OracleXADataSource cannot be cast to java.sql.Driver] with root cause javax.naming.NamingException: oracle.jdbc.xa.client.OracleXADataSource cannot be cast to java.sql.Driver at org.apache.naming.NamingContext.lookup(NamingContext.java:843) at org.apache.naming.NamingContext.lookup(NamingContext.java:145) at org.apache.naming.NamingContext.lookup(NamingContext.java:814) at org.apache.naming.NamingContext.lookup(NamingContext.java:145) at org.apache.naming.NamingContext.lookup(NamingContext.java:814) at org.apache.naming.NamingContext.lookup(NamingContext.java:145) at org.apache.naming.NamingContext.lookup(NamingContext.java:814) at org.apache.naming.NamingContext.lookup(NamingContext.java:159) at org.apache.naming.SelectorContext.lookup(SelectorContext.java:158) at javax.naming.InitialContext.lookup(InitialContext.java:392) at org.apache.jsp.jdbc_jsp._jspService(jdbc_jsp.java:69) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:419) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:389) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:333) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:164) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:563) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:403) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:286) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:272) at
mod_jk under RedHat ?
Hi. Would anyone happen to know the package name of the mod_jk binary package under RedHat Linux Enterprise 6 ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: AJP-APR failures on Tomcat 7.0.16 with ISAPI Redirector 1.2.32
Hi André, -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Thursday, July 14, 2011 1:00 PM To: Tomcat Users List Subject: Re: AJP-APR failures on Tomcat 7.0.16 with ISAPI Redirector 1.2.32 As a comment purely from a general programming point of view, not a Java/Tomcat programming point of view : I am not familiar with the ByteArrayOutputStream, but from your usage of it above it seems to be a buffer in memory to which one can write, and with a special writeTo method which must be an efficient way to copy its contents to another stream. If so, whether it is good practice or not would depend entirely on your particular circumstances : the size of the images you are handling this way, the number of simultaneous requests which you are handling, how much memory you have to play with, and how fast your CPU is. It is sometimes surprising to make the calculation. (...) So, compared to using the Response output stream directly, you would now use an additional (375 KB X 400) = 150,000 KB = about 150 MB additional Heap space That seems reasonable to me. But of course it would be a problem if you are currently running Tomcat with a 128 MB heap. Or if your images, instead of being 250 KB on average, would be 250 MB. Or if filling up - and reading back - the ByteArrayOutputStream was very inefficient and used up all your CPU time. On the other hand, the alternative is to have broken responses, so it may be better to add some RAM to the system. Thanks for your long response. Your assumption about ByteArrayOutputStream is correct: It buffers the contents written to it in a byte array, which automatically grows if its capacity is exceeded, by factor 2. However I think the memory is not a big issue here, because the data that is written to the ByteArrayOutputStream is the compressed version of an image that is already in RAM, and that is usually much bigger than the compressed form. For example, when I have a BufferedImage of 800x600 pixel and 24 bit per pixel (TYPE_INT_RGB), it consumes 800*600*3 bytes = 1,37 MiB in memory. The size of the compressed form varies from file type (JPEG, PNG, ...) and the contents of the image, but if I would save it as JPEG for example, it will only take about 200 KiB, which is much less than the uncompressed form in the memory. An alternative that I could imagine, would be to create a class (that has a boolean flag) which extends OutputStream, and decorates another OutputStream that is given to the class in the constructor (that would be the OutputStream from the servlet's response). This class would pass all calls to it to the other OutputStream (as long as the flag is true), and as soon as close() or another special method is called, it sets the flag to false, which causes all other methods to do nothing (or throw an IOException). That way, Tomcat's OutputStream would also be protected from future calls from the ImageIO. I agree that this behavior of the ImageIO is very strange (flushing the OutputStream when the ImageWriter gets garbage-collected, if an IOException was thrown when the IIO previously tried to write to the stream). However, it seems also a bit strange to me that Tomcat is recycling OutputStreams, because in my understanding, once an OutputStream is closed, it should be impossible to do any further write() calls to it. May I ask, what is the particular reason for Tomcat to recycle OutputStreams? Thanks! Regards, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Session cookie max age
Thanks for the info on the doctype, I will look into that. Version information: Server version: Apache Tomcat/7.0.14 Server built: May 9 2011 10:40:56 Server number: 7.0.14.0 For your issue #1, that's the entire reason I was asking. Since its a session cookie I was curious as to why the max age isn't updated to reflect the current state of the session. -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Wednesday, July 13, 2011 8:55 PM To: Tomcat Users List Subject: Re: Session cookie max age 2011/7/14 Josh Simmons josh.simm...@colinx.com: Our web.xml file minus listeners and servlet config. I also removed some taglib definitions. ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; Eh... remove the above. It isn't servlet 2.3 webapp, isn't it? web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version=3.0 If you'll add the following line into conf/catalina.properties, Tomcat will validate your web.xml file according to the schema: org.apache.catalina.STRICT_SERVLET_COMPLIANCE=true [http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html] You are not saying what release of Tomcat 7.0.x you are using. AFAIK, 1) Tomcat won't send Set-Cookie when session id is already known (either from this webapp or from webapp on its parent path such as ROOT). See code that calls o.a.c.core.ApplicationSessionCookieConfig#createSessionCookie(..) 2) The Cookie header sent by the web browser does not include neither Path nor Expires/Max-Age values. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: response headers missing ?
Am 14.07.2011 13:25, schrieb André Warnier: Mark Thomas wrote: On 14/07/2011 11:29, André Warnier wrote: Hi. This is a bit of a side question, or let's say a question-by-proxy. ... I think for this problem, I have to treat tomcat as a little, rather inefficient, black box and try to fixup on the apache front ends, hence the direction of my original idea... If you have no chance to get these applications fixed - keep it this way. Treat the tomcat as black box and add cache-control headers on the apache-frontend where possible. Use Location(Match) and mod_headers to append whatever is needed to the server response to make it browser-cachable Stefan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Passing user id from web page to tomcat webapp
I have a situation where my users will be logging into their pages on an IIS 5 web server, which authenticates them with their user ID and password as configured in IIS. This works fine. Now I need to add some new functionality to the web site that will be using my tomcat webapp, and I don't want them to have to authenticate again in my app, so I'm trying to figure out how to pass the user ID from the web page on IIS, to my webapp. I thought request.getRemoteUser() would do it, but that's returning null, rather than the loggged-in user ID. Here's what I have so far: The web page on IIS has a simple form to ask for an input, which is needed by the webapp's Servlet (EddSrvConfig): form name=frmSiteSelect action=http://TC server/EddSrv/EddSrvConfig method=GET input type=hidden name=txtCompany value=90555 LABEL for=txtSiteIDSite: /LABEL INPUT type=text name=txtLocation INPUT type=submit name=butGetCharts value=Get charts /form When I debug on the TC side, I get the request, and the parameters from the input controls are there, but I don't get a user ID. How can I do that? Do I need a different kind of call than a GET? A different method than .getRemoteUser() in my webapp? Or what? Thanks! Dave - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Passing user id from web page to tomcat webapp
David, You might try the following, instead of getRemoteUser, as we use this to get the USERID from IIS. I inherited this code so I really can't speak to it a lot but it's working. Regards. ' get user ID from header ** XUserID = Request.ServerVariables(AUTH_USER) L=Len(XUserID) if L 0 then Pos = InStr( XUserID,\) if Pos 0 then ID = Right(XUserID,(L-Pos) ) strUserID = ID end if else strUserID = XUserID end if isUserID = strUserID -Original Message- From: David kerber [mailto:dcker...@verizon.net] Sent: Thursday, July 14, 2011 8:08 AM To: Tomcat Users List Subject: Passing user id from web page to tomcat webapp I have a situation where my users will be logging into their pages on an IIS 5 web server, which authenticates them with their user ID and password as configured in IIS. This works fine. Now I need to add some new functionality to the web site that will be using my tomcat webapp, and I don't want them to have to authenticate again in my app, so I'm trying to figure out how to pass the user ID from the web page on IIS, to my webapp. I thought request.getRemoteUser() would do it, but that's returning null, rather than the loggged-in user ID. Here's what I have so far: The web page on IIS has a simple form to ask for an input, which is needed by the webapp's Servlet (EddSrvConfig): form name=frmSiteSelect action=http://TC server/EddSrv/EddSrvConfig method=GET input type=hidden name=txtCompany value=90555 LABEL for=txtSiteIDSite: /LABEL INPUT type=text name=txtLocation INPUT type=submit name=butGetCharts value=Get charts /form When I debug on the TC side, I get the request, and the parameters from the input controls are there, but I don't get a user ID. How can I do that? Do I need a different kind of call than a GET? A different method than .getRemoteUser() in my webapp? Or what? Thanks! Dave - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
David kerber wrote: I have a situation where my users will be logging into their pages on an IIS 5 web server, which authenticates them with their user ID and password as configured in IIS. This works fine. Now I need to add some new functionality to the web site that will be using my tomcat webapp, and I don't want them to have to authenticate again in my app, so I'm trying to figure out how to pass the user ID from the web page on IIS, to my webapp. I thought request.getRemoteUser() would do it, but that's returning null, rather than the loggged-in user ID. You need to specify what you use to forward requests from IIS to Tomcat. If you are using Isapi_Redirect, then set the attribute tomcatAuthentication to false in the Tomcat AJP Connector (in server.xml). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
Savoy, Melinda wrote: David, You might try the following, instead of getRemoteUser, as we use this to get the USERID from IIS. I inherited this code so I really can't speak to it a lot but it's working. Regards. ' get user ID from header ** XUserID = Request.ServerVariables(AUTH_USER) L=Len(XUserID) if L 0 then Pos = InStr( XUserID,\) if Pos 0 then ID = Right(XUserID,(L-Pos) ) strUserID = ID end if else strUserID = XUserID end if isUserID = strUserID Melinda, *where* is that thing working ? It doesn't look like any Java code to me .. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
On 7/14/2011 9:50 AM, André Warnier wrote: David kerber wrote: I have a situation where my users will be logging into their pages on an IIS 5 web server, which authenticates them with their user ID and password as configured in IIS. This works fine. Now I need to add some new functionality to the web site that will be using my tomcat webapp, and I don't want them to have to authenticate again in my app, so I'm trying to figure out how to pass the user ID from the web page on IIS, to my webapp. I thought request.getRemoteUser() would do it, but that's returning null, rather than the loggged-in user ID. You need to specify what you use to forward requests from IIS to Tomcat. If you are using Isapi_Redirect, then set the attribute tomcatAuthentication to false in the Tomcat AJP Connector (in server.xml). I'm not forwarding at all. The call to tomcat from the IIS page is just the action parameter of the form. The only connector is the standard http 1.1 connector. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk question about lingering close_waits
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 7/13/2011 5:16 PM, André Warnier wrote: 1) this is the right list for Apache/Tomcat connectors (mod_jk among them) Yes. When the question is about mod_proxy_ajp, we usually try our best but defer to the Apache httpd user's list when things get too hairy. This /is/ the right place for mod_jk questions. 2) a question : do these CLOSE_WAIT sockets bother you for some specific reason ? In a totally different context, I have had problems with Linux systems when hundreds of such sockets accumulated over time (entire TCP stack becoming unresponsive at some point), but they do not seem to have an impact when the number remains reasonable (below one hundred or so). +1 The question is why the AJP connections are being terminated in the first place. AJP expects to have a persistent connection, and usually doesn't shut them down. Do you have a firewall between the web server and Tomcat? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4e+F0ACgkQ9CaO5/Lv0PDbTQCgpIBnfoETXAqz77YBzX0SOkQo HxIAoI4kwXcvaQmarcaVNVlHzGq+9LO9 =NjPY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Sticky Session Not Working With Apache 2.0.54 and Tomcat 7.0.8
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 7/14/2011 5:45 AM, Pid wrote: http://www.cafepress.com/cp/customize/product2.aspx?number=556022568 $21? boo... - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4e+P0ACgkQ9CaO5/Lv0PDZ7gCgpaSQIg653F1mc4voYmpDT8Rs cKcAoIB9PsUouVmvf4/t7TvYyoo+6aLf =RXR3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
On 7/14/2011 10:00 AM, André Warnier wrote: Savoy, Melinda wrote: David, You might try the following, instead of getRemoteUser, as we use this to get the USERID from IIS. I inherited this code so I really can't speak to it a lot but it's working. Regards. ' get user ID from header ** XUserID = Request.ServerVariables(AUTH_USER) L=Len(XUserID) if L 0 then Pos = InStr( XUserID,\) if Pos 0 then ID = Right(XUserID,(L-Pos) ) strUserID = ID end if else strUserID = XUserID end if isUserID = strUserID Melinda, *where* is that thing working ? It doesn't look like any Java code to me .. It's VB (I recognize it). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
On 14/07/2011 15:04, David kerber wrote: On 7/14/2011 9:50 AM, André Warnier wrote: David kerber wrote: I have a situation where my users will be logging into their pages on an IIS 5 web server, which authenticates them with their user ID and password as configured in IIS. This works fine. Now I need to add some new functionality to the web site that will be using my tomcat webapp, and I don't want them to have to authenticate again in my app, so I'm trying to figure out how to pass the user ID from the web page on IIS, to my webapp. I thought request.getRemoteUser() would do it, but that's returning null, rather than the loggged-in user ID. You need to specify what you use to forward requests from IIS to Tomcat. If you are using Isapi_Redirect, then set the attribute tomcatAuthentication to false in the Tomcat AJP Connector (in server.xml). I'm not forwarding at all. The call to tomcat from the IIS page is just the action parameter of the form. The only connector is the standard http 1.1 connector. If their username password really is configured in IIS, were you hoping that Tomcat would magically interface with that? :s Tomcat 7 has SPNEGO support, which might enable cross-server SSO, but I'm speculating there. p signature.asc Description: OpenPGP digital signature
RE: Passing user id from web page to tomcat webapp
Looks like ASP code. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Thursday, July 14, 2011 9:01 AM To: Tomcat Users List Subject: Re: Passing user id from web page to tomcat webapp Savoy, Melinda wrote: David, You might try the following, instead of getRemoteUser, as we use this to get the USERID from IIS. I inherited this code so I really can't speak to it a lot but it's working. Regards. ' get user ID from header ** XUserID = Request.ServerVariables(AUTH_USER) L=Len(XUserID) if L 0 then Pos = InStr( XUserID,\) if Pos 0 then ID = Right(XUserID,(L-Pos) ) strUserID = ID end if else strUserID = XUserID end if isUserID = strUserID Melinda, *where* is that thing working ? It doesn't look like any Java code to me .. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk under RedHat ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/14/2011 8:06 AM, André Warnier wrote: Would anyone happen to know the package name of the mod_jk binary package under RedHat Linux Enterprise 6 ? I don't have a RHL box handy, but could it just be mod_jk? This page has a link to an (old, presumably) RPM: http://www.redhat.com/archives/enterprise-watch-list/2007-March/msg1.html - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4e/HwACgkQ9CaO5/Lv0PAl9QCdF2UlysQArBztxqxkLzDp50gr gD8An28M+h8UOoYWACSqywkRQbSA8Rne =d6cQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Sticky Session Not Working With Apache 2.0.54 and Tomcat 7.0.8
On 14/07/2011 15:11, Christopher Schultz wrote: Pid, On 7/14/2011 5:45 AM, Pid wrote: http://www.cafepress.com/cp/customize/product2.aspx?number=556022568 $21? boo... I couldn't change the price... s signature.asc Description: OpenPGP digital signature
Re: Session cookie max age
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Konstantin, On 7/13/2011 8:54 PM, Konstantin Kolinko wrote: AFAIK, 1) Tomcat won't send Set-Cookie when session id is already known (either from this webapp or from webapp on its parent path such as ROOT). That would sound like a bug. If the session cookie's expiration date is not -1, then it needs to be updated with every response, no? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4e/OkACgkQ9CaO5/Lv0PB4dQCfbDGqkJiZyIZI59PaQtCx3wY8 lawAmwQvEr5YdXStxsNwEW8E1JeYCuMD =HSIJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
David kerber wrote: On 7/14/2011 9:50 AM, André Warnier wrote: David kerber wrote: I have a situation where my users will be logging into their pages on an IIS 5 web server, which authenticates them with their user ID and password as configured in IIS. This works fine. Now I need to add some new functionality to the web site that will be using my tomcat webapp, and I don't want them to have to authenticate again in my app, so I'm trying to figure out how to pass the user ID from the web page on IIS, to my webapp. I thought request.getRemoteUser() would do it, but that's returning null, rather than the loggged-in user ID. You need to specify what you use to forward requests from IIS to Tomcat. If you are using Isapi_Redirect, then set the attribute tomcatAuthentication to false in the Tomcat AJP Connector (in server.xml). I'm not forwarding at all. The call to tomcat from the IIS page is just the action parameter of the form. The only connector is the standard http 1.1 connector. Ah, ok, I missed that. That's another thing altogether. So what is happening is this : a) user calls a page from IIS b) IIS delivers the page to the user's browser. The page contains a form. c) user posts the form directly to Tomcat (without going through IIS). d) Tomcat gets a normal POST request, directly from the user's browser. So on the last leg (c+d), there is nothing that IIS can do to add the user-id, it is not in the loop. So you have to convice the user's browser to send the logged-in user-id to Tomcat. The only way I can see of doing that in this simplistic scenario is relatively simple, but *extremely insecure* : At step (b) above, have the IIS application which generates that html page, insert a form field like the following in the form : input type=hidden name=userid value=*** where ** is the IIS user-id. The IIS user-id can be obtained (on the IIS side) by code such as the one Melinda posted. Then when the browser posts the form to Tomcat, there will be an additional POST parameter userid containing the user-id. Now again, the extreme insecurity : - userA requests the form from IIS - he gets a form with a hidden input containing the value userA. So far, no problem. - he saves this form, edits it, and replaces userA by userB (his boss'es userid) - he posts that form to Tomcat Result #1 : in your Tomcat app, he is now considered as userB. Result #2 : if there is ever a security audit, you're dead - How it should be done : There are essentially 2 ways : 1) have the form posted back to IIS, and have IIS proxy (forward) this call to Tomcat, with IIS adding the IIS-authenticated user-id on the way 2) install additional logic in Tomcat, to allow Tomcat to authenticate the user (automatically) with the Windows domain (just like IIS itself does). That can be done in several ways, all of them requiring some serious configuration work. You can use : - the newly-released authenticator Valve (?) available in Tomcat 7 - the Waffle software (look up in Google) - the commercial Jespa software (www.ioplex.com) - (there may be others which I do not know) All of the above suppose that your Tomcat is running on a computer that is itself within the Windows domain (or can be made part of it). So they will not work if the user workstations are inside the Windows domain, but the Tomcat server is outside on the Internet for example. (But that also can be solved, ask if you need this.) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: response headers missing ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 7/14/2011 6:37 AM, Pid wrote: I'd ask the OP to back that up with an explanation and some proof, contrary to the below: Can you clarify this? It looks like request and response headers jumbled together. Request URL:http://localhost:8081/tomcat.png Request Method:GET Status Code:304 Not Modified ^^^ Looks like start of response. Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3 Accept-Encoding:gzip,deflate,sdch Accept-Language:en-US,en;q=0.8 Cache-Control:max-age=0 Connection:keep-alive Host:localhost:8081 If-Modified-Since:Sat, 02 Jul 2011 21:38:58 GMT If-None-Match:W/5103-1309642738000 User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.803.0 Safari/535.1 ^^^ Definitely client headers. Date:Thu, 14 Jul 2011 10:35:31 GMT ETag:W/5103-1309642738000 Server:Apache-Coyote/1.1 ^^^ Definitely response headers. Neither Expires nor Last-Modified nor Cache-Control appear in the response headers, which was the original complaint. One could argue that Etag is a proxy/replacement for Expires and Last-Modified. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4e/fsACgkQ9CaO5/Lv0PD+ogCdEaesU28FzNXO2EIvrc6PnHYk Ly0AnAgOuc5FijuNHjgiwMZ+M6r/g4wb =LeW+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk under RedHat ?
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/14/2011 8:06 AM, André Warnier wrote: Would anyone happen to know the package name of the mod_jk binary package under RedHat Linux Enterprise 6 ? I don't have a RHL box handy, but could it just be mod_jk? I don't think so. This is for a customer, to which I asked to install mod_jk on their RHEL6 system. The sysadmin just sent me a message asking what mod_jk was, as he could not find it on the RedHat repository. I don't have a copy of RHEL6, that's why I'm asking. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
On 7/14/2011 10:20 AM, Pid wrote: On 14/07/2011 15:04, David kerber wrote: On 7/14/2011 9:50 AM, André Warnier wrote: David kerber wrote: I have a situation where my users will be logging into their pages on an IIS 5 web server, which authenticates them with their user ID and password as configured in IIS. This works fine. Now I need to add some new functionality to the web site that will be using my tomcat webapp, and I don't want them to have to authenticate again in my app, so I'm trying to figure out how to pass the user ID from the web page on IIS, to my webapp. I thought request.getRemoteUser() would do it, but that's returning null, rather than the loggged-in user ID. You need to specify what you use to forward requests from IIS to Tomcat. If you are using Isapi_Redirect, then set the attribute tomcatAuthentication to false in the Tomcat AJPConnector (in server.xml). I'm not forwarding at all. The call to tomcat from the IIS page is just the action parameter of the form. The only connector is the standard http 1.1 connector. If their username password really is configured in IIS, were you hoping that Tomcat would magically interface with that? :s No, I was just hoping that some request header or parameter with the user name would be carried over when the call was made to the servlet, but it's not doing so. I don't need to fully authenticate them again, but do need their user ID. Any other suggestions, or am I going to have to go a different route? Tomcat 7 has SPNEGO support, which might enable cross-server SSO, but I'm speculating there. I'll see if that might help; I've never heard of it. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: response headers missing ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 7/14/2011 7:25 AM, André Warnier wrote: quote [...] I would also add that most of the sites are dynamically driven pages, even involving MySQL querying, but once launched, the data remains fairly static - eg GET X will always resolve to reponse Y. [...] I think for this problem, I have to treat tomcat as a little, rather inefficient, black box and try to fixup on the apache front ends, hence the direction of my original idea... unquote One interesting suggestion here was to use the URLRewriteFilter. I will pass that on to the mod_perl OP. If the OP is willing to get into the Java world, it might be easier to write a simpler filter, since I think URLRewriteFilter expects to, you know, re-write the request and not just add headers. If GET X always returns response Y, then a simple use of mod_headers ought to do the trick with no mucking-around in Java. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4e/2MACgkQ9CaO5/Lv0PD1zACgtXolM2lOnqrhvkIK78eGw1rV d6sAoJfqDk53cBVyDQ2tTXJlqbui7GNz =Fxm3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session cookie max age
2011/7/14 Christopher Schultz ch...@christopherschultz.net: Konstantin, On 7/13/2011 8:54 PM, Konstantin Kolinko wrote: AFAIK, 1) Tomcat won't send Set-Cookie when session id is already known (either from this webapp or from webapp on its parent path such as ROOT). That would sound like a bug. If the session cookie's expiration date is not -1, then it needs to be updated with every response, no? I cannot say without reading the letter of the spec. 1) Updating it with every response sounds lame. 2) max-age value should be consistent between all web applications that might share the session cookie. Otherwise there will be inconsistencies and breakages. 3) I think that there might be use case when max age is greater than zero, but app owner does not want to send it with each response. Is SSO cookie updated with each response? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
David kerber wrote: ... Tomcat 7 has SPNEGO support, which might enable cross-server SSO, but I'm speculating there. I'll see if that might help; I've never heard of it. That is the the newly-released authenticator Valve (?) available in Tomcat 7 solution I was talking about. David, getting the Windows user-id in Tomcat is quite complicated, because Windows authentication is complicated. Since you already have an IIS server involved, by far the easiest way is my solution (1), which can be set up easily with an IIS-Tomcat connector (the IIS-oriented version of mod_jk). See : http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 7/14/2011 10:35 AM, David kerber wrote: On 7/14/2011 10:20 AM, Pid wrote: On 14/07/2011 15:04, David kerber wrote: I'm not forwarding at all. The call to tomcat from the IIS page is just the action parameter of the form. The only connector is the standard http 1.1 connector. If their username password really is configured in IIS, were you hoping that Tomcat would magically interface with that? :s No, I was just hoping that some request header or parameter with the user name would be carried over when the call was made to the servlet, but it's not doing so. I don't need to fully authenticate them again, but do need their user ID. So, you authenticate with IIS and then make requests directly to Tomcat (no IIS involved), and you want the authentication information to get to Tomcat? That's not going to happen unless you are using HTTP Auth and the original request path (to IIS) is a prefix of the URL used to access Tomcat (and the WWW-Authenticate header is sent with all requests). One option is to have IIS proxy the requests to Tomcat, and then you can get the ISAPI redirector to send-over that authentication information for you. Tomcat 7 has SPNEGO support, which might enable cross-server SSO, but I'm speculating there. I'll see if that might help; I've never heard of it. I have no idea what SPNEGO is, either, but I think it allows Java to authenticate against the Microsoft Windows world. You aren't collecting credentials (from my reading of your posts), so that's not going to be terribly useful to you. Just remember: never trust any information you get from the client. Remember the recent credit card URL hack. :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fAdkACgkQ9CaO5/Lv0PBekACeIWyiDHpjnBD3AsK4gdh6j158 YbUAniE6rnd5f24pGhj6nD4HBPsmxSkm =OO1n -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Passing user id from web page to tomcat webapp
It is not java code. As I stated, I inherited this stuff. In speaking to my co-worker, he basically said that the DNS entry maps to an ASP page that contains the code below and then that value is sent back to my index.jsp page where I grab it via a servlet and validate it through my java code. Working with IIS I found to be a major issue and so on another java app where I do AD authentication, we use the Waffle product and it's fantastic and very easy to get up and running. Sorry for the confusion. Regards. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Thursday, July 14, 2011 9:01 AM To: Tomcat Users List Subject: Re: Passing user id from web page to tomcat webapp Savoy, Melinda wrote: David, You might try the following, instead of getRemoteUser, as we use this to get the USERID from IIS. I inherited this code so I really can't speak to it a lot but it's working. Regards. ' get user ID from header ** XUserID = Request.ServerVariables(AUTH_USER) L=Len(XUserID) if L 0 then Pos = InStr( XUserID,\) if Pos 0 then ID = Right(XUserID,(L-Pos) ) strUserID = ID end if else strUserID = XUserID end if isUserID = strUserID Melinda, *where* is that thing working ? It doesn't look like any Java code to me .. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information contained in this message and any attachments is intended only for the use of the individual or entity to which it is addressed, and may contain information that is PRIVILEGED, CONFIDENTIAL, and exempt from disclosure under applicable law. If you are not the intended recipient, you are prohibited from copying, distributing, or using the information. Please contact the sender immediately by return e-mail and delete the original message from your system. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
On 7/14/2011 10:31 AM, André Warnier wrote: David kerber wrote: On 7/14/2011 9:50 AM, André Warnier wrote: David kerber wrote: I have a situation where my users will be logging into their pages on an IIS 5 web server, which authenticates them with their user ID and password as configured in IIS. This works fine. Now I need to add some new functionality to the web site that will be using my tomcat webapp, and I don't want them to have to authenticate again in my app, so I'm trying to figure out how to pass the user ID from the web page on IIS, to my webapp. I thought request.getRemoteUser() would do it, but that's returning null, rather than the loggged-in user ID. You need to specify what you use to forward requests from IIS to Tomcat. If you are using Isapi_Redirect, then set the attribute tomcatAuthentication to false in the Tomcat AJP Connector (in server.xml). I'm not forwarding at all. The call to tomcat from the IIS page is just the action parameter of the form. The only connector is the standard http 1.1 connector. Ah, ok, I missed that. That's another thing altogether. So what is happening is this : a) user calls a page from IIS b) IIS delivers the page to the user's browser. The page contains a form. c) user posts the form directly to Tomcat (without going through IIS). d) Tomcat gets a normal POST request, directly from the user's browser. Yes, that's it. The only missing thing is that I thought that since the user has authenticated through IIS, that his user ID might be carried along somewhere from the browser side. But that is not happening. So on the last leg (c+d), there is nothing that IIS can do to add the user-id, it is not in the loop. So you have to convice the user's browser to send the logged-in user-id to Tomcat. The only way I can see of doing that in this simplistic scenario is relatively simple, but *extremely insecure* : At step (b) above, have the IIS application which generates that html page, insert a form field like the following in the form : input type=hidden name=userid value=*** where ** is the IIS user-id. The IIS user-id can be obtained (on the IIS side) by code such as the one Melinda posted. Then when the browser posts the form to Tomcat, there will be an additional POST parameter userid containing the user-id. Now again, the extreme insecurity : - userA requests the form from IIS - he gets a form with a hidden input containing the value userA. So far, no problem. - he saves this form, edits it, and replaces userA by userB (his boss'es userid) - he posts that form to Tomcat Result #1 : in your Tomcat app, he is now considered as userB. Result #2 : if there is ever a security audit, you're dead Yes, I had already thought of that method, and am hoping to avoid it. This data page has extremely low security requirements, but I'd still like something better if I can figure it out. If nothing else, I'll then have something in my pocket when an application comes up that needs better security. - How it should be done : There are essentially 2 ways : 1) have the form posted back to IIS, and have IIS proxy (forward) this call to Tomcat, with IIS adding the IIS-authenticated user-id on the way This is what I'd like to do, but it's new to me; Up to this point, the IIS web site and the tomcat applications have been completely unrelated and unconnected. I'll see what I can google up. 2) install additional logic in Tomcat, to allow Tomcat to authenticate the user (automatically) with the Windows domain (just like IIS itself does). That can be done in several ways, all of them requiring some serious configuration work. You can use : - the newly-released authenticator Valve (?) available in Tomcat 7 - the Waffle software (look up in Google) - the commercial Jespa software (www.ioplex.com) - (there may be others which I do not know) All of the above suppose that your Tomcat is running on a computer that is itself within the Windows domain (or can be made part of it). So they will not work if the user workstations are inside the Windows domain, but the Tomcat server is outside on the Internet for example. (But that also can be solved, ask if you need this.) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
On 7/14/2011 10:45 AM, André Warnier wrote: David kerber wrote: ... Tomcat 7 has SPNEGO support, which might enable cross-server SSO, but I'm speculating there. I'll see if that might help; I've never heard of it. That is the the newly-released authenticator Valve (?) available in Tomcat 7 solution I was talking about. David, getting the Windows user-id in Tomcat is quite complicated, because Windows authentication is complicated. Since you already have an IIS server involved, by far the easiest way is my solution (1), which can be set up easily with an IIS-Tomcat connector (the IIS-oriented version of mod_jk). See : http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html Thanks; I'll take a look. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session cookie max age
On 14/07/2011 15:27, Christopher Schultz wrote: Konstantin, On 7/13/2011 8:54 PM, Konstantin Kolinko wrote: AFAIK, 1) Tomcat won't send Set-Cookie when session id is already known (either from this webapp or from webapp on its parent path such as ROOT). That would sound like a bug. If the session cookie's expiration date is not -1, then it needs to be updated with every response, no? Ahh, the ever popular cookie debate. Servlet 2.5 doesn't list RFC 2965 as a 'relevant' specification, but that does offer the Max-Age attribute of the Cookie header value. http://tools.ietf.org/html/rfc2965 If this was being written in the response, then the cookie header does not need to be set on each request. p (Disclaimer, smallprint, browser support, yes, etc etc.) -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: Session cookie max age
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Konstantin, On 7/14/2011 10:40 AM, Konstantin Kolinko wrote: 2011/7/14 Christopher Schultz ch...@christopherschultz.net: Konstantin, On 7/13/2011 8:54 PM, Konstantin Kolinko wrote: AFAIK, 1) Tomcat won't send Set-Cookie when session id is already known (either from this webapp or from webapp on its parent path such as ROOT). That would sound like a bug. If the session cookie's expiration date is not -1, then it needs to be updated with every response, no? I cannot say without reading the letter of the spec. +1 I'll take a look. - From reading the docs for max-age in web.xml's Schema, it looks like the max-age is essentially a client-enforced session timeout... this allows (as the OP wants) sessions on the client to survive client restarts. 1) Updating it with every response sounds lame. I'm not sure there's any other way to do it (if my interpretation of the above is correct). A cookie has an expiration date, and that expiration date needs to be nudged further into the future every time the session is accessed. 2) max-age value should be consistent between all web applications that might share the session cookie. Otherwise there will be inconsistencies and breakages. The spec doesn't cover SSO, so I think it's likely that this case isn't covered there. 3) I think that there might be use case when max age is greater than zero, but app owner does not want to send it with each response. In these case, max-age is always greater than zero. Under what cases would an app owner have max-age 0 but also not want to sent with every response? Is SSO cookie updated with each response? Dunno. Probably max-age=-1 for those. I'll check. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fAs8ACgkQ9CaO5/Lv0PBVUgCgi11MP6d5FK/5g55V2paQ1sIu H8oAoLwKs4f+ApX0O6y72hn+Un19Pd2i =etqa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session cookie max age
Konstantin Kolinko wrote: ... 1) Updating it with every response sounds lame. 2) max-age value should be consistent between all web applications that might share the session cookie. Otherwise there will be inconsistencies and breakages. Are you not confusing max-age with last access ? The expiration of a cookie (like the expiration of a session), in my view should be calculated on the base of : last access + max-age, compared to now And then, there is the question of whether last access should be updated when the request is received, or when the response is sent. (Apparently the Servlet Spec has things to say on the matter, and some recently added Tomcat properties also). There was another thread recently debating similar issues, in the context of long file upload requests. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Passing user id from web page to tomcat webapp
On 7/14/2011 10:51 AM, David kerber wrote: On 7/14/2011 10:45 AM, André Warnier wrote: David kerber wrote: ... Tomcat 7 has SPNEGO support, which might enable cross-server SSO, but I'm speculating there. I'll see if that might help; I've never heard of it. That is the the newly-released authenticator Valve (?) available in Tomcat 7 solution I was talking about. David, getting the Windows user-id in Tomcat is quite complicated, because Windows authentication is complicated. Since you already have an IIS server involved, by far the easiest way is my solution (1), which can be set up easily with an IIS-Tomcat connector (the IIS-oriented version of mod_jk). See : http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html Thanks; I'll take a look. That reference has tomcat and IIS installed on the same machine. Is that a requirement, or is there a way of configuring it with tc on a different machine (actually a different subnet, in my case)? D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session cookie max age
On 14/07/2011 15:54, André Warnier wrote: Konstantin Kolinko wrote: ... 1) Updating it with every response sounds lame. 2) max-age value should be consistent between all web applications that might share the session cookie. Otherwise there will be inconsistencies and breakages. Are you not confusing max-age with last access ? Possibly the confusion* is that: http://download.oracle.com/javaee/5/api/javax/servlet/http/Cookie.html defines setMaxAge() but one could infer that it should be persisted and a rolling value applied on each request, but it actually maps to the Expires attribute of the cookie. I suppose the method name is misleading, semantically better to have said setExpires(long) instead. p * It's confused me, certainly. ** Ooh look at me doing an André, quoting HTTP specs The expiration of a cookie (like the expiration of a session), in my view should be calculated on the base of : last access + max-age, compared to now And then, there is the question of whether last access should be updated when the request is received, or when the response is sent. (Apparently the Servlet Spec has things to say on the matter, and some recently added Tomcat properties also). There was another thread recently debating similar issues, in the context of long file upload requests. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: Passing user id from web page to tomcat webapp
David kerber wrote: On 7/14/2011 10:51 AM, David kerber wrote: On 7/14/2011 10:45 AM, André Warnier wrote: David kerber wrote: ... Tomcat 7 has SPNEGO support, which might enable cross-server SSO, but I'm speculating there. I'll see if that might help; I've never heard of it. That is the the newly-released authenticator Valve (?) available in Tomcat 7 solution I was talking about. David, getting the Windows user-id in Tomcat is quite complicated, because Windows authentication is complicated. Since you already have an IIS server involved, by far the easiest way is my solution (1), which can be set up easily with an IIS-Tomcat connector (the IIS-oriented version of mod_jk). See : http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html Thanks; I'll take a look. That reference has tomcat and IIS installed on the same machine. Is that a requirement, or is there a way of configuring it with tc on a different machine (actually a different subnet, in my case)? Not a requirement at all. They could be in different countries, as long as the firewalls allows IIS to set up a TCP connection with Tomcat. Since you're new at this, a very quick ascii graphic schema : browser -- HTTP/TCP -- (IIS+Isapi_redirect) -- AJP/TCP -- (AJP Connector + Tomcat) IIS+Isapi_Redirect decides which URLs get forwarded to Tomcat. For IIS+Isapi_Redirect, each Tomcat back-end is called a worker. The webapp response comes back the same way. To the browser, everything looks like it is IIS serving it. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Terminating Timer Thread Gracefully
On 1:59 PM, Pid wrote: On 14/07/2011 06:05, Terence M. Bandoian wrote: On 1:59 PM, Pid wrote: ATimerTask is a private instance in AServletContextListener, is this necessary and if so, why? What logic is contained in ATimerTask? Are you overriding TimerTask.cancel() and do you catch InterruptedException? p Hi, Pid- For the sake of clarity, I'll repeat this here: public class AServletContextListener implements ServletContextListener { private Timer timer; private ATimerTask timerTask; Yes, but why is the timerTask an instance field? Put another way, why is there a reference to it outside of the contextInitialized() method? public void contextInitialized( ServletContextEvent sce ) { if ( timer == null ) { Calendar firstRunTime; timer = new Timer( true ); timerTask = new ATimerTask(); firstRunTime = new GregorianCalendar(); firstRunTime.set( Calendar.HOUR_OF_DAY, 12 ); firstRunTime.set( Calendar.MINUTE, 0 ); firstRunTime.set( Calendar.SECOND, 0 ); firstRunTime.set( Calendar.MILLISECOND, 0 ); timer.scheduleAtFixedRate( timerTask, firstRunTime.getTime(), 1000 * 60 * 60 * 24 ); } } public void contextDestroyed( ServletContextEvent sce ) { if ( timer != null ) { timer.cancel(); timer.purge(); timer = null; timerTask = null; try { Thread.sleep( 1000 ); } catch ( InterruptedException ie ) { } } } } It isn't absolutely necessary but why would I make the ATimerTask reference anything but private? As above. The only reason to keep a handle on the task itself is if you're calling cancel on the task - but you aren't doing that. Maybe you should? You're right, there's no reason for the ATimerTask reference to be a instance variable. I did try canceling the tasks individually before canceling and purging the timer but it made no difference. The timer tasks in the application perform some very straightforward database and file system maintenance when their run methods are invoked that might take up to half a second each. None override the cancel method. All are scheduled to execute on a daily or weekly basis and none at even close to the same time of day. The timer.cancel() method doesn't interrupt or stop a running task immediately, it just prevents it from running again. Your timer creates as daemon threads - perhaps you could assign a name too, and then report (just for confirmation) that it is the expected thread name(s) Tomcat's complaining is still running? Also, while testing for ways to prevent the error message from being written to the logs, I commented out the run method bodies of the timer tasks so that they returned immediately and, given that I know the schedule, none of the timer tasks were executing when I stopped or restarted Tomcat. That reads (to me) like you're saying that if you comment out the run methods, everything is OK. Is this correct? When I comment out the run method bodies, I still get the error message in the logs unless I insert the call to Thread.sleep. Thanks again. -Terence p The InterruptedException is caught and logged if it occurs. I've never seen it in the logs. Thanks. -Terence - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Binary of mod_jk.so for Apache 2.2.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 7/12/2011 7:42 PM, Leon Kolchinsky wrote: Go to http://tomcat.apache.org/download-connectors.cgi and download the source code: # tar -xvzf tomcat-connectors-1.2.30-src.tar.gz Read docs/webserver_howto/apache.html or native/BUILDING.txt for options. # cd tomcat-connectors-1.2.30-src/native/ # which apxs # ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility # make # make install All that as root? Hmm. Also, not everyone has a C compiler, especially on a production machine. (The answer, of course, is to build somewhere else and upload.) Jonathan, I understand that you want convenience, but there are several factors to consider, here: 1. Unless you download a binary from a trusted source (i.e. not anyone on this list, but something like something.apache.org, or from your distro's package manager), you should consider yourself compromised. 2. If you build your own mod_jk, you know it will work with your exact environment. No weird problems with slight version mismatches between httpd version or other libraries. No questions about which architecture's files you need to download, etc. 3. Building mod_jk from source is relatively trivial. See above. Most Linux distros some with a C compiler by default, and all of them can trivially install gcc. Consider trying it. Recently, the Tomcat team decided to stop providing binaries for *NIX platforms because of the above (maybe that was just for tcnative, but I wouldn't be surprised if the policy is now to avoid rolling binaries for any non-Java components). Why? Because if we wanted to provide binaries for, say, mod_jk, we need to support (at least) two architectures: x86 and x86_64. Also, there are 4 major versions of Apache httpd: 1.3, 2.0, 2.2, and 2.4. Sometimes, even httpd patch level can affect compatibility (though it really shouldn't) or maybe it was built against 2.2.11 but the user has 2.2.13 and wants to know why no binary?. We cannot possibly provide enough binaries to make everyone happy. Since it's so easy to build mod_jk, we ask users in *NIX environments to just do it. We do provide binaries for both 32- and 64-bit Microsoft Windows environments for Apache httpd, Microsoft IIS and (wtf?) Netscape, because those folks rarely have compilers handy. If you have any trouble building mod_jk, please don't hesitate to come back for help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fGnQACgkQ9CaO5/Lv0PCRlgCfd41tx9q8BpKfY35elKUCmokO b9oAoIC3QamvoAhLvtageSz0/zQzEVxE =0myN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Terminating Timer Thread Gracefully
On 14/07/2011 06:11, Terence M. Bandoian wrote: I can live with this. It's just one of those it would be nice not to have to explain things and if Thread.sleep does the trick, I'm happy. As I mentioned in my original post, I wanted to find out if there was a another way to accomplish the same thing that I'd missed. Daft question, why not set clearReferencesStopTimerThreads=true on the Context and get Tomcat to do the clean-up for you? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk under RedHat ?
- Original Message - From: André Warnier a...@ice-sa.com To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Thursday, July 14, 2011 7:34 AM Subject: Re: mod_jk under RedHat ? Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/14/2011 8:06 AM, André Warnier wrote: Would anyone happen to know the package name of the mod_jk binary package under RedHat Linux Enterprise 6 ? I don't have a RHL box handy, but could it just be mod_jk? I don't think so. This is for a customer, to which I asked to install mod_jk on their RHEL6 system. The sysadmin just sent me a message asking what mod_jk was, as he could not find it on the RedHat repository. I don't have a copy of RHEL6, that's why I'm asking. I only have Fedora 15 here, and yum search for mod_jk didn't result in anything useful. However, after a bit of searching, I came up with the following links: https://www.redhat.com/archives/rhsa-announce/2011-June/msg00022.html https://rhn.redhat.com/errata/RHSA-2011-0897.html So maybe it's in a different repository than the normal RedHat ones? It looks like the three of interest are: mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-manual-1.2.31-1.ep5.el4.x86_64.rpm Adjust for your architecture (i386 or x86_64). It looks like you have to subscribe to the JBoss Enterprise Web Server channel to get these RPMs. See: http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html/Installation_Guide/sec-Subscribing_to_RHN_Channels_and_Installing_EWS_from_RPM_Files-Linux.html Hope this makes sense. /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Binary of mod_jk.so for Apache 2.2.x
Thanks, Chris. Unfortunately, I don't have root access, and I know just enough Linux to be dangerous! LOL! The Linux S.A. doesn't know anything about compiling (don't get me started on THAT), so he was asking if there were a binary module to drop into the modules folder. I was hoping to avoid having to learn how to do his job FOR him. :-D JL -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2011 12:34 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 7/12/2011 7:42 PM, Leon Kolchinsky wrote: Go to http://tomcat.apache.org/download-connectors.cgi and download the source code: # tar -xvzf tomcat-connectors-1.2.30-src.tar.gz Read docs/webserver_howto/apache.html or native/BUILDING.txt for options. # cd tomcat-connectors-1.2.30-src/native/ # which apxs # ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility # make # make install All that as root? Hmm. Also, not everyone has a C compiler, especially on a production machine. (The answer, of course, is to build somewhere else and upload.) Jonathan, I understand that you want convenience, but there are several factors to consider, here: 1. Unless you download a binary from a trusted source (i.e. not anyone on this list, but something like something.apache.org, or from your distro's package manager), you should consider yourself compromised. 2. If you build your own mod_jk, you know it will work with your exact environment. No weird problems with slight version mismatches between httpd version or other libraries. No questions about which architecture's files you need to download, etc. 3. Building mod_jk from source is relatively trivial. See above. Most Linux distros some with a C compiler by default, and all of them can trivially install gcc. Consider trying it. Recently, the Tomcat team decided to stop providing binaries for *NIX platforms because of the above (maybe that was just for tcnative, but I wouldn't be surprised if the policy is now to avoid rolling binaries for any non-Java components). Why? Because if we wanted to provide binaries for, say, mod_jk, we need to support (at least) two architectures: x86 and x86_64. Also, there are 4 major versions of Apache httpd: 1.3, 2.0, 2.2, and 2.4. Sometimes, even httpd patch level can affect compatibility (though it really shouldn't) or maybe it was built against 2.2.11 but the user has 2.2.13 and wants to know why no binary?. We cannot possibly provide enough binaries to make everyone happy. Since it's so easy to build mod_jk, we ask users in *NIX environments to just do it. We do provide binaries for both 32- and 64-bit Microsoft Windows environments for Apache httpd, Microsoft IIS and (wtf?) Netscape, because those folks rarely have compilers handy. If you have any trouble building mod_jk, please don't hesitate to come back for help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fGnQACgkQ9CaO5/Lv0PCRlgCfd41tx9q8BpKfY35elKUCmokO b9oAoIC3QamvoAhLvtageSz0/zQzEVxE =0myN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
RE: Binary of mod_jk.so for Apache 2.2.x
Chris, something DID just dawn on me... I have my own account on that Linux server, though not with root access or anything. Would it be possible for me to compile mod_jk.so into my own space and then tell him where the mod_jk.so is? If so, would the following steps be how I would generate mod_jk.so (and forgive the newbieness of the question, please)? tar -xvzf tomcat-connectors-1.2.30-src.tar.gz cd tomcat-connectors-1.2.30-src/native/ # which apxs ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility make make install At this point, I think all I want to do is produce a functioning mod_jk.so and let him put it into the modules directory. Would this do it? Thanks again! JL -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2011 12:34 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 7/12/2011 7:42 PM, Leon Kolchinsky wrote: Go to http://tomcat.apache.org/download-connectors.cgi and download the source code: # tar -xvzf tomcat-connectors-1.2.30-src.tar.gz Read docs/webserver_howto/apache.html or native/BUILDING.txt for options. # cd tomcat-connectors-1.2.30-src/native/ # which apxs # ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility # make # make install All that as root? Hmm. Also, not everyone has a C compiler, especially on a production machine. (The answer, of course, is to build somewhere else and upload.) Jonathan, I understand that you want convenience, but there are several factors to consider, here: 1. Unless you download a binary from a trusted source (i.e. not anyone on this list, but something like something.apache.org, or from your distro's package manager), you should consider yourself compromised. 2. If you build your own mod_jk, you know it will work with your exact environment. No weird problems with slight version mismatches between httpd version or other libraries. No questions about which architecture's files you need to download, etc. 3. Building mod_jk from source is relatively trivial. See above. Most Linux distros some with a C compiler by default, and all of them can trivially install gcc. Consider trying it. Recently, the Tomcat team decided to stop providing binaries for *NIX platforms because of the above (maybe that was just for tcnative, but I wouldn't be surprised if the policy is now to avoid rolling binaries for any non-Java components). Why? Because if we wanted to provide binaries for, say, mod_jk, we need to support (at least) two architectures: x86 and x86_64. Also, there are 4 major versions of Apache httpd: 1.3, 2.0, 2.2, and 2.4. Sometimes, even httpd patch level can affect compatibility (though it really shouldn't) or maybe it was built against 2.2.11 but the user has 2.2.13 and wants to know why no binary?. We cannot possibly provide enough binaries to make everyone happy. Since it's so easy to build mod_jk, we ask users in *NIX environments to just do it. We do provide binaries for both 32- and 64-bit Microsoft Windows environments for Apache httpd, Microsoft IIS and (wtf?) Netscape, because those folks rarely have compilers handy. If you have any trouble building mod_jk, please don't hesitate to come back for help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fGnQACgkQ9CaO5/Lv0PCRlgCfd41tx9q8BpKfY35elKUCmokO b9oAoIC3QamvoAhLvtageSz0/zQzEVxE =0myN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Re: Binary of mod_jk.so for Apache 2.2.x
- Original Message - From: Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 jonathan.leffingwell@navy.mil To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Thursday, July 14, 2011 10:08 AM Subject: RE: Binary of mod_jk.so for Apache 2.2.x Chris, something DID just dawn on me... I have my own account on that Linux server, though not with root access or anything. Would it be possible for me to compile mod_jk.so into my own space and then tell him where the mod_jk.so is? If so, would the following steps be how I would generate mod_jk.so (and forgive the newbieness of the question, please)? tar -xvzf tomcat-connectors-1.2.30-src.tar.gz cd tomcat-connectors-1.2.30-src/native/ # which apxs ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility make make install At this point, I think all I want to do is produce a functioning mod_jk.so and let him put it into the modules directory. Would this do it? Thanks again! JL -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2011 12:34 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 7/12/2011 7:42 PM, Leon Kolchinsky wrote: Go to http://tomcat.apache.org/download-connectors.cgi and download the source code: # tar -xvzf tomcat-connectors-1.2.30-src.tar.gz Read docs/webserver_howto/apache.html or native/BUILDING.txt for options. # cd tomcat-connectors-1.2.30-src/native/ # which apxs # ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility # make # make install All that as root? Hmm. Also, not everyone has a C compiler, especially on a production machine. (The answer, of course, is to build somewhere else and upload.) Jonathan, I understand that you want convenience, but there are several factors to consider, here: 1. Unless you download a binary from a trusted source (i.e. not anyone on this list, but something like something.apache.org, or from your distro's package manager), you should consider yourself compromised. 2. If you build your own mod_jk, you know it will work with your exact environment. No weird problems with slight version mismatches between httpd version or other libraries. No questions about which architecture's files you need to download, etc. 3. Building mod_jk from source is relatively trivial. See above. Most Linux distros some with a C compiler by default, and all of them can trivially install gcc. Consider trying it. Recently, the Tomcat team decided to stop providing binaries for *NIX platforms because of the above (maybe that was just for tcnative, but I wouldn't be surprised if the policy is now to avoid rolling binaries for any non-Java components). Why? Because if we wanted to provide binaries for, say, mod_jk, we need to support (at least) two architectures: x86 and x86_64. Also, there are 4 major versions of Apache httpd: 1.3, 2.0, 2.2, and 2.4. Sometimes, even httpd patch level can affect compatibility (though it really shouldn't) or maybe it was built against 2.2.11 but the user has 2.2.13 and wants to know why no binary?. We cannot possibly provide enough binaries to make everyone happy. Since it's so easy to build mod_jk, we ask users in *NIX environments to just do it. We do provide binaries for both 32- and 64-bit Microsoft Windows environments for Apache httpd, Microsoft IIS and (wtf?) Netscape, because those folks rarely have compilers handy. If you have any trouble building mod_jk, please don't hesitate to come back for help. - -chris If all the tools are available on the production system (compiler, libraries), then you do this as a normal user: myuser$ tar -xvzf tomcat-connectors-1.2.32-src.tar.gz myuser$ cd tomcat-connectors-1.2.32-src/native/ myuser$ which apxs myuser$ ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility myuser$ make (where myuser$ is whatever prompt you have for your user id). Then you tell the system admin where the location is (probably now in /home/myuser/tomcat-connectors-1.2.32-src/native/), and have him do as root: # cd /home/myuser/tomcat-connectors-1.2.32-src/native/ # make install That should get the mod_jk.so installed. The administrator will then have to configure it (see tomcat-connectors-1.2.32-src/conf for examples), and finally restart the Apache HTPPD server. Hopefully the administrator should be able to do that. . . . . just my two cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Binary of mod_jk.so for Apache 2.2.x
As things happen, I am just in the process of trying to locate a RedHat mod_jk package for a client of mine, whose admin also does not seem to find it in RHEL6. See the other thread entitled mod_jk under RedHat ? for some recent interesting answers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Binary of mod_jk.so for Apache 2.2.x
André, if you would be so kind as to let me know what you find, I would greatly appreciate it. I will watch the other thread, too. :) -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Thursday, July 14, 2011 1:49 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x As things happen, I am just in the process of trying to locate a RedHat mod_jk package for a client of mine, whose admin also does not seem to find it in RHEL6. See the other thread entitled mod_jk under RedHat ? for some recent interesting answers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Re: mod_jk under RedHat ?
Mark Eggers wrote: - Original Message - From: André Warnier a...@ice-sa.com To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Thursday, July 14, 2011 7:34 AM Subject: Re: mod_jk under RedHat ? Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/14/2011 8:06 AM, André Warnier wrote: Would anyone happen to know the package name of the mod_jk binary package under RedHat Linux Enterprise 6 ? I don't have a RHL box handy, but could it just be mod_jk? I don't think so. This is for a customer, to which I asked to install mod_jk on their RHEL6 system. The sysadmin just sent me a message asking what mod_jk was, as he could not find it on the RedHat repository. I don't have a copy of RHEL6, that's why I'm asking. I only have Fedora 15 here, and yum search for mod_jk didn't result in anything useful. However, after a bit of searching, I came up with the following links: https://www.redhat.com/archives/rhsa-announce/2011-June/msg00022.html https://rhn.redhat.com/errata/RHSA-2011-0897.html So maybe it's in a different repository than the normal RedHat ones? It looks like the three of interest are: mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-debuginfo-1.2.31-1.ep5.el4.x86_64.rpm mod_jk-manual-1.2.31-1.ep5.el4.x86_64.rpm Adjust for your architecture (i386 or x86_64). It looks like you have to subscribe to the JBoss Enterprise Web Server channel to get these RPMs. See: http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Web_Server/1.0/html/Installation_Guide/sec-Subscribing_to_RHN_Channels_and_Installing_EWS_from_RPM_Files-Linux.html Hope this makes sense. Many thanks. I'll pass that over to the customer's sysadmin. Let's see if he finds anything based on that. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Binary of mod_jk.so for Apache 2.2.x
Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 wrote: André, if you would be so kind as to let me know what you find, I would greatly appreciate it. I will watch the other thread, too. :) Well, according to the one and the same Mark Eggers who also provided your last response, the answer seems to be a package named mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm or similar. But it may not be located in the main RHEL6 software repository. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Binary of mod_jk.so for Apache 2.2.x
André Warnier wrote: Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 wrote: André, if you would be so kind as to let me know what you find, I would greatly appreciate it. I will watch the other thread, too. :) Well, according to the one and the same Mark Eggers who also provided your last response, the answer seems to be a package named mod_jk-ap20-1.2.31-1.ep5.el4.x86_64.rpm or similar. But it may not be located in the main RHEL6 software repository. Addendum : If you can wait until next Tuesday night 19/7, I will certainly know by then. On that day, I have to go on-site precisely to install Apache/mod_jk/Tomcat onto a RHEL6 new system, and I will have access to all RHEL6 repositories, with a competent sysadmin to help me (he just does not know mod_jk). So if it can be found, we will. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Binary of mod_jk.so for Apache 2.2.x
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan, On 7/14/2011 1:08 PM, Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 wrote: Chris, something DID just dawn on me... I have my own account on that Linux server, though not with root access or anything. Would it be possible for me to compile mod_jk.so into my own space and then tell him where the mod_jk.so is? Yes. If so, would the following steps be how I would generate mod_jk.so (and forgive the newbieness of the question, please)? tar -xvzf tomcat-connectors-1.2.30-src.tar.gz cd tomcat-connectors-1.2.30-src/native/ # which apxs The # which apxs was intended to be a command to determine the location of Apache httpd's apxs program, which is a configuration-dumping utility to help with building Apache httpd modules. apxs if often found in /usr/sbin/apxs so Leon's post was using that as an example: ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility Replace /usr/sbin/apxs with whatever the result of which apxs is. If that doesn't return anything, you may have to have your SA install the Apache httpd development package or something. It might also be called apxs2 (that's the case in my Debian Lenny environment). Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fN0kACgkQ9CaO5/Lv0PD2ZwCfcQuD5WScbq+HJgCKTHZtY3JY Ii0AoK8WtgF4SmXAemVGRmMde4f0K8P1 =HFWz -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Comet over HTTPS: END event recieved immeidately for the first few times
why dont you 1. package up a sample application and configuration 2. open a bugzilla issue 3. https://issues.apache.org/bugzilla/enter_bug.cgi that way we can take a look ait it. Filip On 7/13/2011 2:54 PM, Sudeep Pradhan wrote: Hi Filip, Thanks for the reply. I don't think that I am using BIO connector for SSL. I don't see any such option in the server.xml. The connector is as follows: Connector protocol=org.apache.coyote.http11.Http11NioProtocol port=8443 minSpareThreads=5 maxSpareThreads=75 enableLookups=true disableUploadTimeout=true acceptCount=100 maxThreads=200 scheme=https secure=true SSLEnabled=true keystoreFile=/path/to/file/keystore keystorePass=** clientAuth=false sslProtocol=TLS/ Also, It does *work sometimes*. I get a proper streaming output of the weather feeds when it works. Hope this helps you understand the scenario better. Thanks, Sudeep -Original Message- From: Filip Hanik - Dev Lists [mailto:devli...@hanik.com] Sent: Wednesday, July 13, 2011 1:43 PM To: Tomcat Users List Subject: Re: Comet over HTTPS: END event recieved immeidately for the first few times is it possible that when you turn on SSL, you are using the regular BIO connector when you use SSL and Comet is not supported by that connector. best Filip On 7/11/2011 11:05 AM, Sudeep Pradhan wrote: Hi Filip, I have tried the app with tomcat 6.0.32 and 7.0.16, and the result is the same. I am not able to get it working with https. Http works just fine. The use case I am trying to address is that, I want to send notifications/events from a webapp to another webapp asynchronously. The 2 webapps communicate using REST call for other things. I want to have the same model for notifications. The client webapp will send a Https GET request and the server webapp will push the notifications asynchronously as a response. The client can be anything not just a webapp, I will be using curl as the client for testing. Please let me know if you want to know more. Thanks, Sudeep -Original Message- From: Filip Hanik - Dev Lists [mailto:devli...@hanik.com] Sent: Sunday, July 10, 2011 8:12 PM To: Tomcat Users List Subject: Re: Comet over HTTPS: END event recieved immeidately for the first few times try the latest version of Tomcat 6, if that doesn't work, provide a test case so we can take a look at it On 7/8/2011 4:07 PM, Sudeep Pradhan wrote: Any insights on this? -Original Message- From: Sudeep Pradhan [mailto:pradh...@vmware.com] Sent: Wednesday, June 29, 2011 4:54 PM To: users@tomcat.apache.org Subject: Comet over HTTPS: END event recieved immeidately for the first few times Hello, I am using Tomcat 6.0.20 on Ubuntu 10.04 and have written a simple TomcatWeatherServlet as presented in http://www.ibm.com/developerworks/web/library/wa-cometjava/ I modified the servlet to stream weather feed to multiple curl clients. I am using curl 7.21.6 as my client. When I run curl -i -k -v -trace https://IP_Addr:8443/Weatherhttps://%3cIP_Addr%3e:8443/Weatherfrom the command-line I get the following response for the first few times: code $ curl -i -k -v -trace https://IP_Addr:8443/Weather * About to connect() toIP_Addrport 8443 (#0) * TryingIP_Addr... connected * Connected toIP_Addr(IP_Addr) port 8443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DHE-RSA-AES256-SHA * Server certificate: * subject: * start date: 2009-02-23 23:07:18 GMT * expire date: 2019-02-21 23:07:18 GMT * common name: XX (does not match 'IP_Addr') * issuer: XX * SSL certificate verify result: self signed certificate (18), continuing anyway. GET /Weather HTTP/1.1 User-Agent: curl/7.21.6 (x86_64-pc-linux-gnu) libcurl/7.19.7 OpenSSL/0.9.8k zlib/1.2.3.3 libidn/1.15 Host:IP_Addr:8443 Accept: */* HTTP/1.1 200 OK HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Server: Apache-Coyote/1.1 Content-Length: 0 Content-Length: 0 Date: Wed, 29 Jun 2011 23:40:17 GMT Date: Wed, 29 Jun 2011 23:40:17 GMT * Connection #0 to hostIP_Addrleft intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): /code Observe that Content-Length is 0 in the response. Also when I do get the expected response which is, code GET /Weather HTTP/1.1 User-Agent: curl/7.21.6
Re: Binary of mod_jk.so for Apache 2.2.x
- Original Message - From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Cc: Sent: Thursday, July 14, 2011 11:36 AM Subject: Re: Binary of mod_jk.so for Apache 2.2.x -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan, On 7/14/2011 1:08 PM, Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 wrote: Chris, something DID just dawn on me... I have my own account on that Linux server, though not with root access or anything. Would it be possible for me to compile mod_jk.so into my own space and then tell him where the mod_jk.so is? Yes. If so, would the following steps be how I would generate mod_jk.so (and forgive the newbieness of the question, please)? tar -xvzf tomcat-connectors-1.2.30-src.tar.gz cd tomcat-connectors-1.2.30-src/native/ # which apxs The # which apxs was intended to be a command to determine the location of Apache httpd's apxs program, which is a configuration-dumping utility to help with building Apache httpd modules. apxs if often found in /usr/sbin/apxs so Leon's post was using that as an example: ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility Replace /usr/sbin/apxs with whatever the result of which apxs is. If that doesn't return anything, you may have to have your SA install the Apache httpd development package or something. It might also be called apxs2 (that's the case in my Debian Lenny environment). Good luck, - -chris An addendum concerning building mod_jk on a RedHat based system: RedHat often (always?) splits libraries from their associated include files and development resources. It really doesn't save a lot of space, so I guess the only reason is to create a clean production (read, can't build software here) environment. In order to build mod_jk on Fedora (and probably CentOS, RedHat EL), you'll need to have the following installed (plus the normal development tools). httpd-devel (provides /usr/sbin/apxs apr-devel (provides the appropriate include files) apr (required by apr-devel) apr-util-devel (required by httpd-devel) apr-util (required by apr-util) There are other requirements buried in the list above, but if your admin installed these yum should pull in the requirements. It's good to have a development system that mirrors the software versions running on the production system, with the addition of all the development libraries and tools. . . . . just my two cents. /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: response headers missing ?
On 14.07.2011 12:29, André Warnier wrote: Hi. This is a bit of a side question, or let's say a question-by-proxy. I happen to be also subscribed to a support list for mod_perl, and someone there made the following comment as part of a post : quote We have 100+ web servers where apache fronts a separate tomcat server using mod_proxy. Sadly, the tomcat dev's forgot to set any caching headers in the HTTP response (either Expires, Last-Modified or Cache-control) so the sites are largely uncacheable by browsers and the various tomcats are becoming overloaded. unquote Do any of the dev's here have a comment to make ? Yes, go for TC 7: http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Expires_Filter Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: response headers missing ?
Rainer Jung wrote: On 14.07.2011 12:29, André Warnier wrote: Hi. This is a bit of a side question, or let's say a question-by-proxy. I happen to be also subscribed to a support list for mod_perl, and someone there made the following comment as part of a post : quote We have 100+ web servers where apache fronts a separate tomcat server using mod_proxy. Sadly, the tomcat dev's forgot to set any caching headers in the HTTP response (either Expires, Last-Modified or Cache-control) so the sites are largely uncacheable by browsers and the various tomcats are becoming overloaded. unquote Do any of the dev's here have a comment to make ? Yes, go for TC 7: http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#Expires_Filter Genial, Rainer. That looks exactly like what the mod_perl OP was looking for. Even the reference to the Apache mod_expires will help him, I think. Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Terminating Timer Thread Gracefully
On 1:59 PM, Mark Thomas wrote: On 14/07/2011 06:11, Terence M. Bandoian wrote: I can live with this. It's just one of those it would be nice not to have to explain things and if Thread.sleep does the trick, I'm happy. As I mentioned in my original post, I wanted to find out if there was a another way to accomplish the same thing that I'd missed. Daft question, why not set clearReferencesStopTimerThreads=true on the Context and get Tomcat to do the clean-up for you? Mark With that set, I get a similar SEVERE error message that says the web application has started but failed to stop a TimerThread and that it was forcibly canceled to prevent a memory leak. Thanks. -Terence - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Binary of mod_jk.so for Apache 2.2.x
Hi, Hmm, I didn't know that you're not managing this box ;) I'm actually a Linux SysAdmin and not a big specialist in mod_jk ;) What version of RedHat it is? What application do you want to run on Tomcat behind Apache Httpd? If you want I could help your SysAdmin with compilation and basic configuration. Cheers, Leon Kolchinsky On Fri, Jul 15, 2011 at 03:03, Leffingwell, Jonathan R CTR FRCSE, JAX 7.2.2 jonathan.leffingwell@navy.mil wrote: Thanks, Chris. Unfortunately, I don't have root access, and I know just enough Linux to be dangerous! LOL! The Linux S.A. doesn't know anything about compiling (don't get me started on THAT), so he was asking if there were a binary module to drop into the modules folder. I was hoping to avoid having to learn how to do his job FOR him. :-D JL -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, July 14, 2011 12:34 PM To: Tomcat Users List Subject: Re: Binary of mod_jk.so for Apache 2.2.x -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leon, On 7/12/2011 7:42 PM, Leon Kolchinsky wrote: Go to http://tomcat.apache.org/download-connectors.cgi and download the source code: # tar -xvzf tomcat-connectors-1.2.30-src.tar.gz Read docs/webserver_howto/apache.html or native/BUILDING.txt for options. # cd tomcat-connectors-1.2.30-src/native/ # which apxs # ./configure --with-apxs=/usr/sbin/apxs --enable-api-compatibility # make # make install All that as root? Hmm. Also, not everyone has a C compiler, especially on a production machine. (The answer, of course, is to build somewhere else and upload.) Jonathan, I understand that you want convenience, but there are several factors to consider, here: 1. Unless you download a binary from a trusted source (i.e. not anyone on this list, but something like something.apache.org, or from your distro's package manager), you should consider yourself compromised. 2. If you build your own mod_jk, you know it will work with your exact environment. No weird problems with slight version mismatches between httpd version or other libraries. No questions about which architecture's files you need to download, etc. 3. Building mod_jk from source is relatively trivial. See above. Most Linux distros some with a C compiler by default, and all of them can trivially install gcc. Consider trying it. Recently, the Tomcat team decided to stop providing binaries for *NIX platforms because of the above (maybe that was just for tcnative, but I wouldn't be surprised if the policy is now to avoid rolling binaries for any non-Java components). Why? Because if we wanted to provide binaries for, say, mod_jk, we need to support (at least) two architectures: x86 and x86_64. Also, there are 4 major versions of Apache httpd: 1.3, 2.0, 2.2, and 2.4. Sometimes, even httpd patch level can affect compatibility (though it really shouldn't) or maybe it was built against 2.2.11 but the user has 2.2.13 and wants to know why no binary?. We cannot possibly provide enough binaries to make everyone happy. Since it's so easy to build mod_jk, we ask users in *NIX environments to just do it. We do provide binaries for both 32- and 64-bit Microsoft Windows environments for Apache httpd, Microsoft IIS and (wtf?) Netscape, because those folks rarely have compilers handy. If you have any trouble building mod_jk, please don't hesitate to come back for help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk4fGnQACgkQ9CaO5/Lv0PCRlgCfd41tx9q8BpKfY35elKUCmokO b9oAoIC3QamvoAhLvtageSz0/zQzEVxE =0myN -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org