Achieve large number of concurrent websocket connections (~40000-50000)
Hello All Tomcat Server: 7.0.35 Operating System Version: Red Hat Enterprise Linux Server release 5.5 (Tikanga) Java Version: java version 1.6.0_11 Memory:4137112 kB CPU: Intel(R) Xeon(R) CPU E5530 @ 2.40GHz (Quad core with HT enabled) I am developing a tomcat application which requires a large number of websocket connections to remain opened during the time users are logged in (around 40-50 thousand). I have a ruby script (written using faye-websocket) which can open as many websocket connections as we desire and then send random messages on websockets and receive response from server. This works well for small number of concurrent websocket connections. The issue is I am not able to achieve a very high number of websocket connections. Using the default blocking connector of Tomcat only that much connections can be opened as specified with maxThreads param (500-600). Configuring a NIO connector I am able to open around 1 connections after that the connections start to close automatically. I have set the fd-limit to 65535 accordingly and using a 1GB initial heap size. Even with an APR connector the number remains pretty much same. My question is what configurations or steps I can take in order to achieve desired number of concurrent websocket connections (4-5). Has anybody been able to achieve this much number of simultaneous websocket connections with a tomcat app? Thanks in advance for answering this. Regards Amit Bhagra
RE: Achieve large number of concurrent websocket connections (~40000-50000)
You should consider setting up a cluster of Tomcat's to service your requests. With 40-50 thousand concurrent connections you're likely to need to balance the load anyway. Are you familiar with setting up a Tomcat cluster? -Original Message- From: Amit Bhagra [mailto:amit.bha...@agnity.com] Sent: Wednesday, February 13, 2013 7:20 AM To: users@tomcat.apache.org Subject: Achieve large number of concurrent websocket connections (~4-5) Hello All Tomcat Server: 7.0.35 Operating System Version: Red Hat Enterprise Linux Server release 5.5 (Tikanga) Java Version: java version 1.6.0_11 Memory:4137112 kB CPU: Intel(R) Xeon(R) CPU E5530 @ 2.40GHz (Quad core with HT enabled) I am developing a tomcat application which requires a large number of websocket connections to remain opened during the time users are logged in (around 40-50 thousand). I have a ruby script (written using faye-websocket) which can open as many websocket connections as we desire and then send random messages on websockets and receive response from server. This works well for small number of concurrent websocket connections. The issue is I am not able to achieve a very high number of websocket connections. Using the default blocking connector of Tomcat only that much connections can be opened as specified with maxThreads param (500-600). Configuring a NIO connector I am able to open around 1 connections after that the connections start to close automatically. I have set the fd-limit to 65535 accordingly and using a 1GB initial heap size. Even with an APR connector the number remains pretty much same. My question is what configurations or steps I can take in order to achieve desired number of concurrent websocket connections (4-5). Has anybody been able to achieve this much number of simultaneous websocket connections with a tomcat app? Thanks in advance for answering this. Regards Amit Bhagra - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Achieve large number of concurrent websocket connections (~40000-50000)
Hi, Not sure if this is the same issue but I believe you might need the tcp_tw_reuse and tcp_tw_recycle parameters in /proc/sys/net/ipv4 to be at a value of 1? Since you already achieved 1 connections, I'm thinking it's probably something else though. Cheers, Charles On Wed, Feb 13, 2013 at 11:19 AM, Amit Bhagra amit.bha...@agnity.comwrote: Hello All Tomcat Server: 7.0.35 Operating System Version: Red Hat Enterprise Linux Server release 5.5 (Tikanga) Java Version: java version 1.6.0_11 Memory:4137112 kB CPU: Intel(R) Xeon(R) CPU E5530 @ 2.40GHz (Quad core with HT enabled) I am developing a tomcat application which requires a large number of websocket connections to remain opened during the time users are logged in (around 40-50 thousand). I have a ruby script (written using faye-websocket) which can open as many websocket connections as we desire and then send random messages on websockets and receive response from server. This works well for small number of concurrent websocket connections. The issue is I am not able to achieve a very high number of websocket connections. Using the default blocking connector of Tomcat only that much connections can be opened as specified with maxThreads param (500-600). Configuring a NIO connector I am able to open around 1 connections after that the connections start to close automatically. I have set the fd-limit to 65535 accordingly and using a 1GB initial heap size. Even with an APR connector the number remains pretty much same. My question is what configurations or steps I can take in order to achieve desired number of concurrent websocket connections (4-5). Has anybody been able to achieve this much number of simultaneous websocket connections with a tomcat app? Thanks in advance for answering this. Regards Amit Bhagra
Re: [ANN] Apache Tomcat Native 1.1.27 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 All, On 2/13/13 1:01 AM, Mladen Turk wrote: The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.1.27 stable. It's worth mentioning that tcnative-1.1.27 is required in order to configure Tomcat for the following features: * SSLHonorCipherOrder [1] * Enable FIPS mode with OpenSSL 1.0.1c [2] * Disable TLS compression (thwarts CRIME attack) [3] If any of the above affect you, I would highly recommend that you upgrade at your earliest convenience. - -chris [1] http://issues.apache.org/bugzilla/show_bug.cgi?id=53481 [2] https://issues.apache.org/bugzilla/show_bug.cgi?id=54468 [3] https://issues.apache.org/bugzilla/show_bug.cgi?id=54324 -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEbskIACgkQ9CaO5/Lv0PC0vwCeKOfTusD1g4Fp9jA3UIEoMAY8 NGkAoLdIo+3qiZTBLg4kbtsRAWwtAikg =Tzhr -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat upgrade -SSL handshake failure?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Steve, On 2/12/13 9:52 AM, Thomas, Steve wrote: Hi. We have been running Tomcat 7.0.23 in our test environment until recently, then upgraded to 7.0.35. After the upgrade, our tests started failing intermittently with urlopen error [Errno 1] _ssl.c:503: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure That looks like a load of fun. Connector port=9444 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true SSLEnabled=true clientAuth=false sslProtocol=TLS keystoreFile=webapps/OurProgram/.keystore compression=on compressionMinSize=1024 noCompressionUserAgents=gozilla, traviata compressableMimeType=text/html,text/xml,text/css,text/javascript,application/x-javascript,application/javascript/ I see you have sslProtocol set to TLS. I recently had a (longer than really necessary) fight with a newly-stood-up server running stunnel on it that wouldn't connect to other, similarly-configured servers. I got a similar error message to the above, and the problem was that all the other servers were configured to use TLSv1 while the new server had the default configuration to use SSLv3. I actually thought that TLSv1 ~= SSLv3 but evidently that isn't the case. Connector port=9091 protocol=org.apache.coyote.http11.Http11NioProtocol connectionTimeout=1 tomcatAuthentication=false keepaliveTimeout=5000 backlog=50 maxThreads=10 scheme=https secure=true SSLEnabled=true clientAuth=false sslProtocol=TLS keystoreFile=webapps/OurProgram/.keystore / Any idea which of these connectors is being hit when you get the connect error? Is it always the same client (urlopen looks like curl or python or whatever)? Again, this is identical to our previous configuration, and as far as I know the only variable introduced was the upgrade to 7.0.35. This has happened across multiple OS's - from Windows 2008 64-bit to RHEL5. Can you actually do a 'diff' of one server.xml against another? Obviously, you can ignore all the non-Connector-related stuff. Could this version of Tomcat be stricter with its implementation of HTTPS, and that is triggering the issue? It's more likely that the JVM is more strict. Did you upgrade the JVM as well? If it isn't Tomcat--if something else must have changed--what would be the most likely explanation? *shrug* I think you need more data on the situations where this actually occurs: what URL, which port, etc. When you hit your service, you are hitting these servers directly, right -- that is, there isn't a load-balancer or anything like that in between your client and your server (as configured above)? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEbtrUACgkQ9CaO5/Lv0PD0uwCeKg6VFK3IQZIiEt1GqireVHuC 2HAAoIvnJGon20Kl7Ief6tWFY/gf4jCi =D9lF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat upgrade -SSL handshake failure?
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, February 13, 2013 10:52 AM To: Tomcat Users List Subject: Re: Tomcat upgrade -SSL handshake failure? -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Steve, On 2/12/13 9:52 AM, Thomas, Steve wrote: Hi. We have been running Tomcat 7.0.23 in our test environment until recently, then upgraded to 7.0.35. After the upgrade, our tests started failing intermittently with urlopen error [Errno 1] _ssl.c:503: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure That looks like a load of fun. [[snip]] It's more likely that the JVM is more strict. Did you upgrade the JVM as well? If it isn't Tomcat--if something else must have changed--what would be the most likely explanation? *shrug* I think you need more data on the situations where this actually occurs: what URL, which port, etc. When you hit your service, you are hitting these servers directly, right -- that is, there isn't a load-balancer or anything like that in between your client and your server (as configured above)? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEbtrUACgkQ9CaO5/Lv0PD0uwCeKg6VFK3IQZIiEt1GqireVHuC 2HAAoIvnJGon20Kl7Ief6tWFY/gf4jCi =D9lF -END PGP SIGNATURE- - Chris: You're right that we did upgrade our JVM as well; I should have mentioned that. I will follow up on the remainder of your email later, but in the meantime wanted to say thanks and good catch on the JVM! Regards, Steve This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
OT: New Email Address
FYI, since some of you may be used to seeing emails from me come from nicholas dot williams at ul dot com: I have used my work email addresses for the Tomcat list for some time, but I have switched now to my personal email address for a variety of reasons: 1) I'm tired of the privileged or confidential information notice it adds to the bottom of all of my emails to the list. 2) My employer has now implemented a program to forcibly delete all emails older than 1 year, preventing me from keeping emails I reference often. 3) Nearly all of my Tomcat business these days is personal- or self-employment-related, not employer-related, so it's more convenient. Just remember when you see future emails from nicholas at nicholaswilliams dot net that it's the same person you're used to seeing. Thanks, Nick smime.p7s Description: S/MIME cryptographic signature
RE: [FWD: Help Debugging 404 errors]
OK, here is the console log and it is exclusively resulting from starting. There are no changes to the console display as a result of pointing the browser at http://localhost:8080/Guestbook/GuestServlet. Jetty, however, prints lots of messages about activating the controller the guestbook application. Can someone give me some more hints? How do I bump the logging level to get some more details in tomcat 6? Feb 13, 2013 9:12:55 AM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.7.0_11\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\CommonExtensions\Microsoft\TestWindow;C:\Program Files (x86)\Microsoft SDKs\F#\3.0\Framework\v4.0\;C:\Program Files (x86)\Microsoft Visual Studio 11.0\VSTSDB\Deploy;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\;C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\BIN;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\Tools;C:\Windows\Microsoft.NET\Framework\v4.0.30319;C:\Windows\Microsoft.NET\Framework\v3.5;C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\VCPackages;C:\Program Files (x86)\HTML Help Workshop;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools;C:\Program Files (x86)\Windows Kits\8.0\bin\x86;C:\Program Files (x86)\Microsoft SDKs\Windows\v8.0A\bin\NETFX 4.0 Tools;C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\Bin\;c:\cygwin\bin;c:\cygwin\usr\local\bin;c:\cygwin\home\siegfried\bin;C:\Program Files (x86)\HP SimplePass\x64;C:\Program Files (x86)\HP SimplePass\;;C:\Perl64\site\bin;C:\Perl64\bin;c:\app\siegfried\product\11.2.0\client_4;C:\Program Files (x86)\HP SimplePass\x64;C:\Program Files (x86)\HP SimplePass\;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\WinMerge;c:\Program Files\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;c:\Program Files\Microsoft SQL Server\110\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\;c:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Users\siegfried\Documents\bin;C:\Users\siegfried\Documents\AppBin\ant\apache-ant-1.8.2\bin;c:\Program Files (x86)\Microsoft Office\Office14;C:\Users\siegfried\Documents\bin\gtk-runtime-2.16.6.0\Gtk\bin;C:\Users\siegfried\Documents\bin\Unison-2.32.52;c:\Program Files (x86)\Ruby\192\bin;c:\Program Files (x86)\IronRuby 1.1\bin;C:\Program Files (x86)\IronPython 2.7;C:\Users\siegfried\Documents\AppBin\jython\2.5.2\bin;C:\Users\siegfried\Documents\AppBin\jruby\jruby-1.6.6\bin;C:\Users\siegfried\Documents\AppBin\Gradle\1.0\BIN;c:\Python27;C:\Ruby193\bin;c:\Program Files\Java\jdk1.7.0_11\bin;c:\Program Files (x86)\Groovy\Groovy-2.0.5\bin;C:\Users\siegfried\Documents\emacs\23.2\bin\;c:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Users\siegfried\Documents\AppBin\maven\apache-maven-3.0.2\bin;C:\Users\siegfried\Documents\AppBin\eclipse\64\eclipse-jee-juno-SR1-win32-x86_64\eclipse.exe;C:\Users\siegfried\Documents\philips\bin;C:\Users\siegfried\Documents\philips\bin;. Feb 13, 2013 9:12:55 AM org.apache.tomcat.util.digester.SetPropertiesRule begin WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:Guestbook' did not find a matching property. Feb 13, 2013 9:12:56 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 1092 ms Feb 13, 2013 9:12:56 AM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Feb 13, 2013 9:12:56 AM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.36 Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor
Re: [ANN] Apache Tomcat Native 1.1.27 released
Many thanks to the Tomcat team!! I have one simple question. The mention of microseconds instead of milliseconds in the release notes is that the resolution for logging processing time for the request (%D) in the access logs? If so will it be available for Windows OS? Thanks and keep up the great work! -Tony --- On Tue, 2/12/13, Mladen Turk mt...@apache.org wrote: From: Mladen Turk mt...@apache.org Subject: [ANN] Apache Tomcat Native 1.1.27 released To: Tomcat Developers List d...@tomcat.apache.org, Tomcat Users List users@tomcat.apache.org, annou...@tomcat.apache.org Date: Tuesday, February 12, 2013, 11:01 PM The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.1.27 stable. Please refer to the change log for the list of changes: http://tomcat.apache.org/native-doc/miscellaneous/changelog.html Downloads: http://tomcat.apache.org/download-native.cgi Thank you, -- The Apache Tomcat Team - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [ANN] Apache Tomcat Native 1.1.27 released
Never mind I figured out it has nothing to do with logging but some sort of CPU metric. Regards, -Tony --- On Wed, 2/13/13, Tony Anecito adanec...@yahoo.com wrote: From: Tony Anecito adanec...@yahoo.com Subject: Re: [ANN] Apache Tomcat Native 1.1.27 released To: Tomcat Developers List d...@tomcat.apache.org, Tomcat Users List users@tomcat.apache.org Date: Wednesday, February 13, 2013, 11:05 AM Many thanks to the Tomcat team!! I have one simple question. The mention of microseconds instead of milliseconds in the release notes is that the resolution for logging processing time for the request (%D) in the access logs? If so will it be available for Windows OS? Thanks and keep up the great work! -Tony --- On Tue, 2/12/13, Mladen Turk mt...@apache.org wrote: From: Mladen Turk mt...@apache.org Subject: [ANN] Apache Tomcat Native 1.1.27 released To: Tomcat Developers List d...@tomcat.apache.org, Tomcat Users List users@tomcat.apache.org, annou...@tomcat.apache.org Date: Tuesday, February 12, 2013, 11:01 PM The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.1.27 stable. Please refer to the change log for the list of changes: http://tomcat.apache.org/native-doc/miscellaneous/changelog.html Downloads: http://tomcat.apache.org/download-native.cgi Thank you, -- The Apache Tomcat Team - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SSL Session Caching
I have a scenario right now I need help with. My Tomcat is configured for SSL, client certificate authorization and Certificate Revocation List checking (all outside certificates). We have a scenario (we've found in testing) where we do a transaction in our application, then the user pulls his smart card out (client certificate) and a new user comes up and puts his card in. Tomcat isn't recognizing that a new certificate is in place and is allowing the new user, with the new certificate to transact without validating his credentials. It appears as if the old session is being utilized still by the client (windows or unix, firefox or IE) and Tomcat. Which seems very odd. I would have expected the new cert would have forced a new SSL session to be created and tomcat to puke at an attempt to submit a transaction on the old session. Any thoughts/advice/guidance? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
PersistentManager Store property problem?
Hi, I am using apache-tomcat-7.0.26 and am trying to get the PersistentManager with a JDBCStore running. My context.xml is as follows: ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- The contents of this file will be loaded for each web application -- Context !-- Default set of monitored resources -- WatchedResourceWEB-INF/web.xml/WatchedResource !-- Uncomment this to disable session persistence across Tomcat restarts -- !-- Manager pathname= / -- !-- PersistentManager The PersistentManager has the capability to swap active (but idle) sessions out to a persistent storage mechanism, as well as to save all sessions across a normal restart of Tomcat -- Manager className=org.apache.catalina.session.PersistentManager distributable=true saveOnRestart=false maxInactiveInterval=-1 maxIdleBackup=0 processExpiresFrequency=6 Store className=org.apache.catalina.session.JDBCStore dataSourceName=jdbc/TCMgrSsnDB checkInterval=3600 sessionTable=TOMCAT_SESSIONS sessionIdCol=SESSION_ID sessionValidCol=VALID_SESSION sessionMaxInactiveCol=MAX_INACTIVE sessionLastAccessedCol=LAST_ACCESS sessionAppCol=APP_NAME sessionDataCol=SESSION_DATA /Store /Manager !-- Uncomment this to enable Comet connection tacking (provides events on session expiration as well as webapp lifecycle) -- !-- Valve className=org.apache.catalina.valves.CometConnectionManagerValve / -- !-- Resource Link to host/manager authorization DB in GlobalNamingResources -- ResourceLink name=jdbc/TCMgrSsnDB global=jdbc/TCMgrSsnDB type=org.apache.tomcat.jdbc.pool.DataSource/ /Context I am using log4j and have the loglevel set to DEBUG. When I checked the logs, I saw this: catalina.out:2013-02-13 13:42:49,886 [pool-3-thread-1] WARN org.apache.tomcat.util.digester.Digester - [SetPropertiesRule]{Context/Manager/Store} Setting property 'checkInterval' to '3600' did not find a matching property. The Tomcat 7 Documentation at http://tomcat.apache.org/tomcat-7.0-doc/config/manager.html states for the Persistent Manager JDBC Based Store that the checkInterval attribute is the interval (in seconds) between checks for expired sessions among those sessions that are currently swapped out. Is the checkInterval attribute invalid for a Persistent Manager JDBC Based Store? Thanks, Stephen R. Owens Email: stephen.ow...@state.ma.us
Re: SSL Session Caching
On 13/02/2013 18:49, Will Nordmeyer wrote: I have a scenario right now I need help with. My Tomcat is configured for SSL, client certificate authorization and Certificate Revocation List checking (all outside certificates). We have a scenario (we've found in testing) where we do a transaction in our application, then the user pulls his smart card out (client certificate) and a new user comes up and puts his card in. Tomcat isn't recognizing that a new certificate is in place and is allowing the new user, with the new certificate to transact without validating his credentials. It appears as if the old session is being utilized still by the client (windows or unix, firefox or IE) and Tomcat. Which seems very odd. I would have expected the new cert would have forced a new SSL session to be created and tomcat to puke at an attempt to submit a transaction on the old session. Any thoughts/advice/guidance? Use wireshark. If you provide it with your server's private key (should be doable in a test environment) you'll be able to see exactly what is (or isn't) going on. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL Session Caching
Nothing is going on. When the smartcard is removed, nothing goes across the wire, so how could Tomcat possibly invalidate the session? -Original Message- From: users-return-239719-STEVEN.J.ADAMUS=saic@tomcat.apache.org [mailto:users-return-239719-STEVEN.J.ADAMUS=saic@tomcat.apache.org] On Behalf Of Mark Thomas Sent: Wednesday, February 13, 2013 11:36 AM To: Tomcat Users List Subject: Re: SSL Session Caching On 13/02/2013 18:49, Will Nordmeyer wrote: I have a scenario right now I need help with. My Tomcat is configured for SSL, client certificate authorization and Certificate Revocation List checking (all outside certificates). We have a scenario (we've found in testing) where we do a transaction in our application, then the user pulls his smart card out (client certificate) and a new user comes up and puts his card in. Tomcat isn't recognizing that a new certificate is in place and is allowing the new user, with the new certificate to transact without validating his credentials. It appears as if the old session is being utilized still by the client (windows or unix, firefox or IE) and Tomcat. Which seems very odd. I would have expected the new cert would have forced a new SSL session to be created and tomcat to puke at an attempt to submit a transaction on the old session. Any thoughts/advice/guidance? Use wireshark. If you provide it with your server's private key (should be doable in a test environment) you'll be able to see exactly what is (or isn't) going on. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
setting up JNDI context and issues with redeploy
I have created a Spring Integration application that is design to read IBM MQ queues. I have create the following resources for the application to lookup the connection and queue in the context.xml file. Resource name=jms/ConnectionFactoryLab auth=Container type=com.ibm.mq.jms.MQQueueConnectionFactory factory=com.ibm.mq.jms.MQQueueConnectionFactoryFactory CHAN=CLIENT1 HOST=mqlab.xxx.com PORT=1414 QMGR=MQAPPL1 TRAN=1/ Resource name=jms/OrderEvent auth=Container type=com.ibm.mq.jms.MQQueue factory=com.ibm.mq.jms.MQQueueFactory description=JMS Queue for receiving messages from Dialog QU=ORDER.EVENT/ When I stop the application or redeploy I'm getting this stack trace. Could I have the JNDI setup incorrectly. I'm running Tomcat INFO: Undeploying context [/jms] Feb 12, 2013 7:58:53 PM org.apache.catalina.util.LifecycleBase stop INFO: The stop() method was called on component [org.apache.catalina.deploy.NamingResources@1f9a8458] after stop() had already been called. The second call will be ignored. Feb 12, 2013 7:58:53 PM org.apache.catalina.util.LifecycleBase destroy WARNING: Calling stop() on failed component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/jms]] to trigger clean-up did not complete. org.apache.catalina.LifecycleException: Failed to stop component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/jms]] at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:236) at org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:272) at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:1041) at org.apache.catalina.startup.HostConfig.deleteRedeployResources(HostConfig.java:1300) at org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1251) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1440) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:301) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1374) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1530) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1540) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1519) at java.lang.Thread.run(Unknown Source) Caused by: org.apache.catalina.LifecycleException: Failed to stop component [WebappLoader[/jms]] at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:236) at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5521) at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232) ... 13 more Caused by: java.lang.LinkageError: loader (instance of org/apache/catalina/loader/WebappClassLoader): attempted duplicate class definition for name: org/apache/catalina/loader/JdbcLeakPrevention at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(Unknown Source) at org.apache.catalina.loader.WebappClassLoader.clearReferencesJdbc(WebappClassLoader.java:2065) at org.apache.catalina.loader.WebappClassLoader.clearReferences(WebappClassLoader.java:1990) at org.apache.catalina.loader.WebappClassLoader.stop(WebappClassLoader.java:1902) at org.apache.catalina.loader.WebappLoader.stopInternal(WebappLoader.java:661) at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232) ... 15 more Feb 12, 2013 7:58:53 PM org.apache.catalina.util.LifecycleBase destroy WARNING: Calling stop() on failed component [WebappLoader[/jms]] to trigger clean-up did not complete. org.apache.catalina.LifecycleException: Failed to stop component [WebappLoader[/jms]] at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:236) at org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:272) at org.apache.catalina.core.ContainerBase.destroyInternal(ContainerBase.java:1224) at org.apache.catalina.core.StandardContext.destroyInternal(StandardContext.java:5590) at org.apache.catalina.util.LifecycleBase.destroy(LifecycleBase.java:305) at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:1041) at org.apache.catalina.startup.HostConfig.deleteRedeployResources(HostConfig.java:1300) at org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1251) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1440) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:301) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:90) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1374) at
RE: PersistentManager Store property problem?
From: Owens, Stephen (ITD) [mailto:stephen.ow...@state.ma.us] Subject: PersistentManager Store property problem? [SetPropertiesRule]{Context/Manager/Store} Setting property 'checkInterval' to '3600' did not find a matching property. The Tomcat 7 Documentation states for the Persistent Manager JDBC Based Store that the checkInterval attribute is the interval (in seconds) between checks for expired sessions among those sessions that are currently swapped out. Looks like that entry in the doc is seriously out of date - the field hasn't been in the Tomcat source for a long, long time. In reality, the timing is based on processExpiresFrequency, which is dependent on the backgroundProcessorDelay setting for container. By default, the one for Host is used, and its setting is 10 (seconds). Since you have processExpiresFrequency set to 6 (which happens to be the default), the checks are made once per minute. Set processExpiresFrequency to 360 for once per hour. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [FWD: Help Debugging 404 errors]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Siegfried, On 2/13/13 12:29 PM, siegfr...@heintze.com wrote: OK, here is the console log and it is exclusively resulting from starting. There are no changes to the console display as a result of pointing the browser at http://localhost:8080/Guestbook/GuestServlet. Jetty, however, prints lots of messages about activating the controller the guestbook application. Can someone give me some more hints? How do I bump the logging level to get some more details in tomcat 6? I'm not sure you need more details from Tomcat at this point. See below. Feb 13, 2013 9:12:55 AM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Holy geez, that's a huge java.library.path and almost everything in it is worthless. :( WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:Guestbook' did not find a matching property. It looks like Eclipse is doing *something*, but... INFO: Starting Servlet Engine: Apache Tomcat/6.0.36 Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.HostConfig deployDescriptor Deployed the host-manager webapp. INFO: Deploying configuration descriptor manager.xml Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.HostConfig deployDirectory Deployed manager webapp. INFO: Deploying web application directory docs Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.HostConfig deployDirectory Deployed docs webapp. INFO: Deploying web application directory examples Feb 13, 2013 9:12:57 AM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextInitialized() Feb 13, 2013 9:12:57 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextInitialized() Feb 13, 2013 9:12:57 AM org.apache.catalina.startup.HostConfig deployDirectory Deployed examples webapp. INFO: Deploying web application directory ROOT Deployed ROOT webapp. Feb 13, 2013 9:12:57 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Feb 13, 2013 9:12:57 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Feb 13, 2013 9:12:57 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/36 config=null Feb 13, 2013 9:12:57 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 1202 ms Didn't deploy any more webapps. It looks like Eclipse isn't deploying the webapp you are trying to deploy. Can you post the server.xml that is being used by Tomcat? It looks like Eclipse is modifying server.xml with your webapp's name (which is weird). Also, take a look at the deployment directory (usually CATALINA_BASE/webapps) and the configuration directory (CATALINA_BASE/conf/Catalina/localhost) to see if you have any *.xml files in there. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEb9yEACgkQ9CaO5/Lv0PC/uACfWel8AbYoZeGwXu8ylijrWndA hLMAniAtauL/86FEyZsRHujIoM7OSMHv =Q5oS -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL Session Caching
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Steven, On 2/13/13 3:01 PM, Adamus, Steven J. wrote: Nothing is going on. When the smartcard is removed, nothing goes across the wire, so how could Tomcat possibly invalidate the session? !!? OP reports that a new SmartCard is being inserted and either the old session persists (and the new user is allowed to masquerade as the old user) or the new user is not authenticated but still allowed to access their own resources. Sounds like the former, but it's worth asking. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEb988ACgkQ9CaO5/Lv0PCFsgCcDlhlJhACoMh2RSIpXVBOzgtm MHwAn1JhRSiglldzKfScPjmvyBly8mYO =NZsb -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL Session Caching
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: SSL Session Caching OP reports that a new SmartCard is being inserted and either the old session persists (and the new user is allowed to masquerade as the old user) or the new user is not authenticated but still allowed to access their own resources. Sounds like the former, but it's worth asking. Which still indicates that the _client_ isn't reacting to the smartcard being swapped for another one. Not much the server (Tomcat) can do about that, other than force re-authentication on every access (which would introduce another set of issues). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat upgrade -SSL handshake failure?
-Original Message- From: Thomas, Steve [mailto:stho...@vocollect.com] Sent: Wednesday, February 13, 2013 11:10 AM To: Tomcat Users List Subject: RE: Tomcat upgrade -SSL handshake failure? -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, February 13, 2013 10:52 AM To: Tomcat Users List Subject: Re: Tomcat upgrade -SSL handshake failure? -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Steve, On 2/12/13 9:52 AM, Thomas, Steve wrote: Hi. We have been running Tomcat 7.0.23 in our test environment until recently, then upgraded to 7.0.35. After the upgrade, our tests started failing intermittently with urlopen error [Errno 1] _ssl.c:503: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure That looks like a load of fun. [[snip]] It's more likely that the JVM is more strict. Did you upgrade the JVM as well? If it isn't Tomcat--if something else must have changed--what would be the most likely explanation? *shrug* I think you need more data on the situations where this actually occurs: what URL, which port, etc. When you hit your service, you are hitting these servers directly, right -- that is, there isn't a load-balancer or anything like that in between your client and your server (as configured above)? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlEbtrUACgkQ9CaO5/Lv0PD0uwCeKg6VFK3IQZIiEt1GqireVHuC 2HAAoIvnJGon20Kl7Ief6tWFY/gf4jCi =D9lF -END PGP SIGNATURE- - Chris: You're right that we did upgrade our JVM as well; I should have mentioned that. I will follow up on the remainder of your email later, but in the meantime wanted to say thanks and good catch on the JVM! Regards, Steve This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited. - Update: A coworker just found this: http://stackoverflow.com/questions/14167508/intermittent-sslv3-alert-handshake-failure-under-python which looks promising and explains the intermittent behavior. We are going to try to limit the ciphers to see if that fixes things. Regards, Steve This message is intended only for the named recipient. If you are not the intended recipient, you are notified that disclosing, copying, distributing or taking any action based on the contents of this information is strictly prohibited.
Re: SSL Session Caching
Will Nordmeyer wrote: I have a scenario right now I need help with. My Tomcat is configured for SSL, client certificate authorization and Certificate Revocation List checking (all outside certificates). We have a scenario (we've found in testing) where we do a transaction in our application, then the user pulls his smart card out (client certificate) and a new user comes up and puts his card in. Tomcat isn't recognizing that a new certificate is in place and is allowing the new user, with the new certificate to transact without validating his credentials. It appears as if the old session is being utilized still by the client (windows or unix, firefox or IE) and Tomcat. Which seems very odd. I would have expected the new cert would have forced a new SSL session to be created and tomcat to puke at an attempt to submit a transaction on the old session. Any thoughts/advice/guidance? That sounds to me like a serious flaw either at the level of the client logic, or at the level of the training and/or discipline of the users. Not at the level of the Tomcat server. Analogy : a room is protected by a door that opens with a key. Only some people have that key. One of these people opens the door with his key, leaves it open and walks away. Another (unauthorised) person walks through the open door into the room (*). Who is responsible ? the room ? (*) whether or not the other person puts his own (wrong) key into the lock is irrelevant. The door is already open. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers
Hi all, I have an application deployed on tomcat 6.0.35 and linux/amd64 with a JSSE https connector. When I try to connect to this site with default iPad browser, I always get an error message about the connection cannot be established. Tomcat version is the one shipped with Debian, and uses jdk 1.6.0_u39 with jce unrestricted policy. I also added bouncy castle jar in $JAVA_HOME/jre/lib/ext and added its provider in $JAVA_HOME/jre/lib/security/java.security as last in the provider list. After restarting tomcat nothing changed. I used the command line tool ssldump to check what happens and it seems the problem is in the cipher suite used by iPad: none of the ciphers is accepted by the server. This is what ssldump command show: New TCP connection #1: host35-105-static.24-87-b.business.telecomitalia.it(59049) - 192.168.1.55(8443) 1 1 0.0979 (0.0979) CS Handshake ClientHello Version 3.3 cipher suites TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_NULL_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_MD5 compression methods NULL iPad does try a few times, changing the version number, but it fails every time and eventually stop. When connecting using Chrome on the very same iPad, the connection works. The relevant dump is: New TCP connection #1: host35-105-static.24-87-b.business.telecomitalia.it(59049) - 192.168.1.55(8443) 1 1 0.0979 (0.0979) CS Handshake ClientHello Version 3.3 cipher suites TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_NULL_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_NULL_SHA TLS_RSA_WITH_NULL_MD5 compression methods NULL Ths cipher accepted by the server is: TLS_DHE_DSS_WITH_AES_128_CBC_SHA The connector I use is: Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS proxyName=www.my-visible-name.tld proxyPort=8443 address=192.168.1.55 / This is a JSSE connector since it display this message in log file: 13-feb-2013 12.57.49 org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-192.168.1.55-8443 So, my question: how to configure tomcat for accepting a broader range of ciphers, or at least to accept even one of those used by this browser? Thank you very much, Giuseppe - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Severe Errrors encountered in Tomcat when running a JSF project...
Hello Chuck, Thanks for your help in the past. Now I am trying to use Tomcat to run a JSF Application but it keeps giving the below mentioned error. Looking at different suggestions I also downloaded the Mojarra library from sun.java in the lib folder of tomcat, but that also does not seem to be helping. I would appreciate your valuable input. Thanks Tripti. SEVERE: Error configuring application listener of class com.sun.faces.config.ConfigureListener *java.lang.ClassNotFoundException*: com.sun.faces.config.ConfigureListener Feb 13, 2013 5:02:25 PM org.apache.catalina.core.StandardContext listenerStart SEVERE: Skipped installing application listeners due to previous error(s) Feb 13, 2013 5:02:25 PM org.apache.catalina.core.StandardContext startInternal SEVERE: Error listenerStart Feb 13, 2013 5:02:25 PM org.apache.catalina.core.StandardContext startInternal SEVERE: Context [/JSFFacelets] startup failed due to previous errors Feb 13, 2013 5:02:25 PM org.apache.catalina.loader.WebappClassLoader clearReferencesThreads SEVERE: The web application [/JSFFacelets] appears to have started a thread named [Abandoned connection cleanup thread] but has failed to stop it. This is very likely to create a memory leak. On Mon, Feb 4, 2013 at 12:05 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Tripti Mehta [mailto:mehtatript...@gmail.com] Subject: Severe Errrors encountered in Tomcat when running a Struts2 project... java.lang.UnsatisfiedLinkError: C:\Program Files (x86)\ apache-tomcat-7.0.35\bin\tcnative-1.dll: Can't load AMD 64-bit .dll on a IA 32-bit platform. You appear to be running a 32-bit JVM, so you need the 32-bit version of tcnative-1.dll. You could simply comment out the Listener for AprLifecycleListener in conf/server.xml, or change the name of tcnative-1.dll to something not ending in .dll, since the rest of Tomcat is 32- and 64-bit agnostic. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [FWD: Help Debugging 404 errors]
Can you post the server.xml that is being used by Tomcat? It looks like Eclipse is modifying server.xml with your webapp's name (which is weird). begin %ECLIPSE_WORKSPACES%\hello-spring-mvc-annotated-tomcat6-from-scratch\Servers\Tomcat v6.0 Server at localhost (2)-config\server.xml ?xml version=1.0 encoding=UTF-8? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. --!-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html --Server port=8005 shutdown=SHUTDOWN !--APR library loader. Documentation at /docs/apr.html -- Listener SSLEngine=on className=org.apache.catalina.core.AprLifecycleListener/ !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener/ !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener/ !-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource auth=Container description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory name=UserDatabase pathname=conf/tomcat-users.xml type=org.apache.catalina.UserDatabase/ /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector connectionTimeout=2 port=8080 protocol=HTTP/1.1 redirectPort=8443/ !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS / -- !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !-- You should set jvmRoute to support load-balancing via AJP ie : Engine name=Catalina defaultHost=localhost jvmRoute=jvm1 -- Engine defaultHost=localhost name=Catalina !--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) -- !-- Cluster
Re: [FWD: Help Debugging 404 errors]
On 2/13/2013 12:27 PM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Siegfried, On 2/13/13 12:29 PM, siegfr...@heintze.com wrote: OK, here is the console log and it is exclusively resulting from starting. There are no changes to the console display as a result of pointing the browser at http://localhost:8080/Guestbook/GuestServlet. Jetty, however, prints lots of messages about activating the controller the guestbook application. Can someone give me some more hints? How do I bump the logging level to get some more details in tomcat 6? I'm not sure you need more details from Tomcat at this point. See below. Feb 13, 2013 9:12:55 AM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Holy geez, that's a huge java.library.path and almost everything in it is worthless. :( WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:Guestbook' did not find a matching property. It looks like Eclipse is doing *something*, but... INFO: Starting Servlet Engine: Apache Tomcat/6.0.36 Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.HostConfig deployDescriptor Deployed the host-manager webapp. INFO: Deploying configuration descriptor manager.xml Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.HostConfig deployDirectory Deployed manager webapp. INFO: Deploying web application directory docs Feb 13, 2013 9:12:56 AM org.apache.catalina.startup.HostConfig deployDirectory Deployed docs webapp. INFO: Deploying web application directory examples Feb 13, 2013 9:12:57 AM org.apache.catalina.core.ApplicationContext log INFO: ContextListener: contextInitialized() Feb 13, 2013 9:12:57 AM org.apache.catalina.core.ApplicationContext log INFO: SessionListener: contextInitialized() Feb 13, 2013 9:12:57 AM org.apache.catalina.startup.HostConfig deployDirectory Deployed examples webapp. INFO: Deploying web application directory ROOT Deployed ROOT webapp. Feb 13, 2013 9:12:57 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8080 Feb 13, 2013 9:12:57 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Feb 13, 2013 9:12:57 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/36 config=null Feb 13, 2013 9:12:57 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 1202 ms Didn't deploy any more webapps. It looks like Eclipse isn't deploying the webapp you are trying to deploy. Can you post the server.xml that is being used by Tomcat? It looks like Eclipse is modifying server.xml with your webapp's name (which is weird). Also, take a look at the deployment directory (usually CATALINA_BASE/webapps) and the configuration directory (CATALINA_BASE/conf/Catalina/localhost) to see if you have any *.xml files in there. Eclipse J2EE version does lots of really unpleasant (in my opinion) stuff. They actually use a pseudo-CATALINA_BASE (I think) and run the server from: workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp[n] n is the number of your server in your Servers project. There is no bin directory, and there's an extra directory called wtpwebapps which contains an empty ROOT application. If you use Maven, you'll need the Maven Integration for Eclipse WTP, which is an incubation plugin. It doesn't allow you to do everything Maven does from within Eclipse, but for generic building and running it seems to work more or less OK. If you don't use the plugin, then I imagine you'll get all sorts of anomalous behavior, including having to tell Eclipse you're working on a WTP project (adding aspects otherwise you won't be able to run on a server), Eclipse complaining that it cannot find files (because the directory structure is different), etc. So in short: 1. Make sure your Servers project is open (so you can control Tomcat) 2. Look in the logs subdirectory of tmp[n] for logs 3. If you're using Maven (original poster is I think), get the plugin . . . . just my 2 cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [FWD: Help Debugging 404 errors]
They actually use a pseudo-CATALINA_BASE (I think) and run the server from: workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp[n] n is the number of your server in your Servers project. There is no bin directory, and there's an extra directory called wtpwebapps which contains an empty ROOT application. You can change all this configuration by double-clicking over the server icon in Servers tab. And choose root folder and webapps folder Regards - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [FWD: Help Debugging 404 errors]
Mark Eggers: 1. Make sure your Servers project is open (so you can control Tomcat) I don't know what you mean. I have expanded the server name in the project pane (to expose server.xml and other files) as well as the server name in project pane (to expose the war/projects with the jar icon where I can stop and start the server). 2. Look in the logs subdirectory of tmp[n] for logs This directory is empty. How do I turn on logging? 3. If you're using Maven (original poster is I think), get the plugin I'm using the plugin for eclipse that allows me to control maven and maven goals from the eclipse gui. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [FWD: Help Debugging 404 errors]
Jose They actually use a pseudo-CATALINA_BASE (I think) and run the server from: workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp[n] n is the number of your server in your Servers project. There is no bin directory, and there's an extra directory called wtpwebapps which contains an empty ROOT application. You can change all this configuration by double-clicking over the server icon in Servers tab. And choose root folder and webapps folder OK, I double clicked. Can you give me some more details on choosing root folder and webapps folder? I see three radio buttons that are all greyed out. I don't know how to click on them. Use workspace metadata (dones not modify Tomcat installation) Use the tomcat installation (takes control of Tomcat installation) Use the custom location (does not modify Tomcat installation) Down below that it says Deploy path: wtpwebapps but it is greyed out too. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [Seriously OT] Help in diagnosing server unresponsiveness
On 2/12/2013 9:36 AM, Christopher Schultz wrote: On 2/11/13 4:30 PM, Terence M. Bandoian wrote: I understand the considerations above and they are a part of the prevailing thinking. However, one underlying assumption of the supporting argument appears to be that today's programmers are not capable of developing maintainable code which I don't believe is true. As I understand it, programmer productivity is one of the most significant factors in the decision making process and it is a valid concern. IF (that's a big if) an application can be developed in half the time using a generalized solution, then that approach has to be considered along with a host of other concerns including the end product and the effect on the organization. I say reliance on generalized solutions is short-sighted because knowledge of the underlying technologies is lost, or never gained, along with the skills to work in those spheres. Are you suggesting that people who program using Java are oblivious to the innards of hardware architecture and are remain ignorant of these important details? That's the logical conclusion to your argument. I'm not saying you're wrong, but you have to admit that a Java programmer (of which I'm one) saying that using a generalized solution makes you ignorant is a bit like the pot calling the kettle black. Not at all. I probably should have said there is a potential for lost knowledge. Here are a couple of anecdotal examples that I hope will help illustrate what I mean. - I was told recently by a person in a software architect position that they use Hibernate because it prevents SQL injection. I'll give them the benefit of the doubt and assume they have other motivations but still, is escaping the input strings to a query really advanced knowledge? Think about that from the perspective of a junior or mid-level programmer who has only ever used an ORM. What happens when something goes wrong or performance has to be optimized. For that matter, what does happen? Now you have to know SQL, the DBMS, and HQL and understand Hibernate behavior. Double the complexity? Disclaimer: I don't have anything against Hibernate or JPA. I worked with an early implementation of JDO for a short time and am beginning some work with Hibernate. - A JavaScript programmer told me not too long ago that you really have to use a JavaScript library (e.g. jQuery) if you're going to use AJAX in an interface because it's just too complicated. Is instantiating and using an XMLHttpRequest object really that difficult? What about those programmers who have only ever used a JavaScript library? Another developer says he tells clients that they shouldn't consider a feature if it isn't supported by jQuery. Still another says that one of the reasons their organization uses a full-blown framework is that their programmers can't develop cross-browser compatible JavaScript. Disclaimer: I think jQuery is a wonderful library and, if you plan to make good use of the features available, it should definitely be considered. What I'm saying is there should be a good reason (really good) to add significant complexity, performance overhead, memory requirements and megabytes of code to an application. Efficiency, flexibility, repairability, extensibility and reliability are all components of software quality and all are affected by complexity. Less complex systems are easier to maintain. To continue the aside, wasted energy is wasted energy and it may become a factor in software development at some point. I think decision makers should be taught that there is more to the bottom line than dollars and cents. In my experience, by far the biggest time waster is trying to deal with code that is (or has become) unmaintainable. Re-writing just because a piece of code has become out-of-touch with current standards or because nobody understands how it works is entirely wasted effort. We have lots of places in our code where we have been spending - literally - years recording from bad decisions in the past. Granted. Reading other people's code is a learned skill and can be problematic. Isn't that where design and code reviews and coding standards come into play? Also, apples and oranges. Energy is precious resource that deserves special consideration. I'm just blue-skying here and don't have the answers but how much electricity is wasted by inefficient programming? We may have to factor that in some day. -Terence - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org