RE: Tomcat doesn't process error messages
SOAP service logic should manipulate the message, but there is need to receive message from Tomcat by reading it's input stream. Problem is, there is only error stream cointaining tomcat error coming from Tomcat. I think it is caused by message from web service, which cointains HTTP/1.1 500 Internal Server Error in HTTP protocol and SOAP message is not forwarded. It seems to me like common logic, but i don't know, how to set Tomcat to forward these messages to input stream. -Original Message- From: Igor Cicimov [mailto:icici...@gmail.com] Sent: 3. ledna 2013 1:44 To: Tomcat Users List Subject: Re: Tomcat doesn't process error messages On Thu, Jan 3, 2013 at 1:33 AM, Husarik, Branko branko.husa...@hp.comwrote: Hello, I am a bit desperate thanks to my issue with Tomcat, which seems to be like common matter. I am using Tomcat 6.0.35 as a proxy between Oracle and Web service. Tomcat is running on AIX Version 6.1. There is send request http message from Oracle to the Proxy and message is forwarded to the Web service as https. Web services responses https message to Proxy and it is send back to Oracle as http. When Web service responds HTTP/1.1 200 OK, everything works well and the Soap Message is correctly forwarded back to Oracle. When Web service responds HTTP/1.1 500 Internal Server Error, proxy fails during getInputStream() method. There is thrown IOException and Soap message is not forwarded back. Error message is Server returned HTTP response code: 500 for URL: https://hktibt.rdm.cz:39990/; and cause is null. I tried to add getErrorStream() executing in case getInputStream() is not working, but the result is null. Please do you know some way, how to process incoming Error messages? Is it caused by bad setup of configuration? Thank you very much. I am attaching both responses from web service: HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=utf-8 Content-Length: 878 Date: Wed, 02 Jan 2013 13:15:24 GMT ?xml version=1.0 encoding=UTF-8?SOAP-ENV:Envelope xmlns:SOAP-ENV= http://schemas.xmlsoap.org/soap/envelope/;SOAP-ENV:Bodyns0:Activat eServiceRes xmlns:ns0=http://selfcare.ei.tmobile.cz/datatypes;ns0:eiMessageCont extns1:sender xmlns:ns1=http://messaging.ei.tmobile.net/datatypes;VCCNG/ns1:sende rns1:correlationId xmlns:ns1=http://messaging.ei.tmobile.net/datatypes;1201138552/ ns1:correlationId/ns0:eiMessageContextns0:datans0:ServiceHeader xmlns:ns1=http://messaging.ei.tmobile.net/datatypes; xmlns:xsd= http://www.w3.org/2001/XMLSchema; xmlns:env= http://schemas.xmlsoap.org/soap/envelope/; xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance ns0:userNamesa/ns0:userName/ns0:ServiceHeaderns0:OmsStatusn s0:orderStatusIN-PROCESS/ns0:orderStatus/ns0:OmsStatus/ns0:data /ns0:ActivateServiceRes/SOAP-ENV:Body/SOAP-ENV:Envelope HTTP/1.1 500 Internal Server Error Server: Apache-Coyote/1.1 Content-Type: text/xml;charset=utf-8 Content-Length: 1407 Date: Wed, 02 Jan 2013 13:28:33 GMT Connection: close ?xml version=1.0 encoding=UTF-8?SOAP-ENV:Envelope xmlns:SOAP-ENV= http://schemas.xmlsoap.org/soap/envelope/;SOAP-ENV:BodySOAP-ENV:Fa ultfaultcode xmlns=SOAP-ENV:Server/faultcodefaultstring xmlns=This is an operation implementation generated fault/faultstringfaultactor xmlns=/detail xmlns=ns:BusinessServiceException xmlns:xs= http://www.w3.org/2001/XMLSchema; xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance; xmlns:ns= http://selfcare.ei.tmobile.cz/datatypes; xmlns:ns0= http://schemas.xmlsoap.org/soap/envelope/;ns0:eiMessageContext xmlns:ns0=http://messaging.ei.tmobile.net/datatypes;ns0:senderVCCN G/ns0:senderns0:correlationId1213075712/ns0:correlationId/n s0:eiMessageContextns1:timestamp xmlns:ns1=http://messaging.ei.tmobile.net/datatypes;2013-01-02T14:28 :33.392+01:00/ns1:timestampns1:exceptionClass xmlns:ns1=http://messaging.ei.tmobile.net/datatypes;100204/ns1: exceptionClassns1:furtherInfo xmlns:ns1=http://messaging.ei.tmobile.net/datatypes;Validation error/ns1:furtherInfons:breData xmlns:ns0= http://www.tibco.com/schemas/BS_SA/Internal;ns1:reason xmlns:ns1= http://selfcare.ei.tmobile.cz/datatypes;NOT_PROPER_TARIFF/ns1:reason ns1:textInfo xmlns:ns1=http://selfcare.ei.tmobile.cz/datatypes ./ns1:textInfo/ns:breData/ns:BusinessServiceException/detail /SOAP-ENV:Fault/SOAP-ENV:Body/SOAP-ENV:Envelope Best Regards Braňko Shouldn't this be handled by the SOAP service logic running on the tomcat server?
Re: Tomcat doesn't process error messages
Husarik, Branko wrote: SOAP service logic should manipulate the message, but there is need to receive message from Tomcat by reading it's input stream. Problem is, there is only error stream cointaining tomcat error coming from Tomcat. I think it is caused by message from web service, which cointains HTTP/1.1 500 Internal Server Error in HTTP protocol and SOAP message is not forwarded. It seems to me like common logic, but i don't know, how to set Tomcat to forward these messages to input stream. Hi. Personally, I do not understand what you are trying to say. I believe that there is some incorrect understanding on your part of how this is supposed to work. In the scenario as you describe it, - Oracle is the HTTP client for Tomcat (just like any browser could be a client) - inside Tomcat, runs some webapp which happens to be a SOAP proxy. What this webapp does, is unknown to Tomcat. As far as Tomcat is concerned, this webapp is supposed to process some HTTP requests (depending on the URL of the request), and generate a HTTP response. Schematically, we have this : request : Oracle client -- HTTP -- Tomcat -- webapp (-- (unknown to Tomcat)) response : ( (unknown to Tomcat) -- ) webapp -- Tomcat -- HTTP -- Oracle client Repeat : what the webapp does inside is unknown and of (almost) no interest to Tomcat. (For example, if the webapp uses HTTPS to communicate with something else, Tomcat never knows this, and never plays any role in that part) So in this case, if the webapp generates a response which happens to be a 500 error, Tomcat will forward this to the (Oracle client). Tomcat will never read any input stream coming back from the webapp or anything like this. It is the webapp which is responsible for that kind of thing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat doesn't process error messages
Hello, I will try to clarify the process as I see it: Request message sending process from Oracle to Web Service Oracle -- HTTP -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTPS -- Web Service Response message receiving process from Web Service to Oracle Web Service-- HTTPS -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTP -- Oracle The problem occures during the receiving stage (Tomcat -- Input/Output stream -- webapp) when the response from Web service cointains HTTP/1.1 500 Internal Server Error Webapp modifies the message (for example it adds basic authentication). I hope I don't miss something Big. Braňko -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: 3. ledna 2013 11:23 To: Tomcat Users List Subject: Re: Tomcat doesn't process error messages Husarik, Branko wrote: SOAP service logic should manipulate the message, but there is need to receive message from Tomcat by reading it's input stream. Problem is, there is only error stream cointaining tomcat error coming from Tomcat. I think it is caused by message from web service, which cointains HTTP/1.1 500 Internal Server Error in HTTP protocol and SOAP message is not forwarded. It seems to me like common logic, but i don't know, how to set Tomcat to forward these messages to input stream. Hi. Personally, I do not understand what you are trying to say. I believe that there is some incorrect understanding on your part of how this is supposed to work. In the scenario as you describe it, - Oracle is the HTTP client for Tomcat (just like any browser could be a client) - inside Tomcat, runs some webapp which happens to be a SOAP proxy. What this webapp does, is unknown to Tomcat. As far as Tomcat is concerned, this webapp is supposed to process some HTTP requests (depending on the URL of the request), and generate a HTTP response. Schematically, we have this : request : Oracle client -- HTTP -- Tomcat -- webapp (-- (unknown to Tomcat)) response : ( (unknown to Tomcat) -- ) webapp -- Tomcat -- HTTP -- Oracle client Repeat : what the webapp does inside is unknown and of (almost) no interest to Tomcat. (For example, if the webapp uses HTTPS to communicate with something else, Tomcat never knows this, and never plays any role in that part) So in this case, if the webapp generates a response which happens to be a 500 error, Tomcat will forward this to the (Oracle client). Tomcat will never read any input stream coming back from the webapp or anything like this. It is the webapp which is responsible for that kind of thing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Limiting threads per context
Hello All, Yesterday we had a Tomcat6 server reach maxThreads and stay that way until we restarted it. After researching a thread dump and some log files, we found one of the applications is creating NullPointerExceptions and subsequently leaving a TP-ProcessorX in WAITING state indefinitely for a DB closePreparedStatement return. As more requests come in for this application threads are being established and put into BLOCKED state, waiting on TP-ProcessorX. Eventually, the server hits maxThreads and stops serving requests almost entirely. Obviously the application causing this needs to (and is being) fixed. But I'm curious if there is a higher level of protection that could be implemented to help protect the other applications (contexts) on this server? For example, is there a way to specify that a context can only use X number of request threads? Or perhaps X number of threads from an executor? Et cetera. I haven't seen anything in the docs that would do this, but it never hurts to ask. Here's our server info in case it's helpful: OS: Ubuntu 12.04 64-bit Front-end Server: Apache 2.2.22 (mod_ajp to back-end via Balancer setup) Back-end App Server: Tomcat 6.0.24 (AJP HTTP connectors, no executor) Java -version output: java version 1.6.0_20 OpenJDK Runtime Environment (IcedTea6 1.9.13) (6b20-1.9.13-0ubuntu1~10.04.1) OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode) Thanks, Kyle Harper (Ignore the stupid privacy message below... automated by mail server) This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Limiting threads per context
-Original Message- From: kharp...@oreillyauto.com [mailto:kharp...@oreillyauto.com] Sent: Thursday, January 03, 2013 8:31 AM To: users@tomcat.apache.org Subject: Limiting threads per context Hello All, Yesterday we had a Tomcat6 server reach maxThreads and stay that way until we restarted it. After researching a thread dump and some log files, we found one of the applications is creating NullPointerExceptions and subsequently leaving a TP-ProcessorX in WAITING state indefinitely for a DB closePreparedStatement return. As more requests come in for this application threads are being established and put into BLOCKED state, waiting on TP-ProcessorX. Eventually, the server hits maxThreads and stops serving requests almost entirely. Obviously the application causing this needs to (and is being) fixed. But I'm curious if there is a higher level of protection that could be implemented to help protect the other applications (contexts) on this server? For example, is there a way to specify that a context can only use X number of request threads? Or perhaps X number of threads from an executor? Et cetera. I haven't seen anything in the docs that would do this, but it never hurts to ask. Here's our server info in case it's helpful: OS: Ubuntu 12.04 64-bit Front-end Server: Apache 2.2.22 (mod_ajp to back-end via Balancer setup) Back-end App Server: Tomcat 6.0.24 (AJP HTTP connectors, no executor) Java -version output: java version 1.6.0_20 OpenJDK Runtime Environment (IcedTea6 1.9.13) (6b20-1.9.13-0ubuntu1~10.04.1) OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode) Thanks, Kyle Harper Kyle - Processor threads are tied to connectors, either directly or via executors. Therefore, if these are all contexts under one host, or you are sharing the connector (IP/port pair) for multiple hosts, I don't think there is anything you can do. However, since you are front-ending with apache, you might be able to set up multiple connectors (IP/port pair) on the Tomcat server and use the front end to direct each context to a different connector. In this case, you can probably ignore setting up the executors, since you are not going to be sharing threads between the contexts. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat doesn't process error messages
On Thu, 2013-01-03 at 12:42 +, Husarik, Branko wrote: Hello, I will try to clarify the process as I see it: Request message sending process from Oracle to Web Service Oracle -- HTTP -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTPS -- Web Service Response message receiving process from Web Service to Oracle Web Service-- HTTPS -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTP -- Oracle The problem occures during the receiving stage (Tomcat -- Input/Output stream -- webapp) when the response from Web service cointains HTTP/1.1 500 Internal Server Error Webapp modifies the message (for example it adds basic authentication). I hope I don't miss something Big. Sounds like 'webapp' is what you referred to as the 'Proxy' in your original message? And it sounds like it's the 'webapp' that's discarding the SOAP response. Perhaps when it sees the 500 HTTP response code it simply discards the body of the response and sends that generic error message instead -- e.g. by calling sendError() and letting Tomcat generate it's default error response or the webapp's error page (if one is defined)? Depending on which component you have control over you can either: 1. Modify the 'webapp' to unconditionally send back the response body (perhaps by modifying it's error page if one is defined) -- OR -- 2. Modify the Web Service to reply with a 200 HTTP response code even if the service request fails. #2 seems the more reasonable approach to me since the failure is on the service level not the HTTP level. But in either case there's no tweaking in Tomcat itself that will fix this. Braňko -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: 3. ledna 2013 11:23 To: Tomcat Users List Subject: Re: Tomcat doesn't process error messages Husarik, Branko wrote: SOAP service logic should manipulate the message, but there is need to receive message from Tomcat by reading it's input stream. Problem is, there is only error stream cointaining tomcat error coming from Tomcat. I think it is caused by message from web service, which cointains HTTP/1.1 500 Internal Server Error in HTTP protocol and SOAP message is not forwarded. It seems to me like common logic, but i don't know, how to set Tomcat to forward these messages to input stream. Hi. Personally, I do not understand what you are trying to say. I believe that there is some incorrect understanding on your part of how this is supposed to work. In the scenario as you describe it, - Oracle is the HTTP client for Tomcat (just like any browser could be a client) - inside Tomcat, runs some webapp which happens to be a SOAP proxy. What this webapp does, is unknown to Tomcat. As far as Tomcat is concerned, this webapp is supposed to process some HTTP requests (depending on the URL of the request), and generate a HTTP response. Schematically, we have this : request : Oracle client -- HTTP -- Tomcat -- webapp (-- (unknown to Tomcat)) response : ( (unknown to Tomcat) -- ) webapp -- Tomcat -- HTTP -- Oracle client Repeat : what the webapp does inside is unknown and of (almost) no interest to Tomcat. (For example, if the webapp uses HTTPS to communicate with something else, Tomcat never knows this, and never plays any role in that part) So in this case, if the webapp generates a response which happens to be a 500 error, Tomcat will forward this to the (Oracle client). Tomcat will never read any input stream coming back from the webapp or anything like this. It is the webapp which is responsible for that kind of thing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: This is a digitally signed message part
RE: Tomcat doesn't process error messages
On Thu, 2013-01-03 at 12:42 +, Husarik, Branko wrote: Hello, I will try to clarify the process as I see it: Request message sending process from Oracle to Web Service Oracle -- HTTP -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTPS -- Web Service Response message receiving process from Web Service to Oracle Web Service-- HTTPS -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTP -- Oracle The problem occures during the receiving stage (Tomcat -- Input/Output stream -- webapp) when the response from Web service cointains HTTP/1.1 500 Internal Server Error I just re-read your original email and I may have missed something. Are you saying that you get an IOException when you call request.getInputStream() during a 500 response? If so can you please post the stack trace. Webapp modifies the message (for example it adds basic authentication). I hope I don't miss something Big. Braňko -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: 3. ledna 2013 11:23 To: Tomcat Users List Subject: Re: Tomcat doesn't process error messages Husarik, Branko wrote: SOAP service logic should manipulate the message, but there is need to receive message from Tomcat by reading it's input stream. Problem is, there is only error stream cointaining tomcat error coming from Tomcat. I think it is caused by message from web service, which cointains HTTP/1.1 500 Internal Server Error in HTTP protocol and SOAP message is not forwarded. It seems to me like common logic, but i don't know, how to set Tomcat to forward these messages to input stream. Hi. Personally, I do not understand what you are trying to say. I believe that there is some incorrect understanding on your part of how this is supposed to work. In the scenario as you describe it, - Oracle is the HTTP client for Tomcat (just like any browser could be a client) - inside Tomcat, runs some webapp which happens to be a SOAP proxy. What this webapp does, is unknown to Tomcat. As far as Tomcat is concerned, this webapp is supposed to process some HTTP requests (depending on the URL of the request), and generate a HTTP response. Schematically, we have this : request : Oracle client -- HTTP -- Tomcat -- webapp (-- (unknown to Tomcat)) response : ( (unknown to Tomcat) -- ) webapp -- Tomcat -- HTTP -- Oracle client Repeat : what the webapp does inside is unknown and of (almost) no interest to Tomcat. (For example, if the webapp uses HTTPS to communicate with something else, Tomcat never knows this, and never plays any role in that part) So in this case, if the webapp generates a response which happens to be a 500 error, Tomcat will forward this to the (Oracle client). Tomcat will never read any input stream coming back from the webapp or anything like this. It is the webapp which is responsible for that kind of thing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: This is a digitally signed message part
Re: Secure AJP load balancing problem
Thanks Mark, I am working on parallely setting up another environment with Tomcat 6.x, however to clear an urgent audit I need to show the Apache connector uses secure protocol to exchange the data between Apache and tomcat. Both these servers are in DMZ and on different servers. Hello Chris, Thanks for your valuable advice, here is how my configuration looks like. *Apache conf:* ProxyPassMatch ^/(.*\.jsp|.*\.do)(;jsessionid=.*)?$ balancer://lb1/$1 *Balancer Conf:* Proxy balancer://lb1 BalancerMember https://tomcat02.us.rdigest.com:8443 BalancerMember https://tomcat02.us.rdigest.com:8543 ProxySet stickysession=JSESSIONID ProxySet nofailover=Off /Proxy *Tomcat conf:* Tomcat1: Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / Tomcat2: Connector port=8543 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / Thanks again for your assistance extended. Regards, Arun Janarthanan On Wed, Jan 2, 2013 at 10:38 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arun, On 1/2/13 4:45 PM, Arunkumar Janarthanan wrote: I have Apache 2.2.22 and Tomcat 5.5 running on SSL 8443, I have tried my balancer members to use HTTPS port So you are trying to use HTTPS over AJP? Did you mean APR? Please post your Connectors from server.xml and your relevant httpd configuration (e.g. ProxyPass). It would also be helpful if you were to describe any transport-guarantee that you may have in your web application(s). and finds the JSP pages doing ok for some reason the struts / action servlets would not accept secure protocol instead it redirects infinitely with the Tomcat server hostname and non-ssl port. Try a protocol trace using something like Mozilla Firefox's web console or similar tools for other web browsers. This will show you the request as sent by the browser and the response as seen by the browser: it should show the pattern you describe above with more detail. Anybody had similar experience try configuring secure connectors on such environment ? FWIW, I use stunnel to secure the back-channel between httpd and Tomcat (using an AJP connector). While I haven't actually performance-tested the two configurations against each other, my rationale for this configuration was to reduce the number of SSL handshakes that occur between httpd and Tomcat. Also, I've always used AJP to tunneling AJP made more sense for us than switching-over to HTTPS reverse-proxying. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEAREIAAYFAlDk/TMACgkQ9CaO5/Lv0PAidwCgguSezH47shnxzVXOBF564rFm piIAnAy/8p0uTsF5Uxh2ViGVT7PFwgPY =sm58 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat doesn't process error messages
On Thu, 2013-01-03 at 12:42 +, Husarik, Branko wrote: Hello, I will try to clarify the process as I see it: Request message sending process from Oracle to Web Service Oracle -- HTTP -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTPS -- Web Service Response message receiving process from Web Service to Oracle Web Service-- HTTPS -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTP -- Oracle It's also important to note that in the WebService--webapp path the webapp is acting as an HTTP client. If I'm understanding you correctly then, if the webapp calls request.getInputStream() that stream would be connected to the Oracle client NOT the WebService. Since the request has already been completely read (and presumably closed?) it's understandable that you would get an IOException trying to read from it. The problem occures during the receiving stage (Tomcat -- Input/Output stream -- webapp) when the response from Web service cointains HTTP/1.1 500 Internal Server Error Webapp modifies the message (for example it adds basic authentication). I hope I don't miss something Big. Braňko -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: 3. ledna 2013 11:23 To: Tomcat Users List Subject: Re: Tomcat doesn't process error messages Husarik, Branko wrote: SOAP service logic should manipulate the message, but there is need to receive message from Tomcat by reading it's input stream. Problem is, there is only error stream cointaining tomcat error coming from Tomcat. I think it is caused by message from web service, which cointains HTTP/1.1 500 Internal Server Error in HTTP protocol and SOAP message is not forwarded. It seems to me like common logic, but i don't know, how to set Tomcat to forward these messages to input stream. Hi. Personally, I do not understand what you are trying to say. I believe that there is some incorrect understanding on your part of how this is supposed to work. In the scenario as you describe it, - Oracle is the HTTP client for Tomcat (just like any browser could be a client) - inside Tomcat, runs some webapp which happens to be a SOAP proxy. What this webapp does, is unknown to Tomcat. As far as Tomcat is concerned, this webapp is supposed to process some HTTP requests (depending on the URL of the request), and generate a HTTP response. Schematically, we have this : request : Oracle client -- HTTP -- Tomcat -- webapp (-- (unknown to Tomcat)) response : ( (unknown to Tomcat) -- ) webapp -- Tomcat -- HTTP -- Oracle client Repeat : what the webapp does inside is unknown and of (almost) no interest to Tomcat. (For example, if the webapp uses HTTPS to communicate with something else, Tomcat never knows this, and never plays any role in that part) So in this case, if the webapp generates a response which happens to be a 500 error, Tomcat will forward this to the (Oracle client). Tomcat will never read any input stream coming back from the webapp or anything like this. It is the webapp which is responsible for that kind of thing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: This is a digitally signed message part
[jdbc-pool] Transaction left open by the connection validation mechanism ?
Hi all, I'm using the tomcat jdbc connection pool (7.0.34) to connect against a PostgreSQL database (version 8.4 - jdbc driver 9.0.801) and I'm having a potentially dodgy situation with the validation mechanism. The code I'm using does change the transaction isolation level of a connection that has been newly borrowed from the pool (before doing anything else) but sometimes gets an error while doing so, such as: org.postgresql.util.PSQLException: Cannot change transaction isolation level in the middle of a transaction. I've been investigating the code for a while to check whether any transaction was left open (read: without any commit or rollback) before being returned to the pool, but no chance, everything looks clean. Then I suspected the validation mechanism which validates the connection. Mine was set to validate the connection every 30 s while idle, using a SELECT 1 statement. Indeed, I disabled the validation mechanism and tadaa, no error at all! I then had a look at the corresponding code into the tomcat jdbc pool (source 7.0.34), and more specifically in class org.apache.tomcat.jdbc.pool.PooledConnection, method public boolean validate(int validateAction,String sql) at line 452 (excerpt below): Statement stmt = null; try { stmt = connection.createStatement(); stmt.execute(query); stmt.close(); this.lastValidated = now; return true; } catch (Exception ex) { if (getPoolProperties().getLogValidationErrors()) { log.warn(SQL Validation error, ex); } else if (log.isDebugEnabled()) { log.debug(Unable to validate object:,ex); } if (stmt!=null) try { stmt.close();} catch (Exception ignore2){/*NOOP*/} } return false; It looks to me that there is a mistake here: if the connection to validate does not have autoCommit set to true, then the transaction is started and left open by this code. Which explains the errors I was experiencing, since once the connection has been validated, then the transaction isolation level cannot be changed since a transaction is still ongoing! Did I miss something or is this a real bug which I should file? Thanks in advance Regards
Re: Limiting threads per context
Am 03.01.2013 15:31, schrieb kharp...@oreillyauto.com: Hello All, Yesterday we had a Tomcat6 server reach maxThreads and stay that way until we restarted it. After researching a thread dump and some log files, we found one of the applications is creating NullPointerExceptions and subsequently leaving a TP-ProcessorX in WAITING state indefinitely for a DB closePreparedStatement return. As more requests come in for this application threads are being established and put into BLOCKED state, waiting on TP-ProcessorX. Eventually, the server hits maxThreads and stops serving requests almost entirely. Obviously the application causing this needs to (and is being) fixed. But I'm curious if there is a higher level of protection that could be implemented to help protect the other applications (contexts) on this server? For example, is there a way to specify that a context can only use X number of request threads? Or perhaps X number of threads from an executor? Et cetera. On tomcat 6 - at least the most recent one - there is a Valve which can limit the concurrent access to a context. Sadly it seems not to be mentioned in the docs. So you would have to look at the code to see the possible params (concurrency [=10], fairness [=false], blocking [=true], interruptible [=false]) and the name (org.apache.catalina.valves.SemaphoreValve) to be able to add the (hopefully) right entry to your context: Valve class=org.apache.catalina.valves.SemaphoreValve concurrency=25 blocking=false / I haven't tested it, but it should limit the concurrent threads used by that context to 25 at most and give an error to any request while those threads stay busy. Regards Felix I haven't seen anything in the docs that would do this, but it never hurts to ask. Here's our server info in case it's helpful: OS: Ubuntu 12.04 64-bit Front-end Server: Apache 2.2.22 (mod_ajp to back-end via Balancer setup) Back-end App Server: Tomcat 6.0.24 (AJP HTTP connectors, no executor) Java -version output: java version 1.6.0_20 OpenJDK Runtime Environment (IcedTea6 1.9.13) (6b20-1.9.13-0ubuntu1~10.04.1) OpenJDK 64-Bit Server VM (build 19.0-b09, mixed mode) Thanks, Kyle Harper (Ignore the stupid privacy message below... automated by mail server) This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Secure AJP load balancing problem
On 04/01/2013 2:25 AM, Arunkumar Janarthanan arunkumar.webad...@gmail.com wrote: Thanks Mark, I am working on parallely setting up another environment with Tomcat 6.x, however to clear an urgent audit I need to show the Apache connector uses secure protocol to exchange the data between Apache and tomcat. Both these servers are in DMZ and on different servers. Hello Chris, Thanks for your valuable advice, here is how my configuration looks like. *Apache conf:* ProxyPassMatch ^/(.*\.jsp|.*\.do)(;jsessionid=.*)?$ balancer://lb1/$1 *Balancer Conf:* Proxy balancer://lb1 BalancerMember https://tomcat02.us.rdigest.com:8443 BalancerMember https://tomcat02.us.rdigest.com:8543 ProxySet stickysession=JSESSIONID ProxySet nofailover=Off /Proxy Since you have sticky sessions dont you need to set up the jvmRoute in the tomcat connectors? *Tomcat conf:* Tomcat1: Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / Tomcat2: Connector port=8543 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / Thanks again for your assistance extended. Regards, Arun Janarthanan On Wed, Jan 2, 2013 at 10:38 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Arun, On 1/2/13 4:45 PM, Arunkumar Janarthanan wrote: I have Apache 2.2.22 and Tomcat 5.5 running on SSL 8443, I have tried my balancer members to use HTTPS port So you are trying to use HTTPS over AJP? Did you mean APR? Please post your Connectors from server.xml and your relevant httpd configuration (e.g. ProxyPass). It would also be helpful if you were to describe any transport-guarantee that you may have in your web application(s). and finds the JSP pages doing ok for some reason the struts / action servlets would not accept secure protocol instead it redirects infinitely with the Tomcat server hostname and non-ssl port. Try a protocol trace using something like Mozilla Firefox's web console or similar tools for other web browsers. This will show you the request as sent by the browser and the response as seen by the browser: it should show the pattern you describe above with more detail. Anybody had similar experience try configuring secure connectors on such environment ? FWIW, I use stunnel to secure the back-channel between httpd and Tomcat (using an AJP connector). While I haven't actually performance-tested the two configurations against each other, my rationale for this configuration was to reduce the number of SSL handshakes that occur between httpd and Tomcat. Also, I've always used AJP to tunneling AJP made more sense for us than switching-over to HTTPS reverse-proxying. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with undefined - http://www.enigmail.net/ iEYEAREIAAYFAlDk/TMACgkQ9CaO5/Lv0PAidwCgguSezH47shnxzVXOBF564rFm piIAnAy/8p0uTsF5Uxh2ViGVT7PFwgPY =sm58 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat JMX remote
I suggest the following additional params: -Dcom.sun.management.jmxremote.host=ip-address -Djava.rmi.server.hostname=ip-address, same as above For me, this (with the options below, of course) works as expected. wbr Johann From: Adrien RUFFIE Sent: Thursday, December 06, 2012 4:03 PM To: users@tomcat.apache.org Subject: Tomcat JMX remote Hello all, I have a tomcat6 installed in one debian, But openjdk6 is installed and I try to active JMX access on the throught the network On my tomcat, but it doesn’t work … I use following option (CATALINA_OPTS or JAVA_OPTS I have try two): set CATALINA_OPTS=-Dcom.sun.management.jmxremote \ -Dcom.sun.management.jmxremote.port= \ -Dcom.sun.management.jmxremote.ssl=false \ -Dcom.sun.management.jmxremote.authenticate=true \ -Dcom.sun.management.jmxremote.password.file=../conf/jmxremote.password \ -Dcom.sun.management.jmxremote.access.file=../conf/jmxremote.access \ My tomcat is launched correctly with following jvm parameter: root@rd4-was7:/usr/local# ps -ef | grep java root 23943 1 0 15:30 pts/200:00:01 /usr/lib/jvm/java-6-openjdk/jre/bin/java -Djava.util.logging.config.file=/usr/local/tomcat6/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Dcom.sun.management.jmxremote.port= -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.endorsed.dirs=/usr/local/tomcat6/endorsed -classpath /usr/local/tomcat6/bin/bootstrap.jar -Dcatalina.base=/usr/local/tomcat6 -Dcatalina.home=/usr/local/tomcat6 -Djava.io.tmpdir=/usr/local/tomcat6/temp org.apache.catalina.startup.Bootstrap start But I cannot access with my JVisualVM: Cannot connect to tomcat@192.168.101.160: using service:jmx:rmi///jndi/rmi://192.168.101.160:/jmxrmi Tomcat of tomcat@192.168.101.160 must be are a user on my debian ? Because the current tomcat user is “tomcat6” on file system Attached file is my catalina.sh Any one have an idea ? Bien cordialement, Adrien RUFFIE Ingénieur RD 40, rue du Village d’Entreprises 31670 Labège www.e-deal.com LD : +33 1 73 03 29 50 Std : +33 1 73 03 29 80 Fax : +33 1 73 01 69 77 a.ruf...@e-deal.com E-DEAL soutient le Pacte Mondial de l'ONU - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat doesn't process error messages
Husarik, Branko wrote: Hello, I will try to clarify the process as I see it: Request message sending process from Oracle to Web Service Oracle -- HTTP -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTPS -- Web Service I think that this is wrong. Tomcat should not be in this part : webapp -- Input/Output stream -- Tomcat -- HTTPS -- Web Service Tomcat plays no role at all in the dialog between the webapp and the Web Service. Response message receiving process from Web Service to Oracle Web Service-- HTTPS -- Tomcat -- Input/Output stream -- webapp -- Input/Output stream -- Tomcat -- HTTP -- Oracle Similarly, this part is wrong : Web Service-- HTTPS -- Tomcat -- Input/Output stream -- webapp Tomcat plays no role there. Instead, it is the webapp which sets up its own independent HTTPS connection to the Web service, writes to that connection and reads from it. Tomcat does not even know that this HTTPS connection exists. I think that you misunderstand the nature of the problem. You seem to think that Tomcat is involved in the dialog between the webapp and the web service, so you think that when it goes wrong, it must be due to something in Tomcat. But Tomcat is /not/ involved in that part. So I believe that you are looking in the wrong place. The problem occures during the receiving stage (Tomcat -- Input/Output stream -- webapp) when the response from Web service cointains HTTP/1.1 500 Internal Server Error Webapp modifies the message (for example it adds basic authentication). I hope I don't miss something Big. Braňko -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: 3. ledna 2013 11:23 To: Tomcat Users List Subject: Re: Tomcat doesn't process error messages Husarik, Branko wrote: SOAP service logic should manipulate the message, but there is need to receive message from Tomcat by reading it's input stream. Problem is, there is only error stream cointaining tomcat error coming from Tomcat. I think it is caused by message from web service, which cointains HTTP/1.1 500 Internal Server Error in HTTP protocol and SOAP message is not forwarded. It seems to me like common logic, but i don't know, how to set Tomcat to forward these messages to input stream. Hi. Personally, I do not understand what you are trying to say. I believe that there is some incorrect understanding on your part of how this is supposed to work. In the scenario as you describe it, - Oracle is the HTTP client for Tomcat (just like any browser could be a client) - inside Tomcat, runs some webapp which happens to be a SOAP proxy. What this webapp does, is unknown to Tomcat. As far as Tomcat is concerned, this webapp is supposed to process some HTTP requests (depending on the URL of the request), and generate a HTTP response. Schematically, we have this : request : Oracle client -- HTTP -- Tomcat -- webapp (-- (unknown to Tomcat)) response : ( (unknown to Tomcat) -- ) webapp -- Tomcat -- HTTP -- Oracle client Repeat : what the webapp does inside is unknown and of (almost) no interest to Tomcat. (For example, if the webapp uses HTTPS to communicate with something else, Tomcat never knows this, and never plays any role in that part) So in this case, if the webapp generates a response which happens to be a 500 error, Tomcat will forward this to the (Oracle client). Tomcat will never read any input stream coming back from the webapp or anything like this. It is the webapp which is responsible for that kind of thing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
(OT) Hibernate question
Gentlemen This has been asked many times but i havent found an answer Does anyone know how to hint a Hibernate predicate with something like select /*+ index(emp_alias ix_emp) */ ... from scott.emp emp_alias Martin __ If computers were self-aware they would'nt need human beingsAuthor Unknown
Re: Remove apache tomcat default home page
On Fri, Jan 4, 2013 at 3:39 PM, ana kando anaka...@yahoo.com wrote: Hi all, I just installed a software that bundled with apache tomcat. I successfully installed the software and can run the software at http://localhost:8080/myapps/ However, when i remove /myapps from browser, it will go directly to apache tomcat default page. Cau you help me to remove this page from being display when i go to http://localhost:8080/ ?? Here is my tomcat version and operating system spec. Apache Tomcat 5.5.20 windows server 64 bit I found an article from somewhere in the world to commented out these line at file tomcat/conf/web.xml servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsp/url-pattern /servlet-mapping servlet-mapping servlet-namejsp/servlet-name url-pattern*.jspx/url-pattern /servlet-mapping welcome-file-list welcome-fileindex.html/welcome-file welcome-fileindex.htm/welcome-file welcome-fileindex.jsp/welcome-file /welcome-file-list I also have commented out this line from file tomcat/webapps/root/WEB-INF/web.xml welcome-file-list welcome-fileindex.htm/welcome-file /welcome-file-list But still not working. Tomcat default page still there. The default app is under /ROOT directory so delete/rename it if you want to get read of it. By the way, what do you expect to see when going to http://localhost:8080/ in that case? Instead of the default page you'll see 404 error page not found. Is that what you want?