Re: Using Tomcat7 JDBC Connection Pool
On 09/02/2012 17:24, Amit wrote: Comment below On 09-Feb-2012, at 10:18 PM, Pid p...@pidster.com wrote: On 09/02/2012 16:21, Amit wrote: Any thoughts on the first point about executing multiple SQL queries on physical connection creation? I have no idea if it'll work, but I'd try: SELECT 1; SELECT 1; If you are controlling the pool (and you are) by passing in username/password parameters each time, then you could do it as an extra transaction thereafter. Executing the queries after retrieving the connection would not be the right option since they would execute every time the connection is borrowed instead of executing it only on physical connection creation. I was assuming that, as you controlled the pool, you'd be able to figure out when you run the extra commands. Can the jdbc interceptor architecture be extended to provide a method which is called when the physical connection is created? ( similar to disconnect()) Interceptors can do a bunch of things. What have you tried/looked at so far? p p On 09-Feb-2012, at 7:05 PM, Pid p...@pidster.com wrote: On 09/02/2012 12:56, amit shah wrote: One more comment below about oracle UCP. snip The pool returns members at random, so how would you know which cached credentials you were getting? The credentials which are passed to the getConnection(String username, String password) method. When we configure the same pool to be used for multiple schema's the pool will *not *be configured with default username password. OK, so you create a bunch of connections with various credentials, you want to cache those connections and only return them if the creds match for the new request? So you're basically creating an uncontrolled pool per cred pair, inside the outer pool which is controlled? Yes right. So why not create multiple controlled pools not run into availability problems? snip What overhead? The application server and database server resources (memory, cpu etc) for keeping the connections open? That's a total connection count dependent metric. So the overhead is virtually the same regardless of whether you have 5 pools or 1, if you have the same total number of connections. For e.g. If we have 5 tenants with 5 pools configured with 10 min pool size, we would have min 50 connections always open to the database server. This count would be for each application server. If we had the same pool for all 5 tenants, there would be just 10 connections open per application server. There's a flaw in your logic. In your example there may be zero connections open for a given tenant because they use a shared pool. So you might has well have separate pools with the minimum set to 2 and still have more connections guaranteed per tenant, and the 10 you were aiming for. Worse, if you hit your max with other tenants, a remaining tenant might not be able to get a connection at all, thus failing to address one of the key requirements in a multi-tenant system - guaranteed availability. Probably true when all the tenants are actively used. As I said, there is always a flexibility in the configuration to use a separate pool for a particular tenant. That should be the default IMO. You're asking for trouble otherwise. Also the application can always provide a configuration flexibility to allow a tenant to use a separate pool instead of sharing it with other tenants (like I said above). This flexibility is provided by the Oracle Universal Connection Poolhttp://docs.oracle.com/cd/E11882_01/java.112/e12265/toc.htm So if that's a better fit for your requirement, why not use it? It provides the feature I mentioned about by has lock contention issues. Tomcat 7 jdbc pool seems to be better and hence I was trying it out. ! snip If you are programmatically registering the pool, can you not just register it with the MBean server yourself? Ok I will try this and provide an update. Cool. p -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: clarification on Correct error in fix for 49683
On 09/02/2012 23:42, Janne Jalkanen wrote: Just to confirm - 7.0.25 seems to solve the problem for the most part. Most part? So there is still a leak? p /Janne On 24 Jan 2012, at 10:53, Janne Jalkanen wrote: Been running 7.0.25 in production now for a day and the fd leak seems at least mitigated somewhat. lsof still lists a few open sockets left by Tomcat, but this is less than what 7.0.23/.22 was doing. I will continue to run this a bit further and report back in a day or two whether the situation is getting worse. java 4086 ubuntu 10u sock0,6 0t0 73725644 can't identify protocol java 4086 ubuntu 59u sock0,6 0t0 77721715 can't identify protocol java 4086 ubuntu 96u sock0,6 0t0 77721057 can't identify protocol java 4086 ubuntu 108u sock0,6 0t0 77723538 can't identify protocol java 4086 ubuntu 119u sock0,6 0t0 77722327 can't identify protocol java 4086 ubuntu 132u sock0,6 0t0 77724248 can't identify protocol java 4086 ubuntu 134u sock0,6 0t0 77723129 can't identify protocol /Janne On 21 Jan 2012, at 23:19, Mike Wertheim wrote: The change log for Tomcat 7.0.25 contains this entry: Correct error in fix for 49683. (markt) Is this bug fix expected to fix the file descriptor leak that was reported in Tomcat 7.0.23? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Fw: Problems with LDAP authentication
Does anybody have an idea?..
Hi again.
So, my boss told me that it's insecure to give anyone the password to view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my Tomcat the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
Context antiResourceLocking=false privileged=true
docBase=$CATALINA_BASE/logs reloadable=true
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://raiffeisen.ru:389;
connectionName=myacco...@raiffeisen.ru (I also tried the
format connectionName=cn=myaccount,dc=raiffeisen,dc=ru - does it matter
what format do I use?)
connectionPassword=mypassword
referrals=follow
userBase=OU=_Users,DC=raiffeisen,DC=ru
userSearch=(sAMAccountName={0})
userSubtree=true
roleBase=OU=_Groups,DC=raiffeisen,DC=ru
roleName=cn
roleSubtree=true
roleSearch=(member={0})
/
/Context
WEB-INF/web.xml
security-constraint
web-resource-collection
web-resource-nameAdministrative Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameADGroupName/role-name
/auth-constraint
/security-constraint
security-role
description
The role that is required to view logs
/description
role-nameADGroupName/role-name
/security-role
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException: localhost:389
[Root exception is java.net.ConnectException: A remote host refused an
attempted connect operation.]
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
---
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient any
use, distribution, copying or disclosure is strictly prohibited. If you have
received this message in error, please notify the sender immediately either by
telephone or by e-mail and delete this message and any attachment from your
system. Correspondence via e-mail is for information purposes only. ZAO
Raiffeisenbank neither makes nor accepts legally binding statements by e-mail
unless otherwise agreed.
---
Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool
Hi, today I'm very happy because now it's working fine. Finally, server.xml has these new lines Listener className=org.apache.catalina.mbeans.JMXAdaptorLifecycleListener namingPort=48657 port=8999 host=server-ip / and catalina startup script has these new lines set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.password.file=%CATALINA_HOME%/conf/jmxremote.password -Dcom.sun.management.jmxremote.access.file=%CATALINA_HOME%/conf/jmxremote.access and now i'm connected with jconsole running this connection chain, with credentials defined in jmxremote.passord and jmxremote.access service:jmx:rmi://server-ip:8999/jndi/rmi://server-ip:48657/server Again, thank you very much for your help Regards, Andres 2012/2/9 Pid * p...@pidster.com: On 9 Feb 2012, at 17:10, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Pid [mailto:p...@pidster.com] Subject: Re: Enabling JMX Remote Ports to connect Tomcat server remotelly with jconsole tool warning: [path] bad path element C:\apache-tomcat-5.5.27\server\lib\catalina.jar:C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar: no such file or directory The colon character is a path separator. You have it in the C: part of each path. Actually, the colon is _not_ a path separator here, it's a drive delimiter. It's the attempted use of the colon elsewhere that causes the problem; it should be a semi-colon on Windows: C:\apache-tomcat-5.5.27\server\lib\catalina.jar;C:\apache-tomcat-5.5.27\bin\commons-logging-api-1.1.1.jar Erk. FAIL. p - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fw: Problems with LDAP authentication
Am 10.02.2012 11:43, schrieb Lev A KARATUN:
Does anybody have an idea?..
Hi again.
So, my boss told me that it's insecure to give anyone the password to
view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my Tomcat
the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
Context antiResourceLocking=false privileged=true
docBase=$CATALINA_BASE/logs reloadable=true
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://raiffeisen.ru:389;
connectionName=myacco...@raiffeisen.ru (I also tried the
format connectionName=cn=myaccount,dc=raiffeisen,dc=ru - does it
matter
what format do I use?)
For normal ldap servers it would be the latter one, eg. a fully
qualified dn. ADS might accept the mail adress of the user, but I
frankly don't know.
connectionPassword=mypassword
referrals=follow
userBase=OU=_Users,DC=raiffeisen,DC=ru
userSearch=(sAMAccountName={0})
userSubtree=true
roleBase=OU=_Groups,DC=raiffeisen,DC=ru
roleName=cn
roleSubtree=true
roleSearch=(member={0})
For ADS you might want to add adCompat=true (look at
http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html for further
infos).
/
/Context
WEB-INF/web.xml
security-constraint
web-resource-collection
web-resource-nameAdministrative Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameADGroupName/role-name
/auth-constraint
/security-constraint
security-role
description
The role that is required to view logs
/description
role-nameADGroupName/role-name
/security-role
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for
I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException:
localhost:389
[Root exception is java.net.ConnectException: A remote host refused
an
attempted connect operation.]
Since localhost is another server, than what you told us you had
configured, I think your context file is not being used. Search for
other context files, where you either have configured localhost or
misspelled connectionURL.
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote
host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
telnet localhost 389 and see if you get any errors :)
Regards
Felix
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
---
This message and any attachment are confidential and may be
privileged or otherwise protected from disclosure. If you are not the
intended recipient any use, distribution, copying or disclosure is
strictly prohibited. If you have received this message in error,
please notify the sender immediately either by telephone or by e-mail
and delete this message and any attachment from your system.
Correspondence via e-mail is for information purposes only. ZAO
Raiffeisenbank neither makes nor accepts legally binding statements
by
e-mail unless otherwise agreed.
---
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fw: Problems with LDAP authentication
On 10/02/2012 10:43, Lev A KARATUN wrote:
Does anybody have an idea?..
Hi again.
So, my boss told me that it's insecure to give anyone the password to view
tomcat's logs and that should be an authentication based on Active
Directory.
I think we raised that particular issue too.
I've been reading the manuals for some time, and configured my Tomcat the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
Context antiResourceLocking=false privileged=true
docBase=$CATALINA_BASE/logs reloadable=true
That variable should be ${catalina.base}.
p
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://raiffeisen.ru:389;
connectionName=myacco...@raiffeisen.ru (I also tried the
format connectionName=cn=myaccount,dc=raiffeisen,dc=ru - does it matter
what format do I use?)
connectionPassword=mypassword
referrals=follow
userBase=OU=_Users,DC=raiffeisen,DC=ru
userSearch=(sAMAccountName={0})
userSubtree=true
roleBase=OU=_Groups,DC=raiffeisen,DC=ru
roleName=cn
roleSubtree=true
roleSearch=(member={0})
/
/Context
WEB-INF/web.xml
security-constraint
web-resource-collection
web-resource-nameAdministrative Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameADGroupName/role-name
/auth-constraint
/security-constraint
security-role
description
The role that is required to view logs
/description
role-nameADGroupName/role-name
/security-role
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException: localhost:389
[Root exception is java.net.ConnectException: A remote host refused an
attempted connect operation.]
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
---
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient
any use, distribution, copying or disclosure is strictly prohibited. If you
have received this message in error, please notify the sender immediately
either by telephone or by e-mail and delete this message and any attachment
from your system. Correspondence via e-mail is for information purposes only.
ZAO Raiffeisenbank neither makes nor accepts legally binding statements by
e-mail unless otherwise agreed.
---
--
[key:62590808]
signature.asc
Description: OpenPGP digital signature
Re: Fw: Problems with LDAP authentication
Pid,
sorry, my english is not very good. What do you mean by raised that
particular issue too?
That variable should be ${catalina.base}.
Actually, there is no variable in the config file, and it works pretty
fine.. I just did not want to insert the full path from / to the logs
folder into my letter and so I wrote just $CATALINA_BASE.
Best Regards,
Karatun Lev,
Pid p...@pidster.com
10.02.2012 15:33
Please respond to
Tomcat Users List users@tomcat.apache.org
To
Tomcat Users List users@tomcat.apache.org
cc
Subject
Re: Fw: Problems with LDAP authentication
On 10/02/2012 10:43, Lev A KARATUN wrote:
Does anybody have an idea?..
Hi again.
So, my boss told me that it's insecure to give anyone the password to
view
tomcat's logs and that should be an authentication based on Active
Directory.
I think we raised that particular issue too.
I've been reading the manuals for some time, and configured my Tomcat
the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
Context antiResourceLocking=false privileged=true
docBase=$CATALINA_BASE/logs reloadable=true
That variable should be ${catalina.base}.
p
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://raiffeisen.ru:389;
connectionName=myacco...@raiffeisen.ru (I also tried the
format connectionName=cn=myaccount,dc=raiffeisen,dc=ru - does it
matter
what format do I use?)
connectionPassword=mypassword
referrals=follow
userBase=OU=_Users,DC=raiffeisen,DC=ru
userSearch=(sAMAccountName={0})
userSubtree=true
roleBase=OU=_Groups,DC=raiffeisen,DC=ru
roleName=cn
roleSubtree=true
roleSearch=(member={0})
/
/Context
WEB-INF/web.xml
security-constraint
web-resource-collection
web-resource-nameAdministrative Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameADGroupName/role-name
/auth-constraint
/security-constraint
security-role
description
The role that is required to view logs
/description
role-nameADGroupName/role-name
/security-role
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException: localhost:389
[Root exception is java.net.ConnectException: A remote host refused an
attempted connect operation.]
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote
host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
---
This message and any attachment are confidential and may be privileged
or otherwise protected from disclosure. If you are not the intended
recipient any use, distribution, copying or disclosure is strictly
prohibited. If you have received this message in error, please notify the
sender immediately either by telephone or by e-mail and delete this
message and any attachment from your system. Correspondence via e-mail is
for information purposes only. ZAO Raiffeisenbank neither makes nor
accepts legally binding statements by e-mail unless otherwise agreed.
---
--
[key:62590808]
[attachment signature.asc deleted by Lev A KARATUN/MSK/RBA-MOSCOW/RU]
---
This message and any attachment are confidential and may be privileged or
otherwise protected from disclosure. If you are not the intended recipient any
use, distribution, copying or disclosure is strictly prohibited. If you have
received this message in error, please notify the sender immediately either by
telephone or by e-mail and delete this message and any attachment from your
system. Correspondence via e-mail is for information purposes only. ZAO
Raiffeisenbank neither makes nor accepts legally binding statements by e-mail
unless otherwise agreed.
---
Re: Fw: Problems with LDAP authentication
Please see my answers below.
Best Regards,
Karatun Lev,
Felix Schumacher felix.schumac...@internetallee.de wrote on 10.02.2012
15:31:43:
Felix Schumacher felix.schumac...@internetallee.de
10.02.2012 15:32
Please respond to
Tomcat Users List users@tomcat.apache.org
To
Tomcat Users List users@tomcat.apache.org
cc
Subject
Re: Fw: Problems with LDAP authentication
Am 10.02.2012 11:43, schrieb Lev A KARATUN:
Does anybody have an idea?..
Hi again.
So, my boss told me that it's insecure to give anyone the password to
view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my Tomcat
the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
Context antiResourceLocking=false privileged=true
docBase=$CATALINA_BASE/logs reloadable=true
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://raiffeisen.ru:389;
connectionName=myacco...@raiffeisen.ru (I also tried the
format connectionName=cn=myaccount,dc=raiffeisen,dc=ru - does it
matter
what format do I use?)
For normal ldap servers it would be the latter one, eg. a fully
qualified dn. ADS might accept the mail adress of the user, but I
frankly don't know.
Anyway, I tried both variants - the server refuses to accept the
connection
connectionPassword=mypassword
referrals=follow
userBase=OU=_Users,DC=raiffeisen,DC=ru
userSearch=(sAMAccountName={0})
userSubtree=true
roleBase=OU=_Groups,DC=raiffeisen,DC=ru
roleName=cn
roleSubtree=true
roleSearch=(member={0})
For ADS you might want to add adCompat=true (look at
http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html for further
infos).
OK, added, but nothing changed =\
/
/Context
WEB-INF/web.xml
security-constraint
web-resource-collection
web-resource-nameAdministrative Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameADGroupName/role-name
/auth-constraint
/security-constraint
security-role
description
The role that is required to view logs
/description
role-nameADGroupName/role-name
/security-role
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for
I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException:
localhost:389
[Root exception is java.net.ConnectException: A remote host refused
an
attempted connect operation.]
Since localhost is another server, than what you told us you had
configured, I think your context file is not being used. Search for
other context files, where you either have configured localhost or
misspelled connectionURL.
But the 389th port is only mentioned in myapp's config file and nowhere
else. So I assume that Tomcat tries to use myapp.xml, but fails for some
reason..
The other apps' context files are default - like this:
?xml version=1.0 encoding=UTF-8?
Context antiResourceLocking=false privileged=true /
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote
host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
telnet localhost 389 and see if you get any errors :)
bash-3.00$ telnet localhost 389
Trying...
telnet: connect: A remote host refused an attempted connect operation.
...but WHY is Tomcat trying to connect to localhost? It's clearly written
in the realm - connectionURL=ldap://raiffeisen.ru:389;
=(
Regards
Felix
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
---
This message and any attachment are confidential and may be
privileged or otherwise protected from disclosure. If you are not the
intended recipient any use, distribution, copying or disclosure is
strictly prohibited. If you have received this message in error,
please notify the sender immediately either by telephone or by e-mail
and delete this message and any attachment from your system.
Correspondence via e-mail is for information
Not able to get threadcount and thread busy metrices in Tocat 7.0
Hi , I am facing a problem. We used to monitor tomcat JVM and used to monitor current ThreadCount and current Threadbusy Recently we upgraded from tomcat 6.0 to tomcat 7.0.16 and we are not able to get these metrices . On digging in we found that in tomcat6.0 the thread pool metrices were retrieved by class org.apache.tomcat.util.threads.ThreadPool But in tomcat 7.0 there is no such class instead it is replace by org.apache.tomcat.util.threads.ThreadPoolExecutor which does not give the above parameters. So my question is tomcat 7.0 how can we get the above metrices P.S- Am new to tomcat so please bear if it is a silly question Regards Shashank
Re: Not able to get threadcount and thread busy metrices in Tocat 7.0
On 10/02/2012 13:03, Mendiratta, Shashank wrote: Hi , I am facing a problem. We used to monitor tomcat JVM and used to monitor current ThreadCount and current Threadbusy Recently we upgraded from tomcat 6.0 to tomcat 7.0.16 and we are not able to get these metrices . On digging in we found that in tomcat6.0 the thread pool metrices were retrieved by class org.apache.tomcat.util.threads.ThreadPool But in tomcat 7.0 there is no such class instead it is replace by org.apache.tomcat.util.threads.ThreadPoolExecutor which does not give the above parameters. So my question is tomcat 7.0 how can we get the above metrices P.S- Am new to tomcat so please bear if it is a silly question Please start a new thread, rather than replying to an existing one* and editing the reply/body - which is called thread-hijacking and puts your new message in the middle of an existing thread, for those of us using a threaded conversation view. p * Using Tomcat7 JDBC Connection Pool 09/02/2012 16:21 -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Fw: Problems with LDAP authentication
On 10/02/2012 11:53, Lev A KARATUN wrote:
Pid,
sorry, my english is not very good. What do you mean by raised that
particular issue too?
We mentioned that allowing uncontrolled access to the logs was a bad
idea. Your boss appears to agree.
That variable should be ${catalina.base}.
Actually, there is no variable in the config file, and it works pretty
fine.. I just did not want to insert the full path from / to the logs
folder into my letter and so I wrote just $CATALINA_BASE.
OK.
p
Best Regards,
Karatun Lev,
Pid p...@pidster.com
10.02.2012 15:33
Please respond to
Tomcat Users List users@tomcat.apache.org
To
Tomcat Users List users@tomcat.apache.org
cc
Subject
Re: Fw: Problems with LDAP authentication
On 10/02/2012 10:43, Lev A KARATUN wrote:
Does anybody have an idea?..
Hi again.
So, my boss told me that it's insecure to give anyone the password to
view
tomcat's logs and that should be an authentication based on Active
Directory.
I think we raised that particular issue too.
I've been reading the manuals for some time, and configured my Tomcat
the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
Context antiResourceLocking=false privileged=true
docBase=$CATALINA_BASE/logs reloadable=true
That variable should be ${catalina.base}.
p
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://raiffeisen.ru:389;
connectionName=myacco...@raiffeisen.ru (I also tried the
format connectionName=cn=myaccount,dc=raiffeisen,dc=ru - does it
matter
what format do I use?)
connectionPassword=mypassword
referrals=follow
userBase=OU=_Users,DC=raiffeisen,DC=ru
userSearch=(sAMAccountName={0})
userSubtree=true
roleBase=OU=_Groups,DC=raiffeisen,DC=ru
roleName=cn
roleSubtree=true
roleSearch=(member={0})
/
/Context
WEB-INF/web.xml
security-constraint
web-resource-collection
web-resource-nameAdministrative Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameADGroupName/role-name
/auth-constraint
/security-constraint
security-role
description
The role that is required to view logs
/description
role-nameADGroupName/role-name
/security-role
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException: localhost:389
[Root exception is java.net.ConnectException: A remote host refused an
attempted connect operation.]
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote
host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
I start Tomcat and get errors.
Can you please give me an idea about what am I doing wrong?
Thanks in advance.
Best Regards,
Karatun Lev.
---
This message and any attachment are confidential and may be privileged
or otherwise protected from disclosure. If you are not the intended
recipient any use, distribution, copying or disclosure is strictly
prohibited. If you have received this message in error, please notify the
sender immediately either by telephone or by e-mail and delete this
message and any attachment from your system. Correspondence via e-mail is
for information purposes only. ZAO Raiffeisenbank neither makes nor
accepts legally binding statements by e-mail unless otherwise agreed.
---
--
[key:62590808]
signature.asc
Description: OpenPGP digital signature
Re: Fw: Problems with LDAP authentication
On 10/02/2012 12:54, Lev A KARATUN wrote:
Please see my answers below.
Best Regards,
Karatun Lev,
Felix Schumacher felix.schumac...@internetallee.de wrote on 10.02.2012
15:31:43:
Felix Schumacher felix.schumac...@internetallee.de
10.02.2012 15:32
Please respond to
Tomcat Users List users@tomcat.apache.org
To
Tomcat Users List users@tomcat.apache.org
cc
Subject
Re: Fw: Problems with LDAP authentication
Am 10.02.2012 11:43, schrieb Lev A KARATUN:
Does anybody have an idea?..
Hi again.
So, my boss told me that it's insecure to give anyone the password to
view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my Tomcat
the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
Context antiResourceLocking=false privileged=true
docBase=$CATALINA_BASE/logs reloadable=true
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://raiffeisen.ru:389;
connectionName=myacco...@raiffeisen.ru (I also tried the
format connectionName=cn=myaccount,dc=raiffeisen,dc=ru - does it
matter
what format do I use?)
For normal ldap servers it would be the latter one, eg. a fully
qualified dn. ADS might accept the mail adress of the user, but I
frankly don't know.
Anyway, I tried both variants - the server refuses to accept the
connection
connectionPassword=mypassword
referrals=follow
userBase=OU=_Users,DC=raiffeisen,DC=ru
userSearch=(sAMAccountName={0})
userSubtree=true
roleBase=OU=_Groups,DC=raiffeisen,DC=ru
roleName=cn
roleSubtree=true
roleSearch=(member={0})
For ADS you might want to add adCompat=true (look at
http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html for further
infos).
OK, added, but nothing changed =\
/
/Context
WEB-INF/web.xml
security-constraint
web-resource-collection
web-resource-nameAdministrative Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameADGroupName/role-name
/auth-constraint
/security-constraint
security-role
description
The role that is required to view logs
/description
role-nameADGroupName/role-name
/security-role
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for
I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException:
localhost:389
[Root exception is java.net.ConnectException: A remote host refused
an
attempted connect operation.]
Since localhost is another server, than what you told us you had
configured, I think your context file is not being used. Search for
other context files, where you either have configured localhost or
misspelled connectionURL.
But the 389th port is only mentioned in myapp's config file and nowhere
else. So I assume that Tomcat tries to use myapp.xml, but fails for some
reason..
The other apps' context files are default - like this:
?xml version=1.0 encoding=UTF-8?
Context antiResourceLocking=false privileged=true /
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote
host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
telnet localhost 389 and see if you get any errors :)
bash-3.00$ telnet localhost 389
Trying...
telnet: connect: A remote host refused an attempted connect operation.
...but WHY is Tomcat trying to connect to localhost? It's clearly written
in the realm - connectionURL=ldap://raiffeisen.ru:389;
=(
That's why Felix said that he thought that this config wasn't the one
being used.
What is the name of the Context xml file in tomcat/conf/Catalina/localhost?
Is it logs.xml or myapp.xml or something else?
p
--
[key:62590808]
signature.asc
Description: OpenPGP digital signature
Re: Fw: Problems with LDAP authentication
Pid p...@pidster.com
10.02.2012 17:35
Please respond to
Tomcat Users List users@tomcat.apache.org
To
Tomcat Users List users@tomcat.apache.org
cc
Subject
Re: Fw: Problems with LDAP authentication
On 10/02/2012 12:54, Lev A KARATUN wrote:
Please see my answers below.
Best Regards,
Karatun Lev,
Felix Schumacher felix.schumac...@internetallee.de wrote on
10.02.2012
15:31:43:
Felix Schumacher felix.schumac...@internetallee.de
10.02.2012 15:32
Please respond to
Tomcat Users List users@tomcat.apache.org
To
Tomcat Users List users@tomcat.apache.org
cc
Subject
Re: Fw: Problems with LDAP authentication
Am 10.02.2012 11:43, schrieb Lev A KARATUN:
Does anybody have an idea?..
Hi again.
So, my boss told me that it's insecure to give anyone the password
to
view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my
Tomcat
the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
Context antiResourceLocking=false privileged=true
docBase=$CATALINA_BASE/logs reloadable=true
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://raiffeisen.ru:389;
connectionName=myacco...@raiffeisen.ru (I also tried the
format connectionName=cn=myaccount,dc=raiffeisen,dc=ru - does it
matter
what format do I use?)
For normal ldap servers it would be the latter one, eg. a fully
qualified dn. ADS might accept the mail adress of the user, but I
frankly don't know.
Anyway, I tried both variants - the server refuses to accept the
connection
connectionPassword=mypassword
referrals=follow
userBase=OU=_Users,DC=raiffeisen,DC=ru
userSearch=(sAMAccountName={0})
userSubtree=true
roleBase=OU=_Groups,DC=raiffeisen,DC=ru
roleName=cn
roleSubtree=true
roleSearch=(member={0})
For ADS you might want to add adCompat=true (look at
http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html for further
infos).
OK, added, but nothing changed =\
/
/Context
WEB-INF/web.xml
security-constraint
web-resource-collection
web-resource-nameAdministrative
Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameADGroupName/role-name
/auth-constraint
/security-constraint
security-role
description
The role that is required to view logs
/description
role-nameADGroupName/role-name
/security-role
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for
I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException:
localhost:389
[Root exception is java.net.ConnectException: A remote host refused
an
attempted connect operation.]
Since localhost is another server, than what you told us you had
configured, I think your context file is not being used. Search for
other context files, where you either have configured localhost or
misspelled connectionURL.
But the 389th port is only mentioned in myapp's config file and
nowhere
else. So I assume that Tomcat tries to use myapp.xml, but fails for
some
reason..
The other apps' context files are default - like this:
?xml version=1.0 encoding=UTF-8?
Context antiResourceLocking=false privileged=true /
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception
opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote
host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
telnet localhost 389 and see if you get any errors :)
bash-3.00$ telnet localhost 389
Trying...
telnet: connect: A remote host refused an attempted connect operation.
...but WHY is Tomcat trying to connect to localhost? It's clearly
written
in the realm - connectionURL=ldap://raiffeisen.ru:389;
=(
That's why Felix said that he thought that this config wasn't the one
being used.
What is the name of the Context xml file in
tomcat/conf/Catalina/localhost?
Is it logs.xml or myapp.xml or something else?
It is logs.xml
p
--
[key:62590808]
[attachment signature.asc
Not able to get threadcount and thread busy metrices in Tomcat 7.0
Hi , I am facing a problem. We used to monitor tomcat JVM and used to monitor current ThreadCount and current Threadbusy Recently we upgraded from tomcat 6.0 to tomcat 7.0.16 and we are not able to get these metrices . On digging in we found that in tomcat6.0 the thread pool metrices were retrieved by class org.apache.tomcat.util.threads.ThreadPool But in tomcat 7.0 there is no such class instead it is replace by org.apache.tomcat.util.threads.ThreadPoolExecutor which does not give the above parameters. So my question is tomcat 7.0 how can we get the above metrices P.S- Am new to tomcat so please bear if it is a silly question Regards Shashank
Re: Fw: Problems with LDAP authentication
Lev A KARATUN wrote: ... I've been reading the manuals for some time, and configured my Tomcat the following way: $CATALINA_BASE/conf/Catalina/localhost/myapp.xml Context antiResourceLocking=false privileged=true docBase=$CATALINA_BASE/logs reloadable=true ... That's why Felix said that he thought that this config wasn't the one being used. What is the name of the Context xml file in tomcat/conf/Catalina/localhost? Is it logs.xml or myapp.xml or something else? It is logs.xml Huh ? Is it just me, or does something not fit ? (or was this another edit before posting ?) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
programmatically determining connector startup failures
Hi everyone,
I'm using tomcat 6.0.32 on Windows 7. I have an application where I
programmatically start and stop a separate web application from within an
already running tomcat application. I do this by creating a new
StandardService, setting the server as
service.setServer(ServerFactory.getServer()) and creating/loading the
connectors, engine, etc... all before calling service.start() to fire
everything up.
Everything is working great, but I'm running into a small snag. Should a
connector of the service run into issues such as binding to a port, the
StandardService.start() seems to swallow the exception. It gets logged, but my
caller to service.start() has no way handling that failure.
StandardService.java (~line 539)
try {
((Lifecycle) connectors[i]).start();
} catch (Exception e) {
log.error(sm.getString(
standardService.connector.startFailed,
connectors[i]), e);
}
I've also looked into registering a LifecycleListener on the connector, but
that doesn't won't tell me whether or not the start had completed.
Are there any other options, other than extending and for the most part
duplicating the StandardService class, that might give me the ability to detect
a failed connector startup?
Regards,
E R I C K L I C H T A S
Linoma Software
Senior Software Engineer
p. 402.944.4242 x714
f. 402.944.4243
www.LinomaSoftware.comhttp://www.linomasoftware.com/
www.GoAnywhereMFT.comhttp://www.goanywheremft.com/
Re: Path parameters and getRequestURI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark, On 2/8/12 4:34 PM, Mark Thomas wrote: On 08/02/2012 21:25, Christopher Schultz wrote: Unfortunately, the servlet spec is far from clear on how path parameters should be handled. I hope to get clarity in 3.1 with [1] In fact, it might actually contradict itself. Section 3.5 of spec version 3.0 has this to say about request URI, servlet context, and servlet path: It is important to note that, except for URL encoding differences between the request URI and the path parts, the following equation is always true: requestURI = contextPath + servletPath + pathInfo I'm fairly sure that encoding differences do not include missing (or present) path parameters -- I assume they mean URL encoding. In Appendix 8, one of the changes since 2.3 was Clarification of handling of path parameters for the mapping (11.1). That section now seems to be 12.1 in the 3.0 spec (as you have referred in your previous post). 12.1 says that the path matched against url-patterns in web.xml comes from the request URL minus the context path and path parameters, so that's pretty clear. Nothing else is really clear other than that invariant equation which is at least suspicious. Tomcat no longer follows the invariant equation shown above. I hope the expert group weighs-in on this sooner rather than later. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk81O7cACgkQ9CaO5/Lv0PDI1ACdHU6pGVHrEI/dbUV0PeNNawTT TloAoKGiPK9NbmzUQTn5JBgmLziSxPNY =Nw5J -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and URL rewriting/proxying?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Casper, On 2/10/12 2:20 AM, Casper Wandahl Schmidt wrote: Well at least I don't have to restart tomcat for the changes to take effect :) Maybe I would take some time to look at how tomcat reads from server.xml and how the host-manager works and perhaps find a way to persist the changes :) Any clues as to where to look for that part of the code? The host manager webapp is in the main part of the TC code, but it's all contained in a single package: org/apache/catalina/manager/host. It's 3 classes, one of which looks like it's nothing but constants. It should be fairly clear how the host manager is doing its work, but re-writing XML is a risky business because most people don't like to lose the comments and spacing, etc. that they have explicitly put into their configuration files. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk81PJEACgkQ9CaO5/Lv0PD07gCfYsVGZfu+YqUiRrnFXx4eZBzs IOAAoJxFIoUnjuY8gTAx/brXxZkpaIEq =xMt0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Not able to get threadcount and thread busy metrices in Tomcat 7.0
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Shashank, On 2/10/12 8:42 AM, Mendiratta, Shashank wrote: I am facing a problem. We used to monitor tomcat JVM and used to monitor current ThreadCount and current Threadbusy Recently we upgraded from tomcat 6.0 to tomcat 7.0.16 and we are not able to get these metrices . On digging in we found that in tomcat6.0 the thread pool metrices were retrieved by class org.apache.tomcat.util.threads.ThreadPool But in tomcat 7.0 there is no such class instead it is replace by org.apache.tomcat.util.threads.ThreadPoolExecutor which does not give the above parameters. What about these methods in the ThreadPoolExecutor's superclass: getCorePoolSize getActiveCount Those appear to be exactly what you're looking for. You could also use JMX if you were so inclined. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk81PXMACgkQ9CaO5/Lv0PBH4wCfahdW1zxzYczG9B/CsSHAk95c 7q0AoMK71FGkaDUUVSFBvpumg+qQsc+S =CE3k -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: programmatically determining connector startup failures
On 10/02/2012 15:38, Erick Lichtas wrote:
Hi everyone,
I'm using tomcat 6.0.32 on Windows 7. I have an application where I
programmatically start and stop a separate web application from
within an already running tomcat application. I do this by creating
a new StandardService, setting the server as
service.setServer(ServerFactory.getServer()) and creating/loading the
connectors, engine, etc... all before calling service.start() to fire
everything up.
Everything is working great, but I'm running into a small snag.
Should a connector of the service run into issues such as binding to
a port, the StandardService.start() seems to swallow the exception.
It gets logged, but my caller to service.start() has no way handling
that failure.
StandardService.java (~line 539) try { ((Lifecycle)
connectors[i]).start(); } catch (Exception e) {
log.error(sm.getString( standardService.connector.startFailed,
connectors[i]), e); }
I've also looked into registering a LifecycleListener on the
connector, but that doesn't won't tell me whether or not the start
had completed.
connector.isAvailable() ?
Are there any other options, other than extending and for the most
part duplicating the StandardService class, that might give me the
ability to detect a failed connector startup?
Upgrade to 7.0.x where all this was completely re-written?
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: programmatically determining connector startup failures
Mark,
Thanks for the reply! I am aware that there are changes to this in Tomcat 7
and will definitely get there, but will wait until we move to JSF 2.x (which is
hopefully sooner than later).
Unfortunately the start flag in the Connector will be true if connector.start()
is called, regardless of the success of the operation, so isAvailable() will
always return true in my case.
Regards
E R I C K L I C H T A S
Linoma Software
Senior Software Engineer
p. 402.944.4242 x714
f. 402.944.4243
www.LinomaSoftware.com
www.GoAnywhereMFT.com
-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Friday, February 10, 2012 9:55 AM
To: Tomcat Users List
Subject: Re: programmatically determining connector startup failures
On 10/02/2012 15:38, Erick Lichtas wrote:
Hi everyone,
I'm using tomcat 6.0.32 on Windows 7. I have an application where I
programmatically start and stop a separate web application from within
an already running tomcat application. I do this by creating a new
StandardService, setting the server as
service.setServer(ServerFactory.getServer()) and creating/loading the
connectors, engine, etc... all before calling service.start() to fire
everything up.
Everything is working great, but I'm running into a small snag.
Should a connector of the service run into issues such as binding to a
port, the StandardService.start() seems to swallow the exception.
It gets logged, but my caller to service.start() has no way handling
that failure.
StandardService.java (~line 539) try { ((Lifecycle)
connectors[i]).start(); } catch (Exception e) {
log.error(sm.getString( standardService.connector.startFailed,
connectors[i]), e); }
I've also looked into registering a LifecycleListener on the
connector, but that doesn't won't tell me whether or not the start had
completed.
connector.isAvailable() ?
Are there any other options, other than extending and for the most
part duplicating the StandardService class, that might give me the
ability to detect a failed connector startup?
Upgrade to 7.0.x where all this was completely re-written?
Mark
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 5.5.35 as Windows Service Java Opts
Hi, I am trying to configure some additional parameters for a tomcat installation Tomcat5.5.35 Windows Server 2003 Due to the nature of the WebService to be hosted on this tomcat installation I would like to increase the Eden heap size. With my previous Linux Implementations adding -XX:NewSize=1234m to my java opts worked, however if i try to add this to the service in Windows, the value appears to be ignored. [image: image.png] It appears in the VM arguments, but the value is not propogated to the Heap Configurations. [image: image.png] [image: image.png] *Max: 838,912 kbytes* * * I appreciate any assistance in this matter. Regards -- *Mitchell Smith* The information contained in this email (and any attachments) is confidential and may be privileged. If you are not the intended recipient and have received this email in error, please notify the sender immediately by reply email and delete the message and any attachments. If you are not the named addressee, you must not copy, disclose, forward or otherwise use the information contained in this email. Cable Wireless Communications Plc and its affiliates reserve the right to monitor all email communications through their networks to ensure regulatory compliance. Cable Wireless Communications Plc is a company registered in England Wales with number: 07130199 and offices located at 3rd Floor, 26 Red Lion Square, London WC1R 4HQ
Re: mod_jk and URL rewriting/proxying?
On 10 Feb 2012, at 07:21, Casper Wandahl Schmidt kalle.pri...@gmail.com wrote: Den 09-02-2012 22:02, Christopher Schultz skrev: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Casper, On 2/9/12 1:43 PM, Casper Wandahl Schmidt wrote: Den 09-02-2012 19:36, Caldarale, Charles R skrev: From: Casper Wandahl Schmidt [mailto:kalle.pri...@gmail.com] Subject: mod_jk and URL rewriting/proxying? I don't want the app to become ROOT since I have another app that should be running as ROOT. And how is that one accessed? From what you described it sounds like you want the same URL to hit different webapps based on the mindset of the user. Ha my bad. I use separate subdomains. Right now the localhost-host uses the default ROOT (the one shipped with Tomcat) but I plan to use another webapp later. I dont like the fact that I need to restart tomcat each time I need to add a new host Restart not required; use the host-manager webapp to add them on the fly. Nice, that will be the thing to do then :) Thanks for the tip! IIRC, the host-manager won't save the server.xml back to disk, so you'll have to remember to update your server.xml whenever you want to hot-deploy a new domain name, anyway. Well at least I don't have to restart tomcat for the changes to take effect :) Maybe I would take some time to look at how tomcat reads from server.xml and how the host-manager works and perhaps find a way to persist the changes :) Any clues as to where to look for that part of the code? Look for the digester package to see how Tomcat reads from server.xml. p Casper - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk80NH0ACgkQ9CaO5/Lv0PAOYACeOE6TRto+xkg05iMtKiOUcyvP FSUAnROQ2VOQT+GxkHMV1nYwaIdjOD+d =3Kim -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: controlling Server Authentication only vs Mutual authentication
Found a solution to this. In case anyone is interested in, I gave my server two IP addresses and used two connectors with the two IP address in the address= field of the connectors. I set one of them to clientAuth=true and the other clientAuth=false. I do have to do a redirect from one to the other when I would've preferred to forward, but otherwise this solution works. -Original Message- From: Sanjeev Sharma [mailto:sanjeev.sha...@buchanan-edwards.com] Sent: Thursday, February 09, 2012 11:18 AM To: Tomcat Users List Subject: controlling Server Authentication only vs Mutual authentication Hi, I work on an java web-app running on Tomcat 7. The entire application is required be doing SSL on port 443 (everything is accessed via https://). Two different login options are given to the user : username/password or client certificate authentication. We employ application-managed security as opposed to contain-manage (i.e. we don't use realms). I have the following connector in my server.xml : Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true keystoreFile=d:\certs\server_cert.jks keystorePass=changeit truststoreFile=d:\certs\truststore.jks truststorePass=changeit clientAuth=true sslProtocol=TLS / This forces mutual authentication on anything I try to access using https. How can I configure tomcat so that only specific links (a specific struts action for example) would require mutual authentication or how can I exclude from the mutual authentication. Thanks, Sanjeev.
Re: Tomcat 5.5.35 as Windows Service Java Opts
Smith, Mitchell wrote: Hi, I am trying to configure some additional parameters for a tomcat installation Tomcat5.5.35 Windows Server 2003 32-bit ? JVM 32-bit ? Due to the nature of the WebService to be hosted on this tomcat installation I would like to increase the Eden heap size. With my previous Linux Implementations adding -XX:NewSize=1234m to my java opts worked, however if i try to add this to the service in Windows, the value appears to be ignored. [image: image.png] The image appears to have been stripped by the mail server. It appears in the VM arguments, but the value is not propogated to the Heap Configurations. If the system and JVM are 32-bit, you only have about 2 GB of addressable space per process (even if the system has a lot more RAM in total). I believe that the JVM may ignore the argument if it is too large. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fw: Problems with LDAP authentication
Am Freitag, den 10.02.2012, 16:54 +0400 schrieb Lev A KARATUN:
Felix Schumacher felix.schumac...@internetallee.de wrote on 10.02.2012
15:31:43:
Felix Schumacher felix.schumac...@internetallee.de
10.02.2012 15:32
Hi again.
So, my boss told me that it's insecure to give anyone the password to
view
tomcat's logs and that should be an authentication based on Active
Directory.
I've been reading the manuals for some time, and configured my Tomcat
the
following way:
$CATALINA_BASE/conf/Catalina/localhost/myapp.xml
Context antiResourceLocking=false privileged=true
docBase=$CATALINA_BASE/logs reloadable=true
Realm className=org.apache.catalina.realm.JNDIRealm
connectionURL=ldap://raiffeisen.ru:389;
connectionName=myacco...@raiffeisen.ru (I also tried the
format connectionName=cn=myaccount,dc=raiffeisen,dc=ru - does it
matter
what format do I use?)
For normal ldap servers it would be the latter one, eg. a fully
qualified dn. ADS might accept the mail adress of the user, but I
frankly don't know.
Anyway, I tried both variants - the server refuses to accept the
connection
No wonder, since your error message below tells us, that tomcat is
talking to localhost instead of raiffeisen.ru :)
connectionPassword=mypassword
referrals=follow
userBase=OU=_Users,DC=raiffeisen,DC=ru
userSearch=(sAMAccountName={0})
userSubtree=true
roleBase=OU=_Groups,DC=raiffeisen,DC=ru
roleName=cn
roleSubtree=true
roleSearch=(member={0})
For ADS you might want to add adCompat=true (look at
http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html for further
infos).
OK, added, but nothing changed =\
Again, no wonder.
/
/Context
WEB-INF/web.xml
security-constraint
web-resource-collection
web-resource-nameAdministrative Area/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameADGroupName/role-name
/auth-constraint
/security-constraint
security-role
description
The role that is required to view logs
/description
role-nameADGroupName/role-name
/security-role
I also placed LDAP.jar into $CATALINA_BASE/lib, restarted tomcat for
I think, that is not needed since java 1.4.x, even if it is mentioned in
the howto :( I have never used that ldap.jar and wouldn't even know
where to get it. But my jndi-Realms work.
I
guess a hundred times, but every time I'm getting a message in
catalina.out:
Throwable occurred: LifecycleException: Exception opening directory
server connection: javax.naming.CommunicationException:
localhost:389
[Root exception is java.net.ConnectException: A remote host refused
an
attempted connect operation.]
Since localhost is another server, than what you told us you had
configured, I think your context file is not being used. Search for
other context files, where you either have configured localhost or
misspelled connectionURL.
But the 389th port is only mentioned in myapp's config file and nowhere
else. So I assume that Tomcat tries to use myapp.xml, but fails for some
reason..
Don't look for 389 explicitly, since that is the default port as is
localhost the default host. Search for another context configuration,
which could be used.
The other apps' context files are default - like this:
?xml version=1.0 encoding=UTF-8?
Context antiResourceLocking=false privileged=true /
I somehow doubt that privileged=true is default and that you need it,
but it is certainly irrelevant to your problems.
and
SEVERE: Error deploying configuration descriptor myapp.xml
Throwable occurred: java.lang.IllegalStateException:
ContainerBase.addChild: start: LifecycleException: Exception opening
directory server connection: javax.naming.CommunicationException:
localhost:389 [Root exception is java.net.ConnectException: A remote
host
refused an attempted connect operation.]
I tried to telnet raiffeisen.ru by port 389 and got connected.
I installed JXplorer, entered hostname, port, my credentials and got
connected.
telnet localhost 389 and see if you get any errors :)
bash-3.00$ telnet localhost 389
Trying...
telnet: connect: A remote host refused an attempted connect operation.
...but WHY is Tomcat trying to connect to localhost? It's clearly written
in the realm - connectionURL=ldap://raiffeisen.ru:389;
=(
Either ldap.jar confuses it, or it uses another context file, or you
have a typo in your context file, which is not present in the config you
have shown us.
Regards
Felix
Regards
Felix
I
Configuring Tomcat 6 to only start the default manager webapp
Hi, I was wondering if anyone knew how to configure Tomcat (6.0.26) to only start the default app when the Tomcat service starts. I have many webapps deployed so that they are accessible when I need them and I don't have to re-deploy/configure them later, but I don't like that they all start up when the service starts. I've tried searching around for this, but haven't had any luck so far. I found one entry in the mail list archives, but it was talking about disabling the auto deploy which I don't think will help me here. Thanks in advance, Matt Marleau - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
