date:20130802


Am 2013-08-01 22:59, schrieb Mark Thomas:

If you'd like early sight of Tomcat 8 and an opportunity to contribute
to Tomcat development, the release vote has now opened for the first
Tomcat 8 release candidate.

Features include:
-[...]
- Update to DBCP2 (now includes JMX monitoring)

  ^
Why if we do have the wonderful Tomcat JDBC Pool? Can't we get rid of 
that relic?


Michael


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 8.0.0-RC1 release vote started

Michael-O 1983-01...@gmx.net wrote:
Am 2013-08-01 22:59, schrieb Mark Thomas:
 If you'd like early sight of Tomcat 8 and an opportunity to
contribute
 to Tomcat development, the release vote has now opened for the first
 Tomcat 8 release candidate.

 Features include:
 -[...]
 - Update to DBCP2 (now includes JMX monitoring)
   ^
Why if we do have the wonderful Tomcat JDBC Pool? 

1. Choice (we ship both).
2. Features (DBCP covers more edge cases).
3. Maintainability. There is more chance of a DBCP fix at the moment. That 
should change when Filip returns.
4. Performance they should be much closer but I suspect Tomcat JDBC will be 
faster (those edge cases again).

 Can't we get rid of that relic?

We could but I would not support such a move.  (Relic? Hardly.)

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Problem with getRealPath() on Tomcat 8

2013-08-02 Thread Ognjen Blagojevic


Hi,

I am just testing Tomcat 8.0.0-RC1 that is proposed for (Alpha) release.

I noticed that (unlike Tomcat 7.0.42) this version throws 
IllegalArgumentException upon calling ServletContext.getRealPath(). It 
seems that TC8 expects that argument provided to getRealPath is 
non-empty string.


The code that tries to execute getRealPath with empty argument is not 
mine, it is from Apache Axis2 1.6.2 (latest production release). Now, I 
could file a bug with Axis2, but I am actually not sure is it really 
necessary that getRealPath argument is non-empty string?


-Ognjen


P.S. More details below.


Stack trace:

[ERROR] java.lang.IllegalArgumentException
java.lang.IllegalArgumentException
at 
org.apache.catalina.webresources.AbstractResourceSet.checkPath(AbstractResourceSet.java:39)
at 
org.apache.catalina.webresources.DirResourceSet.getResource(DirResourceSet.java:91)
at 
org.apache.catalina.webresources.StandardRoot.getResourceInternal(StandardRoot.java:176)
at 
org.apache.catalina.webresources.CachedResource.validate(CachedResource.java:62)
at 
org.apache.catalina.webresources.Cache.getResource(Cache.java:78)
at 
org.apache.catalina.webresources.StandardRoot.getResource(StandardRoot.java:163)
at 
org.apache.catalina.core.StandardContext.getRealPath(StandardContext.java:4528)
at 
org.apache.catalina.core.ApplicationContext.getRealPath(ApplicationContext.java:398)
at 
org.apache.catalina.core.ApplicationContextFacade.getRealPath(ApplicationContextFacade.java:335)
at 
org.apache.axis2.deployment.WarBasedAxisConfigurator.init(WarBasedAxisConfigurator.java:103)
at 
org.apache.axis2.transport.http.AxisServlet.initConfigContext(AxisServlet.java:584)
at 
org.apache.axis2.transport.http.AxisServlet.init(AxisServlet.java:454)
at 
org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1235)
at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1148)
at 
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1044)
at 
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5025)
at 
org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5322)
at 
org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:726)
at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:702)
at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:698)
at 
org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:968)
at 
org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1742)
at 
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at 
java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)

at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at java.lang.Thread.run(Thread.java:724)


--

Axis2 code (WarBasedAxisConfigurator.java:103-106):

103:String webpath = 
config.getServletContext().getRealPath();

104:if (webpath == null || webpath.length() == 0) {
105:webpath = 
config.getServletContext().getRealPath(/);

106:}

--

Tomcat 8 code throwing the exception (AbstractResourceSet.java:37-41):

protected final void checkPath(String path) {
if (path == null || path.length() == 0 || path.charAt(0) != '/') {
throw new IllegalArgumentException();
}
}

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Cert

2013-08-02 Thread Kyle Shattuck

Hello,
I am using Tomcat 7 on a windows server 2012 build for this: 
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method

I don't think SSL is not working correctly because every time I try to 
authenticate over LDAPS it does not work.

I created a .csr and a .jks using the java keytool. I got a cert using my .csr 
file from digicert by downloading it to a .p7b file. I imported the .p7b file 
to my %jave_home%\bin\mykeystore.jks. I then download from digicert the same 
cert but in a .pem file and imported the file to my 
%jave_home5\jre\lib\security\cacerts.

Did I miss something here, do you need any other info?

Thank you,
Kyle

Re: Problem with getRealPath() on Tomcat 8

Ognjen Blagojevic ognjen.d.blagoje...@gmail.com wrote:
Hi,

I am just testing Tomcat 8.0.0-RC1 that is proposed for (Alpha)
release.

I noticed that (unlike Tomcat 7.0.42) this version throws 
IllegalArgumentException upon calling ServletContext.getRealPath().

That looks like a bug in the new resources implementation.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Problem with getRealPath() on Tomcat 8

2013-08-02 Thread Ognjen Blagojevic


Mark,

On 2.8.2013 13:33, Mark Thomas wrote:

I noticed that (unlike Tomcat 7.0.42) this version throws
IllegalArgumentException upon calling ServletContext.getRealPath().


That looks like a bug in the new resources implementation.


Thank you for your prompt response. I filed a bug:

  https://issues.apache.org/bugzilla/show_bug.cgi?id=55345

-Ognjen

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Cert

2013-08-02 Thread Daniel Mikusa

On Aug 2, 2013, at 7:33 AM, Kyle Shattuck ky...@montcalm.edu wrote:

 Hello,
 I am using Tomcat 7 on a windows server 2012 build for this: 
 https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
 
 I don't think SSL is not working correctly because every time I try to 
 authenticate over LDAPS it does not work.

What part of this doesn't work?  Connecting via SSL or authentication via LDAP? 
 They are two different things.

Can you connect to your server via HTTPS and access a static resource like an 
HTML page or image file?  If not, what happens when you try to connect?

 
 I created a .csr and a .jks using the java keytool. I got a cert using my 
 .csr file from digicert by downloading it to a .p7b file. I imported the .p7b 
 file to my %jave_home%\bin\mykeystore.jks. I then download from digicert the 
 same cert but in a .pem file and imported the file to my 
 %jave_home5\jre\lib\security\cacerts.
 
 Did I miss something here, do you need any other info?

 - What is the specific version of Tomcat that you are using?
 - Do you see any errors in the log?
 - Include your server.xml, minus comments and minus any sensitive info like 
passwords

Dan

 
 Thank you,
 Kyle
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Cert

2013-08-02 Thread Martin Gainty

Daniel

...he hasn't imported his DER typed certificate into the LDAP Server yet..

Martin
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung.
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung
fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est
interdite. Ce message sert à l'information seulement et n'aura pas n'importe
quel effet légalement obligatoire. Étant donné que les email peuvent facilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.

Subject: Re: Cert
From: dmik...@gopivotal.com
Date: Fri, 2 Aug 2013 08:58:12 -0400
To: users@tomcat.apache.org

On Aug 2, 2013, at 7:33 AM, Kyle Shattuck ky...@montcalm.edu wrote:

Hello,
I am using Tomcat 7 on a windows server 2012 build for this:
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method

I don't think SSL is not working correctly because every time I try to
authenticate over LDAPS it does not work.

What part of this doesn't work? Connecting via SSL or authentication via
LDAP? They are two different things.

Can you connect to your server via HTTPS and access a static resource like an
HTML page or image file? If not, what happens when you try to connect?

I created a .csr and a .jks using the java keytool. I got a cert using my
.csr file from digicert by downloading it to a .p7b file. I imported the
.p7b file to my %jave_home%\bin\mykeystore.jks. I then download from
digicert the same cert but in a .pem file and imported the file to my
%jave_home5\jre\lib\security\cacerts.

Did I miss something here, do you need any other info?

- What is the specific version of Tomcat that you are using?
- Do you see any errors in the log?
- Include your server.xml, minus comments and minus any sensitive info like
passwords

Dan

Thank you,
Kyle

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Cert

2013-08-02 Thread Kyle Shattuck

My Server( CAS) is using SSL and the LDAP(DC) server uses SSL. So when I try to 
authenticate through my CAS server to DC over LDAPS it does not work. When I 
look at the logs of the Applications and Services Logs --Directory Service 
is says--
InformationActiveDirectory_DomainService1535LDAP Interface:
Internal event: The LDAP server returned an error. 
 
Additional Data 
Error value:
0003: LdapErr: DSID-0C060463, comment: Error decrypting ldap message, data 
0, v1db1

Tomcat version:apache-tomcat-7.0.42

-Original Message-
From: Daniel Mikusa [mailto:dmik...@gopivotal.com] 
Sent: Friday, August 02, 2013 8:59 AM
To: Tomcat Users List
Subject: Re: Cert

On Aug 2, 2013, at 7:33 AM, Kyle Shattuck ky...@montcalm.edu wrote:

 Hello,
 I am using Tomcat 7 on a windows server 2012 build for this: 
 https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
 
 I don't think SSL is not working correctly because every time I try to 
 authenticate over LDAPS it does not work.

What part of this doesn't work?  Connecting via SSL or authentication via LDAP? 
 They are two different things.

Can you connect to your server via HTTPS and access a static resource like an 
HTML page or image file?  If not, what happens when you try to connect?

 
 I created a .csr and a .jks using the java keytool. I got a cert using my 
 .csr file from digicert by downloading it to a .p7b file. I imported the .p7b 
 file to my %jave_home%\bin\mykeystore.jks. I then download from digicert the 
 same cert but in a .pem file and imported the file to my 
 %jave_home5\jre\lib\security\cacerts.
 
 Did I miss something here, do you need any other info?

 - What is the specific version of Tomcat that you are using?
 - Do you see any errors in the log?
 - Include your server.xml, minus comments and minus any sensitive info like 
passwords

Dan

 
 Thank you,
 Kyle
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


?xml version='1.0' encoding='utf-8'?

Server port=8005 shutdown=SHUTDOWN

  Listener className=org.apache.catalina.core.JasperListener /
  Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener /
  Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener /
  Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener /

  GlobalNamingResources

Resource name=UserDatabase auth=Container
  type=org.apache.catalina.UserDatabase
  description=User database that can be updated and saved
  factory=org.apache.catalina.users.MemoryUserDatabaseFactory
  pathname=conf/tomcat-users.xml /
  /GlobalNamingResources

  Service name=Catalina

Connector port=8080 protocol=HTTP/1.1
   connectionTimeout=2
   redirectPort=8443 /
 
Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
   maxThreads=150 scheme=https secure=true
   clientAuth=false sslProtocol=TLS keystoreFile=C:\Program Files\Java\jdk1.7.0_25\keystore.jks keystorePass=pass /

Connector port=8009 protocol=AJP/1.3 redirectPort=8443 /
Engine name=Catalina defaultHost=localhost

  Realm className=org.apache.catalina.realm.LockOutRealm

Realm className=org.apache.catalina.realm.UserDatabaseRealm
   resourceName=UserDatabase/
  /Realm

  Host name=localhost  appBase=webapps
unpackWARs=true autoDeploy=true

   Valve className=org.apache.catalina.valves.AccessLogValve directory=logs
   prefix=localhost_access_log. suffix=.txt
   pattern=%h %l %u %t quot;%rquot; %s %b /

  /Host
/Engine
  /Service
/Server

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Cert

2013-08-02 Thread Daniel Mikusa

On Aug 2, 2013, at 9:23 AM, Kyle Shattuck ky...@montcalm.edu wrote:

My Server( CAS) is using SSL and the LDAP(DC) server uses SSL. So when I try
to authenticate through my CAS server to DC over LDAPS it does not work.
When I look at the logs of the Applications and Services Logs --Directory
Service is says--
InformationActiveDirectory_DomainService 1535LDAP Interface:
Internal event: The LDAP server returned an error.

Additional Data
Error value:
0003: LdapErr: DSID-0C060463, comment: Error decrypting ldap message,
data 0, v1db1

Sorry for being slow here. I'm just not quite sure how this is related to
Tomcat. It seems like an application or JVM configuration issue.

A couple more questions for you.

- What log are you pulling this from? Is this from your LDAP server, an
application log or a Tomcat log?

- How are you configuring your application to connect to your LDAP server?
Is this with a Resource / tag in Tomcat? or is this done in application
configuration? Can you include this config for us, minus passwords?

- Does your LDAP server have a certificate from a trusted certificate
authority? Is this what you were talking about when you mentioned creating a
keystore with a certificate from digicert in your original email? Or is the
LDAP Server's certificate self signed?

Dan

Tomcat version:apache-tomcat-7.0.42

-Original Message-
From: Daniel Mikusa [mailto:dmik...@gopivotal.com]
Sent: Friday, August 02, 2013 8:59 AM
To: Tomcat Users List
Subject: Re: Cert

On Aug 2, 2013, at 7:33 AM, Kyle Shattuck ky...@montcalm.edu wrote:

Hello,
I am using Tomcat 7 on a windows server 2012 build for this:
https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method

I don't think SSL is not working correctly because every time I try to
authenticate over LDAPS it does not work.

What part of this doesn't work? Connecting via SSL or authentication via
LDAP? They are two different things.

Can you connect to your server via HTTPS and access a static resource like an
HTML page or image file? If not, what happens when you try to connect?

Did I miss something here, do you need any other info?

- What is the specific version of Tomcat that you are using?
- Do you see any errors in the log?
- Include your server.xml, minus comments and minus any sensitive info like
passwords

Dan

Thank you,
Kyle

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

server.xml
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Cert

2013-08-02 Thread Martin Gainty

Kyle
 
the ldap server requires the LDAP Attributes contained within the p7b

dn: cn=username,o=organization,c=country
objectclass:inetorgperson
objectclass:organizationalPerson
cn: username
sn: surname

your LDAP admin has 2 options:

1)enter each one manually from the attributes enumerated from the cert 
2) import your DER formatted certificate into LDAP (and let the import utility 
auto-populate the LDAP attributes) for example
2a)Cisco LDAP Server
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x_chapter_0111.html
2b)IBM LDAP Server
http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.itamfbi.doc_5.1%2FADM51mst160.htm

it looks like we will need to engage the LDAP admin to take this any 
further..can you cc him?

Martin 
__ 
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.

 
From: ky...@montcalm.edu
To: users@tomcat.apache.org
Subject: RE: Cert
Date: Fri, 2 Aug 2013 13:23:12 +

My Server( CAS) is using SSL and the LDAP(DC) server uses SSL. So when I try to 
authenticate through my CAS server to DC over LDAPS it does not work. When I 
look at the logs of the Applications and Services Logs --Directory Service 
is says--
InformationActiveDirectory_DomainService1535LDAP Interface:
Internal event: The LDAP server returned an error. 
 
Additional Data 
Error value:
0003: LdapErr: DSID-0C060463, comment: Error decrypting ldap message, data 
0, v1db1
 
Tomcat version:apache-tomcat-7.0.42
 
-Original Message-
From: Daniel Mikusa [mailto:dmik...@gopivotal.com] 
Sent: Friday, August 02, 2013 8:59 AM
To: Tomcat Users List
Subject: Re: Cert
 
On Aug 2, 2013, at 7:33 AM, Kyle Shattuck ky...@montcalm.edu wrote:
 
 Hello,
 I am using Tomcat 7 on a windows server 2012 build for this: 
 https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Locally+using+the+Maven2+WAR+Overlay+Method
 
 I don't think SSL is not working correctly because every time I try to 
 authenticate over LDAPS it does not work.
 
What part of this doesn't work?  Connecting via SSL or authentication via LDAP? 
 They are two different things.
 
Can you connect to your server via HTTPS and access a static resource like an 
HTML page or image file?  If not, what happens when you try to connect?
 
 
 I created a .csr and a .jks using the java keytool. I got a cert using my 
 .csr file from digicert by downloading it to a .p7b file. I imported the .p7b 
 file to my %jave_home%\bin\mykeystore.jks. I then download from digicert the 
 same cert but in a .pem file and imported the file to my 
 %jave_home5\jre\lib\security\cacerts.
 
 Did I miss something here, do you need any other info?
 
 - What is the specific version of Tomcat that you are using?
 - Do you see any errors in the log?
 - Include your server.xml, minus comments and minus any sensitive info like 
passwords
 
Dan
 
 
 Thank you,
 Kyle
 
 
 
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Cert

2013-08-02 Thread Kyle Shattuck

We don't necessarily have a LDAP admin, so I need more details on how to 
execute this. I read the IBM site you provided and am not sure how to start.

Our OS are Windows, they are talking about  Tivoli Access Manager LDAP server

Thank you for all the information! 

-Original Message-
From: Martin Gainty [mailto:mgai...@hotmail.com] 
Sent: Friday, August 02, 2013 10:06 AM
To: Tomcat Users List
Subject: RE: Cert

Kyle
 
the ldap server requires the LDAP Attributes contained within the p7b

dn: cn=username,o=organization,c=country
objectclass:inetorgperson
objectclass:organizationalPerson
cn: username
sn: surname

your LDAP admin has 2 options:

1)enter each one manually from the attributes enumerated from the cert
2) import your DER formatted certificate into LDAP (and let the import utility 
auto-populate the LDAP attributes) for example 2a)Cisco LDAP Server 
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x_chapter_0111.html
2b)IBM LDAP Server
http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=%2Fcom.ibm.itamfbi.doc_5.1%2FADM51mst160.htm

it looks like we will need to engage the LDAP admin to take this any 
further..can you cc him?

Martin
__
Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité

Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger 
sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung 
oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem 
Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. 
Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung 
fuer den Inhalt uebernehmen.

Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le 
destinataire prévu, nous te demandons avec bonté que pour satisfaire informez 
l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est 
interdite. Ce message sert à l'information seulement et n'aura pas n'importe 
quel effet légalement obligatoire. Étant donné que les email peuvent facilement 
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité 
pour le contenu fourni.

 
From: ky...@montcalm.edu
To: users@tomcat.apache.org
Subject: RE: Cert
Date: Fri, 2 Aug 2013 13:23:12 +

My Server( CAS) is using SSL and the LDAP(DC) server uses SSL. So when I try to 
authenticate through my CAS server to DC over LDAPS it does not work. When I 
look at the logs of the Applications and Services Logs --Directory Service 
is says--
InformationActiveDirectory_DomainService1535LDAP Interface:
Internal event: The LDAP server returned an error. 
 
Additional Data
Error value:
0003: LdapErr: DSID-0C060463, comment: Error decrypting ldap message, data 
0, v1db1
 
Tomcat version:apache-tomcat-7.0.42
 
-Original Message-
From: Daniel Mikusa [mailto:dmik...@gopivotal.com]
Sent: Friday, August 02, 2013 8:59 AM
To: Tomcat Users List
Subject: Re: Cert
 
On Aug 2, 2013, at 7:33 AM, Kyle Shattuck ky...@montcalm.edu wrote:
 
 Hello,
 I am using Tomcat 7 on a windows server 2012 build for this: 
 https://wiki.jasig.org/display/CASUM/Best+Practice+-+Setting+Up+CAS+Lo
 cally+using+the+Maven2+WAR+Overlay+Method
 
 I don't think SSL is not working correctly because every time I try to 
 authenticate over LDAPS it does not work.
 
What part of this doesn't work?  Connecting via SSL or authentication via LDAP? 
 They are two different things.
 
Can you connect to your server via HTTPS and access a static resource like an 
HTML page or image file?  If not, what happens when you try to connect?
 
 
 I created a .csr and a .jks using the java keytool. I got a cert using my 
 .csr file from digicert by downloading it to a .p7b file. I imported the .p7b 
 file to my %jave_home%\bin\mykeystore.jks. I then download from digicert the 
 same cert but in a .pem file and imported the file to my 
 %jave_home5\jre\lib\security\cacerts.
 
 Did I miss something here, do you need any other info?
 
 - What is the specific version of Tomcat that you are using?
 - Do you see any errors in the log?
 - Include your server.xml, minus comments and minus any sensitive info like 
passwords
 
Dan
 
 
 Thank you,
 Kyle
 
 
 
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org   
  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail:

Tomcat Websocket Implementation

2013-08-02 Thread Igor Urisman

Dear all,

I'm looking into a solution that will make extensive use of websockets.
Details are unimportant, but here's the question that I'd like to have some
insight into.  The current implementation (official
examplehttp://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/websocket/chat/ChatWebSocketServlet.java?revision=1354477view=markup)
seems independent of the JSR
356http://docs.oracle.com/javaee/7/tutorial/doc/websocket.htm.
Is work underway to implement the javax.websocket.* objects, or is what's
in org.apache.catalina.websocket it for the enforceable future?

Thanks in advance,
--Igor.
www.sanguinecomputing.com

Re: Tomcat Websocket Implementation

2013-08-02 Thread Nick Williams

On Aug 2, 2013, at 12:05 PM, Igor Urisman wrote:

Dear all,

I'm looking into a solution that will make extensive use of websockets.
Details are unimportant, but here's the question that I'd like to have some
insight into. The current implementation (official
examplehttp://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/websocket/chat/ChatWebSocketServlet.java?revision=1354477view=markup)
seems independent of the JSR
356http://docs.oracle.com/javaee/7/tutorial/doc/websocket.htm.
Is work underway to implement the javax.websocket.* objects, or is what's
in org.apache.catalina.websocket it for the enforceable future?

Tomcat 8 has a completed (though not yet fully tested and vetted)
implementation of JSR-356. We're voting right now on the developer's mailing
list whether to release Tomcat 8.0.0-RC1 alpha.

Though Tomcat 8 is the only Tomcat that will support the Servlet, JSP, and EL
specifications included in Java EE 7 (they will not be back-ported to Tomcat
7), a decision was made a while ago to deprecate the existing Tomcat 7
WebSocket implementation and back-port JSR-356 to Tomcat 7. This is the only
Java EE 7 component that will be back-ported to Tomcat 7, AFAIK. I don't
personally know this will happen (I'm not one of the developers), but since the
JSR-356 implementation in Tomcat 8 is complete now, it shouldn't be too long.

If you want to play with the JSR-356 implementation for now, feel free to
download and use Tomcat 8 RC1 when it releases in (hopefully) the next few
days. We encourage it, because the more people who download it and try it out,
the better our chances of chasing down and fixing bugs now instead of after a
general release.

Nick

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Websocket Implementation

2013-08-02 Thread Nick Williams

On Aug 2, 2013, at 12:42 PM, Nick Williams wrote:

On Aug 2, 2013, at 12:05 PM, Igor Urisman wrote:

Dear all,

Tomcat 8 has a completed (though not yet fully tested and vetted)
implementation of JSR-356. We're voting right now on the developer's mailing
list whether to release Tomcat 8.0.0-RC1 alpha.

Though Tomcat 8 is the only Tomcat that will support the Servlet, JSP, and EL
specifications included in Java EE 7 (they will not be back-ported to Tomcat
7), a decision was made a while ago to deprecate the existing Tomcat 7
WebSocket implementation and back-port JSR-356 to Tomcat 7. This is the only
Java EE 7 component that will be back-ported to Tomcat 7, AFAIK. I don't
personally know this will happen (I'm not one of the developers), but since
the JSR-356 implementation in Tomcat 8 is complete now, it shouldn't be too
long.

**I don't personally know WHEN this will happen…

If you want to play with the JSR-356 implementation for now, feel free to
download and use Tomcat 8 RC1 when it releases in (hopefully) the next few
days. We encourage it, because the more people who download it and try it
out, the better our chances of chasing down and fixing bugs now instead of
after a general release.

You could also download the POTENTIAL release candidate that is being voted on
right now
(https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.0-RC1/bin/), but I
can't guarantee that this is the actual release candidate that will come out.

Nick

Re: Tomcat Websocket Implementation

2013-08-02 Thread Igor Urisman

Super helpful -- thanks, Nick. I'll switch to T8 right away. It's alpha
status is not a problem in my case.
-Igor.

On Fri, Aug 2, 2013 at 10:45 AM, Nick Williams
nicho...@nicholaswilliams.net wrote:

On Aug 2, 2013, at 12:42 PM, Nick Williams wrote:

On Aug 2, 2013, at 12:05 PM, Igor Urisman wrote:

Dear all,

I'm looking into a solution that will make extensive use of websockets.
Details are unimportant, but here's the question that I'd like to have
some
insight into. The current implementation (official
example
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/classes/websocket/chat/ChatWebSocketServlet.java?revision=1354477view=markup
)
seems independent of the JSR
356http://docs.oracle.com/javaee/7/tutorial/doc/websocket.htm.
Is work underway to implement the javax.websocket.* objects, or is
what's
in org.apache.catalina.websocket it for the enforceable future?

Tomcat 8 has a completed (though not yet fully tested and vetted)
implementation of JSR-356. We're voting right now on the developer's
mailing list whether to release Tomcat 8.0.0-RC1 alpha.

Though Tomcat 8 is the only Tomcat that will support the Servlet, JSP,
and EL specifications included in Java EE 7 (they will not be back-ported
to Tomcat 7), a decision was made a while ago to deprecate the existing
Tomcat 7 WebSocket implementation and back-port JSR-356 to Tomcat 7. This
is the only Java EE 7 component that will be back-ported to Tomcat 7,
AFAIK. I don't personally know this will happen (I'm not one of the
developers), but since the JSR-356 implementation in Tomcat 8 is complete
now, it shouldn't be too long.

**I don't personally know WHEN this will happen…

If you want to play with the JSR-356 implementation for now, feel free
to download and use Tomcat 8 RC1 when it releases in (hopefully) the next
few days. We encourage it, because the more people who download it and try
it out, the better our chances of chasing down and fixing bugs now instead
of after a general release.

You could also download the POTENTIAL release candidate that is being
voted on right now (
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.0-RC1/bin/),
but I can't guarantee that this is the actual release candidate that will
come out.

Nick

Tomcat native 1.1.27 libapr-1.so.0 is not deployed

2013-08-02 Thread srinivas yelamanchili

Hi, 
I built APR 1.4.8 and Tomcat 7.0.42 from source code on redhat linux

I compiled the tomcat native library 1.1.27 as below

./configure --with-apr=/apps/mstrat/apache/apr-1.4.8 \
    --with-java-home=/apps/mstrat/java/jdk1.7.0_25 \
    --with-ssl=/apps/mstrat/apache/openssl-1.0.1e    \
    --prefix=/apps/mstrat/apache-tomcat-7.0.42
make
make install

I see new libraries at /apps/mstrat/apache-tomcat-7.0.42/lib
libtcnative-1.so.0.1.27
libtcnative-1.so.0 - libtcnative-1.so.0.1.27
libtcnative-1.so - libtcnative-1.so.0.1.27
libtcnative-1.la
libtcnative-1.a

but NOT libapr-1.so.0

libapr-1.so.0 and libapr-1.so.0.4.8 are available at APR install directory 
(/apps/mstrat/apache/apr-1.4.8/lib)

When I start Tomcat, I see the following error in the log file
catalina.out:java.lang.UnsatisfiedLinkError: 
/apps/mstrat/apache-tomcat-7.0.42/lib/libtcnative-1.so.0.1.27: libapr-1.so.0: 
cannot open shared object file: No such file or directory

From tomcat lib folder
strings libtcnative-1.so.0.1.27  | more | grep libapr
libapr-1.so.0


On manually copying the libapr-1.so.0 from APR lib to Tomcat lib, the error is 
gone on tomcat restart

Why doesn't Tomcat native library buildinstall deploy libapr-1.so.0 to the 
Tomcat lib folder?

Thanks,
-sri

Re: Apache Tomcat 8.0.0-RC1 release vote started


Am 2013-08-02 11:43, schrieb Mark Thomas:

Michael-O 1983-01...@gmx.net wrote:

Am 2013-08-01 22:59, schrieb Mark Thomas:

If you'd like early sight of Tomcat 8 and an opportunity to

contribute

to Tomcat development, the release vote has now opened for the first
Tomcat 8 release candidate.

Features include:
-[...]
- Update to DBCP2 (now includes JMX monitoring)

   ^
Why if we do have the wonderful Tomcat JDBC Pool?


1. Choice (we ship both).
2. Features (DBCP covers more edge cases).
3. Maintainability. There is more chance of a DBCP fix at the moment. That 
should change when Filip returns.
4. Performance they should be much closer but I suspect Tomcat JDBC will be 
faster (those edge cases again).


According to Apache's JIRA DBCP2 is still in the works whereas Tomcat 
JDBC Pool already works quite well. If so, I would favor the first 
option and make Tomcat JDBC Pool the default. Anyway DBCP2 will be a 
breaking change for DBCP 1.x users. Why not go the extra mile with 
Tomcat JDBC Pool and use that.



Can't we get rid of that relic?


We could but I would not support such a move.  (Relic? Hardly.)


I consinder it as a relic. Tomcat JDBC Pool's site even states that DBCP 
was written in ancient times withou multithreading in mind. Pre Java 5 
and so forth.


From my point of view, I have achieved tremendous improvements in our 
apps with Tomcat JDBC Pool and even found several bugs which would not 
have been possible with DBCP.


Michael



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Auto-loading of the SQL Server JDBC Driver in 6.0.35

2013-08-02 Thread MWick

I expect that by putting the SQL Server JDBC4 driver jar (sqljdbc4.jar) into 
${CATALINA_HOME}/lib, that the driver would be automatically available upon 
server start.  As expected, this works in 6.0.33, but fails in 6.0.35.  It 
seems that the fix to Bug 51640 is the cause of this, and in fact, setting 
driverManagerProtection to false in the JreMemoryLeakPreventionListener allows 
this to work in 6.0.35 as well.  I would not have expected that a change to the 
MemoryLeak Listener would have changed the behavior of the JDBC driver.

I don't know the internals of the SQL Server driver, so I don't know exactly 
why this is happening.  The MySQL driver loads without any issue.

I am wondering if anyone else has seen this problem.

Thanks,

Mark

RE: Apache Tomcat 8.0.0-RC1 release vote started

2013-08-02 Thread Caldarale, Charles R

 From: Michael-O [mailto:1983-01...@gmx.net] 
 Subject: Re: Apache Tomcat 8.0.0-RC1 release vote started

 According to Apache's JIRA DBCP2 is still in the works whereas Tomcat 
 JDBC Pool already works quite well. If so, I would favor the first 
 option and make Tomcat JDBC Pool the default.

Your original message implied that the Tomcat JDBC pool was the relic you 
wanted to get rid of:

 Why if we do have the wonderful Tomcat JDBC Pool? Can't we get rid of 
 that relic?

Since the most recent noun in the wording before that relic was Tomcat JDBC 
Pool, I certainly interpreted relic as a reference to Filip's creation, not 
the original DBCP - and I suspect Mark T did as well.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Auto-loading of the SQL Server JDBC Driver in 6.0.35


Am 2013-08-02 21:24, schrieb mw...@loftware.com:

I expect that by putting the SQL Server JDBC4 driver jar
(sqljdbc4.jar) into ${CATALINA_HOME}/lib, that the driver would be
automatically available upon server start.  As expected, this works
in 6.0.33, but fails in 6.0.35.  It seems that the fix to Bug 51640
is the cause of this, and in fact, setting driverManagerProtection to
false in the JreMemoryLeakPreventionListener allows this to work in
6.0.35 as well.  I would not have expected that a change to the
MemoryLeak Listener would have changed the behavior of the JDBC
driver.

I don't know the internals of the SQL Server driver, so I don't know
exactly why this is happening.  The MySQL driver loads without any
issue.


Why should the driver being loaded into memory if no one uses it?
Actually, a driver is loaded into the container's classloader cache upon 
first access. This is what happens at least for me with the Oracle driver.


Everything else does not make sense to me.

Michael

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 8.0.0-RC1 release vote started


Am 2013-08-02 21:26, schrieb Caldarale, Charles R:

From: Michael-O [mailto:1983-01...@gmx.net] Subject: Re: Apache
Tomcat 8.0.0-RC1 release vote started



According to Apache's JIRA DBCP2 is still in the works whereas
Tomcat JDBC Pool already works quite well. If so, I would favor the
first option and make Tomcat JDBC Pool the default.


Your original message implied that the Tomcat JDBC pool was the
relic you wanted to get rid of:


Why if we do have the wonderful Tomcat JDBC Pool? Can't we get rid
of that relic?


Since the most recent noun in the wording before that relic was
Tomcat JDBC Pool, I certainly interpreted relic as a reference to
Filip's creation, not the original DBCP - and I suspect Mark T did as
well.


Oh ok,

sorry for that misunderstanding. Relic solely referred to Commons DBCP 
and *not* Tomcat JDBC Pool.


This obviously happened because I am not a native English speaker.

Michael

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 8.0.0-RC1 release vote started

On 02/08/2013 21:17, Michael-O wrote:
 Am 2013-08-02 11:43, schrieb Mark Thomas:
 Michael-O 1983-01...@gmx.net wrote:
 Am 2013-08-01 22:59, schrieb Mark Thomas:
 If you'd like early sight of Tomcat 8 and an opportunity to
 contribute
 to Tomcat development, the release vote has now opened for the first
 Tomcat 8 release candidate.

 Features include:
 -[...]
 - Update to DBCP2 (now includes JMX monitoring)
^
 Why if we do have the wonderful Tomcat JDBC Pool?

 1. Choice (we ship both).
 2. Features (DBCP covers more edge cases).
 3. Maintainability. There is more chance of a DBCP fix at the moment.
 That should change when Filip returns.
 4. Performance they should be much closer but I suspect Tomcat JDBC
 will be faster (those edge cases again).
 
 According to Apache's JIRA DBCP2 is still in the works

The bulk of the work was in Pool 2 and that has been complete for a
while. There are some discussions about further simplification of the
Pool 2 API but the core pooling code is ready and is unlikely to change.

The work to convert DBCP to use Pool 2 has been completed. DBCP
currently has a number of open bugs and enhancement requests and that is
holding up a formal release as a number of them are likely to trigger
API changes both in Pool 2 and DBCP 2.

In short, the core of DBCP2 is ready to go but the API is not stable.
Getting it into the Tomcat 8 RC's is part of getting feedback to help
stablise the API.

 whereas Tomcat
 JDBC Pool already works quite well.

For some users yes. As I said previously, it does not cover as many edge
cases as DBCP does.

 If so, I would favor the first
 option and make Tomcat JDBC Pool the default. Anyway DBCP2 will be a
 breaking change for DBCP 1.x users.

What makes you say that? I can't think of any configuration changes in
DBCP2 so far that would cause breakage (although I could be wrong).

 Why not go the extra mile with
 Tomcat JDBC Pool and use that.

It is (still) a one line configuration change to switch between the two.

Personally, I'm not happy with JDBC Pool as the default - primarily
because it is essentially supported by a single committer. It hasn't
built up a development community yet. DBCP has that development
community and is less dependent on a single committer.

 Can't we get rid of that relic?

 We could but I would not support such a move.  (Relic? Hardly.)
 
 I consinder it as a relic. Tomcat JDBC Pool's site even states that DBCP
 was written in ancient times withou multithreading in mind. Pre Java 5
 and so forth.

That is true of DBCP 1. It does not apply to DBCP 2.

 From my point of view, I have achieved tremendous improvements in our
 apps with Tomcat JDBC Pool and even found several bugs which would not
 have been possible with DBCP.

Great. You are free to continue using it. It will continue to be part of
Tomcat 8 in the same way it is part of Tomcat 7. Getting those same
performance improvements for users that need / want DBCP is a primary
driver for Pool 2 and DBCP 2.

Ultimately, I'd like to see the code bases converge but that is probably
an optimistic goal for a number of reasons.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 8.0.0-RC1 release vote started

On 02/08/2013 21:30, Michael-O wrote:
 Am 2013-08-02 21:26, schrieb Caldarale, Charles R:
 From: Michael-O [mailto:1983-01...@gmx.net] Subject: Re: Apache
 Tomcat 8.0.0-RC1 release vote started

 According to Apache's JIRA DBCP2 is still in the works whereas
 Tomcat JDBC Pool already works quite well. If so, I would favor the
 first option and make Tomcat JDBC Pool the default.

 Your original message implied that the Tomcat JDBC pool was the
 relic you wanted to get rid of:

 Why if we do have the wonderful Tomcat JDBC Pool? Can't we get rid
 of that relic?

 Since the most recent noun in the wording before that relic was
 Tomcat JDBC Pool, I certainly interpreted relic as a reference to
 Filip's creation, not the original DBCP - and I suspect Mark T did as
 well.
 
 Oh ok,
 
 sorry for that misunderstanding. Relic solely referred to Commons DBCP
 and *not* Tomcat JDBC Pool.
 
 This obviously happened because I am not a native English speaker.

No problem. I assumed you meant DBCP was the relic and replied accordingly.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Auto-loading of the SQL Server JDBC Driver in 6.0.35

2013-08-02 Thread MWick

 From: Michael-O [mailto:1983-01...@gmx.net]
 Sent: Friday, August 02, 2013 3:28 PM
 To: Tomcat Users List
 Subject: Re: Auto-loading of the SQL Server JDBC Driver in 6.0.35

 Am 2013-08-02 21:24, schrieb mw...@loftware.com:
  I expect that by putting the SQL Server JDBC4 driver jar
  (sqljdbc4.jar) into ${CATALINA_HOME}/lib, that the driver would be
  automatically available upon server start.  As expected, this works in
  6.0.33, but fails in 6.0.35.  It seems that the fix to Bug 51640 is
  the cause of this, and in fact, setting driverManagerProtection to
  false in the JreMemoryLeakPreventionListener allows this to work in
  6.0.35 as well.  I would not have expected that a change to the
  MemoryLeak Listener would have changed the behavior of the JDBC
  driver.

  I don't know the internals of the SQL Server driver, so I don't know
  exactly why this is happening.  The MySQL driver loads without any
  issue.

 Why should the driver being loaded into memory if no one uses it?
 Actually, a driver is loaded into the container's classloader cache upon first
 access. This is what happens at least for me with the Oracle driver.

 Everything else does not make sense to me.

 Michael

Sorry, I wasn't clear.  It's not loading the driver into memory, but rather 
registering it with the DriverManager that has changed, so that it can be 
loaded on the first request.  This is no longer occurring.  

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Auto-loading of the SQL Server JDBC Driver in 6.0.35

2013-08-02 Thread Mark Eggers


On 8/2/2013 1:30 PM, mw...@loftware.com wrote:

From: Michael-O [mailto:1983-01...@gmx.net] Sent: Friday, August
02, 2013 3:28 PM To: Tomcat Users List Subject: Re: Auto-loading of
the SQL Server JDBC Driver in 6.0.35

Am 2013-08-02 21:24, schrieb mw...@loftware.com:

I expect that by putting the SQL Server JDBC4 driver jar
(sqljdbc4.jar) into ${CATALINA_HOME}/lib, that the driver would
be automatically available upon server start.  As expected, this
works in 6.0.33, but fails in 6.0.35.  It seems that the fix to
Bug 51640 is the cause of this, and in fact, setting
driverManagerProtection to false in the
JreMemoryLeakPreventionListener allows this to work in 6.0.35 as
well.  I would not have expected that a change to the MemoryLeak
Listener would have changed the behavior of the JDBC driver.

I don't know the internals of the SQL Server driver, so I don't
know exactly why this is happening.  The MySQL driver loads
without any issue.


Why should the driver being loaded into memory if no one uses it?
Actually, a driver is loaded into the container's classloader cache
upon first access. This is what happens at least for me with the
Oracle driver.

Everything else does not make sense to me.

Michael


Sorry, I wasn't clear.  It's not loading the driver into memory, but
rather registering it with the DriverManager that has changed, so
that it can be loaded on the first request.  This is no longer
occurring.

Mark


How are you accessing the driver?

Are you using JDBC directly, or are you creating a JNDI pooled 
connection and letting Tomcat manage it.


. . . . just my two questions
/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Help about my problem

2013-08-02 Thread Mehdi Yousefi

Hi
i have use Tom-Cat ver 6.0.10
and i have only one web site on this
my problem is when i try to connect to web server on localhost or network
computers browser status is changing to connecting to ... but nothing
hppens after long time
my valid ip address is http://89.165.70.133/
i trying shutdown.sh and startup.sh to restart this but the problem is not
solved
i attached the log file after start in PDF

i am wondered if you can help me

Thanks a lot

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Help about my problem

2013-08-02 Thread Caldarale, Charles R

 From: Mehdi Yousefi [mailto:mmeh...@gmail.com] 
 Subject: Help about my problem

 i have use Tom-Cat ver 6.0.10

It's Tomcat, not Tom-Cat.  Version 6.0.10 is over six years old and should not 
be used by anyone these days.  Doing so is irresponsible, given the number of 
bug fixes and security issues corrected since then.

 my problem is when i try to connect to web server on localhost or network 
 computers browser status is changing to connecting to ... but nothing 
 hppens after long time 

Since you've provided no real information about your configuration, JVM 
version, platform you're running on, or log data, one can only speculate what 
the problem might be.  The symptoms are typical of either using the wrong port 
number on the URL or a firewall blocking the port, but the actual cause might 
be something completely different.

 i attached the log file after start in PDF

The list does not allow most attachments, especially ones that are easily 
infected by viruses. 

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuration question for 2500 simultaneous users.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alec,

On 8/1/13 6:14 PM, Tomcat Random wrote:
 I'm expecting 5000 simultaneous users, with a physical load
 balancer to two physical app servers. So ~2500 per machine, each
 running an instance of tomcat not fronted by httpd or any proxy
 server. (i.e., using Tomcat to serve a few static assets along with
 the webapp).

Again, how many simultaneous /connections/ -- or requests -- do you
expect to handle? The number of simultaneous users is really only
relevant if you use sessions and then it comes down to memory (heap)
and failover (replication) if you want it.

What's much more important is the transaction rate. For instance, if
you expect 5000 users (really ~2500 per instance) and they each make a
request once per minute, than that's 2500 requests per minute or ~40
req/sec. If your average transaction takes longer than 1/40 sec
(250ms), then you are in trouble because you will not be able to keep
up with demand.

If your users make 2 transactions per minute, then you need to have
average transaction time down to 1/80 sec (125ms) or you will not be
able to keep up.

What happens if one host fails and the other one picks up *all* the
traffic? That means you need to do the average transaction in 1/160
sec (62ms) or you will not be able to keep up.

You might consider using a hot-spare or 3 instances.

 are you just interested in speculative performance tuning? That's
 correct - with just one user (myself) testing it everything is
 wonderful. I've just got that uneasy feeling the servers will
 explode when we flip over from our old host/codebase and get all
 the traffic.

JMeter is your friend. Put in the time to build workflow simulations.
It will pay you back manifold. You can even use your JMeter load tests
to do quick smoke-testing in production after a release just to make
sure you didn't miss anything.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR/GnEAAoJEBzwKT+lPKRYx68QAJPE1VHVN4tX+cmssoaO3Qhr
4zjRtYYmpYna8L4EfAjPX8E3/owXilFj5bLBEpl6eYJg+i+RF+8+zlut45OXqrMO
1s5pvgwglq6kzZw70Wt8PavxP9ppcp2kwy82rNQbDLaskfkGcsV2o9QnJzcNgIIC
1Kr7jf1iqF7qJC8/F9F3cg3YBvzz2fozdaX1nWigdus9QsXq00ZRjByR1rd43ePH
gLEoJVzD95djWYP/JRiv65ZTqdDY6dMMsHwlfSfFPa9/w2uoZsjFaJmg8Eoj0K9o
4f2RHzIioizY9pLPWqRh4D3rOBOlTKMZyiRrYh4gdVpYWfS6D0Ae5zZx67r0VFje
MdVM3AUUyADwsHIE3+MBRu/OAeYnMDHIMHRlXON/YNXwYpRYMI9deS2y+kkYcxhY
ttl+B88UBRD0MR5twmCJ2OAAMe5WNtq0jlhuAGTnPJpDHSSd6fa/sm8Csoj1gdqr
ZSTh0JUy6RlECePeVHW+FCEBDPsWfM05pHY8p73KZrS3c4QWPXsH5GmnxGOcOuQh
Az1agFN4gqebFTG6l1K40CBSf7DWw38aYw+sFZWLJLM5/eSQtIaYgKhMwOu1N0Cp
oVgtwRVWQ0x/l3B4WNfgMHDq5xigD+ElGcvhPhRepzHPH4dZJxLYlpHDSV31o6k+
Myi3cewJzt+JVL4KN1yf
=u5fy
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Clean up after building and installing ARP on RHEL 6

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alec,

On 8/1/13 6:41 PM, Tomcat Random wrote:
 Spent a while getting APR installed and my logs are now showing no
 warning and indicate the native libraries are working. As per the
 docs: The libraries will be found in $CATALINA_HOME/lib - Yup,
 that's fine.
 
 But it seems like I have APR/native directories in several places
 now.

Did you actually compile APR or just tcnative?

 Are the APR libraries in lib self-contained? Anyone know if other 
 directories or files related to their build are safe to delete?
 
 Examples: /usr/bin/apr-1-config 
 /usr/local/www/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-src/jni/native

  Would not be heartbroken if I had to wget the same files to
 rebuild. I'm sort of a neat freak with stray files and would rather
 rm them.

The usual build(s) will yield dynamically-linked libraries. That means
that the LD_LIBRARY_PATH for the JVM process needs to ultimately
contain libtcnative.so, libapr.so, and libssl.so. The latter two are
likely provided by your OS via package-manager, and live in /lib or
/usr/lib and you don't have to worry.

The libtcnative.so lives in $CATALINA_HOME/lib as you've said before.
You can remove the entire directory you used to build libtcnative.so
(and associated symlinks -- you probably have 3 or 4 files and/or
links... it's best to keep them all in their original configuration).

If you had to build libapr.so as well, then toss that set of files
into CATALINA_HOME/lib and delete from anywhere else you had them
sitting around for compilation purposes, etc.

That you have /usr/bin/apr-1-config suggests that you have a
package-managed install of libapr -- don't touch that. You can
probably safely delete
/usr/local/www/apache-tomcat-7.0.42/bin/tomcat-native-1.1.27-src and
its contents. You can always re-expand from the tarball and re-build,
right?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR/GrWAAoJEBzwKT+lPKRYEIkQAL7Typbq9kGPFz6rBxmTYoB1
oIzc1j40Me1ewSXiH9DPXCNDJ9VCbEi8DvGE6m/Wrf51fD5mQ522+zJ48XfVHJAU
VBsumKxq2XS8mLdOOFMGbEIlWOSsS0VxLauqxRfaHVrMV2nAtiQxfoX73iwN4M2x
w/NKsKlbQpojKUZYHIMnr6S+D2p7fPwQ+pa64LxrSTLKkk3LBG+7OVuHNm4CVM6J
8lXuXo0WPgTFGwqFLjNLJsD27Q49cB+iwA7m376rJ0Z4sXzIqruQMRXb/4J6knUi
MvvmnXxduCCF7QUZNygnnbu5cJhCkwPnlwHxIm5XXNLIz2WVCilCWu0rKHQXjnfq
bjFNQ26Gyph3HfBxJt3bxjDtN0DLLKxOizjzN2lnGkDEdZFB1NTOyO2UPQy3CLbX
kPdUQFv0Kai1Qi0sH08Ews+7JedS+U64mohGbMZnYx0fBL7zSljsKtr8hCU0191g
3csQOlfRbpbTNFG9WatDGqsaJANovFb+Xze6ghZf2mcHz9Ff64ZlSxINYcardTcT
Xe9vQODH8mwtDm0YIELpu/MvnL+Or9HePdTsn88s0VqIW3H1i8cIDziGQXMXlsC5
JImb3V17exHhhzpTYCQPxA9SbX44Me2phG5XF7T/4DdfbzlAKPKeci92K79QR/n8
FY3x1ewzrSXas0/0rJQe
=v/WW
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat native 1.1.27 libapr-1.so.0 is not deployed

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

srinivas,

On 8/2/13 2:47 PM, srinivas yelamanchili wrote:
 I built APR 1.4.8 and Tomcat 7.0.42 from source code on redhat
 linux

Please don't hijack threads. Instead of replying to an existing
message, start a new message to users@tomcat.apache.org.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR/GwTAAoJEBzwKT+lPKRYqPMP/R08PN/pM378Zmr4DXRXKHRQ
UrMeGxyCH0GKWZDsdQ7rDQkjgM4fO4MNbIloFPW4Tqk3VR9FfPN/MOYBTsBd1Sqp
utnUHPEVZNh3QgVxPeHD6IKnSIWkTDMrbn8eCfMcfcBirNXY8qW+ZyUxvB9Xm4Es
/g6vUJXGKs1JzXdn15iMGDJ6vS/K923ZYdcvnXPSqprT+eo3SyYTQNrgU1xpQeO4
BRtNfjUWk6rmQXLFsQgsG3zTXNz/zSRCy8VfAfs8b30yMpVymCMcMmC09kCH2qs7
DeSpiMBziveklKjfv8ywv07SPeQ6qP1vF8UEQ2J7PZc6U3MsD7fzUKW45oojBulb
8t0DIqrnfSbdPUKqpWXbRwC2YVAqG0vb2oY/+KkVUUWA2C+keBTyU2+NdwQyxUnd
CBDrwFLnR4T4aAj+zNX1L0ARfxaZzaL0WNW2msq4Itt5U7ooYb/EwITp4hI5to5K
xFRRjFNW1jWncLaREJnUkcYXIF+PCi/GYeXPEai05HnIUy8sM9B8gfMLJJyE9HaQ
MswvyMVBK2+iZmxRk+7RcRolNkKgQCST9ziA37FTZh3sEJX4cHb8S4fDQ3XoAAaR
8YcghWw7GvdpKHcevw2h/T4VE5dmX/KC6ArYT+vmSWQt1A0Bs8akbXGncujZmLyH
JFbDL7TaKT5/S2u8E/XB
=sW6S
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

libapr-1.so.0 not deployed for Tomcat 7

2013-08-02 Thread srinivas yelamanchili

Hi, 
I built APR 1.4.8 from source code as non-root user on redhat linux and 
deployed to /apps/mstrat/apache/apr-1.4.8
Installed Tomcat 7.0.42 at  /apps/mstrat/apache-tomcat-7.0.42 by untar the 
.tar.gz file

The Tomcat lib folder doesn't have libapr-1.so.0 


I compiled the tomcat native library 1.1.27 as below

./configure --with-apr=/apps/mstrat/apache/apr-1.4.8 \
    --with-java-home=/apps/mstrat/java/jdk1.7.0_25 \
    --with-ssl=/apps/mstrat/apache/openssl-1.0.1e    \
    --prefix=/apps/mstrat/apache-tomcat-7.0.42
make
make install

I see new libraries at /apps/mstrat/apache-tomcat-7.0.42/lib
libtcnative-1.so.0.1.27
libtcnative-1.so.0 - libtcnative-1.so.0.1.27
libtcnative-1.so -
 libtcnative-1.so.0.1.27
libtcnative-1.la
libtcnative-1.a
but NOT libapr-1.so.0

libapr-1.so.0 and libapr-1.so.0.4.8 are available at APR install directory 
(/apps/mstrat/apache/apr-1.4.8/lib)

When I start Tomcat, I see the following error in the log file
catalina.out:java.lang.UnsatisfiedLinkError:
 /apps/mstrat/apache-tomcat-7.0.42/lib/libtcnative-1.so.0.1.27: 
libapr-1.so.0: cannot open shared object file: No such file or directory

From tomcat lib folder
strings libtcnative-1.so.0.1.27  | more | grep libapr
libapr-1.so.0

On manually copying the libapr-1.so.0 from APR lib to Tomcat lib, the error is 
gone on tomcat restart

Why doesn't Tomcat native library buildinstall deploy libapr-1.so.0 to the 
Tomcat lib folder or the Tomcat include this library by default?

We cannot ask root user to install these software and I want to make Tomcat 
work as non-root user without installing any in global paths/libraries,
so when we compile and deploy to our local folders I would expect it to work 
'out of the box'


ps : sorry about earlier post, I used 'reply' to an existing thread and 
overwrote the subject and content with my topic, without realizing it was still 
'chained' to the original thread
Thanks,
-sri

Re: Help about my problem

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mehdi,

On 8/2/13 7:27 PM, Mehdi Yousefi wrote:
 Hi i have use Tom-Cat ver 6.0.10 and i have only one web site on
 this my problem is when i try to connect to web server on localhost
 or network computers browser status is changing to connecting to
 ... but nothing hppens after long time my valid ip address is
 http://89.165.70.133/

Great (Fire)Wall of Iran?

Or maybe just misconfiguration:

Starting Nmap 6.01 ( http://nmap.org ) at 2013-08-02 22:50 EDT
Nmap scan report for 89.165.70.133
Host is up (0.13s latency).
Not shown: 994 filtered ports
PORT STATE  SERVICE
21/tcp   open   ftp
554/tcp  open   rtsp
911/tcp  closed xact-backup
912/tcp  closed apex-mesh
7070/tcp open   realserver
8000/tcp open   http-alt
Device type: WAP|storage-misc|general purpose|printer
Running (JUST GUESSING): Apple embedded (93%), NetBSD 4.X (89%), Ricoh
embedded (85%)
OS CPE: cpe:/o:netbsd:netbsd:4.0
Aggressive OS guesses: Apple AirPort Extreme WAP v7.3.2 (93%), Apple
AirPort Extreme WAP or Time Capsule NAS device (90%), Apple Airport
Extreme WAP (89%), NetBSD 4.0 (89%), Apple AirPort Extreme WAP (86%),
Ricoh Aficio MP C6000 or GX3050N printer (85%)
No exact OS matches for host (test conditions non-ideal).

OS detection performed. Please report any incorrect results at
http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 36.37 seconds


If you have a web server listening on port 8000, then your URL needs
to look like this:

http://89.165.70.133:8000/

That doesn't work (for me), as there is apparently nothing responding
on port 8000.

Are you sure your Tomcat is up? What port number do you think it
should be on? Have you poked a hole in your firewall?

Or, are you a home-user and have your router set to port-forward
everything to your Apple TV?

Or was this post just a ruse to get people to prod your server?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR/HG/AAoJEBzwKT+lPKRY6A0P/0ABGMH10waEyDEu8r/fzCPY
A3vdQjPiRzg5o5LANj2wekCRgZjlA+MBRNoaWHRz0SYElSHy3i1myszs+SQyOfpX
M6rEfzFhbc3bi85w2q7lIRoXC26zl21RfbHbZ5swBckmaCTysU0z6pOC0FzLcr02
vuWXGud4r3ujcaYtS00jCOb/tMJoGZF3JbVyNdRx8+GH1YaSWxGJ1B0HFvDNgH4l
EbU0TqfajHzchvTWTOboiZ5hZv3aL+YgJ057+UmZo937sHypOr8frB+gt/Dl9vgH
Acb7QcLPUelOazSFUczEmv9e9nustNRBSIsUpSTBeH0JWUGTF8aDj/cEZ29kzG7y
gfAiaoZovRNXYs3VY8DBGDgYyfMf8m551IJSQn1X4RZP1CQ+X6Y7B+/ZAZJtMZrK
gcKa6bWZ2QA7DZOTqi8nGkyyBzxE2QGGMWe0W9KOc/q3v7Un1IAmnXo5qtbvcP1t
DOBb+gdOGCyUVdr5GptPMafLr91PoSaamo2PPG8yoEiBQweI5H38KjHVA7F0mUZG
QcByI1MmMTyJK4a3xH4+XRfJfjPKAwB1EYYvqoO8pDfD5ZIgxw133RKFarxepkWh
/roEnvpwSei+fHXcXZ63o9miESaieFss8bTEiAg/B2ujYSXWY862AXXTITTsbtVv
hBY0YwqfasdlUTH1tYoO
=S8Yu
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: libapr-1.so.0 not deployed for Tomcat 7

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

srinivas,

On 8/2/13 10:51 PM, srinivas yelamanchili wrote:
 Hi, I built APR 1.4.8 from source code as non-root user on redhat
 linux and deployed to /apps/mstrat/apache/apr-1.4.8 Installed
 Tomcat 7.0.42 at  /apps/mstrat/apache-tomcat-7.0.42 by untar the
 .tar.gz file
 
 The Tomcat lib folder doesn't have libapr-1.so.0
 
 
 I compiled the tomcat native library 1.1.27 as below
 
 ./configure --with-apr=/apps/mstrat/apache/apr-1.4.8 \ 
 --with-java-home=/apps/mstrat/java/jdk1.7.0_25 \ 
 --with-ssl=/apps/mstrat/apache/openssl-1.0.1e\ 
 --prefix=/apps/mstrat/apache-tomcat-7.0.42 make make install
 
 I see new libraries at /apps/mstrat/apache-tomcat-7.0.42/lib 
 libtcnative-1.so.0.1.27 libtcnative-1.so.0 -
 libtcnative-1.so.0.1.27 libtcnative-1.so - 
 libtcnative-1.so.0.1.27 libtcnative-1.la libtcnative-1.a but NOT
 libapr-1.so.0
 
 libapr-1.so.0 and libapr-1.so.0.4.8 are available at APR install
 directory (/apps/mstrat/apache/apr-1.4.8/lib)
 
 When I start Tomcat, I see the following error in the log file 
 catalina.out:java.lang.UnsatisfiedLinkError: 
 /apps/mstrat/apache-tomcat-7.0.42/lib/libtcnative-1.so.0.1.27: 
 libapr-1.so.0: cannot open shared object file: No such file or
 directory
 
 From tomcat lib folder strings libtcnative-1.so.0.1.27  | more |
 grep libapr libapr-1.so.0
 
 On manually copying the libapr-1.so.0 from APR lib to Tomcat lib,
 the error is gone on tomcat restart
 
 Why doesn't Tomcat native library buildinstall deploy
 libapr-1.so.0 to the Tomcat lib folder or the Tomcat include this
 library by default?
 
 We cannot ask root user to install these software and I want to
 make Tomcat work as non-root user without installing any in global
 paths/libraries, so when we compile and deploy to our local folders
 I would expect it to work 'out of the box'

It wouldn't be appropriate for tcnative to install software other
than itself. For instance, I have libapr on my system already, so
having the build scripts for tcnative copy the APR shared libraries
from /usr/lib (where they are installed on my system) into
CATALINA_HOME/lib is a mistake: they would eclipse the
system-installed libraries.

Note that your source distribution of APR should include a build
script with an install target. If you have specified a prefix
directory (like $CATALINA_HOME) then you should be able to make
install and have it but the binary libraries into $CATALINA_HOME/lib

 ps : sorry about earlier post, I used 'reply' to an existing
 thread and overwrote the subject and content with my topic,
 without realizing it was still 'chained' to the original thread

It's a common mistake and often only noticed by readers who have
threading properly configured in their email readers (as I do).
Don't feel bad.

There are several problems with hijacking threads in this way, the two
most irritating are:

1. It often truly hijacks the thread and nobody will answer the
original question because it's been lost in the shuffle

2. The (properly-threaded) mailing list archives will show your
question as a reply to some unrelated topic, and it will be more
difficult to find (and pollute the original thread in the archives,
just as in #1).

Next time, just click New Message instead of Reply. No big deal.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR/HPNAAoJEBzwKT+lPKRYRBUP/1CGoBk4XxTTePkQPFhPAtHm
Cg1cSQsCNGYYc6DSpVF3t7RtLLof/Et+iGKACW9I8E/JVDLzvdq/qB5yT540CgjL
Y7vt1ihwBWYrkpKtR9FJw1q+S/fmtFfBxu0qapoaI3W4ugj4BfHswJBDZLUa3JU4
dCwB3QodMrvsSXjPAMsiuzqWvY/bsMTrRtpZcSmu2EGtOco4FOO4aF9kzJBYitYN
Fk9VBLzQOF9VqbAfJFsSWXbbyawCyDK741zsLLYJYWQHPYvAVQmklPpc4iWYl9ZO
tOrQLBRIqXsX9J9NTsP1CJ82HGoaeMSwEji6bUqEcCBrCorD235Ud4PKeonBCUeM
uuBp6NIjhTvvHykdDmL7Em1Cmq+JwwVMSCvTOOjLvfcbfUGfoRr5tVGB7BxRThwA
TZZxSXEbuGEKbSnGdgH/N4V/joeYRKGqpOkW+dVDuoRG2aDbQiqUKCl83YWh+V9K
/KBXKqBfxg132y1lLYcjEG0gXoP4p+nQfZWwrYfqYhZ+w2CYNmuSqgjvMxHKGHl0
n3RWydi/o6+paOSyjT+oKDaF9Lp/XuRY5Mesw9/hTUH1A0UsdYVWHwHRSprpSvJr
i04PrIi+KPR9J3IWRiilkEf8DSPuDkgeDhzDTcRnqgcw8jOlAiN2+UD4mUlQlVyc
voKOn0FHNmT74UvV7dHR
=k7kl
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Configuration question for 2500 simultaneous users.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Alec,

On 8/1/13 6:08 PM, Tomcat Random wrote:
 Thanks Mark, I've been getting up to speed on JMeter. I've used
 selenium before. The particulars depend on your particular
 application - agreed. That part I can work out myself by looking
 at bottlenecks, generally timing areas of the application with more
 and more granularity, in places where the app behaves slowly.

Just remember that you can't really benchmark your application with a
single client. There are behaviors that only emerge under some kind of
load. For instance, uncontended object monitors (i.e. synchronized
methods, blocks, etc.) in the JVM can be obtained very quickly. So, if
you have a resource that requires serialized access (e.g. db
connection pool), it may perform very well under an isolated test: you
find that your most time-consuming request/response pair takes, say,
850ms.

That's great: you do the math and say that you can handle 1.18 req/sec
on average and with users expected to make 1 request every 10 seconds,
that means that you can handle ~12 simultaneous users with no apparent
slow-down.

Then you get contended locks, which are slower. Instead of roughly
zero time to obtain an object lock, let's say it takes 50ms (that's
grossly overstating the amount of time required to obtain an object
lock, but somewhat instructive). So now you're up to 900ms for your
transaction and you can handle 1.11 req/sec with no slowdown and you
can only handle 11 simultaneous users.

Multiply those effects by a lot (lots of transactions, lots of users,
lots of multi-threaded conflicts) and you can find that you really can
only handle 91% of the traffic you thought you could.

If you use JMeter, your software will get better: you will be able to
identify those transactions that don't perform well and focus your
optimization efforts in those places, instead of just reading code,
changing StringBuffer to StringBuilder and new Integer() to
Integer.valueOf() and convincing yourself that you now have an
optimized piece of software.

With a load-testing suite, you can prove to yourself (and, perhaps
more importantly, your boss) that your software can handle the load
you expect. It also helps with resource planning: if you know that a
single instance of Tomcat on X hardware can handle Y load and you
expect Z actual load, then you know you need Z / Y pieces of X
hardware to run properly. Then multiply by some fudge factor (say 20%)
and take the ceiling of that (so you always have an extra server...
just in case). So maybe it's more like [ Z * 1.2 / Y ]. Oh, and
remember that Z needs to represent *peak load* and not average load.
If you have an online flower shop, you need to plan for the week of
Valentine's Day during business hours, not the following Saturday in
the middle of the night.

Gather a ton of data and look at it. Graph it. You will learn a lot.

Oh, and if you're using httpd (you didn't say), you might want to look
into the event MPM: it won't waste connections waiting around for
KeepAlive requests that never come from clients. The default MPM for
httpd 2.4 on *NIX is event when supported by the OS and prefork for
httpd 2.2. I believe event is stable on 2.2 -- just not the default.
Benchmark with and without it and see if it makes a difference. With
JMeter, your tests might be distorted because of how the tests run
(e.g. constantly). You might have to fiddle with the JMeter
configuration to get it to act more like a real browser by leaving
connections open for a few seconds after making all the requests for a
page. Then you may notice a difference.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJR/HgrAAoJEBzwKT+lPKRYkR8P/R5W8g/vnfEH/QxFfsQMCJnT
TDv4oZecfNZ2PDZjGj+KpAJv6OoDe9wQLlAR4VWZMmnI3qJPqVwWg04ZSnEszf22
XkiuvnbPQXwt95bTXk/zPp5lcb4kuLAwvokAyMQQo7P941SYOmvA+xEADmlE8Vfc
AgxnQY7GnifBU1wLZtzXrDnUWOzYwEL2vsec1bmlasbBg5NpxsQ9IyAq3DcPmDtO
hQUbET12JTjka51Ub6TG5gP2O+ZzYz50XyVtUWcn86u4acZYmvfCtFq/XilZXv4G
962bNxXinf9GmoeCokCOejJ/Ob8XC7UpXtTXTJlzx64Gn8EDNKYyZxg6wt6MLktq
xppytGQ+FfsxEFRtn9a0UM5Am0+7L4OpQWXesm5IcdypGNWn9Ng4bg2YI3c+P//O
Q0eyS7WN19oFMvq60tbKHfhCv7QFYQatKnxiAChDsFoA53u6xZIlzmz5h/0G2kCH
h7u57zUh2sSiBkSEs7QOxYNHS2tfTAAO2d5CMTuiAnIYk0joo0gOZ7u50DpAXaoR
lnxcimpO+wy5Qc3AEfZtYlmco+EhjJ4hHZyCvcE3MRkGdrWODHZkV1+B9TB0TH3M
sp1MEr3dlKeMDTj9jwB7mny8BY8lmIsPjWLl1s0wW+IST4Z4ax2t5eDvFDwtgtHy
t9b2VNjEizaTBrp88r7T
=iVJy
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Using the bin/daemon.sh script on ubuntu.